The latest version of the Chrome Browser (88.0.4324.146) has been identified by Microsoft Defender Advanced Threat Protection (ATP) to have a backdoor trojan. This trojan is a generic one called “PHP/Funvalget.A” that exposes users to unauthorized access and control of their PC. However, there is a chance that this is an incorrect threat identification, though Microsoft has not made a comment yet. This article is an interesting reminder that even “trusted” applications, such as Chrome, are vulnerable to malicious attacks.
The company Forward Air which works in the trucking and freight transportation industry was the victim of a ransomware attack in December 2020. This attack severely impacted their business operations by making them take their IT systems offline. As of result of being offline the companies drivers and employee were not able to access important documents and ultimately causing the company to report a $7.5 million loss in their Q4 financial results. The article did not specify if the company paid the ransom, but just that they recovered from the attack. Lastly, having backups of their data could help prevent this type of attack in the future and get their systems online faster.
Ring Rolls-Out End-to-End Encryption To Bolster Privacy
Ring, a home security device owned by Amazon, supplemented an end-to-end encryption video to help enhance customers security and privacy. Encrypting videos is already one of their normal functions, but this additional method adds more security and can only be unlocked with a key that is stored in the customer’s mobile device, where only they can decrypt and view the recording. Although four employees had authorization to view video data, they violated company policy and were terminated. Also, because of legal complaints of customers devices being hacked, a two-factor authentication was included for additional security.
Many organizations have prioritized cybersecurity resulting in them operating a maturity-based approach that seeks to monitor everything. While such security posture is commendable since it seeks to monitor everything constantly, it comes with a hefty price tag that increases as the business grows. Businesses need to balance both costs and cybersecurity to ensure that resources are allocated accordingly, and information assets are adequately safeguarded. To this end, it is necessary that a risk-based approach be implemented. In order to achieve this, entities should: seek to combine their cyber risk framework and general business risk management to evaluate risks holistically and not in isolation; prioritize high value processes with high risks allowing for prompt threat detection & mitigation; map vulnerabilities and threats to risk-based assets which enables the design of effective security controls and finally, monitoring and tracking the degree to which risks have decreased. Given the dynamic threat landscape every entity must prepare themselves for an eventual attack. A risk-based approach is an effective method of preparing for that eventual attack.
I found this article interesting this week because it relates to what we learned this chapter on Cryptography. VIPGAMES.com, a free to play card and board game platofrm was found to have their server wide open with zero encryption and no password protection. Tens of thousands of their users had their personal data leaked because the company misconfigured their server. Over 30GB of data was leaked, 23 million records, roughly 66,000 user profiles, emails, IP addresses, hased passwords, Facebook accounts, transaction information, and more, were exploited. The passwords were using Bcrypt algorithm is said to not be impossible to crack, which would in turn be used to try and hacck other accounts by the same users. They company stated there could also be a risk of banned users being black mailed for their reason of being banned (assult, abuse, etc). This incident shows us the importance of proper encryption and the consequences when it fails.
“Google Chrome Zero-Day Afflicts Windows, Mac Users”
Based on research by Imperva, Threatpost reports that a zero-day heap-buffer overflow vulnerability has been discovered in Google Chrome. Google is in the process of patching the vulnerability, and a new version of Chrome closing the vulnerability has already been released. The vulnerability in the open-source V8 JavaScript engine included in Chrome. It is thought that the buffer-overflow issue could result in a malicious service being installed from a web page, leading to installation of a backdoor residing in memory that would communicate with a command and control server. It also appears that attackers targeted information security researchers in particular with threats designed to exploit this vulnerability.
Police seize $60 million of bitcoin! Now, where’s the password?
German officials seized more than $60 million euros worth of bitcoin from a man who was jailed for covertly installing software on people’s computers and mining bitcoin. His more than 1,700 bitcoin is stored in an encrypted digital wallet. He won’t give police the password, or decryption key, to unlock it. “We asked him but he didn’t say,” prosecutor Sebastian Murer told Reuters on Friday. “Perhaps he doesn’t know.” So for now the bitcoin remains inaccessible.
An article published on cybernews.com on 2/2/2021 revealed probably the largest compilation of emails and passwords from many different breaches. According to the article, there are more than 3.27 billion lines of entries and contains more than double the unique email and password pairs compared to a 2017 compilation. This is not a new breach, but a compilation of previous breaches. If you are interested to learn more you can read the full article at https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/
The controversial connected device company Ring has added video end-to-end encryption (E2EE) to improve user privacy and security. This move follows a roll-out of two-factor authentication (2FA) to all users in early 2020 to help reduce the risk of strangers hijacking users’ cameras. When the video is uploaded to the cloud and stored on Ring’s server, it has been encrypted. Through end-to-end encryption, customer videos can be further protected with an additional lock. It can only be decrypted by a key stored on the customer’s registered mobile device. So that only customers can decrypt and view their videos. That will assuage customer concerns over who is viewing the videos shot by their doorbell camera.
This article is about a murderer from the 1960’s he sent a message and the cipher was recently solved. The killer sent 3 letters to Bay Area (CA) newspaper’s where he insisted that they print the message. Someone cracked the first message so he sent a second message and it was just recently cracked, 51 years later!
The article I read is about a Quantum Computing company in Switzerland that has discovered a weakness in encryption that could have real consequences. Using their supercomputers, they have been able to crack encryptions. Although your average criminal, or even your professional criminal, doesn’t have access to this kind of resource; a hostile foreign government might.
This article was interesting to me. It talks about how some European companies who provide encryption services are urging the EU to reconsider rules that could weaken encryption for law enforcement providers and allow them to bypass encryption in order to access information about suspected crimes. One thing that stood out to me from reading NIST SP 800-53 this week is that there is a strong link between information security and privacy. This article highlights that clearly. If governments allow law enforcement to bypass good information security controls, it could have a significant negative impact on privacy. While these rules would not change anything immediately, the article notes that this is a demonstration of the current stance of the EU toward encryption/privacy and also that it could signal future anti-encryption legislation. It will be interesting to see how this plays out, particularly given consumers are more aware than ever of how their digital footprint affects their privacy.
This article states “remote work” has continued to fuel a spike in phishing and cyberattacks, particularly in the U.S. Research indicated 90 percent of U.S. survey respondents have shifted their workplace to remote work in 2020, but only 29 percent of those offered any training to employees about safe remote working habits. Worse, three-quarters of U.S. workers said they allow their friends and family to access work-issued devices to do things like shop online and play games.
“In Florida, a near-miss with a cybersecurity worst case scenario”
There was an extremely close call in Florida last week at a water plant. A hacker was able to gain administrative privileges and mess with public water infrastructure, including ordering it to increase the amount of lye to extremely dangerous levels. This would have had deadly consequences. Luckily, the system admins noticed the irregular activity early, and were able to identify that a hacker was in the system. They then were able to return the Lye levels to a safe level. The scariest part of this story is that they FBI has not been able to identify the hacker, or even where the hacker is located., This is the risk with having public infrastructure system like this, if breached the criminals can cause horrible things to happen that endangers lives.
“Google Discloses Severe Bug in Libgcrypt Encryption Library – Impacting Many Projects”
On 1/28/21 a Google employee discovered a severe vulnerability in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software. The Libgcrypt library is an open-source cryptographic toolkit offered as part of GnuPG software suite to encrypt and sign data and communications. GnuPG mitigated the weakness within one day and communicated to users to stop using the current affected version 1.9.0 and to upgrade to the latest version. The vulnerability could have allowed an attacker to write arbitrary data to the target machine and all that needs to be done to exploit the vulnerability is to send the library a specific block of data with an embedded malicious code to decrypt which tricks the machine into running the malicious code.
“UPMC reports massive data breach, thousands of patients potentially affected”
A few days ago a massive data breach has affected one of the state’s largest health care providers, UPMC in Pittsburgh Pennsylvania. According to the website, wjactv.com, a legal firm by the name of Charles J Hilton & Associates discovered that its email was reportedly hacked. A further investigation confirmed that thousands of patient identifiable information such as personal data, social security numbers, dates of birth, or financial account numbers were obtained. A few thousand of patients are expected to affected by this cyber attack. According to the article, UPMC is currently looking into the issue and has started to notify patients to monitor their personal data in regards to fraud and identity theft.
Taylor Trench says
Microsoft Defender ATP is detecting yesterday’s Chrome update as a backdoor
https://www.zdnet.com/article/microsoft-defender-atp-is-detecting-yesterdays-chrome-update-as-a-backdoor/
The latest version of the Chrome Browser (88.0.4324.146) has been identified by Microsoft Defender Advanced Threat Protection (ATP) to have a backdoor trojan. This trojan is a generic one called “PHP/Funvalget.A” that exposes users to unauthorized access and control of their PC. However, there is a chance that this is an incorrect threat identification, though Microsoft has not made a comment yet. This article is an interesting reminder that even “trusted” applications, such as Chrome, are vulnerable to malicious attacks.
Nicholas Fabrizio says
Title: Trucking company Forward Air said its ransomware incident cost it $7.5 million
URL: https://www.zdnet.com/article/trucking-company-forward-air-said-its-ransomware-incident-cost-it-7-5-million/
The company Forward Air which works in the trucking and freight transportation industry was the victim of a ransomware attack in December 2020. This attack severely impacted their business operations by making them take their IT systems offline. As of result of being offline the companies drivers and employee were not able to access important documents and ultimately causing the company to report a $7.5 million loss in their Q4 financial results. The article did not specify if the company paid the ransom, but just that they recovered from the attack. Lastly, having backups of their data could help prevent this type of attack in the future and get their systems online faster.
Christopher Clayton says
Ring Rolls-Out End-to-End Encryption To Bolster Privacy
Ring, a home security device owned by Amazon, supplemented an end-to-end encryption video to help enhance customers security and privacy. Encrypting videos is already one of their normal functions, but this additional method adds more security and can only be unlocked with a key that is stored in the customer’s mobile device, where only they can decrypt and view the recording. Although four employees had authorization to view video data, they violated company policy and were terminated. Also, because of legal complaints of customers devices being hacked, a two-factor authentication was included for additional security.
https://www.infosecurity-magazine.com/news/ring-rollsout-endtoend-encryption/
Lakshmi Surujnauth says
“Developing a risk-based cybersecurity approach”
Many organizations have prioritized cybersecurity resulting in them operating a maturity-based approach that seeks to monitor everything. While such security posture is commendable since it seeks to monitor everything constantly, it comes with a hefty price tag that increases as the business grows. Businesses need to balance both costs and cybersecurity to ensure that resources are allocated accordingly, and information assets are adequately safeguarded. To this end, it is necessary that a risk-based approach be implemented. In order to achieve this, entities should: seek to combine their cyber risk framework and general business risk management to evaluate risks holistically and not in isolation; prioritize high value processes with high risks allowing for prompt threat detection & mitigation; map vulnerabilities and threats to risk-based assets which enables the design of effective security controls and finally, monitoring and tracking the degree to which risks have decreased. Given the dynamic threat landscape every entity must prepare themselves for an eventual attack. A risk-based approach is an effective method of preparing for that eventual attack.
https://www.securitymagazine.com/articles/94528-developing-a-risk-based-cybersecurity-approach
Quynh Nguyen says
I found this article interesting this week because it relates to what we learned this chapter on Cryptography. VIPGAMES.com, a free to play card and board game platofrm was found to have their server wide open with zero encryption and no password protection. Tens of thousands of their users had their personal data leaked because the company misconfigured their server. Over 30GB of data was leaked, 23 million records, roughly 66,000 user profiles, emails, IP addresses, hased passwords, Facebook accounts, transaction information, and more, were exploited. The passwords were using Bcrypt algorithm is said to not be impossible to crack, which would in turn be used to try and hacck other accounts by the same users. They company stated there could also be a risk of banned users being black mailed for their reason of being banned (assult, abuse, etc). This incident shows us the importance of proper encryption and the consequences when it fails.
https://www.infosecurity-magazine.com/news/misconfigured-cloud-server-exposes/
Mitchell Dulaney says
“Google Chrome Zero-Day Afflicts Windows, Mac Users”
Based on research by Imperva, Threatpost reports that a zero-day heap-buffer overflow vulnerability has been discovered in Google Chrome. Google is in the process of patching the vulnerability, and a new version of Chrome closing the vulnerability has already been released. The vulnerability in the open-source V8 JavaScript engine included in Chrome. It is thought that the buffer-overflow issue could result in a malicious service being installed from a web page, leading to installation of a backdoor residing in memory that would communicate with a command and control server. It also appears that attackers targeted information security researchers in particular with threats designed to exploit this vulnerability.
https://threatpost.com/google-chrome-zero-day-windows-mac/163688/
Jonathan Mettus says
Police seize $60 million of bitcoin! Now, where’s the password?
German officials seized more than $60 million euros worth of bitcoin from a man who was jailed for covertly installing software on people’s computers and mining bitcoin. His more than 1,700 bitcoin is stored in an encrypted digital wallet. He won’t give police the password, or decryption key, to unlock it. “We asked him but he didn’t say,” prosecutor Sebastian Murer told Reuters on Friday. “Perhaps he doesn’t know.” So for now the bitcoin remains inaccessible.
https://www.reuters.com/article/us-crypto-currency-germany-password/police-seize-60-million-of-bitcoin-now-wheres-the-password-idINKBN2A511T
Xiduo Liu says
An article published on cybernews.com on 2/2/2021 revealed probably the largest compilation of emails and passwords from many different breaches. According to the article, there are more than 3.27 billion lines of entries and contains more than double the unique email and password pairs compared to a 2017 compilation. This is not a new breach, but a compilation of previous breaches. If you are interested to learn more you can read the full article at https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/
To-Yin Cheng says
Ring Rolls-Out End-to-End Encryption to Bolster Privacy
https://www.infosecurity-magazine.com/news/ring-rollsout-endtoend-encryption/
The controversial connected device company Ring has added video end-to-end encryption (E2EE) to improve user privacy and security. This move follows a roll-out of two-factor authentication (2FA) to all users in early 2020 to help reduce the risk of strangers hijacking users’ cameras. When the video is uploaded to the cloud and stored on Ring’s server, it has been encrypted. Through end-to-end encryption, customer videos can be further protected with an additional lock. It can only be decrypted by a key stored on the customer’s registered mobile device. So that only customers can decrypt and view their videos. That will assuage customer concerns over who is viewing the videos shot by their doorbell camera.
Michael Doherty says
This article is about a murderer from the 1960’s he sent a message and the cipher was recently solved. The killer sent 3 letters to Bay Area (CA) newspaper’s where he insisted that they print the message. Someone cracked the first message so he sent a second message and it was just recently cracked, 51 years later!
https://www.wired.com/story/zodiac-killers-cipher-finally-cracked-after=51-years
Panayiotis Laskaridis says
“A Swiss Company Says It Found Weakness That Imperils Encryption”
https://www.bloomberg.com/news/articles/2021-02-07/a-swiss-company-says-it-found-weakness-that-imperils-encryption
The article I read is about a Quantum Computing company in Switzerland that has discovered a weakness in encryption that could have real consequences. Using their supercomputers, they have been able to crack encryptions. Although your average criminal, or even your professional criminal, doesn’t have access to this kind of resource; a hostile foreign government might.
Megan Hall says
ProtonMail, Tutanota among authors of letter urging EU to reconsider encryption rules
https://www.cyberscoop.com/encryption-europe-tutanota-protonmail-threema-tresorit/
This article was interesting to me. It talks about how some European companies who provide encryption services are urging the EU to reconsider rules that could weaken encryption for law enforcement providers and allow them to bypass encryption in order to access information about suspected crimes. One thing that stood out to me from reading NIST SP 800-53 this week is that there is a strong link between information security and privacy. This article highlights that clearly. If governments allow law enforcement to bypass good information security controls, it could have a significant negative impact on privacy. While these rules would not change anything immediately, the article notes that this is a demonstration of the current stance of the EU toward encryption/privacy and also that it could signal future anti-encryption legislation. It will be interesting to see how this plays out, particularly given consumers are more aware than ever of how their digital footprint affects their privacy.
Wei Liu says
Ransomware Demands Spike 320%, Payments Rise
This article states “remote work” has continued to fuel a spike in phishing and cyberattacks, particularly in the U.S. Research indicated 90 percent of U.S. survey respondents have shifted their workplace to remote work in 2020, but only 29 percent of those offered any training to employees about safe remote working habits. Worse, three-quarters of U.S. workers said they allow their friends and family to access work-issued devices to do things like shop online and play games.
https://threatpost.com/ransomware-demands-spike-payments-rise/163744/
Charlie Corrao says
“In Florida, a near-miss with a cybersecurity worst case scenario”
There was an extremely close call in Florida last week at a water plant. A hacker was able to gain administrative privileges and mess with public water infrastructure, including ordering it to increase the amount of lye to extremely dangerous levels. This would have had deadly consequences. Luckily, the system admins noticed the irregular activity early, and were able to identify that a hacker was in the system. They then were able to return the Lye levels to a safe level. The scariest part of this story is that they FBI has not been able to identify the hacker, or even where the hacker is located., This is the risk with having public infrastructure system like this, if breached the criminals can cause horrible things to happen that endangers lives.
https://www.nbcnews.com/tech/security/florida-near-miss-cybersecurity-worst-case-scenario-n1257091
Christa Giordano says
“Google Discloses Severe Bug in Libgcrypt Encryption Library – Impacting Many Projects”
On 1/28/21 a Google employee discovered a severe vulnerability in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software. The Libgcrypt library is an open-source cryptographic toolkit offered as part of GnuPG software suite to encrypt and sign data and communications. GnuPG mitigated the weakness within one day and communicated to users to stop using the current affected version 1.9.0 and to upgrade to the latest version. The vulnerability could have allowed an attacker to write arbitrary data to the target machine and all that needs to be done to exploit the vulnerability is to send the library a specific block of data with an embedded malicious code to decrypt which tricks the machine into running the malicious code.
https://thehackernews.com/2021/01/google-discloses-severe-bug-in.html
Elias Harake says
“UPMC reports massive data breach, thousands of patients potentially affected”
A few days ago a massive data breach has affected one of the state’s largest health care providers, UPMC in Pittsburgh Pennsylvania. According to the website, wjactv.com, a legal firm by the name of Charles J Hilton & Associates discovered that its email was reportedly hacked. A further investigation confirmed that thousands of patient identifiable information such as personal data, social security numbers, dates of birth, or financial account numbers were obtained. A few thousand of patients are expected to affected by this cyber attack. According to the article, UPMC is currently looking into the issue and has started to notify patients to monitor their personal data in regards to fraud and identity theft.
https://wjactv.com/news/local/upmc-reports-massive-data-breach-thousands-of-patients-potentially-affected