Tag Archive for: Parliament

Parliament Panel May Summon Apple Officials Over ‘Hacking’Say Sources –

/in


1 November, 2023 | Srishti Ruchandani

Apple Top News

The committee’s secretariat has expressed ‘deep concern’ and is treating the matter with the ‘utmost seriousness’,” the official said.

The Parliamentary Standing Committee on Information Technology (IT) is reportedly considering summoning Apple officials for an upcoming meeting to address recent alerts related to “state-sponsored attacks” sent to Opposition leaders and other public figures in the country on their iPhones, citing an official from the committee’s secretariat. The committee’s secretariat has expressed ‘deep concern’ and is treating the matter with the ‘utmost seriousness’,” the official said.

This issue came to light when several Opposition leaders claimed to have received notifications from Apple regarding “state-sponsored attackers” attempting to compromise their iPhones, and they accused the government of being involved in hacking. The government has denied these allegations and has stated that a thorough investigation will be conducted.

Shiv Sena (UBT) MP Priyanka Chaturvedi, Aam Aadmi Party’s (AAP) Raghav Chadha, and some aides of Congress MP Rahul Gandhi also received the message from Apple.

Some others who received similar alerts included think-tank Observer Research Foundation (ORF) president Samir Saran, an OSD of Delhi Chief Minister Arvind Kejriwal, and The Wire’s founding editor Siddharth Varadarajan.

Apple, in response to the controversy, issued a statement clarifying that they did not attribute the threat notifications to any specific state-sponsored attacker and suggested that the notifications might be false alarms.

The government expressed its concern and confirmed the initiation of an investigation into the incident. They also noted that Apple had issued a similar advisory in nearly 150 countries, and the alerts were considered vague in nature.

IT minister Ashwini Vaishnaw rejected the opposition’s attack on the government, saying the “compulsive…

Source…

SAF’s Digital and Intelligence Service to be set up after Parliament passes amendments to SAF Act and Constitution; WP objects to changes to Constitution

/in


While the SAF has built up capabilities in Command, Control, Communications, Computers, and Intelligence (C4I) in its three existing services – Army, Navy, and Air Force – Dr Ng said the C4I community’s role has been largely that of a “supporting agency”, akin to combat support, logistics and maintenance.

With growing use of disinformation in warfare and cyber threats, Dr Ng said the SAF needs a dedicated service to raise, train and sustain cyber troops and capabilities to defend Singapore’s digital borders.

“We are thankful that hitherto, our intelligence agencies have not detected any campaign against Singapore of that nature in the digital domain,” said Dr Ng.

“But we should not wait for one and it would be prudent to start and build up the fourth service. That alone would serve as a deterrent.”

He added that the DIS will ensure that Singapore is defended against the full spectrum of threats against potential aggressors.

“The digital environment is more porous than the physical one, but the DIS will be responsible to guard against these aggressors in that domain,” he said.

For the SAF, the DIS will protect its networks and systems and strengthen soldiers’ commitment and resilience in operations. It will also continue to provide accurate, relevant and timely intelligence to support SAF operations, and capitalise on cutting-edge digital technologies to advance the SAF’s digitalisation as a networked force.

As for threats to Singapore’s internal environment, it will work closely with the Home Team, Cyber Security Agency (CSA) and other national agencies to leverage on their strengths in Singapore’s digital defence.

This is similar to the SAF’s support to the whole- of-government for counter-terrorism, said Dr Ng.

SAFEGUARDS AGAINST ABUSE

During the debate on the SAF Bill, several Members of Parliament (MPs) raised concerns such as whether safeguards are in place to protect against abuse of powers and information leaks that could compromise national security.

In particular, MP Zhulkarnain Abdul Rahim (PAP-Chua Chu Kang) and MP Dennis Tan (WP-Hougang) asked if foreigners could be part of the DIS.

Responding to their questions, Dr Ng said:…

Source…

DDoS disrupts Belgian parliament. New malware strains in criminal campaign. Threat actors vs. MFA. Disinformation for business.

/in


Attacks, Threats, and Vulnerabilities

Belgian public-sector network suffers cyberattack, affecting parliament (Computing) The attack disrupted a planned meeting of Belgian’s Foreign Affairs, which had been due to discuss the human rights situation in Xinjiang

XSS in the wild: JavaScript-stuffed orders used to compromise Japanese e-commerce sites (The Daily Swig) Website vulnerabilities abused in new hacking campaign

Three new malware families found in global finance phishing campaign (ZDNet) Doubledrag, Doubledrop, and Doubleback are the work of “experienced” threat actors.

Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques (Symantec) Two-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.

The UNC2529 Triple Double: A Trifecta Phishing Campaign (FireEye) We observed a widespread, global phishing campaign from UNC2529 targeting numerous organizations across an array of industries.

Qualys Flags Gaping Security Holes in Exim Mail Server (SecurityWeek) Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors.

High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices (SecurityWeek) Dell patches high-severity vulnerabilities affecting a driver that is present on hundreds of millions of devices.

How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps (Proofpoint) Open authorization or “OAuth” apps add business features and user-interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace. Unfortunately, they’re also a new threat vector as bad actors are increasingly using malicious OAuth 2.0 applications (or cloud malware) to siphon data and access sensitive information. In 2020, Proofpoint detected more than 180 different malicious applications, attacking over 55% of customers with a success rate of 22%.

21Nails vulnerabilities impact 60% of the internet’s email…

Source…

Chinese nation state hackers linked to Finnish Parliament hack

/in


Chinese nation state hackers linked to Finnish Parliament hack

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts.

“Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs,” Parliament officials said at the time.

The attack was detected by the Finnish Parliament’s security team and is being investigated by the Finnish National Bureau of Investigation (NBI), with the help of the Security Police and the Central Criminal Police.

“Last year, the Security Police has identified a state cyber-espionage operation against Parliament, which tried to infiltrate Parliament’s information systems,” a statement issued today reads. “According to intelligence from the Security Police, this was the so-called APT31 operation.”

Central Criminal Police Commissioner Tero Muurman added that further details regarding the attack will not be disclosed while the investigation is still ongoing.

“When the investigated criminal offenses are aggravated espionage, aggravated computer break-in, and aggravated message interception everyone understands how serious offenses we are dealing with,” Parliament Speaker Anu Vehviläinen said.

APT31 espionage campaigns

APT31 (also tracked as Zirconium and Judgment Panda) is a China-backed hacking group known for its involvement in numerous information theft and espionage operations, working at the behest of the Chinese Government.

As BleepingComputer previously reported, this APT group has also been linked to the theft and repurposing of the EpMe NSA exploit years before Shadow Brokers publicly leaked it in April 2017.

Last year, Microsoft observed APT31 attacks against international affairs community leaders and high-profile individuals associated with the Joe Biden for President campaign.

APT31 was also…

Source…