Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

September Holidays for Geeks

9-19 Talk Like A Pirate Day

9-20 International Watch Firefly Day

9-21 National Day of Civic Hacking

9-23 Autumnal Equinox

9-28 National Drink Beer Day

US space companies prime targets of espionage

[Bob says: Because their stuff blows up on the launch pad  and/or crashes into the moon?]

Chinese and Russian intelligence agencies are actively targeting American private space companies, including Blue Origin, in an effort to steal vital technologies and prepare cyberattacks to degrade US satellite capabilities during conflicts or emergencies, as warned by the National Counterintelligence and Security Center, the FBI, and the US Air Force. The advisory highlights risks to space companies’ data and intellectual property through cyber intrusions, insider threats, and foreign infiltration of supply chains.

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

08/21/2023 12:00 PM EDT

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.

CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors. For more information and resources related to CISA’s PQC work, visit Post-Quantum Cryptography Initiative.

New Whiffy Recon malware uses WiFi to triangulate your location

By Bill Toulas at Bleeping Computer

Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location of infected devices through WiFi scanning and Google’s geolocation API.

Google’s geolocation API is a service that accepts HTTPS requests with WiFi access point information and returns latitude and longitude coordinates to locate devices that do not have a GPS system.

Smoke Loader is a modular malware dropper that has been around for several years, primarily used in the early stages of a compromise to deliver new payloads.

In Whiffy Recon’s case, knowing the victim’s location could help carry out attacks that are better focused on specific regions or even urban areas, or help intimidate victims by showing tracking ability.

Depending on the number of WiFi access points in the area, the triangulation accuracy via Google’s geolocation API ranges between 20-50 meters (65-165ft) or less, though that figure increases in less dense areas.  More…

Mayan Base 20 Numbering System

Found this on Facebook from The International Man of History.  It oddly fits with a previous post of mine on Binary, Octal, Decimal, and Hexadecimal numbering.  The ancient Egyptians used a duodecimal (Base 12) numbering system.  Here goes:

The Maya civilization was a Mesoamerican civilization that can be traced back to around 1800 BC (probably earlier, although it would be several centuries before they built large cities) and it lasted until the end of the 17th century AD.¹ The Classic Period—and the peak—of the Maya was between c. AD 250 and c. 900.

The Maya civilization was never a single united kingdom, rather many kingdoms that shared some, but not all, of the same traditions. They built cities across present-day Mexico, Guatemala, Belize, Honduras and El Salvador. Their cities had stepped pyramid temples with spectacular reliefs and inscriptions. Their numeral system was the most sophisticated mathematics system ever developed in the Americas. The system consisted of just three symbols: a shell for zero, a dot for one, and a bar for five. The next four paragraphs are from an article published by the Canadian Museum of History. The numeral system is explained here:

“The Maya used the vigesimal system for their calculations – a system based on 20 rather than 10. This means that instead of the 1, 10, 100, 1,000 and 10,000 of our mathematical system, the Maya used 1, 20, 400, 8,000 and 160,000.

Maya numbers, including calendar dates, were written from bottom to top, rather than horizontally. As an example of how they worked, three was represented by three dots in a horizontal row; 12 was two bars with two dots on top; and 19 was three bars with four dots on top. Numbers larger than 19 were represented by the same kind of sequence, but a dot was placed above the number for each group of 20. Thirty-two, for example, consisted of the symbols for 12, with a dot on top of the whole thing representing an additional group of 20. The system could thus be extended infinitely.
The Maya set of mathematical symbols allowed even uneducated people to add and subtract for the purposes of trade and commerce. To add two numbers together, for example, the symbols for each number would be set side by side, then collapsed together to make a new single number. Thus, two bars and a single dot representing 11 could be added to one bar for five, to make three bars and one dot, or 16.

The Maya considered some numbers more sacred than others. One of these special numbers was 20, as it represented the number of fingers and toes a human being could count on. Another special number was five, as this represented the number of digits on a hand or foot. Thirteen was sacred as the number of original Maya gods. Another sacred number was 52, representing the number of years in a “bundle”, a unit similar in concept to our century. Another number, 400, had sacred meaning as the number of Maya gods of the night.”



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.