Tag Archives: Atlanta

News Bites for Friday June 8, 2018

One Vendor, Two Unprotected Servers Equal Disaster

Agilisium, a cloud storage vendor to Universal Music Group, exposed UMG’s internal FTP credentials, AWS Secret Keys and Passwords and the internal and SQL root password to the open internet – all via two instances of the Apache Airflow server with no password.

Your Vendor Cyber Risk Management Program (VCRM) manager needs to work with all vendors, especially those who are high risk, to make sure their cyber security program matches your risk, because you are the one who is going to take the heat (Source: Threatpost).

Online Ticket Service TicketFly Hacked, Shuts Down As a Precaution

Online Ticket Service TicketFly and some of the venues that it provides service for shutdown last week after it was hacked.  It came back up briefly but is down again today, June 4.  Concert venues that use TicketFly have had to delay ticket sales and concert goers that did not print out paper tickets for concerts going on during the outage will have to wait on line at the ticket office of the venue and hope they can get them tickets.  Ultimately, if that fails AND they paid for their ticket with a credit card, they will get their money back under federal law.  If they had to fly to the venue and didn’t get in, well that may be a different story.  The dangers of an always online world that is not always online.  Eventbrite bought TicketFly last year for $200 million (Source: CBS).

Stingrays in Use Near the White House

It has long been suspected that the Ruskies (or Chinese. Or both) have been using cell site simulators near sensitive areas to capture information.  When Sen. Wyden whined about it, DHS said that it wasn’t in the budget for them to protect the White House or Congress from those pesky Ruskies.  Well after they were sufficiently embarrassed, they did a small pilot and, well, it is true.  And, on top of it, the bad guys are hacking the public phone networks control system, called SS7, written in the 1980s, and which has very little security in it.  Fixing SS7 is a major world wide undertaking, would cost billions and take decades to fix.  So DHS still says that they don’t have money to fix it, but we do know that, along with hacking the elections, the Ruskies are hacking our phones.  (Source: The Register).

What Did Atlanta Lose?

When Atlanta got hit by a ransomware attack, they seemed to downplay the impact, but now they are telling a different story.  The city has spent $5 million in the aftermath of the attack, both to recover and to improve security, but it is not all sunshine.

The did lose years’ worth of police dashcam footage – never to be recovered.  If that was important evidence in a case, the case may need to be dismissed.  It did not affect body cam video, however.  What other files will be discovered to have been lost – that we will need to wait to find out (Source: We Live Security).

Facebooktwitterredditlinkedinmailby feather

Friday News

Intel will NOT be patching all of its flawed chips

After saying, for months, that it would release firmware updates to all chipsets produced in the last 5 years, Intel is now backtracking saying that it won’t produce patches for the Bloomfield line, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, the Wolfdale line, and the Yorkfield line.  There were several reasons, number one being that it was too hard (read:impossible) given the architecture of those chips.  (Source: The Verge).

Microsoft Patch Tuesday Patches at Least 65 Vulnerabilities

From one perspective, given the breadth of Microsoft’s empire, releasing 65 SECURITY patches a month is not unreasonable.  On the other hand, given that they have been doing this for years, that is thousands of security flaws, which is a bit mind blowing.  This month’s patches affect Internet Explorer and Edge, Office, one more time, the Microsoft Malware Protection Engine, Visual Studio and Microsoft Azure.

A patch for the Malware Protection Engine (MPE) bug was release in an out-of-band patch last week because it affects all of Microsoft’s anti-malware products such as Windows Defender and Security Essentials.  This is at least 3 emergency patches to the MPE in recent months.

Corporate IT usually has patching handled, but when it comes to home users, things are a bit more spotty, so make sure that you install these patches (Source: Krebs On Security).

Identity thieves going after CPAs

If the IRS is warning tax preparers to “step up” their cybersecurity game, it must be bad. Brian Krebs details the story of a tax preparer who allowed his system to become compromised with a not very sophisticated keystroke logger.  The result was that his client’s data was hacked and false returns filed.  When the client’s real returns were rejected by the IRS, the CPA provided form letters to his clients to file with the IRS saying that they were the victim of identity theft but not saying that it was the accountant who was responsible.  No doubt the clients were left with the bill to client up their CPA’s mess on top of it all.

If you use a tax preparer, you should be asking questions about their cybersecurity practices and if he or she says not to worry, you should start worrying.  Or looking for a more astute CPA (Source: Brian Krebs).

Atlanta, Colorado spending millions after ransomware attack

Atlanta has spent over $2 million mitigating the ransomware attack which started on March 12.  The attackers asked for $50,000 which likely would have been covered by insurance.  The costs are for Secureworks, Ernst and Young and others.  If these costs are to upgrade inftrastructure, the insurance would not cover that.

The Colorado Department of Transportation (CDOT) has spent $1.5 million since their ransomware attack in February.  CDOT is still not fully operating yet.

Stories are that Atlanta’s IT was on life support due to lack of funding prior to the attack.  Assuming some of those millions are being spent on upgrading the infrastructure, maybe the attack has a silver lining.  (Source: SC Magazine).

Facebooktwitterredditlinkedinmailby feather

Friday News

ATLANTA HIT BY RANSOMWARE ATTACK

Atlanta, GA is the most recent city to get hit by a ransomware attack – on Thursday, March 22.  Cities seem to be a hot target, likely because they are big, public and behind the private sector when it comes to IT and cyber security (One of Atlanta’s Councilman said “As daunting as the city of Atlanta’s apparatus may seem, we’re still limited by the amount of resources we have to defend our systems,”.   Atlanta’s mayor “compared the city’s network to a decade-old pickup she drove until it was wrecked”.).   Atlanta’s mayor said to expect a “massive inconvenience”.  The attacker is asking for $50,000 and they are considering it.  One piece of good news:  the city does have cyber insurance, so the taxpayers won’t be footing the entire bill to put Humpty-Dumpty back together again.

The local CBS affiliate said that the city was warned months ago that IT was in critical condition on life support, but doesn’t have the resources to recover.  (Source: Atlanta Journal Constitution).

TLS 1.3 APPROVED BY IETF

After FOUR YEARS and TWENTY EIGHT drafts, the Internet Engineering Task Force, the group of geeks that control the Internet’s protocols, have approved TLS 1.3.  While to the average user, that doesn’t mean anything, to the geeks in the room it means that HTTPS will be a little bit more secure – a lot bit more secure than some HTTPS traffic – and a little bit faster.  While it will take some time for traffic to move to this new version, it will and it will likely do it faster than the move to 1.2 was.  An effort to build in a back door to security for the convenience of network managers – and also spies and hackers – was beat down and not added to the spec.  Score one for you and me.  (Source: The Register).

The New York Times is reporting that the FBI is working with a team of security experts to attempt to craft a back door to encryption on mobile devices – the so called going dark problem.  The team, headed up by a professor at MIT, is testing out different possibilities, although the FBI says that it is not ready to ask Congress for legislation.  Yet.  At least, this time, they are working with security experts, which likely would yield a better solution than anything that politicians invent.  Still, there are problems.  First, is it really possible to keep a back door secret?  Can they get Congress, over the massive distrust on all sides of the conversation, to agree to such a law?  How do they get application developers, based in foreign countries and maybe even hosted in foreign countries, to agree to such an intrusion?  Lots of questions, not very many answers.  (Source: New York Times).

MICROSOFT MELTDOWN PATCH WORSE THAN THE DISEASE

Microsoft’s Meltdown patch for Windows 7 64-bit and Windows Server 2008 R2 left critical kernel tables readable by anyone means that malware could read any memory, make themselves an administrator and modify the operating system’s memory map.  The good news is that it does not affect Windows 8 or 10 and has been fixed in the March Windows update release.  (Source: The Register).

NOT MUCH HAS CHANGED IN VOTING SECURITY SINCE 2016

I have written before that DHS won’t finish with all of the audit requests from states regarding voting process security until this summer, leaving no time to actually fix any problems.   Now, the Brennan Center for Justice at NYU has released an updated version of their 2015 report on voting machine security.  Only 41 states now use  voting systems at least a decade out of date.  That is kind of like if you were still using an iPhone 3G – one that likely has not been patched in 5 or more years.  That is down from 44 states being in that position in 2015.  They also talk about all the other phases of the voting process, from registering voters to election night tallys, that are likely easier to compromise.  It all boils down to money and time, something the states and cities do not have available and which the feds do not think is important enough to fund.  (Source: GovCyberInsider).

Facebooktwitterredditlinkedinmailby feather