Security News

The United States today announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans' personal data from credit scorer Equifax. Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei, are all said to have been members of the People's Liberation Army's 54th Research Institute hacking team, and are accused of illegally accessed Equifax's customer databases.

U.S. Attorney General William Barr says the United States and its allies should take a "Controlling stake" in Huawei's chief competitors, Findland's Nokia and Sweden's Ericsson, to help make them more viable and improve the security of emerging 5G networks. Speaking at a conference in Washington Thursday organized by the Center for Strategic and International Studies, Barr said that China's unchecked dominance in producing technologies to support 5G networks could pose a "Monumental danger" to U.S. national security.

In the 7 years since, threats have become exponentially more advanced, launched by well-funded cyber-criminal groups and nation-state proxies and leveraging automation and AI. And yet the people hacking into Ring cameras weren't highly-technical or using AI. They were Script Kiddies using credentials found and traded on the Dark Web to access devices that did not use 2FA or other additional security mechanisms. As a threat analyst, I have helped companies identify hundreds of IoT devices, from insecure smart refrigerators and CCTV cameras, to compromised video conferencing systems and biometric scanners.

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country's election infrastructure in everything from hacking to trust-eroding conspiracy theories. The technology problems which have prevented a complete vote count in the first test for the 2020 election were founded on what experts described as a poorly-tested, poorly performing vote reporting smartphone app.

EU companies aren't taking out insurance against attacks on online assets because the companies selling coverage aren't organised enough - while Brits are more likely to pay off ransomware crooks than others. The "What is covered" argument was sharply highlighted by a number of high-profile court cases brought by insurance companies against their own customers, in efforts to evade paying out in the aftermath of cyber incidents.

Now can't be an easy time to be a professional drone pilot working for the US Department of the Interior. Until the issue is resolved, the only DOI drone flights allowed will be those connected to emergencies - monitoring wildfires and floods, both uses that underscore the importance of drones to the agency's work.

The United States on Thursday welcomed the European Union's new rules on fifth-generation internet but pressed them to go further after the bloc resisted Washington's pressure to ban China's Huawei directly. The European Union, setting guidelines that mirror those announced a day earlier by Britain, said Wednesday that countries should ban telecoms operators deemed to be a security risk.

A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42. It targeted five employees at a U.S. government agency - which the report did not identify - as well as two foreign nationals who had professional ties to North Korea, according to the Unit 42 report.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday warned that it's seen a surge in targeted attacks using a sophisticated strain of malware called Emotet. "The Cybersecurity and Infrastructure Security Agency is aware of a recent increase in targeted Emotet malware attacks," its Emotet alert reads.

The United States pressed France on Wednesday to take "Strong security measures" against potential breaches from 5G services provided by Chinese telecommunications firm Huawei, saying failure to do so could imperil intelligence exchanges. The United States did not ask France for a Huawei ban, he said, but for strong protections against potential "Malicious intrusions" from software and firmware updates of any systems provided by the company.