BrickerBot Permanently Bricking Devices, Tornado Sirens Hacked, Windows 10 Data Collection Information, and more!
Infosec News
INFORMATION SECURITY NEWS
For The Week of 4/4-4/11 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
BrickerBot Is Permanently Bricking Linux Systems -- And Nobody Knows Why
BrickerBot is a PDoS attack bot (permanent denial-of-service), that works by rendering its victims completely unusable, turning them into “bricks”. The first version of BrickerBot only targeted vulnerable IoT devices, requiring the BusyBox collection of tools. At this time, it was reasonable to assume the bot meant to permanently prevent vulnerable devices from being “recruited” into botnets like Mirai. However, a new version of BrickerBot is targeting any Linux-based system, uses Tor to conceal its member nodes, and does a lot more damage. It’s unclear what the motivations for BrickerBot are. Both versions of the bot rely on telnet services using default passwords, so make sure to disable telnet or change your passwords!
Microsoft Publishes List of Data Windows 10 Collects, Will Add Options to Change Data Collection Levels
Microsoft has published a list of all the data collected at the “basic level” of tracking by Windows 10 (there is also a “full level” of tracking). Here it is:
They also plan to release controls next week in the latest Creators Update, which will allow users to switch between basic and full levels of data collection.
Millions of Microsoft Word Users Hit With Banking Trojan Dridex Exploiting Unpatched Zero-Day
Exploiting an unpatched zero-day that affects every version of Word, an email campaign has spread banking trojan Dridex to millions of users around the world. The vulnerability was first detected in January this year, and will likely be patched this week.
All 156 Dallas Tornado Sirens Hacked, Activated
All 156 tornado sirens in Dallas were activated April 7th, just before midnight. Two hours later, the Office of Emergency Management was able to disable the sirens. For security reasons, the city isn’t releasing details about how the hack occurred, but believe it originated in the Dallas area.
https://twitter.com/JasonWhitely/status/850795455084716033?s=09
ADDITIONAL READING
Automated License Plate Readers
Automated license plate readers (ALPR) are a common form of mass surveillance technology. ALPR systems are usually made up of cameras that photograph every license plate that passes, then store the location and time in a central server. This would allow police to establish location information and driving patterns for cars. There are four flavors of ALPR systems. The first are stationary ALPR cameras, usually mounted on traffic lights, telephone poles, or buildings. The second type are semi-stationary, attached to trailers and parked in strategic locations (like outside gun shows or political rallies). The third type are mobile, mounted to patrol cars. Law enforcement agencies don’t always need to acquire their own ALPR cameras to access the data. Private companies deploy their own fleets of vehicles with ALPR cameras, then sell the data to law enforcement agencies as a subscription service.
https://www.eff.org/deeplinks/2017/04/four-flavors-automated-license-plate-reader-technology