By Associated Press | Updated: 11 December 2021
A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organisations around the world.
“The internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies, and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on November 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users. “Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter, and Cloudflare.
Cloudflare’s Sullivan said there we no indication his company’s servers had been compromised. Apple, Amazon, and Twitter did not immediately respond to requests for comment.
Google Appeals EUR 2.4-Billion Shopping Fine at Top EU Court
By Agence France-Presse | Updated: 21 January 2022
Google on Thursday appealed an EU court decision to uphold the bloc’s EUR 2.4 billion (roughly Rs. 20,255 crore) fine for abusing its search engine dominance.
The tech giant said it would go to the European Court of Justice, the EU’s highest court, after the General Court confirmed in November a decision by the European Commission in 2017.
At the time, the fine was the European Union’s biggest ever. But it was later exceeded by a EUR 4.3 billion (roughly Rs. 36,290 crore) fine against Google over its Android smartphone operating system.
“After careful consideration, we have decided to appeal the General Court’s decision because we feel there are areas that require legal clarification from the European Court of Justice,” a short statement by the company said.
The case centres on Google’s shopping service and is one of three against the search engine giant currently moving through the EU’s drawn-out appeals system.
The new appeal could take up to two years to reach an outcome, stretching the case out to well more than a decade after the commission launched its investigation in 2010.
The court confirmation on Google Shopping was a win for the EU’s anti-trust supremo Margrethe Vestager, who burst onto the scene in Brussels by scrapping her predecessor’s more conciliatory approach to the US Internet giant.
Vestager had lost in the same court in a different major case, , Apple and Ireland, in which her teams had ordered the iPhone maker to repay EUR 13 billion (roughly Rs. 1,09,710 crore) plus interest to the Irish taxpayer. The EU has appealed that ruling.
The fine for Google came after seven years of investigation launched by complaints from other price-comparison services that saw traffic plummet against Google Shopping.
Big Tech: Bills Targeting Google, Facebook, More Firms to Go Before US Senate Panel
By Reuters | Updated: 20 January 2022
The US Senate Judiciary Committee is set to decide Thursday whether the full Senate should vote on two bills aimed at reining in tech giants like Alphabet’s Google and Meta’s Facebook.
Lawmakers are expected to consider an amended version of a bill introduced by Senators Amy Klobuchar, a Democrat, and Chuck Grassley, a Republican, that would bar tech platforms like Amazon from giving preference to their own businesses on their websites.
The amended version would expand the definition of the companies covered by the bill to include firms like the popular video app TikTok, according to sources familiar with the matter.
China’s Tencent, which owns messaging app WeChat, would also be covered by the bill, according to one source.
Two sources familiar with the matter said it was unclear that the Klobuchar-Grassley measure had the votes needed to send the measure to the Senate floor for final passage. The sources asked not to be named because they were not authorised to speak about the matter on the record.
A second bill, led by US Senators Richard Blumenthal and Marsha Blackburn, is also on the schedule. The Open App Markets Act would bar big app stores, like Apple, from requiring app providers to use their payment system and prohibit them from punishing apps that offer different prices through another app store or payment system.
This bill is on the schedule for the first time Thursday, which means that it is likely to be put off at least a week.
Both measures, and other bills aimed at Big Tech, have set off a firestorm of opposition from powerful business groups. The US Chamber of Commerce’s Chief Policy Officer Neil Bradley opposed the bill backed by Klobuchar and Grassley. “The companies that are being targeted are the very ones that had the scale and innovation to help us through the pandemic, whether that was enabling millions to work remotely, (or getting) essentials delivered to our front door,” he said.
The advocacy group Consumer Reports, said it would support the Klobuchar/Grassley bill to “reset the power asymmetry between Big Tech, consumers and small businesses.”
Both bills have a version introduced in the US House of Representatives.
© Thomson Reuters 2022
Amazon to Open First-Ever Fashion Store Where Algorithms Suggest What to Try On
By Reuters | Updated: 20 January 2022
Amazon’s recipe for the department store of the future includes algorithmic recommendations and what one corporate director called “a magic closet” in the fitting room.
The online retailer is making another push to grow its fashion business, announcing on Thursday it will open its first-ever apparel store this year, with a tech twist. “We wouldn’t do anything in physical retail unless we felt we could significantly improve the customer experience,” said Simoina Vasen, a managing director.
At 30,000 square feet (2,787 sq metres), the planned “Amazon Style” shop near Los Angeles is smaller than the typical department store. Model items are on the racks, and customers scan a code using Amazon’s mobile app to select the color and size they would like. To try on the clothes, which are stored in the back, shoppers enter a virtual queue for a fitting room that they unlock with their smartphone when it is ready.
Inside, the dressing room is “a personal space for you to continue shopping without ever having to leave,” Vasen said. Each has a touchscreen letting shoppers request more items that staff deliver to a secure, two-sided closet “within minutes,” she said.
“It’s like a magic closet with seemingly endless selection,” Vasen said.
The touchscreens suggest items to shoppers too. Amazon keeps a record of every good a customer scans so its algorithms personalize clothing recommendations. Shoppers can fill out a style survey as well. By the time they arrive in a fitting room, employees have already deposited customers’ requested items and others that Amazon has picked.
Shoppers can opt out with a concierge’s help, Amazon said.
Amazon has unveiled tech to help customers choose outfits before. The company has surpassed Walmart as the most-shopped clothing retailer in the United States, according to analyst research.
But it still has room to expand and compete with the likes of Macy’s and Nordstrom, which have opened smaller-format stores. Amazon’s lineup of physical grocery and convenience shops have yet to upend brick-and-mortar retail.
The company’s new store aims to attract a broad range of shoppers with hundreds of brands, Vasen said, declining to name examples.
It has hundreds of associates, and no cashier-less checkout like some Amazon stores, Vasen said. Still, using a biometric system known as Amazon One, customers can pay with a swipe of their palm.
© Thomson Reuters 2022
OneWeb, Hughes Sign 6-Year Pact to Provide Satellite Broadband Services in India
By Press Trust of India | Updated: 20 January 2022
Bharti Group-backed company OneWeb and satellite service provider Hughes Network Systems have signed a strategic six-year distribution agreement to provide satellite broadband services across India, a joint statement said on Thursday.
The services in India will be provided by Hughes and Bharti Airtel joint venture Hughes Communications India Private Ltd.
The agreement follows a memorandum of understanding signed by the companies in September 2021.
“This announcement marks a turning point for Digital India. Enterprise and government customers, including telecom service providers, banks, factories, schools, defence organisations, domestic airlines, and offshore vessel operators, are eagerly anticipating the arrival of new high performing Satcom services.
“We look forward to bringing them high-speed, low-latency services from HCIPL, using OneWeb capacity,” HCIPL president and managing director Partho Banerjee said.
OneWeb’s most recent satellite launch on 27 December 2021 brought its total in-orbit satellites to 394, over 60 percent of the planned 648 LEO satellite fleet.
It plans to commence global service by the end of 2022 as demand continues from telecommunications providers, aviation, and maritime markets, ISPs, and governments worldwide for its low-latency, high-speed connectivity services.
“OneWeb is delighted to partner with Hughes to offer high-speed, low-latency satellite broadband solutions. OneWeb’s constellation will cover the length and breadth of India, from Ladakh to Kanyakumari and from Gujarat to the Northeast and bring secure solutions to enterprises, governments, telcos, airline companies, and maritime customers.
“OneWeb will invest in setting up enabling infrastructure such as Gateways and PoPs (points of presence) in India to light up the services,” OneWeb CEO Neil Masterson said.
Hughes, through its parent company EchoStar, is a shareholder in OneWeb. It is also an ecosystem partner to OneWeb, developing gateway electronics – including for those in Gujarat and Tamil Nadu – and the core module that will power every user terminal for the system.
Hughes is also the prime contractor on an agreement with the US Air Force Research Lab to integrate and demonstrate managed LEO SATCOM using OneWeb capacity in the Arctic region, the statement said.
Ukraine Suspects Belarus Intelligence-Linked UNC1151 Group Over Cyberattack
By Reuters | Updated: 17 January 2022
Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.
Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters that Ukraine blamed Friday’s attack – which defaced government websites with threatening messages – on a group known as UNC1151 and that it was cover for more destructive actions behind the scenes.
“We believe preliminarily that the group UNC1151 may be involved in this attack,” he said.
His comments offer the first detailed analysis by Kyiv on the suspected culprits behind the cyberattack on dozens of websites. Officials on Friday said Russia was probably involved but gave no details. Belarus is a close ally of Russia.
The cyberattack splashed websites with a warning to “be afraid and expect the worst” at a time when Russia has massed troops near Ukraine’s borders, and Kyiv and Washington fear Moscow is planning a new military assault on Ukraine.
Russia has dismissed such fears as “unfounded”.
The office of Belarusian President Alexander Lukashenko did not immediately respond to a request for comment about Demedyuk’s remarks.
Russia’s foreign ministry also did not immediately respond to a request for comment on his remarks. It has previously denied involvement in cyberattacks, including against Ukraine.
“The defacement of the sites was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future,” Demedyuk said in written comments.
In a reference to UNC1151, he said: “This is a cyber-espionage group affiliated with the special services of the Republic of Belarus.”
Demedyuk, who used to be the head of Ukraine’s cyber police, said the group had a track record of targeting Lithuania, Latvia, Poland and Ukraine and had spread narratives decrying the NATO alliance’s presence in Europe.
“The malicious software used to encrypt some government servers is very similar in its characteristics to that used by the ATP-29 group,” he said, referring to a group suspected of involvement in hacking the Democratic National Committee before the 2016 US presidential election.
“The group specialises in cyber espionage, which is associated with the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, resorts to recruiting or undercover work of its insiders in the right company,” Demedyuk said.
The messages left on the Ukrainian websites on Friday were in three languages: Ukrainian, Russian, and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were carried out in Nazi German-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.
Demedyuk suggested the hackers had used Google Translate for the Polish translation.
“It is obvious that they did not succeed in misleading anyone with this primitive method, but still this is evidence that the attackers ‘played’ on the Polish-Ukrainian relations (which are only getting stronger every day),” he said.
© Thomson Reuters 2022
REvil Ransomware Group Dismantled by Russia at US Request
By Reuters | Updated: 17 January 2022
Apple said on Saturday it would allow developers of dating apps in the Netherlands to offer non-Apple payment options to their users, complying with an order from the country’s market regulator to do so by January 15 or face fines.
The country’s Authority for Consumers and Markets found in a decision published on December 24 that Apple had abused its market position by requiring dating app developers, including Tinder owner Match Group, to exclusively use Apple’s in-app payment system.
Apple’s practice of requiring developers to use its system and pay commissions of 15-30 percent on digital goods purchases has come under scrutiny from regulators and lawmakers around the world, but the Dutch ruling applies only in the Netherlands and only for dating apps.
Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, the FSB domestic intelligence service said on Friday.
The arrests were a rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related.
The United States welcomed the arrests, according to a senior administration official, adding “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.”
A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast used encryption software called DarkSide, which was developed by REvil associates.
A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million (roughly Rs. 40 crore), $600,000 (roughly Rs. 4 crore), 500,000, computer equipment and 20 luxury cars.
A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.
Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.
Russia told Washington directly of the moves it had taken against the group, the FSB said. The US Embassy in Moscow said it could not immediately comment.
“The investigative measures were based on a request from the … United States,” the FSB said. “… The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”
The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.
The group members have been charged and could face up to seven years in prison, the FSB said.
A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the United States.
The United States said in November it was offering a reward of up to $10 million (roughly Rs. 75 crore) for information leading to the identification or location of anyone holding a key position in the REvil group.
The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meat packing company, JBS SA.
Washington has repeatedly accused the Russian state in the past of malicious activity on the internet, which Moscow denies.
REvil has not been associated with any major attacks for months.
John Shier, a threat researcher at the UK-based Sophos cybersecurity company, said there was no independent confirmation the self-identified leaders of the “defunct” group had been arrested.
“If nothing else, it serves as a warning to other criminals that operating out of Russia might not be the safe harbor they thought it was,” he said.
A former client of Muromsky who only gave the name Sergei described him as a regular worker who did not appear wealthy.
Sergei runs a shop called Motohansa selling motorcycle spare parts. Muromsky created its website and supported it for some time charging him around RUB 15,000 (roughly Rs. 14,700) per month, he said.
“He is a smart person and I can imagine that if he wanted to do it (hacking) he could, but he charged very little money for his services. Several years ago he had a Rover car. That’s not an expensive car at all,” Sergei said.
Muromsky is in his thirties and was born in Anapa in Russia’s south, he said. “He worked as a normal programmer.”
Another client, Adam Guzuyev, described Muromsky as “a regular normal worker” who proved unable to install all the features Guzuyev wanted on his website.
“He earned no more than RUB 60,000 (roughly Rs. 60,000). I can’t say he has genius abilities,” he said, adding Muromsky spent three months working on his website.
© Thomson Reuters 2022
5G Spectrum Bands in India Will Not Interfere With Aircraft Radar Altimeters: ITU-APT Foundation
US Researchers Test Pig-to-Human Transplant in Donated Body
GM to Deliver Electric SUV Cadillac Lyriq to Customers in ‘Few Months’
Apple to Establish North Carolina Campus That Will House Up to 3,000 Employees, Increase US Spending Targets
Microsoft Mesh Mixed Reality Platform Launched That Allows Users to Appear as Holograms in Virtual Meetings
Apple, Epic Games CEOs on List of Witnesses in Fortnite Case
Technology2 weeks ago
Tesla Criticised for Opening Showroom in China’s Xinjiang Region
Mobiles2 weeks ago
Apple Becomes First Company to Hit $3-Trillion Market Value, Then Slips
Uncategorized2 weeks ago
CES 2022: GM CEO Announces Plans to Launch Personal Self-Driving Car by Mid-Decade
Technology2 weeks ago
CES 2022: Sony to Establish New Electric Vehicle Company
Social Networking2 weeks ago
Facebook Parent Meta’s Head of Communications John Pinette Leaves Company
Cryptocurrency3 weeks ago
Maricoin: First LGBT+ Cryptocurrency Bets on ‘Changing the World’
Internet2 weeks ago
Elizabeth Holmes, Founder of Blood-Testing Startup Theranos, Found Guilty in Fraud Trial
Apps2 weeks ago