Kaspersky Finds Cybersecurity Threat That Targets iPhone Users via Malicious iMessage Attachment

Prominent cybersecurity and anti-virus firm Kaspersky has discovered a new cyberattack threat that targets iPhone models running older versions of iOS via iMessage application. The malware, found when the company was monitoring its own Wi-Fi network for mobile devices, infects the phone via a received iMessage, which contains a malicious attachment. The threat doesn’t require the iPhone user to do anything and utilises iOS vulnerability to install a spyware that takes complete control of device and user data.

According to a report about their findings published by Kaspersky, the malicious attachment sent via iMessage executes a code without the need for any action from the user. The malicious code then runs a set of commands for collection of private user data.

Kaspersky CEO Eugene Kaspersky tweeted about the iOS cyberattack, detailing that the spyware extracts private information like microphone recordings, photos from instant messengers, geolocation, and other data and transmits it to remote servers. The firm has dubbed the cyberattack threat as “Operation Triangulation.”

Kaspersky said that the malware was found on the iPhones of dozens of employees and could target other iPhone users as well. He also added that the threat had been neutralised and details of the vulnerability have been sent to Apple. The CEO also noted that disabling the iMessage service would prevent vulnerable iOS devices from the attack.

The company said that after the malware is successfully installed on the device, the initial text and the accompanying exploit in the iMessage attachment are deleted. Kaspersky’s report said the attack was ongoing, and iOS 15.7 was the most recent version among the devices that were successfully targeted. iPhone models running iOS 16 appear to be safe from the threat, but Kaspersky did mention in the comments section of its report that they could not guarantee that other iOS versions were safe.

On Friday, Kaspersky also released tools for users to check if their device was infected.

Back in February, Apple released updates that fixed major vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models. At the time, Apple credited the researchers who found the flaws that allowed a remote user to bypass protections put in place by Apple and gain access to a user’s personal data as well as their camera, microphone, and call history.


Apple’s annual developer conference is just around the corner. From the company’s first mixed reality headset to new software updates, we discuss all the things we’re looking forward to seeing at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.



Check out our Latest News and Follow us at Facebook

Original Source

Data Breach in US Exposes Personal Information of 2,37,000 Federal Employees

The personal information of 237,000 current and former federal government employees has been exposed in a data breach at the US Transportation Department (USDOT), sources briefed on the matter said on Friday.

The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. It was not clear if any of the personal information had been used for criminal purposes.

USDOT notified Congress Friday in an email seen by Reuters that its initial investigation of the data breach has “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing.”

USDOT said in a statement to Reuters the breach did not affect any transportation safety systems. It did not say who might be responsible for the hack.

The department is investigating the breach and has frozen access to the transit benefit system until it has been secured and restored, it said.

The maximum benefit allowance is $280 (roughly Rs. 23,000) per month for federal employee mass transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.

Federal employees and agencies have been target of hackers in the past.

Two breaches at the US Office of Personnel Management (OPM) in 2014 and 2015 compromised sensitive data belonging to more than 22 million people, including 4.2 million current and federal employees along with fingerprint data of 5.6 million of those individuals.

Suspected Russian hackers who used SolarWinds and Microsoft software to burrow into US federal agencies breached unclassified Justice Department networks and read emails at the Treasury, Commerce and Homeland Security departments. Nine federal agencies were breached, Reuters reported in 2021.

© Thomson Reuters 2023


Google I/O 2023 saw Google tell us repeatedly that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Only 24 Percent of Indian Firms Ready to Defend Against Modern Cybersecurity Threats: Cisco Survey

Just 24 percent of organisations surveyed in India have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to a new Cisco study released on Tuesday.

Cisco, in a separate announcement, said it aims to train 500,000 cybersecurity professionals over 3 years across India.

Cisco’s first-ever Cybersecurity Readiness Index highlighted where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don’t take action.

Underlining that readiness is critical, the Cisco study revealed that 90 percent respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.

India scored high in the global chart in terms of maturity (24 percent), performing above the global average of 15 percent on cybersecurity readiness. About 38 percent of companies in India fall into the beginner or formative stages.

Conducted by an independent third party, the survey asked 6,700 private sector cybersecurity leaders across 27 markets to indicate which of the solutions they had deployed and the stage of deployment. Companies were then classified into four stages of increasing readiness — beginner, formative, progressive, and mature.

While beginner (overall score of less than 10) implies initial stages of deployment of solutions, formative (score between 11 – 44) have some level of deployment, but performing below average on cybersecurity readiness. In the index, progressive (score between 45 – 75) meant considerable level of deployment and performing above average on cybersecurity readiness, whereas mature (score of 76 and higher) have achieved advanced stages of deployment and are most ready to address security risks.

While organisations in India are faring better than the global average, the number is still very low, given the risks.

According to Cisco, this readiness gap is telling, not least because 90 per cent of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.

The cost of being unprepared can be substantial as 80 percent of respondents said they had a cybersecurity incident in the last 12 months, and 53 percent of those affected said it cost them at least USD 500,000 (roughly Rs. 4 crore).

“Cybersecurity is a top priority for businesses as they continue their digitisation journey. With hybrid work becoming mainstay and services being application-driven, it is critical that organisations close the security readiness gap,” Samir Mishra, Director, Security Business Group, Cisco India and SAARC, said.

Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organisations. This need is especially critical given that 95 percent of the respondents plan to increase their security budgets by at least 10 percent over the next 12 months. By establishing a base, organisations can build on their strengths and prioritise the areas where they need more maturity and improve their resilience.

The five key pillars are identity, devices, network security, application workloads, and data.

Meanwhile, Cisco announced its goal to train 500,000 people across India with cybersecurity skills over the next 3 years.

This goal is part of Cisco’s 10-year ambition to empower 25 million people with digital skills worldwide through Cisco’s Networking Academy. The flagship programme is celebrating its 25th anniversary this year. During this time, the programme has reached 17.5 million students across 190 countries. Since starting operations in India, it has trained 1.2 million students through 718 partnerships with educational institutions and organisations offering Networking Academy courses.

The two announcements were made at the Cisco India Summit (CIS) 2023 in Jaipur.

Cisco said the future of India’s growth and global competitiveness depends on building a strong digital economy which in turn relies on a digitally-skilled workforce.

“With the speed and scale of digitisation across the country, there will be an increased demand for skilled cybersecurity professionals as organisations look to defend themselves against an evolving and complex threat landscape,” Cisco said.


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Best antivirus software, per a cybersecurity expert

Much like the best password protector services out there, investing in antivirus software isn’t as expensive as you would think — and it provides a safety net for your online data.

Not to mention, when investing in quality smart home devices — like your treasured laptops and desktops — you want to make sure that hefty purchase isn’t being compromised.

Luckily, one of the 13 best antivirus software programs of 2023 can help.

“A computer virus is a malicious piece of software that spreads between computers and can harm your computer or steal your information,” David Bader, PhD, distinguished professor of data science at New Jersey Institute of Technology (NJIT) told the New York Post. “For instance, viruses can delete your files, watch your keystrokes (and grab your login information for your online bank account), or turn your computer into a weapon to attack corporate or government websites.”

For unmatched protection, check out the best antivirus software programs, as vetted by our cybersecurity expert. For more on what these entail — including what malware, spyware and adware actually mean — check out our FAQ section below.


Amazon

For the past 35 years, McAfee has held a premium spot as one of the earliest and best-known companies offering antivirus software. It offers antivirus software for all major platforms (Windows, macOS, Android, iOS). “McAfee has a 30-day free trial with “all-in-one” protection that includes a VPN for privacy when using public WiFi networks, web protection to avoid phishing scams, identity monitoring, and more,” Bader adds.

For new customers, McAfee’s basic edition protects up to five devices and costs $35 for the first year and $85 per year after that. For an additional $45 per year, the premium edition adds parental controls and protects up to ten devices, and for another $30 per year, McAfee’s ultimate edition protects an unlimited number of devices and includes $1 million of identity theft coverage and identity restoration assistance.



Amazon

As one of the names synonymous with computer security, per Bader, Norton has been offering antivirus software for just over thirty years. From its AntiVirus Plus to its 360 Deluxe version, it has a slew of digital products for you to shop.

The Antivirus Plus offers protection for a single PC or Mac at $10 for the first year, and $60 a year thereafter. This service includes Anti-Spyware, 2GB of cloud backup, a smart firewall, a password manager and an online privacy monitor, too.

If you’d like more protection on your smartphone and tablet, its 360 bundle is $85 per year (now on sale for just $30!), upping the cloud backup to 10GB and including a VPN for public WiFi use. For more protection including for smartphones and tablets, Norton offers its Norton 360 bundles with the standard version ($85/year) increasing the cloud backup to 10GB, and incorporating a VPN for public WiFi use.


3. AVG Ultimate, $60 for the first year


Amazon

AVG Ultimate offers antivirus protection for PC, Mac, Android, and iOIS, and costs $60 for the first year, and $128 per year after that, for protecting up to 10 devices. In addition to antivirus protection, AVG Ultimate also has an array of nifty features:

  • Capabilities to manage battery profiles: This enables you to maximize your computer, smartphone, or tablet’s performance while minimizing battery use.
  • Device lock: This stops unwanted visitors from accessing your phone.
  • Startup optimizer: This stops software you don’t use or care about from slowing down your device’s time to boot up.
  • Payment protection: This encrypts and keeps safe all of your online payments from the prying eyes of hackers.
  • Smart photo cleaner: This finds duplicate and poor-quality photos on your device and deletes them to free up space.
  • Browser and disk cleaner: This finds and erases junk files.
  • Sensitive data shield: This secures your most sensitive files.
  • GPS tracking: This helps to find a lost device.

“AVG Ultimate includes this whole bundle of security-related tools and services without having to buy additional packages,” Bader adds.



Amazon

Bitdefender Antivirus Plus, impressively, protects up to three Windows devices from viruses including malware, spyware and adware. It’s $30 for the first year and $60 per year thereafter.

Bader calls this a “no-frills product,” with the next plan level, Bitdefender Internet Security is $80 per year and includes a firewall and parental controls. “The ultimate plan, Bitdefender Total Security, is $90 per year, includes protection for up to five devices and is the only plan that also protects every OS (Windows, macOS, Android, and iOS) as well as including a device optimizer that places your device in game, movie, and work modes to save the battery while maximizing performance.”



Amazon

Providing baseline antivirus protection, Webroot SecureAnywhere Antivirus secures your data on one Windows or Mac device at $30 for the first year and $40 each year after. “Its claim is that it runs 60x faster than the scan time of other tested competitor antivirus products and takes 20 seconds to check your computer for malware by being fully cloud-based,” Bader said.

What’s more, Webroot offers a VPN for WiFi Security for up to three devices along with antivirus software at $110 a year. 



Cylance

“Cylance technology is now incorporated into BlackBerry Cybersecurity and being incorporated into BlackBerry’s unified endpoint security solution,” Bader explains.

This integrated threat prevention solution combines artificial intelligence (AI) to help “block malware infections with additional security controls that safeguard against script-based, fileless, memory, and external device-based attacks,” per its site. After taking a consultation, you’ll receive a quote, which is usually $45 per block of data protection.



Emsisoft

Only available for Windows, Emsisoft Anti-Malware has a 30-day free trial and then costs $30 per year for each device. “The software also includes extensive protections for finding and removing malware from your system and malware removal assistance,” Bader notes.



ESET

For just $40 a year, ESET NOD32 Antivirus secures each Windows and Mac device while including malware, ransomware, and phishing protection. At $50 per year, ESET Internet Security “also protects Android devices and includes two additional protection features for privacy and banking and for network and smart devices,” Bader explains.

The ultimate protection, however, is ESET Smart Security Premium: $60 per year per device with an included password manager, sensitive data encryption and protection against new threats. “It’s disappointing, though, that a customer must buy this higher cost package to be protected against never-before-seen threats,” Bader commented.



F-Secure

As one of the oldest antivirus companies — founded in 1988 — F-Secure “has a strong international presence in Europe, North America, and Asia Pacific regions,” per Bader. It’s available for Windows only and costs $36 per year to protect one computer or $40 for up to three computers.

“F-Secure has additional security product add-ons including F-Secure SAFE for internet security ($70 for up to three devices per year), F-Secure FREEDOME VPN for secure and private browsing ($55 for up to three devices per year), and F-Secure ID PROTECTION for secure passwords and online identity ($60 for up to five devices per year),” Bader said. The premium package from F-Secure, TOTAL, provides full online protection at $90 a year for up to three devices.



Amazon

G DATA Software is a German cybersecurity company that “claims to have made the first antivirus software in 1987,” Bader notes. The G DATA Antivirus protection for a single Windows PC costs $30 for the first year and $40 per year thereafter, while the Mac version is a bit more expensive at $40 for the first year and $55 each year after.

“G DATA also offers an Internet Security package with a firewall and parental monitoring at $55 per year per device, and a Total Security bundle for $70 per year per device that includes a password manager, encrypted backups, access control, and an integrated tuner for performance and security,” Bader adds.



Amazon

If you frequent the Internet often, you’ve likely heard of Malwarebytes Premium: an antivirus software for Windows, Mac, Android, iOS, and Chrome, costing $40 per year for one device or $80 per year for up to five devices. It includes both antivirus protection and a browser guard, too.

“For $100 a year for up to five devices, Malwarebytes Premium + Privacy includes a VPN for safe WiFi-only protection,” Bader highlights. “A free Windows version can be used to clean up an infected computer and limited trials to for the other antivirus protections.”



Sophos

Sophos Home Premium costs $45 for all of your Windows and Mac devices and is “basic antivirus software that scans and cleans malware from your system, protects your privacy online, and has parental web filtering,” per Bader. Conveniently, there are no complicated add-ons and upgraded packages.

“Sophos Home Premium keeps the package simple to buy and use, with everything included,” he adds.



Amazon

“Trend Micro’s Internet Security software for Windows only includes online privacy controls and fixes and optimizes systems, and costs $80 per year for up to three devices,” Bader said.

Its basic package, Antivirus+Security, protects a single Windows PC from viruses and ransomware and costs $20 for the first year and $40 for each year thereafter. Uniquely, Trend Micro’s Maximum Security bundle is the only product from Trend Micro for Windows, Mac, Android, iOS, and Chromebooks, that “includes a password manager and secures mobile devices along with the antivirus protection” and costs $90 per year for up to five devices,” Bader said.


An FAQ on Antivirus Software


Getty Images

What is a computer virus?

Nobody likes them, but it’s important to know how these pesky tech inconveniences and breaches begin.

“Viruses can propagate in many ways such as through email attachments, unwitting downloads from infected websites, and through shared USB memory sticks,” Bader explains. “Antivirus software exists for all popular computing platforms (Windows, Mac, Android, iOS) and scans your system, memory, and files (including downloads) for known viruses.”

When the antivirus software detects a virus, it may take several actions including cleaning the virus from the system and placing infected files in quarantine. 

What benefits come with some antivirus software, besides protection?

Aside from giving you (and your files) peace of mind, Bader highlights other add-ons some programs include.

“Antivirus software often comes bundled with other security features such as secure password keepers, protection against clicking on malicious links to websites and scans of the dark web to find if your information has been compromised and potentially sold to hackers,” he notes.

What does malware mean?

Malware is malicious software that you may receive through an email attachment or other file transfer that can take over your computer if you run it.  “Be cautious when clicking on links in the body of emails from unknown or faked senders, or opening any file sent to you that you weren’t expecting,” Bader tips off. “These are the main ways hackers send you malware.”

What does spyware mean?

More niche, spyware is a type of malware that watches everything you do on the computer and steals information. “For instance, spyware can monitor your keystrokes for all of your passwords, including ones for your bank accounts, social media, and email accounts,” Bader explains. “Spyware gathers information that can be used against your or your business and sends it to third parties who may sell the private information on the dark web or craft even more personalized attacks against you and your friends.”

What does adware mean?

According to Bader, adware is different from spyware and is generally unwanted software, usually connected to your web browser, that watches your activity and puts annoying ads up on your screen. Some antivirus software packages can scan and remove adware from your computer.

Is antivirus software necessary?

Like your car and home insurance, investing about $20 to $50 yearly is surely worth it. Not to mention, the service pairs well with a password protector, too.


Check out the New York Post Shopping section for more content.

Check out our Latest News and Follow us at Facebook

Original Source

CoinDCX Taps Sridhar Govardhan to Oversee Cybersecurity Readiness as CISO

CoinDCX crypto exchange has appointed Sridhar Govardhan as the Chief Information Security Officer (CISO) to monitor its cybersecurity readiness. Govardhan previously served as the vice president and head of information security at Flipkart. The firm is looking to drive engagement with a focus on providing advanced security measures. Govardhan has previously overseen security cybersecurity measures for Wipro and Infosys. The crypto industry recently witnessed the exit of several investors after promising projects fell prey to hack attacks and dramatically collapsed.

As part of his key responsibilities, Govardhan will serve as the Information Security Liaisons’ leader and head the Information Security Advisory Committee to promote information security throughout the exchange’s ecosystem. “I am thrilled to be a part of this dynamic sector and strengthen CoinDCX’s security posture to contribute to the industry’s growing information security landscape, especially as crypto paves the way for the future of the Internet. By developing and implementing the best-in-class safety solutions, aimed at giving CoinDCX the first-mover advantage, we will be enhancing the security credentials of the entire ecosystem,” said the new CISO of CoinDCX in a prepared statement.

The exchange says it aims to cater to its users’ demands of ensuring top notch security against hack attacks and vulnerabilities that can expose them to financial risks and losses. “We are building, and this demands greater transparency and security. Sridhar will lead our efforts in designing and maintaining an efficient corporate information security framework and build a multi-tiered security architecture at par with global standards,” said Neeraj Khandelwal, Co-founder, CoinDCX.

In a recent report, Chainalysis said that last year was the worst on record for cryptocurrency heists, with hackers stealing as much as $3.8 billion (nearly Rs. 31,100 crore). Under the circumstances, CoinDCX is looking to ensure its customers that they could experiment with crypto, while being safe in terms of online transactions.

The exchange also recently launched a crypto awareness initiative named ‘Namaste Web3′ for Indian industries and investors.


Samsung’s Galaxy S23 series of smartphones was launched earlier this week and the South Korean firm’s high-end handsets have seen a few upgrades across all three models. What about the increase in pricing? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article. 

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

AIIMS Delhi Cyberattack Originated From China; Data From Five Servers Successfully Retrieved, MoHFW Says

The AIIMS Delhi cyberattack, which crippled the online services of Delhi’s largest medical institute, originated from China, according to the FIR. Hackers breached five out of 40 physical servers, and the data from all five servers has now been successfully retrieved, senior officials from the Ministry of Health and Family Welfare, Government of India (MoHFW) said on Wednesday. 

AIIMS Delhi server attack was by the Chinese, FIR details that the attack had originated from China. Of 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. The damage would have been far worse but is now contained. Data in the five servers have been successfully retrieved now,” said the source from the Ministry of Health and Family Welfare (MoHFW).

AIIMS Delhi first reported a failure in its servers on November 23. Two of the analysts deployed to look after the servers’ securities have also been suspended for the alleged breach of cybersecurity.

AIIMS authorities in a statement issued stated that the e-Hospital data has been restored.

“The eHospital data has been restored on the servers. The network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and a large number of servers/computers for the hospital services. Measures are being taken for cyber security,” they had said. “All hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode,” the statement had said.

Earlier this month, a special cell of Delhi Police launched an investigation into the attack on the computer system at AIIMS Delhi.

According to official sources, a team of the Central Forensic Lab (CFSL) has been pressed into service to check the infected server of the AIIMS Delhi to identify the source of the malware attack.


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

AIIMS Server Remains Down for Eighth Day; Two Suspended, More Under Scanner for Cybersecurity Breach

For the eighth day running, the server at All India Institute of Medical Sciences (AIIMS) Delhi remained out of order, and according to the sources after the suspension of two analysts from Delhi more are on the radar for suspension for breaching cybersecurity.

According to the sources, “The sanitising process started, earlier it was 15 but now 25 out of 50 servers and more than 400 endpoint computers have been scanned. Antivirus uploading has also been started for future safety.”

On Tuesday, the AIIMS also issued a statement that the e-Hospital data has been restored, “The eHospital data has been restored on the servers. Network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and large number of servers/computers for the hospital services. Measures are being taken for cybersecurity.”

“All hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode” It said further. 

“The National Investigation Agency (NIA) has also joined the investigation. The India Computer Emergency Response Team (CERT-IN), Delhi Police, Intelligence Bureau, Central Bureau of Investigation (CBI) and Ministry of Home Affairs (MHA) representatives are already probing the incident,” Sources to ANI

The Internet services after the recommendations from the investigation agencies will remain blocked in AIIMS Delhi.

Laboratory information system (LIS) database and other dependent databases have been restored.

Earlier AIIMS also issued a fresh set of Standard operating procedures (SOP) which says admission, discharge and transfer of patients will be done manually at the hospital till E-Hospital is down.

“Latest SOPs that have to be followed in manual mode till E-Hospital is down. Admission, discharge and transfer are to be done manually at AIIMS, New Delhi. Indent to be done manually,” the hospital said.

It further said that the death or birth certificates are to be made manually on forms as per instruction from the working committee.

“Only urgent samples to be sent and that too with filled forms. Only urgent investigations are to be sent with forms as per instruction from the working committee,” it added.

Delhi’s All India Institute of Medical Science (AIIMS) reported a failure in its server on November 23, as per officials.


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Cybersecurity and Infrastructure Security Agency to Monitor US Midterm Elections Amid Security Concerns

CISA, or Cybersecurity and Infrastructure Security Agency, the top US cybersecurity agency said it plans to monitor and issue security alerts on the congressional election on Tuesday, amid worries about potential efforts to interfere with the vote. Election security has emerged as a key issue in the United States after officials found Russia interfered in the 2016 US election with a campaign of hacking and propaganda intended to hurt Hilary Clinton’s chances of winning against Donald Trump.

The top US cybersecurity agency plans to set up an “Elections Day Operations Center” with public and private sector partners across the country to monitor the midterms, it said in a statement on Monday.

“In recent years, election officials have had to contend with increasing disinformation from foreign adversaries, which can cause confusion about election infrastructure and undermine voters’ faith in the process,” Kim Wyman, CISA’s senior election security advisor, said in a statement last week.

“Now, when something goes wrong – and with 8,800 election jurisdictions across the country, something will go wrong somewhere – the innocuous can be made to look nefarious.”

Meanwhile, the Associated Press reported on Tuesday that Twitter is struggling to respond to political misinformation and other harmful posts on the social media platform after Elon Musk fired roughly half of its workforce just days before the US midterm elections, according to employees who survived the cuts and an outside voting rights group.

The recent mass layoffs spared many of the people whose job it is to keep hate and misinformation off the social-media platform. Musk fired only 15 percent of those frontline content-moderation workers, compared to roughly 50 percent job cuts across the company, according to an executive. But in preparation for the layoffs, employees said the company also sharply reduced how many employees can look into a specific account’s digital history and behaviour — a practice necessary to investigate if it’s been used maliciously and take action to suspend it.

The developments are causing concern as the US midterm elections culminate on Tuesday. Though millions of Americans have already cast early and absentee ballots, millions more are expected to go to the polls to cast in-person votes. Election watchers fear the platform may not be equipped to handle hate speech, misinformation that could impact voter safety and security, and actors seeking to cast doubt on the legitimate winners of elections around the country.

© Thomson Reuters 2022


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Cyberattacks Being Fuelled by Ukraine War, Geopolitics, EU Cybersecurity Agency Says

Geopolitics such as Russia’s invasion of Ukraine has led to more damaging and widespread cybersecurity attacks in the year to July, EU cybersecurity agency ENISA said in its annual report on Thursday.

ENISA’s study follows concerns about the role of state actors and the growing range of threats to governments, companies and essential sectors such as energy, transport, banking and digital infrastructure.

The agency said geopolitical situations – in particular the Russian invasion of Ukraine – were game-changers during the period under review.

Zero-day exploits in which hackers exploit software vulnerabilities before developers have a chance to fix the flaws, as well as artificial intelligence-enabled disinformation, and deepfakes resulted in more malicious and widespread attacks with more damaging impact, it said.

“Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors,” ENISA Executive Director Juhan Lepassaar said in a statement.

About 24 percent of cybersecurity attacks targeted public administration and governments while 13 percent targeted digital services providers, the report said.

The European Union in May agreed on tougher cybersecurity rules for essential sectors, with companies required to assess their risks, notify authorities and take measures to deal with the risks or face fines up to 2 percent of global turnover.

On Wednesday, Reuters reported that the US Treasury last month repelled cyberattacks by a pro-Russian hacker group, preventing disruption and confirming the effectiveness of the department’s stronger approach to financial system cybersecurity, citing a US Treasury official.

The Treasury has attributed the distributed denial of service (DDoS) attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several US states and airports in October, said Todd Conklin, cybersecurity counsellor to Deputy Treasury Secretary Wally Adeyemo.

The incident, not previously reported, occurred a couple of days before similar attacks from Killnet on US financial services firms, Conklin told a financial services industry and regulator conference on cybersecurity.

© Thomson Reuters 2022


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Australia Proposes Stringent Penalties for Failure to Protect Customer Privacy After Cybersecurity Breaches

Australia on Saturday proposed tougher penalties for companies that fail to protect customers’ personal data after two major cybersecurity breaches left millions vulnerable to criminals.

The penalties for serious breaches of the Privacy Act would increase from AUD 2.2 million (roughly Rs. 11 crore) now to AUD 50 million (roughly Rs. 264 crore) under amendments to be introduced to Parliament next week, Attorney-General Mark Dreyfus said.

A company could also be fined the value of 30 percent of its revenues over a defined period if that amount exceeded AUD 50 million.

Dreyfus said “big companies could face penalties up to hundreds of millions of dollars” under the new law.

“It is a very, very substantial increase in the penalties,” Dreyfus told reporters.

“It’s designed to make companies think. It’s designed to be a deterrent so that companies will protect the data of Australians,” he added.

Parliament resumes on Tuesday for the first time since mid-September.

Since Parliament last sat, unknown hackers stole personal data from 9.8 million customers of Optus, Australia’s second-largest wireless telecommunications carrier. The theft has left more than one-third of Australia’s population at heightened risk of identity theft and fraud.

Unknown cybercriminals this week demanded ransom from Australia’s largest health insurer, Medibank, after claiming to have stolen 200 gigabytes of customers’ data including medical diagnoses and treatments. Medibank has 3.7 million customers. The company said the hackers had proved they hold the personal records of at least 100.

The thieves have reportedly threatened to make public medical conditions of high-profile Medibank customers.

Dreyfus said both breaches had shown “existing safeguards are inadequate.”

As well as failing to protect personal information, the government is concerned that companies are unnecessarily holding too much customer data for too long in the hope of monetizing that information.

“We need to make sure that when a data breach occurs the penalty is large enough, that it’s a really serious penalty on the company and can’t just be disregarded or ignored or just paid as a part of a cost of doing business,” Dreyfus said.

Dreyfus hopes the proposed amendments will become law in the final four weeks that Parliament will sit this year.

Any new penalties will not be retroactive and will not effect Optus or Medibank.


Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version