Tag Archive for: Fuels

Suspected Russian hack fuels new US action on cybersecurity

/in


WASHINGTON (AP) — Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats.

The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats.

It’s also likely to unleash a wave of spending on technology modernization and cybersecurity.

“It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing.

The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems.

President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Biden, making his first major international speech Friday to the Munich Security Conference, said that dealing with “Russian recklessness and hacking into computer networks in the United States and across Europe and the world has become critical to protecting our collective security.”

Republicans and Democrats in Congress have called for expanding the size…

Source…

Massive breach fuels calls for US action on cybersecurity

/in


WASHINGTON (AP) — Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats.

The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats.

It’s also likely to unleash a wave of spending on technology modernization and cybersecurity.

“It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing.

The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems.

President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Republicans and Democrats in Congress have called for expanding the size and role of the agency, a component of the Department of Homeland Security. It was created in November 2018 amid a sense that U.S. adversaries were increasingly targeting civilian government and corporate networks as well as the “critical” infrastructure, such as the energy grid that…

Source…

The strange, unexplained journey of ToTok in Google Play fuels user suspicions

/in
Promotional image of smartphone app.

Enlarge (credit: ToTok.ai)

In late December, Google and Apple removed the ToTok social messaging app from their marketplaces after US intelligence officials told The New York Times it was a tool for surreptitious spying by the United Arab Emirates government. About a week later, Google reinstated the Android version of the app with no explanation, a move that confounded app users and security experts. Now Google has once again baffled industry watchers by once again banishing the app without saying why. (Apple, meanwhile, has continued to keep the iOS version of ToTok out of the App Store.)

(credit: @sooohaib)

Over the past few days, Play Protect, the Google service that scans Android devices for apps that violate the company’s terms of service, started displaying a warning that says: “This app tries to spy on your personal data, such as SMS messages, photos, audio recordings, or call history. Even if you have heard of this app or the app developer, this version of the app could harm your device.”

The message, displayed to the right, then gives the user the option to either “uninstall” or “keep app (unsafe).”

Read 12 remaining paragraphs | Comments

Biz & IT – Ars Technica