Tag Archives: India

Security News for the Week Ending June 17, 2022

Ransomware Morphs Again

We know that ransomware has gone through a lot of iterations over the last couple of years as hackers try to maximize their revenue. The BlackCat group is now creating public websites for each victim company and has indexed the data to make it easy to search. I guess this means that it will be harder for companies that get hacked to hide what data was stolen. In one of their sites, you can select between employee data and customer data as the first filter and then search on that subset. Credit: Brian Krebs

NSA Quietly Appoints General Counsel After Two Years

You may remember that in the final, sort of weird, final days of the last President’s administration, the ex-President attempted to force the NSA to accept an unqualified political hack in the role of GC – a person who had not even worked inside the intelligence community, a process known as burrowing. Burrowing converts a political appointee into a career civil servant. Gen. Nakasone was ordered, on the last day of the ex-President’s administration to swear the guy in. That same day, the General put the new GC on administrative leave pending an inquiry about some security incidents. After several months in limbo, he resigned. He now is a lawyer at Rumble, a business partner of Truth Social. See a pattern? Anyway, April Falcon Doss, who seems to have impressive legal creds, was finally, quietly, sworn in as GC last month. Credit: The Record

Cyberattack – One and Done? Nope; Not Likely

According to research by Cymulate, 39% of companies were hit by cybercrime over the last year. Of those, TWO THIRDS were hit more than once. Also, of those who were hacked once, 10% were hacked ten times. That doesn’t give me a lot of warm fuzzies. Credit: ZDNet

Joshua Schulte, Former CIA Coder, Represents Himself in Second Espionage Trial

Joshua Schulte, is a former software engineer who worked for the CIA. He is accused of the largest, most damaging leak the CIA ever had. In his first trial, the jury hung on espionage charges. Now the second trial is beginning and he is representing himself. I recall a saying about a lawyer who represents himself has a fool for a client. Even though he is not a lawyer, the saying applies. He says he was framed. Prosecutors say he is guilty. Stay tuned for details. Credit: Security Week

Indian Police Planted False Evidence on Activist’s Computers to Arrest Them

Police in India were caught using hacking tools to plant evidence on people’s computers and then arresting them for the staged crime. The people being cyber attacked are not terrorists, but rather journalists and activists – in other words, people who annoy the police. With the help of SentinelOne, the hacking-by-police incidents have been publicly exposed. Credit: Wired

Security News for the Week Ending November 26, 2021

Tesla Locks Owners Out of Cars – On Accident

Hundreds of Tesla owners got locked out of their cars when a server that powers the Tesla app crashed due to load. Apparently those owners forgot there is such a thing as a car key. The outage lasted about 5 hours and Elon Musk later tweeted that they would work to avoid this in the future. This doesn’t happen often; just a reminder that no tech is perfect. Credit: The Guardian

The Zelle Fraud Scam – Don’t Fall Victim

The Zelle fraud scam starts with a fake text message that asks if you made a Zelle payment in the amount of $X. If you respond to the text with anything, you will get a call from the scammer pretending to be your bank. The scammer asks for your online banking USER NAME (not password) and the hacker then does a password reset, asking you for the PIN that your bank sends to do the password reset. And then empties your bank account. For more details, see the Brian Krebs account of the attack.

Microsoft Says Attackers Don’t Bother to Brute Force Long Passwords

A Microsoft engineer analyzed over 25 million password attempts against a honeypot of SSH servers and discovered that 77% of the attempts to brute force a password used passwords of 7 characters or less and only 6% used passwords of over 10 characters. Also, only 7% of the attempts used a special character. This gives users some parameters for constructing passwords. Credit: The Record

US Sanctions 28 Quantum Computing Companies in China, Russia, Pakistan and Japan

The US continues to work on protecting our technology from foreign bad actors. The Commerce Department added 28 companies in multiple countries as a risk to the US. These sanctions prohibit US companies from dealing with these organizations. Given that quantum computing is a strategic technology for everyone, we do not want to accidentally be helping the bad guys. For a list of these companies, check out this article.

Israel Bans Sales of Hacking Tools to 65 Countries

In the wake of all of the negative press that Israeli hacking tools company NSO Group is getting, including being banned in the US, Israel reduced the list of countries that companies like NSO can sell to from 102 to just 37 countries. See the list here.

India to Ban Almost All Private Crypocurrencies

India is about to ban almost all private cryptocurrencies. A new bill will create a framework for an official digital currency, to be issued by the Reserve Bank of India. Included in the ban would be Bitcoin and Ethereum. Effectively, if this bill becomes law non-fiat cryptocurrency would cease to exist in one of the world’s most populous countries. Credit: Euronews