now browsing by tag
Photo: File Photo / Hearst Connecticut Media
In response to the coronavirus and its impact on local communities, municipal leaders are making changes to their town hall schedules. Some remain open with signs on the door asking residents to consider their own health before entering; others are closed.
City Hall and its offices remain open, with a warning sign posted on the front entrance asking people to consider their health and the health of others before entering.
Residents can find information on all boards and commissions online at www.torringtonct.org/
The Sullivan Senior Center is closed, and all park and recreation activities are canceled or postponed. An Easter Egg Hunt, set for April 4, is “on hold.” Check the website for details.
The Torrington Historial Society also announced this week that it is closed. Residents can visit www.torringtonhistoricalsociety.org/ or call 860-482-8260.
Town Hall remains open with regular hours, including the town clerk, first selectman, assessor, finance office and tax collector. Residents are being asked to put off non-urgent business at Town Hall, or call ahead before they visit, at 860-567-7561.
Probate Judge Diane Blick said Friday that probate court operations in the Litchfield town hall and Canaan are continuing, but no passport applications will be processed until further notice. Anyone with questions can call the court in Litchfield at 860-567-8065 or in North Canaan at 860-824-7012.
The Litchfield Community Center, Oliver Wolcott Library, Litchfield Historical Society, public schools and the Forman School are closed. The recycling center is closed until March 21, and park and recreation programs are suspended.
“We are taking a proactive approach in dealing with this COVID-19 event and setting up our Community Emergency Response Volunteer Team in case we need to deploy,” said First Selectman Denise Raap in a statement. “I urge residents to check on their elderly neighbors via phone calls, social media messaging or email. In the meantime, we urge you to continue social distancing, to follow the guidance of CDC guidelines (www.cdc.gov) the CT State Dept of Public Health (portal.ct.gov/coronavirus) and will continue to work with Torrington Area Health.”
According to the town website, the Morris town hall, senior center and the library are closed until further notice.
New Hartford First Selectman Dan Jerram said this week that Town Hall and the public works department are open. The town garage is open to employees only. Residents are being asked to call Town Hall if they need help.
“If you have business that can be conducted by phone, email or snail mail … we prefer that method for now,” Jerram said, adding that residents can still come to town hall if necessary, but to keep their visits brief.
Jerram reminded residents that the senior center is closed “to protect our ‘at risk’ senior population,” he said, adding that all exercise classes and social programs are canceled until further notice. The senior van will be used to transport resident seniors to scheduled medical appointments only. All other social trips are canceled.
Jerram also said that board or commission meetings that are not required to meet to conduct business required by state statute are canceled until further notice, including the Commission on Aging, Conservation Commission, Economic Development Commission, Historic District Commission, Recreation Commission and the Open Space Preservation Commission. Boards required to meet, including the Board of Assessment Appeals, Board of Education, Board of Finance, Inland Wetland Commission, Planning & Zoning Commission, Water Pollution Control Authority (WPCA) and Zoning Board of Appeals, will be assessed case-by-case.
For more information, visit www.newhartfordct.gov/ or call 860-379-3389.
“We are going to post signs at Town Hall requesting that anyone with symptoms or who has returned from travel outside the U.S. in the previous 14 days not come into the building and that everyone use .
Purell (which we will have available) before engaging with Town Hall staff,” wrote First Selectman Don Stein, in a town website message.
The Board of Finance meeting, scheduled for March 17, will be moved to the Community Room. Stein said he is maintaining the spring budget hearing/meeting schedule, with a budget hearing on April 7 ,and town meeting May 5. These dates are subject to change.
The Barkhamsted Senior Center is closed for the next two weeks. A decision to remain closed or reopen the week of March 29 is pending.
The Highway Garage Community Room is closed for non-town functions until further notice.
Residents can always call Town Hall, 860-379-8285, email email@example.com, or visit www.barkhamsted.us/
Goshen First Selectman Robert Valentine sent a letter to residents Monday, outlining the town’s plans to keep the coronavirus in check.
Those who need building or land use permits or have business with the town clerk should visit the online application portal at www.goshenct.gov
“If you have documents that need to be filed, we ask that they be sent to the Town Clerk via FedEx UPS or USPS. For those needing hunting and fishing licenses please use the DEEP web site to purchase them,” Valentine said.
Board and commission meetings are moving to “electronic means” in the near future, Valentine said, either online or by a conference call, and all residents and members will be notified. “We’ll make sure that those interested in attending meetings are allowed to attend electronically and have the ability to see documents being discussed by boards and commissions,” he said.
The town hall is open for business, and residents are asked to limit their visits by going online or calling 860-491-2308 ext. 221 or administrative a ssistant Virginia Perry at ext. 228.
The Goshen Library is closed, and all recreation activities are canceled through March.
Town hall is closed to the public starting Tuesday, March 17. “Staff will be on hand to assist you in any way we can,” officials said. Call 860-868-7881 for assistance.
Land records can be found at https://www.searchiqs.com/ctwar/Login.aspx. Forms and applications are available on individual department pages. Anyone in need of assistance can call 860-868-7881.
Winsted is following a similar protocol, keeping town hall and the public works department open, and asking residents to limit their visits unless it’s urgent. Residents are asked to call ahead to make an appointment at 860-379-2713 or visit www.townofwinchester.org/
Board and commission meetings have been postponed. “All visitors are expected to maintain a “social distance” and may be asked to cleanse their hands. If you are sick, please stay home,” officials said in a statement online.
Recreation activities are canceled, and the senior center is also closed. The Senior Van is available to senior citizens for doctor appointments by calling 860-379-4252.
Refuse disposal center open
Regional Refuse Disposal District One, 31 New Hartford Road, Barkhamsted, which serves Barkhamsted, New Hartford and Winsted, is open and can be reached at 860-379-1972.
Residents are welcome to drop off trash and recyclables. Employees cannot help unload cars because they have been instructed to stay three feet away from others. “You will need to remove (trash) from your vehicle yourself and dispose of it properly. This includes televisions, air conditioners, appliances, garbage, etc.,” according to a statement.
RRDD1 also asked residents who have tested positive for coronavirus to put used paper products (tissues, paper towels) in a plastic bag and to place it in the facility’s trash compactor.
View full post on National Cyber Security
#cybersecurity | hacker | Hill warns lawmakers not to spread Ukraine election interference narrative pushed by Russia
Just a day after the Trump administration’s former top Russian expert testifying in an impeachment hearing took GOP lawmakers to task for spreading “a fictional narrative” about Ukraine meddling in the 2016 U.S. presidential election, a new report revealed that senators and their aides recently were told by U.S. intelligence officials that the tale was part of a multiyear Russian disinformation campaign.
“The Russians have a particular vested interest
in putting Ukraine, Ukrainian leaders in a very bad light,” Fiona
Hill, a former White House adviser on Russia, said Thursday. “Based
on questions and statements I have heard, some of you on this committee appear
to believe that Russia and its security services did not conduct a campaign
against our country — and that perhaps, somehow, for some reason, Ukraine did.
This is a fictional narrative that has been perpetrated and propagated by the
Russian security services themselves.”
Hill said the narrative could cause harm to the
U.S. and give Russia a foothold in next year’s election. “Right now,
Russia’s security services and their proxies have geared up to repeat their
interference in the 2020 election. We are running out of time to stop them,” Hill
said, asking lawmakers to avoid promoting “politically derivative falsehoods
that so clearly advance Russian interests” during the impeachment probe.
Her blunt assessment came nearly a week after other witnesses such as former Ambassador to Ukraine Marie Yovanovitch, National Security Council Director of European Affairs Lt. Col. Alexander Vindman and EU Ambassador Gordon Sondland painted a picture of a president pressuring the new Ukraine president, Volodymyr Zelenskiy, for dirt on political rival Joe Biden by withholding aid.
President Trump and his Congressional supporters have repeatedly
raised the specter of Ukraine interfering
in the 2016 election. But diplomats and officials testifying during the impeachment
hearings have dismissed that notion – and allegations that Biden while vice
president pressured Ukraine to dump a prosecutor to shield his son, Hunter, who
served on the board of a Ukrainian energy company – as false, citing an IC
assessment released in 2017 that pinned election interference on Russia.
who testified before the panel earlier in the week, referred to the tale as “a Russian narrative
that President Putin has promoted.” That’s what the intelligence community
recently told senators and their aides, detailing Russia’s long-term initiative
to finger Ukraine as the culprit behind 2016 election meddling by using a
network of intelligence officers and prominent Russians and Ukrainians to
spread disinformation to politicians and journalists, according to a Friday report
in the New York Times.
Earlier in the day the president and GOP lawmakers seemed to
double down on the Ukraine narrative with Trump telling the hosts of Fox &
Friends that Ukraine was hiding a server that the Democratic National Committee
(DNC) turned over to CrowdStrike, which the president incorrectly referred to as
a Ukrainian company. “They have the server, right, from the
DNC, Democratic National Committee,” said Trump. “They gave the server to
CrowdStrike or whatever it’s called, which is a country — which is a company
owned by a very wealthy Ukrainian. And I still want to see that server. You
know, the FBI’s never gotten that server. That’s a big part of this whole
thing. Why did they give it to a Ukrainian company?”
The president also had referenced
a server and CrowdStrike in the July 25 phone call with Zelensky at the heart
of the impeachment hearings, presumably referring to the server that the
company examined as part of its investigation into Russia’s hack of the DNC during the run-up to the
2016 presidential election.
The intelligence community has been united in its assessment
that Russia was behind the DNC hack and a widespread influence campaign aimed
at benefiting the Trump campaign. And former Special Counsel Robert Mueller laid
out evidence of Russia’s initiative, indicting a number of people and
organizations, including 12 GRU officers, in the caper.
Mueller’s probe bore fruit again last week when a jury found longtime
Trump confidante and campaign adviser Roger Stone guilty on seven charges,
including of lying to Congress and obstruction regarding his communications
with the Trump campaign and WikiLeaks.
View full post on National Cyber Security
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.
Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets in this operation, said a blog post today from Proofpoint, which calls the group TA2101. In many cases, the emails are sent from addresses that are made to look authentic at first glance, only they end in the .icu top-level domain.
The Proofpoint Threat Insight Team observed TA2101 campaigns targeting German on Oct. 16 and 23, and then again on Nov. 6, during which time the actor pretended to be the Bundeszentralamt fur Steuern, aka the German Federal Ministry of Finance. The adversary sent hundreds of emails with lures designed to entice recipients into opening Word documents containing malicious macros. These macros executed a PowerShell script that delivered Cobalt Strike, a legitimate attack simulation tool that in the wrong hands can be used as actual malware.
The October emails, aimed largely at IT services companies, falsely claimed that recipients were due to receive a tax refund, and instructed them to open the Word doc to fill out a refund request form.
The Nov. 6 emails similarly targeted business and IT services companies. In this instance, however, the attached documents were disguised as an RSA SecureID key, but actually contained macros that delivered Maze ransomware. One day later, TA2101 sent out even more emails, except instead of impersonated the Federal Ministry of Finance, the attackers pretended to be the ISP 1&1 Internet AG.
Phishing activity targeting Italian organizations, especially manufacturing companies, took place on Oct. 29. For this scam, TA2101 emailed dozens of prospective victims a notification of law enforcement activities that purportedly came from Agenzia Entrate, the Italian Ministry of Taxation and threatened recipients with financial penalties. Again, opening the attached Word doc would trigger the embedded macros to install Maze.
The most recent campaign referenced in the blog post took place on Nov. 12 and zeroed in on American organizations. These emails, which used a uspsdelivery-service.com domain instead of .icu, seemed to come from the U.S. Postal Service and again appeared to include a Word document with an RSA SecurID key. Opening the document this case caused the macros to deliver the IcedID banking trojan.
“Proofpoint researchers have observed a consistent set of TTPs… that allows attribution of these campaigns to a single actor with high confidence. These include the use of .icu domains, as well as identical email addresses for the Start of Authority (SOA) resource records stored for the DNS entries for the domains used in these campaigns,” wrote Proofpoint researcher and blog post author Bryan Campbell. The SOA email addresses, firstname.lastname@example.org, is also linked campaigns that attempted to spread Buran ransomware in September.”
“Additionally, Proofpoint researchers have observed that the canonical URLs used by this actor are formatted in a repeatable fashion with word_/.tmp in the string with slight variations made over time,” the blog post continued. “Proofpoint researchers suspect that the word_/.tmp usage might be linked to previous campaigns that were spotted earlier by the infosec community in 2019.”
View full post on National Cyber Security
At 10am on a late November morning in Freiburg, Germany, a bank employee noticed something was wrong with a bank ATM.
It had been hacked with a piece of malware called “Cutlet Maker” that is designed to make ATMs eject all of the money inside them, according to a law enforcement official familiar with the case.
“Ho-ho-ho! Let’s make some cutlets today!” Cutlet Maker’s control panel reads, alongside cartoon images of a chef and a cheering piece of meat. In an apparent Russian play-on-words, a cutlet not only means a cut of meat, but a bundle of cash, too.
A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.
In some cases, we have identified the specific bank and ATM manufacturer affected. Although a European non-profit said jackpotting attacks have decreased in the region in the first half of this year, multiple sources said the number of attacks in other parts of the world has gone up. Attacked regions include the U.S., Latin America, and Southeast Asia, and the issue impacts banks and ATM manufacturers across the financial industry.
“The U.S. is quite popular,” a source familiar with ATM attacks said. Motherboard and BR granted multiple sources, including law enforcement officials, anonymity to speak more candidly about sensitive hacking incidents.
A screenshot of the Cutlet Maker control panel. Image: Twitter account of @CryptoInsane
During the annual Black Hat cybersecurity conference in 2010, late researcher Barnaby Jack demonstrated live on stage his own strain of ATM malware. The audience broke into applause as the ATM displayed the word “JACKPOT” and ejected a steady stream of bank notes.
Now, similar attacks have been deployed in the wild.
In that Freiburg instance no cash was stolen, the law enforcement official said. But Christoph Hebbecker, a prosecuting attorney for the German state of North Rhine-Westphalia, said his office is investigating 10 incidents that took place between February and November 2017, including attacks in which thieves did make off with bundles of cash. In all, hackers stole 1.4 million Euro ($1.5 million), Hebbecker said.
Hebbecker added that because of the similar nature of the attacks, he believes they are all linked to the same criminal gang. In some cases, the prosecutors have video evidence, but they have no suspects so far, they added.
“The investigation is still ongoing,” Hebbecker said in an email in German.
Multiple sources said a number of the 2017 attacks in Germany impacted the bank Santander; two sources said they specifically involved the Wincor 2000xe model of ATM, made by the ATM manufacturer Diebold Nixdorf.
“In general, we do not comment on dedicated, single cases,” Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call. “However, we are of course dealing with our customers on jackpotting, and we are aware of these cases.” Diebold Nixdorf has also sold these ATMs to the U.S. market.
An overview of the 2000xe model of ATM. Image: Wincor Nixdorf.
A Santander spokesperson said in an emailed statement, “Protecting our customers’ information and the integrity of our physical network is at the core of what we do. Our experts are involved at every stage of product development and operations to protect customers and the bank from fraud and cyber threats. This focus on protecting our data and operations prevents us from commenting on specific security issues.”
Officials in Berlin said they had faced at least 36 jackpotting cases since spring 2018, resulting in several thousand Euro being stolen. They declined to name the specific malware used.
In all, authorities have recorded 82 jackpotting attacks in Germany across different states in the past several years, according to police spokespeople. However, not all of those attacks resulted in successful cash-outs.
Do you know about other jackpotting attacks? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
It’s important to remember ATM jackpotting is not limited to a single bank or ATM manufacturer, though. It is likely the other attacks impacted banks other than Santander; those are simply the attacks our investigation identified.
“You will see this across all vendors; this is not dedicated towards a specific machine, nor towards a specific brand, and definitely not a region,” Redecker said.
Part of the security issue for ATMs is that many of them are, in essence, aged Windows computers.
“These are very old, slow machines,” the source familiar with ATM attacks said.
ATM manufacturers have made security improvements to their devices, Redecker from Diebold Nixdorf stressed. But that doesn’t necessarily mean all ATMs across the industry will be up to the same standard.
And responsibility on securing access to the ATMs falls on the banks too.
“In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack,” David N. Tente, executive director of USA, Canada & Americas at the ATM Industry Association (ATMIA), said in an email.
Redecker said he’s been seeing attacks across the globe since 2012, with Germany suffering its first jackpotting attacks in Berlin in 2014.
Around the time of the 2017 attacks, researchers at cybersecurity firm Kaspersky published research showing Cutlet Maker for sale on hacking forums since May of that year. It seemed anyone with a few thousand dollars could buy the malware, and have a go at jackpotting ATMs themselves.
“The bad guys are selling these developments [malware] to just anybody,” David Sancho, senior threat researcher at cybersecurity firm Trend Micro, and who works with Europol on jackpotting research, said. That has enabled smaller outfits or enterprising criminals to start targeting ATMs, he added.
“Potentially this can affect any country in the world,” Sancho said.
Motherboard spoke to one cybercriminal claiming to sell the Cutlet Maker malware.
“Yes I’m selling. It costs $1000,” they wrote in an email, adding that they can offer support on how to use the tool as well. The seller provided screenshots of an instruction manual in Russian and English, which steps potential users through how to empty an ATM. Sections of the manual include how to check how many banknotes are inside the ATM, and installing the malware itself.
The European Association for Secure Transactions (EAST), a non-profit that tracks financial fraud, said jackpotting attacks decreased 43 percent over the previous year, in a report published this month. But it’s worth stressing that EAST’s report only covers Europe.
“It happens in parts of the world where they don’t have to tell anybody about it,” the source familiar with ATM attacks added. “It’s increasing, but, again, the biggest problem we’ve got is that nobody wants to report this.”
That lowering of the barrier of entry to ATM malware has arguably driven to some of the spike in jackpotting attacks. In January 2018, the Secret Service began warning financial institutions of the first jackpotting attacks in the U.S., although those used another piece of ATM malware called Ploutus.D.
“Globally, our 2019 survey indicates that jackpotting attacks are increasing,” Tente from ATMIA wrote in an email.
As the source familiar with ATM attacks said, “There are attacks happening, but a lot of the time it’s not publicized.”
Subscribe to our new cybersecurity podcast, CYBER.
View full post on National Cyber Security
A new way to use Microsoft Office to spread malware, hackers move fast to leverage another Adobe Flash exploit, and problems with a programmable credit card.
Criminals often try to trick users into infecting themselves by opening a zipped Microsoft Office document attached to an email. The document has a link to a malicious website. Barracuda Networks said this week the latest scam is to disguise that link so it fetches the website not through a web browser but through a communications protocol called Samba. Then malicious code is downloaded. Often it starts with victims get a message with something like ‘Your bill is attached.’
One thing you can do it beware of web page links in messages that start with “file://” rather than the expected “http://”
Barracuda says employees also should be regularly trained and tested to increase their security awareness.
Adobe Flash has long been a favoured way for attackers to get malware onto your computer. You download what’s supposed to be a Flash update or a Flash-based presentation, and instead you’re infected. A new hole was just discovered and patched by Adobe. However, Security Affairs reports that a researcher has discovered the popular ThreadKit exploit kit used by hackers is already now trying to use that exploit.
What can you do? A lot of these exploits are spread through email, so you’ve got to be wary of opening messages with attachments. Savvy criminals may target you, so don’t assume that because a message is from your boss, a friend or a relative that it’s valid. Many people disable Flash as a precaution. Those who don’t make sure their Flash is updated from a reputable site.
Finally, a California company named BrilliantTS has a problem with its Fuze Card, a smart card with a programmable security chip that looks like a credit card. The idea is you program the chip with data from several of your credit cards so you only carry the Fuze Card. However, Ars Technica reports two researchers have discovered a way that uses Bluetooth to impersonate the Android app that loads credit card data onto the smart cards. BrilliantTS says a fix will be released April 19th.
I don’t know if the card can be used in Canada. Your local bank or organization behind credit and debit cards has to approve its use for their processes. But it’s another lesson that there’s no quick fix for any problem in your wallet.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.
The post A new #way to #spread #malware and #problems with a #programmable #credit #card appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.
The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.
The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.
View full post on National Cyber Security Ventures
He spoke of giving backpacks full of explosives to homeless people, federal authorities said. He talked about lacing cocaine with rat poison to distribute at nightclubs and setting fires to hills near Berkeley. For months, undercover federal agents interacted with Amer Sinan Alhaggagi — swapping text messages, emails and phone…
The post Man wanted to help ISIS and spread terror in Bay Area, indictment alleges appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
You might want to think twice before you try to watch a pirated copy of of the new Star Wars movie online. Aside from the fact that the film will probably be way better on a big screen with surround sound, a new report finds that many websites set up to distribute pirated movies and TV shows spread malicious malware. Cybersecurity firm RiskIQ probed a sample of 800 piracy websites and found that one in three contain malware that can expose a user to identity theft, financial loss, and hackers taking control of their computer. Internet users who visited piracy sites were 28 times more likely to get malware from so-called torrent sites than from licensed or mainstream media websites. Almost half the time, the malware was delivered by “drive-by downloads,” meaning the malicious software was triggered just by visiting a site — users did not have to click again or actually download a video to get infected. Once hackers gain access into a computer, they can steal bank and credit card data or personal information, which can be sold in an underground market. Another tactic some hackers use is to lock a person out of their computer and demand […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post A third of pirated movie sites spread malicious software, report says appeared first on National Cyber Security.
View full post on National Cyber Security