Inside Security - December 2nd, 2019

Inside Security (Dec 2nd, 2019)

T-System hit by ransomware / EU probes Google data practices / Sandworm adds bogus apps to Google Play

Subscribe | View in browser

1. T-System, a provider of IT platforms to hospital emergency departments, has apparently been hit by a Ryuk ransomware attack, security researcher German Fernandez revealed in a Twitter post. Over 40 percent of U.S. hospitals use T-System products, according to the researcher. Coincidentally, the Department of Health and Human Services' Office of Civil Rights has just released advice to healthcare organizations on how to prevent, mitigate, and respond to ransomware attacks. The T-System website remains offline at press time. -- GERMAN FERNANDEZ / TWITTER

2. The European Union (EU) is undertaking a new investigation into Google's data collection practices, Reuters reports. The European Commission, the EU's executive branch, has sent letters to firms that work with Google to get information on their data sharing agreements with the tech giant. The commission is focusing on data generated from local search services, online advertising, online ad targeting services, login services, and web browsers. The EU has already fined Google more than €8 billion, or nearly $9 billion, for anticompetitive and privacy violations. -- THE GUARDIAN

3. Google Threat Analysis Group has detected bogus Android apps uploaded to the Google Play store by the hacker group known as Sandworm. The group, which allegedly has ties to the Russian government and was behind the NotPetya malware attacks, is targeting Android users in South Korea and Ukraine. In a blog post, Google said it also detected what appeared to be Russian disinformation campaigns in a number of African countries. -- NAKED SECURITY

4. A hacker is selling data stolen from 21 million users of the music streaming service Mixcloud on the dark web. The leaked data includes usernames, email addresses, hashed password strings, users’ nationality, registration dates, last login dates, and IP addresses. The hacker, who provided data samples to journalists, apparently broke into the service on or before Nov. 13, based on the registration date of the last user profile in the data breach. Mixcloud confirmed the breach in a security notice and recommended that users change their passwords. -- ZDNET

5. An audit by the New York State Comptroller's Office found that the city of Middletown had failed to implement sufficient IT security policies and procedures to protect its water system. The audit noted that the city did not document employee IT security duties, provide security guidance for using portable devices, mandate monitoring of networked water system devices, or offer IT security awareness training to employees. Responding to the audit, Middletown Public Works Commissioner Jacob Tawil said the city had "improved the configuration and monitoring of the SCADA [supervisory control and data acquisition] equipment to address potential security vulnerabilities that were exposed during the cybersecurity audit." -- MID HUDSON NEWS

6. The Indian government is updating its national cybersecurity strategy for the first time since 2013 and seeking public feedback on the update, which is expected to be ready next year. The National Cyber Security Strategy 2020 aims to secure the national cyberspace, strengthen internet infrastructure and processes, and promote cooperation and collaboration among the different stakeholders. The public can comment on the updated strategy on this website by Dec. 31. -- INC42

7. Turkey is hosting Cyber Shield 2019, an international cybersecurity event sponsored by the International Telecommunication Union (ITU), in the capital of Ankara on Dec. 19-20. The event will bring together national cybersecurity teams to engage in malware, phishing, and hacking attack simulations. Cyber Shield 2019 aims to increase incident response capabilities and readiness levels, educate others about cyber risks and their impacts, and expand cooperation among national CERTs to mitigate international cyber threats. In the United States, the Army National Guard sponsors a similar annual Cyber Shield exercise involving National Guard and Reserve cyber experts, as well as private sector participants. -- DAILY SABAH

8. Texas-based SMS texting provider TrueDialog exposed 604GB of data on an unsecured database. Exposed data include millions of usernames and plaintext passwords, as well as personally identifiable information, researchers at vpnMentor found. The database also stored logs that displayed how it was structured and managed. The Elasticsearch database was hosted by Microsoft Azure and ran on the Oracle Marketing Cloud in the United States. TrueDialog was notified of the unsecured database on Nov. 26, and it closed the database the next day. -- IT PRO

9. Android CallerSpy app is a cyberespionage app that is being used for targeted attack campaigns, according to Trend Micro research Ecular Xu. The CallerSpy app, which is marketed as a chat app called Apex App, actually contains no chat features. Instead, it connects to a command and control (C&C) server and schedules jobs to collect call logs, text messages, and files on the mobile device. The collected information is stored in a local database before being uploaded to the C&C server. The same group appears to be behind the Chatrious chat app that was marketed earlier this year. -- TREND MICRO

10. SMS-based phishing, aka "smishing," drones stealing Wi-Fi data, and deepfake technology are expected to be among the biggest emerging cyberthreats next year, predicted Experian's newly released Data Breach Industry Forecast 2020. Other top 2020 threats include hacktivism targeting emerging industries and identity theft targeting mobile point-of-sale systems at large venues. "Hackers are continuing to become more sophisticated with the tools at their disposal to gain control of personal devices and business operating systems," warned Michael Bruemmer, vice president at Experian Data Breach Resolution -- EXPERIAN (reg. req.)

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security