ZDNet

Microsoft: Russian hackers are targeting sporting organizations ahead of Tokyo Olympics

ZDNet

Microsoft said today that a group of well-known Russian government hackers has targeted at least 16 national and international sporting and anti-doping organizations ahead of next year’s Tokyo Olympics.

The attacks have taken place in the last month after the World Anti-Doping Agency (WADA) announced a possible indiscriminate ban of all Russian athletes from all sporting events, including upcoming world championships and Olympics.

Microsoft said the attacks involved spear-phishing, password spraying, exploiting internet-connected devices, and the use of both open-source and custom malware.

Responsible for the attacks is a group of Russian state-sponsored hackers that Microsoft calls Strontium, but are more widely known as APT28 or Fancy Bear.

Full article

Naked Security

Adobe database exposes 7.5 million Creative Cloud users

Naked Security

Adobe has become the latest company to be caught leaving an Elasticsearch database full of customer data exposed on the internet.

Discovered on 19 October by data hunter Bob Diachenko and security company Comparitech, the unsecured database contained the email addresses of nearly 7.5 million customers of Adobe’s Creative Cloud, plus the following:

  • Account creation date
  • Adobe products used
  • Subscription status
  • Whether the user is an Adobe employee
  • Member IDs
  • Country
  • Time since last login
  • Payment status

That’s the email addresses of around half of Creative Cloud’s customer base although not, importantly, any of their passwords or payment information. Nevertheless, said Comparitech, spelling out the risk of phishing attacks:

Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.

Judging from clues in the data, Diachenko believes it might have been exposed for around a week. It’s not possible to tell whether anyone else accessed the data during this time.

Full article

WIRED

TikTok, Under Scrutiny, Distances Itself From China

WIRED

TikTok, the app that revolves around sharing short video clips, is in a unique position. It’s arguably the first international social media platform to have built a massive audience in the United States, where it’s been downloaded more than 110 million times since its founding in 2017. TikTok has offices in California near competitors like Snapchat, Instagram, and YouTube, but it’s owned by ByteDance, a Chinese tech giant. As tensions between the US and China continue to escalate, that fact has become a headache for TikTok. Now the company is taking steps to distance itself publicly from its counterparts in Beijing.

This week, Senators Chuck Schumer (D-New York) and Tom Cotton (R-Arkansas) sent a letter to US intelligence officials asking them to investigate whether TikTok poses “national security risks.” In their letter, sent to Joseph Maguire, the acting director of national intelligence, the senators expressed concern about the data TikTok collects on US users and whether that information could potentially be shared with the Chinese Communist Party. They also questioned whether Tiktok censors content on its platform and said the app is a “potential counterintelligence threat we cannot ignore.”

It wasn’t the first time this month that lawmakers have questioned the security and content moderation practices of TikTok. Two weeks ago, Senator Marco Rubio (R-Florida) called for the Committee on Foreign Investment to investigate ByteDance’s 2017 acquisition of Musical.ly, a lip-syncing app popular in the US that was later merged with TikTok. On Twitter, Rubio said he was concerned TikTok is “censoring content in line with #China’s communist government directives.”

Full article

WIRED

Flock Safety Says Its License Plate Readers Reduce Crime. It’s Not That Simple

WIRED

On the surface, it appears as though a simple fix—installing relatively discrete license-plate readers—had an enormous positive impact. That’s the narrative Flock Safety has put forward. The company proudly touted the results of the Cobb County pilot in a press release it sent to WIRED this week, and advertises on its website that it solves “up to five crimes an hour.”

But experts say it’s not that simple, and that establishing a causal relationship between any given variable and fluctuating crime rates is no easy task. “I am not saying that the readers did not have an effect on crime—it is just that we cannot attribute any reduction in crime to the readers themselves,” says Alex Piquero, a professor of criminology at the University of Texas, Dallas.

Even police agree. “To make it very clear, we are not 100 percent positive that Flock cameras were the difference,” notes VanHoozer. “What we did see, though, is an incredible decrease in crime, starting when we put these cameras down there.”

Full article

ZDNet

DNS-over-HTTPS causes more problems than it solves, experts say

ZDNet

The DNS-over-HTTPS (DoH) protocol is not the privacy panacea that many have been advocating in recent months.

If we are to listen to networking and cybersecurity experts, the protocol is somewhat useless and causes more problems than it fixes, and criticism has been mounting against DoH and those promoting it as a viable privacy-preserving method.

The TL;DR is that most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH.

Full article