Category: Cyber

Meta disrupts China-based influence campaigns

Posted on by esimantiras

Meta disrupts China-based influence campaigns

source: Axios.com (contributed by Bill Amshey  |  image: pexels.com

 

Facebook and Instagram parent Meta has shut down at least five China-based political influence campaigns on its platforms this year, the company said in a report Thursday, according to Axios’ Jacob Knutson.

Why it matters: Meta claims that China has become the most prolific source of operations that seek to exploit U.S. political divisions and that those campaigns typically include content beneficial to China’s interests in different regions.

  • The company also disrupted operations originating in Russia and Iran, it said.

The big picture: With several high-profile elections around the world coming next year, including the presidential race in the U.S., Meta said it expects new campaigns will attempt to hijack authentic partisan debate to inflame tensions in target countries.

  • It also warned that actors could flood platforms with large volumes of convincing content created by rapidly advancing generative AI tools to influence voters or for financial gain.

How it works: The influence operations violate Meta’s rule against coordinated inauthentic behavior, which is a manipulative communication tactic used to harass, harm or mislead online debate about crucial issues.

  • In addition to cracking down on campaigns to spread government propaganda, Meta has also cracked down on financially motivated schemes, like clickbait farms.

Details: Meta said it disrupted two China-based operations across its social media platforms Facebook, Instagram and Threads in the third quarter. The campaigns largely failed to build authentic audiences, it said.

  • Some of the posts involved in the operations defended China’s human rights record in Xinjiang and Tibet and attacked critics of the Chinese Communist Party.
  • Others focused on U.S. domestic politics and China’s strategic rivalry with the U.S. in Africa and Central Asia.
  • To disrupt the campaigns, the company removed more than 4,800 accounts and seven Facebook groups, it said. Some of the removed accounts had posed as journalists, lawyers and human-rights activists.

Yes, but: Meta did not say whether the campaigns were directed by the Chinese government.

The surprising threat lurking even in your ‘secure’ work environment

Posted on by esimantiras

The surprising threat lurking even in your ‘secure’ work environment

source: fastcompany.com  |  image: pexels.com

 

When Netflix released The Most Hated Man on the Internet, we got an up-close glimpse of the harm that nefarious people can do by exposing the personal information of others online. The series illustrated how Hunter Moore used stolen or hacked images to populate a pornographic website, targeting women who did not consent for their images to be used—and introducing many people to the concept of “doxing.” 

Derived from 1990s hacker culture, doxing is a play on the word document or dossier, referring to compiling data on a person or company. It gained greater visibility in 2014 when a group released the private information of women who they perceived as receiving favoritism in the gaming journalism industry. The incident, titled GamerGate, exposed the dangers of being targeted by bad actors and the potential for negative psychological outcomes. Continue reading “The surprising threat lurking even in your ‘secure’ work environment”

This Cryptomining Tool Is Stealing Secrets

Posted on by esimantiras

This Cryptomining Tool Is Stealing Secrets

 

source: wired.com  |  image: pexels.com

 

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

Continue reading “This Cryptomining Tool Is Stealing Secrets”

Casino Breaches Expose Why Identity Management Is at a Crossroads

Posted on by esimantiras

Casino Breaches Expose Why Identity Management Is at a Crossroads

 

source: technewsworld.com  |  image: pexels.com

 

As cyberthreats become more prevalent, the tangible losses from identity access management-related breaches underline the critical need to reform this cornerstone of digital security.

By now, many have heard about the massive cyberattacks that affected casino giants MGM Resorts and Caesars, leaving everything from room keys to slot machines on the fritz. Like many recent breaches, it’s a warning to improve security around digital identities — because that’s where it all started.

The origin story of this breach is similar to many we have seen lately: social engineering and impersonation attacks.

Hackers called MGM’s IT department and tricked the help desk into resetting legitimate logins, which they then used to launch a ransomware attack. The same group allegedly staged a rash of similar attacks across various other sectors, including a breach at casino rival Caesars Entertainment, which reportedly paid $15 million to get its data back days before the MGM attack.

Continue reading “Casino Breaches Expose Why Identity Management Is at a Crossroads”

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Posted on by esimantiras

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

 

source: threatpost.com  | image:  pixabay.com

 

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software.

Researcher Felix Krause, who outlined how Meta tracks users in a blog posted Wednesday, claims that this type of tracking puts users at “various risks”. He warns both iOS versions of the apps can “track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap” via their in-app browsers.

iOS users’ concerns over tracking were addressed by Apple’s 2021 release of iOS 14.5 and a feature called App Tracking Transparency (ATT). The added control was intended to require app-developers to get the user’s consent before tracking data generated by third-party apps not owned by the developer.

Krause said that both iOS apps Facebook and Instagram are using a loophole to bypassed ATT rules and track website activity within their in-app browsers via the use of a custom JavaScript code used in both in-app browsers. That means, when an iOS user of Facebook and Instagram click on a link within a Facebook and Instagram post (or an ad), Meta launches its own in-app browser which can then track what you do on external sites you visit.

Meta’s Use of a JavaScript Injection 

“The Instagram [and Facebook] app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause wrote.

Continue reading “Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’”

Fingerprint Theft Just a Shutter Click Away

Posted on by esimantiras

Fingerprint Theft Just a Shutter Click Away

source: technewsworld.com  |  image: pixabay.com

 

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigor. 

Not long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Now the CCC hacker known as “Starbug” has used digital photography to perform the same trick without lifting any prints at all. At a recent cybersecurity conference, Starbug demonstrated how he created the thumb print of German Minister of Defense Ursula von der Leyen from several news photos.

“After this talk, politicians will presumably wear gloves when talking in public,” Starbug said.

Continue reading “Fingerprint Theft Just a Shutter Click Away”

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

Posted on by esimantiras

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

 

source: wired.com  |  image: pixabay.com

 

Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool’s future in jeopardy.

The federal law authorizing a vast amount of the United States government’s foreign intelligence collection is set to expire in two months, a deadline that threatens to mothball a notoriously extensive surveillance program currently eavesdropping on the phone calls, text messages, and emails of no fewer than a quarter million people overseas.

The US National Security Agency (NSA) relies heavily on the program, known as Section 702, to compel the cooperation of communications giants that oversee huge swaths of the internet’s traffic. The total number of communications intercepted under the 702 program each year, while likely beyond tally, ostensibly reaches into the high hundreds of millions, according to scraps of reportage declassified by the intelligence community over the past decade, and the secret surveillance court whose macroscopic oversight—even when brought to full bear against the program—scarcely takes issue with any quotidian abuses of its power.

Continue reading “A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise”

Social engineering for espionage and for profit

Posted on by esimantiras

Social engineering for espionage

and for profit

 

source: thecyberwire.com  |  image: pixabay.com

 

At a glance.

  • Okta discloses a data exposure incident.
  • Cisco works to fix zero-day.
  • DPRK threat actors pose as IT workers.
  • Five Eyes warn of AI-enabled Chinese espionage.
  • Job posting as phishbait.
  • The risk of first-party fraud.
  • The Quasar RAT and DLL side-loading.
  • Hacktivists trouble humanitarian organizations with nuisance attacks.
  • Content moderation during wartime.
  • Not content-moderation, but fact-checking.
  • Cyberespionage at the ICC.

Okta discloses a data breach.

Identity and access management company Okta has disclosed a data breach affecting some of the company’s customers. The company stated, “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.”

Continue reading “Social engineering for espionage and for profit”

Cyberattacks on hospitals are growing threats to patient safety, experts say

Posted on by esimantiras

Cyberattacks on hospitals are growing threats to patient safety, experts say

source: abcnews.go.com  | image: pexels.com

 

The number of attacks on U.S. hospitals each year doubled between 2016 and 2021

Jes Kraus was supposed to be going to the University of Vermont Medical Center every day for aggressive radiation and chemotherapy treatments to fight stage three colorectal cancer, for which he was diagnosed in September 2020.

But at the end of October 2022, the hospital called to tell him not to come in for his appointments until further notice. The medical center had just been hit by a cyberattack, which infected computer systems across the state and locked out health care workers from his treatment plan and other critical tools.

“Radiation was canceled for a week,” Kara Kraus, Jes’s wife, told ABC News. “We were afraid. We weren’t sure if that would affect the outcome. Again, the tumor, would it start growing back within that week? What was going to happen?”

Continue reading “Cyberattacks on hospitals are growing threats to patient safety, experts say”

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

Posted on by esimantiras

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

 

source: thehackernews.com  |  image: pixabay.com

 

China’s Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei’s servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries.

In a message posted on WeChat, the government authority said U.S. intelligence agencies have “done everything possible” to conduct surveillance, secret theft, and intrusions on many countries around the world, including China, using a “powerful cyber attack arsenal.” Specifics about the alleged hacks were not shared.

It explicitly singled out the U.S. National Security Agency’s (NSA) Computer Network Operations (formerly the Office of Tailored Access Operations or TAO) as having “repeatedly carried out systematic and platform-based attacks” against the country to plunder its “important data resources.”

Continue reading “China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers”