Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 5-7-2021

Malicious Office 365 Apps Are the Ultimate Insiders
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.
https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/
 
CaptureRx Data Breach Impacts Healthcare Providers
At least three American healthcare providers have suffered a data breach after a cyber-attack on an administrative services company in Texas. [...] HIPAA Journal reports that CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.
https://www.infosecurity-magazine.com/news/capturerx-data-breach-impacts/
 
6 ways to spur cybersecurity board engagement
"Let's face it: Typically, a board is composed of 60- to 75-year-old men who had some success in business, probably before or in the early days of the internet." [...] As such, their presentations to boards -- which typically care about financial profitability rather than technical proficiency -- fall flat, ultimately leaving security teams without the support and resources they need to appropriately mitigate threats to the business.
https://searchsecurity.techtarget.com/feature/6-ways-to-spur-cybersecurity-board-engagement
 
The need for privacy in vaccine passport policies
Those who won’t travel and do not consent to their data being collected and shared, what rights do they preserve during a pandemic? Will their data be shared regardless of their refusal to consent? After we return to normalcy, will that data be used for political purposes? Could it be used for commercial purposes? Or worse, could it be used to discriminate against those who approached the pandemic “outside the norm?”
https://medcitynews.com/2021/05/the-need-for-privacy-in-vaccine-passport-policies/
 
Surge in cyber attacks leads to ‘massive cost’ for manufacturers – report
Half of manufacturing firms have been the victim of cyber crime during the last year after thousands of organisations moved their staff to remote working because of the Covid crisis, new research suggests. [...] One in four companies has reported losses of up to £25,000 for each cyber breach and 6% lost at least £100,000, said the manufacturers’ organisation.
https://uk.finance.yahoo.com/news/surge-cyber-attacks-leads-massive-230100431.html
 
Financial Firms Report Puzzling 30% Drop in Breaches as Incidents Rise
Kroll argued that the disparity could be explained by more organizations pulling back, after an initial period of over-reporting following the introduction of the GDPR. In many cases, legal counsel is recommending firms not to notify if they think reporting thresholds around whether data subjects were “harmed” are not met, it said.
https://www.infosecurity-magazine.com/news/financial-breach-reports-drop-30/
 
House members to try again on state and local cyber grants
“As the ever-increasing number of ransomware attacks on state and local governments demonstrates, adequate investment in cybersecurity has been lacking, and more resources are needed,” Clarke said, citing recent incidents such as the theft and publication of data last week from the Washington, D.C., Metropolitan Police Department by actors associated with the Babuk ransomware.
https://statescoop.com/house-state-local-cybersecurity-grant-again/
 
LAWMAKERS SEARCH FOR SOLUTION TO RANSOMWARE PANDEMIC
Adding to the problem is the cooperation between some ransomware groups and the governments of some of the countries from which they operate. In April, the Department of the Treasury formally tied the Evil Corp cybercrime and ransomware group to the Russian FSB intelligence service. The U.S. government has also tied the government of North Korea to ransomware operations and said that the operations help fund the government’s activities.
https://duo.com/decipher/lawmakers-search-for-solution-to-ransomware-pandemic
 
How China turned a prize-winning iPhone hack against the Uyghurs
The US collected the full details of the exploit used to hack the Uyghurs, and it matched Tianfu’s Chaos hack, MIT Technology Review has learned. [...] The US quietly informed Apple, which had already been tracking the attack on its own and reached the same conclusion: the Tianfu hack and the Uyghur hack were one and the same. The company prioritized a difficult fix.
https://www.technologyreview.com/2021/05/06/1024621/china-apple-spy-uyghur-hacker-tianfu/
 
Intrusion Truth details work of suspected Chinese hackers who are under indictment in US
Now, the group known only as Intrusion Truth says it has discovered the roots of Li and Dong’s collaboration, and the alias that Li used on a Chinese hacking forum. The two men allegedly reused email addresses and phone numbers in registering front companies, a slip-up that Intrusion Truth says it used to track their activities.
https://www.cyberscoop.com/intrusion-truth-china-hacking-coronavirus/
 
NY AG finds nearly 82% of net neutrality comments to the FCC were fake
"The OAG found that millions of fake comments were submitted through a secret campaign, funded by the country's largest broadband companies, to manufacture support for the repeal of existing net neutrality rules using lead generators," the report says. "And millions more were submitted by a 19- year old college student using made-up identities."
https://www.protocol.com/fcc-net-neutrality-fake-comments
 
Qualcomm vulnerability impacts nearly 40% of all mobile phones
A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations. [...] "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones."
https://www.bleepingcomputer.com/news/security/qualcomm-vulnerability-impacts-nearly-40-percent-of-all-mobile-phones/
 
Security researchers found 21 flaws in this widely used email server, so update immediately
The bugs are a potentially major threat to internet security given that nearly 60% of internet servers run on Exim mail transfer agent (MTA) software and is by far the most widely used email server. As Qualys points out, IoT search engine Shodan returns 3.8 million results for Exim servers exposed on the internet, of which two million are located in the US.
https://www.zdnet.com/article/security-researchers-found-21-flaws-in-this-widely-used-email-server-so-update-immediately/
 
Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
vManage is a centralized network management system that provides a GUI interface to easily monitor, configure and maintain all devices and links in the overlay SD-WAN. According to Cisco’s Wednesday advisory, there are five security holes in the software, the first four only exploitable if the platform is running in cluster mode[.]
https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/
 
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
13 days after the student executed the 'cracked' software, a remote desktop protocol (RDP) connection was registered by the institute, using the student's credentials, under the name "Totoro," -- an anime character from a 1988 film. [...] The team believes that access to the institute was sold on in an underground market, and the RDP connection may have been made in order to test access. It was 10 days after this connection was made that Ryuk was deployed on the network, costing the institute a week of research data as backups were not fully up-to-date.
https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/
 
Signal’s smartass ad exposes Facebook’s creepy data collection
The privacy-focused messaging app tried to buy “multi-variant targeted” ads on Instagram to show what parent company Facebook knows about its users. [...] “The ad would simply display some of the information collected about the viewer which the advertising platform uses,” Signal said in a blog post. “Facebook was not into that idea.”
https://thenextweb.com/news/signals-instagram-ad-exposes-facebook-targetted-ads-data-collection

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe