Tag Archive for: shouldn’t

Claiming a ‘computer crime’ shouldn’t give police a free pass to raid newspapers

/in


This month, police officers in Marion, Kan., crashed into the newsroom of the Marion County Record, a weekly newspaper, and the home of its publisher to seize computers, cellphones and documents. After several days of public outcry, the county attorney ordered the material returned.

Newsroom searches are rare today because a 1980 federal law makes them almost always illegal. But the outcry goes back to colonial days, when British-loyalist redcoats raided revolutionary American pamphleteers. Such searches were seen as the ultimate attack on the free press. In the infamous 1971 search of the Stanford Daily, for example, Palo Alto police were seeking photographs to tie Vietnam War protesters to a violent clash on campus. After the Supreme Court refused to offer protection from such raids, Congress passed the 1980 statute, making newsroom searches far less of a threat.

Read more: Editorial: Raid on Kansas newspaper was possibly illegal — and definitely troubling

Instead, the Marion case highlights a separate, systemic threat to press freedom: vague and sweeping computer crime laws, which exist in all 50 states. These laws can be readily used to intimidate reporters and suppress reporting without raiding their offices.

The Marion raid appears to be the first time public officials have searched a newspaper under the claim of enforcing a computer crime law. The search warrant in that case listed violations of statutes covering identity theft and “unlawful acts concerning computers.”

Read more: Opinion: We’ve defended Trump’s 1st Amendment rights. But his latest claims about the Jan. 6 indictment are nonsense

The state computer crime statute applies when someone breaks into a computer network with malware or uses another person’s information to steal money from their bank account. But these laws are so vague that they can be deployed to penalize reporters for using computers to find information online as part of routine journalism.

In Missouri, for instance, a reporter for the St. Louis Post-Dispatch discovered a serious flaw in a state website that put the security of thousands of Social Security numbers at risk. He alerted the state agency so it could fix the issue before he published…

Source…

Modi govt’s warning for Zoom users shouldn’t be ignored at any cost

/in


The Narendra Modi government has issued a high-risk warning to video conferencing platform Zoom users of attackers getting entry to their system and carrying out mischievous operations.

The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on Thursday against multiple vulnerabilities reported in the Zoom products.

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

CERT-IN is a statutory body with powers from the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology monitors computer security incidents, records susceptibilities, and advocates powerful IT security practices throughout the country. It reveals bugs and cybersecurity threats, including hacking and phishing attacks.

Which versions are affected and why?

CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.

As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.

How would it influence the system ?

Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.

What is the solution?

Users should upgrade to the latest version, as mentioned in Zooms Security advisory.

Zoom’s response

The virtual meeting platform issued an official statement on the report. ““As detailed on our Zoom Security Bulletin page, we have already resolved these security issues. As always, we recommend users keep up to date with the latest version of Zoom to take advantage of Zoom’s latest features and…

Source…

Ransomware May Grab the Headlines, But You Shouldn’t Ignore the Cyber Threat of FTF : Risk & Insurance

/in


Funds transfer fraud may not make headlines like ransomware, but it can be just as devastating for small businesses if they are not prepared.

When we think about cyber-related risk, the term “ransomware” isn’t far behind. Ransomware is indeed an extremely detrimental risk for companies, sometimes even going so far as to bankrupt and shutter doors; but, it’s not the only cyber risk businesses should be watching.

Business email compromise (BEC) has proven to be an expanding avenue for funds transfer fraud, or FTF, which is a low-tech attack that disproportionately targets small businesses.

As Catherine Lyle, head of claims at Coalition, explained, threat actors (TAs) often perpetuate FTF using social engineering techniques like phishing. They intend to gain access to a business’ email system to cause a business email compromise. Once a TA has access to a corporate mailbox, the TA often manipulates a user’s contacts and inbox, looking for payment instructions.

This kind of attack usually happens without triggering any security alerts.

“The TA, using rule changes or other hidden techniques, then launches a game of ‘monkey in the middle,’ pretending to be the email sender and hiding real emails requesting payment or changes in wiring instructions from the waiting victim” Lyle said.

Because the email appears to come from a trusted source, the victim doesn’t question its authenticity and complies with the request. Even if the victim responds to ask if the payment request is legitimate, the TA will reply as their assumed host.

FTF is often the primary means of attack, and, as a result, it’s a very common tactic for targeting small businesses.

With fewer options to pivot inside a network and less infrastructure and data to hold hostage in a ransomware attack, smaller organizations become easier targets for TAs. In fact, funds transfer fraud is becoming more common, skyrocketing in the first half of 2021.

Small Business’ Risk

According to Coalition’s 2022 Cyber Claims Report, the initial FTF loss, defined as the loss before Coalition recovered funds, surged to an

Source…

Google shouldn’t give up on alarm systems like Nest Secure

/in


Earlier this month, Google brutally pulled the plug on Nest Secure, its 3-year-old alarm system that doesn’t have a successor of any kind in sight. While that product won’t be fully left out to dry anytime soon, Google has been completely silent regarding a new alarm system. Here’s why they shouldn’t give up on it.

Cameras are great, but alarm systems give peace of mind

The cornerstone of the Nest brand is cameras and, admittedly, they’rep an excellent way to keep an eye on your home. But as far as security is concerned, they aren’t foolproof. Cameras have blind spots, they can be blocked, they can lose power. A proper alarm system like Nest Secure, though, is a lot harder to trip up.

Generally speaking, it’s hard to beat an alarm system. The Nest Guard hub is the only way for a potential intruder to disarm the system — assuming they haven’t stolen your phone that is. Before they reach that Guard, they have to get in a door or window that’s connected to the Guard with a Detect sensor. That sensor immediately sets off the alarm countdown when opening the door or window and, should that fail for some reason, there’s also a motion sensor that will go off. The alarm as a whole can even be tied to a professional monitoring system which can alert the local authorities.

The Nest Guard hub is a central point for an entire home security system, and importantly it’s also the most reliable. If it loses power, it continues to sense motion and opening doors even once the cameras go out by using a battery backup. The sensors themselves, too, run on battery power all of the time which means they can be used in more places compared to Google’s wired cameras.

Nest Guard actually made Nest Cams easier to use

Beyond the very real security benefits that Nest Secure delivers, Google’s decision to pull the plug on its alarm systems has further implications for the company’s cameras. For quite some time, Nest has offered “Home” and “Away” presets. These can be used to automatically adjust various settings on your cameras, thermostats, and other Nest products.

With a Nest Guard hub installed in your home, this feature becomes far more powerful. Instead of…

Source…