Tag Archives: Trump

Security News for the Week Ending January 28, 2022

Biden May Use China Rule on Russia if it Invades Ukraine

This COULD be a bluff, but the administration may use the foreign direct product rule on Russia, like they did on Huawei, if Russia invades Ukraine. Depending on how it is used, it could have crushing implications on anything in Russia that uses microchips. When used against one company in China, Huawei, it reduced their revenue by 30 percent. If it used against a country, it could be worse. This could be a threat, but no one knows if a threat could be real. Credit: WaPo

The Donald Trump Virus

No, this has nothing to do with Covid. The Donald Trump Packer malware delivers both remote access trojans (RATs) and other infostealers. It gets its name from a hard coded password named after Trump. The malware is called DTPacker. The campaign is active and has used fake British football web sites, among others, to deliver its malware. Credit: Threat Post

Let’s Encrypt to Revoke 2 Million Certificates Today

Let’s Encrypt found two bugs in their certificate issuing software and as a result, they will revoke about 2 million certificates on Friday the 28th. That number represents about 1 percent of the active Let’s Encrypt certificates so, while it is a large number, it is a small percentage. Users who are affected will get an email and will have to renew their certificates. This is NOT the result of a breach or a hack, just them being extra cautious. Credit The Register

Microsoft Mitigates Largest DDoS Attack Ever Reported

Microsoft says its Azure DDoS protection platform stopped a 3.47 terabit per second attack last November. This translated to 340 million packets per second. The attack came from about 10,000 computers in multiple countries and used multiple techniques. Can your infrastructure handle this? Credit: Bleeping Computer

World Economic Forum Says it Takes 9 Months to Identify and Respond to a Cyberattack

In 2021 ransomware attacks rose by 151%. Each successful attack cost the company $3.6 million, on average. The Forum says that even after 6 month of a breach becoming public, company share price underperforms the NASDAQ by -3%. More concerning, on average, companies need NINE MONTHS to identify and respond to a cyberattack. Read the details at Cybernews

Security News for the Week Ending November 5, 2021

Trump is Fighting a Mastadon

Donald Trump’s not-yet-launched social media site, Truth, is already fighting a potential lawsuit. Although Trump has not said so, tech folks who have seen the site say that it is based on the open source social media code base called Mastadon. The license that comes with Mastadon requires that users of the source code make their implementation open source and public. The truth about Truth is that they have not done that and now they have 30 days to do it or be sued. Credit: Vice

FBI Raids Chinese Point-of-Sale Giant Pax Technology

Although they are based in China, they have offices in Florida and that is where the raid took place. They have more than 50 million terminals worldwide. Possibly, the Chinese terminals were acting as a command and control server and malware dropper. If true, that would be very painful to stop as the terminals are deployed in small quantities in stores all over the world. One company in the U.S., according to news reports, has started pulling Pax terminals off its network. Even if they give the stores new terminals for free, there is a chip shortage and each store needs to make the new terminal work with the rest of their point-of-sale system, which may not even be possible for older systems. Credit: Yahoo Finance and Brian Krebs

Native Tribal Casinos Ransomware Attacks Costing Casinos Millions

Hackers have figured out that most tribes do not have the technical sophistication or resources of say Vegas casinos and target them. Multiple gangs are launching attacks against multiple tribes. Several incidents have become pubic. For instance, six Lucky Star tribal casinos belonging to the Cheyenne and Arapaho tribes were shut down by ransomware last July, and in May the Seminole Nation’s casino in Oklahoma was also breached, according to the Tribal Business News. Credit: Threatpost

A Drone Tried to Attack the Power Grid

In July 2020 someone used a drone to target a Pensylvania power station. The drone, a DJI Mavic 2 (a Chinese-made drone) had two nylon cords connected by a copper wire dangling from it. The drone had been stripped of identifiable markings and its camera and memory card had been removed. The drone crashed before hitting the target, but drone attacks are becoming a big problem. Credit: United News Post

Ukraine Outs Russian FSB Officers Hacking – Releases Recordings

Ukraine and Russia have not been friends. Russia has been attacking Ukraine for years – blowing up pipelines and hacking the electric grid, for example. Now Ukraine is fighting back. The outed the names of 5 FSB agents working in Ukraine as hackers. They even released recordings of phone calls that the Russian hackers made to each other talking about their deeds and being mad at their government (as in Putin). Credit: The Hacker News

Security News for the Week Ending January 8, 2021

Britain Says Assange Cannot be Extradited

Julian Assange, a long time thorn in the backside of some folks in the US government, cannot be extradited to the US, a British court says. The court said that while he probably can get a fair trial in the US, the court system in the US is unlikely stop him from committing suicide (a la Jeffrey Epstein, another very high profile prisoner). The US is expected to appeal. Credit: Cybernews

Covid Stimulus Bill and UFOs

The first question is why? and the answer is Congress? Buried deep in the Covid stimulus bill is Intelligence Authorization Act which mandates the Pentagon release a report on its UFO task force report. Stay tuned. Credit: Vice

New York Stock Exchange Changes Mind About Delisting Chinese Stocks

After the NYSE said it was going to delist 3 Chinese telecom stocks because the President said they were tied to the Chinese government/military, they suddenly changed their mind. They said that they made the decision after consulting with their regulators. Not sure what this means in the long term, but it might mean that the DoJ thinks the President is on shaky ground legally in doing that and rather than get sued, they are going to let it play out in the courts. Credit: Cybernews

Right after this happened the exchange got a call from Secretary Mnuchin and, apparently he changed their mind. Again. So now they do plan to delist these stocks. Until they change their mind again. This is really a symbolic move since only about 2% of their shares go though the NYSE. Credit: ZDNet

Hackers Use Fake Trump Scandal Video to Load Malware

Want to see a (purported) Trump sex scandal video? Well ignoring your thoughts on the subject, the email is just click bait. If you fall for the bait and click, the malware will install a Remote Access Trojan or RAT on your computer, allowing the hacker to connect to your computer and rummage through (and steal) all your stuff. They could, in addition, deposit some ransomware when they are done, so no matter how curious you might be, don’t click. Credit: Hacker News

Nissan Seems to Have Lost Control of their Source Code

A car is not only a vehicle these days, but also a computer on wheels. More accurately, probably a hundred computers on wheels, plus a bunch of server software plus some mobile apps plus. You get the idea. So one might expect that you would protect that. Nissan did; with Userid:admin and Password:admin. A bit of a problem and it may even be difficult for Nissan to sue because they didn’t take reasonable care. Credit: SC Magazine

Security News for the Week Ending October 30, 2020

Louisiana National Guard Called in to Help Local Election Officials

According to tips, the state of Louisiana had to call out the National Guard after some number of small government offices across the state were hit by ransomware. Experts say the tools have the hallmarks of the North Koreans, so all of the major attackers – Russia, China, Iran and now North Korea – are all trying to compromise our elections. This problem is not going away. Credit: Business Insider

Attacks on Cryptocurrency Continue

A hacker stole $24 million of cryptocurrency service Harvest Finance, a company that allows users to arbitrage cryptocurrencies. The company was hit by a $570 million “bank run” after the attack. They claim they know who the attacker is. One more time, software has bugs and can be exploited. Who would have thunk? Credit: Coindesk

Ransomware Disables GA. County Election Database

This is both good news and bad news. Hall County, GA was hit by a ransomware attack earlier this month. The attack, disabled the voter database, along with other systems like phones. The county claims that they will still be able to run the election because they can manually verify signatures from voter registration cards. They are also using a state database that was not affected. This points out that attacking some small county in a state is probably not the best way to change the outcome of an election. Credit: Gainesville Times

Trump Website Briefly Defaced

One of the campaign’s websites was briefly defaced Tuesday night and the site was replaced by a message similar in style to the messages put on a website that the government seizes. The message looked like this:

Image

Of course the site had not been seized and it was returned to its normal state after a little while. To be honest, I am surprised not more has occurred given the other events going on in the country. This seems pretty childish, but we don’t know if the warning on the site is true; stay tuned.

Regarding the hack, CISA Director Chris Krebs said on Twitter, “Like I said yesterday, website defacements are noise. Don’t fall for these attempts designed to distract, sensationalize, and confuse. Ultimately they’re trying to undermine your confidence in our voting process.” Credit: Variety

Wisconsin Repubs Say Hackers Duped Them Out of $2 Million+

The Wisconsin Republican Party says that hackers scammed them out of more than $2 million of donors’ money using very traditional business email compromise attacks creating fake invoices from real vendors and paid to the hackers’ bank accounts. The Wisconsin Dems say that they have been targeted by over 800 attacks, but so far, none (that they know of) have been successful. Credit: AP

Security News for the Week Ending June 19, 2020

Akamai Sees Largest DDoS Attack Ever

Cloudflare says that one of its customers was hit with a 1.44 terabit per second denial of service attack. A second attack topped 500 megabits per second. The used a variety of amplification techniques that required some custom coding on Akamai’s part to control, but the client was able to weather the attack. Credit: Dark Reading

Vulnerability in Trump Campaign App Revealed Secret Keys

Trump’s mobile campaign app exposed Twitter application keys, Google apps and maps keys and Branch.io keys. The vulnerability did not expose user accounts, it would have allowed an attacker to impersonate the app and cause significant campaign embarrassment. This could be due to sloppy coding practices or the lack of a secure development lifecycle. Credit: SC Magazine

FBI and Homeland Use Military-Style Drones to Surveil Protesters

Homeland Security has been using a variety of techniques, all likely completely legal, to keep track of what is going on during the recent protests.

Customs (part of DHS) has Predator drones, for example. Predator drones have been used in Iraq and other places. Some versions carry large weapons such as missiles. These DHS drones likely only carry high resolution spy cameras (that can, reportedly, read a license plate from 20,000 feet up) and cell phone interception equipment such as Stingrays and Crossbows. Different folks have different opinions as to whether using the same type of equipment that we use to hunt down terrorists is appropriate to use on U.S. soil, but that is a conversation for some other place. Credit: The Register

Hint: If You Plan to Commit Arson, Wear a Plain T-Shirt

A TV news chopper captured video of a masked protester setting a police car on fire. Two weeks later, they knocked on her door and arrested her for arson.

How? She was wearing a distinctive T-Shirt, sold on Etsy, which led investigators to her LinkedIn page and from there to her profile on Poshmark. While some are saying that is an invasion of privacy, I would say that the Feds are conducting open source intelligence (OSINT). The simple solution is to wear a plain T-Shirt. If you are committing a felony, don’t call attention to yourself. Credit: The Philly Inquirer

Ad-Tech Firm BlueKai has a bit of a Problem

BlueKai, owned by Oracle, had billions of records exposed on the Internet due to an unprotected database. This data is collected from an amazing array of sources from tracking beacons on web pages and emails to data that they buy from a variety of sources. Apparently the source of the breach is not Oracle it self but rather two companies Oracle does business with. They have not said whether those companies were customers, partners or suppliers and they haven’t publicly announced the breach. If there were California or EU residents in the mix, it could get expensive. The California AG has refused to say whether Oracle has told them, but this will not go away quietly or quickly. Credit: Tech Crunch

Minneapolis City Web Sites Hit by Denial of Service Attacks

Last Thursday, early in the morning, a number of City of Minneapolis web sites were disabled by denial of service attacks. The attacks are short lived and the city was able to restore most of the services within a few hours. It is certainly possible that we will see more cyberattacks as a way to continue civil disobedience. Credit: The Hill

GA Gov. Kemp’s (R) Claims that Dems Hacked his SoS Web Site In 2018 Are False

Two days before the 2018 election, then GA Secretary of State Kemp opened an investigation into what he said was a failed hacking attempt of voter registration systems by the Democratic Party.

Newly released case files from the GBI says that there was no such hacking attempt. The report says that Kemp got confused by an authorized and planned security test by HOMELAND SECURITY with a hack. Kemp’s CIO approved the scan by DHS.

The GBI did say that there were significant security holes in the web site at the time, even though Kemp said that patches to the web site two days before the election were standard practice. No one in their right mind would make changes to critical election systems two days before the election unless it was an emergency. Credit: Atlanta Journal Constitution

Chinese and Iranians Hacking Biden and Trump

Google’s Threat Analysis Group (TAG) warned the campaigns that the were seeing the Chinese targeting Biden and the Iranians targeting Trump. Currently, there is no sign of compromise, but we still have months to go before the election. Not only is there lots of information to steal, but they have the possibility of impacting the election or causing a loss of trust by voters in the process. Credit: SC Magazine

FBI Says Big Business Email Compromise Attacks on the Upswing

The FBI has reports of multiple fraudulent invoice BEC attacks in April and May. In on case hackers used a trusted vendor relationship and a transportation company to steal $1.5 Million. They are reporting multiple incidents in different industries, so caution is advised. Credit: FBI Liaison Information Reports 200605-007, security level GREEN.