Tag: aren’t | SpinSafe

Former NCSC chief calls for ransomware payments ban, but cyber security experts aren’t keen

March 4, 2024/in Internet Security

The former chief executive of the UK’s National Cyber Security Centre (NCSC) has called for the government to ban organizations from making ransomware payments.

Writing in The Times, Ciaran Martin, who served as the NCSC’s inaugural chief executive, suggested a ban could help put a stop to the ever-increasing proliferation of ransomware, referring to the ‘apparently sanguine attitude’ of British policymakers to cyber criminals groups.

“Ransomware is by far the most damaging cyber threat to most businesses right now. We have to find a way of making a ransom payments ban work,” he wrote.

Martin suggested that any ban would need a better support network for affected companies. However, the lack of such a policy is in part down to the US’ reluctance to introduce a ban amid concerns that it would unreasonably constrain businesses.

Similar concerns have been raised that this could be a particular problem for the country’s hospitals, many of which are in the private sector.

Currently, many governments, including the UK, have a policy that they won’t pay ransoms themselves. In October 2023, 40 countries pledged their support for the International Counter Ransomware Initiative (CRI) as part of an effort to create a more aligned global approach to cyber crime.

Participating nations agreed not to make payments and pledged to share information and create a blacklist of digital wallets being used to deposit and move ransomware payments.

The official advice for UK-based companies is that they should not pay ransoms under any circumstances. The NCSC suggests that even when companies do so, there’s no guarantee that they will get access to their data or systems back, that computers will still be infected, and that those who pay are more likely to be targeted in the future.

Across the cyber security community, there are mixed feelings about whether or not a ban should be introduced.

Oliver Norman, vice president for UK and Ireland at data management firm Veritas, said that regardless of a ban, the outcome of incidents will remain the same, with organizations more likely to be targeted in future and given no guarantees of having data safely returned.

“Whether banned or not, paying not only puts a…

Source…

Android VPNs to get audit badges in Google Play Store if they aren’t comically crap • The Register

November 4, 2023/in Mobile Security

Google wants to help Android users find more trustworthy VPN apps through better badging alerting to independent audits.

The ad impresario and cloud concession has afforded independently audited applications in its Play store a more prominent display of their security bonafides, specifically a banner atop their Google Play page.

VPN apps are the first to receive this special treatment, explained Nataliya Stanetsky, from Google’s Android Security and Privacy Team, in an announcement, because they handle significant amounts of sensitive data. And they’re thus a popular target for subversion by miscreants.

“When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the ‘Independent security review’ badge in the Data Safety Section,” said Stanetsky.

Last year, Google’s partnership with the App Defense Alliance (ADA), launched in 2019, was expanded to include the Mobile App Security Assessment (MASA), a way to check Android apps to ensure they comply with a security standard defined by OWASP.

It’s not a particularly thorough audit. As the ADA’s website states, “MASA is intended to provide more transparency into the app’s security architecture, however the limited nature of testing does not guarantee complete safety of the application.”

The ADA also advises that MASA does not necessarily check app developers’ safety declarations. Obviously the alliance doesn’t want to be blamed if it misses something and an info-stealing app slips by, but the group’s MASA endorsement counts for something.

MASA looks for obvious bad practices, like whether sensitive data gets written to application log files and whether the app reuses cryptographic keys for multiple purposes, among its many checks. It’s safe to say you’re better off with apps that avoid such missteps, even if it’s not safe to say they’re guaranteed to be secure.

At least if MASA misses, the Android ecosystem has other security measures in place. As Google proudly proclaims, it tries to protect against PHAs and MUwS – potentially harmful applications and mobile unwanted software, in case your gibberish translator is down. It does so through static and dynamic risk…

Source…

Russian hackers aren’t done with Ukraine

February 26, 2023/in Computer Security

With Russian advancement in its war with Ukraine often stalled, the country has frequently turned to cyberattacks to cause mayhem for the defenders.

Around the Feb. 24 anniversary of Russia’s invasion, cybersecurity experts observed dozens of state-sponsored attacks on Ukrainian targets, including internet services, power stations, and government websites.

NEW START TREATY: PUTIN SUSPENDS PARTICIPATION IN LAST REMAINING NUCLEAR DEAL WITH US

Ukraine’s own State Service of Special Communications and Information Protection reported that the overall number of cyberattacks on the country in 2022 nearly tripled from 2021 levels. Attacks from Russian IP addresses increased by 21%, it said.

The Council on Foreign Relations’ cyber operations tracker logged 29 state-sponsored attacks on Ukraine in 2022, with nearly all attributed to hacking groups affiliated with the Russian government.

Still, the think tank’s list may not be exhaustive, cybersecurity experts said. Many cybersecurity organizations have seen a significant increase in cyberattacks on Ukraine and its allies since the invasion began.

For example, between Feb. 24 and March 1, 2022, the Canadian Centre for Cyber Security identified at least seven major cyberattacks against Ukrainian targets, with four Russian hacking groups identified as the likely culprits.

On Feb. 24, distributed denial of service, or DDoS, attacks targeted Ukraine’s defense ministry and major banks there. The U.S. government attributed the attacks to Russian military intelligence officers, noted Jack Nichelson, CISO of cybersecurity provider Inversion6. And on March 1, wiper malware targeted several Ukrainian organizations, including media companies and government agencies, with the goal of destroying computer systems and stealing data. Microsoft linked the attacks to Russian hackers.

“Cyberattacks have the potential to be a decisive factor in an active war scenario,” Nichelson said. “While it is true that cyber operations may not be the sole determining factor in the conflict’s outcome, they can significantly impact…

Source…

No, Texas voting machines aren’t switching your votes

October 28, 2022/in Computer Security

Sensitive touch screens aren’t always user friendly and make it easy for voters to accidentally select the wrong candidate.

THE TEXAS TRIBUNE — Warnings to double-check early-voting ballots began spreading across social media this week as some Texas voters claimed that electronic voting machines had switched their votes from Democratic to Republican.

But this isn’t a case of grand conspiracy, malfeasance or rigged machines. Instead, election officials, security experts and voting rights advocates say some of the touch-sensitive screens on voting machines can be tricky to use, much like miscues while trying to use a smartphone. Midland County Election Administrator Carolyn Graves likened the experience to texting with a small keypad.

“If you don’t hit it just exactly right, you’re gonna hit one of the letters around it,” Graves said. “It’s essentially the same thing. If you don’t hit it with the tip of your finger or turn your finger to the side, then you could hit the other [choice].”

This isn’t the first election during which voters have been wary of voting machines. In 2018, Texas officials said voters were attempting to make their selections before machines could render and record their votes, causing similar concerns in the U.S. Senate race between Republican incumbent Ted Cruz and Democrat Beto O’Rourke.

“These issues have been showing up, in one form or another, since electronic voting machines were first introduced 20-plus years ago,” said Dan Wallach, a computer science professor at Rice University and longtime election security researcher. “As far as we can tell, these are simply design issues with the machines.”

So, what’s a voter to do? Election officials, security experts and voting rights advocates agree voters should carefully review their ballots to verify selections. If there is an error on a printed ballot, voters have the right to get up to two additional ballots to make…

Source…

Tag Archive for: aren’t