Subject: New Hack Threat: Thieves Take Over Your Phone Number
Source: Newser
https://www.newser.com/story/353050/keep-your-sim-card-close-or-hackers-will-keep-it-closer.html
(More SIM cards stories.)
Source: The Register
https://www.theregister.com/2024/07/22/ransomware_la_county_superior_court/
Los Angeles County Superior Court, the largest trial court in America, closed all 36 of its courthouses today following an “unprecedented” ransomware attack on Friday. According to a statement, the malware bricked “every electronic platform containing court data,” both internal and external court systems, as well as every internet-connected device including the phones.
Since Friday, court employees and infosec experts have been working around the clock to reconfigure and restore court servers and databases, we’re told.
They are still assessing the extent of the network intrusion, however, and during the work to resurrect IT systems “have encountered obstacles that make it impossible for judges and court personnel to conduct proceedings on Monday, July 22, 2024.”
Court officials made the decision to close all locations across Los Angeles County on Sunday night, and said they expect to reopen on Tuesday.
…
The network disruption is unrelated to the CrowdStrike fiasco on Friday that shut down Windows systems across the globe, according to an earlier statement.
More about
More Content:
Source: WIRED
https://www.wired.com/story/russia-ukraine-frostygoop-malware-heating-utility/
As Russia has tested every form of attack on Ukraine’s civilians over the past decade, both digital and physical, it’s often used winter as one of its weapons—launching cyberattacks on electric utilities to trigger December blackouts and ruthlessly bombing heating infrastructure. Now it appears Russia-based hackers last January tried yet another approach to leave Ukrainians in the cold: a specimen of malicious software that, for the first time, allowed hackers to reach directly into a Ukrainian heating utility, switching off heat and hot water to hundreds of buildings in the midst of a winter freeze.Industrial cybersecurity firm Dragos on Tuesday revealed a newly discovered sample of Russia-linked malware that it believes was used in a cyberattack in late January to target a heating utility in Lviv, Ukraine, disabling service to 600 buildings for around 48 hours. The attack, in which the malware altered temperature readings to trick control systems into cooling the hot water running through buildings’ pipes, marks the first confirmed case in which hackers have directly sabotaged a heating utility.
Source: Krebs on Security
https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”On July 16, the Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to the owners of the .top domain registry. ICANN has filed hundreds of enforcement actions against domain registrars over the years, but this is thought to be the first in which ICANN has singled out a domain registry responsible for maintaining an entire top-level domain (TLD).
Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains.
“Based on the information and records gathered through several weeks, it was determined that .TOP Registry does not have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the ICANN letter reads (PDF).
ICANN’s warning redacted the name of the recipient, but records show the .top registry is operated by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd. Representatives for the company have not responded to requests for comment.
Domains ending in .top were represented prominently in a new phishing report released today by the Interisle Consulting Group, which sources phishing data from several places, including the Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus.
ICANN tries to resolve contract disputes privately with the registry and registrar community, and experts say the nonprofit organization usually only publishes enforcement letters when the recipient is ignoring its private notices. Indeed, ICANN’s letter notes Jiangsu Bangning didn’t even open its emailed notifications. It also cited the registry for falling behind in its ICANN membership fees.
With that in mind, a review of ICANN’s public enforcement activity suggests two trends: One is that there have been far fewer public compliance and enforcement actions in recent years — even as the number of new TLDs has expanded dramatically.
The second is that in a majority of cases, the failure of a registry or registrar to pay its annual ICANN membership fees was cited as a reason for a warning letter. A review of nearly two dozen enforcement letters ICANN has sent to domain registrars since 2022 shows that failure to pay dues was cited as a reason (or the reason) for the violation at least 75 percent of the time.
Piscitello, a former ICANN board member, said nearly all breach notices sent out while he was at ICANN were because the registrar owed money.
Tagged:
Source: Ars Technica
https://arstechnica.com/tech-policy/2024/07/fcc-details-att-screwups-behind-outage-that-blocked-25000-calls-to-911/
[h/t Sabrina] AT&T outage post-mortem – A government investigation has revealed more detail on the impact and causes of a recent AT&T outage that happened immediately after a botched network update. The nationwide outage on February 22, 2024, blocked over 92 million phone calls, including over 25,000 attempts to reach 911. As described in more detail later in this article, the FCC criticized AT&T for not following best practices, which dictate “that network changes must be thoroughly tested, reviewed, and approved” before implementation. It took over 12 hours for AT&T to fully restore service.
“All voice and 5G data services for AT&T wireless customers were unavailable, affecting more than 125 million devices, blocking more than 92 million voice calls, and preventing more than 25,000 calls to 911 call centers,” the Federal Communications Commission said yesterday. The outage affected all 50 states as well as Washington, DC, Puerto Rico, and the US Virgin Islands.
The outage also cut off service to public safety users on the First Responder Network Authority (FirstNet), the FCC report said. “Voice and 5G data services were also unavailable to users from mobile virtual network operators (MVNOs) and other wireless customers who were roaming on AT&T Mobility’s network,” the FCC said.
An incorrect process – While the network change was rolled back within two hours, full service restoration “took at least 12 hours because AT&T Mobility’s device registration systems were overwhelmed with the high volume of requests for re-registration onto the network,” the FCC found.
Outage reveals deeper problems at AT&T – Although a configuration error was the immediate cause of the outage, the FCC investigation revealed various problems in AT&T’s processes that increased the likelihood of an outage and made recovery more difficult than it should have been. The FCC Public Safety and Homeland Security Bureau analyzed network outage reports and written responses submitted by AT&T and interviewed AT&T employees. The bureau’s report said:
The Bureau finds that the extensive scope and duration of this outage was the result of several factors, all attributable to AT&T Mobility, including a configuration error, a lack of adherence to AT&T Mobility’s internal procedures, a lack of peer review, a failure to adequately test after installation, inadequate laboratory testing, insufficient safeguards and controls to ensure approval of changes affecting the core network, a lack of controls to mitigate the effects of the outage once it began, and a variety of system issues that prolonged the outage once the configuration error had been remedied.
…
AT&T could eventually face some kind of punishment. The Public Safety and Homeland Security Bureau referred the matter to the FCC Enforcement Bureau for potential violations of FCC rules.
Verizon Wireless last month agreed to pay a $1,050,000 fine and implement a compliance plan because of a December 2022 outage in six states that lasted one hour and 44 minutes. The Verizon outage was similarly caused by a botched update, and the FCC investigation revealed systemic problems that made the company prone to such outages.
…
[wonder how this affected their stock prices … at that time?]
Filed: https://arstechnica.com/tech-policy/
RSS: https://arstechnica.com/tech-policy/feed/
Other corporate fiascos: https://arstechnica.com/tech-policy/2024/07/crowdstrikes-ubiquity-under-fire-as-congress-calls-for-ceo-to-testify/
Subject: Tax watchdog says IRS has work to do on Login.gov security controls
Source: FedScoop
https://fedscoop.com/irs-login-dot-gov-security-controls-tigta-tax-treasury-report/
Where the IRS is falling short, the watchdog said, is in its requirements for how credential service providers (CSPs) capture and provide “sufficient audit log content.”