SR3CyberSecurity Blog

Comcast xFi customers get push notifications for WiFi activity

Engadget is reporting that Comcast is introducing a new feature for its Xfinity xFi customers. Users will receive a push notification anytime there is a change in their network. If someone is using your WiFi when they are not supposed to this will alert you to that use, and if your username or password is changed you will also get an alert.

https://www.engadget.com/2018/03/02/xfinity-xfi-push-notifications/

Apple to Store Encryption Keys in China

Bruce Schneier is reporting: “Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can’t blame it for putting its business model ahead of its desires for customer privacy.”

https://www.schneier.com/blog/archives/2018/02/apple_to_store_.html

Russians Hacked the Olympics

Bruce Schneier reports: “Two weeks ago, I blogged about the myriad of hacking threats against the Olympics. Last week, the Washington Post reported that Russia hacked the Olympics network and tried to cast the blame on North Korea.”
“Of course, the evidence is classified, so there’s no way to verify this claim. And while the article speculates that the hacks were a retaliation for Russia being banned due to doping, that doesn’t ring true to me. If they tried to blame North Korea, it’s more likely that they’re trying to disrupt something between North Korea, South Korea, and the US. But I don’t know.”
https://www.schneier.com/blog/archives/2018/03/russians_hacked.html

Financial Cyber Threat Sharing Group Phished

Brian Krebs reports: “The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.”

“The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient.”

https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-phished/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29&utm_content=FeedBurner

Powerful New DDoS Method Adds Extortion

Brian Krebs reports: “Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks.”

https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-extortion/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29&utm_content=FeedBurner