Tag Archive for: official

Official Beijing 2022 Olympics Mobile App Is Marred by Security Flaws, Researchers Say

/in


A mobile app that’s mandatory for all participants in next month’s Winter Olympics in Beijing contains security flaws that could make it easy for a hacker to steal sensitive personal information, cybersecurity researchers in Canada warn.

The China-built app, My 2022, will be used to monitor the health of attendees, as well as facilitate information sharing, leading up to and throughout the 2022 Games. Technicians with Citizen Lab, a human rights-focused cybersecurity and censorship research group at the University of Toronto, said they found the app failed to authenticate the identity of certain websites, leaving transfers of personal data open to attackers.

In a report released Tuesday, Citizen Lab also said the app didn’t properly encrypt sensitive metadata transmitted through the app’s messaging function, which meant any eavesdropper operating a Wi-Fi hot spot could discover who users are communicating with and when.

The researcher found the vulnerabilities in the iOS version of the app after downloading it and creating an account, said

Jeffrey Knockel,

one of the authors of the report. They weren’t able to create an account on the Android version of the app but found similar vulnerabilities by testing its publicly available features, he said.

Beijing has been put on high alert ahead of the Olympics, with authorities trying to quickly stamp out Covid-19 outbreaks wherever they pop up.



Photo:

Kevin Frayer/Getty Images

Citizen Lab said the vulnerabilities were similar to those frequently found in other Chinese apps, which led it to believe they are more likely to be the result of China’s lax enforcement of cybersecurity standards than part of an intentional government effort to steal data.

Apple

and Google, the maker of Android, didn’t immediately respond to requests for comment. The Beijing Olympic Committee didn’t respond to a request for comment.

The Beijing 2022 handbook for athletes and officials…

Source…

Shentel official: Email service back after ransomware attack | Nvdaily

/in


EDINBURG — Shentel Senior Vice President and Chief Information Officer Elaine Cheng said Shentel customers’ emails should be working again as of Monday morning following a ransomware attack on the company’s third-party email provider, Mail2World.

Cheng said Mail2World started experiencing issues from the attack on Wednesday, Jan. 12. As a result, that made email services unavailable to Shentel customers.

“The partner was able to restore services on Sunday, and as of (Monday morning) our customers should have email services available to them,” Cheng said Monday. “Incoming mail that has been collecting during that time is slowly being propagated over the course of (Monday). So they won’t see it all immediately, but it should be back up and running.”

Cheng said as far as the company knows, no data associated with Shentel customers was compromised. 

Cheng said Shentel understands that customers were upset during the outage, but maintained that the outage was a “very unusual situation” and that most customers were “very patient.”

“It’s frustrating, and we are very sorry it happened,” Cheng said of the outage. “Even though it’s a third party that we work with, we understand to customers it’s Shentel. We get that. We’re very sorry and empathetic because for some people it is very problematic not to have their email. We’re apologetic and very sorry it happened.”

When something like an outage happens with Shentel services, Cheng said the process is to inform customers through posting messages on the Shentel website as well as social media platforms. She said there is also a tech department that handles complaints due to outages.

“We let people know information when we know. With this, we didn’t always know information from the third party,” Cheng said. “But when we knew information, we kept our messages updated.”

Cheng said Shentel is still evaluating the situation with the third-party email provider and determining how that relationship will be moving forward.

Customers still experiencing issues or working to resolve an issue can contact the customer service team at Shentel, Cheng said.

According to the FBI,…

Source…

Cyber attack hits Gordon’s official website, goes down for hours

/in


Sen. Richard Gordon

GORDON INSISTS BRC PROBE TO CONTINUE: Sen. Richard Gordon maintains that investigations being conducted by the Blue Ribbon Committee on the alleged anomalies in the procurement of face masks, face shields and personal protective equipment (PPEs) by the Department of Health (DOH) through the Procurement Service of the Department of Budget Management (PS-DBM) will continue. (Screengrab/Senate PRIB)

MANILA, Philippines — Amid the ongoing Senate blue ribbon probe into the alleged irregularities in the government’s procurement of pandemic response supplies, the official website of Senator Richard Gordon was hit by a “coordinated online attack” causing the site to shut down for several hours, the senator’s office said.

In a statement on Wednesday, Gordon’s office said the attack happened last October 4.

“We view such service outage or disruption as a serious concern as its timing comes when the Senate Blue Ribbon panel is investigating alleged irregularities in government procurement for COVID-19 supplies and equipment,” said Myke Cruz, an information technology officer in Gordon’s office.

According to Cruz, a distributed denial of service (DDoS) attack, usually “patched through the dark web by nefarious individuals in exchange for a high price,” caused a web services shutdown from 7 a.m. to 1 p.m.

Administrators of dickgordon.ph were able to contain the problem by barring entry of traffic from outside the Philippines at around 1 p.m., Gordon’s office said.

However, a foreign-led attack “persisted” until 3:04 p.m.

“Past instances have linked DDoS attacks to destabilizing the online presence of an opposing party,” Gordon’s office added.

His office said traffic requests to Gordon’s website primarily came from China, the United States, Ukraine, and other Southeast Asian countries, causing the “usual bandwidth traffic to rise dramatically from less than 100 megabytes to almost 1.8 gigabytes within an hour’s span.”

“Ang nangyari, pwede mo ihalintulad sa sari-sari store, na usually may regular na bilang ng customer na bumibili sa loob ng isang minuto. Ngayon, biglang dinumog ng lahat ng residente ng Metro Manila ang sari-sari store para bumili,…

Source…

White House plans 30-country meeting on cyber crime and ransomware -official

/in


By Trevor Hunnicutt and Nandita Bose

WASHINGTON (Reuters) – Top U.S. national security advisers will gather officials from 30 countries this month with plans to combat the growing threat of ransomware and other cyber crime, President Joe Biden said on Friday.

An online session hosted by the White House National Security Council will also be aimed at “improving law enforcement collaboration” on issues like “the illicit use of cryptocurrency,” Biden said in a statement.

The Biden administration has elevated the response to cybersercurity to the senior-most levels of the administration following a set of attacks this year that threatened to destabilize U.S. energy and food supplies.

The meat producer JBS SA paid https://www.reuters.com/technology/jbs-paid-11-mln-response-ransomware-attack-2021-06-09 $11 million to end an attack on its systems that halted production and was believed to have originated from a criminal group with Russian links.

Colonial Pipeline paid a hacker gang believed to be based in Eastern Europe nearly $5 million https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08/#:~:text=NEW%20YORK%2C%20June%208%20(Reuters,by%20stealing%20a%20single%20password to regain access, some of which was later clawed back by U.S. law enforcement.

Both companies paid the ransoms in bitcoin.

Ransom software works by encrypting victims’ data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars.

The Biden administration hopes that their new informal group, which they’re calling the Counter-Ransomware Initiative, will bolster their diplomatic push that has included direct talks with Russia as well as the NATO alliance and Group of Seven (G7) wealthy nations.

The administration has increasingly focused on blocking https://www.reuters.com/technology/us-allies-accuse-china-global-cyber-hacking-campaign-2021-07-19 what it calls China’s “malicious cyber activity,” charges which Beijing has denied.

It was not immediately clear which countries would participate or when exactly the meeting would take place.

One White…

Source…