Security News

Google makes its money from being the world's middle man for online advertising. The more ambitious can install software like PiHole, which sits on your home network and does the same for all traffic, if you're comfortable with setting up servers and tinkering with DNS. The more technical you are, the more options you get - although why no mainstream home router makers have put ad and track filtering in their products is slightly mystifying.

The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated supply chain attack. "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, which has released an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

The US government on Sunday confirmed that its computer networks had been hit by a cyberattack, as The Washington Post reported at least two departments including the Treasury had been targeted by Russian state hackers. "We have been working closely with our agency partners regarding recently discovered activity on government networks," a spokesperson for the Cybersecurity and Infrastructure Security Agency told AFP. "CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises."

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company's own hacking tools.

A former Cisco employee who went medieval on his former employer and cost the company millions, has been sentenced to two years in prison and a $15,000 fine. Five months later he used access credentials to get back into Cisco's systems and deleted virtual machines on Webex - borking more than 16,000 WebEx Teams accounts for two weeks in some cases and costing Cisco $2.4m in refunds and repair work.

Christopher Taylor, 57, who "Confessed to disguising malware as recognisable and legitimate computer programs", installed Cybergate on more than 770 people's devices, covertly recording "Images of people in various stages of undress and involved in sexual activity" as Westminster Magistrates' Court found. In spite of claims that Taylor's malware-fuelled spree concerned mainly American citizens, close analysis of his seized laptop by an American expert found that just 7 per cent of his victims were located in the US - with the rest being spread between 37 different countries, including the UK. Taylor himself was suicidal at the thought of being sent to the US, found the judge, as was his disabled wife who had threatened to end her life if her husband, also her main carer, was extradited.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. "A lack of a standard for IoT devices brings forth many challenges from a management perspective, in particular security, as we are increasing the attack vector for each new IoT device introduced," said Shash Anand, VP of product strategy at SOTI, an IoT connectivity and management provider. Given the variety of IoT devices and systems around, it will be imperative that IoT standards are universally accepted and integrated across devices.

Secretary of State Mike Pompeo on Wednesday accused U.S. universities of caving to Chinese pressure to blunt or bar criticism of the Chinese Communist Party. Pompeo took aim at universities across the U.S., claiming they refused to address the Trump administration's concerns about China's attempts to influence students and academics.

Group-IB announces that its Threat Intelligence & Attribution system has been found compliant with the recommendations issued by United States Department of Justice for cybersecurity and cyber intelligence companies. The independent assessment of Group-IB Threat Intelligence & Attribution technologies was carried out by one of the Big Four accounting companies and has proved Group-IB's conformity with industry recommendations for gathering cyber threat intelligence data.