Group items matching

in title, tags, annotations or url

"The personal details of millions of voters are believed to have been accessed in an attack by China on Britain's democratic process, ministers will say. MPs and peers are thought to be among 43 people who the government looks set to confirm have been targeted by cyber-attacks backed by the Chinese state. The UK could impose sanctions on individuals believed to be involved in these acts of state-backed interference, one of which was a separate attack on the Electoral Commission in which Beijing accessed the personal details of about 40 million voters."

"The library outside St Pancras International station, which has one of the largest book collections in the world, said it has its own financial reserves and has not applied for extra funding. A spokesperson said: "The final costs of recovering from the recent cyber attack are still not confirmed. "The British Library and its Government sponsor, the Department for Culture, Media and Sport (DCMS), remain in close and regular contact."

"While the name behind the attack might be relatively new, the criminal technique is not. Ransomware gangs render an organisation's computers inaccessible by infecting them with malicious software - malware - and then demanding a payment, typically in cryptocurrency, to unlock the files. In recent years, however, in a process dubbed "double extortion", the majority of gangs steal data at the same time and threaten to release it online, which they hope will strengthen their negotiating hand."

"After "social engineering" efforts using personal details to target staff were uncovered, badges no longer carry last names, clean-desk policies are far more strictly enforced and the processing and communication of sensitive information is now subject to higher bars of regular mandatory training."

"Nearly 10 million Australians have had their private health data hacked - with sensitive medical records detailing treatments for alcoholism, drug addictions, and pregnancy terminations already posted online - in a cyber-attack believed to have been coordinated from Russia."

"Cyber conflicts are fought in the shadows, but in the case of Russia's invasion of Ukraine, it is a group that calls itself Anonymous that has made the most public declaration of war. Late on Thursday the hacker collective tweeted from an account linked to Anonymous, @YourAnonOne, that it had Vladimir Putin's regime in its sights."

""It's not so much the technical disruption, it's what it does to undermine confidence, like in the financial sector. It gets people quite nervous. It's more that kind of secondary impact," said Jamie Collier, a Mandiant consultant, who described a DDoS as akin to stuffing a thousand envelopes through a letterbox every second."

"Cybersecurity researchers say the My2022 mobile app - the official app of the Beijing Winter Olympics - has serious security vulnerabilities and that "all Olympian audio is being collected, analyzed and saved on Chinese servers." Why This Matters: The Chinese government is mandating all Olympic athletes, coaches, and attendees use the My2022 app and, as of Thursday morning, the app is still available in the Apple and Android U.S. app stores where Americans can download it too."

"Ukraine has been hit by a "massive" cyber-attack, with the websites of several government departments including the ministry of foreign affairs and the education ministry knocked out. Officials said it was too early to draw any conclusions but they pointed to a "long record" of Russian cyber assaults against Ukraine, with the attack coming after security talks between Moscow and the US and its allies this week ended in stalemate."

"The Purdue researchers have created Electro-Quasistatic Human Body Communication (EQS-HBC) which uses low-frequency, carrier-less broadband transmission, and so keeps the signal almost entirely within the human body. That means data from pacemakers and other implantable medical devices would only be readable a handful of centimetres outside the wearer."

"Increasing numbers of implantable medical devices are now gaining internet connectivity, giving doctors the ability to monitor patients health remotely, and even update the devices to tweak a treatment plan. Unfortunately, that flexibility offers a way for hackers to hijack that hardware, and even potentially make changes to the way the devices work. While so far no attacks have been successful, proof-of-concept attacks have been available for years"

"Facebook said on Thursday it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyber-spying operation that targeted mostly US military personnel and people working at defense and aerospace companies. The social media company said the group, dubbed "Tortoiseshell" by security experts, used fake online personas to connect with targets, build trust - sometimes over the course of several months - and drive them to other sites, where they were tricked into clicking malicious links that would infect their devices with spying malware."

"JBS, the world's biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber-attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft."

"West Midlands Trains emailed about 2,500 employees with a message saying its managing director, Julian Edwards, wanted to thank them for their hard work over the past year under Covid-19. The email said they would get a one-off payment as a thank you after "huge strain was placed upon a large number of our workforce". However, those who clicked through on the link to read Edwards' thank you were instead emailed back with a message telling them it was a company-designed "phishing simulation test" and there was to be no bonus. It warned: "This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.""

"In a statement, the company said: "Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already under way, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."

Sounds a bit extreme just to make sure no one can log on to your laptop or smartphone, but a team of researchers from Stanford and Northwestern universities as well as SRI International is nonetheless experimenting at the computer-, cognitive- and neuroscience intersection to combat identity theft and shore up cyber security-by taking advantage of the human brain's innate abilities to learn and recognize patterns.

"Personal information of more than 243 million Brazilians was exposed for more than six months thanks to weakly encoded credentials stored in the source code of the Brazilian Ministry of Health's website. The data leak exposed both living and deceased Brazilians' medical records to possible unauthorized access. The incident was the second reported by Brazilian publication Estadão and among several others recently affecting South America's largest nation's healthcare system."

"This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself - and can affect all of a supplier's customers. It's an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone."

"Spyware sold by an Israeli private intelligence firm was allegedly used to hack the phones of dozens of Al Jazeera journalists in an unprecedented cyber-attack that is likely to have been ordered by Saudi Arabia and the United Arab Emirates, according to leading researchers."

""Critical, user-facing vulnerabilities" were found in the Chinese supplier's fixed-broadband products caused by poor code quality and an old operating system, the Huawei Cyber Security Evaluation Centre Oversight Board said in a report. "U.K. operators needed to take extraordinary action to mitigate the risk.""

"Chinese consumers are increasingly standing up to Internet giants for their digital privacy in an unprecedented way. China is in the early stages of setting up a data protection regulatory system. The Cyber Security Law, effective Jun 1, 2017, included for the first time a set of data protection provisions in the form of national-level legislation. The 2018 e-Commerce Law incorporated data privacy protections for consumers such as the "right to be forgotten", similar to the EU's General Data Protection Regulation."