Eliana Willis

More stories

  • 125 Shares179 Views

    in Information Technology

    Meta expanding Facebook security program for government officials, journalists, activists

    Meta announced on Thursday that it is expanding its Facebook Protect service — which provides specialized security services for certain Facebook accounts being targeted by hackers — to more countries.

    ZDNet Recommends

    Best security key 2021

    While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

    Read More

    Nathaniel Gleicher, head of security policy at Meta, said the company will be rolling out Facebook Protect services to more than 50 countries by the end of 2021. Over 1.5 million accounts have already enrolled since the latest expansion began in September. The program was started in 2018 and expanded during the 2020 US election cycle to include human rights defenders, journalists, and government officials who are highly targeted by hackers. Both Google and Microsoft have created similar programs for groups that tend to be targeted by both cybercriminals and government hackers. Gleicher noted that of the 1.5 million accounts that have already signed up, almost 950,000 have two-factor authentication. He added that no action is required unless you are prompted to enroll. Gleicher encouraged everyone to enable two-factor authentication for their Facebook accounts, but he noted that Meta wants to make it as “frictionless as possible” for certain users. In some cases, they require that users have it. “These people are at the center of critical communities for public debate. They enable democratic elections, hold governments and organizations accountable, and defend human rights around the world,” Gleicher said. “What we’ve seen so far is encouraging: in early testing, simplifying our enrollments flows, improving customer support, and mandating Facebook Protect brought adoption rates to over 90 percent in one month for these groups,” Gleicher added. “Over the next several months, we’re going to carefully expand this requirement globally.”

    Facebook will be launching the program in countries like the US, India, Portugal, and others. The news came as Meta released its Adversarial Threat Report, where it detailed a range of threats disrupted by the company’s security team. Meta said it removed malicious networks in Italy, France, Vietnam, Palestine, Poland, Belarus, and China. Facebook, and now parent company Meta, have faced withering criticism for years over lackluster security measures and a general failure to protect certain accounts from malicious activity. Former employees of the company have bashed Facebook for not doing enough to stop — and in some cases actively helping — dictators and others across the world from using the site to attack and harass critics, human rights activists, and others.  More

  • 113 Shares179 Views

    in Networking

    Amazon unveils AWS Cloud WAN for geographically dispersed networks

    Amazon Web Services on Thursday launched a preview of AWS Cloud WAN, a service to build, manage, and monitor global private wide area networks (WAN) using AWS. The service is for organizations that need to manage globally dispersed networks. “Imagine you’re a large global company with dozens of manufacturing sites round the world… — you need to connect them all to AWS,” Amazon CTO Werner Vogels said during his re:Invent keynote address. Cloud WAN provides a central dashboard where customers can define network policies for a global network spanning multiple locations and networks. Customers can specify whether their Amazon Virtual Private Clouds (VPCs) and on-premise locations should connect through AWS VPN or third-party software-defined WAN (SD-WAN) products. Cloud WAN “actually builds it for you in minutes using the big AWS backbone for you, to give you a highly reliable, highly available, software-defined wide area network running over AWS infrastructure,” Vogels said. Customers also segment pieces of their SDN, creating one network, for example, for manufacturing sites and one for offices. These segments would not be able to communicate with each other unless explicitly allowed. The service includes a dashboard for monitoring network health, security, and performance.

    AWS re:Invent More

  • 138 Shares199 Views

    in Information Technology

    Planned Parenthood LA: Ransomware attack leaks health data of 400,000 patients

    Planned Parenthood Los Angeles has sent out breach notification letters to about 400,000 patients after the organization suffered from a ransomware incident between October 9 and October 17.

    ZDNet Recommends

    In a letter shared with the California Attorney General’s office and sent out on November 30, the organization said it identified suspicious activity in its computer network on October 17. “We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation. The investigation determined that an unauthorized person gained access to our network between October 9, 2021, and October 17, 2021, and exfiltrated some files from our systems during that time,” the organization said.”On November 4, 2021, we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”The organization is not offering any identity protection services for those affected, only urging victims to review statements received from health insurers or healthcare providers. They said they planned to hire a cybersecurity firm to help with the incident and improve their cybersecurity systems. Law enforcement was called in to help with the attack, according to CNN, but it is unclear which group is behind the attack. The attack was first reported by The Washington Post, which noted that other branches of the organization had been hacked in the past, both by opportunistic cybercriminals and anti-abortion activists. Despite the vital role healthcare organizations have played in addressing the COVID-19 pandemic, cybercriminals have shown little reticence in attacking hospitals and clinics. Over the last two years, multiple healthcare organizations have announced attacks and breaches involving sensitive patient data, including Social Security Numbers and bank account information. 

    Garret Grajek, CEO of YouAttest, listed off multiple recent healthcare-related cyberattacks, including ones involving the Tardigrade malware, which was released upon vaccine manufacturers. He added that the DeepBlueMagic hackers recently shut down the computer system in a major Israeli hospital. “The PII/PHI that has been stolen from Planned Parenthood go beyond the usual threat actor’s desire for identity data to resell on the dark web. Given that not only was standard identity information stolen, but the theft was coupled with medical background and procedure data, the ramifications of malicious use of this data are easy to imagine,” Grajek said.  “The mechanism has not been revealed, but previous hacks on medical institutions have shown a proclivity to both social and technical hacking methods, given the amount of personnel involved and the difficulty of enacting safe security conduct by all team members.”Ekram Ahmed, spokesperson at cybersecurity firm Check Point, said those affected should be watchful for a hacker technique called ‘Triple Extortion’. “In this tactic, hackers are not only encrypting files and then ransomware, but they go to patients directly, threatening to reveal sensitive information unless paid. Here, over 400,000 patients, which is a staggering number for a data breach, can potentially become victims to Triple Extortion, which could be devastating,” Ahmed said. “Healthcare records are known to be one of the most valuable types of information that hackers look for. The reason being is that cybercriminals can use this data to create false identities, commit health insurance fraud and illegally obtain prescription drugs. Furthermore, stolen patient information can be stolen for top dollar on the dark web. This year, the healthcare sector sees 752 ransomware attacks a week on average, marking a 55% increase compared to last year.”Gurucul vice president Jane Grafton noted that the ransomware attack on Planned Parenthood Los Angeles occurred right as the Supreme Court actively debates a direct challenge to the 1973 Roe v. Wade ruling. “Women’s personal procedures and diagnosis are just that: personal. Having them stolen for potential exposure puts women in the political crosshairs,” Grafton said. “Securing medical records has never been more important. We can only hope that this information stays out of the public eye.”  More

  • 188 Shares169 Views

    in Information Technology

    Facebook's Meta says bad actors are changing tactics as it takes down six more groups

    Meta has detailed takedowns of what it described as six ‘adversarial networks’ from across the world that were using Facebook for behaviour including spreading false information, harassment and trying to have genuine information taken down.It said the groups violated its rules around Coordinated Inauthentic Behavior and two new policies: Brigading and Mass Reporting.

    ZDNet Recommends

    Facebook defines Brigading as networks of people work who together to mass comment, mass post or engage in other types of repetitive mass behaviors to harass others or silence them. Mass Reporting is when people work together to mass-report an account or content to get it incorrectly taken down by Facebook.SEE: Facebook: Here comes the AI of the MetaverseMeta said it had removed a network in Italy and France for Brigading: “We removed a network of accounts that originated in Italy and France and targeted medical professionals, journalists, and elected officials with mass harassment,” said Nathaniel Gleicher, Meta’s Head of Security Policy in its Adversarial Threat Report. “Our investigation linked this activity to an anti-vaccination conspiracy movement.”In Vietnam, Meta targeted networks attempting to use mass reporting, via duplicated but legitimate accounts, to have accurate news reports criticizing the government taken down. “The network coordinated to falsely report activists and other people who publicly criticized the Vietnamese government for various violations in an attempt to have these users removed from Facebook,” explained Gleicher. 

    Meta also removed four networks from Palestine, Poland, Belarus, and China for violating its policy on Coordinated Inauthentic Behavior: each of these networks targeted people in multiple countries at once. The report also notes the shifting environment Facebook faces, what it deems to be a security threat, and how it responds to them.”In this environment, we build our defenses with the expectation that adversarial groups will not stop, but rather adapt and try new tactics to persist,” wrote Gliecher with other Meta security leads. “Our focus has been to study malicious behaviors and add new layers of defense to our arsenal to make sure we prevent and address potential gaps from multiple angles. Our goal over time is to make these behaviors more costly and difficult to hide, and less effective. It is a significant, ongoing effort that spans teams, departments and time zones across Meta.”Facebook has in the past been criticized for its slow response to groups using its platform to spread disinformation. This report follows claims by a former employee about the negative impact of Instagram on the wellbeing of some young users.Meta says it will share its findings with industry peers, independent researchers, law enforcement agencies, and policymakers.  More

  • 163 Shares169 Views

    in Information Technology

    Hackers are turning to this simple technique to install their malware on PCs

    Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments.  Cybersecurity researchers at Proofpoint say advanced persistent threat (APT) groups working on behalf of Russian, Chinese and Indian interests are using rich text format (RTF) template injections. 

    ZDNet Recommends

    While the use of RTF text file attachments in phishing emails isn’t new, the technique being used by hackers is easier to deploy and more effective because it’s harder for antivirus software to detect – and many organisations won’t block RTF files by default because they’re part of everyday business operations. SEE: A winning strategy for cybersecurity (ZDNet special report) The technique is RTF template injection. By altering an RTF file’s document-formatting properties, it’s possible for attackers to weaponise an RTF file to retrieve remote content from a URL controlled by the attackers, enabling them to secretly retrieve a malware payload that gets installed on the victim’s machine.  Attackers can use RTF template injections to open documents in Microsoft Word, which will use the malicious URL to retrieve the payload while also using Word to display the decoy document.   This approach might require luring users into enabling editing or enabling content to begin the process of downloading the payload, but with the right form of social engineering, especially off the back of a convincing lure, a victim can be tricked into allowing this process to take place. 

    It isn’t a complex technique, but because it is simple and reliable to use, it has become popular with several nation-state hacking operations, which can deploy RTF attacks instead of other, more complex attacks, but still get the same results.  Despite the “Advanced” designation, if APT actors are doing their job well, they will exert the least amount of resources and sophistication necessary to gain access to organisations, said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint.  “This prevents actors from exposing more sophisticated tools if discovered, resulting in a greater operational disruption for threat actor groups to replace technical capabilities when discovered,” she added.  According to researchers, the earliest known instance of an APT group using RTF template injections in a campaign was in February 2021. These injections were undertaken by DoNot Team, an APT group that has been linked to Indian state interests.  Since then, several other state-linked hacking operations have also been seen deploying RTF injections as part of campaigns. These include a group Proofpoint refers to as TA423, also known as Leviathan, which is an ATP group that is linked to China, which has used RTF attacks in several campaigns since April.   SEE: Dark web crooks are now teaching courses on how to build botnets One of these campaigns took place in September and targeted entities in Malaysia related to the energy exploration sector – and came with specifically designed phishing emails to lure targets into inadvertently executing the payload.  Then in October, researchers spotted Gamaredon – an offensive hacking group that has been linked to the Russian Federal Security Service (FSB) that uses RTF template injection documents in attacks, which impersonated the Ukrainian Ministry of Defence.  While only a handful of APT groups have attempted to deploy RTF-based attacks so far, researchers warn that the technique’s effectiveness combined with its ease of use is likely to drive its adoption further across the threat landscape – and this could mean campaigns leveraging this technique are adopted by financially motivated cyber criminals.  “The ease of weaponisation in this technique will also likely attract low-end and low-sophistication actors, expanding the presence of this technique in the wild, including crimeware actors,” said DeGrippo. 
    MORE ON CYBERSECURITY More

  • 88 Shares149 Views

    in Robotics

    A robot is now delivering 7-Eleven snacks

    Nuro

    Innovation

    Autonomous delivery company Nuro and 7-Eleven just launched what they’re billing as the first autonomous commercial delivery service in the state of California. The launch capitalizes on Nuro’s receipt of a deployment permit from the California DMV, the first for an AV company.Like most autonomous delivery testbeds and deployments, the rollout is decidedly modest, but it could portend a near future in urban and suburban areas. Residents of Mountain View, CA, can now order items through 7-Eleven’s 7NOW delivery app and receive them via Nuro’s autonomous vehicles. The new service will begin with Nuro’s self-driving Priuses and later introduce its R2, the company’s occupantless autonomous delivery vehicles custom built to transport products and goods.”Our first foray into autonomous delivery was in 2016 when 7-Eleven became the first retailer in the U.S. to make a drone delivery to a customer’s house,” says Raghu Mahadevan, 7-Eleven Chief Digital Officer. “Since then, we haven’t stopped looking for ways to redefine convenience for our customers inside and outside the four walls of our stores. Fast forward to 2021, and we are pushing the boundaries of innovation even further to provide customers with the first commercial autonomous delivery service in California. I can’t wait to see where we go from here.”Overall, the market for autonomous mobile robots (AMRs) and autonomous ground vehicles (AGVs) is forecasted to generate over $10bn by 2023, according to Interact Analysis. That prediction relies on data from before the COVID-19 pandemic. Enterprising companies like Starship Technologies have launched pilot programs in controlled access spaces, such as college campuses. Delivery robot developers, in particular, are capitalizing on touchless fulfillment trends associated with the pandemic.In December 2020, Nuro achieved a milestone by becoming the first autonomous vehicle company to receive a deployment permit from the CA DMV. The company seems to be rapidly pivoting from development into deployment, particularly in the southwest. Nuro recently announced a $40 million investment to develop its two newest facilities — an end-of-line manufacturing facility and a world-class closed-course test track. The company has already partnered with some of the country’s biggest brands, including Kroger and CVS.”Residents in the state of California — a major hub of innovation — have never been able to experience the commercial delivery of goods by an autonomous vehicle. Nuro is teaming up with 7-Eleven to change that,” says Jiajun Zhu, Nuro CEO and Co-Founder. “We’ve always wanted to bring Nuro’s autonomous delivery to our local community and to our neighbors. We couldn’t be more excited to do this with an iconic neighborhood store like 7-Eleven in our hometown, Mountain View.” More

  • 113 Shares149 Views

    in Robotics

    2022 will be the year of the pizza-making robot

    A robot-powered mobile pizzeria is set to launch in Los Angeles in 2022. We’ve heard this idea before — pair robot-created pizza with mobile delivery — and it ended in disaster. Will this version take off?

    Innovation

    It just might, and the timing could be a key ingredient. It’s often the case that being first to the party isn’t advantageous. Zume Pizza, once reportedly valued at a somewhat ludicrous $2+ billion, learned that lesson the hard way, closing up its robotic pizza business in early 2020 and laying off more than 100 employees.But where Zume’s lofty ambitions of becoming an efficiency-obsessed logistics enterprise, something akin to the Amazon of pizza, led to a burn rate that topped $10 million per day, new outfits and old favorites are taking a more measured approach to technology-enhanced pizza and doing so in a post-COVID-19 pandemic environment that’s shifted the quick-serve industry on its access. That includes developers like Piestro, which makes a made-to-order pizza vending machine, and even sector staples like Little Caesars, which recently patented a pizza-making robot.The latest example is the robotics-powered mobile pizza restaurant, Stellar Pizza, which recently announced it will launch in the emerging tech hub of Los Angeles in Spring 2022. The company is the brainchild of former SpaceX engineer turned CEO Benson Tsai. SpaceX alums make up the engineering team, as well, and the recipes are partly the creation of former SpaceX Executive Chef and Director of Culinary Services Ted Cizma. The idea is to use cutting-edge technology and advanced robotics to revolutionize pizza prep and delivery. With its new pizza machine, Stellar Pizza can create a fully baked pizza in under five minutes at a production rate of a pizza every 45 seconds. The robot is part of a food truck concept that can deliver a larger quantity of fresh, gourmet pizzas more consistently than its brick-and-mortar counterparts. Sound familiar?The business model isn’t far off from Zume’s, except that Zume’s ambitions caused it to topple. Zume attracted $375 million from SoftBank’s Vision Fund and began to scale with great technology before having a viable business plan. The company also missed the biggest boon to the food delivery sector since wax-lined paper containers: a global pandemic that in one swoop eliminated in-person dining for much of the world for a long stretch and attuned consumers to an obsessiveness with sterile preparation practices.Enter the robots. Developers have been doing backflips, and early entrants into the automated food prep space, including the creators of Flippy, the burger-making robot, are hitting an adoption stride that would have seemed unlikely not long ago. Salad-making vending machines and autonomous ground robots delivering takeout are now a reality, albeit a nascent reality confined for the time being to smaller testbeds. In that light, Zume’s flop in January 2020 might seem a bit like that video of the marathon runner collapsing just before the finish line. 

    For Stellar, the robotic pizza-making process starts with a freshly prepared ball of raw pizza dough, which gets pressed and shaped into a round pizza crust. Then, house-made sauce and fresh toppings are added. Lastly, the raw pizza is inserted into one of four high-temperature custom-designed ovens to bake to perfection. In other words, it’s exactly how you’d make a pizza if you were a human; a robot just does it. There’s nothing particularly unsettling or unexpected in the idea of automating a repeatable, high-output process. Frankly, the guy with flour all over his arms twirling a pie at a creosote ceiling is a bigger head-scratcher. That’s why robotic pizza production is a good idea, one that’s bound to take off sooner rather than later. Whether Stellar — or any company — emerges as a revolutionizing player in a sector that seems to be doing pretty well remains to be seen. Pizza production will almost certainly benefit from new technology. But the pizza game probably doesn’t need a new unicorn.  More

  • 175 Shares189 Views

    in Information Technology

    Mozilla properly fuzzed NSS and still ended up with a simple memory corruption hole

    When it comes to fuzzing, Mozilla has plenty of cred, and has been doing so for some time, and yet, its prized Network Security Services (NSS) library was busted by Google Project Zero’s Tavis Ormandy quite easily. In a blog post well worth your time, entitled This shouldn’t have happened, Ormandy found that if NSS was made to create an ASN.1 signature bigger than the maximum 16384 bits it expected, overwriting of memory would occur. “What happens if you just … make a signature that’s bigger than that? Well, it turns out the answer is memory corruption. Yes, really,” Ormandy wrote. “The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data. The bug is simple to reproduce and affects multiple algorithms.” Given the designation CVE-2021-43527, Mozilla said in its advisory that Firefox was not impacted, but the likes of Thunderbird, LibreOffice, Evolution, and Evince were “believed to be impacted”. In Mozilla’s defence, Ormandy said it has a world-class security team, and has been leading the way in fuzzing, but thanks to the modular design of NSS, the library did not have end-to-end testing as each part was fuzzed independently. This was compounded by the fuzzers having a limit of 10,000 bytes on input while NSS has no such limit. “This issue demonstrates that even extremely well-maintained C/C++ can have fatal, trivial mistakes,” Ormandy wrote.

    The hole has been patched in versions 3.73.0 and 3.68.1 of NSS. Related Coverage More