Information Technology

Google has introduced new features to Android’s Private Compute Core, a secure environment currently in the beta stages of development.

On Thursday, Suzanne Frey, VP, Product, Android & Play Security and Privacy said in a blog post that the new suite will “provide a privacy-preserving bridge between Private Compute Core and the cloud.” Currently in Android 12 Beta, Private Compute Core is an open source platform that aims to isolate itself from other apps and the main operating system on an Android device to improve privacy and security.  The new features are: Live Caption: Captions added to media using on-device speech recognitionNow Playing: Machine learning (ML) algorithms able to recognize music playing nearbySmart Reply: Suggests relevant responses based on the messaging and active conversations While these features, in themselves, aren’t privacy-based, Google says that new functionality will be implemented with each Android release — and each one brings the sandboxed Android area closer to completion.  Each feature utilizes ML and to keep data gathered by them private and secure — including speech records, environmental noise detection, and the context of conversations, should users enable it — they will be processed in the Private Compute Core and will not be shared with other apps unless expressly permitted by the handset owner.  Frey added that the core will “let your device use the cloud (to download new song catalogs or speech-recognition models [for example]) without compromising your privacy.”

Google intends to publish the source code of Private Compute Services to allow third-party researchers the opportunity to perform audits.”We’re enthusiastic about the potential for machine learning to power more helpful features inside Android, and Android’s Private Compute Core will help users benefit from these features while strengthening privacy protections via the new Private Compute Services,” Frey commented.  Google outlined plans to improve Android security in February. A particular focus for the tech giant is to tackle memory problems — such as corruption and buffer overflows — as over half of vulnerabilities impacting the operating system are related to this area. In addition, media, Bluetooth, and NFC are also on the radar for hardening. The firm is encouraging developers to take advantage of programming languages including Java and Rust, and Google is also working on ways to improve the security of C and C++ applications.   Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A new study from HP has highlighted the precarious — and often contentious — situations IT teams are facing when trying to improve cybersecurity for remote workers.  The new Rebellions & Rejections report from HP Wolf Security surveyed 1100 IT decision-makers and also gleaned insights from a YouGov online survey of 8443 office workers who now work from home.  The study found that IT workers often feel like they have no choice but to compromise cybersecurity in order to appease workers who complain about how certain measures slow down business processes. Some remote workers — particularly those aged 24 and younger — outright reject cybersecurity measures they believe “get in the way” of their deadlines.  More than 75% of IT teams said cybersecurity took a “backseat to business continuity during the pandemic,” and 91% reported feeling pressured into compromising security for business practices.  Nearly half of all office workers under the age of 24 said cybersecurity tools were “a hindrance”, and 31% admitted to outright bypassing certain corporate security policies to get work done.  Unfortunately, almost half of the office workers of all ages believe cybersecurity measures waste their time, and the figure increases to 64% among those under the age of 24. The survey found that 54% of 18-24-year-olds cared more about their deadlines than causing a data breach.  Researchers found that 39% of respondents did not fully know what their organization’s security policies are, causing 83% of all IT workers surveyed to call remote work a “ticking time bomb” for data breaches. 

Ian Pratt, global head of security for personal systems at HP, said the fact that workers are actively circumventing security should be a worry for any CISO.  “This is how breaches can be born,” Pratt said. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows with unobtrusive, secure-by-design and user-intuitive technology. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.” IT leaders have had to take certain measures to deal with recalcitrant remote workers, including updating security policies and restricting access to certain websites and applications.  But these practices are causing resentment among workers, 37% of whom say the policies are “often too restrictive.” The survey of IT leaders found that 90% have received pushback because of security controls, and 67% said they get weekly complaints about it.  More than 80% of IT workers said, “trying to set and enforce corporate policies around cybersecurity is impossible now that the lines between personal and professional lives are so blurred”, and the same number of respondents said security had become a “thankless task.”  Nearly 70% said they were viewed as “the bad guys” because of the restrictions they impose to protect workers.  “CISOs are dealing with increasing volume, velocity and severity of attacks. Their teams are having to work around the clock to keep the business safe while facilitating mass digital transformation with reduced visibility,” said Joanna Burkey, HP’s CISO. “Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders; cybersecurity is an end-to-end discipline in which everyone needs to engage.” Burkey added that IT teams need to engage and educate employees on the growing cybersecurity risks while understanding how security impacts workflows and productivity.  Cybersecurity experts like YouAttest CEO Garret Grajek said every new access method, user pool and technology adds attack vectors and vulnerabilities for hackers.  “We just saw that even the best WFH plans might be vulnerable w/ over 500k of Fortinet VPN users being exposed,” Grajek noted. “As with the other attack vectors, enterprises have to assume they will be breached and then ensure that rogue users access and actions are mitigated or limited.” More

A former US Army reservist has been charged and sent behind bars for scams that targeted the lonely, the elderly, and businesses. 

US prosecutors said this week that Joseph Iorhemba Asan Jr. will spend 46 months — or over three-and-a-half years — in prison for conducting both romance and Business Email Compromise (BEC) scams. According to the US Department of Justice (DoJ), from around February 2018 until October 2019, the former serviceman worked with a co-conspirator, named as Charles Ifeanyi Ogozy — another member of the US Army Reserves — to commit fraud “against dozens of victims across the United States, defrauded banks, and laundered millions of dollars in fraud proceeds to co-conspirators based in Nigeria.” The 24-year-old, based in Daytona Beach, Florida, worked with Ogozy to operate romance scams that focused on older men and women. Fake profiles were used to rope in these victims, who believed they were genuinely talking to love interests — and once trust was established, so did the requests for money.  BEC scams were also being conducted by the pair. These forms of attack are usually based on phishing and social engineering and they will target businesses with fake correspondence requesting payment for invoices and services. The more sophisticated BEC groups out there may also compromise emailed communication streams between employees and tamper with bank details used to pay supplier invoices, directing funds, instead, to accounts they control. “Notably, one of the victims of the defendants’ business email compromise scheme included a US Marine Corps veteran’s organization,” prosecutors say. Money fraudulently obtained through these schemes was sent to bank accounts controlled by Asan, Ogozy, and other criminal participants. At least 10 accounts were set up in eight banks, all of which were in the names of non-existent businesses including Uxbridge Capital LLC and Renegade Logistics LLC.

In total, the DoJ says the scam artists transferred and received at least $1.8 million, a large proportion of which was withdrawn in cash and cannot be traced. Asan was arrested on October 31, 2019. He pled guilty to charges of conspiracy to commit bank fraud and wire fraud on December 23, 2020. After serving his prison sentence, Asan must also submit to three years of supervised release. However, there is a financial penalty, too. The scam artist has been ordered to forfeit $184,723 to the United States government and must pay his victims damages of $1,792,015.  “Among the many victims of the internet scams facilitated by Joseph Asan were elderly women and men who were callously fooled into believing they were engaging online with potential romantic interests,” commented US Attorney Audrey Strauss. “[…] Asan’s crimes have indeed led to his own reversal of his fortune, as this former defender of this country now becomes a federal prisoner.” In July, Houston, Texas resident Akhabue “David Harrison” Ehis Onoimoimilin was issued a prison sentence of over seven years and was ordered to pay over $865,000 for conducting both romance and BEC scams. Onoimoimilin netted over $2.2 million by scamming his targets. The US Federal Trade Commission (FTC) estimates that in 2020, romance scams cost the average victim $2,500, with the overall loss of reported cases alone reaching $304 million in the United States. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A Ukrainian man was arrested in Poland and extradited to the US to face charges as an alleged botnet operator. 

The US Department of Justice (DoJ) said this week that Glib Oleksandr Ivanov-Tolpintsev was taken into custody in Korczowa, Poland, on October 3 last year. As the US and Poland have an extradition treaty, the 28-year-old was then sent to the US to face charges that could land him up to 17 years in federal prison, if found guilty.  Originally from Chernivtsi, Ukraine, Ivanov-Tolpintsev is suspected of being the operator of a botnet that was able to enslave devices infected with malware and automatically perform brute-force attacks against other internet-facings systems.  If there is no protection in place to stop these attacks from occurring, brute-force attacks will try out username and password combinations in the hopes of finding the right key. Once secured, these login details can be used to access the target system — or, as in Ivanov-Tolpintsev’s case — can be sold on to other cyberattackers.  According to the indictment, Ivanov-Tolpintsev, also known as “Sergios” and “Mars” online, was using an e-commerce front called “The Marketplace” to sell on the information stolen by his botnet.  The alleged botnet operator claimed that his creation was capable of stealing up to 2,000 sets of credentials each week. Cyberscoop reports that investigators were able to track him down with the help of an email address used by the suspect to purchase vape products. The receipt contained within listed his home address and linked him to a phone number and passport. Prosecutors were also able to find other email addresses and a Gmail account connected to online retailers and his conversations with individuals in the dark web. 

Two other co-conspirators, allegedly the operators of The Marketplace, have also been charged but are yet to be named.  Ivanov-Tolpintsev was presented to US Magistrate Julie Sneed on September 7 and has been detained ahead of his trial date.  He faces charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords, according to the DoJ. Alongside a potentially hefty prison sentence, if found guilty, US prosecutors also intend to pursue forfeiture of $82,648, the amount that was able to be traced as allegedly linked to the sale of data stolen by the suspect.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

MyRepublic says almost 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The affected system had contained identity verification documents needed for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.  The “unauthorised data access” incident was uncovered on August 29 and the relevant authorities had been informed of the breach, said MyRepublic in a statement Friday. It pointed industry regulator Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission, which oversees the country’s Personal Data Protection Act (PDPA).  MyRepublic said personal data of its mobile customers were stored on the affected system, adding that “unauthorised access to the data storage facility” since had been plugged. The incident had been “contained”, it said. Asked how long it had used the third party’s data storage service and whether it was a cloud-based service, MyRepublic told ZDNet it was unable to share these details, citing confidentiality. It also declined to say “for security reasons” if it was the only customer affected by the breach at the data storage facility. 

Asked when it last assessed security measures implemented by the data storage vendor, MyRepublic did not specify a date, saying only that it “regularly” reviewed such measures for both its internal and external systems, including that of the third-party vendor implicated in the breach.  MyRepublic also declined to reveal further details about how the data breach was discovered, saying only that it was informed of the incident by “an unknown external party” on August 29. It reiterated that the data storage facility since had been secured.  It said it was contacting all mobile customers via email about the breach, but did not confirm when this would be completed. 

In its statement, MyRepublic noted that an incident response team had been activated, which included external advisers from KPMG in Singapore, and would work with the broadband operator’s internal IT and network personnel to resolve the incident.  Its own investigations determined that the unauthorised data access affected 79,388 of its mobile subscribers in Singapore. Apart from details of local customers’ national identity cards, information from documents required to verify foreign workers’ residential address, such as copies of utility bills, also were affected. The names and mobile numbers of customers porting an existing mobile service also were compromised.  MyRepublic said there were no indications other personal data, such as payment details, were affected. It added that none of its systems were compromised. It said affected customers would be offered a complimentary credit monitoring service, provided by Credit Bureau Singapore, which would monitor customers’ credit report and send out alerts of suspicious activities.  MyRepublic CEO Malcolm Rodrigues said in the statement: “My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue. “While there is no evidence that any personal data has been misused, as a precautionary measure, we are contacting customers who may be affected to keep them informed and provide them with any support necessary,” Rodrigues said. “We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.” In a recent interview with ZDNet, MyRepublic said it was looking for new revenue in Singapore’s enterprise space, and planned to ramp up its service offerings with particular focus on cybersecurity, where it might look to make acquisitions to plug product gaps.  RELATED COVERAGE More

Cybersecurity firm Zscaler reported fiscal Q4 revenue and profit that topped Wall Street analysts’ expectations this afternoon.Revenue in the quarter rose 57% year over year to $197.1 million, yielding a profit of 14 cents a share. Non-GAAP net income reached $20.3 million in the quarter. The report sent Zscaler shares up nearly 2% in late trading. Zscaler CEO Jay Chaudhry said the company had a “record number of large deals across diverse sectors” that drove the revenue growth and a 70% increase in billings year over year.”Enterprises of all sizes are adopting Zscaler’s Zero Trust Exchange to accelerate their secure digital transformation journey as they turn away from legacy castle-and-moat security,” Chaudhry said. “We continue to invest and innovate across all our product pillars and help our customers adopt a Zero Trust architecture designed to secure the cloud and mobile world.”Analysts had been modeling $186.82 million and 9 cents per share.

For the current quarter, the company expects revenue of $210 million to $212 million and EPS around 12 cents. For the full year fiscal 2022, the company predicted revenue in a range of $940 million to $950 million, and EPS ranging from $0.52 to $0.56. This quarter the company announced integration with ServiceNow and was selected as a partner for the new Zero Trust Architecture Project by NIST’s National Cybersecurity Center of Excellence (NCCoE).

Tech Earnings More

Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard. A. A. Puryear, chief of public affairs for the Virginia National Guard, told ZDNet that the organization was notified in July about a possible cyber threat against the Virginia Defense Force and began an investigation immediately in coordination with state and federal cybersecurity and law enforcement authorities to determine what was impacted “The investigation determined the threat impacted VDF and Virginia Department of Military Affairs email accounts maintained by a contracted third party, and there are no indications either VDF or DMA internal IT infrastructure or data servers were breached or had data taken,” Puryear said. “There are no impacts on the Virginia Army National Guard or Virginia Air National Guard IT infrastructure. The investigation is ongoing with continued coordination with state and federal partners to determine the full impact of the threat and what appropriate follow up actions should be taken.”The Virginia National Guard did not respond to questions about whether the incident was a ransomware attack. They also did not respond to questions about which email addresses were accessed and whether victims have already been notified. The Virginia Department of Military Affairs is the state agency that supports the Virginia Army National Guard, Virginia Air National Guard and Virginia Defense Force. The Virginia Defense Force is the all-volunteer reserve of the Virginia National Guard and it “serves as a force multiplier” integrated into all National Guard domestic operations. On August 20, the Marketo marketplace for stolen data began publicizing a trove of data stolen from the Virginia Department of Military Affairs. They claimed to have 1GB of data available for purchase.

Experts have said that while the operators behind Marketo are not ransomware actors, some of the data on their site is known to have been taken during ransomware attacks and publicized as a way to force victims into paying ransoms. Marketo was previously in the news for selling the data of Japanese tech giant Fujitsu. Digital Shadows wrote a report about the group in July, noting that it was created in April 2021 and often markets its stolen data through a Twitter profile by the name of @Mannus Gott.The gang has repeatedly claimed it is not a ransomware group but an “informational marketplace.” Despite their claims, their Twitter account frequently shares posts that refer to them as a ransomware group. Allan Liska, part of the computer security incident response team at Recorded Future, noted that they don’t appear to be tied to any specific ransomware group. “They have taken the same route that Babuk did and are all ‘data leaks.’ To the best of our knowledge they don’t claim to steal the data themselves and instead they offer a public outlet to groups who do, whether they are ransomware or not,” Liska said.Emsisoft threat analyst and ransomware expert Brett Callow said it is still unclear how Marketo comes by the data they sell and added that it is also unclear whether they are responsible for the hacks or are simply acting as commission-based brokers. He added that some of the victims on Marketo’s leak site were recently hit by ransomware attacks, including X-Fab, which the Maze ransomware group hit in July 2020, and Luxottica, which was hit by Nefiliim ransomware in September.”That said, at least some of the data the gang has attempted to sell may be linked to ransomware attacks, some of which date back to last year. Leaked emails can represent a real security risk, not only to the organization from which they were stolen, but also to its customers and business partners,” Callow said. “They’re excellent bait for spear phishing as it enables threat actors to create extremely convincing emails which may even appear to be replies to existing exchanges. And, of course, it’s not only the initial threat actor that affected organizations need to worry about; it’s also whoever buys the data. In fact, it’s anybody who knows the URL, as they can download the ‘evidence pack.'”In the past, the group has gone so far as to send samples of stolen data to a company’s competitors, clients and partners as a way to shame victims into paying for their data back. The group has recently listed dozens of organizations on their leak site, including the US Department of Defense, and generally leaks a new one each week, mostly selling data from organizations in the US and Europe.  More

Dell announced the release of a slate of new security features and tools on Thursday alongside a survey of 1,000 IT decision makers from around the globe, who said data consumption by organizations has grown more than 10-fold. Rob Emsley, director of product marketing and data protection at Dell, told ZDNet that the findings of the 2021 Global Data Protection Index revealed that enterprises are facing a bevy of data protection challenges driven by the threat of ransomware and the consumption of emerging technologies such as cloud-native applications Kubernetes containers and artificial intelligence.”This year and even last year has been marked by an increase in concerns over cybersecurity. As we expected, many organizations lack confidence that the capacity of their organization’s data protection can sufficiently defend them against cyberthreats,” Emsley said. “Most customers understand it’s not an if, it’s a when they will be attacked. Backups and what we deliver in the world of cyber recovery is something we’ve found many, many customers are really eager to talk to us about. We also found in the research that the new ‘work from anywhere, learn from anywhere’ economy that we now live in has certainly increased most organizations’ concerns over whether they are vulnerable to cyberattacks.”The survey, in its fifth year, found that organizations are managing more than 10 times the amount of data they did five years ago. Enterprises went from handling 1.45 petabytes of data in 2016 to 14.6 in 2021. More than 81% of respondents confirmed that they are worried about their organization’s data protection solutions and 30% said they had suffered data loss in the last year. Almost half of all respondents said they experienced unplanned system downtime this year. When it comes to malware and ransomware, 62% said they are concerned about how their data protections systems would handle the threats and 74% added that they were increasingly exposed from a data perspective due to employees working remotely. 

More than 66% said they are not confident their business-critical data could be recovered if they suffered a cyberattack or data breach and 63% said cloud-native applications, Kubernetes containers, artificial intelligence and machine learning make their organization more vulnerable to data loss. Jeff Boudreau, president and general manager of the infrastructure solutions group at Dell Technologies, said they understand that the task of protecting data has never been more complex. “As the leading provider of data protection hardware and software, our portfolio addresses this growing challenge by helping customers adopt a holistic cybersecurity and data protection strategy to identify, protect, detect, respond and recover from ransomware and other cyberattacks,” Boudreau said. Emsley explained to ZDNet that the report’s findings were part of why Dell was introducing “new software and services to accelerate VM backup data availability, simplify management of large data sets and maintain business continuity while alleviating dependencies on day-to-day cyber recovery operations.”The new software and managed services tools include Dell EMC PowerProtect Data Manager, which Emsley said “adds Transparent Snapshots to give organizations a new and unique way to protect their VMware virtual machines at scale.””Transparent Snapshots deliver up to five times faster backups and up to a five-time reduction in VM latency, helping organizations ensure availability of VM data effectively and efficiently,” Emsley said. “Dell EMC PowerProtect appliances with Smart Scale helps organizations manage multiple data protection appliances at exabyte scale, allowing IT staff to make informed decisions about their capacity needs and keep up with data growth. With Smart Scale, customers can configure multiple appliances as a single pool giving them the ability to see and manage large data sets in one entity — as many as 32 PowerProtect appliances and more than three exabytes of logical capacity.” Dell also announced its Managed Services for Cyber Recovery Solution tool that is designed to assist enterprises in reducing risk by “having Dell experts manage day-to-day cyber recovery vault operations and support recovery activities.” Drew Hills, infrastructure analyst at USC Australia, said Transparent Snapshots in PowerProtect Data Manager “simplifies backing up our virtual machines using less infrastructure and without impact to the production environment.” “By removing the need to deploy or manage proxies to move data, our virtual machines can be backed up faster, saving us time,” said Hills.Dell EMC PowerProtect Data Manager with Transparent Snapshots will be available this quarter to Dell customers globally at no additional cost and Dell EMC PowerProtect appliances with Smart Scale is slated to be available in the first half of 2022.Dell Technologies Managed Services for Cyber Recovery Solutions is available today.IDC research vice president Phil Goodwin added that ransomware and other cyberattacks continue to evolve, forcing organizations to outpace threats with innovation.”Dell Technologies’ new advancements in software and services are designed to help organizations increase their ability to recover business critical data from a cyberattack with the least amount of disruption,” Goodwin said.  More