Computer Security

Subterms

    Latest story

    100 Shares25 Views

    Victoria’s Secret Takes Down Website After Security Breach

    by

    The cyberattack disrupted online sales for days and sent the lingerie company’s share price lower.Victoria’s Secret’s website remained offline on Thursday, days after the lingerie company was hit by a cyberattack that has disrupted its online sales and sent its stock price lower.The company said that it had taken its website and some in-store services down as a precaution, with teams working around the clock to restore operations. Its physical stores remained open.As of Thursday morning, Victoria’s Secret’s share price had fallen 8 percent since Tuesday. The company did not confirm when the security incident took place, but shoppers reported seeing effects of the outage on social media earlier this week. It was unclear who perpetrated the attack on Victoria’s Secret, which is based in Reynoldsburg, Ohio.The cyberattack was the latest example of a high-profile digital breach at a major retailer, raising questions about companies’ preparedness and the security of customer data.Earlier this month, Marks & Spencer, the large British retailer, was hit by a cyberattack that left the company unable to process online orders for weeks. The company told customers that some personal customer data had been taken, though not usable card or payment details or account passwords. It said there was no evidence that the data had been shared, but said it was prompting customers to change their passwords regardless.Also in late April, Harrods, the luxury department store based in Britain, experienced brief disruptions, restricting internet access at its sites as a security measure.Ransomware attacks, which can disrupt services in addition to stealing customer data, have increased in recent years. Organizations across sectors have been targeted, including hospitals.Cody Barrow, the chief executive of Eclectic IQ, a cybersecurity services company, said the attack on Victoria’s Secret could underscore the vulnerability of retailers, many of whom rely on third party systems, such as payment providers.“To me what it says is that retailers are still not segmenting systems well enough to contain incidents,” Mr. Barrow said. “Third parties are the biggest blind spot right now, especially for retailers.” More

    More stories

    • 150 Shares129 Views

      in Elections

      Ex-Army Sergeant Gets 7 Years for Selling Military Secrets to Chinese Conspirator

      by

      Korbein Schultz, 25, who was an intelligence analyst, accepted $42,000 in bribes for sensitive documents, prosecutors said. He pleaded guilty in 2024.A former U.S. Army intelligence analyst with top secret security clearance was sentenced to seven years in prison on Wednesday for selling classified military information to a foreign national who was most likely connected to the Chinese government, federal prosecutors said.The analyst, Sgt. Korbein Schultz, 25, sent at least 92 sensitive documents to a conspirator, who was not named, in a period of less than two years, the authorities said. The material included technical manuals for intercontinental ballistic missile systems and information on Chinese military tactics, they said.Mr. Schultz, of Wills Point, Texas, received $42,000 in exchange for the information, according to the Justice Department.He pleaded guilty last August to six criminal counts that included conspiracy to obtain and transmit national defense data, bribery of a public official and exporting technical defense data. The counts all together could have brought a sentence of up to 65 years in prison.Mr. Schultz will also be required to complete three years of supervised release as part of his sentence, which was handed down in federal court in Nashville.“Protecting classified information is paramount to our national security, and this sentencing reflects the ramifications when there is a breach of that trust,” Brig. Gen. Rhett R. Cox, the commanding general of the Army Counterintelligence Command, said in a statement on Wednesday. “This soldier’s actions put Army personnel at risk, placing individual gain above personal honor.”Mary Kathryn Harcombe, a federal public defender who represented Mr. Schultz, declined to comment on the sentence.Mr. Schultz, who was assigned to the 506th Infantry Battalion, was arrested in March 2024 at Fort Campbell in Kentucky.Prosecutors said that he had shared his Army unit’s operational order with the conspirator before the unit was deployed to Eastern Europe to support NATO operations. The conspirator contacted him shortly after he had received his top secret security clearance, they said.He also supplied the person with details on U.S. military exercises in South Korea and the Philippines, in addition to lessons learned by the U.S. Army from the Ukraine-Russia war that are applicable to Taiwan’s defense, the authorities said.Military officials said that Mr. Schultz had given his contact in China technical manuals for the HH-60 helicopter and the F-22A fighter aircraft, along with a tactical playbook on how to counter unmanned aerial systems in large-scale combat operations.According to the indictment, Mr. Schultz unsuccessfully tried to recruit another Army intelligence officer to help him obtain more sensitive documents for the conspirator, who reportedly lived in Hong Kong and worked for a geopolitical consulting firm overseas. More

    • 138 Shares149 Views

      in Elections

      Hegseth Said to Have Shared Attack Details in Second Signal Chat

      by

      The defense secretary sent sensitive information about strikes in Yemen to an encrypted group chat that included his wife and brother, people familiar with the matter said.Defense Secretary Pete Hegseth shared detailed information about forthcoming strikes in Yemen on March 15 in a private Signal group chat that included his wife, brother and personal lawyer, according to four people with knowledge of the chat.Some of those people said that the information Mr. Hegseth shared on the Signal chat included the flight schedules for the F/A-18 Hornets targeting the Houthis in Yemen — essentially the same attack plans that he shared on a separate Signal chat the same day that mistakenly included the editor of The Atlantic.Mr. Hegseth’s wife, Jennifer, a former Fox News producer, is not a Defense Department employee, but she has traveled with him overseas and drawn criticism for accompanying her husband to sensitive meetings with foreign leaders.Mr. Hegseth’s brother Phil and Tim Parlatore, who continues to serve as his personal lawyer, both have jobs in the Pentagon, but it is not clear why either would need to know about upcoming military strikes aimed at the Houthis in Yemen.The previously unreported existence of a second Signal chat in which Mr. Hegseth shared highly sensitive military information is the latest in a series of developments that have put his management and judgment under scrutiny.Unlike the chat in which The Atlantic was mistakenly included, the newly revealed one was created by Mr. Hegseth. It included his wife and about a dozen other people from his personal and professional inner circle in January, before his confirmation as defense secretary, and was named “Defense | Team Huddle,” the people familiar with the chat said. He used his private phone, rather than his government one, to access the Signal chat.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 150 Shares109 Views

      in Elections

      U.S. Adds Export Restrictions to More Chinese Tech Firms Over Security Concerns

      by

      The additions included companies that are customers of Intel and Nvidia, and one firm that was the focus of a New York Times investigation last year.The Trump administration on Tuesday added 80 companies and organizations to a list of companies that are barred from buying American technology and other exports because of national security concerns.The move, which targeted primarily Chinese firms, cracks down on companies that have been big buyers of American chips from Nvidia, Intel and AMD. It also closed loopholes that Trump administration officials have long criticized as allowing Chinese firms to continue to advance technologically despite U.S. restrictions.One company added to the list, Nettrix Information Industry, was the focus of a 2024 investigation by The New York Times that showed how some Chinese executives had bypassed U.S. restrictions aimed at cutting China off from advanced chips to make artificial intelligence.Nettrix, one of China’s largest makers of computer servers that are used to produce artificial intelligence, was started by a group of former executives from Sugon, a firm that provided advanced computing to the Chinese military and built a system the government used to surveil persecuted minorities in the western Xinjiang region.In 2019, the United States added Sugon to its “entity list,” restricting exports over national security concerns. The Times investigation found that, six months later, the executives formed Nettrix, using Sugon’s technology and inheriting some of its customers. Times reporters also found that Nettrix’s owners shared a complex in eastern China with Sugon and other related companies.After Sugon was singled out and restricted by the United States, its longtime partners — Nvidia, Intel and Microsoft — quickly formed ties with Nettrix, the investigation found.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares189 Views

      in Elections

      Top Social Security Official Leaves After Musk Team Seeks Data Access

      by

      The departure of the acting commissioner is the latest backlash to the Department of Government Efficiency’s efforts to access sensitive data.The top official at the Social Security Administration stepped down this weekend after members of Elon Musk’s so-called Department of Government Efficiency sought access to sensitive personal data about millions of Americans held by the agency, according to people familiar with the matter.The resignation of Michelle King, the acting commissioner, is the latest abrupt departure of a senior federal official who refused to provide Mr. Musk’s lieutenants with access to closely held data. Mr. Musk’s team has been embedding with agencies across the federal government and seeking access to private data as part of what it has said is an effort to root out fraud and waste.Social Security payments account for about $1.5 trillion, or a fifth, of annual federal spending in the United States. President Trump has pledged not to enact cuts to the program’s retirement benefits, but he has indicated that he is willing to look for ways to cut wasteful or improper spending from the retirement program that pays benefits to millions of Americans.An audit produced by the Social Security Administration’s inspector general last year found that from 2015 to 2022, the agency paid almost $8.6 trillion in benefits and made approximately $71.8 billion, or less than 1 percent, in improper payments that usually involved recipients getting too much money.Mr. Musk’s team at the Social Security Administration was seeking access to an internal data repository that contains extensive personal information about Americans, according two people familiar with the matter, who spoke on the condition of anonymity out of fear of retaliation. The agency’s systems contain financial data, employment information and addresses for anyone with a Social Security number.“S.S.A. has comprehensive medical records of people who have applied for disability benefits,” said Nancy Altman, president of Social Security Works, a group that promotes the expansion of Social Security. “It has our bank information, our earnings records, the names and ages of our children, and much more.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 150 Shares129 Views

      in Elections

      Vance, in First Foreign Speech, Tells Europe That U.S. Will Dominate A.I.

      by

      Speaking in Paris at an artificial intelligence summit, the vice president gave an America First vision of the technology — with the U.S. dominating the chips, the software and the rules.Vice President JD Vance told European and Asian leaders in Paris on Tuesday that the Trump Administration was adopting an aggressive, America First approach to the race to dominate all the building blocks of artificial intelligence, and warned Europeans to dismantle regulations and get aboard with Washington.On his first foreign trip since taking office, Mr. Vance used his opening address at an A.I. summit meeting hosted by France and India to describe his vision of a coming era of American technological domination. Europe, he said, would be forced to chose between using American-designed and manufactured technology or siding with authoritarian competitors — a not-very-veiled reference to China — who would exploit the technology to their detriment.“The Trump administration will ensure that the most powerful A.I. systems are built in the U.S. with American design and manufactured chips,” he said, quickly adding that “just because we are the leader doesn’t mean we want to or need to go it alone.”But he said that for Europe to become what he clearly envisions as a junior partner, it must eliminate much of its digital regulatory structure — and much of its policing of the internet for what its governments define as disinformation.For Mr. Vance, who is on a weeklong tour that will take him next to the Munich Security Conference, Europe’s premier meeting of leaders, foreign and defense ministers and others, the speech was clearly intended as a warning shot. It largely silenced the hall in a wing of the Grand Palais in the center of Paris. Leaders accustomed to talking about “guardrails” for emerging artificial intelligence applications and “equity” to assure the technology is available and comfortable for underserved populations heard none of those phrases from Mr. Vance.He spoke only hours after President Trump put new 25 percent tariffs on foreign steel, essentially negating trade agreements with Europe and other regions. Mr. Vance’s speech, precisely composed and delivered with emphasis, seemed an indicator of the tone Mr. Trump’s national security leaders plan to take to Europe this week.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares189 Views

      in Elections

      Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt

      by

      A federal judge’s order that Elon Musk’s team temporarily cease boring into the Treasury Department’s payment systems raises a far larger question: whether what Elon Musk has labeled the Department of Government Efficiency is creating a major cyber and national security vulnerability.The activities of Mr. Musk’s government cost-cutting effort, U.S. District Judge Paul A. Engelmayer said in his order on Saturday, risk “the disclosure of sensitive and confidential information” and render the Treasury’s systems “more vulnerable than before to hacking.”It is a risk that cybersecurity experts have been sounding alarms over in the past 10 days, as Mr. Musk’s band of young coders demanded access to the Treasury’s innermost systems. That access was ultimately granted by Scott Bessent, the newly confirmed Treasury secretary.But other than vague assurances that the new arrivals at the Treasury’s door had proper clearances, there was no description of how their work would be secured — and plenty of reason to believe that it would make it easier for Chinese and Russian intelligence services to target the Treasury’s systems.That was the central argument made by 19 attorneys general as they sought a temporary restraining order to get Mr. Musk’s workers out of the Treasury systems. And Judge Engelmayer endorsed it on Saturday, limiting access to existing Treasury officials until a hearing next week in front of a different federal judge.The government has maintained that Mr. Musk’s team has been limited to reviewing “read-only” data in the Treasury Department’s systems, though the administration is now placing appointees in positions where they could do much more.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 163 Shares159 Views

      in Elections

      Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says

      by

      Partial passwords for election machines that were accidentally leaked on the Colorado secretary of state’s website pose no threat to the system’s security, the secretary’s office said in a statement on Tuesday night.The passwords, which were exposed on a hidden tab in a spreadsheet online, were first revealed in a letter by Hope Scheppelman, the vice chair of the Colorado Republican Party. The passwords became visible when a user downloaded a voting systems inventory spreadsheet and clicked “unhide.”According to an affidavit that accompanied Ms. Scheppelman’s letter, the passwords had been exposed since at least August.But while the breach of password data is likely to erode confidence and invite disinformation in Colorado, there are multiple layers of security to protect the integrity of election machines in the state.Election machines are not connected to the internet, and they are required to be kept in secure rooms that require ID badges for entry. They also have “24/7 video camera recording on all election equipment,” according to the secretary of state’s office.Even if a person were to somehow gain access to a machine, the passwords revealed would not be sufficient.“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties,” Jack Todd, a spokesman for the Colorado secretary of state, Jena Griswold, said in a statement. “Passwords can only be used with physical in-person access to a voting system.”The statement also said the exposure would not affect how ballots are counted.The department contacted the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security, whose officials told the office that they would monitor the situation.A representative for the Department of Homeland Security did not respond to a request for comment on Tuesday night.Chris Krebs, the former director of the security agency, said the breach of passwords “highlights the critical importance of the various compensating controls in place that protect our nation’s election systems.”“While this is an extremely unfortunate leak that may serve to undermine confidence in some circles and feed into conspiracy theories in others, it nonetheless has negligible if any technical impact on Colorado’s systems,” Mr. Krebs added.The breach of password data resonates in Colorado, a state where Tina Peters, an election official from Mesa County, concocted a brazen and bizarre breach of election machines after the 2020 election.She was recently sentenced to nine years in federal prison for her scheme. More