Connect with us


American insurance giant CNA reportedly pays $40m to ransomware crooks • The Register



In brief CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.

In March the business revealed it had been hit by an extensive Phoenix Locker infection; this strain of malware was developed by Russian scam artists calling themselves Evil Corp, which may have links to Russian intelligence.

All CNA systems are now back up and running though it appears that the company didn’t manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.

“CNA is not commenting on the ransom, but the company did consult and share intelligence with the FBI and OFAC [US Treasury’s Office of Foreign Assets Control] regarding the cyber incident and the threat actor’s identity,” a spokesperson told The Register.

“CNA followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter. Due diligence efforts concluded that the threat actor responsible for the attack is a group called Phoenix. Phoenix is not on any prohibited party list and is not a sanctioned entity.”

In other words: CNA wouldn’t be forbidden from doing a deal with the Phoenix crew, jus’ sayin’.

Luckily for CNA and its customers, an analysis of the ransomware code suggests it doesn’t steal data for later ransom, but instead simply locks it. However, banking mega-millions for a single attack is only going to encourage further intrusions.

Solarwinds CEO says sorry, again

As part of his ongoing apology tour, Solarwinds CEO Sudhakar Ramakrishna appeared at the 2021 RSA Conference this week to assure security professionals that his head of security Tim Brown was still in place and hadn’t been scapegoated. “We don’t like to flog people for failures; he’s highly competent and committed,” the chief exec said.

Too bad the previous CEO Kevin Thompson didn’t feel the same way, who in February blamed an intern for the infamous solarwinds123 password leak during a House committee hearing.

“What happened at the congressional hearings is not what we are about and is not what we are about,” said Ramakrishna. “We have learned from that and I want to reset it here by saying that we are a safe environment.”

Ramakrishna said he learned of the hack on December 12, his birthday, and a month before he officially took over as CEO. He said he had been urged not to take the job, but instead offered to stand down for a while and let the current chief exec run the cleanup operation to ensure continuity.

Oddly though, his half-hour keynote contained almost no technical details at all. Remember when RSA used to be a hardcore security conference? We do, and we miss it.

Stalkerware use surging and the code sucks

The creepy code used to spy on partners or other victims, is not only on the rise but could also be very bad for your digital health.

An analysis by ESET boffin Lukas Stefanko showed Android stalkerware apps are still a growing market, with use of the software seemingly up 48 per cent in 2020, despite them being kinda banned by Google and others after a successful campaign by the Electronic Frontier Foundation.

But such scummy apps are also very poorly written. Stefanko analyzed 86 Android stalkerware applications and found 58 had serious security issues. After contacting the makers as per responsible disclosure, only six fixed the holes, seven promised to do so, one decided it couldn’t be bothered, and 44 didn’t even reply.

“The research should serve as a warning to potential future clients of stalkerware to reconsider using software against their spouses and loved ones, since not only is it unethical, but also might result in revealing the private and intimate information of their spouses and leave them at risk of cyberattacks and fraud,” he concluded.

ExifTool users need to get patching

If your web application, or other software, uses ExifTool to process user-submitted images, it’s time to update to fix a security hole:

William Bowling explained that Perl code can be injected into ExifTool and executed, via a malicious processed file, and it is easy to exploit. Worse, from a security standpoint, multiple image formats are at risk.

Thankfully it’s now patched but considering how many people use the code, and the ease of infiltration, it’s worth checking to make sure everything’s updated.

So, so much cyber-crime

An unfortunate milestone were reached this week, with the FBI’s Internet Crime Complaint Center (IC3) recording its sixth million gripe about online scumbags, the fastest rise in its more-than-20-year history

“On one hand, the number holds some positive news. People know how to find us and how to report an incident,” said IC3 Chief Donna Gregory. “But on the other hand these numbers indicate more people are being affected by online crimes and scams.”

The top three complaints to the consumer reporting service were phishing, non-payment/non-delivery scams, and online extortion. But when it comes to losing money, business email compromises, romance scammers, and investment fraudsters cause the most damage.

We’re told the situation is getting rapidly worse: the latest million complaints have come in just the last 14 months and the trend is accelerating. ®

Source link


2021 iPhone photography awards – in pictures | Technology



The 14th annual iPhone photography awards offer glimpses of beauty, hope and the endurance of the human spirit. Out of thousands of submissions, photojournalist Istvan Kerekes of Hungary was named the grand prize winner for his image Transylvanian Shepherds. In it, two rugged shepherds traverse an equally rugged industrial landscape, bearing a pair of lambs in their arms.

Source link

Continue Reading


With Alphabet’s legendary commitment to products, we can’t wait to see what its robotics biz Intrinsic achieves • The Register



Alphabet today launched its latest tech startup, Intrinsic, which aims to build commercial software that will power industrial robots.

Intrinsic will focus on developing software control tools for industrial robots used in manufacturing, we’re told. Its pitch is that the days of humans having to manually program and adjust a robot’s every move are over, and that mechanical bots should be more autonomous and smart, thanks to advances in artificial intelligence and leaps in training techniques.

This could make robots easier to direct – give them a task, and they’ll figure out the specifics – and more efficient – the AI can work out the best way to achieve its goal.

“Over the last few years, our team has been exploring how to give industrial robots the ability to sense, learn, and automatically make adjustments as they’re completing tasks, so they work in a wider range of settings and applications,” said CEO Wendy Tan White.

“Working in collaboration with teams across Alphabet, and with our partners in real-world manufacturing settings, we’ve been testing software that uses techniques like automated perception, deep learning, reinforcement learning, motion planning, simulation, and force control.”

Tan White – a British entrepreneur and investor who was made an MBE by the Queen in 2016 for her services to the tech industry – will leave her role as vice president of X, Alphabet’s moonshot R&D lab, to concentrate on Intrinsic.

She earlier co-founded and was CEO of website-building biz Moonfruit, and helped multiple early-stage companies get up and running as a general partner at Entrepreneur First, a tech accelerator. She is also a board trustee of the UK’s Alan Turing Institute, and member of Blighty’s Digital Economic Council.

“I loved the role I played in creating platforms that inspired the imagination and entrepreneurship of people all over the world, and I’ve recently stepped into a similar opportunity: I’m delighted to share that I’m now leading Intrinsic, a new Alphabet company,” she said.

The new outfit is another venture to emerge from Google-parent Alphabet’s X labs, along with Waymo, the self-driving car startup; and Verily, a biotech biz. ®

Source link

Continue Reading


Charles River to create 90 new jobs at Ballina biologics site



Charles River is expanding its testing capabilities in Ballina as part of its partnership with Covid-19 vaccine manufacturer AstraZeneca.

Contract research organisation Charles River Laboratories is planning an €8m site expansion in Ballina to facilitate batch release testing for Covid-19 vaccines from AstraZeneca.

The expansion at the Mayo site will create an additional 1,500 sq m of lab space and 90 highly skilled jobs in the area over the next three years.

Click here to check out the top sci-tech employers hiring right now.

The company provides longstanding partners AstraZeneca with outsourced regulated safety and development support on a range of treatments and vaccines, including testing and facilitating the deployment of Vaxzevria for Covid-19 and Fluenz for seasonal infleunza.

The latest investment follows earlier expansions at the Ballina site and Charles River recently announced plans to establish a dedicated laboratory space to handle testing of SARS-CoV-2 and other similar pathogens that cause human disease.

“We are incredibly proud of the transformational changes we have implemented on site and the role that Charles River has played in supporting the safe and timely roll-out of AstraZeneca’s Covid-19 vaccine,” said Liam McHale, site director for Charles River Ballina.

“Throughout the pandemic, our site remained fully operational while keeping our employees safe and having a positive impact on human health. Our expanded facility will provide us with the increased capacity needed to continue the essential services we provide to our clients.”

Charles River acquired the Ballina facility, which focuses on biologics testing, in 2002. The company employs 230 people at its two facilities in Ireland, including the Mayo site and a site in Dublin, established in 2017, which serves as the EMEA and APAC headquarters for the company’s microbial solutions division.

IDA Ireland is supporting the expansion. Mary Buckley, executive director of the agency, said Charles River is an “employer of long standing” in Co Mayo.

“The enhancement of its product lines and the development of additional capability at the Ballina facility is most welcome,” she added. “Today’s announcement is strongly aligned to IDA Ireland’s regional pillar and its continued commitment to winning jobs and investment in regional locations.”

Dan Wygal, country president for AstraZeneca Ireland, added: “Our Covid-19 vaccine, Vaxzevria, undergoes extremely robust safety and quality testing prior to becoming available for patients. We are committed to bringing safe, effective vaccines to Ireland and other markets as quickly as possible, and Charles River will continue to be an important partner in this regard.”

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!