More from: dark reading

From Russia with Love? Your Home Firewall may be spying on you.

There was a concern when electric meters were modernized to allow remote reading that the meters were really being modified by insidious dark forces to  spy on homeowners. There was even a joke that went something like:

My wife asked me why I was carrying my gun around the house. I told her “Decepticons”. She laughed. I laughed. The toaster laughed. I shot the toaster. Good times.

There is a lot of truth in humor: sometimes more than we want to admit.

The router brands that almost everyone uses to connect to their Internet utility could now be part of a widespread hacked Internet of Things (IoT) network known as VPNFilter. For now it is thought to be targeting Ukraine but there are over half a million hijacked routers so far. The hack installs itself and cannot be removed by rebooting the router. This is a VERY GOOD REASON to change your old LinkSys router to use the (free) OpenWrt Project instead of the factory supplied LinkSys OS and deny access to control the router from outside your LAN. At the least, you can read up on the OpenWRT project web site to understand more about how software is installed in your router, and how to restore your router to its factory original state.

People install OpenWrt because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.

This just in email from DarkReading.com

More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon

So far, the infected devices that make up the backbone of VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link home routers and QNAP network-attached storage (NAS) devices.

Cisco stopped short of naming Russian state-sponsored hackers as the attackers behind VPNFilter, but also didn’t rule it out, especially with the BlackEnergy connection and Ukraine-specific attack network. “The code overlap we saw was an exact copy, including even an error,” Williams says.

The entire article can be found at https://www.darkreading.com/threat-intelligence/destructive-vpnfilter-attack-network-uncovered/d/d-id/1331886


Dark Reading was good today

Dark Reading was good today. Several interesting tid bits. Suggest that you check it out at http://www.darkreading.com/

Accused LinkedIn, DropBox Hacker Appears in US Court After Diplomatic Battle

In the Czech Republic since October 2016, Yevgeniy Nikulin had requested asylum there after warrants for his arrest were issued by both Russia and the US. The Czech government denied his bid for asylum and turned him over the US, where he appeared in a federal courtroom on Friday morning.

Nikulin, the Russian hacker accused of being responsible for breaching DropBox and the 2012 LinkedIn attack that saw 117 million passwords stolen, has been extradited to the US in a process that has implications for the larger relationship between the US and Russia.  https://www.darkreading.com/attacks-breaches/accused-linkedin-dropbox-hacker-appears-in-us-court-after-diplomatic-battle/d/d-id/1331413

The Cybersecurity Mandates Keep On Coming

With threats more complex than ever, and with more data to protect and more technologies touching that data, more cyber regulation is bound to happen. The questions are How can a company possibly keep up, and Are we safely in compliance? https://www.darkreading.com/risk/compliance/the-cybersecurity-mandates-keep-on-coming/a/d-id/1331366

Microsoft Rushes Out Fix for Major Hole Caused by Previous Meltdown Patch

While fixing an obscure potential vulnerability, they created a real hack vector! Don’t cha jus’ luv high tech?

Chris Goetti, director of product management at Ivanti, says … “When Microsoft issued a fix for Windows 7 and Windows Server 2008, they made a mistake and ended up opening up read and write access in RAM so anybody could access anything in memory and write to it,”

Cautions Jack Danahy, CTO and co-founder of Barkly. “This is an easy-to-exploit zero-day vulnerability and a much more probable attack vector that the original problem that Microsoft was trying to correct. … Microsoft accidentally distributed a new zero-day vulnerability of their own design.”

Microsoft has rushed out an out-of-cycle security patch to address problems created by what were supposed to be fixes for the Meltdown vulnerability that it had previously issued for 64-bit Windows 7 and Windows Server 2008 systems. https://www.darkreading.com/attacks-breaches/microsoft-rushes-out-fix-for-major-hole-caused-by-previous-meltdown-patch/d/d-id/1331415#


Ransomware

locked-computer-cartoonIn an ideal world, all people would be informed, intelligent, and there would be no sociopaths. But in reality computer users are not normally technically adept: to them their computer is just a thing they use to get work done or for entertainment, and they treat it like a radio, television, or coffee maker. In a real work environment, until something really bad happens, people use Windows XP ten years after Microsoft stopped supporting it, never apply updates as ‘they are too annoying’ and ‘people are busy’, and they click on everything just to see what happens. Readmore..