Friday, August 16, 2019

Windows 10 has two new wormable vulnerabilities, fixed with the Aug 14 update


Windows 10 has two major vulnerabilities which the update on Aug. 14 (automatically scheduled) fixes, various sources report.  These vulnerabilities could apparently be unleased with no user action (like clicking on links in emails). Apparently these also apply the the Creators' Update series. 

  
Microsoft describes them as “wormable vulnerabilities in Remote Desktop Services” (CVE-2019-1181/1182).  The problem does not occur in early Microsoft operating systems (7 and 8). 

Thursday, August 01, 2019

Could hackers cause a highway 9/11 event?


Gannett’s Detroit Free Press reports on vulnerabilities that could lead to sudden mass road casualties from a foreign attack on Internet-connected vehicles, especially Jeep Cherokees, story by Eric D. Lawrence.  

  
This is backed up by a Consumer Watchdog report which advocates giving motorists a kill switch.  

My own Ford Focus is not Internet connected as far as I know. 

Tuesday, July 16, 2019

Banks are now experience smart phone sms phishing attacks (breaking SSL) looking for phone PII



There seems to be a new phishing attack using SMS messages rather than email, targeting customer bank and investment accounts.
  
A lot of this is rather recent, but the Better Business Bureau has a typical explanation
  
Tonight, when I logged on to Wells Fargo, I noticed such a message about fifteen minutes later.  I thought it might be related to a long list of payments or maybe checking a secondary annuity site. 

Later I noticed that the message had come at exactly the same time as my first access. The point of such an attack is obscure;  it would make sense only if I carried a lot of data on my phone and I don’t.


If the hacker already had my cell phone, or already had access to the account “they” could have messaged me exactly as I logged in. This implies they were the man in the middle, which shouldn't happen in a bank's SSL environment.  Fortunately, I have relatively little PII on my phone.  The message would link one to an account not secured, which is another red flag. 
  
I’ve had only one other security issue with the iPhone, that is, occasional emails claiming gamer purchases in Indonesia or especially Belarus were charged to my Apple account, when they weren’t.
  
Maybe I do have a doppleganger in the non-western world. I wonder if that could surface if I were to travel abroad in non-western countries.  

Friday, July 05, 2019

Windows and small businesses continue to remain the biggest ransomware targets


Benjamin Roussey of TechGenix has an informative article from April 2019 of the seven top ranswomware threats in the next year or so, link here

He writes that small and medium sized businesses are still the easiest targets.  He notes that many still run on older versions of Windows. Many are not diligent in keeping up patches (individuals tend to do better than small companies).


He also notes that Windows is still much more vulnerable in practice than Linux or the similar Mac OS family.

Health care and doctors or PPO’s have become particularly vulnerable.
  
He also makes an interesting comment about AI.

Thursday, June 20, 2019

Medical clinic will close because or ransomware; why don't small companies, cities have off-site backups?


A Florida City will pay hackers $60000 in bitcoin to get its computer system back, the Washington Post reports.    We wonder why it didn’t have offsite backups.
  
The Citizen’s Council for Health Freedom reports that a clinic in Michigan has closed for good after ransomware destroyed its patient records, leaving patients, even recovering from surgery, stranded.  The case is said to be an example of the problems with requiring electronic records, and it sounds like HIPAA security and privacy didn’t work.
  
One question, why didn’t the doctors have an off-site backup made every day?

Wednesday, June 05, 2019

A brief review of Trend Micro



Here is Trend Micro’s pitch on how it monitors for global cyberthreats, including about 600 million potential ransomware threats a day. 


The service says it now pays particular attention to “cryptomining” or possible threats even to block chain entities.

It also says it can detect laundering and some organized crime.

It says it has 30 years experience (back to 1989 – mainframe companies started installing products like “Top Secret” around 1987).

Right now I have Trend on my Windows 10 computers.  I’ve had Kaspersky (banned in the US???) and Webroot.  Since Webroot bought Sitelock and my hosting provider uses Sitelock, that could be interesting.

I’ve had a problem with two of my Wordpress domains (there are four of them) going back to gray, and I don’t know why.  ThioJoe ought to do a video on website safety ratings. 

Thursday, May 23, 2019

What if we all have a hardware incontinence vulnerability?



Charlie Warzel and Sarah Jeong do a little skit on the New York Times “The Internet Security Apocalypse You Probably Missed”.  It’s a little like Daniel Gruss’s “Microarchitecutral Incontinence” about Intel chips.  This time, it’s Cisco routers.
Suddenly, a possible vulnerability that could target anyone, and that you could fix only with hardware.
  
Three or four years ago, the fear was some sort of massive shutdown by an enemy like North Korea. Now it seems enemies want our social media up so it can manipulate our weaker souls.

ThioJoe explains this as "microarchitectural data sampling" (incontinence), with examples like "Zombie Load" and "Fallout" and "Meltdown".

CPU vendors will eventually issue "bios updates" which average users won't know how to do.