MediaTek launches Dimensity 7200, a 4nm mid-range processor

andreasc
-
0
MediaTek launches Dimensity 7200, a 4nm mid-range processor
[ad_1]

MediaTek has added a new member to its Dimensity line of 5G smartphone processors. Dubbed Dimensity 7200, the latest chipset is a mid-range 4nm solution built on TSMC’s N4P process, the same used in the high-end Dimensity 9200. It will debut within the next few weeks.

Dimensity 7200 specifications

The Dimensity 7200 has an octa-core CPU featuring two ARM Cortex-A715 performance cores clocked at 2.8GHz. MediaTek is including six Cortex-A510 efficiency cores here. ARM’s Mali G610 MC4 GPU handles the graphics duties. The chipset supports Full HD+ displays at up to 144Hz refresh rate. MediaTek MiraVision Display ensures HDR10+, CUVA HDR, and Dolby HDR capabilities. The Taiwanese firm has also included MediaTek HyperEngine 5.0 technology for optimized gaming. It delivers power-efficient AI-based Variable Rate Shading (VRS).

Speaking of AI, the Dimensity 7200 ships with a built-in AI Processing Unit (APU). MediaTek’s Imagiq 765 and a 14-bit HDR-ISP means the chipset can handle the highest resolution smartphone cameras out there (200MP). It also supports 4K HDR video recording, including simultaneous capture from two cameras at Full HD resolution (1080P). All-pixel autofocus technology ensures everything is in focus. The built-in APU enables real-time portrait beautification, while the processor also supports motion-compensated noise reduction and night photography.

The Dimensity 7200 features a 3GPP Release-16 standard integrated 5G modem for power-efficient Sub-6GHz 5G cellular connectivity. It brings 2CC Carrier Aggregation and Dual 5G SIM with dual VoNR. MediaTek claims a theoretical peak download speed of 4.7Gbps. Memory frequency can go up to 6400Mbps, but the chipset misses out on the latest UFS 4.0 storage solution. It only supports the previous-gen UFS 3.1 storage. Other highlights include Wi-Fi 6E, Bluetooth 5.3, Bluetooth LE, and Dual-Link True Wireless Stereo Audio.

This chipset opens up a new series of Dimensity processors in MediaTek’s portfolio. It appears the company will focus this lineup on premium mid-range devices with greater emphasis on gaming and photography, “The MediaTek Dimensity 7000 series will be vital for mobile gamers and photography enthusiasts who are looking for an affordable way to squeeze the most battery life out of their phones without skimping on performance,” said CH Chen, the Taiwanese firm’s Deputy General Manager of Wireless Communications Business Unit.

The new MediaTek processor will debut soon

The Dimensity 7200 will start shipping inside phones within the next few weeks. MediaTek hasn’t named any partner company or device but said that it will “power 5G devices launching in the global market in Q1 2023”. The first quarter ends in March, which means that the new chipset will debut soon. We may see the first batch of Dimensity 7200-powered phones go official around Mobile World Congress (MWC) 2023, which kicks off on Monday, February 27. We will keep you posted with all the latest and greatest happenings at the upcoming tech event in Barcelona.

MediaTek Dimensity 7200


[ad_2]
Source link

Students and professors protest TikTok bans at state schools

andreasc
-
0
Students and professors protest TikTok bans at state schools
[ad_1]

With over 25 states banning the use of short-form video app TikTok on state-owned devices, it comes as no surprise that the ban has been extended to public schools in these states. With parent company ByteDance located in China, there have been numerous concerns about the app collecting users’ personal data and even capturing keystrokes to learn passwords and other information.

Bloomberg reports that the TikTok ban has worked its way to more than a dozen state-run universities including Auburn University, the University of Georgia, Oklahoma State University, and more recently the University of Texas, Austin. Some schools have banned TikTok from being installed on university-owned devices while other schools won’t allow TikTok to be used on campus networks. Some schools use both methods to ban TikTok.

TikTok was the most downloaded app globally in 2022

After the still popular TikTok app was banned at the University of Texas, Austin, both students and even professors at the school spoke out against restricting the app. Kate Biberdorf, 36, an associate professor of chemistry at the university said, “I use TikTok as an educational tool to make science fun and accessible. To have that tool be taken away by a university, that doesn’t sit right with me. Right now in our community, it feels like our rights are being taken away, and this is another push in the wrong direction.”

Walmart was one of the American companies that reportedly was interested in buying TikTok's U.S. unit - Students and professors protest TikTok bans at state schools

Walmart was one of the American companies that reportedly was interested in buying TikTok’s U.S. unit

Biberdorf is not only a fan of the app, she is also a content creator known as Kate the Chemist and has 194,400 TikTok followers. Attending the same school, 22-year-old theater-education major Grace Featherston said that people should be allowed to make their own decisions about using an app owned by a company located in China. She said, “It’s the choice of US citizens, whether they want to consume TikTok and whether they want to take that risk.”

Featherston has 27,000 followers on TikTok who view her videos that discuss Broadway shows, social trends, and current events. Like many TikTok users, even though she is aware of the risks of using the app, it doesn’t bother her enough to make her stop using Tik Tok. That’s because using the app makes her an internet celebrity while delivering entertainment to her. 

Politicians supporting such bans or even a nationwide ban of the app will need to consider the possible blowback from younger voters. Featherston says that she will consider a politician’s position on TikTok before she votes. The demographics of TikTok users match those of the ‘voters under 30’ group that helped the Democrats outperform expectations for the 2022 mid-term election. So all politicians need to handle this situation carefully rather than risk alienating this important block of votersb.

ByteDance defends itself by stating that it doesn’t share data with the Chinese government and has strict controls inside the company that limit the access to user data. Even with these controls, ByteDance said that some employees tracked journalists by violating company rules to access user data belonging to Americans. Still, TikTok was the most installed app worldwide last year with 672 million global downloads.

TikTok users belong to a demographic that both political parties covet

Rick McElroy, principal security strategist at tech firm VMware Inc. says that security fears should not be overlooked when it comes to TikTok. McElroy says that the personal data collected by an app like TikTok could be used by a company or even a government to track high-profile individuals and damage their reputations using misinformation campaigns. The aforementioned tracking of journalists is a real-life example.

As of the beginning of this year, TikTok has 1 billion active users in 154 countries. The app records videos in a vertical orientation and such content can run for 10 seconds to as long as 10 minutes.  The app can be downloaded from the App Store for iOS users while Android users can download TikTok from the Google Play Store.

[ad_2]
Source link

Russian hackers target NATO sites with DDoS attack

andreasc
-
0
Russian hackers target NATO sites with DDoS attack
[ad_1]

The North Atlantic Treaty Organization (NATO) has been the victim of a series of distributed denial of service (DDoS) attacks, causing temporary disruption to some of its sites.

The DDoS attacks have been linked to the Russian hacktivist collective Killnet which had posted via an encrypted channel on social media platform Telegram that it was planning to launch attacks against NATO. The group also appeared to be asking for cryptocurrency donations to launch further attacks.

Jens Stolberg, secretary general of NATO, said that protective measures had been deployed in response to the attack.

Stolberg noted that NATO’s classified networks, which are used to communicate within its command structure and on active missions, were not affected by the DDoS attack. He also said that “the majority of NATO websites were functioning as normal” and that the organization’s technical teams were “working to restore full access”.

Despite Stolberg’s assurances that the network was not affected, it has been reported that communications between NATO and its Strategic Airlift Capability (SAC) were affected by the attack. The SAC has been used as part of NATO’s response to the magnitude 7.8 earthquake that hit Syria and Turkey on 6 February and its subsequent aftershocks, with an aircraft being used to fly search and rescue teams and their equipment to an airbase in Turkey. The SAC’s ability to communicate with the aircraft it was allegedly affected by network disruption although it did not fully lose contact with the plane.  

What are hacktivists?

Hacktivists, or hacktivism, describes hackers who are motivated not by monetary gain but by their political views. Hacktivists used cyber attacks to further their ideology or make political statements using disruptive threat vectors like DDoS attacks to take websites or services offline.

Hacktivists may also steal sensitive or embarrassing information about their political adversaries to post online, a technique known as doxxing.

Hacktivists targeted Iran’s steel industry

On June 28, 2022, one of Iran’s largest steel manufacturers was targeted by the hacktivist group Gonjeshke Darande (Predatory Sparrow). 
Khouzestan Steel Company was forced to close its plant due to technical issues as a result of the attack, with the company’s website also down. 
Predatory Sparrow posted a video on social media, claiming to have affected multiple other steel companies in the attack including Mobarakeh Steel Company and the Hormozgan Steel Company.

The attack was orchestrated against Khouzestan Steel Company as, according to Predatory Sparrow, the company has continued to operate despite government sanctions. In January 2021, several companies connected to the steel industry in Iran were sanctioned by the US Treasury Department after it was alleged that the metal producers had been using their revenue to fund the Iranian regime and its nefarious activities.

The group also said that the attacks were launched in response to the “aggression of the Islamic Republic [of Iran]”, and that they were carried out “carefully so to protect innocent individuals”. 


[ad_2]
Source link

New Phishing Campaign Exploits Geo Targetly URL Shortener

andreasc
-
0
New Phishing Campaign Exploits Geo Targetly URL Shortener
[ad_1]

Researchers have warned users about a new phishing campaign that exploits the URL shortener service Geo Targetly to lure victims. It empowers the attackers to wage a widespread phishing campaign aimed at different geo-locations.

Geo Targetly URL Shortener Phishing Campaign

According to a recent post from Check Point Research, their researchers discovered a new phishing campaign that exploits the Geo Targetly URL shortener.

Geo Targetly is a dedicated service for location-based advertising, enabling marketers to shorten their URLs according to the specified locations. For instance, clicking on a shortened URL will redirect the user to the respective market of its country, whereas someone in another part of the world would visit the web page as per that region.

Specifically, the attackers behind this campaign use the URL shortener to mask the links to their phishing web pages. Clicking The phishing emails impersonate various entities to trick users into opening the message. For instance, one such email had a subject line mentioning a subpeona for violating the road speed limit.

The emails are designed in the language of the citizens of the target country. Then, the Geo Targetly-shortened URLs for phishing websites redirect users to the fake sites accordingly.

Such customizability empowers the attackers to target users from different parts of the world in the same campaign.

The researchers have shared the details about the phishing campaign in their post.

Be Wary Of Phishing

One of the prime reasons phishing attacks remain successful even after multiple warnings and awareness alerts is the ever-evolving creativity of cybercriminals in designing their campaigns. Whenever they wish to target a specific group of users, they design near-real email messages, which are often difficult for an average user to detect.

Nonetheless, practising caution can always help users avoid such attacks. In this regard, the researchers advise users always to verify the website URLs for originality and double-check the site for legitimacy before sharing any data.

Let us know your thoughts in the comments.


[ad_2]
Source link

Arris router vulnerability could lead to complete takeover

andreasc
-
0
Arris router vulnerability could lead to complete takeover
[ad_1]

A security researcher found an authenticated remote code execution vulnerability in very wide-spread Arris router models.

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers’ telephony and internet access.

After responsible disclosure Richards has published a Proof-of-Concept (PoC) that demonstrates how he, ironically used the verification against itself.

Affected devices

The Arris Router Firmware version 9.1.103 authenticated RCE exploit has been tested against the TG2482A, TG2492, and SBG10 models, devices that can be commonly found in the Caribbean and Latin America, says Richards.

According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company. This means that they are unlikely to ever get updated, even though the SBG10 is actively listed on its website.

Authenticated

An authenticated RCE means an attacker would need login credentials in order to exploit the vulnerability. However, it’s likely that a majority of users haven’t changed their default router credentials, because it is too complicated or they simply are not told clear enough that this is a necessary step in the setup process. So once an attacker knows the default credentials, they can happily exploit the vulnerability.

Richards added:

“It is also worth noting that there is no https setting to secure credentials in transit. I think this makes it a perfect target for botnets like Mirai that gained success using default credentials, and more experienced attackers may have more clever ways to circumvent this.”

How to protect yourself

Since we do not expect the vendor or the ISPs to patch this vulnerability, we asked the researcher for his advice.

“As for mitigation, an easy and effective way is to simply use a strong password, but still this does not stop an attacker from eavesdropping on the unprotected traffic containing the password or even manipulating the browser to gain access. A more desirable form of mitigation would be to change the firmware completely but as you said providers are lax about pushing updates and there is no easy way for an end user to do this themselves. They could run the exploit to gain a root shell and try to patch it from there but this is by no means a simple solution.”

The vulnerability

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. This vulnerability will be listed under CVE-2022-45701.

While testing options to achieve shell script command injection, the researcher found that $ is accepted. That was promising, but when paired into $( it was neutralized. This implies that the developer was intentionally trying to prevent command injection this way. However, there is still a flaw in the verification. If any of the disallowed characters or $( is in the object, the object is not set and keeps its previous value. But, in the case of \ it is simply removed from the payload subsequent to verification. This allows us to set $() by inputting $\(). This could have easily been prevented by also neutralizing $ or ( individually.

With this knowledge Richards was able to add a netcat reverse tcp shellcode and get a shell.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

Instagram introduces ‘Broadcast Channels’ to post one-way content

andreasc
-
0
Instagram introduces ‘Broadcast Channels’ to post one-way content
[ad_1]

Instagram is always unveiling new features to keep its users engaged. The photo-sharing app just introduced a new feature that will let people post one-way content for their fans. Instagram calls this feature Broadcast Channels.

The thinking behind this feature isn’t particularly new. Telegram has a feature similar to this called “Channels”. It’s an interesting way of keeping your fans engaged in what you’re posting. It’s also an easier way of providing text-based information for fans.

Instagram introduces Broadcast Channels

There aren’t too many ways of sending text-based announcements to your followers. The company was working on bringing short text-based statuses to profiles, but it’s not widely available yet. Other than that, you’d need to add the text to your posts via the caption or through stories. However, those methods aren’t really direct.

However, Instagram just introduced its new Broadcast Channels. These are essentially one-way chat rooms. The creator can set up the channel and invite people to join. Once the creator sets up the channel, their followers will be notified.

In the group, the creator will be able to send messages to the group, but the followers won’t be able to post their own messages; they can only react.

The creators can send any type of message into the channel that they could in a regular message group/Story. You’re able to send text, pictures, videos, polls, audio messages, etc.

This feature did launch to the stable version of Instagram, but it’s still not available to everyone. Instagram has a short list of top Instagram influencers who can use the feature before everyone else.

This list includes Austin Sprinz, David Allen, Tank Sinatra, Valkyrae, and more. You can check out the full list of accounts on the announcement post. There’s no telling when the company will roll this out to all other users. In any case, we don’t expect it to be too long.


[ad_2]
Source link

Xiaomi will start mass production of its EV in 2024

andreasc
-
0
Xiaomi will start mass production of its EV in 2024
[ad_1]

As one of the world’s leading providers of affordable and high-quality consumer electronics, Xiaomi’s entrance into the automotive industry has created a lot of buzz and excitement. And according to reports, Xiaomi is making significant strides in developing its car, with CEO Lei Jun personally overseeing the division and dedicating over half his time.

During a recent investor day, CEO Lei Jun shared exciting news about the development of Xiaomi’s cars. The R&D team behind the project has grown to over 2,300 members, and they plan to launch the vehicle for mass production by Q1 2024. Lei Jun stated that autonomous driving is playing a crucial role in the car’s development, and they are investing heavily in becoming a leader in this field by 2024. In order to achieve this goal, the company also plans to test over 140 vehicles during the first phase of testing.

Although the company is yet to share details, a Weibo blogger recently shared images of the soon-to-be-announced electric vehicle wandering on the streets of China during winter testing. Jun was also present during this test, demonstrating the company’s dedication to ensuring the success of the project.

Similar profit structure to smartphones

Interestingly, Xiaomi will take a similar approach to profits as they do with their smartphone, i.e. software profits. According to Jun, this approach creates exciting opportunities for integrating different services beyond the sale of a single product. Although the company has not confirmed it yet, it is likely to focus on software features such as autonomous driving and in-car entertainment, which can generate recurring revenue streams for the company.

While Xiaomi has established an automobile facility in Beijing’s Yizhuang, housing the sales and R&D headquarters, the company is also constructing a fully functional vehicle factory with a yearly capacity of 300,000 vehicles, with the first car expected to roll off the production line in 2024.


[ad_2]
Source link

Avoid these three scammy apps still listed in the Play Store (20 million+ installs)

andreasc
-
0
Avoid these three scammy apps still listed in the Play Store (20 million+ installs)
[ad_1]
According to software firm Dr.Web (via BleepingComputer) a new category of activity-tracking apps has appeared on the Google Play Store generating over 20 million downloads. What makes these three tracking apps so appealing to Android users? They bill themselves as health trackers and pedometers that give you incentive to get into shape by promising to pay out cash rewards to those who reach certain goals.

Do not install these three apps; they are still listed in the Google Play Store

The report from Dr.Web points out that these rewards are often impossible to receive as users must accumulate a large number of rewards before being forced to watch dozens of commercials in order to cash out.  After watching all of those ads, users were advised to watch even more to “speed up” the rewards process. The report states that even after all that  “the apps did not verify any of the payment-related data provided by users, so the chances of receiving any of the money promised from these apps are extremely small.”

Three apps mentioned in the report remain in the Google Play Store. They are:
  • Lucky Step – Walking Tracker with 10 million downloads.
  • WalkingJoy  with 5 million downloads.
  • Lucky Habit: health tracker with 5 million downloads.

All three apps connect with the same command & control server. Such servers are usually used by attackers to send directions to systems infected by malware. With all three apps communicating with the same remote server, it is apparent that they have the same developer. It is also pointed out that earlier versions of the Lucky Step-Walking Tracker falsely said that users had the option of converting their rewards into gift cards for various online stores.

Remember, these crooked developers make money when you view their ads. The more ads you watch, the more money they make.
Do not install these three apps on your Android device - Avoid these three scammy apps still listed in the Play Store (20 million+ installs)

Do not install these three apps on your Android device

The Lucky Step-Walking Tracker app was eventually updated and the functionality that would convert rewards into cash was removed and the interface elements that would be tapped to make this conversion disappeared. All previously accumulated rewards instantly became worthless.

The one thing you can do to protect yourself from installing malicious apps

If you’re a long-time PhoneArena reader, you know that we tell you to read the comments section before installing an app from a developer that you’re not familiar with-even if the app is listed in the Play Store. That is where you will find red flags that can warn you to stay away from a certain app. For example, two comments written by a pair of unlucky Android device users who installed the Lucky Step – Walking Tracker app contained plenty of red flags.

These two comments from the listing for the Lucky Star app contain enough red flags to keep you from installing it - Avoid these three scammy apps still listed in the Play Store (20 million+ installs)

These two comments from the listing for the Lucky Star app contain enough red flags to keep you from installing it

One comment came from a user who gave the app two stars (!!??!!) while stating that it is “Mostly ad junkie, there is really no benefit to the app…every time you unlock the phone it throws a full-screen ad at you…when I have an alarm going off it overrides that display and will not allow me to get to [the] alarm screen unless I first interact with it. It is just a scam designed to get as much of your data possible while feeding repeatedly ads just so they can make money off of you.”

This is how these three apps trick you into watching dozens and dozens of ads - Avoid these three scammy apps still listed in the Play Store (20 million+ installs)

This is how these three apps trick you into watching dozens and dozens of ads

A second comment gives the app one star and says, “Also, there are a lot of annoying ads that you have to watch to get a few coins. This app is a real scam and garbage and a waste of time and effort.”

We just punched up these apps in the Google Play Store so if you see them, do not install any of the three on your Android devices. Also, if you’ve already installed any of the three, uninstall them immediately.

Here’s one more malicious app that you need to avoid

Dr.Web’s report also mentioned a fitness app called FitStar that creates a customized weight-loss plan for 29 rubles (equivalent to 41 U.S. cents). However, what those subscribing didn’t know was that the program they were signing up for was good for only one day. At the end of the trial, subscribers were automatically signed up for four days of service for an additional 980 rubles (equivalent to $13.86). Full access to the program cost 7,000 rubles ($98.98) and the app continued to automatically extend users’ subscriptions every four days.

This app is also still listed in the Google Play Store. Comments for this app note that if you install it, the icon doesn’t show up on your phone’s list of installed apps making it hard to uninstall. The same review also notes that “The app is trying from the start to get into either Facebook or Google data…”

Don’t put your phone or your wallet at risk. Stay away from all of the apps mentioned in Dr.Web’s report.

[ad_2]
Source link

AI Image Editing Tool Cutout Leaked User Images and Data

andreasc
-
0
AI Image Editing Tool Cutout Leaked User Images and Data
[ad_1]

Cutout, a popular AI image editing tool, suffered a data breach that exposed user images, usernames, and email addresses. The incident underscores the risks of using cloud-based AI tools for sensitive data.

Cutout.pro, a web-based AI image editing tool, was caught leaking 9GB worth of user data, which included usernames and images requested by using specific queries.

The discovery was made by Cybernews, who found an open ElasticSearch instance containing 22 million log entries referencing usernames, including individual users and business accounts.

However, since log entries contained duplicates, the total number of users affected is unclear. The instance also had information on the number of user credits, a virtual in-game currency, and links to Amazon S3 buckets, where generated images were stored.

This should not come as surprise since the use of AI-powered tools have skyrocketed. This is precisely due to the massive success of ChatGPT. So much so that Google was forced to release its own AI tool called Bard AI.

AI Image Generator and Editor Cutout.pro Leaks User Images and Data
The exposed Elasticsearch cluster (Image: CyberNews)

The Hong Kong-based visual design platform allows users to manipulate photos or generate images using an AI-based application programming interface (API). This functionality enables the integration of the company’s services into third-party apps.

As noted by researchers, Cutout.pro has self-reported statistics of over 300 million API requests, 4,000 requests per second from over 5,000 applications and websites, and partnerships with over 25,000 businesses.

Therefore, the consequent impact of the leak is likely to be devastating for the customers whose data was exposed in the leak. According to the Cybernews report, their team also found two image editing apps in the open database: Vivid and AYAYA.

“If Cutout.pro’s developers previously didn’t back up the data, the open instance could have led not only to the temporary denial of service but a permanent data loss that was stored on the open instance. Attackers could have wiped it out.”

Cyber News

Due to not being properly configured, the open instance could have been exploited by threat actors in multiple ways. The Cybernews team surmised that anyone could have performed CRUD (Create, Read, Update, and Delete) operations.

Attackers could have used the initial access point to enter the database, take control of the data, and pass it through Cutout.pro’s API, thus carrying out a dangerous supply chain attack on the company’s customers.

Misconfigured Databases – Threat to Privacy

As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.

In 2021, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:

  • USA – 93,685 databases
  • China – 54,764 databases
  • Germany – 11,177 databases
  • France – 9,723 databases
  • India – 6,545 databases
  • Singapore – 5,882 databases
  • Hong Kong – 5,563 databases
  • Russia – 5,493 databases
  • Japan – 4,427 databases
  • Italy – 4,242 databases
  1. How AI-Powered Tools Spark Creativity
  2. Healthcare Firm ‘Doctors Me’ leaked Patient images
  3. Plastic surgery tech firm leaks images of 100k+ users
  4. New scam uses AI-generated images to fake law firm
  5. Breast Cancer Charity Exposed Images of U.S. Patients

[ad_2]
Source link

Ransomware pushes City of Oakland into state of emergency

andreasc
-
0
Ransomware pushes City of Oakland into state of emergency
[ad_1]

The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago

The ransomware attack that hit Oakland on Wednesday February 8, 2023 is still crippling many of the city’s services a week later. In fact, the situation is so bad that the Interim City Administrator has now declared a state of emergency.

Tweet by City of Oakland

Tweet announcing the state of emergency

The ransomware attack initially forced the City’s Information Technology Department (ITD) to take all systems offline while it coordinated with law enforcement to investigate the attack.

The impact of the outage is far-reaching and ongoing. The network outage has impacted many non-emergency systems including the ability to collect payments and process reports, permits, and licenses. As a result, some of the city buildings are closed and the public is under advice to email ahead of any planned visit to one of the impacted departments.

Interim City Administrator G. Harold Duffey declared the state of emergency due to the ongoing impact of the network outages as a result of the ransomware attack. According to a spokesperson for the City:

“The declaration of a local emergency allows the City to Oakland to expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis, while we work to safely restore systems and bring our services back online.”

Fortunately, the attack has not affected crucial infrastructure like the 911 dispatch and fire and emergency resources, but the Oakland Police Department (OPD) did say that response time has been delayed and asked the public:

If you don’t have an emergency or do not need an immediate emergency response, please consider the following means to report incidents:

•OPD Online Reporting: oaklandca.gov
•Oak 311: for urgent issues, call 311.
•OakDOT: call (510) 615-5566.

So far the City has not provided an indication of when the situation will be back to normal.

Attackers

At this point it’s not clear which ransomware group is behind the attack on the City of Oakland. None of them has claimed the attack and the leak sites of the major groups we checked don’t mention Oakland. This could be because the ransom negotiations have not been broken off yet.

With the investigation apparently ongoing there is no indication of which infection method was used. We’ll update this story if we learn more.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link
1...1,4201,4211,422...1,452Page 1,421 of 1,452