BEIJING, Febraury 10 -- A 5G collaboration project between the European Union and China is going ahead as planned. Despite calls to ban Chinese telecoms companies from the EU network, according to the head of the European side of the project. Uwe Herzog, coordinator of the 5G-Drive project, said: “The basis for our collaboration is the research collaboration framework agreed between the EU and China, which continues to be valid and honoured by both sides. “Thus, we are not concerned that the 5G-Drive project and its research collaboration with its Chinese twin project will be affected by current political discussions on 5G deployment.” The 20-month project, part of the EU’s €80 billion (US$91 billion) research programme Horizon 2020, is designed to test and validate the interoperability of the European and Chinese 5G networks. The Chinese side of the project is coordinated by China Mobile, with project partners including Huawei. The project will focus on sites in Italy, Finland and Britain, and five in China – Hangzhou, Shanghai, Wuhan, Suzhou and Guangzhou. The European side is being led by the German-based telecommunications research and development firm Eurescom and involves 17 partners from 11 countries, including industry, mobile operators, BMW, SMEs, research institutes, academia and consulting partners. China and the EU signed an agreement in 2015 to cooperate on 5G technology, conduct joint research and promote standardisation, as part of a public-private partnership launched by the EU. Brussels promised to provide €700 million in government funding by 2020, with a further €3 billion to be raised by industry. But Chinese telecoms firms, especially Huawei, have come under intense pressure amid growing concerns about security. A number of European countries have banned or are considering banning Huawei and ZTE from involvement in their 5G networks, with Italy becoming the latest to consider such a step.
0 Comments
BEIJING, January 24 -- China has blocked Microsoft-owned search engine Bing, The company confirmed after receiving complaints from users throughout the country who took to social media beginning late Wednesday to express concerns. So, Bing becomes the latest service to be shut down by Chinese government behind its so-called Great Firewall of China, which blocks thousands of websites originating in the west including Facebook, WhatsApp, Twitter, Yahoo, and Google. The news came as a surprise because Microsoft's search engine actually followed China's strict rules on censoring search results. Online service WebSitePulse that tracks outages in China also confirmed that cn.bing.com—the web address for Bing in China since its launch in June 2009—was inaccessible in several parts of the country. After investigating reports from Chinese users, a Microsoft spokesperson has "confirmed that Bing is currently inaccessible in China" and that the company is "engaged to determine next steps." Microsoft's Bing becomes the second major search engine to ban from China, after Google search, which left the country, along with other Google websites in 2010, in order to avoid Chinese censorship. However, late last year it was revealed that Google had secretly been working on a censored version of its search engine to make a comeback in China, after an eight-year-long absence of the company from the country with the world's largest market of internet users. Although the apparent cause of the ban remains unknown, the ban comes a day after China's top search engine Baidu received complaints that it was promoting low-quality pieces from its news organization Baijiahao in its search engine, weighing down its shares. State-owned telecommunications operator China Unicom confirmed that Bing had been blocked in the country after a government order, the Financial Times reported on Wednesday, citing two sources familiar with the matter. If users attempt to access Bing in China, the browser displays in a "connection error." This is because the Chinese Great Firewall has now been configured to corrupt the connection and stop resolving the domain name associated with the banned IP address of Bing's China site. To access Bing in China, users can do a little about it, because to visit censored websites, users need to rely on VPN services, but the Chinese government has been cracking down on the use of VPN services in the country. This is not the first time China has blocked a Microsoft service. In November 2017, the country pulled Microsoft's Skype Internet phone call and messaging service from Apple and Android app stores after the company refused to comply with their local laws. LOS ANGELES, January 22 -- Facebook announced that 364 pages and accounts will be closed, due to “engaging in coordinated inauthentic behaviour as part of a network that originated in Russia and operated in the Baltics, Central Asia, the Caucasus, and Central and Eastern European countries.” In short, Facebook has managed to identify 364 pages that claim to be independent news pages, but in reality – a part of a coordinated operation, lead from Russian state actors. In this case – state owned Russian agency, Sputnik. According to the Facebook announcement, the pages that have been closed have been linked to employees of Sputnik. The pages have been devoted to various topics, liked weather, travel, sports or politics. Several pages have been devoted to politicians in several EU member states, Eastern Partnership states and in Central Asia. The pages now closed by Facebook, had around 790,000 followers and invested 135,000 US Dollars on advertising. Besides the 364 pages connected to the Sputnik Agency, Facebook closed another 107 pages, groups and accounts and 41 Instagram pages, all engaging in coordinated inauthentic behaviour as part of a network, based in Russia and operating in Ukraine. The term “coordinated inauthentic behaviour” means that the pages are part of coordinated effort, in this case run by Kremlin operatives, but pretending to appear as independent, individual sites. Facebook and other social networks have intensified their efforts to sniff out this kind of deception: “Our security efforts are ongoing to help us stay a step ahead and uncover this kind of abuse, particularly in light of important political moments and elections in Europe this year. We are committed to making improvements and building stronger partnerships around the world to more effectively detect and stop this activity.” The EU issued late last year an Action Plan aimed at tackling online disinformation in EU countries and beyond. The Action Plan acknowledges the need to challenge Russia’s ongoing disinformation campaigns. The Action Plan will also ensure that tech companies comply with the European Commission’s Code of Practice, a document that commits online platforms to increase transparency for political advertising and to reduce the number of fake accounts. FRANKFURT, January 10 -- German police are seeking your help in gathering information related to a MAC address that could lead to the cell phone device used by a DHL blackmailer who last year parceled out bombs at different addresses in Brandenburg and Berlin. Between November 2017 and April 2018, someone used German parcel delivery service DHL to sent out several so-called improvised explosive devices (IEDs) in packets, demanding €10 million worth of bitcoins from the parcel service. In one event, a parcel containing nails, screws, and fireworks explosive powder was received by a pharmacy adjacent to the German Christmas market during 2017 Christmas, which eventually caused the evacuation of the market. German police later discovered a message inside that package in which the blackmailer threatened to send more parcels in the pre-Christmas season unless DHL made a 10 million euro payment in Bitcoin. During the investigation, the German police successfully communicated with the alleged blackmailer multiple times via an email and succeeded in capturing his/her Motorola brand device's MAC address f8:e0:79:af:57:eb, which was allegedly connected to several public Wi-Fi networks in Berlin at different times. Since every electronic device comes with a unique MAC address, German police are trying to use this information to map out all Wi-Fi networks that the culprit used, probably in hope to pinpoint the right CCTV footages and trace the offender. Though MAC address of a device can be spoofed easily, State Criminal Police Office LKA Brandenburg has requested citizens to check their wireless routers and network logs for the given MAC address and provide relevant information to the agency via email to [email protected]. "Private households can also unknowingly or knowingly operate open networks. The alleged perpetrator could also have used this for his communication," the Police say. To search for this MAC address, open your router’s configuration panel in the web browser (usually at http://192.168.1.1) and then, depending upon the router, open the log file section and search for f8:e0:79:af:57:eb on the page. NEW YORK, January 5 -- In November, Marriott revealed that it had experienced a security breach on its Starwood reservation system, potentially leaving information about 500 million guests exposed. The company is back with an update on the matter, revealing in a new statement that around 5.25 million unencrypted passport numbers were left vulnerable to the hacker(s). Marriott discovered unauthorized access on a Starwood guest reservation database on November 19. Soon after, the company had announced that about 500 million people who had stayed with a Starwood property on or before September 10, 2018. In its most recent update, Marriott said that it now believes the possible number of impacted guests is lower than the original estimate, totaling about 383 million as the upper limit of guest records that could have been exposed by the breach. The company cautions that this doesn’t necessarily mean 383 million individual guests were impacted, as there are apparently multiple records for the same guest. Exactly how many guests have been impacted still hasn’t been determined. In addition to updating its information about impacted guests, Marriott has stated that it believes around 5.25 million unencrypted passport numbers were accessed by the hacker(s). As well, the accessed data included more than 20 million encrypted passport numbers, but Marriott says there’s no evidence that the hackers accessed the master encryption key to decrypt them. Finally, Marriott currently believes around 8.6 million encrypted payment cards were impacted by the data breach. Of those, 354k of the cards were still unexpired by September 2018. Regardless, Marriott says there isn’t any evidence that the hackers acquired the tools needed to decrypted the card info. However, less than 2,000 payment cards may have had their 15-digit and 16-digit card numbers entered into other database fields, potentially leaving them unencrypted. An analysis of this potential problem is still underway. Marriott will soon enable customers to access “resources” to see whether their passport numbers were exposed. BERLIN, January 4 -- Germany is scrambling to identify who is behind a major hack that exposed data on hundreds of politicians, journalists, comedians and activists. In a "countdown" to Christmas, hackers used a Twitter account to leak details of private emails, Facebook messages, cell phone numbers and photographs on an almost daily basis over a four-week period starting in early December. The data dump included information about Chancellor Angela Merkel as well as members of the national parliament, regional state parliaments, the European Parliament and local officials. Among political parties, only the far-right Alternative for Germany (AfD) appeared not to be affected. In a country still alarmed by a large-scale hack in 2015 when intruders roamed around freely in the German parliament’s network for weeks, officials are not just worried about the breach itself. They are also alarmed that nobody apparently noticed it had happened until early January. “The German government takes this incident very seriously,” deputy government spokesperson Martina Fietz said Friday, less than 12 hours after a local broadcaster broke the news about the incident. Merkel's office did not know about the breach before Thursday night, Fietz told reporters. The news triggered an emergency meeting of the national cyberdefense body Friday morning, and authorities are now working "flat out" to examine how the information was obtained, she said, adding that the data contains no "sensitive” information about Merkel. The Dark Overlord hacker group has released decryption keys for 650 documents it says are related to 9/11, and promised that future leaks will have devastating consequences for the US 'deep state'.The document dump is just a fraction of the 18,000 secret documents related to the September 11, 2001 terrorist attacks believed to have been stolen from insurers, law firms, and government agencies.
The Dark Overlord initially threatened to release the 10GB of data unless the hacked firms paid an unspecified bitcoin ransom. However, on Wednesday, the group announced a "tiered compensation plan" in which the public could make bitcoin payments to unlock the troves of documents. A day later, the Dark Overlord said that it had received more than $12,000 in bitcoin – enough to unlock "layer 1" and several "checkpoints," comprised of 650 documents in total. There are four more layers that remain encrypted and, according to the group, "each layer contains more secrets, more damaging materials… and generally just more truth." The hackers are asking for $2 million in bitcoin for the public release of its "megaleak," which it has dubbed "the 9/11 Papers." By design, the "layer 1" documents – if authentic – do not appear to contain any explosive revelations. The publications focus mostly on testimonies from airport security and details concerning insurance pay-outs to parties affected by the 9/11 attacks. However, the data dump suggests that the group is not bluffing. The documents – which were immediately scrubbed from Reddit, Pastebin and Twitter – are available for download on Steemit at the time of writing. HANOI, January 1 -- A law requiring Internet companies in Vietnam to remove content communist authorities deem to be against the state came into effect Tuesday, in a move critics called "a totalitarian model of information control". The new cybersecurity law has received sharp criticism from the US, the EU and Internet freedom advocates who say it mimics China's repressive censorship of the Internet. The law requires Internet companies to remove content the government regards as "toxic". Tech giants such as Facebook and Google will also have to hand over user data if asked by the government, and open representative offices in Vietnam. The communist country's powerful Ministry of Public Security (MPS) published a draft decree on how the law may be implemented in November, giving companies which offer Internet service in Vietnam up to 12 months to comply. MPS has also said the bill was aimed at staving off cyber-attacks -- and weeding out "hostile and reactionary forces" using the Internet to stir up violence and dissent, according to a transcript of a question-and-answer session with lawmakers in October. In response to the law, which was approved by Vietnam's rubber-stamp parliament last June, Facebook said they are are committed to protecting the rights of its users and enabling people to express themselves freely and safely. "We will remove content that violates (Facebook's) standards when we are made aware of it," Facebook said in an emailed statement to AFP, adding that the social media giant has a clear process to manage requests from governments around the world. Hanoi has said Google is taking steps to open up an office in Vietnam to comply with the new law. In response to AFP's request for comment, the Internet giant said it would not comment at this stage. The law also bans Internet users in Vietnam from spreading information deemed to be anti-state, anti-government or use the Internet to distort history and "post false information that could cause confusion and damage to socio-economic activities". Critics say online freedom is shrinking under a hardline administration that has been in charge since 2016. Dozens of activists have been jailed at a pace not seen in years. Human Rights Watch (HRW) has called on the communist authorities to revise the law and postpone its implementation. "This law is designed to further enable the Ministry of Public Security's pervasive surveillance to spot critics, and to deepen the Communist Party's monopoly on power," Phil Robertson, deputy Asia director of HRW said. The law comes into force a week after Vietnam's Association of Journalists announced a new code of conduct on the use of social media by its members, forbidding reporters to post news, picture and comments that "run counter to" the state. Daniel Bastard of Reporters Without Borders decried the new requirements for journalists and the cybersecurity law, calling it "a totalitarian model of information control". Vietnam wants to build a reputation as a Southeast Asian hub for fintech. Critics warn the new Internet law -- particularly the data-sharing element -- will make start-ups think twice about relocating to the country. WASHINGTON, December 21 -- The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be members of a state-sponsored hacking group known as Advanced Persistent Threat 10 (APT 10) or Cloudhopper that has been working from over a decade to steal business and technology secretsfrom companies and government agencies around the world. According to the indictment, the alleged hackers targeted more than 45 companies and government agencies from 2006 to 2018 and stole "hundreds of gigabytes" of sensitive data and personal information from its targets. Both Hua and Shilong worked for Huaying Haitai Science and Technology Development Company and are alleged to have committed these crimes at the direction of Tianjin State Security Bureau, a department of China's Ministry of State Security. The victims included numerous managed service providers (MSPs), the U.S. Navy, NASA Goddard Space Center, and Jet Propulsion Laboratory, and the Department of Energy's Lawrence Berkeley National Laboratory. BANGKOK, December 19 -- Facebook has announced its third and biggest purge of military-linked accounts in Myanmar. Where critics have charged the social network did too little to block inflammatory material that fuelled hatred, particularly against the Muslim Rohingya minority. Facebook in a press release posted online Wednesday says it has removed 425 Facebook Pages, 17 Facebook Groups, 135 Facebook accounts and 15 Instagram accounts in Myanmar for engaging in coordinated inauthentic behaviour',' meaning they misrepresented who was running the provocative accounts. Facebook alleges the military is behind the accounts. Some 700,000 Rohingya fled their homes in western Myanmar since last year in response to a brutal counterinsurgency campaign by the military, which has been accused of massive human rights violations. WASHINGTON, December 15 -- Most consumers don't know about it, but Cloudflare is a tech giant that helps keep a huge portion of the internet running. According to a report from the Huffington Post, at least seven of its customers are under sanctions by the US Treasury Department, and six are on the US Department of State's list of foreign terrorist groups. One of the groups named in the report is the Taliban, which isn't on the State Department's foreign terrorism group list. Also named in the report are several Palestinian groups, al-Shabaab and the Kurdistan Workers' Party, all of which are on the list. The designation is meant to make things like international commerce and travel harder for the groups on the list. "Designations of foreign terrorist groups expose and isolate these organizations, deny them access to the US financial system, and create significant criminal and immigration consequences for their members and supporters," the State Department says on its website. What's more, the Treasury Department's sanctions, which apply to all seven groups, are meant in part to prevent US businesses from providing services to foreign terrorist groups. A Treasury Department spokeswoman said the department doesn't comment on individual matters that involve US companies doing business with sanctioned groups or any potential enforcement actions. The State Department didn't immediately respond to a request for comment. Cloudflare's general counsel, Doug Kramer, told CNET the company has a process for checking whether a potential customer is sanctioned by the Treasury Department. What's more, if it finds any current customers are already on the sanctions list, it'll end services to them. Kramer declined to confirm whether the groups were clients, saying it's company policy not to name customers. The Huffington Post reported that it learned the groups were Cloudflare customers after asking independent experts to evaluate the groups' websites. "It's a very difficult task and one that a lot of tech companies have struggled with," Kramer said, "because there's not always a one-to-one correlation between a domain name and a specific group." Cloudflare manages requests by web users to visit its clients' websites, among other services. It doesn't host websites. If hackers want to take down a website by overwhelming it with requests, something called a DDoS attack, Cloudflare can stop them. The list of customers is one example of how major tech companies, as they take over more and more of the internet's infrastructure, can end up providing services for groups that promote violence and extremist ideas. It's an issue the company has faced in the past. Cloudflare faced scrutiny in August 2017 for providing -- and then ending -- services to the neo-Nazi site the Daily Stormer. The controversy started after other web service companies, like GoDaddy and Google, removed their support for the website a few days earlier, in the aftermath of the Charlottesville demonstration and death of counter-protester Heather Heyer. The Daily Stormer published an offensive article about Heyer, and tech companies began to stop providing the website with internet services. At the time, Cloudflare CEO Matthew Prince said in a statement the company doesn't pick and choose its customers based on their ideological beliefs. However, the Daily Stormer had gone too far by spreading rumors that Cloudflare supported its neo-Nazi ideology, he said. "Our terms of service reserve the right for us to terminate users of our network at our sole discretion," Prince said. At the same time, Prince called his own company's decision "dangerous," saying it could open the door to a less free internet governed by large companies. "Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online," he said. Kramer said Cloudflare still takes the same approach it did in the case of the Daily Stormer. The company won't pick and choose its customers based on content alone. "We've continued to take the position that we think there's much more harm than good to be done if we start to decide what content should be up and what shouldn't," Kramer said. The company will comply with sanctions from the Treasury Department, he said, adding, "We don't want to go beyond the determinations of what government officials and regulators think." Infowars and Silicon Valley: Everything you need to know about the tech industry's free speech debate. THE HAGUE, December 14 -- A Dutch appeals court has upheld a prison sentence of nearly 11 years for a man convicted of cyberbullying dozens of young women and gay men around the world. Amsterdam Appeals Court on Friday confirmed the maximum 10 years and eight months sentence imposed in March last year on the man identified by Dutch authorities as Aydin C., who was convicted of fraud and blackmail via the internet for the online abuse, i.e. via the website www.dumpert.nl. He pretended to be a boy or girl and persuaded his victims to perform sexual acts in front of a webcam, then posted the images online or blackmailed them by threatening to do so. In Canada, he faces a separate trial in the cyberbullying of Amanda Todd, a 15-year-old girl whose suicide in 2012 drew global attention to online abuse.
ROTTERDAM, December 6 -- Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution.
The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute arbitrary code on the targeted computer and eventually gain full control over the system. The newly discovered Flash Player zero-day exploit was spotted last week by researchers inside malicious Microsoft Office documents, which were submitted to online multi-engine malware scanning service VirusTotal from a Ukrainian IP address. The maliciously crafted Microsoft Office documents contain an embedded Flash Active X control in its header that renders when the targeted user opens it, causing exploitation of the reported Flash player vulnerability. According to cybersecurity researchers, neither the Microsoft Office file (22.docx) nor the Flash exploit (inside it) itself contain the final payload to take control over the system. Instead, the final payload is hiding inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive which is then distributed through spear-phishing emails, as shown in the video below:
Upon opening the document, the Flash exploit executes a command on the system to unarchive the image file and run the final payload (i.e., backup.exe) which has been protected with VMProtect and programmed to install a backdoor that is capable of:
However, since the maliciously crafted documents in question purport to be an employment application for a Russian state healthcare clinic that is affiliated to the Presidential Administration of Russia and was uploaded on VirusTotal from a Ukrainian IP, researchers believe the attackers could be from Ukraine, considering the political tension between the two countries. The vulnerability impacts Adobe Flash Player versions 31.0.0.153 and earlier for products including Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected. Researchers reported the Flash zero-day exploit to Adobe on November 29, after which the company acknowledged the issue and released updated Adobe Flash Player version 32.0.0.101 for Windows, macOS, Linux, and Chrome OS; and Adobe Flash Player Installer version 31.0.0.122. The security updates include a patch for the reported zero-day flaw, along with a fix for an "important" DLL hijacking vulnerability (CVE-2018-15983), which could allow attackers to gain privilege escalation via Flash Player and load a malicious DLL. NEW YORK, December 2 -- The hacking attack was said to have lasted for 34 months, holding schools, hospitals, universities in several countries to ransom - earning the perpetrators millions of dollars in the process.
Now US prosecutors have charged two Iranians they believe were behind the attack - though justice is perhaps unlikely. “Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement,” the FBI said, “they can be apprehended if they travel, and the United States is exploring other avenues of recourse.” They are accused of carrying out a ransomware attack - malicious software that locks files and systems and demands a fee to unlock them. “The allegations in the indictment unsealed today - the first of its kind - outline an Iran-based international computer hacking and extortion scheme that engaged in a 21st-Century digital blackmail,” said US assistant attorney general Brian Benczkowski on Wednesday. Additionally, two other Iranians were sanctioned by the US Treasury for facilitating the exchange of Bitcoin into Iran’s currency, the rial. The scheme is said to have cost around 230 victims more than $30m (£23m) as they struggled to work around the shutdown of their systems. Court documents named 12, including a Hollywood hospital that had to turn away patients in early 2016. Elsewhere in the US, the city of Atlanta saw five different government departments infected with the ransomware, known as SamSam. It meant residents were unable to pay utility bills, and police officers reverted to paper-based reports. There were other victims in the UK and Canada, the FBI said. “To execute the SamSam ransomware attack, cyber actors exploit computer network vulnerabilities to gain access and copy the SamSam ransomware into the network. “Once in the network, these cyber actors use the SamSam ransomware to gain administrator rights that allow them to take control of a victim’s servers and files, without the victim’s authorisation. “The cyber actors then demand a ransom be paid in bitcoin in order for a victim to regain access and control of its own network.” The FBI said two men - Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri - were responsible for deploying the ransomware which, although notable for its impact, was considered by security experts to be unremarkable in its design. As is often the case with ransomware attacks, the efficacy was more likely strengthened by poorly maintained, out-of-date computer systems, rather than the sophistication or determination of the attackers. Perhaps more significant in this case is the US Treasury’s decision to impose sanctions on two more men - Ali Khorashadizadeh and Mohammad Ghorbaniyan - who were said to have helped the criminals convert the ransom money, which was paid in digital currency Bitcoin, into “real” money - the Iranian rial. The Treasury’s Office of Foreign Assets Control specified two accounts used to send and receive funds - known as Bitcoin wallets - that it said were associated with the accused. It means if a Bitcoin trading platform facilitates a transaction to either account, it could face severe penalties, including being blocked from operating in the US. The Treasury said it was the first time it had marked specific digital currency as being linked to sanctioned individuals. Due to the nature of digital currency, however, the accused could of course avoid the restrictions by simply using a different wallet not yet known to authorities. |
Thank you for choosing to make a difference through your donation. We appreciate your support.
This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies. Opt Out of CookiesCategories
All
Archives
April 2024
|