Victims of the ZeroFucks ransomware don’t have to pay the ransom, they only need to download the
When the ransomware encrypts files the following GUI is displayed to the victims, crooks demand a €400 ransom worth of Bitcoins.
Below the ransom note left on the infected systems by the ransomware:
“All your important files have been encrypted. If you want your files back, you need to pay €400 in Bitcoins. After the payment is received, we will give you access to unlock your files. Click on the Payment button to get more info.” reads ransom note
“If you don’t pay within 48 hours, the price will be doubled. After another 24 hours, the price will be doubled again. If you don’t pay within 96 hours your files will be destroyed.”
The post Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware appeared first on Security Affairs.
Once again thank you!
| For nearly a year, Brazilian users have been targeted with router attacks |
|NCSC report warns of DNS Hijacking Attacks|
|SAP Patch Day – July 2019 addresses a critical flaw in Diagnostics Agent|
|A flaw could have allowed hackers to take over any Instagram account in 10 minutes|
|Apple temporarily blocked Walkie-Talkie App on Apple Watch due to a flaw|
|Emsisoft released a free decryptor for the Ims00rry ransomware|
|Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code|
|La Porte County finally opted to pay $130,000 Ransom|
|The npm installer for PureScript package has been compromised|
|A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files|
|DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape|
|iOS URL Scheme expose users to App-in-the-Middle attack|
|Media File Jacking allows manipulating media files users receive via Android WhatsApp and Telegram|
|Mysterious hackers steal data of over 70% of Bulgarians|
|Sprint revealed that hackers compromised some customer accounts via Samsung site|
|Anti-Debugging Techniques from a Complex Visual Basic Packer|
|Expert was awarded $10,000 for disclosing XSS flaw to Tesla|
|Turla APT group adds Topinambour Trojan to its arsenal|
|CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 websites|
|Experts detailed new StrongPity cyberespionage campaigns|
|Experts spotted a rare Linux Desktop spyware dubbed EvilGnome|
|Scraping the TOR for rare contents|
|The Problem With the Small Business Cybersecurity Assistance Act|
|Dutch police arrested the author of Dryad and Rubella Macro Builders|
|Israel surveillance firm NSO group can mine data from major social media|
|Poland and Lithuania fear that data collected via FaceApp could be misused|
|Slack resetting passwords for roughly 1% of its users|
|Former NSA contractor sentenced to 9 years for stealing classified data|
The post Security Affairs newsletter Round 223 – News of the week appeared first on Security Affairs.
US Department of Education warned that hackers have breached at least 62 college and university networks by exploiting a vulnerability in the Ellucian Banner Web Tailor module of the Ellucian Banner ERP.
The module is used by colleges and universities to customize their web applications.
The vulnerability, tracked as CVE-2019-8978, was discovered by the security expert Joshua Mulliken, it affects the authentication process used by the two modules of the ERP, including the
“An improper authentication vulnerability (CWE-287) was identified in Banner Web Tailor and Banner Enterprise Identity Services. This vulnerability is produced when SSO Manager is used as the authentication mechanism for Web Tailor, where this could lead to information disclosure and loss of data integrity for the impacted user
The vulnerability could be exploited by a remote attacker to hijack users’ accounts.
“A user’s unique identifier, UDCID, is leaked via a cookie and it could lead to account compromise if this identifier is captured or otherwise known, in the case tested the UDCID was known to be the institutional ID printed on ID cards. The UDCID could be used to exploit a race condition that would provide an attacker with unauthorized access.” continues the advisory. “For a student, the attacker could drop them from their courses, reject financial aid, change their personal information, etc. For a professor, this could lead to an inability to manage their courses, allow a malicious student to put in false final grades, etc. For an administrator, an attacker could change
Affected versions are Banner Enterprise Identity Services 8.3 and later, Ellucian addressed the vulnerability in May.
Unfortunately, threat actors started exploiting the CVE-2019-8978 flaw in the wild.
“The Department has identified 62 colleges or universities that have been affected by exploitation of this vulnerability. We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation.” reads the alert published on the Federal Student Aid.
The educational institutions that were targeted by the attacks exploiting the vulnerability have reported that threat actors are using scripts in the admissions or enrollment section of the affected Banner system to create multiple student accounts.
Officials reported that attackers created at least 600 fake or fraudulent student accounts within a 24-hour period. The malicious activity is continuing over multiple
Officials warn that for those organizations that have not implemented network segregation attackers could access students’ financial aid data.
“Although it was reported that attackers can leverage the vulnerability discussed above to create accounts, Ellucian believes this is not correct,” read a statement published by the company. “The issue described in the alert is not believed to be related to the previously patched Ellucian Banner System vulnerability and is not exclusive to institutions using Ellucian products.”
“Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals,”
The company recommends implementing
The post Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw appeared first on Security Affairs.
The airline company WizzAir
In an email message sent to the customers, the company explained that it has discovered and suffered “some temporary technical irregularity.”
The company did not disclose technical details of the incident, for this reason, some users speculate that the root cause of the problem was a hack. In compliance with EU privacy regulation GDPR, the company must provide a full and detailed account of the incident within 72 hours.
Fortunately, it seems that the company was not hacked.
“It appears that these assumptions are nothing to fret about. BleepingComputer h
The company only provided the following comment:
“We can confirm that we have sent an email today to our customers about the detection of a temporary technical irregularity in our system. At no point was any personal data compromised and resetting the passwords on the WIZZ accounts was a precautionary action. Safety remains a priority for Wizz Air, and that includes the security of our passengers’ data.” – reads the statement sent by WizzAir.
Following the notification message, people with a WizzAir account will receive a new email with instructions about how they can regain access to all features of the Wizz account.
The post WizzAir informed customers it forced a password reset on their accounts appeared first on Security Affairs.
Hackers took over the Scotland Yard’s principal Twitter account and tweeted a dozen bizarre messages on Friday night, some of the tweets referred to the British rapper Digga D.
Digga D, real name Rhys Herbert, was jailed last year aged 17 along with
The messages were expressing anti-police sentiment and calling for the jailed rapper to be released.
“Free Digga D,” states one of the Tweet.
Below the message posted by the Met police Supt, Roy Smith after the breach:
London’s Metropolitan Police confirmed that hackers also targeted emails and news pages.
Scotland Yard pointed out that its IT infrastructure had not been compromised, the incident only affected the press office’s online provider, MyNewsDesk. The MyNewsDesk service automatically spreads content to the Met’s website and Twitter account once it is published. It also sends emails to subscribers.
“Unauthorised messages appeared on the news section of our website,” states Scotland Yard. “We
“We are confident the only security issue relates to access to our MyNewsDesk account. We have begun making changes to our access arrangements to MyNewsDesk,” .
“There has been no ‘hack’ of the Met Police’s own IT infrastructure. We are assessing to establish what criminal offences have been committed.”
US President Donald Trump caught the opportunity to attack the London Mayor Sadiq Khan, he retweeted an image of the hijacked Metropolitan Police account.
UK authorities regained control of its account on Saturday.
The post Twitter account of Scotland Yard hacked and posted bizarre messages appeared first on Security Affairs.
Example Org). Sessions can also be paused and resumed at any time.
ssdeepdependency for fuzzy hashing.
apt-get install libfuzzy-dev ssdeep
brew install ssdeep
ssdeeppackage, please see the ssdeep installation instructions.
ssdeep, install the Python dependencies using
pip3 install -r requirements.txt
gitgot.pyas shown below:
ACCESS_TOKEN = "<NO-PERMISSION-GITHUB-TOKEN-HERE>"
# Query for the string "example.com" using the default RegEx list and logfile location (/logs/<query>.log)
./gitgot.py -q example.com
# Using GitHub advanced search syntax
./gitgot.py -q "org:github cats"
# Custom RegEx List and custom log files location
./gitgot.py -q example.com -f checks/default.list -o example1.log
# Recovery from existing session
./gitgot.py -q example.com -r example.com.state
# Using an existing session (w/blacklists) for a new query
./gitgot.py -q "Example Org" -r example.com.state
echo "tillsongalloway.com" | python git-hound.pyor
--subdomain-file- The file with the subdomains
--output- The output file (default is stdout)
--output-type- The output type (requires output flag to be set; default is flatfile)
--all- Print all URLs, including ones with no pattern match. Otherwise, the scoring system will do the work.
--regex-file- Supply a custom regex file
--api-keys- Enable generic API key searching. This uses common API key patterns and Shannon entropy to find potential exposed API keys.
--language-file- Supply a custom file with languages to search.
--config-file- Custom config file (default is
--pages- Max pages to search (default is 100, the page maximum)
--silent- Don't print results to stdout (most reasonably used with --output).
--no-antikeywords- Don't attempt to filter out known mass scans
--only-filtered- Only search filtered queries (languages, file extensions)
pip install -r requirements.txt(or
config.ymlfile with GitHub credentials. See config.example.yml for an example. Accounts with 2FA are not currently supported.
echo "tillsongalloway.com" | python git-hound.py
Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and
According to the Russian media,
“According to the data received, the majority of non-public projects of Sytech were commissioned by military unit No. 71330, which allegedly is part of the 16th directorate of the FSB of Russia.” states the website CrimeRussia.”This unit is engaged in electronic intelligence, experts form the International Center for Defense and Security in Tallinn believe.”
Some of the research projects accessed by the hackers were
On July 13, a hacker group named 0v1ru$ hacked into SyTech’s Active Directory server then compromised the entire infrastructure of the company, including JIRA instance.
The hackers published images of the company’s servers on Twitter and also shared the data with another hacker crew known as Digital Revolution, that in 2018 breached the FSB
The hackers provided the stolen data to BBC Russia, who verified the presence of other older projects for compromising other network protocols, including Jabber, ED2K, and OpenFT.
“Among the projects of Sytech there is the work on
“Sytech was also supposed to explore the possibilities of developing a complex of penetration and covert use of resources of peer-to-peer and hybrid networks, network protocols Jabber, OpenFT and ED2K, which were used by darknet users and hackers.
The list of projects shared by BBCRussia includes:
Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.
“Website “Siteka” is not available – neither in its previous form, nor in the version with “Yob-face”. When you call the company on the answering machine, the standard message is turned on, in which you are invited to wait for the secretary’s response, but short beeps follow.” concludes BBC Russia.
The post 0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects appeared first on Security Affairs.
The former National Security Agency contractor Harold Thomas Martin III, who was accused and subsequently pled guilty to stealing over 50TB of classified NSA data, was sentenced to nine years in prison.
The man was arrested by the FBI
According to the Politico website, sources informed of the events reported that Kaspersky learned about Martin after he sent strange Twitter messages to two researchers of the firm in 2016, minutes before The Shadow Brokers began leaking the NSA dump online.
“The timing was remarkable — the two messages arrived just 30 minutes before an anonymous group known as Shadow Brokers began dumping classified NSA tools online and announced an auction to sell more of the agency’s stolen code for the price of $1 million Bitcoin. ” reported the Politico website.
“The case unfolded after someone who U.S. prosecutors believe was Martin used an anonymous Twitter account with the name ‘HAL999999999’ to send five cryptic, private messages to two researchers at the Moscow-based security firm,” Politico reports.
A first message sent on Aug. 13, 2016, asked one of the researchers to arrange a conversation with Kaspersky Lab CEO Eugene Kaspersky.
Kaspersky reported the events to the NSA that identified Martin and the FBI arrested him later.
The DoJ’s chief national security prosecutor John Carlin revealed that Martin was employed by Booz Allen Hamilton. Booz Allen Hamilton is the same defense contractor that employed the notorious Edward Snowden at the time the whistleblower when he disclosed the mass surveillance program conducted by the NSA on a global scale.
The theft was the largest heist of classified government material in the history of the US.
Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, he abused his top-secret security clearances to
At the time, federal prosecutors decided to drop the remaining 19 charges against Martin and recommended a 9-year prison sentence and three years of supervised release.
Now the judge sentenced Martin to nine years in prison, including time served, and three years of supervised release.
“Harold Martin apologized to the federal judge who sentenced him for a theft that prosecutors have called “breathtaking” in scope.” reported the AP agency.
“My methods were wrong, illegal and highly questionable,” Martin told U.S. District Judge Richard Bennett.
The post Former NSA contractor sentenced to 9 years for stealing classified data appeared first on Security Affairs.
The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. NSO is based in Herzliya, near Tel Aviv, and employs 600 people worldwide. The private equity firm Novalpina Capital has the majority of the shares in NSO Group.
“[NSO Group] told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch” reported the FT.
According to the AFP, an NSO spokesperson denied the allegation.
“There is a fundamental misunderstanding of NSO, its services and technology,” the spokesman said.
“NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”
The FT report cites documents it had viewed and descriptions of a product demonstration. According to the report, the surveillance capabilities of the company had “evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos”.
NSO pointed out that it does not operate its solutions, including the Pegasus spyware, instead, it only licenses them law enforcement and government agencies “for the sole purpose of preventing or investigating serious crime including terrorism”.
Pegasus is a perfect tool for surveillance, it is able to steal any kind of data from smartphones and use them to spy on the surrounding environment through their camera and microphone.
The NSO Group operated in the dark for several years, until the researchers from the Citizenlab organization and the Lookout firm spotted its software in targeted attacks against UAE human rights defender, Ahmed Mansoor.
The researchers also spotted other attacks against a Mexican journalist who reported to the public a story of the corruption in the Mexican government.
NSO replied that its surveillance solution was “intended to be used exclusively for the investigation and prevention of crime and terrorism.”
The post Israel surveillance firm NSO group can mine data from major social media appeared first on Security Affairs.
Dutch authorities announced have arrested a 20-year old man that is accused to be the author of Dryad and Rubella Macro Builders.
The man lives in Utrecht, it created and distributed Rubella, Cetan and Dryad
“Recently the high tech crime team (THTC) of the Dutch National Police Unit arrested a 20 year old resident of the Dutch city of Utrecht. He is suspected of large-scale production and selling of malware.” reads the announcement. “The young man offered programs with names like Rubella, Cetan and Dryad, enabling the buyer to include secret code or malware in amongst others Word or Excel files.”
Both macro builders allow crooks to easily create malicious Office documents that are usually involved in hacking campaigns as a first-stage loader for other malware.
The Rubella Macro Builder
According to Flashpoint, Rubella is not particularly sophisticated, the builder is used to create Microsoft Word or Excel
The macro might also purposely attempt to bypass endpoint security defenses.
The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection.
The Dutch man was identified by law enforcement with the support of McAfee and another private company.
According to McAfee, Dryad and Rubella are very similar, and a conversation with the suspect revealed that the individual was behind both of them.
“Announced today, the Dutch National High-Tech Crime Unit (NHTCU) arrested an individual suspected of building and selling such a criminal toolkit named the Rubella Macro Builder.” reads a post published by McAfee. “McAfee Advanced Threat Research spotted the Rubella toolkit in the wild some time ago and was able to provide NHTCU with insights that proved crucial in its investigation.”
The man was also promoting a variety of different products and services, ranging from stolen credit card data, a malware to steal funds from crypto wallets and a malicious loader software to a newly pitched product called Tantalus
The Dutch authorities also revealed that the man had in possession access credentials for thousands of websites.
The police also seized around 20,000 Euro (around $22,000) in cryptocurrency such as Bitcoins.
(SecurityAffairs – Macro builder, GDPR)
The post Dutch police arrested the author of Dryad and Rubella Macro Builders appeared first on Security Affairs.
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
A message from iNSYNQ to customers.
Gig Harbor, Wash.-based iNSYNQ specializes in providing cloud-based QuickBooks accounting software and services. In a statement posted to its status page, iNSYNQ said it experienced a ransomware attack on July 16, and took its network offline in a bid to contain the spread of the malware.
“The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible,” the company said. “As soon as iNSYNQ discovered the attack, iNSYNQ took steps to contain it. This included turning off some servers in the iNSYNQ environment.”
iNSYNQ said it has engaged outside cybersecurity assistance and to determine whether any customer data was accessed without authorization, but that so far it has no estimate for when those files might be available again to customers.
Meanwhile, iNSYNQ’s customers — many of them accountants who manage financial data for a number of their own clients — have taken to Twitter to vent their frustration over a lack of updates since that initial message to users.
In response, the company appears to have simply deleted or deactivated its Twitter account (a cached copy from June 2019 is available here). Several customers venting about the outage on Twitter also accused the company of unpublishing negative comments about the incident from its Facebook page.
Some of those customers also said iNSYNQ initially blamed the outage on an alleged problem with U.S.-based nationwide cable ISP giant Comcast. Meanwhile, competing cloud hosting providers have been piling on to the tweetstorms about the iNSYNQ outage by marketing their own services, claiming they would never subject their customers to a three-day outage.
iNSYNQ has not yet responded to requests for comment.
Update, 4:35 p.m. ET: I just heard from iNSYNQ’s CEO Elliot Luchansky, who shared the following:
While we have continually updated our website and have emailed customers once if not twice daily during this malware attack, I acknowledge we’ve had to keep the detail fairly minimal.
Unfortunately, and as I’m sure you’re familiar with, the lack of detailed information we’ve shared has been purposeful and in an effort to protect our customers and their data- we’re in a behind the scenes trench warfare doing everything we possibly can to secure and restore our system and customer data and backups. I understand why our customers are frustrated, and we want more than anything to share every piece of information that we have.
Our customers and their businesses are our number one priority right now. Our team is working around the clock to secure and restore access to all impacted data, and we believe we have an end in sight in the near future.
You know as well as we that no one is 100% impervious to this – businesses large and small, governments and individuals are susceptible. iNSYNQ and our customers were the victims of a malware attack that’s a totally new variant that hadn’t been detected before, confirmed by the experienced and knowledgeable cybersecurity team we’ve employed.
Original story: There is no question that a ransomware infestation at any business — let alone a cloud data provider — can quickly turn into an all-hands-on-deck, hair-on-fire emergency that diverts all attention to fixing the problem as soon as possible.
But that is no excuse for leaving customers in the dark, and for not providing frequent and transparent updates about what the victim organization is doing to remediate the matter. Particularly when the cloud provider in question posts constantly to its blog about how companies can minimize their risk from such incidents by trusting it with their data.
Ransomware victims perhaps in the toughest spot include those providing cloud data hosting and software-as-service offerings, as these businesses are completely unable to serve their customers while a ransomware infestation is active.
The FBI and multiple security firms have advised victims not to pay any ransom demands, as doing so just encourages the attackers and in any case may not result in actually regaining access to encrypted files.
In practice, however, many cybersecurity consulting firms are quietly urging their customers that paying up is the fastest route back to business-as-usual. It’s not hard to see why: Having customer data ransomed or stolen can send many customers scrambling to find new providers. As a result, the temptation to simply pay up may become stronger with each passing day.
That’s exactly what happened in February, when cloud payroll data provider Apex Human Capital Management was knocked offline for three days following a ransomware infestation.
On Christmas Eve 2018, cloud hosting provider Dataresolution.net took its systems offline in response to a ransomware outbreak on its internal networks. The company was adamant that it would not pay the ransom demand, but it ended up taking several weeks for customers to fully regain access to their data.
KrebsOnSecurity will endeavor to update this story as more details become available. Any iNSYNQ affected by the outage is welcome to contact this author via Twitter (my direct messages are open to all) or at krebsonsecurity @ gmail.com.
Millions of people recently downloaded the FaceApp app and are taking part in the “#FaceApp Challenge” to show friends how they can look like when they will be old and
The app leverages neural networks to simulate people aging, it adds wrinkles, it turns teeth yellow and colors the hair with gray.
Poland’s digital affairs ministry is investigating into the app and it is evaluating the security risks posed by FaceApp to the personal data of its users.
“For several days in Poland and the world over, social media have been flooded by a wave of modified photos of ‘ageing’ users,” states Poland’s digital affairs ministry.
“Various experts point to possible risks related to inadequate protection of users’ privacy,”
Another EU country Lithuania is also investigating the potential risks posed by the use of the app on a
According to deputy defense minister Edvinas Kerza the FaceApp authors had cooperated with other Russian internet companies which may not comply with European privacy and security regulations.
In the US, Senate Minority Leader Chuck Schumer called the FBI and the Federal Trade Commission to “look into the national security & privacy risks” associated with the use of FaceApp.
He pointed out that most of the photos collected by the users are deleted from its servers within 48 hours and that is not used for other purposes.
The post Poland and Lithuania fear that data collected via FaceApp could be misused appeared first on Security Affairs.
sudo apt install python3 python3-pip
sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git
git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-py
sudo -H pip3 install -r requirements.txt
python3 setup.py build
sudo python3 setup.py install
sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git --upgrade
userrecon-py --help. Then you can perform the following tests:
Watch this demo video
userrecon-py --target decoxviii -o test_one
Slack announced it is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015.
“In response to new information about our 2015 security incident (explained here at the time), we are resetting passwords for approximately 1% of Slack accounts.” reads the announcement published by the company.
“This announcement affects you only if you
The hackers also injected malicious code in the systems of the company to steal
Immediately after the discovery of the data breach, Slack reset the passwords for a limited number of users impacted by the incident. The company also recommended remaining users to change the password and enable 2FA.
Recently Slack discovered through its bug bounty program that credentials of other users might have been compromised. According to the company, attackers could have obtained them via malware or a third-party hack.
“We were recently contacted through our bug bounty program with information about potentially compromised Slack credentials. These types of reports are fairly routine and usually the result of malware or password re-use between services, which we believed to be the case here.” continues the announcement. “We immediately confirmed that a portion of the email addresses and password combinations were valid, reset those passwords, and explained our actions to the affected users.”
Slack has reset the passwords of these users and sent them notifications.
“We were recently notified that your sign-in credentials (email address and password) for your xxxxx account on xxxxxx.slack.com were discovered as being in the possession of an unauthorized individual.” reads the notification. “This may be the result of malware installed on a
Slack is still investigating the latest incident and will share more information after it will be completed.
The post Slack resetting passwords for roughly 1% of its users appeared first on Security Affairs.
Perhaps the best approach to rampant malware, ransomware and cybercrime is stronger cooperation between the public and private sectors.
The American Congress took a stab at that kind of ecumenical solution to the looming $6 trillion problem of cybersecurity in the form of the Small Business Cybersecurity Assistance Act (SBCAA). It’s as bipartisan a bill as the U.S. can hope for at present and an encouraging sign that the problem is on the government’s radar.
Regrettably, the Small Business Cybersecurity Assistance Act has already gathered
The two main co-sponsors of the Act — Senators Gary Peters and Marco Rubio — frame the SBCAA’s mission as primarily an educational effort to bring small business owners up to speed on cybercrime-related issues such as:
The small business community must understand that they represent a larger — not a smaller — portion of the threat surface where cybercrime is concerned. Small business owners are less likely to have taken adequate measures to protect their digital systems and are consequently at an even higher risk of sustaining a data breach or a ransomware attack than a major corporation.
Under the Small Business Cybersecurity Assistance Act, business owners could visit U.S. Small Business Development Center (SBDC) locations to secure educational materials, enroll in programs, and work with representatives from the Department of Homeland Security to better understand and confront cyber threats and risks. Clearly, the intentions and the desired outcome are heading in the right direction.
The question is: What on earth is a Small Business Development Center?
Like many public services in the United States, Small Business Development Centers are wonderful in theory but consistently go underfunded — despite their value — and remain mostly unknown to the communities most in need of their assistance. Among other things, SBDCs provide services like business counseling and information on local, state and federal government compliance and assistance programs.
But because this service goes underfunded and unheralded, the U.S. has only 63 such centers — barely one for every U.S. state and territory. In contrast, the U.S. had almost 140,000 Starbucks locations in 2018, despite the company employing under 200,000 people that year.
The SBDC’s 63 locations, meanwhile, are meant to support the entire American small business community. In 2016, companies with fewer than 100 employees made up 33.4% of the U.S. workforce, and companies with 500 or fewer made up nearly half.
Many of the criticisms leveled against the SBCAA have latched onto this lack of infrastructure and public awareness. Earmarking additional funding could possibly help raise the SBDC’s public profile and make more people aware of their existence. But this isn’t certain, and it doesn’t look like the SBCAA has addressed the existing funding shortfall.
The Act reportedly permits Small Business Development Centers to use their current funding to make cybersecurity resources available after they’re prepared by other government agencies. But the key phrase is “current funding.” SBDCs, like the one at Wharton School, already face shuttering their doors because of a lack of funding. Adding to the demands placed on their staff without a commensurate rise in funding could be fruitless.
The other problem, apart from a lack of funding and awareness, is that significant numbers of small business owners do business in the cloud. As a result, they outsource most of their IT and digital systems architecture work, including data hosting services, to third parties.
It could be fairly useful to educate small business owners on the security best practices these third parties should follow in their operations — either by law or according to common sense. What’s not useful is doing all of this without backing it up with appropriately harsh fines for the larger companies which mishandle or misplace client data, either by mistake or because they have nefarious intent.
The European Union is off to a slow start levying fines for abusing data privacy and security, but the now-year-old General Data Protection Regulation gives the government the power to do so. Until the U.S. implements a similar measure, U.S. states are left on their own to fine companies which don’t take cybersecurity or client privacy seriously. Any measure undertaken to educate the small business community about cybersecurity won’t do much good if the U.S. government doesn’t stand ready to have their backs.
Another potentially fruitful avenue to explore is providing grants or subsidies to help small business owners purchase cyber liability insurance. Not all small business owners know such products exist, but these services can go a long way toward keeping small businesses in operation after they fall victim to a cybercrime.
Some seem content to let cybersecurity remain a competitive advantage or a luxury commodity. Others believe the buy-in should be the same for both small entrepreneurships and major corporations when it comes to keeping digital properties safe. Everybody has a right to stay safe online — it shouldn’t be something that only moneyed interests get to enjoy.
The SBCAA is a well-intentioned measure styled after the American tradition of empowering people to pull themselves up by their own bootstraps and know-how.
But without a more robust support system in place, it risks confirming what many people already believe — that the government throws money at problems instead of solving them. It’s best to think of the SBCAA as a first step toward something better.
A better, second draft would back up its proposals for DHS-SBDC collaboration with additional funding as well as adequate punitive measures for data handlers that get cybersecurity wrong.
(Security Affairs – Small Business Cybersecurity Assistance Act)
The post The Problem With the Small Business Cybersecurity Assistance Act appeared first on Security Affairs.
pip install proxylist
pip install mechanize
python3 Brute_Force.py -g Account@gmail.com -l File_list
python3 Brute_Force.py -g Account@gmail.com -p Password_Single
python3 Brute_Force.py -t Account@hotmail.com -l File_list
python3 Brute_Force.py -t Account@hotmail.com -p Password_Single
python3 Brute_Force.py -T Account_Twitter -l File_list
python3 Brute_Force.py -T Account_Twitter -l File_list -X proxy-list.txt
python3 Brute_Force.py -f Account_facebook -l File_list
python3 Brute_Force.py -f Account_facebook -l File_list -X proxy-list.txt
يفضل تشغيل VPN
python3 Brute_Force.py -n Account_Netflix -l File_list
python3 Brute_Force.py -n Account_Netflix -l File_list -X proxy-list.txt