Security News for the Week Ending June 10, 2022
Anonymous Seems to be doing Better Against Russia than Past Efforts
Anonymous, the hacking collective, historically has made claims about how effective they are that have not panned out. However, against Russia, they seem to be pretty effective. Whether that means that they are more focused now or instead, that Russia’s defenses are not very good, I don’t know. This week they have leaked a terabyte of data from Russian law firm RKPLaw. This comes just days after they leaked hundreds of gigabytes of data from Russia’s largest media holdings, Vyberi Radio. Note that they are not holding the data hostage; this is about hurting Russia. Credit: Hackread
FTC Regulates by Blog Post
The FTC recently posted a notice on their blog that companies who do not report breaches appropriately – timely, not fully truthful, etc. – are subject to being prosecuted under Section 5 of the FTC Act. This has historically been used to go after fraud. In fact, section 5 covers fraudulent and deceptive practices. So, now you another regulator who may come after you if you attempt to cover up a breach, like Uber did, and the FTC feels your actions could, possibly, harm consumers. Credit: Ballard Spahr
New Jersey School District Cancelled Finals after Ransomware Attack
Here is the downside of the cloud. Tenafly Public Schools in Bergen county cancelled finals as the attempt to wrestle a ransomware attack to the ground. The have called in experts to help them, but all of that takes time. The school district uses Google Classroom and other cloud based systems, all of which went offline as a result of shutting down the district’s networks and servers. The district has not said what they plan to do about graduating seniors. Credit: The Record
8 zero-day Vulnerabilities Patched in Carrier’s Industrial Control System
Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched, according to security researchers from Trellix who discovered the issues. Carrier argues these are not true zero-days because they are not actively being exploited, but now that they are public, that will change. These Carrier LenelS2 control systems are used by a wide range of industries from education to the federal government. Many will likely never be patched, much to hackers’ delight. Some of the bugs would give hackers root system access. Credit: The Record
DoJ Announces Plan to Improve Cybersecurity – In Line With the Requirements of the EO on Cybersecurity and after being Hacked Multiple Times
I’d like to give them credit for doing this, but the reality is that their current cybersecurity is not up to par and they are just doing what is required of them under the EO on cybersecurity. At least they are doing something. Credit: Daily Swig