Tonya Riley – Page 22 – WindowsTechs.com

Global news app PressReader says it’s back up after cyberattack

Posted on March 7, 2022 by Tonya Riley

Digital media company PressReader was hit with a cyberattack late last week, the company confirmed on Twitter Monday, but its operations are now fully up and running — though some content published during the delay in operations is still being uploaded. The company said it did not see any evidence that customer data was compromised in the Thursday attack. The attack came just days after the site pulled Russian publications. There is no evidence the two events are related. PressReader is a subscription app that works with hotels, airlines and public institutions like libraries to automatically grant guests access to a library of more than 7,000 publications as soon as they connect to the company’s network. The platform has more than 12 million monthly active users, according to its website. It bills itself as “the world’s largest digital newsstand.” The outage affected at least a half-dozen U.S.-based publications that use […]

The post Global news app PressReader says it’s back up after cyberattack appeared first on CyberScoop.

Continue reading Global news app PressReader says it’s back up after cyberattack→

FTC, DOJ settle with WW weight loss app, citing violation of children’s privacy

Posted on March 4, 2022 by Tonya Riley

The Federal Trade Commission and Justice Department slapped a children’s weight loss app with a $1.5 million penalty and an order to delete data it collected on thousands of children under 13 allegedly without proper parental consent. The complaint from the FTC and DOJ alleges that Kurbo by WW (formerly known as Weight Watchers) failed to properly verify parental consent for users under 13 and made it easy for hundreds of users who identified as 13 or older during the signup process to then later change their age in the app. It also alleges the app didn’t properly notify parents who signed up on their children’s behalf about the extent of the data collected by the app. Both practices, the FTC said, violate a decades-old federal children’s privacy law for users under 13 known as the Children’s Online Privacy Protection Act (COPPA). “Weight Watchers and Kurbo marketed weight management services for […]

The post FTC, DOJ settle with WW weight loss app, citing violation of children’s privacy appeared first on CyberScoop.

Continue reading FTC, DOJ settle with WW weight loss app, citing violation of children’s privacy→

Russia’s invasion of Ukraine has turned the global internet into a battlefield

Posted on March 3, 2022 by Tonya Riley

Russia and Ukraine are both racing to take control of a key battlefield in the ongoing conflict: the internet. Moves by both countries have open internet advocates worrying that civilians’ rights to the global internet and freedom of information are getting caught in the middle. Ukraine failed in one of its attempts to cut Russia off on Wednesday. The Internet Corporation for Assigned Names and Numbers (ICANN) — a nonprofit that oversees domain and internet protocol systems vital to the global internet — rejected a request by Ukrainian officials to shut down high-level Russian domains. ICANN noted that it is not able to take unilateral action to disconnect domains. Third-party operators have control over security certificates and root server systems, two other services that Ukraine asked ICANN to revoke or shut down. “The Internet is a decentralized system,” Göran Marby, president and chief executive officer of ICANN, wrote in the […]

The post Russia’s invasion of Ukraine has turned the global internet into a battlefield appeared first on CyberScoop.

Continue reading Russia’s invasion of Ukraine has turned the global internet into a battlefield→

Biden to push for strengthening children’s privacy in State of the Union address

Posted on March 1, 2022 by Tonya Riley

President Biden will urge Congress to strengthen children’s privacy protections in his State of the Union address Tuesday, following growing concerns about the potential mental health impact online platforms cause children — an issue that Congress has repeatedly hauled in tech giants to address in hearings in recent months. A fact sheet released prior to the speech grouped the initiative into four distinct calls to action: banning targeted advertising for children, prioritizing safety design standards for online platforms, stopping discriminatory algorithmic decision-making and investing at least $5 million in fiscal year 2023 toward research on social media’s effects on mental health. “The President believes not only that we should have far stronger protections for children’s data and privacy, but that the platforms and other interactive digital service providers should be required to prioritize and ensure the health, safety and well-being of children and young people above profit and revenue in […]

The post Biden to push for strengthening children’s privacy in State of the Union address appeared first on CyberScoop.

Continue reading Biden to push for strengthening children’s privacy in State of the Union address→

Security experts say Ukraine’s request to shut down Russian domains could hurt civilians

Posted on March 1, 2022 by Tonya Riley

Ukrainian officials sent an urgent request Monday to the nonprofit that stewards domain and IP systems key to the global internet, but security experts are warning that it’s not as simple as it looks. Ukraine asked the Internet Corporation for Assigned Names and Numbers (ICANN) to shut down Russian top-level domains — such as those with the .ru country code — in response to Russia’s use of the internet as a key attack surface for both information operations and cyberattacks. ICANN has not yet responded to the request, Andrii Nabok, head of the expert group for the development of fixed broadband at Ukraine’s Ministry of Digital Transformation and Ukraine’s representative to ICANN, confirmed in an email to CyberScoop. The email, first reported by Rolling Stone, presses ICANN to “revoke, permanently or temporarily” Russian domains, revoke identification certificates for the domains and shut down DNS root servers in the Russian Federation. […]

The post Security experts say Ukraine’s request to shut down Russian domains could hurt civilians appeared first on CyberScoop.

Continue reading Security experts say Ukraine’s request to shut down Russian domains could hurt civilians→

In response to Russia threat, U.S. cybersecurity firms offer free services, data, threat intel

Posted on February 28, 2022 by Tonya Riley

U.S. cybersecurity companies are offering products and services for free to help cyberdefenders at home and abroad during Russia’s invasion of Ukraine. As of Monday, a crowdsourced list on GitHub listed more than a dozen experts, nonprofits and companies available for security assistance. Among the firms is GreyNoise, which announced Thursday it had upgraded all Ukrainian email accounts to include full enterprise access to its products. “In terms of our offer to support defenders in Ukraine, we’ve been in contact with dozens of different groups to help them get set up on our tools and leverage our data, as well as connect them with others in the InfoSec community doing the same,” Dan Maier, head of marketing at GreyNoise told CyberScoop in an email. The company is also offering the public free data on IP addresses that the firm has observed targeting Ukraine. Ukraine and Russia meet on Monday for […]

The post In response to Russia threat, U.S. cybersecurity firms offer free services, data, threat intel appeared first on CyberScoop.

Continue reading In response to Russia threat, U.S. cybersecurity firms offer free services, data, threat intel→

Ukrainian cyber officials warn of new wave of phishing attacks

Posted on February 25, 2022 by Tonya Riley

Ukrainian officials warned Friday that Belarusian hackers are sending a wave of phishing emails targeting Ukrainian soldiers and civilians. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” Ukraine’s Computer Emergency Response Team wrote in a Facebook post Friday. Both URLs belong to Ukraine-based email services. Once an account is compromised, hackers gain access to the target’s messages and their contact details, allowing them to send additional phishing emails to their contacts, the CERT said. Ukraine’s State Service of Special Communications and Information Protection issued a separate warning Friday about a phishing attack against civilian emails containing potentially malicious attached files. Warning ⚠️ A phishing #attack has started against Ukrainians! Citizens’ e-mail addresses receive letters with attached files of uncertain nature. The mass distribution of such messages to messengers may happen. #cyberattacks #Ukraine pic.twitter.com/YPvFH2oNk0 — SSSCIP Ukraine (@dsszzi) February 25, 2022 The […]

The post Ukrainian cyber officials warn of new wave of phishing attacks appeared first on CyberScoop.

Continue reading Ukrainian cyber officials warn of new wave of phishing attacks→

Chinese researchers accuse NSA of being behind a powerful exploit

Posted on February 23, 2022 by Tonya Riley

A Chinese cybersecurity firm released a report Wednesday that revealed a decade-old exploit allegedly created by a covert hacking group associated with the U.S. National Security Agency. The report is the first time that a Chinese cybersecurity firm has both attributed a cyberattack to a U.S. hacking group and included technical indicators of compromise. “It’s a completely different type of report here that that seems to mimic Western name-and-shame,” said Winnona DeSombre, fellow at the Atlantic Council and Harvard’s Belfer Center. Pangu Lab researchers said they first discovered the backdoor in 2013 during an “in-depth forensic investigation of a host in a key domestic department.” The researchers were later able to tie it to the “The Equation Group,” a group of hackers said to be affiliated with the NSA, after NSA documents leaked by a group known as the “The Shadow Brokers” published hacking files that allegedly belonged to the […]

The post Chinese researchers accuse NSA of being behind a powerful exploit appeared first on CyberScoop.

Continue reading Chinese researchers accuse NSA of being behind a powerful exploit→

Documents shed light on ID.me’s marketing to states about powerful facial recognition tech

Posted on February 18, 2022 by Tonya Riley

Identity verification technology company ID.me quietly deployed a powerful form of facial recognition on unemployment benefits applicants while encouraging state partners to dispel the idea that the company used the technology, according to Oregon state records the American Civil Liberties Union shared with CyberScoop. The documents show that in the months following the introduction of facial recognition software that matched a photo across a wider database — known as “1:many” — into its fraud detection service, ID.me disseminated talking points to the Oregon Employment Department (OED) and other state partners to combat media reports that it used the more powerful form of facial recognition. Privacy advocates who are pushing states to drop the technology say the documents raise concerns that states working with ID.me may have been unaware of the risks involved with the use of facial recognition technology, the accuracy of which has been challenged by government and academic researchers. […]

The post Documents shed light on ID.me’s marketing to states about powerful facial recognition tech appeared first on CyberScoop.

Continue reading Documents shed light on ID.me’s marketing to states about powerful facial recognition tech→

Red Cross attributes hack to nation-state actor

Posted on February 16, 2022 by Tonya Riley

The International Committee of the Red Cross has concluded that a nation-state hacker was behind a cyberattack on its servers discovered last month. A forensic analysis of the attack revealed the use of tools designed specifically to go after ICRC servers, the organization said Wednesday. “This was a sophisticated attack — a criminal act — breaching sensitive humanitarian data,” ICRC Director-General Robert Mardini said. “We know that the attack was targeted because the attackers created code designed solely for execution on the concerned ICRC servers, a technique we believe was designed to shield the hackers’ activities from detection and subsequent forensic investigations.” Separate from Mardini’s statement, the organization released a summary of the technical findings by an unnamed “specialist cyber security company.” The forensic report does not attribute the attack to any specific advanced persistent threat (APT) group, and ICRC declined to speculate on the culprit. “[M]ost of the malicious […]

The post Red Cross attributes hack to nation-state actor appeared first on CyberScoop.

Continue reading Red Cross attributes hack to nation-state actor→