News from the World of Computers

Post Reply New Topic

A new robot dog developed by scientists is sniffing out invasive fire ants using artificial intelligence, according to a writeup by the Society of Chemical Industry in TechXplore.

The research team, spread across Brazil and China, trained the cyberpup to identify red imported fire ants, which are wreaking havoc in environments across the globe. The robot dogs are pretty good at their job, too. According to researchers, they identify three times more nests with greater precision compared to human inspectors.

An email hits your inbox from an unknown sender that includes a picture of your house and address, followed by a threat: “Don’t even try to hide from this. You have no idea what I’m capable of….I’ve got footage of you doing embarrassing things in your house (nice setup, by the way).”

Sounds like a scene out of a horror film, right? Instead, it’s one of the latest phishing scams.

Like many other email and text scams, this particular extortion scheme uses specific personal information to deceive people into sending money. The email convinces people the hacker knows more about them and that they must exchange payment or Bitcoin in order to keep their information safe.

“I received a PDF over email that included my address and photo of the address and made outrageous claims about my private behavior, and claimed to have video documentation captured from spyware on my computer,” Jamie Beckland, a chief product officer at the tech company APIContext, told HuffPost. “The scammer threatened to release the video if I didn’t pay them via Bitcoin.”

If you get a similar email, here are the steps you can take to figure out if it’s a scam so you protect yourself...

More than 100 million Americans rely on drinking water systems with cybersecurity flaws that could enable hackers to "disrupt service or cause irreparable physical damage to drinking water infrastructure," according to a new federal report.

The Environmental Protection Agency's inspector general reviewed more than 1,000 drinking water systems serving 193 million people nationwide, identifying 97 systems with critical or high-risk cybersecurity vulnerabilities that affect 26.6 million people. Another 211 systems, serving over 82.7 million, were flagged for issues such as "externally visible open portals."

The report warns that a one-day disruption in water service across the U.S. "could jeopardize $43.5 billion in economic activity" in addition to generating public health concerns.

The inspector general also found that the EPA lacked a cybersecurity incident reporting system for water and wastewater system owners and operators to report potential breaches or vulnerabilities.

"This challenge is not hypothetical," the report warned, noting how recent high-profile incidents at water systems "demonstrated the urgency needed to address cybersecurity weaknesses and vulnerabilities to physical attacks."

The report comes after the largest water utility in the country was hit with a cybersecurity incident that led to the shutdown of its customer portal in October. New Jersey-based American Water, the largest regulated water and wastewater utility in the U.S. serving over 14 million people across 14 states and 18 military installations, reported it had discovered unauthorized activity in its computer networks and systems caused by a cyber incident (see: Largest US Water Utility Hit by Cybersecurity Incident).

In September, the FBI and Department of Homeland Security also said federal law enforcement was investigating a cyberattack on a water treatment facility in Arkansas City, Kansas.

A Chinese state-backed espionage group that penetrated the systems of America’s major telecommunications providers and infrastructure that facilitates court-authorized wiretap requests used a variety of techniques and procedures to achieve their infiltration, according to a person with knowledge of the hack.

The group, dubbed Salt Typhoon by the cybersecurity community, deployed a “range of sophisticated methods” to break into the telecom companies’ systems and conduct a prolonged espionage campaign that’s ensnared dozens of telecommunications and internet providers inside and outside the U.S., said the person, who spoke on the condition of anonymity because they were not permitted to publicly relay their understanding of the events.

Moscow is prepared to launch a wave of cyberattacks against NATO allies that could leave millions without power, according to a senior United Kingdom minister.

Russia is “exceptionally aggressive and reckless in the cyber realm,” Cabinet Office Minister Pat McFadden, whose portfolio includes national security, is expected to tell participants at a NATO cybersecurity conference in London on Monday.

“Given the scale of that hostility, my message to members today is clear: No one should underestimate the Russian cyber-threat to NATO,” he will say, according to prepared remarks shared in advance by his ministry.

New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures.

The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, and 0.5% in Africa.

The countries with the most ICS service exposures include the U.S. (more than 48,000), Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania.

The metrics are derived from the exposure of several commonly-used ICS protocols like Modbus, IEC 60870-5-104, CODESYS, OPC UA, and others.

One important aspect that stands out is that the attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-more are more commonly found in North America. Some ICS services that are used in both regions include EIP, FINS, and WDBRPC.
Cybersecurity

What's more, 34% of C-more human-machine interfaces (HMIs) are water and wastewater-related, while 23% are associated with agricultural processes.

"Many of these protocols can be dated back to the 1970s but remain foundational to industrial processes without the same security improvements the rest of the world has seen," Zakir Durumeric, Censys co-founder and chief scientist, said in a statement.

The U.S. Coast Guard is warning that Chinese-made ship-to-shore cranes come with "built-in vulnerabilities" enabling remote access and control, urging operators across the country to adopt enhanced security protocols.

Cranes manufactured by state-owned Chinese companies account for nearly 80% of all heavy lift gantry cranes used to load and unload container ships at American ports. Their design can include remote control, Coast Guard said in a Tuesday notice. A February executive order gave the Coast Guard new authorities to help improve cyber conditions at ports nationwide.

The U.S. Postal Inspection Service is reminding customers the importance of avoiding trending scams while sending and receiving gifts this year. Perhaps one of the most popular scams is "smishing," which, in the case of holiday mail, appears as fraudulent text messages indicating package tracking. Undisclosed texts with questionable tracking information and clickable links should be avoided in order to prevent scammers from gaining personal information.

The U.S. government is urging senior government officials and politicians to ditch phone calls and text messages following intrusions at major American telecommunications companies blamed on Chinese hackers.

Right now.

In written guidance released on Wednesday, the Cybersecurity and Infrastructure Security Agency said "individuals who are in senior government or senior political positions" should "immediately review and apply" a series of best practices around the use of mobile devices.

The first recommendation: "Use only end-to-end encrypted communications."

As you gather all the last-minute holiday packages arriving at your doorstep, be careful about any that you didn't order or ones that don't have a return address and want you to scan a QR code: it could be a scam.

These so-called brushing scams have been around for a few years and there's a few varieties. They can range from a "victimless" crime to one that involves scanning a QR code to find out who the package is from.

That could lead consumers to a site tricking them to enter personal information, similar to a phishing scam. In some cases, malicious QR codes could also install malware to steal information from the consumer's phone.

You have to be smart

Artificial intelligence bots are owned by tech companies known for exploiting our trusting human nature, and they’re designed using algorithms that drive their profits. There are no guardrails or laws governing what they can and cannot do with the information they gather.

When you’re using a chatbot, it’s going to know a lot about you when you fire up the app or site. From your IP address, it gathers information about where you live, plus it tracks things you’ve searched for online and accesses any other permissions you’ve granted when you signed the chatbot’s terms and conditions.

The best way to protect yourself is to be careful about what info you offer up.

North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop.

This swarm of technical North Korean experts isn’t just intruding businesses as ad hoc freelance IT workers; they’ve gained full-time employment as engineers and specialists of various skill sets with the highest degree of access in enterprise systems.

“We work with a fair cross-section of the Fortune Global 2000 organizations, and right now we have active investigations going on with 7% of our customer base,” Mohan Koo, co-founder and president of DTEX, said in an interview. DTEX has a couple hundred customers and estimates thousands of critical infrastructure organizations have been infiltrated by North Korean operatives.

Following a social media post last week on the active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks, the American Hospital Association (AHA) and Health-ISAC published a bulletin out of ‘an abundance of caution’ to spread awareness of the potential threat. The healthcare agencies are in close contact with the FBI (Federal Bureau of Investigation) regarding the threat and will provide additional information as it becomes available.

Lawmakers and national security veterans reacted with shock on Friday to President Donald Trump’s decision to fire the head of one of the country’s most powerful intelligence agencies, describing it as a “chilling” action that would damage America’s cyber defenses and “roll out the red carpet” for attacks on critical networks by foreign adversaries.

Gen. Timothy Haugh, a four-star general who served as head of both the National Security Agency and U.S. Cyber Command, was largely seen as an apolitical and uncontroversial appointee. He was confirmed unanimously by the Senate in 2023 under then-President Joe Biden and had worked in signals intelligence for three decades.

Haugh’s firing on Thursday evening leaves two of the nation’s top cyber and intelligence agencies without Senate-confirmed leadership and suggests that Trump is prioritizing loyalty over experience as he continues to fill senior roles in his administration. It also follows a massive breach of U.S. telecommunications networks by China-backed hacking group Salt Typhoon that allowed hackers to spy on the phones of senior U.S. officials, including Trump and Vice President JD Vance.

“We’re under attack, and the president just irresponsibly removed our most important general from the field,” said Sen. Angus King (I-Maine), a member of both the Senate Armed Services and Intelligence committees. “This is an outrageous decision.”

The Trump administration is dismantling federal cybersecurity initiatives that help state and local governments combat ransomware - gutting cyber teams, slashing budgets and threatening to eliminate cybersecurity grant programs - leaving agencies more vulnerable to escalating ransomware attacks.

During a Tuesday congressional hearing, state officials and lawmakers from both major political parties backed the Federal Emergency Management Agency state and local cybersecurity grant program. It has provided more than $800 million to states for cyber defenses since 2022 but is set to expire in September, leading panelists to warn that White House shutting the program could cripple cash-strapped agencies and leave local governments defenseless against increasingly sophisticated ransomware attacks. Homeland Security Secretary Kristi Noem, the only governor to reject federal cybersecurity grant funding for her state while in office, has threatened to cut programs like SLCG, and recently vowed to eliminate FEMA entirely.

Chinese intelligence entities are deploying online efforts to recruit unwitting current and former federal employees, according to a document from the National Counterintelligence and Security Center released Tuesday amid sweeping layoffs that have impacted much of the federal workforce.

China and other groups are “targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites,” said the document, which also contains seals from the Justice Department and the Defense Counterintelligence and Security Agency.

“Their deceptive online job offers, and other virtual approaches, have become more sophisticated in targeting unwitting individuals with USG backgrounds seeking new employment,” it said, adding that workers with security clearances must remember their obligation to protect classified information, even after leaving government service.

Efforts to shrink the size of the government, fueled by the Elon Musk-led Department of Government Efficiency, have targeted agencies across the federal enterprise, including the Defense Department and core intelligence offices like the CIA and the National Security Agency. The CIA has been given the legal go-ahead to terminate some staff outright.

On Tuesday, Director of National Intelligence Tulsi Gabbard announced a sweeping DOGE-like efficiency effort to cut out “wasteful spending, inefficiencies, and bloated bureaucracy” from the U.S. intelligence nexus. The Office of the Director of National Intelligence, which would be a target for these changes, houses the counterintelligence unit that issued the Chinese recruitment warning.

Warning signs that a recruitment effort is a sham meant to sway government workers include flattery, urgent requests to respond and the promise of an expedited timeline to a job offer, the intelligence paper said.

Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service, Dutch military intelligence agency MIVD said on Tuesday.

"We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.

"In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, with the aim of gaining control of the system. It was thwarted, but it was the first time."

The MIVD did not specify what public service had been targeted.

The agency also found a Russian cyber operation against critical infrastructure in the Netherlands, possibly as preparation for sabotage, the report said.

Western countries have in recent years said hybrid threats by Russia and China were becoming increasingly more aggressive.

Such threats could include everything from physical sabotage of critical infrastructure to disinformation campaigns, espionage and cyber attacks in a bid to influence or undermine society, the agency said.

China also still poses a serious threat to Europe through its support for Russia's war efforts and aggressive stance towards Taiwan, the report said. It was continuing its efforts to gain Western knowledge through investments and espionage, especially in the Dutch semiconductor industry, it added.

The MIVD said last year Chinese cyber espionage was more extensive than initially thought, targeting Western governments and defence companies.

According to separate advisories from the non‑profit Security Alliance (SEAL) and cybersecurity research firm Trail of Bits, Pyongyang hackers posing as VC investors have been caught sending phishing lures with Calendly links to Zoom meetings.

The campaign, tracked by SEAL as Elusive Comet, begins with a standard press‑relations pitch or a direct message inviting the target to appear on a podcast run by Aureon Capital.

If the victim takes the podcast appearance bait, the hackers schedule a call over Zoom to learn more about the potential victim’s work, sometimes withholding meeting details until the very last minute in order to induce additional urgency.

“Once the potential victim has joined the call, they are prompted to share their screen to present their work. At this point, [the hackers] will use Zoom to request control over the potential victim’s computer. If the potential victim is not paying close attention, they may accidentally grant remote access, which allows Elusive Comet to install their malware to the victim’s device,” according to the SEAL alert.

The alliance said the malware is capable of acting as an infostealer that immediately exfiltrates relevant secrets, or a RAT (remote access trojan) that allows for exfiltration at a later time.

The Zoom Remote Control feature allows one computer user to take control of another participant’s screen in a meeting when they’ve given explicit permission.

In the observed attacks, the hackers change their display name to “Zoom” that masks a permission dialog from another participant into what looks like an innocuous system pop‑up.

One hasty click gives the intruder full mouse‑and‑keyboard access, after which a malware installer (SEAL has spotted both data‑dumping loaders and full remote‑access Trojans) lands and begins trawling browser sessions, password managers and seed phrases.