Inside Security - November 25th, 2019

Inside Security (Nov 25th, 2019)

Senator doubts 2016 DNC hack source / Ransomware damages Louisiana network / Bill could enable Russian espionage

Subscribe | View in browser

1. Sen. John Kennedy (R-La) questioned U.S. intelligence agencies' reports concluding that Russian was behind the hack of the Democratic National Committee (DNC) server in 2016 during an interview with Fox News on Sunday. "I don't know, nor do you, nor do any of us," Kennedy told Fox News' Chris Wallace when asked whether he accepted that Russia, not Ukraine, was behind the hack. In impeachment testimony on Thursday, Fiona Hill, a former National Security Council official in the Trump administration, criticized Republicans on the committee for promoting the "fictional narrative" that Ukraine was responsible for the hack, a narrative promoted by the Russian intelligence services. -- THE HILL

2. A ransomware attack on Louisiana state government servers damaged 10 percent of the network. While no data was lost and no ransom was paid, the attack did negatively impact state agencies, particularly the Office of Motor Vehicles, the state's deputy chief information officer, Neal Underwood, told state lawmakers. The ransomware attack occurred two days after statewide elections for governor, the legislature, and other offices around the state. Louisiana's secretary of state said that it had no impact on election returns and expects the results to be certified this week. -- AP

3. The lower house of the Russian parliament has approved a measure requiring any computing device sold in Russia to come with pre-loaded "Russian software" that some fear could be used as a backdoor for espionage. The bill, which still needs approval by the upper house and President Vladimir Putin, would take effect in July 2020. The move comes after the Russian parliament passed a law earlier this month that requires Russian internet service providers (ISPs) to establish deep packet inspection on all internet traffic. It also mandates the country's ISPs prepare for the implementation of a separate domain name system under Russian government control. -- NAKED SECURITY

4. The open-source search-engine Apache Solr contains a vulnerability that attackers could exploit to launch remote code execution (RCE) attacks, security researchers warn. The vulnerability lies in the default configuration file in Apache Solr running in Linux. The bug has been known for a while, but only recently did researchers discover the RCE flaw. The Apache Solr team issued a security advisory about the vulnerability, recommending that administrators set the ENABLE_REMOTE_JMX_OPTS configuration option in the default configuration file to "false" on every Solr node and then restart Solr. The team also recommended that Solr servers be kept behind firewalls. -- ZDNET

5. Australia's My Health Record system failed to adequately manage cybersecurity risk, a government audit found. My Health Records is the national health record system for the country, and cost $1.5 billion to implement. Around 90 percent of Australians use the system, but fewer than a quarter of healthcare providers use it. The Australian National Audit Office found that the Australian Digital Health Agency could not guarantee that emergency access requests to view an individual health record were legitimate. In addition, they failed to complete four privacy reviews and institute adequate cybersecurity protections covering third-party sites and apps. -- THE GUARDIAN

6. Public schools in Livingston, N.J., were attacked by ransomware, delaying classes at a school district on Monday. Attackers deployed ransomware on the network linking nine schools and encrypted data. The phone system remains down, although students and staff will be able to use the internet and email accounts. School officials said it could take weeks to get the data back and resolve the issue. They did not say how much the attackers were asking in ransom or whether they were considering paying it. -- CBS NEW YORK

7. Scams using push notifications that appear in browsers are on the rise. Kaspersky Lab researchers have found that the number of users being hit by ad and scam subscriptions using push notifications has risen from fewer than 2 million in January 2019 to more than 5.5 million in September. In addition, Kaspersky Lab products blocked ad and scam notifications sign up and demonstration attempts on the devices of more than 14 million users during the first three-quarters of 2019. Researchers have observed the highest share of users affected by unsolicited push notification scams in Algeria, Belarus, Nepal, Kazakhstan, and the Philippines. -- SECURELIST

8. Hackers have accessed OnePlus customers' order information, such as names, phone numbers, email addresses, and shipping addresses, through a vulnerability in its website. The Chinese smartphone maker is warning customers that the hackers may use the information for phishing emails. It is advising customers to be wary of email messages asking for personal information, such as passwords or financial information. The company did not disclose how many customers were affected. Last year, OnePlus admitted that up to 40,000 customers could have had payment card data stolen after hackers breached its website. -- SECURITY WEEK

9. More than 480 million mobile VPN apps, which are used to secure voice and messaging traffic, have been downloaded from the official Apple and Android app stores over the last 12 months, a 54 percent increase from the downloads last year. Three-quarters of those downloads were for Android VPN apps, which reflects the larger Android user base. The increase in mobile VPN apps was most prevalent in the Asia-Pacific region, an area undergoing considerable political and social unrest, said Simon Migliano, head of research at Top10VPN, which compiled the data. The country with the top number of mobile VPN app downloads over the last year was Indonesia, followed by the United States and India. -- ZDNET

10. Catch Hospitality Group admitted that credit card account scraping malware was installed on point-of-sale (POS) systems at some of its locations. The malware was active between March 19 and October 17, 2019, at its Catch NYC and Catch Rooftop restaurant and between Sept. 17 and Oct. 17, 2019, at its Catch Steak restaurant, which recently opened. The malware is able to steal credit card numbers, expiration dates, and internal verification codes, and in some cases customers' names. The malware did not infect mobile POS systems, which use point-to-point encryption, the company explained. The company did not say how many customers might have been victimized by the malware. -- BLEEPING COMPUTER

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Edited by Inside Dev and Inside Deals editor Sheena Vasani

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security