|
[WEBINAR] Urgent Panel Discussion: LinkedIn & Facebook Scraped, How Organizations Should Respond
Criminals scraped data from Facebook and LinkedIn and are now selling personal information on dark markets. CI expects an increase in sophisticated and targeted attacks on organizations. We'll answer your questions and provide an Executive Brief for your use. All registrants will get a link to the recording of this event.
https://app.livestorm.co/ci-security/urgent-panel-discussion-data-theft-from-linkedin-facebook
Fed Chair Powell Warns That Cyber Attacks And Covid-19 Spreading Again Are The Biggest Risks To The Economy
In terms of what could trigger a market collapse of similar magnitude, Powell said the Fed is most concerned about cyber attacks on financial institutions that halt their ability to track payments, a risk that the International Monetary Fund has estimated may cost banks around the world about $100 billion annually.
https://www.forbes.com/sites/jonathanponciano/2021/04/11/fed-chair-powell-warns-that-cyber-attacks-and-covid-19-spreading-again-are-the-biggest-risks-to-the-economy/?sh=5ebee1d55606
Nation-state cyber attacks double in three years
“When we look at nation-state activity through the lens of this report, it comes as no surprise that we have seen such an escalation over the past year – the writing has been on the wall for some time,” said McGuire. “Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence-gathering capabilities and military strength through espionage, disruption and theft.
https://www.computerweekly.com/news/252499042/Nation-state-cyber-attacks-double-in-three-years
Delivering an effective cyber security strategy within healthcare
A vast number and variety of devices – computers, tablets, MRI scanners, heart-rate monitors, even staff’s own personal devices – all of which will have access to the network, will need to be connected to a central server. Having such a large array of devices connected to the network will mean that there will be countless internet connected endpoints in each hospital.
https://www.information-age.com/delivering-effective-cyber-security-strategy-within-healthcare-123494662/
The Cyberwar Against Health Care Practices
Many of these hacker groups operate as businesses and can be very sophisticated. “They sometimes know exactly what your cyber insurance policy is, and they know what’s going to potentially be covered under the policy,” Ferrante says. “And if they don’t know, they’ve often already done the intelligence on your business, and they know what it’s worth.”
https://www.dermatologytimes.com/view/the-cyberwar-against-health-care-practices
Financial industry preps for proposal that would require 36-hour breach notification
Among the proposed rule’s major provisions, then, is that bank service providers for the first time would have to provide notifications to banking organizations when they suffer damaging cyberattacks, defined in the rule as those which could “disrupt, degrade, or impair the provision of services.” “One of the things that’s new about this and very important is the extent to which this reaches beyond the financial services industry into bank service providers.”
https://www.cyberscoop.com/cyber-incident-notification-rule-financial-services-fdic-treasury-fed/
Ransomware disrupted production at two manufacturing sites in Italy, investigators say
It is only the latest example of how ransomware incidents are increasingly affecting the operations of industrial suppliers. Of 500 manufacturing sector employees in the U.S., Germany and Japan surveyed by security firm Trend Micro, 61% said they had experienced cybersecurity incidents, with many of those cases causing system outages.
https://www.cyberscoop.com/ransomware-industrial-europe-kaspersky-cring/
Ex-employee tampered with Kansas water plant, feds say, a sign of online vulnerability
No centralized database of attacks exists, but the Department of Homeland Security responded to 25 water cybersecurity incidents in 2015, according to a 2016 report prepared for the Department of Energy. The true number of attacks is almost certainly higher and growing.
https://www.kansascity.com/news/politics-government/article250557659.html
The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.
Best-in-class cyberdefense technologies have been available on the market for years, yet the U.S. government has failed to adopt them, opting instead to treat cybersecurity like a counterintelligence problem and focusing most of its resources on detection. Yet the government’s massive perimeter detection technology, Einstein, failed to detect the SolarWinds intrusion—which lays bare the inadequacy of this approach.
https://www.lawfareblog.com/us-government-needs-overhaul-cybersecurity-heres-how
Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
According to a draft executive order seen by some reporters and selected experts, government contractors would be required to report attacks on their networks and software to federal government customers within a few days of discovery, much the same way the EU's GDPR mandates data breach disclosures to regulatory authorities within 72 hours of discovery.
https://www.csoonline.com/article/3614388/experts-fear-that-biden-s-cybersecurity-executive-order-will-repeat-mistakes-of-the-past.html
Biden administration plans to name former senior NSA officials to White House cyber position and head of CISA [Subscription]
The nomination of former NSA deputy director John C. “Chris” Inglis ends months of speculation about whom the Biden administration would appoint to the White House position, and comes after bipartisan pressure from lawmakers to fill the job they created in legislation that passed in December.
https://www.washingtonpost.com/national-security/former-senior-nsa-officials-named-to-white-house-cyber-position-and-head-of-dhs-cyber-agency/2021/04/11/b9d408cc-9b2d-11eb-8005-bffc3a39f6d3_story.html
Ontario regional government victim of third-party cyberattack
The Regional Municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario including the City of Oshawa, said in an email it “recently became aware of a cybersecurity incident that occurred with a third-party software provider which impacted the region.”
https://www.itworldcanada.com/article/ontario-regional-government-victim-of-third-party-cyber-attack/445791
Israel appears to confirm it carried out cyberattack on Iran nuclear facility
Israel appeared to confirm claims that it was behind a cyber-attack on Iran’s main nuclear facility on Sunday, which Tehran’s nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators. [...] The attack on Natanz came five days after an apparent Israeli mine attack on an Iranian freighter in the Red Sea[.]
https://www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility
China launches hotline for netizens to report 'illegal' history comments
The tip line allows people to report fellow netizens who “distort” the Party’s history, attack its leadership and policies, defame national heroes and “deny the excellence of advanced socialist culture” online, said a notice posted by an arm of the Cyberspace Administration of China (CAC) on Friday.
https://www.reuters.com/article/us-china-cyberspace-history-idUSKBN2BY08Z
High-Profile Hacks Are Making Privacy Experts Nervous
U.S. officials appear to be “floating trial balloons,” to gauge public sentiment around additional government surveillance of U.S. networks before moving to garner support for it, said the American Civil Liberties Union’s Jennifer Granick. "Every time something happens, more surveillance is always the first stop shop," said Granick, a cybersecurity lawyer. "That raises huge civil liberties concerns.”
https://www.bloomberg.com/news/newsletters/2021-04-06/high-profile-hacks-are-making-privacy-experts-nervous
No password required: Mobile carrier exposes data for millions of accounts
Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.
https://arstechnica.com/information-technology/2021/04/no-password-required-mobile-carrier-exposes-data-for-millions-of-accounts/
Scraped data of 1.3 million Clubhouse users published online
It is worth noting that details about the origin of the data such as whether Clubhouse suffered a data breach or the information was collected through web scraping remained unclear. However, Clubhouse was quick to react to address the issue on Twitter and rubbished rumors that the app has suffered a data breach.
https://www.hackread.com/scraped-clubhouse-database-leaked-online/
Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers
The three Cisco router models (RV110W, RV130, and RV215W) and one VPN firewall device (RV130W) are of varying age and have reached “end of life” and will not be patched, according to Cisco. The company is advising customers to replace the equipment.
https://threatpost.com/zero-day-bug-soho-routers/165321/
Texan's alleged Amazon bombing effort fizzles: Militia man wanted to take out 'about 70 per cent of the internet'
He allegedly said he hoped to bring down "the oligarchy" running the United States. Pendley was supposed to pick up his explosives on April 8. He got inert devices instead and then he got arrested by the FBI. If convicted, Pendley faces up to 20 years in prison.
https://www.theregister.com/2021/04/09/amazon_bombing_plot/
|
