Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.
Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware. The cryptojacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. More than 5,000 websites have been flooded by the malware.Read more
A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.
Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack.Read more
Donald Trump’s national security team is looking at options to counter the threat of China spying on US phone calls that include the government building a super-fast 5G wireless network. The official said the option was being debated at a low level in the administration and was six to eight months away from being considered by the president himself.
The 5G network concept is aimed at addressing what officials see as China’s threat to US cyber security and economic security. The Trump administration has taken a harder line on policies initiated by predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire US strategic industries.Read more
Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.
The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major citie.Read more
A Defense Department report found that 165 defense contractors had their initial security clearances revoked last year after further investigation linked the recipients to problematic or illicit activity, including questionable financial transactions, influence by foreign governments and even felonies like pedophilia.
The report, which will be released Wednesday, shows how it is possible for people who have been compromised or who have criminal backgrounds to slip through the cracks of the preliminary background investigation and obtain access to sensitive national security-related information.Read more
A state law enforcement officer, apparently without the knowledge of his own agency, purchased malware that can intercept social media messages, emails, and much more.
Although it’s unclear why the investigator bought the malware, which requires physical access to a smartphone to install, this is the first known case of a US state law enforcement officer purchasing such a tool. In a similar way to how surveillance technology such as Stingrays has trickled down to local agencies, the news highlights how spying software is not limited to federal agencies such as the FBI or DEA, but has spread, in some form, to more regional forces.Read more
Moscow-based security software maker Kaspersky Lab said on Monday it has asked a U.S. federal court to overturn a Trump administration ban on use of its products in government networks, saying the move deprived the company of due process.
The Department of Homeland Security (DHS) in September issued a directive ordering civilian government agencies to remove Kaspersky software from their networks within 90 days. It came amid mounting concern among U.S. officials that the software could enable Russian espionage and threaten national security.Read more
Top Democrats on the Senate Commerce Committee are renewing efforts to pass a law requiring companies to quickly notify consumers in the wake of a data breach.
The bill, known as the Data Security and Breach Notification Act, seeks to implement nationwide breach notification standards and replace the confusing patchwork of state laws currently in place. If signed into law, the bill as is would impose new penalties on anyone convicted of “intentionally and willfully” concealing a data breach, including fines and up to five years imprisonment, or both.Read more
D.J.I., the popular drone maker, stands as a symbol of China’s growing technology prowess. Its propeller-powered machines dominate global markets and buzz regularly over beaches, cityscapes at sunset and increasingly, power plants and government installations.
Now D.J.I. is fighting a claim by one United States government office that its commercial drones and software may be sending sensitive information about American infrastructure back to China, in the latest clash over the power of data in the growing technological rivalry between the two countries.Read more
The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online.
The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures.Read more