Noteworthy stories that might have slipped under the radar: Apple WPS can be abused for surveillance, Canadian government wants backdoors, NIST launches AI program.

The post In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program appeared first on SecurityWeek.

The email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web.

The post Information of Hundreds of European Politicians Found on Dark Web appeared first on SecurityWeek.

The social media platform will produce video town halls with Mr. Trump and Robert F. Kennedy Jr., extending its push into politics.

© David Swanson/Reuters

The IRS announces that "Direct File will be a permanent, free tax filing option." Despite years of lobbying from the likes of Intuit and H&R Block, the IRS ran a successful pilot program of its Direct File program with 12 states. Today, they announced that the program will be permanent and invited all states to participate.

NIST is receiving support to get the NVD and CVE processing back on track within the next few months.

The post NIST Getting Outside Help for National Vulnerability Database appeared first on SecurityWeek.

In 2016, Russia used an army of trolls to interfere in the U.S. presidential election. This year, an American given asylum in Moscow may be accomplishing much the same thing all by himself.

© Alexander Zemlianichenko/Associated Press

The kingdom is trying to juggle its still-vital petroleum industry with alternative energy sources like wind and solar as it faces pressure to lower carbon emissions.

© Iman Al-Dabbagh for The New York Times

N.I.H. officials suggested federal record keepers helped them hide emails. If so, “that’s really damaging to trust in all of government,” one expert said.

© Andrew Harnik/Getty Images

While reintegration of formerly incarcerated people into the workforce is important, the government should be cautious about what positions those with a criminal history are put into.

The post Congresswomen Advocate for Cybersecurity Jobs for Formerly Incarcerated appeared first on SecurityWeek.

Devotees of author from Britain and the US lobby Southampton council to reject proposals for historic Dolphin building

Devotees of Jane Austen on both sides of the Atlantic have joined a campaign to save the historic port city hotel where she celebrated her 18th birthday.

Plans are afoot to transform the Grade II-listed Dolphin hotel in Southampton, where Austen once danced in the grand ballroom, into student accommodation.

Continue reading...

💾

© Photograph: Andrew Croft/Solent News & Photo Agency/Solent News

💾

© Photograph: Andrew Croft/Solent News & Photo Agency/Solent News

At a time when the U.S. government is concerned about its reliance on a mercurial billionaire for access to space, new competitors say Elon Musk’s SpaceX is using tactics intended to squash them.

© Chandan Khanna/Agence France-Presse — Getty Images

From Churchill’s old War Office to Liverpool’s Municipal Buildings, the government and cash-starved local authorities have been selling off valuable assets to plug budget shortfalls. But should pieces of the nation’s soul ever be put up for sale?

Outside the Box is a cafe in the scenic spa town of Ilkley, on the edge of the Yorkshire Dales; a good-natured, relaxing place where you can enjoy a reasonably priced enchilada at the tables that spill out on to the pavement. It’s a social enterprise, dedicated to giving skills and confidence to the people with Down’s syndrome and other learning disabilities who enthusiastically staff it, so as to “release their full potential” and help them lead “more independent and fulfilled lives”. It occupies the Arcade, a glass-roofed, stone-fronted, iron-balustraded Victorian structure that had fallen into disuse until the cafe and its associated administrative rooms moved there in 2019. The building belongs to Bradford council, which recently announced that this and 154 other assets were being considered for sale, in order to plug a gap in the local authority’s finances by raising a hoped-for £60m.

The OWO is a five-star hotel in Whitehall, London, an Edwardian baroque palazzo that was formerly the old War Office – “London’s most storied address”, as the hyperbolic blurb has it. It is run by the Raffles hotel chain, following a six-year “definitive transformation” by the transnational conglomerate Hinduja Group and the investment management firm Onex Holding, for a total project cost of $1.5bn (£1.2bn). Here guests can stay in ornate spaces touched by association with figures such as Winston Churchill, TE Lawrence and Ian Fleming, who all used to work in the building. Prices start at £1,000 a night for rooms and £20,000 a night for “heritage” suites. Or you might buy one of the development’s 85 residences, including a 7,700 sq ft penthouse, for up to £20m.

Continue reading...

💾

© Composite: Grain Ltd, Alamy, Getty

💾

© Composite: Grain Ltd, Alamy, Getty

Views: 0Source: www.securityweek.com – Author: Associated Press Long before generative AI’s boom, a Silicon Valley firm contracted to collect and analyze non-classified data on illicit Chinese fentanyl trafficking made a compelling case for its embrace by U.S. intelligence agencies. The operation’s results far exceeded human-only analysis, finding twice as many companies and 400% more people […]

La entrada US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.exponential-e.com – Author: Graham Cluley What’s happened?  Recorded Future has reports that the British Government is proposing sweeping change in its approach to ransomware attacks. The key proposed changes are: Mandatory reporting. All organisations and individuals hit by ransomware would be required to report the attack to the government. Licensing for extortion payments. All […]

La entrada UK Government ponders major changes to ransomware response – what you need to know – Source: www.exponential-e.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk.

The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

The billionaire owner of X has increasingly been using his social media platform to criticize President Biden for his health and immigration policies, according to a New York Times analysis.

© Alice Lagarde

U.S. intelligence agencies are scrambling to embrace the AI revolution, believing they’ll be smothered by exponential data growth as sensor-generated surveillance tech further blankets the planet.

The post US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent appeared first on SecurityWeek.

The legislation would make possession of the drugs without a prescription a crime in Louisiana, punishable with jail time.

© Jackie Molloy for The New York Times

Marc Andreessen, Chamath Palihapitiya and several other tech venture capitalists are increasingly criticizing President Biden and making their disaffection known in an election year.

© Barbara Gibson

Demos report come after two ministers publicised unverified claims about low-traffic neighbourhood schemes

Politicians should be subject to stricter rules on spreading disinformation or wild claims for which there is scant evidence, the thinktank Demos has urged, after senior members of the UK government repeated conspiracy theories on 15-minute cities.

Parliament’s ethics and standards watchdog should urgently review its requirements to ensure ministers were truthful and accurate in their communications on contentious issues, and avoid spreading disinformation that can polarise debate, the thinktank said in a report on low traffic neighbourhoods (LTNs).

Continue reading...

💾

© Photograph: Christopher Thomond/The Guardian

💾

© Photograph: Christopher Thomond/The Guardian

Readers respond to an article by Martin Kettle on Britain’s democracy and governance

Martin Kettle’s opinion piece (Our democracy desperately needs a reset – and, behind the scenes, that’s the plan, 16 May) gave an almost palpable sense of the change starting to happen in the country’s movers and shakers. It was particularly pleasing to see his reference to the Institute for Government. Its recent report, Power With purpose, sets out why the centre of government has failed successive prime ministers and provides insights on how it could be much more effective.

It included two key recommendations that would surely be of interest to an incoming administration. The first is for the government to agree its priorities and announce them as part of a modernised king’s speech. The second is for these priorities to be reflected in a shared strategy, budget and performance management process owned collectively at the centre.

Continue reading...

💾

© Photograph: Robert Ingelhart/Getty Images

💾

© Photograph: Robert Ingelhart/Getty Images

ARPA-H has announced a $50 million investment in tools to help IT teams better secure hospital environments.

The post US to Invest $50 Million in Securing Hospitals Against Cyber Threats appeared first on SecurityWeek.

The No Mow May campaign has persuaded local authorities to protect biodiversity. But bigger changes are needed

This time last year, residents of the council estate where I live in Greenwich were left in tears after local authority contractors mowed down scores of newly planted purple alliums on our shared lawn just days after they’d bloomed. In minutes, one man with a strimmer had reduced the flowers that my neighbours, many of whom do not have private gardens, had grown over months to mere mulch.

Shamefaced, this year the council sought to make amends by sowing a biodiversity meadow near where the alliums had met their fate. The new wildflowers were doing well – on track to compensate for the previous year’s blunder – until, to the consternation of residents, they were yet again mown down by council contractors. Even the local authorities’ own efforts to improve the biodiversity of the borough proved no match for its trigger-happy lawnmower men.

Phineas Harper is a writer and curator

Continue reading...

💾

© Photograph: Christopher Hope-Fitch/Getty Images

💾

© Photograph: Christopher Hope-Fitch/Getty Images

Mr. Trump has treated Trump Media, which runs his social network Truth Social, as a low-cost sideshow. Now a big portion of his wealth hinges on its success.

© Mark Harris

The U.S. Environmental Protection Agency (EPA) issued a stern warning on May 20th, 2024, highlighting the escalating cyber threats to the nation's drinking water systems while outlining stricter enforcement measures to protect water-related critical infrastructure. The Environmental Protection Agency is an independent U.S. agency responsible for protecting human health and the environment. These responsibilities include making sure that Americans have clean air, land and water and overseeing the implementation of federal laws related to these matters. The alert comes as part of a wider government initiative to strengthen national security and address vulnerabilities in critical infrastructure.

Environmental Protection Agency Concerned By Recent Inspection Results

Recent EPA inspections have revealed alarming cybersecurity gaps in a majority of water systems. More than 70% of inspected systems were found to be non-compliant with the Safe Drinking Water Act, with some exhibiting severe vulnerabilities such as unchanged default passwords and single logins. These weaknesses leave systems susceptible to cyberattacks, which have been observed by the agency to have become increasingly more frequent and severe in recent times. In response to the escalating threat, the EPA is ramping up its enforcement activities under the Safe Drinking Water Act. This includes increasing the number of inspections, initiating civil and criminal enforcement actions where necessary, and ensuring that water systems are adhering to the requirements of risk assessment and emergency response planning. The EPA is also working closely with federal and state partners, including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, to fortify the nation's water systems against cyber threats. This collaboration includes providing technical assistance, guidance, training, and resources to help water systems implement crucial security measures. "Defending our nation's water supply is central to our mission at the EPA," emphasized Deputy Administrator Janet McCabe. We are leveraging all available tools, including enforcement, to shield our water from cyber threats. The alert reflects the current government's dedication to dealing with the urgency of cyber threats to critical infrastructure, and ensuring that water systems are adequately equipped to counteract these risks to public health.

EPA's Key Recommendations for Water Systems

The EPA's enforcement alert warned that cyberattacks on water systems could have devastating consequences, potentially disrupting treatment, distribution, and storage of water, damaging critical infrastructure, and even manipulating chemical levels to hazardous amounts. The alert added that small water systems are not exempt from this threat, as recent attacks by nation-state actors have targeted systems of all sizes. The EPA, Cybersecurity and Infrastructure Security Agency (CISA), and the FBI strongly recommend that water systems implement the following cybersecurity measures:

• Reduce exposure to the public-facing internet.
• Conduct regular cybersecurity assessments.
• Immediately change default passwords.
• Conduct an inventory of operational technology (OT) and information technology (IT) assets.
• Develop and practice cybersecurity incident response and recovery plans.
• Backup OT/IT systems.
• Reduce exposure to vulnerabilities.
• Conduct cybersecurity awareness training.

The EPA and CISA are offering free assistance to water systems to help them implement these crucial changes. Utilities can contact the EPA through its Cybersecurity Technical Assistance Form or email CISA Cyber Hygiene Services at vulnerability@cisa.dhs.gov with the subject line 'Requesting Cyber Hygiene Services'. [caption id="attachment_69563" align="alignnone" width="184"] Source: epa.gov[/caption] The EPA's heightened enforcement measures reflect the urgency of the threat facing the nation's water systems. By working together with federal and state partners and implementing recommended security practices, water systems can significantly enhance their resilience and protect this critical resource from malicious threat actors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.  

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the tools.

The post Insider Q&A: CIA’s Chief Technologist’s Cautious Embrace of Generative AI appeared first on SecurityWeek.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.

The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.

The post EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems appeared first on SecurityWeek.

Move reflects wider state of politics around active travel – arguing around the margins and doing little to change lives for better

In the six days since a law to prosecute dangerous cyclists was announced, somewhere close to 30 people will have been killed on UK roads, none of them struck by bikes. About 500 more will have suffered serious, potentially life-changing injuries, with pretty much all connected to motor vehicles.

Again, going on the statistical averages, over those same six days, slightly more than 1,600 people across the UK will have died due to illnesses associated with physical inactivity. Riding a bike cuts your likelihood of developing such conditions by about half.

Continue reading...

💾

© Photograph: Antonio Olmos/The Observer

💾

© Photograph: Antonio Olmos/The Observer

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.

The post Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft appeared first on SecurityWeek.

Children crying out for stability are paying the highest price for Britain’s chaotic and exploitative residential care

I’m a patron of a small local charity that helps struggling children to rebuild trust and connection. It’s called Sirona Therapeutic Horsemanship, and it works by bringing them together with rescued horses. The horses, like many of the children, arrive traumatised, anxious and frightened. They help each other to heal. Children who have lost their trust in humans can find it in horses, which neither threaten nor judge them, then build on that relationship gradually to reconnect with people.

It’s an astonishing, inspiring thing to witness, as the children begin to calm, uncurl and find purpose and hope. It can have life-changing results. But, though I can in no way speak on Sirona’s behalf, I’m painfully aware that such charities can help only a tiny fraction of the children in desperate need of stable relationships, trust and love.

George Monbiot is a Guardian columnist

Continue reading...

💾

© Photograph: Cultura RM/Alamy

💾

© Photograph: Cultura RM/Alamy

Citing rapid advances by China and Russia, the United States is building an extensive capacity to fight battles in space.

© Craig Bailey/Florida Today, via Associated Press

The island democracy was early to ban TikTok on government phones, and the ruling party refuses to use it. But a U.S.-style ban is not under consideration.

© An Rong Xu for The New York Times

China advocates for the United Nations to take a leading role in the global governance of AI, a move that could sideline the U.S.

The post In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions appeared first on SecurityWeek.

The decision came after a scorching hearing in which lawmakers barraged EcoHealth Alliance’s president with claims of misrepresenting work with Chinese virologists.

© Ting Shen for The New York Times

Their plan is the culmination of a yearlong listening tour on the dangers of the new technology.

© Kenny Holston/The New York Times

Automakers in the United States and their supporters welcomed President Biden’s tariffs, saying they would protect domestic manufacturing and jobs from cheap Chinese vehicles.

© Aly Song/Reuters

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

The grant is the latest federal award in a series stemming from the CHIPS and Science Act meant to ramp up domestic production of vital semiconductors.

© Kristoffer Tripplaar/Sipa USA, via Associated Press

An unidentified threat actor known as "pwns3c" has offered access to a database purported to contain sensitive data and documents from a City of New York data breach for sale on BreachForums. The City of New York website offers official digital representation of the city's government as well as access to related information such as alerts, 311 services, news, programs or events with the city. The claims made in the post, despite its alleged nature raises significant concerns about the extent of the data breach as well as the security practices followed by the government office.

Alleged City of New York Data Breach Claimed to Include Sensitive Data

The stolen database is allegedly stated to include 199 PDF files, approximately 70MB in size in total. The exposed data includes a wide range of personally identifiable information (PII), such as: Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Moreover, the data also reveals sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature. The threat actor is selling this sensitive information for a mere $30, and interested buyers are instructed to contact them through private messages within BreachForums or through their Telegram handle. The post seemingly includes links to download samples of the data allegedly stolen in the attack. [caption id="attachment_68084" align="alignnone" width="1872"] Source: BreachForums[/caption] The alleged data breach has far-reaching implications, as it puts the personal information of numerous individuals at risk. The leak of personally identifiable information (PII) and sensitive documents exposes individuals to potential risks of identity theft, fraud, and other malicious activities. The Cyber Express team has reached out to the New York City mayor's official press contact email for confirmation. However, no response has been received as of yet.

pwns3c Earlier Claimed to have Hacked Virginia Department of Elections

In an earlier post on BreachForums, pwns3c claimed an alleged data breach against the Virginia Department of Elections, compromising of at least 6,500 records. The earlier stolen data was also offered for USD 30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 of Virginia's local election offices. The compromised data was allegedly stated to have included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details. However, there has been no official confirmation of the stated incident as of yet. The breaches claimed by pwns3c, despite their alleged nature highlight the persistent challenges of securing the websites of government institutions. The sensitive nature of the stolen data that may allegedly include Social Security Numbers (SSNs), contact information, election-related details, and signatures, underscores the urgency for government websites to strengthen their security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A state or state-sponsored actor orchestrated the "sophisticated" cyberattacks against the British Columbia government networks, revealed the head of B.C.’s public service on Friday. Shannon Salter, deputy minister to the premier, disclosed to the press that the threat actor made three separate attempts over the past month to breach government systems and that the government was aware of the breach, at the time, before finally making it public on May 8. Premier David Eby first announced that multiple cybersecurity incidents were observed on government networks on Wednesday, adding that the Canadian Centre for Cyber Security (CCCS) and other agencies were involved in the investigation. Salter in her Friday technical briefing refrained from confirming if the hack was related to last month’s security breach of Microsoft’s systems, which was attributed to Russian state-backed hackers and resulted in the disclosure of email correspondence between U.S. government agencies. However, she reiterated Eby's comments that there's no evidence suggesting sensitive personal information was compromised.

British Columbia Cyberattacks' Timeline

The B.C. government first detected a potential cyberattack on April 10. Government security experts initiated an investigation and confirmed the cyberattack on April 11. The incident was then reported to the Canadian Centre for Cyber Security, a federal agency, which engaged Microsoft’s Diagnostics and Recovery Toolset (DaRT) due to the sophistication of the attack, according to Salter. Premier David Eby was briefed about the cyberattack on April 17. On April 29, government cybersecurity experts discovered evidence of another hacking attempt by the same “threat actor,” Salter said. The same day, provincial employees were instructed to immediately change their passwords to 14 characters long. B.C.’s Office of the Chief Information Officer (OCIO) described it as part of the government's routine security updates. Considering the ongoing nature of the investigation, the OCIO did not confirm if the password reset was actually linked to the British Columbia  government cyberattack but said, "Our office has been in contact with government about these incidents, and that they have committed to keeping us informed as more information and analysis becomes available."

Another cyberattack was identified on May 6, with Salter saying the same threat actor was responsible for all three incidents.

The cyberattacks were not disclosed to the public until Wednesday late evening when people were busy watching an ice hockey game, prompting accusations from B.C. United MLAs that the government was attempting to conceal the attack.

“How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?”the Opposition MLA Todd Stone asked. Salter clarified that the cybersecurity centre advised against public disclosure to prevent other hackers from exploiting vulnerabilities in government networks. She revealed three separate cybersecurity incidents, all involving efforts by the hackers to conceal their activities. Following a briefing of the B.C. NDP cabinet on May 8, the cyber centre concurred that the public could be notified. Salter said that over 40 terabytes of data was being analyzed but she did not specify if the hackers targeted specific areas of government records such as health data, auto insurance or social services. The province stores the personal data of millions of British Columbians, including social insurance numbers, addresses and phone numbers. Public Safety Minister and Solicitor General Mike Farnworth told reporters Friday that no ransom demands were received, making the motivation behind the multiple cyberattacks unclear.

Farnworth said that the CCCS believes a state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.

"Being able to do what we are seeing, and covering up their tracks, is the hallmarks of a state actor or a state-sponsored actor." - Farnworth

Government sources told CTV News that various government ministries and agencies, and their respective websites, networks and servers, face approximately 1.5 billion “unauthorized access” or hacking attempts daily. The number has increased over the last few years and the reason why the province budgets millions of dollars per year to cybersecurity. Salter confirmed the government spends more than $25 million a year to fortify its defenses and added that previous investments in B.C.'s cybersecurity infrastructure helped detect the multiple attacks last month. Microsoft last month alerted several U.S. federal agencies that Russia-backed hackers might have pilfered emails sent by the company to those agencies, including sensitive information like usernames and passwords. However, Salter did not confirm if Russian-backed hackers are associated with the B.C. security breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal. 

The post In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved appeared first on SecurityWeek.

British Columbia in Canada has faced multiple "sophisticated cybersecurity incidents" on government networks, province premier said this week. Premier David Eby emphasized that there is presently no evidence of compromised sensitive information and that investigations are ongoing, with further efforts required to ascertain potential data access, as per his Wednesday statement. While the attack's specific nature remains unclear, labeling it as "sophisticated" and its involvement with government networks suggests fans theories of espionage from a state-sponsored actor seeking political intelligence. “I know the public will have many questions about these incidents, and we will be as transparent as we can without compromising the investigation. As this complex work proceeds, government will provide British Columbians with updates and information as we are able.” Eby said. The provincial government's investigation involves the Canadian Centre for Cyber Security and other agencies, with the Office of the Information and Privacy Commissioner duly informed. Neither of the agencies immediately responded to The Cyber Express’ request for a comment.

Opposition’s Spar in the House

B.C.'s political adversaries engaged in heated debate during the question period on Thursday morning, a day after the province disclosed the multiple cybersecurity incidents within its networks. British Columbia United MLA Todd Stone criticized the government, alleging it "concealed a massive cyberattack on the provincial government for eight days." Stone’s accusations came on the backdrop of a memo from The Office of the Chief Information Officer that directed all provincial employees to immediately change passwords. British Columbians are rightly concerned about their sensitive information, questioning whether it has been compromised by a foreign, state-sponsored cyberattack. So, I ask the premier today: Will he reveal who was responsible for this attack?" Stone demanded. Stone pointed out the timing of Eby's Wednesday statement, suggesting it was issued discreetly "while everyone was preoccupied with last night’s Canucks game." [caption id="attachment_67963" align="aligncenter" width="256"] BC United MLA Todd Stone arguing in the House during the QP on Thursday morning. (Credit: Legislative Assembly of B.C.)[/caption]

“How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?” the Opposition MLA asked.

In response to BC United's criticisms, Public Safety Minister Mike Farnworth accused Stone of "playing politics." “We take our advice from the Canadian Cyber Security Service, who deal with these kinds of things on an ongoing basis. That’s who we will take the advice from in terms of protecting public information, every single time. We will never take advise from the opposition — all they ever want to do is play politics,” Farnworth retorted amid uproar in the House. [caption id="attachment_67981" align="aligncenter" width="271"] Public Safety Minister Mike Farnworth addressing opposition queries. (Credit: Legislative Assembly of B.C.)[/caption]

“When an incident like this happens, the first thing that happens is the protection of the system, honourable speaker. The protection of the information that’s done by technical experts, honourable speaker, who work on the advice of the Canadian Cyber Security System,” Farnworth explained.

“And, honourable speaker, the reason they do that is because if you go out and give information before that’s done, you actually end up compromising people’s information, potentially.”

Multiple Cybersecurity Incidents Rock B.C. in Last Few Weeks

The latest revelation of cyberattacks on government networks comes on the heels of a string of cyberattacks that the westernmost province in Canada is facing. B.C. headquartered retail and pharmacy chain London Drugs announced April 28, closure of its stores across Western Canada after falling victim to a cybersecurity incident. The impact was such that they were forced to even take their phones offline and pharmacies could only satisfy “urgent” needs of patients on-site. Addressing reporters later Thursday afternoon, Farnworth clarified that there was no evidence linking the multiple cybersecurity incidents targeting the province networks to the event that led to the closure of London Drugs locations in the west for several days. "At present, we lack any information suggesting a connection. Once an incident is detected, technical security teams work swiftly to secure the system and ensure its integrity, while closely coordinating with the Canadian Cyber Security Service to address the situation," he explained. "While a comprehensive investigation involving multiple agencies is ongoing, we currently have no indication of any link to the London Drugs incident." The same day as the London Drugs cyberattack came to light, another western province entity BC Libraries reported a cybersecurity incident where a hacker attempted to extort payment for data exfiltrated from its newly commissioned server and threatening to release that data publicly if no payment was received.

China’s Involved?

This development follows an official inquiry in Canada, revealing unsuccessful Chinese attempts to interfere in past elections. Beijing has refuted these allegations. The Canadian Security Intelligence Service (CSIS) recently published an annual report, warning of ongoing Chinese interference in Canadian political affairs, risking democratic integrity.

“Canada’s strong democratic institutions, advanced economy, innovative research sectors, and leading academic institutions make Canada an attractive target for cyber-enabled espionage, sabotage, and foreign influenced activities, all of which pose significant threats to Canada’s national security,” the report said.

The report identified China as a state-based threat conducting widespread cyber espionage across various sectors, including government, academia, private industry, and civil society organizations.

Accenture Federal Services wins $789 million U.S. Navy SHARKCAGE cybersecurity contract.

The post Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity appeared first on SecurityWeek.

Beijing’s dominance raises economic and security concerns, and tensions will be high as top climate diplomats meet this week.

© Agence France-Presse — Getty Images

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical.

The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

The president’s visit to Wisconsin celebrated the investment by Microsoft in a center to be built on the site of a failed Foxconn project negotiated by his predecessor.

© Tom Brenner for The New York Times

The social media company and its Chinese parent, ByteDance, sued to challenge the new law, saying it violated users’ First Amendment rights.

© Rozette Rago for The New York Times

The personal data of an unspecified number of active UK military personnel had been compromised in a significant Ministry of Defence data breach. The UK's Ministry of Defence (MoD) is tasked with protecting the UK, its crown dependencies, and its overseas territories against threats from both state and non-state actors. The ministry also oversees and trains the Royal Navy, British Army, Royal Air Force, and the Strategic Command. The breach occurred as a result of an attack on the Ministry of Defence (MoD) payroll system, but the exact motives of the perpetrators behind the breach remain unknown.

Victims of Ministry of Defence Data Breach Being Actively Notified

The compromised data spans several years and includes the names, bank details, and in at least a few instances, even the personal addresses of active and previously-serving armed forces members. The Royal Navy, Army, and Royal Air Force are included in this breach. However the ministry confirmed that no operational defence data had been accessed during the incident. The affected payroll system was managed by an external contractor. Upon becoming aware of the incident,  immediate action was taken by the Ministry of Defence, with the affected system taken offline, and investigations underway.  The MoD further confirmed that it would ensure that all salaries would reach its service members on time. The investigation parties which include public cybersecurity agencies GCHQ and NCSC, are also examining potential security failings or vulnerabilities by the third-party contractor SSCL, who operated the payroll system for the MoD. The MoD is actively notifying and providing support to those affected, including veterans' organizations. UK's Defence Secretary Grant Shapps is scheduled to update MPs in the Parliament about the breach and outline a "multi-point plan" to protect affected service personnel.

Several Sources Suspect China Behind Ministry of Defence Data Breach

Although the hackers' identity remains undisclosed, some officials and news agencies suspect China to be behind the attack amidst rising warnings about the threats posed by hostile states and third parties. China was previously reported to have attempted to obtain data from ex-RAF pilots through the use of financial lures. However, the MoD has not commented on China's involvement. Tobias Ellwood, a Conservative MP and veteran disclosed to Sky News that he believed China might behind the attack as a way of coercing the financially vulnerable in exchange for cash. In response to these allegations, the Chinese foreign ministry emphasized its stated opposition to all forms of cyber attacks and rejected the use of hacking incidents for political purposes. The UK-China relationship has been strained over recent hacking allegations, with Britain accusing Chinese-government sponsored hackers of targeting its lawmakers and electoral watchdogs over the past few years. While the breach is being investigated, concerns arise about sharing sensitive intelligence with countries harboring close relationships with China. This incident follows previous cyberattack campaigns attributed to China, prompting government officials to acknowledge China as a significant challenge. Martin Greenfield, CEO of the London-based cybersecurity consultancy Quod Orbis, expressed that the incident was the latest in a series of recent cyber-attacks demonstrating the threat of campaigns targeting nationally sensitive data as observed last month with an attack on the NHS. He added that UK organizations still face challenges in securing systems and that there needs to be further co-operation and information sharing between different teams and between public and private agencies to combat this threat rather than operating in isolation. He also expressed concern that the compromised service member data may be used in further targeted attacks in the digital and physical world, with tensions in the Middle East and Ukraine, such compromised data might pose additional challenges for MoD operations in the area. Mel Stride, a government minister, highlighted the need to balance security concerns with economic engagement with China. He emphasized the importance of including China in global discussions on issues like climate change. In Parliament, Deputy Prime Minister Oliver Dowden made use of the example of previously alleged incidents involving attacks on the Electoral Commission and targeted attempts on MPs who have made criticism against China. Opposition politicians and former military personnel expressed concerns and called for a comprehensive response from the government. As China's president, Xi Jinping, tours Europe, including friendly nations, concerns persist about the Chinese government's purported efforts at cyber espionage. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.