Twitter April 2016


Return to Twitter Index page

April 30, 2016  Good news regarding ATMs hacked to include skimmers: Operators are finding and fixing them faster. The bad news? Crooks hacked five times more ATMs in 2015 than they did in 2014.  Story  Tweet

April 30, 2016  Update to “Coin Counting – Their Way” Getting your coins counted by a bank? Are those bank counters accurate? Machines at multiple locations of this bank were short by as much as $50 being 15% of the deposit. Maybe you should test yours? A filed complaint seeks class action status and trial by jury.  This Update  Start of the Story  Tweet

Here are several stories on malware running rampant. It appears that the days of stable software and safe browsing are but faded memories and our future is patches, updates, patches, more patches and more updates, then patches for the holes in the patches and updates.

April 30, 2016  Radio controlled toy maker Maisto ran a web site under Joomla that was lacking multiple security updates. They were hacked to serve the Angler exploit to visitors as the first step toward ransomware. No joy in that toy.   Story  Tweet

April 30, 2016  Android Users! Be aware of a text message delivered via SMS containing a valid domain name and a subdomain compromised with very bad malware.  Story  Tweet

April 30, 2016  Water & Electric utility slammed with new malware despite anti-virus software.  Story  Tweet

April 30, 2016  12 million computers around the world have been installed with “benign”software, yet it is capable of decidedly hostile action. If you bought a computer since 2014 in Australia, France, Japan, New Zealand, Spain, the United Kingdom or the United States, have something called OneSoftPerDay or a Wizz-(anything) running, read the article.  Story  Tweet

April 29, 2016  SWIFT inter-bank money transfer systems now reporting other breaches similar to Bangladesh. Now they tell us?  This Update  Start of the Story  Tweet

April 28, 2016  20160428-gaoFive years after being shown that modern cars present numerous attack surfaces, the GAO publishes a report to help protect cars from cybersecurity failures. Problem is the same report is a primer on how to hack cars that have an order of magnitude more lines of code than a modern airliner.  Story  Tweet

April 28, 2016  Half a dozen stories:

The top level domain (TLD) for American Samoa (.AS) was hosted on a system that allowed direct URL manipulation to access all the domains. The damage potential was high and existed since before this new century.  Story  Tweet

To its members, the American Dental Association mailed mini-USB drives with new dental billing codes. For a lucky few, something extra, malware!  Story  Tweet

Perhaps the worst nightmare of any cyber-security specialist, malware found in rod movement computers at a nuclear power plant.  Story  Tweet

Do repeated Windows 10 update reminders interrupt your work? Not like this!  Story  Tweet

Microsoft’s hotpatching has been perverted to hide malware.  Story  Tweet

A Qatar bank was hacked and quite a bit was exposed.  Story  Tweet

April 27, 2016  20160427-lifeboatMinecraft “LifeBoat” hacked and leaks 7 million records. Check to see if you were exposed.  Story  Tweet

April 27, 2016  150+ verified .GOV email addresses are on the “Beautiful People” dating web site, breached late last year. You tax dollar$ at work.  Story  Tweet

April 27, 2016  20160427-fbiFBI reveals iPhone vulnerability to Apple, nine months after Apple already fixed it.  This Update  Start of the story  Tweet

April 26, 2016  4th Circuit Court of Appeals just clarified the scope of commercial general liability insurance as regards some cyber-problems.  Story  Tweet

April 26, 2016  Users say Spotify was recently hacked. Company says, ah, no. Users report changes to accounts. Company says, ah, no.  Story  Tweet

April 25, 2016  20160425-mexicoMexican voter database with over 90 million records taken off Amazon Cloud EIGHT DAYS after discovery and being reported. The database had no password or authentication protection.  This update   Start of the Story  Tweet

April 25, 2016  Ashley Madison Class action conundrum: Judge rules plaintiff’s don’t warrant protective anonymity.   This update  Start of the Story  Tweet

April 25, 2016  How a hacked messaging application almost cost the Bangladesh Bank a billion dollars.  This Update  Start of the Story  Tweet

April 25, 2016  20+ million charge cards are available in this one card selling shop and there is almost no media outcry? Do we not care anymore?  Story  Tweet

April 25, 2016  Why go to the trouble of creating cyber-mischief when you ca get paid hundreds of thousands of dollars for just saying you will?  Story  Tweet

April 24, 2016  ”Restricted” keys marked “Do Not Replicate” now now be 3D printed thanks to public patent information.  Story  Tweet

April 23, 2016  Army communications unit criticized for weak cyber-security over several years, already deployed in war zones and cost $12 billion dollars. Don’t our troops deserve better?  Story  Tweet

April 22, 2016  Does the Windows 10 Blue Screen of Death offer up a Quick-Response (QR) code? Are you sure that code came from the operating system? Will scanning it infect your phone? Be vigilant.  Story  Tweet

April 22, 2016  Mac Users! RansomWhere monitors your system for ransomware in operation and stops it in its tracks. No-charge to stop crooks!  Story  Tweet

April 22, 2016  Sadism in malware. As if being infected with ransomware isn’t enough of a strain now comes a variant that displays material to horrify you. The good news? The programmers were not as smart as they were cruel and a no-charge fix is available.  Story  Tweet

April 22, 2016  Is your website valuable? If not, skip this. If so, then know a web hosting company accidentally erased a very small percent of its servers. Little comfort if you were one of the hundreds to thousands of users on those 60+ machines. How to get more security?  Story  Tweet

April 22, 2016  Why hack? For the thrills? For extortion? How about as a social statement to expose tools of a surveillance state? Meet “Phineas Fisher”.  Story  Tweet

April 21, 2016  20160421-scalesFBI paid hacker for access to San Bernardino iPhone and won’t tell Apple how it was done.  Story  Tweet

April 21, 2016  20160421-justiceThe wheels of justice often grind slowly, but sometimes Lady Justice just swings for the fence. Multiple legal and regulatory decisions were made in favor of consumers to provide a course to redress wrongs and move protecting personal information closer to the forefront of business thinking.  Story  Tweet

April 20, 2016  20160420-ss7Cell phone vulnerability made public in 2014 was used to hack a US Congressman on 2016. Why is this still a problem? What can you do to protect yourself?  Story  Tweet

April 19, 2016  Ransomware via resumes, a cautionary tale for applicants and companies alike.   Story  Tweet

April 18, 2016  20160418-csSome excellent cyber security education was classified in 1970. Nothing secret, just to “control dissemination”. Might have saved a lot of grief if it had been part of the education curriculum.  Story  Tweet

April 18, 2016  GozNym may be the Borg of banking trojans. This hybrid has successfully taken millions from 24+ banks in the US and Canada.  Story  Tweet

April 18, 2016  20160418-qtTwo new critical vulnerabilities found in QuickTime after Apple stops delivering security upgrades. According to US-CERT time for that application to go.  Story  Tweet
April 18, 2016  20160418-eagleDrone strikes Airbus. Deploy the eagles.   Story  Tweet

April 17, 2016  RCMP had global BlackBerry key for all non-corporate users since 2010. How did they get it? Do they still have it? Who else has it? Is BlackBerry secure or not?  This Update  Start of the story  Tweet

April 17, 2016  Two more on the DOJ/FBI vs Apple situation. What was on the San Bernardino cell phone? Apparently nothing of value. Tin-foil-hat-wearing person called that one right last month. Story  Tweet  So who actually cracked what? Reputable source says it wasn’t Cellebrite. Some questions answered, but those answers raise more questions? Story  Tweet  One thing is certain, this event has cost a lot in money and bad press. Start of the Story

April 16, 2016  Scorecards on the cyber security efforts for federal, state and local governments. Some good, most less so.  Story  Tweet

April 16, 2016  Uber reported on 12+ million trips to regulators during just the last six months of 2015. Their new warrant canary is still singing.  Story  Tweet

April 16, 2016  20160416-classUS House of Representatives, Judiciary Committee, is working on restricting mandatory arbitration clauses. This would move cases from a lopsided private system to a public legal system where there is equal justice under law.  Story  Tweet

April 15, 2016  20160415-cryptoUS Senate proposes to ban core elements of cyber security. Think the crooks will obey the law?  Story  Tweet

Update: The proposed version is worse that last week’s draft. In some cases, much worse.  This Update  Tweet

April 15, 2016  Update to 3/27/2015 re reported hacking of law firms.  This Update about why  Start of the Story  Tweet  See also the Panama Papers

April 15, 2016  Use Bit.Ly or other URL shorteners? Beware! Those can make data you think safe get gone in 60 seconds.  Story  Tweet

April 15, 2016  You have a home router. You might know it or not. What you probably don’t know is that your cell phone can infect it and next time you think you’re going to “MyBank” you’ll actually be at “TheirBank” happily disgorging your userid and credentials. You can stop it with some simple steps.  Story  Tweet

April 15, 2016  Microsoft objects to indefinate duration gag orders citing “Freedom of Speech” as defined by the First Amendment.  Story  Tweet

April 15, 2016  New Jersey and Maryland public transit are listening on passsenger conversations. Is there an expectation of privacy? Who listens to all that chatter?  Story  Tweet

April 14, 2016  Tweet1  Tweet2  Two updates on the FBI vs Encryption    The San Bernardino crack won’t work on 5S or later iPhones, but the device is becoming less of a worry than end-to-end encryption service. What did it cost for the SB crack vs the DOJ legal expenses?   Story    Since 2002 dealing with encryption has been on the FBI radar, but not always in its mandatory reports. Some attempts at imposing laws appeared to be based on a presumption of not(innocent).  Story

April 14, 2016  Former employee leaves on Friday with personal storage device containing information on 44,000 people. What information? FDIC isn’t saying.   Story  Tweet

April 14, 2016  20160412-petyaRetro-malware “Petya” cracked by security researchers. Step-by-step removal possible without paying ransom.  This Update  Start of the Story  Tweet

April 14, 2016  Malicious advertising (malvertising) hits almost 300 sites in the Netherlands. One site alone has 50 million visitors a month. How many were infected? Who is responsible if users lower their adblockers?  Story  Tweet

April 12, 2016 Multiple stories for your information.  Tweet

Five all-too-common cyber-security myths we need to overcome much sooner than later.  Story

Latest security report from Symantec. Crooks getting smarter, incidents are increasing in frequency and severity, reporting is shrinking and we should all be more cyber-worried.  Story

Anti-surveillance technique used by terrorists … and the director of the FBI. Could you be harboring this tool in your home or office?   Story

What goes around comes around. Judge orders FBI to release exploit code used to compromise the TOR browser. They are resisting disclosure.  Story

Just because it is found on the internet does not make it true or accurate. Just ask the residents of a small place not too far from the US center who have been visited by the FBI, IRS, USMS, police, and angry people. Or, the family in Atlanta that appears to be where lost cell phone call home.  Story

Facebookers – a scam is targeted directly at YOU! That notice about “your account is suspended” may be a scam. Read this to recognize it and do not, Not, NOT click on the link provided.  Story

Shodan, the search engine for the internet-of-everything, found some radio stations that were not secured. The stations were hacked to broadcast a … furry … podcast and the station engineers were locked out for about 90 minutes.  Story

April 11, 2016  20160411-encrSenate bill would ban all but hackable encryption for us.   Story  Tweet
April 11, 2016  20160411-amazonIrony bites, sometimes very hard. You want a security video camera, research and get one from the world’s largest web-based retailer and get something extra, decidedly the opposite of security.  Story  Tweet

April 10, 2016  UK hacks the most vulnerable, not suspected of anything, just because it is legal?  Story  Tweet

April 10, 2016  Part of the voter database in the Philippines was hacked and posted on line. “Officials” said nothing of importance was taken. How about personally identifiable information (PII) and fingerprints for over a million voters?   Story  Tweet

April 8, 2016  Update to February 2015 breach that exposed 80 million. Anthem tries a rare tactic and the judge has a succinct response.  This Update  Start of the Story  Tweet

April 8, 2016  Doing business on eBay? 7 reasons to be cyber-worried.  Story  Tweet

April 7, 2016  20160407-smwSocial media delivers 18% of the malware at work. Get rid of it? Not so fast. Business use social media too. Now what?   Story  Tweet

April 7, 2016  Chrome browser extensions highjacked to display advertising page before showing desired page. Tracked users too.  Story  Tweet

April 7, 2016  Poor security irks hacker so much he takes data and posts it on the Dark Web. Or did he?  Story  Tweet

April 7, 2016  ComEd in northern Illinois is moving forward with electronic billing (good) sending information in unprotected PDFs containing personally identifiable information (bad).  Story  Tweet

April 6, 2016  Update: Panama Papers: lawyers gave interview the week before the huge public exposure. One may have brought increased regulatory attention on them.  Story  Tweet

April 6, 2016  Sick of Win10 adware? Afraid you’ll click the wrong icon and get a brick where you used to have a computer? Happy with what you’ve got? Don’t want to mess with the registry, scripts, tweaks, etc? Consider GRC/Never10 application from all-round good guy, Steve Gibson.  Story  Tweet

April 6, 2016  Meet “Petya”, retro malware that screws up new technology in a way that even the crooks can’t unscramble. Don’t even think about paying for this extortion.   Story  Tweet

April 6, 2016  Got an iPhone 6S or 6S+ running iOS 9.2 to 9.3.1? If so, then anyone who has physical access can bypass your lock screen. You can stop this exploit.   Story  Tweet

April 6, 2016  Microsoft main authentication for Outlook, Azure and Office had a serious vulnerability found by a bounty hunter. Good news: it has been fixed. Better news: It only cost $13k in bounty. Bad news: How did it get past all the internal checking in the first place?   Story  Tweet

April 5, 2016 Update  20160405-pan-bloodPanama Papers draws first blood. Iceland Prime Minister resigns. May have evaded disclosing conflict of interest in shell company.  This Update  Start of the Story  Flash Tweet
April 5, 2016  20160405-panPanama Papers Updates: Paper? Nah, electrons! Following the post-hack script (psst, that is the wrong one!). What may have started the breach.   This Update  Start of the Story  Tweet

April 5, 2016  Truecaller anti-telemarketing call / anti-spam text tool had a weakness that could expose the personal information for 100 million users. Updates available.   Story  Tweet

April 5, 2016  Reddit Canary stopped singing 3/31/2016. What?  Story  Tweet

April 5, 2016  US/Canada alert on influx of ransomware. 7 steps to help prevent getting it and 1 step on if you do.  Story  Tweet

April 5, 2016  US Government files hacked for YEARS according to FBI Alert. “We’re screwed”.  Story  Tweet

April 4, 2016  20160404-panThe Panama Papers may rock the world like the Pentagon Papers, or CableGate from WikiLeaks, but at its core it is a huge breach in the electronic records of a law firm.  Story  Tweet
April 4, 2016  20160404-trumpTrump Hotels breached … again.  Story  Flash Tweet  Tweet

April 4, 2016  49.6 million records exposed Turkish citizens name, national ID number and more.  Story  Tweet

April 4, 2016  You were speeding so you’re not really surprised you got a ticket, a nice new eTicket, just click here to pay. WRONG! New scam with a new twist.  Story  Tweet

April 3, 2016  Your vote counts, right? Would you believe half a dozen elections not far from the USA were stolen? Could it happen here? Read the epiphany that started it.  Story  Tweet

April 3, 2016  Political fallout from failed communications security may sink the 86 billion Euro Greek bailout. Are you taking communications security for granted?  Story  Tweet

April 3, 2016  Counter-fraud activities at the federal and state levels slow tax return processing.  Story  Tweet

April 2, 2016  20160331-100That $100 bill you have. Printed in the US or Peru? You might be surprised and not necessarily in a good way.  Story  Tweet

April 2, 2016  (From late March) Medstar hospital system attacked and reverts to 1970s-era record keeping for which they were unprepared.   Story  Update It is ransomware.

April 2, 2016  More variants of malware for point-of-sale terminals.  Story

April 2, 2016  Apple update exposes users to a hack so severe it allows access to places even ‘root’ isn’t allowed.  Story  Tweet

April 2, 2016  Deep Dive into Joker’s Stash. A long look at a place where you can buy thousands, tens of thousands, of charge cards and more.  Story  Tweet

April 2, 2016  End of an Epoch! As of 6/1 there won’t be an Internet anymore. What will replace it? The internet. AP Style guide drops the proper noun capitalization.  Story  Tweet

April 2, 2016  Invest $40 in hardware and hack a $28k Police Drone from two kilometers away. How? To start for $28k all you get is deprecated WEP security.  Story  Tweet

April 1, 2016  March clean up – items of information that were gathered but not published in time.  Tweet

Apple is building its own network servers to enhance security. The need for security is understood, but why build your own? They have a good reason.  Story

Your company has been breached. What are your responsibilities in your state and for the states of those affected?  Story

Gaming the lottery in Connecticut, but not the way they had in mind.  Story

Great webinars each day for a week, but scheduled for UK time. Now available on line thanks to Sophos.  Story

The value of a thing is the cash it will bring. So how much does a charge card number bring? A set of personally identifiable information? An Uber account?  Story

You get an email from a domain ending in .gov. Do you trust it or is it a scam? How some bad programming in some government web sites and a popular URL shortening tool is allowing crooks to reach more victims.  Story

How secure are Presidential campaign websites? Which is more secure than another?  Story

How CNBC gave a great lesson in internet security by sharing user-supplied credentials with advertisers and other services.  Story


[ Some tweets tweaked for clarity
or revised URLs -ed ]
Return to Twitter Index page