|
IT Security News Blast – 9-10-2021
Security Awareness Training – TODAY 12PM PDT
Join us for our bi-weekly security awareness presentation. Peppered with materials collected over many years and right up to recently, I'll present examples of all kinds of bait, explain how "they" get into your networks, and leave you with some good advice. Meets regulatory requirements for annual training, and we promise it won't be boring.
https://app.livestorm.co/critical-insight/security-awareness-training-2021
Opinion: Outsourcing Cyber Talent Could Solve Workforce Woes
Some state and local governments are turning to managed security service providers to shore up the substantial gaps in the cybersecurity workforce. The shift away from a more traditional hiring strategy has its benefits. [...] One of the alternative solutions being implemented by state and local governments is the growing use of managed security service providers.
https://www.govtech.com/opinion/opinion-outsourcing-cyber-talent-could-solve-workforce-woes
Under Pressure: California Clarifies Cyber Risk Management Best Practices for Healthcare Sector
- keep all operating systems and software housing health data current with the latest security patches;
- install and maintain virus protection software;
- provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails;
- restrict users from downloading, installing, and running unapproved software; and
- maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.
- The failure to implement the aforementioned measures could render California providers vulnerable to liability.
https://www.natlawreview.com/article/under-pressure-california-clarifies-cyber-risk-management-best-practices-healthcare
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says
The Health Sector Cybersecurity Coordination Center (HC3) recently released a detailed threat brief on BlackMatter ransomware, a group that first surfaced in July 2021 shortly after the notorious ransomware group REvil/Sodinokibi abruptly took its website down.
https://healthitsecurity.com/news/blackmatter-ransomware-attacks-threaten-healthcare-hc3-says
International Money Launderer Sentenced to over 11 Years in Federal Prison for Laundering Millions from Cyber Crime Schemes
A Canadian man was sentenced today to 140 months in federal prison for conspiring to launder tens of millions of dollars stolen in various wire and bank fraud schemes, including a massive online banking theft by North Korean cyber criminals that is part of a pending case in Los Angeles.
https://www.justice.gov/usao-cdca/pr/international-money-launderer-sentenced-over-11-years-federal-prison-laundering
FBI agent: Growth of cybercrime ‘unbelievable,’ tougher penalties needed
“Our cyber laws are actually way behind the times,” said Ken Schmutz, Omaha-based supervisory special agent and member of the Cyber Task Force for the FBI. “We really need our folks in Washington to step up and make hacking have more penalties than it does. We’re chasing Russians, all the time.”
https://iowacapitaldispatch.com/2021/09/09/fbi-agent-growth-of-cybercrime-unbelievable-tougher-penalties-needed/
ICS Vulnerabilities Increased by 41% In Six Months Amidst High Profile Attacks on Critical Infrastructure
Similarly, critical manufacturing security vulnerabilities increased by 25% in 2020 from 2019 and 33% from 2018. However, vendors lagged in discovering and reporting critical infrastructure security vulnerabilities. According to the report, most (81%) ICS vulnerabilities were disclosed by external entities like third-party companies, security researchers, academics, among others.
https://www.cpomagazine.com/cyber-security/ics-vulnerabilities-increased-by-41-in-six-months-amidst-high-profile-attacks-on-critical-infrastructure/
National cyber director declares 'too soon to say we're out of the woods,' as US enjoys dip in ransomware
“Those attacks have fallen off. Those syndicates have to some degree deconstructed,” Inglis said at an event hosted by the Ronald Reagan Presidential Foundation and Institute. “I think it’s a fair bet they have self-deconstructed and essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back.”
https://www.cyberscoop.com/chris-inglis-russia-ransomware-ncd-reagan/
Hackers Steal U.N. Data That Could Be Used for Future Government Cyberattacks
"Organizations like the U.N. are a high-value target for cyber espionage activity," Resecurity CEO Gene Yoo said. "The actor conducted the intrusion with the goal of compromising large numbers of users within the U.N. network for further long-term intelligence gathering."
https://www.newsweek.com/hackers-steal-un-data-that-could-used-future-government-cyberattacks-1627648
US Army works through what ‘information advantage’ is and how to achieve it
Adversaries have proven adept at conducting operations below the threshold of armed conflict in this environment to try to subvert U.S. power. National and military leaders are realizing the importance of skills in these “gray zone” operations and during all-out conflicts.
https://www.defensenews.com/smr/technet-augusta/2021/09/09/us-army-works-through-what-information-advantage-is-and-how-to-achieve-it/
CrowdStrike Reports Broad 60 Percent Increase in Attempted Cyber Intrusions
- China, North Korea and Iran were the most active state-sponsored groups. The report reveals the majority of targeted intrusion activity from adversary groups were based out of China, North Korea, and Iran.
- A massive surge in interactive intrusion activity targeting the telecommunications industry. This activity spans all major geographic regions and has been tied to a diverse range of adversaries.
https://www.hstoday.us/subject-matter-areas/cybersecurity/crowdstrike-reports-broad-60-percent-increase-in-attempted-cyber-intrusions/
Germany probes claims of pre-election MP hacking by Russia
It pointed the finger at hackers from Russia's "Ghostwriter" group which reportedly specialises in spreading disinformation. German intelligence believes they have been trying to gain access to the private email accounts of federal and regional MPs.
https://news.yahoo.com/germany-probes-claims-pre-election-201408789.html
Pro-Beijing operatives used social media to try promoting NYC protest
As a part of ongoing research into suspected Chinese influence operations, investigators discovered a network of fake accounts spamming Twitter and other platforms in April with posts calling for Asian Americans to protest racial discrimination in New York City. The effort was an “early warning” that China is getting bolder in how it attempts to influence politics outside of its borders[.]
https://www.cyberscoop.com/china-social-media-nyc-protest-mandiant/
ProtonMail Amends Its Policy After Giving Up an Activist’s Data
As usual, the devil is in the details—ProtonMail's original policy simply said that the service does not keep IP logs "by default." However, as a Swiss company, ProtonMail was obliged to comply with a Swiss court's demand that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.
https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. The issue exists in Azure Container Instances (ACI), which is Microsoft’s container-as-a-service (CaaS) offering (which enables users to run cloud containers without having to deal with managing the underlying infrastructure).
https://threatpost.com/azurescape-kubernetes-attack-container-cloud-compromise/169319/
Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks
A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory (AD) and cloud accounts. The issue (CVE-2021-40539) has been actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA).
https://threatpost.com/zoho-password-manager-zero-day-attack/169303/
Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge
While it's unlikely that an army of toasters is coming to enslave the human race (although, the Tesla bot is a bit concerning) as the result of a cyberattack, malicious cyber events are still possible. Some of our cars, planes, and medical devices also rely on intricate embedded systems code to perform key tasks, and the prospect of these objects being compromised is potentially life-threatening.
https://thehackernews.com/2021/09/fighting-rogue-toaster-army-why-secure.html
|
|
|
|
