after

now browsing by tag

 
 

Intel didn’t #tell US #cyber security officials about the #Meltdown and #Spectre flaws until after it #leaked in news #reports

Source: National Cyber Security News

Intel did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday.

Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities.

Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.

US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.

Details of when the chip flaws were disclosed were detailed in letters sent by Intel, Alphabet and Apple Inc on Thursday in response to questions from Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Hackers #steal 19M #California voter #records after #holding #database for #ransom

Source: National Cyber Security – Produced By Gregory Evans

In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.

Database Was Left Exposed

The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.

Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.

Cybercriminals Held Voters Database For Ransom

Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.

The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.

Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.

What Data The Database Had

In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:

City: 
Zip: 
StreetType: 
LastName: 
HouseFractionNumber
RegistrationMethodCode 
State: CA 
Phone4Exchng: 
MailingState: CA
Email: 
Phone3Area: 
Phone3NumPart: 
Status: A 
Phone4Area: 
StreetName: 
FirstName:
StreetDirSuffix: 
RegistrantId:
Phone1NumPart: 
UnitType: 
Phone2NumPart: 
VoterStatusReasonCodeDesc: Voter Requested 
Precinct: 
PrecinctNumber: 
PlaceOfBirth: 
Phone1Exchng:
AddressNumberSuffix: 
ExtractDate: 2017-05-31
Language: ENG 
Dob: 
Gender: 
MailingCountry:
AssistanceRequestFlag 
MailingCity: 
MiddleName:
AddressNumber: 
StreetDirPrefix: 
RegistrationDate: 
PartyCode: 
Phone1Area: 
Suffix:
NonStandardAddress: 
Phone4NumPart: 
CountyCode: 
MailingAdd3: 
MailingAdd2: 
MailingAdd1:
UnitNumber: 
Phone2Exchng: 
NamePrefix: 
_id: ObjectId 
MailingZip5: 
Phone2Area:

Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.

ExtractDate: '2017-05-31',
'District': 
'RegistrantId': 
'CountyCode':, 
'DistrictName':
'_id': ObjectId

MongoDB And Ransom

Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).

Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.

Voters Database And Dark Web

A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.

The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

County #still weighing #options after #hacking

Source: National Cyber Security – Produced By Gregory Evans

The Latest on a hacking attack on a North Carolina county (all times local):

2:35 p.m.

A North Carolina county says it’s still weighing options on how to deal with data frozen by a hacker.

Mecklenburg County Manager Dena Diorio told reporters Wednesday afternoon that local officials haven’t decided whether to pay a hacker who’s ransoming county data frozen on dozens of servers.

Diorio said that it appears the hacking came from Iran or the Ukraine but didn’t elaborate. A forensic review is underway.

Whether or not the ransom is paid, Diorio says it will take days to get county computer systems running in normal fashion. A 1 p.m. deadline set by hackers has passed, but Diorio says talks with the hacker continue.

County services ranging from transportation to Medicaid patients to processing of arrestees have been slowed as employees use manual instead of computer-based controls.

___

1:30 p.m.

A hacker’s deadline has passed for a North Carolina county to pay for access to frozen computer data, but it’s not clear if local officials paid ransom.

Mecklenburg County officials said that a hacker that was ransoming data on its servers gave a 1 p.m. Wednesday deadline to pay more than $23,000 to get the data back.

After 1 p.m., multiple county sites including an online jail inmate search were still not functioning.

County spokesman Leo Caplanides said in an email that he could offer no further information. The county manager has scheduled a 2 p.m. news conference to discuss the case.

___

12:20 p.m.

North Carolina’s largest city says its computer system hasn’t been affected by a hacking attack on the surrounding county.

Charlotte government officials released a statement Wednesday saying that its separate computer systems have not been affected and that it has severed direct connections to county computers. The release noted that the city and county maintain separate servers.

Mecklenburg County officials say that a hacker is seeking a ransom of more than $23,000 after freezing county computer files. Departments including the sheriff’s office and code enforcement have had to use paper records for at least some of their functions.

The sheriff’s office said emergency calls are processed by the city and haven’t been affected.

___

11:30 a.m.

A North Carolina sheriff’s office is checking in arrestees by hand after a hacking attack on county government computers.

Mecklenburg County Sheriff spokeswoman Anjanette Flowers Grube said in an email that the problems don’t extend to the processing of emergency calls, which is handled by the city of Charlotte. Charlotte officials have said their computers aren’t affected by the hacking.

The sheriff’s office also posted a message that its website wasn’t able to process requests for information on jail inmates that are normally easily accessed by the public.

Mecklenburg County officials say that the hacking has affected its computer system and that a hacker is seeking a ransom of more than $23,000.

___

10:30 a.m.

A deadline is approaching for one of North Carolina’s largest counties to respond to a hacker who froze county servers and is demanding ransom.

Mecklenburg County Manager Dena Diorio told reporters that local officials face a deadline of 1 p.m. Wednesday to decide whether to pay a ransom of two bitcoin, or more than $23,000.

On Wednesday morning, some county sites such as the jail inmate search function were down. Diorio said departments including the code enforcement office were using paper records.

The county issued a statement on Twitter Wednesday asking residents to contact county offices before visiting to see whether they are offering services.

Diorio said leaders are working with a technology consultant and haven’t ruled out paying the ransom. Charlotte officials say city government computers haven’t been hacked.

The post County #still weighing #options after #hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #redoubling efforts after #Meck Co officials #decline #paying #ransom

Hackers are reportedly “redoubling their efforts to penetrate the county’s systems” after Mecklenburg County officials decided not to pay a ransom to unfreeze hacked servers, officials said Thursday.

Mecklenburg County remains open for business as it continues to restore services.

According to county officials, cybercriminals are trying to use emails with fraudulent attachments and viruses to further damage the county’s systems. County officials are asking residents and employees to remain patient.

County Manager Dena Diorio says hackers froze 48 county servers, and asked for two bitcoins in ransom, which totals about $23,000. This, despite claims made by other county officials to WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of dollars.

On Thursday, officials said ITS is disabling county employees’ option to open attachments in Drop Box and Google Documents. Officials released this statement:

“The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person. “

As the county manager refuses to pay the hackers, the county’s IT team begins work on repairing the 48 frozen servers, and bringing the affected county departments back to normal working order. These departments include the tax office, register of deeds, LUESA, assessor’s office, park and recreation, department of social services, child support enforcement, finance, sheriff’s office, and the courts.

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.

Officials have not given a timeline for how long the repairs will take, but say they will take “days.” They have prioritized repairs on servers affecting health and human services, the courts, and LUESA.

Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.

“Now understand things will come back up incrementally, so as we bring systems on line we won’t be shot down that long, but by the time we get everything fully restored I would say the first of the year,”Diorio said.

Rather than pay hackers demands to get rid of ransomware, the county is taking matters into  its own hands.

One place impacted and where business practices have changed is the Mecklenburg County Tax Office.

Online payments have become the norm, but with computers being down fees collected in person.

Daniel Chisholm ended up with handwritten receipt and a dose of reality.

“I am paranoid about using the internet and I use it all the time. Problem is that’s the wave of the future and you can’t get around it,” Chisholm said.

Theresa Payton and her company Fortalice Solutions is one of the companies hired by Mecklenburg County to work through this series of challenges.

She is also a WBTV cyber security expert who says hackers in most instances are hoping to beat the odds.

“For cyber criminals they have nothing to lose and everything to gain. If you think about, you have to get it right 365 days out of the year, and they only have to get it right once,” Payton said.

Getting right during this period of recovery is the goal of the county manager.

“We just ask people to work with us and be patient to the best of their ability,” Diorio said.

Dioro also expects work to continue through the weekend and through the holidays.

In the meantime, they have asked customers to call these departments to check on their services.

Below is information from county officials given Thursday of offices affected during the server outage, along with direction for customers moving forward.

Assessor’s Office (CAO)
Non-Operational:

  • County Assessor’s Office reports AssessPro (The Real Property appraisal system), NCPTS (the personal property appraisal system and the billing and collection system) are down.
  • Polaris and Tax Bill look up county web links are not working.

Criminal Justice Services
Non-Operational:

  • Research & Planning cannot run the daily population numbers without OMS interfacing with our data warehouse.  (Please note that we anticipate a spike in the jail numbers due to the release process being slowed.)

 Child Support Enforcement (CSE): CSE is in full Manual Services- still seeing customers here and in the Courthouses, all records are being hand-written and the Clerk’s office is printing/making copies for the Court.

  • Advantage is Down
  • ACTS- Automated Collection and Tracking System is down- which is used to interface with other state and federal systems; document generation; pay histories; charging and billing functions, etc
  • Compass/OnBase is down
  • Dept. Of Vital Records is down
  • Qflow- Used to track customer visits by date, time, visit purpose, service provider, etc.
  • VMWare

Community Support Services: The Domestic Violence Victim Services phone line (704-336-3210) is now fully functioning.
Non-Operational:

  • ECHO for Substance Use Services (they are documenting on paper & will scan into the system once operational),
  • OnBase for Veterans Services & secure printing and copying. We are seeing clients but Veterans Services may run slower. As soon as we have access to a copier we will run much smoother.
  • All secure printing & coping DOWN.
  • Community Support Services Prevention & Intervention Division is unable to transfer a call from the receptionist to a clinician.

 Department of Social Services (DSS): All DSS services and programs are up and running with the exception of individual medical transportation scheduling.

  •  All Public Assistance programs and services are available.  We have made adjustments to work around the systems that are unavailable.
  • Adult Protective Services and Child Protective Services are fully operational.

 Transportation Message:
If you have made a transportation reservation through DSS/MTS scheduling, please call Customer Connection at 704-336-4547 to confirm your transportation.  This includes reservations made for bus passes and vendor transportation for trips scheduled through December 11, 2017.

Finance
Non-Operational:

  • Services/support are all manual and limited as most all of our work relies on Advantage as our core financial system.
  • Automated payments, invoicing, procurement, etc.  This means no Electronic funds transfers, processing of procurement requests in the system, or other similar transactions.  Because many of our internal controls are automated, or rely on systems (verifying funds, etc.), most of our services will be manual and slowed, but we should be able to perform them.  We also cannot apply payments received to the balance owed in the system—meaning we will have a backlog and some risk to the extent collections are continuing.

 Human Resources
Non- Operational:

  • Applicants cannot apply for vacant positions

Library

  • No changes since last communication

 LUESA
The LUESA offices on Suttle Ave continue to operate to provide services to our building community.  If you have urgent permitting and inspection needs, please call 980-314- CODE (2633) and staff will be able to coordinate your request for service.

Non-Operational:

  • Code and Storm Water Services cannot review plans or issue new permits until POSSE/Winchester and other supporting systems including GIS, Navision (payment processing) are up.
  • GIS cannot provide addressing and other services including processing register of Deeds data until the GIS servers are back online.
  •  Air Quality services for asbestos reviews etc cannot be performed until the permitting system is up.

MEDIC: Nothing affected at this time.

Office of the Tax Collector
Non-Operational:

  • Property tax payments cannot be made at the Wilkinson Boulevard location.
  • Tax records and payment information cannot be accessed online or by telephone.
  • Research requests for bankruptcy, tax certificates, tax lien research, or any other service requiring reference to the tax records cannot be performed.
  • All online services including online payment options are not available.

As of Wednesday night, the county’s domestic violence hotline was down. They were directing callers to Safe Alliance reached at 704-332-2513.

County officials say employees’ payroll will not be affected by the Dec. 15 pay date. Officials say most printers are still offline, with a limited number enabled in specific offices.

View full post on National Cyber Security Ventures

Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says

Source: National Cyber Security – Produced By Gregory Evans

After eight months of maintaining his innocence in a massive data breach at Yahoo, Karim Baratov feels like he’s now, his lawyer says, doing the right thing by pleading guilty to charges stemming from his role as a hacker.

Baratov, who is from Hamilton, is scheduled for sentencing in February, after pleading guilty, in a U.S. court on Tuesday, to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.

“He’s feeling like he’s doing the right thing … he’s happy that he’s doing the right thing, he’s happy that he’s opening up, and he’s not holding back,” said Amedeo DiCarlo, one of Baratov’s lawyers. “I think that’s what the justice system expects of him.”

Authorities say the hack affected at least a half billion user accounts, and was directed by two Russian intelligence agents. U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say he was paid by members of Russia’s Federal Security Service to access more than 80 accounts.

DiCarlo wouldn’t say if Baratov turned over information on the two Russians linked to the case, but did say he has been “very forthcoming with his information” and “very transparent.”

“He told them everything they needed to know,” DiCarlo said.

Another one of his attorneys, Andrew Mancilla, echoed that sentiment outside of court after the guilty plea was made. “He’s been transparent and forthright with the government since he got here,” Mancilla said.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

Yahoo user accounts began being compromised at least as early as 2014. Prosecutors say Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

After Baratov’s arrest, his parents said that their son was a “scapegoat.” DiCarlo said they are now finally seeing some sense of closure.

“It’s a big strain on everybody — it’s kind of like you’re biting your fingernails, waiting for the result. Now, here is a final result in their opinion … they see an end in the future.”

Baratov’s sentencing is set to happen in February, and the threshold for how much jail time he could face ranges from zero to 20 years, DiCarlo said — though he would not disclose what sentence the defence will submit as appropriate. It’s also not clear if Baratov would serve a sentence in Canada or the United States.

“We’ve got our ranges to work with, and that’s where the lawyering takes place,” DiCarlo said.

The post Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.

 

Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Chinese Bitcoin exchange denies hacking rumors after theft of $2.5M

Source: National Cyber Security – Produced By Gregory Evans

A Chinese Bitcoin trading exchange has denied rumors that it suffered a hacking attack after its users lost a total of $2.5 million in Bitcoins to unknown actors. On 4 October 2017, OKex, a cryptocurrency exchange which functions as part of the Chinese Bitcoin company OKcoin, acknowledged that several of…

The post Chinese Bitcoin exchange denies hacking rumors after theft of $2.5M appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin Exchange Denies Getting Hacked After Customers Lose $3 Million

Source: National Cyber Security – Produced By Gregory Evans

OKEx, a Bitcoin exchange based in China, issued a statement over the weekend, denying it was hacked and blaming recent thefts on careless users who didn’t secure their accounts. Rumors that hackers breached OKEx started since the end of August when several users began complaining about funds disappearing from their…

The post Bitcoin Exchange Denies Getting Hacked After Customers Lose $3 Million appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Schools re-examine cybersecurity measures after Flathead hacking

Source: National Cyber Security – Produced By Gregory Evans

We’re looking into school cybersecurity after a hacker’s threats forced Flathead Valley officials to cancel school for three days. A group called Dark Overlord Solutions demanded money to keep the personal information it stole safe. Now other school districts are re-examining their cybersecurity.   When we started asking questions, we…

The post Schools re-examine cybersecurity measures after Flathead hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures