Tag Archive for: commerce

China suspected in hack of critical entities – Finance & Commerce

/in


RICHMOND, Va. — A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical U.S. entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.

The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to U.S. critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The U.S. government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well…

Source…

As holiday mobile commerce breaks records, retail apps display security red flags

/in


Driven by the pandemic, many consumers rely on mobile apps to buy everything from daily essentials to holiday gifts. However, according to a recent analysis, there are some alarming security concerns among some of the top 50 Android retail mobile apps.

retail apps security

Retail mobile apps are missing basic security functionality

Most of the top 50 retail mobile applications analyzed in September 2020 did not apply sufficient code hardening and runtime application self-protection (RASP) techniques.

These security techniques protect the application against tampering or being copied and distributed by a malicious third party as fake apps. Competitors can also exploit a lack of code hardening to execute business or technical denial of service attacks, making the mobile app difficult for customers to use. Or they can create competitive third-party aggregators that weaken the brand and lead to a loss in revenue.

Nearly all of the applications in the analysis fell short across basic application hardening techniques. These included code hardening techniques such as name obfuscation, which hides identifiers in the application’s code to prevent hackers from reverse engineering and analyzing source code. In addition, encryption techniques such as string, asset/resource, and class encryption prevent malicious actors from gaining insight into sensitive information, assets, or the internal logic of applications.

Application hardening also includes RASP techniques such as root/jailbreak and emulator detection, which shows when an attacker is attempting to bypass application sandboxes and conduct unapproved actions. Nearly a quarter of apps were completely unprotected in these areas. Without adequate protection, retail mobile apps could be tampered with or even copied and turned into “fake apps.” Fake retail apps are especially risky because they can capture sensitive personally identifiable information (PII) from shoppers, such as names, credit card numbers, addresses, and more.

Consumers must be on the lookout for fake mobile apps

With the massive rise in mobile commerce, consumers must be on the lookout for telltale signs of fake mobile apps. There are a few ways to spot these apps in the…

Source…

US energy, treasury, commerce departments among those hacked

/in


U.S. government agencies including Treasury, Energy and Commerce were hacked. Officials suspect Russia was behind the cyberattack.

WASHINGTON — Federal authorities expressed increased alarm Thursday about a long-undetected intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers. The nation’s cybersecurity agency warned of a “grave” risk to government and private networks.

The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message. The Department of Energy acknowledged it was among those that had been hacked.

The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.

Trump, whose administration has been criticized for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.

President-elect Joe Biden, who will inherit the potentially difficult U.S.-Russia relationship, spoke up forcefully about the hack, declaring that he and Vice President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office.”

“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”

“There’s a lot we…

Source…

Hollywood Chamber Of Commerce Trademark Bullies Kevin Smith’s Podcast Over Hollywood Sign

/in

The Hollywood Chamber of Commerce is somewhat infamous for its constant trademark bullying over the famed Hollywood sign (you know the one). Its latest target is apparently the Hollywood Babble-On podcast that is done as a live show each week by radio/podcast guy Ralph Garman and filmmaker/entertainer Kevin Smith. Before the show this past weekend, Garman had tweeted out that it might be the last Hollywood Babble-On ever. In the opening minutes of their latest episode, Garman explains that they’ve received a cease and desist letter from the Hollywood Chamber of Commerce “re: unauthorized use of Hollywood stylized mark and Hollywood Walk of Fame mark.”

While I haven’t seen the full cease-and-desist letter, from what Garman said on the podcast, the issue is so ridiculous that the Hollywood Chamber of Commerce should be called out for blatant trademark bullying. You see, while this is the normal logo/image promoting the podcast:

At times, they’ve used other images, such as this one:

It’s that image that is apparently part of the problem (even though it’s not clear how often it was used). The Chamber of Commerce is using the Hollywood style lettering, which is an approximation of the famous Hollywood sign, and the star behind their heads (which it apparently believes is an implied reference to the stars on Hollywood’s walk of fame), to argue that this is unauthorized use of their marks. Some trademark lawyers will likely disagree, but this seems like classic trademark bullying.

If you’re unfamiliar with the podcast (and I’ll confess to being a loyal listener from Episode 1 through the latest, and got to see the show once live at Kevin’s invitation after he was on our podcast a few years ago), it’s a fun (frequently not safe for work) show looking at some highlights from the week’s entertainment news, mixed in with a series of re-occurring bits, frequently involving Garman’s rotating cast of impressions. In short, it’s two funny guys, who are both in show business and have been for many years, goofing off talking about show business, frequently mocking some of the crazier news stories coming out of that business.

In other words, there’s no way in hell that anyone in their right mind thinks that this podcast is officially sanctioned by “Hollywood” as some sort of official Hollywood product. The whole thing is kind of gently mocking some of Hollywood’s sillier foibles. Indeed, this seems like a perfect use case for the old standby in trademark law: the “moron in a hurry” test. And, to make it more relevant to the hobbies of choice of Ralph and Kevin, I think it could be argued that neither a drunk, nor a stoned “moron in a hurry” would ever face even the slightest “likelihood of confusion” that Hollywood somehow had endorsed the podcast, just because it briefly had images showing slightly askew letters and a star.

It remains one of the more frustrating aspects of trademark law that so many people believe that it means you get total control over the marks in question. That’s not how it’s supposed to work. It’s only in cases where there is a likelihood of confusion that people would be confused and believe that the mark holder is behind (or otherwise endorses) the products and services in question. And here, that seems pretty difficult to believe. Of course, rather than fight these kinds of things out, it’s frequently much easier to just pay up, which may be what the lawyers for the Hollywood Chamber of Commerce are banking on.

Permalink | Comments | Email This Story

Techdirt.