Subterms
Image: AerialPerspective Images/Getty Images The US Department of Commerce’s technical standards organization NIST has nominated the Ascon group of cryptographic algorithms for protecting small devices and information transmitted to and from IoT devices. NIST will later this year publish the “lightweight cryptography” standard after picking the Ascon family for the task. Also: What is the […] More
Image: Morsa Images/Getty Images The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint advisory warning about an ongoing ESXiArgs ransomware campaign targeting unpatched and out-of-service or out-of-date versions of the VMware ESXi hypervisor for virtual machines (VMs). According to CISA, 3,800 VMware ESXi servers have been compromises globally, potentially […] More
Image: Getty/Georgijevic Email is ubiquitous in the workplace, meaning that — whether we like it or not — it’s still the key method of communication many of us use for getting things done. Unfortunately, cyber criminals and scammers are highly aware of this fact, and try to exploit our reliance on email by distributing business email […] More
Singapore is officially turning off its COVID-19 contact tracing system amidst plans to further ease travel restrictions, as the country exits the “acute phase” of the pandemic. Plans also are in place to retrieve millions of Bluetooth-enabled wearables, distributed nationwide to detect and monitor user proximity, so these can be “refurbished and recycled” for future use when needed. Singapore’s Health Ministry said Thursday that the government had been progressively rolling back the country’s TraceTogether and SafeEntry platforms over the past months, as the global pandemic situation stabilised. Introduced in March 2020, the TraceTogether app tapped Bluetooth signals to detect other participating mobile devices in close proximity, allowing them to identify those who had been in close contact when needed. Data would be captured, encrypted, and stored locally on the user’s phone for 21 days and, when needed in contact tracing, uploaded to the Health Ministry for review.SafeEntry was used as a digital check-in system, gathering data to facilitate contact tracing of individuals and the locations they visited when they tested positive for COVID-19. QR codes were displayed at the entry and exit points of venues, such as supermarkets and shopping malls, which visitors must scan and input their name, national identification number, and mobile number. With Singapore no longer requiring infected individuals to submit TraceTogether and SafeEntry details, the Health Ministry said all identifiable data collected via the two platforms had been wiped from its servers and databases. However, TraceTogether data related to a murder investigation in May 2020 would be retained indefinitely, the ministry said. It noted that this was needed in serious cases where legal applications might be made to challenge convictions or sentences years after the case had concluded, and local law enforcement might need to disclose the data.And while Singapore is readying to exit the acute phase of the pandemic, moving its current DORSCON level from yellow to green from February 13, the country’s contact tracing infrastructure must be ready for reactivation when needed in future should a new variant emerged, the Health Ministry said. “For this purpose, registration details such as name, business UEN (Unique Entity Number), and mobile number will be retained in the system, to minimise the steps taken by individuals and companies to set up and re-register for TraceTogether and SafeEntry, should it be needed,” it noted. It added that residents and businesses can uninstall their TraceTogether and SafeEntry apps, though, these still will be available on Apple’s App Store, Google Play Store, and Huawei AppGallery, for future activation if needed. The public can return their TraceTogether wearables between February 13 and March 12 via 108 community centres located across the island. These will be refurbished and recycled for distribution when needed in future, should contact tracing be reactivated, according to the Health Ministry. At its peak, TraceTogether was used by more than 90% of the local population, but a public outcry erupted when it was revealed the police could access the contact tracing data for criminal investigations, contradicting previous assertions this information would only be used when the individual tested positive for the coronavirus. It prompted the government to pass the COVID-19 (Temporary Measures) (Amendment) Bill, detailing the scope of local law enforcement’s access to contact tracing data. Under the Bill, public sector agencies including the Police can no longer collect and access such data once the TraceTogether and SafeEntry systems are deactivated, with the exception the data is used in criminal investigations and court proceedings. Along with its move to DORSCON Green from February 13, Singapore will no longer require non-fully vaccinated travellers to show proof of a negative pre-departure test. All travellers, however, still need to submit a health declaration via the digital SG Arrival Card upon entering the country.RELATED COVERAGE More
Image: Getty/Morsa Images Google Chrome users who are still running Windows 7 or Windows 8 could be left vulnerable to cyberattacks because they will no longer be able to update to the latest version of the browser. The latest version of Google Chrome (Chrome 110) provides users with protection against several known cybersecurity issues, including […] More
Singapore still is seeing more cases of online crimes, with phishing and e-commerce scams amongst the top five most common tactics used. The country saw a 25.2% climb in scams and cybercrimes last year, hitting 33,669 in reported cases, up from 26,886 in 2021. Scams accounted for the bulk, cheating victims of SG$660.7 million ($501.9 million), a 4.5% increase from SG$632 million in 2021, according to the latest figures from the Singapore Police Force (SPF). Phishing, e-commerce, and investment scams were amongst the top five most common tactics used against victims, making up 82.5% of the top 10 types of scams last year. Phishing cases topped the list, with 7,097 reported cases in 2022, up 41.3% from 2021. In such incidents, scammers typically used email and text messages or phone calls to hoodwink their targets, during which they would impersonate officiates or trusted entities to persuade victims to divulge their personal details, such as credit card or bank account information. Scammers then would use the data to carry out unauthorised transactions. Messaging, social media, and online shopping platforms were the most popular channels scammers used to contact their victims. WhatsApp alone was tapped for 56% of scam cases in which scammers used messaging platforms, while 36.1% opted for Telegram. As for social media, Facebook was the most commonly used by scammers, accounting for 59.6% of incidents last year. Another 34.2% chose Instagram. With more consumers now spending online, it should come as no surprise that e-commerce scams saw a spike of 74.5% last year, where losses climbed a whopping 261% to SG$21.3 million. Such scams typically saw victims not receiving their goods and services after payments were made. Popular online marketplace Carousell accounted for 89% of e-commerce scam cases. According to the SPF, young adults were the most likely scam victims, with those aged 20 to 29 and 30 to 39 making up 26.7% and 26.8% of all victims, respectively. Scammers typically turned to social media, messaging, and online shopping platforms as modes of contact, where the majority of victims in these age groups falling prey to job and phishing scams. To better combat growing cases, Singapore last March set up the Anti-Scam Command (ASC) to unify key resources into a central unit, including scam investigation, incident response, intervention, and enforcement. It comprises the anti-scam centre and various investigative and enforcement branches within the Police. Last year, the ASC conducted more than 11,100 interventions, during which targeted victims were alerted to the scams. the SPF said. In May 2022, the ASC also worked with local bank DBS to recover $11.5 million, marking the largest amount recovered in a single scam. Victims in the incident were involved in a business email compromise, in which scammers claimed to be the victims’ clients. Victims were tricked into making transactions totalling $15.5 million to DBS accounts.Local mobile carriers also were roped in to stem scam cases, shutting down mobile lines the ASC had identified as those used by scammers. More than 6,500 mobile lines were terminated last year and more than 22,800 WhatsApp numbers were believed to be used for scams, according to SPF.It added that the ASC worked with social media and e-commerce platform operators to remove suspicious accounts and advertisements. Singapore this month began tagging SMS messages from organisations not registered with the local ID registry as spam. The move was the latest in ramped up efforts to combat online scams, with further measures being explored such as giving mobile users the option not to receive international SMS messages or calls.The government over the past year had urged the need for shared responsibility in preventing online scams, following a massive phishing scam involving OCBC Bank customers that resulted in losses totalling SG$13.7 million ($10.18 million). Several measures also were introduced to beef up local banking and communications infrastructures, including a “kill switch” banks must provide to enable customers to suspend their accounts in a suspected breach.RELATED COVERAGE More
Guido Mieth/Digital Vision via Getty Images Google on Tuesday announced it’s expanding Chrome’s “virtual credit card” safety feature to American Express customers. The update is one of several the tech giant is rolling out as part of Safer Internet Day. Launched last year for Capital One cardholders, virtual cards create unique numbers for online transactions. […] More
Image: Getty Images/Morsa Images Hypervisor maker VMware has warned that attackers are using previously disclosed vulnerabilities in its ESXi hypervisor and components to deploy ransomware. The company believes the vulnerabilities being exploited are not zero-day flaws, meaning the attackers are exploiting previously discovered bugs in the hypervisor. In other words, the attacks exploit instances of […] More
