Friday, February 18, 2022

A not-so-subtle reminder: Today your website, tomorrow your more critical systems.

https://www.cpomagazine.com/cyber-security/new-wave-of-cyber-attacks-on-ukrainian-government-websites-knocks-defense-ministry-offline/

New Wave of Cyber Attacks on Ukrainian Government Websites Knocks Defense Ministry Offline

A second wave of cyber attacks in Ukraine knocked a number of websites offline temporarily, including the Defense Ministry’s public-facing site and two major banks.

An earlier round of attacks in mid-January focused on defacing government websites and making threats, but did not do any known damage beyond that. The current cyber attacks appeared to use distributed denial of service (DDoS) techniques to take several websites offline for several hours.

It’s natural to assume that Russia is behind the cyber attacks on Ukraine’s government websites, but the seeming lack of effort and damage does raise some questions. The first wave of attacks in January, which amounted to nothing more than defacement of a number of government websites, was eventually attributed to a hacking team linked to Belarus intelligence. The Ukrainian security officials believe that the defacements may have been cover for something more serious, and “wiper” malware was reportedly found stashed away on some systems, but the only escalation thus far has been the DDoS attacks which seem to have been fairly easily recovered from.


(Related)

https://thenextweb.com/news/conflict-ukraine-proves-cyber-attacks-are-weapons-of-war

The conflict in Ukraine proves cyber-attacks are now weapons of war

For the past few weeks, Russia has been deploying military forces into strategic positions on Ukraine’s borders. However, there is another, virtual dimension to the escalating conflict: cyber-attacks on the Ukrainian government and business websites and services.

Attacks on Ukraine’s information systems are part of a type of hybrid warfare that Russia has been fine tuning for the past couple of decades but is now far more sophisticated.

Cyber espionage and information warfare have become an intrinsic part of recent conflicts and happen on a regular basis between conflicting powers. However, governments do not usually publicly claim responsibility for this type of activity, since this could put them in a position of declaring war against the targeted country and provoking counterattacks and sanctions from the international community. Therefore, evidence that Russia is definitely behind these attacks is hard to establish.



Addressing new technology introduced in the last five years or attempting to delay the law for another five years?

https://economictimes.indiatimes.com/tech/technology/fresh-legislation-may-replace-data-protection-bill/articleshow/89624369.cms

Fresh legislation may replace Data Protection Bill

India may draft a completely new privacy bill, people directly aware of the matter told ET, by putting aside the current version of the Personal Data Protection Bill 2019 that has been in the making for nearly five years and does not comprehensively address the requirements of the country’s changing technology landscape, they said.

Among the options being discussed is the introduction of fresh legislation that can cater to the ongoing "sea change in the local and global technology (environment)", those aware of the thinking within government circles said.



Not sure I understand the fears that prompted this. How does recognition of AI as a person grant the AI greater rights?

https://www.deseret.com/u-s-world/2022/2/17/22939000/idaho-lawmakers-new-bill-animals-personhood

Idaho lawmakers introduce a new bill that would bar animals and AI from ‘personhood’

Idaho lawmakers have introduced a bill that would prevent animals, natural resources and artificial intelligence from gaining “personhood status” in Idaho, the Idaho State Journal reports.

What’s happening: Idaho’s House State Affairs Committee on Tuesday introduced new legislation that “seeks to prevent any future efforts to increase environmental protections for animals or inanimate objects by granting them some of the same legal rights a person would have,” according to KTVB.

The sponsor of the bill — Rep. Tammy Nichols, R-Middleton — said there’s been a push nationwide for nonhuman entities to gain personhood status in order to limit access to natural resources, according to The Associated Press.

We don’t want our children to be inferior to artificial intelligence,” she said. “Children are not equal to bodies of water or trees, so their rights shouldn’t be equal to those as well.”



Were we once courteous? How did we lose that skill? (Good on ya!)

https://www.databreaches.net/this-sites-new-no-help-for-you-policy/

This site’s new “No help for you” policy

From the “Yes-I’m-grumpy-but-you-earned-it Department:”

Over the years, mainstream journalists have reached out to me for information related to breach stories they were developing, and I generally tried to help them. In some cases, that might involve a few phone calls. In other cases, it might be an hour or more of my time on the phone or some phone calls and emails. And I wish I had a dollar for every time a reporter told me that they had no idea how to get to the dark web or that their editor wouldn’t let them go on the dark web and would I be willing to share some data with them?

In any event, in cases where it sounded like a chunk of my time would be needed or I had already been talking to the reporter for an hour to help them understand an incident, I have told the reporters that I was happy to help them but I expected them to link to my site or my reporting on the incident or somehow acknowledge the information on this site and the help they received. They all said they understood, and with one exception, they agreed to that.

Annoyingly, many of those who agreed that they would link to this site or this site’s original reporting and coverage broke their word. Their stories appeared and they never informed their readers that this site had previously covered what they were now reporting or had helped the reporter understand the issues, events, or what HIPAA and HITECH require.

That failure to acknowledge the help and this site happened again recently. Let’s just call it the straw that broke this camel’s back.

This site has a new policy.

I’m done providing free help to paid journalists who just want to use me as a free source or resource without any credit. This does not apply to the regular infosec/data breach journalists because we have a mutually supportive relationship when it comes to sharing information or helping each other. This policy applies to paid reporters from news outlets because they just take and give nothing back to this site. They are now on their own unless they want to hire me to help them for a discounted rate of $350.00 per hour. Or they can go looking for others who may be willing to donate chunks of time to them for free. I am no longer willing to.

This site doesn’t make any money but that doesn’t mean that I can just sit around spending hours helping others earn money for reporting while they don’t credit their sources.



A tool I use frequently.

https://www.makeuseof.com/how-to-organize-kindle-library-using-calibre/

4 Ways to Organize Your Kindle Library Using Calibre

Calibre is a hugely useful ebook management software. It allows you to tag, sort, and otherwise play around with the ebooks in your personal library. And if you're anything like us, you may have accumulated a vast number of ebooks in your Kindle library.

It's difficult to meaningfully organize your Kindle ebooks, so here are four ways to organize your Kindle library using Calibre.


No comments: