Tag Archives: Russia

Security News for the Week Ending May 20, 2022

Flaw in uClibc Allows DNS Poisoning Attacks

A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in millions of Internet of Things devices that will never be patched and will always be vulnerable. This is where Software Bill of Materials is kind of handy. Credit: ThreatPost

Cyberattack on Hawaii Undersea Cable Thwarted

Homeland Security Thwarted an attempted hack of an under-ocean cable that connects Hawaii with other parts of the Pacific region. While Homeland is not releasing any details of the attempted attack, if the attack shut down traffic, that would be really bad for the region. Just one cable, for example, the Hawaiki Transpacific Cable, runs for 15,000 KM and has a capacity of 67 Terabits per second. Credit: Star Advisor

Will the Mickey Mouse Protection Law Go Up in Flames

Full disclosure: I have never been a fan of this law, so if it goes away, it won’t bother me. As some Republicans try to hurt Disney (trying to abolish the Reedy Creek special district, for example), Senator Hawley (R-Mo) introduced legislation to roll back the insane copyright “terms” that companies have used to make money off characters created a century ago. The downside of Hawley’s move is that it likely will anger a lot of people who make money off that 120 year copyright term and they might choose to make donations to the other team to get even. Given that Washington runs on “contributions” and those donors are likely going to explain that fact, I would say the odds of this passing are not great, but who knows. Credit: MSN

Feds Write Memo That Says They Pinky Promise Not to Charge Security Researchers Under CFAA

Sometimes I probably come across as cynical. That is because I am. While it is great that finally the DoJ wrote a memo that says that they are not going to charge security researchers for finding security holes, that memo only has just a little bit more weight of law than if I wrote that memo. There is nothing binding on the DoJ. Still, I guess, it is better than nothing. Credit: The Daily Swig

Sanctions Have Some Effect on Russia’s Tech Sector

Since Russia can no long buy AMD and Intel processors, they had to find an alternative. The solution seems to be a KaiXian KX6640MA. This is an Intel compatible chip, but it is a bit slow. One CPU Benchmark reported that a 4 core, 4 thread chip scored 1,566 points on the CPU benchmark. By comparison, an Intel Core i3, which is the slowest of the current Intel family, scored 14,427. Not exactly a match and for anything that is time critical, that is a problem. Guess how you would feel if someone replaced your computer with one that was 1/10th as fast. Credit: PC Magazine

Security News for the Week Ending May 6, 2022

Tomorrow is the one-year anniversary of the Colonial Pipeline attack. The government has done more to improve cybersecurity in the last year than it had done in the last 10 years. But there is still a lot more to do.

Jury Finds Norton/Lifelock Infringed on Two Columbia University Patents

Even in the world of cybersecurity, patent infringement is a problem. A jury decided that Norton’s use of emulators to detect malicious behavior violated patents owned by Columbia. Norton says they will stop using the technology and appeal the verdict. Among the Norton products affected are Norton Security and Symantec Endpoint Protection. Since the infringement was deemed to be willful, the judge could triple the $185 million judgement. The suit goes back to 2013. Credit: Data Breach Today

Data Broker Stops Selling Location Data of Planned Parenthood Visitors One Day After Being Outed

Yesterday I read a piece that one of the security trade magazines bought data on visitors to all Planned Parenthood visitors, including where they went after (home) and where they came from before (work). They paid $160. I think the company, SafeGraph, decided the incredibly negative PR wasn’t worth $160, so today they decided to stop selling it. That doesn’t mean other greedy data brokers will do the same – In the U.S. there is nothing illegal about it. Credit: Motherboard by Vice

Cryptocurrency Projects Are As Secure As a Screen Door

In just four days hackers stole over $100 million in cryptocurrency. Who pays for that? Fei Protocol lost $77 million, Saddle Finance $10 million, Deus Finance $13 million and Bored Apes $6 million. There is no government insurance for cryptocurrency owners. Credit: Metacurity

Ukrainians Figure Out How to Beat Russia – Shut Off its Booze

Ukraine’s army of hackers have figured out how to hit Russia where it hurts. Russia requires the booze industry to use a government run portal call EGAIS. Hackers have kept it out of commission, so stores can’t “receive” alcohol, factories can’t accept tanks of alcohol, and distributors can’t ship or receive products. As a result, factories are reducing or stopping production. Interesting attack. Credit: Bleeping Computer

Spain Admits It Hacked Some of its Politician’s Phones

After a week of public reporting that some Spanish politician’s phones had been hacked using the Pegasus spyware, a leading Catalan separatist politician said that Spain’s top intelligence official said that her agency did, in fact, hack some opposing politician’s phones. But, she said, it was all legal. Reports say that the court orders were for far fewer people than Citizen Labs found infected, so who hacked the rest of the phones? If you are high profile in any way you should assume your phone is not secure. Even secure message apps like Signal or iMessage would not be secure since the phone itself is compromised. This follows the disclosure, earlier in the week, that Spain’s Prime Minister and Defense Minister’s phones were both infected with Pegasus spyware by someone. Pegasus is so stealthy that even the government’s cyber sleuths did not detect it until the facts were reported in the media. Credit: ABC News

Treasury Sanctions Cryptocurrency Mixer BLENDER

Mixers are apps that are designed to obfuscate cryptocurrency transactions, to make them harder to track. I am not sure that sanctioning one of the hundreds of these mixers will really help, but I guess it can’t hurt. Credit: The Register

Russia Has a Cure to Their Cyber Talent Shortage

You may have heard that Russians with cyber expertise have been leaving the country by the tens of thousands. That represents a big problem for the Kremlin. Russian companies, no different than U.S. companies, need cyber talent to operate their businesses.

In addition, especially now, they need cybersecurity talent to protect their businesses – and their government departments – from the onslaught of cyberattacks.

Granted the Russian economy is in a bit of a slump, but even so, the companies that are operating need help.

This last month Russia was the top country for publishing stolen credentials for the first time ever.

So what is Putin’s solution?

He wants to force tech-savvy people who he has thrown in jail to work for next to nothing from inside the prisons for him.

I am sure they will be thrilled to do that.

The average salary for Russian prisoners is $281 a month or about $3,000 a year.

So, you take a crook who was making, let’s be conservative, $500,000 a year from ransomware and other theft. He gets caught and thrown into a nice, comfy Russian “correctional center” and you want him to protect Putin’s friends for $3,000 a year?

WHAT?

COULD?

POSSIBLY?

GO?

WRONG?

I am sure that these nice people wouldn’t think of putting back doors in for them to come back later.

Or to sell those back doors to their friends. After all, it is hard to live on $281/month.

Or just not try very hard.

Clearly, Putin is desperate.

But I am okay with that. It will probably work to our advantage.

Credit: Brian Krebs

Security News for the Week Ending April 15, 2022

Cyber Command Says Chip Shortage is a National Security Issue

The head of U.S. Cyber Command, General Paul Nakasone, told Congress that China’s continued progress towards domestic chip production is a problem. If China achieves chip independence, that puts them in a position to do what they want and not worry about sanctions. For example, they could cut off our access to precious metals that we need to produce chips ourselves. Credit: Cyber Scoop

Russian Crooks Worried Sanctions Will Delete Their Ill-Gotten Gains

Russian crooks are nothing if not capitalists. They are worried that sanctions could impact their net worth and they are chattering about that on the underground web. They are worried about funds in Russian banks and how much their Rubles might not be worth in six months. I am so sad for them. Not. Of course, that might mean the Russian mob might do some kinetic adjustments themselves. Credit: Cyber News

CISA Advises D-Link Users to Take Vulnerable Routers Offline

CISA is really rocking when it comes to telling folks about bad stuff. The newest vulnerabilities are a remote code execution on a whole family of D-Link routers. Unfortunately, they have reached their end of support, so D-Link not going to fix them. Users all the time ask why they have to replace working hardware that has reached end of life. The answer is because you want to keep the bad guys out. If you don’t care, keep using them. You can rest easy that the hackers are scanning the Internet looking for these routers – that will never be patched. Credit: Malware Bytes

New Bug in MS RPC Runtime – Zero-Click Remote Code Execution

CVE 2022-26809 has emerged just a couple of days after patch Tuesday. It is a remotely exploitable, unauthenticated, zero-click (no user interaction) remote code execution bug. It doesn’t get much worse than that. The bug is in the Microsoft Remote Procedure Call runtime and affects multiple Windows versions. If you block port 445 at your firewall (both in and out, which you should), that will stop direct external attacks, but it won’t stop attacks from a compromised workstation. Credit: Helpnet Security

Reminder: 3G Cell Networks Shutting Down. Old Devices Will Stop Working

Wireless spectrum is scarce. Buying it from someone else is very expensive. What are the carriers doing? Reusing old spectrum. The carriers have already shut down their 2G networks. Next comes their 3G networks. That means that old cars that talk to the Internet will stop talking. Alarm systems will stop sending alarms if they can only talk 3G (there may be a box that your alarm company can add to your system to fix this). Medical devices may stop talking to your doctor. Depending on the carrier, the shutdown has already begun. AT&T turned theirs off in February. Verizon is at the end of the year. If you have anything that uses the cell network, now is the time to check. Credit: ZDNet

Russia-Ukraine War – Kinetic and Cyber

As this war continues to grind on and the toll on people’s lives and civilian infrastructure is incalculable, the cyber war continues as well.

Here are just a couple of recent Russian cyber-losses.

Petrovsky Fort owns the largest office complexes in Saint Petersburg, Russia’s second largest city. Anonymous hacked over 300,000 of their emails and a total of about 244 gigabytes of data.

The second company hacked was Aerogas. There, hackers leaked 145 gigabytes of data including 100,000 emails. Aerogas is an engineering firm that supports Russia’s oil and gas industry. Do you think that shutting them down might be of interest to some folks? Among their clients are Rosneft, Russia’s largest oil producer and Novatek, their largest natural gas producer.

To make this a little more embarrassing, both companies are owned by the government.

The last announced hack this week is Forest, who is in the logging industry. Hackers released about 40 gigabytes of data including more than 350,000 emails.

What is interesting here is that they are not trying to extort these companies.

They are giving away the data for free to anyone.

Please take the data and do some damage to Russia, they say.

And, Anonymous says they are not done. Hacking into companies is in their wheelhouse and, I suspect, at least in some cases, they have inside help.

So far the list of publicly announced and dumped for free company hacks from Russia is 11. That doesn’t mean that is all their is – just that this is all that Anonymous has announced so far.

I am pretty confident that there will be more. What we don’t know is how damaging some of these will be. So far, they have not turned off the power or blown up a pipeline – like the Russians have done to Ukraine in the past. But that doesn’t mean that they won’t.

Credit: Hackread

Security News for the Week Ending April 8, 2022

Hackers Hack Russia’s Largest State Owned Media Corporation

Hackers stole 20 years of communications including almost a million emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK). Those emails were published by DDoSecrets. VGTRK runs 5 national TV stations, 5 radio stations and numerous propaganda outlets. The data is available for download as an almost 1 terabyte torrent. The hackers say they did this because of Russia’s attack on Ukraine. This is part of the ongoing cyber war between Ukraine and Russia. Credit: Daily Dot

Apple AirTags Are Useful for Stalking

Motherboard asked dozens of police departments for reports that included Apple Airtags. They received 150 reports that mentioned Airtags. Remember that they asked for reports from something like less than one half of one percent of the departments. In 50 cases women called the police because they were being notified by THEIR iPhones that they were being stalked. Many of these women thought that either former or current intimate partners were to blame. Only one report came from a man. A few of the reports talked about robbery or theft as the potential reason. In any case, Apple has a challenge for which there is no easy fix. Credit: Motherboard

Russia’s Great Firewall has Some Holes in It

Russian citizens are turning to a variety of tools to bypass Russia’s attempt to block citizens from accessing western media. From VPN tools, to Telegram to Cloudflare’s WARP, they are effectively bypassing Russian controls and accessing French, British and U.S. newspapers. Credit: Bleeping Computer

Hotels Are Now Prime Targets for Hackers

As hotels use more tech and create more apps, they have more data for crooks to steal. And, since data is king, the crooks go after it. The Marriott/Starwood hack, back in the old days of 2014, netted the hackers information on a half billion people. With new laws like state privacy laws in the U.S. and GDPR in Europe, the stakes for breaches are just going to get a lot more expensive. Luxury hotels are particular targets as London’s Ritz recently found out. If you have to give information to a hotel, do what you can to minimize it. Credit: Financial Times of London

Government Sponsored Hacks not Limited to Russia-Ukraine

China continues to target India’s power grid, a year after the start of the attack campaign. Security researchers say the purpose right now is to gather intelligence to enable future attacks. They say the attackers would attempt to compromise the grid’s load management system. If it succeeds, it could cause cascading blackouts with no way to stop the dominoes until the country is dark. The FBI says that hundreds of U.S. critical infrastructure companies have been attacked as well, so this is not limited to India. Credit: The Hacker News