Lightnews — Scholar-powered news

3 13 16

Ryan Gallagher @rjgallagher.co.uk · Aug 20

In 2012, yes! Microsoft accused a company called Hangzhou DPtech Technologies of leaking a Windows vulnerability and booted it out of MAPP

Microsoft Curbs Early Access for Chinese Firms to Notifications About Cybersecurity Flaws

Ryan Gallagher @rjgallagher.co.uk · Aug 20

New: Microsoft curbs Chinese companies’ access to info on cybersecurity vulnerabilities after investigating whether a leak led to a global hacking campaign that exploited flaws in its SharePoint software: www.bloomberg.com/news/article...

Microsoft Corp. has curtailed Chinese companies’ access to advance notifications about cybersecurity vulnerabilities in its technology after investigating whether a leak led to a series of hacks explo...

Microsoft Probing If Chinese Hackers Learned of Flaws Via Alert

1 7 10

Ryan Gallagher @rjgallagher.co.uk · Jul 25

Microsoft said in a statement it would "review this incident, find areas to improve, and apply those improvements broadly." Full story: www.bloomberg.com/news/article...

Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, acc...

Ryan Gallagher @rjgallagher.co.uk · Jul 25

Victims of the SharePoint attacks, which were first detected on July 7, now total more than 400 government agencies and corporations worldwide, including the US's National Nuclear Security Administration, the division responsible for designing and maintaining the country's nuclear weapons.

2 1

Ryan Gallagher @rjgallagher.co.uk · Jul 25

Some of the Chinese companies that are involved in MAPP are also members of a Chinese government vulnerability reporting program, the China National Vulnerability Database, which is operated by the country’s Ministry of State Security.

Ryan Gallagher @rjgallagher.co.uk · Jul 25

Microsoft has attributed SharePoint breaches to state-sponsored hackers from China, and at least a dozen Chinese companies participate in the alert sharing initiative, called the Microsoft Active Protections Program, or MAPP.

Microsoft Probing If Chinese Hackers Learned of Flaws Via Alert

Ryan Gallagher @rjgallagher.co.uk · Jul 25

New: Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in SharePoint before they were patched, enabling a global campaign of cyberattacks, according to people familiar: www.bloomberg.com/news/article...

Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, acc...

How a Tiny Middleman Could Access Two-Factor Login Codes From Tech Giants

1 8 9

Ryan Gallagher @rjgallagher.co.uk · Jun 18

A whistleblower shared 1 million two-factor authentication codes that had been sent to people by SMS from the world's largest tech companies, such as Google, Meta, & Amazon. We found the codes had been routed via an obscure Swiss company with links to spy agencies: www.bloomberg.com/news/article...

An investigation into the complexity of the global telecom system shows weaknesses in the transmission of secret codes sent via SMS.

How a Tiny Middleman Could Access Two-Factor Login Codes From Tech Giants

1 6 9

Ryan Gallagher @rjgallagher.co.uk · Jun 16

New: How a Tiny Middleman Could Access Two-Factor Login Codes From Tech Giants www.bloomberg.com/news/article...

An investigation into the complexity of the global telecom system shows weaknesses in the transmission of secret codes sent via SMS.

‘DragonForce’ Hacking Gang Takes Credit for UK Retail Attacks

3 4

Ryan Gallagher @rjgallagher.co.uk · May 2

‘DragonForce’ Hacking Gang Takes Credit for UK Retail Attacks: www.bloomberg.com/news/article...

A criminal hacking gang has taken credit for a disruptive campaign of cyberattacks targeting British retailers over the last two weeks.

Ukraine Is an `Easy Target' for Russian Hackers After US Aid Pullback

1 3 2

Ryan Gallagher @rjgallagher.co.uk · Apr 28

Portugal's National Cybersecurity Centre says: "There is no evidence to date pointing to a cyberattack. We would like to draw attention to the circulation of disinformation that occurs in these situations, and we therefore advise that every information should be confirmed with reliable sources."

1 40 52

Ryan Gallagher @rjgallagher.co.uk · Apr 28

Initial probe into cause of power outages in Spain & Portugal today suggests fault rather than cyberattack, according to the European Union Agency for Cybersecurity (ENISA). “For the moment the investigation seems to point out to a technical/cable issue,” a spokesperson for the agency tells me.

8 55 99

Ryan Gallagher @rjgallagher.co.uk · Apr 25

Full story: www.bloomberg.com/news/article...

American cybersecurity assistance has been crucial to helping war-torn country fend off hacks, experts say.

2

Ryan Gallagher @rjgallagher.co.uk · Apr 25

The end result is that Ukraine's digital front lines are weaker now, making the country an “easy target” for Russia, said Yegor Aushev, a Kyiv-based cybersecurity expert. The “sudden & unannounced shutdown” of cyber operations, he said, “has created a significant challenge.”

Ryan Gallagher @rjgallagher.co.uk · Apr 25

“Many projects were stopped halfway, contractors were let go before finishing their work, & a lot of plans didn’t get the chance to reach their full potential,” Mankish said.

Ryan Gallagher @rjgallagher.co.uk · Apr 25

Andrii Mankish, a Ukrainian cybersecurity expert who worked on US-funded projects to identify Russian hacking attempts, said the US's cyber pullback was likely to “impact our efforts & slow down progress in key areas.” Long-planned cybersecurity projects had suddenly ended, he said.

Ryan Gallagher @rjgallagher.co.uk · Apr 25

That work is now paused & it's unclear whether it will resume -- Ukrainians say they have been left in the dark. Equipment & services that were to be provided to the country for ongoing initiatives, such as a project to strengthen the country’s central election commission, are now not going ahead.

Ryan Gallagher @rjgallagher.co.uk · Apr 25

US cybersecurity assistance had included specialist support, training, equipment & software to organizations across Ukraine, including to dozens of government offices & departments & to key gas & electricity providers, the national bank & nuclear facilities such as Chernobyl.

US Aid Pullback is Making Ukraine More Vulnerable to Russian Hacks

Ryan Gallagher @rjgallagher.co.uk · Apr 25

New: US cuts to foreign aid are impacting Ukraine's cybersecurity. Dozens of people have had to stop work protecting the country from Russian hackers & shipments of vital cyber equipment have stopped, according to people familiar with the situation: www.bloomberg.com/news/article...

American cybersecurity assistance has been crucial to helping war-torn country fend off hacks, experts say.

UK Effort to Keep Apple Encryption Fight Secret Blocked in Court

1 7 11

Ryan Gallagher @rjgallagher.co.uk · Apr 9

Awesome news Will, congrats!

4

Ryan Gallagher @rjgallagher.co.uk · Apr 7

A UK court has blocked the UK government's attempt to keep secret a legal case over its demand to access Apple users' encrypted data. Judges said in a ruling Monday that authorities’ efforts were a “fundamental interference with the principle of open justice”: www.bloomberg.com/news/article...

A court has blocked a British government attempt to keep secret a legal case over its demand to access Apple Inc. user data in a victory for privacy advocates.

Trump envoy Steve Witkoff dismisses Starmer plan for Ukraine

7 7

Ryan Gallagher @rjgallagher.co.uk · Mar 23

Trump envoy dismisses UK peacekeeping plan for Ukraine, says: "I don't regard Putin as a bad guy. He's super smart." www.bbc.com/news/article...

Steve Witkoff says the UK plans for an international force to support a ceasefire are a "posture".

www.bbc.com

2 2

Ryan Gallagher @rjgallagher.co.uk · Mar 19

US national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation & cyberattacks. Initiative had involved at least seven agencies working w/ European allies to disrupt plots targeting Europe & the US, Reuters reports: www.reuters.com/world/us-sus...

Exclusive: US suspends some efforts to counter Russian sabotage as Trump moves closer to Putin

Several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks, easing pressure on Moscow as the Trump Administration pushes Russia to end its war in Ukraine.

www.reuters.com

1 31 29

Ryan Gallagher @rjgallagher.co.uk · Mar 19

Researchers find evidence suggesting spyware from Israeli firm Paragon has been obtained by Australia, Canada, Cyprus, Denmark & Singapore. The technology - used to hack phones & read private msgs - was recently linked to hacks of Italian journalists & activists: www.bloomberg.com/news/article...

Paragon Spyware Tool Linked to Canadian Police, Watchdog Says

A Canadian law enforcement agency is suspected to have used spyware designed to hack into mobile phones and eavesdrop on messages, according to cybersecurity researchers from the University of Toronto...