Tonya Riley – Page 28 – WindowsTechs.com

Internet providers fail to inform Americans about how they use sensitive data for advertising, FTC says

Posted on October 21, 2021 by Tonya Riley

Internet service providers fail to disclose to consumers how they use sensitive data, obscure privacy practices and making it difficult to opt-out of collection, according to a study released Thursday by the Federal Trade Commission. The study signals that telecommunications companies may not escape the agency’s efforts to establish consumer privacy protections, even as platforms like Facebook and Google dominate the conversation. “While several ISPs in our study tell consumers they will not sell their data, they fail to reveal to consumers the myriad of ways that their data can be used, transferred, or monetized outside of selling it, often burying such disclosures in the fine print of their privacy policies,” the report concludes. The report, which the agency ordered in 2019, looked at six of the largest ISPs — AT&T Mobility, Cellco Partnership (Verizon Wireless), Charter Communications Operating, Comcast (Xfinity), T-Mobile US, and Google Fiber — covering 98% of […]

The post Internet providers fail to inform Americans about how they use sensitive data for advertising, FTC says appeared first on CyberScoop.

Continue reading Internet providers fail to inform Americans about how they use sensitive data for advertising, FTC says→

New Commerce Department rule to limit sale of offensive cyber tools to China, Russia

Posted on October 20, 2021 by Tonya Riley

The Commerce Department released a rule Wednesday aimed at stopping offensive cybersecurity tools made in the U.S. from falling into the hands of countries that use such software undermine human rights or national security. The new rule requires U.S. companies to obtain a license from the Commerce Department’s Bureau of Industry and Security before selling hacking tools to the governments and individuals in countries of national security concern, including China and Russia. Sales of defensive cybersecurity software are largely exempt from the rule. Technologies covered by the new rule include spyware and tools designed to carry out nefarious tasks, such as malicious trojans. “The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights,” Commerce Secretary Gina Raimondo said in a statement. The new rule, which will take effect in […]

The post New Commerce Department rule to limit sale of offensive cyber tools to China, Russia appeared first on CyberScoop.

Continue reading New Commerce Department rule to limit sale of offensive cyber tools to China, Russia→

Scammers targeted YouTube creators to takeover accounts, promote crypto investment fraud

Posted on October 20, 2021 by Tonya Riley

Scammers have been targeting YouTube creators with fake content collaboration offers in order to steal their accounts, according to a Google Threat Analysis Group report published Wednesday. Google began tracking and disrupting the campaign in late 2019. Approximately 4,000 YouTube channels stolen as part of the campaign have been recovered since May, according to the report. YouTube has struggled with outsiders taking over channels to spread cryptocurrency scams before, as fraudsters took over several high-traffic channels in August 2020 themed around the launch of SpaceX’s first spaceflight with NASA. As a part of the latest phishing campaign, scammers sent emails to creators offering collaborations. Once the creator agreed, the scammer sent them a link to malicious software that appeared to be a legitimate URL. Attackers created more than 1,000 websites to help spread the ruse, including some that impersonated real companies including a Cisco virtual private network and the gaming […]

The post Scammers targeted YouTube creators to takeover accounts, promote crypto investment fraud appeared first on CyberScoop.

Continue reading Scammers targeted YouTube creators to takeover accounts, promote crypto investment fraud→

As attention grows, #ShareTheMicInCyber leaders explain why mid-career talent matters

Posted on October 18, 2021 by Tonya Riley

#ShareTheMicInCyber, a group dedicated to boosting diversity in the cyber field, will host its fourth online conversation pairing Black practitioners with allies in the security sector to highlight Black talent. “Individual action is extremely important and can catalyze collective action,” co-founder Camille Stewart said at CyberWeek, a Scoop News Group event. “Grassroots movements like #ShareTheMicInCyber can help break down the trust silos that plague our industry and cripple progress.” The lesson seems especially pertinent as government agencies have in recent months had to grapple with the challenge of filling critical cybersecurity jobs. An upcoming #ShareTheMicEvent, scheduled for Oct. 22, will focus on public-private partnership, and include high profile cybersecurity leaders like Rob Joyce, cybersecurity director at the National Security Agency. “Getting this right is mission-critical,” co-founder Lauren Zabierek explained. “And it’s not just a job for HR or for the company’s diversity, equity and inclusion team. It’s on all of […]

The post As attention grows, #ShareTheMicInCyber leaders explain why mid-career talent matters appeared first on CyberScoop.

Continue reading As attention grows, #ShareTheMicInCyber leaders explain why mid-career talent matters→

2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says

Posted on October 15, 2021 by Tonya Riley

As of June, financial institutions have already reported 635 suspicious ransomware-related activities to the Financial Crimes Enforcement Network, according to a report out Friday from the Treasury Department — a 30% increase from all reported activity in 2020. The report also found that the cost of ransomware payments is climbing. The total value of the 2021 reports was $590 million — or a $66.4 million monthly average — compared to $416 million for all of 2020. The analysis, which is the first issued under the updated FinCEN threat trend reporting requirements enacted into law earlier this year, underscores both concerns with the growing cost of ransomware as well as the role of virtual currencies in how criminals extort and launder funds. The Treasury Department last month announced its first sanctions against a cryptocurrency exchange for facilitating transactions involving money gained from ransomware. The report, as well as guidance issued Friday […]

The post 2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says appeared first on CyberScoop.

Continue reading 2021 ransomware transactions have already exceed 2020 numbers, Treasury Department says→

Romance scammers exploit Apple’s developer program to spread fake cryptocurrency apps

Posted on October 13, 2021 by Tonya Riley

Fraudsters are using the promise of love to lure victims into downloading fake cryptocurrency trading apps and then stealing their funds, researchers at Sophos report. The ongoing campaign, which researchers have dubbed “CryptoRom,” has targeted victims across Europe, the U.S. and Asia. In these scams, scammers use dating apps like Bumble, Tinder, and Grindr to build trust with a victim. They then move the conversation to a messaging app, where they ask victims to install a fake trading app. Fraudsters convince victims to invest in the app, ultimately stealing the funds. Thieves have managed to swipe nearly $1.4 million with the ruse, according to an analysis of a bitcoin wallet one of the scammers used. Some 23,000 victims of romance scams reported more than $605 million in losses to the FBI in 2020. The new findings underscore how fraudsters are turning to Apple’s developer programs in an attempt to evade […]

The post Romance scammers exploit Apple’s developer program to spread fake cryptocurrency apps appeared first on CyberScoop.

Continue reading Romance scammers exploit Apple’s developer program to spread fake cryptocurrency apps→

Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts

Posted on October 11, 2021 by Tonya Riley

Hackers likely supporting Iranian national interests attempted to compromise U.S. and Israeli defense technology and global maritime companies, Microsoft researchers shared Monday. The attacks, which began in July, targeted the Office 365 accounts of more than 250 Microsoft users, the company said. Less than 20 of the targeted victims were successfully compromised, according to a security alert. Other targeted industries included defense companies supporting the European Union, geographic information systems and regional ports in the Persian Gulf. Hackers attempted to break into the accounts using a technique called “password spraying” in which hackers rapidly cycle through different passwords in an effort to access an account. Microsoft researchers say the “activity likely supports the national interests of the Islamic Republic of Iran” and the attacks’ techniques and targets align with other Iran-sponsored campaigns. “Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle […]

The post Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts appeared first on CyberScoop.

Continue reading Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts→

Trolls defaced Twitch’s website with pictures of Jeff Bezos, the latest security concern

Posted on October 8, 2021 by Tonya Riley

Two days after an unnamed hacker leaked a trove Twitch data including the streaming platform’s source code and information about payments to streamers, users are still seeking answers. Instead, they’re getting trolled. Users complained Friday that the header image for a game listings section on the Twitch website was replaced by a close-up of Jeff Bezos, founder of Amazon, which owns Twitch, as The Verge first reported. The image also seems to appear alongside the data leaked on the message board 4Chan, a notorious forum where hackers, trolls and other anonymous internet users congregate. While the image of Bezos disappeared from Twitch within a few hours, the website defacement is a signal that Twitch’s security issues are not over, days after a major data breach. The Amazon-owned company confirmed Wednesday that an unknown party had accessed Twitch’s source code as a result of a “misconfigured server.” Caught up in the trove of […]

The post Trolls defaced Twitch’s website with pictures of Jeff Bezos, the latest security concern appeared first on CyberScoop.

Continue reading Trolls defaced Twitch’s website with pictures of Jeff Bezos, the latest security concern→

Google blames suspected Russian hacking group for targeting 14,000 Gmail users

Posted on October 7, 2021 by Tonya Riley

Russian hackers targeted approximately 14,000 Gmail users last month, according to the company’s Threat Analysis Group. While 100% of the emails were blocked by spam, Google TAG director Shane Huntley characterized the batch as “above average” on Twitter. The campaign from the group known at APT28 made up 86% of Google’s recent alerts to users about government-backed attackers, Huntley said in an email. Google batches these kinds of alerts to users rather than during the moment of detection to help keep attackers from figuring out their defense strategies, he explained. Several Gmail users reported on Twitter receiving the alert, including several researchers and journalists. Huntley said the campaign was targeted “across a wide variety of industries.” APT28, also known as Fancy Bear, is best known for hacking the Democratic Party ahead of the 2016 U.S. election. The group has received less attention in recent months in comparison to sweeping hacking […]

The post Google blames suspected Russian hacking group for targeting 14,000 Gmail users appeared first on CyberScoop.

Continue reading Google blames suspected Russian hacking group for targeting 14,000 Gmail users→

Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says

Posted on October 6, 2021 by Tonya Riley

A threat group known for using Android-based malware to target victims in Southeast Asia has been detected in Africa for the first time, according to Amnesty International research released Wednesday. Attackers tried to trick a Togolese activist into installing Android spyware via a series of WhatsApp messages and emails. The spyware would have allowed attackers to access a wealth of information including files stored on the device, WhatsApp messages as well as access to the phone’s camera and microphone. Spies targeted the human rights advocate, who Amnesty refused to name as a security precaution, between December 2019 and January 2020 during the lead-up to the country’s presidential election. Human rights experts and opposition leaders accused incumbent president Faure Gnassingbé of using police force to silence and brutalize protestors, disrupting election results. Groups including Amnesty International and the United Nations have called for a moratorium on the sale of surveillance technology, […]

The post Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says appeared first on CyberScoop.

Continue reading Spies used Android malware to try collecting intelligence from a Togolese activist, Amnesty says→