Author: admin

Posted on

Alleged Russian Hacks of Microsoft Service Providers Highlight Cybersecurity Deficiencies

Cybersecurity experts say Microsoft’s recent disclosure that alleged Russian hackers successfully attacked several IT service providers this year is a sign that many U.S. IT companies have underinvested in security measures needed to protect themselves and their customers from intrusions.

But a U.S.-based association of IT professionals says the industry’s efforts to combat foreign hacking attacks are hampered by their customers not practicing good cyber habits and by the federal government not doing enough to punish and deter the hackers.

In an October 24 blog post, Microsoft said a Russian nation-state hacking group that it calls Nobelium spent three months attacking companies that resell, customize and manage Microsoft cloud services and other digital technologies for public and private customers. Microsoft said it informed 609 of those companies, known as managed service providers, or MSPs, that they had been attacked 22,868 times by Nobelium from July 1 to October 19 this year.

‘Well-known techniques’

As of its October 24 blog post, Microsoft said it determined that “as many as 14” of the resellers and service providers had been compromised in the Nobelium attacks, which it said involved the use of “well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.”

Nobelium is the same group that Microsoft said was responsible for last year’s cyberattack on U.S. software company SolarWinds. That attack involved inserting malicious code into SolarWinds’ IT performance monitoring system, Orion, and gave the hackers access to the networks of thousands of U.S. public and private organizations that use Orion to manage their IT resources.

The White House said in April that it believed the perpetrators of the SolarWinds hack were part of the Russian foreign intelligence service, or SVR.

In an October 29 statement published by Russian network RBC TV, Russia’s foreign ministry dismissed as “groundless” Microsoft’s accusation that SVR was behind the recent cyberattacks on IT companies. It also said Microsoft should have shared data on the attacks with the Russian government’s National Coordination Center for Computer Incidents to aid a “professional and effective dialogue to … identify those involved.”

VOA asked Microsoft whether the company had communicated with Moscow regarding the latest hacking incidents, but Microsoft declined to comment.

It also has not disclosed the names or locations of any of the targeted or compromised IT companies.

Charles Weaver, chief executive of the U.S.-based International Association of Cloud and Managed Service Providers, also known as MSPAlliance, told VOA that he had not heard of any of his organization’s members being affected by the latest Nobelium attacks.

MSPAlliance describes itself as the world’s largest industry group for people who manage hardware, software and cloud computing services for customers. It says it has more than 30,000 members worldwide, about two-thirds of them based in North America.

Insufficient attention

The apparently successful cyberattacks on Microsoft-linked IT companies are a sign that U.S. MSPs are not putting enough priority on cybersecurity, said Jake Williams, a chief technology officer at U.S. cybersecurity company BreachQuest and a former U.S. National Security Agency elite hacking team member.

“The profit margins for MSPs are often razor-thin, and in the majority of cases, they compete purely on cost,” Williams told VOA in an interview. “Any work they do that doesn’t directly translate to additional revenue is generally not happening.”

One cybersecurity practice that more MSPs should adopt is the sharing of information with U.S. authorities about hacking incidents, said James Curtis, a cybersecurity program director at Webster University in Missouri, in a conversation with VOA’s Russian Service.

Curtis, a retired U.S. Air Force cyber officer and a former IT industry executive, said MSPs do not like to admit they have been hacked.

“They don’t want to share that their users’ information has been stolen, because it may hurt their bottom line and may hurt their stock prices, and so they try to handle that internally,” he said.

“The MSP community is not perfect,” Weaver said. “Our members face a lot of cyberattacks and their job is to protect their customers against these things. For 21 years, MSPAlliance has strived to promote best practices for our global community, and we will continue to incrementally improve as fast and as often as we can.”

But Weaver said criticism of MSPs for not devoting enough attention to cybersecurity is misplaced.

Customer practices

“MSPs have been urging their customers to make easy and inexpensive fixes such as adopting multifactor authentication to back up their data to the cloud,” Weaver said. “But I personally have witnessed a lot of nonconformity amongst the customers. They have to be the ones that ultimately pay for and allow MSPs to deploy those fixes.”

The Biden administration also has used a variety of tools this year to try to protect U.S. targets from Russian and other foreign hackers. In May, President Joe Biden issued an executive order for U.S. authorities to tighten cybersecurity contractual requirements for IT companies that work with the federal government. The order said the companies should be required to share more information with federal agencies about cyber incidents impacting the IT services provided to those agencies.

In an earlier action in April, the Biden administration sanctioned six Russian technology companies for providing support to what it called malicious cyber activities of Russia’s intelligence services.

Senior U.S. officials also have used diplomacy to try to expand international participation in a Counter-Ransomware Initiative (CRI). A U.S. National Security Council statement issued Wednesday said deputy national security adviser Anne Neuberger briefed representatives of 35 countries Tuesday on the outcome of last month’s first CRI meeting of experts from law enforcement, cybersecurity, financial regulators and foreign affairs ministries.

Chris Morgan, an intelligence analyst at Britain-based cybersecurity company Digital Shadows, told VOA the stronger cybersecurity practices mandated by the U.S. government for federal contractors will not necessarily be voluntarily adopted by IT companies working in the private sector. One such mandated practice is for federal contractors to adopt a “zero-trust” security model, in which users who log in to a network are not automatically trusted to do whatever they like within that network but must instead undergo continual authentication.

Larger government role

“Implementing zero-trust is a real change in the way that your network is managed and comes with significant costs. I think that’s the reason why a lot of companies are quite hesitant to do so,” Morgan said. “I think a lot of people would like the U.S. government to take a more active role in combating cybercrime [through promoting measures like zero-trust].”

Weaver, of MSPAlliance, said applying federal cybersecurity regulations to the entire private sector is not a good idea because different industries, such as banking, health care and energy, have different IT needs.

He also said the U.S. government could effectively curb ransomware attacks by doing more to hold the perpetrators accountable.

“Cyberattacks are a big business, yet the hackers are in countries beyond the reach of our law enforcement,” Weaver said. “So you have a business model that has no disincentive to stop. And all we have are the IT guardians against those attacks. I just don’t think that putting regulations on the guardians is going to solve this.”

Source: Voice of America

Posted on

Exodus of Foreign Internet Giants Strengthens China’s Homegrown Ecosystem

China now depends almost entirely on its own online content providers, as the number of big foreign companies in the market, such as Yahoo and LinkedIn, keeps dwindling, giving the government a boost in controlling the internet, analysts say.

On Monday the Silicon Valley internet service provider Yahoo closed all of its services in China, following LinkedIn’s pullout announcement in October and earlier blockages of Google content.

In an e-mailed statement, Yahoo cited an “increasingly challenging business and legal environment in China.” Many Yahoo services were largely blocked in China, where the email and search engine provider has operated since 1999.

“My first reaction was, I didn’t know Yahoo was still alive in China,” said Danny Levinson, Beijing-based head of technology at the seed investment firm Matoka Capital.

Domestic services flourish

Chinese netizens seldom use Yahoo or other major Silicon Valley internet services, especially for media and communications, as domestic rivals have flourished over the past two decades. The government can handily monitor local providers for what it considers subversive content by calling in company managers for discipline.

Chinese use China-based WeChat for the bulk of their daily communication, watch TikTok videos instead of YouTube and check China’s Baidu.com rather than Wikipedia. Alibaba, headquartered in Hangzhou, takes care of e-commerce, although foreign rivals can still get into China given their trade’s lack of political sensitivity.

“They had all the ingredients in place,” said Kaiser Kuo, a U.S.-based podcaster who has worked in Chinese tech. “You had a really large, very fast-growing market. There was a need for people to come in with services that were catered to Chinese language users and Chinese tastes. On top of that, it was so cutthroat that foreign internet companies just couldn’t compete very well.”

The roughly 1 billion Chinese who use the internet have spawned an industry with an operating revenue of about $155 billion in the first 11 months of 2019, up 22.4% over the same months of 2018, according to Caixin Globa, a Chinese economic news-focused website.

Chinese mass media have said the country aims to become technologically self-sufficient by 2030 and get around U.S. government bans on doing business with some of its flagship companies.

Chinese netizens contacted this week say they’re unfazed by Yahoo’s withdrawal. Many Chinese have never visited Yahoo’s homepage, one veteran Beijing internet user said.

Laws discourage foreign providers

China has monitored the internet for two decades, by blocking websites and filtering social feeds, to intercept anti-government material. Its latest effort, the Data Security Law, restricts outflows of sensitive data from China and requires internet operators to give their internal data to law enforcement agencies.

Getting around that law can be costly and upset users outside China who oppose censorship, some analysts say.

“If there was a platform that was willing to go into China and completely cede control to the Chinese government and regulators to manage that, I think there would be an opportunity to grow, but so far most companies have chosen not to,” said Zennon Kapron, director of the finance industry research firm Kapronasia.

China previously blocked Facebook, Google and most other global social media sites and search engines as well as flagship Western news websites. Foreign media content providers “haven’t been really there for a long time in force,” said Ma Rui, founder of the San Francisco-based consultancy Tech Buzz China.

Users in China can still access foreign internet content by using a virtual private network, but authorities search out and block overseas-based VPNs that are not authorized for specific companies doing business in China. The “efficacy” of VPNs to stop filtering or blocking of content has declined over the years, Levinson said.

Emailing can still take care of Chinese people’s overseas business matters, Ma said, while foreign companies active in China normally use WeChat. China, however, does not allow end-to-end encrypted e-mail or chats.

“The email gets through, but based on the originating DNS [domain name system], it might get blocked, and it might get filtered. So it’s not a 100 percent panacea, but for normal business communication it’ll be fine,” Levinson said.

China’s constitution affords its citizens freedom of speech and press, but authorities target web content that the government believes will expose state secrets or might endanger the country, according to the Council on Foreign Relations, a research group.

Source: Voice of America

Posted on

‘It’s Our Lives on the Line’, Young Marchers Tell UN Climate Talks

Thousands of young campaigners marched through the streets of Glasgow on Friday, chanting their demand that world leaders at the U.N. climate conference safeguard their future against catastrophic climate change.

Inside the COP26 conference venue in the Scottish city, civil society leaders took over discussions at the end of a week of government speeches and pledges that included promises to phase out coal, slash emissions of the potent greenhouse gas methane and reduce deforestation.

“We must not declare victory here,” said former U.S. Vice President Al Gore, who shared the 2007 Nobel Peace Prize for his work informing the world about climate change. “We know that we have made progress, but we are far from the goals that we need to reach.”

Campaigners and pressure groups have been underwhelmed by the commitments made so far, many of which are voluntary, exclude the biggest polluters, or set deadlines decades away.

Swedish teenage activist Greta Thunberg joined the marchers on the streets, who held placards and banners with messages that reflected frustration with what she described as “blah-blah-blah” coming from years of global climate negotiations.

“You don’t care, but I do!” read one sign, carried by a girl sitting on her father’s shoulders.

Sixteen-year-old protester Hannah McInnes called climate change “the most universally devastating problem in the world,” adding: “It’s our lives and our futures that are on the line.”

Promises

The talks aim to secure enough national promises to cut greenhouse gas emissions – mainly from fossil fuels – to keep the rise in the average global temperature to 1.5 degrees Celsius.

Scientists say this is the point at which the already intense storms, heatwaves, droughts and floods that the Earth is experiencing could become catastrophic and irreversible.

To that end, the United Nations wants countries to halve their emissions from 1990 levels by 2030, on their way to net-zero emissions by 2050. That would mean the world would release no more climate-warming gases than the amount it is simultaneously recapturing from the atmosphere.

The summit on Thursday saw 23 additional countries pledge to try to phase out coal – albeit over the next three decades, and without the world’s biggest consumer, China.

A pledge to reduce deforestation brought a hasty about-turn from Indonesia, home to vast and endangered tropical forests.

But a plan to curb emissions of methane by 30% did appear to strike a blow against greenhouse gases that should produce rapid results.

And city mayors have been working out what they can do to advance climate action more quickly and nimbly than governments.

The Glasgow talks also have showcased a jumble of financial pledges, buoying hopes that national commitments to bring down emissions can actually be implemented.

But time was running short. “It is not possible for a large number of unresolved issues to continue into week 2,” COP26 President Alok Sharma said in a note to negotiators published by the United Nations.

Efforts to set a global pricing framework for carbon, as a way to make polluters pay fairly for their emissions and ideally finance efforts to offset them, are likely to continue to the very end of the two-week conference.

The new normal

U.S. climate envoy John Kerry said on Friday it was possible to reach a deal at the summit settling the final details of the rulebook for how to interpret the 2015 Paris Agreement.

He said the United States was in favor of “the most frequent possible” assessments of whether countries were meeting their goals to reduce emissions.

In Washington, President Joe Biden’s mammoth “Build Back Better” package, including $555 billion of measures aimed at hitting the 2030 target and adapting to climate change, looks set to pass eventually. It hit snags on Friday, however, as the House of Representatives was due to vote on it.

Gore, a veteran of such battles, offered conference-goers a scientific video and photo presentation filled with images of climate-fueled natural disasters, from flooding to wildfires.

“We cannot allow this to become the new normal,” Gore said.

One schoolchild’s placard put it just as well.

“The Earth’s climate is changing!” it read, under a hand-painted picture of a globe on fire. “Why aren’t we?”

Source: Voice of America

Posted on

Pfizer: COVID-19 Pill Cuts Risk of Severe Disease by 89%

U.S. pharmaceutical company Pfizer announced Friday its new COVID-19 pill showed an 89% reduction in risk of COVID-19-related hospitalization or death in clinical trials and they plan to submit the drug to U.S. regulators for emergency use approval.

In a release Friday, Pfizer said the latest clinical trials of its pill, Paxlovid, featured a randomized, double-blind study of non-hospitalized adult patients with COVID-19 who are at high risk of progressing to severe illness.

The company said interim analysis of the oral antiviral showed an 89% reduction in risk compared to a placebo in patients treated within three days of symptom onset.

Pfizer said it has received an independent data monitoring committee recommendation to pause enrollment in the Phase 3 trial due to the overwhelming efficacy demonstrated in the latest results.

The company plans to submit the data as part of its ongoing application to the FDA for Emergency Use Authorization as soon as possible.

Pfizer is now the second drug manufacturer to develop an oral treatment for COVID-19. U.S. company Merck last month introduced its COVID-19 pill, which clinical studies showed to provide a 50% reduction in hospitalizations and deaths due to COVID-19. It has been submitted to the FDA, and the federal agency is scheduled to rule on it late this month.

Currently, all COVID-19 treatments approved in the United States require injection or intravenous drip. Pills have the advantage of being distributed by pharmacies and taken at home.

Britain’s Medicines and Healthcare products Regulatory Agency approved Merck’s pill, known as Molnupiravir, Thursday. The European Union’s drug regulator, the European Medicines Agency (EMA), said it would speed up its review of the Merck pill, and is prepared to give advice to individual EU member states so they can make the pill available for emergency use ahead of the EMA authorization.

When Merck’s pill was submitted for approval last month, White House Coronavirus Response Coordinator Jeff Zients said the U.S. government had already arranged to buy 1.7 million doses of the pill, with an option to acquire more if needed.

Source: Voice of America

Posted on

South Korea Showed How to Contain COVID, Now It Will Try to Live With It

Seats are once again packed at professional baseball games in South Korea. Just as in pre-pandemic times, fans can drink beer and eat fried chicken. They can clap their hands, stomp their feet, and wave inflatable noisemakers to support their team.

What they are not allowed to do, though, at least not yet, is shout or sing fight songs, a key feature of Korean baseball crowds.

“If you shout a lot, the virus will leak through your mask,” Prime Minister Kim Boo-kyum pleaded with fans on a radio show this week, after crowds were seen as being too vocally supportive of their teams during tense playoff games.

It is a microcosm of how life is going in South Korea: basically, things are returning to normal, but they are not quite there yet.

Although South Korea never locked down during the coronavirus pandemic, it was never fully open either, especially as the country has battled a fourth wave of infections since July.

However, starting this week, the government rolled out the first step of its “living with COVID-19” plan. Bigger crowds can now gather in Seoul. Restaurants and cafes, including those that serve alcohol, are no longer subject to a nighttime curfew. Sports fans have returned to stadiums and arenas.

Barring setbacks, South Korea will phase out all social distancing rules by the end of February, two years after the country experienced one of the world’s first COVID-19 outbreaks.

South Korea’s COVID-19 approach has unquestionably been a success so far. It is one of very few countries to avoid both mass lockdowns and mass deaths.

Now, after outperforming its global peers at nearly every stage of the pandemic, South Korea hopes it can demonstrate how to live with COVID-19.

A cautious opening

For starters, few in South Korea are declaring victory. That is in contrast to countries such as the United States and Britain, where leaders announced independence from the virus and quickly eased social distancing, only to see the delta variant sweep through their populations, killing tens of thousands more in each country.

“The goal here is to set up a system where the government can relax the restrictions, but at the same time has criteria for moving back,” said Jerome Kim, director-general of the International Vaccine Institute in Seoul.

There are good reasons for caution. Although over 75% of South Koreans are vaccinated, the number of daily confirmed COVID-19 cases has not fallen since the fourth wave began.

“We do, I think at this point, have a realization that the vaccines are doing what they’re supposed to do, which is preventing severe disease, hospitalization, and death. But they don’t necessarily prevent infection,” Kim said.

Officials have repeatedly warned the opening up could be reversed. And they say some precautions, such as mandatory facemasks, may be around for the foreseeable future.

South Koreans seem receptive. According to a recent poll by Seoul National University, about 49% of South Koreans have mixed feelings about the loosened restrictions. Twenty-seven percent think it will be impossible to ever stop wearing masks, according to a survey by Gallup Korea.

Getting public support

Unlike many countries, South Korea has seen almost no domestic backlash to its pandemic approach.

Businesses largely complied with mandatory curfews. There has been no successful anti-vaccine movement. Virtually everyone wears masks, even when running alone outside on empty paths.

That public buy-in has been at the heart of South Korea’s COVID-19 success, according to public health experts. Not only has it given authorities more anti-pandemic tools, those tools are less coercive and more precise.

For instance, no vaccine mandates have been necessary; about 90% of adults have received the COVID-19 vaccine. Mass lockdowns, too, are unheard of; during the pandemic it has always been possible to go shopping or eat at a restaurant.

Perhaps the most invasive tool is South Korea’s system of contact tracing.

Using cellphone, credit card, and other personal data, authorities can quickly determine where those infected with COVID-19 have gone and who they may have contacted.

The contact tracing only became possible after South Korea’s National Assembly loosened privacy laws following a public outcry over the government’s handling of a deadly 2015 outbreak of Middle East respiratory syndrome, or MERS.

“I think there are a number of choices that people here have made in order to have freedom, which is really what it is,” Kim said.

Moving ahead

As South Korea makes the transition toward living with the virus, it will continue to use many of those same tools, which have become a part of daily life.

Customers at every restaurant in Seoul are required to check in either via their phones or on a sign-up sheet at the counter. Temperature checks remain at the entrance of almost every business. Soon, electronic vaccine passes will be required to enter sporting events, concerts, and other large venues.

Some health experts caution that new standards may be necessary for defining COVID-19 success, though.

While many news outlets continue to focus on the number of confirmed daily cases, it will soon be important to pay attention to more meaningful measurements, such as the number of intensive care unit beds available or the number of serious illnesses.

“Even if there are 10,000 confirmed cases, it will still be more important to know the number of serious cases or what the fatality rate is,” said Chun Eun-mi, a respiratory disease specialist at Ewha Womans University Medical Center in Seoul.

Experts also warn inconsistencies may need to be addressed as authorities figure out the best path to follow.

During a previous round of social distancing, many South Korean newspapers mocked the strangely specific guidelines for Seoul fitness centers, which were prohibited from playing music with a tempo higher than 120 beats per minute. Joggers were also prevented from running faster than 6 kph on the treadmill.

More recently, Korean baseball fans are the ones questioning the rules against cheering. Why are they allowed to attend baseball games, they ask, but remain forbidden to vocally support their team?

South Korean officials insist that cheering may be allowed during future rounds of opening up.

For now, South Korea’s prime minister asked fans, “please reduce your shouts by just a little.”

Source: Voice of America

Posted on

Synchronoss Nomeia Taylor C. Greenwald para Diretor Financeiro

Líder financeiro traz mais de 20 anos de experiência com empresa pública para a Synchronoss

BRIDGEWATER, N.J., Nov. 04, 2021 (GLOBE NEWSWIRE) — A Synchronoss Technologies, Inc. (NASDAQ: SNCR), líder global e inovadora de nuvem, mensagens e produtos e plataformas digitais, anunciou hoje que Taylor C. Greenwald foi nomeado Vice-Presidente Executivo e Diretor Financeiro, com efeito imediato. Na sua nova função na Synchronoss, Greenwald supervisionará as operações financeiras globais da empresa, incluindo contabilidade, tesouraria, planejamento e análise de negócios, desenvolvimento corporativo e relações com investidores.

Greenwald traz para Synchronoss vasta experiência com gerenciamento de todas as funções financeiras de grandes organizações públicas globais. Recentemente, ele foi Vice-Presidente Sênior de Finanças e Diretor Financeiro, Presença na Web do Endurance International Group, uma empresa de serviços de TI. Antes disso, ele passou 18 anos na Convergys Corporation, onde ocupou vários cargos de liderança sênior, incluindo Vice-Presidente Sênior de Finanças, Controlador e Diretor de Contabilidade.

“É com grande prazer que recebemos Taylor na nossa equipe de liderança sênior”, disse Jeff Miller, Presidente e CEO da Synchronoss. A Taylor tem vasta experiência com aumento de receita e rentabilidade de grandes empresas dos setores de tecnologia e serviços empresariais. Além disso, ele tem profundo conhecimento de desenvolvimento corporativo, incluindo aquisições e alienações, proficiência comprovada com estratégias de recuperação e um forte histórico técnico. Estou confiante de que sua experiência e perspicácia financeira causarão um impacto imediato à medida que continuamos a posicionar a Synchronoss para o futuro e garantir que nossos clientes em todo o mundo tenham os recursos necessários para se conectarem com seus assinantes de maneira confiável e significativa.”

Miller acrescentou que Lou Ferraro, que atuou como Diretor Financeiro Interino no último trimestre, permanecerá na empresa como Vice-Presidente Executivo de Operações Financeiras e Diretor de Recursos Humanos, reportando-se a Taylor. “Lou fez um trabalho fantástico depois de ser convidado a assumir o cargo de CFO atuante em meados do ano, além das suas outras responsabilidades. O conselho e eu estamos prontos para a liderança dele”, disse Miller.

Greenwald disse que está contente em entrar na empresa. “O trabalho que a Synchronoss realizou no ano passado para melhorar a trajetória dos negócios é impressionante, e me sinto honrado em entrar para a empresa em um momento tão importante. Estou preparado para ajudar a Synchronoss a criar impulso para o crescimento da receita e cumprir suas metas estratégicas para os clientes e outras partes interessadas”, ele concluiu.

Greenwald é formado em MBA pelo Massachusetts Institute of Technology – Sloan School of Management, e em engenharia pelo Georgia Institute of Technology.

Sobre a Synchronoss
A Synchronoss tecnologia(NASDAQ: SNCR) cria software que capacita empresas ao redor do mundo a se conectarem com seus assinantes de forma confiável e significativa. O conjunto de produtos da empresa ajuda a agilizar as redes, simplificar a integração e envolver os assinantes, permitindo novos fluxos de receita, redução dos custos e aumento da velocidade no mercado. Centenas de milhões de assinantes confiam nos produtos da Synchronoss que se mantêm em sincronia com as pessoas, serviços e os conteúdos que elas gostam. É por isso que mais de 1.500 funcionários talentosos da Synchronoss em todo o mundo se esforçam todos os dias para reimaginar um mundo em sincronia. Saiba mais em www.synchronoss.com

Contato com a Mídia

Em nome da Synchronoss:
Anais Merlin, CCgroup UK
Diane Rose, CCgroup US
E: synchronoss@ccgrouppr.com

Contato com o Investidor
Em nome da Synchronoss: Todd Kehrli/Joo-Hun Kim, MKR Investor Relations, Inc., E: investor@synchronoss.com

Proudly powered by WordPress