Category Archives: Security

New Orleans City Hall Hit by Ransomware



It is always worrying when a city government is hit by a ransomware attack. That appears to be what happened to the New Orleans City Hall on December 13, 2019. According to the New Orleans Times-Picayune, workers were told a cyberattack had struck the city government.

The workers were told to turn off and unplug their computers. City websites were down. In addition, the New Orleans Police Department was also told to shut down their computer equipment and remove everything from the network. This is not the first time Louisiana has had this problem.

State government was hit by a ransomware attack last month, though it was able to restore its system without giving in to demands. Gov. John Bel Edwards declared a state of emergency, and the state Office of Motor Vehicles was hit especially hard, with many of its offices forced to close for several days.

In a press conference, Chief Information Officer Kim LaGrue said there was evidence of both phishing attempts and ransomware. No city employees reported providing login information in response to the emails, thanks to cybersecurity training that started in the fall of this year. It was unclear if ransomware had been installed or had begun to encrypt any city systems.

The odd thing about this situation is that, according to Mayor LaToya Cantrell, no requests for money had been made as a result of the ransomware attack.

Typically, thieves who use ransomware demand a specific amount of money, in a certain currency, to be delivered to them before a deadline. If the attacker wasn’t after money – what were they looking for?


Network Solutions had a Data Breach



Network Solutions determined on October 16, 2019, that a third-party gained unauthorized access to a limited number of their computer systems in late August of 2019. For whatever reason Network Solutions did not let its customers know about this data breach until November 5, 2019.

Our investigation indicates that account information for current and former Network Solutions customers may have been accessed. This information includes contact details such as name, address, phone numbers, email address and information about the services we offer to a given account holder. We encrypt credit card numbers and no credit card data was compromised as a result of this incident.

Network Solutions says that after discovering the intrusion, they took immediate steps and engaged a leading independent cybersecurity firm to investigate and determine the scope of the incident. They also notified the proper authorities and began working with federal law enforcement. In addition, they say they are “committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity.”

All of that sounds like they are doing something about the data breach. And yet, to me it seems like they are being rather hesitant to share specific details that might make customers feel a bit better. They mention that they “engaged a leading independent cybersecurity firm to investigate”, but fail to clarify which one they are working with.

If you are a customer of Network Solutions, you may have received a notification from them about this data breach through email and also through their website. The company is also requiring all users – not only the ones who were affected by the data breach – to reset their account passwords. Network Solutions points out that it is good security practice to change your password often and use a unique password for each service.


Two Senators Think TikTok Poses National Security Risk



You may have seen some brief, funny, videos from TikTok posted on social media. It functions similarly to how Vine used to. While most of us don’t give much consideration to what TikTok may be doing other than providing a moment of amusement, two U.S. Senators are questioning if TikTok may be dangerous.

The Washington Post reported that two senior members of Congress, Senate Majority Leader Charles E. Shumer (D-N.Y.) and Senator Tom Cotton (R-Ark.) have asked U.S. intelligence officials to determine whether the Chinese-owned social-networking app TikTok poses “national security risks”.

The two senators sent a letter to Acting Director of National Intelligence, Joseph Maguire about TikTok. They questioned TikTok’s data-collection practices and whether the app could be used by the Chinese-owned social-networking app to limit what U.S. users could see. The Senators ask the Intelligence Community to conduct an assessment of the national security risks posed by TikTok and other China-based content platforms operating in the U.S. and brief congress on these findings.

In response, TikTok posted a statement in which they attempt to “set the record straight on some specific issues.” Here are some key points from TikTok’s statement:

We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.

TikTok states that it does not remove content based on sensitivities related to China. TikTok says it has never been asked by the Chinese government to remove any content and that they would not do so if asked. Their U.S. moderation team, which is led out of California, review content adherence to U.S. policies. TikTok states: We are not influenced by any foreign government, including the Chinese government.

It is up to individual people whether or not they trust TikTok’s statement. The fact that two U.S. Senators, (one Democratic and one Republican) think something may be up makes me feel very unsure about TikTok.


Equifax Will Pay $575 Million as Part of Settlement With FTC



The Federal Trade Commission announced that Equifax Inc. has agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the Consumer Financial Protection Bureau (CFPB) and 50 states and territories, which alleged that the credit reporting company’s failure to take reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people.

As you may recall, Equifax discovered a data breach on July 29, 2017, but did not announce it until September of 2017. Hackers were able to access files that included personal information including dates of birth, Social Security numbers, addresses, and credit card numbers.

This is a nightmare scenario for not only a credit bureau, but also all the people who trusted Equifax to keep their personal information safe and secure. The FTC alleges that Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability affecting its ACIS database. That is the database which handles inquires from consumers about their personal credit data.

The proposed settlement:

  • Equifax will pay $300 million to a fund that will provide affected consumers with credit monitoring services. The fund will also compensate consumers who bought credit or identity monitoring services from Equifax and paid other out-of-pocket expenses as a result of the 2017 data breach.
  • Equifax will add up to $125 million to the fund if the initial payment are not enough.
  • Beginning in January of 2020, Equifax will provide all U.S. consumers with six free credit reports each year for seven years – in addition to the one free annual credit report that all credit bureaus offer.
  • Equifax will pay $174 million to 48 states, the District of Columbia, and Puerto Rico, as well as $100 million to CFPB in penalties.
  • The settlement also requires Equifax to obtain third-party assessments of its information security program every two years.

MJR Digital Cinemas has upgraded, but what’s wrong with this picture?



Despite the ever-increasing tab at the box office, we all, or most of us, enjoy seeing an occasional movie on the big screen. There are just some flicks that lend themselves to the immersive experience. 

The good news is theaters around the country have been upgrading recently – improved seating and digital systems along with a wider selection of (overpriced) goodies to choose from and dine on during your show. Some now even have bars. 

One theater chain in Michigan, MJR, has been among those to upgrade, however they apparently failed to consult any sort of IT professional, or at least one who knows anything about security. Take a look at the image below and see if any problems seem apparent. 

At least they made the job easy for hackers. In fact, there’s no real job at all, it’s just handed over to them. 


VLC patches multiple security flaws, two critical



There are many options out there for media playback, we’ve come a long way since Windows Media Player and Quicktime.  Alternatives abound, and some of them quite compelling.

Take the Video Lan Client, better known to everyone as VLC, which is capable playing almost any format a user can throw at it. Like any software, however, there are always bugs, and sometimes security holes  that could allow bad things to happen to good people.

VLC is issuing a number of security fixes, 33 of them to be exact, designed to keep your system healthy. Two of these are considered critical, designed to patch an out-of-bound write vulnerability and a stack-buffer-overflow bug.

According ThreatPost “Details are scant on the two high-severity bugs and how they could be exploited. Impacted is VLC 3.0.7 and the EU-FOSSA release of the player, along with code tied to the upcoming 4.0 release of the player.”

The high number of patches comes on the heels of a new bug bounty program started by the European Commission on January 7, 2019.

The updates are being pushed out so users shouldn’t need to do anything except wait, and actually, you may already have it.


Facebook and Twitter Disabled a Disinformation Campaign with Ties to Iran



The Washington Post reported that both Facebook and Twitter said they had disabled a “sprawling disinformation campaign that appeared to originate in Iran”. It included two Twitter accounts that mimicked Republican congressional candidates and may have sought to push pro-Iranian political messages.

According to The Washington Post, a private security firm called Fire Eye “did not attribute the activity to either Iranian state leaders or malicious actors operating within the country.” However, some of the tweets supported the Iranian nuclear deal, which President Trump withdrew from a year ago.

Some of the disabled account appeared to target their propaganda at specific journalists, policymakers, dissidents and other influential U.S. figures online. Those tactics left experts fearful that it could mark a new escalation in social-media warfare, with malicious actors stealing real-world identities to spread disinformation beyond the web.

Facebook posted on its Facebook Newsroom that it had removed 51 Facebook accounts, 36 Pages, seven Groups, and three Instagram accounts involved in coordinated inauthentic behavior that originated in Iran.

Facebook said the individuals involved misled people about who they were and what they were doing. “They purported to be located in the US and Europe, used fake accounts to run Pages and Groups, and impersonated legitimate news organizations in the Middle East. The individuals behind this activity also represented themselves as journalists or other personas and tried to contact policymakers, reporters, academics, Iranian dissidents and other public figures.”

Yoel Roth, Head of Site Integrity at Twitter, posted a thread of tweets that began with: “Earlier this month, we removed more than 2,800 inauthentic accounts originating in Iran. These are the accounts that FireEye, a private security firm, reported on today. We were not provided with this report or its findings.”

In another tweet, he wrote: “These accounts employed a range of false personas to target conservatives about political social issues in Iran and globally. Some engaged directly through public replies with politicians, journalists, and others.”

People need to be smarter about how they consume content on Facebook and Twitter. Think before you click a link. Seek out the real news website instead. Don’t retweet or share something without first taking the time to verify that it isn’t “fake news”.