Independent – Page 78 – PossibleThreat Articles

Credit to Author: Woody Leonhard| Date: Wed, 05 Feb 2020 04:42:00 -0800

Worried about the future of your Win7 machine? Welcome to the family.

Right now, we have a promise that Microsoft will fix the “Stretch” wallpaper bug it rolled out last month, and there’s some hope that it will fix the Internet Explorer JScript engine security hole CVE-2020-0674 noted last month in Security Advisory ADV200001. We don’t know how/when the fix(es) will be distributed, or if Microsoft will soften its “no free Win7 patches after January 14” edict in some other way.

To read this article in full, please click here

ComputerWorld Independent

How to check your vulnerability to credential dumping

February 5, 2020 0 Comments Security

Use these techniques to see if attackers have harvested authentication credentials from your Windows network.

Independent Krebs Security

Booter Boss Busted By Bacon Pizza Buy

February 4, 2020 0 Comments assistant u.s. attorney adam alexander, david bukoski, DDoS-for-hire, Ne'er-Do-Well News, quantum stresser

Credit to Author: BrianKrebs| Date: Tue, 04 Feb 2020 23:05:08 +0000

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service.

ComputerWorld Independent

Iowa Caucus chaos likely to set back mobile voting

February 4, 2020 0 Comments Blockchain, Emerging Technology, Government, Government IT, Mobile, Privacy, Security

Credit to Author: Lucas Mearian| Date: Tue, 04 Feb 2020 12:51:00 -0800

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting.

While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election.

“This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.”

To read this article in full, please click here

ComputerWorld Independent

The problem with mobile and app voting

February 4, 2020 0 Comments Blockchain, Mobile, Security

It's the day after the 2020 Iowa caucuses, and the Iowa Democratic Party has yet to announce the winner. The app that precinct leaders were supposed to use to report final tallies recorded inconsistent results. Party leaders blamed a "coding issue" within the app, not a hack or attack. Computerworld's Lucas Mearian joins Juliet to discuss the problem with mobile voting and how this snafu may affect the reputation of app voting in the future.

ComputerWorld Independent

Come on, NSA, it’s time to join the fight against Windows hacking

February 4, 2020 0 Comments Security, Windows

Credit to Author: Preston Gralla| Date: Tue, 04 Feb 2020 03:00:00 -0800

It’s no secret that hackers the world over target Windows vulnerabilities in order to wreak havoc, hold up data and networks for ransom, pull off money-making scams, and disrupt elections and the workings of democracy. They target Windows for a simple reason: volume. The operating system is on the vast majority of desktop and laptop computers worldwide.

Over the years, the U.S. National Security Agency (NSA) has unwittingly helped hackers in some of the world’s most dangerous and notoriously successful attacks by developing tools to exploit Windows security holes, rather than alert Microsoft to those vulnerabilities. Some of the tools have been leaked to hackers and used in massive attacks, including the EternalBlue cyber-exploit, which was used in the WannaCry global ransomware attack that affected computers in more than 150 countries and is estimated to have caused billions of dollars in damage.

To read this article in full, please click here

Independent Krebs Security

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

January 31, 2020 0 Comments A Little Sunshine, ars technica, chad leonard, chris nickerson, coalfire, dallas county, dallas county attorney charles sinnard, dan goodin, gary demercurio, justin wynn, matthew linholm, sen. zach whiting, state sen. amy sinclair, tom mcandrew

Credit to Author: BrianKrebs| Date: Fri, 31 Jan 2020 21:06:18 +0000

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).

ComputerWorld Independent

The perils of shouting 'fire' in a crowd of PC patchers

January 30, 2020 0 Comments Microsoft, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Thu, 30 Jan 2020 10:14:00 -0800

Time and again we see the same drama play out. Microsoft releases a security patch and scary warnings appear from every corner. When your local news broadcast tells you that you better patch Windows right now…, more temperate advice should prevail.

A little over two weeks ago, on Patch Tuesday, Microsoft released a patch for a security hole known as CVE-2020-0601 – the Crypt32.dll vulnerability also called ChainOfFools or CurveBall.

To read this article in full, please click here

ComputerWorld Independent

Fed rule on patient access to healthcare data gets EMR vendor pushback

January 30, 2020 0 Comments electronic health records, Emerging Technology, health care industry, it governance, Privacy, Security

Credit to Author: Lucas Mearian| Date: Thu, 30 Jan 2020 03:00:00 -0800

The largest electronic medical record (EMR) vendor in the U.S. is fighting a proposed government rule to allow patients and their physicians greater access to electronic health information – regardless of the technology platform – to promote data exchange.

According to a number of recent reports, EMR vendor Epic Systems is lookng to derail the finalization of a rule from the Department of Health and Human Services (HHS) that would implement some provisions of the 21st Century Cures Act. In particular, the rules governing information-blocking of patient healthcare information and EMR interoperability are at the heart of the fight.

To read this article in full, please click here

Independent Krebs Security

Sprint Exposed Customer Support Site to Web

January 29, 2020 0 Comments Data Breaches, Latest Warnings, lisa belot, Microsoft, Sprint, vice.com

Credit to Author: BrianKrebs| Date: Wed, 29 Jan 2020 19:02:56 +0000

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.