Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out.
Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.
https://www.wired.com/story/hackers-drain-31-million-from-crypto-service/
Software drafting contracts, what could go wrong?
Alice Klein, New Scientist, 08 Dec 2021 via ACM TechNews 10 Dec 2021
Artificial intelligence (AI)-equipped cameras have spotted more than 270,000 drivers using phones while driving in New South Wales (NSW), Australia, since the state began issuing fines in March 2020. The cameras capture high-definition images of the front of each passing vehicle, and AI software analyzes them to identify drivers using a handheld cellphone; officers vet images flagged as potentially showing violations before fining those drivers. Transport for NSW's Tara McCarthy said, “We know that mobile phone detection cameras are working and people are getting the message not to use their phone illegally, as we have seen a significant drop in offenses.” https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d973x22fffdx072544&
A disinformation network with ties to China used hundreds of fake social media accounts—including one belonging to a fictitious Swiss biologist — to spread an unfounded claim that the U.S. pressured scientists to blame China for the coronavirus, Facebook said Wednesday.
The company based in Menlo Park, California, did not directly attribute the network to the Chinese government. But it noted employees of Chinese state-run companies, and the country's state-run media, worked to amplify the misleading claims, which were soon the subject of news headlines in China.
“In effect it worked like an online hall of mirrors, endlessly reflecting the original fake persona and its anti-US disinformation,” according to Ben Nimmo, who leads investigations into disinformation at Meta, the parent company of Facebook and Instagram.
The operation began in July 2021, when a Facebook account was created in the name of Wilson Edwards, a self-professed Swiss biologist. That same day, the account user claimed, without evidence, that U.S. officials were using “enormous pressure and even intimidation” to get scientists to back calls for renewed investigations into the origin of the virus.
https://techxplore.com/news/2021-12-facebook-fake-scientist-anti-us-propaganda.html
https://www.quantamagazine.org/why-nasas-james-webb-space-telescope-matters-so-much-20211203/
Hackers Breach Los Angeles Planned Parenthood Network Healthcare provider says more than 400,000 patients' records compromised
Planned Parenthood Los Angeles said it is investigating a cyberattack that compromised the personal information of thousands of patients.
The reproductive healthcare provider is notifying approximately 400,000 patients whose names, address, insurance and other identifying information were breached, said local spokesman John Erickson. Clinical information, which can include details of a patient's diagnosis, procedures and prescriptions, was taken in the hack.
The cyberattack occurred in October, when an unauthorized user gained access to the provider's network, installed malicious software and extracted files from the system, he said.
summary: In orthodox Judaism, if a woman wants a divorce, the man has to approve it.
And far too many religious women let his refusal destroy their lives.
Lots, make that LOTS, of pressure is (often, not always) put on these guys to sign off on the paper.
One technique is to ban them from leaving Israel.
Except…
The hack is the first known case of the spyware, known as Pegasus, being used against American officials.
The iPhones of 11 U.S. Embassy employees working in Uganda were hacked using spyware developed by Israel's NSO Group, the surveillance firm that the United States blacklisted a month ago because it said the technology had been used by foreign governments to repress dissent, several people familiar with the breach said on Friday.
The hack is the first known case of the spyware, known as Pegasus, being used against American officials. Pegasus is a sophisticated surveillance system that can be remotely implanted in smartphones to extract sound and video recordings, encrypted communications, photos, contacts, location data and text messages.
https://www.nytimes.com/2021/12/03/us/politics/phone-hack-nso-group-israel-uganda.html
You can pay bills, swipe into a Metro station, order a car, and do countless other things on your phone. And now venture capitalist and former political operative Bradley Tusk wants D.C. residents to be able to use their phones to vote.
Tusk Philanthropies is bringing its mobile voting project to D.C., hoping to make the nation’s capital the first place in the country where residents can use phones and computers to cast ballots. Tusk, a former campaign advisor to New York City Mayor Michael Bloomberg and one-time Uber official, has in recent years funded mobile-voting pilot programs across seven states — including Washington, West Virginia, and Oregon—largely to support overseas and military voters. But his effort in D.C. would represent the first push to make mobile voting a permanent part of elections for all voters. […]
Still, skeptics of mobile voting abound. They say that just like hackers can steal someone's bank information or take over their social media accounts, they could wreak havoc on the civic exercise that makes democracy tick.
“Study after study has found that Internet voting has fundamental security vulnerabilities that simply haven't been resolved at this point. And a lot of them are almost impossible to overcome given the current implementation of the Internet, because the Internet was never really designed with security in mind,'' says Mark Lindeman, an expert on voting security and audits with Verified Voting, a nonpartisan group that focuses on elections and technology.
Four federal agencies concluded as much in a May 2020 assessment, saying that “securing the return of voted ballots via the fficult while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time.''
https://dcist.com/story/21/12/02/theres-a-new-push-to-let-dc-voters-cast-ballots-from-their-phones/
Gen. Paul M. Nakasone, the head of Cyber Command, said a new cross-functional effort has been gathering intelligence to combat criminal groups targeting U.S. infrastructure.
The U.S. military has taken actions against ransomware groups as part of its surge against organizations launching attacks against American companies, the nation's top cyberwarrior said on Saturday, the first public acknowledgment of offensive measures against such organizations.
Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency, said that nine months ago, the government saw ransomware attacks as the responsibility of law enforcement.
But the attacks on Colonial Pipeline and JBS beef plants demonstrated that the criminal organizations behind them have been “impacting our critical infrastructure,” General Nakasone said.
In response, the government is taking a more aggressive, better coordinated approach against this threat, abandoning its previous hands-off stance. Cyber Command, the N.S.A. and other agencies have poured resources into gathering intelligence on the ransomware groups and sharing that better understanding across the government and with international partners.
https://www.nytimes.com/2021/12/05/us/politics/cyber-command-ransomware.html
Cybersecurity experts tracing money paid by American businesses to Russian ransomware gangs found it led to one of Moscow's most prestigious addresses.
When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow.
The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victim'’ digital data and then demand payments to unscramble it.
Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles.
That this high-rise in Moscow's financial district has emerged as an apparent hub of such money laundering has convinced many security experts that the Russian authorities tolerate ransomware operators. The targets are almost exclusively outside Russia, they point out, and in at least one case documented in a U.S. sanctions announcement, the suspect was assisting a Russian espionage agency.
https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
Maggie Miller, 10 December 2021 [via Dan Geer]
Top officials at the Department of Homeland Security (DHS) on Friday urged a newly established advisory committee composed of experts from across sectors to propose solutions to help tackle the growing wave of cyberattacks faced by the nation.
The Cybersecurity Advisory Committee, established by DHS's Cybersecurity and Infrastructure Security Agency (CISA) earlier this month, met in a hybrid format both in McLean, Va., and remotely for the first time Friday. It discussed strengthening the nation's basic cybersecurity practices and concerns about disinformation, among other issues.
CISA Director Jen Easterly made clear at the top of the almost three hour meeting that she hoped the advisory committee would “create action” and help move the nation forward in cybersecurity.
“At the end of the day, this is really about implementing those things that will help CISA truly be the nation's cyber defense agency, that is what the American people need, and that is what the American people deserve,” Easterly said. “I am not looking for a 20 page white paper, I am looking for short papers from each of the subcommittees that give a series of recommendations that we can go ahead and implement.”
DHS Deputy Secretary John Tien made similar comments, telling committee members that “your voices, your thoughts, your brainpower are going to have to help us identify the gaps, the vulnerabilities, and also provide us some thoughts on solutions.”
The committee is made up of almost three dozen individuals with cybersecurity expertise from various sectors, including cybersecurity group Mandiant CEO Kevin Mandia; former Facebook Chief Technology Officer Alex Stamos; Jeff Moss, the founder of the Def Con hacking conference, and Austin Mayor Steve Adler (D).
Representatives from Twitter, Microsoft, Amazon Web Services, Walmart, JPMorgan Chase and Johnson & Johnson, as well as several from the field of academia, are also on the committee. Thomas Fanning, the chairman, president and CEO of utility group Southern Company is the committee chair, while Ron Green, the executive vice president and chief security officer of Mastercard, is the vice chairman.
The event Friday marked the first official meeting of the advisory committee. It included lengthy discussion around ways to address the nation's cyber workforce challenges, increase basic cyber hygiene, and rally the hacking community to help the government defend the nation.
Also discussed were ways to reduce systemic risk to critical infrastructure, including elections, and to protect it against misinformation and disinformation.
National Cyber Director Chris Inglis stressed the need for a coordinated approach by the government and the private sector to best protect the nation against cyber threats, which have spiked over the past year amid incidents including ransomware attacks on Colonial Pipeline, meat producer JBS USA and IT group Kaseya.
“A transgressor needs to beat all of us to beat one of us,” Inglis said of his goals for the committee.
”A society that values attention over integrity will eventually self destruct.”
https://twitter.com/wida_vision/status/1466744497921003523
I had no idea Yahoo Mail inserted non-break spaces in e-mail I post. Nobody ever said anything and probably didn't notice, as I had no idea it was happening. I only put regular spaces in. Maybe Yahoo likes to play “Space Invaders.” Also, sorry about top-posting, again, that's on Yahoo. Spelling mistakes, however, I take full responsibility for.
Please report problems with the web pages to the maintainer