December 17, 2019

Ransomware-seized New Orleans declares state of emergency

By Lisa Vaas

On Friday, the US city of New Orleans became the latest local government to be held hostage to ransomware.

The ongoing attack caused Mayor LaToya Cantrell to declare a state of emergency. During a press conference on Friday, the mayor confirmed that it was a ransomware attack, and that its activity started around 5 a.m. that morning.

The city spotted the suspicious activity on its networks around 11 a.m., at which point it basically turned itself off.

According to NOLA Ready – the city’s emergency preparedness campaign, managed by the Office of Homeland Security & Emergency Preparedness – the city powered down all of its servers, took down all NOLA.gov websites and told employees to power down their computers, unplug devices, and disconnect from Wi-Fi. Emergency communications weren’t affected, according to NOLA Ready, with the 911 emergency and the 311 city service phone lines still operational.

#Alert: At approximately 11am today, the @CityOfNOLA detected suspicious activity on its networks that indicated a potential cyberattack.



NOLA Ready (@nolaready) December 13, 2019

The city pulled local, state, and federal authorities into a (still pending) investigation of the incident. As of last night, the city was still working to recover data from the attack but planned to be open as usual.

The @CityOfNOLA data recovery strategy & process to bring systems back online after the cybersecurity incident is u… twitter.com/i/web/status/1…



NOLA Ready (@nolaready) December 16, 2019

Did NOLA get Ryuk-ed?

Cantrell has confirmed that this is a ransomware attack, but that no ransom demand has yet been made. Federal and state investigators have been called in to help with the investigation.

Read more at https://nakedsecurity.sophos.com/2019/12/17/ransomware-seized-new-orleans-declares-state-of-emergency/

Researchers discover weakness in IoT digital certificates

By Danny Bradbury

IoT devices are using weak digital certificates that could expose them to attack, according to a study released over the weekend.

Researchers at online digital certificate management services company Keyfactor studied millions of digital certificates found online which were produced using the RSA algorithm. They found that 1 in every 172 certificates was crackable because of insecure random number generation.

RSA’s encryption algorithm is the basis for modern asymmetric encryption, which uses a pair of keys (a public and private key) to encrypt information and prove the sender’s identity. Part of the public key production involves multiplying two prime numbers (known as factors). It is computationally prohibitive to calculate the two prime numbers in reverse from the result. You can only decrypt the information by combining the private key (known only to the owner) and the public key.

If two public keys share a common factor, it becomes a lot easier to discover their other factors by calculating the Greatest Common Divisor (GCD) for their results.

The best way to avoid this vulnerability is to ensure that the numbers used to create the public key are as random as possible to avoid duplication. Highly random keys with few duplicates are known as high-entropy keys, but producing them requires two things: lots of random input data, and the computing power to turn that input data into a key.

Read more at https://nakedsecurity.sophos.com/2019/12/17/researchers-discover-weakness-in-iot-digital-certificates/

Mozilla mandates 2FA security for Firefox developers

By John E Dunn

Mozilla last week fired off an important memo to all Firefox extension developers telling them to turn on authentication (2FA) on their addons.mozilla.org (AMO) accounts.

This is a good move but also surprisingly late in the day.

Mozilla extensions have been around since not long after the browser appeared in 2004, and have been available to all Firefox users from 2014.

In 2018, the company added multi-factor authentication to accounts, with users able to choose from any one of a long list of Time-based One-Time Password (TOTP) authentication apps.

This, in effect, means that extension developers have been securing their accounts using only an email address and password for most of the browser’s existence.

It’s a glaring security weakness Mozilla has belatedly decided to plug. Mozilla’s Caitlin Neiman wrote:

Starting in early 2020, extension developers will be required to have 2FA enabled on AMO. This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users. 2FA will not be required for submissions that use AMO’s upload API.

Read more at https://nakedsecurity.sophos.com/2019/12/17/mozilla-mandates-2fa-security-for-firefox-developers/

Facebook employees’ payroll data nabbed in car smash-and-grab

By Lisa Vaas

Facebook has again lost data on thousands of people, but this time, it’s the old-fashioned, smash-and-grab kind of data breach, done by a thief to an employee’s car.

Bloomberg Technology reported on Friday that a thief broke into an employee’s car and made off with payroll data for 29,000 current and former US Facebook workers.

The thief took unencrypted hard drives – drives that never should have been there – from a bag in the employee’s car.

Facebook said in an email to employees on Friday morning that the drives included payroll data, including employee names, bank account numbers and the last four digits of about 29,000 taxpayer IDs of employees who worked for Facebook in the US during 2018. The drives also contained other financial information, including salaries, bonus amounts, and some equity details.

A spokesperson told Bloomberg Technology that so far, the company hasn’t seen anybody try to exploit the employees’ data through identity theft.

Read more at https://nakedsecurity.sophos.com/2019/12/17/facebook-employees-payroll-data-nabbed-in-car-smash-and-grab/

“Dig up his body,” say creditors of deceased cryptocurrency player

By Paul Ducklin

In his short life, Gerald Cotten was no stranger to controversy, or to financial crises.

Cotten was the co-founder of what ended up as Canada’s biggest cryptocurrency exhange, QuadrigaCX.

You could put in regular money – or, apparently, hand over gold – in return for one or more cryptocurrencies; you could do same thing in reverse, too, and cash out your cryptocoins to suit yourself.

At least, that was the theory.

But Cotten didn’t have an easy time keeping his business on track, especially when the Bitcoin price shot up dramatically during 2016 and 2017, surging from around $400 at the end of 2015 to just shy of $20,000 at the end of 2017.

Demand was huge and it was mostly money pouring in, until 2018, when the price descended back down to about $3000 and lots of customers wanted to take their money out.

But transactions take effort, cost money, and generate paperwork, even if the paperwork is mostly digital these days; just the basic mechanics of doing business can start consuming all your time.

And if the transaction involves paying money out, you need to be able to lay your hands on that money in a timely fashion.

Read more at https://nakedsecurity.sophos.com/2019/12/16/dig-up-his-body-say-creditors-of-deceased-cryptocurrency-player/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation