Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike.
A massive database for 2,565,724 people -- with names, ID card number, expiration date, home address, date of birth, nationality, gender, photograph, employer and GPS coordinates of locations -- was left online without authentication, according to a report from ZDNet. Security researcher Victor Gevers, who found the database, told ZDNet that over a 24-hour period, a steady stream of nearly 6.7 million GPS coordinates was recorded, which means the database was actively tracking Uyghur Muslims as they moved around Xinjiang province in China.
It’s a foregone conclusion that app makers will get at least some data on how you use their product. How much data do you really expect, though? Maybe which buttons you tap or the length of sessions? According to TechCrunch and analytics company App Analyst, some popular iPhone apps are getting much more. They basically see everything you do in real time, even sensitive information like passwords and credit card numbers.
China and Russia are likely building high-powered lasers that can shoot down US satellites, according to a new Pentagon report. Both countries are developing an arsenal of anti-satellite weaponry including missiles, cyber attacks, and "directed energy weapons," according to the US Defense Intelligence Agency.
The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.
Senior U.S. officials and experts say the United States needs to rally allies to pressure China to prevent it from stealing advanced technology through cyber espionage. At the same time, key American lawmakers are questioning the readiness and capacity of the U.S. to counter such threats.
I used to think we didn’t have enough strategic documents guiding U.S. cyber policy. Now I think we have at least one too many. In September, the Trump administration published a National Cyber Strategy--proudly declaring that it was the first fully articulated cyber strategy in 15 years. This week, the annual intelligence threat hearing laid bare the fantasy world of that four-month-old document and the cold hard reality of, well, reality.
Lawmakers fear that increased threats from foreign actors, combined with lingering effects from the government shutdown, are making the U.S. more susceptible to cyberattacks. The Department of Homeland Security (DHS) issued its first-ever emergency directive during the record-long shutdown, requiring federal agencies to secure certain systems after researchers found Iranian actors were trying to penetrate U.S. government networks.
The United States is facing a wave of new threats from abroad. Unlike in previous decades, some of the most serious of these threats are cyber-related. On Tuesday, Director of National Intelligence Daniel Coats released the intelligence community’s annual Worldwide Threat Assessment, which identifies and evaluates these various threats to the nation.