Security News for the Week Ending November 1, 2019
Johannesburg, South Africa Attacker Threatens Data Breach
In what I think is going to be the way of the future, hackers compromised Joburg IT systems and threatened to publish data that they stole if the ransom is not paid. As I write this, the deadline has just passed, they have not paid the ransom, the data is not yet exposed and they think they will have most of the systems back online soon. While this project seems to be the work of inexperienced hackers (they did not encrypt all of the systems), this does not mean that more experienced hackers won’t try this technique and do a better job of it. Source: The Register.
China Steals IP to Build C919 Airliner
I keep saying that the biggest threat to U.S. businesses is not credit card fraud but IP theft, such as by the Chinese. In this case the Chinese wanted to build a passenger jet to compete with Boeing and Airbus. The plane, in development for almost 10 years, was delayed because the Chinese didn’t actually know how to build it. SOOOOOO, here comes TURBINE PANDA. Stupidly, the developer of Turbine Panda came to the US for a security conference, where he was quickly arrested by the FBI. Now China’s MSS (ministry of State Security) has banned Chinese researchers from attending conferences in the US. In the meantime, Turbine Panda was used to compromise US and European airplane parts suppliers so that China could get the tech that they needed to build the C919. Source: CSO.
FCC Plans to Ban Huawei and ZTE Equipment, Force Replacement
The FCC is set to vote on rules banning using Federal Government subsidies to buy Huawei and ZTE equipment because of their close ties to the Chinese government and another rule that would force telecoms to rip out existing Chinese equipment. The cost of replacing existing equipment has been estimated at several billion dollars and the FCC doesn’t have any way to pay for that. In addition, if telecoms have to use more expensive 5G equipment from other providers, they will have to slow down the deployment of 5G services due to cost. The options that telecoms have, if that proposal gets approved, is to significantly delay the rollout of the much overhyped 5G cell networks or raise prices. This disproportionately will affect less densely populated parts of the county (like me, who lives 20 miles from downtown Denver – I cannot currently get any form of broadband Internet or any form of cell service where I live) because carriers will choose to install limited 5G service in highly dense areas where they will get more subscribers to pony up the additional fees for 5G cell plans and those 5G cell phones that often run $1,100 or more. The U.S. is already pretty much a third world country when it comes to fast , affordable Internet and cell service and this will only reinforce it. I have no problem banning Chinese firms, Congress just needs to figure out how to pay for this desire. Source: ARS
Domain Registrars Web.com, Network Solutions and Register.Com Hacked
These three registrars – all owned by the same folks – were hacked in AUGUST but the company didn’t figure it out until mid OCTOBER. The information taken is mild by today’s standards – names, addresses, phone numbers, etc. but no credit cards – they don’t don’t believe (that’s comforting). Also not compromised were passwords. If this is accurate, it seems like they segmented the data, which is a good security practice. Still, if you use one of these services, I would change my password and make sure that two factor authentication is enabled. Source: The Hacker News.
Rudy Guiliani Bricked His iPhone; Asked Apple to Fix It
Reports just surfaced – and so far are not being disputed – that the Prez’s cybersecurity advisor, personal lawyer and who knows what else, apparently forgot his iPhone password and after 10 tries, locked it up, so he took it to an Apple store in San Francisco and GAVE it to some random Apple tech to reset, and reload from iCloud. Definitely a super secure situation. Rudy said that everyone needs help from time to time and compared himself to the dead San Bernadino mass shooter whom the FBI needed help unlocking his iPhone. I don’t think that would be someone that I would compare myself to. Source: The Register.
Does Amazon Have a Security Prob?
One report says that an Amazon customer was seeing mysterious fraudulent charges on his account and even after working with Amazon multiple times and resetting everything, the charges kept coming. After months, he found out that Amazon doesn’t have visibility to non-Amazon branded smart devices that are connected to your account (like a smart TV) and even if you reset your account, those devices can continue to connect and order stuff. There is a department inside the company that has a special tool that they can use to detect these rogue devices. If you are seeing mysterious charges that they can’t explain, this could be it. Source: The Register.