At a glance.
- City officials slow to release details after Dallas ransomware attack.
- More on the CalPERS and CalSTRS breaches.
- PSNI officers fear for their safety after massive breach.
- Zero-day affects VPN.
City officials slow to release details after Dallas ransomware attack.
The city government of Dallas, located in the US state of Texas, has disclosed it suffered a ransomware attack in April that exposed the personal data of at least 30,000 individuals. So far few details have been shared about the incident, but officials say they’ll be issuing a report to City Council members this week. The Dallas Morning News reports that over 800,000 files were compromised, but as Governing discusses, it’s unclear exactly how much data were exfiltrated, how the attack occurred, or which departments were impacted. Chief Information Officer Bill Zielinski stated, “I want to wait until (the report) is finalized to share that information.” Questions have been raised about why employees only learned in mid-July that their data were compromised, and it’s unclear why Dallas’s systems were vulnerable when other major Texas cities have avoided attack in recent years.
When asked about the lack of communication, City Manager T.C. Broadnax stated, “Could we do better? I think, from a communication standpoint, at least, what people believe we should be communicating? I would say, yeah, we can always do better. But I think how we’ve approached it, particularly being measured in trying to understand and know all of what it is we were going to be sharing, and the magnitude of it before we shared it to make sure that the information was accurate and helpful, I think we’ve done a great job.” As for the city’s cybersecurity defenses, Broadnax says the data-related information and technology services budget has increased $77 million in 2018 to $110 million this year, and he has proposed an increase to $132 million in the upcoming budget. According to Zielinski, the city’s network has been nearly completely restored to pre-attack status, and the internal investigation will continue even after the initial report is given to the City Council.
More on the CalPERS and CalSTRS breaches.
As we previously discussed, the California Public Employees' Retirement System (CalPERS) , and the California State Teachers' Retirement System (CalSTRS) were recently impacted by a data breach linked to the mass-hack of the widely-used MOVEit file transfer system. Trend Micro explains that the breach was the result of an exploited critical vulnerability in the systems at PBI Research Services/Berwyn Group, a third-party vendor employed by CalPERS and CalSTRS to administer payments to members. The investigation has revealed that 1.2 million CalPERS and CalSTRS members were compromised, and the exposed data include first and last names, Social Security numbers, dates of birth, zip codes, and other info about information about former or current employers, spouses, domestic partners, and dependents. Victims are advised to take steps to protect their data, including monitoring their financial accounts for suspicious activity, resetting passwords, and setting up fraud alerts.
PSNI officers fear for their safety after massive breach.
As we discussed previously, the Police Service of Northern Ireland (PSNI) suffered a data breach last month that inadvertently exposed the private info of all 10,000 of the force's serving officers and staff. The Belfast Telegraph reports that the Northern Ireland Affairs committee is currently hearing evidence on the security impact of the incident. By revealing the identities of the officers, many of whom keep their profession a secret from the public for security reasons, the breach has exposed the victims to potential violence from dissidents and terrorists. Fearing for their safety, some PSNI officers are considering bringing weapons to Mass to protect themselves, Superintendent Gerry Murray, the chairperson of the Catholic Police Guild of Northern Ireland, told the committee. "We have had officers, resigning, going from the organisation.
Our members are frightened, scared, have no idea what tomorrow will bring for them," he stated. He added that the breach could make it difficult for PSNI to recruit Catholic employees. Former Chief Constable Simon Byrne, who resigned on Monday as a result of the breach, will also not be appearing at the hearing. Tracy Godfrey, PSNI Departmental Secretary and seconded officer with the Nipsa union, said the incident has “heightened the whole aspect of security,” and Police Federation chair Liam Kelly said the breach has highlighted challenges faced by the police force. “Budget is a massive pressure, erosion of pay and conditions, the fact we have no government, reduced resource: doing more with less, morale has been plummeting and plummeting rapidly,” Kelly stated. Witnesses at the hearing also said the staff are requesting security measures that could cost “tens of millions of pounds,” and PSNI could face litigation from victims who feel the breach was the result of negligence.
Zero-day affects VPN.
BleepingComputer reports that the Linux client of Atlas VPN 1.0.3, is susceptible to a zero-day vulnerability that exposes the user's "approximate physical location and actual IP address." Keeping such information private is one of the principal reasons for using a virtual private network in the first place. Atlas VPN acknowledged the vulnerability and said that a patch would be forthcoming. "We're aware of the security vulnerability that affects our Linux client. We take security and user privacy very seriously. Therefore, we're actively working on fixing it as soon as possible. Once resolved, our users will receive a prompt to update their Linux app to the latest version," the company told BleepingComputer. "The vulnerability affects Atlas VPN Linux client version 1.0.3. As the researcher stated, due to the vulnerability, the application and, hence, encrypted traffic between a user and the VPN gateway can be disconnected by a malicious actor. This could lead to the user's IP address disclosure. We greatly appreciate the cybersecurity researchers' vital role in identifying and addressing security flaws in systems, which helps safeguard against potential cyberattacks, and we thank them for bringing this vulnerability to our attention. We will implement more security checks in the development process to avoid such vulnerabilities in the future. Should anyone come across any other potential threats related to our service, please contact us via security@Atlas VPN.com."
Jason Kent, Hacker in Residence at Cequence Security, wrote to offer an appreciation of how such a vulnerability could have developed. "Security programs, no matter the focus or country, often include the same things. Inventory, you can’t secure what you can’t see. Removing Defaults, often default Administrative Accounts and or default open ports on newly established systems. Constant vigilance on every aspect of security is important but if you miss the basics, the swarms are coming," he said. "The unusual behavior here, and probably something that was put in place temporarily in a debugging step, is the API endpoint that controlled the client software. Opening a port on the local host is a path to managing the host, it’s a first step in attacking a host and often is the most desirable impact of the entire attack chain. This client behavior is inexcusable from a trusted partner like a VPN provider, and creates an increased attack surface for every device they touch. If you run this product, don’t just upgrade. Uninstall and find a more trustworthy solution."