With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected.
5 things you can do to make your Zooming safer, more private and more secure…
In most organizations, the only meetings happening right now are virtual meetings. And quite frankly, if you’re reading this article, you may be one of the few in your organization giving the security of these virtual meetings much thought. That does not surprise Jeff Greene, Director of the National Cybersecurity Center of Excellence , which is part of NIST. “Virtual meeting security is often an afterthought… Read more
It’s a race to the bottom for hackers and cybercriminals looking to make money from the coronavirus pandemic or trying to disrupt information that can help keep people safe. Sometimes, they are doing both at once. Android users are coming across a website that offers you the power of COVID-19 tracking in your pocket. Download the app to see maps and get alerts when someone near you is diagnosed with the virus—even someone on “your street.” You can imagine how tempting this tool would be for many people as a means of protecting themselves. Researchers at Domaintools came across the website and tested the app. “The domain prompts… Read more
If somebody promises to get your economic impact payment fast, back away: it’s just one flavor of COVID-19 scam the tax agency is seeing.
From time to time, the FBI sends its partners in industry a Private Industry Notification (PIN) about pervasive cyberattacks, and the latest PIN went out this month regarding Business Email Compromise (BEC). “The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers… Read more
Researchers put law enforcement hacking tools to the test.
[2020.02.20] There’s a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong? Great way to light your house on fire remotely. Or use as a trigger to an arson. Investigation on the Kickstarter site reveals that this device is Bluetooth connected so it should have a range limited to 30 feet. Still – do we really need a remote scented candle?
[2020.02.24] The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financial transactions to take place seamlessly.
Garda and military sources believe the agents were sent by the GRU, the military intelligence branch of the Russian armed forces which was blamed for the nerve agent attack in Britain on Sergei Skripal, a former Russian intelligence officer. This is nothing new. The NSA and GCHQ have been doing this for decades. Boing Boing post.
If you thought the Mirai botnet was bad, what about a version under the control of Russia’s military that it could point like an electronic cannon at people it didn’t like?
[2020.03.10] Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out:
All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible. The password for the Confluence virtual machine that held all the hacking tools that were stolen and leaked? That’ll be 123ABCdef. And the root login for the main DevLAN server? mysweetsummer. It actually gets worse than that. Those passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew. Their justification? The intranet was restricted to members of the Operational Support Branch (OSB): the elite programming unit that makes the CIA’s hacking tools.
The jury returned no verdict on the serious charges. He was convicted of contempt and lying to the FBI; a mistrial on everything else.
The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cypress’ and Broadcom’s FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.
Manufacturers have made patches available for most or all of the affected devices, but it’s not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. That’s the real problem. Many of these devices won’t get patched — ever.
We all know that ransomware attacks are bad for any organization. They’re costly, they put customers at risk, and they can damage your reputation. But there’s also a factor in ransomware incidents that gets less attention: the impact on employees. When Evraz, a steel manufacturer, experienced a ransomware attack early this year, the event “impacted operations in all of Evraz North America… Read more