Skip to main content

BLEEPING COMPUTER . . .Talk Nerdy for Online Security

Let's start somewhere (this one first). Then another and then all the latest articles
This one

CISA: GPS software bug may cause unexpected behavior this Sunday

gps watch
By  October 22, 2021 08:37 AM
 
"The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol  (NTP) servers running the GPS Daemon (GPSD) software.

"The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems." - SANS ISC

The bug is set to trigger this Sunday, on October 24th, and the implications are somewhat unpredictable as it could cause systems to become unresponsive or unavailable.

On October 24, 2021, all Network Time Protocol (NTP) servers using GPSD versions 3.20 through 3.22 are going to jump back 1024 weeks in time, to March 3, 2002.

The vulnerable versions were released between December 31, 2019, and January 8, 2021, so the affected GPS devices constitute a significant portion of those deployed out there at the moment.

The problem could be severe, but it’s somewhat of a Y2K bug, so nobody can be sure about whether or not the devices will actually encounter functional or service reliability issues.

CISA urges the affected owners and operators to update to GPSD version 3.23, released on August 8, 2021, or newer, to avoid all chances of facing problems.

 
=========================================================================
Another one

Groove ransomware calls on all extortion gangs to attack US interests

 
By  October 22, 2021 11:48 AM
 
"The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week.

Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains.

As part of this shutdown, a known REvil operator claimed that the unknown party was "looking" for them by modifying configuration files, so that the threat actor would be tricked into going to a site operated by the unknown entity. . .Yesterday, Reuters reported that REvil's takedown resulted from an international law enforcement operation that included support from the FBI.

Post on Groove ransomware data leak site calling for attacks on the USA
Post on Groove ransomware data leak site calling for attacks on the USA

The blog post also warns ransomware operations not to target Chinese companies, as the gangs would need to use the country as a safe haven if Russia takes a stronger stance on cybercrime operating inside its country.

The whole translated message, with some censoring of inappropriate words, can be read below.

"In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing,
unite and start xxcking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet
while our boys were dying on honeypots, the nets from rude aibi squeezed their own... but he was rewarded with higher and now he will go to jail for treason, so let's help our state fight against such ghouls as cybersecurity firms that are sold to amers, like US government agencies, I urge not to attack Chinese companies, because where do we pinch if our homeland suddenly turns away from us, only to our good neighbors - the Chinese! I BELIEVE THAT ALL ZONES IN THE USA WILL BE OPENED, ALL xxOES WILL COME OUT AND xxCK THIS xxCKING BIDEN IN ALL THE CRACKS, I myself will personally make efforts to do this" - Groove ransomware.

The calling of attacks on US interests correlates with other information shared with BleepingComputer this week by a threat intelligence researcher for a Dutch bank.

In July 2021, a threat actor known as 'Orange' launched the RAMP hacking forum after shutting down and splitting from the original Babuk Ransomware operation.

As Orange still controlled Babuk's Tor site, he used it to launch the hacking forum where he acted as an admin. Orange is also believed to be one of the representatives of the Groove ransomware operation.

Recently, Orange stepped down as the forum's admin to pursue a new operation but did not provide any further information on what was being planned. . .

However, a later post indicates that the threat actor is likely starting a new ransomware operation as he began actively pursuing the purchase of network access to US hospitals and government agencies, as shown in the forum post below.

Threat actor purchasing access to US hospitals and government agencies

READ MORE:

Groove ransomware calls on all extortion gangs to attack US interests

Lawrence Abrams
BleepingComputer
 
=========================================================================
Latest Articles

Comments

Post a Comment

Popular posts from this blog

World Defense News

Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made a major breakthrough in their air defense strategy, successfully intercepting and destroying a Russian Kh-59 cruise missile over the Black Sea with the newly deployed U.S. L3Harris VAMPIRE Surface-to-Air Missile (SAM) system mounted on a high-speed boat.  This marks the first operational use of the VAMPIRE SAM system to intercept a cruise missile, representing a significant leap forward in Ukraine's capability to counter advanced airborne threats.  The achievement was reported on January 25, 2025, via the X account of Clash Report.  Read News Russia - Ukraine War at this link ... Ukrainian forces fire with the US-supplied VAMPIRE SAM system from a high-speed boat, successfully intercepting a Russian Kh-59 cruise missile over the Black Sea in response to an airstrike threat. Screenshot from the video published on the Clash Report X acc...
Post a Comment
Click here to Read more »

Trump Inauguration Acts Have Been Announced!

The committee planning Trump’s inaugural ceremonies released a schedule Monday of four days of events centered around the Jan. 20th swearing-in ceremony, which Biden is planning to attend. “President Trump is dedicated to uniting the country through the strength, security, and opportunity of his America First agenda,” Steve Witkoff and Kelly Loeffler, the co-chairs of the inaugural committee, said in a statement. . . The Republican's Inauguration Day plans include tea at the White House, the swearing-in ceremony at the Capitol, a congressional luncheon, a parade on Pennsylvania Avenue and a trio of balls. Village People and Carrie Underwood to perform at Trump's inauguration events. . . Other inauguration ceremony performers will include two of the president-elect’s musical favorites, country singer Lee Greenwood and opera singer Christopher Macchio. Euronews.com 49 minutes ago Search inside image Village People and Carrie Underwood to perform at Trump's inauguration events...
Post a Comment
Click here to Read more »

Zelenskyy ‘a beggar and blackmailer’ – EU state’s PM

11 Jan, 2025 19:21 Home World News The Ukrainian leader needs to stop asking other people for money, Slovakia’s Robert Fico has said Vladimir Zelensky looks on during a joint press conference with European Council President Antonio Costa in Kiev, Ukraine, December 1, 2024  ©   Getty Images / Nikoletta Stoyanova ISNA News Agency 6 days ago Search inside image Slovakia's PM: Zelensky a beggar and blackmailer - ISNA Slovak Prime Minister Robert Fico has lashed out at Vladimir Zelensky, declaring that the Ukrainian leader’s  “begging and blackmailing”  needs  “to stop.”  Relations between Bratislava and Kiev soured when Ukraine cut off the flow of Russian gas earlier this month. “I’m not here to hold hands with Zelensky, and I’ll admit, I’m sick of him sometimes,”  Fico said at a meeting of the Slovak parliament’s foreign affairs committee on Friday. “He roams Europe begging and blackmailing, asking others for money,”  Fico continued, adding:...
Post a Comment
Click here to Read more »