Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple show more ...
legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space. The IP address ranges in the upper-left portion of this map of QAnon and 8kun-related sites — some 21,000 IP addresses beginning in “206.” and “207.” — are assigned to N.T. Technology Inc. Image source: twitter.com/Redrum_of_Crows That idea was floated by Ron Guilmette, a longtime anti-spam crusader who recently turned his attention to disrupting the online presence of QAnon and 8chan (recently renamed “8kun”). On Sunday, 8chan and a host of other sites related to QAnon conspiracy theories were briefly knocked offline after Guilmette called 8chan’s anti-DDoS provider and convinced them to stop protecting the site from crippling online attacks (8Chan is now protected by an anti-DDoS provider in St. Petersburg, Russia). The public face of 8chan is Jim Watkins, a pig farmer in the Philippines who many experts believe is also the person behind the shadowy persona of “Q” at the center of the conspiracy theory movement. Watkin owns and operates a Reno, Nev.-based hosting firm called N.T. Technology Inc. That company has a legal contract with the American Registry for Internet Numbers (ARIN), the non-profit which administers IP addresses for entities based in North America. ARIN’s contract with N.T. Technology gives the latter the right to use more than 21,500 IP addresses. But as Guilmette discovered recently, N.T. Technology is listed in Nevada Secretary of State records as under an “administrative hold,” which according to Nevada statute is a “terminated” status indicator meaning the company no longer has the right to transact business in the state. N.T. Technology’s listing in the Nevada Secretary of State records. Click to Enlarge. The same is true for Centauri Communications, a Freemont, Calif.-based Internet Service Provider that serves as N.T. Technology’s colocation provider and sole connection to the larger Internet. Centauri was granted more than 4,000 IPv4 addresses by ARIN more than a decade ago. According to the California Secretary of State, Centauri’s status as a business in the state is “suspended.” It appears that Centauri hasn’t filed any business records with the state since 2009, and the state subsequently suspended the company’s license to do business in Aug. 2012. Separately, the California State Franchise Tax Board (FTB) suspended this company as of April 1, 2014. Centauri Communications’ listing with the California Secretary of State’s office. Neither Centauri Communications nor N.T. Technology responded to repeated requests for comment. KrebsOnSecurity shared Guilmette’s findings with ARIN, which said it would investigate the matter. “ARIN has received a fraud report from you and is evaluating it,” a spokesperson for ARIN said. “We do not comment on such reports publicly.” Guilmette said apart from reclaiming the Internet address space from Centauri and NT Technology, ARIN could simply remove each company’s listings from the global WHOIS routing records. Such a move, he said, would likely result in most ISPs blocking access to those IP addresses. “If ARIN were to remove these records from the WHOIS database, it would serve to de-legitimize the use of these IP blocks by the parties involved,” he said. “And globally, it would make it more difficult for the parties to find people willing to route packets to and from those blocks of addresses.”
Galen Emery of Chef comes into the Security Ledger studios to talk about how security and compliance are "shifting left" with DEVSECOPS. The post Episode 191: Shifting Compliance Left with Galen Emery of Chef appeared first on The Security Ledger. Related StoriesPodcast Episode 189: AppSec for Pandemic Times, show more ...
A Conversation with GitLab Security VP Jonathan HuntSpotlight Podcast: CTO Zulfikar Ramzan on RSA’s Next Act: Security Start-UpSpotlight Podcast: Taking a Risk-Based Approach to Election Security
Attacks involving an unmanaged device such as a minuscule Raspberry Pi and no malware expose gaps in cybersecurity visibility that must be addressed proactively by security teams.
Using renamed copies of PowerShell and Windows’VBscript host and scripts based on PowerShell pen-testing tool, LockBit actors searched for systems with valuable data to hit at small organizations.
A new Accenture report examines the tactics, techniques, and procedures employed by some of the most sophisticated cyber adversaries and explores how cyber incidents could evolve over the next year.
According to a new report by VMware Carbon Black, 82% of attacks now involve instances of “counter incident response” where victims claim attackers have the resources to “colonize” victims’ networks.
A data exposure by MAXEX, an Atlanta-based residential mortgage trading company, underscores the opaque transfer of personal data and the risks that come with it - even years later.
An information disclosure vulnerability exists in the WebGL functionality of Google Chrome 83.0.4103.116 (Stable) and 86.0.4198.0 (Developer) which can be exploited by specially crafted JavaScript.
The clients affected were informed of the incident in a letter that claimed there had been an “unlawful access” of confidential client information in its document archive.
Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.
The Egregor ransomware gang, which emerged in September, claims to have bought network access to the bookseller’s systems before encrypting the networks and stealing “financial and audit data.”
The Iran-linked Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of its espionage attacks on companies and government agencies in the Middle East region.
Trustwave released a report which depicts how technology trends, data compromise risks, and security regulations are shaping how organizations’ data is stored and protected.
On October 19, bug bounty hunter William “vakzz” Bowling released a GitHub security advisory – one of three – that disclosed a severe bug exposing individual ‘gists’ due to open redirect errors.
An apparent ransomware infection at Barnes & Noble has led to speculation over whether a lack of business network segmentation could have assisted the malware’s propagation.
The team behind Lightning Network has released extensive details on the vulnerabilities that were discovered in the cryptocurrency protocol and its software implementations.
Named T-RAT, the malware is available for only $45, and its primary selling point is the ability to control infected systems via a Telegram channel, rather than a web-based administration panel.
Samsung phones will soon come with automatic spam call blocking, a part of Samsung Smart Call, which will debut on the Galaxy Note 20 and will roll out to all new devices released after 2020.
With the use of cryptominer in combination with ransomware payloads, the computer would already start earning money for the cybercriminals just as the user saw the ransom note.
The group, consisting of Internet emergency response teams from 539 organizations worldwide, seeks to provide cybersecurity professionals with guidance on how to behave ethically during incidents.
The firm's biggest customers in the financial sector include Société Générale, BNP Paribas, La Banque Postale, HSBC, Crédit Agricole, RBS, Huyndai Capital, and the Bank of China.
WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing, and building management.
As ransomware attacks have quickly morphed over the past few years into a billion-dollar business, the groups behind them are increasingly adopting the practices and tactics of corporate businesses.
Posing as Marks & Spencer CEO Steve Rowe, the scammers have posted fraudulent adverts that promise victims the chance to win a gift voucher as part of a fictitious prize draw promotion.
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable a denial of service (DoS) condition on affected devices.
In a short press conference held today by the US Department of Justice, high-ranking officials with the US government claimed that Iran was behind a wave of emails sent to US voters earlier this week.
Speaking during Infosecurity Online, Manja Kuchel, senior product marketing manager at SolarWinds, outlined the three key elements of an effective zero-trust approach to security within organizations.
The Kremlin on Tuesday denied US claims that Russian military intelligence was behind cyberattacks targeting Ukraine's power grid, the 2017 French election, and the 2018 Winter Olympic Games.
Apart from its plant in India, the other plants that have shut include the ones at Brazil, Russia, the United Kingdom, and the United States. The breach is reported to have taken place early Thursday.
Over 60% of credential stuffing attacks detected over the past two years have been targeted at retail, travel, and hospitality businesses, according to the latest report by Akamai.
The company says it will use the new funds to accelerate the launch of new products and expand to new markets, as well as to strengthen its position in the MDR and security operations markets.
The report provides details on threats that characterized the period of the analysis and highlights major changes from the 2018 threat landscape due to the COVID-19-led transformation of cyberspace.
Security researchers have lifted the lid on a highly sophisticated global botnet operation performing millions of attacks per day, including cryptocurrency mining, spamming and defacements.
The Taiwanese vendor published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices are affected by the Zerologon vulnerability.
An NSA advisory is warning officials and organizations against 25 well-known vulnerabilities that are under active exploitation by China-backed cybercriminals. You could be at risk too.
From domain spoofing to captcha hijacking, cybercriminals are doing all they can to infiltrate and harass public cloud users. Now is the time to take action before they attempt to engulf you.
Organizations in India are seeing a significant increase in the cybersecurity challenges they face amid the shift to mass remote work during the pandemic, a new study by Cisco shows.
Vastaamo, which sees patients in 20 cities including Helsinki, Joensuu, Jyväskylä, Pori, Turku, and Tampere, says “an unknown hostile party” got in touch saying they had obtained customer details.
Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.
Red Hat Security Advisory 2020-4311-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2020-4307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible show more ...
and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2020-4305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
Red Hat Security Advisory 2020-4306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot? All this and much more is discussed in the latest edition of the award-winning "Smashing show more ...
Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Tim Hwang.
European IT services group Sopra Steria has been hit by a cyber attack. Which would be unfortunate for any business at the best of times, but is possibly even more galling for a firm like Sopra Steria which has a specialist cybersecurity branch which claims to help customers “protect sensitive information, and prevent costly data breaches.”
According to Dutch ethical hacker Victor Gevers, as recently as last week the US President's @realDonaldTrump account was protected by the incredibly-dumb password "maga2020!" and did not have two-factor authentication (2FA) enabled.
The Twitter account of the Fort Bragg US military base was deleted last night, after what it claimed was a hack. But whether it really was hacked or not is up for debate.
Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw opened up opportunities for cybercriminals to completely compromise WordPress sites. Read more in my article on the Tripwire State of Security blog.
Facebook has filed federal lawsuits against four individuals who it claims have been selling fake Instagram followers. Read more in my article on the Hot for Security blog.