Tag Archive for: Jan.

Cyber Security Today, Jan. 10, 2024 – Vulnerabilities found in internet-connected factory torque wrenches

/in


Vulnerabilities found in internet-connected factory torque wrenches.

Welcome to Cyber Security Today. It’s Wednesday January 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Anything that connects to an IT network can have software vulnerabilities. The latest example: WiFi connected pneumatic torque wrenches used by car manufacturers. According to researchers at Nozomi Networks, the vulnerabilities they found in a Bosch Rexroth wrench could let a hacker plant ransomware that would spread across a network. Or the holes could let an attacker alter a wrench’s tightening controls and affect the safety of products. A manufacturer using compromised devices could be extorted by a hacker, and sued by customers. The vulnerabilities are in the device’s Linux-based operating system. The wrench connects to a wireless network so it can be remotely programmed. The lesson: Makers of any internet-connected device have to continuously scrutinize their code for vulnerabilities.

Microsoft SQL database servers in the U.S., Europe and Latin America are being targeted by a threat actor. According to researchers at Securonix, the gang either sells access to compromised servers or plugs them with a strain of ransomware called Mimic. This particular gang has been ramming their way into servers through brute force attacks, which are preventable. Then they leverage a command to create a Windows shell, a command that is supposed to be disabled by default. Among the lessons from this attack: Don’t expose critical servers to the internet — and if you have to, protect them with security like a virtual private network. And IT should always be watching for the creation of new local users on servers and other endpoints.

An American judge has sentenced a Nigerian man to 10 years and one month in prison and ordered him to pay almost US$1.5 million in restitution for conspiring to launder money pulled from internet fraud schemes. The 33-year-old man worked directly with the Nigeria-based leader of an international criminal organization to defraud individuals and businesses across the U.S. He was convicted last August by a…

Source…

Pentagon Intelligence Analyst Stormed the Capitol on Jan. 6

/in


In 2018, a newly hired software engineer at a defense and intelligence contractor in the Washington, D.C., suburbs was assigned to a team led by a senior developer named Hatchet Speed.

At first, the new engineer, Richard Ngo, got along well with Speed. They sometimes went out to lunch together and socialized away from the office. “Speed was my mentor at Novetta as the software lead,” Ngo later said in court testimony. “We worked together every day.”

But after the insurrection at the U.S. Capitol on January 6, 2021, Ngo noticed that Speed, a longtime Navy reservist who had deployed to Iraq and Afghanistan as an intelligence analyst and held other sensitive cyber and intelligence posts in connection with Naval Special Warfare units, seemed to be changing. Ngo had always known that Speed was a gun enthusiast, but after the Capitol riot, he became more openly anti-government than he had ever been before. “He was just frustrated with just how everything was going,” Ngo testified, adding that Speed was “panic-buying” guns.

What Ngo didn’t realize was that Speed, who had legally changed his first name from Daniel to Hatchet in 2007, according to Utah court records, had been an apocalyptic far-right extremist long before January 6.

No investigation has been conducted to determine whether Hatched Speed compromised classified information.

In fact, Hatchet Speed was a self-described member of the Proud Boys working deep inside the U.S. intelligence community. He joined other Proud Boys members to storm the Capitol on January 6, but he got away undetected and continued to work in sensitive jobs in the months after the insurrection, even as he amassed a huge arsenal of weapons and began to think about kidnapping Jewish leaders and others he considered an existential threat. He wasn’t arrested until 18 months after the insurrection, and no investigation has been conducted to determine whether he compromised classified information, a Navy spokesperson said. Officials at the Office of the Director of National Intelligence declined to comment on any possible damage to U.S. intelligence resulting from Speed’s decadeslong access to classified information.

A spokesperson for…

Source…

Digest of Recent Articles on Just Security (Jan. 14-20) – Just Security

/in



Digest of Recent Articles on Just Security (Jan. 14-20)  Just Security

Source…

Cyber Security Today, Jan. 11, 2023 – Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released

/in


The debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released.

Welcome to Cyber Security Today. It’s Wednesday, January 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Another entry in the debate on whether ransomware attacks are going up or down has been issued. Last week researchers at Emsisoft said the truth in the U.S. is hard to figure out because so many attacks aren’t publicly reported. This week researchers at Delinea released a report saying a survey it paid for suggests ransomware last year was down significantly over 2021. Of the 300 American IT decision-makers surveyed, 25 per said they were victims of ransomware in 2022. By comparison, 64 per cent of respondents said their firm was hit in 2021. Respondents also said budgets for ransomware defence dropped last year, although that could be because IT leaders are folding defences against ransomware with defences against all types of cyber attacks. More worrisome, the number of companies with incident response plans dropped to 71 per cent last year from 94 per cent in 2022. There’s a link to the full report in the text version of this podcast.

Threat actors are known for installing back doors on victims’ IT infrastructure to enable their attacks. That’s why scouring an entire IT environment is vital after a successful breach of security controls to make sure back doors aren’t left around. The latest example comes in a report from researchers at U.K.-based S-RM Intelligence. It looked into an attack by the Lorenz ransomware gang. The gang exploited a vulnerability in an organization using Mitel’s VoIP phone system. However, it was able to do that by using a backdoor that had been installed five months before the ransomware was launched. One theory is an initial access broker compromised the victim’s IT infrastructure and installed the backdoor, then notified the Lorenz group. Whatever the explanation, it’s another example of why continuously searching for backdoors as well as patching vulnerabilities is essential.

Ransom demands linked to denial of service attacks aren’t talked about a lot. However,…

Source…