Information Technology Security

by Lane Babuder,  Hot Hardware Ransomware attacks have been on the rise. This time around, the small Ontario, Canada town of St. Marys has been targeted. The ransomware organization behind the attack seems to be LockBit. So far though, no ransom has been paid. The town itself claims that most city functions are still operational and staff are still working and getting paid. Upon visiting the official web site of the town visitors are greeted with a large red box containing the following quote. "The Town of St. Marys is currently investigating a cyber security incident that locked our internal server and encrypted our data. We are working closely with cyber security experts to investigate the source of the incident, restore our back up data, and assess impacts on our information, if any." "We have a skilled and knowledgeable team of Town staff, cyber security experts and legal counsel working around the clock to resolve any issues related to this incident. I have full con

Physical features and the Fifth Amendment don't mix. By TECHDIRT,  Above The Law Based on (admittedly scattershot) case law, the best protection for your phone (and constitutional rights) seems to depend on whatever device owners feel is the most persistent (or dangerous) threat. If you, a regular phone owner, feel the worst thing that could happen to you is the theft of your phone, then using biometric features to lock/unlock your device is probably the most secure option. It means thieves have to have access to both you and your phone if they hope to access far more sensitive data. And it makes even more sense if you’re one of the, oh, I don’t know… ~250 million Americans who occasionally reuse passwords. This prevents phone thieves from using a seemingly endless number of data breaches to find a way into your phone. But if you feel law enforcement agencies are the more worrisome threat, it makes more sense to use a passcode. Why? Because courts have been far more willing to call

By Sergiu Gatlan,  Bleeping Computer In a preliminary post-incident report, Microsoft has revealed that this week's 5-hour-long Microsoft 365 worldwide outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that led to cascading failures and availability impact across multiple regions. ECS is an internal central configuration repository designed to enable Microsoft services to make wide-scope dynamic changes across multiple services and features, as well as targeted ones such as specific configurations per tenant or user. What initially started like a minor Microsoft Teams outage ended up expanding downstream to multiple Microsoft 365 services with Teams integration that also leverage ECS, including Exchange Online, Windows 365, and Office Online. As a result, users worldwide began reporting that they could not use Microsoft Teams and multiple Microsoft 365 services or features. "This issue affected the users' ability to connect to the Microsoft

By Patrick Tucker,  American Military News Experts believe quantum computing may render some of the core cybersecurity algorithms at the heart of many modern-day digital experiences—from accessing money via an ATM to sending secure messages—obsolete. A new bipartisan bill pushes the U.S. government to prepare more quickly for that eventuality. The problem is a complex one, literally. The public key encryption standards for everything from bank transactions to secure communications are based on the mathematical principle of factorization. A classical computer would take around 300 trillion years to crack them. But a quantum computer, able to process bits composed of values far more diverse than “1” or “0,” could crack the same encryption standard in seconds. While no quantum computer yet exists that can perform such a trick, the rapidly growing field suggests it’s possible within the decade. And that won’t stop adversaries from attempting to steal encrypted data now for later decoding,

By Fionna Agomuoh,  Digital Trends Microsoft is testing a task overflow bar in Windows 11 that works much like the stacks feature in MacOS. The feature is now available in the Windows 11 Insider Preview Build 25163, which rolled out to the Dev Channel on Thursday. The overflow makes it so that when you have more apps open than can fit in the taskbar, they are stored in their own section, which can be accessed via an ellipses icon (…) on the bottom-right section of the screen. You can click the icon to view, access, or close the still-running apps that no longer fit on the crowded taskbar. The feature serves as an optimized version of an old Windows feature, which truncated overflow apps into a single icon and triggered the need to utilize keyboard shortcuts such as Alt-Tab to access the hidden apps, PCWorld noted. While this updated version of the task overflow bar is a lot easier to understand and use, it’s not a guaranteed feature for a public build, as it is currently still at the d

What you should know about the Data Access Agreement. By Colleen Hagerty,  Popular Science An agreement between the United States and United Kingdom to improve cross-border law enforcement data sharing will go into effect later this year, the two nations announced in a joint statement published Thursday.  Called the Data Access Agreement, it will allow investigators from each country to “gain better access to vital data to combat serious crime,” according to the Department of Justice, as they will now be able to directly request data like messages and pictures, for example, from telecommunications providers in the other’s jurisdiction.  The US agency said that this is a first-of-its-kind agreement that could help with time-sensitive investigations, including those related to terrorism and child abuse. These requests will be “compliant with the relevant existing domestic obligations a public authority is bound by.” The agreement was created in 2019 to address the challenge of trying to

As new details about the scope of the sabotage emerge, the perpetrators—and the reason for their vandalism—remain unknown. Buried deep beneath your feet lie the cables that keep the internet online. Crossing cities, countrysides, and seas, the internet backbone carries all the data needed to keep economies running and your Instagram feed scrolling. Unless, of course, someone chops the wires in half. On April 27, an unknown individual or group deliberately cut crucial long-distance internet cables across multiple sites near Paris, plunging thousands of people into a connectivity blackout. The vandalism was one of the most significant internet infrastructure attacks in France’s history and highlights the vulnerability of key communications technologies. Now, months after the attacks took place, French internet companies and telecom experts familiar with the incidents say the damage was more wide-ranging than initially reported and extra security measures are needed to prevent future atta

By Lawrence Abrams,  Bleeping Computer Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for identity management and authentication.  This includes US government agencies, such as the Department of Energy, Department of Homeland Security, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many more.

By Evelyn Cheng,  CNBC China’s cybersecurity authority fined ride-hailing giant Didi Global on Thursday in apparent closure of a yearlong probe that prevented the company from adding new users. The Cyberspace Administration of China said it fined Didi 8.026 billion yuan ($1.19 billion) after deciding the company violated China’s network security law, data security law and personal information protection law. The administration also fined two Didi executives 1 million yuan each. Didi said in an online statement it accepted the cybersecurity regulators decision. Didi did not immediately respond to a CNBC request for comment. The cybersecurity authority’s announcement did not say whether the fine meant that Didi would soon be able to add new users or restore its presence on app stores in China. The investigation was first announced last year, just days after Didi’s initial public offering on the New York Stock Exchange. Didi had come under fire after it reportedly pushed ahead with its IP

By Sergiu Gatlan,  Bleeping Computer Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. The hardcoded password is added after installing the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2) for a user account with the username disabledsystemuser — designed to help admins with the migration of data from the app to the Confluence Cloud. According to Atlassian, the app helps improve communication with the organization's internal Q&A team and is currently installed on over 8,000 Confluence servers. "The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default," the company explained in a security advisory published on Wednesday. "A remote, unauthenticated attacker with know

By Vilius Petkauskas,  Cyber News A German citizen is suing the European Commission for transferring citizens’ data from one of the Commission’s websites to the United States. In a twist of irony, the executive branch of the European Union (EU), the European Commission (EC), is being sued for violating the personal data protection laws it created. According to Europäische Gesellschaft für Datenschutz (EuGD), a Germany-based organization supporting consumers in the enforcement of legal claims over breaches of the General Data Protection Regulation (GDPR), a German consumer believes his right to the protection of personal data was violated. While the GDPR does not apply to European institutions directly, they have to follow a similar law that closely resembles the restrictive nature of the GDPR. Both sets of legislation were created with the help of the Commission. “When calling up the website […] and registering for an event offered there, the US cloud service in its function as web hos

By Silke Paradowski,  TechXplore Touch screens on mobile devices can be attacked and manipulated via charging cables and power supply units. This is what researchers at the System Security Lab at TU Darmstadt have discovered together with a Chinese research team. Several smartphones and standalone touchscreen panels could be compromised in practical tests by simulated touches, the "ghost touches." The results were presented at this year's IEEE Symposium on Security and Privacy. The researchers from TU Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power adapters, revealing a new way to attack mobile devices. Similar to their previous research project, "GhostTouch," the researchers were able to create false touches, called "Ghost Touches," on multiple touchscreens and manipulate the device via them. The international research team had to overcome two main challenges. The first was to

By Lawrence Abrams,  Bleeping Computer Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets. Neopets recently launched NFTs that will be used as part of an online Metaverse game. On Tuesday, a hacker known as 'TarTarX' began selling the source code and database for the Neopets.com website for four bitcoins, worth approximately $94,000 at today's prices. In a conversation with BleepingComputer, TarTarX says that they stole the database and approximately 460MB (compressed) of source code for the neopets.com website. The seller claims that this database contains the account information of over 69 million members, and in a screenshot shared with BleepingComputer, you can see the data includes members' usernames, names, email addresses, zip code, date of birth, ge

By Jurgita Lapienytė,  Cyber News Despite best efforts and innovation, cybercrime is on the rise. MIT scientists and leading network defenders urge to explore deep learning to secure systems. In the first quarter of 2022 alone, there were 404 publicly reported data breaches in the US. Ransomware breaches increased by 13% in a single year. “No wonder an increasing number of organizations are beginning to explore how deep learning, and its ability to mimic the human brain, can outsmart and outpace the world’s fastest and most dangerous cyber threats,” MIT Technology Review said in its research paper produced together with cybersecurity company Deep Instinct. MIT is looking at deep learning-driven malware prevention, hoping it could boost organizations in an innovation race against ransomware groups, enhancing their evasive capabilities, using sandbox detection or even adversarial artificial intelligence (AI.) Deep learning is the most advanced form of AI technology that uses neural netwo

New research shows problems in trackers used by major companies and governments for fleet management. There’s no known fix.  By Jack Gillum,  Bloomberg Vulnerabilities in a popular GPS tracker made in China and used around the world could allow hackers to disrupt vehicles, cut off their fuel and surveil drivers’ movements, according to new research. Several “severe” flaws in the Micodus MV720 tracker affect customers, private companies and government agencies, creating a “high risk” of personal injury, vehicle disablement and supply-chain disruption, according to Boston-based BitSight Technologies. Researchers believe 1.5 million Micodus devices are in use in more than 160 countries. The US Department of Homeland Security issued several warnings Tuesday about the flaws. Micodus didn’t immediately respond to emails and phone calls seeking comment from Bloomberg News since early Monday. In a statement, Eric Goldstein, executive assistant director for the Cybersecurity Infrastructure Secu

By Bill Toulas,  Bleeping Computer LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022. Statistical data from cybersecurity company Check Point shows that the social platform for professionals is at the top of the list for the second quarter in a row. Compared to the first quarter of the year, LinkedIn impersonation dropped from 52% to 45%. However, it maintains a considerable distance from the second most imitated brand by fraudsters, Microsoft, currently at 13%. The central theme in spoofed Microsoft emails is requests to verify Outlook accounts to steal usernames and passwords. DHL currently holds the third spot in the list with 12%, down from 14%. Amazon rose to the fourth position, jumping from 2% in Q1 2022 to 9% this quarter, while Apple follows on fifth place with 3%; also a notable increase compared to last quarter’s 0.8%. In the case of Amazon, the phishing emails attempt to steal the target’s billi

By Neil Martin,  TechXplore The pace of change in telecommunications is increasing every year. A case in point is the rapid research and development of 6G technologies when 5G has not even been fully implemented across Australia. But UNSW expert, Dr. Shaghik Atakaramians, says progress is vital as people and businesses become ever more dependent on fast and reliable transfer of data. "In the next 10 years, we can expect massive changes and new technologies coming into our lives which will require more and more connectivity at higher speeds as we transfer more and more data," says the Senior Lecturer in the School of Electrical Engineering and Telecommunications. "We can imagine completely autonomous systems; or multi-sensory extended reality which integrates the five traditional human senses with the digital world; or real-time remote telesurgery; or complete virtual shopping malls. "These sound like something out of science fiction, but they are potentially possibl

By Bill Toulas,  Bleeping Computer Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms. Web-skimmers, or Magecart malware, are typically JavaScript code that collects credit card data when online shoppers type it on the checkout page. Recently, Recorded Future’s threat detection tools identified two Magecart campaigns injecting malicious code into the online ordering portals of MenuDrive, Harbortouch, and InTouchPOS. As a result, 50,000 payment cards were stolen and have already been offered for sale on various marketplaces on the dark web.

By Irina Ivanova,  CBS Fraudulent text messages are soaring, deluging Americans with scams ranging from false claims that a person's bank account has been frozen to online orders not being delivered, a consumer advocacy group has found.  Over the last year, the number of robo-texts in the U.S. has soared from about 1 billion per month to 12 billion, the Public Interest Research Group, a nonprofit research organization, said in a new report.  The flood of robo-texts comes as regulators finally make headway against robocalls, which for years have been the No. 1 complaint among phone users. Between June 2021, when new laws for phone carriers took effect, and June 2022, robocalls fell from 2 billion to 1 billion a month, PIRG found. "Especially the scam robocalls, the ones that are most dangerous, have dropped about in half from a year ago. That's definitely good news," said Teresa Murray, consumer watchdog at PIRG. "There are some things that are finally being done

By Sergiu Gatlan,  Bleeping Computer The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation. "This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation," the High Representative on behalf of the EU said Tuesday. "The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed." In this context, the EU reminded Russia that all United Nations member states must adhere to the UN's Framework of responsible state behavior in cyberspace to ensure international security and peace. The EU urged all states

By Damien Black,  Cyber News More than half a million instances of malware have been observed on software used by the popular landline brand Digium in the first three months of the year. Unit 42, the cyber-detective wing of infosecurity firm Palo Alto, said it had “witnessed more than 500,000 unique malware samples” over a three-month period to the end of March targeting the Elastix and Asterisk operating systems that Digium phones depend upon. Though ostensibly conventional wired handsets, the phones benefit from special features including voicemail, call logging and queuing, and phone status display, which require them to be connected to the internet of things. Unfortunately for businesses like call centers that rely on such features, they appear to have put the phones on the radar of cybercriminals. “The attacker implants a web shell to exfiltrate data by downloading and executing additional payloads inside the target's Digium phone software,” said Unit 42. “The malware installs

By Bill Toulas,  Bleeping Computer After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February. In a recently observed campaign, the threat actor uses SMS communication to lure users into downloading malware on their Android devices. If the potential victim uses iOS, they are redirected to a phishing page for Apple credentials.

By John Shier, CNBC Increased cyberattacks in 2022 have created a high-risk internet landscape. But for many people, hitting "refresh" on their password habits still isn't a priority. As a cybersecurity advisor, I consistently hear stories about people getting their personal information stolen because they made a simple mistake like using the same password for multiple website logins. After 20 years of studying online criminal behaviors, tactics, techniques and procedures, I've found that hackers love it when people make these six password mistakes: 1. Reusing the same password. More than two-thirds of Americans do this, but it only allows data breaches to remain dangerous for years after they happen. To avoid creating a brand new password for every account, people also tend to reuse passwords with slight variations, like an extra number or symbol. But these are also easy for hackers to guess, and they're no match for software designed to quickly test iterations o

By  Krebs On Security For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software. But new research shows the proxy service has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own. 911[.]re is one of the original “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for his/her Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP addre

By Sean Lyngaas, CNN In the days before the January 6, 2021, insurrection, Chinese hackers sent out a flurry of malicious emails to prominent White House correspondents and other journalists at major US news outlets in an apparent intelligence collection effort, US cybersecurity firm Proofpoint said Thursday. As Chinese hackers scrambled to ascertain whether there would be a peaceful transfer of power in the US, they tried to break into the email accounts of high-profile US journalists, who can be softer targets for hackers than officials on US government networks. The newly revealed hacking campaign shows just how valuable a target journalists can be to intelligence services in search of clues about US policy. To try to lure them, the attackers wrote email subject lines about then-President Donald Trump's attempts to overturn the 2020 election, pandemic relief legislation and other enticing issues. It's unclear how successful the hacking campaign was -- Proofpoint said it bloc

 By Alan Suderman,  AP A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden. The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.” “Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday. The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft. The flaw’s discovery prompted urgent warnings by government offici

By Sophie Webster, Tech Times On Tuesday, July 12, Engadget reported that several restaurant owners have been blackmailed for weeks by online scammers.  The owners revealed that they had been targeted by scammers who intentionally posted negative reviews of their restaurants on Google and then demanded digital gift cards as the price for removing the reviews.  Scammers Target Restaurant Users According to The New York Times, the owners of restaurants in cities including Chicago, New York, and San Francisco revealed that their businesses had been deluged with negative, one-star reviews on Google Maps, Google Reviews, and other Google platforms.  The reviews are posted by scammers who email the restaurant owners and pledge to remove the negative, one-star rating in exchange for a $75 Google Play gift card, according to Engadget.  If the restaurant owner does not comply with the demand, the scammers will post more negative reviews.  In an email sent to the restaurant owners, the scammers

By Larry Neumeister and Tom Hays,  Huffpost A former CIA software engineer was convicted Wednesday of federal charges accusing him of the biggest theft of classified information in CIA history. Joshua Schulte, who chose to defend himself at a New York City retrial, had told jurors in closing arguments that the CIA and FBI made him a scapegoat for an embarrassing public release of a trove of CIA secrets by WikiLeaks in 2017. Schulte watched without visibly reacting as U.S. District Judge Jesse M. Furman announced the guilty verdict on nine counts, which was reached in mid-afternoon by a jury that had deliberated since Friday. The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices. Prior to his arrest, Schulte had helped create the hacking tools as a coder at the agency’s headquarters in Langley, Virginia. A sentencing date was not immediately set because

By Sergiu Gatlan,  Bleeping Computer Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page. In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors. After stealing the targets' credentials and their session cookies, the threat actors behind these attacks logged into the victims' email accounts. They subsequently used their access in business email compromise (BRC) campaigns targeting other organizations. "A large-scale phishing cam

By Gordon Kelly,  Forbes Google has confirmed a bizarre new bug affecting all Gmail users, where the service issues a sender warning for every email received. Here's everything you need to know. The bug first struck on Thursday, with Gmail attaching a security notice reserved for suspect emails to everything that arrives in a recipient's inbox. On Friday, Google subsequently confirmed that the problem had spread more widely than first believed and "affects both Gmail consumers and Enterprise customers." The notice reads: "Do you want to continue receiving messages from this sender? [Emphasis Gmail's] Please give us feedback about this message. We won't ask you about this sender again, although you can always unsubscribe or mark it as spam in future." In normal circumstances, Gmail only attaches this message to emails where the service has doubts about the sender, hence flagging it as a potential security risk that you may wish to move to spam. So see

The US Federal Communications Commission says a man posing as a fake broadband service promised victims discounts on internet services and devices. By Jacqui Vanliew,  Wired An Ohio man created a fake broadband provider in order to scam low-income consumers who thought they were getting government-funded discounts on internet service and devices, according to the Federal Communications Commission. In a Notice of Apparent Liability for Forfeiture released July 1, the FCC proposed a fine of $220,210 against alleged scammer Kyle Traxler. Traxler created an entity called Cleo Communications that sought authorization to be a provider in the FCC's Emergency Broadband Benefit (EBB) program, which provided $50 monthly discounts on internet service and other discounts for devices. "Cleo apparently existed for the sole purpose of taking financial advantage of customers under the disguise of being a legitimate EBB Program provider," the FCC notice said. "Cleo Communications has