Group items tagged

President Donald Trump on Tuesday fired top cybersecurity official Chris Krebs in a message on Twitter, accusing him without evidence of making a “highly inaccurate” statement affirming the Nov. 3 election was secure and rejecting claims of fraud.

Krebs’ work in protecting the election from hackers and combating disinformation about the vote won praise from lawmakers of both parties as well as state and election officials around the country.

Reuters reported last week that Krebs had told associates he expected to be fired.

At the worst possible time, when the United States is at its most vulnerable — during a presidential transition and a devastating public health crisis — the networks of the federal government and much of corporate America are compromised by a foreign nation.

Last week, the cybersecurity firm FireEye said it had been hacked and that its clients, which include the United States government, had been placed at risk

The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.

PARIS — The French presidential election is at high risk of being hacked and campaign staff have “zero” training in how to stop it, the Socialist Party’s security chief warned.

“The question of cyberattacks is a real worry that is growing stronger at all levels [of government], both on the intensity of the threat and the sophistication of recent attacks,” said Pietrasanta. “The state has deployed financial means, but there is still lots of concern given what happened in the United States with the hacking of the Democratic Party.”

In the United States, the intelligence community’s conclusion that Russia tried to sway the result of the presidential election via hacking prompted the expulsion of 35 Russian diplomats.

Flame is the biggest and most high-functioning cyberweapon ever discovered, various cybersecurity experts said. It is comprised of multiple files that are 20 times larger than Stuxnet and carry about 100 times more code than a basic virus, experts said.

The most alarming feature, experts said, is that Flame can be highly versatile, depending on instructions by its controller. The malware can steal data and social-network conversations, take snapshots of computer screens, penetrate across networks, turn on a computer's microphone to record audio and scan for Bluetooth-active devices.

Experts said they believe Flame reports back the information to a central command-and-control network that has constantly changed location. Analysts found servers in Germany, Vietnam, Turkey, Italy and elsewhere, but haven't located the main server.

Without public notice or debate, the Obama administration has ex

panded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.

The disclosures, based on documents provided by Edward J. Snowden, the former N.S.A. contractor, and shared with The New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.

That was in early 2017. It wasn’t until recently, after being contacted by The Wall Street Journal, that Ms. Hales would learn that Black4Black and “partner” groups, including BlackMattersUS, were among hundreds of Facebook and Instagram accounts set up by a pro-Kremlin propaganda agency to meddle in American politics, Facebook records show.

The fake directory is one example of the elaborate schemes that Russian “trolls” have pursued to try to collect personal and business information from Americans, the Journal has found. Leveraging social media, Russians have collected data by peddling niche business directories, convincing activists to sign petitions and bankrolling self-defense training classes in return for student information.

which also owns Instagram, said the company allows users to find out whether they have “liked” or “followed” any Russia-backed accounts through an online tool..

After the events of Jan. 6, researcher Laura Edelson expected to see a spike in Facebook users engaging with the day's news, similar to Election Day.

"The thing was, most of that spike was concentrated among the partisan extremes and misinformation providers," Edelson told NPR's All Things Considered. "And when I really sit back and think about that, I think the idea that on a day like that, which was so scary and so uncertain, that the most extreme and least reputable sources were the ones Facebook users were engaging with, is pretty troubling."

A new study from Cybersecurity For Democracy found that far-right accounts known for spreading misinformation are not only thriving on Facebook, they're actually more successful than other kinds of accounts at getting likes, shares and other forms of user engagement.

Defense Secretary Lloyd Austin told CNN the United States has "offensive options" to respond to cyberattacks following another major attack that is believed to have been carried out by the Russian group behind the SolarWinds hack.

Austin's comments come after the hackers behind one of the worst data breaches ever to hit the US government launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft.

The group, which Microsoft calls "Nobelium," targeted 3,000 email accounts at various organizations this week — most of which were in the United States, the company said in a blog post Thursday.

Ransomware has become a scourge in the United States, and hospitals are among the softest targets. In 2019, 764 American health care providers — a record — were hit by ransomware. Emergency patients were turned away from hospitals, medical records were inaccessible and in some cases permanently lost, surgical procedures were canceled, tests postponed and 911 services interrupted.

little has been done to deter the attacks and the responses of targeted institutions are often shrouded in secrecy. Despite F.B.I. advisories warning victims not to pay their extortionists, cyber insurers have advised victims to pay ransoms, calculating that the payments are still cheaper than the cost to clean up and recover data.

The attacks cost organizations more than $7.5 billion in 2019, according to Emsisoft, a cybersecurity firm that tracks ransomware attacks. An increasing number of victims are choosing to pay, as many as three of four,

A series of cyberattacks is underway aimed at the companies and government organizations that will be distributing coronavirus vaccines around the world, IBM’s cybersecurity division has found, though it is unclear whether the goal is to steal the technology for keeping the vaccines refrigerated in transit or to sabotage the movements.

“cybersecurity diligence at each step in the vaccine supply chain.” He urged organizations “involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation.”

The cyberattackers “were working to get access to how the vaccine is shipped, stored, kept cold and delivered,” said Nick Rossmann, who heads IBM’s global threat intelligence team. “We think whoever is behind this wanted to be able to understand the entire cold chain process.”

Despite their ability to carry prodigious amounts of data, fiber-optic cables are also highly insecure. An eavesdropper needs only to bend a cable and expose the fiber, Dr. Shields said. It is then possible to capture light that leaks from the cable and convert it into digital ones and zeros. “The laws of quantum physics tell us that if someone tries to measure those single photons, that measurement disturbs their state and it causes errors in the information carried by the single photon,” he said. “By measuring the error rate in the secret key, we can determine whether there has been any eavesdropping in the fiber and in that way directly test the secrecy of each key.”

In case you needed further evidence that the White Hats are losing the war on cybercrime, a six-year-old so-called Trojan horse program that drains bank accounts is alive and well on Facebook. Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim’s passwords and drains the victim’s accounts

the computer “systems administrators” had access to enormous amounts of classified information. “They can be a critical security gap because they see everything,” he said. “They’re like code clerks were in the 20th century. If a smart systems administrator went rogue, you’d be in trouble.”

in every single case, private or public, someone could manage somewhere to abuse it – for a personal vendetta, or political smear campaign, and on and on. And this collapse of what we once called “privacy” is simply going to grow and grow while outraged defenses of the privacy we once enjoyed, while fully understandable, will become, if they are not already, effectively moot. That’s the conundrum, as Ross recently observed. It’s not a totalitarian police state; it’s a soft ubiquitous, private and public surveillance state that we either participate in or withdraw from society altogether.

I don’t like this much, but I fail to see how it can be stopped. And it makes something like the Fourth Amendment in desperate need of re-interpretation.

the data is there and always will be. The question is simply who has access to it. If only private entities do, then we need to stop all the obviously productive and efficient innovations that Big Data has produced to make government better.

there are now only two types of companies left in the United States: those that have been hacked and those that don’t know they’ve been hacked.

an annual Verizon report, which counted 621 confirmed data breaches last year, and more than 47,000 reported “security incidents.”

the report shows that no matter the size of the organization — large, small, government agencies, banks, restaurants, retailers — people are stealing data from a range of different organizations and it’s a problem everyone has to deal with.”

type your name into WikiLeaks to see what damage the day's hacked emails might hold for you.

ype your name into WikiLeaks to see what damage the day's hacked emails might hold for you.

the emails include the private information of a large number of bystanders, ranging from email addresses to financial data.

Affected sites included Twitter (TWTR, Tech30), Etsy (ETSY), Github, Vox, Spotify, Airbnb, Netflix (NFLX, Tech30) and Reddit.

"If you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today," said Jeremiah Grossman, chief of security strategy at cybersecurity startup SentinelOne.

The massive outage drew the attention of the FBI which said Friday that it was "investigating all potential causes" of the attack.