Category Archives: Internet Security
Protecting Kids’ Privacy with a National Data Privacy and Security … – Energy and Commerce Committee
Energy and Commerce is leading on a federal data privacy and security law that strengthens Americans data protections and establishes the strongest safeguards for kids online data. As Chair Rodgers said in the latest hearing in our privacy series, a national standard is a foundational piece of protecting children online.
Our framework protects kids online and makes it tougher for their data to land in the hands of Big Tech and data brokers by:
BIG PICTURE: Big Tech is manipulating, exploiting, and monetizing children.
Big Tech companies are collecting a stunning amount of data on everyone, including childrenfrom physical and mental health, to their location, what they are buying, and what they are eating. To profit off children, these companies are using this data to build algorithms to keep kids hooked on their platforms.
These algorithms subject children to dangerous content and targeted advertisements that can lead to dangerous and life-threatening behaviors, like eating disorders and self-harm. The collection, retention, and sale of childrens data also exposes them to criminals, like drug dealers and sex traffickers, who have exploited features on these platformssuch as location sharingto target children.
WHY IT MATTERS: Big Tech and data brokers are profiting from and manipulating children for nearly their entire adolescent lives. Half of American teens use the internet almost constantly and most kids have their own smartphones by age 11. The more time children spend on their screens, the more companies are able to collect, retain, share, and use data to build profiles on them. Teens and young adults who spend more time using social media report lower psychological well-being, lower life satisfaction, less happiness, more feelings of loneliness and isolation, and more depression.
The best and strongest way to ensure kids are safe online and prevent Big Tech from manipulating them is with a comprehensive national data privacy and security law.
DONT MISS: Parents whose children have been harmed by Big Tech are raising the alarm to E&C. Theyre calling on Congress to act so other parents dont experience their pain. READ MORE.
In addition, child privacy protection advocates agree a national standard is a key way to protect kids online.
"ADPPA... provides the strongest possible safeguards for the online data of kids and teens. Establishing strong data privacy protections is a critical step toward making today's internet healthier and safer for young users... the kids' protections in [ADPPA] are stronger than current federal law, stronger than California law, and stronger than when the bill was first introduced. Common Sense Media
ADPPA stands for the American Data Privacy and Protection Act, which passed the Energy and Commerce Committee last Congress with an overwhelming bipartisan vote. Committee members have participated in six data privacy hearings already this year and will be considering an updated data privacy and security standard.
RELATED:
WATCH Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) tell Big Tech CEOs that their platforms are her biggest fear as a parent.
CLICK HERE for more on why privacy experts are saying America needs a national data privacy standard.
Continued here:
Protecting Kids' Privacy with a National Data Privacy and Security ... - Energy and Commerce Committee
Days of Remembering Passwords Are Over! Heres How to Set Up Google Passkeys – Gizchina.com
Google passkeys are finally here. And they are bringing us closer to a future where you no longer need to remember your hard-to-crack passwords. But it goes without saying that there are many misconceptions about passkeys, from their usability to their security and privacy benefits.
Long story short, Google passkeys are just the first implementation in making the login process more secure than ever before. In just a matter of months, dozens of industry partners, such as Microsoft and Apple, will finish rolling out the remaining pieces. And the great part is that passkeys are easier to use than passwords, and it takes only a few minutes to set up.
Before getting into how to set up Google passkeys, lets first try to understand how a passkey works. And in this case, Apple provides a very helpful description that offers easier-to-digest info about the technical underpinnings. As Apple describes, passkeys are built on the Web Authentication standard, and they utilize public key cryptography.
During the registration process, the operating system generates a unique cryptographic key pair that gets associated with a website or an app. For every account or website account, passkeys will be generated by the device uniquely and securely.
One of the passkeys that are generated by the operating system becomes public and gets stored in the server. And even though that passkey becomes public, the other one is private, which is required to complete the sign-in process. On an Apple device, theres the Face ID or Touch ID, which you can use to authorize the use of the private key.
As no shared secret gets transmitted, the server does not need to protect the passkey thats public. Therefore, passkeys get a different strength level, and the credentials become highly resistant to phishing. Most importantly, platform vendors are working together within the FIDO Alliance, which assures cross-platform compatibility. Most importantly, this login method is about to work on as many devices as possible.
According to FIDO specs, a syncing mechanism is a must. It is required to offer end-to-end encryption, which is how the password syncing mechanism and iCloud Keychain basically work. That means that the private key will remain unknown to the cloud provider. It will only be accessible to you through biometrics or PIN
To start with, passkeys eliminate the need to create new or remember sophisticated passwords. It might not be a new revelation for those who use a password manager. However, password managers are not secure as you might have thought. There have been reports of many severe breaches in the past.
And as passwords keep all the vital credentials and passwords in one place, your entire digital life can get exposed once it gets hacked. But with passkeys, that risk basically goes out of the window. Yes, things could likely change in the future when the bad guys develop new tools and methods. However, for now, passkey can provide unrivaled Internet security.
As stated earlier, it literally takes a few minutes to set up Google passkeys. To get started, you just need to log into your account in the traditional way through these simple steps
Once you have logged into your Google account, you might not find your specific Android device to set up the passkeys. In that case, you have to do the following
When thats taken care of, it will be time to create Google passkeys with your Android device. These are the steps that you need to follow
And thats it! You have successfully set up Google Passkeys on your Android device. You can now use them to get into your Google account on other devices.
With the passkeys enabled, you will need to go through a few simple steps to use them while logging into your Google account. Take a look
With that, you are all done using Google passkeys to get into your account. This login method adds an extra layer of security that will give you an advantage over the bad guys.
Read the rest here:
Days of Remembering Passwords Are Over! Heres How to Set Up Google Passkeys - Gizchina.com
How the Rise and Fall of BreachForums Impacts Cybersecurity – Security Intelligence
In mid-March 2022, the underground cyber forum BreachForums quietly made its debut. Within a year, the platform became one of the most prolific cyber crime forums in history.
According to the FBI, BreachForums illegally posted hacked data pertaining to nearly 14 billion people globally. It hosted breaches that included data related to 7 million Robinhood customers, 23 terabytes of Shanghai National Police data and, more recently, 56,000 records from the D.C. Health Benefit Exchange Authority. The D.C.-based hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington area residents.
The meteoric rise of BreachForums came to an abrupt halt on March 15th with the arrest of Conor Fitzpatrick, 20, of Peekskill, New York. From his parents house, Fitzpatrick allegedly operated the forum and went by the username pompompurin.
Now that BreachForums is down, what will take its place and when?
According to a DOJ press release, BreachForums was a marketplace for cyber criminals to buy, sell and trade hacked or stolen data and other contraband. Data commonly sold on the platform included bank account information, social security numbers, other personally identifying information (PII), hacking tools, breached databases, services for gaining unauthorized access to victim systems and account login information for compromised online accounts.
The BreachForums operator, Conor Fitzpatrick has been accused of victimizing millions of U.S. citizens and both domestic and foreign entities, including companies, organizations and government agencies. Among the stolen data sets were ones that contained sensitive information belonging to customers of telecommunication, social media, investment, health care and internet service providers.
In one instance, a user on BreachForums uploaded the personal details and contact information of around 200 million Twitter users. Another leak disclosed information on 87,760 members of InfraGard, which is a partnership between private sector firms and the FBI aimed at protecting critical infrastructure.
BreachForums predecessor was RaidForums, which launched in 2015 and was shut down in April 2022 with the arrest of its founder and administrator. According to threat intelligence, RaidForums contained more than 530,000 registered members and was a powerful tool for low to mid-level cyber criminals. RaidForums attackers bought and sold information stolen from UK companies related to credit cards, bank accounts, usernames and passwords.
The RaidForums lifespan ran from 2015 to April 2022. Meanwhile, BreachForums started operations in March 2022.
According to CyberScoop, BreachForums started out slow. But after about six months, the forum built a vibrant community, and posters developed known personalities and brands. BreachForums entrenched itself as a mid-tier source of stolen data in the global cyber crime ecosystem. The forum initially struggled to gain traction, but within months it became the largest English-speaking hacked data broker forum anywhere.
While the takedown of BreachForums is welcome news, its dramatic rise to success tells us something important. News of RaidForums demise was still fresh when BreachForums debuted. Within a year, the new forum exposed 14 billion peoples data.
Its not unusual for law enforcement to be aware of illicit criminal activity but not act upon it right away. If they shut things down too fast, the big fish perpetrators might get away. Imagine if the feds infiltrated BreachForums, and then one day posted that the platform was under surveillance. Everybody would scatter, and the operators might not be apprehended.
Theres no doubt that threat intelligence was monitoring the forum since thats what they do. However, law enforcement was lurking until it could identify and locate the forums operator.
An FBI affidavit cites Fitzpatricks alleged involvement in data leaks himself. It also highlights his role as a middleman for transactions in the sale of data involving an undercover FBI employee. The affidavit also details security blunders that tied Fitzpatrick to running the site, including data such as IP addresses associated with Fitzpatricks phone and his house, and a personal Gmail address.
How long the feds had this info on Fitzpatrick is anybodys guess. An expert cited by CyberScoop speculated that the D.C. leak involving Congress members personal data may have been the straw that broke the camels back.
Why doesnt someone else just pick up where pompompurin left off? In the wake of Fitzpatricks arrest, Baphomet, a BreachForums staff member, posted a series of statements urging calm, as per CyberScoop. Baphomet claimed the site would continue on. But on March 19, Baphomet said hed seen signs of someone using Fitzpatricks admin accounts to log into a content delivery server after Fitzpatricks arrest. This suggested that nothing can be assumed safe, whether its our configs, source code or information about our users the list is endless. Therefore, BreachForums was shut down forever.
Some security experts predict that cyber actors will be scrambling to find a new home now that BreachForums has been taken down. But if it evolved so quickly and had such a wide-ranging impact, whats to prevent another forum from taking BreachForums place within months? It would not be a surprise if one is already in the works.
Nevertheless, the dramatic fall of BreachForums will have a major impact on the cyber crime community. Threat actors looking to sell data will have to find a new marketplace. And threat researchers who track illicit activity will have to cast new nets looking for risk patterns. Part of threat intelligence includes curating information from darknet forums to know what threat actors are talking about.
The BreachForums story underlines the need for solid threat intelligence. Underground cyber forums arent going away soon. Meanwhile, threat intelligence drills into understanding how threat actors think, strategize and strike. This knowledge then enables prevention, detection, response and recovery strategies.
Freelance Technology Writer
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML...
Continue Reading
More here:
How the Rise and Fall of BreachForums Impacts Cybersecurity - Security Intelligence
Who’s saying what? Internet of Things mentions in company filings … – Army Technology
Notably, internet of things was one of the most frequently referenced themes in Q1 2023, ranking highest in terms of mentions, ahead of cloud and environment, according to GlobalData.
Of the 50 leading companies in the aerospace, defence & security industry, Leidos had the greatest increase in references for internet of things in Q1 2023, compared with the previous quarter. GlobalData identified 9 internet of things-related sentences in the company's filings - 20% of all sentences - and an increase of 300% in Q1 2023 compared with Q4 2022. Axon Enterprises mentions of internet of things rose by 500% to 6 and Raytheon Technologiess by 400% to 5 and Lockheed Martins by 100% to 4 and Northrop Grummans by 100% to 3.
GlobalDatas Company Filings Analytics also applies sentiment weight to reference sentences, based on whether the sentences are positive, negative, or neutral. Starting at 100 in 2020, an index over 100 is more positive. The overall index for internet of things in Q1 2023 was 91.
To further understand GlobalData's analysis on Internet of Things (IoT) Market Size, Share and Trends Analysis by Region, Type (Enterprise, Consumer), Product (Hardware, Software and Services), Enterprise Size, Vertical (Government, Utilities, Manufacturing, Transport and Logistics and Others) and Se buy the report here.
Get industry leading news, data and analysis delivered to your inbox
GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.
GlobalDatas Company Filings Analytics uses machine learning to uncover key insights and track sentiment across millions of regulatory filings and other corporate disclosures for thousands of companies across the worlds largest industries.
Go here to read the rest:
Who's saying what? Internet of Things mentions in company filings ... - Army Technology
Building cyber resilience in HE needs everyone’s commitment – University World News
UNITED KINGDOM
According to the United Kingdom governments 2022 Cyber Security Breaches Survey, of the educational institutions surveyed, higher education employees were the most likely to identify breaches or attacks, with 92% reporting an incident within the last 12 months.
The consequences have been extreme. A ransomware attack impacting the University of York in 2021 resulted in sensitive data being encrypted and held captive by hackers for weeks without resolution. At other universities, sophisticated attacks such as phishing emails and distributed denial of service (DDoS) have run havoc intercepting confidential logins, tampering with student data and forcing downtime during valuable learning hours.
A vulnerable sector
Its unsurprising, then, that higher education institutions face a variety of challenges that render them at higher risk for such attacks.
For starters, the ongoing digital skills shortage has meant a lack of experienced candidates capable of safeguarding universities from todays cyber threats.
In the private sector, 51% of businesses have reported a shortage of basic technical cybersecurity skills. In the public sector, additional budget constraints heightened by the global economic downturn have made matters even worse.
Head of Cybersecurity salaries are currently being advertised at a fraction of what they would be in a private firm, which makes cyber recruitment an uphill battle for many public sector organisations, including universities.
There has also been a surge in the number of devices being used by both students and staff on a daily basis. Laptops and mobile phones became staples of remote learning during the pandemic due to lockdowns and social distancing protocols. Internet of Things (IoT) devices including assistive technology and ID scanners have also become commonplace across university campuses.
While these devices boost efficiency and support learning, they also act as additional access points for hackers and bad actors looking to gain access to university networks.
Becoming a resilient fortress
Its clear that higher education institutions today must work harder than ever, and face numerous obstacles, in order to safeguard students and staff from malicious cyberattacks. But how exactly can higher education step out of the cyber-criminal firing line and evolve from being the vulnerable target to a resilient fortress?
Keep technology up to date: The technology and techniques used by hackers today have become extremely sophisticated from automated bots to threats in the cloud and even along the supply chain via third-party vendors.
While IT budgets are often tight within higher education institutions, investment in up-to-date technology is key to reducing the risk of data breaches, which tend to be even more costly. In fact, the average cost of a data breach reached 3.69 million (US$4.6 billion) in 2022, so not investing in the right technology can prove to be even more detrimental to university budgets in the long run.
An audit of existing software and hardware is a great place to start, and enables higher education institutions to identify areas that require repair, overhaul or additional resources. For example, are your computers running an old version of Windows, and are your Wi-Fi networks armed with the best protections?
Backup and recovery plan: Investing in the latest technology can help prevent data breaches, but what can higher education institutions do to minimise their impact if they do occur?
With the risk of cyberattacks becoming increasingly likely, one proactive step universities should take to future-proof their systems is to develop and deploy a data backup strategy.
A data backup strategy allows organisations to restore their data when needed, or repatriate it from backup sources such as the cloud, to prevent loss of records, ensure business continuity and prevent downtime in the event of a breach.
Whether a university is looking to improve its current backup strategy, or develop a new one, a great place (again) to start is an audit of current processes and legacy systems. Once a starting point has been established, new backup and recovery options can be introduced that fit the organisations unique needs and ensure all records held by the university are protected.
The power of education: Reminding higher education institutions about the importance of education (when it comes to cybersecurity) may seem ironic. But with human error being one of main culprits causing data breaches whether thats a student replying to a phishing email, connecting to an unsecure public Wi-Fi network, or opening an email containing malware this simply cannot be overlooked.
In many cases, its often a lack of this basic cybersecurity hygiene and knowledge that leads to large attacks, so university cybersecurity teams must ensure all students and staff are up to speed on the current risks so they can remain watchful.
For example, policies should be introduced to outline what technology can and cannot be used on university networks and equipment. This can start anywhere from allowing only encrypted USB drives to be used, to more extreme measures, such as bans on certain apps and websites, which we are beginning to see more of with the current crackdown on TikTok on public sector devices.
The bottom line
With the growing number of cyberattacks on higher education establishments, strengthening the fort and investing in cybersecurity should be a top priority for UK universities.
The safety and security of student data, preventing costly breaches and avoiding prolonged downtime during teaching hours have become pressing objectives in recent times but they can only be achieved once the right technology and processes are implemented.
As the old saying goes, Rome was not built in a day. There is no easy fix when it comes to protecting a university from cyberattackers. Building cyber resilience is a process that starts with a review of existing systems. It requires investment in the areas that need it most, and it can be maintained only through continued review and an ongoing commitment from everybody to cybersecurity.
Dionne Barlow is director of marketing, e-commerce and partner management at IT support company Stone, A Converge Company.
Read more from the original source:
Building cyber resilience in HE needs everyone's commitment - University World News
Fighting hackers a potential growth industry for ETFs – Investment Executive
Cybersecurity, Lala said, is one of the few areas within technology to be considered non-discretionary spending by corporate clients: Even if the customers are having a tough go from a financial perspective, cybersecurity is one of the last areas that theyre going to cut their spending on.
Toronto-based Evolve manages the $133-million Evolve Cyber Security Index Fund launched in 2017, the oldest and largest thematic ETF of its kind in Canada. Its one of five Canadian-listed cybersecurity ETFs, all of which are based on indexes.
Joining this investing theme in 2021 were the First Trust Nasdaq Cybersecurity ETF and the Horizons GX Cybersecurity Index ETF. Subsequent entrants, both launched last year, are the CI Digital Security ETF and the iShares Cybersecurity and Tech Index ETF.
Karl Cheong, head of distribution with Toronto-based First Trust Portfolios Canada, said he expects stock investors will be more focused on fundamentals and less on concept stocks in the current sluggish market.
If so, that should favour cybersecurity companies. From sales to operating margins to earnings, the businesses are growing quite healthily, Cheong said.
Mark Noble, executive vice-president, ETF strategy, with Toronto-based Horizons ETFs Management (Canada) Inc., said cybersecurity is more mature and established than other thematic plays such as cryptocurrency or artificial intelligence, which are at earlier stages of adoption. I would look at cybersecurity being probably closer to traditional internet-software technology companies.
The Horizons ETF obtains its exposure by holding currency-hedged units of a NASDAQ-listed ETF managed by its U.S. affiliate Global X Management Co. LLC. Global X expects cybersecurity spending to outpace the rest of the information technology sector in the near to medium term as cyberattacks become more frequent and sophisticated.
The trend toward at-home or hybrid employment and the shift to cloud-based data storage add to corporations vulnerability to hackers.
Companies, governments and other entities are unable to battle hackers and ransomware on their own due to shortages of skilled labour. Because of that shortage of human capital, companies cant find enough staff to meet their cybersecurity needs, Lala said. So what they end up doing is outsource the majority of their cybersecurity work.
That translates into robust growth for companies like California-based Fortinet Inc., which is among the top holdings in all five ETFs. Fortinet reported 32% revenue growth in 2022 to US$4.4 billion, and net income of US$857 million. That marked its 14th consecutive year of profitability since its initial public offering in 2009.
Other common holdings, all U.S.-based, include Palo Alto Networks Inc., Okta Inc. and CrowdStrike Holdings Inc.
By taking a basket approach, such as with the Horizon ETFs 40 stocks, investors can be assured of participating in the growth of the sector, Noble said. The last thing you want to do is be picking a stock that has individual dispersion from that theme for whatever reason, and then as a result you dont participate in that theme.
Though the portfolios of the five ETFs have many similarities, some include broader technology exposure. The CI holdings, for instance, include large-caps Microsoft Corp., Alphabet Inc. and NVIDIA Corp., none of which are primarily cybersecurity providers.
Among the pure plays is the Evolve ETF, which holds about 43 stocks of hardware, software and consulting companies, all with market capitalizations of at least US$100 million.
We really wanted to make sure we had the companies that were truly earning 90%100% of their revenue from cybersecurity work, Lala said.
Evolves portfolio also provides exposure to companies that investors might not otherwise own, since theres little overlap with large-cap indexes like the S&P 500 or the NASDAQ 100.
The First Trust ETF also has some exposure to broader technology companies, among them Broadcom Inc. and Cisco Systems Inc., and requires a minimum US$500-million market cap for its roughly 35 holdings.
Having large-cap companies as part of the mix provides better downside characteristics compared to its pure-play peers, Cheong said, and that should hold true over time. But the First Trust portfolio might lag, he added, when market conditions favour smaller-cap and higher-beta stocks.
Despite the cybersecurity industrys positive attributes, all three ETFs with a full calendar year of returns in 2022 lost money last year. Lala, whose Evolve fund was down 36.6%, blames indiscriminate selling during a down market.
First Trusts ETF lost 21.4%. Cheong noted that among the roughly 90% of the First Trust holdings that were cash-flow positive, some were selling off more than stocks that werent.
High valuations are partly to blame for volatility among cybersecurity stocks. The whole market recognizes the long-term demand for cybersecurity, and these stocks are just expensive, said Noble, whose Horizons ETF lost 35.4% last year.
They are being impacted by the fact that the high valuations are generally very vulnerable to rising interest rates.
In a welcome development, returns of cybersecurity ETFs turned positive this year.
The Evolve ETF, the only one with a five-year track record, has posted an annual return of 9.1% over that period.
And while cybersecurity valuations remain somewhat higher than the broad market, theyve come down considerably. Early this year, the average price/earnings ratio of profitable stocks in the First Trust ETF was 21, down from 28 over the past year.
The valuations are not excessive relative to the [S&P 500] benchmark, Cheong said, but the earnings and sales are far superior and expected to continue in that path for the foreseeable future. So that is where we think there will be a floor for this sector, given the positivity of those trends.
More:
Fighting hackers a potential growth industry for ETFs - Investment Executive
Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia – The Hacker News
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks.
"Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information security officer at Meta, said. "This investment in social engineering meant that these threat actors did not have to invest as much on the malware side."
The fake accounts, in addition to using traditional lures like women looking for a romantic connection, masqueraded as recruiters, journalists, or military personnel.
At least two of the cyber espionage efforts entailed the use of low-sophistication malware with reduced capabilities, likely in an attempt to get past app verification checks established by Apple and Google.
One of the groups that came under Meta's radar is a Pakistan-based advanced persistent threat (APT) group that relied on a network of 120 accounts on Facebook and Instagram and rogue apps and websites to infect military personnel in India and among the Pakistan Air Force with GravityRAT under the guise of cloud storage and entertainment apps.
The tech giant also expunged about 110 accounts on Facebook and Instagram linked to an APT identified as Bahamut that targeted activists, government employees, and military staff in India and Pakistan with Android malware published in the Google Play Store. The apps, which posed as secure chat or VPN apps, have since been removed.
Lastly, it purged 50 accounts on Facebook and Instagram tied to an India-based threat actor dubbed Patchwork, which took advantage of malicious apps uploaded to the Play Store to harvest data from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, and China.
Also disrupted by meta are six adversarial networks from the U.S., Venezuela, Iran, China, Georgia, Burkina Faso, and Togo that engaged in what it called "coordinated inauthentic behavior" on Facebook and other social media platforms like Twitter, Telegram, YouTube, Medium, TikTok, Blogspot, Reddit, and WordPress.
All these geographically dispersed networks are said to have set up fraudulent news media brands, hacktivist groups, and NGOs to build credibility, with three of them linked to a U.S.-based marketing firm named Predictvia, a political marketing consultancy in Togo known as the Groupe Panafricain pour le Commerce et l'Investissement (GPCI), and Georgia's Strategic Communications Department.
Two networks that originated from China operated dozens of fraudulent accounts, pages, and groups across Facebook and Instagram to target users in India, Tibet, Taiwan, Japan, and the Uyghur community.
In both instances, Meta said it took down the activities before they could "build an audience" on its services, adding it found associations connecting one network to individuals associated with a Chinese IT firm referred to as Xi'an Tianwendian Network Technology.
The network from Iran, per the social media giant, primarily singled out Israel, Bahrain, and France, corroborating an earlier assessment from Microsoft about Iran's involvement in the hacking of the French satirical magazine Charlie Hebdo in January 2023.
"The people behind this network used fake accounts to post, like and share their own content to make it appear more popular than it was, as well as to manage Pages and Groups posing as hacktivist teams," Meta said. "They also liked and shared other people's posts about cyber security topics, likely to make fake accounts look more credible."
The disclosure also coincides with a new report from Microsoft, which revealed that Iranian state-aligned actors are increasingly relying on cyber-enabled influence operations to "boost, exaggerate, or compensate for shortcoming in their network access or cyberattack capabilities" since June 2022.
The Iranian government has been linked by Redmond to 24 such operations in 2022, up from seven in 2021, including clusters tracked as Moses Staff, Homeland Justice, Abraham's Ax, Holy Souls, and DarkBit. Seventeen of the operations have taken place since June 2022.
The Windows maker further said it observed "multiple Iranian actors attempting to use bulk SMS messaging in three cases in the second half of 2022, likely to enhance the amplification and psychological effects of their cyber-influence operations."
The shift in tactics is also characterized by the rapid exploitation of known security flaws, use of victim websites for command-and-control, and adoption of bespoke implants to avoid detection and steal information from victims.
The operations, which have singled out Israel and the U.S. as a retaliation for allegedly fomenting unrest in the nation, have sought to bolster Palestinian resistance, instigate unrest in Bahrain, and counter the normalization of Arab-Israeli relations.
Read the original:
Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia - The Hacker News
Pakistan internet cut as violence erupts after arrest of ex-PM Imran Khan – The Guardian
Imran Khan supporters protest in Pakistan after former PM arrested video report Pakistan
Khan, ousted from power last year, was appearing in court to face corruption charges
Internet services have been suspended across Pakistan after violence erupted when the former prime minister, Imran Khan, was arrested at a court appearance in Islamabad and dragged into an armoured vehicle by scores of security forces in riot gear.
The arrest of Khan who was ousted from power last year and has evaded arrest several times since came hours after he released a video message reiterating his allegations that Pakistans powerful military establishment had tried to assassinate him twice.
Khans arrest is the latest twist in a political and economic crisis that pits the popular former prime minister against the military and the government, led by his successor, Shehbaz Sharif, who Khan alleges conspired to remove him from power and make threats on his life, charges they deny.
Hours after his arrest, protests began to erupt across Pakistan, with the army accused of orchestrating his detention. More than 40 people were arrested and officials said one protester had been killed after they were shot by an officer near a military checkpoint in the city of Quetta. In Karachi, a police vehicle was set on fire and in Lahore, supporters broke into the house of the military corps commander, smashing windows and setting furniture on fire, while shouting: We warned you not to touch Imran Khan.
Mobile internet services were cut across the country, according to the Pakistan telecommunication authority, and access to Facebook, YouTube and Twitter, where videos of the protests were being widely shared, was restricted.
Late on Tuesday the UK Foreign, Commonwealth & Development Office issued a new travel warning advising against travel to several regions of Pakistan, and saying that further disruption should be expected.
Khan had travelled to Islamabad on Tuesday morning to seek bail in two corruption cases, some of dozens involving corruption, sedition and terrorism that he is facing.
As he entered the court premises, Khan was arrested by agents from the National Accountability Bureau, the countrys anti-corruption body, who were followed by a contingent of paramilitary officers. Khan was put into a vehicle with tinted windows and driven off under heavy security, while a scuffle broke out between his supporters and police.
According to a statement released by Islamabad police, his detention was connected to a separate case, known as the Al-Qadir Trust case, which involves allegations Khan earned billions of rupees through illegal land transactions and where he had not been granted bail. It stated that Khan would be produced before the court on Wednesday.
Khans Pakistan Tehreek-e-Insaf party (PTI) called his arrest a black day for our democracy and country. Fawad Chaudhry, a PTI spokesperson, alleged Khan had been abducted from court premises, scores of lawyers and general people have been tortured, Imran Khan has been whisked away by unknown people to an unknown location.
In a video posted to PTIs official Twitter account, the barrister Gohar Khan alleged Khan had been struck on the head and the legs by paramilitary officers who entered the premises of the Islamabad high court to arrest him.
The interior minister, Rana Sanaullah, said Khans arrest was because of his failure to turn up to hearings in a corruption case and denied all allegations of torture. The arrest has been conducted by the National Accountability Bureau for causing losses to the national treasury, he said.
After Khans arrest, the chief justice of Islamabad, Justice Aamer Farooq, demanded an explanation within 15 minutes from the police chief and the interior ministry secretary as to why Khan had been detained. Come to court and tell us why Imran has been arrested and in which case, he said. Farooq said that if they did not appear, he would summon both Khan and the prime minister, Sharif.
The arrest warrant for Khan was released soon after, dated 1 May, stating he was accused of corruption and corrupt practices. On Tuesday night, the Islamabad high court ruled that the arrest was legal and that Khan had ignored several notices to appear in court.
Insp Gen Akbar Nasir Khan, of Islamabad police, urged calm and said the situation in Islamabad was normal. However, in an attempt to prevent protest, a section 144 was imposed in the city to prevent gatherings of more than five people and internet was cut off in some areas.
Since Khan fell from power in April last year in a vote of no confidence, he has been on a crusade against Pakistans powerful military establishment, and in particular the senior army generals who it is widely acknowledged helped bring him to power. But after the relationship disintegrated, they orchestrated his removal as prime minister.
He accused the military and the Sharif government of a western-backed conspiracy to topple him and of being behind an attempt on his life in November last year, when a gunman opened fire during a rally in Punjab and Khan was shot in the leg. This week, the media wing of the armed forces issued another strongly worded rebuttal of Khans allegations.
Yet during this time Khans popularity his soared, with many admiring his determination to go up against Pakistans military establishment, which has long been Pakistans political puppet master. There is widespread discontent with the Sharif government, as inflation and food shortages have rocketed, and it is expected that Khan could return to power in the next general election, due in October, if he is not disqualified from politics before then.
Khan has been putting pressure on the Sharif government to call an early general election, claiming that the coalition that took power after he was removed is illegitimate.
{{topLeft}}
{{bottomLeft}}
{{topRight}}
{{bottomRight}}
{{.}}
See the article here:
Pakistan internet cut as violence erupts after arrest of ex-PM Imran Khan - The Guardian
What Is the Dark Web? Is the Dark Web Illegal? – Trend Micro News
The dark web is the unseen part of the internet, and makes up approximately 5% of all internet content. It is part of a much larger area known as the deep web, which conversely makes up a huge 90% of the internet. The reputation of the dark web precedes it in everyday conversation being known primarily for the procurement of identity credentials, drugs, sex, firearms, and other shady transactions. Famously, it was where Ross Ulbrichts Silk Road black market operated from. But what is the dark web and how does it work?
The dark web is the hidden part of the internet that can only be accessed via specific browsers. It is a series of websites that require specific authorization to enter. Dark websites also allow users unparalleled anonymity due to encryption software such as the Tor (short for The Onion Router) browser.
Unlike the surface web, the dark web does not use information available on search engines like Google or Bing; instead, it utilizes content from individual sources: forums, email, social media, and company databases. Similarly, unlike the surface web, where all website content is indexed, everything within the dark web is decentralized and to access its content, users need to type in complex links composed of numbers and letters. For example, the commerce website known as Dream Market has the following address: eajwlvm3z2lcca76.onion.
The dark web has its origins way back in 1999, with the research project of University of Edinburgh student, Ian Clark. Clarks intent was to create an anonymous peer-to-peer file-sharing program, named Freenet. On this free speech platform, users would be able to discuss and share information without the controls of government censorship. Freenet was released to the public in 2000, however, it wasnt long before it was eclipsed by Tor, released in 2003/4. To this day, Tor is still the favored route of access to the dark web.
The dark web and the deep web are two terms that are often used interchangeably but incorrectly. The deep web, which is the overwhelming majority of the internet, is simply content that is not indexed by standard search engines: it is that which lies below the surface. The dark web exists within the deep web, making up a tiny minority of content, respectively. We use the deep web every day in fact examples include:
The dark web is not illegal, and accessing it is completely lawful. Although, this depends on the country youre in, as totalitarian regimes are obviously against platforms that provide anonymity to users. The dark web is used by whistleblowers, the US military, journalists, and even those simply seeking rare items out-of-print books, for example. It is also a great venue for free online libraries and countless discussion forums.
Nonetheless, the dark web does have a well-earned reputation for illegal content and activity taking place within it. For example, it is the go-to place for cybercriminals to buy and sell stolen credentials, such as credit card numbers, email addresses, passwords, and Social Security numbers.
Aside from identity theft, it is also a venue for many other criminal ventures, including:
In summary, the dark web is not illegal but most activities that people use it for are illegal.
We are all to some extent at risk from the dangers of the dark web regardless of whether we use it or not. Aside from the abundance of viruses, trojans, and ransomware due to lax security provisions, the dark web is the go-to marketplace for stolen credentials and PII. Last year, the FBI estimated that losses from cybercrime reached almost $7 billion much of this takes place on the dark web. Your data is of great value in 2023, some example prices include:
Compromised personal data can have serious consequences, including identity theft, financial fraud, and job losses. The best thing you can do is a) have reliable cybersecurity protection, and b) ensure you will find out ASAP in the event of being affected. We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet these challenges.
All this for free why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed and consider leaving a like or comment below. Heres to a secure 2023!
View original post here:
What Is the Dark Web? Is the Dark Web Illegal? - Trend Micro News
MACAU DAILY TIMES Media and Internet among … – Macau Daily Times
The National Security Law Amendment Bill, if passed, will authorize the government to manage national security topics in a number of sectors.
These sectors include education, association, publication, audio and visual broadcast, including over the internet.
To carry out these management functions, the government must abide by relevant specialist laws applicable to each field, such as the Publication Law.
The First Standing Committee of the parliament yesterday signed its lists of opinion to signal the conclusion of its discussions on the National Security Law Amendment Bill.
Committee president Ella Lei met with the press after yesterdays meeting.
When questioned about the aforementioned proposal, Lei disclosed that the committee did not express any concerns with the proposed provision, although she admitted that the committee had explored this proposal.
The committee has asked if and how the laws relating to the management functions would be amended to coordinate with the future National Security Law, she noted. She added that these specialist laws will be auxiliary to the future National Security Law, hinting a higher status will be afforded to the latter.
Traditionally, codes of law are superior to local laws.
It was also recapped that the committee had conducted comparisons and contrasts between this Bill and national security laws in other places, such as the National Security Law in Hong Kong drawn up in Beijing and put into effect in Hong Kong.
On whether the government has explained why the aforementioned sectors were specifically identified in the proposal, Lei said that the committee had not raised any concerns.
Under this Bill, probation in imprisonment will not be allowed for those who commit deliberate acts in breach of national security or their preparation activities, while parole will be barred for repetitive violators.
Provisional bars from leaving Macau will also form a part of the preventive measures applied to those suspected of committing a national security breach. This is necessary, according to the government, to obstruct these suspects from further participating in national security violations.
Committee members were concerned with the scope of activities promoting national security, the balance between protecting residents rights and combating national security breaches, the areas of applications, as well as the role of the National Security Committee.
Standards for evaluating punishments as well as the differentiation between abetting and supporting sedition, among other topics, were also of concern to the committee.
Criminal procedures and preventive measures, with the latter being new to this law review, were also discussed. In contrast to the current law that was put into effect about a decade ago, this amendment has proposed greater use of new technologies, such as communication interception methods, to achieve the preventive and investigative purposes of the Bill.
Wiretapped data obtained for preventive purposes, according to the committee president, will not be allowed for judicial purposes.
The committee has fully agreed on the amendments future mission as the backbone legislation governing national security in Macau.
On the balance between residents rights and national security, the government told the committee that the amendment was drafted on the grounds of respecting both traditions and human rights.
Existing legislation on criminal procedures, provided their effectiveness can be confirmed, will be retained and used in prosecutions against national security breaches. The committee has also accepted this point.
Related
Read more:
MACAU DAILY TIMES Media and Internet among ... - Macau Daily Times