Over the past two years, I’ve been switching between a succession of iPhones and a series of Android devices, using each for an extended amount of time. Spending months with each mobile platform has been a tremendously useful exercise, helping me understand the strengths and weaknesses of the two dominant smartphone options. More on privacy […] More

Yuichiro Chino/Getty Images Looking for advice on how to protect your home and office from cyberattacks? A good place to start is with the people who do this stuff every day on behalf of the United States government. The folks at the National Institute of Standards and Technology (NIST) have created a simple Cybersecurity Basics […] More

An hacking group which conducts cyber espionage campaigns and ransomware attacks is targeting organisations in Europe and the United States. Cybersecurity researchers at Secureworks have detailed a string of cyber attacks involving ransomware and data theft which took place in early 2022 to an Iranian hacking group they refer to as Cobalt Mirage – also known as APT35, Charming Kitten, Phosphorus and TA453 by other research groups. Among the attacks is an incident targeting a US local government network in March 2022, which Secureworks researchers have attributed to Cobalt Mirage due to hallmarks of previously uncovered attacks by the group.  These include exploiting the ProxyShell vulnerabilities to deploy Fast Reverse Proxy client (FRPC) and enable remote access to vulnerable systems, along with use of infrastructure that matches patterns associated with the threat group. While the initial means of compromise in this attack is still unclear, researchers note how the attackers likely exploited unpatched Log4j vulnerabilities despite a patch being available. There’s evidence that this initial exploitation may have occurred as early as January 2022. Most of the intrusion activity spanned a four-day period in March, with the key aim of the activity based around scanning the network and stealing data – researchers note that this is strange, as like other attacks detected during the period, the targets had no strategic or political value to Iran. SEE: A winning strategy for cybersecurity (ZDNet special report)After the March 2022 intrusion was detected and disrupted, no further malicious activity was observed. Researchers suggest that the main motivation behind this attack, and others is financial gain, but it’s unclear how exactly the attackers would look to profit from it. “While the threat actors appear to have had a reasonable level of success gaining initial access to a wide range of targets, their ability to capitalize on that access for financial gain or intelligence collection appears limited,” Secureworks Counter Threat Unit (CTU) researchers wrote in a blog post. No ransomware was deployed in the attack against the undisclosed US local government victim, but researchers note that Cobalt Mirage does engage in ransomware attacks – as another victim discovered in January described as a ‘a U.S. philanthropic organization’. According to Secureworks researchers who investigated the incident, attackers used ProxyShell and Microsoft Exhange vulnerabilities to move around the network and remotely gain access to accounts, before eventually triggering a BitLocker ransomware attack. Unusually, the ransom note was sent to a printer on the network and printed out on paper, detailing an email address and contact details. While Cobalt Mirage has links to state-backed hacking operations, in this case, the ransomware is being deployed as a purely financially motivated attack. Ransomware ransom notes are more typically left either on screens or on servers.”The threat actors completed the attack with an unusual tactic of sending a ransom note to a local printer. The note includes a contact email address and Telegram account to discuss decryption and recovery. This approach suggests a small operation that relies on manual processes to map victims to the encryption keys used to lock their data,” the security researchers said. In both incidents detailed by researchers, attackers were able to gain access to networks by exploiting unpatched critical cybersecurity vulnerabilities. In order to protect networks against cyber attacks, it’s recommended that security patches are applied as quickly as possible in order to prevent potential intruders exploiting known vulnerabilities. Researchers also recommend implementing multi-factor authentication, and monitoring for unauthorised or suspicious use of tools and file-sharing services  which could indicate attackers are in the network. MORE ON CYBERSECURITY More

A review into Australia’s intelligence community has recommended comprehensive reform of electronic surveillance laws, one that would repeal existing powers and combine them to avoid duplication, contradictory definitions, and any further ad hoc amendments to the existing three Acts.
Electronic surveillance powers enable agencies to use electronic or technical means, which would otherwise be unlawful, to covertly listen to a person’s conversations, access a person’s electronic data, observe certain aspects of a person’s behaviour, and track a person’s movements. Currently, these powers are contained within the Telecommunications (Interception and Access) Act 1979 (TIA Act), the Surveillance Devices Act 2004 (SD Act), and the Australian Security Intelligence Organisation Act 1979 (ASIO Act).
Parts of the Telecommunications Act 1997 and the Criminal Code Act 1995 are also directly relevant when considering these powers.
Each Act requires agencies to meet thresholds before accessing these powers and requires external authorities, such as judges, Administrative Appeals Tribunal (AAT) members, or the Attorney-General as is the case of ASIO, to approve the use of powers.
In 2017-18, Commonwealth, state, and territory law enforcement agencies obtained 3,524 interception warrants, 828 stored communications warrants, 802 surveillance device warrants, 23,947 prospective data authorisations, and 301,113 historic data authorisations. ASIO likewise obtained interception, surveillance device, and computer access warrants.
“In short, we conclude that the legislative framework governing electronic surveillance in Australia is no longer fit for purpose,” the review said. “The SD Act was enacted 15 years ago; the ASIO Act and TIA Act are 40 years old; and the foundations of the surveillance framework date back to decisions made by Prime Minister Chifley in 1949.”
It said that after 40 years of continued amendments, problems with the framework have accumulated.

“The framework contains a range of highly intrusive powers that are functionally equivalent, but controls and regulates their use in a highly inconsistent fashion. It is based on outdated technological assumptions that cause challenges for agencies applying the framework to modern technologies,” the review said. 
There are more than 35 different warrants and authorisations for electronic surveillance activities. These warrants have different tests, thresholds, safeguards, and administrative requirements.
Similarly, the review said, there are significant differences between the limits and controls that apply to agencies’ use of their electronic surveillance powers in respect of third parties who are not, themselves, under investigation. Additionally, the ASIO Act, SD Act, and TIA Act contain 10 different arrangements for “emergency authorisations” to exercise their electronic surveillance powers in various urgent circumstances.
It also said ad hoc amendments often introduce as many problems as they solve and many of the core definitions in the Acts date back to the 1970s and 1980s and do not reflect the current telecommunications environment.
The review labelled the TIA Act as a “case study of complexity”, saying the complexity was both unnecessary and harmful.
The review considered the following fixes: Continuing to progress ad hoc amendments to deal with problems as they arise; repealing and rewriting the TIA Act alone; comprehensively reforming the entire electronic surveillance framework — repealing and rewriting the TIA Act, SD Act, and relevant parts of the ASIO Act; or developing a common legislative framework, which would be a broader consolidation of core legislation governing the National Intelligence Community (NIC).
“We recommend that the SD Act and TIA Act, and relevant parts of the ASIO Act governing the use of computer access and surveillance devices powers should be repealed and replaced with a new Act,” it declared.
Under a new Act, it said agencies should continue to be required to obtain separate warrants to authorise covert access to communications, computer access, or the use of a listening or optical surveillance device under a new Act. It added the Act should not introduce a “single warrant” capable of authorising all electronic surveillance powers.
As part of the development of a new electronic surveillance Act, the review said, the Australian Transaction Reports and Analysis Centre (Austrac) should be able to access telecommunications data in its own right under arrangements consistent with other Commonwealth, state, and territory law enforcement agencies presently authorised to access telecommunications data.
It also recommended for corrective services authorities to be granted with the power to access telecommunications data if the relevant state or territory government considered it to be necessary.
A further recommendation is that as part of the development of a new Act, electronic surveillance powers should be vested in the Australian Border Force (ABF), not the Department of Home Affairs, and the ABF should also be granted the power to use tracking devices under warrant and authorisation for the purpose of serious criminal investigations.
The new Act would amalgamate bits from the existing Acts, but unify them. As one example, the Attorney-General would be permitted to issue warrants authorising ASIO to intercept telecommunications, access stored communications, access computers, and use optical and listening devices under the new Act if they were satisfied that a person was engaged in, or was reasonably suspected of being engaged in or of being likely to engage in, activities relevant to security, and the exercise of powers under the warrant in respect of the person is likely to substantially assist ASIO in obtaining intelligence in respect of a matter that is important in relation to security.
Under a new electronic surveillance Act, the review added that surveillance device powers should continue to be available for the purposes of integrity operations. But the use of tracking devices should be regulated separately from other electronic surveillance powers in a new electronic surveillance Act, it noted.
Under a new Act, ASIO’s tracking device warrants should be subject to the same test as ASIO’s other electronic surveillance warrants. The review also asked for another review once 5G rollouts are complete to determine whether access to network data has become functionally equivalent to using a tracking device.
A new electronic surveillance Act would require an issuing authority issue law enforcement warrants in writing wherever possible, and record keeping was highlighted as a must by the review.
Under its plan, the Attorney-General can approve variations to warrants while agencies themselves would be granted authority to make minor modifications to warrants.
The review said the development and testing framework that is presently contained in Part 2-4 of the TIA Act should be extended to enable the Attorney-General to authorise the testing and development of electronic surveillance and cyber capabilities, as part of a new electronic surveillance Act.
To summarise, the core definitions in a new electronic surveillance Act should: Provide clarity to agencies, oversight bodies, and the public about the scope of agencies’ powers; ensure that there are no gaps in the types of information that agencies may intercept, access, or obtain under warrants and authorisations; and be capable of applying to new technologies over time.
A new electronic surveillance Act should not require carriers, carriage service providers, or other regulated companies to develop and maintain attribute-based interception capabilities, the review said, noting these companies should continue to be required to develop and maintain the capability to intercept communications sent and received by specified services and devices
Under a new electronic surveillance Act, the Attorney-General should be given the power to require a company to develop and maintain a specified attribute-based interception capability. If such a capability has been developed, agencies should be able to obtain attribute-based interception warrants in cases where it will be practicable for the warrant to be executed.
ASIO and law enforcement agencies should be permitted to use their own attribute-based interception capabilities, in conjunction with service providers, under warrant, the review said. 
Interception warrants issued under a new electronic surveillance Act should be capable of authorising the interception of communications by reference to one or more services or devices that the person — or group — who is the subject of the warrant uses, or is likely to use.
It would ideally also retain specific secrecy offences for the use and disclosure of, and other dealings with, information obtained by, and relating to, electronic surveillance and continue to prohibit the use and disclosure of, and other dealings with, information obtained as a result of unlawful surveillance activities.
Existing use and disclosure provisions in the SD Act and the TIA Act should be replaced with simple, principles-based rules that “maintain strict limitations on the use and disclosure of information obtained by electronic surveillance”. It should also permit the use and disclosure of, and other dealings with, surveillance information for the purpose for which the information was originally and lawfully obtained.
The review added the new electronic surveillance Act should permit agencies to use, disclose, and otherwise deal with surveillance information for a defined range of secondary purposes, and require ASIO, law enforcement agencies, and Commonwealth, state, and territory agencies to destroy records of information obtained by electronic surveillance, as soon as reasonably practicable.
However, the review recommended that ASIO conduct under a new electronic surveillance Act should continue to be overseen by the IGIS and the Commonwealth Ombudsman should have oversight responsibility for the use of Commonwealth electronic surveillance powers by all agencies other than ASIO. The Ombudsman should oversee the compliance of all agencies, again excluding ASIO, with a new electronic surveillance Act.
LOCAL POWERS FOR ASIO
The review’s report was broken down into four volumes totalling 1,317 pages, making 203 recommendations that affect the nation’s intelligence community and its operations.
Among the recommendations was giving ASIO the ability to seek a warrant for the collection of intelligence on an Australian, providing they’re acting on behalf of a foreign power.
This would require, if the request for repeals is not adopted, amendments to the TIA Act and the ASIO Act to enable the Director-General of Security, on a request from the Foreign Minister or Defence Minister, to seek a warrant from the Attorney-General for the collection of foreign intelligence on an Australian person who is acting for, or on behalf of, a foreign power.
Currently, the ASIO Act does not apply an Australian/non-Australian distinction for ASIO’s security intelligence activities. It does, however, restrict ASIO’s ability to obtain foreign intelligence on Australians.
“Preventing some forms of collection when the Australian target is onshore, but enabling it when the target is offshore, seems a disproportionate restriction that costs Australia a significant intelligence dividend,” the review noted.
Those preparing the review claimed this restriction has cost Australia valuable intelligence where an Australian is acting for, or on behalf of, a foreign power, and that it would continue to do so unless the rules are changed.
Delivered earlier this week was the Advisory Report on the Australian Security Intelligence Organisation Amendment Bill 2020, which was prepared by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).
The PJCIS report [PDF] made eight recommendations, with the last being for the Bill to be passed by Parliament, following the implementation of the previous seven requests it made, which included prohibiting ASIO from using a tracking device without an internal authorisation.
RELATED COVERAGE More

If you use a Windows PC, do you really need third-party antivirus software? For that matter, do you need to pay for the protection? The answer to that question was easy a decade ago. Today, the built-in security features in Windows 10, including the Microsoft Defender Antivirus engine, pass the “good enough” test, making the choice less clear-cut.

But for some picky PC users, replacing the basic built-in antivirus protection with software from an outside developer is just natural when setting up a new Windows PC. Even if the difference is small, it’s still an improvement. In a world where ransomware is an existential threat to businesses and banking-related Trojans and phishing attacks can drain your checking account in minutes, you want every edge.The best-known commercial antivirus programs for Windows typically require an annual paid subscription, but some perfectly respectable names also distribute free versions of their software, usually for noncommercial use only. Typically, these programs include the exact same scanning engines and malware definition files, minus most of the fancier features and, crucially, offering minimal support options. You can also expect frequent, occasionally annoying upsell offers as the developers try to convince you to upgrade to a paid plan.All of the programs we list here are completely free and are appropriate for use in a home setting by nontechnical users. We don’t recommend any of these programs for use by businesses, which need quick access to support lines and, in larger businesses, centralized management and monitoring dashboards. These are especially good choices if you’re the unofficial IT admin for friends and family members who can’t always spot a scam or a phishing attempt. 

Hope you like upsell offers

After nearly a quarter-century with its free product in the US market, AVG has developed a solid identity as the go-to name in free AV software. Indeed, the AVG brand remained even after AVG’s parent company was acquired by Avast Software in 2016. Today, both Avast and AVG have free antivirus offerings that use the same engine and are nearly identical in appearance, and everything we say about AVG’s free package applies to Avast Free Antivirus.Both products do well in independent testing, but they’re equally aggressive about monetizing their customers. When you install the free product, you sign up for a barrage of offers trying to convince you to upgrade to a paid plan. The installer even includes an offer to install Google Chrome, which results in a bounty from Google to Avast/AVG. We found the torrent of upsell techniques to be annoying and occasionally downright manipulative, so be warned.The basic virus-scanning tools in either product work exactly as advertised. If you can ignore the frequent upgrade offers, it’s a perfectly good choice.

View Now at AVG

Antivirus and much more (maybe too much)

Avira Free Security includes basic antivirus scanning, as expected, but it also includes a pair of extra modules intended to improve performance and safeguard privacy. The performance tab of the Avira console includes options for cleaning the registry, uninstalling outdated apps, and deleting unnecessary files. Options on the Privacy tab offer to turn off telemetry-related settings and adjust other settings.If you’re the sort of tech-savvy Windows user who approves of that sort of tweaking, go right ahead. On the other hand, we recommend caution if you’re setting up this software on a PC that belongs to a user who’s not technically sophisticated, because in our experience these sorts of modifications can have unintended consequences.

View Now at Avira

The minimalist antivirus alternative

Bitdefender, a privately held company based in Romania, has a solid reputation for its paid security products. Its free offering includes a minimalist interface, with no frills or extras, that’s refreshingly free of upsell offers.Bitdefender Antivirus Free promises “basic antivirus protection for Windows PCs,” and that’s exactly what you get. It takes over the malware scanning and removal functions normally assumed by Microsoft Defender Antivirus but doesn’t include additional features such as ransomware protection, system optimization, or a virtual private network, which are part of the company’s paid plans.If that basic level of protection is what you’re looking for, this is a perfect fit.

View Now at Bitdefender

From Russia, with a few extras

Eugene Kaspersky, who founded Kaspersky Lab, argues that offering free protection to its customers is part of its core mission. Yes, you will see upsell offers in Kaspersky products (including a can’t-miss red “Upgrade package” button on the Kaspersky management console), but they are, by and large, much kinder and gentler than those of their competitors. For the most part, installing the free Kaspersky product doesn’t change your daily experience.Kaspersky’s free product includes two of the more useful extras we’ve seen in this category: a free password manager and a VPN that offers 300 MB of daily use. If someone’s not already using a third-party password manager, this is a good option, and the VPN capabilities are valuable for anyone who wants casual access to a protected network without a lot of fuss.Like so many security software companies, Kaspersky’s headquarters are behind the old Iron Curtain. If that bothers you, good luck finding an alternative that doesn’t have a few Eastern European connections.

View Now at Kaspersky

Manage up to three PCs from the web

Although Sophos Home offers a free tier, you can’t install it directly. Instead, you get a free 30-day trial of Sophos Home Premium first (no credit card required). After 30 days, your installation is downgraded to the free edition and you lose the ransomware protection, exploit mitigation, privacy controls, and other features that are exclusive to the paid package.Using the web-based console means you can monitor activity and even launch a scan remotely. (The paid version allows you to keep track of 10 PCs, but the free version is limited to three devices.) That feature’s handy if you’re trying to keep tabs on PCs belonging to other family members who aren’t part of your immediate household. The free version also includes web filtering tools that allow you to provide warnings or block access to websites that fall into any of more than two dozen categories, with the option to enter exceptions in the case of false positives.

View Now at Sophos Home Free

Is the Microsoft Defender Antivirus included with Windows 10 good enough?

For most people, the built-in security features in Windows 10 are indeed good enough, That includes Microsoft Defender Antivirus, which is tuned on automatically and updates itself continuously. It also includes a built-in firewall (which is on by default) and Microsoft Defender SmartScreen technology, which blocks malicious or unknown apps and files form the web, even when they’re downloaded from a browser other than Microsoft Edge. If you choose to install third-party security software, Windows automatically disables the corresponding Microsoft Defender features.

Do independent antivirus test results matter?

Well, sort of.Security software makers pay for the privilege of participating in these tests, which use a mix of known malware samples, suspicious website behaviors, and other indicators to measure success. The difference between a 98.4% rating and a 100% rating is insignificant, especially considering how many other layers of security can prevent an executable file or script from landing on your desktop in the first place.In addition, a 100% rating means only that the software successfully passed all the challenges it faced in that month’s test cycle. It doesn’t mean you’ll be 100% protected from a malicious download or email attachment.

How much does effective antivirus software cost?

In researching the prices of commercial security software for use on home PCs, on thing we learned is that there’s no such thing as a fixed price. If you check out the price of a product and try to navigate away from the page, chances are you’ll be offered a lower price. You can also find coupons and “limited time” offers that dramatically cut the cost of a year’s subscription to one of these packages.The catch, of course, is that the discount is only good for the first year, and when renewal time comes around, those discounts are much harder to find.The overall prices vary dramatically, depending on which features are included and how many devices the subscription supports.

How we narrowed the fieldWe looked at currently available security software products for PCs running Windows 10, concentrating on those with a well-established reputation and a well-tested infrastructure for delivering updates. We did not consider software designed for use on other platforms, including MacOS and mobile devices.We installed each program in a virtual machine to get a feel for its user experience, but we didn’t do any further testing ourselves. We insisted, instead, on a solid record of test results from two leading software test labs: AV-Comparatives and AV-Test.org.Most importantly, as it says in the title, the software and accompanying services have to be completely free for long-term use, with no expiration date or hidden costs. That filter knocks some well-known, even iconic names in security software off the list, including McAfee, Norton, and Trend Micro.How to choose

Every security software package involves a trade-off between protection and convenience. The free packages we describe here add another layer to that equation, with varying degrees of advertising designed to convince you to upgrade your free program to a paid subscription. Each package also offers a mix of added features, which may or may not be of value to you.In terms of effectiveness against online threats, we don’t believe there’s a profound difference between these packages. That means the best way to choose is to install a package and try it out for long enough to decide whether the interface and the upsell offers are acceptable. If you find a package too intrusive, uninstall and move on to the next candidate on the list.

ZDNet Recommends More