All posts tagged: cybersecurity

Huawei bribery scandal rocks EU Parliament – POLITICO

Huawei bribery scandal rocks EU Parliament – POLITICO

Published by Sam

The Belgian public prosecutor’s office said in a statement the alleged misconduct took place “regularly and very discreetly from 2021 to the present day, under the guise of commercial lobbying.” Incidents that are being investigated include “remuneration for taking political positions, excessive gifts like food and travel expenses and regular invitations to football matches … with a view to promoting purely private commercial interests in the context of political decisions,” the statement said. Investigators have around 15 former and current MEPs “on the radar,” Follow The Money, Le Soir and Knack wrote. The prosecutor’s office on Thursday afternoon announced it had “requested that seals be affixed to the premises of the European Parliament, more specifically to the offices allocated to two parliamentary assistants allegedly involved.” A spokesperson from the European Parliament said Thursday afternoon: “We have received a request for cooperation from the Belgian authorities to assist the investigation which the Parliament will swiftly honor.” Victor Negrescu, Parliament’s vice president for transparency and anti-corruption, said the allegations “are deeply concerning,” adding “we cannot accept that …

US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem

US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem

Published by skeptic

Only rarely does the West get a glimpse inside the vast hacker-for-hire contractor ecosystem that enables China’s digital intrusion campaigns worldwide. Now a new set of criminal charges against a dozen Chinese men, including two government officials, accuses them of a vast espionage campaign that included breaching the US Treasury, and goes as far as revealing the internal communications of some of those alleged hackers, their tools, and their business relationships. The US Department of Justice on Wednesday announced the indictments of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other men who were allegedly part of the Chinese hacker group APT27 or Silk Typhoon, which prosecutors say was involved in the breach late last year of the US Treasury. “Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies …

A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

Published by skeptic

While working on internet-of-things security in the mid-2010s, Alex Zenla realized something troubling. Unlike PCs and servers that touted the latest, greatest processors, the puny chips in IoT devices couldn’t support the cloud protections other computers were using to keep them siloed and protected. As a result, most embedded devices were attached directly to the local network, potentially leaving them more vulnerable to attack. At the time, Zenla was a prodigious teen, working on IoT platforms and open source, and building community in Minecraft IRC channels. After puzzling over the problem for a few years, she started working on a technology to make it possible for nearly any device to run in its own isolated cloud space, known as a “container.” Now, a decade later, she’s one of three female cofounders of a security company that’s trying to change how cloud infrastructure shares resources. Known as Edera, the company makes cloud workload isolation tech that may sound like a niche tool, but it aims to address a universal security problem when many applications or even …

DOGE’s USDS Purge Included the Guy Who Keeps Veterans’ Data Safe Online

DOGE’s USDS Purge Included the Guy Who Keeps Veterans’ Data Safe Online

Published by skeptic

The dozens of USDS cuts last week hit teams like product management, design, and procurement. Kamens and other sources told WIRED that he is the only person from the USDS engineering team who was fired. He and others speculate that he was targeted because he had been publicly critical of DOGE in the weeks before the USDS cuts. DOGE did not return a request for comment about his removal. While all large IT systems need to be protected from hacking threats, Kamens says that the most urgent projects he was working on at the VA involved containing veterans’ sensitive personal data so it could only be stored in the most guarded parts of the system and deploying stronger controls to limit who could access what information. Both understanding how data flows through a system and limiting access to reduce risk from network intrusion and insider threats have emerged as key security priorities for any organization. “My biggest concern that I was trying to address in my time at the VA related to personal health data …

Top US Election Security Watchdog Forced to Stop Election Security Work

Top US Election Security Watchdog Forced to Stop Election Security Work

Published by skeptic

The Cybersecurity and Infrastructure Security Agency has frozen all of its election security work and is reviewing everything it has done to help state and local officials secure their elections for the past eight years, WIRED has learned. The move represents the first major example of the country’s cyber defense agency accommodating President Donald Trump’s false claims of election fraud and online censorship. In a memo sent Friday to all CISA employees and obtained by WIRED, CISA’s acting director, Bridget Bean, said she was ordering “a review and assessment” of every position at the agency related to election security and countering mis- and disinformation, “as well as every election security and [mis-, dis-, and malinformation] product, activity, service, and program that has been carried out” since the federal government designated election systems as critical infrastructure in 2017. “CISA will pause all elections security activities until the completion of this review,” Bean added. The agency is also cutting off funding for these activities at the Elections Infrastructure Information Sharing & Analysis Center, a group funded by …

UK takes bold measures to enhance AI security for national safety

UK takes bold measures to enhance AI security for national safety

Published by skeptic

Safeguarding Britain’s national security and protecting citizens from crime will become founding principles of the UK’s approach to AI security from today. Speaking at the Munich Security Conference and just days after the conclusion of the AI Action Summit in Paris, Peter Kyle has today recast the AI Safety Institute the ‘AI Security Institute’. This new name will reflect its focus on serious AI risks with security implications, such as how the technology can be used to develop chemical and biological weapons and how it can be used to carry out cyber-attacks and enable crimes. The Institute will also partner across government, including with the Defence Science and Technology Laboratory, the Ministry of Defence’s science and technology organisation, to assess the risks posed by frontier AI. New approaches to tackle the criminal use of AI As part of this update, the Institute will also launch a new criminal misuse team which will work jointly with the Home Office to conduct research on a range of crime and AI security issues which threaten to harm British …

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

Published by skeptic

When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans’ texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government. Yet even after those hackers’ high-profile exposure, they’ve continued their spree of breaking into telecom networks worldwide, including more in the US. Researchers at cybersecurity firm Recorded Future on Wednesday night revealed in a report that they’ve seen Salt Typhoon breach five telecoms and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. The telecoms include one US internet service provider and telecom firm and another US-based subsidiary of a UK telecom, according to the company’s analysts, though they declined to name those victims to WIRED. “They’re super active, and they continue to be super active,” says Levi Gundert, who leads Recorded Future’s research team known as Insikt Group. “I …

How victims of PowerSchool’s data breach helped each other investigate ‘massive’ hack

How victims of PowerSchool’s data breach helped each other investigate ‘massive’ hack

Published by skeptic

On January 7, at 11:10 p.m. in Dubai, Romy Backus received an email from education technology giant PowerSchool notifying her that the school she works at was one of the victims of a data breach that the company discovered on December 28. PowerSchool said hackers had accessed a cloud system that housed a trove of students’ and teachers’ private information, including Social Security numbers, medical information, grades, and other personal data from schools all over the world.  Given that PowerSchool bills itself as the largest provider of cloud-based education software for K-12 schools — some 18,000 schools and more than 60 million students — in North America, the impact could be “massive,” as one tech worker at an affected school told TechCrunch. Sources at school districts impacted by the incident told TechCrunch that hackers accessed “all” their student and teacher historical data stored in their PowerSchool-provided systems.  Backus works at the American School of Dubai, where she manages the school’s PowerSchool SIS system. Schools use this system — the same system that was hacked — …

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

Published by skeptic

As the United States scrambles to kick China out of its communications networks, Jessica Rosenworcel, the outgoing Democratic chair of the Federal Communications Commission, says it’s vital for her Republican successor to maintain strong oversight of the telecommunications industry. The government is still reeling from the Chinese “Salt Typhoon” hacking campaign that penetrated at least nine US telecom companies and gave Beijing access to Americans’ phone calls and text messages and the wiretap systems used by law enforcement. The operation exploited US carriers’ shockingly poor cybersecurity, including an AT&T administrator account that lacked basic security protections. To prevent a repeat of the unprecedented telecom intrusion, Rosenworcel used the waning days of her FCC leadership to propose new cybersecurity requirements for telecom operators. On Thursday, the commission narrowly voted to approve her proposal. But those rules face a bleak future, with president-elect Donald Trump preparing to take office and control of the FCC transferring to commissioner Brendan Carr, a Trump ally who voted against Rosenworcel’s regulatory plan. In an interview days before Trump’s inauguration, Rosenworcel is …

The explosive rise of generative AI-driven cyberthreats

The explosive rise of generative AI-driven cyberthreats

Published by skeptic

AI cyberthreats have reshaped the cybersecurity landscape. However, AI-powered tools and proactive strategies are essential to protect businesses from these increasingly sophisticated attacks, emphasising the need for human awareness and continuous education. While AI can help you strengthen your defences by automating threat detection and response, it also powers more convincing phishing attempts, malware and deepfakes that put your business at risk. This dual impact makes it crucial for you to stay ahead of the curve and adopt proactive strategies to protect your organisation from traditional and AI-driven threats. How generative AI is changing the cyberthreat landscape Generative AI can create new content — such as code, images, videos and text — that’s often indistinguishable from what humans produce. Its capabilities include creating malware code, highly realistic deepfake videos and personalised phishing emails that can easily deceive tech-savvy individuals. Cybercriminals have harnessed this technology to automate attacks and make them more efficient and harder to detect. AI allows these attackers to scale their efforts with unprecedented ease, lowering the skill level required to execute complex …