Chinese Hacking “Typhoons” Threaten U.S. Infrastructure

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

The Chinese government is running another broad campaign to hack as many American organizations as possible — heightening the threat across critical infrastructure.

Why it matters: The new hacking campaign suggests China could hold more expansive power to turn off key U.S. infrastructure than previously thought.

Driving the news: FBI director Christopher Wray said at the Aspen Cyber Summit on Wednesday that the bureau and its partners hijacked thousands of devices last week that a Chinese hacking group had infected with malware.

  • Flax Typhoon, a new China-backed hacking team, infected home routers, firewalls, storage devices, and Internet of Things devices like cameras and video recorders.

Zoom in: As of June, Flax Typhoon’s botnet included more than 260,000 malware-infected devices across North America, South America, Europe, Africa, Southeast Asia and Australia, according to a U.S. government advisory.

  • Half of the hijacked devices were located in the U.S., Wray said in his remarks.
  • Security researchers at Black Lotus Labs said in a coinciding report that hackers have used the botnet to target U.S. and Taiwanese organizations in the military, government, higher education, telecommunications, defense and IT sectors.
  • The FBI also alleged that the Flax Typhoon hackers worked for Integrity Technology Group, a Chinese tech company that does contract work for Beijing’s intelligence agencies.
  • The FBI also said that Integrity Technology Group operated and controlled the botnet. Continue reading “Chinese hacking “typhoons” threaten U.S. infrastructure”

Apple Dives Deeper Into Med Tech With Focus on Hearing Health

 

source: cnet.com  |  image: pexels.com

 

An Apple a Day…

There’s nothing quite as thrilling as the chaos and hype of an Apple event day. Granted, as a longtime Apple user, I’m a bit biased. But the launch of the new iPhone 16; the 10th anniversary of the Apple Watch; and the release of the next generation of Watches and AirPods warrants that kind of excitement. While our tech experts are knee-deep in all things iPhone and Watch, I want to highlight one important bit of news from yesterday’s Glowtime presentation: The AirPods Pro 2 earbuds will have over-the-counter hearing aid capability.

Anyone who’s experienced hearing loss, or who knows someone who has, understands the challenges associated with it. Traditional hearing aids are designed to help ease confusion, but they tend to raise the volume on all sounds, not just people’s voices. On top of that, they can cost thousands of dollars. With the new AirPods Pro 2, you’ll be able to give yourself a hearing test, and the earbuds will use “personalized dynamic adjustments” to boost sound in real time, Apple said. They’re expected to be available this fall.

It was hard to pick which of our Apple stories to include this week. Make sure you check out our other Apple event coverage, including a comparison of the iPhone 16 specs and commentary on why Apple’s hardware-focused event was so refreshing.

Check if Your Social Security Number Is Included in the National Public Data Hack

source: cnet.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Check if your Social Security number was stolen in the massive data theft and what to do to secure your personal information.

If your Social Security number or other personal information was stolen in the December 2023 National Public Data breach, you can take steps to protect yourself. Here’s how. A reported 2.7 millionto 2.9 billion records from 170 million people were stolen, including full names and phone numbers along with Social Security numbers. 

According to an August statement from National Public Data — a data broker that sells personal information to private investigators, consumer public record sites, human resources and staffing agencies — “a third-party bad actor” hacked into the data and leaked the stolen information on the dark web. National Public Data obtained the information by scraping nonpublic sources without consent, according to a proposed class action lawsuit. A House of Representatives committee has opened an investigation in response.

Here are steps you can take to see if your information was stolen and then what to do if your Social Security number and other personal data were leaked in the massive data hack. For more information, here are the best identity theft protection services and how to freeze your credit. For more on Social Security, here’s when to expect your Social Security check to arrive this month and four ways you can lose your Social Security benefits.

How was my personal information stolen in the National Public Data hack?

National Public Data said it obtains personal information from public record databases, court records, state and national databases and other repositories nationwide.

According to a National Public Data statement in August, “The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.” Continue reading “Was YOUR SSN Included In This Hack?”

Fighting the Last War

source: axios.com (contributed by FAN, Bill Amshey)  | image: pexels.com

 

The United States — its citizens, industry, decision-makers and military — is unprepared for a war that could kick off with Russia and China and later engulf the world, according to a new blue chip study.

Why it matters: The Commission on the National Defense Strategy, a congressionally mandated group with members handpicked by Democratic and Republican lawmakers, is not known for hyperbole. Its conclusions, that the U.S. “has not kept pace with a worsening situation,” should be a wakeup call.

Here are some of the top-line issues the commission laid out in 100-plus pages published this week:

  • China has “largely negated the U.S. military advantage” in the Western Pacificafter 20 years of investment.
  • The Pentagon’s portrayal of Russia as an “acute threat” undersells the “ongoing and persistent” nature of the hazards it poses, especially in space and cyber. Moscow-aligned hackers are expected to sow chaos across the U.S. should war break out.
  • The means by which the Pentagon purchases weapons are outdated, as are the ultimate products. Successes like the DIU are system workarounds that don’t have enough resources.
  • Stateside production capacity is “grossly inadequate,” meaning a “World War II–style industrial mobilization” is off the table. A protracted fight, as seen in Ukraine, is incredibly taxing.
  • Recruiting failures have stunted the services. Techniques once used to bring people in the door are in desperate need of an overhaul (no more strip mall recruiting offices and discolored billboards).
  • Congress “has become a major impediment to national security” and fails to fund the government in a timely manner, while billions of dollars are wasted and new projects are kneecapped.
  • Public support for a strong military and robust alliances is evaporating amid political polarization and peacetime disengagement. Continue reading “Fighting the last war”

Safeguarding Secrets From Quantum Spying

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

The National Institute of Standards and Technology has released its highly anticipated standards for protecting encrypted data from future quantum technologies.

Why it matters: China and other foreign foes are likely already collecting encrypted U.S. secrets with the hopes of breaking into them once quantum computing technology catches up.

What’s happening: NIST this week formally approved three post-quantum cryptography standards, marking an important first step in protecting government and critical services from encryption-breaking quantum.

  • IBM researchers developed two of the three standards in collaboration with industry and academic partners.
  • The third standard was developed by a researcher who has since joined IBM.
  • Apple, Meta, Google and some other companies are already implementing these standards.

What’s next: These standards will serve as a blueprint for governments and private-sector organizations around the world.

Go deeper.

U.S. Not Ready for Global War

source: axios.com (contributed by FAN, Bill Amshey) | image: pexels.com

The United States — its citizens, industry, decision-makers and military — is unprepared for a war that could kick off with Russia and China and later engulf the world, Axios’ Colin Demarest writes from a new study.

Why it matters: The Commission on the National Defense Strategy, a congressionally mandated group with members handpicked by Democratic and Republican lawmakers, isn’t known for hyperbole.

  • Its conclusion — that the U.S. “has not kept pace with a worsening situation” — should be a wakeup call.

Here are some of the top-line issues the commission laid out in a 100-plus-page document published this week:

  1. 🇨🇳 China has “largely negated the U.S. military advantage” in the Western Pacific after 20 years of investment.
  2. 🇷🇺 The Pentagon’s portrayal of Russia as an “acute threat” undersells the “ongoing and persistent” nature of the hazards it poses, especially in space and cyber.
  3. 🏭 Stateside production capacity is “grossly inadequate” — meaning a “World War II–style industrial mobilization” is off the table.

 

 

How Telegram Became a Destination for Criminals

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

Telegram has long been a hotbed for cybercriminal gangs boasting about their attacks and looking to recruit new members.

Why it matters: Billionaire Telegram CEO Pavel Durov’s arrest over the weekend has put a spotlight on what policies Telegram does — and doesn’t — have to deter cybercriminals and extremist groups who use its platform.

The big picture: Telegram’s relaxed content moderation policies and encrypted service offerings have made it an attractive destination for cybercriminals, terrorism organizations and drug dealers.

  • Terrorist organizations, including ISIS, have used Telegram to publicly claim responsibility for attacks.
  • Politically motivated hackers — including those tied to the war in Ukraine and the Israel-Hamas war — also post about their crimes in public Telegram forums.

Experts say Telegram has unique features that — taken in combination — hackers have been able to abuse in an effort to hide their activities.

  • Secret Chats allows users to turn on end-to-end encryption.
  • That means Telegram has no way of seeing what’s discussed in Secret Chat conversations. Users also can’t forward these messages, which can self-destruct — making it even harder for third parties to intercept their contents.
  • Apple Messages and WhatsApp messages are also encrypted by default, but neither allows users to sign up with a virtual phone number.
  • Telegram accounts don’t need to be linked to a SIM card, Taisiia Garkava, an intelligence analyst at Intel 471, told Axios.

Continue reading “How Telegram Became a Destination for Criminals”

Deploying Deepfake Detection

source: cnet.com  |  image: pexels.com

 

Deepfake video, photo and audio programs have benefited from the same AI boost as other software programs, which is … worrisome, to say the least. But security software company McAfee is hoping AI can play a role in solving the problem. The company unveiled the McAfee Deepfake Detector this week, and folks with Lenovo’s new Copilot-Plus PCs will be the first to get the chance to try out the tool. It scans audio in videos you come across online to alert you to potential deepfakes, but it won’t work if the sound is off. It also can’t determine if photos are deepfakes.

I don’t mind admitting that deepfakes are one of the consequences of AI that keep me up at night. We’ve seen a lot of AI-generated content used for jokes and memes — remember that one of the pope in a puffy white coat? — but it can also be used maliciously, such as to spread political disinformation. So, for my two cents, any effort to take a closer look at questionable material online is a good one.