Subject: Ransomware coming for IoT devices, researchers warn
In a demonstration project, researchers breached a networked IP camera and gained access to IT and operational technology infrastructure to plant ransomware executables.Threat actors can use vulnerabilities in internet-of-things devices and IP-connected operational technologies to spread ransomware through an enterprise, new research shows.
In a June 1 report released by Forescout Technologies’ Vedere Labs, researchers demonstrated a proof-of-concept for a new type of attack they call ransomware for IoT (R4IoT). The next-generation malware breaches networks via IoT devices and then moves laterally through the IT and OT infrastructure, disrupting critical business operations and exfiltrating data.
In a video demonstration, Forescout’s team breached an IP camera connected to a fictional community hospital and executed a remote command that allowed researchers to take over a Windows machine on the hospital network.
“Mixing IP cameras and diagnostic systems – or other business-critical devices – in the same VLAN means that there is a path for an attack to spread from an insecure camera to a critical device,” the report said.
Source: Reporters Committee for Freedom of the Press
Alito drew criticism for raising the state’s argument that platforms’ exercise of editorial discretion was in tension with Section 230.
In a very welcome move, the U.S. Supreme Court last week narrowly granted an emergency application by the plaintiffs in NetChoice v. Paxton to block enforcement of H.B. 20, the Texas law that would allow the state to force large social media platforms to host speech they otherwise would not. The Court vacated an order by the U.S. Court of Appeals for the Fifth Circuit that permitted the law to go into effect.
The vote was 5-4. As is standard in emergency applications, the majority blocked the law in a brief, unsigned order. Justice Samuel Alito, joined by Justices Clarence Thomas and Neil Gorsuch, dissented. Justice Elena Kagan voted to deny the application to vacate the stay without further comment.
Notably, Justice Alito’s written dissent contended that it is “quite unclear” whether NetChoice, the trade association representing certain platforms possibly covered by the law, is likely to succeed on the merits of its First Amendment challenge to H.B. 20 under existing law.
Apple on Monday unveiled a new feature coming to iOS 16 designed chiefly to help people sever ties with their abusive partners who may tracking their locations or secretly reading their messages.“Many people share passwords and access to their devices with their partner; however, in abusive relationships, this can threaten personal safety and make it harder for victims to get help,” Katie Skinner, a privacy engineering manager at Apple, said during its keynote presentation at the 2022 World Wide Developer Conference, better known as WWDC.
This new feature, dubbed Safety Check, will allow users to quickly halt location information sharing via Find My and reset an iPhone’s privacy settings in the press of a few buttons. Activating Safety Check further helps safeguard users by signing them out on all other devices and restricting access to FaceTime and iMessage.
Back in February, hackers managed to squirrel away approximately $36 million in crypto assets from users’ retirement accounts. In the aftermath of that scam, it’s become less of a “who-dun-it” and more of a “who’s-gonna-take-the-blame?”In a lawsuit filed Monday against Gemini Trust Company, retirement investment company IRA Financial said it was let down by Gemini’s promise of security for its crypto assets.
Gemini is the crypto exchange fronted by the Cameron and Tyler Winklevoss, AKA the Winklevoss twins. IRA Financial was using Gemini’s architecture to secure users’ accounts, when on Feb. 8 an unknown actor began withdrawing bitcoin, ether and U.S. dollars from dozens of users, pilfering millions before the hack was spotted, according to CoinDesk. Gemini has previously blamed IRA for the hack, saying the transfers were made “by utilizing properly authenticated accounts” controlled by IRA that “complied with IRA’s approval processes and appeared to Gemini to be legitimate.”
After years of fizzled talks and stalled negotiations on a federal data privacy bill, House and Senate committee leaders finally set aside enough of their differences to release a draft of a new bipartisan tech privacy bill this past Friday.The legislation, called the “American Data Privacy and Protection Act,” is being spearheaded by House Energy and Commerce Chair Frank Pallone (D-N.J.), Cathy McMorris Rodgers (R-Wash.) and Sen. Roger Wicker (R-Miss.), ranking member of the Senate Commerce Committee.
And at least from a brief reading of the 10-pager outlining the bill’s basics, it looks pretty good! Upon a deeper reading though, the thing is… well, it’s not pretty good, or even remotely good. It carves out exemptions for bad bosses and law enforcement officials, while letting data brokers continue buying and selling vast amounts of our personal data with impunity.
Drivers may soon receive real-time emergency and fire alerts and improved evacuation routing on their vehicles’ infotainment systems.
The $100,000 contract was awarded to Corner Alliance, Inc., a Washington, D.C.-based small business, to improve emergency alerts from first responders to drivers during emergencies. The contract follows work among DHS S&T and the Federal Emergency Management Agency’s Integrated Public Alert & Warning System program, or IPAWS, that aims to develop a Wildland Urban Interface integration model.
VPN users can rest easy knowing that their data is safe, even from questionable data privacy laws in India, as ExpressVPN has decided to remove servers from the country to better protect user information.The whole point of a VPN is to protect your data from external sources. These handy business tools hide your internet activity and are generally used to improve overall security.
However, news data laws in India threatened to compromise that security by requiring VPNs to store user data. Fortunately, the provider took a stand.
“As countries’ data retention laws shift, we frequently find ourselves adjusting our infrastructure to best protect our users’ privacy and security. In this case, that has meant ending operations in India.”
As far as actual functionality is concerned, we do believe that ExpressVPN is a solid provider when it comes to this kind of business resource. However, our research showed that it’s not necessarily the best option on the market. Our research shows that the best VPN for business is Perimeter 81, as it offers a similarly strict no-logging policy, functionality across all devices, and zero-trust security model.