Facebook removes Russian networks tied to intelligence services that interfered in the U.S. in 2016
Facebook shut down two Russian disinformation networks operated by the nation’s intelligence services and a third by people affiliated with a notorious troll farm that interfered in the 2016 U.S. presidential election, the company announced Thursday.
CYBER THREATS TO VOTING PROCESSES COULD SLOW BUT NOT PREVENT VOTING
Nevertheless, cyber actors continue attempts against election systems that register voters or house voter registration information, manage non-voting election processes, or provide unofficial election night reporting. These attempts could render these systems temporarily inaccessible to election officials, which could slow, but would not prevent, voting or the reporting of results.
Microsoft Says Hackers Actively Targeting Zerologon Vulnerability
Last week, the United States Department of Homeland Security (DHS) issued an Emergency Directive requiring all federal agencies to apply the available patches for the Zerologon vulnerability within days. [...] Also last week, Samba announced patches for the Zerologon flaw, explaining that Samba implements the Netlogon protocol and that it’s vulnerable when used as domain controller only.
OCR levies $2.3M fine over massive breach affecting PHI of 6M people
According to the HHS Office for Civil Rights, the Federal Bureau of Investigations notified CHSPSC in April 2014 that it had flagged an "advanced persistent threat" to CHSPSC's information system. But the hackers continued to access the information through August of that year, according to the enforcement agency, and breached the protected health information of more than 6 million people.
HSCC Shares Toolkit for Supply Chain Cybersecurity Risk Management
HSCC officials explained the initial guidance has become a flagship product that has been accessed by more than 10,000 individuals. Supply chain risk has steadily increased across the sector in recent years, with ransomware and other threats frequently targeting the sector’s supply chain and third-party vendors.
Third-party security risk is substantial – and many providers' readiness is substandard
What's more, the report, from cyber services firm BlueVoyant, found that of the 1,500-plus security pros polled – at organizations of all types in the U.S. and abroad, including healthcare and pharma – the average respondent said their organization had been breached thanks to a vendor partner's own vulnerabilities more than 2.5 times.
Secret Service stepping up in fight against cyber-enabled financial crimes
We’re looking to leverage expertise in all facets, all verticals of society, private sector, academia, other government agencies to identify trends in cybercrime, technology, law and policy, and a host of other disciplines, and leverage that knowledge base to provide us within the agency expert guidance, as we look to modernize into better ways to do training – stronger partnerships, deeper investigative priorities related to the cyber mission.
Businesses Face Fewer Cyber Events, But the Attacks Are More Costly
It appears U.S. businesses are building stronger cyber defenses, as only 41% of firms reported an incident or breach in this year’s report, down from 53% the year prior. The report, which scored firms on strategy, resourcing, technology and process, found that the number of cyber experts among U.S. firms more than doubled to 24%, while the cyber novice category saw a commensurate decline, from 73% to 58%.
Critical steps for securing cyberspace
On a national and global level, Microsoft has been an active participant with government and private-sector partners to strengthen cybersecurity. [...] However, in current practice, the lack of U.S. leadership in key dialogues at the United Nations and multi-stakeholder convenings such as the Paris Call for Trust and Security has inhibited progress. Moreover, as the Commission notes, and as we have seen through our participation, a leadership vacuum creates an opportunity for harmful agendas to gain traction.
Top Ten: Ways to Secure Remote Workers
Furthermore, in a session moderated by Infosecurity as part of Infosecurity Europe’s Virtual Conference in June, a discussion determined that IT security spending could be cut due to the pandemic as companies look to reduce their overall budget. Therefore, Infosecurity turned to key figures within the industry to ascertain the 10 best practices organizations can implement to ensure their employees are working from home effectively, safely and securely.
Federal Agency Compromised by Malicious Cyber Actor
By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.
FBI Director: Feeding DOD’s Cyber Offense Operations Is Crucial to New Strategy
“The Department, along with its stakeholders at the whole-of-government level, needs to be more aggressive in the Gray Zone and treat every action as a campaign to deter competitors from behavior counter to U.S. objectives,” the document reads, noting a need to expand cyber capabilities to combat great power competition in areas such as “undermining elections, malicious use of social media, and employing unfair business practices globally.”
Cyber-Criminals Spoof Texas Government
Using what appears to be a genuine government purchase order, the attackers attempted to obtain products worth hundreds of thousands of dollars without handing over a penny. Attackers addressed an email to the sales department, expressing intent to purchase 20 laptops and 200 external hard drives. Attached to the email was a fake order form that featured a convincing phone number and billing address.
Covert Deception, Strategic Fraud, and the Rule of Prohibited Intervention
As evidenced by Russia’s ongoing efforts at election interference in the United States and Europe, the role of information conflict in global strategic competition has evolved and taken on new weight. A number of revisionist states, Russia and China chief among them, have fully embraced the new reality of the modern information environment, deftly adapting their capabilities and strategies to exploit the societal vulnerabilities it exposes.
Five big questions as America votes: Cybersecurity
The real challenge, however, is that the current cyber landscape is such that both the United States and its adversaries are stuck in a prisoner’s dilemma where the individual incentives for surprise attack, preemption, and exploitation of vulnerabilities leave cyberspace collectively insecure for everyone.
Military standoff apart, India, China brace up for cyber-warfare
“Countries with high levels of both intent and capability for a specific objective are among the highest-ranking countries in the NCPI. These countries both signal in strategies and previously attributed cyber-attacks that they intend to use cyber to achieve policy goals and have the capabilities to achieve them” stated the report.
Free VPNs are bad for your privacy
Some VPN providers also claim to protect your privacy by not storing any logs or track which websites you visit or when. While that may be true in some cases, there’s no way you can be completely sure. In fact, some VPN providers have claimed they don’t store any logs — but were proven completely false.
Amazon’s Ring Announces an Entire Line of Dystopian Surveillance Devices
The biggest concern, however, is about where surveillance footage will end up. Already, the company partners with hundreds of police departments, who are able to access Amazon’s neighborhood watch app, Neighbors, via a portal and obtain Ring doorbell footage—so long as they encourage people to adopt Ring cameras and the Neighbors app. Police departments can also keep that footage forever, or share it with whomever they please.
Internet: Old TV caused village broadband outages for 18 months
An unnamed householder in Aberhosan, Powys, was unaware the old set would emit a signal which would interfere with the entire village's broadband. After 18 months engineers began an investigation after a cable replacement programme failed to fix the issue. The embarrassed householder promised not to use the television again.