Windows TCO and Security Leftovers
-
Windows TCO
-
Security Week ☛ LockBit Ransomware Affiliate Sentenced to Prison in Canada
The man, Mikhail Vasiliev, 34, was arrested in October 2022 in his home in Bradford, Ontario. In February 2024, he pleaded guilty to stealing victims’ computer data and holding it hostage for extortion.
Vasiliev targeted at least three organizations in Canada, encrypting their data and seeking ransom payments from them.
-
Canada ☛ Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News
The 34-year-old Russian-Canadian, who moved from Moscow more than 20 years ago, admitted to being a ransomware hacker who held sensitive computer data hostage in exchange for ransom payments from victims, including businesses in Saskatchewan, Montreal and Newfoundland.
The court heard Vasiliev was initially arrested about a year and a half ago when police busted him inside his Bradford home, catching him in the act.
U.S. investigators, who had been watching Vasiliev for two years, said he was sitting at a table inside his garage while on a laptop, committing cyber crimes as part of an international ransomware group called LockBit.
-
The Register UK ☛ Stanford University failed to detect intruders for 4 months
According to Monday's filing, the data breach occurred on May 12 2023 but was only discovered on September 27 of last year, raising questions about whether the attacker(s) was inside the network the entire time and why it took so long to spot the intrusion.
-
Security Week ☛ Healthcare's Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency
According to the FBI 2023 IC3 report, healthcare suffered 249 reported ransomware attacks during last year – 31 more than the second most attacked CNI sector (critical manufacturing), and more than double the reported attacks against financial services.
-
NPR ☛ Hackers are targeting a surprising group of people: young public school students
Minneapolis Public Schools did not make any officials available for an interview. In a written statement, the district said it sent written notice of the attack to more than 105,000 people who may have been impacted by it.
"This breach was actually really huge," Gravatt says. "And it wasn't just school records. It was health records, it was all sorts of things that should be privileged information that are now just out there floating around for anybody to buy."
-
-
Integrity/Availability/Authenticity
-
Ciprian Dorin Craciun ☛ [remark] Pre-hashing large password files used with PBKDFs -- Volution Notes
While working on my z-tokens exchange encrypt / exchange decrypt key derivation scheme -- about which I've written before in Experimenting with multi-factor encryption and Misusing random oracles for practical purposes -- I've made a small realization about all current password derivation schemes (including Argon2, Scrypt, and PBKDF2). (For brevity, I'll continue referring to these as just "password derivation".)
This realization is more of a "gotcha", which doesn't impact in any way the security of password derivation algorithms.
However, it might make a big difference if you make the wrong assumptions.
Thus, before explaining my observation, let me describe a possible use-case for such password derivation schemes with large byte sequences as passwords.
-
Bitdefender ☛ Hackers target Roku: 15,000 accounts compromised in data breach
The attacks worked because some Roku account owners had made the mistake of using the same passwords on Roku as on multiple other websites. This gave those who had gained access to past data breaches an easy way to break into Roku accounts and lock out genuine users.
-
-
Confidentiality
-
University of Toronto ☛ What do we count as 'manual' management of TLS certificates
A modern big website probably has a bunch of front end load balancers or web servers that terminate TLS, and regardless of what else is involved in their TLS certificate management it's very unlikely that system administrators are logging in to each one of them to roll over its TLS certificate to a new one (any more than they manually log in to those servers to deploy other changes). At the same time, if the only bit of automation involved in TLS certificate management is deploying a TLS certificate across the fleet (once you have it) I think most people would be comfortable still calling that (more or less) 'manual' TLS certificate management.
-