Similar Posts
SEATTLE – Starbucks said the aftermath of a ransomware attack on a software supplier has been affecting its ability to pay baristas and manage their schedules, the company’s spokesperson said on Nov 25.
The coffee giant said that an outage at a third-party vendor has disrupted a back-end Starbucks process that enables employee scheduling and time tracking.
The outage is not impacting its customer service, and the company was working to ensure its employees were fully paid for their hours worked with limited disruption or discrepancy, according to a Starbucks’ spokesperson.
UK-based Blue Yonder, which provides supply chain software to Starbucks and other retailers, according to the Wall Street Journal, said on Thursday that it has experienced disruptions due to a ransomware attack and it is working to fix the issue. REUTERS
An Iranian hacking group is actively scouting U.S. election-related websites and American media outlets as Election Day nears, with activity suggesting preparations for more “direct influence operations,” according to a Microsoft blog published on Wednesday.
The hackers – dubbed Cotton Sandstorm by Microsoft and linked to Iran’s Islamic Revolutionary Guard Corps – performed reconnaissance and limited probing of multiple “election-related websites” in several unnamed battleground states, the report said. In May, they also scanned an unidentified U.S. news outlet to understand its vulnerabilities.
U.S. Vice President Kamala Harris, the Democratic candidate, faces Republican rival Donald Trump in the Nov. 5 presidential election, which polls suggest is an extremely tight race.
“Cotton Sandstorm will increase its activity as the election nears given the group’s operational tempo and history of election interference,” researchers wrote. The development is particularly concerning because of the group’s past efforts, they said.
A spokesperson for Iran’s mission to the United Nations said that “such allegations are fundamentally unfounded, and wholly inadmissible.”
“Iran neither has any motive nor intent to interfere in the U.S. election,” the spokesperson said.
In 2020, Cotton Sandstorm launched a different cyber-enabled influence operation shortly before the last presidential election, according to U.S. officials. Posing as the right-wing “Proud Boys,” the hackers sent thousands of emails to Florida residents, threatening them to “vote for Trump or else!”
The group also released a video on social media, purporting to come from activist hackers, where they showed them probing an election system. While that operation never affected individual voting systems, the goal was to cause chaos, confusion and doubt, senior U.S. officials said at the time.
Following the 2020 election, Cotton Sandstorm also ran a separate operation that encouraged violence against U.S. election officials who had denied claims of widespread voter fraud, Microsoft said.
The Office of the Director of National Intelligence, which is coordinating the U.S. federal effort to protect the election from foreign influence, referred Reuters to a past statement that said: “Foreign actors — particularly Russia, Iran, and China — remain intent on fanning divisive narratives to divide Americans and undermine Americans’ confidence in the U.S. democratic system.” REUTERS
Australia’s ban on children under 16 using social media has sparked global conversations about online safety and youth development (Australia’s world-first social media ban for kids under 16 attracts mixed reaction, Nov 29).
While the intentions behind this policy – protecting children from cyber bullying, exploitation and harmful content – are commendable, it raises critical questions about balance, enforcement and unintended consequences.
As a 14-year-old teenager who does not use social media, I can see both sides of the argument.
On the one hand, platforms like Instagram, TikTok and Discord can be overwhelming, exposing young users to unhealthy comparisons, misinformation and even predatory behaviour.
Many parents and educators worry about the long-term effects of excessive screen time, often spent on social media platforms, on mental health and academic performance.
On the other hand, outright bans overlook the positive aspects of social media. For many teens, these platforms are a lifeline for creative expression, activism and staying connected, especially in an increasingly digital world.
Moreover, enforcing such a law could be challenging, as children are often tech-savvy enough to find workarounds.
Rather than outright bans, a better solution might involve empowering young users through digital literacy education. Teaching children how to navigate online spaces safely, recognise misinformation and manage screen time could address the root problems without cutting children off from valuable opportunities.
Singapore can learn from Australia’s debate as we navigate our own challenges with digitalisation. Instead of waiting for government intervention, schools, families and tech companies should work together to create a safer online environment while respecting the voice and agency of young people.
The internet isn’t going anywhere, and neither are we. Let us try to work together to ensure we can use it wisely.
Avishi Gurnani, 14
Secondary 2
MARYLAND – The director of the US National Security Agency on Nov 20 urged the private sector to take swift, collective action to share key details about breaches they have suffered at the hands of Chinese hackers who have infiltrated US telecommunications.
General Timothy Haugh, a four-star Air Force general who leads the NSA and Cyber Command, told Bloomberg News at the National Security Innovation Forum in Washington that public disclosure would help find and oust the hackers, as the US continues to try to understand a new spate of damaging mass breaches.
In calling for more disclosure, General Haugh didn’t identity specific companies.
General Haugh said he wants to provide a public “hunt guide” so cybersecurity professionals and companies can search out the hackers and eradicate them from telecommunications networks.
“The ultimate goal would be to be able to lay bare exactly what happened in ways that allow us to better posture as a nation and for our allies to be better postured,” he said, adding the US is reliant on industry to share insights into what happened on their own networks.
US authorities have confirmed Chinese hackers have infiltrated US telecommunications in what Senator Richard Blumenthal, a Connecticut Democrat, this week described as a “sprawling and catastrophic” infiltration. AT&T Inc, Verizon Communications Inc and T-Mobile are among those targeted.
Through those intrusions, the hackers targeted communications of a “limited number” of people in politics and government, US officials have said.
They include Vice-President Kamala Harris’ staff, president-elect Donald Trump and vice-president-elect JD Vance, as well as staffers for Senate Majority Leader Chuck Schumer, according to Missouri Republican Senator Josh Hawley.
Representatives of the Chinese government have denied the allegations.
China is “doing this on a scale en masse and as a national effort,” General Haugh said.
The US experience and response is more disjointed, given the limited reach of different law enforcement agencies and the dependence on information from the private sector. There are multiple investigations underway associated with the telecommunications breaches, he said.
“Everybody is in a slightly different place as it relates to Salt Typhoon,” General Haugh said, referring to Microsoft Corporation’s name for the group believed to be behind the telecommunications breaches.
Two cybersecurity experts who requested anonymity to speak freely have privately complained about the lack of information shared that could otherwise help them and others understand, find and tackle the hacks.
Detailed public disclosures would mean that even if some companies haven’t seen the intrusions yet, “they can begin to put countermeasures in place,” General Haugh said. It would also help other nations uncover and root it out too, General Haugh said.
“It’s going to take collective work,” he said, adding the “speed” with which everyone collaborates is a key step. BLOOMBERG
An Iranian hacking group is actively scouting U.S. election-related websites and American media outlets as election day nears, according to a new Microsoft blog published on Wednesday. Researchers say the activity suggests “preparations for more direct influence operations.”
The hackers – dubbed Cotton Sandstorm by Microsoft and linked to Iran’s Islamic Revolutionary Guard Corps – performed reconnaissance and limited probing of multiple “election-related websites” in several unnamed swing states, the report notes. In May, they also scanned an unidentified U.S. news outlet to understand its vulnerabilities.
“Cotton Sandstorm will increase its activity as the election nears given the group’s operational tempo and history of election interference,” researchers wrote. The development is particularly concerning because of the group’s past efforts.
Iran’s mission to the United Nations did not immediately respond to a request for comment. In recent past comments, they denied any involvement in 2024 election-related hacking activity.
In 2020, Cotton Sandstorm launched a different cyber-enabled influence operation shortly before the last presidential election. Posing as the right-wing “Proud Boys,” the hackers sent thousands of emails to Florida residents, threatening them to “vote for Trump or else!”.
The group also released a video on social media, purporting to come from hacktivists, where they showed them probing an election system. While that operation never affected individual voting systems, the goal was to cause chaos, confusion and doubt, senior U.S. officials said at the time.
Following the 2020 election, Cotton Sandstorm also ran a separate operation that encouraged violence against U.S. election officials who had denied claims of widespread voter fraud, Microsoft said.
The Office of the Director of National Intelligence, which is coordinating the federal effort to defend the election from foreign influence, did not immediately respond to a request for comment. REUTERS
WASHINGTON – Russian hackers are going after US government officials, defence workers and others in a new email phishing campaign targeting thousands of people, according to Microsoft Corp.
The hackers have sent “a series of highly targeted spearphishing emails” to thousands of people in more than 100 organisations since Oct 22, according to a blog post from Microsoft Threat Intelligence published on Oct 29.
The latest campaign will add to mounting concerns over US failures to outwit suspected Russian and Chinese hackers.
The FBI said on Oct 25 it is investigating unauthorised access by Chinese state-affiliated hackers targeting the commercial telecommunications sector.
In some of the emails that were part of the latest campaign, the senders impersonated Microsoft employees, according to the blog.
Spearphishing involves sending tailored emails to individuals, including links to malicious websites that can then steal information.
It wasn’t immediately clear how many of the attacks, if any, were successful.
Microsoft has said the attacks are perpetrated by a sophisticated Russian nation-state group it calls Midnight Blizzard, which US and UK governments have connected to the SVR, the Russian foreign intelligence service.
The company said in January that the group attacked its corporate systems, getting into a “small number” of email accounts, including senior leadership and employees who work in cybersecurity and legal.
In April, US federal agencies were ordered to analyse emails, reset compromised credentials and work to secure Microsoft accounts.
At the time, the Cybersecurity and Infrastructure Security Agency (Cisa) said the incident represented a “grave and unacceptable risk” to agencies, according to the April directive.
Cisa and US State Department didn’t immediately respond to requests for comment.
The Russian Embassy in Washington didn’t immediately respond to a request for comment. BLOOMBERG