Twitter January 2016


Return to Twitter Index page

January 30, 2016  20160129-ana The House of the Mouse in California has some high capacity ears whirling above and you paid for them to listen to tens of thousands of you at a time.   Story   Tweet

January 30, 2016  Oct 2015 breach fallout for TalkTalk: Down 250k customers and new customer market share has declined too. Suffering a breach is bad for business.  This Update  Start of the Story   Tweet

January 29, 2016  4-fer: Tweet   Millimeter Wireless Broadband (really broad) might allow you to dump your ISP, but not soon. Story  We passed it without reading it? How a multi-nation agreement requires cyber security researchers to get an export license to work across a national border. Yes, really. Story   Give Amazon Customer Service your email and they’ll tell you almost anything even if you’re not the one connected to them. Story   Is your security camera working for someone else? Story  

January 29, 2016  What do you do when your bank in India gets ransomware and BTC transactions are illegal? What do you do?  Story  Tweet

January 29, 2016  University of Virginia was breached. School found out when FBI told them. It was a year before the victims were even told there was a breach. How much damage was done to them during that time?   Story  Tweet

January 29, 2016  Neiman Marcus user accounts breached affecting Berdorf and more.  Story  Tweet

January 28, 2016  20160128-baby Crooks have hacked baby monitors to communicate with infants via internet enabled baby monitors. NYC Consumer Affairs investigating claims of misleading advertising.   Story   Tweet
January 28, 2016  20160128-drone How would you feel if you found out your friends had been spying on your spying since 2008?   Story   Tweet

January 28, 2016   FTC: IDtheft up 47% from 2015. Most related to tax refund fraud. New tools for consumers.   Story   Tweet

January 28, 2016   20160128-panda Almost 1/3 of US computers had some form of malware in 2015. Nordic countries were about 21%. New samples are being found at a rate of 200,000 per day and growth shows no sign of slowing.   Story   Tweet

January 28, 2016 UPDATE:  Israel Utility Regulatory Body was attacked, not the power generation. Sound-bites and internet speed sometimes make the truth harder to find.   Story   Tweet

January 28, 2016   Fraternal Order of Police (FOP) website hacked, some material reposted. Who, What, and How unanswered.   Story   Tweet

January 28, 2016 UPDATE:  20160128-pgp Blackberry CEO Chen may be right. The PGP application (coupled with some other tools) leaks enough to lead to open a crack.   This update  Start of the Story   Tweet

January 28, 2016  All LG G3 phones vulnerable to bug in notification application. Patch available. Read this!   Story   Tweet

January 27, 2016  20160127-wendys Wendy’s breached? Maybe. If systemic could affect 6k+ restaurants in 30 countries and many consumers.   Story   Tweet

January 27, 2016  Israel joins nations with infrastructure under “severe cyber-attack”.   Story   Tweet

January 27, 2016  TP-Link Routers broadcast their default passwords, sort of. Change those default security settings!   Story   Tweet

January 26, 2016  20160126-dont Do you drive a 12′ tall truck and look for the police before trying to drive under an 11′ bridge? So, if someone sends you a link to (not its real name) would you try it? Please don’t!  Story   Tweet

January 26, 2016  Lenovo hard codes the third worst password of 2015 to create open, unencrypted networks.  Story   Tweet

January 26, 2016  Ebay’s Magneto, which runs 10+million ecommerce sites, has a weakness allowing anyone who drops code into a field requesting email address to take over the site and swipe consumer info including charge card data.   Story   Tweet

January 26, 2016  Nation-level spyware found in Australian data center. Who put it there?  Story   Tweet

January 25, 2016  20160125-ip Did you know Skype snatched your IP address and let others see it? Until a recent upgrade did this…   Story   Tweet

January 25, 2016   Uber overshared some personal tax information. Ooops. Story   Tweet

January 24, 2016  20160124-icloud Apple is a staunch proponent of strong encryption for people and not allowing backdoor access. Except for the iCloud Backup where they keep a key that could be taken by subpoena or hack.  Story   Tweet

January 22, 2016 Update:  20160122-fire Fortinet: this is “a management feature which relied on an undocumented account with a hard-coded password” and there are more devices with this non(backdoor) backdoor. Upgrades advised. This update  Start of the story   Tweet

January 22, 2016 Update:  20160122-fda FDA moves forward in protecting us from the dangers that lurk in the internet of medical things. This update  Start of the story  Related: 2015 Hospital IOT / Billy Rios / Honey Pots & More   Tweet
January 22, 2016 Update:  20160122-ukraine Spear-phishing continues targeted at Ukraine power, airport, more. Attribution unknown. This update  Start of the story  Tweet

January 22, 2016   3k+ servers found infected, but no malware delivered. Practice run?  Story  Tweet

January 21, 2016  20160121-royal Australia’s Royal Melbourne Hospital was infected with a virus affecting their Win/XP systems, labs, email and exposing patient data. Story   Tweet
January 20, 2016  20160120-scotus US Supreme Court supports an aspect of Class Action lawsuits. This is good news for consumers and runs contrary to the vein of earlier opinions that severely curtail equal opportunities in David vs Goliath style legal contests. Story   Tweet

January 20, 2016 Update:   More on “Cyber Risk Insurance” vs “Crime Insurance”. This update  Start of the story   Tweet

January 20, 2016  20160120-scada Would you take a picture of critical information and post it for the use of the bad guys? Do you take selfies and reveal passwords and more? Ah … ooops. Story   Tweet
January 20, 2016   Apple fixed compromisable user cookies allowing impersonation 30 months after being told. Story   Tweet

January 20, 2016  20160120-kids Some misinformation corrected about freezing the credit records for children in the absence of a federal law. What you can do depends on what state you reside. Story   Tweet

January 19, 2016  Is your password “password”? Congratulations! You have the second most common of the worst passwords compiled from 2+ million leaked passwords collected during 2015. See story for others and guidance for stronger passwords. Story   Tweet

January 19, 2016  20160119-wifi Do you know what is radiating in your neighborhood? Is a smart meter messing with your wifi or cell signal? How can you tell? Story   Tweet
January 18, 2016  20160118-strings CEO: Send Money. AccountingDept:Money Sent. CEO:What money? It wasn’t the CEO, it was a scam email and a scam follow up. Now, was it covered under the cyber security policy? Maybe. Story   Tweet.
January 17, 2016  20160117-pgp Given the lack of details from law enforcement and Blackberry’s continued protestations is it possible the PGP application was cracked, not the phone itself? Story   Tweet.
January 16, 2016  20160116-france France rejected backdoors to encryption joining many US business groups. This update   Beginning of the story   Tweet.

January 15, 2016  LateNews x2. From 1/11/2016: Hacker gets 334 years.   From 1/12/2016: Major News to DarkWeb  Tweet.

January 15, 2016  20160115-btc Alternate coin exchange Cryptsy robbed of about $7.5M in bitcoin in mid-2014. Stops trades in mid-January 2016 and may file for bankruptcy. Story  Tweet.

January 15, 2016  Hyatt tells more (but not enough) about the breaches affecting 250 properties in 50 countries for over four months. Story  Tweet.

January 15, 2016   This absolutely nifty wifi enabled doorbell answers the door, displays video, all sorts of nice features, including exposing your wifi credentials. Story  Tweet.

January 15, 2016  Malvertising (advertising containing malware) vs adblockers vs site support. Where is the balance? Story  Tweet.

January 15, 2016   As of 1/1/2016 NY wants $2500 PER PHONE if it does not have security backdoor. Tweet   Start of the story   This update.

January 14, 2016  20160113-fire Network security devices under fire. Fortinet responds. New Juniper flaw found. Hack, “feature” gone bad, whatever, this is bad for consumers who thought they were buying security. Story  Tweet.
January 14, 2016  20160114-silverlight A severe weakness in widely deployed Silverlight existed for 2+ years. It was discovered by a security researcher / exploit writer who tried (unsuccessfully) to sell it. Clues in the negotiating narrative led other researchers to find the weakness, report it, and eventually a patch was issued by the original designer. That we celebrate “Patch Tuesday” is a sign of our acceptance of such potentially damaging situations as common place. We need better. Story  Tweet.

January 14, 2016  20160114-ransom Having your data in the cloud is not protection against ransomware. Story  Tweet
January 14, 2016  2016014-nest There are Inherent Dangers in the Internet of Things and just because we can connect devices does not mean we should. Many people found that out the cold way. Story  Tweet

January 13, 2016  More bad news from yesterday Tweet. Massive under-reporting of ransomware in some countries. Story    First Juniper, now Fortinet, another network security device found to have a “secret access” method. Story    Popular AntiVirus/PasswordManager software had a weakness exposing all the passwords. Not discovered by the company, but by an independent researcher. Story

January 12, 2016  2016012-astro Cardinals scouting director confesses to hacking Astros for years. For how and what see Story  Tweet
January 12, 2016  20160113-pgp Blackberry PGP phones cracked by RCMP as far back as 2011. Updated. Story  Tweet
January 12, 2016  Today was a bad day for exposures. Here are four more stories.  Tweet    Stuxnet damage capability made easy. Just what we didn’t need.  Story    US Power grid attacked over 800 times by this group, yet hackers get the publicity.  Story    Malware used fake digital certificate to infiltrate sites.  Story    Faithless fan database found on web. No notice from company. New EU rules coming.   Story
January 11, 2016  20160111-poker Ever wonder how some on line poker players claim such high win:loss ratios? This virus might explain some of it. Story  Tweet

[ the picture is A Bold Bluff by Cassius Marcellus Coolidge who painted the Dogs Playing Poker series. Painted sometime before February 1909 this was originally titled Judge St. Bernard Stands Pat on Nothing. It was followed by Waterloo that showed what happened next. -ed ]

January 11, 2016  20160111-pgp Blackberry PGP phones cracked to expose plaintext messages. Story  Tweet
January 11, 2016  20160111-ransom A new version of CryptoWall ransomware that locks up your files has same prevention measures. Kipling wrote about paying such tributes in 1911. Story  Tweet
January 11, 2016  20160111-wad Is your wearable tech reporting the micro movements when you type or tap? Could be so, right now. Story  Tweet
January 10, 2016  20160110-rovnixBanking trojan variant has excellent language and social engineering skills. Now preying on citizens of Japan. Not commonly detectable. Who is next? Story  Tweet

January 9, 2016  Blackphone, the “most secure” ‘droid phone, and high-grade Level 3 (of 4) home security system were examined and found to be, well, NOT so secure! Story  Tweet

January 8, 2016  2016010moeA cyber-security researcher’s worst nightmare? Getting a pacemaker whose manufacturers say “just trust us” re cyber-security.
Story  Tweet
January 8, 2016  20160108-bb8 New toy on the IoT has an insecure communications vulnerability. Story  Tweet
January 8, 2016  Win10 adware – BEGONE!!! Story  Tweet
January 7, 2016  20160107-2015-mixed_bag
2015 Summary: Mixed bag. Compromised accounts down, number of compromises up.
2015 Summary  2005-2015 Charts   Tweet 1  Tweet 2
January 7, 2016 Ukraine Update:  20160107-sandworm “SandWorm” code recognized in Ukraine cyber attack. This update |  Start of Ukraine power outage | SandWorm discovery in October 2014 | Tweet [ Sandworm from TheRegister/UK Ukraine Flag from Wikimedia ]

January 7, 2016  20160107-cvc Good News in Cops vs Crooks: Romanian Police and other law enforcement arrest crooks using Tyupkin malware-for-rent. Story  Tweet

January 6, 2016   TimeWarnerCable: ~320k customers exposed. FBI told them. How? Don’t know. Story  Tweet

January 6, 2016 Update  Did a macro laden spreadsheet start a cascade leading to the Ukraine power outage? Story  Tweet

January 6, 2016  20160106-dinoKid spends dad-dollars for $5,900 of virtual dinosaurs. Story  Tweet

January 5, 2016  Linode recovering from 12 Days of DDoS attack then resets all passwords because … Story  Tweet

January 5, 2016  Ukraine Power Grid Hack larger than 1.4M previously disclosed Story  Tweet

January 2, 2016  20160102-bugsThe award for the buggiest software and the company with the most bugs goes to …
Story  Tweet
January 1, 2016  20160101-cyberoamCyberoam customer/partner database exposed. Phishing alert!  Story  Tweet


[ Some tweets tweaked for clarity
or revised URLs -ed ]
Return to Twitter Index page