Tag Archives: Covid

Security News for the Week Ending Nov 13, 2020

The “S” in Coworking Stands for Security

While the WSJ says that coworking companies are closing money losing spaces as a result of Covid, don’t forget that coworking spaces are about as secure as airport WiFi, meaning not at all. The local news just said that some coworking companies are actually expanding as people want to get out of their house. For most coworking companies, the users are on a shared WiFi connection with no security and often, no encryption. Your remote working policy and procedures need to address this subject, based on the level of risk you are willing to accept and whether you are part of a regulated industry that might frown on you sharing your trade secrets, PII or customer data with the world. Also remember, that if malware gets into shared WiFi, it will certainly try to attack you. Here are a few tips for coworking company security.

Travelers are Faking Covid-19 Test Results

Apparently some travelers don’t want to go through the hassle of getting tested for Covid but still want to travel to countries that require those tests to enter the country. First there were paper documents, which, with Photoshop, were easy to forge. The cops in Paris’ Charles de Gaulle Airport just arrested some of those forgers. They were charging $180-$360 for fake documents. Apparently the French do not cotton to counterfeiters. The penalty for counterfeiting Covid documents is 5 years in a French prison and a half million dollar fine. Brazil arrested some tourists last month for presenting fake documents, so it sounds like you can get in trouble whether you are the buyer or the seller. Some locales are now only accepting electronic versions of the documents from the labs, making it harder to fake. Credit: USAToday

Google Finds At Least 7 Critical Bugs in Chrome, Android, iOS and Windows

Google says the bugs were being actively exploited int the wild, but are not saying by whom or against whom. The iOS 12 patch released patches back to iPhone 5S and 6, typically indicating that it is a big problem. The bugs were “found” by Google’s Project Zero, but apparently were being used by someone(s) prior to them being found. Does this smell like some spies were caught? Probably. We just don’t know which side they were on. Credit: Vice

Vietnam’s OceanLotus Hacking Group Joins Other Countries in Hacks

While countries like China get all the credit for hacking, Russia, North Korea and others are just as active. Add Vietnam to the list. Right now they are attacking their Asian neighbors. As is typical for these government run attacks, they are applying a great deal of effort to compromise their victims. Credit: The Record

White House May Fire Krebs for Securing the Election

Chris Krebs, the head of DHS’s Cybersecurity agency CISA, says he expects to be fired by the White House for securing the election from hackers. All reports indicate that while there is a lot more work to do to secure elections, the 2020 elections were, by far, the most secure ever. The agency also created an election rumor control web site (www.cisa.gov/rumorcontrol). This website debunked many of the myths being spread people who are trying to discredit the election results. General Nakasone, head of NSA and Cyber Command, who also said that there was no significant election fraud, could also be in trouble. Credit: Darkreading

Security News for the Week Ending April 17, 2020

Covid-19 Driven Online Shopping Encouraging More Skimming Attacks

Since crooks go where the money is and since we are all doing a lot online shopping during the shelter in place directives, the crooks put two and two together to come up with an attack strategy.

Malwarebytes says that they are seeing a 26% increase in skimming attacks between February and March.  Also, apparently, Monday is the least safe day to shop.   Credit: SC Magazine

Ransomware Attacker Stops Accepting Bitcoin Due to Traceability

The operators of the Sodinokibi Ransomware want to stop accepting Bitcoin because the cops have figured out how to trace Bitcoin transfers.  While some people have said for a long time that Bitcoin is not traceable, the opposite is actually true.  Monero cryptocurrency combined with TOR has features designed to thwart that sort of tracking.  Credit: Bleeping Computer

Friendly Hackers Find 460 Bugs in “Hack the Air Force 4.0”

The hack, run by the U.K. Ministry of Defence, allowed good guy hackers to attack a particular but unidentified Air Force “platform”.  The hackers found over 450 security flaws in this one platform.  Remember the military runs thousands of systems and not all bugs allow a hacker to initiate a total meltdown, but still if this is a representative sample, this is indicative that with a modest amount of effort (this entire hackathon lasted less than a month), you might be able to identify hundreds of thousands of security flaws in systems where the system buyer understands that these systems need to be secure.    What then, could hackers find in normal commercial and home-grown systems, where price, time to market and features are way more important than security?  Credit: Fifth Domain

Small Business is Big Target for Ransomware

According to a new survey of senior execs, 46% of all small business have been the target of ransomware attacks.  Of those that have been hit, 73% say that they paid the ransom. 43% paid between $10k and $50k;  13% paid more than $100k.  Of those who paid, 15% did not get all of their data back.  Not great statistics.   Credit: Dark Reading