Tag Archives: Amber alert

Security News for the Week Ending June 14, 2019

SandboxEscaper Releases Yet Another Windows Zero-Day

SandboxEscaper has it in for Microsoft.  He or she has released over a half dozen zero-days including four of them just a couple of weeks ago.  He or she has put Microsoft behind the power curve multiple times and now he or she is doing it again.

This time SandboxEscaper has figured out how to exploit the patched version of one of the previous exploits.  This exploit can be triggered silently with no obvious warning to the user.  There is no patch available for it yet. Source: The Hacker News.

If history is any example, this is probably not the last time we will hear from SandboxEscaper.

 

License Plate Pictures Taken by CBP Cameras Available on the Dark Web

As reported last month but not confirmed by Customs and Border Protection until this week, an unnamed vendor of license plate readers to CBP and others was hacked and hundreds of gigabytes of data stolen.

Included in that data was thousands of photos of license plates captured at the US border and travelers at US Airports and they are available on the dark web.

The government (no surprise) has a poor vendor cyber risk management program.  The vendor, widely believed to be Perceptics, although the government is shielding it for some unknown reason,  copied data from the government’s computers  to their own.  After this, the vendor was hacked and hundreds of gigabytes of data stolen.  Source:  The Register.

 

A Year Later, U.S. Government Websites Are Still Redirecting to Hardcore Porn

Dozens of U.S. government websites appear to contain a flaw enabling anyone to generate URLs with their domain names that redirect visitors to porn sites.

Gizmodo reported this a year ago and it is still not fixed,  Actually a few sites were fixed and a few more added to the broken list.

Users were being redirected from government sites to sites with names like” Two Hot Russians Love Animal Porn”.  One site infected was the Department of Justice’s Amber Alert site.  To be clear, the government is not running porn sites.

And these are folks that we are relying to to protect our cyber universe.  Source: Gizmodo.

 

Philly Courts Still Down After Cyber-Attack Last Month

Another day, another city.  In this case, it was the court system in Philadelphia was hit by a cyber-attack.

After the attack, e-filing, docketing and email systems were taken down and now there are still problems.

So far, the courts have released very little information – not even the name of the firm that they hired to fix their mess.  Likely, that will come out later.

Suffice it to say, with each of these attacks, it becomes more and more important to evaluate YOUR disaster recovery system.  Can you afford to be down for weeks in case you suffer an attack?  Source: Infosecurity Magazine.

FBI and DHS Issue Amber Alert To Nuke Plant Operators

Homeland Security and the FBI issued a joint warning about malware attacks targeting U.S. nuclear plants.  The malware has been operating since May.

The Amber Alert, the second highest alert level that DHS issues said that the attacks, for the moment are targeting employees’ personal computers as opposed to the isolated network that actually controls the nuke plants.

For now.

The FBI has not publicly identified the malware that is attacking the nuclear plants, but they have said that it is spear phishing based.

They said that there is no evidence that information on plant operations was exposed.  No evidence is different than information was not exposed.

In theory, there is an “air gap” at nuclear plants between the administrative network (where engineers and others work) and the operational network (that actually controls the operations of the plant).

That is a great concept.

Unfortunately, like many concepts, it has some basis in truth.  Some means a LIMITED basis.

For example, many nuke plants pass data from the administrative network to the operational network using flash drives.  That, for all intents, removes the isolation between the administrative and operational networks.  That is, in fact, how Stuxnet destroyed the Iranian nuclear centrifuges.  There is no reason that concept would not work in the U.S.

While DHS is not attributing the attacks for the moment, other sources are saying that the attacks look a lot like the attacks that the Russians have conducted over the last five years, so you figure it out.

And let’s not forget that President Trump suggested that we partner with the Ruskies to improve cyber security.  That was before he faced an absolute unified attack from the left, right and center saying that such a partnership would be absolutely catastrophic.

DHS has said that these attacks are ongoing and are part of a much broader attack on the energy sector.

The concern is, of course, that one of these attacks could be successful.  That would be pretty scary anywhere in the energy sector from the oil field to electric distribution to nuclear generation.

Information for this post came from Ars Technica.