Tonya Riley – Page 35 – WindowsTechs.com

Chinese government-backed hackers infiltrated US pipeline companies, FBI says

Posted on July 20, 2021 by Tonya Riley

State-sponsored Chinese cybercriminals successfully hacked into the control systems of several U.S. oil and natural gas pipelines between December 2011 to 2013, a Wednesday alert from the Department of Homeland Security’s cyber outfit and the FBI reveals. The hackers stole information that would have allowed them to access control networks and provided them with “sufficient access to allow them to remotely perform unauthorized operations on the pipeline with physical consequences,” says the alert. The campaign compromised at least 13 companies. Of the 23 targets, eight had an unknown level of intrusions. The Cybersecurity Infrastructure and Security Agency and the FBI provided assistance to victims at the time. “CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk,” the alert says. “Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop […]

The post Chinese government-backed hackers infiltrated US pipeline companies, FBI says appeared first on CyberScoop.

Continue reading Chinese government-backed hackers infiltrated US pipeline companies, FBI says→

Sweeping report details how NSO Group spyware leverages iOS software for surveillance

Posted on July 19, 2021 by Tonya Riley

NSO Group’s Pegasus spyware may be actively exploiting the most recent software in the iPhone 12 to monitor victims through the world, according to a sweeping new report from Amnesty International. “These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the group wrote in a report published on July 18. “We have reported this information to Apple, who informed us they are investigating the matter.” The revelation comes as part of a broader investigation into the use of the notorious spyware. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a joint investigation between Amnesty, French journalism nonprofit Forbidden Stories and 17 media organizations including The Washington Post. Targets included Hatice Cengiz, fiancee of murdered […]

The post Sweeping report details how NSO Group spyware leverages iOS software for surveillance appeared first on CyberScoop.

Continue reading Sweeping report details how NSO Group spyware leverages iOS software for surveillance→

Amnesty sues NYPD, seeking details about facial recognition technology and arrest data

Posted on July 16, 2021 by Tonya Riley

Two watchdog groups sued the New York Police Department over the agency’s refusal to disclose public records about its acquisition of facial recognition technology and other surveillance tools. The lawsuit, filed by Amnesty International and Surveillance Technology Oversight Project, could force the NYPD to hand over records that will shed light on the depth of its surveillance capabilities. “It’s so outrageous that when New Yorkers came out to protest police abuse they were just met with more of the same,” said Albert Fox Cahn, executive director of S.T.O.P. “We have no idea how often they were using this technology to track New Yorkers who were exercising their First Amendment rights.” Amnesty International last September filed a request seeking public records about the procurement, functionality and general use of facial recognition technology, drones and other surveillance technologies by the NYPD before and during Black Lives Matters protests. The NYPD denied the […]

The post Amnesty sues NYPD, seeking details about facial recognition technology and arrest data appeared first on CyberScoop.

Continue reading Amnesty sues NYPD, seeking details about facial recognition technology and arrest data→

Momentum builds on federal oversight of facial recognition tech after reported abuses

Posted on July 15, 2021 by Tonya Riley

Lawmakers in the House and Senate are considering legislation that would halt the use of facial recognition and biometric data collection tools by federal law enforcement, signaling that the controversial technologies may soon be subject to oversight after years of debate and revelations about its role in discriminatory policing. The Facial Recognition and Biometric Technology Moratorium Act, reintroduced in June by Sen. Ed Markey (D-Mass.) and Rep. Pramila Jayapal (D-Wash.), would fully ban the use of facial recognition and biometric technology by federal agencies, barring a lift by Congress. It would also block funding to state and local law enforcement who do not cease use of the tech. The bill would allow cities and states to keep and make their own laws. More than 40 privacy and civil liberties groups have thrown their weight on the Hill and organizing power behind the Biometric Technology Moratorium Act, saying that cases in […]

The post Momentum builds on federal oversight of facial recognition tech after reported abuses appeared first on CyberScoop.

Continue reading Momentum builds on federal oversight of facial recognition tech after reported abuses→

US government launches plans to cut cybercriminals off from cryptocurrency

Posted on July 15, 2021 by Tonya Riley

The White House on Thursday announced a flurry of actions launched by a new interagency task force to combat ransomware. The updates on the White House’s plan to tackle ransomware comes on the heels of the third major ransomware attack to pose a serious threat to the U.S. national security in as many months. The Russia-tied group REvil hit Florida-based IT firm Kaseya earlier this month, potentially affecting more than 1,500 companies. The group’s websites recently went dark for reasons that are still unclear. The senior administration declined to comment on whether the United States has or will take action against the group. Chief among the White House task force’s new efforts is to cut groups like REvil off from virtual currencies, which they use to collect ransom from victims and sell services to affiliates. The Treasury Department will support the implementation of money laundering requirements for virtual currency exchanges […]

The post US government launches plans to cut cybercriminals off from cryptocurrency appeared first on CyberScoop.

Continue reading US government launches plans to cut cybercriminals off from cryptocurrency→

New Internet Explorer, Chrome zero-days highlight a growing market

Posted on July 14, 2021 by Tonya Riley

Hackers are still using vulnerabilities in the seven-year-old Internet Explorer 11 browser to go after targets, even as Microsoft plans to sunset the program in less than a year, researchers at Google’s Threat Analysis Group reported Wednesday. The campaign largely targeted victims in Armenia. In April and June, cybercriminals targeted Armenian users with the exploit, researchers found. “This exploit was delivered via an Office document rather than via the Internet Explorer browser GUI,” explained Shane Huntley, director of Google’s Threat Analysis Group “Even if a user was to uninstall Internet Explorer, the exploit would still work.” Microsoft fixed the exploit in June. The same surveillance group exploited a vulnerability in Chrome. They sent the exploits via email with links posing as legitimate websites. They were instead attacker-controlled domains that fingerprinted a user’s device and allowed hackers to determine if they would send the exploit. The vulnerability existed in code shared […]

The post New Internet Explorer, Chrome zero-days highlight a growing market appeared first on CyberScoop.

Continue reading New Internet Explorer, Chrome zero-days highlight a growing market→

Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities

Posted on July 13, 2021 by Tonya Riley

A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […]

The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop.

Continue reading Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities→

Biden again urges Putin to disrupt ransomware gangs operating inside Russia

Posted on July 9, 2021 by Tonya Riley

President Joe Biden pushed Russian President Vladimir Putin to disrupt ransomware groups operating within Russian borders in a phone call Friday, according to a White House statement. “I made it very clear to him that the United States expects [that] when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect [Russia] to act if we give them enough information to act on who that is,” Biden told reporters after the call. The call came on the heels of the latest major cyberattack against a U.S. company. REvil, a ransomware group believed to be in Russia, hit Florida-based IT software company Kaseya last week. Researchers have suggested that the hack affected between 1,500 to 2000 of the firm’s clients as well as likely thousands of more customers of those clients. The Kremlin says it has not received any official requests from U.S. […]

The post Biden again urges Putin to disrupt ransomware gangs operating inside Russia appeared first on CyberScoop.

Continue reading Biden again urges Putin to disrupt ransomware gangs operating inside Russia→

Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says

Posted on July 8, 2021 by Tonya Riley

A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. Some of the activity appears to be ongoing as of press time, researchers said. The new findings play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States. “In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. They noted that the organization is […]

The post Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says appeared first on CyberScoop.

Continue reading Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says→

Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds

Posted on July 7, 2021 by Tonya Riley

The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday. If left unfixed, the security gaps could lead to a number of nightmare scenarios, including adversaries stealing military designs, compromising Department of Defense networks or even introducing flaws into design data that could make its way into battlefield products, the report’s authors concluded. Designs included blueprints for protective body armor, tactical vehicle gear, weapons systems brackets and prosthetic body parts, according to the report. The report found that officials were unaware that the systems connected to local networks and the internet. Because the systems were miscategorized, the office failed to conduct a risk assessment required by the department altogether. Officials also failed to monitor removable media entering the systems. The security gaps would have left a plethora of entry […]

The post Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds appeared first on CyberScoop.

Continue reading Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds→