Cybersecurity Articles
- "Based on the findings of our email security research, Google Workspace users will see significantly lower premiums compared to Microsoft 365 users," he says.
- Cloud-Based Email Is More SecureWhether Google Workspace should be the go-to email solution for companies is unclear, At-Bay stated in its report.
- "If you can't move to the cloud, the next best thing to do is to deploy a leading email security solution."
- To head off email threats, companies should use email security technologies, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC).
- "In addition, organizations can also increase their email security by regularly training their teams on what phishing attacks are, how they can proliferate into full-scale cyber attacks, and what to look for," Hendricks says.
- Thousands of Android Users AffectedIn a report this week, the Netherlands-based cybersecurity vendor said thousands of Android users in the United States and Spain since just August have downloaded the malware on their systems.
- Malware like Xenomorph highlight the growing and increasingly sophisticated nature of mobile threats, especially for Android users.
- For the moment, adware and other potentially unwanted applications remain the top threat for Android users.
- More than 50,000 Android users downloaded the app on their Android devices.
- Like other banking malware, Xenomorph contained overlays that spoofs the account login pages of all the targeted banks, the researchers found in their 2022 analysis.
- National Student Clearinghouse, a nonprofit that provides enrollment and other services for thousands of colleges and universities across North America, is the latest organization breached by the MOVEit flaw.
- The organization put out a list of impacted institutions filled with nearly 900 schools.
- "The unauthorized party obtained certain files within the Clearinghouse's MOVEit environment, which may have included information from the student record database on current or former students," a statement from the National Student Clearinghouse said.
- "We have no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications."
- John Bambenek, principal threat hunter at Netenrich, effectively accused any cybersecurity leader who has not shored up their MOVEit environment after months of reported breaches, of malpractice.
- Researchers have recently discovered a sophisticated backdoor with unusual architecture, dubbed "Deadglyph," used in a cyber-espionage attack in the Middle East against a government agency.
- The malware is attributed to the Stealth Falcon advanced persistent threat (APT), a United Arab Emirates (UAE) state-sponsored group.
- In a routine monitoring of suspicious activities for some of its Middle East high-profile customers, ESET gleaned details on a custom attack that uses homoglyphs, mimicking the name of technology giant Microsoft inside unicode strings.
- In the past, Stealth Falcon (aka Fruity Armor or Project Raven) has been known to target political activists, dissidents, and journalists in the Middle East.
- This latest attack occurred somewhere in the region of the Anatolian and Arabian peninsulas, according to ESET.
- The Securities and Exchange Commission (SEC) recently issued a Wells Notice to SolarWinds executives, a move that signifies a profound shift in accountability.
- SEC's Regulatory Evolution: Charting the Course for Cybersecurity GovernanceThe SEC's latest regulatory amendment marks a pivotal moment in the realm of cybersecurity governance within publicly traded companies.
- Accountability in the Aftermath: Navigating Breach ConsequencesAs exemplified by the recent SolarWinds and Uber incidents, accountability for cybersecurity leaders is on the rise.
- Cybersecurity executives must now grapple with the intricate balance of effective risk management, transparent reporting, and ensuring the organization's security posture remains resilient.
- The SEC's cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.
- EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.
- “With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.
- Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.
- Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.
- In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.
- Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.
- This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.
- The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
- “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.
- “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.
- What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
- Those links led to webpages mimicking the Okta authentication page used by the target’s employer.
- Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- After a recent dip, ransomware attacks are back on the rise.
- With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.
- It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
- Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.
- New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
- Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
- Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
- According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
- Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.
- US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22.
- The company stated officially that:[The] cyberattack […] included the encryption of certain files in our network.
- Because the investigation identified the presence of tools that could be used for data exfiltration (the unauthorized transfer of data), we can’t rule out the possibility that data was taken from one of our file servers.
- Social Security numbers [SSNs] were involved for less than 1% of the [individuals], most of which are internal to PurFoods.
- If you’re a company that handles vital PII of this sort:Act immediately when any anomalies are detected in your network.
- Leaky light bulbs, WinRAR bugs, and “Airplane mode, [HIGH RISING TONE] question mark?”All that and more on the Naked Security podcast.
- And there are some authentication-related issues that are somewhat tricky to solve for a small and simple device like a light bulb.
- The way it works in this case is that the app sends an RSA public key to the light bulb, and the light bulb uses that to encrypt and send back a one-time 128-bit AES key for the session.
- An imposter light bulb can come back and say, “Here’s the super-secret key that only you know and I know.”So you are communicating securely……with the imposter!
- And speaking of fun, Richard chimes in on this story and asks a new version of an old question:How many cryptographers does it take to update a light bulb?
- As you can work out from the truth table above, XOR has the convenient characteristics that X ⊕ 0 = X , and X ⊕ X = 0 .
- A ⊕ C ⊕ P = A ⊕ C ⊕ (A ⊕ B ⊕ C) = (A⊕A) ⊕ (C⊕C) ⊕ B = 0 ⊕ 0 ⊕ B = B <--the missing chunk returns!
- B ⊕ C ⊕ P = B ⊕ C ⊕ (A ⊕ B ⊕ C) = (B⊕B) ⊕ (C⊕C) ⊕ A = 0 ⊕ 0 ⊕ A = A <--the missing chunk returns!
- Also, if P is lost, we can ignore it because we can compute A ⊕ B ⊕ C anyway.
- Simply put, having the parity data chunk P means we can always reconstruct any missing chunk, regardless of which one it is.
- A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb.
- But the bad news is that protocol used for this are you really a light bulb?
- In fact, they didn’t need to send 232 messages from the app to a light bulb to crack the key.
- When the app encrypts each request that it sends to a light bulb, it uses an encryption mode called AES-128-CBC.
- If you’re a Tapo light bulb user, keep your eyes open for firmware updates from TP-Link that address these issues.
- Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity.
- Attackers need to implant rogue software onto your iPhone first in order to pull off a “fake airplane” attack.
- That’s because “fake airplane” mode doesn’t itelf snoop on or try to steal private data belonging to other apps, but works simply by showing you what you hope to see, namely visual clues that imply that your device is offline even when it isn’t.
- Opening or refreshing a web page when airplane mode is successfully engaged typically produces a notification that explicitly says Turn off Airplane Mode or use Wi-Fi to Access Data:At this point, a well-informed user would be inclined to accept not only that they had turned airplane mode on, but also that they had successfully cut the apps on their phone off from the internet.
- So, thirdly, the researchers figured out how to intercept the “mobile data is turned off” dialog, and simply to replace it with the more reassuring “airplane mode is on” notification instead.
- We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites.
- And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
- When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.
- Neither ZDNET nor the author are compensated for these independent reviews.
- Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards.
- We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites.
- And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
- When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.
- Neither ZDNET nor the author are compensated for these independent reviews.
- Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards.
- Also: The best VPN services for iPhone and iPad: Tested and reviewediPhone, iPad, and Apple Watch owners are urged to update their devices with this latest round of security fixes.
- For an Apple Watch, open the Watch app on your phone.
- And Apple Watch wearers will install WatchOS 10.0.1.
- Also: Buying an Apple Watch?
- Egypt is a known customer of Predator, and the spyware itself was delivered from a device physically located in Egypt, according to The Citizen Lab.
- Kingston IronKey D500S.
- ZDNET RECOMMENDS Kingston IronKey D500S The Kingston IronKey D500S USB is a military-grade security flash drive that is FIPS 140-3 Level 3 (Pending) certified and features upgrades for stronger security and attack protections for government and military uses.
- The admin can reset a user password, and also enable a one-time recovery password to restore access to data if the user password is forgotten.
- Kingston IronKey D500S.
- Adrian Kingsley-Hughes/ZDNETThe Kingston IronKey D500S is offered in capacities that range from 8GB to 512GB, and prices start from $75.
- We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites.
- And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
- When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.
- Neither ZDNET nor the author are compensated for these independent reviews.
- Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards.
- A new report from the Conflict Observatory at Yale University has used satellite imagery and open source investigative tools to chart the catastrophic damage caused by fighting in the capital city of Khartoum.
- The RSF, headed by Mohamed Hamdan Daglo, known as Hemedit, has also been receiving weapons, including drones, from Wagner for months.
- A recent convoy carrying Russian weapons to the RSF crossed into Sudan via Chad on September 6.
- Violence has been steadily worsening in Sudan since April, when negotiations meant to return the government to civilian rule broke down.
- A key tension point was around whether and how quickly the RSF’s 100,000-person force would be absorbed into the Sudanese military.
- There is mounting evidence, however, that repressive regimes are opting to just shut down access to the open internet entirely—and that such blackouts could become permanent.
- A team of cybersecurity researchers believe they have come up with a clever new way to fight back: a trojan horse.
- The program, dubbed eQsat, has been tested and is ready to be put into action during the next internet shutdown—whether it’s in Russian-occupied Ukraine, Iran, or one of the many repressive regimes that regularly block internet access.
- The cybersecurity firm behind the program, eQualitie, has spent years developing tools designed for civil society in countries with aggressive internet filtering.
- Its mobile browser, Ceno, connects users to the open internet and serves content peer-to-peer.
- Countless headlines over the years have warned that automation isn’t just coming for blue-collar jobs, but that AI would threaten scores of white-collar jobs as well.
- AI tools are becoming capable of automating tasks and sometimes entire jobs in the corporate world, especially when those jobs are repetitive and rely on processing data.
- Corporations, which are monitoring their employees on a large scale, are now having workers utilize AI tools more frequently, and many questions remain regarding how the many AI tools that are currently being developed are being trained.
- Put all of this together and there’s the potential that companies could use data they’ve harvested from workers—by monitoring them and having them interact with AI that can learn from them—to develop new AI programs that could actually replace them.
- While there is a lot of employee surveillance happening in the corporate world, and some of the data that’s collected from it could be used to help train AI programs, simply learning from how people are interacting with AI tools throughout the workday could help train those programs to replace workers.
- In Chicago, for example, average car theft rates of about 850 per month are now consistently up to more than 2,000 per month.
- Atlanta's car theft rates have doubled from their old level before 2022 of fewer than 250 incidents per month.
- “Stolen car rates are not up by 10 percent, or 20 percent, or even 50 percent,” the report says.
- Caesars Entertainment also admitted last week that it recently suffered a data breach and faced criminal extortion demands.
- The exposure occurred because of a misconfiguration in how the researchers used an Azure Storage data-sharing feature.
- For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the one before that.
- Over the past year, those espionage-focused hackers have exploited this geographic time warp to bring retro USB malware back to dozens of victims’ networks.
- But in January of 2022, Mandiant began to see new versions of the trojan repeatedly showing up in incident response investigations, and each time it traced those breaches to Sogu-infected USB thumb drives.
- “That’s an interesting case if UNC53’s intended infection point is a place where people are traveling regionally throughout Africa or even possibly spreading this infection internationally outside of Africa,” says Mandiant researcher Ray Leong.
- In some cases at least, it appeared that the spies were focused on the African operations themselves, given China’s strategic and economic interest in the continent.
- Zyxel Networks announced the addition of WiFi 6-enabled security firewalls to its ZyWALL USG FLEX 100 firewall series.
- Zyxel’s new USG FLEX 100AX Firewall supports WiFi 6 (802.11ax) to provide wired and wireless solutions that deliver holistic security and protection for small- and medium-sized business networks.
- To ensure network protection, USG FLEX 100 firewalls feature high-assurance, multi-layered protection, and integrate real-time threat protection intelligence from leading companies and organizations in the cybersecurity field to increase the accuracy and immediacy of the threat protection.
- When a detected threat violates the rule-based security policy, USG FLEX 100 firewalls provide automatic protection by synchronizing with the Nebula Control Center and containing the device(s) at the edge of the network.
- The Zyxel USG FLEX series of firewalls for small- and medium-sized businesses includes the following models (with street prices):USG FLEX 100 – $479.99USG FLEX 100AX – $549.99USG FLEX 100W – $379.99USG FLEX 200 – $479.99USG FLEX 500 – $699.99USG FLEX 700 – $1,199.99Zyxel USG FLEX firewalls carry limited lifetime warranties and are available now through all Zyxel authorized resellers and e-commerce partners.
- Amazon and Anthropic announced a strategic collaboration that will bring together their respective technology and expertise in safer generative AI to accelerate the development of Anthropic’s future foundation models and make them widely accessible to AWS customers.
- In addition, Anthropic will provide AWS customers with early access to unique features for model customization and fine-tuning capabilities.
- Amazon developers and engineers will be able to build with Anthropic models via Amazon Bedrock so they can incorporate generative AI capabilities into their work, enhance existing applications, and create net-new customer experiences across Amazon’s businesses.
- “Since announcing our support of Amazon Bedrock in April, Claude has seen significant organic adoption from AWS customers.
- This news is the latest AWS generative AI announcement as the company continues to expand its unique offering at all three layers of the generative AI stack.
- Allegro Packets is providing network professionals with enhanced functionality with its new Release 4.1.
- “With Release 4.1, we continue our commitment to improving network analysis.
- We also implemented features to more easily comply with any privacy policies,” explains Klaus Degner, Managing Director of Allegro Packets.
- Release 4.1 significantly improves analysis performance to handle significantly more traffic (40G and more), especially on large systems such as the Allegro Packets device series 3xxx, 5xxx, and 7xxx.
- Allegro Packets customers will receive a list of all the features included in version 4.1 by e-mail.
- The National Student Clearinghouse MOVEit breach noticeNSC provides educational reporting, data exchange, verification, and research services to around 3,600 North American colleges and universities and 22,000 high schools.
- “Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool,” the data breach notice reads.
- The data that was affected by this issue varies by individual.”NSC has also provided a list of the educational organizations affected by this breach.
- The breach affected a great number of organizations, including governments, financial institutions, pension systems, and other public and private entities.
- “The upstream/downstream in many MOVEit incidents is extremely complex, with some organizations being impacted because they used a vendor which used a contractor which used a subcontractor which used MOVEit.
- Thunder Shield Security announced Custos, its next-generation scanning platform equipped with artificial intelligence and machine learning to proactively combat cyber threats and safeguard organizations.
- Comprehensive cybersecurity platform: Custos presents a unified cybersecurity approach where Custos Strike, TSS’s automatic penetration testing tool, is a critical component among various scanning tools.
- Enhanced efficiency and accuracy: Custos empowers ethical hackers and organiZations to comprehensively identify vulnerabilities, elevate security stances, optimise resource allocation, and fulfil compliance requirements.
- It streamlines penetration testing, reducing the time required from days to a single day or less.
- Reducing false alarms with machine learning: At Custos’ core, machine learning fine-tunes threat detection by significantly reducing false alarms, ensuring a laser focus on genuine security risks.
- Crooks stole $200 million worth of assets from Mixin NetworkPierluigi Paganini September 25, 2023 September 25, 2023Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets.
- Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist.
- The company is investigating the security breach with the support of the security firm SlowMist.
- #PeckShieldAlert As of Sept. 25, 2023, here are the Top 10 Hacks in 2023.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Mixin Network)
- A phishing campaign targets Ukrainian military entities with drone manual luresPierluigi Paganini September 25, 2023 September 25, 2023A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin.
- Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin.
- The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154.
- Typically receiving a Microsoft help file over the internet would be considered unusual.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Ukrainian military entities)
- Patch your TeamCity instance to avoid server hackPierluigi Paganini September 25, 2023 September 25, 2023Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server.
- “TeamCity server version 2023.05.3 and below is prone to an authentication bypass, which allows an unauthenticated attacker to gain remote code execution (RCE) on the server.
- “If you are unable to update your server to version 2023.05.4, we have also released a security patch plugin so that you can still patch your environment.
- The security patch plugin can be downloaded using one of the links below and installed on TeamCity 8.0+.
- For TeamCity 2019.2 and later, the plugin can be enabled without restarting the TeamCity server.
- Is Gelsemium APT behind a targeted attack in Southeast Asian Government?
- Pierluigi Paganini September 25, 2023 September 25, 2023A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023.
- Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.
- “Unit 42 assesses with moderate confidence that the activity observed in CL-STA-0046 is associated with the Gelsemium APT group.
- Unit 42 associates the activity observed by the threat actor behind CL-STA-0046 to the Gelsemium APT group with a moderate level of confidence.”Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Gelsemium APT)
- Nigerian National pleads guilty to participating in a millionaire BEC schemePierluigi Paganini September 25, 2023 September 25, 2023A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC).
- The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering through business email compromise (BEC).
- “According to his plea agreement, from February 2017 until at least July 2017, Simon-Ebo conspired with others to perpetrate a BEC scheme.” reads the press release published by DoJ.
- Simon-Ebo had direct control over at least $45,925 of the funds obtained from victims.” continues the press release.
- Simon-Ebo faces up to 20 years in federal prison for the wire fraud conspiracy and for the money laundering conspiracy.
- The modern internet is a terrible, no-good privacy nightmare and we should probably start over.
- At least that’s the argument that spawned the latest project from the Cult of the Dead Cow.
- Veilid aims to replace the advertising giants that run social media platforms with an alternative suite of open-source, serverless, peer-to-peer and mobile-first applications.
- The project began roughly four years ago, when Rioux approached Katelyn “Medusfour” Bowden about a project to create a new private social media and messaging service.
- One can use Mastadon for social media, Signal for chat and calls, Keybase as a sort of Slack replacement, not to mention the plethora of self-hosted projects found on Github.
- ALPHV, an established ransomware-as-a-service operation thought to be based in Russia and linked to attacks on dozens of entities, claimed responsibility for Caesars and MGM attacks in a note posted to its website earlier this month.
- But the term Scattered Spider isn’t accurate, the researchers at LABScon said, as it lumps the activities of multiple disparate and sometimes rival groups from within the Com ecosystem into one entity.
- The attacks emanating from the Com ecosystem go far beyond the Las Vegas resorts recently hit.
- AdvertisementAn August 2023 Cyber Safety Review Board report on Lapsus$ recommended that Congress explore funding juvenile cybercrime prevention programs as part of a “whole-of-society” approach to address youth cybercrime.
- “The radicalization is cybercrime and being the worst human being you possibly be,” the researcher said.
- SCOTTSDALE, Ariz. — A new cyber threat intelligence working group will seek to bring greater attention and resources to bear on understanding complex cyber operations in Africa and Latin America, regions that organizers of the effort say have been historically neglected by cybersecurity researchers.
- The group is currently made up of researchers from several cybersecurity vendors and a policy researcher focused on China.
- Intrusions tracked by Hegel, his team, and others “conspicuously align” with Chinese investment efforts that critics, particularly in the U.S., have termed “debt trap diplomacy,” Hegel wrote in his blog post.
- “The timing of this activity aligned closely with Chinese telecommunication soft power interests in Africa, as the organization was in private negotiations for further regional expansion,” Hegel wrote.
- Over the past decade, policymakers and researchers have grown increasingly aware of Chinese espionage operations targeting countries in Africa.
- The United Kingdom and the United States finalized an agreement Thursday allowing for the free flow of online data between the two nations starting Oct. 12.
- The data framework follows determinations by the United Kingdom that United States surveillance laws adequately protect their citizens’ data and provides assurances to technology companies that they won’t fall afoul of the law by transferring data belonging to their customers between data centers in the two countries.
- AdvertisementIn July, the European Commission approved a similar data transfer agreement with the United States after years of negotiation.
- AdvertisementData transfer agreements could take on new importance as nations like the United Kingdom position themselves as a hub for AI research and development.
- The inability to access and transfer data between the United States and the UK would represent an “existential challenge” to AI advancement, Jones said.
- A trio of nominees to the Federal Trade Commission said on Wednesday it is crucial that Congress pass a federal privacy bill, even as the agency they are nominated to lead is looking to take stronger action on privacy issues.
- In the absence of federal legislation on the issue, the FTC has recently embarked on a rulemaking effort to more closely regulate the collection of consumer data.
- As it explores privacy regulations, the FTC faces a similar conflict with Congress over AI, where the legislature is exploring but has not advanced any major legislation.
- As with privacy, some members of Congress are concerned the FTC is overstepping its powers.
- Cruz also highlighted the resignation of former Republican FTC Commissioner Christine Wilson, who had expressed concerns about the agency’s direction under the leadership of Chairwoman Lina Khan.
- Unit 42 researchers have unveiled a web of complex cyber-espionage attacks targeting a government in Southeast Asia.
- While initially thought to be the work of a single threat actor, the researchers discovered that the attacks were orchestrated by three separate and distinct clusters of threat actors.
- The investigation led to the identification of three distinct clusters of activity, each associated with varying confidence levels to known APT groups.
- The first, CL-STA-0044, is linked with moderate-high confidence to the Stately Taurus group (aka Mustang Panda), which is believed to have affiliations with Chinese interests.
- Finally, CL-STA-0046 is tentatively associated with the Gelsemium APT group, which is currently unattributed to a specific state.
- A prolonged and ongoing cyber-espionage campaign by the threat actor known as EvilBamboo (formerly Evil Eye) has been uncovered by cybersecurity firm Volexity.
- Further, in April 2020, EvilBamboo escalated its attacks by deploying a Safari exploit to implant iOS malware into the devices of Uyghur users.
- The threat actor regularly updates the download link, leading victims to a Dropbox or Google Drive link.
- To support the distribution of its Android spyware, EvilBamboo has created counterfeit websites designed to distribute BADSIGNAL, a compromised version of the Signal app.
- The threat actor has also backdoored other applications like Telegram.
- The move aims to bolster election security and combat the rampant spread of misinformation among American voters.
- Hosted by the Information Technology-Information Sharing Analysis Center (IT-ISAC), the “Election Security Research Forum” marked a significant milestone in efforts to safeguard US elections.
- Read more on election security initiatives: Election Protection is CISA’s Top Priority for Next 18 MonthsThe cybersecurity testing program brought together three leading voting equipment vendors: Election Systems & Software, Hart InterCivic and Unisyn.
- During this period, election technology manufacturers provided security researchers access to modern election technology, including newly developed and yet-to-be-deployed software configurations.
- Discussions at the three-day event focused on various components of America’s election infrastructure, aiming to improve future election security.
- Hong Kong-based decentralized finance (DeFi) project Mixin Network lost around $200m in cryptocurrency in what could already be one of the biggest hacks targeting a web3 platform.
- Mixin Network confirmed the attack on September 25, 2023, in a public statement posted on X (formerly known as Twitter).
- The statement explained that attackers compromised Mixin’s cloud service provider database on September 23, resulting in the loss of around $200m in cryptocurrency.
- “Deposit and withdrawal services on Mixin Network have been temporarily suspended [and] will be reopened once the vulnerabilities are confirmed and fixed.
- “We have contacted Google and blockchain security company Slow Mist to assist with the investigation.”
- A Nigerian extradited to the US had pleaded guilty to his part in a multimillion-dollar business email compromise (BEC) conspiracy.
- Kosi Goodness Simon-Ebo, 29, pleaded guilty late last week to conspiracy to commit wire fraud and conspiracy to commit money laundering.
- From February to July 2017, he conspired with several others, including some living in Maryland, to illegally access victims’ email accounts and trick victims into wiring funds to bank accounts under their control using spoofed emails.
- He’s also facing a maximum jail term of 20 years behind bars for the wire fraud conspiracy and money laundering conspiracy charges.
- Separate data from Secureworks in March revealed the number of business email compromise (BEC) incidents doubled last year, replacing ransomware as the most prolific cybercrime category.
- SpyCloud recently released its 2023 Ransomware Defense Report, an annual analysis of how security leaders and practitioners view the threat of ransomware and their organizations’ cyber readiness.
- Additionally, the report surveyed more than 300 individuals in active cybersecurity roles at U.S., U.K. and Canadian organizations with at least 500 employees and found that despite shifting priorities to better address ransomware, organizations are failing to address infostealer malware.
- Respondents ranked the importance of MFA much higher than in previous years, although data backup remained organizations’ most important perceived countermeasure to ransomware.
- The report also revealed that 81% of surveyed organizations were affected at least once in the past 12 months.
- Affected organizations include enterprises that utilized any business resources to combat ransomware, whether through security solutions or ransom payments.
- Tim Roemer has been hired as Chief Security Officer at Global Market Innovators.
- Roemer previously served as the Director of the Arizona Department of Homeland Security and the State's Chief Information Security Officer (CISO).
- In his new position, Roemer will oversee GMI's security and cybersecurity operations.
- Roemer spent ten years with the Central Intelligence Agency (CIA), including two years in the White House Situation room where he provided critical national security updates to the President, Vice President and National Security Council.
- As GMI's Chief Security Officer, Roemer will work on CISO as a Service, security and risk assessments, incident response and ransomware resilience.