Garmin Experiences Ransomware Attack Causing Global Outage

Garmin Experiences Ransomware Attack Causing Global Outage

Do you make use of a Garmin wearable device? If so, then you’ve probably noticed that your device isn’t working the way you expect it to. That’s because the company is experiencing what there are now describing as a global outage. The notification on the company’s website reads, in part as follows: “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.” The same message was displayed on the company’s Facebook page, and was sent out on the company’s Twitter account. This outage and the fallout from it, is ongoing, and specifics and details have proved to be somewhat difficult to come by. At present, there are unconfirmed reports that the outage stems from a successful WasterLocker ransomware attack executed against the company’s network that impacted an unknown number of systems and servers. However, the information leaking out from company employees is somewhat contradictory. Assuming that the general buzz regarding a successful WasterLocker attack is correct, then odds are good that the damage to company resources was extensive. WasterLocker is well known for launching sophisticated attacks and demanding ransoms that frequently run into the millions of dollars. Unfortunately, this isn’t the first time in recent months that Garmin has found itself in the crosshairs. Late last year, Garmin Southern Africa publicly disclosed that they were the victim of a Magecart attack that saw customer payment and other sensitive information stolen from...
Firefox Browser Error Is Giving Android Users Problems

Firefox Browser Error Is Giving Android Users Problems

Do you own an Android device? Is Firefox your browser of choice? If you answered yes to both of those questions, be advised that there’s a serious flaw in the Firefox app for Android that may prompt you to uninstall it until the company issues a patch to correct it sometime in October. Here’s a quick overview of the problem: If an Android user streams video from a website loaded in Firefox, rather than a native app, the smartphone’s camera will remain active even after the user has moved the browser into the background, and even if the phone’s screen is locked. Many smartphone users balk at the notion of streaming video from a third-party app for privacy reasons, because these apps often insist on intrusive permissions that essentially give them complete access to the smartphone’s data. The mobile browser then, is seen as a generally safer, superior choice. It’s not nearly as intrusive and it keeps data collection to an absolute minimum. Or at least that’s the way it’s supposed to work. Sadly, in this instance, the Firefox app causes more problems than it solves. “As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked.” “This bug [fix] aims to address this by defaulting to audio-only when the screen is locked. [The fix] is scheduled for release at the platform-level this October, and for consumers shortly after.” “Meanwhile, our next-generation browser for Android,...
SpaceX Starlink Satellite Getting Closer To Providing Service

SpaceX Starlink Satellite Getting Closer To Providing Service

How would you like to get your internet signal from outer space? You can! Elon Musk’s SpaceX company has moved another step closer to offering internet connectivity via its Starlink service. However, at the moment, there’s an important catch and caveat. Starlink has recently emailed fans to get their home addresses in anticipation of the company’s third beta test. Elon Musk has commented that setting up a Starlink terminal is easy, but, given that this is a beta test, he also warned that the testers themselves are liable for anything that goes wrong. They are held liable for any damaged caused by setting up the terminals and using the experimental service. Starlink Terminals have been described as looking a bit like a UFO on a stick. They don’t require the presence of a professional installer. All the user has to do is plug the device in and give it a clear view of the sky. Assuming that’s true, the terminal will scan the sky for the satellite offering the best signal and connect automatically, giving the user internet access. If you’re interested in participating in the open beta, be aware that initially, although the service quality will be high, the connectivity itself will be spotty in the early stages. As such, it may support streaming video with buffering but would not be suitable for things like online gaming. Also be aware that Starlink will require you to sign a non-disclosure agreement so you will not be able to share details of your Starlink experience online. Finally, per the company’s instructions to its beta testers: “You are responsible for installing...
G-Suite Users Get New Security Features

G-Suite Users Get New Security Features

Are you a G-Suite user? If so, we have great news! Recently, Google rolled out a number of exciting new features to enhance both the usability of the G-Suite and its security. In the words of Javier Soltero, the VP and GM of the G-Suite: “Instead of learning another tool, we need the tools we already use to be even more helpful and work together.” Here’s a quick preview: The biggest and most easily noticed change is to the “Rooms” feature inside Chat, which is Google’s messaging platform. Rooms create a shared space that groups of users can collaborate in. Now, on the heels of the latest update, anyone in a Room can also access shared files and task items without leaving the room. In addition to that, users can no co-edit and co-open documents from inside the room. The company also introduced tighter integration that reduces the need to switch between tools. For example, you can now join a video call from inside chat, or create a new task from a chat message. On top of that, using Gmail’s search function will now display results from any Chats you’re currently a part of. Even better, the company has longer term plans to begin adding third-party integrations to Gmail, Chat (and Rooms), including hooks for Trello, Salesforce, and DocuSign. In terms of new security features, the plan is to begin by rolling those changes out for consumer and Education customers. When the changes are made, Hosts will be able to use knocking controls in order to keep ousted attendees from attempting to re-enter a chat or a room via...
Covid-19 Researchers Come Under Attack By Hackers

Covid-19 Researchers Come Under Attack By Hackers

A number of prominent hacking groups made a gentleman’s agreement with research labs that are attempting to develop a vaccine for the deadly COVID-19 virus currently ravaging the planet. The agreement was promising that no attacks against research facilities would be made. Unfortunately, not everyone is playing by those rules. Recently, intelligence agencies in the US and Europe as well as security researchers around the world have spotted evidence. They found that Russian hackers believed to have ties to the Russian government, have begun attacking R&D centers that are actively working on a cure for the virus. The attacks have been attributed to APT29, which is also referred to variously as The Dukes, Yttrium, or Cozy Bear. This group’s normal targets are government installations, think tanks, energy companies, diplomatic corporations around the world, and healthcare organizations. The National Cyber Security Centre (NCSC), out of the UK, recently published a security advisory that reads, in part, as follows: “Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.” The advisory goes on to detail that APT29 is initiating these attacks with spear phishing. APT29 is also exploiting several known security vulnerabilities, including those found in: Citrix (CVE-2019-19781) Pulse Secure (CVE-2019-11510) Fortigate (CVE-2019-13379) Zimbra Collaboration Suite (CVE-2019-9670) The frustrating thing about this is that patches for all of the security flaws listed above already exist. It’s just that too often, the IT professionals working in R&D organizations have been slow...