Security News for the Week Ending April 19, 2019
Microsoft Pulls Patches AGAIN After Some Computers Become Super Secure
Users of Sophos and Avast, especially those running Windows 7 or Windows 8 – but not Windows 10 – got their computers bricked after this month’s update. Microsoft has had multiple update failures over the last 6 months, causing admins to wait a week or two before installing patches. In general, this is probably an acceptable risk. In this case, users had to boot the computer in safe mode, disable their AV, reboot and uninstall the patch. Then they can re-enable the AV software. A bit of a pain for companies with a lot of PCs. Microsoft has now blocked the patch if it sees a problem machine.
NOTE: If you need a reason to update to Windows 10, Microsoft is releasing an update to back out these failed updates automatically, but, of course, only in Windows 10.
Source: The Register.
Facebook is, Apparently, in the Black Market Business
For many people, who do not love Facebook, they would have said this even before this revelation, but now it is official.
Facebook really does not have the ability to police billions of accounts. You just can’t get there from here.
This time, researchers at Cisco’s Talos group found 74 groups selling criminal wares, very publicly, on Facebook. Everything from stolen credit cards to spamming tools.
The groups, which had close to 400,000 members have been removed. No doubt, immediately replaced with new ones. Source: Info Security Magazine.
Genesee County Michigan Joins Many Other Municipalities in Falling to Ransomware
Genesee County was hit by a ransomware attack last week. Initially, they said no biggie, they would be back the next day. A week later, they are still wrestling with it, although, it appears, they have a lot of services back online and seem to be making progress towards the rest.
While they are keeping mum about the details, it certainly appears that they had a good backup and disaster recovery strategy, unlike a lot of cities and towns (remember Atlanta last year?) Source: SC Magazine.
China Is Following in US Lead – US Upset
Huawei Marine Networks is currently constructing or improving nearly 100 submarine cables.
Similar to the Hauwei 5G controversy, western intelligence is concerned that they might eavesdrop on the data since just one cable with multiple fibers might carry 100 gigabits of traffic or more – a very nice prize.
Until recently, the United States and its friends in the Five Eyes countries have had somewhat of a monopoly in spying on Internet traffic.
Now China and other not so friendly countries have the ability also and want in on the action. The United States would prefer to keep the capability to itself.
Since the U.S. has repeatedly preferred a less secure Internet to make it easier for it to spy on others (consider the NSA’s successful efforts to modify encryption standards to make them easier to crack as has been revealed over the last few years as just one example). Now that others have the ability to spy on us as well, the lack of security works both ways. According to Bruce Schneier, the U.S. is going to have to make a decision – a secure Internet which is harder for everyone to hack or a weak Internet which is easy for our adversaries to crack. Source: Bruce Schneier.
Hacker Publishes Personal Information on Thousands of Law Enforcement Agents
Hackers believed to be based in Ukraine claim to have hacked more than 1,000 sites and have published the personal information (names, phone numbers and street addresses) of about 4,000 federal agents such as the FBI Academy grads.
When a reporter asked if the hacker was concerned that putting this information out would put federal agents at risk, he responded “Probably, yes”. The hacker also demonstrated being able to deface an FBI Academy Alumni Site. His motivation, he said, is money.
The hacker claims to have data on over 1 million people and is working on formatting it to sell.
The FBI Academy Alumni Association only said that it was investigating. Techcrunch is NOT publishing the name of the hacker’s website. Source: Tech Crunch.
Expensive IoT Hack
Car2Go, recently renamed Share Now, has suspended its service in Chicago out of “an abundance of caution”.
That caution comes from the fact that 100 of their cars were stolen and some of them used in crimes. Half of the cars were Mercedes.
Some people have been arrested and a few cars have been recovered.
If we assume that the average cost of one of these vehicles is $50,000 then the loss of 100 cars and the brand damage from news reports like “Robbing a bank? Steal a Cars2Go to make your getaway” or whatever, is significant. While the hard cost could be covered by insurance, likely the bigger issue is that they don’t understand how the Car2Go app was hacked to allow the thieves to steal a large number of expensive luxury cars. They likely won’t restart the service until they figure that out.
One more time, Internet of Things security is a challenge (I assume that you use the app to unlock and start the car). In this case, they probably spent a bit on security, but apparently not enough.
This is one case where APPLICATION PENETRATION TESTING and RED TEAM EXERCISES become very important. Luckily the hackers weren’t terrorists and didn’t use the cars to kill people. That would have been a real challenge to do damage control over.
We need to work diligently on IoT security before it becomes more than a financial issue. Source: NY Daily News.