Tag: ‘Fix’ | Page 2

SEC urged to fix cyber security after X account hack – Security

January 12, 2024/in Computer Security

US lawmakers have urged the Securities and Exchange Commission (SEC) to review its cyber security preparedness after the financial regulator’s X account posted market material information earlier in the week due to a hack.

SEC urged to fix cyber security after X account hack

Someone briefly accessed its X, formerly called Twitter, account this week, the agency had confirmed, and posted a fake message saying it had approved exchange traded funds (ETF) for bitcoin.

The SEC eventually approved the first US-listed ETFs to track bitcoin the following day, but the unauthorised post a day earlier led to a rise in the price of Bitcoin to around US$48,000 ($71,770) before falling to below US$45,000 minutes later.

In a letter to the agency on Thursday, Ron Wyden, a Democratic senator from Oregon, and Cynthia Lummis, a Republican senator from Wyoming, sought an investigation into the incident, which they deemed as “SEC’s apparent failure to follow cyber security best practices”.

X, which is owned by billionaire and Tesla boss Elon Musk, confirmed that hack.

It said that an “unidentified individual” obtained control over a phone number associated with the agency’s account and that the SEC did not have multi-factor authentication enabled at the time.

Multi-factor authentication (MFA) is a two-pronged privacy tool which allows access to an internet account only after the user has keyed in the password and a security key sent over on email, to a phone or generated via an authenticator app or fob.

“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” Wyden and Lumis said in their letter.

The SEC had earlier said it was working with law enforcement to investigate the hack.

Source…

Avira Antivirus Is Causing Windows PCs To Run So Hard They Freeze Up, Fix Available

December 13, 2023/in Computer Security

One of the telltale signs that your PC has become ill with a virus is an unexpected slowdown in performance. Various forms of malware can sometimes feast on your system’s resources, whether it’s a hidden cryptocurrency miner, keylogger, or something else. Ironically, a recent update to Avira’s antivirus software is having the same effect on system PCs, with users reporting system freezes in Windows.

The issue came to light this week in a post on Reddit. A user who goes by “kiiniiwiinii” reported that their PC had suddenly begun freezing up, which prompted them to start disabling background apps one by one, until only Avira remained running.

“Two other people I know had the same issue (both have Avira). Fixed it by going into safe startup and uninstalling Aviera. This along with the game booster (that we didn’t enable) causing lag (took forever to figure out the cause) and the horrible support, I will be cancelling my subscription and keeping Avira uninstalled,” the user wrote.

Several others chimed in to the Reddit thread and said they too were experiencing the same performance hiccup. One user said they noticed the apparent glitch was causing Avira to utilize 100% of their processor and memory resources. Others reported seeing the same issue on dozens of client PCs. So, what gives?

Avira’s parent company, Gen Digital, confirmed the issue in a statement to Heise.de. According to Gen Digital, a bug in Avira’s firewall was causing the issue “under a certain condition.” The company also said that the issue has been resolved via a new software update.

“We are aware that a recent update from Avira has caused problems for some Windows 10 and Windows 11 users. These were automatically resolved by an update released on Monday, December 11th [at] 11:30 a.m. (CET). In the unlikely event that the update has not reached all computers, users can contact the Avira support team who will be happy to help them,” Gen Digital said.

Interestingly, Gen Digital also said that if the update does not arrive for some reason,…

Source…

Infosys Ransomware Attack Affecting Nonqual Plans Nearing Fix

November 24, 2023/in Internet Security

Nonqualified compensation benefit accounts held hostage by a ransomware attack may be nearing reactivation, according to a notice to providers obtained by PLANADVISER.

The cybersecurity event at Infosys McCamish Systems LLC that halted multiple national retirement and insurance provider platforms, starting on November 2, was the result of a ransomware attack, according to sources familiar with the issue and the note to providers. Infosys BPM Ltd., the Bangalore, India-based parent company of Infosys McCamish, has only called it a “cybersecurity event” and did not immediately respond to request for further comment on the fix.

“As we previously informed you, McCamish Systems, an Infosys subsidiary and a provider critical to our ability to process and update participant transactions, experienced a ransomware event on November 2,” stated a letter from nonqualified plan provider Newport, owned by Ascensus, to benefits clients on Tuesday. “IMS notified us that it has successfully restored and rebuilt its environment.”

Infosys on November 3 disclosed the cybersecurity event to the Securities and Exchange Commission as part of a Form 6-K filing.

On Thursday, T. Rowe Price, the Vanguard Group and Ascensus noted that a breach at the platform provider had halted account use for nonqualified compensation plans and, in the case of Principal Financial Group, group universal life insurance accounts. None provided further comment on the fix.

Infosys had hired a third-party security expert, Palto Alto Networks Inc.’s Unit 42, to investigate the attack. Unit 42 confirmed that the systems have “been hardened” and that the security firm has not observed any “indication of ongoing unauthorized access or activity,” according to the letter.

Participants with nonqualified plans do not yet have access to their accounts, with an update to come the week of November 27. As of now, no participant data has been exposed, according to this and prior correspondence from the providers.

“As previously communicated, we are taking a number of actions to protect your data and ensure that participant accounts will reflect up-to-date, accurate values, including…

Source…

Fix security holes in election management

October 11, 2023/in Computer Security

North Korea can infiltrate South Korea’s internal network to manipulate voting results if it wants to, according to the National Intelligence Service’s (NIS) investigation of the National Election Commission (NEC). The finding on the NEC that oversees the process of presidential, parliamentary and local elections is shocking, especially ahead of next year’s parliamentary elections on April 10. In the worst possible scenario, the security loopholes in the election management system can prompt losers not to accept the results of the legislative election.

On Tuesday, the NIS announced the results of its investigation on the NEC’s election management system from July 17. It discovered a fault in the ballot opening procedure, which is crucial to the election outcome. Anyone could break into the NEC system by using a staffer’s password, which was, simply, “12345.”

The confusion in the early voting system was also confirmed to be serious. Hackers can easily break into the computer network from unauthorized outside systems, change early voters into nonvoters and manipulate the numbers to influence the final votes.

Stamping in early votes also could be easily exposed, as faking ballot cards was possible through printing tricks. A North Korean hacking group broke into the email box of an NEC employee in 2021, stole sensitive data, and leaked it to outside.

Whether North Korea succeeded in raiding South Korea’s election management system is unclear. The latest results should not be linked to raising questions on the outcome of the 2020 parliamentary elections and others. But the NEC must come up with appropriate measures to address its systemic vulnerabilities to North Korea’s hacking threat, especially ahead of the parliamentary election next April. The election management body must pay more heed to the early voting system due to the alarming findings in the previous legislative election. If quick fixes cannot be possible, authorities need to consider strengthening the firewall or streamlining the system.

The NEC retorted that voting results cannot be manipulated as they proceed publicly unless there is a large…

Source…

Tag Archive for: ‘Fix’