|
DHS panel says 2020 vote was 'most secure in American history'
The statement directly contradicts the most recent in a raft of conspiracy theories put forth by President Donald Trump stating that a voting machine vendor secretly changed votes. This and other claims by Trump have been tagged as "disputed" under a new policy by Twitter to point to potential election misinformation.
https://fcw.com/articles/2020/11/12/cisa-bold-type-most-secure-election.aspx
Senior DHS cybersecurity official Bryan Ware to step down
A former technology entrepreneur, Ware has helped lead the DHS Cybersecurity and Infrastructure Security Agency’s efforts to protect health care and pharmaceutical industry from criminal and state-sponsored hacking. He has also made a point of getting better data, with the help of software tools, into the hands of CISA analysts for tracking hacking campaigns.
https://www.cyberscoop.com/bryan-ware-cisa-dhs-resignation/
Senior U.S. cybersecurity official tells associates he expects to be fired: sources
Top U.S. cybersecurity official Christopher Krebs has told associates he expects to be fired by the White House, three sources familiar with the matter told Reuters. Krebs, who heads the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), did not return messages seeking comment. CISA and the White House declined comment.
https://www.reuters.com/article/us-usa-cyber-krebs/senior-u-s-cybersecurity-official-tells-associates-he-expects-to-be-fired-sources-idUSKBN27S2WB?il=0
‘Security Threat’ Forces Hendrick Health to EHR Downtime Procedures
While the latest update reported that Ryuk was behind the attack, it was Mount Locker threat actors that leaked data they claim to have stolen from the hospital during the week of November 2. The hospital confirmed early on that they were aware some patient data was stolen prior to the ransomware deployment, but officials said that outside of the initial attack, the hackers have had minimal communication with the hospital.
https://healthitsecurity.com/news/security-threat-forces-hendrick-health-to-ehr-downtime-procedures
Bringing greater attention and awareness to cybersecurity practices in the global public health sector
Organizations with non-profit budgets may not have the funding available to create information technology and/or control assessment units to work towards better protection. You need to keep in mind that an NGO and non-profit have a primary goal to exist to service-specific goals; to work towards a mission and focus efforts on obtaining funding and reducing costs.
https://www.securitymagazine.com/articles/93910-bringing-greater-attention-and-awareness-to-cybersecurity-practices-in-the-global-public-health-sector
4 IoT Medical Devices That Are Vulnerable to Hacks
In this article, we will cover the four IoT medical devices that are most susceptible to cybersecurity breaches and how to protect them.
1 – Wireless Infusion Pumps
2 – Implanted Devices
3 – Smartpens
4 – Vital signs monitors
https://iotbusinessnews.com/2020/11/11/93955-4-iot-medical-devices-that-are-vulnerable-to-hacks/
Cyber Risk Institute Updates Cybersecurity Profile
The profile—which ABA helped develop and which is intended to help financial institutions reduce the overall time spent on cyber risk compliance—is currently being implemented by many institutions and is accepted by the regulatory community.
https://bankingjournal.aba.com/2020/11/cyber-risk-institute-updates-cybersecurity-profile/
DDoS Attacks vs Financial Industry: SEC Chairman Warning
While DDoS incidents have yet to become “systemic” in the financial industry, “good information sharing across firms and across the government” has helped keep events at bay so far, Clayton said. If hit by a DDoS attack, “[companies] should “reach out…to the SEC, reach out to the banking regulators” for help, he said, urging companies to regularly patch system software to bolster their security profile.
https://www.msspalert.com/cybersecurity-news/ddos-attacks-vs-financial-industry-sec-chairman-warning/
Steelcase Cyber Attack Should Be a Wakeup Call
The question is: Why do these events continue to occur across manufacturing environments? “The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets and that includes operational networks.
https://www.industryweek.com/technology-and-iiot/article/21147733/steelcase-cyber-attack-should-be-a-wakeup-call
Cyberattacks and the Constitution
This essay argues that as a conceptual and doctrinal matter, cyberattacks alone are rarely exercises of war powers—and they might never be. They are often instead best understood as exercises of other, nonwar military powers, foreign affairs powers, intelligence powers, and foreign commerce powers, among other constitutional powers not yet articulated.
https://www.lawfareblog.com/cyberattacks-and-constitution
Australian government warns of possible ransomware attacks on health sector
The Australian Cyber Security Center said it "observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT)." [...] "SDBBot is comprised of 3 components," the ACSC explained. "An installer which establishes persistence, a loader which downloads additional components, and the RAT itself.
https://www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/
US Sanctions Placed on Russian Research Institute; Triton Malware Considered the Most Dangerous Current Threat To Critical Infrastructure
The State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) has been connected with developing and deploying the Triton malware, first seen in a 2017 attack on a petrochemical facility. The new US sanctions are a result of the 2017 Countering America’s Adversaries Through Sanctions Act, a bill that was in part designed to address Russian cyber attacks.
https://www.cpomagazine.com/cyber-security/us-sanctions-placed-on-russian-research-institute-triton-malware-considered-the-most-dangerous-current-threat-to-critical-infrastructure/
How China’s Control of Information is a Cyber Weakness
Yet the Chinese government’s efforts to disincentivize encryption—to allow for censorship and surveillance—have created an online environment where even websites that carry sensitive government, health and commercial data remain unencrypted. This leaves them open to exploitation by intelligence agencies and cybercriminals.
https://www.lawfareblog.com/how-chinas-control-information-cyber-weakness
Forget Russia—Iranian Hackers Behind Malicious New Cyber Attacks, Warns New Report
According to the research team, the campaign built around this new Pay2Key ransomware “presented an ability to make a rapid move of spreading the ransomware within an hour to the entire network.” Ransom demands were low—less than $150,000, but the fact a new and virulent threat had been launched onto the market needed to be taken seriously.
https://www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/
LifeLabs personal data breach leads to multiple class action suits
Now, BC Supreme Court Justice Nitya Iyer Nov. 6 declined to stop two suits against LifeLabs in B.C. after Ontario Supreme Court awarded responsibility – or carriage - for Ontario suits to one of three competing groups of class action law firms. There are nine proposed actions in B.C. and four in Ontario. One B.C. suit proposes a single national action.
https://biv.com/article/2020/11/lifelabs-personal-data-breach-leads-multiple-class-action-suits
An Engineer Gets 9 Years for Stealing $10M From Microsoft
The software automatically prevented shipment of physical products to testers like Kvashuk. But in a crucial oversight, it didn't block the purchase of virtual gift cards. So the 26-year-old Kvashuk discovered that he could use his test account to buy real store credit and then use the credit to buy real products.
https://www.wired.com/story/an-engineer-gets-9-years-for-stealing-dollar10m-from-microsoft/
How Hackers Blend Attack Methods to Bypass MFA
For example, the Iranian hacker group Rampant Kitten targeted Iranian dissidents using malware deposited in the victim's Telegram messaging app, whose MFA was bypassed using previously intercepted SMS codes. [...] Hackers reverse-engineered Google's authentication flow and extracted two-factor authentication credentials from mobile apps to mimic and bypass Google Authenticator.
https://www.darkreading.com/vulnerabilities---threats/how-hackers-blend-attack-methods-to-bypass-mfa/a/d-id/1339370?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Emotet and TrickBot Top the Malware Charts Yet Again
Both Emotet and TrickBot started life as banking Trojans, but have evolved significantly in recent years and now feature advanced modular functionality to enable everything from crytojacking and ransomware to sophisticated data theft. Increasingly, they’re being used to provide access for attackers and maintain persistence in victim networks as a precursor to additional malware downloads such as ransomware.
https://www.infosecurity-magazine.com/news/emotet-and-trickbot-top-malware/
DNS cache poisoning poised for a comeback: Sad DNS
With DNS cache poisoning, however, your DNS requests are intercepted and redirected to a poisoned DNS cache. This rogue cache gives your web browser or other internet application a malicious IP address. Instead of going to where you want to go, you're sent to a fake site. That forged website can then upload ransomware to your PC or grab your user name, password, and account numbers. In a word: Ouch!
https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/
How the Pentagon is trolling Russian, Chinese hackers with cartoons
Art that the cybersecurity community uses to portray Russian hackers has typically shown burly or ferocious bears, but Cyber Command wanted to avoid giving the Russian hackers an ego boost, the official said. [...] The result was an Oct. 29 report that shows a bear tripping over himself and spilling Halloween candy out of a pumpkin trick-or-treat bucket.
https://www.cyberscoop.com/pentagon-cyber-command-trolling-russian-chinese-hackers-cartoons/
|
