NSA leader pushes lawmakers to keep key surveillance power

source: axios.com (contributed by FAN, Bill Amshey)  |  image: nsa.gov

 

The head of the National Security Agency made his case Thursday for lawmakers to keep a key NSA surveillance power intact ahead of a tough reauthorization battle this year.

The big picture: Section 702 of the Foreign Intelligence Surveillance Act is set to expire at the end of the year, jeopardizing a surveillance authority that allows intelligence agencies to collect warrantless online communications from foreign persons.

  • The fight over whether to keep Section 702 intact will take up much of Capitol Hill’s cybersecurity attention throughout the year.

Driving the news: Gen. Paul Nakasone, the head of the NSA and the U.S. Cyber Command, said during an event Thursday that the surveillance power has allowed the U.S. to stop active terrorist plots, foreign ransomware attacks and planned cyber espionage schemes.

  • “This authority provides the U.S. government irreplaceable insights, whether we’re reporting on cybersecurity threats, counterterrorism threats, or protecting U.S. and allied forces,” Nakasone said.
  • “We have saved lives because of 702,” he added.

Why it matters: Nakasone’s comments set the stage for the arguments that the intelligence community is likely to make as lawmakers debate the merits of the program throughout the year.

Yes, but: Civil liberties and privacy advocates have long argued that Section 702 sweeps up far too many Americans’ electronic communications, such as emails and text messages, when they talk with people in other countries.

  • Some Republican lawmakers are also likely to argue for either letting 702 expire or limiting its scope as their party grows more critical of the intelligence agencies.

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

Cybersecurity trends in 2023 that will directly impact everyday life

source: cybersecuritydive.com  |  image: Pixabay.com

 

The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security.

 

There are a few certainties in cybersecurity: ransomware will cause headaches for companies; third parties will spark cyber incidents; and every December, cybersecurity analysts will put together lists of their predictions and trends they believe will have an impact in the coming year. 

Most of the predictions are designed to help organizations build out their security programs, but every so often a trend will build slowly over time until its impact is clear.

Sometimes these trends will reach far beyond an individual company and impact society at large. 

Here are some of the biggest trends Cybersecurity Dive is watching this year. Are there any security patterns you are watching closely? Email us at cybersecurity.dive.editors@industrydive.com.

The global impact of state-sponsored activities

State-sponsored threats trend every year, but as we begin 2023, those threats have a different, more menacing, feel to them. The countries responsible for much of the state-sponsored activity — Russia, China and Iran — are embroiled in conflict. 

“In the past year, we’ve seen [Russia’s] invasion of Ukraine; a worsening of the relationship between China and the West combined with tightening control by Xi Jinping and further pressure on Taiwan; and a growing concern in Iran about dissident activity and pressures on the regime both internally and abroad,” said Mike McLellan, director of intelligence for the Secureworks Counter Threat Unit. 

Continue reading “Cybersecurity trends in 2023 that will directly impact everyday life”

Your Home Security Cameras Are in the Wrong Spots. Here’s Where to Put Them

source: cnet.com  |  contributed by Steve Page  |  image: pixabay.com

If you have a home security camera (or are you thinking about finding a Black Friday deal on one), you may have wondered about the best places to put them to deter bad actors and give you the best view of your property — and where not to put them. 

Your home and yard layout, budget and home security priorities are different from your neighbor’s, so there is no one-size-fits-all rule for security camera placement. But this guide will help you consider all the aspects of your home security setup and identify which ones are absolute musts based on the vulnerabilities in your home.

For more home security tips, check out how to prevent your home security cameras from being hacked, and the best cheap home security systems you can buy.

Where you should consider installing a home security camera

1. Exterior: Front door

You might assume that intruders always sneak into side entrances, but statistics from the International Association of Certified Home Inspectors show that 34% of burglars use the front door. It’s also where package thieves are likely to strike. A camera at your main entrance keeps tabs on everybody going in and out of your home, from family members and babysitters to maintenance people, delivery people and more. (Pro tip: Video doorbells are great picks for the front door. You can use them as the primary camera or in conjunction with another outdoor camera aimed at the yard or garage.)

Continue reading “Your Home Security Cameras Are in the Wrong Spots. Here’s Where to Put Them”

You Really Need a Password Manager.

Here’s How to Get Started

source: cnet.com  |  image: pixabay.com

 

Using a password manager is easy, and it’s one of the best ways to stay secure online.

It may seem like more trouble than it’s worth, but you really need to create a unique password for each of your online accounts. Each password should ideally be at least eight characters in length and consist of capital and lowercase letters, numbers and symbols. (Yes, using “password123” for everything isn’t going to cut it.) It may be tempting, but using one easy-to-remember code across all of your accounts can jeopardize your online security — and you definitely don’t want to make yourself an easy target for cybercriminals. In fact, recent research by cybersecurity firm Hive Systems has suggested that a weak password can be cracked instantly by a hacker.

Password managers are vital tools that can help you stay safe online and be more digitally secure by simplifying the process of using strong passwords. And they’re easier to use than you may think. Even so, 4 out of 5 American adults don’t use a password manager, according to a study from Security.org. 

Here’s why you need a password manager and how to set one up.

What is a password manager, and why do I need one?

A password manager is an online service that stores your passwords as well as other data like credit card numbers, bank account information and identification documents in a secure, encrypted environment. It takes one of the biggest potential vulnerabilities — weak or recycled passwords — and does the hard work for you.

Continue reading “You Really Need a Password Manager. Here’s How to Get Started”

The 3 Worst Spots to Put a Home Security Camera

source: cnet.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Don’t compromise your home security: Put your home security cameras in the right places.

Security cameras are one of the simplest ways to deter would-be burglars and protect your home. With the help of a few well-placed cameras, you can easily keep a remote eye on most of your home and property. And with more affordable options on the market and improvements in wireless technology, it’s now possible for just about anyone to set up a wired or wireless security camera system that fits your home’s needs and budget. 

But it’s also possible to set up a home camera security systemthe wrong way. The last thing that you want to do is place a camera in a spot where it is rendered ineffective and find out too late that its footage is useless. This guide will steer you away from camera placements to avoid and help you establish a more effective home security camera system. For more on home security, check out the best security camera deals and how to keep your security cameras from being hacked

Ineffective spots

You might be tempted to point cameras at the spots around your home that are difficult to see. There is an intuitive reason for this: If you can’t see a location from your windows or doors, it feels possible that someone might be lurking there. You might think these hidden areas are a burglar’s preferred place to break and enter. 

Continue reading “The 3 Worst Spots to Put a Home Security Camera”

Airline Travel Hacks To Avoid Holiday Excursion Headaches

source: technewsworld.com  |  image:pixabay.com

 

For those of you who haven’t traveled lately, things have changed over the last couple of years. For example, most airlines don’t take cash anymore, and an increasing number don’t accept credit cards.

Airlines are almost all short-staffed, and at this time of year, there are a lot of mechanical delays and weather events. Depending on the airport, the ability to rebook a flight at the gate may no longer exist. Spending the night in an airport is no fun, and neither is missing a flight because you didn’t make it through security in time.

This week, I’ll share some tips on how to survive traveling over the holidays. We’ll close with my product of the week: my favorite suitcase, which is like a rolling dresser.

Plan for Extend Connection Times

Over the past two months, most of the flights I’ve been on have had a mechanical or airline delay. Generally, the delays have been just short of an hour, suggesting you want at least one hour between connecting flights if you don’t want to be stranded.

If you are taking a cruise and you have to fly to the port of departure, you might want to fly the day before so that any delay doesn’t keep you from meeting the boat. We had first-class tickets on our last flight on United to meet up for a cruise. Still, we were delayed at the departing airport for 30 minutes, then again at the arrival airport (San Francisco) for 30 minutes, which had us arriving at the gate three minutes after they closed it. They wouldn’t let us on the plane, arguing that we should have run faster.

As a result, we lost our direct flight to Florida, lost our first-class seats, and had to route through Chicago, which got us there late at night rather than mid-day. Fortunately, our cruise was the next day, or we’d have missed our departure and had to try to catch the ship at the next port, a very expensive workaround.

The more critical it is that you get to your destination on time, the more extra time you should schedule for transport. You should plan to arrive the day before for a wedding, funeral, family event, business meeting, or tour with a firm start time instead of cutting it close. Otherwise, there’s a good chance you’ll miss that critical event.

Take Advantage of Airline Apps

Download the airline app before you leave, and if it has the option to pre-load a credit card, do it. On my last trip, a couple from Australia in front of me couldn’t buy drinks or food because United no longer takes cash or credit cards on the plane. Instead, they pull the card data from the app.

Continue reading “Airline Travel Hacks To Avoid Holiday Excursion Headaches”

A Chinese Spy Wanted GE’s Secrets,

But the US Got China’s Instead

 

source: bloomberg.com  |  Image by Image by Arek Socha from Pixabay
How the arrest of a burned-out intelligence officer exposed an economic-espionage machine.

 

In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. The original invitation had come from the head of a lab there studying helicopter design. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam.

The relationship had ended awkwardly, though, when Zha offered Gau money to come back to China with information about specific aviation projects from his employer, the industrial and defense giant Honeywell International Inc. Gau ignored the request, and the invitations stopped.

Now, in 2014, Little Zha was reaching out again. The two started corresponding. In early 2016, Gau, whose interests extended far beyond avionics, said he’d planned a trip to China to visit some friends in the musical theater world. Zha was there that spring to meet him at the airport in Beijing. Waiting with him was a colleague Zha was eager for Gau to meet.

Xu Yanjun was on the tall side, at 5 feet 10 inches, with closely cropped hair, glasses, and a tendency toward bluntness. The three had dinner and met up again before Gau flew back to the US. Over pastries in Gau’s hotel room, they discussed Taiwanese politics—Gau grew up there—as well as the engineer’s evolving responsibilities at Honeywell. Late in the evening, Xu handed Gau $3,000 in cash. Gau would later testify that he tried to hand it back, but Xu was insistent. “And then, you know, back and forth, but I took it eventually.”The next year, Gau came back to China to give another lecture—this time a private one in a hotel room to several engineers and officials, including Xu. In preparation, Gau had emailed over PowerPoint slides containing technical information, including algorithms and other sensitive design data for the aircraft auxiliary power units Honeywell makes. “Because of the payment, I felt obligated,” he would later tell a judge.

Xu paid him $6,200 more, and two of his associates accompanied the visiting engineer on a two-day sightseeing trip to West Lake, famed for its picturesque gardens, islands, and temples. Gau was planning his next visit when, in the fall of 2018, agents from the FBI appeared at his home in Arizona to execute a search warrant. There would not be another trip. Xu, the agents explained, was not in Nanjing anymore. He wasn’t even in China. He was in Ohio, in a county jail awaiting trial.

Continue reading “A Chinese Spy Wanted GE’s Secrets…”

FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications

 

source: cnn.com  |  image: pexels.com

 

Washington (CNN)On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year.

But when US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection, multiple sources familiar with the episode told CNN.
Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said.

Federal officials quietly killed the project before construction was underway.    The Wall Street Journal first

reported about the security concerns in 2018.      The canceled garden is part of a frenzy of counterintelligence activity by the FBI and other federal agencies focused on what career US security officials say has been a dramatic escalation of Chinese espionage on US soil over the past decade.        Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.

Continue reading “FBI investigation:Huawei equipment could disrupt US nuclear comms”

Text scams surge as robocalls decline, report finds

source: usatoday.com  |  image: unsplash.com

 

You may have noticed receiving fewer robocalls over the past year, but a new report finds scammers are increasingly using a new way to reach consumers: text messages.

A report from the Consumer Watchdog office of the nonprofit U.S. PIRG is urging the Federal Communications Commission to pass new rules against robotexts, including requiring phone companies to block illegal text scams.

“Illegal robocalls and robotexts likely will never go away,” an excerpt from the report reads. “But they’ll continue to plague us as long as enforcement is lax, phone companies don’t try harder and enough consumers fall for scams to make it worthwhile for thieves.”

Spam texts have surged over the past year, jumping from 1 billion sent per month in July 2021, to more than 12 billion as of June, according to RoboKiller, a service specializing in blocking unwanted calls and texts.

Last year, acting FCC Chairwoman Jessica Rosenworcel proposed new rules requiring wireless carriers to block illegal texts.

In a statement released last October, the agency said complaints about unwanted text messages in 2020 more than doubled from the year before. 

“We’ve seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links,” Rosenworcel said in last year’s statement.

The top scam texts of last year involved bogus delivery messages claiming to represent Amazon, the U.S. Postal Service or other companies. The messages say an order can’t be delivered or will arrive tomorrow, with a malicious link consumers click, the watchdog report said.

Others included fake messages from banks and texts related to the COVID-19 pandemic.

Meanwhile, the number of robocalls has declined over the past year, in part because of FCC rules requiring the use of technology to better identify robocalls and efforts by the agency and states to go after robocallers.