Ohio-based cybersecurity firm Finite State released a report that documents flaws in Huawei Technologies’ equipment that can be used by hackers. According to the report, these flaws are much more extensive than those found in similar gear from rival companies. The report does not, however, accuse the company of incorporating these flaws deliberately and does not comment on U.S. claims that the Chinese company uses such flaws to conduct espionage. The flaws were found in firmware, which enables a computer’s hardware. Continue reading Cybersecurity Report Finds Extensive Flaws in Huawei Gear

Hackers likely associated with the Chinese government broke into at least 10 global telecom carriers, stealing call logs, users’ locations and text-messaging records, according to a report from Boston-based Cybereason. The cybersecurity firm spent 2018 scrutinizing a multi-year, ongoing campaign, suspected to be directed by China and aimed at 20 military officials, spies, law enforcement and dissidents in Africa, Asia, Europe and the Middle East. Cybereason believes the recent hacks point to Chinese group APT10. Continue reading Report: Suspected Chinese Hackers Target Global Telecoms

The British intelligence agency GCHQ (Government Communications Headquarters), which analyzes signals and cracks codes, has proposed eavesdropping on encrypted chat services. The backlash has been strong, with 50+ companies, security experts and civil rights organizations calling it a “serious threat” to human rights and digital security. Apple, Google, Microsoft, WhatsApp and Privacy International are among those encouraging GCHQ to drop the “ghost protocol” proposal first put forward in November 2018. Continue reading U.K. Spy Agency’s Bid to Snoop on Chats Meets Opposition

The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns. Continue reading Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

Intel and micro-architecture security researchers discovered new vulnerabilities in the company’s chipsets that allow hackers to “eavesdrop” on all processed raw data. Four attacks showed similar techniques, which Intel dubbed Microarchitectural Data Sampling (MDS) and the researchers have named ZombieLoad, Fallout and Rogue In-Flight Data Load (RIDL). The discovery comes more than a year after Intel and AMD identified Meltdown and Spectre, two major security flaws. AMD and ARM chips are not vulnerable to these new attacks. Continue reading Intel, Researchers Team to Address Security Flaws in Chips

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability. Continue reading WhatsApp Calls Used to Inject Spyware on Mobile Phones

As part of a range of efforts to show that it has taken regulator and governmental concerns seriously, Facebook has set up an operations center in its European headquarters in Dublin, Ireland ahead of the upcoming European Union’s parliamentary election, which is scheduled for May 23-26 across 28 countries. Employees will monitor and clear Facebook of misinformation, fake accounts, and any signs of foreign meddling aimed at swaying election results. Facebook recently set up a similar post in Singapore for elections in India.

Continue reading Facebook Opens New Command Post Ahead of EU Election

In its first quarter earnings report yesterday, Facebook revealed that it is putting aside $3 billion (about 6 percent of its cash and marketable securities) in anticipation of an upcoming fine from the Federal Trade Commission regarding privacy violations. The penalty, which could become the highest of its kind against a tech company by U.S. regulators and the biggest privacy-related fine in the FTC’s history, is expected to run from $3 billion to $5 billion. The social media giant posted more than $15 billion in revenue, a 26 percent increase over the year-earlier period. Continue reading Facebook Planning to Face FTC Fine in Excess of $3 Billion

Huawei Technologies has inked 40 commercial contracts for 5G technology, leading its Q1 revenue to leap 39 percent to 179.7 billion yuan ($26.8 billion). The Chinese company also stated that it has shipped about 70,000 5G base stations, making it a leading supplier of 5G gear. Huawei’s net-profit margin rose a bit to 8 percent. The company also introduced what it calls the world’s first 5G-communication hardware for the auto industry. Its MH5000 module is built on its newly launched Balong 5000 5G chip. Continue reading Huawei Inks 40 Contracts to Build and Operate 5G Networks

According to sources, on May 2-3 when officials from 30+ countries meet in Prague to discuss security principles for 5G networks, the U.S. will propose measures to prevent China’s Huawei from gaining dominance. The U.S. has long believed that the Chinese government can use Huawei’s gear to spy via Internet-connected products from AR to self-driving cars. Huawei has denied the accusations. The U.S. strategy at the upcoming meeting, said a U.S. official, is “softer” than its previous efforts to limit Huawei’s influence. Continue reading U.S. Tries Softer Tack to Limit Huawei at Prague 5G Confab

Autocratic countries are moving towards China’s version of the Internet — limited content and controlled data — as a way of ensuring their own continued power and mimicking the success of Chinese corporations such as Alibaba Group and Tencent Holdings. Vietnam, Thailand, India and Russia are among those embracing a government-controlled model. China has also become the first government to intentionally use artificial intelligence for racial profiling, in this case its 11 million Uighurs, a Muslim minority group. Continue reading China’s Internet Model Gains Popularity Among Autocracies

At the NAB 2019’s Broadcast Cybersecurity course, Emblematic Group founder/chief executive Nonny de la Peña introduced deep fakes by showing pairs of images and asking the audience to call out which was fake and which was real. From paired images of Presidents Obama and Trump, among others, audience members were consistently unable to pick the correct “fake” image. University of Washington researchers created a very convincing — but fake — video of Barack Obama, she revealed, by using neural network AI and 14 hours of Obama footage. Continue reading Another Perspective on Deep Fakes: Threat and Opportunity

Cybersecurity firm UpGuard has discovered that Facebook user data has been publicly available on Amazon cloud services. UpGuard was unable to determine how long the personal data was vulnerable, but Mexico-based Cultura Colectiva, for example, stored account names, identification numbers, comments and reactions in 540 million records of Facebook users, which anyone could access and download. The discovery makes it clear that Facebook user data is still insecure, even after the Cambridge Analytica scandal. Continue reading Private Facebook User Data Made Public on Amazon Cloud

U.S. and China just held a meeting to resolve several issues that have risen to the forefront in their yearlong trade dispute. The Trump administration is pushing China to lift restrictions that make it difficult for U.S. companies to operate there. U.S. businesses also chafe against China’s cybersecurity laws that require them to store data in China and rely on Chinese network equipment. Although these topics have not been on the negotiating table, China has recently made it clear it is willing to discuss them. Continue reading U.S., China Advance Negotiations on Trade, Cybersecurity

Congress introduced the Internet of Things Cybersecurity Improvement Act yesterday, in an effort to position legislative power behind securing connected devices. Defense Intelligence Agency director Lieutenant General Robert Ashley told lawmakers last year that IoT devices are considered one of the “most important emerging cyberthreats” to national security. Without a national standard for IoT security, we need to rely on steps taken by individual companies. The legislation, which was first introduced in 2017, would require security standards for IoT devices used by the federal government. Continue reading Congress Introduces IoT Bill to Protect Connected Devices