<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/23/2020

SHARE

Top News

DHS Details Risks of Using Chinese Data Services, Equipment

In an advisory this week, the Department of Homeland Security (DHS) warned American organizations of the risks posed by using data services and equipment from firms that have ties to the People's Republic of China (PRC). Both businesses and customers in the United States are at risk due to the PRC's data collection activities, the DHS warns. Some of these risks include the theft of confidential business data, trade secrets and intellectual property, violation of privacy and export laws. READ MORE...

Breaches

Senator: SolarWinds hackers breached 'dozens' of Treasury email accounts

The fallout from a sweeping hacking campaign by suspected Russian operatives continued Monday as Sen. Ron Wyden said that the hackers had breached "dozens of email accounts" of officials at the Treasury Department. The hackers "broke into systems in the Departmental Offices division of Treasury, home to the department's highest-ranking officials," Wyden said after Treasury officials briefed the Senate Finance Committee, where the Oregon Democrat serves as ranking member. READ MORE...

Hacking

Roanoke College delays spring semester after cyberattack

Roanoke College has delayed their spring semester by almost a month after a cyberattack has impacted files and data access. Roanoke College is a private liberal arts college located in Salem, Virginia, with approximately 2,000 students. The college's spring semester was originally scheduled for January 19th, 2021, but due to a December 12th "cyber incident" and spread of Coronavirus, the college has been forced to push back the semester's start to February 8th, 2021. READ MORE...


Joker's Stash Carding Site Taken Down

Joker's Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains. Joker's Stash is a popular cybercriminal destination that specializes in trading in payment-card data, offering millions of stolen credit and debit cards to buyers. In October for instance, Dallas-based smoked-meat franchise Dickey's Barbecue Pit saw 3 million customer payment cards turn up on the site. READ MORE...

Trends

Tech's bigger role in pharma industry demands stronger security measures

For healthcare and pharmaceutical IT professionals, the launch of Amazon Pharmacy in late November signaled the acceleration of digitized pharma. But Amazon's move into prescription fulfillment and delivery should be seen as part of a broader trend. As technology companies big and small move to disrupt healthcare, companies along the pharmaceutical supply chain will need to adapt in order to succeed (and keep succeeding). READ MORE...

Malware

Emotet returns just in time for Christmas

Emotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution campaigns. Once again, and for about two months, the botnet stopped its malspam activity only to return days before Christmas. In typical Emotet fashion, the threat actors continue to alternate between different phishing lures in order to social engineer users into enabling macros. However, in this latest iteration the Emotet gang is loading its payload as a DLL. READ MORE...

Exploits/Vulnerabilities

As technology develops in education so does the need for cybersecurity

The COVID-19 pandemic has had a profound impact on education, bringing about a sudden boom in remote and online learning. While the transition has forced many schools to implement innovative solutions, it has also revealed stark vulnerabilities in their cybersecurity strategies, which is especially concerning given that schools have become a new target for cyber criminals. A big problem is that even before the pandemic, cybersecurity hasn't been a priority in education. READ MORE...


Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools

Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product. The vulnerable instances were discovered across nearly 5.3 million unique assets. READ MORE...

Encryption

Let's Encrypt comes up with workaround for abandonware Android devices

Things were touch-and-go for a while, but it looks like Let's Encrypt's transition to a standalone certificate authority (CA) isn't going to break a ton of old Android phones. This was a serious concern earlier due to an expiring root certificate, but Let's Encrypt has come up with a workaround. Let's Encrypt is a fairly new certificate authority, but it's also one of the world's leading. The service was a major player in the push to make the entire Web run over HTTPS. READ MORE...


ACLU Sues FBI to Learn How It Obtains Data From Encrypted Devices

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices. The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency's Electronic Device Analysis Unit (EDAU) has been acquiring solutions. READ MORE...

On This Date

  • ...in 1929, jazz trumpeter and singer Chet Baker is born in Yale, OK.
  • ...in 1947, the electrical transistor, which revolutionized the electronics field and paved the way for smaller and cheaper technology, is first demonstrated at Bell Labs.
  • ...in 1964, Pearl Jam lead singer and songwriter Eddie Vedder is born in Evanston, IL.
  • ...in 1984, Burt Rutan's experimental Voyager aircraft becomes the first to fly non-stop around the world without refueling.