Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label United States. Show all posts
United States
American Medical Association Cyber Attacks Health Care Firm Threat Landscape United States

Cyberattack is Wreaking Havoc on US HealthCare Providers.

 

Following a cyberattack on the largest health insurer in the United States last month, health care providers are still scrambling as insurance payments and prescription orders continue to be disrupted, costing physicians an estimated $100 million each day. 

According to the American Medical Association, that estimate was generated by First Health Advisory, a cybersecurity company that focuses on the healthcare sector.

"This massive breach and its wide-ranging repercussions have hit physician practices across the country, risking patients' access to their doctors and straining the viability of medical practices themselves," AMA President Dr. Jesse Ehrenfeld stated in a news release. 

"Against the backdrop of persistent Medicare cuts, rising practice costs and spiraling regulatory burdens, this unparalleled cyberattack and disruption threatens the viability of many practices, particularly small practices and those in rural and underserved areas," he added. "This is an immense crisis demanding immediate attention.” 

How did the crisis start? 

First discovered on February 21, the security breach occurred at Change Healthcare, a division of Optum Inc., which is owned by UnitedHealth Group. 

UnitedHealth Group informed government officials that it had been compelled to cut off portions of Change Healthcare's extensive digital network from its clients in a report that was submitted to the U.S. Securities and Exchange Commission on that same day. Not every one of those services has been able to be restored yet.

Change Healthcare stated that it is aiming to restore the provider payment systems by the middle of March in its most recent report regarding the attack. 

"UnitedHealth Group continues to make substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare claims and payment infrastructure," the company noted in a statement.

The federal government intervened to provide assistance two weeks following the attack. The U.S. Department of Health and Human Services unveiled a number of support initiatives for impacted healthcare providers on March 5. 

"The government is trying to create some support for health care systems -- not directly supporting patients, but the systems," Dr. Céline Gounder, an editor-at-large for public health at KFF Health News and a CBS News medical contributor, stated. "This is because without revenue coming in through the billing process, you don't have money to make payroll to be able to pay your doctors and your nurses and your janitors and all the staff that you need to run a health care system.”

Unfortunately, this incident will probably not be the last. According to federal officials, big healthcare data breaches have nearly doubled between 2018 and 2022. 
Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
United States
Cyber Attacks Data Privacy Healthcare Breach Ransomware Gang United States

BlackCat Ransomware Linked to UnitedHealth Subsidiary Optum Hack

 

A cyberattack against Optum, a UnitedHealth Group company, was linked to the BlackCat ransomware gang and resulted in an ongoing outage that impacted the Change Healthcare payment exchange platform. 

Customers were notified by Change Healthcare earlier this week that due to a cybersecurity incident, some of its services are unavailable. The cyberattack was orchestrated by alleged "nation-state" hackers who gained access to Change Healthcare's IT systems, according to a statement made by UnitedHealth Group in an SEC 8-K filing a day later. 

Since then, Optum has been posting daily incident updates on a dedicated status page, alerting users to the fact that most services are temporarily unavailable due to Change Healthcare's systems being offline to contain the breach and prevent future damage. 

"We have a high level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," Optum stated. "We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online.” 

Links to BlackCat 

Change Healthcare has been holding Zoom calls with partners in the healthcare sector to share information regarding the cyberattack since it affected its systems

One of the individuals involved in these calls informed a local media source that forensic experts participating in the incident response had linked the attack to the BlackCat (ALPHV) ransomware gang (Reuters first reported the Blackcat link on Monday).

Last week, another source informed BleepingComputer that one indicator of attack is a critical ScreenConnect auth bypass vulnerability (CVE-2024-1709), which is being actively used in ransomware attacks against unpatched servers. 

Tyler Mason, vice president of UnitedHealth Group, stated that 90% of the impacted pharmacies had put new electronic claim procedures in place to deal with Change Healthcare issues, but he did not confirm if BlackCat was the root of the attack. 

"We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds," Mason stated. "Both Optum Rx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions. Those patients have been immediately escalated and we have no reports of continuity of care issues.” 

8,000 hospitals and other care facilities, as well as more than 1.6 million doctors and other healthcare professionals, are under contract with United Health Group (UHG), a health insurance provider with operations in all 50 states of the United States. With 440,000 employees globally, UHG is the largest healthcare corporation in the world by sales ($324.2 billion in 2022).
Read more »
United States
bankruptcy Crypto Firm digital currency Technology United States

Crypto Firm Terraform Labs Files for Chapter 11 Bankruptcy in US

 

Following the 2022 collapse of its cryptocurrencies, Singapore-based Terraform Labs (TFL), the firm behind digital assets TerraUSD (UST) and Luna, filed for Chapter 11 bankruptcy in Delaware. 

The Chapter 11 bankruptcy protection petition was confirmed by Terraform Labs, which noted it as a strategic move that will allow it to sustain its operations and support litigation ongoing in Singapore and U.S. litigation involving the Securities and Exchange Commission. The group stated it wouldn't need more funding in order to "meet all financial obligations to employees and vendors during the Chapter 11 case.”

In a court filing earlier this week, Terraform Labs' estimated assets and liabilities are between $100 million and $500 million, with between 100 and 199 creditors. 

Terraform Labs stated that it intends to keep growing its web3 business. The startup launched Station v3, a cryptocurrency wallet, earlier this month and just acquired Pulsar Finance, a cross-chain portfolio manager and data vendor. 

“The Terra community and ecosystem have shown unprecedented resilience in the face of adversity, and this action is necessary to allow us to continue working toward our collective goals while resolving the legal challenges that remain outstanding,” stated Chris Amani, CEO of Terraform Labs.

Founded in 2018, Terraform Labs collapsed the cryptocurrency market in May 2022, wiping out at least $40 billion in market value. The announcement of bankruptcy was made four days after the U.S. SEC decided to move the civil trial against Do Kwon, a co-founder of Terraform Labs, and the company for an alleged $40 billion cryptocurrency scam from January 29 to March 25. 

Kwon is being held in detention in Montenegro for leaving the nation in March using forged travel documents. The co-founder of Terraform Labs could be extradited to the United States or South Korea in March following the extradition decision, which is entirely up to the justice minister of Montenegro. 

Last year in February, the U.S. SEC charged Kwon and Terraform Labs with scamming the U.S. investors who purchased the digital assets Terra USD and Luna. As per the court petition, Kwon holds a 92% ownership in Terraform Labs, while Daniel Shin, another co-founder of the company, holds an 8% investment in TFL.
Read more »
User Privacy
Apple Devices Apple Watch Cyber Security iOS Smart Watch Tech Industry United States User Privacy

Apple Watch Series 9: Pulse Oximetry Ban Saga

The IT community is in uproar as the Apple Watch Series 9 Ultra 2 has been taken off of shops and online marketplaces in an unexpected development. The debate peaked when an American judge temporarily banned Apple Watch sales due to worries over the device's pulse oximetry capability. Let's examine the major incidents that transpired and comprehend the ramifications.

The controversy erupted when the Apple Watch Series 9 Ultra 2 faced a sudden halt in online sales and in-store availability. The move left consumers puzzled, prompting a search for answers. It was revealed that the pulse oximetry feature, designed to measure blood oxygen levels, was at the storm's center. The ban was initially instated due to concerns about the accuracy of this health monitoring function.

Pulse oximetry plays a crucial role in monitoring respiratory health, especially during a time when health-conscious consumers are increasingly relying on wearables for real-time data. The ban raised questions about the efficacy and reliability of this feature in the Apple Watch Series 9 Ultra 2, leaving both users and tech enthusiasts eager for clarity.

However, the controversy took an unexpected turn when an appeals court decided to put the sales ban on hold, providing temporary relief for Apple. This decision indicated a willingness to revisit the case and evaluate whether the concerns about pulse oximetry were well-founded. The court's intervention highlighted the complexity of regulating health-related features in consumer electronics and the importance of thorough scrutiny before imposing sales restrictions.

Tech specialists and analysts offered their opinions on the matter as the court case developed. The Verge published an article expressing concerns about the possible effects on Apple's sales and reputation. According to reports, the appeals court decided to postpone the prohibition, highlighting the importance of the case for Apple and the wearable technology sector.

The Apple Watch Series 9 Ultra 2 dispute highlights how wearable technology is developing and how difficult it is to incorporate cutting-edge health capabilities. Even though Apple has received a temporary reprieve, talks about how technology, health, and regulatory control intersect continue to center around this case.

The debate surrounding the Apple Watch Series 9 Ultra 2 serves as a timely reminder of the precarious balance that exists in the digital industry between innovation and regulation. Users and industry watchers are waiting for a decision to guarantee the dependability and security of wearable health monitoring features while the legal proceedings are ongoing.

Read more »
United States
cyber espionage Cyber Security Data Privacy Surveillance Bill United States

New Surveillance Reform Bill Raises Concerns Regarding Americans Data Privacy

 

Spies might be made out of regular employees at US companies if the recently proposed and approved legislation by the House Intelligence Committee greatly expands the federal government's surveillance powers, experts warn. 

The legislation, called H.R. 6611 or the "HPSCI bill," is said to be aimed at updating Section 702 of the FISA Amendments Act of 2008. Section 702 was enacted to empower the National Security Agency (NSA) to intercept data related to suspected terrorists abroad. Such surveillance, however, has resulted in the widespread acquisition of domestic data as well. Without a warrant, agencies such as the FBI used data gathered under 702 to target Americans. Rep. Mike Turner (R-Ohio) and Rep. Jim Himes (D-Conn.) introduced the bill, which was approved by committee on December 7. 

Elizabeth Goitein, co-director of the non-profit Brennan Centre for Justice's Liberty and National Security Programme, was among many who raised concerns about the so-called reform after a section representing "the biggest expansion of surveillance inside the United States since the Patriot Act" was discovered. 

“Through a seemingly innocuous change to the definition of ‘electronic service communications provider,’ the bill vastly expands the universe of U.S. businesses that can be conscripted to aid the government in conducting surveillance,” Goitein stated. 

Currently, Section 702 allows the government to compel businesses with direct access to communications—like emails, phone calls, or texts—to share data. However, Goitein notes that under Section 504 of the HPSCI bill, any organisation having access to devices that store or transfer communications would likewise have to abide by requests for surveillance. 

“Hotels, libraries, coffee shops, and other places that offer wifi to their customers could be forced to serve as surrogate spies,” Goitein continued. “They could be required to configure their systems to ensure that they can provide the government access to entire streams of communications.” 

Goitein went on to say that even a repairman trying to fix your home internet router might be forced into spying on you. 

The bill's advocates have vehemently denied that Section 504 would be enforced so loosely. Senator Mike Lee (R-Utah), however, even criticised the bill on his meme account. “If this bill were to pass, and you went to McDonald’s and used the McDonald’s wifi service, the NSA could go to McDonald’s and obtain that wifi data—without a warrant,” Lee wrote. 

Goitein claims that despite the sponsors of the bill's assurances, the government's past performance shows that it cannot be trusted with such authority.
Read more »
United States
Cyber Security Municipalities Ransomware Threat Landscape United States

As Ransomware Spreads, Municipalities Fight a Never-Ending Battle

 

A new wave of ransomware attacks is hitting American and international municipalities; even major towns like Dallas are falling victim to gang activity. The ongoing wave of assaults emphasises how desperately a historically unprepared sector has to deploy effective cybersecurity defences and solutions.

One of the best examples of the trend was when, on November 7, the Play ransomware group threatened to disclose additional details if they did not receive the money they wanted to post information they said they had taken from Dallas County in an alleged ransomware attack. The county gave a cybersecurity update that same day, mentioning an ongoing investigation and cooperation with law enforcement. 

"Dallas County is aware of an unauthorized party posting data claimed to be taken from our systems in connection with our recent cybersecurity incident," the update reads. "We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact.”

Surge in ransomware attacks 

Unfortunately, this was not a one-time occurrence. The potential compromise comes just months after the city of Dallas was struck by a different cyberattack that impacted municipal services such as 311 calls, libraries, animal shelters, safety departments, and online payment systems. This was not the first time the attacker, the Royal ransomware organisation, had hit the city. 

Another example of the conflict between ransomware groups and governments occurred on September 29 when Rock County, Wisconsin, witnessed a cyberattack against its Public Health Department, crippling its computer systems. The Cuba ransomware gang claimed responsibility for the attack and stated that the stolen data comprised financial papers and tax information. 

The trend isn't restricted to the United States: On October 30, 70 towns in Germany were struck by a ransomware outbreak after a service provider was forced to block access to prevent malware propagation. Prior to that, schools in Hungary and Slovakia were targeted by ESXiArgs ransomware. The Florida Supreme Court, Georgia Institute of Technology, and Rice University have all been targeted. 

"There is an uptick in ransomware attacks across almost all industries and organization types in the past 12 months," says Erich Kron, security awareness advocate at KnowBe4, "with record-breaking amounts of ransomware attacks, financial impact from ransomware, and a variety of ransomware-enabling tools and ransomware-as-a-service (RaaS) providers on the market." 

According to a Sophos study on ransomware attacks, "the rate of ransomware attacks in state and local government has increased from 58% to 69% year on year, contrary to the global cross-sector trend, which has remained constant at 66% in our 2023 and 2022 surveys." However, since the potential of ransomware attacks on municipalities remains significant, security safeguards for these targets remain limited.
Read more »
United States
Cyber Security Nation-State Attack North Korea Hackers Threat Landscape U.S. Treasury United States

U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers

 

"The Office of Foreign Assets Control (OFAC) of the US Department of Treasury recently announced that it has sanctioned the cyberespionage group Kimsuky, also known as APT43, for gathering intelligence on behalf of the Democratic People's Republic of Korea (DPRK). 

Sanctions imposed by the United States are technically in response for a North Korean military reconnaissance satellite launch on Nov. 21, but they are also intended to deprive the DPRK of revenue, materials, and intelligence needed to sustain its weapons of mass destruction development programme, according to the Treasury's sanctions announcement. 

The Lazarus Group and its subsidiaries Andariel and BlueNoroff were subject to similar sanctions by the OFAC in September 2019—more than four years ago. Kimsuky is the target of these sanctions as it gathers intelligence to support the regime's strategic goals. 

Kimsuky is a well-known cyber espionage group that primarily targets governments, nuclear organisations, and foreign relations entities in order to gather intelligence that serves North Korea's interests. It is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly known as Thallium), Nickel Kimball, and Velvet Chollima.

"The group combines moderately sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organisations, academics, and think tanks focused on Korean peninsula geopolitical issues," Mandiant, which is owned by Google, stated in October 2023. 

Similar to the Lazarus Group, it is a part of the Reconnaissance General Bureau (RGB), which is in charge of intelligence gathering operations and is North Korea's main foreign intelligence service. At least since 2012, it has been known to be active. 

"Kimsuky employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets," the Treasury stated.

The agency also named Choe Song Chol and Im Song Sun for managing front companies that made money by exporting skilled workers; Kang Kyong Il, Ri Sung Il, and Kang Phyong Guk for serving as weapons sales representatives; and So Myong, Choe Un Hyok, and Jang Myong Chol for participating in illegal financial transfers to acquire materials for North Korea's missile programmes.
Read more »
United States
Cloud Service Firm Credit Union Cyber Attacks IT Provider United States

Dozens of Credit Unions Experiencing Disruptions Due to Ransomware Attack on Popular Tech Provider

 

Owing to a ransomware attack on a popular technology provider, about 60 credit unions are experiencing disruptions. 

A spokesperson for the National Credit Union Administration (NCUA), Joseph Adamoli, stated that the ransomware attack was directed towards Ongoing Operations, a cloud services provider that is owned by Trellance, a credit union technology company. 

Adamoli stated that incident reports were sent to the NCUA, the federal agency in charge of regulating credit unions, by multiple credit unions claiming that Ongoing Operations had sent a message stating that the company had been infected with ransomware on November 26. 

“Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event. We also notified federal law enforcement,” Ongoing Operations told impacted credit unions. 

“At this time, our investigation is currently ongoing, and we will continue to provide updates as necessary. Please know that at this time, we have no evidence of any misuse of information, and we are providing notice in an abundance of caution to ensure awareness of this event.” 

Adamoli revealed that nearly sixty credit unions are currently facing some level of outage as a result of a ransomware assault at a third-party service provider. 

"The NCUA is coordinating with affected credit unions." "Member deposits at affected federally insured credit unions are insured up to $250,000 by the National Credit Union Share Insurance Fund," he explained.

He went on to say that they had informed the US Department of Treasury, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency about the incident. Trellance did not respond to requests for comment. 

The attack is having a larger impact on other credit union technology providers, including FedComp, a company that provides data processing solutions to credit unions. 

FedComp did not respond to requests for comment, but according to a notice on its website, "the FedComp Data Centre is experiencing technical difficulties and is experiencing a nationwide outage.” 

Rise in attacks 

In August, the NCUA issued a warning, citing a rise in cyberattacks targeting credit unions, credit union service organisations (CUSO), and other outside suppliers of financial services goods. 

The cyberattack on the MOVEit file transfer software earlier this year impacted several credit unions, and over the last three years, dozens of organisations have reported data breaches to Maine regulators.

Jefferson Credit Union was added to the list of victims by the ransomware group RansomHouse in 2022, and Envision Credit Union disclosed a cyberattack involving the LockBit ransomware group last year. 

In 2020, there was also an incident at Ardent Credit Union. New regulations that mandate a federally insured credit union to report a cyberattack to the NCUA within 72 hours were approved by the NCUA in February. On September 1, the regulation went into force.
Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
United States
Auto Safety General Motors NHTSA Self Driving Car Technology United States

US Authority Investigates Pedestrian Threats at GM's Self-Driving Unit Cruise

 

U.S. auto safety regulators have launched an investigation into whether Cruise, a self-driving car from General Motors (GM.N), is using its autonomous robotaxis to protect pedestrians enough. 

The National Highway Traffic Safety Administration (NHTSA) stated that it has received two reports from Cruise regarding incidents involving injuries to pedestrians and has found two additional incidents via online footage.

The NHTSA stated that reports indicate that Cruise cars are "encroaching on pedestrians present in or entering roadways, including pedestrian crosswalks, in the proximity of the intended travel path of the vehicles," and that the issue "could increase the risk of a collision with a pedestrian, which may result in severe injury or death." 

A pedestrian was hit by a hit-and-run motorist on October 2 in San Francisco. After being flung into an adjacent lane, the pedestrian was struck again by a Cruise robotaxi, which was unable to stop in time and temporarily detained the pedestrian. 

The preliminary inquiry, which includes approximately 594 Cruise vehicles, is the first step before the agency may seek to order a recall. 

GM spends roughly $2 billion every year on Cruise, but the company says it represents a "giant growth opportunity." GM CEO Mary Barra reaffirmed in June that Cruise could produce $50 billion in annual sales by 2030. 

According to a representative for Cruise, the firm "has consistently cooperated with each of NHTSA's requests for information" and is in constant communication with the agency. 

The NHTSA launched a separate safety investigation of the Cruise cars' autonomous driving technology in December of last year in response to allegations of two injuries sustained in rear-end collisions. According to NHTSA, cruise cars "may engage in inappropriately hard braking or become immobilised." 

The California Department of Motor Vehicles (DMV) announced in August that it was looking into Cruise-related accidents in San Francisco following a collision involving a Cruise robotaxi and an emergency vehicle. Cruise obliged the DMV's order to remove half of the company's robotaxis from service. 

Cruise filed a petition in February 2022 asking for authorization to use up to 2,500 autonomous cars per year that are devoid of human controls like steering wheels. After announcing in July that it will make a decision "in the coming weeks," NHTSA stated on Tuesday that the petition is still being reviewed.

Despite significant backlash from local authorities and people, the California Public Utilities Commission voted in August to approve robotaxis from Cruise and Alphabet's (GOOGL.O) Waymo to drive around the clock.
Read more »
United States
Cyber Security Cybersecurity Policy Data Safety Law Enforcement Threat Intelligence United States

Here's Why The New U.S. National Cybersecurity Policy Need Some Minor Tweaks

 

The majority of Americans who stay up to date on cybersecurity news are aware that the Biden-Harris Administration announced its new "National Cybersecurity Strategy" early this year.

Immediately after taking office, this administration had to cope with the consequences of the major SolarWinds data breach and a widespread panic on the eastern seaboard spurred on by the Colonial Pipeline ransomware attack. 

The administration quickly issued executive orders focusing on cybersecurity and pushed for laws that would improve the national infrastructure of the United States for the government, businesses, and citizens in response to this "trial by fire." 

Although widely acclaimed by the cybersecurity world, the strategy is quite comprehensive and ambitious. Numerous experts feel that the document needs to improve on several of its points. 

The first critical point specified in the strategy's announcement was: "We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organisations that are most capable and best-positioned to reduce risks for all of us." 

That appears to be an excellent premise, and experts concur to some extent. Infrastructure companies in the United States (think of your internet service provider as well as the Amazons and Metas of the world) should be more aggressive in recognising and protecting their clients and users from threats. They might certainly be more prominent in this fight, rather than simply stating that they will provide their end consumers with retroactive tools to combat the onslaught of cyberattacks. 

The worry here is the perception that this will create for individuals and small enterprises. Herd immunity also applies to cybersecurity. We are all connected thanks to email, messaging, social media, and other technologies. The huge infrastructure providers can only do so much, and phishing will remain a serious issue even if ISPs turn their detection up to 11. 

Experts are concerned that a large number of people and small businesses would assume everything is taken care of for them and, as a result, will not invest in cyber awareness training, threat detection systems, and other measures. If the Biden administration does not clarify this, it could leave US citizens less secure.

The strategy's second point is as follows: "Disrupt and Dismantle Threat Actors - Using all instruments of national power, we will make malicious cyber actors incapable of threatening the national security or public safety of the United States…" 

This is just another fantastic point. Whoever the "malicious cyber actors" are, it is critical to confront and combat malicious software that infects and impairs the operations of an organisation or government. Ransomware, banking trojans, and other malicious software are practically uncontrollable and rampant. 

The difficulty here is the overarching concept of what a "threat actor" and a "threat" are in the eyes of this executive order. For years, foreign intelligence agencies have used social media platforms in the United States to spread disinformation, dividing society and eroding confidence. While there is no doubt that obviously false data should ideally be removed from the public forums that are the major social media platforms, the worry here is that a large number of individuals already feel they are reading the truth when they are reading disinformation. 

Under the cover of "public safety," some may perceive this executive order as an attempt to suppress any information that does not agree with the President's (or government's) existing point of view. There has yet to be a perfect approach for identifying and removing only misinformation. Inevitably, factual information will become entangled in the removal process, reinforcing those who believe disinformation that there is a conspiracy at work when there isn't.

The administration's best chance is to clarify the term and define specifically what "public safety" means in this case. Any executive order must have teeth in order to be effective. Failure to comply must result in financial penalties, the loss of the right to conduct business, and possibly even jail time. So the question is, which agency is most prepared to be the order's enforcer? 

The Cybersecurity Infrastructure Security Agency appears to be the greatest fit. It appears to be a no-brainer when staffed with true cybersecurity professionals and executives. However, this is one of the worst choices for enforcement.

CISA's objective is to be a partner to all critical infrastructure sectors. The agency provides helpful support, education, and a variety of other services, ultimately making it a trusted partner for the entire country. Requiring CISA to implement cybersecurity rules goes against its basic objective. If that were to happen, firms would perceive CISA as a threat rather than a beneficial resource.
Read more »
United States
Airline Carrier Flaw Technical Glitch Technology Threat Landscape United States

United Airlines Claims to Have Patched the Technical Glitch That Briefly Held Up Its Flights

 

United Airlines said Tuesday that it has fixed a technical fault that had led it to suspend worldwide departures, briefly crippling one of America's largest carriers on a busy travel day. 

According to federal authorities, United crews were unable to contact airline dispatchers through conventional channels.

"United asked the FAA to pause the airline's departures nationwide," the Federal Aviation Administration (FAA) announced on X,the social media platform formerly known as Twitter.

The FAA stated that the issue was limited to United and its subsidiaries. The FAA released a bulletin about United's ground halt shortly before 2 p.m. Eastern time, and flights resumed shortly after.

“We have identified a fix for the technology issue and flights have resumed,” United clarified in a statement. “We’re working with impacted customers to help them reach their destinations as soon as possible.” 

The airline had previously stated that it was "experiencing a systemwide technology issue" that was causing all departing planes to be delayed. Flights that were already in the air at the time of the technical failure continued to their destinations. 

According to data from tracking firm FlightAware, by mid-afternoon Tuesday on the East Coast, United had only cancelled seven flights, a far cry from its average of approximately 16 per day over the busy Labour Day weekend. On a day when many Christmas travellers were scheduled to go home, more than 300 United flights — or 12% of the airline's schedule, significantly more than rivals American, Delta, and Southwest — were delayed.

In a statement, Transportation Secretary Pete Buttigieg said that the FAA was "receiving more information about the cause and scope of the issue, and DOT will make sure UA meets its obligations to affected passengers." Buttigieg has criticised airlines for flight delays and other problems over the past year. 

The FAA is part of the Department of Transportation. United Airlines Holdings Inc. shares plummeted nearly 3% in afternoon trading on news of the ground stop.

A malfunction in National Air Traffic Services’ (NATS) air traffic control system disrupted a lot of European flights in 2014, while a radar display glitch resulted in multiple flight cancellations in 2019. 

The mayhem that erupted in airports was reminiscent of last summer, when travellers were left detained in British airports for hours at a time. It was the first summer following the COVID-19 lockdowns, and rising demand was met with a manpower shortage, causing many airports around Europe to fail. 

According to the New York Times, the number of flights exiting the United Kingdom over the holiday weekend this year is expected to be 10% more than the same time last year—that's 83% higher than in 2021.
Read more »
User Privacy
Chinese Apps Data Safety Mobile Security Online App United States User Privacy

China's Temu App Pose a Security Threat to Online Shoppers

 

Apps rule the contemporary era. Each aspect of our lives, from communication to e-commerce, appears to be dependent on digital platforms that promise convenience at the push of a button.

A newbie among these apps has recently attracted a lot of attention. Temu, a Chinese-affiliated discount shopping site, has experienced tremendous growth in the United States. 

However, this level of popularity has generated a lot of scrutiny and worries regarding the platform's potential data security vulnerabilities. This blog post will look at the Temu data risks, the Temu app's potential concerns, and if it is safe to shop on Temu. 

What exactly is Temu? 

Temu (pronounced "tee-moo") is an e-commerce platform operated by PDD Holdings, a Nasdaq-listed Chinese business that also owns Pinduoduo, a shopping app that sells anything from groceries to clothing. PDD is headquartered in Shanghai, whereas Temu has its base in Boston. Temu, dubbed a clone of the fast-fashion label Shein, has had a staggering rise in the US market, overtaking heavyweights such as Instagram, WhatsApp, Snapchat, and Shein on the Apple App Store only 17 days after its launch. 

Temu has been downloaded by nearly 80 million Americans since its inception in September 2022, according to Apptopia data. You may recall seeing their expensive Super Bowl advertising promising users the ability to "shop like a billionaire." It's also worth mentioning that Temu's global reach extends beyond the United States; the company started in the United Kingdom in March, just weeks after entering Australia and New Zealand. While its popularity cannot be ignored, critical issues remain: is Temu safe, and is it safe to shop on Temu? 

Data threats and controversies 

Temu's meteoric rise has not been without controversy. The United States has accused Temu of posing potential data dangers, especially after its sister app Pinduoduo was removed from Google's app store due to the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems.

According to company insiders, the exploits were utilized to spy on consumers and competitors in order to boost sales. Pinduoduo requested up to 83 permissions, including biometric, Bluetooth, and Wi-Fi network information access. 

Temu's data requests are not as intrusive as Pinduoduo, but the fact that Temu wants 24 permissions, including access to Bluetooth and Wi-Fi network information, is cause for alarm. 

These permissions may appear innocuous at first glance, but cybersecurity experts warn that an e-commerce app does not need to keep biometric data, and any request to do so should be viewed with suspicion. Biometric data, unlike passwords, cannot be updated, making them an attractive target for criminals. 

Users should also question the need for e-commerce apps to acquire Wi-Fi data. If a user connects to a workplace Wi-Fi network, the data could provide a conduit for thieves to infiltrate potentially sensitive information. The question then becomes, why does an e-commerce app require such access? 

The bigger China picture 

There are other cases like Temu's, too. E-commerce platform data concerns are a subset of a more widespread systemic issue. Because of security concerns, Chinese-owned apps are closely inspected in the United States. Temu and Shein were cited as potential data threats by the U.S.-China Economic and Security Review Commission. 

For these platforms to curate and deliver products, U.S. laws, regulations, and market principles face serious risks and obstacles due to the reliance on American users installing and using their apps. Although there isn't any concrete evidence that these companies share info with the Chinese government, the possibility still exists. We have already talked about these issues in relation to the popular app TikTok. 

The Critical Information Infrastructure (CII) operators are required under China's Cybersecurity Law, which was introduced in 2016 and came into effect in June 2017, to grant the government unrestricted access to their data and to require that it only be stored on the country's mainland. 

In addition, the Communist Party of China's 2012 Constitution mandates that top CCP members must be given the chance to hold leadership roles within both public and private businesses functioning in China. By 2017, these government representatives had positions in over 1.86 million privately owned companies in China.

The Chinese government is propagating its objective of establishing world economic dominance with these legislative measures now in place. As a result, there is worry in the U.S. that Temu and other apps connected to Chinese companies could potentially be assisting in this goal by sharing our data with the Chinese government, posing a threat to our economy and the privacy of our citizens.
Read more »
United States
Cuba Ransomware Data Breach Decryption Ransomware Attacks. Software United States

Cuba Ransomware Targets U.S. Organizations via Veeam Exploit

The notorious Cuba ransomware group has leveraged a vulnerability in the popular Veeam software to launch attacks on critical organizations within the United States. This breach underscores the escalating sophistication of cybercriminals and the pressing need for robust cybersecurity measures.

Recent reports from cybersecurity experts reveal that the Cuba ransomware group has exploited a high-severity Veeam bug to compromise crucial U.S. institutions. This breach is particularly alarming due to the nature of the targeted organizations, which include entities operating within critical sectors such as healthcare, finance, and infrastructure.

Veeam, a widely used software suite for data protection, had previously fallen victim to an exploitable weakness. The Cuba ransomware group, known for its extensive criminal activities, capitalized on this vulnerability to infiltrate systems, encrypt data and demand hefty ransoms in return for decryption keys. The extent of the damage caused by these attacks is still under assessment.

As it demonstrates the shifting strategies of cybercriminals, cybersecurity researchers have called attention to the significance of this occurrence. Hackers can now more easily breach secure networks by taking advantage of a commonly used piece of software, putting the security of sensitive data and vital infrastructure at risk. This event highlights how crucial it is for businesses to continue being watchful and aggressive in protecting their digital assets.

Industry experts emphasize the need to take preemptive actions in reducing such hazards. To quickly fix vulnerabilities, regular software upgrades and security patches are crucial. Businesses must also spend money on thorough cybersecurity training to give their employees the tools they need to spot and avoid attacks.

The Veeam vulnerability used by the Cuban ransomware gang serves as further evidence of the value of international cooperation in the fight against cybercrime. As cyber dangers cross-national and international borders, it is crucial for governments, law enforcement organizations, and cybersecurity companies to work together cohesively to track down cybercriminals and take down their networks.

Read more »
United States
CISA Cyber Crime SIM Swapping Teen Hackers United States

CISA Advises Firms to Adopt Passwordless Security in LAPSUS$ Report

 

A series of high-profile cyber attacks carried out by teenage hackers in 2021 and 2022 reveals systemic flaws in the telecommunications industry and security practices employed by a number of businesses, according to a Department of Homeland Security investigation. 

The department's Cyber Safety Review Board, in a 59-page report released Thursday, urged the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) to strengthen their oversight and enforcement activities related to SIM swapping, and requested telecommunications providers to report such attacks to the regulators. 

The board also advised organisations to abandon widely used SMS and voice-based multi factor authentication in favour of "adopting easy-to-use, secure-by-default-passwordless solutions." 

The report, commissioned by CISA Director Jen Easterly, focuses on a group of young hackers known as Lapsus$, who carried out a series of attacks against big technological companies such as Uber, Okta, Samsung, and others. 

The attacks garnered attention not only because of the victims, but also because of their boldness - hackers would frequently get access to a company's systems and critical data, then post screenshots and emojis in companywide internal chat conversations. 

Once it was revealed that the group mainly consisted of teens in 2022, it became even more well-known. Seven people between the ages of 16 and 21 were detained by British police in March of that year, and in October, Brazilian police detained a further person. 

The DHS review noted that the attacks highlighted how SMS-based multifactor authentication, a practise frequently employed by organisations to add an additional layer of protection when employees and customers log into accounts, may be thwarted by hackers due to inadequate security practises at telecom carriers.

Lapsus was able to get basic data about its victims, such as their name and phone number, and employed them to carry out fraudulent SIM swaps and intercept text messages that let them sign into accounts or carry out account recoveries. 

The federal government was urged by the review board to create a roadmap of "standards, frameworks, guidance, tools, and technology" that can assist organisations in implementing passwordless authentication rather than SMS-based multifactor authentication as part of its recommendations.
Read more »
US Schools
AI Detection AI Scanner AI Tool Security Loophole Technology United States US Schools

AI Knife Detection System Fails at Hundreds of US Schools

 

A security company that provides AI weapons scanners to schools is facing new doubts about its technology after a student was assaulted with a knife that the $3.7 million system failed to identify.

Last Halloween, Ehni Ler Htoo was strolling in the corridor of his school in Utica, New York, when another student approached him and attacked him with a knife. The victim's lawyer told BBC that the 18-year-old received many stab wounds to his head, neck, face, shoulder, back, and hand. 

Despite a multimillion-dollar weapons detection system built by a company called Evolv Technology, the knife used in the attack was carried inside Proctor High School. 

Evolv claims that its scanner "combines powerful sensor technology with proven artificial intelligence" to detect weapons rather than just detecting metal. The system issues an alert when it discovers a concealed weapon, such as knives, bombs, or weapons. It previously promised that its scanners might aid in the creation of "weapons-free zones" and has openly asserted that their equipment is very accurate. 

According to Peter George, the company's chief executive, its systems "have the signatures for all the weapons that are out there." Knives, explosives, and firearms are among the weapons that the system can locate, according to earlier news releases. 

After Evolv's scanner missed 42% of large knives in 24 walk-throughs, a BBC investigation conducted last year discovered that testing proved the technology could not reliably detect large blades. 

Major American stadiums as well as the Manchester Arena in the United Kingdom employ the system. According to the testers, Evolv should alert prospective customers. Despite this, the company has been growing in the educational sector and currently claims to be present in hundreds of schools across the US. 

Stabbing incident

The Utica Schools Board purchased the weapons scanning system from Evolv in March 2022 for 13 schools. Over the summer break, it was erected.

The attacker who attacked Ehni Ler Htoo was seen on CCTV entering Proctor High School and going through the Evolv weapons detectors on October 31.

"When we viewed the horrific video, we all asked the same question. How did the student get the knife into the school?" stated Brian Nolan, Superintendent of Utica Schools.

The knife employed in the stabbing was more than 9in (22.8cm) long. The attack prompted the school system in Utica to conduct an internal investigation.

"Through investigation it was determined the Evolv Weapon Detection System… was not designed to detect knives," Mr Nolan added. 

Ten metal detectors have taken the place of the scanners at Proctor High School. The remaining 12 schools in the district, though, are still using the scanners.

According to Mr. Nolan, the district cannot afford to remove Evolv's system from its remaining schools. Since that attack, three additional knives have been discovered on kids at different schools in the district where the Evolv systems are still in use. 

One of the knives measured 7 inches. Another had a blade with finger holes that was bent. There was also a pocket knife. According to Mr. Nolan, none of them were discovered by the weapons scanner; instead, all of them were discovered because staff members reported them. 

Evolv's stance 

The language on Evolv's website was altered following the stabbing. 

Evolv had a title on its homepage that bragged about having "Weapons-Free Zones" up until October of last year. The corporation afterwards modified the language to "Safe Zones" and omitted that phrase. Now it says "Safer Zones" after another modification. 

The company asserts that its system locates firearms using cutting-edge AI technology. However, its detractors claim that not enough is understood about the system's operation or how well this technology detects various kinds of weaponry. 

Evolv has overstated the effectiveness of the device, according to Conor Healy of IPVM, a company that evaluates security technology. 

"There's an epidemic of schools buying new technology based on audacious marketing claims, then finding out it has hidden flaws, often millions of dollars later. Evolv is one of the worst offenders. School officials are not technical experts on weapons detection, and companies like Evolv profit from their ignorance."
Read more »
United States
Cyber Security Malicious Campaign National Security Swatting Calls Swatting Service United States

Digitally Crafted Swatting Service Is Wreaking Havoc Across United States

 

A Telegram user who claimed to have left bombs in places like high schools by using a digitally synthesised voice has been linked to a series of swatting calls that have occurred over several months across the United States. 

According to Vice, the user going by the alias "Torswats" on the messaging app Telegram provides a paid service to make swatting calls. Swatting is the act of lying to law authorities about a bomb threat or falsely accusing another person in a specific location of committing a crime or storing illegal materials. 

Customers may purchase "extreme swattings" for $50, which typically involve cops handcuffing a suspect and searching their home, and for $75, Torswats can reportedly lock down a school. In accordance with a story from Vice, Torswats would take bitcoin as payment, give loyal clients a discount, and will haggle over prices for well-known targets.

“Hello, I just committed a crime and I want to confess. I placed explosives in a local school,” says the voice on a tape of a Torswats call with law police. 

Torswats' voice is artificial intelligence generated digitally, however, it's not immediately clear whether this is the same technology that has made some voice performers obsolete by so expertly simulating human vocalisations. Vice found two recordings out of 35 that didn't employ a digital voice. Torswats threatened to detonate a bomb at Hempstead High School in Dubuque, Iowa, according to a phone call tape obtained by Vice. Local media reported on the threat. 

Torswats allegedly also targeted a CBD store in Florida, a business in Maryland, and homes in Virginia, Massachusetts, Texas, and California. 

Steve Bernd, FBI Seattle's public affairs officer, said, "The FBI takes swatting extremely seriously because it puts innocent people at harm." Since at least ten years ago, police have been discussing the "swatting" issue, and more recent headlines have been made about other incidents.

Indictments for extortion and threats were issued against a Seattle man just last month after more than 20 swat calls to the police were made by him. It is said that the man would broadcast these calls live to a certain Discord group.
Read more »
Subscribe to: Posts (Atom)