Critical Infrastructure Under Attack

source: darkreading.com

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.

Critical infrastructure is becoming more dependent on networks of interconnected devices. For example, only a few decades ago, power grids were essentially operational silos. Today, most grids are closely interlinked — regionally, nationally, and internationally as well as with other industrial sectors. And in contrast to discrete cyberattacks on individual companies, a targeted disruption of critical infrastructure can result in extended supply shortages, power blackouts, public disorder, and other serious consequences.

source: technewsworld.com

Mobile Devices Under Siege by Cyberattackers

Mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. Cyberattackers are deliberately targeting phones, tablets, and Chromebooks to increase their odds of finding a vulnerable entry point.

A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets, according to a new Lookout research team report released May 6.

The Financial Services Threat Report disclosed that almost half of all phishing attempts tried to steal corporate login credentials. Other findings include that some 20 percent of mobile banking customers had a trojanized app on their devices when trying to sign into their personal mobile banking account.

Despite a 50 percent increase in mobile device management (MDM) adoption from 2019 to 2020, average quarterly exposure to phishing rose by 125 percent. Malware and app risk exposure increased by over 400 percent.

Seven months after the release of iOS 14 and Android 11, 21 percent of iOS devices were still on iOS 13 or earlier, and 32 percent of Android devices were still on Android 9 or earlier. That delay of users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organization’s infrastructure and steal data, according to the report.

Continue reading “Mobile Devices Under Siege by Cyberattackers”

image - china tech

 

China’s AI Deployment in Africa Poses Risks to Security and Sovereignty

source: aspistrategist.com

The competition to dominate Africa’s artificial intelligence and critical infrastructure markets is geopolitical and Beijing is racing for the lead. During the past 20 years, China has been rapidly building its communications infrastructure and advancing data-surveillance capabilities globally, and has taken a strong interest in spearheading development of Africa’s technology markets. President Xi Jinping’s Belt and Road Initiative has been the primary conduit for China’s expansion on the continent.

When the BRI was first introduced in 2013, many African leaders shared Xi’s view that inadequate infrastructure was the greatest barrier to economic development. So far, 40 out of 54 African countries have signed BRI agreements.

Continue reading “China’s AI Deployment in Africa Poses Risks to Security and Sovereignty”

8 Free Streaming Services to Save You From Subscription Hell

source: wired.com

You may not have heard of Tubi, Pluto TV, or Kanopy—but they’re the perfect cure for subscription fatigue.

THE MAIN CASUALTY of the streaming wars so far has been your wallet. Netflix, Amazon Prime Video, HBO Max, Hulu, Apple TV+, Disney+, Discovery+: They all demand a monthly tithe. Toss in a live service like YouTube TV, the music app of your choice, and whatever gaming concoction suits your needs, and you’re suddenly ringing up a pretty grim bill. But wait! Recent years have seen a bumper crop of free streaming services as well. They’re the perfect cure for subscription fatigue.

The old adage that you get what you pay for does apply here to some extent. Free streaming services typically don’t have as many viewing options as their paid counterparts, and most make you watch a few ads along the way. But they’re also better than you might expect, and they continue to improve. Some even include original programming, or something close to it; the Roku Channel acquired the rights to dozens of shows that originally appeared on the ill-fated Quibi streaming service, and it began showing them on Thursday.

While you shouldn’t expect any of the following free streaming services to replace Netflix in your streaming regimen, you shouldn’t count them out either. Each almost certainly offers at least something you want to watch, and they won’t cost you an arm and a leg—or anything at all—to take advantage.

 

 

OK, this could potentially be confusing, since Roku is made up of thousands of “channels,” including the majors like Hulu and HBO Now. But it also operates the Roku Channel, which offers an eclectic mix of movies and TV shows. Typically it doesn’t have much that’s new new, although you can find plenty of older hits like Troy and The Queen, along with slightly musty television classics like Alias and 3rd Rock From the Sun. (Most notably: It has the full run of The Prisoner, the original 1967 version, which you should watch right now if you haven’t already.)

Continue reading “8 Free Streaming Services to Save You From Subscription Hell”

China’s Paper Tiger Surveillance State

source: thediplomat.com

The CCP’s pervasive surveillance apparatus is a sign not of strength, but of fragility.

China is the quintessential surveillance state: cameras perch on every street corner and bots monitor every corner of the internet. Chinese officials believe these measures will enable them to anticipate and preempt threats to the regime. But might Beijing’s growing reliance on surveillance actually weaken the Chinese Communist Party (CCP)’s hold on power?

China’s surveillance network is expansive and pervasive. Chongqing, for example, holds the dubious distinction of being the “most surveilled city in the world,” with roughly one camera for every six of its 30 million residents. Facial recognition systems identify those captured on camera, instantly recording their ethnicity and party membership. The state wastes no opportunity to gather biometric data, weaponizing it against Uyghurs and others suspected of disloyalty. And on WeChat – the Chinese equivalent of Facebook, WhatsApp, and Apple Pay combined – government monitors are ever-present. At the cutting edge, Chinese officials are testing artificial intelligence-powered analytics, which purport to predict unrest before it occurs.

Continue reading “China’s Paper Tiger Surveillance State”

How Amazon Sidewalk Works—and Why You May Want to Turn It Off

source: wired.com
It promises connected convenience. But the ecommerce giant doesn’t exactly have an inspiring record when it comes to privacy.

AFTER MONTHS OF testing and delays, Amazon announced last Friday that it would finally launch Amazon Sidewalk on June 8: The new service will keep your Echo, Ring, and other Amazon devices connected to the internet, even if your internet service provider goes out. And as usual, your devices will be automatically enrolled in the program unless you opt out. Here are the potential benefits and the potential privacy issues to consider.

Amazon bills Sidewalk as “a new way to stay connected.” Simply put, it uses Amazon smart-home gear to create a series of mini mesh networks, meaning your devices can stay connected further away from your router, and even stay online when your Wi-Fi goes down.

To do this, Amazon uses Bluetooth and unused slices of the wireless spectrum, with Ring cameras and Echo speakers acting as the main bridges (actually called Sidewalk Bridges) to keep everything connected. For something to work with the network, it’s going to need to be compatible with the Sidewalk standard, so expect Amazon to make and market devices that meet that standard soon (for example, Tile is already on board. More on that in a moment.)

source: securityweek.com

Researchers Abuse Apple’s Find My Network for Data Upload

Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.

Using Bluetooth Low Energy, the data is being sent to nearby Apple devices that do connect to the Internet, and then sent to Apple’s servers, from where it can be retrieved at a later date.

The technique could be used to avoid the costs and power usage associated with mobile Internet, or to exfiltrate data from Faraday-shielded sites visited by iPhone users, researchers with Positive Security, a Berlin-based security consulting firm.

Continue reading “Researchers Abuse Apple’s Find My Network for Data Upload”

 

Ransomware’s New Swindle: Triple Extortion

source: threatpost.com

 

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes.

Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.

“As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency,” Check Point said.

Continue reading “Ransomware’s New Swindle: Triple Extortion”