Thursday, October 24, 2019

Hospital Bathroom Video Voyeur had 1 Million Images

FL - Authorities have arrested a 41-year-old man who they say hid a small camera in bathrooms at three Florida medical facilities...
 
Police began investigating on Oct. 3 when a hidden camera was found inside an employee bathroom at St. Mary's Medical Center. 
 
Investigators found more than a million still and video images.
 
(The suspect) was a technician who took CT scans at the hospital and PET scans at medical facilities in Delray Beach and Boca Raton. more

Toga! Toga! Toga! ...SCIF Fight!

SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.

About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.

A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more

"You're all worthless and weak!" ~Doug Neidermeyer

Wednesday, October 23, 2019

CNN - In 1999 a listening device was planted inside the State Department...

After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more

Thanks to our Blue Blase Irregular at Big T for spotting this one for us.

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

Friday, October 18, 2019

IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

It also issued a slew of additional patches addressing other flaws in its products.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more

Thursday, October 17, 2019

Why Do CIA Spies Stop at Every Yellow Light?

After spending years in the CIA fighting to prevent nuclear terrorism and other catastrophes, some old habits just will not go away for the ex-spy Amaryllis Fox...

...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...

...CIA spies learn to master skills regular people do not, and they stick with you...

...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more

Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?

The privacy backlash against AI-powered digital assistants has just taken an interesting twist, with a senior exec from one of the core proponents of the technology admitting that he has his own privacy concerns over the tech.

Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more

Calling All Ears - Calling All Ears

“EAVESDROPPING,” COMEDY CENTRAL DIGITAL SKETCH
Comedy Central is casting talent for “Eavesdropping,” a digital sketch. The production needs talent, aged 20–40, to play cute families, tourists, creepy men, and more. Two of the roles require the ability to cry on command. Filming will take place on Oct. 23 in New York City. Pay is $100 per day with meals provided on set. Apply here for the general background roles and apply here for the crying background roles!

Massive Corporate Espionage Attack: 'One million pages stolen'

Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious.

Any pharmaceutical company without: 
  • a robust Information Security Policy, 
  • Recording in the Workplace Policy
  • IT Compliance and Surveillance program, 
  • regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
is an easy target. Sadly, they won't even know they have had their brains picked until the damage is done.

CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin

Iranian President's Brother Claims Presidential Office was Bugged

Iran - After surrendering to serve his five-year term in prison, the younger brother of Iran’s president, Hossein Fereydoun claimed in a statement October 16 that the judge had convicted him based on eavesdropping on the presidential office.

A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more

Holy Crap: IT Folks Fear the Internet Connected Toilet

IT security professionals are nervous people.

This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...

The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...

Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.

Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.

I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more

Friday, October 11, 2019

Spy Camera Detectors – Do they work? How do they work?

Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.

In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.

Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.

With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.

Planting Spy Chips in Routers - Proof of Concept

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...

But even as the facts of that story remain unconfirmed...

Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
5 Cheap Things to Beef Up Your Security
by Rob Kleeger,
Digital4nx Group

Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
  1. Invest in a Password Manager:  If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
  2.  Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
  3. Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
  4. Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore. 
  5. Don't forget about the paper:  In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder.  Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.

Thursday, October 10, 2019

LaFollette Councilwoman Indicted - 34 counts of Wiretapping and Electronic Surveillance

TN - A LaFollette city councilwoman was indicted Thursday on wiretapping and official misconduct charges after a nearly eight-month investigation by the Tennessee Bureau of Investigation...


Campbell County District Attorney Jared Effler requested the TBI investigate after a recording device was found in the LaFollette City Hall Conference Room. Investigators later determined that Thompson was responsible for placing the device in the conference room.

On October 2nd, the Campbell County Grand Jury returned indictments charging Thompson with 34 counts of Wiretapping and Electronic Surveillance and two counts of Official Misconduct.  more