Security News for the Week Ending November 12, 2021
Feds Having Some Success In Going After Hackers
The DoJ announced the arrest of a Ukrainian who is accused of deploying ransomware on behalf of the REvil ransomware gang. They also seized $6 million in cryptocurrency. The Ukrainian was arrested in Poland (crooks are not smart. If you are in the crosshairs of U.S. law enforcement, do not go to countries with extradition treaties with us. They also arrested other REvil affiliates in Romania and Kuwait. Understand while this is all good, it is also a drop in the bucket with regard to the amount of cybercrime affecting us. Credit: Bleeping Computer
State Department Sends Emergency Employee Message: Change Passwords
On Tuesday afternoon the State Department sent out an official text message to employees telling them to change passwords now and increase the length from 12 to 16 characters. They are not even confirming the message but the only logical conclusion is that they were hacked. Credit: Just the News
Missouri Apologizes for Governor’s Political Stunt
After the St. Louis newspaper discovered that a state website that allows the public to check on teachers’ credentials was leaking the personal information of hundreds of thousands of teachers, the governor tried to get the newspaper and the reporter arrested and charged with hacking. He even ordered the highway patrol to investigate the crime. Now the state’s department of education is apologizing to the teachers and offering them credit monitoring. The governor said that the newpaper’s hacking was going to cost the state $50 million. Turns out the cost is really $800,000. And the highway patrol is still investigating. The Governor has not apologized. Credit: ZDNet
Dutch Newspaper Accuses US Spy Agency of Orchestrating 2016 Booking.com Breach
Booking.com was hacked in 2016 and they did not disclose the breach. The newspaper says that Booking.com relied on advice from law firm Hogan Lovells saying they did not have to disclose it. The hackers came across a poorly secured server with customer PINs which allowed them to steal the information. The company asked the Dutch spy agency for help after an internal investigation tied the hacker to US spy agencies. The company acknowledged that it did not disclose the breach and that was consistent with the laws in effect at the time. This hack looks very similar to an attack that Snowden disclosed eight years ago. Credit: The Register
13 Security Bugs Impact Important Healthcare Devices
Researchers have published details of a suite of 13 vulnerabilities in the Nucleus real time operating system from Siemens that is used across many industries including healthcare, automotive and aerospace. Called Nucleus:13, the flaws affect the TCP/IP stack, a common attack vector in these type of operating systems. This revelation is part of a larger investigation into TCP/IP software which discovered 78 vulnerabilities in 14 different TCP/IP stacks. A different research team found 19 flaws in a different TCP/IP stack. Siemens has released patches for the current versions of the OS, but there is no way for an end user to know what version is in their medical device – that is until software bills of material become legally mandatory. Credit: Bleeping Computer