FlashRouters Privacy News Center
Stay informed with timely updates and insights about network security and privacy.
June 28, 2021
Dell BIOS Updater Contains Flaw That Affects 30 Million Devices
Dell’s firmware updating software, BIOSConnect, has been discovered to have a major security flaw, affecting 30 million devices that it came preinstalled on. The program is part of their SupportAssist program, made to allow for simpler updating and troubleshooting.
If exploited, the flaw could be used to subvert the normal boot process and circumvent system security controls, allowing a hacker to run malicious code and give them control of the device. In response, Dell has suggested users not use the BIOSConnect program to update their BIOS. Unfortunately, this leaves complex updates in the hands of normal users–and one misstep could lead to a bricked device.
June 17, 2021
Ukraine Takes Down Ransomware Gang
The Ukrainian Cyber Police Department arrested 6 members of the Clop ransomware gang. The crew began targeting Korean companies in February 2019, encrypting over 800 computers. Attacks spread to the United States, including an attack in April 2020 against the US ExecuPharm company.
The Clop crew runs a “double-extortion” scheme whereby they not only encrypt computers and information, but also threaten to leak sensitive data to the public. Those arrested in the operation could face up to eight years in prison over a slew of charges. While this surely is a start, tons of malicious actors are still out there, waiting for the perfect moment to strike.
June 10, 2021
Millions of Amazon Devices Automatically Enrolled in Network Sharing Program
Your Amazon devices may already be leeching internet access to passersby. On June 8th, many Alexa-enabled Amazon devices were automatically opted-in to the connection-sharing Sidewalk Program. Privacy concerns abound as most people aren’t keen on letting random people onto their networks, regardless of how secure Amazon might claim it is.
Furthermore, the speed of the mesh network that will be created is only 80Kbps, barely faster than a 56K modem. One bringing an Echo outside likely won’t be able to stream music. And this begs the question, who is Amazon really trying to help with this technology?
June 8, 2021
ISPs May Be Forced to Ban Any Users Accused of Copyright Infringement
Once again, the music industry is rattling ISP cages in court. Cox Communications has been ordered to pay a $1 billion fine to music labels. ISPs could become “copyright enforcers” in order to avoid liability. Users might have their accounts terminated simply for receiving an alleged copyright infringement complaint, regardless of guilt.
People often wrongly receive complaints. It is estimated that 30 percent of alleged offenders were not actually responsible, such as smaller artists getting notices about their own work, or someone leaving their network unprotected. With many rural areas only having a single provider and with Internet becoming a utility for work, school, and research, this raises many concerns about basic internet access.
June 3, 2021
US Subway and Ferry Operators Victim to Cyberattacks
Cyberattacks on United States infrastructure continue as this week transportation systems in New York and Massachusetts disclosed intrusions. The MTA, who operates the NYC transportation system, and the operator of the Martha’s Vineyard ferry both reported that they were victims of ransomware in recent months.
Following the attack last week on meat supplier JBS SA and the Colonial Pipeline shutdown earlier in the year, these newly revealed attacks raise concerns of the safety of everyday life. What would happen if a hospital were forced to shut down mid-operation? With such wide-ranging industries being attacked and held hostage digitally, it seems like only a matter of time before this might happen.
May 28, 2021
Have I Been Pwned Goes Open Source, Teams Up With FBI
Have I Been Pwned (HIBP), the website that catalogs password breaches, has made its codebase open source. The website creator, Troy Hunt, hopes this will encourage better adoption of their service, by making it easier to implement.
Additionally, they are getting access to a stream of breached passwords from the FBI, who contacted HIBP about compromised passwords they routinely discover during investigations. The FBI is “excited to be partnering with HIBP on this important project to protect victims of online credential theft.” The website gets almost a billion requests per month from users wondering if their credentials have been leaked.
May 25, 2021
DHS Will Require Pipeline Operators to Report Cyberattacks
In an effort to bolster transparency and accountability, the U.S. government will be telling oil pipeline operators to report network breaches. This comes after the Colonial Pipeline was shut down without discussion with the government. Former head of the NSA and U.S. Cyber Command Mike Rogers said, “The answer cannot be, we’re going to shut everything down” following a successful attack.
The new regulations will be backed by the penalty and enforcement authority of the TSA, a division of the DHS. Previous security guidelines were on a voluntary basis, with no teeth to them. It is hoped that these regulations will avert future gas shortages and panic.
May 17, 2021
Colonial Pipeline Hack Group Darkside Announces It Will Cease Operations
UPDATE–DarkSide, the hacking group responsible for causing the shutdown of the Colonial Pipeline, may have bitten off more than it could chew in its ransomware-as-service scheme. Though they were paid $5 million by the operators of the pipeline, that money disappeared from the DarkSide account. Additionally, they lost access to their payment server and blog page.
Likely due to the massive attention they received from the US Government following the cyber attack, they have now announced that they are ceasing their for-hire hacks. While some argue that this may be a lie, President Biden did say that the US could strike back at Darkside and “disrupt their ability to operate,” and this may be the result.
May 12, 2021
Flaw Dating To 1997 Threatens Every Wi-Fi Device With FragAttacks
Security flaws in the Wi-Fi standard dating back to 1997 have just been discovered that allow local attackers to invade networks. A hacker within radio range of a network can use FragAttacks (fragmentation and aggregation attacks) to attack devices and steal user information, says Belgian security researcher Mathy Vanhoef.
Vanhoef found that half of the routers, several smartphones, and IoT devices that were tested were affected by the vulnerability. Most security protocols of Wi-Fi, from the WPA3 spec to WEP, are susceptible. Thankfully, the attack can only be carried out when certain uncommon settings are used.
May 10, 2021
DarkSide Ransomware Group Believed To Be Behind U.S. Pipeline Attack
An oil pipeline that supplies the East Coast of the United States with 45% of its gasoline has been shut down following a cyberattack by a ransomware group. On Friday, the operators of the Colonial Pipeline fell victim to the DarkSide hacking group, who now claim that its actions were apolitical. “Our goal is to make money, and not creating problems for society,” the group posted today.
As a result of the shutdown, the U.S. government has issued an emergency waiver relaxing regulations on the commercial motor vehicle transport of gasoline and other petroleum products in the affected areas. The exact method that the cyberattack used to infiltrate the pipeline operator remains unknown.
May 5, 2021
CBP Contract Shows How Cars Spy On Your Phone Data
Ever connected your phone to a car? Your private information is not safe if you have. The U.S. Customs and Border Protection has purchased iVe vehicle forensics kits that allow it to view phone data from car infotainment systems without a warrant.
Data that can be seen with the iVe kits includes navigation history, SMS messages, emails, and pictures. Additionally, the kits can retrieve deleted data and “Identify known associates and establish communication patterns between them.” One of the most eye-opening aspects is just how much information is recorded by a vehicle when simply connecting a phone to it, allowing your private data to be accessed long after you’ve gone.
April 30, 2021
Ransomware Group Threatens to Blow Cover of U.S. Police Informants
Hackers are threatening to release the identities of confidential informants of the Washington, D.C. Metro Police Department. The ransomware group Babuk targets high profile computer systems, locking them up or stealing privileged information, in effect holding them for ransom. In this case, the police department does confirm that there was “unauthorized access on our server.”
Previously this month, the group infiltrated the Houston Rockets basketball team, accessing player contracts and financial data. The Rockets claim that Babuk was unable to install the ransomware due to security they already had in place. Federal agencies have been targeted 26 times already this year, according to media reports. On the morning of April 30th, Babuk released a statement claiming they were ending their ransomware operation.
April 26, 2021
The US Postal Service Social Media Monitoring Program That You Didn’t Know About
The United States Postal Inspection Service has been monitoring social media accounts for activity surrounding planned protests. The monitoring is part of an operation called Internet Covert Operations Program (iCOP). University of Chicago law professor Geoffrey Stone said that “It’s a mystery” why the USPS is monitoring for national security threats rather than the FBI or DHS.
The USPS’s program raises other concerns as well. While it appears that the program is supposed to discover misuse of the postal system, this goes far beyond that. One expert said, “If [individuals are] simply engaging in lawfully protected speech, even if it’s odious or objectionable, then monitoring them on that basis raises serious constitutional concerns.” Other federal agencies have also engaged social media companies directly to monitor user posts.
April 21, 2021
No One Likes Google’s FLoC Attempt to Avert the Cookiepocalypse
With most browsers either already actively blocking third party cookies or committing to do so in the near future, Google is testing a new advertising technology. Their plan, called Federated Learning of Cohorts (FLoC), uses an algorithm to place users with similar browsing history into buckets, allowing advertisers to better target potential customers.
Thankfully, Google is only able to test it on their own Chrome browser. Most other major browsers such as Microsoft Edge, Apple Safari, Firefox, and Opera will not commit to using it or are flat-out refusing to enable it. Even though Google has claimed FLoC is a way to protect users by making the information more anonymous, many worry that it could lead to even worse privacy concerns.
April 16, 2021
FBI Fixes Compromised Microsoft Exchange Servers Without Owners Knowledge
Following a massive hack of Microsoft Exchange Servers earlier this year, the FBI has executed a court-authorized removal of malicious web shells installed on vulnerable computers in the U.S. While the FBI did not remove any zero-day exploits or tools that hackers may have placed on systems via web shells, it is a step in securing the servers and preventing further unauthorized access.
Now, the FBI is going through the process of trying to alert server owners that their systems were accessed and fixed. Though fixing these email servers may have helped with national cybersecurity, accessing the network of a private user by a government organization raises privacy concerns.
AX3000 WiFi 6 VPN FlashRouter
Features
- Perfect for Medium Homes
- Perfect for 20-30 Devices
BEST VPNs OF 2025
#1
#2
#3
