Cyber Attacks, Threats, and Vulnerabilities
EKANS Ransomware and ICS Operations (Dragos) EKANS ransomware emerged in mid-December 2019, and Dragos published a private report to Dragos WorldView Threat Intelligence customers early January 2020.
How an Army vet became the ‘Cyber Rambo’ in an alleged Bolivian coup (Army Times) Suarez created an algorithm to do automated retweets.
Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break (BleepingComputer) A sophisticated browser locker campaign that ran on high-profile pages, like Microsoft Edge's home or popular tech sites, was deactivated this week after in-depth research was published.
Bad Rabbit Ransomware (KnowBe4) Bad Rabbit first appeared in October of 2017 with a worldwide campaign targeting organizations in Russia, Ukraine and the U.S. Investigators now believe the ultimate goal was not ransom, but gaining undetected access and maintaining it long term.
Watch Out for Coronavirus Phishing Scams (Wired) At least one email campaign is preying on fears by claiming to offer info about the Wuhan coronavirus.
Hackers using coronavirus scare to spread Emotet malware in Japan (TechRepublic) Cybercriminals are using global fears about the virus to spread the Emotet trojan.
Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II) (Check Point Research) Research by Ronen Shustin Cloud Attack Part II In the previous part we talked about the Azure Stack architecture and mentioned that it can be extended with features that are not part of its core. Using the ability to research cloud components offline, we took this opportunity to research Azure App Service. In this part,... Click to Read More
Devious Spamhaus Phishing Scam Warns You're on an Email Block List (BleepingComputer) A new phishing campaign distributing malware pretends to be from the Spamhaus Project warning that the recipient's email address has been added to a spam block list due to sending unsolicited email.
Detecting Citrix CVE-2019-19781 (CISA) Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1]
Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations were likely to be targeted once exploit code began circulating on the internet a few weeks later.
Twitter Removes GOP-Run Account That Impersonated Democrat (Wall Street Journal) The social-media platform took down an account run by the state Republican Party that was named after Democratic gubernatorial candidate Dan Feltes and posted content attacking him.
()
Texas PUC website 'defaced' in low-level attack as state inks new cybersecurity contract (Utility Dive) While the hacker claimed to be Iranian, state officials say they have no evidence of a link to the Middle Eastern nation.
Access Health reports over 1,000 consumers’ information compromised in data breach (FOX 61) Access Health CT reported that around 1,100 consumers' personal information may have been compromised in a data breach.
Pennsylvania hospital investigates payroll system data breach (Beckers Hospital Review) Meadville (Pa.) Medical Center began notifying employees Jan. 23 about a data breach within its payroll system, according to the Meadville Tribune.
Toll Group shuts down several systems after suspected cyber attack - (Splash 247) Australian transport and logistics company Toll Group has had to shut down a number of systems in response to a suspected cyber security incident. The company said it is investigating the cause of the incident. “We expect several Toll customer-facing applications to be impacted as a result. Our immediate priority is to resume services to …
College campuses in Dundee and Angus to close for a day following Friday cyber attack (The Courier) All Dundee and Angus college campuses will be closed on Monday following a cyber attack.
Cyber attack takes down high school district's server and phone system (Mountain View Voice) The Mountain View-Los Altos High School District was the victim of a ransomware attack Wednesday that took down the phone system and blocked access to files stored on the district's server.
St. Landry School Board members updated on system restoration after cyber attack (KATC) Weeks after a cyber attack crippled computers within the St. Landry school system, officials were updated on the restoration progress.
LifeLabs data breach may impact almost everyone in B.C. (Castanet) New evidence shows 4.7 million people in B.C. may have had their privacy breached following a hack at LifeLabs.
Travelex recovers UK website after ransomware hit (Reuters) Travelex said it had partially restored its UK website, almost a month after a c...
Arizona Department of Education release unwittingly reveals student data (Tucson Sentinel) The Arizona Department of Education has asked a Phoenix reporter to destroy records it sent him that later revealed parent names and account information of more than 7,000 students in the Empowerment Scholarship Account program.
List of data breaches and cyber attacks in January 2020 – 1.5 billion records breached (IT Governance UK Blog) The first month of the new decade began with 61 data breaches and cyber attacks accounting for 1,505,372,820 compromised records.
Cyber Trends
()
Why You Don’t Need to Be Bezos to Worry About Spyware (Washington Post) The news that an iPhone owned by Amazon.com Chief Executive Officer Jeff Bezos had been hacked prompted widespread speculation about how it happened and whether the Saudi crown prince may have been involved, as some investigators have alleged. But it also led many people to wonder whether their own phone might be turned against them.
Marketplace
Iran, Bezos and 2020 elections: Cybersecurity firms are in demand this year (CNN) As US officials braced for a possible Iranian cyberattack this month following the killing of top military general Qasem Soleimani, a trio of cybersecurity companies ventured to Capitol Hill.
Could the Coronavirus outbreak create a global electronics shortage? (The Telegraph) At the end of the lunar new year, millions of Chinese workers who travel across the country to visit family return to manufacturing hubs like Shenzhen, Ningbo and Guangzhou.
Huawei’s Catch-22 - The Commentator (The Commentator) On January 24th, the U.S. Commerce Department’s plan to further limit trade with Chinese tech giant Huawei (pronounced Wah-Way) was thwarted with the Pentagon opposing the ruling. At first glance, the headline seems confusing and conflicting as the Pentagon had been fighting tooth and nail to try to limit Huawei’s presence in the U.S — …
Maryland Lt.-Gov. recruiting Israeli hi-tech companies to his state (The Jerusalem Post) Rutherford presented at Cybertech and then he and his team met with several promising Israeli companies
Products, Services, and Solutions
Fortinet’s FortiWeb Cloud Powers Continent 8’s New WAF-as-a-Service Offering (Globe Newswire) Continent 8 Technologies, a leading provider for managed hosting, networking, security, and cloud infrastructure managed services, today unveiled its new Cloud WAF product powered by Fortinet’s FortiWeb Cloud. Combined with Fortinet’s solution, Continent 8’s Cloud WAF secures their customers’ applications, no matter where they are hosted.
DigiCert launches two new PKI tools to provide fast, flexible PKI deployment (Help Net Security) DigiCert, the world’s leading provider of TLS/SSL, IoT and PKI solutions, announced two new PKI tools: IoT Device Manager and Enterprise PKI Manager.
Technologies, Techniques, and Standards
How to avoid the mistakes made in the UN data breach (TechRepublic) Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here's how your organization can avoid the same mistakes.
2020’s first election security test: Iowa (POLITICO) The nation’s first caucuses Monday may be almost as low-tech as it gets, but it still faces threats from hackers.
Iowa Will Be the First Test Case for 2020 Election Security (New York Times) The good news is that caucuses are inherently safer than traditional elections. But campaigns remain dangerously exposed to hackers, and election systems in many states are still vulnerable.
Iowa Caucuses to Be Testing Ground for Efforts to Protect Voting From Hackers (Wall Street Journal) With Iowans kicking off the 2020 presidential election season, there is also a race to protect voting from cyberattacks and other intrusions.
John Odum: Newest elections technology might not be the best (Vermont Digger) Using technology to make improvements in our lives is obviously a good thing so long as we answer a fundamental question: Is it the right tool for the right job.
Election Officials Get Training Before 2020 Voting Begins (EDGE Media Network) When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security.
A Framework for Measuring InfoSec as a Business Function (Security Magazine) In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there.
Research and Development
Explained: The Artificial Intelligence Race is an Arms Race (The National Interest) Whoever wins it will have an advantage in every conflict around the world.
Legislation, Policy, and Regulation
Financial tech firms disagree on ban of customer data screen-scraping (Naked Security) They use it to offer things like budgeting apps. It puts passwords and privacy at risk, but some say they can’t afford to build APIs instead.
US upping pressure on Switzerland to drop Huawei technology (SWI swissinfo.ch) US authorities have contacted the Swiss foreign ministry several times in recent weeks to raise concerns about espionage and the Chinese technology.
BT will build UK’s emergency network using Huawei kit despite security concerns (The Telegraph) BT will use Huawei kit to build a telecoms network for Britain’s emergency services despite government advice that it could pose a security threat.
Britain Knows It's Selling Out Its National Security to Huawei (Foreign Policy) London’s justification for cooperating with the Chinese telecommunications company is riddled with obvious contradictions.
()
Europe shows it will not blindly do US bidding (China Daily) The Tuesday decision by the British government led by Prime Minister Boris Johnson to allow Huawei to participate in the country's 5G network has dealt a major blow to those in Washington who have been hysterically trying to pressure and intimidate the United States' allies to exclude the Chinese telecommunications giant.
Pentagon finalizes first set of cyber standards for contractors (Fifth Domain) The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0.
The military's contractor cyber standards are officially here (FedScoop) The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday. Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Defense Department contracts. The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that work …
US Interior Dept extends drone grounding over foreign hacking fears (Naked Security) The DOI has doubled down on a previous order, keeping the agency’s drones grounded for another 30 days for a more in-depth security review.
()
West Virginia plans to make smartphone voting available to disabled people for 2020 election (NBC News) Cybersecurity experts have long railed against voting apps, saying that any kind of online voting unnecessarily increases security risks.
Litigation, Investigation, and Law Enforcement
Data Breach Litigation Preparation: What should organizations consider when notifying consumers of a data breach? (Lexology) As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory…
AIG must cover client's $5.9 million in cyber-related losses, judge rules (CyberScoop) Insurance giant AIG must cover nearly $6 million in losses for a client that was fleeced by an email scam carried out by suspected Chinese hackers, a federal court has decided.
Senator asks intelligence community to look into Jeff Bezos phone hacking (Federal News Network) After one of the world’s wealthiest individuals had his phone hacked, Connecticut Sen. Chris Murphy wants intelligence agencies to investigate.
New Senate Intel report on Russia's election interference expected next week (TheHill) A new bipartisan report from the Senate Intelligence Committee on Russia's election interference is expected to be released next week, lawmakers said Friday.
Raytheon engineer arrested for taking US missile defense secrets to China (Quartz) The case revolves around a laptop on the lam.
Carriers ‘violated federal law’ by selling your location data, FCC tells Congress (TechCrunch) More than a year and a half after wireless carriers were caught red-handed selling the real-time location data of their customers to anyone willing to pay for it, the FCC has determined that they committed a crime. An official documentation of exactly how these companies violated the law is forthco…
FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data (Vice) One year later, FCC boss Ajit Pai suggests one or more major carriers could be fined.
()
Lindsey Graham: Senate Intelligence Committee will call Ukraine whistleblower (Washington Examiner) The Senate Intelligence Committee plans to call the whistleblower whose complaint was the impetus for impeachment proceedings against President Trump, according to a top Republican senator.
National security adviser Robert O'Brien "very confident" NSC didn't leak Bolton manuscript (CBS News) "I am very confident that the leaks of that book did not come from the NSC," the national security adviser told CBS News' "Face the Nation."
Men arrested on suspicion of connection with €13m cyber-attack on Malta bank (The Irish Times) North’s National Crime Agency boss says ‘large amount’ of proceeds ‘funnelled through bank account in Belfast’
Canadian insurer paid for ransomware decryptor. Now it's hunting the scum down (Register) A curious tale of Bitcoin exchanges and the High Court
Craigslist ad led agents to Navy tech’s stash of child porn: feds (New York Post) A US Navy information systems technician who posted an explicit Craigslist ad looking for sex with a “young” girl has been busted for child porn.