Tag: concerns. | Page 2

SEC account hack amplifies concerns over security at Elon Musk’s X

January 10, 2024/in Internet Security

SAN FRANCISCO – The US Securities and Exchange Commission (SEC) said its account on social network X was “compromised”, leading to a spike in the price of Bitcoin and raising fresh questions about X’s reliability as a source of information and the strength of its security practices.

The incident, one of the most consequential breaches in years on the platform formerly known as Twitter, began with a post on the SEC’s official verified account, which inaccurately shared that the regulator had approved spot-Bitcoin exchange-traded funds (ETFs) – a decision that had been anticipated for later this week. The price of Bitcoin quickly shot up more than 2.5 per cent as news of the post spread online and via media outlets, that were watching the SEC’s feed for such an announcement.

Within minutes, SEC chair Gary Gensler jumped in from his own X account to clarify that the SEC’s post was inaccurate, even while the message remained up on X for roughly 30 minutes. “The @SECGov Twitter account was compromised, and an unauthorised tweet was posted,” Mr Gensler wrote on X. Bitcoin’s price tumbled.

Mr Joe Benarroch, head of business operations at X, said in a statement: “The account is secure, and we are investigating the root cause.”

Still, the high-profile breach comes at a time when X and billionaire owner Elon Musk are seeking to win back trust from both users and advertisers, many of which have been dismayed by Mr Musk’s free-for-all style of leadership since his 2022 takeover. Mr Musk has pivoted away from some of the prior regime’s efforts to rein in offensive or harmful content, and has severely scaled back staff to save on costs. Those cuts have led to regular bugs and outages.

Mr Alex Stamos, chief trust officer at SentinelOne and former security chief at Meta Platforms, said: “This has to be the most sophisticated use of a stolen Twitter account ever. At a minimum, this indicates that the hollowed-out X team can’t keep up with advances in account takeover techniques.”

The social media service confirmed that “an unidentified individual” compromised the SEC’s account by acquiring an associated phone number. It added that the regulator had not…

Source…

Chinese Hackers Target American Infrastructure, Raising Concerns of Cyber Warfare

December 22, 2023/in Internet Security

According to U.S. officials and security experts, hackers affiliated with China’s People’s Liberation Army have been infiltrating the computer systems of critical American entities in an effort to disrupt key infrastructure. Over the past year, about two dozen entities have fallen victim to these cyber intrusions, including a water utility in Hawaii, a major West Coast port, and at least one oil and gas pipeline. Their targets also included the operator of Texas’s power grid. It appears that the Chinese military aims to sow chaos and panic or obstruct logistics in the event of a conflict between the U.S. and China in the Pacific.

While the intrusions did not cause any disruptions or impact industrial control systems, it is evident that China wants to complicate U.S. efforts to deploy troops and equipment to the Pacific region. The Chinese military intends to gain the ability to disrupt critical infrastructure and affect decision-making during a crisis. This marks a significant shift from their previous cyber activities focused on political and economic espionage.

The cyber campaign, known as Volt Typhoon, was first detected the U.S. government about a year ago. It targets entities within the Indo-Pacific region, particularly Hawaii. The hackers often disguise their tracks utilizing innocuous devices like home or office routers. Their primary objective is to steal employee credentials that can be used to maintain persistent access.

The revelations concerning China’s cyber warfare capabilities confirm the fears expressed in the annual threat assessment the Office of the Director of National Intelligence. The assessment warned that China is capable of launching cyberattacks that could disrupt critical U.S. infrastructure. In the face of a possible conflict, China would not hesitate to conduct aggressive cyber operations against U.S. assets worldwide.

The victims of Volt Typhoon include smaller companies and organizations across various sectors. It is believed that these entities were opportunistically targeted in the hopes of gaining access to larger, more critical customers through their supply chains.

Chinese military officers have outlined the use of cyber tools and network…

Source…

Central government urges immediate action for Mozilla Firefox users amid security concerns

November 28, 2023/in Computer Security

certin, mozilla firefox, web browser, security alert, security warning, hacking attempts, hackers — Image Source : FILE Representational Image

CERT-In, the Indian Computer Emergency Response Team, has issued a security warning regarding Mozilla’s Firefox web browser. The alert mentioned potential vulnerabilities that could be exploited by hackers to access confidential user data. It’s concerning as Firefox faces not just one, but multiple security issues.

Affected Versions

Firefox ESR versions before 115.5.0

Firefox iOS versions before 120

Mozilla Thunderbird versions before 115.5

The Risks

The highlighted security flaws indicate the possibility of unauthorised access which poses a major threat to user security.

Protective Measures Advised by CERT-In

Update Firefox Immediately: Users are strongly advised to update their Firefox browser promptly. This step is crucial in addressing and mitigating the identified security issues.

Enable Automatic Updates: Ensure that automatic updates are enabled for your Firefox browser. This feature helps in keeping the browser’s security measures up-to-date.

Exercise Caution with Links and Attachments: Avoid clicking on links and opening attachments from unknown senders, whether through messages or emails. This simple precaution can prevent potential security threats.

CERT-In’s Recent Alerts

In recent weeks, CERT-In has been proactive in issuing security alerts. Prior warnings included concerns about security problems in Chrome on Android and highlighted vulnerabilities in major applications developed by Adobe.

Tips to Stay Safe

Staying vigilant and taking immediate action to update software are critical steps in safeguarding against potential security breaches. As cyber threats continue to evolve, users are encouraged to follow best practices to protect their devices and sensitive information. For further details and the latest updates, users can refer to CERT-In’s official website.

ALSO READ | No charger? Check these tips to keep your iPhone alive in emergency situations

ALSO READ | Xiaomi’s HyperOS update details revealed- Is your smartphone on the…

Source…

Alleged GE hack raises concerns about US national security

November 28, 2023/in Computer Security

General Electric Co. has allegedly been hacked, and the hacker is offering stolen data, including Defense Advanced Research Projects Agency documents for sale on a hacking forum, raising national security concerns.

The hacker behind the alleged hack goes by the name of “IntelBroker” and was offering the stolen data for sale on the BreachForums hacking forum, which is not a dark web site but a regular internet forum easily found in Google. According to the listing, the hacker is selling the stolen data, which includes SSH and SVN access, DAPRA-related military information, SQL files and documents. The hacker does provide screenshots of the stolen information as proof of the hack.

IntelBroker was previously in the news in September following a data breach at DC Health Link, the District of Columbia’s health insurance exchange. The data stolen in that hack included Social Security numbers, dates of birth, email addresses and home addresses.

Officially, GE has neither confirmed nor denied that they were hacked. A spokesperson told Bleeping Computer that the company is “aware of claims made by a bad actor regarding GE data and are investigating these claims. We will take appropriate measures to help protect the integrity of our systems.”

Given GE’s role in the defense industry and the inclusion of documents from DAPRA, the breach may have serious U.S. national security implications.

“Aside from the theft of classified information, I am very concerned that GE’s environment is being used to conduct island hopping into Federal agencies,” Tom Kellermann, senior vice president of cyber strategy at application security software platform provider Contrast Security Inc., told SiliconANGLE. “IntelBroker is notorious for selling access to compromised systems. I would assume the Chinese and Russians are already in.”

Darren Williams, founder and chief executive of anti-data exfiltration and ransomware prevention company BlackFog Inc., said IntelBroker has already been responsible for a handful of high-profile attacks.

“This attack will not only have a negative impact on the company itself but could have substantial implications for the current sensitive…

Source…

Tag Archive for: concerns.

Affected Versions

The Risks

Protective Measures Advised by CERT-In

CERT-In’s Recent Alerts

Tips to Stay Safe