Cyber Security News Roundup: Kaspersky, DDoS and Responsible Encryption
Russian spies, North Korean spies, Swedish DDoSers and some stupid things people said and did.
Another week and more news of hacks, cyber attacks and politicians that don’t understand encryption trying to regulate encryption. In short, it’s been another run-of-the-mill week as far as the cyber security community is concerned.
After taking a week off, your weekly cyber security news roundup is back. Remember, these aren’t necessarily the top stories, per se. They’re the most interesting. In our opinion. Which we realize is very subjective. At any rate, we have news about Kaspersky, North Korean hacking, Swedish DDoS and Rod Rosenstein’s misguided comments from Tuesday.
Russians May Have Used Kaspersky to Spy
Kaspersky, one of the largest cyber security companies in the world, has been in the news a lot lately. Aspersions were cast about the firm’s trustworthiness as a result of its location in Russia and its cozy relationship with Russia’s government. Recently a US congresswoman has proposed the government rid itself of any Kaspersky software. And then on Tuesday a bombshell report came out that Russians may have weaponized Kaspersky software to spy on US assets. As Matthew Green writes at Slate, this is why we need strong encryption.
[Source: Slate]
US Attorney General calls for Weak Encryption
Instead of using the Kaspersky news as further evidence to bolster the case FOR encryption. On the same day, Attorney General Rod Rosenstein called for “responsible” (read: breakable) encryption. Rosenstein has a very narrow use case in mind when he calls for weakening encryption in toto. Because the US government can’t break encryption on a messenger service to read the messages of potential terrorists they want a more breakable civilian version of encryption deployed everywhere. It’s the type of argument that we’re all dumber for having heard. And it’s coming from the US government.
[Source: DOJ]
Equifax hacked… again!
Speaking of stupid, Equifax continues to suffer embarrassing press as a result of issued with its cyber security. This time, hackers were able to compromise a third-party vendor and distribute malware on Equifax’s website. Equifax was quick to distance itself from the incident, claiming that it had no control over the third-party vendor’s security, but this is still more bad press for the company. Most people won’t read past the headlines. Once again Equifax is in the news for the wrong reasons.
[Source: Market Watch]
North Korean theft of 235 GB shows country’s digital sophistication
Interesting story on Vox about how North Korean hackers managed to infiltrate the South Korean Defense Integrated Data Center and steal 235 GBs of classified information about the US and South Korean Military. This included plans to assassinate North Korean leader Kim Jong Un, and a planned response for a possible North Korean invasion. Despite our constant focus on North Korean as a rogue nuclear state, it has developed into a cyberpower. It employs sophisticated malware and espionage tactics. It’s a formidable enemy. We would be wise to focus on our digital security because North Korea’s biggest provocations could come there.
[Source: Vox]
DDoS Takes down Swedish Transport Agencies
The websites of a pair of Swedish Transport Agencies recently came under attack. Hackers DDoSed the sites, causing some trains to be delayed on one of the days. All in all, the attacks don’t amount to much in this instance, but they serve to illustrate a larger point. Critical infrastructure is vulnerable. And as more and more devices and machines come online, there are going to be more and more attack vectors to exploit. It’s time to get serious about shoring up IoT defenses as well as bulking up our security implementations around critical infrastructure.
[Source: Hack Read]
Here’s what we Hashed Out this week
- US AG issues ignorant call for “responsible” encryption (opinion)
- The most effective phishing emails create a sense of urgency
- 70% of US Employees don’t know basic cyber security best practices
- https://www.thesslstore.com/blog/lockheed-martin-northrop-grumman-boeing-raytheon/
- Artificial intelligence and Cyber Security: An Introduction (part 1)
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown