Technology
After Ukraine, Russian cyberattacks could come to US: How to defend yourself
NEWNow you can hearken to Fox Information articles!
Between Russia’s invasion of Ukraine and ongoing cyberattacks, consultants are warning about malicious cyber exercise directed on the U.S., and a few U.S. safety execs spoke to Fox Information about defend in opposition to technological assaults.
Russia just isn’t more likely to take President Biden’s new sanctions sitting down and has confirmed to be extremely adept at cyber warfare, which has change into half and parcel of energetic “kinetic” wars within the twenty first century.
“This isn’t one thing to take calmly — cyber assaults don’t have borders,” Sen. Mark R. Warner (D-Va.), chair of the Senate Intelligence Committee stated in a tweet.
“I stay notably involved in regards to the experiences of cyber assaults…There’s historic precedent to recommend these could possibly be devastating for people, companies, and full international locations,” Warner stated in another tweet.
Ukrainian troops examine a website following a Russian airstrike in Kyiv, Ukraine, Saturday, Feb. 26, 2022.
(AP Picture/Vadim Ghirda)
RUSSIA INVADES UKRAINE: LIVE UPDATES
Russia has already launched what seems to be a collection of cyberattacks on targets within the Ukraine. This previous week, cyberattacks impacted the web sites of a number of Ukrainian authorities businesses, together with the Ministry of Protection, in accordance with Ukrainian officers. This follows cyberattacks on Ukrainian authorities websites and banks which were attributed to the Russian army spy company GRU.
How one can defend your self from Russian cyber warfare ‘spillover’
As Sen. Warner urged, cyberattacks don’t have borders. Consequently, cyber spillover campaigns may attain the U.S.
“With the Ukraine battle now entrance and heart and poised to widen, we count on a surge of cybersecurity assaults from Russia state-sponsored organizations,” Dan Ives of Wedbush Securities, instructed Fox Information in a written assertion.
Right here’s what to be careful for and defend your self, in accordance with cybersecurity consultants that Fox Information spoke with.
—Ransomware: The bane of InfoSec professionals, ransomware assaults lock out corporations and people from important information. Attackers then demand hefty funds. “Companies throughout the U.S. must be bracing for a wide range of cybersecurity assaults, together with ransomware,” stated John Dickson, vice chairman at Coalfire, a Westminster, Colorado-based supplier of cybersecurity advisory providers.
“Be sure that all important and all internet-facing methods are totally patched to mitigate ransomware and information destruction,” Lou Steinberg, cyber knowledgeable and founding father of CTM Insights, instructed Fox Information. “Use multi-factor authentication to log in to important methods … and to forestall unauthorized modifications (like turning off energy or opening a valve on a dam),” Steinberg stated.
—Denial of service assaults: Denial of Service, which renders important laptop providers unavailable, and ransomware assaults are sometimes “outsourced,” in accordance Steinberg. “Reasonably than the federal government straight performing them, they are typically accomplished by teams who imagine they’re being patriots by defending Russia’s pursuits. It’s in [that] authorities’s curiosity to allow this because it offers them deniability. You’ll be able to’t hint an assault again to the Kremlin,” Steinberg defined.
These outsourced actors “could also be much less succesful” so corporations can defend themselves in the event that they take prudent cybersecurity measures, in accordance with Steinberg.
Ukrainian troopers take positions outdoors a army facility as two automobiles burn in a road in Kyiv, Ukraine, Saturday, Feb. 26, 2022.
(AP Picture/Emilio Morenatti)
UKRAINE-RUSSIA WAR: UKRAINE TO GET $350M MORE IN US DEFENSE AID: BLINKEN
—Social engineering campaigns: These assaults manipulate human conduct and “piggyback off of the information cycle,” stated Hank Schless, senior supervisor, safety options, at Lookout, a San Francisco, Calif.-based endpoint-to-cloud safety firm.
“Be particularly vigilant about the place you’re sharing information, who has entry to it and the identification of anybody with whom you might have interactions on-line,” Schless stated.
—Passwords: Customers ought to at all times use multi-factor authentication and keep away from reusing the identical password throughout accounts/providers, Alex Ondrick, director of safety operations at BreachQuest, an Augusta, Georgia-based incident response firm, instructed Fox Information.
Ondrick stated customers can use websites like haveibeenpwned to see in the event that they’ve been impacted by a safety breach. “Recurrently rotate passwords, particularly on e mail/social media accounts, and for Wi-Fi and residential router(s),” Ondrick stated.
—Banking apps: “Customers must be looking out for phishing and malware assaults, particularly when accessing banking apps,” Dan Ives of Wedbush Securities stated. Customers ought to use antivirus merchandise in addition to software program that protects their identities, Ives added.
—Software program updates: For people, it is very important comply with cybersecurity finest practices. That features “putting in really useful software program and app updates, backing up their information and exercising warning when clicking hyperlinks in emails, social media posts and on-line articles,” Jonathan Okay. Osborne, a enterprise litigation lawyer on the Florida-based Gunster legislation agency, instructed Fox Information.
—FBI: The FBI has a Cyber Risk web site with ideas and preventative measures on every thing from e mail compromise to phishing and ransomware.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24083660/STK171_L_Allen_Musk_02.jpg "Elon Musk is directing harassment toward individual federal workers")
Elon Musk is, in addition to many other things, now the co-lead of the currently nonexistent Department of Government Efficiency (DOGE) advisory group. Now, before it even gets rolling, he has begun singling out individual government employees he says are emblematic of the government’s bloat and posting about them to his hundreds of millions of followers on X.
Earlier this week, as first reported by The Wall Street Journal, the X user “datahazard” shared a screenshot on X highlighting the role of Ashley Thomas, the Director of Climate Diversification at the US International Development Finance Corporation, saying, “I don’t think the US Taxpayer should pay for the employment” of that role. Musk reposted it, adding the comment “so many fake jobs” in a post with more than 33 million views.
As the WSJ notes, Musk’s followers have responded in exactly the way you’d expect: with a flood of memes and harassment targeting Thomas, whose LinkedIn and Facebook pages are now private. Everett Kelley, president of the American Federation of Government Employees, told the WSJ that the posts “are aimed at sowing terror and fear at federal employees.”
Flooding targets with harassment is a tactic Musk has done in the past, including calling caver Vernon Unsworth a “pedo guy,” criticizing a former Twitter exec following his offer to buy the company, and suggesting that head of trust and safety Yoel Roth was sympathetic to pedophilia. All, of course, under the guise of “free speech.”
The ensuing harassment, of course, is precisely the point: Musk has systematically turned X into a megaphone for his views and has wielded that megaphone to whatever end he finds funny or useful. Musk and DOGE co-lead Vivek Ramaswamy have promised to do much of their work in public (and sometimes by X poll), too, which means this kind of pointed attention is likely headed toward many other civil servants in the near future.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24435784/tokyostrava.jpg "Strava’s API debacle highlights the messiness of fitness data")
A few days ago, Strava upset its users over some restrictive API changes. It might seem odd for one app’s users to fume over an API, but at the heart of the matter is the inherent messiness of fitness data.
Here’s a typical scenario. Say you’re all in on Garmin’s platform. You use their watches for running and strength training. Then, you pick up a Peloton bike for indoor cycling. Well, Garmin devices aren’t compatible with Peloton bikes because the two companies haven’t struck a direct deal with one another for data sharing. So, to get your heart rate on the Peloton bike, you buy a chest strap. And then you decide to train for a race, so you sign up for one of those digital coaching platforms — the kind where a personal trainer reviews your workouts and builds you a customized plan.
The dilemma is now you have three separate apps where your workout history is stored, with three separate interfaces — and none of them with the whole picture of your training.
There are a number of ways you could consolidate that data, but in this scenario, the simplest is to upload all your workouts into Strava and then import all that Strava data into the coaching app.
This kind of scenario has come up dozens of times throughout my wearables testing. Most recently, it came up when I reviewed a Mobvoi connected desk treadmill. I didn’t like its native app, but trying to get the data into my preferred apps was a nightmare. At the end of the day, it was easiest for me to go through Strava.
The reality is many smaller fitness apps and wearable makers don’t have the resources to strike up direct data integrations with the thousands of other fitness apps and devices on the market. It’s much easier for everyone to use Strava’s API and call it a day. And unlike Apple’s HealthKit API or Google’s Health Connect, Strava is platform-agnostic.
Where things get really murky is third-party fitness platforms that extrapolate their own insights from Strava data — a no-no under the new API terms.
Take a third-party platform like VeloViewer. The whole idea behind VeloViewer is to give more in-depth insights into Strava data, including 3D maps, charts, yearly activity recaps, and leaderboards. This is a great option for folks who want more info than what’s natively available in Strava, but the new API changes break many of the aforementioned features. As you might imagine, VeloViewer users — many of whom say they only pay a Strava subscription to use VeloViewer — are pissed. VeloViewer has since released a statement saying it’s working with Strava to resolve the issue, but it doesn’t change the fact that Strava holds all the cards.
Admittedly, this is a niche problem. Most people use one or maybe two fitness apps with their smartwatch, and this isn’t really an issue. But for those of us who want the freedom of using multiple devices and apps across various platforms? It’s a sobering reminder that it only takes Strava changing the rules to break a carefully crafted system.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25703800/247350_CMBF_PACKAGE_ART_CVirginia_LEDE_2040x1360.jpg "The Verge’s guide to Black Friday 2024")
These days, Black Friday isn’t so much a single-day shopping holiday as it is an ever-expanding, monthslong event that often begins as early as October. The 24-hour deal blitz that once was the focus of newspaper headlines and mobs outside of stores is no more, which makes knowing when and where you should be spending your cash all the more confusing.
Luckily, we’re here to help. Over the next month or so, we’ll be poring through scores of presale spreadsheets and thousands upon thousands of deals to separate the real discounts from the unexciting, made-up bargains every retailer seems to hawk around the holidays. We’ll have tips on how to find the best deals and when to shop, and we’ll continue to flag the most compelling sales in the run-up to Black Friday proper on November 29th.
And if a month of sales is not enough, you’ll have another shot at tackling your holiday wish list come December 2nd. We’ll be rounding up the best deals on 4K TVs, laptops, phones, robot vacuums, noise-canceling headphones, and other Verge-approved gadgets throughout all of Cyber Week. So stay tuned!
What channel is Marquette vs Georgia on Saturday? Time, TV schedule, streaming, odds
Hawaii Is Looking For Its Next Supreme Court Justice
Idaho teen is arrested in connection with a dead infant found in a baby box at a hospital
Alijah Martin’s Big Night Leads Gators to Dominant Win Over Southern Illinois
Travis Hunter responds to Kansas’ Cobee Bryant after trash talk episodes
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
Death of missing Oregon girl found in stream ruled homicide
From CDC to labor secretary: See Trump's top picks for Cabinet roles
WHO says mpox remains public health emergency of international concern
Trump names former Texas state Rep. Scott Turner to lead Housing and Urban Development
Video: Heavy Rains and Wind Wreak Havoc on the West Coast
'Conveyor belt of radicals': GOP slammed over Senate absences that helped Biden score more judges in lame duck
-
Business1 week ago
Column: OpenAI just scored a huge victory in a copyright case … or did it?
-
Health1 week agoBird flu leaves teen in critical condition after country's first reported case
-
Business6 days agoColumn: Molly White's message for journalists going freelance — be ready for the pitfalls
-
Science3 days agoTrump nominates Dr. Oz to head Medicare and Medicaid and help take on 'illness industrial complex'
-
Politics5 days agoTrump taps FCC member Brendan Carr to lead agency: 'Warrior for Free Speech'
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25739950/247386_Elon_Musk_Open_AI_CVirginia.jpg "Inside Elon Musk’s messy breakup with OpenAI")
Technology4 days agoInside Elon Musk’s messy breakup with OpenAI
-
Lifestyle5 days agoSome in the U.S. farm industry are alarmed by Trump's embrace of RFK Jr. and tariffs
-
World5 days agoProtesters in Slovakia rally against Robert Fico’s populist government
