Thursday, May 23, 2019

What if we all have a hardware incontinence vulnerability?

Charlie Warzel and Sarah Jeong do a little skit on the New York Times “The Internet Security Apocalypse You Probably Missed”.  It’s a little like Daniel Gruss’s “Microarchitecutral Incontinence” about Intel chips.  This time, it’s Cisco routers.
Suddenly, a possible vulnerability that could target anyone, and that you could fix only with hardware.
Three or four years ago, the fear was some sort of massive shutdown by an enemy like North Korea. Now it seems enemies want our social media up so it can manipulate our weaker souls.

ThioJoe explains this as "microarchitectural data sampling" (incontinence), with examples like "Zombie Load" and "Fallout" and "Meltdown".

CPU vendors will eventually issue "bios updates" which average users won't know how to do. 

Sunday, May 19, 2019

Wanna Cry ransomware could come back to older systems given new Microsoft bog

Dan Goodin has an article on Ars Technica explaining again how many Windows exploits (variations of Wanna Cry) and ransomewares, continue to exploit governments and installations that don’t have the nimbleness of individuals to go to newer releases or apply patches
Some Windows servers are affected, which can affect hosting companies that find managing Windows application pools difficult, resulting in outages or 503 errors.

Saturday, May 11, 2019

Local governments are particularly vulnerable to ransomware

Local governments seem particularly vulnerable to ransomware attacks, largely because of their bureaucracy.

Right now, Baltimore has a serious problem.  A year ago, Atlanta did.  Recently a town near Fairbanks AK was targeted.

It is much easier for individuals to defend themselves than organizations, as their backup is usually a lot simpler. Individuals can also be much more wary of phishing attempts.
There have been cases where payrolls could not be run, putting affected employees in the same situation as a government shutdown without pay.

Tuesday, May 07, 2019

Robocalls may tempt users to spend money on callbacks to international 900 numbers

Security consultants are advising consumers not to return “one ring” calls, which are likely robocalls from 900 numbers that will result in steep charges when calls are returned.

Many calls come from Mauritania, but are spoofed as to appear to come from within the US.  Most recipients are in New York State or Arizona.

Consumers might consider having their providers block international calls if  they don’t normally make them.
CBS News has a typical story, by Sarah Min, 

The objection to robocalls, while very prudent and understandable, undermines legitimate activity, like raising money for political causes or candidates or for charities. 

Monday, May 06, 2019

New phishing scam claims your package was not delivered by UPS

I received a fake UPS delivery message today that claims that a package sent from my UPS store location was returned because of an address mismatch.  It named a UPS store as the source.
The scam is based on the idea that the consumer probably doesn’t remember “their” UPSW store member.  I gave a box at the store in Ballston in Arlington VA.  It turns out that this email address corresponded to a store in Rock Hill, SC.

The most recent site I can find discussing a delivery scam is here.

But this is the first time I have heard of  fake missdelivery email.

I had opened the email but not gone to any links on the computer.  I opened the link on a phone, assuming that iPhone is not as vulnerable. The link named as ups store was actually Microsoft One Drive. It invited me to download a tracking document and download an app to view it.
I did show the email to the local store and asked them to show the scam to UPS corporate security.
I did restart the computer and run a quick scan and will run a Trend Micro full scan later this evening.