Tag Archives: Cyberstalking

Security News for the Week Ending July 30,2021

Internet Rot Causes Porn on Legit Sites

News sites like New York Magazine and others accidentally displayed porn because they had links to the old and now gone Vidme video sharing site. Vidme went out of business in 2017 and a porn site bought the domain. Since there is no easy way for web site operators to detect that a linked site has been sold and since there are billions of old pages out there, you have the making of an embarrassing disaster. Needless to say, the web sites fixed this little bit of rot, but there are millions of other bits of rot lurking. Credit: Wired

Ex eBay Security Boss Sentenced to 18 Months for Cyber-stalking and Witness Tampering

The former global security manager for eBay was sentenced on Tuesday to 18 months in prison and was ordered to pay a $15,000 fine for his role in the cyber-stalking and harassment of a Massachusetts couple who published a newsletter critical of the internet yard sale. Philip Cooke, a former police captain before joining eBay was the last of 7 charged in a scheme to threaten and silence a couple who wrote a blog that was negative about eBay. eBay executives say that they were not aware of the tactics, but…..really? Credit: The Register

9th Circuit Limits Feds’ Confiscation of Electronics at the Border

The 9th Circuit Court (covering Alaska, Arizona, California, Guam, Hawaii, Idaho, Montana, Nevada, Mariana Islands, Oregon and Washington) ruled that border agents, which until now have had a complete free-for-all with your digital devices, severely limited what a border agent can search for without a warrant. They can ONLY search for digital contraband such as child porn. Under the Trump administration, CBP had a blacklist of reporters, humanitarian workers and lawyers and would regularly seize their phones and laptops under the ruse of Homeland security and copy all of their content. Assume this will wind up at SCOTUS sometime in the next 5-10 years, but in the meantime, this is the law in the western US. Credit The Washington Time

Ransomware Up 93% in Last 6 Months Adding TRIPLE Extortion

In a report, Checkpoint Security says, that overall cyber attacks are up 17% in the US and 36% in EMEA over the first 6 months of the year. But, they say, Ransomware is up 93%, caused by ransomware 3.0. For those not following this, in ransomware 1.0, the crooks just encrypted your data. In ransomware 2.0, they steal it first, then encrypt it and threaten to release it if you have good backups and don’t want to pay. In ransomware 3.0, they steal it and encrypt it, but also try to get your customers, whose data they have stolen, to pay. Credit: Cyber News

DOJ Admits Hackers Got Into Emails of 27 US Attorneys’ Offices

7 months after the SolarWinds Attack was announced, DOJ now says that Russia was able to browse their emails between May and December, including sent, received and stored, and also including attachments. DOJ admits that Russia had access to at least 80% of employees emails in the Eastern, Northern, Southern and Western district of New York. They also got access to emails in California, DC, Florida, Georgia, Kansas, Maryland, Montana, Nevada, New Jersey and 6 other states. Credit: Bleeping Computer

Security News for the Week Ending October 11, 2019

Medical Practice Closes After Ransomware Attack

Wood Ranch Medical is closing their doors permanently after a ransomware attack.  The attackers not only encrypted the practice’s data, but also its backups.

In April 2019, the Brookside ENT and Hearing Center in Battle Creek also closed after a ransomware attack.

Ransomware attacks are just one reason why businesses should keep at least one backup off-site and off-line.  Source: Security Week

 

Reductor Malware Bypasses Encryption

Kaspersky, the Russian anti-malware vendor that has been banned for use by the US government, reported a new malware attack that bypasses encryption on a user’s PCs using a very novel technique.  Rather than crack the crypto, the attack compromises the random number generator on the computer, affecting the crypto algorithm and making the encryption easy to break.  Very creative.  Source: The Register

 

vBulletin Developers Release Patches for 3 More High Severity Vulnerabilities

Right after patching the critical vulnerability that took down Comodo, the developers of vBulletin have released even more patches.  This time is it a remote code execution (RCE) flaw and two SQL injection (SQLi) attacks.  vBulletin runs on at least 100,000  web sites.  While these vulnerabilities are not at bad as last week’s, you should patch them soon.  Source: The Hacker News.

 

Feds Hit the Mob with Cyberstalking Charges

A jealous mobster put a GPS tracker on his girlfriend’s car.  The mobster, a captain in the Colombo crime family and 20 of his friends were charged with racketeering, loansharking, extortion and, oh yeah, cyberstalking.  The story sounds like a Hollywood B movie, but it is, apparently, real.  Read the story here.

 

Colorado Records Another First

In response to the Intelligence Community’s assessment of foreign interference in the 2016 election, reports of attempted interference in 2018 and reports from Defcon that every one of the voting machines that they tried to attack was vulnerable, Colorado Secretary of State Jena Griswold banned counting ballots using printed barcodes.  Griswold says that a barcode is not a verifiable paper trail if the voter has no idea what it says.  Colorado’s voting machine vendor, Dominion, has agreed to provide a software upgrade for free that will print out darkened circles next to the vote instead.  Unfortunately, nothing is perfect and this doesn’t go into effect until after the 2020 election.  Now that Dominion has agreed to provide the software upgrade for free,other states will likely follow.  Source: CNN .