Category Archives: Breach

Security News for the Week Ending May 6, 2022

Tomorrow is the one-year anniversary of the Colonial Pipeline attack. The government has done more to improve cybersecurity in the last year than it had done in the last 10 years. But there is still a lot more to do.

Jury Finds Norton/Lifelock Infringed on Two Columbia University Patents

Even in the world of cybersecurity, patent infringement is a problem. A jury decided that Norton’s use of emulators to detect malicious behavior violated patents owned by Columbia. Norton says they will stop using the technology and appeal the verdict. Among the Norton products affected are Norton Security and Symantec Endpoint Protection. Since the infringement was deemed to be willful, the judge could triple the $185 million judgement. The suit goes back to 2013. Credit: Data Breach Today

Data Broker Stops Selling Location Data of Planned Parenthood Visitors One Day After Being Outed

Yesterday I read a piece that one of the security trade magazines bought data on visitors to all Planned Parenthood visitors, including where they went after (home) and where they came from before (work). They paid $160. I think the company, SafeGraph, decided the incredibly negative PR wasn’t worth $160, so today they decided to stop selling it. That doesn’t mean other greedy data brokers will do the same – In the U.S. there is nothing illegal about it. Credit: Motherboard by Vice

Cryptocurrency Projects Are As Secure As a Screen Door

In just four days hackers stole over $100 million in cryptocurrency. Who pays for that? Fei Protocol lost $77 million, Saddle Finance $10 million, Deus Finance $13 million and Bored Apes $6 million. There is no government insurance for cryptocurrency owners. Credit: Metacurity

Ukrainians Figure Out How to Beat Russia – Shut Off its Booze

Ukraine’s army of hackers have figured out how to hit Russia where it hurts. Russia requires the booze industry to use a government run portal call EGAIS. Hackers have kept it out of commission, so stores can’t “receive” alcohol, factories can’t accept tanks of alcohol, and distributors can’t ship or receive products. As a result, factories are reducing or stopping production. Interesting attack. Credit: Bleeping Computer

Spain Admits It Hacked Some of its Politician’s Phones

After a week of public reporting that some Spanish politician’s phones had been hacked using the Pegasus spyware, a leading Catalan separatist politician said that Spain’s top intelligence official said that her agency did, in fact, hack some opposing politician’s phones. But, she said, it was all legal. Reports say that the court orders were for far fewer people than Citizen Labs found infected, so who hacked the rest of the phones? If you are high profile in any way you should assume your phone is not secure. Even secure message apps like Signal or iMessage would not be secure since the phone itself is compromised. This follows the disclosure, earlier in the week, that Spain’s Prime Minister and Defense Minister’s phones were both infected with Pegasus spyware by someone. Pegasus is so stealthy that even the government’s cyber sleuths did not detect it until the facts were reported in the media. Credit: ABC News

Treasury Sanctions Cryptocurrency Mixer BLENDER

Mixers are apps that are designed to obfuscate cryptocurrency transactions, to make them harder to track. I am not sure that sanctioning one of the hundreds of these mixers will really help, but I guess it can’t hurt. Credit: The Register

Russia-Ukraine War – Kinetic and Cyber

As this war continues to grind on and the toll on people’s lives and civilian infrastructure is incalculable, the cyber war continues as well.

Here are just a couple of recent Russian cyber-losses.

Petrovsky Fort owns the largest office complexes in Saint Petersburg, Russia’s second largest city. Anonymous hacked over 300,000 of their emails and a total of about 244 gigabytes of data.

The second company hacked was Aerogas. There, hackers leaked 145 gigabytes of data including 100,000 emails. Aerogas is an engineering firm that supports Russia’s oil and gas industry. Do you think that shutting them down might be of interest to some folks? Among their clients are Rosneft, Russia’s largest oil producer and Novatek, their largest natural gas producer.

To make this a little more embarrassing, both companies are owned by the government.

The last announced hack this week is Forest, who is in the logging industry. Hackers released about 40 gigabytes of data including more than 350,000 emails.

What is interesting here is that they are not trying to extort these companies.

They are giving away the data for free to anyone.

Please take the data and do some damage to Russia, they say.

And, Anonymous says they are not done. Hacking into companies is in their wheelhouse and, I suspect, at least in some cases, they have inside help.

So far the list of publicly announced and dumped for free company hacks from Russia is 11. That doesn’t mean that is all their is – just that this is all that Anonymous has announced so far.

I am pretty confident that there will be more. What we don’t know is how damaging some of these will be. So far, they have not turned off the power or blown up a pipeline – like the Russians have done to Ukraine in the past. But that doesn’t mean that they won’t.

Credit: Hackread

Security News for the Week Ending April 8, 2022

Hackers Hack Russia’s Largest State Owned Media Corporation

Hackers stole 20 years of communications including almost a million emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK). Those emails were published by DDoSecrets. VGTRK runs 5 national TV stations, 5 radio stations and numerous propaganda outlets. The data is available for download as an almost 1 terabyte torrent. The hackers say they did this because of Russia’s attack on Ukraine. This is part of the ongoing cyber war between Ukraine and Russia. Credit: Daily Dot

Apple AirTags Are Useful for Stalking

Motherboard asked dozens of police departments for reports that included Apple Airtags. They received 150 reports that mentioned Airtags. Remember that they asked for reports from something like less than one half of one percent of the departments. In 50 cases women called the police because they were being notified by THEIR iPhones that they were being stalked. Many of these women thought that either former or current intimate partners were to blame. Only one report came from a man. A few of the reports talked about robbery or theft as the potential reason. In any case, Apple has a challenge for which there is no easy fix. Credit: Motherboard

Russia’s Great Firewall has Some Holes in It

Russian citizens are turning to a variety of tools to bypass Russia’s attempt to block citizens from accessing western media. From VPN tools, to Telegram to Cloudflare’s WARP, they are effectively bypassing Russian controls and accessing French, British and U.S. newspapers. Credit: Bleeping Computer

Hotels Are Now Prime Targets for Hackers

As hotels use more tech and create more apps, they have more data for crooks to steal. And, since data is king, the crooks go after it. The Marriott/Starwood hack, back in the old days of 2014, netted the hackers information on a half billion people. With new laws like state privacy laws in the U.S. and GDPR in Europe, the stakes for breaches are just going to get a lot more expensive. Luxury hotels are particular targets as London’s Ritz recently found out. If you have to give information to a hotel, do what you can to minimize it. Credit: Financial Times of London

Government Sponsored Hacks not Limited to Russia-Ukraine

China continues to target India’s power grid, a year after the start of the attack campaign. Security researchers say the purpose right now is to gather intelligence to enable future attacks. They say the attackers would attempt to compromise the grid’s load management system. If it succeeds, it could cause cascading blackouts with no way to stop the dominoes until the country is dark. The FBI says that hundreds of U.S. critical infrastructure companies have been attacked as well, so this is not limited to India. Credit: The Hacker News

Cybersecurity News for the Week Ending April 1, 2022

How Many Times Do I Need to Say – Crypto is Software, Software Has Bugs, Your Money is at Risk

Decentralized Finance platform (DeFi) Revest Finance said that it lost $2 million due to a software bug and, oh yeah, (a) the can’t recover the funds, (b) they do not have the money to cover the losses and(c) they don’t have insurance to cover the hack. Unless we eliminate the software, we cannot eliminate all bugs. Credit: The Record

Russia Faces Internet Outages Due to Equipment Shortages

One of Russia’s tech unions says that Russian ISPs run the risk of Internet outages as the value of the Ruble goes down and foreign companies won’t sell them parts or new equipment. Right now the government is saying that is the Internet providers’ problem, but if it turns into widespread outages, they are likely to change their tune. Credit: Bleeping Computer

Cryptocurrency was Fun While it Lasted

EU Parliament committees have voted to require crypto exchanges to verify the identity of self-hosted wallets, meaning the end of anonymity for crypto transactions. The US Treasury (FinCEN) has also suggested that we do that, but it has not yet appeared in a bill. That means that the bad guys will need to do peer to peer crypto, minus the exchanges to deal in criminal activities. While this is harder than using exchanges, it is far from impossible. Given that the whole purpose (beside speculating) of crypto is to commit fraud, identifying yourself is probably not high on user’s wish lists. Credit: Vice

Senate Asks Companies About Hackers Creating Fake Warrants

Recently I wrote that hackers have figured out the the government’s search warrant process is as secure as, say, a screen door. Now that the facts have been outed and likely even more hackers will use that fact to steal even more data, a couple of Senators have started asked questions. That is a long way from Congress actually doing anything useful about it, but at least it is a start. Don’t expect anything to happen because it is a hard problem to fix. Credit: Brian Krebs

Apple Fixes More Mac, iPhone Zero Days

In case you haven’t noticed, the last 12 months have not been Apple’s friends when it comes to zero-day bugs. This week Apple patched two more that are actively being exploited in the wild and affect iPhones, iPads, iWatches and Macs. The versions you are looking for are iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1 with improved input validation and bounds checking, respectively. Credit: Bleeping Computer

Cybersecurity News for the Week Ending March 18, 2022

Incident and Ransomware Reporting Requirement in Just Passed Spending Bill

President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it is not connected to a covered incident. Critical infrastructure and federal agencies that do not report on time may be subpoenaed. Failure to comply with the subpoena risks contempt of court. Credit: CSO Online and The Record

Germany Warns Against Using Kaspersky Products

Germany’s Office of Information Security is warning users to find alternatives as the antivirus company could be required to spy for Mother Russia. Kaspersky says, of course, that won’t happen. And I believe in the Easter Bunny too. The U.S. government banned Kaspersky’s software in government offices in 2017, but there are plenty of companies that still use it. I agree with Germany. Credit: SC Magazine

Deep Fake Videos Enters Ukraine Invasion

No doubt you have heard about deep fake videos where a video seems to be of someone, usually famous, saying something or doing something that they never did. Often these videos are pornographic in nature, but a new video is part of the Russian invasion of Ukraine. The video is of Ukraine’s President Zelenskyy saying that he was surrendering to Russia. He never said that and he did not surrender. Even so, a lot of people saw the video because the hackers hacked a Ukrainian TV channel and broadcast it. The new world of war. Credit: Metacurity

Hacking is a Business

Just like other modern businesses, the hacking business is optimizing its processes. Google’s Threat Analysis Group exposed a new Initial Access Broker, related to Russian hacking gangs, whom they are calling Exotic Lily. All these folks do is figure out how to break into your organization. They don’t steal anything or do any damage. They do, however, sell that access to the highest bidder and those folks do the crime. Credit: The Hacker News

Russia Jamming GPSS and Satellites, Imperiling Airplanes, etc.

The EU Aviation Safety Agency and CISA say someone is jamming satellite navigation systems in eastern Europe, including parts of Finland, Cyprus, Turkey, Lebanon and Israel, among others. Depending on the situation, a plane that is using the satellite for navigation might go in the wrong direction or fly into a war zone. Planes trying to land could crash into the ground or be forced to land at a different airport. Aviation authorities are telling pilots to make sure that backup navigation tools are working. Credit: Threatpost

Security News for the Week Ending March 11, 2022

Trump is Not Happy About Launch of Twitter-Like Truth Social

Apparently not happy is a bit of an understatement. He has a lot to lose if this is not successful. As part of the SPAC deal with Digital World, he has a lot of shares. If the stock, which is still going up slowly, tanks, he stands to lose a bunch of dough. Many people who downloaded the app said that they could not create accounts or were waitlisted. The reality is that people use social media to stay connected and if you have a choice between Twitter’s billions of users and Truth Social’s thousands of users, the choice is pretty clear. Analysis suggests that it is doing about the same as or worse than Gab and Gettr, which is also a problem. Twitter won because it was the only player. Now you have 3 players all going after the same highly targeted slice of market. At least it has not been hacked (publicly) since it’s launch which is more than Gab and Gettr can say. Credit: MSN

Hackers Targeted US LNG Producers in Run-Up to Ukraine Invasion

In February hacjkers penetrated computers belonging to current and former employees at nearly two dozen major natural gas suppliers including Chevron and Kinder Morgan.

Security firm Rescurity discovered a small group of hackers including one linked to Strontium, nickname for a hacking group inside Russia’s GRU military intelligence.

The wanted to gain and maintain access into the U.S. energy supply so that they could destabilize the world energy market when Russia invaded Ukraine. Unfortunately for Putin, while these early attacks were successful, they were discovered before they could do any significant damage. Credit: Bloomberg Quint

 Google Acquires Mandiant for $5 Billion in Cash

It is nice to be able to write a check for $5 billion.  Mandiant, best known for its breach response and threat intelligence services, is being acquired by Google.  Depending on what Google does with it, that could be good news for Google cloud services users. Mandiant does have its own cloud security products and together, if Google doesn’t do anything stupid, it will give Mandiant access to a lot of capital.  Credit: CSO Online

Alexa, Go Hack Yourself

The good news is that Amazon patched this feature after researchers demonstrated that they could get an Alexa to unlock your door, set your microwave to run with nothing in it, possibly causing a fire and other cute stuff. The attack is very simple, so it is good that it has been patched now. Aren’t you glad that you don’t have any smart devices in your house? Credit: Ars Technica

Chinese Use Herd Management App to Hack State Networks

Mandiant says that the Chinese hackers APT41 AKA Barium used a bug in an app that many state governments use to track animal diseases in livestock herds called USAHERDS. Mandiant warned the developer of the high severity bug and they have patched it. In the meantime, Mandiant thinks the Chinese have successfully hacked at least 6 state government networks. Maybe as many as 18 states. Think about that before you install that next app. Credit: Wired