Connect with us

Technology

SolarWinds backdoor gang pwned Microsoft support agent to turn sights on customers • The Register

Voice Of EU

Published

on

In Brief The spies who backdoored SolarWinds’ Orion software infiltrated Microsoft’s support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant’s customers, it was reported.

Redmond said it traced this latest intrusion to a member of a team it calls Nobelium, the suspected Kremlin-run crew that used tainted Orion updates to snoop on organizations around the world. Russia insists it had nothing to do with the supply-chain attack on SolarWinds.

Microsoft customers targeted by the support desk intruder have been alerted. The caper was detected during what sounds like an investigation into a wider phishing campaign that, as it turned out, hooked a Microsoft support agent, who had access to customers’ contact information, lists of their cloud subscriptions, and other records.

“A sophisticated nation-state associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the IT giant told those clients, Reuters reported first on Friday.

“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.”

Mercedes-Benz USA this week said 1,000 or so customers’ sensitive personal information – such as credit card, driving license, and social security numbers, and dates of birth – were accidentally left out in the open on an insecure cloud storage system that has since been fixed. The data was collected from its website between January 2014 and June 2017.

It seems the exposed database had as many as 1.6 million unique records in it, and the majority of those were slightly less sensitive: names, home and email addresses, phone numbers, and some purchased vehicle info.

Earlier this month, Volkswagen and its subsidiary Audi told 3.3m people their personal info had been obtained by miscreants after a third-party supplier left the data facing the public internet. Again, most of the records were contact information and details of purchased vehicles, and for 90,000 folks, more sensitive info.

AWS buys Wickr

Amazon Web Services announced on Friday it has bought Wickr, the popular encrypted messaging system, for an undisclosed sum.

Wickr started out as a secure smartphone chat app for NGOs, with end-to-end encrypted messages that could be auto-deleted. Then it branched out to the desktop, and enterprise versions appeared for on-prem and cloud servers. It’s also used by the US military and law enforcement, not to mention an Australian Prime Minister.

“The need for this type of secure communications is accelerating,” said AWS chief information security officer Stephen Schmidt. “With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations.

“Wickr’s secure communications solutions help enterprises and government organizations adapt to this change in their workforces and is a welcome addition to the growing set of collaboration and productivity services that AWS offers customers and partners.”

Wickr is also popular with some journalists, though one wonders if they’ll keep using the software seeing as it’s now owned by a corporation that seems to relish badgering and nitpicking reporters and editors. The accountants at Juniper Networks may be happy: the Silicon Valley biz was a seed funder for Wickr, and one assumes it got a good return on its investment from this acquisition.

Mozilla starts Rally for privacy

In a somewhat quixotic move, Mozilla is asking its users to send their data to third parties in the hope that it’ll one day be better protected.

The scheme, dubbed Rally, will let Firefox users install a plugin that lets them share some of their user data and personal information with academics researching how people use the internet and what data they are actually having to share to do so. Users choose how much info they send and to which project, with teams at Princeton and Stanford are already signed up to participate.

“Quantitative research is essential for understanding tech policy problems and for holding platforms accountable. Here’s the problem: methods and data often aren’t adequate,” said Jonathan Mayer, a professor of computer science at Princeton.

“Platforms could help with these research barriers. But platforms, unsurprisingly, haven’t been very interested in enabling research that examines their own problems and misconduct. Rally doesn’t depend on platform gatekeepers — it’s entirely independent, powered by users.”

Moz also released a tool called WebScience for other academics that want to get involved. Now we may actually get some realistic data, if enough people take part.

Cryptomining malware Crackonosh targets gamers

The perils of piracy were highlighted yet again this week, this time in a report on Crackonosh, a malware outbreak among gamers that netted millions in Monero.

The Windows software nasty, Avast said, was hidden in cracked versions of popular games like Far Cry 5, NBA 2K19 and, somewhat ironically, Grand Theft Auto V. Once installed, the code shut down any security software it could find, and installed a Monero miner called XMRig, which takes advantage of gamers’ rigs.

“Crackonosh has been circulating since at least June 2018 and has yielded over $2,000,000 USD for its authors in Monero from over 222,000 infected systems worldwide,” Avast claimed.

“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”

Oklahoma! where the data goes blowing on the web

The City of Tulsa, Oklahoma, has admitted that files snatched from its police department computers have been released onto the web by extortionists.

Over 18,000 police citations and internal department files were leaked, it said, and “out of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared,” should check their bank accounts.

Tulsa got hit by a major ransomware infection on May 6. Mayor G.T. Bynum refused to pay up, saying: “Know that your tax dollars are not going to go into the hands of criminals,” and vowed the city wouldn’t pay “a nickel.”

Canadian Navy bests the rest in military cyber contest

US Cyber Command’s annual war games were held this week and, despite America fielding the majority of the players, it was its upstairs neighbor who scooped the top prize.

This year’s Cyber Flag 21-2, or “Big Flag,” contest saw a simulated computer attack on a major logistics facility (sound familiar?) by two adversaries. The 430 military and civilian keyboard warriors from the US, Canada, and UK scored points for thwarting these infections, defending against threats, and shoring up unsafe systems.

“Cyber Flag 21-2 tested the best and brightest cyber protection teams. This exercise assessed their tactical cyber skills while collectively improving our cyber resiliency. I’d also like to congratulate the Royal Canadian Navy’s Cyber Protection Team, the winner of this year’s event,” said General Paul Nakasone, US Cyber Command commander, presumably through slightly gritted teeth. ®



Source link

Technology

Google extends right-to-be-forgotten to app permissions on older Android devices • The Register

Voice Of EU

Published

on

In December, Google plans to have app runtime permissions expire on older versions of Android for apps that haven’t been opened for several months, extending the availability of a privacy protection feature introduced in Android 11.

“In Android 11, we introduced the permission auto-reset feature,” explained Google software engineers Peter Visontay and Bessie Jiang in a blog post on Friday. “This feature helps protect user privacy by automatically resetting an app’s runtime permissions – which are permissions that display a prompt to the user when requested – if the app isn’t used for a few months.”

That behavior is the default in Android 11 and in Android 12, expected in a few weeks. Come December, it will become the default in older versions of Android that rely on Google Play services, specifically Android 6 (API level 23) through Android 10 (API level 29).

The behavior change is likely to affect about 2bn devices, given that only about 25 per cent of the 3bn active Android devices run Android 11 (API level 30) or greater, and a relatively tiny number run something older than Android 6.

It means that dormant apps will lose access to runtime permissions, also known as “dangerous permissions,” that were previously granted and might pose privacy problems if forgotten. These include permissions like READ_PHONE_NUMBERS, READ_SMS, RECORD_AUDIO, ACCESS_COARSE_LOCATION, CAMERA, and other similar settings that provide access to sensitive data.

Google has anticipated that this might cause problems in some cases, so it will exempt Device Administrator apps and the like that are used by large organizations and have permissions set via enterprise policy.

The Chocolate Factory has also provided a way for developers to request that Android device owners disable permission revocation. The rationale for doing so would be for apps that work mainly in the background – it wouldn’t be ideal, for example, if a child safety app that relies on location data suddenly stopped working.

The Register has asked whether anyone at Google would define “a few months” more precisely or whether the fuzzy time frame was a deliberate attempt to avoid providing a specific value that could be used to game the system. A company spokesperson confirmed it was the latter.

However, Android provides developers running Android 12 with a way to check and set the default permission reset time in milliseconds on their own devices using the Android Debug Bridge (adb) command line tool.

adb shell device_config get permissions auto_revoke_unused_threshold_millis2

Android 12 takes permission revocation further still. It includes a feature called Hibernation that “not only revokes permissions granted previously by the user, but it also force-stops the app and reclaims memory, storage and other temporary resources.”

Hibernating apps can’t run in the background or receive push notifications. This too can be disabled via Settings if necessary.

Google intends to begin a gradual rollout of its permission auto-reset feature in December, on devices with Android 6 through 10 and Google Play Services. Users should be able to access the auto-reset settings page to configure this feature for specific apps. Thereafter, the Android system will start counting down to a permission reset. The rollout is expected to reach all affected devices at some point in Q1 2022. ®

Source link

Continue Reading

Technology

New Donegal digital hub opens doors to local start-ups and entrepreneurs

Voice Of EU

Published

on

Stranorlar’s new digital hub will provide local workers with hotdesks, reliable internet connectivity, access to local supports and more.

A new digital hub has opened today (17 September) in Stranorlar in Co Donegal. DigiHub at the Base Enterprise Centre aims to support the growth of ICT and digital businesses in Donegal.

The hub will provide the area’s workers, start-ups and entrepreneurs with hotdesk and workspaces on flexible arrangements, as well as office units of various sizes, training facilities and a range of meeting rooms.

The DigiHub was developed as part of the Digiwest programme with funding from the Rural Regeneration and Development Fund and the Connected Hubs Fund, which was launched earlier this year to help promote remote working around the country. The hub is also supported by Donegal County Council and the Western Development Commission.

Click here to check out the top sci-tech employers hiring right now.

The development of digital hubs in rural areas is part of Our Rural Future, the Government’s five-year strategy to revitalise towns and villages, promote remote working and ensure balanced regional development.

Minister for Rural and Community Development Heather Humphries, TD, who launched the new Donegal facility today, said she hoped the hub would entice digital entrepreneurs to move to the Stranorlar area.

“As we phase out restrictions put in place during Covid-19, it’s more relevant than ever to invest in co-working spaces for those who wish to remain in their home counties and avoid long commutes to Dublin and larger cities,” she added.

“The launch of today’s hub in the heart of Stranorlar highlights the appetite for hybrid working in regional Ireland to remain. This fine facility is one of four digital hubs along the western seaboard that received almost €650,000 under my Department’s Rural Regeneration Development Fund.

“All four of these hubs are members of the Connected Hubs initiative, which is the department’s platform of mapping together all of the hubs across the country so that they belong to one single network.”

The Connected Hubs network currently has more than 140 members nationwide.

The Stranorlar hub, which received €67,ooo in funding, will have 23 desks available for short-term and casual hire, while the hub’s offices can accommodate more than 20 tenants. Business units will be made available for permanent hire with the capacity to accommodate an additional 50 tenants.

The hub’s range of supports for start-ups will include one-to-one business mentoring, as well as access to mentoring through a network of support businesses via the Ballybofey and Stranorlar Chamber of Commerce.

It will also provide workers with networking and informal learning opportunities, promotion on its social media channels and it will offer them information on agencies and organisations for assistance.

Internet access, which is a key concern for many remote workers living in rural areas, will be provided by Siro, a joint venture by the ESB and Vodafone to provide homes and businesses with fibre-optic gigabit connectivity.

Siro’s partnership with DigiHub in Stranorlar will bring the total number of remote working hubs around the country using its service to 16.

Kieran Doherty, chair of Basicc, the local social enterprise that manages the Base Enterprise Centre, said: “In order for the area to flourish, we have to be able to connect to any part of the world instantly and gigabit connectivity means that we have the same world-class broadband that is available in international hubs like Tokyo or Singapore.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

Teenage girls, body image and Instagram’s ‘perfect storm’ | Instagram

Voice Of EU

Published

on

Emily started using Instagram when she was in her mid-teens and found it helpful at first. She used the photo-sharing app to follow fitness influencers, but what began as a constructive relationship with the platform spiralled into a crisis centred on body image. At 19 she was diagnosed with an eating disorder.

“I felt like my body wasn’t good enough, because even though I did go to the gym a lot, my body still never looked like the bodies of these influencers,” says Emily, now a 20-year-old a student who is in recovery.

Emily, who preferred not to use her real name, uses Instagram sparingly now. She is one of many Instagram users whose suffering came to prominence this week with revelations that the platform’s owner, Facebook, seemed to know it was damaging teenage girls’ mental health.

According to internal research leaked to the Wall Street Journal (WSJ), the app has made body image issues worse for one in three girls and in one Facebook study of teenagers in the UK and the US, more than 40% of Instagram users who said they felt “unattractive” said the feeling began while using the app.

Instagram has more than 1 billion users worldwide and an estimated 30 million in the UK, with Kim Kardashian, Selena Gomez and Ariana Grande among the accounts with hundreds of millions of followers between them. In the UK, the Love Island couple Liam Reardon and Millie Court have already raced to a combined following of nearly 3 million since winning the 2021 title.

Ariana Grande
Ariana Grande has more than 250 million Instagram followers. Photograph: John Shearer/Getty Images for the Recording Academy

Two in five girls (40%) aged 11 to 16 in the UK say they have seen images online that have made them feel insecure or less confident about themselves. This increases to half (50%) in girls aged 17 to 21, according to research by Girlguiding in its annual girls’ attitudes survey.

Sonia Livingstone, professor of social psychology at the department of media and communications, LSE, describes adolescence for teenage girls as an “arc” that tends to begin with the staple experiences of interest in pets, painting or playing with younger siblings, through to the more confident young woman ready to face the world. But it is the experience in the middle of that parabola that represents a particular challenge, and where Instagram can be most troubling.

“It is at that point where they are assailed with many answers to their dilemmas and a prominent answer at the moment is that it might be what they look like, that it matters what they bought,” says Livingstone, who next week is due to give evidence to MPs and peers scrutinising the draft UK online safety bill, which imposes a duty of care on social media companies to protect users from harmful content.

Facebook’s in-depth research into the photo-sharing app stated that Instagram had a deeper effect on teenage girls because it focused more on the body and lifestyle, compared with TikTok’s emphasis on performance videos such as dancing, and Snapchat’s jokey face features. “Social comparison is worse on Instagram,” said the Facebook study. The leaked research pointed to the app’s Explore page, where an algorithm tailors the photos and videos that a user sees, potentially creating a spiral of harmful content.

“Aspects of Instagram exacerbate each other to create a perfect storm,” said the research.

Livingstone says a key feature of the online safety bill will be its provisions on regulating the algorithms that constantly tailor and tweak what you view according to your perceived needs and tastes – and can push teenage girls into that vortex of esteem-damaging content. “There is a lot to be done about algorithms and AI [artificial intelligence].”

Beeban Kidron, the crossbench peer who sits on the joint committee into the online safety bill and was behind the recent introduction of a children’s privacy code, says Ofcom, the UK communications watchdog, will have a vital role in scrutinising algorithms.

“The value in algorithmic oversight for regulators, is that the decisions that tech companies make will become transparent, including decisions like FB took to allow Instagram to target teenage girls with images and features that ended in anxiety, depression and suicidal thoughts. Algorithmic oversight is the key to society wrestling back some control.”

A spokesperson for the Department for Digital, Culture, Media and Sport says the bill will address those concerns. “As part of their duty of care, companies will need to mitigate the risks of their algorithms promoting illegal or harmful content, particularly to children. Ofcom will have a range of powers to ensure they do this, including the ability to request information and enter companies’ premises to access data and equipment.”

Liam Reardon and Millie Court
Liam Reardon and Millie Court have a combined Instagram following of 3 million since winning Love Island 2021. Photograph: Matt Frost/ITV/Rex/Shutterstock

For others, there is a wider issue of educating the young how to navigate a world dominated by social media. Deana Puccio, co-founder of the Rap project, which visits schools across the UK and abroad to discuss issues such as consent, online and offline safety and building confidence in body image and self-esteem, says the bill should be accompanied by a wider education drive.

“We, parents, educators, politicians need to equip our young people with the tools, the analytical skills to make healthy choices for themselves. Because they will get access to whatever they want to. They are better at navigating the online world than we are.”

Puccio adds that teenagers should be encouraged to make their social media posts reflect a more realistic vision of the world. “We need to start building up people’s confidence to post real-life ups and downs.”

The head of Instagram risked fanning criticism of the app on Thursday with comments that compared social media’s impact on society to that of cars. “We know that more people die than would otherwise because of car accidents, but by and large, cars create way more value in the world than they destroy. And I think social media is similar,” said Adam Mosseri.

Facebook referred the Guardian to a blogpost by Karina Newton, the head of public policy at Instagram, who said the internal research showed “our commitment to understanding complex and difficult issues young people may struggle with, and informs all the work we do to help those experiencing these issues”.

The Instagram revelations came as part of a WSJ investigation into Facebook, in which the newspaper revealed that Facebook gives high-profile users special treatment, that changes to its news feed algorithm in 2018 made the platform’s users angrier and more divisive, and that employees had warned Facebook was being used by drug cartels and human traffickers in developing countries.

Responding to the algorithm and drug cartel allegations, Facebook said divisions had existed in society long before its platform appeared and that it had a “comprehensive strategy” for keeping people safe in countries where there was a risk of conflict and violence.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!