Connect with us

Cyber Security

Apple Maintains Blindsided and Handcuffed by a Trump Administration Probe

Published

on

Apple

Apple claims it was blindsided and shackled by a Trump administration probe that ended in the corporation handing up phone data from two Democratic congressman, in order to safeguard its reputation as a champion of personal privacy.

In reaction to press reports describing the US Justice Department’s aggressive attempts to use its legal authority to uncover leaks related to an investigation into former President Donald Trump’s connection to Russia, Apple released its version of events on Friday.

The Justice Department was able to persuade a federal grand jury to issue a subpoena, which resulted in Apple handing over metadata regarding House Intelligence Committee members Adam Schiff and Eric Swalwell, both California Democrats, in 2018. Both legislators were members of the committee investigating Trump’s ties to Russia, and Schiff now serves as the panel’s chair.

According to the firm, Schiff and Swalwell were unaware that part of the information had been confiscated until May 5, after a series of gag orders had finally expired.

Apple’s compliance with the subpoena was revealed at a time when the corporation was ratcheting up efforts in its marketing campaigns to depict privacy as a “basic human right.” In April, Apple upped the ante on privacy by releasing iPhone privacy controls in an effort to make it more difficult for firms like Facebook to track people’s online behaviour in order to sell ads.

Apple said in a statement that it will continue to oppose unwarranted legal requests for personal data and keep customers informed.

Apple, on the other hand, stated it was bound by a nondisclosure order issued by a federal magistrate judge and that it had no knowledge of the investigation’s nature.

Without looking through consumers’ accounts, Apple would have been almost difficult to determine the objective of the required information, according to the Cupertino, California-based business. “Apple confined the information it provided to account subscriber information and did not release any content, such as emails or images, in accordance with the request.”

Based on the broad extent of the request for “customer or subscriber account information” encompassing 73 phone numbers and 36 email addresses, Apple believes other technological businesses may have been subjected to similar legal demands.

It’s unknown how many more businesses may have been entangled in the Trump administration’s hunt for leakers.

Microsoft stated in a statement that it received at least one subpoena in 2017 linked to a personal email account. After the gag order expired, the company said it alerted the customer, who turned out to be a member of Congress’s staff. “In circumstances like this, we will continue to vigorously pursue legislation that imposes appropriate restrictions on government secrecy,” the business added.

Apple’s limited compliance with the demands was less concerning to privacy experts than the US regulations that permitted the Justice Department to obtain the subpoenas in secret and then keep them hidden for years.

According to Alan Butler, executive director of the Electronic Privacy Information Center, the subpoenas are “a textbook example of government abuse” that ensnared Apple.

“It’s harder, but not impossible, to contest these kind of subpoenas,” Butler said. “And if there was ever one worth taking on, it might as well have been these.”

According to Cindy Cohn, executive director of the Electronic Frontier Foundation, Apple’s answer to the demand does not inherently contradict the company’s stance on the importance of personal privacy. Because Apple’s privacy pledges mostly depend upon protecting its consumers from online surveillance, this is the case.

She believes the broader issue is why a grand jury in the United States can issue a subpoena and then prevent Apple from informing the people who are affected.

“The overall secrecy of this is troubling,” Cohn added, “especially given it appears to be a politically motivated investigation.”

Apple has a history of defying judicial orders, most notably in 2016, when the Justice Department attempted to force Apple to unlock an iPhone belonging to one of the shooters in the San Bernardino mass shooting.

Apple refused to cooperate, claiming that doing so would open a digital backdoor that would put all iPhone users’ security and privacy at risk. When the FBI hired a different business to unlock the iPhone linked to the shooting, the legal battle was over.

“At that point, Apple truly put its money where its mouth was,” Butler said.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/apple-maintains-blindsided-and-handcuffed-by-a-trump-administration-probe/

Cyber Security

Many IP Camera Vendors’ Firmware Contains Serious Vulnerabilities

Published

on

According to France-based cybersecurity firm RandoriSec, IP cameras sold by a dozen vendors are vulnerable to remote assaults due to many major vulnerabilities discovered in the firmware they all share.

Researchers from RandoriSec uncovered a slew of serious and high-severity flaws in UDP Technology’s IP camera firmware, a South Korean business that specialises in digital video solutions for the security and IP surveillance industries.

Earlier this month, the cybersecurity firm published a blog post explaining its discoveries, and the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning users about the risks posed by these flaws on Tuesday.

Since 2017, RandoriSec has been discovering vulnerabilities in UDP Technology firmware. The company’s most recent investigation discovered 11 remote code execution issues and one authentication bypass vulnerability. Unauthenticated attackers can use the vulnerability to take complete control of the cameras in question.

While the flaws were discovered after a study of IP cameras provided by Geutebrück, a German video management solutions company, RandoriSec founder Davy Douhine told SecurityWeek that he is convinced that IP cameras from all other vendors who use the UDP Technology software are also susceptible.

RandoriSec identifies Ganz, Visualint, Cap, THRIVE Intelligence, Sophus, VCA, TripCorps, Sprinx Technologies, Smartec, and Riva as UDP firmware vendors in a blog post explaining its results.

According to Douhine, the authentication bypass vulnerability they discovered can be exploited to directly hack impacted IP cameras over the internet. He provided a Shodan search query with SecurityWeek that revealed over 140 internet-exposed machines, mostly in the United States and the United Kingdom.

The cybersecurity business has been developing Metasploit modules to exploit the UDP vulnerabilities; the first Metasploit modules were disclosed in an attempt to “wake up” the vendor, but it failed.

RandoriSec is now working on a post-exploitation module that may be used to freeze the targeted camera or inject arbitrary pictures, similar to what is shown in movies.

“We’re particularly proud of this last one because it appears to be the first of its sort in Metasploit,” stated Douhine in an email.

UDP Technology did not reply to RandoriSec’s notification attempts, although the company did provide updates after being notified of the vulnerabilities by Geutebruck, according to RandoriSec. Geutebruck has made the patches accessible to its customers, and the cybersecurity firm believes other impacted camera makers have received them as well, though it is unable to confirm this.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/many-ip-camera-vendors-firmware-contains-serious-vulnerabilities/

Continue Reading

Cyber Security

Cyberattack that Crippled the Computer Systems of a Hospital Network

Published

on

According to a University of Vermont Health Network official, a cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall occurred after an employee opened a personal email on a company laptop while on vacation.

According to Doug Gentile, network chief medical information officer, the email came from a legitimate local business that had been hacked. The malware was contained in an attachment in the email. The attackers were ready and waiting when the employee returned from vacation and logged onto the UVM network through a virtual private network, he said.

“We have no evidence that UVM was singled out for attack. “We were just the victims of a large-scale phishing attack,” Gentile said on Tuesday.

VTDigger was the first to report on the attack. Officials said at the time that the October 2020 cyberattack caused significant, ongoing computer network problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The FBI and two other federal agencies issued an alert the same day, stating that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”

By looking through detailed logs, UVM was able to figure out how the cyberattack occurred a week or so later, according to Gentile. It had immediately contacted state and federal authorities, and the FBI had been extremely helpful in the investigation, he said. According to him, the attack was carried out by a criminal gang that the FBI is familiar with.

“These people are virtual and can exist in any location. The majority of them are offshore, out of reach of our law enforcement,” he said.

UVM Health Network had blocked access to personal email for anyone on the network at the time of the attack, but had not yet extended that to machines off the corporate network, which it had planned to do this year, according to Gentile. He claims it has since done so.

The FBI and two other federal agencies issued an alert the same day, stating that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”

UVM has blocked access to all corporate assets, installed more advanced viral wall protection on all corporate assets, and significantly tightened its vpn access since the attack, he said.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/cyberattack-that-crippled-the-computer-systems-of-a-hospital-network/

Continue Reading

Cyber Security

Industrial Automation Software Informed Customers About a Dozen Vulnerabilities

Published

on

Cisco

CODESYS, a developer of industrial automation software, notified customers this month of a dozen vulnerabilities impacting a variety of devices. Cisco Talos detected more than half of these issues, and the details were released on Monday.

Vulnerabilities in CODESYS software could have substantial consequences because it is utilised in several large firms’ industrial control systems (ICS). Last month, a cybersecurity firm warned that serious security holes uncovered in CODESYS software exposed programmable logic controllers (PLCs) made by more than a dozen manufacturers to attacks.

CODESYS announced on July 22 that patches for remote code execution, denial of service (DoS), and information disclosure vulnerabilities in its Development System, V3 web server, Gateway, Runtime Toolkit for VxWorks, and EtherNetIP products are now available.

A critical severity rating has been applied to only one vulnerability. The bug, dubbed CVE-2021-33485, is a heap-based buffer overflow in the CODESYS V3 web server that can be used to launch DoS attacks or execute remote code using specially crafted requests.

Cisco’s Talos research and threat intelligence unit uncovered seven vulnerabilities, according to a CODESYS alert. Researchers from Talos discovered that unsafe deserialization flaws in the CODESYS Development System, a programming tool for industrial control and automation systems, can lead to remote code execution.

An attacker could take advantage of these flaws by altering local configuration or profile files, or duping a local user into opening malicious project or archive files.

The manufacturer stated that it was unaware of any attacks exploiting these holes, but that security scanners can exacerbate some of the flaws.

CODESYS stated in each advisory that the vulnerabilities can be exploited by an attacker with limited capabilities.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/industrial-automation-software-informed-customers-about-a-dozen-vulnerabilities/

Continue Reading

Cyber Security

1Password Announced Receiving a $100 Million Increases its Valuation to $2 Billion

Published

on

1Password, a password management software company, revealed today that it has received a $100 million investment, bringing its total worth to $2 billion. The company had raised $200 million in a Series A round of funding.

Accel led the newest round of fundraising, which also included new investors Sound Ventures and Skip Capital. The funds will be used to help 1Password continue to build its business, according to the company.

Secrets Automation, 1Password Events, and a full-featured Linux desktop application, as well as connections with Slack and Rippling, the company claims it has achieved considerable growth since the previous financing round and has expanded its commercial services over the past months.

1Password, which was founded in 2005, provides private, secure password management solutions for both businesses and end-users. GitLab, IBM, Intercom, Slack, and Under Armour are among the company’s more than 90,000 enterprise customers.

“This contribution from a diverse group of industry leaders demonstrates a dedication to safeguarding businesses and families. As we assist clients keep ahead of the never-ending parade of dangers, we’re already working closely with our seasoned investors to drive growth into new areas, like secrets management,” said Jeff Shiner, CEO of 1Password.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/1password-announced-receiving-a-100-million-increases-its-valuation-to-2-billion/

Continue Reading
AI4 hours ago

Why Machine Vision Matters to Your Business

Investing14 hours ago

How do you use top stock signals as a beginner?

AR/VR1 day ago

nDreams Opens Studio Orbital Focusing on Live Service Games for VR

Energy1 day ago

Save money, stay cool as heat wave hits the Carolinas

Energy1 day ago

The Shaw Group Partners with Clough in the U.S. to Deliver Pipe Fabrication for Gulf Coast Petrochemical Project

Energy1 day ago

Fermentation Chemicals Market Procurement Intelligence Report with COVID-19 Impact Analysis | SpendEdge

Energy1 day ago

ALYI Previews Upcoming Multimedia Communication Campaign Featuring Electric Motorcycle Pilot Launched Earlier This Month

AR/VR1 day ago

Carrier Command 2 VR August Launch Date Confirmed

AR/VR1 day ago

Review: Winds & Leaves

Gaming1 day ago

Destruction AllStars Developer Delays Season 2, Releases New Patch

Gaming1 day ago

Crimson Desert Delayed to Unknown Date

Blockchain1 day ago

Institutions Are Purchasing Bitcoin, Politicians Need More Crypto Education: Novogratz

Gaming1 day ago

Resident Evil Village and Monster Hunter Rise Drive Record Q1 Profits for Capcom

Gaming1 day ago

Resident Evil Village and Monster Hunter Rise Drive Record Q1 Profits for Capcom

Blockchain1 day ago

RUNE Technical Analysis: Look Out for the Second and Third Resistance Levels of $5.29 and $5.75

CNBC1 day ago

Louis Vuitton is making a mobile game with embedded NFTs

Gaming1 day ago

Blacktail Interview – Story, Combat, Morality, and More

Gaming1 day ago

Blacktail Interview – Story, Combat, Morality, and More

Gaming1 day ago

Blacktail Interview – Story, Combat, Morality, and More

Gaming1 day ago

F1 2021 Update Re-enables Ray-Tracing on PS5

Gaming1 day ago

F1 2021 Update Re-enables Ray-Tracing on PS5

Gaming1 day ago

F1 2021 Update Re-enables Ray-Tracing on PS5

Private Equity1 day ago

Recently-created asset management major Blue Owl closes Opportunistic Fund with $2.5bn of firepower

Blockchain1 day ago

Bitcoin Needs Rules That Allow Innovation: Sen Cynthia Lummis

Blockchain1 day ago

Bitcoin Needs Rules That Allow Innovation: Sen Cynthia Lummis

Gaming1 day ago

PS5 – M.2 SSD Expansion Support Coming in Next Software Update

Gaming1 day ago

PS5 – M.2 SSD Expansion Support Coming in Next Software Update

Gaming1 day ago

PS5 – M.2 SSD Expansion Support Coming in Next Software Update

Aviation1 day ago

Alitalia Cargo lifts 1 million vaccine doses from Italy to El Salvador

CNBC1 day ago

Rocket Lab launches US Space Force satellite after its failed mission in May

Trending