A
new type of attack or merely poor reporting (or maybe Garfield has no
clue how ransomware works)?
Ransomware
attack hits Garfield County, shutting off its computer access for
weeks
A
ransomware attack hit Garfield County's computer systems, crippling
them for weeks before they were able to pay to get access to their
own data, officials confirmed to FOX 13.
"All
of our data had been taken," [Not
encrypted in place? Bob] Garfield County Attorney Barry
Huntington said of the recent data breach.
Someone
clicked on a phishing email earlier this year that launched a
ransomware attack, swiping
up a number of county offices' data and locking it away.
"The
Assessor's Office, the Recorder's Office, some of the files had been
taken and we didn't know
how or why," Huntington said Thursday. "Eventually
we received an email stating that some
terrorists had taken our information and if we wanted it
back, we had to pay them."
… "We
were told to leave our computers off while the FBI and the state
looked into it," Huntington said.
… Garfield
County ultimately paid a ransom to someone in Bitcoin to get access
to its files, phones and systems again, the county attorney said.
Access was restored in March.
… Backups
are essential. For many governments, they contract with
outside services to provide IT support. Collins said it's a good
practice for cities or counties to make sure offsite backups are
continually working.
"Backup
your files regularly, keep them offline," he said.
Huntington
said Garfield County has largely recovered from the attack and has
already spent money and taken steps to have more secure systems.
This
could impact self-driving cars too.
The
Russians are screwing with the GPS system to send bogus navigation
data to thousands of ships, think tank claims
On
May 15, 2018, under a sunny sky, Russian President Vladimir Putin
drove a bright orange truck in a convoy of construction vehicles for
the opening of the Kerch Bridge from Russia to Crimea. At 11 miles
long, it is now the longest bridge in either Europe or Russia.
As
Putin drove across the bridge, something weird happened. The
satellite navigation systems in the control rooms of more than 24
ships anchored nearby suddenly started displaying false information
about their location. Their GPS systems told their captains they
were anchored more than 65 kilometers away — on land, at the Anapa
Airport.
This
was not a random glitch, according to the Centre for Advanced
Defense, a security think tank. It was a deliberate plan to make it
difficult for anyone nearby to track or navigate around the presence
of Putin, C4AD says.
… Your
phone, law enforcement, shipping, airlines, and power stations —
anything dependent on GPS time and location synchronization — are
all vulnerable to GNSS hacking.
A
warrant for data they know is unavailable?
What
Happened When The DEA Demanded Passwords From LastPass
… In
one case—the first
documented government request to any major password manager —
the Drug Enforcement Administration (DEA) demanded logins and
physical and IP addresses, as well as communications between a user
and LogMeIn, the owner of massively popular tool LastPass. It’s an
encrypted vault for storing passwords. The DEA was seeking
information related to a LastPass customer, Stephan Caamano,
suspected of dealing drugs via the dark Web and Reddit, according to
a search warrant detailing the request.
Passwords
were not handed over, but LastPass did return IP addresses used by
the suspect, alongside information about when Caamano’s LastPass
account was created and when it was last used. According to the
government’s application for the search warrant, filed at the end
of January 2019: “Such information allows investigators to
understand the geographic and chronological context of LastPass
access, use, and events relating to the crime under investigation.”
… With
enough evidence in hand, police arrested Caamano on May 29, when they
seized a mobile device on which LastPass was installed. Police
were also able to bypass encryption on the suspect’s CyberPowerPC,
where they discovered an extension app for LastPass. But as they
didn’t have the master password, the police couldn’t get access
to the account and the logins within.
… Despite
its demand, the
government could never have expected passwords from LastPass.
A LogMeIn spokesperson explained: “User passwords stored on
LogMeIn's servers are only done so in an encrypted format. The
only way they get decrypted is on the user’s side,
and the way that happens—the decryption key—is the user’s
master password (used to log into LastPass), which is never received
by or available to LogMeIn/LastPass. In other words, we have no
means of decrypting user password information on our side, and thus,
we are unable to provide these passwords.”
How
will libraries be impacted by CCPA?
What
e-books at the library mean for your privacy
cnet:
“E-books
and
audiobooks, now standard at libraries, make protecting privacy
harder. Titles are usually provided through private companies, which
can access your data. And today’s software can create more
comprehensive records about you than a simple list of the books you
checked out. (You can also get many e-books and audiobooks online
free
and legally.)…
Cybersecurity experts have found bugs in library apps. Erin Berman,
who chairs a privacy subcommittee at the American Libraries
Association, said a test of products she oversaw at the San
Jose Public Library
in 2018 found six apps with serious cybersecurity flaws…”
AI:
good for the government(?) but bad for the people.
One
Month, 500,000 Face Scans: How China Is Using A.I. to Profile a
Minority
The
Chinese government has drawn wide international
condemnation for
its harsh crackdown on ethnic Muslims in its western region,
including holding as many as a million of them in detention camps.
Now,
documents and interviews show that the authorities are also using a
vast, secret system of advanced facial recognition technology to
track and control the Uighurs, a largely
Muslim minority.
It is the first known example of a government intentionally using
artificial intelligence for racial profiling, experts said.
One
to watch?
Ai
Everything: UAE to host the world's foremost AI summit to empower
global dialogue on the future of government, business and society
Dubai World Trade Center (DWTC) is set to host the
first-ever edition of what is to become the most influential
Artificial Intelligence (AI) event to date, Ai Everything (AiE). The
summit will run from April 30 – May 1, 2019 and will witness the
highest calibre of AI talent engage with a thriving global AI
community.
Perspective.
3 Reasons
Why Investors Should Keep a Close Eye on the Ride-Sharing Market
1. Ride-sharing could
be worth $285 billion by 2030
2. Americans' views on
car ownership are changing
3. Ride-sharing usage
is growing fast
No comments:
Post a Comment