More stories

  • in

    Companies warned to boost cyber defence in wake of Ukraine crisis escalation

    On Wednesday afternoon, the Australian government joined the governments of the United States and United Kingdom by placing sanctions on Russian banks and individuals, and at the same time issued a warning to organisations to boost their cyber defence. Australian Prime Minister Scott Morrison said the government had already privately reached out to some entities and that local organisations should read guidance issued by the Australian Cyber Security Centre (ACSC).”We have already been taking action on cyber defences and that has been done privately already with many companies, alerting them to the risk of potential counter responses by Russia and other actors in response to these decisions,” Morrison said. “There is no evidence that any such attacks have taken place to date, I’m advised, but we are now publicly saying right across the country to go to [cyber.gov.au] so you can be clearly informed of the steps that you should be taking to ensure that you are protected as best as you can be from any cyber attacks.” The prime minister added that cyber was the most obvious vector for Russian retaliation, and that companies could be targeted as well as be cyber collateral damage. “The cyber attacks can sometimes come from miscalculation and misadventure, we have seen that in the past, where cyber attacks have sought to let loose various worms … or viruses and they get out of control of those who put them in the system,” he said. In its guidance, the ACSC says organisations should be reviewing and enhancing their detection, mitigation, and response capabilities.

    “Organisations should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required,” it states. “Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans.” Similar warnings have already been issued by Australia’s Five Eyes partners, with the UK National Cyber Security Centre stating that “there has been a historical pattern of cyber attacks on Ukraine with international consequences”. Since last month, the Canadian Centre for Cyber Security has been warning administrators to isolate critical infrastructure from the internet if they would be deemed an attractive target. “When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted,” the warning said. The US issued its warning in January. In the past 24 hours, Russian President Vladimir Putin recognised two breakaway republics in eastern Ukraine and ordered forces into the regions on a so-called “peacekeeping” mission, triggering the responses from the Western democracies. Related Coverage More

  • in

    Cookware giant Meyer says cyberattack caused leak of employee SSNs, immigration status

    A ransomware attack on cookware giant Meyer Corporation has caused thousands of employee social security numbers and sensitive information to be leaked.The company filed paperwork with the Attorney General offices in California and Maine, notifying both that the information of 2,747 employees was involved in the attack. The pots and pans manufacturer reported more than $128 million in sales in 2021. In notification letters sent to victims, the company said the attack began “on or around October 25, 2021” and involved driver’s licenses, passports, Permanent Resident Cards and information regarding immigration status, among a host of sensitive information. Employees working for Meyer subsidiaries like Blue Mountain Enterprises, Hestan Commercial Corporation, Hestan Smart Cooking and Hestan Vineyards were also affected. “Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information,” the California-based company said. “The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”Victims of the attack and their dependents are being offered two years of free identity protection services.

    The company would not confirm whether it was a ransomware attack, but the Conti ransomware gang added the company to its list of victims in November. The leak site had about about 245 MB of data, representing 2% of what Conti claimed to have stolen. The ransomware group never updated the entry.  More

  • in

    Data protection becomes a fundamental right in Brazil

    The Brazilian Congress has enacted an Amendment to the Constitution that makes personal data protection a fundamental citizen right. The changes make personal data protection an unchangeable clause, meaning any changes to this theme will have to be aimed at expanding and protecting citizen rights.

    ZDNet Recommends

    The best security key

    While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

    Read More

    Under the amendment to article 5 of the country’s Constitution, which relates to individual and collective rights, a new section has been added, noting “the right to protection of personal data, including in digital media, is ensured under the terms of the law.”The president of the Brazilian Senate, Rodrigo Pacheco, said that the enactment of the amendment focused on personal data protection is a demonstration of Congress’ commitment “to the non-negotiable value of individual liberty.” Pacheco also noted the measure reinforces legal certainty and improves the environment for investments in the technology and communication sector in Brazil. The proposal underpinning the amendment establishes that the federal government is solely responsible for the organization and supervision of the protection and processing of personal data and has exclusivity in terms of legislation relating to the protection and processing of personal information.

    According to supporters of the proposals, this avoids the decentralized treatment of the theme by state and city legislation. Brazilian politicians in favor of the amendment  say the centralization of legislative competence around data protection matters is important as it also brings the General Data Protection Law (LGPD) to the Constitution. Introduced in September 2020, LGPD regulates personal data processing by individuals, public or private entities in Brazil across any medium, including digital media, with a goal of ensuring the privacy of data subjects.The sanctions relating to the data protection regulations were enforced in August 2021, and fines can reach up to 2% of the company’s revenue in cases of non-compliance. The board members of the body responsible for enforcing the regulations, the National Data Protection Authority (ANPD), were appointed in October 2020, and the body announced its strategy in February 2021.

    However, there are critics to the current data protection set up in Brazil. Consumer protection body Idec noted the provision for the creation of an independent data protection regulator was removed from the proposals when they were voted by the Lower House of the Congress. According to Idec, the fact that ANPD is linked to the president’s office is “something that goes against international recommendations for the constitution of authorities on the subject and jeopardizes the necessary supervision of data processing in the country.””Although the final proposal does not address the issue of [ANPD’s] independence, the new amendment to the Federal Constitution strengthens the fundamental right to the protection of personal data, previously recognized by the Federal Supreme Court, providing Brazil with yet another powerful legal instrument to protect rights of consumers and citizens”, the consumer body noted.

    Government More

  • in

    New York announces statewide cybersecurity coordination center

    New York state governor Kathy Hochul unveiled a new centralized cybersecurity center after White House officials met with her on Friday to discuss their concerns about potential cyberattacks.  Hochul announced the new statewide Joint Security Operations Center alongside mayors from New York City, Albany, Buffalo, Rochester, Syracuse, and Yonkers on Tuesday afternoon. 

    The cybersecurity hub, located in Brooklyn and called the first of its kind in the nation, will serve as a centralized location for state officials to turn in times of cybercrisis.  Officials said the Joint Security Operations Center will be comprised of experts from federal and state law enforcement entities, representatives from local and county governments, and NYC3. NYC3 was created in 2017 as a body coordinating New York City’s cyber defenses across more than 100 agencies and offices.The mayors said the command center will strengthen the state’s threat detection capability “by centralizing telemetry data — allowing officials to assess and monitor potential threats in real time.” The center will also help officials “streamline threat intelligence and responses in the event of a significant cyberattack.”Hochul explained that she had been working throughout the weekend after federal officials held meetings warning of the potential for cyberattacks coming in response to sanctions against senior officials in the Russian government. Cybersecurity and Infrastructure Security Agency director Jen Easterly said there are no specific or credible threats to the US but wrote that “Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure.”

    Easterly lauded the New York effort, writing that collaboration between local, state, federal, and private sector players is how they can successfully ensure the resilience of businesses and organizations.”In light of current geopolitical uncertainty, earlier today I convened cabinet members from relevant areas to review our ongoing cybersecurity preparedness efforts and make sure that New Yorkers, our institutions, and our critical infrastructure are protected from cyber-facilitated disruptions. We are in regular touch with the White House and the US Department of Homeland Security to ensure coordination,” Hochul said. 

    “The reality is that because New York State is a leader in the finance, healthcare, energy, and transportation sectors, our state is an attractive target for cyber criminals and foreign adversaries. My Administration has taken significant steps to prepare for what have become increasingly sophisticated cyberattacks, including my recent budget proposal to invest $62 million in our cybersecurity protections, which is more than double from last year. Cabinet leaders will continue reviewing their cyber-risk management readiness and communicate with relevant industry and government partners to ensure threat intelligence is being relayed as quickly as possible,” Hochul added. 

    ZDNet Recommends

    The best security key

    While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

    Read More

    At the event, local mayors spoke at length about the trouble they face in defending government offices against waves of sophisticated attacks.  “There is no greater threat to the day-to-day operations of city and state government, then cybersecurity,” Syracuse mayor Ben Walsh said. Albany’s mayor spoke about their ordeal with a ransomware attack in 2019 while New York City mayor Eric Adams said his predecessor, former mayor Bill de Blasio, told him cybersecurity was one of the biggest crises the city was facing. New York City announced its own slate of measures designed to protect the city from cyberattacks. Adams released an executive order requiring each city agency to designate a cyber command liaison who will work with the Office of Cyber Command to share information, monitor threats, and adopt best practices around cybersecurity.

    “Technology runs our water, controls our electricity, and notifies us during an emergency, so cyber attacks have the ability to bring our entire city to a halt if we are not prepared. Our city is a prime target for those who want to cause destruction, and while New York City Cyber Command is already a national model for impeding these threats, it’s time our cybersecurity gets moved to the next level,” Adams said. “The new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the city and the state, building on the robust cyber infrastructure New York City has developed in recent years.”New York City Chief Technology Officer Matthew Fraser said the creation of the Joint Security Operations Center was a transformational moment for cybersecurity in the state because it could make New York “the most cyber-resilient state in the nation.”State officials also noted that the Joint Security Operations Center will work with local educational institutions like CUNY to build out cyber curriculums and expand talent pipelines.  More

  • in

    Palo Alto Networks shares jump as FYQ2 results, top expectations, raises outlook

    Security technology titan Palo Alto Networks this afternoon reported fiscal Q2 revenue and profit that both topped Wall Street’s expectations, and raised its outlook for the year. The report sent Palo Alto Networks shares up over 5% in late trading. CEO Nikesh Arora remarked that Palo Alto “continued to benefit from strength across our three security platforms, driven by strong cybersecurity demand, organizations architecting for hybrid work and growing their hyperscale cloud footprints.”Added Arora, “On the back of this strength, notably in our next-generation security offerings, we are raising our guidance for the year across revenue, billings, and earnings per share.”CFO Dipak Golechha remarked, “Total shareholder return was at the forefront of our Q2 results as we continued to deliver on accelerated revenue growth and strong cash flow generation as well as returned capital to shareholders.”Revenue in the three months ended in December rose 30%, year over year, to $1.3 billion, yielding a net profit of $1.74 a share, excluding some costs.Analysts had been modeling $1.28 billion and $1.65 per share.

    Palo Alto said its “remaining performance obligation,” a measure of the total value of contracts with customers, rose by 36% to $6.3 billion.For the current quarter, the company sees revenue of $1.345 billion to $1.61 billion, and EPS in a range of $1.65 cents to $1.68. That compares to consensus for $1.35 billion and a $1.63 profit per share.For the full year, the company sees revenue in a range of $5.425 billion to $5.475 billion, and EPS of $7.23 to $7.30. That is above an outlook offered in November for $5.35 billion to $5.4 billion, and $7.15 to $7.25 per share. The forecast compares to consensus of $5.39 billion and a $7.23 profit per share.

    Tech Earnings More

  • in

    Palo Alto Networks shares jump as FYQ2 results top expectations, raise outlook

    Security technology titan Palo Alto Networks this afternoon reported fiscal Q2 revenue and profit that both topped Wall Street’s expectations and raised its outlook for the year. The report sent Palo Alto Networks shares up over 5% in late trading. 

    CEO Nikesh Arora remarked that Palo Alto “continued to benefit from strength across our three security platforms, driven by strong cybersecurity demand, organizations architecting for hybrid work and growing their hyperscale cloud footprints.”Added Arora, “On the back of this strength, notably in our next-generation security offerings, we are raising our guidance for the year across revenue, billings, and earnings per share.”CFO Dipak Golechha remarked, “Total shareholder return was at the forefront of our Q2 results as we continued to deliver on accelerated revenue growth and strong cash flow generation as well as returned capital to shareholders.”Revenue in the three months ending in December rose 30%, year over year, to $1.3 billion, yielding a net profit of $1.74 a share, excluding some costs.Analysts had been modeling $1.28 billion and $1.65 per share.

    Palo Alto said its “remaining performance obligation,” a measure of the total value of contracts with customers, rose by 36% to $6.3 billion.For the current quarter, the company sees revenue of $1.345 billion to $1.61 billion, and EPS in a range of $1.65 cents to $1.68. That compares to consensus for $1.35 billion and a $1.63 profit per share.For the full year, the company sees revenue in a range of $5.425 billion to $5.475 billion, and EPS of $7.23 to $7.30. That is above an outlook offered in November for $5.35 billion to $5.4 billion, and $7.15 to $7.25 per share. The forecast compares to consensus of $5.39 billion and a $7.23 profit per share.

    Tech Earnings More

  • in

    Peloton service returns after widespread outage

    Peloton’s outages have ended after a morning of complaints from customers who could not access classes or pages on the web. Also: The best peloton alternatives for your home gymThe problem stopped users from accessing their logins, live classes, on-demand classes, and leaderboards. Peloton users also could not activate their services on Peloton bikes or treadmills. 

    We are currently investigating an issue with Peloton services. This may impact your ability to take classes or access pages on the web. We apologize for any impact this may have on your workout and appreciate your patience. Please check https://t.co/Dxcht2tQB0 for updates.— Peloton (@onepeloton) February 22, 2022

    Peloton said the issue began around 10:45 am ET and was resolved by about 2 pm ET, and it took place amid other unexplained outages on Tuesday. Slack also experienced widespread outages, and reports surfaced of problems on other platforms like GitHub. By Tuesday afternoon most services had returned to normal. The Peloton outages came at a time of turmoil for the company, which recently removed co-founder and CEO John Foley, announced about 2,800 layoffs, and canceled plans for a new factory in Ohio. For Q2, Peloton reported a net loss of $439 million on a revenue of $1.14 billion. This pushed its guidance for the full fiscal year down by nearly $1 billion. 

    Despite the lack of positive news, The Wall Street Journal reported that Amazon has expressed interest in acquiring Peloton while The Financial Times said Nike is also interested. The BBC added that Disney, Sony, and Apple have similarly shown interest in Peloton.   More

  • in

    GitHub calls for contributions to new cybersecurity Advisory Database

    GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of security researchers that review all changes and help keep security advisories up to date. 

    But with the amount of new vulnerabilities and different attack vectors emerging each day, the company believes members of its community may be able to share additional insights and intelligence on CVEs.”GitHub is publishing the full contents of the Advisory Database to make it easier for the community to benefit from this data. We’ve also built a user interface for making contributions… The data is licensed under a Creative Commons license, and has been since the database’s inception, making it forever free and usable by the community,” Catlin said. “The GitHub Advisory Database is the largest database of vulnerabilities in software dependencies in the world. It is maintained by a dedicated team of full-time curators and powers the security audit experience for npm and NuGet, as well as GitHub’s own Dependabot alerts. By making it easier to contribute to and consume, we hope it will power even more experiences and will further help improve the security of all software.”GitHub has built a “suggest improvements for this vulnerability” workflow into security advisories in the database. This allows researchers from GitHub Security Lab and the maintainer of the project who filed the CVE to review your request. The form allows you to suggest changes or to provide more context on packages, affected versions, impacted ecosystems, and more.
    GitHub

    Catlin added that the advisories in the GitHub Advisory Database repository will use the Open Source Vulnerabilities (OSV) format. Oliver Chang, software engineer for Google’s Open Source Security Team, said in order for vulnerability management in open source to scale, security advisories “need to be broadly accessible and easily contributed to by all.” “OSV provides that capability,” Chang said. GitHub repeatedly pushed its users to enable two-factor authentication last year and, in August, announced that it would stop accepting account passwords when authenticating Git operations. The platform began requiring people to use stronger authentication factors like personal access tokens, SSH keys, and OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com. In January GitHub announced that two-factor authentication will be available to all users through GitHub Mobile.  More