Tag Archive for: Dec.

Cyber Security Today, Dec. 8, 2021 – Microsoft, Google disrupt botnets and worrisome news about Emotet malware

/in


Microsoft and Google disrupt botnets, worrisome news about Emotet malware, and more.

Welcome to Cyber Security Today. It’s Wednesday, December 8th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

Some good news to tell you about:

Microsoft has disrupted the activities of a China-based hacking group. This comes after a U.S. court has allowed Microsoft to seize websites of the gang it calls Nickel. The sites were being used to attack organizations in 29 countries, including government agencies, think tanks and human rights organizations. This gang has been operating since 2016, sometimes by compromising a target organization’s VPN, stealing employee passwords by spear phishing or taking advantage of unpatched Microsoft Exchange and SharePoint servers.

Google said it has temporarily disrupted the command and control infrastructure behind a botnet of 1 million compromised Windows devices. It calls the botnet Glupteba. It’s been stealing victims’ passwords, hiding cryptocurrency miners on their computers and running other people’s internet traffic through their computers and routers. What makes this sophisticated botnet different from others is it defends itself with a blockchain-based system that retrieves backup domains through three bitcoin wallets. So Google is trying a long-shot: It’s suing two persons believed to be in Russia for operating the botnet in violation of U.S. law.

Sophisticated Russian-based threat actors allegedly associated with the Nobelium threat group, which was behind the SolarWinds Orion update compromise, have been spotted by researchers at Mandiant. In a report issued this week the company said it is seeing attacks against service providers to get into other organizations. In at least once instance a compromised VPN account was leveraged to get deeper into a company’s IT systems. In another case the attacker accessed the organization’s Microsoft 365 environment using a stolen digital session token. In some cases victims were hit after going to websites offering free or cracked software. Some victims who use smartphone-based multifactor authentication to protect their accounts were fooled by an attack that…

Source…

Ransomware attack strikes Nygard IT systems on Dec. 12, receiver company assessing impact

/in


Peter Nygard will ring in the new year behind jail bars, while the company in control of Nygard’s assets recovers from a ransomware attack that impacted dozens of computer servers linked to the Nygard IT system.

RCMP and Winnipeg police arrested Nygard on Dec. 14 in relation to a nine-count indictment in the United States accusing the 79-year-old of racketeering, sex trafficking and other related crimes. He is currently in custody at the Winnipeg Remand Centre.

While in court on Dec. 15, Justice Sheldon Lanchbery said Nygard would be held in jail until Jan. 13, 2021. But on Thursday, Nygard’s bail application was set for 10 a.m. on Jan. 6, 2021.

A total of 57 women have joined a class-action suit, filed in New York earlier this year, accusing Nygard of rape, sexual assault and human trafficking dating back to 1977.

The class action was put on hold in August after a judge presiding over the case in the Southern District of New York entered a stay of proceeding so that the FBI could complete its investigation, according to court documents. 

U.S. authorities asked Canada law enforcement to issue an warrant for Nygard’s arrest through the two countries’ extradition treaty. (YouTube)

The FBI is urging anyone who believes they are a victim of the sexual abuse perpetrated by Nygard to contact them at 1-800-225-5324.

No allegations have been proven in court.

Nygard IT system hacked

Richter Advisory Group Inc., the court-appointed receiver of Nygard’s assets, says Nygard IT servers were a victim of a ransomware attack, according to a court document dated Dec. 30.

Informanix — a third-party IT consultant hired to preserve digital records — and the Nygard IT staff were working to recover records and computer servers impacted by a November power outage in northwestern Winnipeg when they had to pivot to deal with a ransomware attack on Dec. 12.

The ransomware attack — a type of malware attack where the perpetrator locks and encrypts the victim’s data and demands payment to unlock and decrypt the data — compromised “certain electronic records, programs and IT infrastructure of the Nygard organization, including the debtors,” the court document says.

But “by…

Source…

Woburn Public Library events, Dec. 2-8

/in


Stock photo.

Registration is required for library events unless otherwise specified. To sign up, visit https://woburnpubliclibrary.org. The library is open 9 a.m.-9 p.m. Monday-Thursday and 9 a.m.-5:30 p.m. Friday-Saturday. The library is closed for cleaning 1-2 p.m. Mondays, Wednesdays, Fridays and Saturdays, and 4:30-5:30 p.m. Tuesdays and Thursdays.

The robots are here

Want to play with a robot? Come play with one of the library’s new Sphero balls. Drive it, program it, turn it into a disco ball, smash it into a wall — it’s designed to do what you want it to do. An easy beginner entry into the world of robotics, the library’s robotic Sphero balls offer an experiential learning opportunity.

Get your music on

Want to learn to rock those first three guitar chords? Or the harmonica solo from that Dylan song? Or the ukelele from “Over the Rainbow” for your friend’s wedding next year? Take advantage of the library’s free music lessons available through a partnership with ArtistWorks — from piano to French horn to hip hop scratch, with lessons taught by Grammy Award-winning professionals.

Adult events

Story Time for Parents: What is Dialogic Reading: 7-8 p.m. Dec. 8. Learn about Dialogic Reading — what it is, how it supports your child’s language development, increases vocabulary, engagement with books and other pre-literacy skills. Jodi will demonstrate how to incorporate dialogic reading and create a more engaging and interactive reading experience. Limit 20 families.

Source…

Baltimore Co. Public Schools cancel classes on Nov. 30 and Dec. 1 due to ransomware attack

/in


Baltimore County public schools will be closed, and distance learning canceled, on Monday, Nov. 30 and Tuesday, Dec. 1 due to a recent ransomware attack on the school district’s IT system.

Baltimore County public schools will be closed, and distance learning canceled, on Monday, Nov. 30 and Tuesday, Dec. 1 due to a recent ransomware attack on the school district’s IT system.

The school system’s offices will be open and staff will receive information about the upcoming week, according to a message posted on the district’s Twitter feed.

The attack was discovered on Wednesday, Nov. 25 and according to the county, investigators and school staff have been working through the Thanksgiving break trying to get the school’s system back on line.

The attack came shortly after a state audit revealed the school system’s vulnerability.

In spite of a long weekend of work, a tweet sent out on Saturday, Nov. 28 said the county’s schools will not be able to hold instruction at the start of next week.

Schools will distribute meals for students on Monday and Wednesday at over 300 locations.

The school system called it a “crisis” and thanked its constituents for their patience as they worked toward a resolution.

On Friday, a state audit showed the county had not safeguarded sensitive personal information, according to a story published by The Associated Press. The news of the audit came Tuesday, followed by the ransomware attack a day later.

Due to the coronavirus pandemic, 115,000 students are taking classes online. With the shutdown, they will not be able to receive instruction at the beginning of the upcoming week.

Like WTOP on Facebook and follow @WTOP on Twitter to engage in conversation about this article and others.

Get breaking news and daily headlines delivered to your email…

Source…