Tag Archive for: good

Microsoft warns about China-based hacking group that’s up to no good (again)

/in


Microsoft logoSource: Daniel Rubino / Windows Central

The China-based group of hackers associated with the SolarWinds Serv-U exploits from mid 2021, referred to as “DEV-0322” by Microsoft, is back in the limelight thanks to its efforts to compromise systems utilizing ZOHO ManageEngine ADSelfService Plus software.

DEV-0322’s latest activities appear to have a wide net of targets, including those in “the Defense Industrial Base, higher education, consulting services, and information technology sectors,” according to Microsoft. The tech giant first spotted the China-based hackers’ new operation on September 22, 2021, meaning the dangers have been around for a while now. You can read an in-depth breakdown of the activity Microsoft detected and a host of other technical information over at the company’s blog post wherein it gives an overview of the threat actor’s work as well as what you, the potentially affected individual, can do to suss out whether you’ve been compromised.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

DEV-0322 is one of many, many groups Microsoft is keeping an eye on. In the company’s 2021 Digital Defense Report, it gave details on malicious operations originating from all over the planet, including North Korea, Iran, South Korea, Turkey, and Vietnam. China was also on the list, as was Russia, with the latter nation managing to claim Microsoft’s troublemaker-of-the-year award thanks to its 2020 and 2021 SolarWinds activities, among other attacks.

China worked hard to stay on Microsoft’s radar as well, however, gaining recognition in the aforementioned report for its cyberattack efforts, including one that may have been used to harvest data for secret AI projects.

We may earn a commission for purchases using our links. Learn more.

Source…

School surveillance of students via laptops may do more harm than good

/in


(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.)

(THE CONVERSATION) Ever since the start of the pandemic, more and more public school students are using laptops, tablets or similar devices issued by their schools.

The percentage of teachers who reported their schools had provided their students with such devices doubled from 43% before the pandemic to 86% during the pandemic, a September 2021 report shows.

In one sense, it might be tempting to celebrate how schools are doing more to keep their students digitally connected during the pandemic. The problem is, schools are not just providing kids with computers to keep up with their schoolwork. Instead – in a trend that could easily be described as Orwellian – the vast majority of schools are also using those devices to keep tabs on what students are doing in their personal lives.

Indeed, 80% of teachers and 77% of high school students reported that their schools had installed artificial intelligence-based surveillance software on these devices to monitor students’ online activities and what is stored in the computer.

This student surveillance is taking place – at taxpayer expense – in cities and school communities throughout the United States.


For instance, in the Minneapolis school district, school officials paid over $355,000 to use tools provided by student surveillance company Gaggle until 2023. Three-quarters of incidents reported – that is, cases where the system flagged students’ online activity – took place outside school hours.

In Baltimore, where the public school system uses the GoGuardian surveillance app, police officers are sent to children’s homes when the system detects students typing keywords related to self-harm.

Safety versus privacy

Vendors claim these tools keep students safe from self-harm or online activities that could lead to trouble. However, privacy groups and news outlets have raised questions about those…

Source…

Is Ethical Hacking A Good Career?

/in


Hacking produced numerous online crime and theft problems in IT, where the Internet brought people worldwide closer. Various alternatives and techniques that interfere with the privacy of the individual are available. Therefore, security has become a primary concern in the digital world. Even many IT companies have encountered financial losses and infringements due to security problems. The method to deal with these security issues is to understand how it functions and works accordingly. We can call this kind of hacking ethical hacking. It is legal in this digital world, and one can opt for ethical hacking as a career in this digital era.

Hacking can be defined as gaining access to unauthorized servers or computer systems and using it for malicious purposes. For example, the hacker may remove system files and steal crucial information after gaining access to a system. Hacking without permission is not legal; however, hacking with permission is classified as Ethical Hacking and is used to identify flaws in a computer system. Reputable software businesses frequently hire ethical hackers to get into their systems/servers and uncover vulnerabilities and weak endpoints to be addressed.

Start The “Introduction to IT & Cybersecurity” Course Now >>

Benefits of choosing Ethical Hacking as a Career Opportunity

1. Know about hacking techniques to prevent being hacked

Before moving on to protecting others, one must first learn how to defend oneself. Being an ethical hacker, one can learn to safeguard others from various cybercrimes, such as password theft and social engineering. One will learn how to defend themselves against cybercrimes.

2. Always challenging tasks

Ethical hacking is always challenging. If one gets used to new challenges, there is always have scope to learn new techniques and enhance knowledge every time. With existing dangers evolving into new ones and black hat hackers devising various further attacks, you’ll need to do a lot of thinking. It’s also unlike your typical brainstorming session because, as an ethical hacker, you’ll have to remedy the mistakes made by attackers, which needs a creative approach.

3. Knowing different ways to hack new technologies

Learning…

Source…

Rapid7 says Computer Misuse Act should include ‘good faith’ infosec research exemption • The Register

/in


Infosec firm Rapid7 has joined the chorus of voices urging reform to the UK’s Computer Misuse Act, publishing its detailed proposals intended to change the cobwebby old law for the better.

The cloud-based SIEM company specifically highlighted section 3A of the CMA, saying this potentially “imperils dual-use open-source security testing tools and the sharing of proof-of-concept code”.

It also echoed other industry concerns about criminalising general security research through section 1 of the act, which prohibits accessing a computer without the owner’s permission.

“It’s worth noting that neither the National Crime Agency (NCA) or the CPS seem to be recklessly pursuing frivolous investigations or prosecutions of good-faith security research. Nonetheless, the current legal language does expose researchers to legal risk and uncertainty, and it would be good to see some clarity on the topic,” said Rapid7 in a blog post published over the sleepy summer period.

Highlighting “dual use technologies” the company suggested “clearer protections” under section 3A(2), exempting anything “capable of being used for legitimate purposes” and which were both widely available and “intended by the creator or supplier” for legitimate uses.

Where this would leave tools such as Cobalt Strike is unclear. The threat simulation tool was originally developed for pentesters but has become ubiquitous among malicious folk on the internet – to the point where six suspects arrested in connection with the notorious Clop ransomware gang were found to be using it.

Rapid7 also proposed a legal exemption for “good faith” security research, resting on the notion that good faith research can be shown to be carried out “in a manner reasonably designed to minimise and avoid unnecessary damage or loss to property or persons”.

The Home Office announced plans to reform the…

Source…