Category Archives: News Bites

Short news items

Security News for the Week Ending January 22, 2021

Parler Finds A New Home With Russian Hosting Provider in Belize

“Hello world, is this thing on? With that message Parler’s website is back online. Well at least a one page website is back online. The site is being hosted by Russian-owned DDoS-Guard, a company that apparently also hosts ISIS web sites. Whether the folks who invaded the Capitol earlier this month are going to be willing to post their content on a Russian hosted server is not clear. It is unlikely that their hosting provider would respond to a US subpoena, but whether they would steal the posts for their own purpose is a different question. Credit: Cybernews

Capitol Terrorist Who (Allegedly) Planned to Sell Pelosi’s Laptop to Russian Intelligence Arrested

The amazing amount of video footage from the storming of the Capitol is really making the cops’ lives a lot easier. Riley June Williams, 22, from Pennsylvania, was outed by her former boyfriend. She videoed herself committing the felony and then shared that video. She has now been arrested. She has not been charged with espionage, yet. After the events of January 6th, she changed her phone number, deleted her social media accounts and fled. Her public defender wants her released but the feds say that she is a flight risk. Given she disappeared even before she was charged, that doesn’t seem unreasonable. Credit: WaPo

Parler Data Is Available for Download

If you want to be an amateur detective and you have 70 terabytes or so of free disk space on your computer, you too, can download the data that was scraped from the site during its last few hours of its existence. It is chunked down to 4GB chunks and more of it is being uploaded in real time. This will be examined and reexamined for a long time. Details can be found here.

Malware Bytes Joins Club of Those Hacked by SolarWinds Hacking Team

Malware Bytes joins the long and getting longer list of those folks sucked in by the Solar Winds attackers. In their case, they did not use Solar Winds but were compromised by other techniques used by the Solar Winds attackers. They said the damage was minor and limited to some of their emails. Credit: Cyber News

Trump Pardons Google Engineer Who Stole Self Driving Car Trade Secrets and Took Them to Uber

Anthony Levandowski, the Google Engineer who went to work for Uber’s self driving car division, was pardoned by Trump after being sentenced to 18 months for his theft. I am not sure if the pardon relieves him of the obligation to pay Google the $179 million fine, but it probably does. He took 141,000 files with him and likely advanced Uber’s progress by years. Google settled it’s lawsuit against Waymo in 2018 and paid a multi-hundred-million dollar fine. Curiously, Google is an investor in Uber, so they probably don’t want to hurt them too much. Credit: Cyber News

Breaches Down; Record Count Up

According to Risk Based Security, the NUMBER of breaches reported fell 48% in 2020 compared to 2019, but the number of records exposed was UP by 141% to an amazing 37 BILLION records. We don’t believe that the number of breaches was actually down; likely it is just that a lot of breaches are not being reported. Part of it may be that with other important events like the election and Covid, the media is not covering breaches. In addition, we are seeing some really large breaches. Hacking group Shiny Hunters disclosed 129 million hacked records in just five weeks. Credit: Tech Republic

Security News for the Week Ending January 15, 2021

US Bulk Energy Providers Must Report Attempted Breaches

The Solar Winds attack, from what little we know about it, was bad enough, but what if it was Russia’s trial run for taking down the power grid like they did in Ukraine or taking out the water supply or gas supply? NERC, the electric utility regulator, released CIP -008-6 which requires relevant bulk power providers to report attempted hacks in addition to successful ones.

All cybersecurity incidents, whether actual compromises or attempts to comprise, have to be reported to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), now known as National Cybersecurity and Communications Integration Center (NCCIC), as well as the Electricity Information Sharing and Analysis Center (E-ISAC). Unfortunately, the feds have not clearly defined what an attempt is. Credit: CSO Online

Researchers Say Bitcoin Hacks in 2020 Netted $3.78 Billion

In fairness, that is at today’s Bitcoin value, but lets say it is only $2 billion. Does that make you feel better? The most lucrative target was individual Bitcoin wallets, but hackers went after exchanges and apps too. Credit: ZDNet

FAA Changes Rules on Mask Wearing on Airplanes

Up until today, if passengers would not follow flight crew’s instructions to wear masks and were unruly, threatened or intimidated flight crews, the FAA tried to counsel them or hit them with civil fines. Now they have changed the rules and anyone who does that will be charged with interfering with a flight crew, which caries the penalty of up to 20 years in prison and a $35,000 fine. Or both. Ouch. Credit: Vice

Apple Changes Rules That Exempted Themselves from Security Rules

In MacOS 11 Apple created a rule that exempted 53 of its own apps from having to go through the Mac’s firewall. After all, Apple does know best. Apple claimed the exemption was temporary. Why? Because Apple made some changes in MacOS and they didn’t have time to iron out all the bugs in their apps before they shipped the software. That’s comforting. Once 11.2 ships, Apple’s apps will no longer be exempted. Oh, by the way, they forgot to tell their users that they were exempting their buggy apps from the firewall. Because? Don’t know. Probably would not be good PR. Credit: ZDNet

Signal Messaging App Creaking Under The Load

Years ago Facebook bought the privacy oriented messaging app WhatsApp which has become very popular. Last month Facebook created new terms which require users to allow Facebook to mine your WhatsApp data which is sort of unpopular with people who signed up for a privacy oriented app. Under the covers, WhatsApp is really just Signal, Moxie Marlinspike’s privacy oriented messaging app with some lipstick on it. As a result of Facebook’s not understanding that users would be displeased with the change to their terms of service, apparently tens of millions of people are moving from WhatsApp to Signal. Combine that with the shutdown of Parler, and Signal, which is a non-profit, is having trouble managing the load. Last week Elon Musk told his 40+ million followers to use Signal. It is likely that they will get things sorted out but any time a company gets 25-50 million new customers all at once, while it is a good problem, it is a problem. Stay tuned. Credit: The Register

Security News for the Week Ending January 8, 2021

Britain Says Assange Cannot be Extradited

Julian Assange, a long time thorn in the backside of some folks in the US government, cannot be extradited to the US, a British court says. The court said that while he probably can get a fair trial in the US, the court system in the US is unlikely stop him from committing suicide (a la Jeffrey Epstein, another very high profile prisoner). The US is expected to appeal. Credit: Cybernews

Covid Stimulus Bill and UFOs

The first question is why? and the answer is Congress? Buried deep in the Covid stimulus bill is Intelligence Authorization Act which mandates the Pentagon release a report on its UFO task force report. Stay tuned. Credit: Vice

New York Stock Exchange Changes Mind About Delisting Chinese Stocks

After the NYSE said it was going to delist 3 Chinese telecom stocks because the President said they were tied to the Chinese government/military, they suddenly changed their mind. They said that they made the decision after consulting with their regulators. Not sure what this means in the long term, but it might mean that the DoJ thinks the President is on shaky ground legally in doing that and rather than get sued, they are going to let it play out in the courts. Credit: Cybernews

Right after this happened the exchange got a call from Secretary Mnuchin and, apparently he changed their mind. Again. So now they do plan to delist these stocks. Until they change their mind again. This is really a symbolic move since only about 2% of their shares go though the NYSE. Credit: ZDNet

Hackers Use Fake Trump Scandal Video to Load Malware

Want to see a (purported) Trump sex scandal video? Well ignoring your thoughts on the subject, the email is just click bait. If you fall for the bait and click, the malware will install a Remote Access Trojan or RAT on your computer, allowing the hacker to connect to your computer and rummage through (and steal) all your stuff. They could, in addition, deposit some ransomware when they are done, so no matter how curious you might be, don’t click. Credit: Hacker News

Nissan Seems to Have Lost Control of their Source Code

A car is not only a vehicle these days, but also a computer on wheels. More accurately, probably a hundred computers on wheels, plus a bunch of server software plus some mobile apps plus. You get the idea. So one might expect that you would protect that. Nissan did; with Userid:admin and Password:admin. A bit of a problem and it may even be difficult for Nissan to sue because they didn’t take reasonable care. Credit: SC Magazine

Security News for the Week Ending Jan 1, 2021

Happy New Year. May 2021 be more sane than 2020.

Microsoft Says Goal of Solar Winds Attack Was Your Cloud Data

Microsoft says that the objective of the Solar Winds Hackers was to get into a number of organizations and then pick and choose which ones to attack, leaving the back door in place at the others for future operations. One way to do that was to generate SAML login tokens from inside the network and then use those tokens to gain access to cloud resources, including, but not limited to email. The article also provides more information on how to detect if the hackers did compromise your cloud resources. Credit: Bleeping Computer

“Swatting” Moves to the Next Level

Swatting, the practice of calling in a fake 911 call so that SWAT teams are deployed to the victim’s location based on, say, a fake kidnapping, are moving to the next level. As if having the police show up unexpected with lots of guns and breaking down your door isn’t bad enough, now the perpetrators are taking advantage of the fact that people choose crappy passwords and are watching and listening to the police assault on the victim’s own smart devices. On occasion, the situation becomes deadly when the police, not really knowing what to believe, shoot the victim. On rare occasions, the swatters, as they are called, are caught and prosecuted. Credit: Bleeping Computer

I Think The Wasabi Got a Little Too Hot

Wasabi, the cloud storage competitor to Amazon S3 that claims that it is significantly cheaper than Amazon and 99.999999999% reliable just got a little less reliable. Their domain registrar notified them of some malware hosted on one of their domains. Only they sent the email to the wrong email address. The registrar, following normal procedures, suspended their domain for not responding to an email they never got, knocking many of their customers offline.

After Wasabi discovered they had been DDoSed by their domain registrar, they suspended the offending customer and asked to get their domain back. That process took over 13 hours. Are you ready for this kind of attack from your suppliers?

That attack probably knocked several of those 9’s off their reliability, depending on how the mess with the data.

Credit: Bleeping Computer

Solar Winds Troubles Are Not Over

A second piece of malware called SUPERNOVA and a zero-day vulnerability that it exploited makes it look like there may have been a second attack against Solar Winds. This appears to be a separate attack from the Russian attack. The attack vector is different too – this is not an attack against Solar Winds code base. This spells additional trouble for Solar Winds. Credit: Security Week

Security News for the Week Ending December 18, 2020

Data from employment firm Automation Personnel Services Leaked

Automation Personnel Services, a provider of temporary employment services, found 440 gigabytes of their data leaked on the dark web. The poster says that it includes payroll, accounting and legal documents.

The data was leaked because the company refused to pay the ransom.

When asked if the data was genuine, the company only said that they are working with forensics firms and are improving their security. Credit: Cybernews

Are Hospitals Protecting Your Data?

The Register is reporting that two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all.

To make matters worse, apparently hackers had been there before the researchers and left all kinds of malware behind. Will anyone get in trouble over this? Probably not. Credit: The Register

Ya Know Those Smart TVs? Maybe Not So Smart to Use?

Ponder this. Most TVs are made in China. Smart TVs connect to the Internet. There is Internet in China. China makes the chips that go into those TVs. And the software that goes into those chips. The executives for at least some of those companies have a documented connection to the Chinese government and/or military. China might be very interested in hearing what goes on in everyone’s living room. And bedroom. Including your kids’ bedroom. Some smart TVs have cameras in addition to microphones. Connect the dots; I am not allowed to. Credit: US Department of Homeland Security

Ransomware Attacks on the Rise and Insurers React

As ransomware attacks increased this year – both in terms of cost and severity, insurers are becoming more selective and some are scaling back their coverage. Total costs of ransom payments doubled between 1H2019 and 1H2020, but that might change going forward now that the feds are threatening to throw people in jail if they pay ransoms to terrorists. This means that some premiums are going up and some carriers are even getting out of the cyber risk insurance business. Credit: Reuters

Security News for the Week Ending December 11, 2020

Researchers Hack Apple Successfully

Between July and October, good-guy hackers worked on a side project to hack Apple. The results were impressive – if you are not Apple. 55 vulnerabilities found, 11 critical and 29 high. Apple paid the team a bug bounty of $288,000. The compromise would have exposed a lot of Apple’s internal systems and data. Several of the reported bugs were fixed by Apple in hours. Credit: Sam Curry

Hackers offer 250,000 MySQL Databases For Sale on the Dark Web

A hacker set up a dark web site to offer 250,000 MySQL databases stolen from 83,000 breached servers. He wants 0.03 Bitcoin for each database (about $500). The data comes from brute force attacks that resulted in the hacker stealing the data and then deleting off the victim’s server, just leaving a ransom note. Credit: bleepingcomputer.com

Now That Google has Won the Browser War, they Are Working to Kill Off Privacy

Now that all major browsers are based on Chromium, except for Firefox, Google doesn’t have to worry about competition. Google currently allows browser extensions to do way too many things, many of which are dangerous. As a result, they are redesigning the interface that extensions use, called Manifest, which, in concept, is not a bad idea. Purely coincidentally, these changes kill the ad blockers in all Chromium based browsers. Pure coincidence. It has nothing to do with the fact that Google makes most of its money selling ads. There is one ad blocker that will continue to work, Adblock Plus. Adblock Plus is paid by Google to allow their ads to pass freely through their ad blocker. Credit: The Register

Deadline for Sale of TikTok Passed and. Nothing

Trump issued an executive order months ago requiring the sale of TikTok or it would be shut down in the United States. But politics makes people make strange choices. Politicians do not relish ticking off 100 million voters by shutting down their entertainment during a pandemic, so they have kept moving the goal posts. But after moving the “deadline” time after time with no results to show, they just let the last deadline pass. Of course that doesn’t mean this is over, but it does question the government’s intentions. Credit: MSN