Information Technology

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Image: Getty Images
The United States Treasury has hit cryptocurrency mixing service Blender.io with sanctions, preventing transactions with US persons, off the back of it providing services for the attackers that made off with $600 million from the Ronin sidechain in March. Last month, Treasury said the theft was conducted by the North Korean Lazarus group, which it first sanctioned in 2019, and updated its listed cryptocurrency addresses at that time, and again on Friday. After the attack, Blender was used to process $20.5 million. “For the first time ever, Treasury is sanctioning a virtual currency mixer,” Under Secretary of the Treasury for terrorism and financial intelligence Brian Nelson said. “Virtual currency mixers that assist illicit transactions pose a threat to US national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.” Treasury added that Blender was also involved in laundering for Russian-linked ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab. “Blender.io is a virtual currency mixer that operates on the Bitcoin blockchain and indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties. Blender receives a variety of transactions and mixes them together before transmitting them to their ultimate destinations,” Treasury said. “While the purported purpose is to increase privacy, mixers like Blender are commonly used by illicit actors.” The sanctions mean any Blender or majority Blender-owned property that is in the US must be reported, and all transaction by Americans within the US are blocked unless a licence to do so is issued. The sanctions cover funds, goods, and services. The attack on the Ronin sidechain garnered 173,600 in Ethereum and 25.5 million in US coin, which was only noticed a week later. Ronin was announced in mid-2020 by play-to-earn game Axie Infinity created by Vietnamese blockchain game maker Sky Mavis as a way to overcome Ethereum network congestion. For the attack to occur, the attacker gained control of the four validators operated by Sky Mavis, and one operated by Axie DAO. In a post mortem, the company conceded it did not have a proper tracking system in place. The replacement system will involve human interaction for large amounts, it said. Through a combination of spear-phishing, and an allowlist on the Axie DAO validator not being removed, Lazarus was able to take control of the sidechain. The sidechain is having its number of validators increased, with a goal of 21 in three months, and a long-term one of 100 validators. It added the Ronin bridge should reopen in mid to late May, and that all user funds were being restored.
Image: US Treasury
Related Coverage More

Of all the situations you might find yourself in when using a VPN, perhaps the one where your VPN is at its most mission critical is when you’re traveling. When you’re away from home, you’re dependent on whatever communication infrastructure exists where you are. That might be a solid, secure infrastructure, or it might be one that’s insecure, or even one designed by the host government where you’re located to siphon up every last bit of information about you that it can. VPNs create secure tunnels that should allow you to get back to your home network resources, whether that’s a public cloud in your home country or your corporate server. They protect your ability to conduct whatever financial transactions you need to make while traveling. They may even protect your identity from stalkers or local organized crime that might be looking for an executive to kidnap and ransom. Keep in mind that VPNs are illegal in some countries, precisely because the host government wants to snoop on all traffic. Make sure you check into local laws before you do something that may be frownNed upon, possibly with quite serious consequences. Also: Take home along: How a VPN can help travelers connect wherever they go Sure, VPNs can also let you stream your movies from your home services while away, but they serve a much more serious purpose when on the road. Choose carefully.

ExpressVPN

Best overall VPN for travel

Locations: 160Simultaneous Connections: 5 or unlimited with the router appKill Switch: YesPlatforms: A whole lot (see the full list here)Logging: No browsing logs, some connection logsTrial/MBG: 30 daysWith 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.A key advantage of ExpressVPN is the private DNS it runs on every VPN server when it comes to travel. That means that when you’re trying to access Gmail, for example, ExpressVPN’s DNS will give you an actual IP address for Gmail. If you’re relying on your local host network’s DNS, you have no idea what actual IP address you’re being sent to. It looks like Gmail, but is it really? Or did you just give a hostile government or organized crime your Gmail credentials? Make use of ExpressVPN’s private DNS.Also:ExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. Platforms include Windows, Mac, Linux, Routers, iOS, Android, Chromebook, Kindle Fire, and even the Nook device. There are also browser extensions for Chrome and Firefox. Plus, ExpressVPN works with PlayStation, Apple TV, Xbox, Amazon Fire TV, and the Nintendo Switch. There’s even a manual setup option for Chromecast, Roku, and Nvidia Switch. While you’re unlikely to use all these platforms while traveling, it’s nice to know ExpressVPN will be useful when you’re back home as well.While the company does not log browsing history or traffic destinations, it does log dates connected to the VPN service, the amount transferred, and the VPN server location. We do want to give ExpressVPN kudos for making this information very clear and easily accessible.Exclusive offer: Get 3 extra months free.Pros:Multi-platform support160 serversKill switchUnlimited connections with appCons:Keeps some data logs

Surfshark

Great VPN at an affordable price

Servers: 3,200+Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, Linux, iOS, Android, Fire TV, Firefox, ChromeLogging: None, except billing dataTrial/MBG: 30 dayAt two bucks a month for a two-year plan (billed in one chunk), Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The leak protection can be a big deal when traveling, especially if you want to hide the fact that you’re using a VPN from either the local Internet service provider or the host government.The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.Surfshark also offers a private DNS capabilities, as well as what they call NoBorders mode. This feature is designed to enable you to access sites regardless of restrictive border connections. Be careful, though. Countries restricting access tend to frown on your bypassing those restrictions.Also: Surfshark VPN review: It’s cheap, but is it good?Surfshark’s performance was higher than NordVPN and Norton Secure VPN but lower than ExpressVPN and IPVanish. That said, Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.Pros:Unlimited connectionsOver 3,200 serversNo data logs except billing infoCons:Pricey monthly payment

NordVPN

Consistent performance in many locations

Servers: 5,517Simultaneous Connections: 6Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Android TV, Chrome, FirefoxLogging: None, except billing dataTrial/MBG: 30 dayNordVPN is one of the most popular consumer VPNs out there. We found that NordVPN performance was generally consistent across a wide range of test situations. This means that if you’re traveling, you’re likely to be able to count on NordVPN performing about as well, no matter where you’re connecting from and to.In our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN, which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. The company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce.Also: Performance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. Overall, a solid choice, and with a 30-day money-back guarantee, worth a try.Pros:Multi-platform supportTOR capableDual encryption optionsCons:Slow ping speedsSome plans are pricey

IPVanish

Solid VPN with servers in 52 countries

Servers: 1,900 Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, plus routers, Fire Stick, and KodiLogging: None, except billing dataTrial/MBG: 30 dayIPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short of doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.Also: My in-depth review of IPVanishIts UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so you can know what to expect no matter what you’re connecting to. The company also provides an excellent server list with good current status information. This list can prove hugely helpful when on the road because it will give you the option to tune which service and server you choose based on your current location.There’s also a raft of configuration options for the app itself. In terms of performance, the connection speed was crazy fast. Overall, the transfer performance was good. However, it wasn’t able to hide from a security perspective that I was connecting via a VPN — although the data transferred was secure. Inability to hide being on a VPN could be problematic for traveling, which is why this is the last choice in our list of recommendations. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN. The company also has a partnership with SugarSync and provides 250GB of encrypted cloud storage with each plan.Pros:Multi-platform support1,900 serversEncrypted cloud storage includedCons:Doesn’t hide the fact you’re using a VPN

What is the best VPN for travel?

We found the best VPN for travel is ExpressVPN. With servers in 94 countries and the best performance in over 150 locations, ExpressVPN offers top-notch security features and a wide range of supported platforms.VPNPriceNo. of connectionsLoggingExpressVPN$13/month5, or unlimited with router appSome connection logs, no browsing logsSurfshark$13/monthUnlimitedNone except billing dataNordVPN$5/month6None except billing dataIPVanish$4/monthUnlimitedNone except billing data

Which travel VPN is right for you?

The travel VPN that best fits your needs is going to provide a balance between security and speed. Some VPNs prioritize encryption and other security measures over ping speeds, and while this won’t affect your web browsing or streaming speeds too much, it’s still a factor to consider.Choose this…If you need…ExpressVPNDNS alerts for your most-visited sitesSurfsharkUnlimited connections across multiple platformsNordVPNConsistent, world wide performance across multiple devices and platformsIPVanishA fast and reliable VPN in over 50 countries

How did we choose these VPNs for travel?

We looked at a list of different metrics to decide which were the top picks for travel VPNs, including: ping speeds, encryption, platform compatibility, and the number of servers each brand has worldwide. We also made sure that each of our picks offered the best possible security, meaning that your data will not be visible at all while using the program.

How can I find out what the VPN rules are for the countries I’m visiting?

There are a number of sources. First, it’s always a good idea to reach out to your VPN vendor. They often have a good feel for the countries their services operate in. If you’re an American citizen, contact the US State Department. Foggy Bottom often lists travel advisories for US citizens, and they have foreign service officials who can provide general guidance. Check the travel advisories web page. Your nation’s foreign ministry may have a similar service if you’re outside the US.

Is a VPN all I need to be protected while traveling?

No. No way. VPNs can, generally, protect your data while it’s in motion. But if your computer or phone is seized (whether or not it’s encrypted), it’s possible governments can access your data. Some governments might simply hold your devices for whatever reason they deem useful. Online services you access in-country might have less protection than the very same services in your host country. And, of course, there are all the normal travel security issues, like being careful what you spend, how you handle cash, who you trust, and so on that could cause risk while traveling.

If my hotel has a wired connection, do I still need to use a VPN?

Yes. Don’t assume any network endpoint is safe when traveling. Always make sure your connections are encrypted when communicating from any network connection.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

The Lazarus hacking group is one of the top cybersecurity threats from North Korea, recently catching the attention of the US government for massive cryptocurrency heists. Now researchers at NCCGroup have pieced together a few of the tools and techniques Lazarus hackers have been using recently, including social engineering on LinkedIn, messaging US defense contractor targets on WhatsApp, and installing the malicious downloader LCPDot. 

NCCGroup’s findings build on what’s already known about Lazarus hackers. The group, and its sub groups, are known to have used LinkedIn for tricking targets into installing malicious files such as Word documents with hidden macros. SEE: Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attemptsIn February, researchers at Qualys found the group impersonating defense contractor Lockheed Martin, using its name as a lure for job opportunities in laced Word documents. The documents contained malicious macros to install malware and relied on Scheduled Tasks to persist on a system.         Lazarus historically has used LinkedIn as a preferred social network to contact professionals with job offers. In 2020, researchers at F-Secure found the group attempting to recruit a system administrator with a phishing document sent to the target’s LinkedIn account regarding a blockchain company seeking a new sysadmin. In April, US Treasury linked Lazarus to a $600 million heist in March from the blockchain network behind the play-to-earn game Axie Finity. That same month, the FBI, the Cybersecurity and Infrastructure Security Agency, and Treasury warned that Lazarus was currently focusing on exchanges in the blockchain and cryptocurrency industry, using spear-phishing campaigns and malware to steal cryptocurrency. NCCGroup found that the recent use of fake Lockheed Martin profiles to share job ads with targets relied on documents hosted on a domain that attempted to mimic that of a US-based recruitment site for government and defence vacancies.To bypass Microsoft’s recent efforts to restrict the use of macros in Office documents, the website hosted a ZIP file containing the malicious document that was used to connect with Lazarus’ command and control server. “In order to subvert security controls in the recent changes made by Microsoft for Office macros, the website hosted a ZIP file which contained the malicious document,” NCCGroup noted. Microsoft in April introduced new Office default behavior that blocks VBA macros obtained from the internet in documents on devices running Windows. One security expert called it a “game changer” because of the prevalence of macro malware. SEE: The Emotet botnet is back, and it has some new tricks to spread malwareNCCGroup also obtained a sample of Lazarus’ variant of LCPDot, a downloader recently analysed by Japan CERT, which attributed it to Lazarus. After registering a compromised host with the command and control server, the downloader receives another payload, decrypts it, and then loads it into memory. NCCGroup lists several domains that would indicate an organization has been compromised by hackers.Google in March detailed a wide-reaching campaign by Lazarus-related groups targeting hundreds of people across the media and tech sectors with job offers in emails impersonating recruiters from Disney, Google and Oracle. Blockchain analysis firm Chainalysis estimated North Korean hackers stole $400 million in cryptocurrency in 2021. More

Cyber criminals are stealing millions by luring victims into investment scams and then using remote screen-sharing software to steal money, bank details and other personal information. According to research by the Financial Conduct Authority (FCA), the number of screen-sharing scams has almost doubled over the course of a year – and almost half of investors wouldn’t be able to identify that they’re being duped by one. That’s resulted in over £25 million in losses in the UK alone. Many of the attacks target potential investors – including those looking to invest in Bitcoin and other cryptocurrency – because if cyber criminals can successfully trick these high-value targets into falling for scams, they can steal significant amounts of money in one go.

ZDNet Recommends

Of those surveyed by the FCA, 91% said they would never share their PIN with a stranger, but 85% wouldn’t think a request by a website to use or download software could be a warning sign that someone was seeking to gain illegal access to personal information on their computer or smartphone. That’s providing scammers with opportunities.  SEE: How to keep your bank details and finances more secure onlineIn one case, a victim clicked on an online advertisement for Bitcoin and then later received a phone call from someone claiming to be a financial advisor who offered to help her through making her first investment in cryptocurrency. The ‘advisor’ asked her to download remote desktop screen-sharing software, which provided the scammers with the ability to access financial details and other sensitive information on her computer. The victim lost more than £48,000 after scammers raided her bank account, her pension and used her stolen details to fraudulently apply for loans. The FCA says this is just one of thousands of cases that have been reported to its Consumer Helpline, where cyber criminals have used screen-sharing platforms such as Teams, TeamViewer and Zoom to trick users into handing over remote control of their computers. Not only is this a financial risk due to loss of money, it’s also a privacy risk as scammers could also use that access to steal usernames and passwords for a variety of online accounts. “Once scammers gain [access] to your screen, they have complete control. That means access to your sensitive banking and investment information, the freedom to browse at their leisure, and the ability to take whatever details they want,” said Mark Steward, executive director of enforcement and market oversight at the FCA. “It can affect any investor, no matter how experienced. It’s incredibly difficult to get money back once lost in this way,” he added. The best way to avoid falling victim to screen-sharing scams is to not share your screen with any ‘investment’ advisors who ask you to, because it’s a big indicator that they’re a scammer. “Legitimate firms will not ask you to do this,” said Steward. The FCA also runs a warning list that people can check to see if the firm they’re dealing with isn’t authorised or registered by the FCA, while it also lists firms that are known to be running scams.  MORE ON CYBERSECURITY More

It’s time for another installment of Ask ZDNet. In the mailbag this week: A crash course on TPM technology, the fastest way to get to Inbox Zero, and the best way to move large files from one PC to another. Got a question for us? Send it to ask@zdnet.com. Questions can cover just about any topic that’s related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice… well, you get the idea. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think will be of interest to other readers. Please include your real email address, so we can ask follow-up questions, if necessary. We promise not to use your email address for any other purpose.  Ask away. 

I have more than 100,000 unread messages in my Gmail inbox. That’s not good, is it?

Sometimes I just stare at the number of unread messages in my inbox and wonder how it’s even possible to get to this place. Other times, I feel overwhelmed. How do I take back control?

We feel your pain. In fact, we can quantify it. If you were determined to work through a stack of 100,000 Inbox messages, processing each one in less than 10 seconds, it would take you more than 30 eight-hour days in which you would not get any other work done. That dreary task would make an assignment at the Lumon Corp. look like bliss. (Note: Severance is a dark, dystopian fantasy, not a career goal.) And, of course, during those days while you were processing that enormous backlog, you would receive thousands more messages.

The answer is simple: Declare email bankruptcy. You will feel so much better when you simply make those unread, unprocessed, mostly irrelevant emails just vanish into thin air so you can start fresh. On Gmail, that means going to your inbox in a web browser and clicking the Select All checkbox at the far left of the toolbar, just below the Gmail logo; then click the link just above the message that says “Select all nnn conversations in Inbox,” where nnn is the number that is making you feel discomfort. (That last step is crucial; you don’t want to be processing messages 50 or 100 at a time.)

ZDNet Recommends

The best email hosting services

Are you ready to use a professional address and exert control over your business communications? Then you’ll want to sign up with an email hosting provider.

Now click the Archive button, just to the right of the Select All checkbox. It might take a while, but eventually you’ll end up with Inbox Zero.And now that you’ve reached Inbox Zero, you can begin learning how to filter out unwanted messages and train Gmail to recognize which messages are Important. (That’s what the little yellow flag to the left of a message means. Use it to train Gmail to recognize which messages you consider important.) Use the Important view to make sure you’re responding to high-priority messages from your boss or co-workers or (ahem) editor. Also, get in the habit of archiving important messages you’ve already dealt with and deleting unimportant messages after reading — instead of allowing them to pile up.If you use Outlook, you have a similar feature called Focused Inbox, which automatically sorts important messages into the Focused tab and displays less important ones on the Other tab.For more ideas, we recommend a highly entertaining article called “Declare Email Bankruptcy and Get a Fresh Start” by productivity guru Michael Hyatt.Also: How to back up your Gmail: The ultimate guide

What’s a Trusted Platform Module, and why does my PC need one?

I’ve read the specs for Windows 11 and I know that it requires a TPM. But I have no idea what a TPM is or what it can do for me. Can you explain how it works? Do I need to do anything to set it up?

The simple answer is that a Trusted Platform Module is a secure cryptoprocessor, a dedicated microcontroller designed to handle security-related tasks in a way that minimizes the ability of attackers to break into a system. The complete answer is, as with anything related to computer security, slightly more complicated.The TPM architecture is defined by an international standard (formally known as ISO/IEC 11889) created by the Trusted Computing Group. The standard deals with how different cryptographic operations are implemented, with an emphasis on “integrity protection, isolation and confidentially.”

A TPM can be implemented as a discrete chip soldered onto a computer motherboard, or it can be implemented within the firmware of a PC chipset, as Intel, AMD, and Qualcomm have done. If you use a virtual machine, you can even build a virtual TPM chip into it. The overwhelming majority of PCs built in the last 10 years include TPM technology, and most PCs designed in 2015 or later include the TPM 2.0 version that is required by Windows 11.

must read

Windows 11 security guide

The best time to start thinking about security is right now. Here’s how to protect your home and small business PCs.

The point of that technology is to be a super-secure location for processing cryptographic operations and storing the private keys that make strong encryption possible. The TPM works with the Secure Boot feature, which verifies that only signed, trusted code runs when the computer starts up. If someone tries to tamper with the operating system (to add a rootkit, say), Secure Boot prevents the changed code from executing. The TPM also holds the BitLocker keys that encrypt the contents of a Windows system disk, making it nearly impossible for an attacker to break that encryption and access your data without authorization. (For a detailed technical explanation, see “How Windows uses the Trusted Platform Module.”)Windows 10 and Windows 11 initialize and take ownership of the TPM as part of the installation process. You don’t need to do anything special to set up or use a TPM beyond making sure it’s enabled for use by the PC. And it’s not just a Windows feature. Linux PCs and IoT devices can initialize and use a TPM as well.Having that extra level of security enforced in tamper-resistant hardware is a Very Good Thing.

What’s the best way to transfer large files between my laptop and my desktop PC?

I do a lot of video editing work, and I often need to move those files from my laptop to my PC and back again. They’re huge! What’s the best way to transfer them from one machine to another?

Here at Ask ZDNet, we’re old enough to remember the term sneakernet. For the young’uns in the audience, that was how your elders referred to the incredibly tedious process of swapping files between PCs using floppy disks.

In the modern era, you can do pretty much the same thing, although you have much faster and more capacious options. For those huge video files, your best transfer vehicle is an external SSD that uses the Thunderbolt 3 or 4 standard or USB 3.2 Gen 2 (aka USB 3.1). Plug one of those drives into a USB Type-C port, and you’ll be astonished at how fast the bits fly from Point A to Point B. If that’s not an option, an external drive using USB 3.0 or later will probably be fast enough to get the job done.

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

If both devices are running the same operating system, you can use wireless options (Wi-Fi and Bluetooth) to transfer the files. On Windows PCs, the feature is called Nearby Sharing; on a Mac, it’s called AirDrop.The trouble with sneakernet, even the wireless version, is that it requires manual labor on your part — copying files from one PC and then physically restoring them to the other device. If you make changes on one device and forget to copy it to the other, you could end up with files that are out of sync, where you’ve made changes to two different versions with no easy way to reconcile them.The best way to avoid this possibility is to store those files using a cloud storage platform (OneDrive, Google Drive, Adobe Creative Cloud, Dropbox, etc.) and let a software agent on each device take care of keeping them in sync. If your work is mainly asynchronous — that is, if you do most of your edits on one machine and only need to transfer your files when everything’s complete, this option is ideal. Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.  

ZDNet Recommends

  More

Image: CCDCOE
South Korea’s intelligence agency said on Thursday that the country has joined a cyber defense group under the North Atlantic Treaty Organization (NATO), becoming its first Asian member country. The National Intelligence Service (NIS) said that South Korea, along with Canada and Luxembourg, have been admitted into the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think-tank based in Tallinn, Estonia, that supports member nations and NATO with interdisciplinary cyber defense research, training, and exercises. The think-tank was established in 2008 by NATO members, on the initiative of Estonia, in response to the country suffering crippling cyberattacks allegedly committed by Russia. With the addition of the three new member nations, CCDCOE now has a total of 32 members — 27 sponsoring members of NATO and five contributing participants, including South Korea, that are not part of NATO. South Korea’s NIS said it has been working to become a member of CCDCOE since 2019 to gain cyberattack response expertise in order to protect the country’s backbone infrastructure, and to formulate a global strategy. The intelligence agency said it plans to send more staff to the centre and expand the scope of joint training. Cyber threats were causing enormous damage to individuals and countries which require close global cooperation to respond to, NIS noted, adding that it will work closely with CCDCOE members going forward. Even prior to becoming an official member of the centre, South Korea had taken part in CCDCOE’s large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks. South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups. Meanwhile, earlier in March, the 27 sponsoring nations of the CCDCOE voted to accept Ukraine into the centre as a contributing participant. Related Coverage More

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. “[Our investigation] revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts,” the company said in its incident notification. “For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed. We have rotated internal Heroku credentials and put additional detections in place. We are continuing to investigate the source of the token compromise.” The company also said an attacker first gained access on April 7, two days before the previous earliest date of the attack made public by either Heroku or GitHub. “On April 7, 2022, a threat actor obtained access to a Heroku database and downloaded stored customer GitHub integration OAuth tokens. Access to the environment was gained by leveraging a compromised token for a Heroku machine account,” it said.”According to GitHub, the threat actor began enumerating metadata about customer repositories with the downloaded OAuth tokens on April 8, 2022. On April 9, 2022, the attacker downloaded a subset of the Heroku private GitHub repositories from GitHub, containing some Heroku source code.” GitHub noticed the activity on April 12, with a notification from GitHub landing on April 13, and Heroku revoking all GitHub integration OAuth tokens three days later. “We value transparency and understand our customers are seeking a deeper understanding of the impact of this incident and our response to date,” the company said at the top of the incident notification page that has been running since April 15. Heroku has previously said it would not be reconnecting to GitHub until it was certain it was safe to do so. This week, GitHub said it would be mandating the use of multi-factor authentication by end of 2023. Related Coverage More

Image: WhatsApp
WhatsApp, the messaging platform owned by Meta, has announced new features in line with last month’s communities announcement that includes larger file sharing, a new emoji reactions feature to respond to messages, and eventually larger chat groups.  WhatsApp claimed in a blog post that the new features will “make it easier” for its app to facilitate internal conversations within small business groups, school groups, and community organisations. The announcement detailed that users can now send files, protected by end-to-end encryption, of up to 2GB in size, an increase from the previous limit of 100MB.  “We recommend using Wi-Fi for larger files and we’ll display a counter while uploading or downloading to let you know how long your transfer will take,” the company added. WhatsApp also confirmed that it will begin to roll out the option for larger group chats of up to 512 people, up from the previous number of 256. Additionally, the company announced WhatsApp Reactions, a new feature that will be available on the latest version of the app. “Reactions are fun, fast, and they reduce overload in groups too. We’ll continue improving them be adding an even broader range of expressions in the future,” it said.”Building private, safe, and secure communities takes work and we think this series of improvements will help people and groups stay close to one another.” Earlier this year, Meta announced that it would delay the launch of WhatsApp’s Communities feature in Brazil as part of plans to tackle the spread of false information ahead of the presidential elections. According to the company, the feature will only be launched in Brazil after the presidential elections, set to take place in October. Related Coverage More