Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Government. Show all posts
US law Enforcement
Apple Capitol riots Privacy Push notifications US Government US law Enforcement

Apple’s Push Notification Data Used to Investigate Capitol Rioters; Apple Sets Higher Legal bar


When it initially came to light that governments globally demanded push notification data from Apple and Google, suspicion mounted that the US government was doing the same. This has now been confirmed, with one use of it being the monitoring the Capitol riots, that will take place on January 6.

Previously, Apple was prohibited from disclosing that it was receiving legal demands for the information. However, now that it is permitted to do so, it has also raised the standard for compliance.

What is This All About? 

Last week, it was revealed that legal demands were being made to Apple and Google to provide details of the notifications that were sent to persons of interest in the legal investigations. While both companies were meeting the demands, they were not allowed to disclose that it was actually happening. 

The facts were then made public through an open letter by a senator. 

Push notifications can still disclose a lot of information, even though they prevent third parties from seeing the content of end-to-end encrypted conversations, such as those sent over iMessage.

Consider, for instance, a message exchange between a Chinese whistleblower and a US journalist exposing violations of human rights. The push data indicates that the source and journalist had a lengthy back-and-forth conversation yesterday, and a report on the abuses was released today. 

Apple swiftly verified the allegation and added these events to its transparency reporting once the open letter released them from legal constraints on publicizing the practice.

Push Notification Data Used by US Law Enforcement 

Although "foreign" countries were mentioned in the open letter, it was widely assumed that US law enforcement was also requesting the same information. The Washington Post has reported that the data aided in the investigation of Capitol riots, among other incidents, confirming this.

Apple Sets Higher Legal Bar 

Google held these demands to a higher legal standard than Apple did.

Apple provided the push notification data on the basis of a subpoena, whereas Google needed a court order to do so. Law enforcement agencies can issue subpoenas without judicial oversight; that is, they can demand data on their own, based only on their own determination that it is necessary. In contrast, a court order necessitates that a judge evaluate and accept the demand after reviewing the supporting documentation.

Apple has amended its instructions for law enforcement organizations to clarify that in order to obtain push notification data, a judge must approve a court order or search warrant.  

Read more »
US Government
Data Breach Hacker group Kimsuky Kimsuky North Korea Hackers OFAC US Government

US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group


The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. 

Eight North Korean agents have also been sanctioned by the agency for aiding in the evasion of sanctions and promoting their nation's WMD development.

The current measures are apparently a direct response to the Democratic People's Republic of Korea's (DPRK) purported launch of a military reconnaissance satellite on November 21 in an attempt to hinder the DPRK's ability to produce revenue, obtain resources, and obtain intelligence to further its WMD program.

"Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury stated. "Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee."

The OFAC, in August 2010, linked Kimsuky to North Korea's primary foreign intelligence agency, the Reconnaissance General Bureau. 

Kimsuky’s operations mostly consist of stealing intelligence, focusing on foreign policies and national security concerns regarding the Korean peninsula and nuclear policy. 

High-Profile Targets of Kimsuky

One of the most notable high-profile targets of the North Korea-based cyberespionage group includes the compromise of South Korea’s nuclear reactor operator in 2018, Operation STOLEN PENCIL against academic institutions in 2018, Operation Kabar Cobra against South Korean government organizations and defense-related agencies in 2019, and Operation Smoke Screen the same year.

Kimsuky was responsible for targeting at least 28 UN officials and several UN Security Council officials in their spear-phishing campaign conducted in August 2020. The cyberespionage group also infiltrated infiltrated South Korea's Atomic Energy Research Institute in June 2021. 

In September 2019, the US Treasury Department imposed sanctions on the North Korean hacker groups Lazarus, Bluenoroff, and Andariel for transferring money to the government of the nation through financial assets pilfered from global cyberattacks against targets.

In May, OFAC also declared sanctions against four North Korean companies engaged in cyberattacks and illegal IT worker schemes intended to raise money for the DPRK's weapons of mass destruction (WMD) programs.  

Read more »
USDoD
Data Breach Data Leak Database Breach Linkedin LinkedIn Users Personal Data US Government USDoD

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Read more »
US Government
Chinese Actors Cyber Attacks Energy sector FBI FBI notification LNG Russian Hackers US Government

FBI Warns Energy Sectors: Chinese and Russian Hackers may Actively Target Energy Sector


According to a recent notification sent by the FBI to the energy industry changes in the global energy supply will most probably result in an increase in the number of Chinese and Russian hackers attacking significant energy infrastructure.   

The notification, released on Thursday, lists several contributing causes, including rising LNG exports from the United States, shifts in the global crude oil supply chain favoring the United States, continued Western pressure on Russia's energy supply, and China's reliance on imported oil. 

The alert, however, did not mention any particular advanced persistent threat (APT) group linked with China or Russia, nor did it cite any cybersecurity incident targeting critical infrastructure. Instead, it makes general mention of how appealing U.S. networks are to foreign hackers and cautions recipients that Chinese and Russian hackers are always looking to examine important systems and improve their capabilities to exploit vulnerabilities they find.

According to Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security and now an energy sector executive, “Utilities see probing and low-level attempted attacks every day by the Russians and PRC.”

These low-profile attacks help hackers to get an insight into the important aspects of specific systems like where a target has open ports or determine potential firewall restrictions. “China doesn’t make a lot of noise, but the small localized intrusions are helping build their network attack capabilities, likely for future use[…]There’s no doubt that the energy sector is on the front lines of malicious cyber-activity right now as China preps the battlefield,” Harrell added.

As the notification suggests, Chinese hackers have exploited certain US entities by conducting “post-exploitation activity with generic reconnaissance commands using ‘live off the land’ tools.”

“Living off the land,” certainly means an attacker is exploiting tools or features that are already present in the target environment. For instance, sneaky varieties of ransomware like WannaCry and LockBit have covered their tracks and survived inside a network by using a default Windows binary, an existing piece of operating system code. 

The warning states that state-backed Chinese hackers have been targeting common vulnerabilities since 2020, in order to, “target US and allied networks and software/hardware companies to steal intellectual property and develop access into sensitive networks to include critical infrastructure, defense industrial base sectors, and private sector organizations.”

However, the FBI declined to comment on the notification.

The notification further highlights how the Russian invasion of Ukraine altered the world's energy supply chain, citing Western sanctions as a "significant driver" of recent changes in the LNG supply chain. According to the notification, the modification will probably lead to an increase in Russian hackers' targeting of the American energy sector.

In 2022, 74% of Europe’s LNG imports originated in the U.S. the notification said, noting that the US was able to meet European LNG demand. 

It also added that since 2016, Russian hackers have targeted state agencies and several US-based critical infrastructure sectors by, “staging targets networks as pivot points and malware repositories when targeting their final intended victims.”

Read more »
Voting Village
Cyber Security DefCon Defcon hackers DefCon US Election Security Galois US Government Voting Fraud Voting machine Voting Village

Election Security: Lawmakers Will Introduce New Machines Against Defcon Hackers


August is marked as a busy month for computer hackers, since they attempt to break into the election equipment of the Las Vegas conference hall with their USB sticks, screwdrivers or bare fingertips, with one goal: discovering new and more effective security measures for the system.

However, organizers of this year’s DEF CON hacker convection (concluding this Sunday) spent as much time over the physical safety of the security researchers hacking into the devices.

The researchers who examine electoral equipment for vulnerabilities have come under growing intimidation and harassment since former President Donald Trump's effort to annul the 2020 election.

In order to protect these researchers, the organizers of the conference’s ‘Voting Village’ hacking event apparently appointed undercover security consultants. Additionally, they shifted the entire event to a side room so as to monitor the activities more closely and instructed their roughly two dozen volunteers on what to do in the event in case any agitators turned up.

The measures provide a little glimpse into a trend in the landscape of voting security in the US. Election officials, poll workers, and security researchers will eventually be forced to think more carefully about physical safety and take a variety of additional safeguards as a result of the increase in threats caused by disinformation.

According to Catherine Terranova, one of the organizers of the Voting Village, last year’s DEF CON witnessed certain troubling incidents, however minor. For an instance, a conspiracy theorist apparently set the alarm bells off during the event. Also, a group of people who appeared to be committed to advancing election denialism also attended the event the previous year and harassed a few of the Voting Village speakers.

“The day after DEF CON ended last year, I started pouring all of my time and energy into figuring out how to secure this village[…]I said to myself, ‘we are never doing this like this again,” Terranova said.

This is an issue which concerns the government election security officials too.

“Any threat of violence against an election official, poll worker, or anyone else working to safeguard our democracy is completely unacceptable. These folks are members of our communities, and dedicated public servants,” CISA Director Jen Easterly said in a statement.

Introducing a New Voting Machine

Voting Village lawmakers will now be introduced with a prototype of a $10 million DARPA-funded open source voting machine, created to mitigate any hacking activities executed to temper with votes.

The project will be headed by Galois, a DARPA awarded government contractor. For a fact, Galois has worked with Microsoft in developing ElectionGuard, a software for voting machines to verify ballots. 

The Galois machine reads votes on paper and scans them to ensure that they are legitimate. It will have a secure CPU that Galois developed that is geared to fend off common attacks that other voting machines were vulnerable to in prior Voting Villages.

Galois aims to provide the first voting system that hackers at Defcon will be unable to break, but in both years that the Voting Village has existed, hackers have been able to find one or the other vulnerabilities. However, even if hackers do discover flaws in the prototype, which its designers anticipate happening, it is still a win-win situation.

"There's an ambition that this demonstration will not have vulnerabilities comparable to what's in the room[…]But of course, the point of the exercise is to learn. If they do find flaws, it helps the researchers put on a different thinking cap and adjust their work over the next 2.5 years while this project continues," Joe Kiniry, a principal scientist at Galois, explained in an interview.  

Read more »
US Government
APT China Cyber Security Cyber Attacks data bias Kaspersky National Cyber Power Index US Government

Why are Western Cyber Attacks Less Heard of?


Camaro Dragon, Fancy Bear, Static Kitten and Stardust Chollima – these are some of the most notorious hacking group around the world. These cyber teams have been under the radar for hacking, stealing information and causing trouble allegedly on the orders of their governments.

Marketers of these companies have been pin pointing locations these groups are originating from, warning users of these ‘advanced persistent threat’ groups (APTs). The groups have majorly been tracked back to Russia, China, North Korea and Iran.

Cyber Defenders Under Attack

Russia’s most popular cyber company Kaspersky were made to investigate its own employees when several staff members’ mobile phones begin distributing their information to some shady parts of the internet.

"Obviously our minds turned straight to spyware but we were pretty sceptical at first[…]Everyone's heard about powerful cyber tools which can turn mobile phones into spying devices but I thought of this as a kind of urban legend that happens to someone else, somewhere else," said chief security researcher Igor Kuznetsov.

Igor came to the conclusion that his intuition had been correct and that they had in fact discovered a sizable sophisticated surveillance-hacking effort against their own team after painstakingly analyzing "several dozen" infected iPhones. Apparently, the attackers had found a way to infect iPhones by simply sending an iMessage, that after installing malware to devices, deleted itself from the device.

In the operation to tackle the issue, the victims’ phone contents were tracked back to the hackers at regular intervals. This included messages, emails, pictures, and even access to cameras and microphones.

Once the issue was solved, on being asked, Kaspersky did not tell the origin of the attack, saying they are not interested “in from where this digital espionage attack was launched.”

The incident raised concerns of the Russian government. Russian security agencies released an urgent advisory the same day Kaspersky reported their discovery, claiming to have "uncovered a reconnaissance operation by American intelligence services carried out using Apple mobile devices.”

The bulletin even accused Apple of being involved in the campaign, however the conglomerate denied the accusation. Neither did the firm in question, the US National Security Agency (NSA), comment on the accusations.

In addition to this, the US Government issues a statement with Microsoft last month, confirming that the Chinese state-sponsored hackers have been found “lurking inside energy networks in US territories”.

In response to this, China denied the accusations saying the "story was a part of a disinformation campaign" from the Five Eyes countries – the UK, Australia, Canada and New Zealand.

Chinese Foreign Ministry official Mao Ning added China's regular response: "The fact is the United States is the empire of hacking."

But as with Russia, China now appears to be taking a more assertive stance in criticizing Western hacking.

According to China Daily, China’s official news source, the foreign government-backed hackers are currently the biggest threat to the nation's cyber security.

Additionally, the Chinese company 360 Security Technology included a statistic with the warning, stating that it has found "51 hacker organizations targeting China." Requests for comments from the business received no response.

China also charged the US with hacking a government-funded university in charge of space and aviation research last September.

While many would brush off the accusation of China, there might could be some truth to it.

According to researchers, there are reasons why the western hacking groups never come to light. We are listing some of these reasons below: 

  • The US is the only tier-one cyber power in the world, based on attack, defence and influence. Its is also labelled as ‘World’s top cyber power,’ by National Cyber Power Index, compiled by researchers at the Belfer Centre for Science and International Affairs. 
  • Western cyber-security companies fail to track western cyber activities, since they do not have customers in the rival countries. It could also be that the companies put less effort in investigating western groups, since many cyber security companies gain major chunk of revenue from the UK or US state-backed lucrative contracts.
  • Another factor contributing to the lack of information about Western cyberattacks is that they are frequently more covert and result in less collateral damage.

Read more »
US Government
ALPHV ALPHV ransomware gang Casepoint Casepoint investigation Data Breach Legal tech firm TechCrunch US Government

Casepoint Investigates Alleged Breach After Hackers Claimed Theft of Government Data


US-based legal technology platform, Casepoint has apparently investigated a potential cybersecurity incident following claims of threat actors, who have hacked the platform claiming terabytes of sensitive data.

Casepoint offers legal advice for governmental organizations, businesses, and law firms in litigation, investigations, and compliance. The company has a number of well-known clients, including the U.S. Department of Defense (DoD), Marriott Hotels, the Securities and Exchange Commission (SEC), the U.S. Courts, and the Mayo Clinic.

Vishal Rajpara, the CTO and co-founder of Casepoint, released a statement in which he declined to confirm but otherwise did not seem to refute rumors that the ALPHV ransomware gang was responsible for the attack. BlackCat, the Russia-based ransomware gang claims to have stolen two terabytes of confidential data from Casepoint, which included data from the US government and “many other things you have tried so hard to keep,” the gang stated.

Some of the data stolen, according to TechCrunch, included private information from a Georgia-based hospital, a legal document, a state-sponsored ID and an internal document apparently issued by the FBI. However, the FBI is yet to confirm the allegations made by TechCrunch.

Following Casepoint’s acknowledgment of the investigation, ALPHV updated on the issue in a statement published on May 31. The firm also shared what seems to be the login details for the company’s software.

Rajpara published a statement on the issue, saying “Casepoint remains fully operational and have experienced no disruption to our services[…]the third-party forensic firm that we have engaged is currently running scans and deploying advanced endpoint detection monitoring tools and will be looking for signs of suspicious activity.” “We are early on in our investigation and are committed to keeping our clients informed as we learn more.”

However, Rajpara declined to comment on whether the business has technological resources to identify the data that was accessed or exfiltrated or whether it has been contacted by the ALPV ransomware organization with any communications, such as a ransom demand. 

ALPHV Gang

The ALPHV gang has previously claimed to have attacked NextGen Healthcare, a U.S.-based maker of electronic health record software, and Ring, a video surveillance firm owned by Amazon. Despite the hackers' denials that they were connected to the gang, data obtained from Western Digital was also hosted on ALPHV's leak site.

Some other known victims of the ALPHV gang include Bandai Namco, Swissport, and the Munster Technological University in Ireland.  

Read more »
US Government
Bitcoin CBDC cryptocurrency Joe Biden RFK Jr. Technology US Democratic presidential candidate US Government

RFK Jr. Criticizes Crypto, Following Anti-CBDC Remark


On Tuesday, US Democratic presidential candidate Robert F. Kennedy has taken another dig at cryptocurrency, following earlier comments he made opposing a U.S. central bank digital currency, or CBDC. His tweets came out swinging on defense of the digital assets sector, denouncing what he called a "war on crypto."

Kennedy officially declared his 2024 presidential bid last month. He stated that the Federal Deposit Insurance Corporation (FDIC) and the Securities and Exchange Commission (SEC) have "no authority to wage an extra-legal war on crypto that leaves major banks as collateral damage."

Kennedy cited an article by Ellen Brown titled "How the War on Crypto Triggered a Banking Crisis," in which Brown makes a "strong case" that a government-sponsored campaign against the digital assets sector was responsible for several historic bank failures in March, including Silicon Valley Bank, Signature Bank, and Silvergate Bank.

It is debatable whether there is a coordinated attempt to remove cryptocurrency from the American financial system. According to Barney Frank, an ex-congressman who served on the board of directors of Signature Bank, “the institution was shut down to send an anti-crypto message.” These assertions were later denied by a New York regulator.. On May 2, Kennedy criticized Biden on May 2 for calling the US banking system "safe and sound.” “Today, bank stocks are crashing. The American people deserve more than glib assurances and perception management,” he tweeted.

Following this, on May 3, he criticized the Biden administration's proposed tax on crypto mining. An environmental lawyer, Kennedy called the proposed 30% tax on energy used by crypto miners "a bad idea" He said mining's energy use was a concern (though somewhat overstated), stating, “The environmental argument is a selective pretext to suppress anything that threatens elite power structures, Bitcoint for example.”

Days after Kennedy's anti-CBDC comments, the Federal Reserve clarified its position, stating that the FedNow payments system, which Kennedy claimed to equate with a CBDC, is neither a digital currency nor a replacement for cash.

While some Democrats, such as Elizabeth Warren, have repeatedly criticized cryptocurrency and made it a centerpiece of their political platforms, others, such as New York City Mayor Eric Adams, have been outspoken in their support for the emerging asset class.  

Read more »
US Government
Credit Card Fraud Cyber Crime DOJ TOCRP Try2Check US Department Of Justice US Government

US Government Takes Down Try2Check Services Used by Dark Web Markets


The US Government, on Wednesday, announced that it had taken down the credit card checking tool ‘Try2Check’ that apparently gave cybercrime actors access to bulk purchases and sale of stolen credit card credentials to check which cards were legitimate and active.

The US Department of Justice confirmed the issue and charged Denis Gennadievich Kulkov, a citizen of Russia, for being involved in operating a fraudulent credit card checking business that brought in tens of millions of dollars.

The underground service Try2Check, which Kulkov is believed to have founded in 2005, quickly gained enormous popularity among online criminals engaged in the illicit credit card trade and enabled the suspect to earn at least $18 million in bitcoin.

Apparently, Try2Check leveraged the unnamed company’s “preauthorization” service, whereby a business, such as a hotel, requests that the payment processing firm preauthorizes a charge on a customer’s card to confirm that it is valid and has the necessary credit available. Try2Check impersonated a merchant seeking preauthorization in order to extract information about credit card validity.

What Services Did Try2Check Include? 

The services were used by individuals dealing with both the bulk purchase and sale of credit card credentials and were required to check the percentage of valid and active credit cards, including dark web markets like Joker's Stash for card testing.

By using Try2Check services, the defendant duped a well-known U.S. payment processing company whose systems were used to execute the card checks, in addition to credit card holders and issuers.

The services have now been dismantled following a collaborative measure taken by the US Government and partners in Germany and Austria, including units in the Austrian Criminal Intelligence Service, the German Federal Criminal Police Office (B.A.), the German Federal Office for Information Security (B.S.), and the French Central Directorate of the Judicial Police (DCPJ).

"Try2Check ran tens of millions of credit card checks per year and supported the operations of major card shops that made hundreds of millions in bitcoin in profits[…]Over a nine-month period in 2018, the site performed at least 16 million checks, and over a 13-month period beginning in September 2021, the site performed at least 17 million checks," the DOJ stated. 

In addition to this, the US State Department in partnership with the US Secret Service has offered a $10 million reward through the Transnational Organized Crime Rewards Program (TOCRP) for anyone who can help find Kulkov, who is currently a resident of Russia. If found guilty, Kulkov will face a 20-year-imprisonment.

"The individual named in today's indictment is accused of operating a criminal service with immeasurable reach to fund further illicit activity with global impact[…]Thanks to the cooperation and dedication of our global law enforcement community, Try2Check can no longer serve as a vehicle for continued criminal activity or illicit profits," said U.S. Secret Service Special Agent in Charge Patrick J. Freaney.  

Read more »
Vulnerabilities and Exploits
CISA FDA Illumina medical data stolen Security flaw Stolen Data US Government Vulnerabilities and Exploits

Illumina: FDA, CISA Warns Against Security Flaw Making Medical Devices Vulnerable to Remote Hacking


The US Government has issued a warning for healthcare providers and lab employees against a critical flaw, discovered in the genomics giant Illumina’s medical devices, used by threat actors to alter or steal sensitive patient medical data.

On Thursday, US cybersecurity agency CISA and US Food and Drug Administration FDA released separate advisories to alert organizations of the vulnerabilities affecting the Universal Copy Service (UCS) component used by a number of Illumina's genetic sequencing devices.

The vulnerability flaw, identified as CVE-2023-1968 enables remote access to a vulnerable device via the internet without the need for a password. If exploited, hackers may be able to compromise devices and cause them to generate false, changed, or nonexistent results. 

The advisories also include a second vulnerability, CVE-2023-1966, which is rated 7.4 out of 10 for severity. The flaw might provide hackers access to the operating system level, where they could upload and run malicious programs to change settings and access private information on the impacted product.

The FDA claimed it was unaware of any actual attacks that exploited the flaws, but it did issue a warning that a hacker might use them to remotely control a device or change its settings, software, or data, as well as remotely access the user's network.

“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” states the FDA in its notification. 

The products from Illumina that are vulnerable include iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq, and NovaSeq. These products, which are used all around the world in the healthcare industry, are made for clinical diagnostic use when sequencing a person's DNA for different genetic diseases or research needs.

According to Illumina spokesperson David McAlpine, Illumina has “not received any reports indicating that a vulnerability has been exploited, nor do we have any evidence of any vulnerabilities being exploited.” Moreover, he declines to comment on whether the company has technical resources that could detect exploitation, nor did he specify the number of devices affected by the vulnerability.

Illumina CTO Alex Aravanis in a LinkedIn post mentions that the company detected the flaw as part of routine efforts to examine its software for potential flaws and exposures.

“Upon identifying this vulnerability, our team worked diligently to develop mitigations to protect our instruments and customers[…]We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most,” Aravanis said.  

Read more »
US Government
Canada Government Chinese App Ban Chinese Apps Cyber Security Data Security Tiktok TikTok TikTok Ban US Government

Here are the Countries That Have Imposed TikTok Ban


This week, the U.S. and Canada have issued orders to ban the use of TikTok on state-issued gadgets, following the raising cybersecurity concerns over the video-sharing app. 

Bytedance, the Chinese company that owns TikTok, has long insisted that it does not exchange data with the Chinese government and that it does not store any of its data there. 

The company alleges that the app is independently managed and refutes claims that it collects more user data than other social media sites. However, many countries tend to have erred on the side of caution when it comes to the platform and their ties to China. 

We are listing the countries and regions that have either imposed a partial or a complete ban on TikTok: 

INDIA 

India imposed a ban on TikTok along with several other Chinese apps like messaging app WeChat in 2020, following concerns over user privacy and cybersecurity. 

The ban was implemented shortly after a clash between Indian and Chinese troops in a military dispute on the Himalayan border, which resulted in the death of 20 Indian soldiers and injured dozens. The corporations were given the chance to respond to inquiries about privacy and security requirements, but the ban was rendered permanent in January 2021. 

TAIWAN 

Following a warning issued by the FBI that TikTok presented a threat to national security, Taiwan banned the app from the public sector in December 2022. Chinese-made software, including apps like TikTok, its Chinese version Douyin, or Xiaohongshu, a Chinese lifestyle content app, is not permitted to be used on government equipment, including smartphones, tablets, and desktop computers. 

UNITED STATES 

This week, the US announced that the government authorities have 30 days to delete TikTok from federal devices and systems. The ban is applicable only to state-owned devices. China reacted angrily to the American decision to block TikTok, accusing the United States of abusing its power and stifling foreign companies. 

Also, the software is prohibited from being used on official devices in more than half of the 50 U.S. states. 

CANADA 

Following the announcement made by the US, Canada announced that the government-issued devices must not use TikTok on Monday, noting that the app could put the devices’ privacy and security at stake. In the future, the employees may as well be restricted to download the application. 

EUROPEAN UNION 

TikTok has been banned on employee devices by the European Parliament, European Commission, and EU Council, three of the major EU organizations. The embargo imposed by the European Parliament becomes effective on March 20. It has been advised to lawmakers and staff to uninstall the app from their personal devices. 

PAKISTAN 

Since October 2020, Pakistani authorities have briefly banned TikTok at least four times due to worries that the app encourages immoral content. 

AFGHANISTAN 

In 2022, the Taliban leadership in Afghanistan outlawed TikTok and the Chinese game PUBG, citing the need to prevent children from "being misled."  

Read more »
US Government
China regularity rules Chinese Government Content Censorship Cyber Security Douyin Social Media Apps TikTok US Government

What Are Some Big Cyber-Security Fears Concerning TikTok?


China claims that the US has inflated national security concerns over TikTok in an effort to suppress the Chinese startup. Due to concerns over cyber-security, US federal entities have been asked to remove the Chinese app from all staff devices within 30 days. Canada and the EU have taken similar actions, and some politicians have called for nationwide bans. 

TikTok executives, who successfully escaped having their popular app banned in the US by then-president Donald Trump in 2020, had to deal with a barrage of inquiries every day about the dangers TikTok presented to cyber security. The topic was largely put to rest in 2021 when President Joe Biden overturned Trump's proposal due to various complicated legal challenges. 

One could almost hear a sigh of relief from both TikTok and the millions of influencers who rely on the social media app to make a career. 

But now, in an ironic nod to the video app's recognizable looping style, we have come full circle. With the stakes even higher now. 

Nearly three years prior to Trump's planned ban, TikTok had been downloaded 800 million times worldwide. As of now, 3.5 billion people have downloaded it, according to app analytics company Sensor Tower. 

With a rise in geopolitical strain between China and Western Countries, it is clear that the future of TikTok is more at risk than ever. 

We are listing some of the prime cyber-security concerns pertaining to TikTok that are continually raised, and how the company addresses them: 

1. TikTok Collects an ‘Excessive’ Amount of Data 

TikTok's critics frequently claim that it collects vast amounts of data. It's common to use a cyber-security assessment from Internet 2.0, an Australian cyber business, from July 2022 as proof. 

Researchers examined the source code of the app and found evidence of "excessive data harvesting" within it. According to analysts, TikTok gathers information about users' locations, the devices they are using, and the other apps they have installed. 

Although, a similar test conducted by Citizen Lab concluded that "in comparison to other popular social media platforms, TikTok collects similar types of data to track user behavior." 

Likewise, a report by the Georgia Institute of Technology in January states "The key fact here is that most other social media and mobile apps do the same things." 

2. TikTok Could be Used as a ‘Brain-washing’ Tool 

TikTok's spokeswoman said: "Our community guidelines prohibit misinformation that could cause harm to our community or the larger public, which includes engaging in co-ordinated inauthentic behavior." 

In November 2022, FBI Director Christopher Wray told the US lawmakers: "The Chinese government could… control the recommendation algorithm, which could be used for influence operations." 

Douyin, a sibling app to TikTok that is exclusively available in China, is heavily censored and purportedly designed to encourage the viral spread of positive and wholesome content, which adds fuel to those worries. 

In fact, all social networking sites in China are closely monitored by an army of internet police, who apparently take down content that criticizes the government or instigates political unrest. 

As TikTok gained popularity, there were high-profile instances of censorship on the app. For example, a user in the US had her account suspended for denouncing Beijing's treatment of Muslims in Xinjiang; following a ferocious public outcry, TikTok issued an apology and restored the account. 

Since then, there have not been many instances of censorship, aside from the contentious moderation choices that all platforms must make. 

Although, while comparing TikTok and Douyin, Citizen Lab researchers concluded that the later does not comprise any political censorship. 

The Georgia University of Technology analysts also looked for jokes about Chinese Premier Xi Jinping and issues like Taiwan's independence. They came to the following conclusion: "Videos in all of these categories can easily be found on TikTok. Many are popular and widely shared." 

Theoretical Risk 

Hence comes the entire picture of theoretical fears and risk. 

Certain critics deem TikTok as a “Trojan horse,” meaning although it may look harmless, it could potentially be utilized as a powerful weapon in times of conflict. 

The app is already banned in India, in an initiative taken against the app and dozens of other Chinese platforms in the year 2020. 

Nonetheless, a US ban on TikTok might have a significant effect on the site since allies of the US frequently support such measures. 

Moreover, it is worth mentioning that risks are a one-way street. Due to the long-standing restriction on access for Chinese individuals, China need not be concerned about US apps.  

Read more »
User Privacy
Data Breach Email Fraud IP Address Microsoft Azure Server TechCrunch Unauthorized access US Government User Privacy

 Crucial US military Emails was Publicly Available

A US Department of Defense exposed a server that was leaking private internal military emails online Security researcher Anurag Sen discovered the unprotected server, which was "hosted on Microsoft's Azure federal cloud for Department of Defense customers," according to a TechCrunch report.

The vulnerable server was housed on Microsoft's Azure federal cloud, which is available to Department of Defense clients. Azure uses servers that are physically isolated from other commercial customers so they can be utilized to share private but sensitive government information. The exposed server was a component of an internal mailbox system that included around three terabytes of internal military emails, a lot of them regarding the USSOCOM, the US military organization responsible for carrying out special military operations.

Nevertheless, due to a misconfiguration, the server was left without a password, making it possible for anyone with access to the internet to access the server's IP address and view the server's important mailbox data.

The server was filled with old internal military emails, a few of which contained private information about soldiers. A completed SF-86 questionnaire, which is filled out by government employees seeking a security clearance and contains extremely sensitive personal and health information for screening people prior to being cleared to handle classified information, was included in one of the disclosed files.

As classified networks are unreachable from the internet, TechCrunch's scant data did not appear to be any of it, which would be consistent with USSOCOM's civilian network. In addition to details regarding the applicant's employment history and prior living arrangements, the 136-page SF-86 form frequently includes details about family members, contacts abroad, and psychiatric data.

A government cloud email server which was accessible through the web without a password was made public and the US government was notified about it. Using just a web browser, anyone could access the private email data there.






Read more »
Vulnerabilites and Exploits.
Email Fraud Google l Microsoft SMB US Government Vulnerabilites and Exploits.

Emails are Vulnerable to Cyber Threat

Small businesses and organizations of various sizes worldwide rushed to upload patches and assess what had been compromised. Hacks expose the vulnerability of the 32 million small businesses, which are largely unable to afford to work with cybersecurity firms and also who primarily rely on built-in security measures of software and hardware providers.

As per Iram, a former Israeli intelligence officer, large tech firms can improve their systems prior to being released in order to block hackers before they impact small and medium-sized firms. He adds that cybercrime reduced each time major software companies modified default settings or other general updates with cybersecurity in mind.

According to market research company Gartner, Microsoft has more than 86% of the enterprise e - mails processing market whereas Google has just under 13%.

Challenges with email 

The notion that several components of today's technological stack were created before cybercriminals became a concern is the root of many of its problems. Big firms that predominate the industry typically have still not added security as a default feature to basic software, leaving it to the cybersecurity market to do so. This has led to explosive growth in a new category of companies.

Microsoft Defender for Office 365 finds and stops thousands of user compromise actions each month in addition to nearly 40 million emails with Business Email Compromise, or BEC, and 100 million emails with harmful credential phishing links.

Some cybersecurity enterprises with a focus on the small business sector have launched in the last three to five years, such as Huntress and SolCyber. Even the slightest flaws in one organization, in a highly networked society, can spread to another. An NPR investigation into the significant Microsoft Exchange data breach came to the conclusion that Chinese hackers were targeting American businesses in an effort to collect consumer data on Americans for an unidentified reason.

The American government has so far adopted a conservative stance; a representative for the U.S. Cybersecurity Infrastructure Agency claimed that the agency does not regulate software for small businesses.


Read more »
User Privacy
Cyber Crime Information Security Ransomware Attacks. Unauthorized US Government User Privacy

Indianapolis Housing Authority Hit by Ransomware

According to a senior agency official, a ransomware attack on the federal organization in Indianapolis which manages low-income housing has caused a delay in the distribution of rent payments to landlords.

During the attack, which started weeks ago, every employee of the Indianapolis Housing Agency blocked access to their email. That concerned its executive director, Marcia Lewis, who was unable to access her email for days before being able to do so again on Tuesday, according to a message she wrote to The Indianapolis Star.

The inability to send October rent payments to landlords under the federal housing choice voucher program, generally known as Section 8, on which 8,000 Indianapolis families rely, was caused by the ransomware attack on the Indianapolis Housing Agency. The organization oversees the administration of the Section 8 program in Indianapolis, which offers rental help to very low-income families, the elderly, and people with disabilities for housing on the private market.

Marcia Lewis stated that the attack was still continuing as of Wednesday and that an investigation by data security professionals, police enforcement, and the agency's IT service providers is in progress. The housing authority has not disclosed information regarding the purpose or identity of those responsible for the ransomware attack, which utilizes software to encrypt files within a victim organization in order to demand payment.

With the help of Section 8 or through residing in one of the organization's public housing complexes, almost 25,000 people rely on the Indianapolis Housing Agency for a variety of housing services.

Lewis claimed that as of Monday, the organization had successfully paid every Section 8 landlord's rent for the month of October. The company had to manually send out client power allowance checks and important vendor payments during the previous week since the IT system was unavailable.

The Indianapolis Star has previously written about the abuse that residents of Indianapolis Housing Agency buildings have experienced. Some of the issues residents have encountered include bed insect infestations, air conditioner outages on some of this summer's hottest days, or a lack of hot water at the beginning of October.

Landlords are prohibited from evicting residents for nonpayment by the agency under Section 8 laws set forth by the U.S. Department of Housing and Urban Development, including in the present instance.

Read more »
US Government
CISA Cyber Insurance Program Cyber Security GAO Insurance Firms US Government

US Government Contemplates on Launching Cyber Insurance Program to Help Private Insurance Firms

 

As cyberattacks continue to surge at a rapid pace, the US government is mulling over the creation of counterproductive incentives to help private insurance firms cover some of the costs related to catastrophic cyber incidents under the federal cyber insurance program. 

Last month, the Treasury Department and Cybersecurity and Infrastructure Security Agency (CISA) asked the representatives of multiple organizations to contemplate the requirement of a cyber insurance program and, if so, how such a program should be enforced across the country. 

Earlier this year in June, the Government Accountability Office (GAO) published a report advising Federal Insurance Office (FIO) and CISA to conduct a joint assessment to examine the federal government’s role in cyber insurance. 

The move comes after multiple private insurers were spooked by the possibility of having to cover such large losses and backed out of the market by excluding some of the most high-level cyberattacks from being covered by insurance policies. Currently, the U.S. government does not have a federally backed cyber insurance program to deal with destructive cyberattacks. 

“I think what you’re seeing is the government sort of thinking about this from their side … if they should be doing more to help companies that are hit and, if so, how should they define what the thresholds are. They’re clearly evaluating that and trying to think carefully about it right now,” stated Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School. 

The rapid surge in cyber incidents 

Cyber attacks, specifically ransomware, have disrupted critical services and businesses globally, including schools, government offices, hospitals, emergency services, transportation, energy, and food firms. Reported ransomware payments in the United States reached over $590 million in 2021, compared to a total of $416 million in 2020. Just this summer, ransomware attacks rose 47 percent from June to July, according to a report published by cybersecurity firm NCC Group. 

According to the most recent IBM Cost of a Data Breach report, each public sector incident costs $2.07 million on average. 

The cyberattack on the Colonial Pipeline that took a 5,500-mile-long fuel transporting operation offline had a spillover effect on the wider economy. The pipeline operator paid a ransom of $4.4 million to the hackers — despite advice from law enforcement agencies that ransom demands should always be rejected. 

According to the FBI and many other agencies, paying ransoms encourages attackers to launch further cyber attacks. Some suggestions for organizations from the FBI include: 

• Keep all operating systems and software up to date 
• Enforce a user training program and phishing exercises 
• Employ strong, unique passwords for all accounts with password logins 
• Enable multi-factor authentication (MFA) for as many services as possible 
• Maintain offline (i.e., physically separate) backups of data, and examine backup and restoration frequently 
• Ensure all backup data is encrypted and immutable
Read more »
User Privacy
Data Leak Mobile Security Social Media US Government User Privacy

Twitter to Pay $150M Penalty for Selling Customers' Data

 

Twitter has agreed to pay $150 million to settle a federal privacy suit filed by the US government last week over privacy data violation. 

Between May 2013 and September 2019, Twitter asked users for private details to secure their accounts, but then used that information to target users with ads, the Federal Trade Commission (FTC) and Department of Justice, stated. 

"Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," said FTC Chair Lina Khan in a statement. "This practice affected more than 140 million Twitter users while boosting Twitter's primary source of revenue." 

This is not the first incident where Twitter violated the FTC Act, under which the agency is “empowered to prevent unfair or deceptive acts or practices in or affecting commerce.” In 2011, Twitter settled with the FTC, which had accused Twitter of serious loopholes in its data security that allowed attackers to secure unauthorized administrative control of the platform. 

The consent order between the Federal Trade Commission (FTC) and Twitter prevented the company from misrepresenting how it used individuals’ email addresses and phone numbers. 

The fine announced on Wednesday last week has been a couple years in the making. In August 2022, Twitter warned investors regarding an FTC probe and potentially a penalty of more than a hundred million dollars for both violating the FTC Act again and its 2011 settlement. 

“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint, which was filed by the DOJ on behalf of the FTC, said. 

The social media giant said it will comply with the court’s decision, pay the fine and launch robust privacy and information security program, which will include independent security audits every two years until 2042. 

Further, Twitter will be required to notify all US users who joined its platform before September 17 2019 regarding the settlement and offer them options for guarding their privacy and security in the future.
Read more »
US Government
Advertisement Botnet C&C Fraud malware Swiss US Government

 US Reclaimed $15 Million From an Ad Fraud Operation

 

The US government has recovered more than $15 million in earnings from the 3ve digital advertising fraud enterprise, which cost firms more than $29 million in unviewed ads. 

Sergey Ovsyannikov, Yevgeniy Timchenko, and Aleksandr Isaev, according to the Justice Department, accessed more than 1.7 million infected computers between December 2015 and October 2018, using tens of command and control (C&C) servers as the Kovter botnet, a click-fraud malware would quietly run in the background while connecting to sites to consume advertisements. 

A forfeiture order, according to the Justice Department, resulted in the transfer of $15,111,453.84 from Swiss bank accounts to the US government. The technique resulted in the falsification of billions of ad views and the spoofing of over 86,000 domains. According to the US Department of Justice, groups paid over $29 million for advertising never seen by real people. 

Ovsyannikov and Timchenko were arrested in 2018, pleaded guilty, and sentenced to jail terms in the United States. For this role in 3ve (pronounced "Eve"), Isaev and five others are accused of money laundering, wire fraud, computer intrusion, and identity theft, yet they stay free. 

The US also charged Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, and Dmitry Novikov, five Russian citizens, with running the Methbot ad fraud scheme, which is thought to have netted the fraudsters more than $7 million in illegal gains. 

"This forfeiture is the greatest international cybercrime recovery in the Eastern District of New York's history," said United States Attorney Peace in a press statement.
Read more »
US Government
Cyber Attacks Peru Ransomware attack security threat US Government

Multiple Organizations Targeted by Conti Ransomware Worldwide

 

The Conti ransomware gang is wreaking havoc with its assaults around the globe. The latest victim is the Peru MOF – Dirección General de Inteligencia (DIGIMIN), the premier intelligence agency in Peru. 

The ransomware group claimed to have stolen 9.41 GB of data from the agency responsible for national, military, and police intelligence, as well as counterintelligence. Targeting intelligence agency could lead to the disclosure of secret and confidential documents and pose a threat to national security. 

Last week, the US Department of State offered a reward of up to $15 million for information on the threat actor. The reward includes $10 million for the identification or the location of the leaders of the Conti ransomware gang. 

Additionally, $5 million is offered for information that results in the arrest /or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident. The reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

"The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years," the statement read. "The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti ransomware variant the costliest strain of ransomware ever documented." 

Costa Rica President Rodrigo Chaves declared a national cybersecurity emergency over the weekend, following a financially motivated Conti ransomware attack against his administration that has paralyzed the government and economy of the Latin American nation. Shortly after the incident occurred in April, the former President Carlos Alvarado publicly declined to pay a $10 million ransom demand. In turn, Conti has published nearly all of the 672 GB of data stolen from the government. 

After targeting the Costa Rican government, the ransomware group posted a message on their news site that the assault was merely a “demo version.” The group also said the attack was solely motivated by financial gain as well as expressed general political disgust, another signal of more government-directed attacks. 

The assaults by the Conti ransomware group are really concerning and even forced a nation to declare a national emergency. Thus, security experts recommended organizations invest in robust preventive strategies, including anti-ransomware solutions, frequent backups of data, network firewalls, and email gateways.
Read more »
US Government
Cyber Security FSB FSB Hackers Hacking Group Lurk Russia US US Government

The Examination of the Seized Equipment of the Lurk Group did not Reveal the Fact of an Attack on the US Government

 

A law enforcement source said that the examination of the equipment seized from the members of the Lurk hacker group did not reveal traces of attacks on the servers of the American government. During the court session, hacker Konstantin Kozlovsky, who is being held as one of the defendants in the case of the Lurk hacker group, declared his involvement in hacking the servers of the Democratic Party of the USA, as well as in hacking Hillary Clinton's mail. 

However, the examination showed that this is not the case. "The examination was carried out by the security forces together with the leading companies in the field of information security in Russia, all seized equipment, media, communications were checked. No evidence of attacks on the U.S. government was found. Also, the group members did not discuss it in the seized correspondence," the source said. 

He added that the investigation did not establish a connection between Kozlovsky and any FSB officers. "If you follow his statements, they always follow the high-profile hacking topics in the media, to which he is trying to link his criminal case: first it was Russian interference in the US elections, then, when information about the arrest of employees of the FSB Information Security Center appeared in the media, he also mentioned it. 

Even in the list of those involved in the attack on American information resources, published by the US Department of Justice, there is neither Kozlovsky himself nor other members of the Lurk group," the source explained. 

The detention of a group of Lurk hackers became known on June 1, 2016. There are 22 people in the dock. According to investigators, the participants of the hacker group stole 1 billion 264 million rubles (16.7 million dollars) from commercial companies and banks. 

They also hacked the network of Yekaterinburg Koltsovo airport and copied information from servers. It should be noted that Kozlovsky is not the first to try on the role of a hacker of the servers of the Democratic Party. Previously, a hacker with the nickname Guccifer 2.0 took responsibility for hacking. The user called himself a Romanian hacker, but spoke Romanian with machine translation errors.
Read more »
Subscribe to: Posts (Atom)