Tag: ‘put | Page 3

Hacking revelations put Mexico military on defensive

October 14, 2022/in Computer Security

Mexican President Andres Manuel Lopez Obrador attends an independence day military parade – Copyright AFP Richard Pierrin

Samir Tounsi with Paulina Abramovich in Santiago and Juan Sebastian Serrano in Bogota

Leaks from a shadowy group of hackers targeting secret files held by the armed forces of several Latin American nations have fueled controversy in Mexico about the military’s growing power.

A trove of sensitive information was stolen from the Mexican defense ministry by the collective called Guacamaya, which has also claimed cyberattacks in Chile, Colombia and Peru.

“Their objectives are more political than economic,” said Diego Macor, a cyber-security expert at US technology giant IBM in Chile, who describes members of the network as “hacker-activists.”

The leaks revealed that the Mexican army continued to use Pegasus spyware developed by Israeli firm NSO Group after President Andres Manuel Lopez Obrador took office in 2018, according to an investigation by the Network in Defense of Digital Rights and its partners.

The targets included journalists and a human rights activist, according to the probe, which was assisted by the University of Toronto’s Citizen Lab.

The army insisted that it had only used spyware to fight organized crime.

The hack also left Mexico’s military facing allegations that some of its members have links to drug cartels, and that it engineered a contentious security reform giving it control of the National Guard, which was previously under civilian command.

Two soldiers sold grenades, other weapons and tactical equipment to drug cartel members, according to analysis of the files by the civil society group Mexicans Against Corruption and Impunity.

The Mexican and Peruvian militaries also allegedly monitored civil society organizations such as Amnesty International, which condemned their actions as “unacceptable.”

“The undue monitoring of civil society organizations identified in the Guacamaya collective leaks is an example of the hostile context in which we work as organizations defending human rights in the Americas,” said Amnesty regional director Erika Guevara-Rosas.

“Instead of monitoring the activities of civil society…

Source…

Draft Data Anonymisation Guidelines Pulled Down a Week After Being Put Up For Public Comments

September 15, 2022/in Mobile Security

Last week, the draft document that listed guidelines for data anonymisation was removed from the information technology ministry’s website. The draft had been put up for public feedback just a week prior to being withdrawn. This is not the first instance of sudden retraction of draft Bills. In the past two years alone, major changes have been made to data-related Bills – the draft Indian Data Accessibility & Use Policy, 2022, was updated without any notification, and in 2021, the draft amendments to the IT Rules, 2021, were unceremoniously taken down during public consultations.

MeitY was in the news in August when it withdrew the Personal Data Protection Bill after facing much pushback from several quarters. The ministry said a new legal framework incorporating several changes and amendments would replace it.

Data anonymisation draft pulled down

Two drafts – the Guidelines for Anonymisation of Data (AoD) and Mobile Security Guidelines (MSG) – listing guidelines on data anonymisation were put up on the IT ministry’s website for public consultation. The website had announced that all the public comments made until September 21 would be considered. It may be noted that the documents were released on a new website, instead of the official website of MeitY. Interestingly, no press release accompanied these documents at the time of uploading.

A government official told ET that data anonymisation is a complex issue that needs wider consultation. “We will talk to experts again, look at global examples, examine them, and then put up the draft for public consultation in a few days,” the source said.

In a disappointing yet not surprising turn of events, the @GOI_meity seems to have removed the documents pertaining to the Guidelines for Anonymisation of Data (AoD) for public consultation. 1/5https://t.co/ikThibtQ4Q

— Internet Freedom Foundation (IFF) (@internetfreedom) September 6, 2022

The data anonymisation draft included guidelines for all stakeholders involved in personal data processing and its subtypes through the e-governance projects. The draft aimed to lay down the recommendations for processing of the data collected through…

Source…

There is a cybersecurity talent gap across the US. Here’s what to put on your résumé to a land high-paying job in the industry.

July 16, 2022/in Computer Security

“There certainly is a talent gap in the United States,” Kevin Bordlemay, senior manager of talent acquisition at computer security firm Mandiant, told Insider. “There is by no means enough talent to fulfill the roles that are out there.”

…

Source…

Valley Regional Transit says ransomware put personal info at risk

January 23, 2022/in Internet Security

The agency in charge of public bus service in the Treasure Valley said it has begun notifying the more than 500 people who may be affected.

BOISE, Idaho — A ransomware attack against Valley Regional Transit in October may have compromised personal information of 535 of the transit agency’s employees, contractors and customers.

VRT, which operates public transit in Ada and Canyon counties, said Friday that upon learning of the attack, the agency immediately began working with cybersecurity experts to investigate and help VRT contain the threat and secure its systems. VRT also said it has begun notifying the people whose information may have been subject to unauthorized access.

VRT on Friday said the following about what the investigation revealed as well as the response:

Cybercriminals had accessed VRT’s computer network and removed some data before deploying the ransomware in October 2021.
The affected data may have included individuals’ names, addresses, birthdates, and Social Security or driver’s license numbers.
VRT is offering credit-monitoring services at no cost to people whose driver’s license or Social Security numbers were involved.
The breach did not interrupt payroll processes or transportation services.
VRT notified the Federal Bureau of Investigation and the Transportation Security Administration of this incident and has been providing regular updates to Idaho regulators.

VRT said it did not have sufficient contact information to provide written notice to a small number of affected individuals. The agency is asking people with any questions, and wanting to determine if their information was involved in the breach, to call the following number: 208-258-2777. Hours are 8 a.m. to 4 p.m. MT, Monday through Friday.

“We are committed to protecting the security of our systems as well as personal information about our employees, vendors and customers,” said Kelli Badesheim, Valley Regional Transit’s executive director. “VRT wants to make sure an…

Source…

Tag Archive for: ‘put

Data anonymisation draft pulled down