Search Results for “CBC”


April 7, 2020
Supantha Mukherjee, Ben Blanchard / Reuters

Supantha Mukherjee, Ben Blanchard / Reuters  
Taiwan and Canada Join the Ranks of Governments That Are Banning Zoom Due to Perceived Security Flaws

Taiwan and Canada are joining the growing ranks of governments around the globe that are banning the Zoom videoconferencing app in government offices due to its reported and perceived security flaws. Zoom is currently facing backlash from users worried about the lack of end-to-end encryption of meeting sessions and “zoombombing,” where uninvited guests crash into meetings. Taiwan’s cabinet said in a statement that government agencies “should not use products with security concerns, like Zoom.”

Related: TechCrunch, BetaNews, NDTV Gadgets360.com, Quartz,Business Insider, The Hill, TechRepublic, MarketWatch.com – Software Industry News, Motley Fool, Daily Dot, HealthITSecurity, E-Commerce Times, CNN.com, ZDNet, diginomica government, ForbesHotHardware.com

TechCrunch: Taiwan’s government bars its agencies from using Zoom over security concerns
BetaNews: Taiwanese government bans agencies from using Zoom because of security concerns
NDTV Gadgets360.com: Zoom Meeting App Continues to Battle Privacy Concerns, Increased Competition
Quartz: Taiwan is taking cybersecurity seriously by banning the use of Zoom in government
Business Insider: Taiwan’s government bans official use of Zoom, days after the firm admitted to ‘mistakenly’ routing some calls through China
The Hill: Democratic senator criticizes Zoom’s security and privacy policies
TechRepublic: Zoom’s security flaws: Has it done enough to fix them?
MarketWatch.com – Software Industry News: Zoom Video lurches from boom to backlash amid privacy issues, ‘Zoom bombing’ attacks
Motley Fool: Zoom Has Gotten Ahead of Itself
Daily Dot: Senator calls for federal investigation into Zoom’s ‘deceptive’ practices
HealthITSecurity: Zoom to Halt Feature Development to Bolster Privacy, Security for COVID-19
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
CNN.com: Zoom CEO apologizes for having ‘fallen short’ on privacy and security
ZDNet: Microsoft Teams vs Zoom video meetings: Microsoft touts superior security and privacy
diginomica government: WFH darling Zoom is a security and privacy disaster – let me count the ways
Forbes : Microsoft Just Dealt A New Blow To Zoom With This Bold Security Move
HotHardware.com: Microsoft Dunks On Zoom Touting Strict Security And Privacy Regimen In Microsoft Teams


March 9, 2020
Nicole Hong / New York Times

Nicole Hong / New York Times  
Jury Deadlocked on Eight Counts Against Accused ‘Vault 7’ CIA Hacking Tool Leaker Joshua Schulte

In a mixed outcome for the U.S. government, a federal jury in Manhattan could not convict former C.I.A. software engineer Joshua Schulte of stealing a massive trove of classified hacking tools and leaking them to Wikileaks, the so-called Vault 7 leaks. The jurors deadlocked on eight counts, including illegal gathering and transmission of national defense information but did convict Schulte on two other counts, contempt of court and making false statements to the F.B.I.

Related: Digital Journal, Courthouse News Service, The Seattle Times, CBC, SecurityWeek, Stars and Stripes, AP Top News, The Hacker News, Cyberscoop, emptywheel, The Register, Gizmodo, The Washington Post, RT USA, Fifth Domain | Cyber, POLITICO

Tweets:@shanvav @zackwhittaker

Digital Journal: Jury hung in case of CIA coder accused of cyberweapon leak
Courthouse News Service: Ex-CIA Coder Gets Mistrial on 8 Counts Tied to ‘Vault 7’ Leak\
The Seattle Times: Jury in CIA leaks case fails to reach a verdict on most serious charges
CBC: Jury deadlocks on espionage charges in CIA ‘Vault 7’ leaks case
SecurityWeek: Minor Convictions for Ex-CIA Coder in Hacking Tools Case
Stars and Stripes: Former CIA coder convicted on minor charges in hacking tools case
AP Top News: Minor convictions for ex-CIA coder in hacking tools case
The Hacker News: Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial
Cyberscoop: Vault 7 court case ends in mistrial on most serious charges
emptywheel: Judge Crotty Declares a Mistrial in Joshua Schulte Case
The Register: Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI
Gizmodo: Jury Deadlocked in Case of Accused WikiLeaks Source Charged for ‘Vault 7’ CIA Leaks
The Washington Post: Jury fails to reach verdict on most serious chargesin CIA leaks case
RT USA: Assange trial rehearsal? Hung jury results in mistrial for former CIA tech accused of handing ‘Vault 7’ docs to WikiLeaks
Fifth Domain | Cyber: Minor convictions for ex-CIA coder in hacking tools case
POLITICO: Minor convictions for ex-CIA coder in hacking tools case

@shanvav: A NYC jury was unable to reach a verdict on the most serious charges against a former CIA engineer, Joshua Schulte (re theft of gov property/transferring gov defense info). The jury did find him guilty of contempt of court/lying to FBI. @CyberScoopNews
@zackwhittaker: Trial of Joshua Shulte, who's accused of leaking classified Vault 7 documents to WikiLeaks, ends in a mistrial.


April 6, 2017
Dave Seglins, Matthew Braga, Catherine Cullen / CBC News

Dave Seglins, Matthew Braga, Catherine Cullen / CBC News  
RCMP Cops to Using IMSI Catchers for Cellphone Surveillance After Press Reports

Canadian police RCMP took an unprecedented step of admitting it uses cellphone surveillance technology known as IMSI catchers, also known as Stingrays or Mobile Device Identifiers (MDIs), following a series of reports by Canadian news service CBC.  The devices mimic cell phone towers in order to track mobile device users and sometimes listen in to phone calls. The RCMP says it owns ten MDIs which have been used in 19 criminal investigations in 2016 and 24 investigations in 2015. The RCMP employs 24 technicians across Canada to deploy the devices. Although the RCMP says almost all investigations have been conducted under a warrant, at least 11 investigations over the past five years did not have judges’ approval.

July 17, 2018
Matthew Braga, Lori Ward, Andrew Culbert / CBC News

Matthew Braga, Lori Ward, Andrew Culbert / CBC News  
Medical, Financial Data for Up to 237,000 Patients of Ontario Home Care Agency Held for Ransom by Attackers

The detailed medical histories, contact information, bank account details, social insurance card information and credit card numbers of possibly hundreds of thousands of home-care patients being cared for by home medical care services company CarePartners in Ontario are being held for ransom by thieves. Contacted by CBC News, the attackers claim to have stolen hundreds of thousands of patient records and related materials in their possession dating back to 2010. The maximum number of patients that could be affected is 237,000 CarePartners claims. The attackers say they want compensation in exchange for telling the company how to fix their security issues, which, according to the attackers, includes software that hasn’t been patched in two years. CarePartners admits that none of its data was encrypted. CarePartners said it was contacted by the attackers via email on June 11 and informed customers a week later of the breach. The Waterloo Ontario Police, as well as private cybersecurity firm Herjavec Group, are investigating.

June 21, 2019
Jonathan Montpetit / CBC

Jonathan Montpetit / CBC  
‘Ill-Intentioned’ Employee at Credit Union Federation Desjardins Group Stole, Shared Sensitive Data on Nearly Three Million People, 173,000 Businesses

An employee with “ill-intention” at Quebec-based Desjardins Group, the largest federation of credit unions in North America, with outlets across Quebec and Ontario, collected information about nearly three million people and businesses and shared it with others outside the financial institution, the company announced. The breach, one of the largest ever among Canadian financial institutions. affects around 2.7 million people and 173,000 businesses, more than 40% of the co-operative’s clients and members. The stolen and exposed data include names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits. The employee in question has been fired and arrested but not yet charged.

Related:  TMCnet, The Star, ZDNet Security, Reuters, MobileSyrup.com, BleepingComputer.com

Tweets:@CBCAlerts


February 3, 2019
Krishna N. Das / Reuters

Krishna N. Das / Reuters  
SWIFT to Help Bangladesh Bank to Rebuild Infrastructure Following $81 Million Cyber Heist, New York Fed to Support Bank in Lawsuit Against Philippine Bank

International payments network SWIFT has signed an agreement with Bangladesh’s central bank to help it rebuild its infrastructure after hackers, believed to be part of a North Korean state-backed unit, used it to steal $81 million in 2016 in the world’s biggest cyber heist. The announcement follows news that the New York Fed agreed to provide “technical assistance” to Bangladesh Bank in its lawsuit against Manila-based Rizal Commercial Banking Corp (RCBC), which was used to launder the money, much of which disappeared into the casinos of the Philippines. The U.S. Fed’s assistance entails preparing affidavits and clearing employees to testify at hearings or a trial, allowing Bangladesh Bank to interview employees and providing relevant non-privileged documents and information to Bangladesh Bank or to the court.

Related: The Hindu – News, DNA IndiaRAPPLER, Channel News Asia, Firstpost, DataBreaches.net, Channel News Asia, Reuters, The Straits Times Asia News, South China Morning Post, SecurityWeek, RFI


June 12, 2019
Anita Elash / CBC News

Anita Elash / CBC News  
Despite the Likely Illegality of Most Stalkerware Apps, Police and Prosectuors Fail to Take Action Against Abusers, App Developers

Abusers can easily purchase so-called stalkerware apps and download them to their victim’s mobile devices without their knowledge, according to the latest report out of Citizen Lab, part of the Munk School of Global Affairs and Public Policy at the University of Toronto. With such apps, abusers can remotely monitor their victim’s every move, including phone calls, text messages, emails, online activity, contacts lists, calendar entries, and location. In some cases, they can turn on the phone’s microphone or take pictures. Despite the variety of laws that such apps, and app developers, are breaking, police and prosecutors routinely turn a blind eye to these stalkerware violations.

Related: The Citizen Lab, The Citizen Lab<

Tweets: @RonDeibert, @josephfcox


July 29, 2016
MARK HOSENBALL, JOSEPH MENN AND JOHN WALCOTT / Reuters

MARK HOSENBALL, JOSEPH MENN AND JOHN WALCOTT / Reuters  
Clinton Campaign Hacked, Security Firm Finds No Internal System Compromise

Sources tell Reuters that the presidential campaign of Democrat Hillary Clinton was hacked as a follow-on to the DNC hack, widely attributed to Russian state forces. The DNC hacker gained access to an analytics data program used by the DNC, the Clinton Campaign and other Democratic organizations, including, presumably, the Democratic fundraising arm, the DCCC, which was also recently hacked. A security firm hired by the campaign said that no evidence of an internal system compromise in the Clinton campaign’s system was found.

[expand title=”More”]

The Atlantic: Donald Trump’s Radical Foreign Policy
BGR: Trump finally said something so stupid and illegal, he had to pretend he was joking
Kyiv Post: Jennifer Rubin: The Donald joke is on us
The Parallax: Why Russia has a leg up in geopolitical hacking (Q&A)
AOL: Russia to US, Trump: Sort out your own pre-election hacking scandal
Infosecurity Magazine: Russian Hackers May Have Hit the Dems’ Donor Site Too
CBC | Top Stories News: Hillary Clinton team not commenting on report campaign emails hacked
BuzzFeed – Politics: Santorum On Trump’s Russia Comment: He Has To Avoid Looking “Intemperate”
AOL: Sources: Clinton campaign also hacked in attacks on Democrats
PressTV: More Clinton campaign secrets exposed to hackers
Washington Post National: Clinton campaign denies reports that its computer system was hacked
DataBreachToday.com: Clinton Campaign Website Reportedly Breached
Sydney Morning Herald: DNCLeak: Hillary Clinton campaign also hacked in attacks
Bloomberg: Clinton Campaign Says Hackers Accessed Data Program It Used – Bloomberg
UPI.com: Justice Dept. investigating cyberattack against Clinton campaign, reports say
Engadget: Clinton’s campaign was also hacked in breach of Democratic Party
McClatchyDC.com : FBI probing possible hack of Clinton campaign; Russia reportedly suspected
Gizmodo: Report: The Clinton Campaign Also Got Hacked [Updated] 
The Hill: Cybersecurity: Clinton campaign part of DNC hack
Sky News: Hillary Clinton’s Campaign Server ‘Hacked’
Gawker: Clinton Campaign Apparently Also Hacked by Russians
Mashable: Hillary Clinton’s presidential campaign hacked
Japan Times: Clinton campaign’s computer network also hacked during cyberattack on Democrats
CNBC: Hackers breached Clinton campaign computer network: sources
IBTimes.co.uk : Technology: Clinton presidential campaign computer services said to be hacked, FBI investigating
PBS NewsHour: Clinton’s campaign and the DCCC are cyber hacked — was it the Russians?
Inverse: FBI Investigates Yet Another Democratic Party Hack
Zero Hedge: Another “Smoking Gun” Looms As Hillary Campaign Admits Server Hacked
The Times of Israel: New cyber attack hits Democratic Party
Sky News: Hillary Clinton’s Campaign Server ‘Hacked’
RT USA: Clinton campaign network infiltrated by hackers
POLITICO: Trump campaign mocks report of latest Clinton hack
Deutsche Welle: Computer service used by Clinton campaign breached in hack
Sputnik International: Clinton’s Campaign Computer System Hacked by Alleged Russian Intelligence
Newsmax: Law Enforcement Official: Hillary Campaign Apparently Hacked By Russia
The Telegraph : Clinton campaign hit by computer hackers as suspicion falls on Russian spy agencies
SCMP : Hacked: Clinton campaign hit in cyber attack on Democrats
Newsweek : Hillary Clinton Campaign Hacked as Part of the Broad Cyber Attack on …
The Verge: Hackers breached Hillary Clinton campaign networks, says Reuters
Washington Free Beacon: Clinton Campaign Computers Also Hacked

[/expand]
October 1, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
German Academics Develop New Attack, PDFex, That Can Extract and Steal Data From Encrypted Files

A team of six academics from Ruhr-University Bochum and Münster University in Germany has developed a new attack called PDFex that can extract and steal data from encrypted PDF files, sometimes without user interaction. The attack comes in two variations and the researchers successfully tested it against 27 desktop and web PDF viewers, including popular software such as Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox’s built-in PDF viewers. PDFex targets the encryption schemes supported by the Portable Document Format (PDF) standard that supports native encryption so that PDF apps can encrypt files that can be opened by any other app, and prevent user lock-in for one specific PDF software due to the use of shady encryption scheme. The first of the two attacks is called “direct exfiltration.” It takes advantage of the fact that PDF apps don’t encrypt the entirety of a PDF file, leaving some parts unencrypted. The second type of attack uses CBC gadgets which means that the ciphertext is modified to exfiltrate itself after decryption.

Related: TechNadu, SensorsTechForum, PDFInsecurity.org (PDF)

Tweets:@seecurity @hanno @oss_security @softwarnet @campuscodi

TechNadu: Researchers Find Two Methods to Steal Data from Encrypted PDF Files
SensorsTechForum : Major Vulnerabilities in PDF Encryption Create the PDFex Attack
PDFInsecurity.org: Practical Decryption exFiltration: Breaking PDF Encryption (PDF)

@seecurity: New Paper: “Practical Decryption exFiltration: Breaking PDF Encryption“ describing new attacks that uncover the plaintext of encrypted PDFs. To be presented at @acm_ccs and joint work with @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk . #PDFex 1/n
@hanno: PDF encryption is broken in the same way as emails were broken #efail #PDFex I can tell you a "secret": For ZIP-files, Word DOCs, ODT files & probably almost every other password-encryption format that's older than 10 years the same or similar attacks apply.
@oss_security: PDFex: Security weakness in PDF encryption: Posted by Jens Müller on Oct 01TL;DR In the scope of academic research at Ruhr University Bochum and Münster and University of Applied Sciences, Germany, two severe flaws in the PDF encryption standard have… http://dlvr.it/RFG78h
@softwarnet: #infosec https://zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/ New PDFex attack can exfiltrate data from encrypted PDF files All the 27 desktop and web PDF viewer apps that were tested were found to be vulnerable in a way or another.
@campuscodi: PDFex paper [PDF]: https://pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf PDFex: website: https://pdf-insecurity.org/encryption/encryption.html PDFex blog post: https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html Interesting Twitter thread:


January 10, 2019
Karen Lema / Reuters

Karen Lema / Reuters  
Philippine Banker Sentenced to 32 to 56 Years in Prison, Fined $109 Million In Connection With Bangladesh Bank Cyber Heist

A Philippine court sentenced Maia Deguito, a former branch manager at Manila-based Rizal Commercial Banking Corp (RCBC), to a jail term ranging from 32 to 56 years after finding her guilty on eight counts of money laundering, the first conviction related a major cyber bank heist during which $81 million was stolen from Bangladesh’s central bank. She was also ordered to pay a fine of  $109 million. In February 2016, cybercriminals used fraudulent orders on the SWIFT payments system to steal the funds from Bangladesh’s central bank account at the Federal Reserve Bank of New York, which were then sent to a branch of RCBC in Manila then headed by Deguito, before it disappeared into the casino industry in the Philippines. Despite her claims of innocence, the court ruled Deguito facilitated and coordinated and corroborated in the execution and implementation of the illegal bank transactions. Deguito plans to appeal the court’s conviction.