Erich’s “What in the (cyber security) world is going on?” 12-29-16 edition

2016 Isn’t done with us yet

Screw 2016. That’s kind of what I’m feeling. I’m about tired of people passing away this year. The latest celebs are George Michael, Carrie Fisher, Richard Adams and Debbie Reynolds were all lost this week. Even closer to home is the wife of a person I have a lot of respect for, Jack Daniel, who lost his wife of 37 years on Tuesday. I cannot begin to imagine the pain and sadness the close friends and family of all of these people are feeling. I am praying for their peace as they go through these tough times.

I’m going to do something a little crazy

I’m going to run for a spot on the (ISC)2 Board of Directors in 2017. I worked for them for a couple of years as an advocate for the membership, among other things, and I still feel strongly about trying to help folks that carry the CISSP and other (ISC)2 certs so I’m going to make a run at it. I will need 500 emailed petitions be on the election slate. If you are an (ISC)2 member, please check out this link and help me out. It only takes a minute. Thanks

Disk-Killer Malware Adds Ransomware Feature And Charges 220 Bitcoins

Ouch! Your machine is infected by an email attachment. Now it encrypts the snot out of it, and exfiltrates data. I made a call earlier that I expected to see this sort of behavior, but I didn’t expect this kind of price tag. The back story is fascinating as it has evolved from ICS and SCADA attacks. This is worth reading.

 

Makes my neck hurt looking at it

Android ransomware hits a Smart TV

So, this poor souls family got hit with ransomware on their TV and are not happy about it. It seems LG won’t give him the process for a factory reset, and there is some talk about a charge for support. It’s an old set, still running Android, and it would almost certainly need to be sideloaded or rooted to install a 3rd party .apk. I’m not sure what I think about this as they say, “they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this”. Now, call me crazy, but I have to wonder if the app was something called “Codec.apk” or something similar, and perhaps if the movie they were watching was um… not from trusted channels. Fact is kids, if you DL pirated movies, you might just be opening yourself up to something like this. Not sure if LG has a way for a user to fix this if it really encrypted the file system. Factory reset doesn’t help if the source is encrypted. Just sayin. I do wish there was more info out there, but I think we have heard the last of this.

New iTunes Phishing Emails on the Rise

Watch out for iTunes invoices bearing… attachments or links. If you get an email saying you paid $45 for the Netflix app or $25 for a song (not even a Kanye song is worth that!), don’t click the link. Instead, go directly to iTunes (no really, this link is legit, I promise!) and check your account from there.

How does she have that many followers and I only have about 150?

A Britney Spears Twitter account was hacked

It was an account controlled by her record label and has about 614,000 followers. Since the hackers did this at about 5:00am Eastern Time, nobody seemed to notice. I’m guessing most of the people that still listen to here were still sleeping off a bender at that time of day. Since all of the hacked tweets were gone by 9am, it practically didn’t happen.

Bitcoin hit over $930

That’s a lot for a unicorn/vapor cyber currency. Maybe I’m just old, but I’m not even sure how I feel about this, but I’m done talking about this imaginary money.

(ISC)2 Members – Please support me for the 2017 Board of Directors election

In this post, I am announcing my intention to run for the (ISC)2 Board of Directors in the 2017 election. I have been interested in doing this for a while now, however due to time restraints, I decided to wait until after the 2016 elections in order to move forward with this. Well, here we are!

Who is (ISC)2?

(ISC)2 is the not-for-profit organization that issues and oversees some of the top Information Security certifications in the world, to include the CISSP (Certified Information Systems Security Professional) and the SSCP (Systems Security Certified Practitioner). More information can be found HERE.

Why do I want to do this?

I started out really getting to know (ISC)2 as an item writer for the CISSP and CISSP-ISSAP exams (I helped create questions for these), both certifications of which I hold. As I got to know the organization, I really enjoyed working with the people from (ISC)2, all of whom had a passion for security. Eventually, I moved to Florida to become the Director of Member Relations and Services at (ISC)2. In this position, I was responsible for member benefits, events, customer service, endorsement, CPE policies, etc., but none were more important to me than being an advocate for the membership. I met a lot of members during this time and worked hard to be the voice of the membership within the organization. When the organization was young, it was run by members. As it grew and acquired professional managed staff, and has been successful, the member per employee count has dropped substantially. Given that first and foremost, (ISC)2 is a 501(c)6, not-for-profit association, I believe it is imperative that the voice of the membership continue to be heard. My unique background and experience will allow me to bring this focus to the board.

In short, I want to be your voice! I want to ensure that you are heard and your voice carries to the leadership of the organization.

Why me?

I have been in I.T. and Information Security since the mid-1990’s, so I have the experience and have felt the pain many of the members deal with each day. I have worked in healthcare, manufacturing, and Department of Defense roles. In addition, I have worked as an employee of (ISC)2 and have seen the limitations and struggles in the day-to-day operations first-hand, while working with members to resolve issues and address their concerns.

In my job as a Security Awareness Advocate for KnowBe4, I am in a unique position to have regular interactions with (ISC)2 members and the security industry at large across many industries, both face-to-face and virtually. I will leverage this interaction to provide feedback to the other members of the Board of Directors, and to help shape the organizations strategy.

Through a position on the Board of Directors, I will push to see that more resources are placed toward becoming an association of Information Security professionals that you can be proud to be a part of. Specifically, among other things I will:

  • Work to ensure that new certifications are not launched without a well designed plan and review of current certification value. These certification launches take significant resources from the membership focused projects.
  • Work to build the (ISC)2 membership in to a real community as opposed to a crowd made up of certification holders. If only 10% of the 110,000+ certified members worked toward a common goal, we could radically change the Information Security world for the better.
  • Push for more transparency from within the organization. The current Board is doing a great job with the push for more transparency, but there is more to be done. I will support the work being done and help to expand it even more.

I need your help!

Per the (ISC)2 Bylaws, any member in good standing can be elected if willing to serve per section IV.7:

The name of any qualified person who agrees to serve if elected may be submitted by signed, written petition, of at least 500 members in good standing as of the date of the election announcement, to the Board at least sixty (60) days in advance of the start of the election. Any such petition shall identify the Board seat for which the nominee is to be considered. Nominees received under this process shall be included on the ballot.

This means that I need a petition from 500 (ISC)2 members nominating me for the Board of Directors in order to get on the board election slate. This petition must be emailed to me at [email protected] from the email address you have associated with your (ISC)2 account and must contain your name and member number. I have made a sample email below that you can quickly copy and paste, replacing the key areas with your information.

Challenges to being elected.

For the sake of full disclosure, I do have a challenge to overcome with (ISC)2 in which there is a possible contention between the Bylaws and the election process webpage that states that for the “endorsed slate” (i.e. names chosen to run in the election by the Board itself), among other things the candidate must not, “Have not been a salaried employee of (ISC)² or its affiliates”. When I inquired about this, I received the following:

The definition of a qualified candidate applies to petitioners, write-ins, and slate candidates.   The qualifications needed by prospective candidates can be found here https://www.isc2.org/board-election-process/default.aspx#selection .  These qualifications include, among others, that the prospective candidate “have not been a salaried employee of (ISC)² or its affiliates”.  It is possible that prior employees of (ISC)² may have a conflict of interest, that the board would be unable to mitigate.  However, these situations are reviewed on a case by case basis subject to the (ISC)² Conflicts of Interest Policy.

I am of the opinion that the membership-approved Bylaws are the authoritative document and since they do not contain this condition, it does not apply. This is especially true given the context related to the “board endorsed slate”. I do understand where a conflict of interest could be established for a current employee, however as an ex-employee, gone for almost a year, I do not believe this to be an issue . In order to get a final decision on this, it appears that I will have to submit the petition with the 500 signatures.

What will I do with your email address?

I will only use the email address for the purpose of verifying your eligibility, communicating directly with you about the election/petition in a brief manner, and will provide it to (ISC)2 with the petition (they already have the email address after all). This is what I expect as far as emails I will send go:

  • I plan to send a short communication once upon submission of the petition
  • One short email as a reminder about a week before voting opens
  • One short email when voting opens
  • One short email with the results of the election (namely if I made it or not)

It is possible that additional emails regarding the status of the submitted petition and/or election will be sent if needed, but I promise to only do this if really necessary.

The template

If you would like to support me in my bid for the (ISC)2 Board of Directors, please copy and paste the below template in to an email that will come from your email of record with (ISC)2 , replace the bold sections with your information, and send it to [email protected].


(ISC)2 Election Committee,

I, <INSERT NAME>, holding the <INSERT (ISC)2 CERTIFICATION(S)> certification, petition that Mr. Erich Kron, CISSP #392400 be included on the 2017 Board of Directors election slate. I have sent this email from my email address of record associated with my certification and will continue to be a member in good standing for the election in 2017.

Sincerely,

<Name><Member Number>

 


Thank you very much for your support!

-Erich


Erich, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in the InfoSec industry.

Erich’s “What in the (cyber security) world is going on?” 12-22-16 edition

Posting a little early this week due to the holiday. Merry Christmas, and may you have a great Whatever Holiday You Celebrate!

I released my 2017 predictions. 

Don’t tell anyone, but I really just pulled some stuff out of my backside, but figured I was on the hook to do something. I think they are pretty accurate if you take the categories in to account. Your help not holding me accountable for any of these predictions is appreciated. At least it’s entertaining. Javvad Malik’s are much more relevant.

 

Free CryptXXX decrypter was released. 

Thanks to the folks at Kaspersky Lab, a free tool to decrypt your files hit with CryptXXX has been released. This may or may not be the reason for the “1/2 price for the holidays” offer from the bad guys. I’m thinking it is and thrilled about it. Hopefully they will coal, or reindeer poop in their stockings this year. They deserve it.

 

Free unlock code for Padlock Screenlocker

BleepingComputer reported the unlock code for Padlock Screenlocker is ajVr/G\RJz0R and that the files are not actually deleted. Let’s keep this sort of thing coming!

 

Community Health Plan of Washington exposed 380,000 PHI records

The bad guys were there almost a year and got about 380k PHI records. That’s just sad.”It appears that names, addresses, dates of birth, Social Security numbers and certain coding information related to health care claims may have been accessed” but “Banking and credit information was not contained in the data“. Well, isn’t that just lovely. Personally, I’d rather lose a CC# than my SSN.

 

Columbia County schools victim of data breach

The affected server did not contain student data, but did have “confidential employee information, including names, Social Security numbers, birthdates and more“. In the several weeks since discovery, “Investigators could not confirm if any of that information was copied or compromised“. In other words, they can’t figure out if you are compromised or not. Good luck with that.

There is a patch for the Netgear routers vuln

Go get it if you are affected. That is all!

 

Social engineering is easy

Not a newsflash, but this video and this video show just how easy it is. This is why you need Security Awareness Training. Teach people that they are targets. It’s important.

 

 

 

 

 

L.A. County hit with a phishing attack – 750k records

Confidential health data or personal information of more than 750,000 people may have been accessed in a cyberattack on Los Angeles County employees back in May. “Among the data potentially accessed were names, addresses, dates of birth, Social Security numbers, financial information and medical records — including diagnoses and treatment history — of clients, patients or others who received services from county departments.” But look at the bright side, it was WAY back in May and now you get a year of free credit monitoring. Sadly, your SSN is valid for more than a year and once it’s out there…

 

Just in time for Christmas, a Galaxy Note 7 fireplace. 

I love this. Words fail me with how much I love this. The ringtone music is a wonderful touch. Have I mentioned that I love this?

 

 

 

 

Erich’s Cyber Security (and other) Predictions for 2017

Well, this seems to be the time for predictions, so who am I to break tradition? I’m not going to waste valuable time telling you how qualified I am to make these predictions because, it really doesn’t matter. I have given very little thought to these and have researched almost nothing. Only the first group is liable to be true (almost guaranteed as a matter of fact. So, here we go…

Disclaimer: These predictions and opinions are mine and mine alone, not those of my employer.

Group 1 – Pretty Much a Sure Thing

  • Social Engineering Will Continue to Be a Dominant Force in Breaches – Let’s face it, people are going to continue to get phished. Phishing will continue to result in more breaches, lost money and W2’s and ransomware infections. Expect W2 scams to start in January and continue until mid-year. The others will happen constantly.

 

  • The Gunslinger Movie Will Finally Be Released – And even if it sucks, I will like it. I don’t have a choice. It is not likely to ever be redone in my lifetime, and I have waited for so long, it simply can’t suck. This has nothing to do with cyber security, but I don’t really care. It’s on the list.

 

  • Security Awareness Training Will Continue to Be The Best Defense Against Phishing Attacks – Seriously though, the industry will really step up the game this year to combat phishing. As platforms mature, new features designed to get ahead of the bad guys will be released and will significantly reduce click rates. Organizations that did not believe in the value of SAT will have their eyes opened to how effective it can be. Any of you that know me, know that I won’t promote anything I really don’t honestly believe in. It’s why I work for KnowBe4. It works and helps admins in all company sizes.

 

  • Someone You Like Will Die a Horrible Death on Game of Thrones – Like someone in the series? They will die. Prepare for it.

 

 

  • Someone You Like Will Die a Horrible Death on Walking Dead – See above.

 

 

Group 2 – Likely

  • I Will End Up With Another Year of Free Credit Monitoring – The only real question is related to what PII they will lose. My medical records, credit card info or something else entirely? It’s almost exciting to ponder the possibilities. After being impacted by the VA, Target, Home Depot and OPM breaches, I’ve had some sort of free credit monitoring in place for years!

 

  • All Retail Stores Will Be Called Amazon – Much like the story line in the movie Demolition Man predicted with Taco Bell, all retail stores will become Amazon. This will be great when it comes to remembering domain names, as all stores will be Amazon.com, but it’s going to wreak havoc on GPS directions when you want to shop IRL.

 

  • No Less Than 10 Security Vendors Will Try To Convince You That Their Product is All You Need – Marketing departments will be working overtime to convince you that their widget can replace your security staff and let you sleep well at night. Don’t believe the hype. There is no silver bullet. Give the ones that are honest about the issue your time, ignore the rest.

 

  • You Will Try To Restore From Backup, And It Will Fail – Yeah, odds are, if you need your data back, it won’t be there. Remember the 3-2-1 Rule and you can move the odds in your favor.

 

Group 3 – Not Very Likely (a.k.a. Not a chance in the world)

  • The Tampa Bay Buccaneers Will Not Be An Embarrassment.  – The Bucs will leverage Winston to win the division. Fans will be proud of their team and will not have to whisper “the Bucs” while averting their eyes, when asked what team they support.

 

  • No Major Breaches Will Occur in 2017 – Yes, there will be minor ones, but the big ones are over. Organizations will finally take security seriously after 2016. This will allow overworked Infosec pros a chance to get the right tools and staffing to prevent major breaches.

 

  • Celebrities Will Stop Being Involved In Politics – Celebs will finally realize that they are talented in singing/dancing/acting/cooking/being a hopeless case in a reality show, but really don’t understand global politics as much as they think they do. It will occur to them that some people spend a lifetime studying politics and economics to get in the position to have their opinions respected. This is not the same as playing the President on a made-for-TV movie.

 

 

OK, So that’s about all I’m going to try to predict for 2017. Let me know in the comments if you have any predictions of your own.

 

Life on the Road – Cats, Cold and More

My job takes to a lot of places and I love that part of it. Seeing the country and gaining the experiences is something I love to do. There is an old saying about the journey being a big part of the fun. I cannot agree more.

Some of these travel posts are going to sound like complaining. I assure you, they are (probably) not. They are really about the funny stuff I get to see. It’s humorous story telling that may (or may not) embellish a tiny little bit. All of it is based in truth though, and only the details might be, um… “enhanced” a bit.

Having said that, let me give you a little background. I am an airline snob. I admit it. I don’t care much about the hotels I stay in, or the dinners I eat, but I do care about the airline experience. I hate being rushed, I am dismayed by the fact that people often revert to Lord of The Flies like behavior when it comes to air travel.

Take for example the carry on baggage rules. 1 personal item and 1 carry on item. The carry on item is limited in size (stuff it in this box over here and see), but the personal item seems to be magically unimpaired by size restrictions, or at least the rules are unknown and unenforced. I see folks with bags bigger than my checked bag going onboard as a “personal item”. The other thing is animals.

Get These @#&! animals off the @#&! Plane!

Yeah, there was a time when animals travelled in crates in the belly of the plane. Now, it seems, they are everywhere. Comfort dogs, pot-bellied pigs, and worst of all… CATS!

Now, I like cats, but folks, 30,000 ft and 600mph is no place for a feline. Southwest Airlines seems to gather more than it’s fair share of animals. Yesterday was a perfect example. I was going from Tampa to Columbus. I normally avoid Southwest when I can, as I hate the open seating thing, but it was the only direct flight. I get on board as part of the “A” group and take my customary window seat. This was about row 10. Now, with an entire plane full of empty seats, I am joined by a couple with a lovely blue carry-on containing a rather unhappy looking tabby. It’s eyes gleamed yellow out of the mesh on the ends of the soft-sided carrier. For some reason, it looked right at me, right in to my soul. I was scared. Terrified really. I believe my very life was being weighed by that creature (That was likely called something cute, like Fluffy, or Tom, or Mr. Tinkles). For a reason I have yet to understand, I believe the cat blamed me for its current predicament, and it wasn’t happy.

It looked meaner in person!

Why these people decided to sit beside me, in a barely filled plane is still beyond me, but I wasn’t going to move. I was trapped in my windows seat, and any chance of escape involved passing the pointy parts of the Hell-spawn in the seat beside me. I just tried to avoid eye contact.

Another thing that Southwest does well is cater to families. That means children, and children are magically attracted to my part of the plane (whatever part that happens to be), especially when they are going to act up. This was no exception. Little Tommy, (we will use that name) decided he wanted no part of the plane thing without fully exercising his well-developed lungs. When Tommy let loose, even Mr. Tinkles took notice! He was now even less thrilled than before. I began to fear for my life.

Fortunately, the rule says livestock must be stuffed under a seat for takeoff and landing. It seems nobody wants an angry, airborne murder-cat loose in the plane in the case of a rough takeoff/landing. Good idea! Mr. Tinkles got unceremoniously stuffed under the seat much to my relief, now he could only plot the destruction of my Achilles tendons rather than my throat. That was the good part.

The bad part, was that the cat decided to become… “musical” and join Tommy in a serenade of noise that no sound cancelling headphones can dampen. This continued on for most of the flight. Once the cat started, there was no “off” button. He did modulate between simple loud meows and “I’m caught in a blender” yowls, so we had that going for us.

By the time I hit Columbus, I was ready for the 5 degree weather if I could just get off the plane.

I am currently back in the airport waiting to board another tube-of-hades to return to Tampa. I ended up in a “B” boarding group, so I’m hoping for the best. I’ll let you know if the return goes off the rails.

Erich’s “What in the (cyber security) world is going on?” 12-16-16 edition

Holy Crap! Lots of stuff going on in this weeks post. Stay safe out there and please use the buttons on the bottom to share with folks you think can use the info. I’m always up for comments and feedback as well.

If! You! Use! Yahoo! Just! Stop!

Nothing more to say about that. 1 Billion accounts exposed. This is just dumb. Get a Gmail account and move on.

Sneaky little hobbitses. Wicked, tricksy, false!  –  Nymaim using MAC addys to uncover virtual environments & bypass AV

So, the lovely trojan dropper known as Nymaim got smart and is looking at MAC addresses to see if the machine is a Virtual Machine (VM). Since VMs are used a lot as sandbox environments for malware research, it won’t launch if it detects a network card with an OUI associated with a VM. Keep this in mind when testing to see if a file is malicious or uploading to a sandbox for detonation. It may be misleading. On a plus note, if you run thin-clients, you might be better off.

 

Watch for Uber Vomit Scams 

This is a general PSA, but I am hearing about this more often. The way it works is, you get back from a trip somewhere and your card is charged an extra $150 by Uber for a “Clean up fee”. The drivers will sometimes upload pictures of a mess in the back seat as “proof”. This is usually fake, or a reused photo. The scam seems to be gaining steam and folks spend a lot more time out of town, often using an Uber to get to/from the airport. Moving forward, I might start taking cell phone pictures of the car when I get in and out, just for CYA. It’s tough to fight when it’s done and gone, and you have been home for a week. I still love Uber, but drivers are people too, and some are going to be looking to make a fast buck.

 

Security Sessions: Ransomware as a service on the rise 

My CEO, Stu Sjouwerman, did an interview with CSO Online regarding the RaaS (Ransomware as a Service) issue. It’s a quick video, but he talks about some of the trends and how to defend against them. You might already know that I’m a huge KnowBe4 Fanboy, and not just because I work for them. It’s all about helping educate people so they can make better decisions. it’s why I can get behind the company so much.

 

NY AG warns lawyers of phishing campaign

There are some phishing emails going around targeted at lawyers in the New York. It looks like it’s coming from the NY State Attorney General and is designed to get users to open a PDF attachment. An example of the email is here. This is an example of a very targeted spear phishing attack that is not likely to get flagged by spam filters.

 

A New And Scary Double-Ransomware Whammy

Here is a pretty interesting (and crappy) new strain of ransomware. It encrypts the files, then reboots and encrypts the MFT, so it ends up hitting you for a ransom twice. Kinda rotten. Be aware of any PDF saying it’s a job application, especially if it has a link to an Excel file.

 

Amazon shoppers targeted in ‘order cannot be shipped’ scam

Tis the season as I have said before. Packages are flying all over that place, and who doesn’t use Amazon? Scammers are sending emails saying that packages can’t be shipped. The idea is to get you to open an attachment or click a link (as is reported in this story) that leads a person entering credentials or a credit card for “confirmation”. I guess that scammers need to buy presents too, right? This is not new, but given the time of year, it’s very effective.

 

Samsung will be bricking the esploding Note 7 phones on December 19th

Yes, Samsung has decided that while you can own the hardware (as blow-uppy as it may be), they own the software, so they can go ahead and virtually blow up the phones before they physically blow up. An interesting angle on a “voluntary recall”. If you still have a Note 7 <AustinPowersVoice>I too like to live dangerously</AustinPowersVoice> You have until December 19th to return it, lest it become a potentially randomly exploding doorstop. Please “Note” that Verizon is not taking part in the OTA update that will brick these devices, as they figure folks may not have a device to switch to, and (the lawyers, I’m sure) have an issue with leaving someone without a device that can call 911 in an emergency.

 

Netgear Nighthawk Routers vulnerable to badness. 

Netgear Nighthawk R7000, R6400, R8000and R8500 models “might” be vulnerable to a bug provided to them by researcher Andrew Rollins (a.k.a. Acew0rm) on August 25, but only acknowledged after he posted it on December 6th. So much for Netgear supporting responsible disclosure. Basically, bad guys can get root through the devices web server. There is a temp workaround that kills the vulnerable web server process, but it only works until rebooted.

And Finally… A little much needed humor

Santa Gets Hacked! 

 

Erich’s “What in the (cyber security) world is going on?” 12-09-16 edition

Ok, I’m moving these updates to Fridays. Mondays are just, well, Mondays. If you are new to my posts, basically it’s a recap of some key infosec happenings in the past week. Having said that, let’s move ahead:

Infect 2 Others and Get Your Ransomed Files Back Free!

I posted about this earlier today, but the summary is that the jackholes that created the Popcorn Time ransomware strain are offering to decrypt your files free if you just get 2 more people infected and they pay the ransom. It looks like there will be an option to have the software start deleting files if 4
incorrect decryption keys are tried as well. This appears to be a proof of concept at this point, but these often end up in the wild once they get a buyer. I hope they die a slow festering death in the pits of an Alabama outhouse. This video sums up my feelings for these folks: Hanging’s too good for him…

 

Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains… and then they release the leader who disappears. 

So, after taking down the largest malware/phishing ring in recent history, a judge in the city of Poltava, Ukraine released the leader because the prosecutor forget to mention that during the arrest, the leader shot at the cops, including popping a round through the front door. Without that little detail, and the associated “attempted murder of a police officer” charge, he got to walk. In a shocking turn of events, Kapkanov disappeared just as quickly as the Poltava’s prosecutor’s career.


3.2M home routers seized via malicious firmware update

A hacker by the name of BestBuy claims to have used a Mirai botnet to infect 3.2 million home routers on the TalkTalk and Post Office networks. I haven’t heard of any independently confirmed reports of routers actually being infected, but they may not be easy to identify. In the words of security researcher Darren Martyn, “What they just pulled is shenanigans of the highest quality”

 

US Navy Admits To Data Breach, 130,000 Exposed

Yeah, the US Navy exposed info for 130,000 current and previous sailors.  Wonderful. If I’m one of them, I’ll just put it in the stack of other notifications from the government. Maybe I’ll put it right next to my OPM notification.

 

 

Ransomware suspect Pornopoker nabbed in Russia

Let’s hope they don’t screw up and release him as well, although he doesn’t seem to be near the same level as Kapkanov above. He was nabbed while returning from Thailand.

 

Infect 2 Others and Get Your Ransomed Files Back Free!

What a great deal from the writers of “Popcorn Time”. If you just infect 2 other people and they pay the ransom, you can get your files back free.  Indicators also show that there may also be a provision where if you enter an incorrect decryption key more than 4 times, it starts killing your files.  I would love to get ahold of some of these folks and plug their toenails out with with rusty pliers. This video clip pretty much sums up how I feel about these vermin…

New Approach to the Same-Ol Phishing Emails

This is an interesting way to try to get folks to open malicious documents. I really like the macro warning screen angle they use on this. It’s designed to get you to click the button to enable the macro when it’s opened. They also make the email look like you are being brought in to an existing conversation. Pretty slick.

Check it all out at: https://blog.knowbe4.com/phishing-from-the-middle-social-engineering-refined