Posts

Election security experts: Pa. GOP trying to play ‘Russian roulette’ with voters’ personal info

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360




  • Katie Meyer/WHYY

As Pennsylvania Republicans have taken steps toward an unprecedented review of the 2020 presidential election and 2021 primary, election and data security experts say their methods — and the clear partisan motivation behind them — are concerning.

A little-used Senate committee controlled by Republicans voted this week to issue a subpoena ordering Pennsylvania’s Department of State to deliver a long list of voter data and other records.

It includes a mix of publicly available and private information: specifically, all registered Pennsylvania voters’ names, dates of birth, and addresses, as well as the last four digits of their social security numbers, driver’s license numbers, and dates of their last voting activity.

They also want all communication records between the Pennsylvania DOS and county officials between May 2020 and 2021, all the directions, policies, and guidance the state had in place related to elections and voting between August 2020 and June 2021, and all election worker training materials used between August 2020 and May 2021.

Most of that information is already available to the public. State communication records are…

Source…

‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of privacy and security issues

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Itel, DEXP, Irbis, and F+ mobile devices put under the microscope

Researchers discover numerous security and privacy issues after analysing Russian cellphones

Many push-button phones on sale in Russia contain backdoors or trojans, a security researcher claims.

According to Russian researcher ‘ValdikSS’, some cellphones are automatically sending SMS messages or transmitting online the fact that the device has been purchased and used, among other issues.

Get the message

As outlined in a technical blog post (Russian language), some models were found to contain a built-in trojan that sends paid SMS messages to short numbers, transmitting text that is downloaded from the server. Others were said to have a backdoor that forwards incoming SMS messages to an unknown server.

ValdikSS says he discovered the issue while considering swapping the USB modems he used to receive SMS messages for phones, as these were cheaper and are capable of taking up to four SIM cards each.

“The research begun due to unexpected behavior of the phone – it sent SMS by itself,” he tells The Daily Swig.

Russian push-button phonesOf the five Russian push-button phones tested, only one was said to be ‘clean’

He then tested a number of push-button models, including the Inoi 101, DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

And, he found, some of the phones were not only transmitting IMEI and IMSI numbers for the purposes of tracking sales, but also contained a trojan that sends SMS messages to paid short numbers, after downloading the text and number from a server via the internet.

Finally, a backdoor was found that intercepts incoming SMS messages and forwards them to the server, potentially allowing an attacker to use the phone’s number to register for services that require confirmation via SMS.

Read more of the latest mobile security news

“I was very confused when [a] DEXP SD2160 phone tried to send premium SMS to the number and with the body loaded from its server on the internet,” he says.

“The device, initially manufactured in 2019, was being sold by one of the largest electronic stores in June 2021, with lots of negative reviews in the same store’s website, and they didn’t recall it from sales.

“I’ve watched it to do all the nasty stuff in real time on my GSM…

Source…

New ransomware attacks by Russian hackers highlight cybersecurity challenges

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


NBC News reported On Friday, “According to cybersecurity firm Huntress Labs, successful ransomware attacks on a single company have spread to at least 200 organizations, making them one of the largest criminal ransomware ever.” NS Washington post Later, he said the attack affected more than 1,000 companies.

according to Forbes, A group of Russian-speaking hackers Claim Responsible for a major ransomware attack and demanded $ 70 million in Bitcoin to recover corporate data.

Faced with these Increase in cyber attacksBusiness leaders continue to face major challenges that make it difficult for businesses to respond to cyber-related crises.

Cyber ​​vulnerabilities and trends

on Wednesday, cobalt Their release Annual report We investigated corporate cyber vulnerabilities and identified trends and risks affecting the cyber security community.Data was collected from the company’s own platform to connect to Ethical hacker According to organizations that need security testing and need to help find and fix security vulnerabilities. Caroline Wong, Cobalt Chief Strategy Officer.

“Unfortunately, the hottest cyberattacks that have occurred in the last few years—Equifax, Solar wind, Colonial pipeline, JBS — It’s not fundamentally different from the types of attacks observed over the last few decades, ”says Wong.

She states: “The first ransomware attack occurred in 1999. The cybersecurity industry knows how to discover, fix, and prevent the occurrence of this type of problem. NS National Vulnerability DatabaseWas created in 2000 and contains over 150,000…

Source…

Russian Intelligence Agencies Relying on ‘Bruce Force’ to Hack America

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Recently, the U.S. and British intelligence communities issued an advisory uncovering the “Brute Force” cyber techniques used by the Russian GRU intelligence agency against hundreds of Western government and private targets. These revelations come in the wake of months of successive cyberattacks against American and European targets, including the SolarWinds, which saw Russian and Chinese hackers gain access to U.S. government systems, and Colonial Pipeline, which interfered with the flow of fuel on America’s East Coast this past May.

According to the Intelligence Community, the GRU cyberattacks started from the middle of 2019 and are likely still ongoing, with the GRU’s 85th Main Special Service Center (GTsSS) unit 26165 identified as the main perpetrator behind the attacks. The goal of this cyber warfare campaign is to access protected and classified databases in order to purloin information, but also to pave the way for future breaches.  

The advisory is a joint product of the U.S. National Security Agency (NSA), the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the British Government Communications Headquarters (GCHQ), the U.K.’s signals intelligence agency. 

Related: America needs new covert options for Great Power Competition

KGB Reloaded: Russian Intelligence

The Russian intelligence apparatus is composed of four main agencies.

The SVR (Sluzhba vneshney razvedki Rossiyskoy Federatsii) is the external intelligence agency that focuses on foreign intelligence collection and is often compared to America’s CIA. While not entirely accurate, the comparison is somewhat apt.

The FSB (Federal’naya sluzhba bezopasnosti Rossiyskoy Federatsii) is the internal security and counterintelligence service that focuses on domestic intelligence, and is roughly the equivalent of America’s FBI.

The GRU (Glavnoje Razvedyvatel’noje Upravlenije) is the military foreign intelligence service that commands the Spetsnaz special operations units and a very rough equivalent of the U.S. Defense Intelligence Agency (DIA) and the Joint Special Operations Command (JSOC).

Finally, the FSO (Federalnaya sluzhba okhrany) protects the Russian president but also…

Source…