Tag Archive for: raises

COLUMN: Wi-Fi scandal raises questions | Opinion

/in


SFA has upgraded their internet security to presumably prevent another cyberattack like last summer. However, they jumped the gun by blocking too much, leaving many students confused and annoyed.

As of this week, students have noticed poor connections and an inability to connect to online gaming parties. The upgraded system also recognizes VPNs as a threat, so students who care about their personal internet safety are unable to log into accounts that use the CAS login, like mySFA and D2L, and may be blocked from internet access.

It was later revealed that IT has identified the issue and is working toward unblocking it in the firewall. Despite this, students have seen little to no changes in their inability to leisurely hop online, and some speculate that this blocking was purposeful to stop students from using so much Wi-Fi.

Whatever the reason, SFA has disrupted the lives of students. One cannot help but think this has come at an inopportune time, as the semester ends and finals begin to rear their ugly heads. Students are already stressed, so adding more stress to their lives is a misstep—one that was easily avoidable.

Why make changes during the semester, after students have already had months to get used to the Wi-Fi system? The summer would have been a much better time to get this sorted out, with the majority of students being gone, but never mind logic and reason.

Not to be ignored is the fact that students pay a lot of money to live on campus. With this payment comes the understanding that they are afforded some level of leisure time, but that has now been taken away for the student who wants to unwind online. We take one step closer to an Orwellian future, day by day, as we allow ourselves to be manipulated.

Time will tell if SFA truly aims at fixing these issues. One can only hope they are able to tackle them with as much haste as they had when implementing them. As the students get tread on by changing policies throughout the semester, a question is raised: where do students fall on SFA’s hierarchy?

Source…

Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns

/in


Something rather terrifying has disrupted the North American Finals of Apex Legends, and players are now starting to potentially worry about their own accounts and the overall safety of the game.

Respawn and EA have postponed the North American Finals in the wake of the “competitive integrity” of the game being compromised. This involved a wild situation where someone was giving the pros hacks like aimbots and wallhacks as they were playing in the Finals event, effectively ruining the entire thing without anyone actually attempting to cheat. Here’s what that looked like (warning: language):

This shocked players and one even got banned from the game for using an aimbot cheat before Respawn shut the entire thing down.

What’s unclear is the extent of the breach. There is some concern that it might not just be for messing with the pros at the finals, but a larger security issue with the entire game that could affect the wider playerbase. Some creators are claiming on social media that they’ve scanned their PCs and are finding viruses, though there’s so much panic going around there’s no evidence that has to do with this hack. But if the hack could breach a pro match, it would seem to be something that could breach normal players, even if it’s not actually doing so right now. Many believe this is the work of one hacker, Destroyer2009, who has previously been hacking pros, and this was an RCE remote exploit using their PCs, but none of that has been confirmed.

It’s hard to understate just how unprecedented something like this is in a major esports event. A finals event getting put on ice because someone breached the game to give players hacks is simply something that does not happen.

This has led to a mass of complaints about Apex’s anti-cheat systems, which clearly failed in a massive way for this situation. But it also speaks to just how advanced cheats have become as this is a private lobby for pros playing in an esports final.

Not that this is necessarily related, but Respawn was just hit days ago with 23 layoffs including Apex Legends developers, some of whom were longtime veterans. Though if anything, this shows that EA needs to…

Source…

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley

/in


Fujitsu hack raises questions, after firm confirms customer data breachFujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcementFujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.

Source…

BlackCat Ransomware Raises Ante After FBI Disruption – Krebs on Security

/in


The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants.

A slightly modified version of the FBI seizure notice on the BlackCat darknet site (Santa caps added).

Whispers of a possible law enforcement action against BlackCat came in the first week of December, after the ransomware group’s darknet site went offline and remained unavailable for roughly five days. BlackCat eventually managed to bring its site back online, blaming the outage on equipment malfunctions.

But earlier today, the BlackCat website was replaced with an FBI seizure notice, while federal prosecutors in Florida released a search warrant explaining how FBI agents were able to gain access to and disrupt the group’s operations.

A statement on the operation from the U.S. Department of Justice says the FBI developed a decryption tool that allowed agency field offices and partners globally to offer more than 500 affected victims the ability to restore their systems.

“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Deputy Attorney General Lisa O. Monaco said. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

The DOJ reports that since BlackCat’s formation roughly 18 months ago, the crime group has targeted the computer networks of more than 1,000 victim organizations. BlackCat attacks usually involve encryption and theft of data; if victims refuse to pay a ransom, the attackers typically publish the stolen data on a BlackCat-linked…

Source…