Pete Recommends – Weekly highlights on cybersecurity issues – October 30, 2022

Subject: Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too
Source: ZDNET
https://www.zdnet.com/article/criminals-are-starting-to-exploit-the-metaverse-says-interpol-so-police-are-heading-there-too

An international police organization is using the metaverse and wants to understand how crime could evolve. The International Criminal Police Organization, aka Interpol, has launched its ‘global police Metaverse’ as part of an effort to train members how to police in a virtual world.

Last week, Interpol unveiled what it says is the “the first ever Metaverse specifically designed for law enforcement worldwide.” It says the “Interpol Metaverse” gives officers around the world the tools for cross-border knowledge sharing via avatars, and to take immersive training in forensic investigation and other policing activities. Interpol has also created an expert group on the metaverse to represent law enforcement concerns about the new virtual world. “Criminals are already starting to exploit the Metaverse,” Interpol warned.

“The Metaverse has the potential to transform every aspect of our daily lives with enormous implications for law enforcement,” said Madan Oberoi, Interpol executive director of technology and innovation.

Filed: https://www.zdnet.com/topic/security/


Subject: FBI warning – This ransomware group is targeting poorly protected VPN servers
Source: ZDNET
https://www.zdnet.com/article/fbi-warning-this-ransomware-group-is-targeting-poorly-protected-vpn-servers/

Attackers are using VPN servers to gain access, and then SSH and RDP to spread through networks.

The FBI and other agencies are warning of a rise in Daixin Team ransomware and data extortion attacks on healthcare providers.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) has issued a joint warning about Daixin Team activity against the healthcare and public health sector since June 2022.

The group has used ransomware to encrypt servers providing services for electronic health records, diagnostics, imaging, and intranet. They have also exfiltrated personal identifiable information and patient health information.

The agencies are warning health providers to secure VPN servers as this was how the group gained access to previous targets, including exploiting an unpatched flaw in the victim’s VPN server. In another confirmed case, the actors used previously compromised credentials to access a legacy VPN server where multi-factor authentication (MFA) was not enabled. The actors are believed to have acquired the VPN credentials through a phishing email with a malicious attachment.

Filed: https://www.zdnet.com/topic/security/


Subject: NIST Announces New Internet of Things Advisory Board
Source: Nextgov
https://www.nextgov.com/emerging-tech/2022/10/nist-announces-new-internet-things-advisory-board/378861/

A total of 16 professionals, mainly from the public sector, will advise the federal IoT Working Group on opportunities and hindrances for the technology’s development.Sixteen professionals hailing from the private and public sectors will form the inaugural Internet of Things Advisory Board within the Department of Commerce, a body of experts whose job will be to advise the larger IoT Federal Working Group.

The advisory group, created pursuant to the 2021 National Defense Authorization Act, will discuss the federal regulations and policy decisions that could provide “significant and scalable” IoT innovation and highlight opportunities where greater connectivity could provide solutions to societal problems, such as transit technology and improved supply chains.

Other industries that the board will study for potential benefits from sophisticated IoT policies and technology include sustainable infrastructure projects, public safety and healthcare.

Topics:


Subject: Should you log in with Facebook or Google on other sites or apps? Short answer: No
Source: Washington Post
https://www.bespacific.com/sign-in-google-facebook/

Washington Post: “…This month, Facebook warned a million Facebook users their accounts might have been compromised by 400 malicious apps that were designed to trick them into handing over their Facebook log-in information. Criminals were making fake log-in buttons. And I’d like to share a doozy of a cautionary tale: …–


Subject: Public Entities in Nearly Every State Use Federally-Banned Foreign Tech, Report Says
Source: Nextgov
https://www.nextgov.com/cybersecurity/2022/10/public-entities-nearly-every-state-use-federally-banned-foreign-tech-report-says/378957/

A new report from Georgetown University’s Center for Security and Emerging Technology found that at least 1,681 state and local governments purchased equipment from five Chinese companies that were banned by the federal government between 2015 and 2021.

The report, which examined public government procurement records provided by GovSpend, found that at least 1,681 state and local entities in 49 states purchased information and communications technology and services, or ICTS, from five banned Chinese companies between 2015 and 2021.

Section 889 of the 2019 National Defense Authorization Act prohibited federal agencies from using technologies or services provided by those five Chinese companies—Huawei, ZTE, Hikvision, Dahua and Hytera—as well as from working with any contractors that use equipment from those firms. As the report noted, Section 889 “is the first and most well-known regulation targeting foreign ICTS on the grounds of national security.”

Topics:


Subject: Thomson Reuters collected and leaked at least 3TB of sensitive data
Source: Cybernews
https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/

cybernews: “Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.

Filed in Cybernews: https://cybernews.com/security/

Posted in: AI, Big Data, Criminal Law, Cybercrime, Cybersecurity, Government Resources, Healthcare, KM, Legal Research, Privacy, Social Media