Tag Archive for: Including

Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark

/in


In the summer of 2019, school Superintendent Devin Embray learned the Glenwood District in Mills County, Iowa, was being held hostage by foreign ransomware attackers.

The hackers encrypted student data that included schedules, contact information and demographic information, making it inaccessible to the school’s administrators, Embray said. They demanded $130,000 worth of cryptocurrency from the school district to unlock the data.

Glenwood paid $10,000 in ransom.

“There was really nothing we could do on our end,” Embray said.

The 2019 Glenwood attack was one of the first known examples of a surge in ransomware attacks on Iowa schools. While Glenwood chose to publicly acknowledge it, many schools targeted by cybercriminals do not.

Most ransomware attacks go unreported and communities are left in the dark about what may have happened to their private information and their taxpayer dollars.

People are also reading…

When the Davenport School District was targeted in September, school officials said they thought they were dealing with computer-server glitches as the district’s internet, phone and email systems experienced disruptions.

Later in the month, signs of a cyber invasion became more evident, but the district declared it had “thwarted” an attack.

A data-extortion group known as “Karakurt” has since claimed to have stolen huge amounts of personal data from the Davenport district. Though the attack first was detected in early September, state officials were not notified of the breach until the end of October.

In early November, a district spokesman first acknowledged the hackers had demanded a ransom, but the district did not pay.

Schools advised how to handle attacks

Increased ransomware attacks bring steep insurance costs, rigorous requirements to qualify for insurance and, in some cases, disruptions in students’ education.

Aaron Warner, CEO of ProCircular, a…

Source…

Keyless hack can unlock and start cars — including Teslas

/in


Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.

A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.

By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.

The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.

A…

Source…

Sen. Michael Bennet Proposes Commission To Oversee Digital Platforms Including Social Media – CBS Denver

/in


DENVER (CBS4) – In hopes of furthering the trust and security of the general public on the internet, Senator Michael Bennet has proposed legislation that would create a commission to oversee businesses operating on the internet. Bennet, the senior senator from Colorado, said the proposal comes as a way to assure some of the most powerful companies in the world are operating in the best interest of the American people.

(credit: CBS)

As of now, Bennet is the sole sponsor of the bill. He proposed creating a “Digital Platform Commission” which would operate and oversee companies using the internet much like how the Food and Drug Administration oversees the country’s guidelines when it comes to pharmaceuticals.

Bennet told CBS4’s Dillon Thomas the commission would help prioritize and balance free speech, national security and mental health.

“Our advisories are infiltrating social media platforms in the country,” Bennet, a member of the Senate Intelligence Committee, said.

(credit: CBS)

In an interview with CBS4, the senator said the commission would oversee regulations and guardrails for big tech companies, including but not limited to platforms like Facebook, YouTube, Google, Amazon, Twitter and TikTok. While social media companies are behind many of the concerns some Americans have, Bennet said the commission would have oversight of American internet regulations.

Section 230, a law that was created in the 1990s, is one of the most debated federal laws when it comes to the powers given to major websites. The law largely gives immunity to companies for content uploaded by third parties. While Bennet said he believes Section 230 should potentially be revised, he felt the commission was a separate step that could be taken to further protect American interests.

“We have had basically completely unregulated social media platforms. These companies aren’t startups anymore. They are some of the most important and dominant companies in America,” Bennet said.

Bennet hoped the development of a five-person commission, made up of technology experts from differing parties and backgrounds, would help the country take action toward regulating big tech instead of allowing other…

Source…

OpenBSD 7.1 released, including Apple M1 support • The Register

/in


The OpenBSD Project has released version 7.1 of its eponymous OS for 13 different computer architectures, including Apple’s M1 Macs.

OpenBSD is the security-focused member of the BSD family. Project leader Theo de Raadt co-founded the NetBSD project in 1993, but after disagreements with other core team members, he left and forked the NetBSD 1.0 codebase, releasing OpenBSD 1.2 in 1996. As a generalization, OpenBSD focuses on robustness and security, NetBSD focuses on supporting as many different platforms as possible, and FreeBSD focuses on providing a rich modern OS for the most popular platforms.

Version 7.1 is the 52nd release since then, in which time only two remote holes have been found in the default installation.

As with Linux distros, it’s hard to measure usage numbers, but according to surveys such as BSDstats both it and NetBSD trail fairly distantly behind FreeBSD in popularity – then again, installing a data-collecting survey app is the kind of behavior one might expect an OpenBSD user to assiduously avoid.

It supports a surprisingly wide range of hardware: x86-32, x86-64, ARM7, Arm64, DEC Alpha, HP PA-RISC, Hitachi SH4, Motorola 88000, MIPS64, SPARC64, RISC-V 64, and both Apple PowerPC and IBM POWER. Notably, “Support for Apple Silicon Macs has improved and is ready for general use.”

The Reg FOSS desk ran up a copy in VirtualBox, and we were honestly surprised how quick and easy it was. By saying “yes” to everything, it automatically partitioned the VM’s disk into a rather complex array of nine slices, installed the OS, a boot loader, an X server and display manager, plus the FVWM window manager. After a reboot, we got a graphical login screen and then a rather late-1980s Motif-style desktop with an xterm.

It was easy to install XFCE, which let us set the screen resolution and other modern niceties, and there are…

Source…