This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Stan’s Top of the News
Our top stories again feature AI this week. The Scientific American article is fascinating for what it shows about how AI models self-organize. The second story is a warning from CISA Director, Jen Easterly.
- How AI Knows Things No One Told It: Researchers are still struggling to understand how AI models trained to parrot internet text can perform advanced tasks such as running code, playing games and trying to break up a marriage. From <https://www.scientificamerican.com/article/how-ai-knows-things-no-one-told-it/>
- Top US cyber official warns AI may be the ‘most powerful weapon of our time’: CISA Director Jen Easterly said the rapid advances in technologies such as ChatGPT could be used by adversaries to carry out cyberattacks. From <https://cyberscoop.com/easterly-warning-weapons-artificial-intelligence-chatgpt/>
New. Family Protection Newsletter: Did you know we created the Family Protection Newsletter, for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. We feature info on how to freeze your credit and what ‘marriage scams’ are in Edition 1. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription!
How Hackable Are You? Take our test. Find out how hackable you are and download our free 8-step guide.
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Please take our short quiz as your answers will help you and guide us to improve community safety.
Upcoming events. Please join us.
- Invasion of the Body & Mind (Data) Snatchers: What you need to know. What you need to do. May 25, 11:00 am – 12:30 pm PT.
- Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, July 11, 1:00 pm – 2:00 pm PT. There is no meeting in June.
Cybersecurity Nonprofit of the Week … The Institute for Security and Technology.
Kudos this week to The Institute for Security and Technology and their Ransomware Task Force (RTF). The Task Force aims to equip businesses, organizations, and governments of all sizes to prepare for ransomware attacks, effectively respond, and quickly recover. The Task Force has published the Cyber Incident Reporting Framework and the Blueprint for Ransomware Defenserepresenting a set of foundational and actionable safeguards derived from the Center for Internet Security’s Critical Security Controls. Like SecureTheVillage, the Institute is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits.
Live on Cyber with Dr. Stan Stahl – Live on LinkedIn and Your Favorite Podcast Platform
SecureTheVillage to Launch Cybersecurity Pilot Program: (Video) (Podcast):
This week Stan and Julie announce some exciting news. SecureTheVillage is a recipient of an inaugural grant of the Center for Internet Security’s Alan Paller Laureate Program. The grant will be used to launch a Cybersecurity Pilot Program to measurably improve the cybersecurity practices of small to mid-sized organizations in the greater Los Angeles area. … Join Stan and Julie as they look back on Alan Paller’s vital role in information security and how proud they are of the opportunity SecureTheVillage has to build on his legacy. … Stan and Julie comment on the program’s importance, illustrating it with all too sad stories of how devastating cybercrime can be for smaller organizations and the impact it has on families. … They outline SecureTheVillage’s innovative village-based approach towards meeting the special challenges of smaller organizations and how it builds on the ground breaking work of others. … As always, Stan and Julie provide actionable tips and thoughtful wisdom in an engaging conversation on the complexities of cybersecurity and privacy.
Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Microsoft Patch Tuesday, May 2023 Edition: Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. From <https://krebsonsecurity.com/2023/05/microsoft-patch-tuesday-may-2023-edition/>
New versions of utility scams popping up and consumers need to be prepared: Utility scams have returned to the scene. ConsumerAffairs has noticed recent spikes in Florida, Arkansas, New Jersey, California, and Arizona. In California alone, based on data collected so far this year, scammers are on their way to doing 57,000 scam attempts in 2023 and snagging $1.26 million from PG&E customers. But this time, it’s not the same old utility yadda yadda. This time, scammers are using QR codes and text messages in addition to phone calls to pull off their con job. From <https://www.consumeraffairs.com/amp/news/new-versions-of-utility-scams-popping-up-and-consumers-need-to-be-prepared-051223.html>
Google promised to delete sensitive data. It logged my abortion clinic visit.: Our investigation finds Google still retains location data about users who visit clinics, hospitals and other ‘particularly personal’ locations, despite Google’s commitment to delete it. WaPo Free Link: https://wapo.st/3pBA0R4
Section 3 – Cybersecurity News for the Cyber-Concerned.
Government cybercrime fighters have been active this week.
- U.S. Says It Dismantled Russia’s ‘Most Sophisticated’ Malware Network: The Justice Department said the F.B.I. had turned the structure of the Russian intelligence service’s “Snake” network for spying on computers against itself. NY Times Free Link.
- Feds Take Down 13 More DDoS-for-Hire Services: The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters. From <https://krebsonsecurity.com/2023/05/feds-take-down-13-more-ddos-for-hire-services/>
- Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested: The National Police of Spain said it arrested 40 individuals for their alleged involvement in an organized crime gang called Trinitarians. Among those apprehended include two hackers who carried out bank scams through phishing and smishing techniques and 15 other members of the crime syndicate, who have all been charged with a number of offenses such as bank fraud, document forgery, identity theft, and money laundering. From <https://thehackernews.com/2023/05/spanish-police-takes-down-massive.html>
- U.K. man pleads guilty to hack on Twitter accounts of Joe Biden and Elon Musk: A U.K. man pleaded guilty to helping orchestrate a high-profile hack on the Twitter accounts of numerous celebrities and politicians including Elon Musk, Joe Biden and Kanye West. Joseph O’Connor, 23, who is known under an online alias as “PlugwalkJoe,” submitted his guilty plea in a New York court on Tuesday, according to a Department of Justice press release. He was extradited from Spain last month. From <https://www.nbcnews.com/news/us-news/uk-man-pleads-guilty-hack-twitter-accounts-joe-biden-elon-musk-rcna83709>
- Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term: Engineer tried to claim that the hack was an “unsanctioned security drill.” From <https://arstechnica.com/tech-policy/2023/05/ex-ubiquiti-engineer-behind-breathtaking-data-theft-gets-6-year-prison-term/>
Several cybercrime stories made the news this week, including continuing cybercrime messes in Dallas and Curry County, Oregon.
- Ransomware full recovery could take months, Dallas officials say: The city says investigations and monitoring are still ongoing. “We are going to be working at this for weeks and months to do all the clean up,” Brian Gardner, the city’s chief information security officer, told The Dallas Morning News Thursday. From <https://www.dallasnews.com/news/politics/2023/05/11/ransomware-full-recovery-could-take-months-dallas-officials-say/>
- Curry County systems still down several weeks after ransomware attack: CURRY COUNTY, Ore. — Curry County’s systems are still down after data was stolen in a ransomware attack. “Curry County’s digital footprint has been completely wiped away,” said Curry County Commissioner Brad Alcorn. “Our ability to provide service to the people in Curry County has been completely disrupted.” From <https://www.kdrv.com/news/local/curry-county-systems-still-down-several-weeks-after-ransomware-attack/article_cbbc29d2-f023-11ed-9666-a340ea782ed5.html>
- More than 1 million people have SSNs leaked after cyberattack on hospital technology giant: Hospital technology giant NextGen Healthcare said hackers accessed the personal information of more than 1 million people during a cyberattack in March. The multibillion-dollar healthcare company produces electronic health record (EHR) software and practice management systems for hundreds of the biggest hospitals and clinics in the U.S., U.K., India and Canada. From <https://therecord.media/hackers-accessed-data-on-more-than-one-million-people-after-healthcare-tech-breach>
- Credential Stuffing Attack Exposed United HealthCare Member Data: United HealthCare (UHC) has started notifying certain members that some of their protected health information may have been disclosed to unauthorized individuals as a result of credential stuffing attacks on the UHC mobile application. Credential stuffing is a type of attack where username and password combinations obtained in a breach at one platform are used to access accounts on an unrelated platform. These attacks can only succeed if usernames and passwords have been reused on multiple platforms. From <https://www.hipaajournal.com/credential-stuffing-attack-exposed-united-healthcare-member-data/>
- Cyberattacks on hospitals are growing threats to patient safety, experts say: The number of attacks on U.S. hospitals each year doubled between 2016 and 2021. From <https://abcnews.go.com/Health/cyberattacks-hospitals-growing-threats-patient-safety-experts/story?id=99115898>
- FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks: The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. The U.S. Cybersecurity & Infrastructure Security Agency mentions that the threat actor has focused their attacks on the education sector, which has a significant public exposure of the flaw. From <https://www.bleepingcomputer.com/news/security/fbi-bl00dy-ransomware-targets-education-orgs-in-papercut-attacks/>
- Payment software giant AvidXchange suffers its second ransomware attack of 2023: Hackers have published a trove of sensitive data stolen from payment software company AvidXchange after the company fell victim to ransomware for the second time this year. From <https://techcrunch.com/2023/05/03/avidxchange-second-ransomware-attack-2023/>
- Capita warns customers they should assume data was stolen: Business process outsourcing firm Capita is warning customers to assume that their data was stolen in a cyberattack that affected its systems in early April. From <https://www.bleepingcomputer.com/news/security/capita-warns-customers-they-should-assume-data-was-stolen/>
While this next story goes down a rabbit hole, it also points to a major unpatchable system vulnerability in computers using MSI technology.
- Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack: With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle. A ransomware intrusion on hardware manufacturer Micro-Star International, better known as MSI, is stoking concerns of devastating supply chain attacks that could inject malicious updates that have been signed with company signing keys that are trusted by a huge base of end-user devices, a researcher said. … “It’s kind of like a doomsday scenario where it’s very hard to update the devices simultaneously, and they stay for a while not up to date and will use the old key for authentication,” Alex Matrosov, CEO, head of research, and founder of security firm Binarly, said in an interview. “It’s very hard to solve, and I don’t think MSI has any backup solution to actually block the leaked keys.” From <https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/>
Section 4 – Managing Information Security and Privacy in Your Organization.
If you have remote workers, share this with them.
- 8 habits of highly secure remote workers: Working remotely has become the new norm for many. Here are some tips to securely work from any location of your choice. From <https://www.zdnet.com/article/eight-habits-of-highly-secure-remote-workers/>