As you navigate the storms of potential doom at every hour of the day, can you trust anyone at all? Life used to be so much simpler before tech came along and tempted the nefarious into instant and constant acts of subterfuge. Now, we don’t know whom — or what — to trust. When we […] More

Image: Martin Abegglen (Flickr/CC2.0)The US Department of Homeland Security has published a “business advisory” today warning US companies against using hardware equipment and digital services created or linked to Chinese companies.

The DHS said that Chinese products could contain backdoors, bugdoors, or hidden data collection mechanisms that could be used by Chinese authorities to collect data from western companies and forward the information to local competitors to further China’s economic goals to the detriment of other countries.
All equipment and services remotely linked to Chinese companies should be considered a cyber-security and business risk, the agency said.
The DHS argues that Chinese national security laws allow the government to coerce any local company and citizen to alter products and engage in espionage or intellectual property theft.
The DHS described this practice as “PRC [People’s Republic of China] government-sponsored data theft.”
“For too long, US networks and data have been exposed to cyber threats based in China which are using that data to give Chinese firms an unfair competitive advantage in the global marketplace,” said Acting Secretary of Homeland Security Chad F. Wolf.
“Practices that give the PRC government unauthorized access to sensitive data – both personal and proprietary – puts the US economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”

In a separate speech on Monday, Wolf also described China as “a clear and present danger” to US democracy.
The DHS published its advisory less than a month before a change in administration, with President Biden expected to name his own DHS chief next month.
Under the Trump administration, US officials have focused on cracking down on Chinese theft from US companies.
In a July 2020 interview with Fox News, FBI Director Christopher Wray said that half of the FBI’s almost 5,000 counter-intelligence cases were related to Chinese theft of US technology.
Through its new advisory, the DHS warns US businesses that Chinese theft can sometimes occur not only through business partnerships and insider threats but also through backdoored equipment and digital services.
“Any person or entity that chooses to procure data services and equipment from PRC-linked firms, or store data on software or equipment developed by such firms, should be aware of the economic, reputational, and, in certain instances, legal, risks associated with doing business with these firms,” the DHS said in a press release today. More

Elon Musk has said that Russian attempts to jam or otherwise hack the Starlink satellite communications network have been thwarted so far, but these efforts continue – and are ramping up. The Starlink and Tesla chief was responding to a news story about how the European Union and the US with its Five Eyes partners were blaming the Russian military for a cyberattack on Viasat’s KA-SAT network earlier this year. 

Networking

The attack occurred on February 24, one hour before Russian military invaded Ukraine. It caused communication outages across public authorities, businesses and users in Ukraine, and also affected users in several EU member states, the EU said in its statement.SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the webViasat last month confirmed modem-wiping malware knocked out very small-aperture terminals (VSAT) on Viasat’s fixed broadband service in Ukraine and parts of Europe connected to its KA-SAT satellite network. Posting a link to a story about the Viasat attack, Musk noted on Twitter: “Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they’re ramping up their efforts.”After Russia’s invasion of Ukraine damaged the country’s internet infrastructure, Ukraine’s vice prime minister and minister of digital transformation Mykhailo Fedorov requested help from Musk, who responded by sending Starlink terminals to the country, and has faced attempts to jam or hack the network since.Earlier this month, Fedorov said there were around 150,000 active users of Starlink per day in the country. “This is crucial support for Ukraine’s infrastructure and restoring the destroyed territories,” he said.Satellite communication has become a key tool, but also a key target for hacking attacks. The National Security Agency (NSA) has updated its advice for satellite operators and their customers to protect networks from cyberattacks for espionage and disruption.”The recent U.S. and European Union public statements noted the Russian military launched cyberattacks against commercial satellite communications to disrupt Ukrainian command and control in February 2022,” the NSA said on Tuesday. “This cyber activity against Ukraine further underscores the risk to VSAT communications for both espionage and disruption.”A month before Viasat’s multi-day outage in Europe, the NSA released recommendations, aimed at US government agencies, to protect VSAT communications because they often aren’t encrypted in transit. The NSA warned that VSAT’s virtual network separation “cannot be trusted to provide access control, separation, or confidentiality of sensitive information” and recommended the use of VPNs for confidential VSAT communications.The updated advisory from the NSA remains largely the same but includes a new passage acknowledging EU and US attribution to Russian military attacks on VSATs. “According to a recent U.S. and European Union statements, the Russian military launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.”  The activity disabled VSATs in Ukraine and across Europe, including tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide internet services to private citizens, it adds.  It is extremely rare for the EU to attribute a cyberattack to a third nation. However, it has applied EU-wide sanctions to individuals in North Korea, Russia and China for their roles in past cyberattacks on European countries, albeit several years after attacks like WannaCry and NotPetya took place.SEE: These are the problems that cause headaches for bug bounty huntersAs foreign policy think tank German Institute for International and Security Affairs (SWP) highlighted in a study of recent cyberattacks, that attribution at the EU level is difficult, partly because only some EU member nations – such as Sweden, the Netherlands, Estonia, Austria, France and Ger­many – have the technical capability or political will to do so. Also, under the guidelines of the EU’s 2017 cyber diplomacy toolbox, the EU has refrained from attributing cyberattacks to third states because it is a sovereign political decision for each member state. SWP looked at several recent cyberattacks, including WannaCry and NotPetya from 2017, Operation Cloud Hopper in 2016, the 2015 Bundestag hack, and the 2018 attack on the Organization for the Prohibition of Chemical Weapons. “While the Five Eyes intelligence alliance (con­sisting of the US, the UK, Canada, Australia and New Zealand) coordinates its attribution and public naming and shaming in a manner which has a high media impact, the coordination processes in the EU 27 are naturally slower: months, if not years, pass between a cyber incident and the implementation of sanctions,” SWP argued.The EU said the Russian military attack on Viasat’s network was “contrary to the expectations set by all UN Member States, including the Russian Federation, of responsible State behaviour and the intentions of States in cyberspace.” More

Microsoft has released an out of band non-security update to fix a bug in some business printers and scanners that use a smart card for authentication. The update, KB5005394, addresses an issue in Windows 10 version 1809 — Windows 10 Enterprise 2019 LTSC — that caused printers, scanners and multifunctional devices (MFDs) to not function. The update bumps up the OS build number to 17763.2091. 

The issue stems from a July 13 update to harden the Windows 10 against the security vulnerability tagged as CVE-2021-33764. Printers and MFDs that were affected were not compliant with the authentication specification RFC 4556. Microsoft advised admins to verify that the latest firmware and drivers for these devices were installed and promised a mitigation, which it’s been delivering to different versions of Windows 10 over the past week.This was a separate issue to the so-called PrintNightmare bugs that Microsoft patched ahead of the July 2021 Patch Tuesday security update, and the Windows Print Spooler bug it fixed this month.  Microsoft released fixes for the same smart card authentication issue for newer versions of Windows 10 last week. “After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication,” it noted in advisories for Windows 10 20H1 and Windows 10 2004. 

In a separate support note, Microsoft explains printers and MFDs were affected if they don’t support Diffie-Hellman for key-exchange or or advertise support for des-ede3-cbc (“triple DES”) during PKINIT Kerberos authentication. The issue affected all versions of Windows, including: Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Windows 10 More

Connecting to a Wi-Fi hotspot with a specific name can cause your iPhone’s Wi-Fi functionality to break, and even a reboot won’t fix it.The bug, spotted by reverse engineer Carl Schou and first reported by Bleeping Computers relies on attempting to connect to a hotspot with a specific name. Schou first noticed the issue when trying to connect to his hotspot named with the SSID %p%s%s%s%s%n.

After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3— Carl Schou (@vm_call) June 18, 2021

I’ve tested this with an iPhone running iOS 14.6, and it does indeed disable Wi-Fi, and a reboot doesn’t fix it.Must read: Apple will finally give iPhone and iPad users an important choice to make
So, how do you fix it if, like me, you’re relying on your iPhone?The fix is to go to Settings > General > Reset > Reset Network Settings.After doing this you will have to reconfigure your network settings.

OK, but how do you prevent this from happening in the first place? After all, little stops pranksters — or possibly a hacker using this as a vulnerability to do something more malicious — from setting up Wi-Fi hotspots with this name and no password.Got to Settings > Wi-Fi and make sure that Auto-Join Hotspots in set to Ask to Join or Never. Better safe than sorry!I can also confirm that this does not seem to be an issue for Android users. I tried a number of handsets and they all connected fine. More