Tag Archive for: Sept

FEMA Continues Hurricane Fiona Response Efforts: Sept. 24 Updates

/in


WASHINGTON — On Sept. 21, President Joseph R. Biden, Jr. approved Puerto Rico Gov. Pedro Pierluisi’s request for an expedited major disaster declaration. That declaration now authorizes FEMA to provide individual assistance to survivors in 63 municipalities and public assistance and hazard mitigation in all 78 Puerto Rico municipalities.

Five additional municipalities were added to the declaration on Sept. 23, allowing eligible survivors in Arecibo, Barceloneta, Cabo Rojo, Loíza and Manatí to apply for federal assistance. We have teams on the ground conducting damage assessments and using data obtained from satellites to expedite our review. More municipalities may be approved for Individual Assistance as assessments are completed and adjudicated.

Survivors who live in the 63 declared municipalities can apply for federal assistance at www.DisasterAssistance.gov, by calling 800-621-FEMA (3362) or by using the FEMA App. Survivors using a relay service, such as a video relay service, captioned telephone service or others, can give the FEMA operator the number for that service. FEMA Disaster Survivor Assistance teams are in affected municipalities, conducting outreach and working to help survivors apply for assistance.

FEMA approved Critical Needs Assistance for disaster survivors who have immediate or critical needs because they are displaced from their primary dwelling. Immediate or critical needs are life-saving and life-sustaining items. This assistance is a one-time payment of $700 per household. Since declaration was approved, more than 168,000 survivors applied and FEMA has awarded $40 million as we continue to process applications.

FEMA is committed to making assistance available to all eligible applicants. The agency expanded the type of documentation needed to prove homeownership and occupancy, making it easier to apply for assistance. These include motor vehicle registrations, documentation from schools, federal or state benefit providers, social service organizations or court documents. Survivors with heirship properties, mobile homes or travel trailers who do not have the traditional documentation of ownership verification may also self-certify ownership.

Federal…

Source…

Cyber Security Today, Week in Review for Sept. 24, 2021

/in


Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday September 24th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

My guest commentator this week is Terry Cutler of Montreal’s Cyology Labs. He’ll be joining in a few minutes. But first a roundup of some of the bigger news from the past seven days:

Montreal-based voice over IP provider VoIP.ms struggled for much of the week with a sustained distributed denial of service attack that left customers across North America without phone service. This is one of the incidents Terry and I will discuss.

Another is the revelation that the FBI had penetrated the servers of the REvil ransomware gang this summer and got a decryption key that could have helped victim organizations. But instead of distributing the key the FBI held on to it for a couple of weeks because it hoped to take down the entire gang. Terry and I will discuss if that delay was justified.

We’ll also take a look at the misconfiguration by users of the EventBuilder platform for supporting webinars. Researchers discovered that information webinar attendees filled in when registering was left open on the internet. Hackers could have found and misused that data.

Ransomware attacks continue. The latest victims include two U.S. farming supply co-operatives. Crystal Valley had to shut its IT systems, preventing people from paying for grain. Earlier in the week NEW Cooperative was hit, with a reported ransom demand of almost $6 million. The BlackMatter ransomware gang reportedly threatened to double the ransom if the co-op continued to refuse to negotiate.

Separately, a cybersecurity firm that has assembled a database of stolen login credentials being marketed over the years by cybercrooks says over 600 of the credentials on its list apparently were from current or former NEW Cooperative employees. One popular password used by 120 staff was ‘chicken1.’ That password is logical – although a security risk – when you realize poultry feed is one of NEW Cooperative’s big products. It isn’t known if a bad password helped the NEW Cooperative ransomware attack.

Coincidentally, a cybersecurity…

Source…

Cyber Security Today, Week in Review for Sept. 17, 2021

/in


I’m Jim Love, CIO of IT World Canada, sitting in today for Howard Solomon. With me to discuss some of the news is Dinah Davis, Kitchener, Ont., based-vice president of research and development and Arctic Wolf.

But first, before we get to that, a quick look at some of the headlines and the stories Howard has been covering for the past seven days:

 

Many employees working from home see cybersecurity as a hindrance, according to a survey. And they admit that they’re trying to bypass security controls. That’s one of the topics Dinah and I will discuss. Another is a report showing that password brute force or vulnerability exploitation are still leading ways organization’s environments are being compromised.

Apple users should update their devices as soon as possible because the company has issued security patches for two serious vulnerabilities. One of them was discovered by the University of Toronto’s Citizen Lab, and was allegedly used to compromise the devices of activist reporters. Threat actors are also using a Linux version of the Cobalt Strike hacking tool. This means IT teams with Linux infrastructure have to worry about detecting the signs of this tool before the malware gets installed. And lastly, researchers discovered an unsecured database open to the internet with 61 million records from wearable fitness devices that apparently belong to an American application developer.  That company’s website has been offline since the news broke.

(The following is an edited version of my talk with Dinah Davis. To hear the full conversation play the podcast.)

Jim: I’ve been dying to ask you one question since I’ve met you: Where did the name Arctic Wolf come from?

Dinah: We have two founders at Arctic Wolf, one based in Canada — Kim Trombley — and one based in the U. S. — Brian Naismith. At the time most of the employees were going to be in Canada. They had a few criteria for figuring out what the name could be. One was that they wanted it to start with an ”A” so that anytime things were listed alphabetically we would be at the top. They floated a few different animal names — I don’t know why, I guess they liked animals – and Arctic Wolf stuck….

Source…

Cyber Security Today, Sept. 13, 2021 – The REvil ransomware gang is back, a new botnet is discovered and Formbook malware rises

/in


The REvil ransomware gang is back, a new botnet is discovered and Formbook malware rises.

Welcome to Cyber Security Today. It’s Monday September 13th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

Bad news on the ransomware front: The REvil ransomware gang is definitely back. There was some uncertainty about that last week when after two months of silence the data leak and payment websites of the gang were re-activated. No new victims were listed at that point. However, on Saturday the Bleeping Computer news service reported the gang has published screenshots of stolen data of a new victim. Why the gang was away isn’t clear. Some security researchers suspected that REvil was worried about being tracked by police after news spread internationally of its attack on Kaseya during the summer. A post on a criminal website suggested the gang worried that one of its members had been arrested, so it turned its servers off. A more recent post claimed the gang just wanted a break. It doesn’t matter. No matter who the gang is IT and security leaders have to be ready for ransomware attacks.

A new botnet that launches huge denial of service attacks has been discovered. A Russian cybersecurity firm called Qrator and the Yandex search engine believe more than 200,000 compromised network devices such as routers, gateways and switches are involved. One of the victims was Yandex. Dubbed the Meris botnet, many of the compromised devices are manufactured by a Latvian company called MikroTik. MicroTik says many of the devices were compromised in 2018 when its RouterOS operating system had a vulnerability. That vulnerability was quickly patched. But MikroTik says device operators have to change their passwords as well as apply the patch. On the other hand the Qrator/Yandex report says many of the compromised devices have newer versions of the MikroTik operating system.

A denial of service attack is like someone pounding on a company’s front door, except the front door is a website. Crooks launch denial of service attacks on victim companies to make their websites unavailable, then demand payment to stop. Huge attacks by this botnet have been launched…

Source…