RE: News of the Cyber World - kyonides - 09-10-2021
CyberScoop Wrote:Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.
The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018.
The watchdog, which kicked off its probe in 2018, ruled that Facebook failed to fully explain what “legitimate interests” the company used personal data for or how that data was processed. In addition to the fine, the ruling requires WhatsApp to take “corrective measures” in order to come into compliance with GDPR.
WhatsApp plans to appeal the fine, according to a spokesperson.
CyberScoop Wrote:ProtonMail, the encrypted email service that’s built a reputation for safeguarding user data, said it had no choice but to provide details about an activist to French authorities, amid mounting questions about the privacy protections in the popular mail client.
Swiss-based ProtonMail is an end-to-end encrypted service that markets itself as a tool that encrypts messages and other user data before the company accesses it. It’s a technique that, for more than 50 million users, aims to provide additional layers of protection than are available with more common email options, such as Gmail.
A French police report published on Sept. 2 appears to show that police used ProtonMail to collect the IP address, a specific number that pertains to an individual computer, of an unnamed French activist who was demonstrating against real estate gentrification in Paris. The case appears to undercut ProtonMail’s assurance that it does not log the IP addresses of unique users.
While the exact circumstances of the case remain murky, ProtonMail founder and CEO Andy Yen said in a series of tweets that the email firm was the subject of a legal order from a Swiss court. ProtonMail does not collect user IP addresses by default, Yen said, but “only if Proton gets a legal order for a specific account,” the company wrote in a Sept. 6 statement.
French police obtained a Swiss court order by transmitting their request through Europol, at which point ProtonMail began logging details on the IP address in question, according to TechCrunch. Authorities reportedly arrested the activist after obtaining more details about the IP address.
According to Wikipedia gentrification is:
Wikipedia on Gentrification Wrote:...the process of changing the character of a neighborhood through the influx of more affluent residents and businesses. Because it tends to change the character of said neighborhood, it is a common and controversial topic in politics and in urban planning.
So how exactly did that activist commit any crime by protesting against REG!?
Even so ProtonMail assures you that they are unable to decrypt your email contents.
CyberScoop Wrote:U.S. Cyber Command is warning American organizations that hackers are exploiting software flaws in a popular project management tool, an indication that attackers could be preparing for a larger campaign that creates headaches throughout the private sector.
Cyber Command — the Defense Department’s cyber unit — said in a tweet Friday that “mass exploitation” of the issue “is ongoing and expected to accelerate.” The issue exists in Atlassian Confluence, an enterprise application marketed as a means of enabling remote work in corporate environments. Atlassian, an Australian corporation, warned clients on Aug. 25 to update their systems to the latest version of Confluence.
“Please patch immediately if you haven’t already — this cannot wait until after the weekend,” the Cyber Command warning stated.
...
Specific details about the flaw in Atlassian’s Confluence software are sparse. The company said the issue, categorized as CVE-2021-26084, is an “injection vulnerability” that “would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”
RE: News of the Cyber World - kyonides - 09-16-2021
CyberScoop Wrote:The United Nations’ top human rights official Wednesday called for a global moratorium on the sale and use of artificial intelligence systems that pose human rights concerns until safeguards are put in place.
“We cannot afford to continue playing catch-up regarding AI – allowing its use with limited or no boundaries or oversight, and dealing with the almost inevitable human rights consequences after the fact,” U.N. High Commissioner for Human Rights Michelle Bachelet said alongside the release of a report on the emerging technology. “The power of AI to serve people is undeniable, but so is AI’s ability to feed human rights violations at an enormous scale with virtually no visibility.”
The U.N. did not list specific AI tools that governments should ban. Instead, the report points to a number of ways the technology is used in decision-making that can have life-altering consequences, including the rise in the use of facial recognition technology in policing and subsequent cases of false arrests.
It would have been better if they ever had listed some AI tools at least.
CyberScoop Wrote:Apple released a patch Monday against two security vulnerabilities, one of which the Israeli surveillance company NSO Group has exploited, according to researchers.
The updated iOS software patches against a zero-click exploit that uses iMessage to launch malicious code, which in turn allows NSO Group clients to infiltrate targets — including the phone of a Saudi activist in March, researchers at Citizen Lab said.
The exploit uses a manipulated gif to crash Apple’s image rendering library. It then launches spyware that researchers say shares distinct features with NSO Group’s Pegasus spyware. Researchers have named the exploit “FORCEDENTRY.”
Zero-click exploits prove especially dangerous because they don’t require users to open the malicious message or link for hackers to gain access to your phone.
RE: News of the Cyber World - kyonides - 10-07-2021
CyberScoop Wrote:Source code underpinning the live streaming service Twitch has reportedly leaked, exposing information about some company plans and payment data from popular accounts on the service.
Twitch, a subsidiary of Amazon, is a popular service that broadcasts esports, live music and other events to audiences that have numbered millions at a time.
An anonymous user of the message board 4chan — home to hackers and trolls alike — posted a 125-gigabyte torrent file that they allege includes all of Twitch’s code, including information about internal security tools, three years of payment history to Twitch “creators” and data related to proprietary software. The poster hinted that more details would be forthcoming, with the stated goal of “foster[ing] more user disruption and competition in the online video streaming space,” as the Video Game Chronicle first reported on Wednesday.
In a statement, Twitch confirmed a breach had occurred.
“Our teams are working with urgency to understand the extent of this,” a spokesperson said in an email. “We will update the community as soon as additional information is available. Thank you for bearing with us.”
I wonder if it really was a misconfiguration only.
CyberScoop Wrote:Facebook, Instagram and WhatsApp largely returned to the internet late Monday following a six hour-long outage that outsiders suggested, without evidence, was the result of a cyberattack.
In an Oct. 4 statement, the company apologized for the long downtime, blaming the matter on networking issues. Configuration changes “on the backbone routers that coordinate network traffic between our data centers” interrupted communication, Facebook said, causing a “cascading effect” that disrupted the flow of communication. The same issue also halted Facebook’s internal systems, further delaying the recovery process.
Independent security experts suggested from the beginning that the company’s Domain Name System, the technological protocol by which connected devices locate one another on the internet, was somehow to blame.
...
Another tweet originating from what appears to be a small technology startup also seized on Twitter conversation, as first noticed by Aric Toler, a Bellingcat researcher. The company claimed that a database of more than 1.5 billion Facebook profiles was for sale on a dark web forum, aiming to connect the listing to the larger downtime.
The post was based on a weeks-old listing on a cybercrime marketplace where the original seller promises only surface-level profile information such as users’ email addresses, gender, location and phone numbers. The data is scraped from Facebook, meaning someone used an automated scan to gather public information, rather than gathering information via an unauthorized intrusion.
Well, I hope our resident pinay girl wasn't affected by this breach at all.
RE: News of the Cyber World - DerVVulfman - 10-11-2021
Guess you didn't get info on the Facebook's second downtime this Friday.
And it looks like you kinda 'reversed' your quotes.
RE: News of the Cyber World - DerVVulfman - 10-27-2021
Whistleblower Frances Haugen testified before British Parliament, echoing a lot of the information she relayed in the US Congress. She shared a series of documents describing Facebook's inner workings and how it affect their users. Along with that, she also added that Facebook deliberately provides what she called "false choices" by reducing discussions that involve transparency vs privacy.
Meanwhile...
A second Facebook whistleblower has stepped forward with new claims, according to the Washington Post. The individual was a former member of Facebook’s integrity team. The claims indicate that Facebook takes a profit-before-effort approach to combating hate speech and misinformation on its platform.
The accusations of this whistleblower, who submitted sworn statements to the Securities and Exchange Commission, mirror those made by Frances Haugen.
RE: News of the Cyber World - DerVVulfman - 11-01-2021
Changing its name to Meta amidst Whistleblowers and lawyers seen as a Distraction
Mark Zuckerberg (Facebook CEO) Wrote:Right now, our brand is so tightly linked to one product that it can’t possibly represent everything that we’re doing today, let alone in the future. Over time, I hope that we are seen as a metaverse company, and I want to anchor our work and identity on what we’re building toward.
While they wish to change the company's name, many think that the name change amounts to little. Rebecca Biestman, chief marketing officer of Reputation suggests that the change merely amounts to 'slapping a fresh coat of paint on a defaced brand name.' Essentially a wish to cover things up.
Roger McNamee (author of 'Zucked: Waking up to the Facebook Catastrophy') Wrote:Seriously? Facebook is trying to distract journalists and policy makers from the whistleblower’s evidence of irresponsible management decisions and potentially criminal behavior. If they change the organizational structure, it will be to protect Mark Zuckerberg from accountability for the harms committed by his company under his leadership.
RE: News of the Cyber World - kyonides - 11-01-2021
Following a 10-month investigation into the dark web’s largest illegal marketplace named “Dark HunTor,” 150 suspected drug vendors and buyers have been arrested.
The Verge reports that the closure of the dark web’s largest illegal marketplace, DarkMarket, has resulted in the arrest of 150 suspected drug vendors and buyers. The site boasted some 500,000 users and facilitated around 320,000 transactions, reports Europol, the EU’s law enforcement agency. Items sold on the marketplace included malware, stolen credit card information, weapons, and drugs.
The DOJ and Europol teamed up to take down DarkMarket in an Operation named “Dark HunTor.” US arrests totaled 65, German arrests totaled 47, UK arrests totaled 24, Italian arrests totaled 4, Dutch arrests totaled 4, French arrests totaled 3, Swiss arrests totaled 2, and Bulgarian arrests totaled 1. The operation saw $31.6 million in cash and cryptocurrencies seized as well as 45 firearms and around 234 kilograms of drugs such as cocaine, opioids, amphetamine, MDMA, and fentanyl.
Italian authorities successfully shut down two other dark web marketplaces, DeepSea and Berlusconi, as part of the operation. Four alleged administrators of the sites were arrested along with $4.17 million in cryptocurrency.
While the dark web was once considered to be relatively safe for drug dealers, international operations like Dark HunTor have seen arrests and closure of marketplaces. Just in recent years, markets like Dream, WallStreet, White House, DeepSea, and Dark Market have all been closed.
A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if the NRA doesn’t pay an extortion fee of an undisclosed sum.
The documents previewed on Grief’s leak site include grant applications and minutes from a meeting. The group claims to possess more documents. However, ransomware actors have been known to exaggerate the amount of data obtained in a hack.
CyberScoop has not independently verified the documents. An NRA spokesperson declined to comment when reached by phone. On its Twitter account, the NRA appeared to allude to the news.
“NRA does not discuss matters relating to its physical or electronic security,” reads a tweeted quote attributed to Andrew Arulanandam, managing director of NRA public affairs. “However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp.
Evil Corp.’s involvement could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019. The Justice Department also charged two Evil Corp. members with criminal violations, accusing the group’s leader, Maksim Yakubets, of providing direct assistance to Russian intelligence agencies.
RE: News of the Cyber World - kyonides - 11-02-2021
CyberScoop Wrote:A ransomware attack on Toronto’s transit agency knocked some systems offline over the weekend, an incident that occurred days after another hack disrupted a Michigan transportation agency.
The Toronto Transit Commission said it first discovered the attack on Friday, after seeing “some unusual network activity” the day before. The intrusion initially appeared to have little impact, but the damage escalated “when hackers broadened their strike on network servers,” according to a statement to Canadian media outlets.
Online services for communicating with vehicle operators, information platform screens, trip-planning apps, the commission’s website, an online booking portal and internal email messaging were among the affected systems.
The Ann Arbor Area Transportation Authority — alternately known as TheRide — also said it was the victim of a security incident that disrupted its bus information systems. Neither the Toronto nor Ann Arbor attacks appeared to affect transportation services significantly. There is no indication the hacks are related.
Cyberattacks on rail transport are a recent point of emphasis in the U.S. The Department of Homeland Security last month announced forthcoming requirements that air and rail transporters would have to report hacks to the Transportation Security Administration, select a point person for discussing attacks with the government and develop a recovery plan.
RE: News of the Cyber World - kyonides - 11-08-2021
AP News Wrote:When Mark Zuckerberg announced ambitious plans to build the “metaverse” — a virtual reality construct intended to supplant the internet, merge virtual life with real life and create endless new playgrounds for everyone — he promised that “you’re going to able to do almost anything you can imagine.”
That might not be such a great idea.
Zuckerberg, CEO of the company formerly known as Facebook, even renamed it Meta to underscore the significance of the effort. During his late October presentation, he effused about going to virtual concerts with your friends, fencing with holograms of Olympic athletes and — best of all — joining mixed-reality business meetings where some participants are physically present while others beam in from the metaverse as cartoony avatars.
Suppose the metaverse also enables a vastly larger, yet more personal version of the harassment and hate that Facebook has been slow to deal with on today’s internet? Or ends up with the same big tech companies that have tried to control the current internet serving as gatekeepers to its virtual-reality edition? Or evolves into a vast collection of virtual gated communities where every visitor is constantly monitored, analyzed and barraged with advertisements? Or foregoes any attempt to curtail user freedom, allowing scammers, human traffickers and cybergangs to commit crimes with impunity?
Picture an online troll campaign — but one in which the barrage of nasty words you might see on social media is instead a group of angry avatars yelling at you, with your only escape being to switch off the machine, said Amie Stepanovich, executive director of Silicon Flatirons at the University of Colorado.
“We approach that differently — having somebody scream at us than having somebody type at us,” she said. “There is a potential for that harm to be really ramped up.”
That’s one reason Meta might not be the best institution to lead us into the metaverse, said Philip Rosedale, founder of the virtual escape Second Life, which was an internet craze 15 years ago and still attracts hundreds of thousands of online inhabitants.
The danger is creating online public spaces that appeal only to a “polarized, homogenous group of people,” said Rosedale, describing Meta’s flagship VR product, Horizon, as filled with “presumptively male participants” and a bullying tone. In a safety tutorial, Meta has advised Horizon users to treat fellow avatars kindly and offers tips for blocking, muting or reporting those who don’t, but Rosedale said it’s going to take more than a “schoolyard monitor” approach to avoid a situation that rewards the loudest shouters.
At first any system or environment might look eye catchy and all, but there's no guarantee that either the users or the moderators won't abuse of their freedom or power respectively. And Facebook hasn't been a haven of free speech as of late. Except for certain alleged criminals that might have traded illegal stuff on that platform even for years.
Plus why are they so concerned about male participants only? That's promoting a very narrow minded view of masculinity. Who says females don't mistreat other people for various reasons or motives?
Since Second Life was introduced, has the internet ever needed to create more cartoonish avatars to compete with that specific platform? I know competition lets you choose what's best for you and your contacts, but certain technologies aren't making so a huge difference... I mean, it might be fine for you to log into it at any given time, yet, is it good for your mind or your eyesight? Isn't it way better to just meet in person whenever it's possible?
RE: News of the Cyber World - kyonides - 11-11-2021
CyberScoop Wrote:Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company.
The breach on Nov. 3 provided access to 5 million email addresses and 2 million full names, with another approximately 310 having additional information like zip codes and dates of birth exposed. Around 10 more had “more extensive account details” exposed, the company announced on Monday. Robinhood has become a force in the financial market, with 18 million clients and $80 billion in assets, a summer filing stated.
“Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood’s statement reads.
It’s the first notable cyber incident on the company to surface since October of 2020, when Bloomberg reported that hackers hit nearly 2,000 accounts and stole some customer funds. The year before, Robinhood said it had stored user credentials in an insecure format.
Robinhood said that after the Nov. 3 incident, it contacted law enforcement and sought the investigative help of cybersecurity firm Mandiant.
CyberScoop Wrote:European and Middle Eastern spyware and surveillance firms are marketing intrusion software to adversaries of the U.S., its intelligence allies and NATO, Atlantic Council research published Monday reveals.
Looking at more than 200 companies that attended international arms fairs in the past two decades, researchers found that 85% of companies likely selling interception or intrusion technologies marketed these capabilities to governments outside their home country — even when no intelligence relationship existed. Five companies, including Israel-based Cellebrite and Sweden-based Micro Systemation AB, marketed those capabilities to U.S. and NATO adversaries.
...
The findings coincide with an explosion of surveillance vendors attending international arms trade shows, including the heavily attended Milipol France and the U.K. -based Security and Policing Home Office.
The report underscores growing concerns about the threat that spyware companies pose to the United States and its allies. U.S. and European leaders have begun to follow human rights organizations in vocalizing opposition to firms like the NSO Group, whose spyware technology has been used by authoritarian regimes to spy on dissidents and journalists.
The data on arms fair attendance collected by researchers included U.S. contractor CyberPoint, the precursor to DarkMatter, which was the subject of U.S. law enforcement after it designed cyber capabilities for the United Arab Emirates that led to spying on U.S. citizens.
The report provides one of the broadest overviews of the intrusion and surveillance industry to date, but the researchers note that it is likely far more firms exist. They say that because they were searching in English, “the dataset woefully underreports the presence of Chinese companies in this space.”
CyberScoop Wrote:Intruders accessed patient and employee data after infiltrating health-related IT systems in a breach that’s only now coming into focus.
A security incident affecting the province of Newfoundland and Labrador, first detected Oct. 30, took down multiple health networks, leading to the cancellation of thousands of appointments, including for chemotherapy treatments. The regional Eastern Health authority, which employees 13,000 people, only Thursday announced that its email system was again functioning.
“As part of the on-going investigation into a cyberattack that impacted health care IT systems in Newfoundland and Labrador, it has been determined that some personal information and personal health information was accessed from the systems,” the provincial government said in a Nov. 9 news release. “A review is ongoing to determine if any other information is affected in the incident and further updates will be provided as appropriate.”
Hackers obtained access to 14 years’ worth of information on current and former Eastern Health patients and employees, and nine years’ worth for Labrador Grenfell Health. Patient information includes name, address, health care number, reason for visit, their doctor and birth date. Employee information may include names, addresses, contact information and Social Insurance numbers, which are similar to U.S. Social Security numbers.
Canadian government officials have not said who is suspected in the latest incident, or whether ransomware was involved.
Keep in mind that many hospitals depend on ancient or obsolete software so they will be targeted by hackers at any given time.
How can I be so sure about this? Because they might still be using an OS like Windows XP or 7 under the hood that have not been properly updated / patched to prevent them from being taken over by the latest series of computer viruses.
Right, they could have also opened a suspicious email telling them to click on a weird link. You gotta admit it is a classic, thus it might not disappear any time soon.
If they were truly unlucky, those hackers could have hijacked their VPN connection by impersonating an employee's lawful request...
|