Gee, when I was editor of my college newspaper
I loved it when people took offense.
I loved it when people took offense.
It proved I had got their attention.
Sydney cloaked in bushfire smoke for second time in three days
- Sydney Morning Herald
Ken Starr on Gordon Sondland’s impeachment hearing testimony:
‘One of those bombshell days’ - NEWS.com.au
Freedom on the Net 2019 The Crisis of Social Media
Sydney cloaked in bushfire smoke for second time in three days
- Sydney Morning Herald
Ken Starr on Gordon Sondland’s impeachment hearing testimony:
‘One of those bombshell days’ - NEWS.com.au
RICHARD FERNANDEZ: The Media Are Missing the Biggest Story Since the Fall of the Soviet Union. “Bloomberg editors have noticed that the world is on fire. There are demonstrations and unrest in Lebanon, Chile, Spain, Iraq, Sudan, Russia, Uganda, Peru, Hong Kong, Zimbabwe, Venezuela and others. That ‘other’ is Iran, where the Internet has been shut down and rampaging protesters are burning down the Central Bank. Hong Kong at least deserves a separate mention.”
Hong Kong protests: university campus stand-off between radicals and riot squad shows no sign of ending as thousands hit streets in bid to relieve police siege SCMP
Beijing’s tactics are driving spiral of violence in Hong Kong Australian Financial Review
* * *
Embarrassing mistake: Chinese magazine ‘accidentally’ reveals new top secret weapon NY Herald
Hong Kong protests: university campus stand-off between radicals and riot squad shows no sign of ending as thousands hit streets in bid to relieve police siege SCMP
Beijing’s tactics are driving spiral of violence in Hong Kong Australian Financial Review
Very excited to announce the new Tim Harford podcast Cautionary Tales, affiliated with the Malcolm Gladwell podcast enterprise.
States are sealing criminal records and for the better (The Economist)
Cold peace Tony Abbott and Paul Keating at odds over approach to China
Cold peace Tony Abbott and Paul Keating at odds over approach to China
What Would Happen If the Internet Went Down … Forever? -
Popular Mechanics – “…So how long could society carry on without the internet? However implausible, it’s nonetheless a scenario that futurists, economists, and IT workers spend considerable time contemplating. “Eliminating all internet communications, even if only for a few days, would inflict huge economic costs,” says Thomas Hazlett, who served as chief economist of the Federal Communications Commission in the early 1990s. “Look at the economic damage wrought by the 9/11 attacks that closed Wall Street trading and cut off international flights in a large part of the world for about a week. Those losses are calculated to be over $120 billionFreedom on the Net 2019 The Crisis of Social Media
Freedom House – “Governments around the world are increasingly using social media to manipulate elections and monitor their citizens, tilting the technology toward digital authoritarianism. As a result of these trends, global internet freedom declined for the ninth consecutive year, according to Freedom on the Net 2019, the latest edition of the annual country-by-country assessment of internet freedom, released today by Freedom House. Adding to the problem of meddling by foreign regimes, a new menace to democracy has risen from within, as populist leaders and their armies of online supporters seek to distort politics at home. Domestic election interference marred the online landscape in 26 of the 30 countries studied that held national votes over the past year. Disinformation was the most commonly used tactic. Authorities in some countries blocked websites or cut off access to the internet in a desperate bid to cling to power.
“Many governments are finding that on social media, propaganda works better than censorship,” said Mike Abramowitz, president of Freedom House. “Authoritarians and populists around the globe are exploiting both human nature and computer algorithms to conquer the ballot box, running roughshod over rules designed to ensure free and fair elections.” Governments from across the democratic spectrum are indiscriminately monitoring citizens’ online behavior to identify perceived threats—and in some cases to silence opposition. Freedom House has found evidence of advanced social media surveillance programs in at least 40 of the 65 countries analyzed..”
via Nick Leiserson
via Nick Leiserson
CyberScoop
November
15, 2019
After years
of getting pummeled by critics for not embracing ethical hacking, the country’s
biggest voting equipment vendors took a big step in that direction in
September. They asked the cybersecurity community for ideas on how to set up a
process through which researchers could flag software flaws for vendors to fix.
Companies that specialize in coordinated vulnerability disclosure (CVD)
programs like Bugcrowd and Synack responded to the request for information. But
the usual suspects weren’t the only entities to submit ideas. A Democratic
presidential candidate and one of the most outspoken voices in the Senate on
election security also chimed in. In a four-page letter to the industry
association establishing the CVD program, Sen. Amy Klobuchar, D-Minn., advised
the voting-gear vendors to ditch their reservations about working with unvetted
researchers, pay close attention to their supply chains, and set a timeline for
getting software bugs fixed.
The Hill
November
14, 2019
The House
Science, Space and Technology Committee on Thursday unanimously approved
legislation intended to secure voting technology against cyberattacks. The
Election Technology Research Act would authorize the National Institute of
Standards and Technology and the National Science Foundation to conduct
research on ways to secure voting technology. The legislation would also
establish a Center of Excellence in Election Systems that would test the
security and accessibility of voting machines and research methods to certify
voting system technology. The bill is sponsored by Reps. Anthony Gonzalez (R-Ohio)
and Mikie Sherrill (D-N.J.), along with committee Chairwoman Eddie Bernice
Johnson (D-Texas) and ranking member Frank Lucas (R-Okla.). All four sponsors
enthusiastically praised the bill during the committee markup on Thursday, with
Johnson saying that “transparent, fair, and secure elections are the bedrock of
our democracy,” and that attacks in 2016 on online voter registration databases
“have increased Americans’ concerns about the integrity of our elections.”
Nextgov
November
13, 2019
An
attempted hack of the mobile voting application used by West Virginia during
the 2018 midterm elections has already spawned an FBI review, but now a
prominent U.S. senator is urging a full cybersecurity audit of the technology.
Sen. Ron Wyden, an Oregon Democrat, wrote to the Department of Defense and
National Security Agency last week to ask the agencies to conduct a full review
of Voatz, the company behind the technology. Voatz developed the mobile voting
app to provide a way for overseas service members to cast ballots. The company
said 144 West Virginians living in 31 different countries used the app to vote
in the 2018 elections. Wyden is concerned with the security risks of using the
technology to cast ballots online and said Voatz has not been sufficiently
transparent about its efforts to vet and safeguard the voting app. “While Voatz
claims to have hired independent experts to audit the company, its servers and
its app, it has yet to publish or release the results of those audits or any
other cybersecurity assessments,” Wyden wrote in the Nov. 7 letter. “In fact,
Voatz won’t even identify its auditors. This level of secrecy hardly inspires
confidence.” Spokespeople from both the NSA and DOD said they are in receipt of
the letter, but declined to comment further.
The Hill
November
11, 2019
Rep. Pete
King’s (R-N.Y.) planned retirement after the 2020 elections is the latest in a
string of House departures that look likely to deal a blow to Republican
cybersecurity expertise on Capitol Hill. King said on Monday he would not seek
reelection after 14 terms in the House, including serving previously as
chairman of the House Homeland Security Committee and as a member of the House
Intelligence Committee. Those two panels have a focus on cyber issues, such as
election security and other cyber threats from foreign countries, and the
departure of a longtime member such as King could make it more difficult for Congress
to address growing cyber threats in the future. His resignation
comes on the heels of announcements by almost two dozen other House Republicans
that they will not run for reelection, with several of these members having
become key players in the cybersecurity debate on Capitol Hill, including Rep.
Will Hurd (R-Texas).
ADMINISTRATION
Gov Info
Security
November
15, 2019
Several
recent advisories from federal regulators concerning newly identified
vulnerabilities in certain medical devices serve as the latest reminders of the
risk management challenges involved. The alerts point to the need for
healthcare organizations to stay current on newly identified medical device
flaws and take steps to remediate risks, including prompt software patching and
segmenting devices on networks. A series of recent advisories from the
Department of Homeland Security's U.S. Computer Emergency Response Team, or
CERT, deals with products from Philips and Medtronic that have vulnerabilities
- including weak encryption, improper authentication, and hard-coded
credentials - that can potentially put the equipment at risk for unauthorized
access or cyberattacks. Both manufacturers say there has been no evidence these
vulnerabilities have been exploited, resulting in security incidents or patient
harm.
Nextgov
November
14, 2019
The
Homeland Security Department’s signature cybersecurity program is helping
agencies discover scores of devices they didn’t know existed within their IT
infrastructure, according to the program’s chief. Launched in 2013, the
Continuous Diagnostics and Mitigation program offers agencies a full suite of
cyber tools, dashboards and services meant to give them a bird’s-eye view of their
digital ecosystem. The program, run by the Cybersecurity and Infrastructure
Security Agency, is meant to help officials better defend against cyberattacks
by increasing visibility into the users, devices, systems and traffic across an
agency’s network. Already, the effort is helping the government shed light its
shadow IT, the numerous devices that operate across agencies’ networks without
oversight from their IT shops. When conducting audits of their digital
ecosystems, agencies uncovered 75% more assets using automated tools provided
through CDM than they did using traditional manual reporting, according to
Program Manager Kevin Cox. In other words, before using CDM tools, agencies
only knew about four of every seven devices that connected to their networks.
“If you don’t know what all of your assets are, you can’t protect your
network,” he said Thursday during a speech at the CDM Summit hosted by FCW.
“You don’t understand what your attack surface is [or] what the adversary is
attacking. So that [75% increase] is significant in terms of just getting
better visibility for the agencies to know what they need to protect and where
they have data.”
CyberScoop
November 14,
2019
Misconceptions
from the private sector about the risks of sharing data with the government are
still a hurdle when it comes to cyberthreat exchange programs, a Department of
Homeland Security official said Thursday. “I don’t think there are any risks to
[sharing cyberthreat information] with the federal government; I think that
there are potentially some perceived risks,” said Rick Driggers, an official at
DHS’s Cybersecurity and Information Security Agency (CISA). “I’ve heard that
there are a lot of private-sector companies that don’t necessarily want to give
information to the federal government,” Driggers said at the Workforce Summit
produced by FedScoop. “And I totally get that.” Concerns from private-sector
organizations about sharing data with the government include that companies
could expose themselves to litigation or reveal sensitive corporate
information. That is despite a 2015 federal law that gives firms legal cover
to share that data.
Fifth
Domain
November
14, 2019
There is
currently not a whole-of-government approach to the Department of Defense’s
“defend forward” strategy and, according to Brandon Valeriano, a senior adviser
to the Cyber Solarium Commission and the chair of armed politics at the Marine
Corps University, there needs to be. The policy, which says DoD can operate on
foreign networks to stop attacks before they happen, needs engagement from
other government agencies in order to be successful. “The defend forward
strategy, properly implemented, wouldn’t just be DoD,” Valeriano said Nov. 12
at Fifth Domain’s annual CyberCon conference. “It would include everything.”
Valeriano said that the major players in government cybersecurity — the
Departments of Homeland Security, Justice, State and Defense, as well as the
intelligence community — aren’t properly communicating. “Not everyone is on the
same page and that’s been the most disappointing thing I’ve found looking at
cyber policy," said Valeriano. The defend forward strategy is meant to
change adversary behavior in cyberspace, but Valeriano said that the DoD hasn’t
established how it can measures the before and after of adversary behavior.
Valeriano also said that there is not a “clear conception of metrics" to
measure the success of the new strategy.
FCW
November
14, 2019
Aaron Weis,
the Navy's newly appointed CIO, expects the Defense Department's new unified
cybersecurity certification to help bring government's tech standard closer to
industry's. "There's not a single silver bullet," Weis said during a
panel talk at AFCEA DC's Navy luncheon Nov. 13. "But I think you can lead
by well-placed examples. You can lean on the Tier 1 providers, lean on the Tier
2s, Tier 3s to look at things culturally. And there are a number of ways that
[the Navy] can go out and really put a pin on where things need to change. The
DOD's planned Cybersecurity Maturity Model Certification (CMMC) program could
help and has the "right perspective," Weis said. "I'm a believer
in that model. CMMC is basically saying that -- it's asking individual Tier 2
or Tier 3 suppliers to go accredit themselves and then get that accreditation
validated by a third party. And that is exactly how it happens in other
industries," he said.
Gov Info
Security
November
14, 2019
A pair of
Massachusetts men allegedly ran a years-long scheme that used SIM swapping and
other hacking techniques to target executives in order to steal more than
$550,000 worth of cryptocurrency, the U.S. Justice Department announced
Thursday. Most of the 10 executives who were targeted worked for blockchain
companies or cryptocurrency exchanges or published guides and advice about virtual
currencies and digital wallets, according to the U.S. Attorney's Office for the
District of Massachusetts, which is overseeing the case. The reason that these
types of victims were targeted, according to the indictment, is they
"likely had significant amounts of cryptocurrency," prosecutors say.
Many of the victims had significant social media followings, they note.
According to the unsealed indictment, Eric Meiggs, 21, and Declan Harrington,
20, hacked into and took over the social media and email accounts of several of
these victims and also threatened their families in an attempt to extort more
virtual currency. Meiggs and Harrington, who were arrested Thursday, each face
charges of conspiracy, wire fraud, computer fraud and abuse and aggravated identity
theft, according to the indictment.
Nextgov
November
13, 2019
The
Homeland Security Department is looking for feedback on a program that lets
critical infrastructure operators see how their cyber defenses stack up against
one another. The vulnerability assessment program, run by the Cybersecurity and
Infrastructure Security Agency, also helps participants spot specific
weaknesses in their digital infrastructure and develop strategies to close
those gaps. After launching the initiative roughly a year ago, CISA wants to
know whether industry finds it effective and how it might be improved. The
agency will post a request for comment on the program to the Federal Register
on Thursday. The program is voluntary and available to organizations across all
16 critical infrastructure sectors. According to the post, the initiative costs
the government roughly $2.2 million per year. To assess participants’ security
posture, CISA personnel collect “basic, high-level information” on their
physical and cyber defenses. They then analyze the data to create two different
scores, one that measures the strength of the group’s defenses and another that
rates its resiliency under attack.
AP
November
13, 2019
Georgia
election officials have opened an investigation into two prominent critics of
the state’s new touchscreen voting machines, secretary of state Brad
Raffensperger’s office confirmed Wednesday. Those critics called the investigation
an attempt to intimidate detractors of the new machines. Marilyn Marks,
executive director of the nonprofit Coalition for Good Governance, and Richard
DeMillo, a cybersecurity expert and Georgia Tech professor, are accused of
“interfering with voters by being in unauthorized areas” of voting locations
while observing pilot elections conducted on the new machines on Nov. 5.
Raffensperger spokesman Walter Jones says the investigation was launched after
complaints from “poll workers and voters” and that Marks and DeMillo were “in
an area of the polling place where only voters and election officials are
allowed to be.” Marks responded, “I have absolutely no idea what this could be
about other than just an effort to try to discredit us, because much of what we
observed was not pretty.”
Nextgov
November
12, 2019
The
government can make significant progress in securing its IT supply chain by
following a few basic procurement practices, but most agencies have yet to
adopt them, according to federal security experts. While government leaders
have recently given a lot of attention to the supply chain security threats
posed by foreign vendors, officials must devote equal energy to reforming their
acquisition policies so they put those warnings to good use, experts said.
Those efforts require an in-depth understanding of both the government’s IT
infrastructure and the countless firms in its vendor pool, they said, but today
that remains a challenge for most agencies. “Supply chain [security] is where
we were with cyber[security] maybe 15, 20 years ago,” Michele Iversen, director
of risk assessment and operational integration at the Defense Department, said
Tuesday during a panel at Fifth Domain’s CyberCon event. “We really don’t
really have the visibility that we need to know where the threats are and what’s
actually happening.” While it’s relatively easy to stay away from high-profile
companies like Kaspersky Lab and Huawei, there are hundreds of thousands of
firms that do business with the government, and still more that support those
vendors. Each of those firms could pose a range of potential risks—from
espionage threats to poor software development practices—and procurement
officials don’t always know who to trust, panelists said.
Nextgov
November
12, 2019
With less
than a year until the 2020 presidential election, a new report calls on Congress
to bolster the authority of the agency that serves as the nation’s elections
clearinghouse and devote more funding and resources to it. The Brennan Center
for Justice, a nonpartisan law and public policy institute, released a report
on Tuesday that proposes a new framework for protecting election systems. Its
recommendations focus on the oversight and internal operations of the Election
Assistance Commission, the understaffed and underfunded federal agency
responsible for promoting election administration best practices and voting
machine security standards. “The federal government regulates colored pencils,
which are subject to mandatory standards promulgated by the Consumer Product
Safety Commission, more strictly than it does America’s election infrastructure,”
said the report. Although the Homeland Security Department designated election
systems as critical infrastructure in 2017 following revelations of Russian
interference in the 2016 presidential election, election systems don’t receive
the same type of oversight as other sectors with the critical infrastructure
classification. “While voting systems are subject to some functional
requirements under a voluntary federal testing and certification regime, the
vendors themselves are largely free from federal oversight,” the report said.
“Under our proposal, the EAC would extend its existing certification regime
from voting systems to include all vendors that manufacture or service key
parts of the nation’s election infrastructure.”
INDUSTRY
Wired
November
15, 2019
When you
buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in
their own apps or give it a fresh coat of interface. Carriers do it too. The
resulting stew of preinstalled software and vanilla Android sometimes turns out
to be rancid, putting flaws and vulnerabilities on the phone before you even
take it out of the box. For proof of how bad it is, look no further than the
146 vulnerabilities—across 29 Android smartphone makers—that have just been
simultaneously revealed. Yes, that’s 146, all discovered by security firm
Kryptowire and detailed one by one in a new gargantuan disclosure. Most of the
implicated companies operate primarily in Asia, but the list includes global
heavyweights like Samsung and Asus as well. While the bugs vary in severity and
scope—and in some cases, the manufacturers dispute that they’re a threat at all—they
illustrate an endemic problem for Android, one that Google has acknowledged.
Axios
November
14, 2019
Over a
two-week period, the computer networks at more than half of the Fortune 500
left a remote access protocol dangerously exposed to the internet, something
many experts warn should never happen, according to new research by the
security firm Expanse and 451 research. According to Coveware, more than 60% of
ransomware is installed via a Windows remote access feature called Remote
Desktop Protocol (RDP). It's a protocol that's fine in secure environments but
once exposed to the open internet can, at its best, allow attackers to disrupt
access and, at its worst, be vulnerable to hacking itself. The Expanse/451
study found that 53.4% of Fortune 500 companies had an RDP exposure over a
two-week period scanning for open RDP ports.
ZDNet
November
14, 2019
Both
Microsoft and the Linux kernel teams have added ways to disable support for
Intel Transactional Synchronization Extensions (TSX). TSX is the Intel
technology that opens the company's CPUs to attacks via the Zombieload v2
vulnerability. Zombieload v2 is the codename of a vulnerability that allows malware
or a malicious threat actor to extract information processed inside a CPU,
information to which they normally shouldn't be able to access due to the
security walls present inside modern-day CPUs. This new vulnerability was
disclosed earlier this week. Intel said it would release microcode (CPU
firmware) updates -- available on the company's Support & Downloads center.
But, the reality of a real-world production environment is that performance
matters. Past microcode updates for other attacks, such as Meltdown, Spectre,
Foreshadow, Fallout, and Zombieload v1, have been known to introduce
performance hits of up to 40%.
CyberScoop
November
13, 2019
Every two
years, power-grid authorities throw the kitchen sink of digital and physical
mayhem at electric utilities and government organizations across North America.
It is one of the biggest tests of the utilities’ ability to withstand wave upon
wave of hypothetical attacks — and they are not necessarily supposed to pass
the test. The GridEx simulation, which begins Wednesday, is “purposely designed
to overwhelm even the most prepared organizations” so they can improve their
resiliency, said Matt Duncan an official at the North American Electric
Reliability Corp., which runs the drill. Exercise participants won’t need any
reminders that, in the last four years, malicious hackers have cut power for
hundreds of thousands of people in Ukraine and caused a petrochemical plant to
shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure
companies work to prevent such disruptive attacks from hitting them.
Ars Technica
November
13, 2019
The US
Federal Trade Commission has sued an IT provider for failing to detect 20
hacking intrusions over a 22-month period, allowing the hacker to access the
data for 1 million consumers. The provider only discovered the breach when the
hacker maxed out the provider’s storage system. Utah-based InfoTrax Systems was
first breached in May 2014, when a hacker exploited vulnerabilities in the
company’s network that gave remote control over its server, FTC lawyers alleged
in a complaint. According to the complaint, the hacker used that control to access
the system undetected 17 times over the next 21 months. Then on March 2, 2016,
the intruder accessed personal information for about 1 million consumers. The
data included full names, social security numbers, physical addresses, email
addresses, phone numbers, and usernames and passwords for accounts on the
InfoTrax service. The intruder accessed the site later that day and again on
March 6, stealing 4,100 usernames, passwords stored in clear-text, and hundreds
of names, addresses, Social Security numbers, and data for payment cards. The
complaint said InfoTrax employees did not discover the breach until March 7,
2016, when they received alerts that one of the company's servers had reached
its maximum storage capacity.
Gov Info
Security
November
12, 2019
A new
ransomware-as-a-service model dubbed "Buran" that targets
vulnerabilities in certain devices running Windows is offered at a deep
discount to help the malware spread faster, according to McAfee researchers.
Buran, which has been active since at least May, has evolved from an older
strain of ransomware called VegaLocker, according to a new report from McAfee
researchers Alexandre Mundo and Marc Rivero Lopez. The unidentified gang behind
Buran has been spreading their ransomware-as-a-service model through Russian
criminal forums, offering such features as offline crypto-locking capabilities,
flexible functionality and 24/7 customer support, the researchers note. The
biggest differentiator for Buran, however, is the price, the researchers says.
While Buran's file encryption function operates in a similar manner to other
ransomware, such as REVil and GandCrab, the MacAfee researchers note that the
creators of Buran only demand a 25 percent share of ransoms collected. This is
a significant discount from the typical 30 percent to 40 percent demanded by
other malware developers, the researchers note.
CyberScoop
November
11, 2019
A database
in Apple’s MacOS stores encrypted email messages in a plain text format,
according to a researcher who says he reported the problem to the company
months ago. Bob Gendler, a Mac expert and an IT specialist at the National
Institute of Standards and Technology, published a Medium post on Nov. 6 detailing
how, if a customer sends encrypted emails via Apple Mail, an outsider could
access some of the text. The bug is specific, and likely only affects a
fraction of macOS users: Hackers would need to access specific Apple system
files from a victim who sent an encrypted message from Apple Mail through a
macOS without FileVault encryption. Gendler classified the issue as an
“inadvertent information exposure.”
Bloomberg
November
11, 2019
A pair of
security researchers has discovered two vulnerabilities in ATMs widely used
across the U.S. that could allow a determined criminal to steal cash and
customer data. Brenda So and Trey Keown, of New York-based Red Balloon Security
Inc., found the flaws in machines manufactured by Nautilus Hyosung America
Inc., the largest provider of ATMs in the U.S. By gaining access to the same
network as the target ATM, the researchers were able to obtain full control of
the machine and bypass its security measures. They also discovered master keys
to the ATMs for sale on Amazon.com -- something other researchers have
previously pointed out. In a joint statement Monday, Red Balloon and Nautilus
Hyosung said they had no evidence anyone has ever taken advantage of the
vulnerabilities. The researchers said the flaws only affected retail versions
of Nautilus ATMs, not ones used in financial institutions. According to an
estimate by Red Balloon, more than 80,000 machines are vulnerable. Nautilus has
more than 150,000 installed ATMs in the U.S., according to the statement.
The New
York Times
November 9,
2019
Bela
Bhatia, a human rights lawyer in the Indian state of Chhattisgarh, is
accustomed to surveillance. She works in a region prone to both guerrilla
violence and government reprisals, and the authorities do not like many of her
clients. Still, Ms. Bhatia said she was shocked to learn her phone had been
infected with invasive spyware delivered through missed video calls on
WhatsApp, a messaging service that is used by about 400 million people in
India, WhatsApp’s biggest market. “You are carrying the spy in the pocket with
you everywhere you go,” she said. “It is much more than one had imagined that
the Indian state could do.” Ms. Bhatia is one of more than a hundred Indians
who learned in recent months that every keystroke, call and GPS location on
their phones had probably been recorded by the surveillance software, which is
sold by the NSO Group, an Israeli firm. NSO says its technology is licensed
only to governments for combating terrorism and fighting crime. It also
promises it won’t sell to governments with records of human rights abuses. But
the revelations from India over the last two weeks show that even countries
with decent scores on global human rights indexes will use NSO technology to
track journalists, critics and dissidents, digital rights activists said.
INTERNATIONAL
CBC
November 15,
2019
The Nunavut
government is slowly returning to normal nearly two weeks after its computer
systems were paralyzed by a cyber attack. Dean Wells, the territory's chief
information officer, says departments are beginning to come back online.
Government employee paycheques are expected to be delivered Friday as normal.
All Nunavut government computers were paralyzed on Nov. 2 when a ransomware
virus entered the system. It encrypted individual files on various servers and
workstations and locked out regular users. The government says it refused to
pay the ransom and offices were forced to rely on fax machines, paper forms and
telephone calls while the system was repaired.
BBC
November 15,
2019
News that
India's biggest nuclear plant - the Kudankulam facility in the southern state
of Tamil Nadu - had been subject to a cyber-attack made headlines across the
country last month. It sparked conversations about whether the country was
"cyber-ready" and many questioned whether it would be able defend
critical infrastructure from malicious digital attacks. But there is a much
bigger issue that affects millions of Indians - debit card hacks and other
forms of financial fraud. Just last month, India's central bank asked banks to
investigate a warning by the Singapore-based cyber-security firm Group-IB that
the details of 1.2m debit cards were available online. And last year hackers
were able to siphon off 900m rupees ($12m; £9.7m) from Cosmos bank in the western
city of Pune through a malware attack on one of its data suppliers.
"India's financial systems are extremely vulnerable, because we still rely
on international banking networks like Swift to make transactions.
International gateways are open vectors of attack for India," Arun
Sukumar, head of the cyber initiative at the Observer Research Foundation think
tank, told the BBC. And a report by cyber-security company Symantec said India
was among the top three countries in the world for phishing and malware
attacks.
CyberScoop
November 14,
2019
An Iranian
government-linked hacking group has in the last year been using small clusters
of hijacked computers to infect a handful of targets that include a U.S.
national security firm and a university, researchers said Thursday. The Iranian
group, dubbed APT33, is using the botnets — groups of computers commandeered by
attackers — in “extremely targeted malware campaigns against organizations in
the Middle East, the U.S., and Asia,” cybersecurity company Trend Micro said.
Botnets are often comprised of a large number of machines. But in this case,
the Iranian hackers are using just a dozen computers per botnet to deliver
their malware and get persistence access on a network, according to the
researchers. The Iranian hackers also set up their own virtual private network
with “exit nodes” that change frequently, Trend Micro said. The researchers say
they have been tracking those VPN nodes for over a year, but the group has
likely used them for longer.
Reuters
November
13, 2019
As trade
talks between Washington and Beijing intensified earlier this year, suspected
Chinese hackers broke into an industry group for U.S. manufacturers that has
helped shape President Donald Trump’s trade policies, according to two people
familiar with the matter. The National Association of Manufacturers (NAM) was
hacked over the summer and hired a cybersecurity firm, which concluded the
attack came from China, the two sources said. The security firm, which the
sources did not name, made the assessment based on the usage of tools and
techniques previously associated with known Chinese hacking groups, they said.
The hack of an internal computer network at a powerful Washington industry
group illustrates how China has tried to gain an advantage in the trade war
between the world’s two biggest economies. It is unclear what data was stolen.
NAM hired the outside cybersecurity firm to respond to the breach and stop the
intrusion. Spokeswoman Erin Streeter said that given NAM’s high profile, “we
know we are a target for cyber-attacks. We identified suspicious activity
relating to certain company systems and investigated the matter.”
Gov Info
Security
November 13,
2019
The U.S.
Justice Department Tuesday unsealed an indictment charging Russian national
Aleksey Burkov with running an underground site called "Cardplanet"
that acted as a clearinghouse for stolen payment card data. Burkov arrived in
the U.S. Tuesday after being extradited by Israel. Between 2009 and 2013, the
Cardplanet site trafficked in more than 150,000 stolen credit and debit cards,
mainly issued through U.S. banks and financial institutions, according to the
federal indictment. Prosecutors estimate that more than $20 million in
fraudulent purchases were made using those cards. Burkov, 29, faces multiple
charges, including wire fraud, access device fraud, conspiracy to commit wire
fraud, access device fraud, computer intrusions, identity theft and money
laundering. If convicted on all counts, he could face up to 80 years in prison.
Financial
Times
November 12,
2019
The Labour
party was hit by two cyber attacks in as many days as hackers targeted the UK
opposition’s computer systems, highlighting concerns that the upcoming general
election could be vulnerable to cyber interference. The party said in a
statement on Tuesday that it had suffered a “sophisticated and large-scale”
attack on its digital platforms on Monday. Hours later a party official
confirmed it had been targeted in a second attack. The party said after the
first attack it was confident its security systems had prevented any data
breach but added it had reported the attack to the UK’s National Cyber Security
Centre, part of the UK’s communications intelligence service GCHQ. “We have
ongoing security processes in place to protect our platforms, so users may be
experiencing some differences,” a Labour party spokesperson said after news of
the second attack was reported by Reuters. “We are dealing with this quickly
and efficiently.”
Reuters
November 11,
2019
A
ransomware attack hit computer servers and halted administrative work on Monday
at Mexican state oil firm Pemex, according to employees and internal emails, in
hackers' latest bid to wring ransom from a major company. Hackers have
increasingly targeted companies with malicious programs that can cripple
systems overseeing everything from supply chains to payments to manufacturing,
removing them only after receiving substantial payments. An internal email seen
by Reuters said Pemex was targeted by "Ryuk," a strain of ransomware
that experts say typically targets companies with annual revenue between $500
million and $1 billion. "We are taking measures at the national level to
fight RYUK ransomware, which is affecting various Pemex servers in the
country," a company official said in an email on Sunday.
TECHNOLOGY
The New
York Times
November
12, 2019
Last May,
when Intel released a patch for a group of security vulnerabilities researchers
had found in the company’s computer processors, Intel implied that all the
problems were solved. But that wasn’t entirely true, according to Dutch
researchers at Vrije Universiteit Amsterdam who discovered the vulnerabilities
and first reported them to the tech giant in September 2018. The software patch
meant to fix the processor problem addressed only some of the issues the
researchers had found. It would be another six months before a second patch,
publicly disclosed by the company on Tuesday, would fix all of the
vulnerabilities Intel indicated were fixed in May, the researchers said in a
recent interview. The public message from Intel was “everything is fixed,” said
Cristiano Giuffrida, a professor of computer science at Vrije Universiteit
Amsterdam and one of the researchers who reported the vulnerabilities. “And we
knew that was not accurate.”
