ABC News: DOJ announces charges against 6 Russian military officers allegedly involved in hacking, malware operations. “The indictment specifically accuses the six alleged hackers of engaging in computer intrusions ‘intended to support Russian government efforts to undermine, retaliate against or otherwise destabilize’ Ukraine, Georgia, elections in France, the 2018 PyeongChang Olympic Games and international efforts to hold Russia accountable for its use of the nerve agent Novichok on foreign soil.”
security
Motherboard: Skepticism Mounts Around Alleged Trump Twitter Hack
Motherboard: Skepticism Mounts Around Alleged Trump Twitter Hack. “On Thursday, Dutch media outlets reported that security researcher Victor Gevers had accessed President Trump’s Twitter account with the password ‘maga2020!’ But multiple security experts including those who track how Twitter accounts are compromised, as well as a review of the material that Gevers provided to Dutch and other media to corroborate his claim, throw doubt onto the hacking claim.”
New York Times: The Police Can Probably Break Into Your Phone
New York Times: The Police Can Probably Break Into Your Phone. “At least 2,000 law enforcement agencies have tools to get into encrypted smartphones, according to new research, and they are using them far more than previously known.”
Washington Post: U.S. agencies mount major effort to prevent Russian interference in the election even though Trump downplays threat
Washington Post: U.S. agencies mount major effort to prevent Russian interference in the election even though Trump downplays threat. “The U.S. government is mounting a major effort to prevent a repeat of 2016 — when federal agencies were slow to address Russia’s attempts to manipulate the presidential election — and is taking a range of actions despite the disinterest of President Trump, who questions intelligence that the Kremlin is intent on undermining American democracy.”
The Daily Swig: New Zealand launches data breach notification tool
The Daily Swig: New Zealand launches data breach notification tool. “New Zealand’s privacy commissioner has launched a new tool to help organizations based in the country determine whether a data breach needs to be reported or not. The tool, called NotifyUs, will enable data handlers to check whether it is mandatory to report a breach under new rules.”
Report: Ransomware Disables Georgia County Election Database (News18)
News18: Report: Ransomware Disables Georgia County Election Database. “A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots. It is the first reported case of a ransomware attack affecting an election-related system in the 2020 cycle.”
ZDNet: New Gitjacker tool lets you find .git folders exposed online
ZDNet: New Gitjacker tool lets you find .git folders exposed online. “A new tool called Gitjacker can help developers discover when they’ve accidentally uploaded /.git folders online and have left sensitive information exposed to attackers.”
MIT Technology Review: Live facial recognition is tracking kids suspected of being criminals
MIT Technology Review: Live facial recognition is tracking kids suspected of being criminals. “In a national database in Argentina, tens of thousands of entries detail the names, birthdays, and national IDs of people suspected of crimes. The database, known as the Consulta Nacional de Rebeldías y Capturas (National Register of Fugitives and Arrests), or CONARC, began in 2009 as a part of an effort to improve law enforcement for serious crimes. But there are several things off about CONARC. For one, it’s a plain-text spreadsheet file without password protection, which can be readily found via Google Search and downloaded by anyone.”
CNBC: Hackers look to buy brokerage log-ins on the dark web with Robinhood fetching highest prices
CNBC: Hackers look to buy brokerage log-ins on the dark web with Robinhood fetching highest prices. “As a new generation of investors flock to the stock market, criminals are looking for ways to exploit them. Hackers have turned to the dark web, where log-ins for accounts at major brokerage firms are listed for sale, according to security analysts and listings seen by CNBC.”
The Guardian: ‘Smart’ male chastity device can be controlled by hackers, users warned
The Guardian: ‘Smart’ male chastity device can be controlled by hackers, users warned. “The maker of a ‘smart’ male chastity device has recommended using a screwdriver to break it open after warnings it can be locked remotely by hackers. The Bluetooth-controlled Cellmate device can only be unlocked via an app. Its manufacturer, the Chinese company Qiui, issued a video titled ‘When nothing else works’, showing the screwdriver fix.”
The Daily Swig: GHunt OSINT tool sniffs out Google users’ account information using just their email address
The Daily Swig: GHunt OSINT tool sniffs out Google users’ account information using just their email address . “GHunt lets individuals, or security experts, analyze a target’s Google ‘footprint’ based just on an email. The open source intelligence, or OSINT, tool can extract the account owner’s name and Google ID, YouTube channel, and active Google services, including Photos and Maps. GHunt can also reveal public photos, phone model, make, firmware and installed software, and potentially, the user’s physical location.”
Washington Post: Crime rose unevenly when stay-at-home orders lifted. The racial disparity is the widest in years.
Washington Post: Crime rose unevenly when stay-at-home orders lifted. The racial disparity is the widest in years.. “A Washington Post analysis of 27 cities showed the rolling rate of violent crime in majority-White neighborhoods fell by 30 percent while stay-at-home orders were in effect, dipping to its lowest point in two years. Once the orders were lifted, violent crime in those neighborhoods returned to pre-pandemic levels, but stayed below average when compared with 2018 and 2019. In majority-Black neighborhoods, the rate of violence remained relatively steady while stay-at-home orders were in effect, but rose dramatically after orders were lifted, peaking at 133 crimes per 100,000 residents in July, the highest level in the past three years.”
Google: Chinese Hackers Are Posing as McAfee Antivirus to Phish Victims (PCMag Australia)
PCMag Australia: Google: Chinese Hackers Are Posing as McAfee Antivirus to Phish Victims. “Chinese state-sponsored hackers may be impersonating antivirus provider McAfee in order to trick high-profile targets into downloading malware. The suspected Chinese hacking group, APT 31, has been resorting to the tactic, according to Google’s security team. Back in June, the company’s security researchers reported that APT 31 had been targeting Joe Biden’s Presidential campaign by sending phishing emails to his staff. The goal was to hijack their personal email accounts, but Google says the phishing attempts all appear to have failed.”
‘Classified knots’: Researchers create optical framed knots to encode information (Phys .org)
Phys .org: ‘Classified knots’: Researchers create optical framed knots to encode information. “In a world first, researchers from the University of Ottawa in collaboration with Israeli scientists have been able to create optical framed knots in the laboratory that could potentially be applied in modern technologies. Their work opens the door to new methods of distributing secret cryptographic keys—used to encrypt and decrypt data, ensure secure communication and protect private information.” I tried to look up framed knots but I was hit over the head with a mathematics cudgel. Wikipedia has an overview.
CNN: Microsoft takes down massive hacking operation that could have affected the election
CNN: Microsoft takes down massive hacking operation that could have affected the election. “Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue. The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.”