*** The Security News Thread ***

[fishlocker]

Woke up to this bit of click bait. I was ready to sell all until I read the full article.



Forbes Now: Russia Hacks Into U.S. Nuclear Power Plants. http://google.com/newsstand/s/CBIwgPTj9zc

[fishlocker]

I recall working the night of the y2k scare. Pretty normal night, we watched Cheeters at 2300 as usual while the clock ticked away. Then more waiting. Nothing happened at 00:00 as usual.

[harrybarracuda]

Woke up to this bit of click bait. I was ready to sell all until I read the full article.



Forbes Now: Russia Hacks Into U.S. Nuclear Power Plants. http://google.com/newsstand/s/CBIwgPTj9zc

It's real enough:

https://www.us-cert.gov/ncas/alerts/TA18-074A

[harrybarracuda]

The City of Atlanta is the latest victim of a large-scale ransomware attack, though it could have been worse without the cloud, according Atlanta's chief information officer.

On March 22, Atlanta Mayor Keisha Bottoms, confirmed that a ransomware attack had occurred against IT systems operated by the city of Atlanta, with attackers demanding payment of approximately $51,000 ransom in Bitcoin to release the impacted systems.

"The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information," Atlanta city officials wrote in a Twitter message.

"Our information management team is working with the FBI, Homeland Security and also external partners from Microsoft and Cisco cyber-security incident response teams to help resolve this issue," Atlanta Mayor Bottoms said in a press conference on March 22.

In a ransomware attack, malware is somehow loaded onto a system, that attempts to encrypt all the data on victimized system. The victim is then presented with a demand, or ransom message, for payment in order to get the decryption key to restore data. Ransomware attacks have taken aim at U.S cities and infrastructure in the past, including a November 2016 attack against the San Francisco transit system.

City of Atlanta Chief Operating Officer Richard Cox said during a press conference, that at approximately 5:40 AM on March 22, information management officials were made aware of an outage of a number of the city's applications. Cox noted that while several city departments have been impacted, the departments of public safety, water services and airport are operating without incident.

"The City of Atlanta has experience a ransomware cyber-attack. This attack has encrypted some of the city's data, however we're still validating the extent of the compromise," Cox said.

Cox noted that it's not clear if personal information was compromised in the ransomware attack and as a precaution, he advised city employees to monitor and protect their personal information. He added that the city of Atlanta will offer employees additional resource to protect their personal information as needed in the coming days.

Cloud

During the press conference, Atlanta officials were asked if the ransomware attack was due to missteps or unpatched systems in Atlanta's IT operations.

"This is not a new issue to the State of Georgia or to our country and we have been taking active measures to mitigate risks," Atlanta Chief Information Officer Daphne Rackley said during the press conference. "Those measures I think have limited the impact in this instance."

In particular, Rackley noted that Atlanta has taken a 'cloud first' strategy where many of the city's systems are being migrated to the cloud, in an effort to provide more robust security controls and availability. Rackely also noted that Atlanta has data backups for the impacted systems.

"We do have backup systems already which will help with restoration as needed," Rackely said. "But we're just at first stage of the investigation and figuring out what to do next."

In any ransomware attack, one of the potential options is for the victim to pay the ransom as demanded by attackers. It's not clear if that option is acceptable to the Atlanta administration.

"We can't speak to that right now," Mayor Bottoms said in response to a press conference question about whether Atlanta will pay the ransom. "We will be looking for guidance from our federal partners on how to navigate the best course of action. Right now we're focused on fixing the issue."

Atlanta CIO Claims Cloud Helped to Mitigate Impact of Ransomware Attack

[harrybarracuda]

AMD Set to Patch 13 Vulnerabilities Disclosed by CTS Labs

By: Sean Michael Kerner | March 21, 2018


After being blindsided by a set of vulnerability reports that were disclosed without giving AMD time to analyze, the silicon vendor has now provided a technical assessment.


CTS Labs caught silicon vendor Advanced Micro Devices off-guard on March 12 when it reported to the company that it had discovered a set of vulnerabilities that impact AMD's EPYC, Ryzen, Ryzen Pro and Ryzen Mobile processors.


Contrary to established best practices in the security industry, CTS Labs only gave AMD 24 hours to respond, publicly disclosing the flaws on March 13. AMD has now had just over a week to analyze the findings, and on March 20 it released an initial technical analysis of the CTS Labs research. The analysis confirms initial reports that the flaws pose limited risk to most end users.

"We believe that each of the issues cited can be mitigated through firmware patches and a standard BIOS update, which we plan to release in the coming weeks," AMD stated in an email sent to eWEEK. "These patches and updates are not expected to impact performance."


The flaws impact AMD's EPYC, Ryzen, Ryzen Pro and Ryzen Mobile processors and have been dubbed Ryzenfall, Masterkey, Fallout and Chimera by CTS Labs. Most of the issues were found with AMD's Secure Processor element that could potentially have enabled attackers to read and write to protected memory.
While AMD did not refute that the vulnerabilities are real, the company did say their impact is somewhat muted given that an attacker would need administrative access to a system.

"It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings," AMD CTO Mark Papermaster wrote in a blog post. "Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."

Going a step further, Papermaster noted that there are controls in modern operating systems that provide an additional layer of security that can help to prevent unauthorized administrative access. Even though the issues outlined by CTS Labs require administrative access, AMD is taking the flaws seriously and is now working on firmware patches that will be made available via BIOS updates in the coming weeks.

Disclosure

CTS Labs was broadly criticized in the security community for not giving AMD enough time to respond to its vulnerability reports. Industry best practices for responsible disclosure on vulnerabilities that are not actively being exploited dictate that researchers provide vendors with an appropriate amount of time that can range from 30 to more than 90 days to investigate and respond to flaws.

In an open letter responding to the criticism about its AMD flaws disclosure, Ilia Luk-Zilberman, CTO of CTS Labs, argued that responsible disclosure doesn't actually work to protect end users. He wrote that with the current model of responsible disclosure, during the initial 30- to 90-day period it's up to the vendor if it wants to alert customers that there is a problem.

"I think that a better way would be to notify the public on day 0 that there are vulnerabilities and what is the impact," Luk-Zilberman wrote. "To notify the public and the vendor together and not to disclose the actual technical details ever unless it's already fixed."


Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

AMD Responds to Vulnerability Allegations, Claims Minimal Impact

[harrybarracuda]

Phishing, malware, and cryptojacking continue to increase in sophistication


Attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.

The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence.

Cryptojacking is gaining traction as a profitable and anonymous attack that requires minimal effort. Since September 2017, more than 5,000 websites have been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by hijacking site visitors’ CPU power.

Windows 10 is almost twice as safe as Windows 7. However, the data reveals that the operating system migration rate for enterprises has been quite slow; Webroot saw only 32 percent of corporate devices running Windows 10 by the end of 2017.

Polymorphism, i.e. creating slightly different variants of malicious or unwanted files, has become mainstream. In 2017, 93 percent of the malware encountered and 95 percent of potentially unwanted applications (PUAs) were only seen on one machine. In these instances, the identifiers are unique and undetectable by traditional signature-based security approaches.

Ransomware and its variants became an even more serious threat. This past year, new and reused ransomware variants were distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.

High-risk IP addresses continue to cycle from malicious to benign and back again. Webroot saw 10,000 malicious IP addresses reused an average of 18 times each in 2017. The vast majority of malicious IP addresses represent spam sites (65 percent), followed by scanners (19 percent), and Windows exploits (9 percent).

Of the hundreds of thousands of new websites created each day in 2017, 25 percent of URLS were deemed malicious, suspicious, or moderately risky. High-risk URLs fell into two major categories: malware sites (33 percent) and proxy avoidance and anonymizers (40 percent).

Phishing attacks are becoming increasingly targeted, using social engineering and IP masking to achieve greater success. On average, phishing sites were online from four to eight hours, meaning they were designed to evade traditional anti-phishing strategies. Only 62 domains were responsible for 90 percent of the phishing attacks observed in 2017.

Mobile devices continue to be a prime target for attackers – 32 percent of mobile apps were found to be malicious. Trojans continue to be the most prevalent form of malicious mobile apps (67 percent), followed by PUAs (20 percent).

“Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative. Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike,” said Hal Lonas, CTO at Webroot.

https://www.helpnetsecurity.com/2018...cryptojacking/

[david44]

Good heads up

How would you know if you've been hijacked for crypto mining ?
Noticeable speed difference?

[harrybarracuda]

Good heads up

How would you know if you've been hijacked for crypto mining ?
Noticeable speed difference?

That's the obvious one. But there are browser addons:

If you don't want to use an ad blocker or just want to specifically block coin mining, there are a handful of extensions available

• No Coin (Chrome, Firefox, Opera)
• minerBlock (Chrome, Firefox, Opera)
• Anti Miner (Chrome)
• Coin-Hive Blocker (Chrome)

[harrybarracuda]

Zuckerberg Bingo! Or just do a shot per hit.

Goes with Zuckerberg's testimony on the hill.

[harrybarracuda]

Password-free logins are coming to Chrome, Firefox and Edge

By Cat Ellis 3 hours ago Software

Fingerprints and USB keys are the way forward

Forget passwords – you'll soon have another way to log into websites that will make your accounts less vulnerable.

Chrome, Firefox and Edge will soon support a new open standard called Web Authentication (WebAuthn). When it's implemented, you'll be able to use a mobile device to verify your identity. This could involve an app, a USB hardware key, or biometric data, and could either serve as an extra form of authentication or replace passwords completely.

This type of authentication makes it much harder for criminals to pull off phishing attacks because there's no consistent line of characters (like a conventional password) that provides access to your accounts.

Knock, knock

Some services, including Google and Facebook, already support multi-factor authentication via a smartphone app or Yubikey device. It's also popular in businesses where security is particularly important, but isn't widely used elsewhere.

Hopefully, that's about to change. WebAuthn is an open standard, which means it's much more accessible to smaller developers that can't afford to invest in their own technology.

The WebAuthn standard is supported by Firefox Beta (version 60.0) and is scheduled for general release in May. It will also appear in Chrome and Edge in the coming months. Apple hasn't revealed when the standard will be supported in Safari, but has committed to it.

https://www.techradar.com/news/passw...refox-and-edge

[harrybarracuda]

2.6 billion records were stolen, lost or exposed worldwide in 2017

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.


Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69% of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 72% of all breach incidents.

Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22% of all breaches.

Based on data breach reports collected in the Breach Level Index, the major 2017 highlights include:

Human error a major risk management and security issue:

Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580% increase in the number of compromised records from 2016.

Identity theft is still the number one type of data breach:

Identity theft was 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.

Internal threats are increasing:

The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117% increase from 2016.

What a nuisance:

The number of records breached in nuisance type attacks increased by 560% from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and CTO for Data Protection at Gemalto.


Data breaches by type

Identity theft was the leading type of data breach, accounting for 69% of all incidents constituting 26% of breached data in 2017. The second most prevalent type of breach was access to financial data (16%). The number of lost, stolen or compromised records increased the most for nuisance type of data breaches (560%) which constituted 61% of all compromised data. Account access and existential type breaches decreased both in incidents and records from 2016.

Data breaches by industry

In 2017, the industries that experienced the largest number of data breach incidents were healthcare (27%), financial services (12%), education (11%) and government (11%). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (18%), financial services (9.1%) and technology (16%).

Data breaches by source

Malicious outsiders were the leading source of data breaches, accounting for 72% of breaches, however making up only 23% of all compromised data. While accidental loss was the cause of 18% of data breaches, it accounted for 76% of all compromised records, an increase of 580% from 2016. Malicious insider breaches were 9% of the total number of incidents, however this breach source experienced a dramatic increase (117%) in the number of compromised or stolen records from 2016.

“Companies can mitigate the risks surrounding a breach through a ‘security by design’ approach, building in security protocols and architecture at the beginning,” said Hart. “This will be especially important, considering in 2018 new government regulations like Europe’s General Data Protection Regulation(GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.”

https://www.helpnetsecurity.com/2018...promised-2017/

[harrybarracuda]

You might decide to defer if you are planning to install the soon-to-be-released Spring Creators Update (but having said that, I would wait a few weeks for that to spread first, in case there are any problems with it).

But the Adobe stuff does need looking at if you're using any of it.

Over 20 Critical Microsoft Patches to Apply This Month
7 Infosecurity


Over 20 Critical Microsoft Patches to Apply This Month


Microsoft has fixed 65 vulnerabilities this month, over a third of which are critical and stretch across OS, browser and Office environments.


One of the most important fixes of this month’s security update round was released out-of-band in March. CVE-2018-1038 fixed a bad patch rolled out in January and should be a “top priority” for Windows 7 for x64-based Systems or Windows Server 2008 R2 for x64-based Systems, according to Ivanti director of product management, security, Chris Goettl.


He claimed that critical flaws in the OS, browser and Office would keep admins busy this month.


“There are multiple critical vulnerabilities in the Windows Operating System, Internet Explorer and Edge browsers, and on Office this month,” Goettl explained. “There are a few critical kernel vulnerabilities resolved, several Microsoft graphics and TrueType font driver vulnerabilities resolved and a host of critical browser vulnerabilities resolved.”


Elsewhere, Microsoft has disclosed but not patched an Important rated SharePoint elevation of privilege bug (CVE-2018-1034) which has been publicly disclosed but not exploited yet in the wild.


Greg Wiseman, senior security researcher at Rapid7 highlighted an unusual patch for a Microsoft Wireless Keyboard 850 vulnerability.


“CVE-2018-8117 is a security feature bypass vulnerability, where an attacker able to extract the encryption key from a keyboard could then wirelessly send and/or read keystrokes, potentially reading sensitive data such as passwords or issuing malicious commands to a connected system,” he explained.


“At a high level, there's nothing out of the ordinary this month. Unfortunately, that means that the majority of the patched vulnerabilities are once again of the worst variety: Remote Code Execution (RCE).”


Also this month, Microsoft finally removed its AV compliance key restriction designed to prevent BSOD crashes when installing Meltdown/Spectre updates.


Alongside Microsoft there are the ubiquitous Adobe updates for system administrators to deal with this month.


The firm has patched 19 vulnerabilities in Flash Player, Experience Manager, InDesign, Digital Editions, Coldfusion, and the PhoneGap Push Plugin, six of which are critical.


https://www.infosecurity-magazine.co...osoft-patches/

[harrybarracuda]

It's April 2018, and we've had to sit on this Windows 10 Spring Creators Update headline for days

Bug gives Microsoft cold feet

By Shaun Nichols in San Francisco 12 Apr 2018 at 05:28


Microsoft has yet to release the Spring Creators Update to Windows 10. We've been sitting here waiting with a story about the launch ready to go, and nothing. Now people are starting to talk.


Rumored to arrive on April 10 alongside Patch Tuesday, the Spring Creators Update, aka version 1803 aka Red Stone 4, is due to deliver new code including a revamped interface, enhanced privacy and security features, and beefed up Cortana search capabilities.

Now if only they could just get the damn thing out the door. With that suggested deadline having come and gone, it's worth asking just what is going on. Could it be that everyone was preoccupied with Mark Zuckerberg appearing before US Congress, and any operating system launch would be lost in the headlines? Surely not.

Microsoft isn't much help. When prodded for explanation, a Redmond spokesperson only had this to offer:

We’re excited to release the next update to Windows 10 and we’ll share more when we’re ready.

That's not much help. Windows watcher Zac Bowden reported that a show-stopping bug was holding up the release of SCU. There's no word on exactly what the fault is, but it's nice to know Microsoft isn't just knowingly shipping broken code.


One industry source familiar with Redmond's processes told us that this could be a repeat of a bug that cropped up when version 1709, the Windows 10 Fall Creators Update, arrived. When that landed and was installed, some people found that their computers were unable to easily and automatically pick up any more fixes and patches from Windows Update, unless they enrolled in the Insider beta-testing program.

It is suggested this could be the case again, that a gremlin in the distribution of the software is holding up the release rather than a programming fault that you'd expect would have been picked up by now in the extensive rounds of testing.

By design, there has been no official word on when the update will land, and chances are when it does arrive there will be little fanfare – as Microsoft tends to roll out the software gradually to minimizing the howling and screaming when the thing happens to break machines. In the meantime, one sure-fire way to get the latest Windows is to enroll in the Insider program, and play away. ®



https://www.theregister.co.uk/2018/0...eators_update/

[lom]

One industry source familiar with Redmond's processes told us that this could be a repeat of a bug that cropped up when version 1709, the Windows 10 Fall Creators Update, arrived. When that landed and was installed, some people found that their computers were unable to easily and automatically pick up any more fixes and patches from Windows Update, unless they enrolled in the Insider beta-testing program.

That bug is well known to me and it is a pity that MS couldn't/wouldn't inform how to fix it.

[harrybarracuda]

That bug is well known to me and it is a pity that MS couldn't/wouldn't inform how to fix it.

Let's face it, Windows Update sucks. That's why they added the Troubleshooter.

https://answers.microsoft.com/en-us/...d-99cc23235dec

[harrybarracuda]

LONDON — Hackers are increasingly targeting 'internet of things' devices to access corporate systems — everything from CCTV cameras to air-conditioning units.

The "internet of things" refers to devices that are hooked up to the internet to allow live streams of data to be monitored. The term covers everything from household appliances to widgets in power plants and everything in between.
Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."
Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium.
"The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.
Robert Hannigan, who ran the British government's digital spying agency GCHQ from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers targeting internet of things devices is a growing problem for companies.
"With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that's going to be an increasing problem," Hannigan said. "I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost."
He said regulation to mandate safety standards would likely be needed.
"It's probably one area where there'll likely need to be regulation for minimum security standards because the market isn't going to correct itself," he said. "The problem is these devices still work. The fish tank or the CCTV camera still work."

Hackers stole a casino's database through a thermometer in the lobby fish tank - Business Insider Deutschland

[baldrick]

if you have anything that can be connected to from the WAN that is not via VPN then you are going to be done over

if you have any devices with uPnP enabled so they open ports on your WAN you are going to be done over

[bsnub]

Get a free copy of Auslogics BoostSpeed 9!

Auslogics BoostSpeed 9

[harrybarracuda]

Get a free copy of Auslogics BoostSpeed 9!

Auslogics BoostSpeed 9

As thrilling as you clearly find it, not Security News.

[baldrick]

fluffer haxored his computer

[harrybarracuda]

Russian hackers targeting millions of devices around the world, US and UK warn

Intelligence agencies say spying could be preparation for future attacks


Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks, the US and UK have revealed.

The first ever joint “technical alert” from the two countries urged members of the public and businesses to help combat vulnerabilities with basic security precautions.

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC) – an arm of British intelligence agency GCHQ – said Russia was its “most capable hostile adversary in cyberspace”

In a call with The Independent and other outlets, he said all attacks uncovered by American security services had directly affected the UK, including intrusion into the energy sector.

“This is sustained targeting of multiple entities over months that we believe the Russian state to be behind,” Mr Martin added.

“The purpose of these attacks could be espionage, the theft of intellectual property and they could be positioned for use in times of tension.

“There are millions of machines being globally targeted, trying to seize control over connectivity.”

The total is believed to include tens of thousands of home devices in the UK alone, which could be used “at scale” for wider operations.

Security services admitted they do not know the full scale of attacks by state-sponsored Russian hackers, who are using routers connecting people’s homes and offices to the internet to spy on the information going through them, harvesting passwords, data and other information that could later be used in an attack.

Mr Martin said some efforts are directly targeting the British government and critical national services, such as the NHS, where the crippling impact of North Korea’s WannaCry attack showed the devastating potential of cyber warfare last year.
Other targets include internet service providers and the private sector, providing a “basic infrastructure” to launch future operations.

GCHQ has been tracking Russian actors for more than 20 years but the threat has come to renewed global attention following global ransomware incidents, power outages in Ukraine and alleged interference in foreign elections.

American officials denied that Monday’s “pre-planned” warning was linked to any increase in malicious activity following air strikes against the Kremlin’s Syrian allies on Saturday.

Bombing targeting chemical weapons stores by the US, UK and France worsened tensions with Vladimir Putin’s government further following the Salisbury nerve agent attack, diplomatic expulsions and ongoing sanctions over the Ukrainian war.

Rob Joyce, special assistant to Donald Trump and the US National Security Council’s cyber security coordinator, said Russia was amassing a “tremendous weapon” but there was no specific intelligence on the targeting of elections.

“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back and push back hard,” he added, detailing cyber defence, sanctions and prosecutions.

Mr Joyce said “all elements of national power” were being mounted against the threat, including counter-attacks and asymmetric warfare.

Security services warned that global connectivity provided by the “internet of things” relied upon in modern life was being exploited and issued advice on how civilians and businesses can protect their devices, as well as national defences.

They stressed that threats came from countries other than Russia, as well as criminals seeking to profit.

Switches, firewalls and Network Intrusion Detection System (NIDS) are also being exploited in what are known as “man-in-the-middle” attacks.

Security weaknesses combined with a “Russian government campaign to exploit these devices” threatens the UK and US’s safety, security, and economic well-being, the NCSC said.

The Kremlin has denied persistent accusations of malicious cyber activity but last year Mr Putin conceded that “patriotic” Russian hackers may be acting “in the fight against those who speak badly about Russia”.

Keir Giles, an expert in Russian information warfare at Chatham House, said the line between government, business and the criminal world was blurred.

“The bottom line is these attacks would not be coming from Russia without Russian state collusion – if they wanted to stop it they could,” he told The Independent.

Mr Giles said Russia’s attacks had become more blatant due to a lack of deterrents during Barack Obama’s administration.
“They have not cared for some time about being identified as the source of hostile activity,” he added.

“Russia is far less concerned about being a rogue state because they have no reputation to maintain, they are behaving more like North Korea than the European nation they once pretended or aspired to be.

“This is just another symptom of Russia believing it is in an advanced state of conflict in the West in every domain apart from overt military clashes.”

Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Studies (RUSI), said actors could be viewing browsing history, emails, messages or sending information elsewhere.

“The concern with the presence of someone on your network is are they simply there looking or as a preparatory measure for something more nefarious?” the former RAF officer added.

“Either is bad. We haven’t seen a lot of damaging attacks yet but I believe we’re going to. If they were on a transport network, for example, the potential is there to disrupt train services. You could get into the signalling network.”

Read the full alert and advice here.

https://www.independent.co.uk/news/u...-a8307696.html

[baldrick]

and western governments want to hamstring deveolpment of decentralised point to point encrypted communications ?

viva la blockchain

[harrybarracuda]

If you are using any of these, get rid.

• AdRemover for Google Chrome™ (10M+ users)
• uBlock Plus (8M+ users)
• Adblock Pro (2M+ users)
• HD for YouTube™ (400K+ users)
• Webutation (30K+ users)

https://blog.adguard.com/en/over-20-...e-ad-blockers/

[harrybarracuda]

A group of 34 tech companies, including Facebook and Microsoft, have formed a cybersecurity consortium, pledging to work together to “act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.”

The group, which also includes Arm, Cisco, HP, Nielsen, Nokia, Oracle, Telefónica and Trend Micro, has published a Cybersecurity Tech Accord that promises to protect the group’s collective users and customers from cyberattacks by designing offerings that prioritize security and privacy and that are developed with an eye to reducing vulnerabilities. Part of that includes securing the supply chain to prevent tampering.

It also said that the companies won’t work with governments on offensive capabilities.

“Protecting our online environment is in everyone’s interest,” said Microsoft president Brad Smith in a blog post. “The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology’s benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world.”

Crucially, the group said that members would work with each other, establishing partnerships with industry leaders and security researchers to improve technical collaboration, perform coordinated vulnerability disclosure, and share information on threats. Meanwhile, user education will be a priority, with more information and better tools to enable consumers and businesses to understand the threats and protect themselves against them.

“Separate from the fact that some of the major social networks and cloud operators are missing, the key to any meaningful outcome is better communication to users, of how to use the security capabilities within the various vendors’ tools,” David Ginsburg, vice president of marketing at Cavirin, told Infosecurity. “In several cases, the capabilities are there, but they are too difficult to deploy, or, in some cases, tools from multiple vendors will provide contradictory guidance. This practical aspect is tremendously important.”

Despite the good feels, Mike Banic, vice president of marketing at Vectra, added that the pledge doesn’t include any enforcement actions, and as a voluntary plan it is less likely to have an effect than regulation would.

“The impending EU General Data Protection Regulation (GDPR) will have more impact [on improving security], since it has real teeth in the form of fines that can be as much as 4% of annual revenue if the personal information of EU-based citizens is exposed or misused, and organizations must provide notification within 72 hours,” he said. “An example to consider is the timeline of the Equifax breach where personally identifiable information (PII) was exposed and notification was not within the notification period. With so many organizations operating in EU nations or processing EU-based citizen’s data, evaluating their security program to ensure GDPR compliance is such a high priority that this alliance may go unnoticed.”

https://www.infosecurity-magazine.co...and-32-others/

[Latindancer]

Yahoo has been sold.

For the last couple of days, when I log into my email I am prompted to agree to the actual content of my email being read or analysed. I haven't yet.
I feel it is coming a bit too hot on the heels of the whole Facebook scandal.



New Privacy and Terms

Yahoo is now part of Oath, the media and tech company behind today’s top news, sports and entertainment sites and apps.

By choosing “I accept” below, you agree to Oath’s new Terms of Service and Privacy Policy. Below is a summary of some of the key updates. To learn more about our approach to privacy, click here.

How we collect and use data.

We’ve updated some of the ways we collect and analyze user data in order to deliver services, content, relevant advertising and abuse protection.
This includes: analyzing content and information when you use our services (including emails, instant messages, posts, photos, attachments, and other communications), linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends.

Q: What user information is being shared?

A: We share user information only in limited circumstances, including among Oath affiliates and others in Verizon; our trusted partners who work on behalf of or with Oath based on our directions and in compliance with appropriate confidentiality measures; our advertising, analytics and business partners; and as otherwise disclosed in the Oath Privacy Policy.