Security News for the Week Ending December 23, 2022
Chris Inglis Leaving White House Cyber Director
White House jobs are hard. Even for a Brigadier General. News outlets are reporting that he will leave that post in early 2023. Before coming to the White House, he was the deputy director of the NSA. His experience will be missed. He did say early on that he only planned to be in that post for a year or so. His second in command, Kemba Eneas Walden will step in as interim. While she spent 3 years at Microsoft and 10 years at DHS, she does not have the experience that Chis has. Credit: Data Breach Today
Rackspace Says that Email Ransomware Victims Only Represent 1% of Their Business
While admitting that only 75% of the affected customers are back online after more than two weeks and that many customers do not have their email history, they say they are optimistic that most customers will eventually get their old emails back. Telling the press that these hundreds of thousands of victims only represent a small revenue impact doesn’t seem very smart to me. That small group will likely get very noisy once they get email access again. It is certainly possible that customers will forgive and forget, but I suspect many customers will not. Assume lawsuits to follow. Credit: The Register
Infragard Membership Data on 80,000 for Sale
Membership in the FBI’s Infragard group requires a background check and includes members from every critical infrastructure sector and the executive ranks of most Fortune 1000 companies along with thousands of smaller players. The data was for sale on the dark web, but was taken down. The attacker masqueraded as a big company exec, leveraged weak background check processes on the part of the FBI and then exploited security weaknesses in the API of the web site (a common method to hack web sites). The FBI is not explaining what happened, which only amplifies the noise. Credit: Dark Reading
Update: The hacker is not selling the database. It is available for free on the dark web on several RUSSIAN cybercrime forums. OUCH! That is a serious embarrassment for the FBI. Credit Hack Read
Russians, American Smuggle Electronics, Ammo From America to Russia
The Department of Justice unsealed a 16-count indictment today accusing five Russians, an American citizen, and a lawful permanent US resident, 3 of whom are in custody, of smuggling export-controlled electronics and military ammunition out of the United States for the Russian government. Among the stuff sneaked out of America were semiconductors that could be used in nuclear and hypersonic weapons and sniper riffle ammo. Credit: The Register
Congress Passes Bill to Ban TikTok From Fed Devices
The bill to ban TikTok from federal devices has passed and is on its way to the White House. It is part of the massive government funding bill, so it will be signed. Almost 20 state governors have already banned it from state devices, but it is important to understand that with 100 million U.S. users, banning it from those devices is, at best, symbolic. This bill is separate from a standalone bill that is working its way through Congress that would completely ban Chinese owned social media companies. The no fed TikTok bill will likely survive any court challenge while the broader bill could face legal trouble. This is, in part, because a lot of small businesses will literally fail if TikTok is banned because of their viral sales model. On the other hand, TikTok’s parent admitted to spying on journalists and others with the app, so that doesn’t help their case. Credit: Forbes and MSN and MSN.