|
Pompeo warns TikTok users' personal info could be going 'directly to the Chinese Communist Party'
“These Chinese software companies doing business in the United States,” Pompeo said, “are feeding data directly to the Chinese Communist Party, their national security apparatus. Could be [users'] facial recognition pattern, it could be information about their residence, their phone numbers, their friends, who they’re connected to. Those are the issues that President Trump’s made clear we’re going to take care of. These are true national security issues.”
https://www.foxnews.com/politics/pompeo-warns-tiktok-users-data-including-facial-pattern-residence-phone-number-could-be-going-directly-to-the-chinese-communist-party
Microsoft confirms it's exploring purchase of TikTok after CEO's conversation with President Trump
"Microsoft will move quickly to pursue discussions with TikTok’s parent company, ByteDance, in a matter of weeks, and in any event completing these discussions no later than September 15, 2020," Microsoft said in a blog post Sunday. "During this process, Microsoft looks forward to continuing dialogue with the United States Government, including with the President."
https://www.usatoday.com/story/tech/2020/08/02/tiktok-ban-microsoft-negotiating-purchase-video-app/5568778002/
Fending off cyberattacks: healthcare institutions build up their defenses
Effective monitoring of devices and their interactions with the network allows for IT to find any anomalies and, if needed, block them to prevent data exfiltration. It is more than just know what it is on the network – it is about understanding how the device behaves, interacts, and communicates. Visibility into the devices as well as manufacturer documentation assists in creating the baseline of its protocols. Thus, when there is a break in the pattern of how it is operating, it can be easily detected and contained before it spreads.
https://www.securityinfowatch.com/cybersecurity/article/21148313/fending-off-cyberattacks-healthcare-institutions-build-up-their-defenses
How Zero Trust in Healthcare Can Keep Pace with the Threat Landscape
Many organizations have moved to the cloud or are leveraging SaaS applications. Often, employees are not in the office, although the apps they’re accessing exist on the enterprise network, Cross explained. As a result, traffic is routing through the office network, even when the user is physically located elsewhere. These issues can lead to a host of authentication issues and increase the risk of exploit.
https://healthitsecurity.com/features/how-zero-trust-in-healthcare-can-keep-pace-with-the-threat-landscape
Vaccine Research 'Fair Game for Cyber-Spies,' Expert Warns After Chinese Hackers Tied to Moderna Attack
"What we're witnessing right now is a direct result of the current global situation, where there's an ongoing race to discover an efficient vaccine against COVID-19." Tanase elaborated: "This race has led multiple state-sponsored hacking groups to ramp up their operations targeting the pharmaceutical industry. We shouldn't be surprised these attacks are happening. What would be surprising is if they stopped."
https://www.newsweek.com/china-hackers-moderna-covid19-research-cyber-experts-warn-1522005
Malware author pleads guilty for role in transnational cybercrime organization responsible for more than $568 million in losses
Infraud was an Internet-based cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband.
https://www.ice.gov/news/releases/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible
Outsourcing Challenges and 3rd Party Risk
Refinitiv conducted an interesting survey (published Feb 2020), with total of 1,794 participants across 16 countries (899 large and 895 SMEs) with a total of over 17mln 3rd party relationships. [...]
· 43% of 3rd parties are not subject to due diligence checks (6% higher than 2016 survey results).
· 60% of respondents are not fully monitoring 3rd parties for ongoing risks
· 63% of respondents agree that the economic climate is encouraging organisations to take regulatory risks in order to win new business
· 53% of respondents say that they would report a 3rd party breach internally and only 16% would report it externally.
https://www.financemagnates.com/forex/regulation/outsourcing-challenges-and-3rd-party-risk/
Corporate Travel Giant CWT Paid $4.5 Million in Ransom to Cyber Hackers: Reports
“There is growing evidence that often these attacks benefit from some internal support/knowledge, so this makes it also very difficult to police for the IT department even if they are very vigilant. Once there is a breach, then how the ransom is paid makes very little difference in my opinion. Bitcoin in itself is actually not particularly anonymous, just more convenient that dropping a bag of cash in a bin on the motorway.”
https://skift.com/2020/08/01/corporate-travel-giant-cwt-paid-4-5-million-in-ransom-to-cyber-hackers-reports/
What’s this? A bipartisan plan for AI and national security
US Reps. Will Hurd and Robin Kelly are from opposite sides of the ever-widening aisle, but they share a concern that the United States may lose its grip on artificial intelligence, threatening the American economy and the balance of world power. On Thursday, Hurd (R-Tex.) and Kelly (D-Ill.) offered suggestions to prevent the US from falling behind China, especially, on applications of AI to defense and national security.
https://arstechnica.com/tech-policy/2020/08/whats-this-a-bipartisan-plan-for-ai-and-national-security/
Election Cyber Surge To Deploy Hacker Army For 2020 Vote—Here’s Why
The proposition is a simple enough one: the Election Cyber Surge program will open up a line of communication between both state and local election officials and an army of volunteer hackers, security researchers, and cybersecurity experts to help with any concerns they might have. Currently, there are around 50 such hackers, all vetted by the program, and most with at least a decade of hands-on experience, but Election Cyber Surge is still recruiting.
https://www.forbes.com/sites/daveywinder/2020/08/01/can-this-army-of-hackers-secure-the-2020-us-presidential-election-trump-vote-cybersecurity/#6f2907c27509
The US is a ‘cheap date’ in cyberspace. A commission has ideas to change that.
In testimony before the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities, Sen. Angus King, I-Maine, called for a two-pronged approach to deter cyber-based espionage operations, attempts to disrupt U.S. banks, and widespread online influence campaigns. His recommendation included increased international cooperation to call out and punish such activities, and for the U.S. to create a stronger declaratory policy.
https://www.c4isrnet.com/cyber/2020/07/31/the-us-is-a-cheap-date-in-cyberspace-a-commission-has-ideas-to-change-that/
First-ever EU cyber sanctions hit Russian, Chinese, NKoreans
The six people and three groups hit with sanctions include Russia’s GRU military intelligence agency. EU headquarters blamed them in a statement for the 2017 “WannaCry” ransomware and “NotPetya” malware attacks and the “Cloud Hopper” cyberespionage campaign. EU foreign policy chief Josep Borrell said the sanctions “are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.”
https://apnews.com/978f1494313a545e6e7e568e5f9782bf
Iran group claim attacks on 28 Israeli railway stations
More than six days after the operation ended, it said stations were still dysfunctional owing to “severe damage to equipment and infrastructure.” The aim of the operation, the anonymous group said, was to “show that we can plan the collision of tens of trains if we so wish.” The same group earlier this month claimed responsibility for massive power outages in Israel. The claim, however, could not be substantiated, according to cyber experts.
https://www.aa.com.tr/en/middle-east/iran-group-claim-attacks-on-28-israeli-railway-stations/1927997
Claims Iran hacked Israeli railways are false - 'Post' learns
The Turkish claim - likely Iranian propoganda - came only months after previous attempts, allegedly by Iran, to decommission Israeli water treatment plants across the country. [...] Despite the report, the Post learned that the claim was false and that the Israeli railway system had not been hacked.
https://www.jpost.com/israel-news/israeli-railways-fall-victim-to-alleged-iranian-cyberattack-637046
Cyber-Attacks, Disinformation, Pre-Election Chaos And The Pandemic Combine To Produce New Strategic Threats Against The U.S.
What’s more, Fowler said that adversaries have learned to use disinformation in a precise, almost surgical way. That way, the purveyors of disinformation can focus on a single issue, such as sowing doubt about the validity of the U.S. elections, raising assertions about the possibility of widespread election fraud, and suggesting that some methods of voting may be corrupt.
https://www.forbes.com/sites/waynerash/2020/07/31/cyber-attacks-disinformation-pre-election-chaos-and-the-pandemic-combine-to-produce-new-strategic-threats-against-the-us/#5a52f7633aba
Digital Propaganda Campaign Discredits US
Dubbed Ghostwriter, the apparently well-resourced campaign has sought to portray the presence of American and NATO troops in Europe as aggressive and dangerous to local populations. [...] Researchers say that in addition to circulating a litany of untruths, Ghostwriter operations have leveraged entirely fabricated official documents and correspondence to add an appearance of authenticity to their false narratives.
https://www.infosecurity-magazine.com/news/digital-propaganda-campaign/
Now Is The Time To Talk About Ethics & Privacy In The Metaverse
In the metaverse, marketers will no longer be confined to ads on flat screens. They'll have a whole virtual universe to create immersive, 3D experiences for the companies and brands they represent. As the mediums marketers use expand and evolve (print, radio, TV, the internet) so do the ethical guidelines and practices. The internet allowed marketers to study where customers move their mouse or look on a screen. In the metaverse, they'll be able to track body movement, brainwaves, and physiological responses.
https://www.forbes.com/sites/cathyhackl/2020/08/02/now-is-the-time-to-talk-about-ethics--privacy-in-the-metaverse/#1c866c63ae6c
Google: Eleven zero-days detected in the wild in the first half of 2020
The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year. Details about these zero-days have been obtained from a spreadsheet managed by Google security researchers, which the company made public available earlier this year. The spreadsheet contains Google's internal statistics about in-the-wild zero-day usage going as far back as 2014, when the company began tracking said stats.
https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/
Twitter: Epic Account Hack Caused by Mobile Spearphishing
First they used the initial credentials they phished to access some of Twitter’s internal systems and learn information about company processes, according to the post. “This knowledge then enabled them to target additional employees who did have access to our account-support tools,” the company said. “Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately tweeting from 45, accessing the [direct messages (DM)] inbox of 36, and downloading the Twitter Data of seven.”
https://threatpost.com/twitter-hack-mobile-spearphishing-scam/157896/
Microsoft Edge is malware, says angry Windows 7 user
Malware is one of technology's greatest scourges. Look how it terrifies people. The reader continued: "How could any application be running that she hadn't started? How is it that Microsoft can't manage to provide security updates for Windows 7, as it is end of life, but still manage to force a new web browser that isn't wanted on Windows 7 users?" An existential question, for sure. But one best left for a smooth tincture at the end of the day.
https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/
|
