Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Trending (Page 1 of 9)

Auto Added by WPeMatico

Senate Democrats weigh $6T infrastructure bill, without GOP

ap21166766232103.jpg

Senate Democrats are weighing spending as much as $6 trillion on their own infrastructure package if the chamber’s bipartisan talks fail, according to two sources familiar with the matter.

Majority Leader Chuck Schumer has repeatedly insisted that infrastructure talks are currently on two tracks: The first track is bipartisan, while the second track will include priorities that have no chance of getting GOP support. He huddled on Wednesday afternoon with Democratic members of the Budget Committee to discuss strategy, with no firm decision reached.

Senate Budget Chair Bernie Sanders (I-Vt.) has been pushing for an aggressive approach to the infrastructure talks and is angling to insert a large expansion of Medicare into Democrats’ plan. Earlier this week, Sanders said he opposed the emerging bipartisan agreement.

“The bipartisan talks could impact us, but we’re going to keep going,” Sanders said Wednesday.

According to a tentative plan, half of the proposed Democrats-only alternative would be paid for. About $2.5 trillion would go through the Finance Committee, $185 billion through the Energy Committee and almost $500 billion through the Environment and Public Works Committee, one source said, while emphasizing that the discussions are fluid.

A spokesperson for the Budget committee declined to comment.

Moderate Democrats will meet with Schumer midday to discuss their bipartisan proposal, the budget and reconciliation, according to two sources familiar with the matter. They have signaled they are unlikely to go along with a package running into the multi-trillion-dollar range, but talks about a compromise are just beginning in earnest.

The details of the bigger plan come as a bipartisan group of senators, led by Sens. Kyrsten Sinema (D-Ariz.) and Rob Portman (R-Ohio), released details this week of an infrastructure plan that costs about $973 billion over five years or $1.2 trillion over eight. The plan would include $579 billion in new spending, and pay-fors include repurposing unused Covid relief funds, imposing a surcharge on electric vehicles, and expanding use of state and local funds for coronavirus relief.

Schumer may need to make sure he has unified support for a massive Democratic-only package before he can cut a deal on a separate, bipartisan bill.

The White House has balked at indexing the gas tax, the EV charges and raiding Covid funds. But a White House official said that Senate Democrats offered a more detailed, updated briefing to them on Wednesday.

“We continue to be encouraged by what our team was briefed on,” the official said.

So far, a bipartisan group of 21 senators have signed on and the plan’s details remain in flux. And Democrats’ separate considerations of an infrastructure bill as big as $6 trillion — more than President Joe Biden’s initial $4 trillion-plus plan — don’t necessarily suggest they’re preparing for those talks to run aground. The bigger framework includes provisions that could be added to a separate infrastructure bill passed along party lines even if the bipartisan talks pay off.

The White House met with a group of Democratic negotiators on Wednesday. But it’s not clear what the next steps are just yet. Moderate Democrats will meet with Schumer midday to discuss their bipartisan proposal, the budget and reconciliation, according to two sources familiar with the matter.

Sen. Joe Manchin (D-W.Va.) is pushing for a bipartisan agreement and is not entirely committed to a second reconciliation package with only Democratic priorities, which is a key demand by progressives whose votes will be needed for any bipartisan deal. Liberal lawmakers for weeks have been pushing for the White House to go it alone.

Schumer has insisted that the Senate will take up infrastructure in July. He also wants the Senate to consider a budget resolution that would unlock the ability to pass a party-line bill and evade a filibuster.

Source: https://www.politico.com/news/2021/06/17/senate-democrats-infrastructure-reconciliation-494977
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Marianne LeVine and Burgess Everett

Ransomware attacks ‘are here to stay,’ Commerce secretary says

210606-raimondo-ap-773.jpg

Commerce Secretary Gina Raimondo said Sunday that ransomware attacks “are here to stay,” and that businesses should plan accordingly.

“The first thing we have to recognize,” she said, “is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify. And so just last week the White House sent out a letter broadly to the business community urging the business community to do more.”

Speaking on ABC’s “This Week With George Stephanopoulos,” the former governor of Rhode Island declined to blame Vladimir Putin’s Russia outright in answering a question on whether the Biden administration should look to punish Russia, which is believed to be the source of some or all of these attacks.

“We are evaluating all the options and we won’t stand for a nation supporting or turning a blind eye to a criminal enterprise,” she said. “And as the president has said, we’re considering all of our options.”

She added: “This week when the president meets with Putin and other world leaders, this will be at the top of the agenda.”

In a ransomware attack, hackers seize control of a business or organization’s computer system by exploiting weaknesses in the security system, then lock up the entire system until a “ransom” is paid. Raimondo said one way to stymie international hackers is to approve Biden’s proposed infrastructure plan.

“Certain components of the American Jobs Plan provide for investments to shore up the nation’s cyber infrastructure,” she told Stephanopoulos.

Raimondo argued that the good news in all this was that businesses can make relatively simple changes to protect themselves against such attacks.

“Some very simple steps like two-factor authentication, having proper backups and backup technology, can be enormously helpful against a wide variety of these attacks. So it is clear that the private sector needs to be more vigilant, by the way, including small- and medium-sized companies,” she said.

Source: https://www.politico.com/news/2021/06/06/ransomware-attacks-commerce-secretary-492005
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: David Cohen

Cyberattack on food supply followed years of warnings

210317-colorado-meat-grocery-store-ap-77

Security analysts from the University of Minnesota warned the U.S. Agriculture Department in late May about a growing danger — a cyber crime known as ransomware that could wreak more havoc on Americans’ food sources than Covid-19 did.

A week and a half later, the prediction became reality as a ransomware attack forced the shutdown of meat plants that process more than a fifth of the nation’s beef supply in the latest demonstration of hackers’ ability to interrupt a critical piece of the U.S. economy.

The hack of the global meatpacking giant JBS last weekend is also the starkest example yet of the food system’s vulnerability to digital threats, especially as internet technology and automation gain an increasing role across farmlands and slaughterhouses. But federal oversight of the industry’s cybersecurity practices remains light, despite years of warnings that an attack could bring consequences ranging from higher grocery prices to contaminated food.

Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy — just voluntary guidelines exist. The two federal agencies overseeing the sector include the USDA, which has faced criticism from Congress for how it secures its own data. And unlike other industries that have formed information-sharing collectives to coordinate their responses to potential cyber threats, the food industry disbanded its group in 2008.

Now, food producers need to face the fact that disruptive cyberattacks are part of what Agriculture Secretary Tom Vilsack calls their “new reality.”

210223-tom-vilsack-getty-773.jpg

National security threats to the agricultural supply chain haven’t received enough attention across the entire federal government, argued Rep. Rick Crawford (R-Ark.), who serves on both the House Intelligence and Agriculture committees.

“Too often agriculture is dismissed as: ‘It’s important but it’s not that big a deal,’” Crawford said in an interview. “If you eat, you’re involved in agriculture. We all need to recognize that it’s a vital industry and this [incident] illustrates that.”

The North American Meat Institute, which represents meatpackers, declined to comment on the state of the industry’s cybersecurity measures or potential changes following the hack.

The downside of ‘enormous technology’

The cry of alarm from the University of Minnesota’s Food Protection and Defense Institute arrived in the most unassuming of packages: as one of more than 180 official comments filed to the USDA related to a presidential order about securing the nation’s supply chains.

“Fast-spreading ransomware attacks could simultaneously block operations at many more plants than were affected by the pandemic,” the institute warned in its May 18 filing, noting that Covid-19 last year forced a shutdown of slaughterhouses that prompted fears of meat shortages and price spikes.

It was just the latest in a series of warnings from national security and law enforcement agencies, private cybersecurity companies and academic researchers.

In November, the cybersecurity firm CrowdStrike said in a report that its threat-hunting service had witnessed a tenfold increase in interactive — or “hands-on-keyboard” — intrusions affecting the agriculture industry over the previous 10 months. Adam Meyers, the company’s senior vice president of intelligence, said that of the 160 hacking groups or gangs the company tracks, 13 have been identified in targeting agriculture.

A 2018 report from the Department of Homeland Security examined a range of cyber threats facing the industry as it adopts digitized “precision agriculture,” while the FBI said in April 2016 that agriculture is “increasingly vulnerable to cyberattacks as farmers become more reliant on digitized data.”

The industry also offers plentiful targets: As the Department of Homeland Security’s cyber agency notes, the ag and food sector includes “an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities,” almost all under private ownership.

For decades, however, most farmers and foodmakers have prized productivity over all else, including security — trying to eke out profits in an industry with chronically narrow margins and meet the growing global demand for food. In the quest for efficiency, meat plants are ratcheting up their processing line speeds and investing in robotics to more quickly carve up carcasses. Farmers are adopting high-tech innovations like drones, GPS mapping, soil sensors and autonomous tractors, with vast data behind it all.

All that connectivity and automation comes at a cost.

“This is part of the downside of having an enormous technology, enormous capacity to turn a lot of data and become more efficient,” Vilsack said. “There are risks associated with that.”

‘No industry is off limits’

The disruption to JBS, which controls nearly a quarter of America’s cattle processing, has raised concerns mainly about the impact on meat markets. USDA data shows wholesale beef prices have steadily ticked higher each day since the hack, with choice cuts climbing above $341 per hundred pounds as of Thursday morning.

Higher prices are just one of many potential consequences. Cyberattacks could also lead to the sale of tainted food to the public, financial ruin for producers, or even the injury and death of plant workers, according to the Food Protection and Defense Institute, a DHS-recognized group.

In its public comments to USDA, the institute highlighted gaping holes in the industry’s preparedness, including a general “lack of awareness throughout the sector” and scant guidance from government regulators. It also noted that large parts of the industry rely on decades-old, custom-written software that is essentially impossible to update, along with outdated operating systems like Windows 98.

“The agriculture industry probably lags behind some of the other industries that have been hit harder by cyber crime” like the financial sector, which has long been a prime target for criminals, said Michael Daniel, president and chief executive of the Cyber Threat Alliance, a nonprofit organization.

However, the JBS hack, just like the ransomware attack on Colonial Pipeline in May and the ensuing gasoline-buying panic, shows that “no industry is off limits,” he added. Ransomware operators “are going to go wherever they think they can extract money.”

Daniel, a cyber coordinator during the Obama administration, said he would recommend that industry executives take basic steps like assessing their companies’ digital preparedness and reviewing federal security guidelines.

“What I would be telling them is: You really need to be thinking about how you manage your cybersecurity risk, just like you manage commodity price risk, just like you manage natural disaster risk, just like you manage legal risk,” Daniel said.

The White House similarly advised all companies on Thursday to harden their defenses, including by installing the latest software updates and requiring extra authentication for anyone logging onto their systems.

Meyers, from CrowdStrike, said seriousness with which cybersecurity is regarded varies “depending on who you’re talking to in the ag industry.” He said multinational conglomerates that have intellectual property worth protecting make it a priority, but “as you get down the food chain, so to speak, they probably think about it less seriously.”

The JBS hack “is the big wake-up call for all these small, medium and large businesses. You can’t stick your head in the sand, and hope it’s not going to happen to you because it is,” Meyers said. “You need to be prepared, and you need to get yourself ready to fight. Because if you don’t, you’re going to be paying a ransom and somebody’s going to be eating your lunch.”

A call for Congress to act

Congress may need to step in to help fix the situation, said Crawford, the House member from Arkansas, who reintroduced legislation earlier this year that would establish an intelligence office within USDA. The office would serve as a conduit for the department to keep farmers informed of threats to their livelihood, including espionage and cyber operations by malign actors.

A key reason the industry isn’t prepared against dangers like ransomware is that the U.S. intelligence community hasn’t considered the national security threats to agriculture as much as it should, Crawford argued.

He added that communication must go both ways: Companies need to have their cyber experts share what they see with their government counterparts. No such requirements exist for the food and ag industry.

“What I would advise the private sector to do is be proactive on these things as possible,” according to Crawford, who is organizing a “business intelligence and supply chain integrity” forum this summer that will feature cybersecurity experts, government officials and representatives from the clandestine community to educate local businesses about digital threats.

USDA has not proposed any significant policy changes following the JBS attack, instead asking food and agriculture companies to take voluntary steps to safeguard their IT and infrastructure from cyber threats. Vilsack on Thursday pointed to guidelines from DHS’ Cybersecurity and Infrastructure Security Agency that companies can adopt for their own protection.

There’s no shortage of policy recommendations from experts in the field. Most proposals involve educating industry leaders and employees, setting minimum standards for cyber safety or improving coordination between companies and agencies.

Another step recommended by the Food Protection and Defense Institute: USDA and DHS should work with the industry to create a cyber threats clearinghouse — known as an “information sharing and analysis center” — to collaborate on studying and addressing digital risks.

Other critical industries, including the electricity and financial sectors, already have their own ISACs, but the food industry does not. Instead, some food and ag companies have joined a broader information-sharing group that covers the information technology industry, said Scott Algeier, executive director of the IT-ISAC.

“They wanted to engage with other companies but did not have an ISAC. So they applied to us,” said Algeier, whose organization also provides a threat-sharing forum for the elections industry.

The nonprofit Internet Security Alliance has called for federal grants and other incentives for food companies to step up their cyber defenses.

“Increasing cybersecurity will cost money, and finding the additional funding will not be simple for the sector since it is governed by tight margins and faces a highly competitive world market,” the group wrote on its website.

Helena Bottemiller Evich contributed to this report.

Source: https://www.politico.com/news/2021/06/05/how-ransomware-hackers-came-for-americans-beef-491936
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Ryan McCrimmon and Martin Matishak

Supreme Court narrows scope of sweeping cybercrime law

210604-scotus-gty-773.jpg

The Supreme Court has sharply curtailed the scope of the nation’s main cybercrime law, limiting a tool that civil liberties advocates say federal prosecutors have abused by seeking prison time for minor computer misdeeds.

The 6-3 decision handed down Thursday means federal prosecutors can no longer use the 1986 Computer Fraud and Abuse Act to charge people who misused databases they are otherwise entitled to access. The ruling comes six months after justices expressed concern that the government’s sweeping interpretation of the law could place people in jeopardy for activities as mundane as checking social media on their work computers, with Justice Neil Gorsuch saying prosecutors’ view risked “making a federal criminal of us all.”

In an unusual lineup, the court’s three Trump appointees — who are also the newest justices — joined the court’s three liberals to reject the Justice Department’s interpretation of the statute.

The majority ruling, written by Justice Amy Coney Barrett, is largely devoted to a meticulous parsing of the statue’s language. However, she also noted the dangers of the approach prosecutors have advocated.

“The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote. “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”

While insisting that the court arrived at its ruling based solely on reading the statute, and not considering its potential effects, Barrett concurred with critics who said the broader interpretation would “criminalize everything from embellishing an online-dating profile to using a pseudonym on Facebook.”

In dissent, Justice Clarence Thomas said the majority’s reading was contrived and off-base. He also said there are many areas of law where permission given to do something for one purpose does not imply permission for an unrelated purpose.

“A valet, for example, may take possession of a person’s car to park it, but he cannot take it for a joyride,” Thomas wrote in an opinion joined by Chief Justice John Roberts and Justice Samuel Alito.

Thomas also noted that violations of the law are typically a misdemeanor, and he said the breadth of the statute is no reason to misread it. “Much of the Federal Code criminalizes common activity,” he wrote. “It is understandable to be uncomfortable with so much conduct being criminalized, but that discomfort does not give us authority to alter statutes.”

Past controversies involving the law included a two-year prison sentence for a journalist who helped hackers deface the Los Angeles Times’ website and, most notoriously, a prosecution that led to the suicide of a prominent internet freedom activist who faced the possibility of decades behind bars for downloading millions of scientific journal articles.

The case decided on Thursday, Van Buren v. United States, involved a former police officer convicted of violating the CFAA for searching a license plate database in exchange for a bribe as part of an FBI sting operation. The officer appealed the conviction, arguing that the law did not cover the unauthorized use of a computer system that the user was allowed to access as part of his job.

The Supreme Court agreed, holding that Nathan Van Buren’s conviction was invalid.

A broad coalition of technology experts, civil-society activists and transparency advocates had poured amicus briefs into the high court as it considered its first-ever case involving the law.

The National Whistleblower Center warned that applying the CFAA to any unauthorized use of computer data would invite “retaliation against whistleblowers who provide evidence of criminal fraud and other criminal activity” to authorities. The libertarian Americans for Prosperity Foundation said the government’s interpretation of the law would cover “violations of the fine print in website terms of service, company computer-use policies, and other breaches of contract” and “wrongly criminalize a wide swath of innocent, innocuous conduct.”

Free-press advocates warned that a ruling for the government “would significantly chill First Amendment activity,” while technologists said it would allow prosecutors to go after good-faith security researchers attempting to raise awareness of digital vulnerabilities.

But supporters of the broad use of the CFAA said it was necessary to combat insider threats facing businesses and government agencies’ sensitive computer systems. Narrowing the law “would allow any person who has legitimate access to the data carte blanche to access and use (or indeed in many cases destroy) that data for any manifestly blameworthy reason they choose,” the Federal Law Enforcement Officers Association told the court.

Source: https://www.politico.com/news/2021/06/03/supreme-court-cybercrime-law-491764
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Eric Geller and Josh Gerstein

US meatpacking plants get back on stream after crippling cyber-attack

3500.jpg?width=1200&height=630&quality=8

Experts warn ‘no one is out of bounds’ after ransomware attack halts production at JBS, which supplies more than fifth of US beef

Meat-processing factories in the US run by the world’s largest company in that field are coming back on stream on Wednesday after a ransomware attack – as experts warned all corporate and local government leaders to be on the alert.

A cyber-attack on the meat processor JBS had forced it to halt all US operations while it scrambled to restore functionality. The attack, like other recent hacks, is believed to have originated in Russia.

Continue reading…

Source: https://www.theguardian.com/food/2021/jun/02/cyber-attack-targets-worlds-largest-meat-processing-company
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Alex Hern and Alexandra Villarreal

Microsoft: SolarWinds hackers target 150 orgs with phishing

210528-international-development-ap-773.

BOSTON — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

Source: https://www.politico.com/news/2021/05/28/microsoft-solarwinds-hackers-phishing-491317
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Associated Press

Iguanas with chips: Florida seeks solution to invasive reptile problem

3500.jpg?width=1200&height=630&quality=8

  • ‘Tag day’ initiative opposed by some owners of exotic pets
  • State official ‘proud that Florida is looked at as a leader’

From Key West’s high-summer Hemingway Days, in which bearded hopefuls vie for the title of best Papa lookalike, to the annual hunt for the elusive (and imaginary) skunk ape, Florida is renowned for its calendar of curiosities.

Related: Toilet-invading iguanas among invasive species now banned in Florida

Continue reading…

Source: https://www.theguardian.com/us-news/2021/may/03/florida-iguanas-chips-invasive-reptile-tegu-lizards
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Richard Luscombe in Miami

Marine biologists identify new species of ‘Dumbo’ octopus that lives 7,000m below sea level (PHOTOS)

When searching for hitherto unidentified animals in the darkest depths of the oceans, researchers expect to find grisly, alien-like species but, recently, they encountered an altogether cuter new creature: a Dumbo octopus.

Using almost entirely non-invasive scanning techniques instead of the standard highly invasive and sometimes fatal lab tests and dissections, researchers from the University of Bonn successfully identified the never-before-seen Grimpoteuthis imperator, or Dumbo octopus. 

608585c52030272fd42c98ed.png

© Christina Sagorny et al, BMC Biology, 2021


The G. imperator, a new subspecies of an already rare breed of octopus, was discovered in the northern part of the Emperor Seamounts, an underwater mountain ridge in the northwest Pacific Ocean. They live at depths of 7,000 meters (22,966 feet). The researchers suggested the common name for the critter: Emperor Dumbo in English, Dumbo Impérial in French, and Kaiserdumbo in German.

6085859e2030272d4a2cd874.png

© Christina Sagorny et al, BMC Biology, 2021


Rather than dissecting Dumbo, the marine biologists instead used high-field magnetic resonance imaging and micro-computed tomography scans to ascertain its origin before carrying out minimally invasive gene analysis on tissue samples to verify it was indeed a new species.

608585d92030273880352408.png

© Christina Sagorny et al, BMC Biology, 2021


Measurements and digital photo comparisons with other types of Dumbo octopus – so called because of its two head fins, which resemble the large elephant ears sported by the lovable Disney character – were undertaken to settle the matter.

The researchers were also surprised to encounter a systemic heart in the new deepwater Dumbo, which had hitherto never been described in octopus species before.

Also on rt.com

FILE PHOTO. © Pixabay / AnjaScientists capture octopus PUNCHING fish, apparently out of SPITE, in bizarre VIDEO

Think your friends would be interested? Share this story!

Source: https://www.rt.com/news/522079-new-species-dumbo-octopus-discovered/?utm_source=rss&utm_medium=rss&utm_campaign=RSS
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: RT

Israel appears to confirm it carried out cyberattack on Iran nuclear facility

8251.jpg?width=1200&height=630&quality=8

Shutdown happened hours after Natanz reactor’s new centrifuges were started

Israel appeared to confirm claims that it was behind a cyber-attack on Iran’s main nuclear facility on Sunday, which Tehran’s nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators.

The apparent attack took place hours after officials at the Natanz reactor restarted spinning advanced centrifuges that could speed up the production of enriched uranium, in what had been billed as a pivotal moment in the country’s nuclear programme.

Continue reading…

Source: https://www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Martin Chulov Middle East correspondent

« Older posts