info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 32.65
28 views
Skip to first unread message
RISKS List Owner
May 12, 2021, 9:39:48 PM5/12/21
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Sunday 9 May 2021 Volume 32 : Issue 65
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.65>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Prescribing software in some hospitals in South Australia adds digit to
dosages (ABC.AU)
Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down
(The Hacker News)
This massive DDoS attack took large sections of a country's Internet offline
(ZDNet)
Dogecoin tumbles nearly 50% after Musk calls it a 'hustle' on SNL
(Breaking Alpha)
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
(The Hacker News)
They Told Their Therapists Everything. Hackers Leaked It All (WiReD)
Railroad Signaling Explained: Crossings (YouTube)
USPS claims slowing down the mail won't actually slow down the mail
(GovExec)
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles (NYTimes)
FTC report blasts manufacturers for restricting product repairs (Jon Porter)
New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations
(The Hacker News)
Cellular Industry's Clash Over the Movement to Remake Networks
(IEEE Spectrum)
Hack-to-Patch by Law Enforcement Is a Dangerous Practice (Just Security)
DHS kicks off workforce sprint with push to hire 200 cyber pros (FCW)
Latest "How I ended up posting my password for all to see" (Dan Jacobson)
To Solve 3 Cold Cases, This Small County Got a DNA Crash Course (NYTimes)
A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles.
Good Samaritans are paying (WashPost)
Re: How to give Feedback about the Feedback Form? (Mark Brader)
Re: Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin
(Peter Houppermans)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 8 May 2021 08:47:13 +1000
From: Boyd Adamson <bo...@boydadamson.com>
Subject: Prescribing software in some hospitals in South Australia adds
digit to dosages (ABC.AU)
On Wednesday night, staff at several major public hospitals were sent an
urgent memo informing them of an issue with the Sunrise EMR computer system.
The system was duplicating the last digit of dosage quantities, with
patients potentially receiving more than 10 times the necessary amount of
medication.
"It's added another digit and replicated the last digit, so if you were to
have 17 milligrams, it would have prescribed 177 milligrams," SA Health CEO
Chris McGowan told ABC Radio Adelaide's David Bevan.
"It was a generic issue in the prescribing software. It's a patch relating
to upgrading to Microsoft 10. That's the operating hypothesis at least, but
that's being checked and that'll all be part of the review.
Source: Health boss unsure how many hospital patients were overdosed due to
Windows upgrade
https://www.abc.net.au/news/2021-05-07/sa-health-unsure-of-patient-impact-of-medication-dosage-bungle/100122958
[Simon Scott noted this story at
https://www.abc.net.au/news/2021-05-06/sa-sunrise-dosing-error-hospitals-dosing-glitch/100122642
and he commented:
[I] always used to think it's only IT, not life or death...
PGN]
------------------------------
Date: Sat, 8 May 2021 22:24:27 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to
Shut Down (The Hacker News)
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East
Coast, on Saturday said it halted operations due to a ransomware attack,
once again demonstrating
<https://thehackernews.com/2021/02/hacker-tried-poisoning-water-supply.html>
how infrastructure is vulnerable to cyberattacks.
"On May 7, the Colonial Pipeline Company learned it was the victim of a
cybersecurity attack," the company said
<https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption>
in a statement posted on its website. "We have since determined that this
incident involves ransomware. In response, we proactively took certain
systems offline to contain the threat, which has temporarily halted all
pipeline operations, and affected some of our IT systems."
Colonial Pipeline is the largest refined products pipeline in the U.S., a
5,500 mile (8,851 km) system involved in transporting over 100 million
gallons from the Texas city of Houston to New York Harbor.
Cybersecurity firm FireEye's Mandiant incident response division is said to
be assisting with the investigation, according to reports from Bloomberg
<https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown>
and The Wall Street Journal
<https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737>,
with the attack linked to a ransomware strain called DarkSide. [...]
<https://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/>
https://thehackernews.com/2021/05/ransomware-cyber-attack-forced-largest.html
[See also Cyberattack Forces a Shutdown of Colonial Pipeline, noted
by Jan Wolitzky:
<https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html>
PGN]
------------------------------
Date: Wed, 5 May 2021 23:38:58 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: This massive DDoS attack took large sections of a country's
Internet offline (ZDNet)
More than 200 organisations across Belgium including the government and
parliament were affected by a DDoS attack that overwhelmed them with bad
traffic. [...]
https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/
------------------------------
Date: Sun, 9 May 2021 08:39:13 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Dogecoin tumbles nearly 50% after Musk calls it a 'hustle' on SNL
(Breaking Alpha)
https://seekingalpha.com/news/3693620-dogecoin-tumbles-nearly-50-after-musk-calls-it-a-hustle-on-snl
Also this [PGN-combined]:
The Internet Was Furious After Robinhood's Servers Crashed While Watching
Dogecoin Prices Plummet During Elon Musk's SNL Appearance (BroBible)
https://brobible.com/culture/article/dogecoin-prices-elon-musk-robinhood/
------------------------------
Date: Sat, 8 May 2021 11:13:42 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the
Wild (The Hacker News)
Cyber operatives affiliated with the Russian Foreign Intelligence Service
(SVR) have switched up their tactics in response to previous public
disclosures
<https://thehackernews.com/2021/04/fbi-cisa-uncover-tactics-employed-by.html>
of their attack methods, according to a new advisory
<https://us-cert.cisa.gov/ncas/current-activity/2021/05/07/joint-ncsc-cisa-fbi-nsa-cybersecurity-advisory-russian-svr>
jointly published by intelligence agencies from the U.K. and U.S. Friday.
"SVR cyber operators appear to have reacted [...] by changing their TTPs in
an attempt to avoid further detection and remediation efforts by network
defenders," the National Cyber Security Centre (NCSC) said.
<https://www.ncsc.gov.uk/news/joint-advisory-further-ttps-associated-with-svr-cyber-actors>
These include the deployment of an open-source tool called Sliver
<https://github.com/BishopFox/sliver> to maintain their access to
compromised victims as well as leveraging the ProxyLogon flaws in Microsoft
Exchange servers to conduct post-exploitation activities.
The development followed the public attribution
<https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html>
of SVR-linked actors to the SolarWinds
<https://thehackernews.com/2021/04/researchers-find-additional.html>
supply-chain attack last month. The adversary is also tracked under
different monikers, such as Advanced Persistent Threat 29 (APT29), the
Dukes, CozyBear, and Yttrium.
The attribution was also accompanied by a technical report detailing five
vulnerabilities that the SVR's APT29 group was using as initial access
points to infiltrate U.S. and foreign entities. [...]
https://thehackernews.com/2021/05/top-11-security-flaws-russian-spy.html
------------------------------
Date: Wed, 5 May 2021 01:34:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: They Told Their Therapists Everything. Hackers Leaked It All (WiReD)
A mental health startup built its business on easy-to-use technology.
Patients joined in droves. Then came a catastrophic data breach.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
[Very long item by William Ralston, 04 May 2021. The final paragraph
is PGN-appended.]
If the scale of the attack was shocking, so was its cruelty. Not just
because the records were so sensitive; not just because the attacker, or
attackers, singled out patients like wounded animals; but also because,
out of all the countries on earth, Finland should have been among the
best able to prevent such a breach. Along with neighboring Estonia, it
is widely considered a pioneer in digital health. Since the late 1990s,
Finnish leaders have pursued the principle of *citizen-centered,
seamless* care, backed up by investments in technology
infrastructure. Today, every Finnish citizen has access to a highly
secure service called Kanta, where they can browse their own treatment
records and order prescriptions. Their health providers can use the
system to coordinate care.
------------------------------
Date: Sun, 9 May 2021 00:31:26 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Railroad Signaling Explained: Crossings (YouTube)
https://www.youtube.com/watch?v=YkzYMi-PY5U
The risk? The train always wins.
------------------------------
Date: Wed, 5 May 2021 15:31:06 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: USPS claims slowing down the mail won't actually slow down the mail
At hearing, USPS admits it hasn't studied most impacts of their plans to
drastically slow down the mail, and claims that slowing down the mail won't
actually slow down the mail. Pure Trump, even with Trump gone.
https://www.govexec.com/management/2021/05/usps-defends-slower-mail-proposal-its-regulator/173780/
------------------------------
Date: Thu, 6 May 2021 23:47:36 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Lithium Gold Rush: Inside the Race to Power Electric Vehicles
(NYTimes)
A race is on to produce lithium in the United States, but competing projects
are taking very different approaches to extracting the vital raw
material. Some might not be very green.
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles
https://www.nytimes.com/2021/05/06/business/lithium-mining-race.html
Different shades of green.
------------------------------
Date: May 7, 2021 21:12:52 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: FTC report blasts manufacturers for restricting product repairs
(Jon Porter in The Verge)
[via Dave Farber]
Jon Porter@JonPorty 7 May 2021
There is scant evidence to support manufacturers' justifications for
repair restrictions
https://www.theverge.com/2021/5/7/22424363/ftc-repair-restrictions-report-nixing-the-fix-smartphones-automakers
FTC report:
https://www.ftc.gov/system/files/documents/reports/nixing-fix-ftc-report-congress-repair-restrictions/nixing_the_fix_report_final_5521_630pm-508_002.pdf
------------------------------
Date: Fri, 7 May 2021 11:02:54 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: New Stealthy Rootkit Infiltrated Networks of High-Profile
Organizations (The Hacker News)
An unknown threat actor with the capabilities to evolve and tailor its
toolset to target environments infiltrated high-profile organizations in
Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya
<https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/>,'
the malware is a "passive backdoor which allows attackers to inspect all
incoming traffic to the infected machine, filter out packets that are
marked as designated for the malware and respond to them," said Kaspersky
researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive.
The Russian cybersecurity firm termed the ongoing espionage campaign
'TunnelSnake
<https://usa.kaspersky.com/about/press-releases/2021_operation-tunnel-snake-formerly-unknown-rootkit-used-to-secretly-control-networks-in-asia-and-africa>.'
Based on telemetry analysis, less than 10 victims around the world have
been targeted to date, with the most prominent targets being two large
diplomatic entities in Southeast Asia and Africa. All the other victims
were located in South Asia.
The first reports of Moriya emerged last November when Kaspersky said it
discovered the stealthy implant in the networks of regional
inter-governmental organizations in Asia and Africa. Malicious activity
associated with the operation is said to have dated back to November 2019,
with the rootkit persisting in the victim networks for several months
following the initial infection. [...]
https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html
------------------------------
Date: Fri, 7 May 2021 00:19:54 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Cellular Industry's Clash Over the Movement to Remake Networks
(IEEE Spectrum)
The wireless industry is divided on Open RAN’s goal to make network
components interoperable
We’ve all been told that 5G wireless is going to deliver amazing
capabilities and services. But it won’t come cheap. When all is said and
done, 5G will cost almost US $1 trillion to deploy over the next half
decade. That enormous expense will be borne mostly by network operators,
companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens
more around the world that provide cellular service to their
customers. Facing such an immense cost, these operators asked a very
reasonable question: How can we make this cheaper and more flexible?
Their answer: Make it possible to mix and match network components from
different companies, with the goal of fostering more competition and driving
down prices. At the same time, they sparked a schism within the industry
over how wireless networks should be built. Their opponents—and sometimes
begrudging partners—are the handful of telecom-equipment vendors capable of
providing the hardware the network operators have been buying and deploying
for years.
These vendors initially opposed the scheme, called Open RAN, because they
believed that if implemented, it would damage—if not destroy—their existing
business model. But faced with the collective power of the operators
clamoring for a new way to build wireless networks, these vendors have been
left with few options, none of them very appealing. Some have responded by
trying to set the terms for how Open RAN will be develo
https://spectrum.ieee.org/telecom/wireless/the-cellular-industrys-clash-over-the-movement-to-remake-networks
------------------------------
Date: Fri, 7 May 2021 00:22:32 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hack-to-Patch by Law Enforcement Is a Dangerous Practice
(Just Security)
The Department of Justice announced recently that the FBI had unilaterally
removed malicious web shells from hundreds of private systems. These shells
were the remnants of a major security problem that emerged earlier in March
in Microsoft Exchange Server software. Hackers linked to the Chinese
government exploited at least four zero-day vulnerabilities in Microsoft’s
code that allowed remote access to sensitive data. The web shells were left
behind to facilitate later exploitation of the infected systems. The White
House and Microsoft urged the machine owners to patch the various underlying
vulnerabilities and to remove the web shells, but not everyone did.
On Friday, April 9, the FBI secretly asked a federal magistrate judge in
Texas to issue a warrant allowing the Bureau, without prior notice, to
access, copy, and remove the web shells from “hundreds of vulnerable
computers in the United States running on-premises versions of Microsoft
Exchange Server software used to provide enterprise-level e-mail service.”
The next Tuesday, April 13, DOJ issued a press release announcing that the
operation had been completed. The FBI’s attempt to fix these systems appears
to have been successful, although an accurate and detailed result summary
for this hack-to-patch campaign is not available. Much of the punditry has
been favorable: The action was “bold and innovative” and a “practical
response to a serious problem.” And the positive aspects of this sort of
government intervention are obvious: “Hacks to patch” can close
vulnerabilities, reduce cyber risk, and provide assistance from experts to
organizations that might lack the capability to protect their own systems.
https://www.justsecurity.org/75955/hack-to-patch-by-law-enforcement-is-a-dangerous-practice/
------------------------------
Date: Fri, 7 May 2021 11:07:20 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: DHS kicks off workforce sprint with push to hire 200 cyber pros
(FCW)
https://fcw.com/articles/2021/05/06/dhs-cyber-hiring-sprint.aspx
Department of Homeland Security Secretary Alejandro Mayorkas said on
Wednesday his agency will begin its 60-day workforce sprint with an
aggressive hiring campaign to expand the agency's cadre of cybersecurity
professionals.
During remarks at a U.S. Chamber of Commerce event, Mayorkas called the
effort "the most significant hiring initiative that DHS has undertaken in
its history." He also said Wednesday was the first day of the department's
workforce sprint.
The secretary in March announced a series of concentrated 60-day efforts
focusing on a variety of topics. The first was on ransomware, which was
prioritized because of "the gravity of the threat" and because "the threat
is not tomorrow's threat, but it is upon us," he said.
The new campaign, according to a DHS statement, aims to hire 200
cyber-personnel by July 1. Half of those "conditional job offers" will be
made by the Cybersecurity and Infrastructure Security Agency while the other
half will be made by various DHS component agencies.
The cybersecurity workforce gap is well documented by projects such as
CyberSeek, which tracks the workforce and is backed by the National
Institute of Standards and Technology and the Department of Commerce. The
event on Wednesday was largely focused on the threat of ransomware to small
businesses. Mayorkas in April said DHS had formed its own ransomware task
force and the White House is actively developing a plan to confront the
issue. The Department of Justice has also established its own ransomware
taskforce in recent weeks.
Meanwhile, the administration for several weeks now has been expected to
publish a wide-ranging executive order focused on a myriad of cybersecurity
issues.
------------------------------
Date: Sat, 08 May 2021 11:38:22 +0800
From: Dan Jacobson <jid...@jidanni.org>
Subject: Latest "How I ended up posting my password for all to see"
"xdotool lets you programmatically (or manually) simulate keyboard input and
mouse activity, move and resize windows, etc."
Just the thing I need to automate logging into chrome LINE extension.
It only took a year of use until sure enough one day when I forgot I was
already logged in, and it ended up pasting my password right into the chat
for everybody to see.
OK, so I should start using passwords that don't look like pass7word!S .
Maybe I should use HaHahahah etc. so next time it happens people will just
think I am laughing. Except if they are discussing funerals.
OK, back to our story. Noticing I had just spilled the beans, naturally I
went reaching for the Unsend button. But alas, I was using the Desktop
simplified version with no Unsend button...
OK, at this point I could post a lot of "Modem noise" or "cat walked on
my keyboard" junk to distract readers...
------------------------------
Date: Tue, 4 May 2021 19:41:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: To Solve 3 Cold Cases, This Small County Got a DNA Crash Course
(NYTimes)
Forensic genealogy helped nab the Golden State Killer in 2018. Now
investigators across the country are using it to revisit hundreds of
unsolved crimes.
https://www.nytimes.com/2021/05/03/science/cold-cases-genetic-genealogy.html
------------------------------
Date: Sat, 8 May 2021 12:09:22 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A mom panicked when her 4-year-old bought $2,600 in SpongeBob
Popsicles. Good Samaritans are paying (WashPost)
A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles.
Good Samaritans are paying.
GoFundMe donors raised more than enough to cover Noah Ruiz's Popsicle spree.
https://www.washingtonpost.com/lifestyle/2021/05/07/spongebob-popsicles-noah/
------------------------------
Date: Wed, 5 May 2021 01:53:39 -0400 (EDT)
From: Mark Brader <m...@Vex.Net>
Subject: Re: How to give Feedback about the Feedback Form?
(Jacobson, RISKS-32.64)
> But what if it breaks? Every other form of contact just plays a recording:
But the Committee of the Mending Apparatus now came forward, and...
confessed that the Mending Apparatus was itself in need of repair.
--E.M. Forster, "The Machine Stops", 1909.
------------------------------
Date: Wed, 5 May 2021 13:20:03 +0200
From: Peter Houppermans <pe...@houppermans.net>
Subject: Re: Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin
(Goldberg, RISKS-32.64)
Bonus irony:
> The case shows yet another example of how Bitcoin, once widely believed to
> be a powerful tool for making anonymous, untraceable transactions, has
> turned out to be in many cases the very opposite. The blockchain's ledger of
> all Bitcoin transactions since the cryptocurrency's creation has often
> instead served as a means for law enforcement to trace even years-old
> transactions.
I'm guessing the entertaining part for law enforcement is that the integrity of the evidence is assured .. by blockchain.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.65
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.65>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Prescribing software in some hospitals in South Australia adds digit to
dosages (ABC.AU)
Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down
(The Hacker News)
This massive DDoS attack took large sections of a country's Internet offline
(ZDNet)
Dogecoin tumbles nearly 50% after Musk calls it a 'hustle' on SNL
(Breaking Alpha)
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
(The Hacker News)
They Told Their Therapists Everything. Hackers Leaked It All (WiReD)
Railroad Signaling Explained: Crossings (YouTube)
USPS claims slowing down the mail won't actually slow down the mail
(GovExec)
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles (NYTimes)
FTC report blasts manufacturers for restricting product repairs (Jon Porter)
New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations
(The Hacker News)
Cellular Industry's Clash Over the Movement to Remake Networks
(IEEE Spectrum)
Hack-to-Patch by Law Enforcement Is a Dangerous Practice (Just Security)
DHS kicks off workforce sprint with push to hire 200 cyber pros (FCW)
Latest "How I ended up posting my password for all to see" (Dan Jacobson)
To Solve 3 Cold Cases, This Small County Got a DNA Crash Course (NYTimes)
A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles.
Good Samaritans are paying (WashPost)
Re: How to give Feedback about the Feedback Form? (Mark Brader)
Re: Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin
(Peter Houppermans)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 8 May 2021 08:47:13 +1000
From: Boyd Adamson <bo...@boydadamson.com>
Subject: Prescribing software in some hospitals in South Australia adds
digit to dosages (ABC.AU)
On Wednesday night, staff at several major public hospitals were sent an
urgent memo informing them of an issue with the Sunrise EMR computer system.
The system was duplicating the last digit of dosage quantities, with
patients potentially receiving more than 10 times the necessary amount of
medication.
"It's added another digit and replicated the last digit, so if you were to
have 17 milligrams, it would have prescribed 177 milligrams," SA Health CEO
Chris McGowan told ABC Radio Adelaide's David Bevan.
"It was a generic issue in the prescribing software. It's a patch relating
to upgrading to Microsoft 10. That's the operating hypothesis at least, but
that's being checked and that'll all be part of the review.
Source: Health boss unsure how many hospital patients were overdosed due to
Windows upgrade
https://www.abc.net.au/news/2021-05-07/sa-health-unsure-of-patient-impact-of-medication-dosage-bungle/100122958
[Simon Scott noted this story at
https://www.abc.net.au/news/2021-05-06/sa-sunrise-dosing-error-hospitals-dosing-glitch/100122642
and he commented:
[I] always used to think it's only IT, not life or death...
PGN]
------------------------------
Date: Sat, 8 May 2021 22:24:27 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to
Shut Down (The Hacker News)
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East
Coast, on Saturday said it halted operations due to a ransomware attack,
once again demonstrating
<https://thehackernews.com/2021/02/hacker-tried-poisoning-water-supply.html>
how infrastructure is vulnerable to cyberattacks.
"On May 7, the Colonial Pipeline Company learned it was the victim of a
cybersecurity attack," the company said
<https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption>
in a statement posted on its website. "We have since determined that this
incident involves ransomware. In response, we proactively took certain
systems offline to contain the threat, which has temporarily halted all
pipeline operations, and affected some of our IT systems."
Colonial Pipeline is the largest refined products pipeline in the U.S., a
5,500 mile (8,851 km) system involved in transporting over 100 million
gallons from the Texas city of Houston to New York Harbor.
Cybersecurity firm FireEye's Mandiant incident response division is said to
be assisting with the investigation, according to reports from Bloomberg
<https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown>
and The Wall Street Journal
<https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737>,
with the attack linked to a ransomware strain called DarkSide. [...]
<https://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/>
https://thehackernews.com/2021/05/ransomware-cyber-attack-forced-largest.html
[See also Cyberattack Forces a Shutdown of Colonial Pipeline, noted
by Jan Wolitzky:
<https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html>
PGN]
------------------------------
Date: Wed, 5 May 2021 23:38:58 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: This massive DDoS attack took large sections of a country's
Internet offline (ZDNet)
More than 200 organisations across Belgium including the government and
parliament were affected by a DDoS attack that overwhelmed them with bad
traffic. [...]
https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/
------------------------------
Date: Sun, 9 May 2021 08:39:13 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Dogecoin tumbles nearly 50% after Musk calls it a 'hustle' on SNL
(Breaking Alpha)
https://seekingalpha.com/news/3693620-dogecoin-tumbles-nearly-50-after-musk-calls-it-a-hustle-on-snl
Also this [PGN-combined]:
The Internet Was Furious After Robinhood's Servers Crashed While Watching
Dogecoin Prices Plummet During Elon Musk's SNL Appearance (BroBible)
https://brobible.com/culture/article/dogecoin-prices-elon-musk-robinhood/
------------------------------
Date: Sat, 8 May 2021 11:13:42 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the
Wild (The Hacker News)
Cyber operatives affiliated with the Russian Foreign Intelligence Service
(SVR) have switched up their tactics in response to previous public
disclosures
<https://thehackernews.com/2021/04/fbi-cisa-uncover-tactics-employed-by.html>
of their attack methods, according to a new advisory
<https://us-cert.cisa.gov/ncas/current-activity/2021/05/07/joint-ncsc-cisa-fbi-nsa-cybersecurity-advisory-russian-svr>
jointly published by intelligence agencies from the U.K. and U.S. Friday.
"SVR cyber operators appear to have reacted [...] by changing their TTPs in
an attempt to avoid further detection and remediation efforts by network
defenders," the National Cyber Security Centre (NCSC) said.
<https://www.ncsc.gov.uk/news/joint-advisory-further-ttps-associated-with-svr-cyber-actors>
These include the deployment of an open-source tool called Sliver
<https://github.com/BishopFox/sliver> to maintain their access to
compromised victims as well as leveraging the ProxyLogon flaws in Microsoft
Exchange servers to conduct post-exploitation activities.
The development followed the public attribution
<https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html>
of SVR-linked actors to the SolarWinds
<https://thehackernews.com/2021/04/researchers-find-additional.html>
supply-chain attack last month. The adversary is also tracked under
different monikers, such as Advanced Persistent Threat 29 (APT29), the
Dukes, CozyBear, and Yttrium.
The attribution was also accompanied by a technical report detailing five
vulnerabilities that the SVR's APT29 group was using as initial access
points to infiltrate U.S. and foreign entities. [...]
https://thehackernews.com/2021/05/top-11-security-flaws-russian-spy.html
------------------------------
Date: Wed, 5 May 2021 01:34:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: They Told Their Therapists Everything. Hackers Leaked It All (WiReD)
A mental health startup built its business on easy-to-use technology.
Patients joined in droves. Then came a catastrophic data breach.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
[Very long item by William Ralston, 04 May 2021. The final paragraph
is PGN-appended.]
If the scale of the attack was shocking, so was its cruelty. Not just
because the records were so sensitive; not just because the attacker, or
attackers, singled out patients like wounded animals; but also because,
out of all the countries on earth, Finland should have been among the
best able to prevent such a breach. Along with neighboring Estonia, it
is widely considered a pioneer in digital health. Since the late 1990s,
Finnish leaders have pursued the principle of *citizen-centered,
seamless* care, backed up by investments in technology
infrastructure. Today, every Finnish citizen has access to a highly
secure service called Kanta, where they can browse their own treatment
records and order prescriptions. Their health providers can use the
system to coordinate care.
------------------------------
Date: Sun, 9 May 2021 00:31:26 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Railroad Signaling Explained: Crossings (YouTube)
https://www.youtube.com/watch?v=YkzYMi-PY5U
The risk? The train always wins.
------------------------------
Date: Wed, 5 May 2021 15:31:06 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: USPS claims slowing down the mail won't actually slow down the mail
At hearing, USPS admits it hasn't studied most impacts of their plans to
drastically slow down the mail, and claims that slowing down the mail won't
actually slow down the mail. Pure Trump, even with Trump gone.
https://www.govexec.com/management/2021/05/usps-defends-slower-mail-proposal-its-regulator/173780/
------------------------------
Date: Thu, 6 May 2021 23:47:36 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Lithium Gold Rush: Inside the Race to Power Electric Vehicles
(NYTimes)
A race is on to produce lithium in the United States, but competing projects
are taking very different approaches to extracting the vital raw
material. Some might not be very green.
The Lithium Gold Rush: Inside the Race to Power Electric Vehicles
https://www.nytimes.com/2021/05/06/business/lithium-mining-race.html
Different shades of green.
------------------------------
Date: May 7, 2021 21:12:52 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: FTC report blasts manufacturers for restricting product repairs
(Jon Porter in The Verge)
[via Dave Farber]
Jon Porter@JonPorty 7 May 2021
There is scant evidence to support manufacturers' justifications for
repair restrictions
https://www.theverge.com/2021/5/7/22424363/ftc-repair-restrictions-report-nixing-the-fix-smartphones-automakers
FTC report:
https://www.ftc.gov/system/files/documents/reports/nixing-fix-ftc-report-congress-repair-restrictions/nixing_the_fix_report_final_5521_630pm-508_002.pdf
------------------------------
Date: Fri, 7 May 2021 11:02:54 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: New Stealthy Rootkit Infiltrated Networks of High-Profile
Organizations (The Hacker News)
An unknown threat actor with the capabilities to evolve and tailor its
toolset to target environments infiltrated high-profile organizations in
Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya
<https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/>,'
the malware is a "passive backdoor which allows attackers to inspect all
incoming traffic to the infected machine, filter out packets that are
marked as designated for the malware and respond to them," said Kaspersky
researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive.
The Russian cybersecurity firm termed the ongoing espionage campaign
'TunnelSnake
<https://usa.kaspersky.com/about/press-releases/2021_operation-tunnel-snake-formerly-unknown-rootkit-used-to-secretly-control-networks-in-asia-and-africa>.'
Based on telemetry analysis, less than 10 victims around the world have
been targeted to date, with the most prominent targets being two large
diplomatic entities in Southeast Asia and Africa. All the other victims
were located in South Asia.
The first reports of Moriya emerged last November when Kaspersky said it
discovered the stealthy implant in the networks of regional
inter-governmental organizations in Asia and Africa. Malicious activity
associated with the operation is said to have dated back to November 2019,
with the rootkit persisting in the victim networks for several months
following the initial infection. [...]
https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html
------------------------------
Date: Fri, 7 May 2021 00:19:54 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Cellular Industry's Clash Over the Movement to Remake Networks
(IEEE Spectrum)
The wireless industry is divided on Open RAN’s goal to make network
components interoperable
We’ve all been told that 5G wireless is going to deliver amazing
capabilities and services. But it won’t come cheap. When all is said and
done, 5G will cost almost US $1 trillion to deploy over the next half
decade. That enormous expense will be borne mostly by network operators,
companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens
more around the world that provide cellular service to their
customers. Facing such an immense cost, these operators asked a very
reasonable question: How can we make this cheaper and more flexible?
Their answer: Make it possible to mix and match network components from
different companies, with the goal of fostering more competition and driving
down prices. At the same time, they sparked a schism within the industry
over how wireless networks should be built. Their opponents—and sometimes
begrudging partners—are the handful of telecom-equipment vendors capable of
providing the hardware the network operators have been buying and deploying
for years.
These vendors initially opposed the scheme, called Open RAN, because they
believed that if implemented, it would damage—if not destroy—their existing
business model. But faced with the collective power of the operators
clamoring for a new way to build wireless networks, these vendors have been
left with few options, none of them very appealing. Some have responded by
trying to set the terms for how Open RAN will be develo
https://spectrum.ieee.org/telecom/wireless/the-cellular-industrys-clash-over-the-movement-to-remake-networks
------------------------------
Date: Fri, 7 May 2021 00:22:32 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hack-to-Patch by Law Enforcement Is a Dangerous Practice
(Just Security)
The Department of Justice announced recently that the FBI had unilaterally
removed malicious web shells from hundreds of private systems. These shells
were the remnants of a major security problem that emerged earlier in March
in Microsoft Exchange Server software. Hackers linked to the Chinese
government exploited at least four zero-day vulnerabilities in Microsoft’s
code that allowed remote access to sensitive data. The web shells were left
behind to facilitate later exploitation of the infected systems. The White
House and Microsoft urged the machine owners to patch the various underlying
vulnerabilities and to remove the web shells, but not everyone did.
On Friday, April 9, the FBI secretly asked a federal magistrate judge in
Texas to issue a warrant allowing the Bureau, without prior notice, to
access, copy, and remove the web shells from “hundreds of vulnerable
computers in the United States running on-premises versions of Microsoft
Exchange Server software used to provide enterprise-level e-mail service.”
The next Tuesday, April 13, DOJ issued a press release announcing that the
operation had been completed. The FBI’s attempt to fix these systems appears
to have been successful, although an accurate and detailed result summary
for this hack-to-patch campaign is not available. Much of the punditry has
been favorable: The action was “bold and innovative” and a “practical
response to a serious problem.” And the positive aspects of this sort of
government intervention are obvious: “Hacks to patch” can close
vulnerabilities, reduce cyber risk, and provide assistance from experts to
organizations that might lack the capability to protect their own systems.
https://www.justsecurity.org/75955/hack-to-patch-by-law-enforcement-is-a-dangerous-practice/
------------------------------
Date: Fri, 7 May 2021 11:07:20 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: DHS kicks off workforce sprint with push to hire 200 cyber pros
(FCW)
https://fcw.com/articles/2021/05/06/dhs-cyber-hiring-sprint.aspx
Department of Homeland Security Secretary Alejandro Mayorkas said on
Wednesday his agency will begin its 60-day workforce sprint with an
aggressive hiring campaign to expand the agency's cadre of cybersecurity
professionals.
During remarks at a U.S. Chamber of Commerce event, Mayorkas called the
effort "the most significant hiring initiative that DHS has undertaken in
its history." He also said Wednesday was the first day of the department's
workforce sprint.
The secretary in March announced a series of concentrated 60-day efforts
focusing on a variety of topics. The first was on ransomware, which was
prioritized because of "the gravity of the threat" and because "the threat
is not tomorrow's threat, but it is upon us," he said.
The new campaign, according to a DHS statement, aims to hire 200
cyber-personnel by July 1. Half of those "conditional job offers" will be
made by the Cybersecurity and Infrastructure Security Agency while the other
half will be made by various DHS component agencies.
The cybersecurity workforce gap is well documented by projects such as
CyberSeek, which tracks the workforce and is backed by the National
Institute of Standards and Technology and the Department of Commerce. The
event on Wednesday was largely focused on the threat of ransomware to small
businesses. Mayorkas in April said DHS had formed its own ransomware task
force and the White House is actively developing a plan to confront the
issue. The Department of Justice has also established its own ransomware
taskforce in recent weeks.
Meanwhile, the administration for several weeks now has been expected to
publish a wide-ranging executive order focused on a myriad of cybersecurity
issues.
------------------------------
Date: Sat, 08 May 2021 11:38:22 +0800
From: Dan Jacobson <jid...@jidanni.org>
Subject: Latest "How I ended up posting my password for all to see"
"xdotool lets you programmatically (or manually) simulate keyboard input and
mouse activity, move and resize windows, etc."
Just the thing I need to automate logging into chrome LINE extension.
It only took a year of use until sure enough one day when I forgot I was
already logged in, and it ended up pasting my password right into the chat
for everybody to see.
OK, so I should start using passwords that don't look like pass7word!S .
Maybe I should use HaHahahah etc. so next time it happens people will just
think I am laughing. Except if they are discussing funerals.
OK, back to our story. Noticing I had just spilled the beans, naturally I
went reaching for the Unsend button. But alas, I was using the Desktop
simplified version with no Unsend button...
OK, at this point I could post a lot of "Modem noise" or "cat walked on
my keyboard" junk to distract readers...
------------------------------
Date: Tue, 4 May 2021 19:41:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: To Solve 3 Cold Cases, This Small County Got a DNA Crash Course
(NYTimes)
Forensic genealogy helped nab the Golden State Killer in 2018. Now
investigators across the country are using it to revisit hundreds of
unsolved crimes.
https://www.nytimes.com/2021/05/03/science/cold-cases-genetic-genealogy.html
------------------------------
Date: Sat, 8 May 2021 12:09:22 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A mom panicked when her 4-year-old bought $2,600 in SpongeBob
Popsicles. Good Samaritans are paying (WashPost)
A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles.
Good Samaritans are paying.
GoFundMe donors raised more than enough to cover Noah Ruiz's Popsicle spree.
https://www.washingtonpost.com/lifestyle/2021/05/07/spongebob-popsicles-noah/
------------------------------
Date: Wed, 5 May 2021 01:53:39 -0400 (EDT)
From: Mark Brader <m...@Vex.Net>
Subject: Re: How to give Feedback about the Feedback Form?
(Jacobson, RISKS-32.64)
> But what if it breaks? Every other form of contact just plays a recording:
But the Committee of the Mending Apparatus now came forward, and...
confessed that the Mending Apparatus was itself in need of repair.
--E.M. Forster, "The Machine Stops", 1909.
------------------------------
Date: Wed, 5 May 2021 13:20:03 +0200
From: Peter Houppermans <pe...@houppermans.net>
Subject: Re: Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin
(Goldberg, RISKS-32.64)
Bonus irony:
> The case shows yet another example of how Bitcoin, once widely believed to
> be a powerful tool for making anonymous, untraceable transactions, has
> turned out to be in many cases the very opposite. The blockchain's ledger of
> all Bitcoin transactions since the cryptocurrency's creation has often
> instead served as a means for law enforcement to trace even years-old
> transactions.
I'm guessing the entertaining part for law enforcement is that the integrity of the evidence is assured .. by blockchain.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.65
************************
0 new messages