Tag: States | Page 5

Tag Archive for: States

Chinese state-linked hackers targeted at least six US states

March 10, 2022/in Computer Security

At least six US states have been targeted by hackers with tenuous links to the Chinese government and espionage interests, and who successfully exploited vulnerabilities in web programs, cybersecurity company Mandiant said in a report.

Hackers associated with the notorious Chinese group APT41 have been targeting US states in a tenacious and adaptive campaign, according to cloud security firm Mandiant (who are regarded as so good at their cyber threat intelligence and response specialization that Google and Microsoft just had a bidding war over the firm, with Google emerging on top with a US$5.4 billion buyout offer).

From May 2021 to February 2022, the group compromised at least six state government networks by exploiting vulnerabilities in internet-facing programs including an animal health reporting app, the report said. Victims and data targeted by hackers were “consistent with an espionage operation,” Mandiant pointed out, but did not rule out that the motive could have been money given the group’s “history of moonlighting for personal financial gain.”

According to Mandiant, APT41 quickly adapted attacks to take advantage of new computer vulnerabilities that were made public. For example, within hours of Apache Foundation announcing a critical flaw, the hackers began taking advantage of it and compromised at least two US state governments “as well as their more traditional targets in the insurance and telecommunications industries,” the Mandiant report said.

Hackers associated with the notorious Chinese group APT41 have been targeting US states in a tenacious and adaptive campaign, according to cloud security firm Mandiant

Mandiant said in its hundreds of investigations, like in 2013 when hundreds of attacks were traced to this Shanghai building, showed that groups hacking into US newspapers, government agencies, and companies “are based primarily in China and that the Chinese government is aware of them.” (Photo by PETER PARKS / AFP)

Mandiant researchers described APT41 as highly resourceful. “APT41’s recent activity against US state governments consists of significant new capabilities,” the researchers highlighted.

Beijing, for its part, said in official channels that it “firmly opposes any form of hacking attacks and cracks down on them in accordance with the law.” Foreign ministry spokesman Zhao Lijian…

Source…

Was Solana Really Brought Down Again By DDoS Attackers This Week? – Sologenic – United States Dollar ($SOL)

January 5, 2022/in Internet Security

Solana (CRYPTO: SOL) was hit by an alleged distributed denial-of-service (DDoS) attack on Tuesday, which caused transactions to fail on the network, but the project’s co-founder Anatoly Yakovenko denied such reports.

What Happened: Chinese journalist Colin Wu said on Twitter that Solana went down at 2 a.m. local time. Wu cited the official Telegram community of the project to say that the attacker was suspected to have used spam to conduct a DDoS attack.

The network was fixed at 7 a.m. (local time) Tuesday and functionality was restored to normal, as per the journalist.

A DDoS attack is a subclass of a denial of service (DoS) attack and is conducted through multiple connected online devices collectively called a botnet. These botnets are used to overwhelm the target with fake traffic.

Wu’s assertions were countered by Solana’s Yakovenko who tweeted that “There was some congestion due to mis metered transitions.” This caused some users to experience timed-out transactions.

, sorry that’s not at all what happened. There was some congestion due to mis metered transitions, and some users experienced their txs timing out and had to retry.

— anat◎ly (@aeyakovenko) January 5, 2022

Last month, Solana was hit by an outage, which was attributed to network clogging caused by the launch of an Initial Dex offering (IDO) on the network, reported Cointelegraph.

See Also: How To Buy Solana (SOL)

Why It Matters: If indeed Solana suffered a DDoS attack this week, it would be the third time the network has suffered such an event.

In September, Solana suffered a DDoS attack, which led to the value of the cryptocurrency spiraling downwards. The problem was fixed after the network was rebooted.

Even so, Solana emerged as a potent Ethereum (CRYPTO: ETH) rival in 2021, as the project gained traction due to a surge in popularity of non fungible tokens, decentralized finance, and smart contracts.
SOL rose 9255% in 2021. It is down 5.5% in 2022 so far. At press time, SOL traded 0.7% higher at $168.67. It touched an all-time high of $260.06 in November.

Source…

https://spinsafe.com/wp-content/uploads/2022/01/sharing-card_0.png 378 720 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2022-01-05 03:00:052022-01-05 03:00:05Was Solana Really Brought Down Again By DDoS Attackers This Week? – Sologenic – United States Dollar ($SOL)

Data Breach Notification Laws in the United States: What is Required and How is that Determined? | Burr & Forman

December 11, 2021/in Computer Security

Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored so that you can determine whose information is impacted by a breach? If not, you are certainly not alone. With the continuing increase in cyber-attacks and particularly ransomware, combined with laws that are imposing shorter and shorter notice deadlines, it is important for all businesses to understand the scope of their potential notification obligations in the event they fall victim to an attack.

Breach Notification Laws

Breach notification requirements obligate organizations that are collecting, storing, processing, or otherwise in possession of personally identifiable information to notify the individuals if the information is compromised in a security breach. In addition to notifying the identified individuals, many states require that the Attorneys General offices and the Credit Reporting Agencies be notified, depending on how many identified individuals in the state received notices. If you are missing contact information for some of the identifiable individuals, if the number of identified individuals is particularly high, or if the cost of the required notifications is excessive, you may have the option to, or be required to, provide substitute notice in lieu of or in addition to individual notices. In most cases, substitute notice requires notification to be placed prominently on your website as well as distributed through the media, in print, on television, and/or by radio.

In the United States, certain Federal Laws govern obligations to report data breaches in particular industries, including:

The Health Insurance Portability and Accountability (HIPAA) Act provides notification requirements for a security breach that compromises protected health information held by a covered entity or its business associates.

The Gramm-Leach Bliley Act (GLBA) requires covered financial institutions to notify customers whose non-public personal information is compromised by a security breach.

The Computer-Security Incident Notification Requirements for…

Source…

https://spinsafe.com/wp-content/uploads/2021/12/og.14588_1103.jpg 900 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2021-12-11 00:30:052021-12-11 00:30:05Data Breach Notification Laws in the United States: What is Required and How is that Determined? | Burr & Forman

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious

November 29, 2021/in Internet Security

Google’s new Cybersecurity Action Team (CAT) would like you to know that insecure cloud instances can be hijacked by hackers. And the #1 workload they use to steal your CPU time is cryptocurrency mining.

Stop the press. Did we really need to be told that? Seems pretty obvious. It’s hardly the first time we’ve heard about thieves creating imaginary money with stolen IaaS compute resources.

But let’s look closer. In today’s SB Blogwatch, we see if there’s a “there” there.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Seltsame Fakten zu Deutschland.

GCP CAT Fluff

What’s the craic? Simon Sharwood says—“Google advises passwords are good, spear phishing is bad, and free clouds get attacked”:

“Authentication and security are good ideas”
The report advises that analysis of 50 recently hijacked Google Cloud instances revealed 86 percent were put to work mining cryptocurrency. Crims got in because, in 48 percent of cases, operators didn’t have a password, had a weak password, or didn’t bother authenticating APIs.
…
Thanks, Google! We’re not sure [we] could have figured out that authentication and security are good ideas. … Perhaps future reports, which are promised to offer “Early Warning announcements about emerging threats requiring immediate action” will prove a little more exciting.

Is that snark entirely fair? Scott Chipolina clears away the turkey—“Hackers Are Breaking into Cloud Accounts to Mine Crypto”:

“Obtaining profit”
A Google Threat Horizon Report … published by the Google Cybersecurity Action Team … has raised concerns over hacked cloud accounts being used to mine cryptocurrency. … According to the report, the two common goals behind this activity involve “obtaining profit” and “traffic pumping.”

O RLY? Dan Milmo adds leftover cranberries—“Cryptocurrency miners using hacked cloud accounts, Google warns”:

“Poor customer security”
“Mining” is the name for the process by which blockchains such as those that underpin cryptocurrencies are regulated and verified, and requires a significant amount of computing power. … In the majority of cases the…

Source…

https://spinsafe.com/wp-content/uploads/2021/11/mining-dominik-vanyi-unsplash-1024x398.png 398 1024 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2021-11-29 17:00:082021-11-29 17:00:08Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious