News from the World of Computers
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
Though I am retired I am still on mailing lists for things related to my old career. Today my in-basket included links to:
"Feds Indict Hacktivist Behind Verkada Surveillance Camera Breach"
"GAO: Electrical Grid's Distribution Systems More Vulnerable"
"America’s Drinking Water Is Surprisingly Easy to Poison"
2020 will be remembered for the pandemic. What might 2021 be remembered for?
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
"America’s Drinking Water Is Surprisingly Easy to Poison"
I hate when they give terrorists ideas like that.
I don't know about a baby boom, but the baby bust will probably end this year.
_________________
ND: 123/200, NT: 93/200, Aspie/NT results, AQ: 34
-------------------------------------------------------------
Fight Climate Change Now - Think Globally, Act locally.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
"Major US pipeline halts operations after ransomware attack"
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
Yahoo! News: "USA TODAY: The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds."
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
FBI: "FBI Statement on Incident Involving Fake Emails"
Seeing as how the press release says their computers have been hacked it is confusing to know whether or not we should believe the press release was written by the FBI...though, I suppose, the news release would seem to be correct no matter whether the FBI posted it or hackers who are using the FBI's computers.
The Hindu: "Hackers compromise FBI servers, send messages"
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
DARPA: Subterranean Challenge
DARPA: "Team CERBERUS and Team Dynamo Win DARPA Subterranean Challenge Final Event"
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Seeing as how the press release says their computers have been hacked it is confusing to know whether or not we should believe the press release was written by the FBI...though, I suppose, the news release would seem to be correct no matter whether the FBI posted it or hackers who are using the FBI's computers.
The Hindu: "Hackers compromise FBI servers, send messages"
Whether it was "hacked", or not is an interesting question:
Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from [email protected] with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.
But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.
Until sometime this morning, the LEEP portal allowed anyone to apply for an account. Helpfully, step-by-step instructions for registering a new account on the LEEP portal also are available from the DOJ’s website. [It should be noted that “Step 1” in those instructions is to visit the site in Microsoft’s Internet Explorer, an outdated web browser that even Microsoft no longer encourages people to use for security reasons.]
Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from [email protected] with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.
But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.
“Basically, when you requested the confirmation code [it] was generated client-side, then sent to you via a POST Request,” Pompompurin said. “This post request includes the parameters for the email subject and body content.”
Pompompurin said a simple script replaced those parameters with his own message subject and body, and automated the sending of the hoax message to thousands of email addresses.
Source: https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/
It looks like the "hacking" consisted of altering the information a website sent to the browser of the person accessing the site when filling out a form, and them simply submitting that altered information, with no "unauthorised" access to systems.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
Oooh...now some light bulbs are security risks!
"Smart light bulbs could give away your password secrets"
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
"Thousands of remote IT workers sent wages to North Korea to help fund weapons program, FBI says"
The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.
Court documents allege that North Korea’s government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office.
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
North Korea, again...
"North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks"
But let's not forget Iran...
"Federal government investigating multiple hacks of US water utilities"
One of the breaches made headlines Saturday after the Tehran-linked Cyber Av3ngers group claimed responsibility for hitting a water authority in Pennsylvania. In total, the government is aware of and examining a “single digit” number of facilities that have been affected across the country, according to the two people who were granted anonymity to discuss details that had not yet been made public.
None of the hacks caused significant disruption, according to the individuals, while cyber experts familiar with the Pennsylvania incident say the activity appears designed to stoke fears about using Israeli devices.
Washington has been bracing for increased cyber breaches from Iran since the latest conflict broke out between Israel and the militant group Hamas, which Tehran has long supported. It also comes amid a spate of recent drone and rocket attacks on American troops in the Middle East, conducted by Iranian proxy groups.
Water facilities in general are a particularly vulnerable part of U.S. infrastructure, often due to a lack of funding and personnel for the issue at smaller utilities. The Biden administration has sought to address this problem, including through expanding partnerships with private organizations involved in the water sector.
This, however, might just be some "entrepreneur"....
"Cyber-attack closes hospital emergency rooms in three US states"
Ardent Health, which oversees 30 hospitals in states across the US, including New Mexico, Texas and Oklahoma, said it had been targeted by a ransomware attack over the Thanksgiving holiday. The attack had shut down a significant number of its computerized services, the company said in a news release.
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
"Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks"
The Cybersecurity and Infrastructure Security Agency (CISA) said it is responding to the active exploitation of Unitronics programmable logic controllers (PLCs) used by many organizations in the water sector.
CISA linked the advisory to a notice from the Water Information Sharing and Analysis Center (WaterISAC) about an attack on a water utility in Pennsylvania reported November 26.
Another water utility serving 2 million people in North Texas said Tuesday that it is also dealing with a cybersecurity incident that caused operational issues, but officials did not say if it was related to issues with Unitronics PLCs.
CNN reported late last week that CISA told Senate and House staffers on Thursday that “less than 10” water facilities in different parts of the US have faced cyberattacks in recent days.
"FEMA chief 'very concerned' about disinformation from U.S. adversaries after disasters"
Driving the news: She pointed to misinformation and disinformation spread by nation-state actors — namely, China and Russia — following this year's devastating fires in Maui and train derailment and chemical spill in East Palestine, Ohio.
"Recent Chinese Cyberattacks Aim To Cause ‘Societal Chaos’ In U.S.: Report"
The hacks appeared to be made with an intention toward some future action rather than disrupting systems in the moment and suggest that the People’s Liberation Army of China is testing its and the United States’ capabilities in case hostilities break out over Taiwan, experts told The Washington Post.
One of the agencies responsible for monitoring and combating foreign cyber threats is the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security.
“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” CISA executive director Brandon Wales told the Post. “That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
Dubbed the “Mother of All Breaches,” the massive leak revealed 26 billion records — including popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter — in what experts are calling the biggest leak in history.
The compromised data includes more than just login credentials, according to experts. Much of it is “sensitive,” making it “valuable for malicious actors,” per Cybernews, which first discovered the breach on an unsecured website.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers, comprised of cybersecurity expert Bob Dyachenko and the team at Cybernews, explained.
Cybernews’ head of security research Mantas Sasnauskas told the Daily Mail that “probably the majority of the population have been affected.”
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Charlemania
Pileated woodpecker
Joined: 22 Jan 2024
Age: 67
Gender: Female
Posts: 177
Location: Cleveland Ohio
My stress-reduction project takes yet anorher hit
_________________
In destinies sad or merry, true men can but try.
~Sir Gawain and the Green Knight
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
"DOJ disrupts Chinese hacker effort to use malware to hijack US-based routers"
Through a court-authorized operation launched last month, U.S. officials say they were able to dismantle the botnet by removing the malware inside the U.S.-based victim routers and also took further steps to prevent the routers from being reinfected.
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Double Retired
Veteran
Joined: 31 Jul 2020
Age: 70
Gender: Male
Posts: 6,239
Location: U.S.A. (Mid-Atlantic)
"A criminal actor is to blame for a dayslong cyberattack on a Chicago hospital, officials say"
Officials at Lurie Children's Hospital said Thursday that they are still working with the FBI and other law enforcement but told reporters that a “known criminal threat actor” had accessed the hospital's network.
The hospital shut down its own systems for phone, email and medical records once the breach was discovered on Jan. 31, officials said.
“We take this matter very seriously and have been working closely around the clock with outside and internal experts and in collaboration with law enforcement, including the FBI,” said Dr. Marcelo Malakooti, Lurie's chief medical officer. “This is an active and ongoing investigation.”
The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials have not confirmed or denied the cause. Such extortion-style attacks are popular among ransomware gangs seeking financial gain by locking data, records or other critical information, and then demanding money to release it back to the owner.
Charlemania—This should only make you concerned if you rely on an organization that uses computers
_________________
When diagnosed I bought champagne!
I finally knew why people were strange.
Similar Topics | |
---|---|
bad at computers |
18 Nov 2024, 11:04 pm |
Why do people recommend working in IT/Computers for Aspies? |
21 Nov 2024, 10:26 am |
Some good news... |
24 Nov 2024, 8:32 pm |
Mirror life research in the news |
Yesterday, 2:28 pm |