Security News Bites for the Week Ending July 10, 2020
Digicert to Incinerate 50,000 Certificates this Weekend
Due to a process failure, Digicert is going to invalidate about 50,000 SSL (TLS) certificates this weekend. This is happening with only 5 days notice. If Digicert is your certificate provider, make sure that your certificate is not one that is going into the bonfire. Credit: The Register
National Coin Shortage
Okay, this is not a security item, but fascinating none the less. I went into a gas station this week and there was a sign on the counter – pay with exact change or use a credit card. National Coin Shortage. News to me, but apparently true according to the Federal Reserve. Due to Covid-19 and stores closing, coins are not circulating. Combine that with the U.S. Mint reducing some production due to the virus, and the Fed says that there is a coin shortage. They say it likely won’t be fixed for months. Interesting. Credit: Vice
The Hidden Purpose of New Mac Ransomware
If you are like most people, you probably assume that the purpose of any ransomware is, well, to collect a ransom. According to researchers, that might not be the case with EvilQuest. Instead, it’s purpose, they say, is to steal information. Almost anything. Images. Documents. SSL Certificates. Crypto wallets. Spreadsheets. I.e., almost anything with bits. Probably a good idea not to get infected with it. Credit: SC Magazine
DHS’s “SSN Lock” – Nope. Not Even Close
I have written before that you need to create your online account at important vendors before a hacker creates one for you and takes over your account.
Great concept. For **MOST** companies, that actually works. Not so for your Social Security Number at the Department of Homeland Security.
After a reader alerted him, Brian Krebs created an account on DHS’s web site and locked his social security number. Brian then created another account on the site using a different email address but with his social and the system allowed him create that second account and to unlock his social. We call that pretend security. Most companies do better than that. Credit: Brian Krebs
Russian Hacker Who Hacked Linked In and Dropbox is Guilty
Russian National Yevgeniy Nikulin was found guilty of hacking LinkedIn and Dropbox, among other sites. He was arrested in the Czech Republic in 2016 and extradited to the US in 2018 over objections of Russia who wanted to, they said, bring him to trial in Russia (sure, we believe them). The case has been a bit of a circus with him not cooperating with his lawyers, meeting with Russian officials without his lawyer present and being placed in solitary after vandalizing his cell. He will be sentenced in September. Credit: Cyberscoop