Category Archives: News Bites

Short news items

Security News for the Week Ending June 10, 2022

Anonymous Seems to be doing Better Against Russia than Past Efforts

Anonymous, the hacking collective, historically has made claims about how effective they are that have not panned out. However, against Russia, they seem to be pretty effective. Whether that means that they are more focused now or instead, that Russia’s defenses are not very good, I don’t know. This week they have leaked a terabyte of data from Russian law firm RKPLaw. This comes just days after they leaked hundreds of gigabytes of data from Russia’s largest media holdings, Vyberi Radio. Note that they are not holding the data hostage; this is about hurting Russia. Credit: Hackread

FTC Regulates by Blog Post

The FTC recently posted a notice on their blog that companies who do not report breaches appropriately – timely, not fully truthful, etc. – are subject to being prosecuted under Section 5 of the FTC Act. This has historically been used to go after fraud. In fact, section 5 covers fraudulent and deceptive practices. So, now you another regulator who may come after you if you attempt to cover up a breach, like Uber did, and the FTC feels your actions could, possibly, harm consumers. Credit: Ballard Spahr

New Jersey School District Cancelled Finals after Ransomware Attack

Here is the downside of the cloud. Tenafly Public Schools in Bergen county cancelled finals as the attempt to wrestle a ransomware attack to the ground. The have called in experts to help them, but all of that takes time. The school district uses Google Classroom and other cloud based systems, all of which went offline as a result of shutting down the district’s networks and servers. The district has not said what they plan to do about graduating seniors. Credit: The Record

8 zero-day Vulnerabilities Patched in Carrier’s Industrial Control System

Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched, according to security researchers from Trellix who discovered the issues. Carrier argues these are not true zero-days because they are not actively being exploited, but now that they are public, that will change. These Carrier LenelS2 control systems are used by a wide range of industries from education to the federal government. Many will likely never be patched, much to hackers’ delight. Some of the bugs would give hackers root system access. Credit: The Record

DoJ Announces Plan to Improve Cybersecurity – In Line With the Requirements of the EO on Cybersecurity and after being Hacked Multiple Times

I’d like to give them credit for doing this, but the reality is that their current cybersecurity is not up to par and they are just doing what is required of them under the EO on cybersecurity. At least they are doing something. Credit: Daily Swig

Security News for the Week Ending June 3, 2022

FBI Warns US Colleges of Widespread VPN Credential Leaks – On Russian Crime Forums

Here’s a shocker. Cybersecurity practices at US colleges and universities are not so good. According to an FBI PIN (Color WHITE, general distribution), Russian cybercrime forums are offering network and VPN credentials for sale for many US higher education institutions, some of which even include screenshots as proof of access. Likely there are credentials for US businesses available too. Credit: FBI

Unpatched Critical Flaw in Confluence Under Attack

Atlasian, maker of Confluence and other software development tools, says that users (this is only for locally installed instances of Confluence) should shut it off (and totally screw up their work flow) or block it from the Internet (less disruptive). There is no fix or a timeline for a fix. Atlassian rates the bug as critical and it is an UNAUTHENTICATED, REMOTE CODE EXECUTION vulnerability. Credit: Atlassian

Chinese Phone Chips Could DDoS All Nearby Phones

I don’t think this is intentional, but it works none the less. A flaw in the firmware for the radio chip used in millions of phones could be used to remotely attack those devices. The bug can be exploited by sending a specifically designed packet to the radio receiver of the phone, crashing the phone. This is not the first time UNISOC has been in bug trouble, including 3 months ago and last December. Hopefully, your carrier will release the patch to your phone. Credit: The Register

FBI is Laser Focused on Thwarting Russian Cyber Operations

FBI Director Wray this week said they are focused on thwarting Russian cyber attacks. Wray said, at a speech in Boston, that Russia has taken steps to launch destructive attacks. He said that Russia has gained access to thousands of companies, including critical infrastructure. Hopefully they are notifying those companies, but there are probably many that they don’t have eyes on. Credit: The Record

Security News for the Week Ending May 27, 2022

Yet Another Russian Military “Asset” Catches Fire

Russian jet engine design hub Central Aerohydrodynamic Institute which is outside Moscow, did a “halt and catch fire” due to a fire at the electrical substation which powered the former design center. Score one for Ukraine, according to Russia. Russia claims it is the world’s largest scientific research center or at least was. It is assisting in the development of next generation jet aircraft. Judging by the photo, it doesn’t look like much survived. Credit: U K Daily Mail

 Central Aerohydrodynamic Institute in Zhukovsky

GM Hit By Credential Stuffing Attack

GM Sent letters to owners of some GM vehicles saying that it appeared that someone redeemed points in their accounts for gift cards, but GM was restoring the points. They say that GM’s systems were not compromised, rather customers reused passwords that were compromised elsewhere, allowing attackers to walk right in and steal the customer’s data. In those cases, GM is not required to make the customer whole, but for PR reasons, it probably makes sense to do that. Credit: Bleeping Computer

Quad Nations Pledge More Collaboration on Cybersecurity Plus

Part of China’s worst nightmare, the leaders of the Quad – Australia, India, Japan and the US – agreed to strengthen collaboration on emerging technologies and cybersecurity with an unspoken subplot of neutralizing China. A few years ago China thought the Quad was a passing fad. With global politics what it is, that turned out to be a miscalculation, one that China is not happy with. Credit: The Register

More and More Ransomware Moves to Extortion

As companies are doing a better job of backups, ransomware isn’t paying as much to get the decryption key. HOWEVER, more ransomware organizations are either selling the stolen data (the Verizon data breach report says that most ransomware attacks now include stealing your data), or extorting the victim by threatening to sell it. If that fails, they just leak the data. The Conti gang leaked all of the data stolen during a January ransomware attack against Linn County Oregon after officials decided not to pay the ransom. They said their backups were good enough and the data stolen wasn’t that sensitive. That will not be the case all of the time. Credit: The Record

CISA Adds 75 More Actively Exploited Bugs to its MUST PATCH List

CISA seems to be pretty serious regarding getting the patching cadence of federal systems up to snuff. This week they added 3 batches of bugs to patch. The first batch included 21 bugs; the second batch included 20 and the third included 34. Some of these bugs are old, including products that are past their expiration date like Microsoft Silverlight and Adobe Flash, but we still see them on systems on a regular basis. Credit: ZDnet

Security News for the Week Ending May 20, 2022

Flaw in uClibc Allows DNS Poisoning Attacks

A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in millions of Internet of Things devices that will never be patched and will always be vulnerable. This is where Software Bill of Materials is kind of handy. Credit: ThreatPost

Cyberattack on Hawaii Undersea Cable Thwarted

Homeland Security Thwarted an attempted hack of an under-ocean cable that connects Hawaii with other parts of the Pacific region. While Homeland is not releasing any details of the attempted attack, if the attack shut down traffic, that would be really bad for the region. Just one cable, for example, the Hawaiki Transpacific Cable, runs for 15,000 KM and has a capacity of 67 Terabits per second. Credit: Star Advisor

Will the Mickey Mouse Protection Law Go Up in Flames

Full disclosure: I have never been a fan of this law, so if it goes away, it won’t bother me. As some Republicans try to hurt Disney (trying to abolish the Reedy Creek special district, for example), Senator Hawley (R-Mo) introduced legislation to roll back the insane copyright “terms” that companies have used to make money off characters created a century ago. The downside of Hawley’s move is that it likely will anger a lot of people who make money off that 120 year copyright term and they might choose to make donations to the other team to get even. Given that Washington runs on “contributions” and those donors are likely going to explain that fact, I would say the odds of this passing are not great, but who knows. Credit: MSN

Feds Write Memo That Says They Pinky Promise Not to Charge Security Researchers Under CFAA

Sometimes I probably come across as cynical. That is because I am. While it is great that finally the DoJ wrote a memo that says that they are not going to charge security researchers for finding security holes, that memo only has just a little bit more weight of law than if I wrote that memo. There is nothing binding on the DoJ. Still, I guess, it is better than nothing. Credit: The Daily Swig

Sanctions Have Some Effect on Russia’s Tech Sector

Since Russia can no long buy AMD and Intel processors, they had to find an alternative. The solution seems to be a KaiXian KX6640MA. This is an Intel compatible chip, but it is a bit slow. One CPU Benchmark reported that a 4 core, 4 thread chip scored 1,566 points on the CPU benchmark. By comparison, an Intel Core i3, which is the slowest of the current Intel family, scored 14,427. Not exactly a match and for anything that is time critical, that is a problem. Guess how you would feel if someone replaced your computer with one that was 1/10th as fast. Credit: PC Magazine

Security News for the Week Ending May 13, 2022

Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years

Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies compromised include some of the largest companies in North America, Europe and Asia. These attacks go back to at least 2019 and they have stolen intellectual property, R&D, diagrams of fighter jets, helicopters, missiles and more. Credit: The Record

Spain’s Spy Chief Fired After News She Hacked Spanish Politicians

I guess they don’t like it when you use the laws they created against them. It doesn’t appear that she did anything illegal. Got a court order and everything. But, it was them she was spying against. The other problem she had was that there were dozens of other government officials who were also spied on, but it is not clear by whom. That includes the PM and Defense Minister. Their phones were declared spyware-free – but were not. Credit: Security Week

EU Proposes to Kill Child Abuse by Killing Privacy

The challenge of curbing kiddie porn, sometimes referred to by the more polite term child sexual abuse material (CSAM), is hard. End-to-end encryption makes that even harder. One current EU proposal would require companies to scan all communications, meaning that end-to-end encryption would be banned. It won’t technically be banned, it would just be impossible to allow and comply with the proposed regulations. The stupid pedophiles might be caught by this, but the smart ones would just encrypt the material before it is uploaded or use other methods. If we have learned one thing over the years is that bad guys adapt much more quickly than the law does. Of course, that material might stand out, but if they intentionally create a lot of chaff to hide what they are doing, it might not. A Botnet could create terabytes of encrypted garbage in no time, making the carriers’ job impossible. It also requires that providers read the text of every message and email, looking for signs of prohibited content. Credit: The Register

Colorado’s CBI Warns of Fraudulent Real Estate Transactions

My guess is that this is not limited to Colorado and this is not really a new scam, but the CBI says it is quickly ramping up. The scam is that a supposed out-of-state seller wants to sell a property, either with a house or vacant land, that currently doesn’t have a mortgage. The fraudster impersonates the owner looking for a buyer that wants a quick close. The whole transaction is being done remotely by mail with a fraudulent deed. Do your due diligence whether you are an agent or a buyer. Credit: CBI and Land Title Association

Mandiant Says Hackers Are Dwelling Inside for Fewer Days

Security firm Mandiant (soon to be part of Google) says that the number of days that hackers are lurking inside your systems continues to decrease. The time now stands at just 21 days. This is likely because hackers are worried about being detected before they can detonate their attack as companies and governments get more serious about fighting crime. That means you don’t have as much time to detect the bad actors. Are you prepared? Credit: Data Breach Today

Security News for the Week Ending April 29, 2022

Sungard Files for Chapter 11 Bankruptcy Protection – Again

Sungard, the king of disaster recovery and business continuity needs to figure out a new business. They previously filed for Chapter 11 in 2019 and shed $800 million in debt, but they have a fundamental problem. As businesses move from private data centers to the cloud and from offices to work-from-home, they just don’t need Sungard anymore. And, likely never will. They REALLY need to reinvent themselves. Credit: Tech Target

Any Sign of the Supply Chain Returning to ‘Normal’?

One of the lists I am on asked this question and the answer seems to still be no time soon. High end network and server gear still is between 6-12 months or ‘unknown’ out. Manufacturers are reducing their chip and system product range to focus limited supply on the more important products and some customers are getting priority based on performance penalties in long term contracts. The NY Times has an extensive piece on all of the problems, none of which are easy to fix in the short term. Credit: NY Times

AWS Locks Up NSA Cloud Deal

Years ago Amazon (AWS) locked up a deal worth up to $10 billion to provide a secure, classified cloud to the CIA. That was before the days of contract protests over the cloud. Years later, the DoD tried the same thing, called JEDI. It died due to contract protests. DoD is still trying to build a classified cloud, now called JWCC. However, now the NSA has joined the CIA and awarded AWS a $10 billion contract to build them a classified cloud. The rest of the DoD is still waiting. Credit: Meritalk

Brazil Senate Passes Bill to Regulate Cryptocurrency

The Brazilian Senate has passed a bill that regulates the cryptocurrency market in an effort to protect consumers. Crypto exchanges would fall under the regulation of Brazil’s Central Bank. As one of the leaders in the crypto market, Brazil is also set to release a cryptocurrency pegged to the real, Brazil’s currency. It is not clear to me what the value of any cryptocurrency pegged to any country’s currency, but the good news (bad news?) is that since it is based on software, all of these new cryptocurrencies will likely be hacked and the hackers will make billions. At least someone will get rich. Credit: ZDNet

China, Russia and India Do Not Agree Not to Undermine Future Elections Using Misinformation

The United States, European Union, United Kingdom and 32 other nations have committed to not interfere with future elections by running online misinformation campaigns or illegally spying on people. On the other hand, Russia, China and India, unlike these 60 other countries, did not agree to the declaration. Not really a big surprise. Credit: ZDNet