|
IT Security News Blast – 10-11-2021
This is the IT Security News Blast.
A brief situational awareness summary for key sectors, threats and vulnerabilities, noteworthy events. Security, Privacy, Surveillance. Sign up for the blast here:
https://www.criticalinsight.com/resources/daily-news
New Law Requires Federal Government to Identify K-12 Cyber Risks, Solutions
That House bill, introduced by Rep. Doris Matsui, D-N.Y., would have required DHS to create a database for schools to find cybersecurity tools and apply for funding opportunities to improve cybersecurity. The initial legislation would have further required DHS to establish a voluntary registry of information related to cyber incidents affecting IT systems owned or managed by schools.
https://marketbrief.edweek.org/marketplace-k-12/new-law-requires-federal-government-identify-k-12-cyber-risks-solutions/
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector. They are also the first FIN actor that we are promoting who specializes in a specific phase of the attack lifecycle—ransomware deployment—while relying on other threat actors for gaining initial access to victims.
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
Will a software bill of materials help or hurt medical device cybersecurity?
FDA has supported NTIA's SBOM effort from its 2018 inception helping to develop the schemas, formats and other outputs from the multi-stakeholder initiative that the National Institute of Standards and Technology could ultimately leverage in its software integrity guidelines in fulfillment of Biden's executive order.
https://www.healthcaredive.com/news/medical-devices-cybersecurity-ransomware-cyberattacks-sbom-biden/607919/
Russian-speaking hacking group scaling up ransomware attacks on hospitals
“Unlike other actors who are branching out into other forms of extortion, this group remains focused purely on ransomware, moving faster than its peers and hitting big targets,” Goody said in a statement. ”They are behind several attacks on the healthcare system and they focus heavily on high-revenue victims.”
https://thehill.com/policy/cybersecurity/575787-russian-speaking-hacking-group-scaling-up-ransomware-attacks-on
RBA flags ‘inevitable’ significant cyber attack on financial institutions
“For example, several banks may rely on real-time payments from a major participant in the wholesale settlement system, which if incapacitated for a prolonged period of time could put pressure on intraday liquidity," the report said.
https://www.arnnet.com.au/article/691957/rba-flags-inevitable-significant-cyber-attack-on-financial-institutions/
A strategy for making the boardroom a more active player in cyber resilience
[Board] members will want to know just what a good cyber security defense looks like. The simple answer: Good cyber security protects the data and applications the company cares about – and that differs for each organization. So, boards need to draw on the knowledge and expertise of others to make the right judgements.
https://www.scmagazine.com/perspective/leadership/a-strategy-for-making-the-boardroom-a-more-active-player-in-cyber-resilience
U.S. Justice Department Creates National Cryptocurrency Enforcement Team
The Justice Department has already shown its dedication to enforcement within the crypto space in going after the Darknet-based Bitcoin mixing service Helix in August. By taking the initiative and creating the enforcement team, Monaco said she hopes to be able to go after the financial systems that have allowed the threats within the space to grow.
https://www.etftrends.com/crypto-channel/us-justice-department-creates-national-cryptocurrency-enforcement-team/
DOJ to Federal Contractors: Report Cyberattacks or Face the False Claims Act
Under the new Civil Cyber-Fraud Initiative, failures to comply with the above requirements—in particular where the non-compliance is the result of an effort to conceal the occurrence of a cyber incident—will amount not to breach of contract, but to fraud against the government.
https://www.natlawreview.com/article/doj-to-federal-contractors-report-cyberattacks-or-face-false-claims-act
Russian cyberattacks pose greater risk to governments and other insights from our annual report
During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia. And attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year. Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53%[.]
https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/
Drugs, arms, and terror: A high-profile defector on Kim's North Korea
"The Moranbong University would pick the brightest students from all over the country and put them through six years of special education," he says. British security officials believe that a North Korean unit known as the Lazarus Group was behind a cyber-attack that crippled parts of the NHS and other organisations around the world in 2017.
https://www.bbc.com/news/world-asia-58838834
US has already lost AI fight to China, says ex-Pentagon software chief
In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told the Financial Times that the failure of the US to respond to Chinese cyber and other threats was putting his children’s future at risk. “We have no competing fighting chance against China in 15 to 20 years.
https://www.ft.com/content/f939db9a-40af-4bd1-b67d-10492535f8e0
Cyberbullying and Student Privacy
[A] survey conducted by the Center for Democracy & Technology found that 78% of teachers and 75% of parents strongly or somewhat agree that monitoring keeps students safe by identifying toxic online behavior. It’s been shown time and again that technology can be an aid in student suicide prevention, and in cyberbullying and school violence intervention in a way that does save lives.
https://securityboulevard.com/2021/10/cyberbullying-and-student-privacy/
Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
"To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake's presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism."
https://thehackernews.com/2021/10/researchers-warn-of-fontonlake-rootkit.html
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines (VMs) with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operations that, soup-to-nuts, are taking less than three hours to complete from initial breach to encryption.
https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/
TangleBot Android malware hijacks phone to steal login credentials
The malware also steals sensitive data stored on the device and monitors just about every user activity such as camera usage, audio conversations, and location, etc. Furthermore, the malware takes full control of the targeted device, including accessing banking data and can penetrate the deepest corners of Android OS.
https://www.hackread.com/tanglebot-android-malware-steal-login-credentials/
Unpatched Dahua cams vulnerable to unauthenticated remote access
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing. The authentication bypass flaws are tracked as CVE-2021-33044 and CVE-2021-33045, and are both remotely exploitable during the login process by sending specially crafted data packets to the target device.
https://www.xfinity.com/learn/internet-service/deals
US nuke sub plans leaked on SD card hidden in peanut butter sandwich, claims FBI
After some clandestine back and forth, plenty of encrypted email, and a payment of $10,000 in cryptocurrency, Toebbe and his wife Diana loaded the relevant info onto an SD card and left it at a dead drop. "The SD card was wrapped in plastic and placed between two slices of bread on a half of a peanut butter sandwich," the DoJ's Criminal Complaint states.
https://www.theregister.com/2021/10/11/doj_alleges_nuclear_sub_data_leak/
|
