Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.

The European Commission (EC) and Council of the EU announced on Feb. 23 that its employees would no longer have permission to use the popular social media app TikTok, a video hosting service owned by Chinese company ByteDance.

The EC executive body based its decision, which affects thousands of employees and contract workers, on "cybersecurity threats and actions" which could be exploited for use in cyberattacks.

"The security developments of other social media platforms will also be kept under constant review," a statement from the EC explained.

According to EU information, employees must delete TikTok from any private devices they use for work by March 15 at the latest. The app must also to be removed from private devices that use EU applications.

The announcement is coupled with a notice that important applications, including the EC's email program or Skype, would be blocked on company cellphones if TikTok is not immediately removed.

The EC declined to provide a more specific reason for demanding the removal of the app beyond what it called a "careful analysis" of the cybersecurity and data risks TikTok poses.

In a statement, TikTok's parent company ByteDance called the action "misguided" and "based on fundamental misconceptions."

"We have contacted the Commission to set the record straight and explain how we protect the data of the 125 million people across the EU who come to TikTok every month," a company statement obtained by Politico read.

There is some on-the-record justification for the ban: In early November, TikTok acknowledged that certain employees based in China had access to user data from the app's European users.

To alleviate concerns over user data security, the company recently announced its plans to explore storing the information of European users in three data centers located in Europe.

**More Comprehensive Data Security Approach Needed**

“We've recently seen steps taken by the government in the US, at both the state and federal level, to ban TikTok from state-owned devices, so it's no surprise to see the EU do so as well," notes Matt Marsden, Tanium's vice president of technical account management.

Marsden explains Chinese intelligence tactics are focused on longer-term objectives and are fueled by the sustained collection of data.

"The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations," he says.

This data can also be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. Thus, a "more comprehensive" approach needs to be taken to protect citizens from social media campaigns designed to further foreign political objectives.

"This \[influence effort\] has been observed during election cycles and politically charged events in recent years," Marsden says.

"These national bans are part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life," adds Chris Vaughan, associate vice president for Technical Account Management in EMEA for Tanium, via email. "We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted and Chinese computer chips being rejected. There have been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation.”

**Banning Apps Doesn't Solve Data Privacy Issues**

The moves follow proposed or already enacted bans on the popular social media app in the United States, where government representatives at the state and federal levels have expressed concerns that the app could harvest sensitive data from devices and make it available to the Chinese government.

In December, Texas and Maryland joined three other states in prohibiting accessing TikTok from state-owned devices.

TikTok CEO Shou Zi Chew is also expected to testify in front of Congress in March to address security concerns.

While the debate over social media bans on apps including TikTok continues to percolate, IT security experts have cautioned that in order for bans to be effective, they must be enforced through a comprehensive device visibility and governance strategy.

Banning apps is also not a panacea for more widespread data privacy concerns, others argue, many of which stem from a cultural problem in which consumers willingly hand over vast amounts of information about themselves.

TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount

CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.

The message is simple, but important: Cover the basics.

In its recently released cybersecurity performance goals, the Cybersecurity and Infrastructure Security Agency (CISA) stressed the importance of taking steps to maintain computer system health and improve online security. The goals are important reminders of risk in the sectors the agency defines as critical infrastructure, because cyberattacks can disrupt and even shut down services that impact daily life. This occurred in the energy sector when Colonial Pipeline was attacked, and in the utility sector with an attack on a dam in New York.

The agency's goals, designed to supplement the NIST Cybersecurity Framework, establish a common set of fundamental cybersecurity practices that lower risk and thwart the impact of cyberattacks on critical infrastructure organizations. For example, there must be an acceptable level of security for customers' accounts so that unsuccessful logins are detected, future attempts are prevented, and suspicious activity is reported.

Another goal, device security, advocates an approval process before new hardware or software can be installed on a system; it also advises managing the inventory of system assets so administrators can detect and respond to vulnerabilities. Related to device security is the data security goal, which stresses the importance of collecting log data and securing sensitive information with encryption.

**Individual Users Represent the Greatest Vulnerability**

While these basic best practices are familiar to all practitioners in the cybersecurity industry, CISA elevated them because it recognizes that individual users represent the greatest vulnerability to networks. One lapse in cyber hygiene can have a lasting impact and cripple citizen services. Even though cyber threats are invisible, they can noticeably disrupt the food supply, water systems, healthcare, and financial systems with long-term consequences. CISA's promotion of the guidelines shows the need for continuous awareness of the threats in cyberspace, and the importance of avoiding the complacency that can lead to an operational shutdown.

Attackers employ social engineering scams to manipulate individual users into clicking suspicious links, as happened with the Operation Sharpshooter attack that infected 87 critical infrastructure organizations. Through these infected devices, hackers could have gained access to Internet-enabled industrial control systems (ICS) at manufacturing facilities or wastewater treatment plants, causing further disruption. Unlike home or enterprise networks in which restoring the network will usually put you back in operation, an interruption of a wastewater treatment plant may involve days or weeks of work to clean filters and incrementally bring operational functions back online.

In addition to the disruption to operations, there is the financial cost that bears consideration: In 2022, 28% of critical infrastructure organizations experienced a destructive or ransomware attack, costing an average of $4.82 million per incident.

CISA recognizes the state of ICS vulnerabilities, and it has performance goals for protecting those systems, too. Because many critical infrastructure facilities are privately owned, government and industry are working together to coordinate improvements in the security posture, and CISA has a leading role. ICS represents a particular challenge due to the complexity and age of many ICS systems and the underlying operational technology, however, it underscores the importance of overall cybersecurity with four reasons to embrace its guidelines:

*   Many organizations have not adopted fundamental security protections
*   Small and medium-sized organizations are left behind
*   Lack of consistent standards and cyber maturity across critical infrastructure sectors
*   Cybersecurity often remains overlooked and under resourced

As the Internet of Things (IoT) connects more devices, the attack surface of critical infrastructure will increase, likely raising the cost of successful attacks. In health care, which CISA considers critical infrastructure, Internet-enabled equipment poses a risk. If a hospital's systems are well protected, but a supplier didn't secure the code in its dialysis or magnetic resonance imaging machines, the hospital becomes vulnerable.

Implementing CISA's new cybersecurity goals takes a dedicated investment, business process improvement, and regular audit to improve cyber defenses. As attacks on hardware, software, and data become more sophisticated, so too must the defenses with continuous modernization of cyber technology. It requires collaboration between CISA and infrastructure providers that will benefit from the agency's mission of promoting cybersecurity awareness, defending against threats, and striving for a more secure and resilient infrastructure. CISA's emphasis on foundational steps to take for cybersecurity are foundational. It may seem like a step backward, but it's actually a consequential leap forward.

To Safeguard Critical Infrastructure, Go Back to Basics

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

At the recent CloudNativeSecurityCon in Seattle, 800 DevSecOps practitioners gathered to address a myriad of software supply chain security issues, including the security of container images and the impact of zero trust on the software supply chain.

As of last year, there were 7.1 million cloud-native developers, 51% more than the 4.7 million 12 months earlier, Cloud Native Computing Foundation executive director Priyanka Sharma said in the opening keynote. "Everyone is becoming a cloud-native developer," Sharma said.

However, this rapid shift to cloud-native development can be a source of concern, since the rapid release cycles may lead to organizations not following secure lifecycle development (SDLC) practices, Sharma warned. Snyk's 2022 State of Cloud Security report found that 77% of organizations acknowledged that they have poor training and lack effective collaboration among developers and security teams.

"There are siloed teams often working in separate countries, time zones, using different tools, policy frameworks," Sharma said. "In the cloud-native environment, we are interacting with so many other entities. Throw in a lack of security policy, and there's the recipe for your security breach."

The lack of security policies is fueling an increase in vulnerabilities due to misconfigurations. An alarming 87% of container images running in production have critical or high-severity vulnerabilities, up from 75% a year ago, according to the Sysdig 2023 Cloud-Native Security and Usage Report. Yet only 15% of those unpatched critical and high vulnerabilities are in packages that are in use at runtime where a patch is available.

Sysdig's findings are based on telemetry gathered from thousands of its customers' cloud accounts, amounting to billions of containers. The high percentage of critical or high-severity vulnerabilities in containers is the outgrowth of the rush by organizations to deploy modern cloud applications. The push has created an influx of software developers moving to the more agile continuous integration continuous development (CI/CD) programming model.

Sysdig's report recommended filtering to isolate only the critical and highly vulnerable packages in use in order to focus on packages that present the most risk. Further, only 2% of the vulnerabilities are exploitable. "By looking at what has in use exposure, that is what is actually in use at runtime, and having the fix available will help teams prioritize," Sysdig threat researcher Crystal Morin wrote in the report.

**5 Elements of Zero Trust Implementation**

Sharma pointed to last year's Cost of a Data Breach report from IBM and Ponemon Institute, which showed that 79% of organizations have not moved to a zero-trust environment. "That is really not good," Sharma said. "Because almost 20% of breaches are occurring because of a compromise at a business partner. And keep in mind that almost half the breaches that occur are cloud-based."

A key barrier to instituting zero trust is environments where permissions are not under control. According to the Sysdig report, 90% of permissions granted are not used, creating an easy path for stealing credentials. According to the report, "teams need to enforce least privilege access, and that requires an understanding of which permissions are actually in use."

Zack Butcher, founding engineer at Tetrate and an early engineer on Google's service mesh project Istio, said creating a zero-trust environment isn't that complicated. "Zero trust itself isn't a mystery," Butcher told attendees. "There's a lot of FUD \[fear, uncertainty, and doubt\] around what zero trust is. It's fundamentally two things: people process and runtime controls that answer and mitigate the question, 'what if the attacker is already inside that network?'"

Butcher identified five policy checks that would make up a zero-trust system:

1.  Encryption in transit to ensure messages can't be eavesdropped
2.  Service level identity to enable authentication at runtime, ideally a cryptographic identity
3.  The ability to use those identities to be able to perform runtime service-service authorization to control which workloads can talk to each other
4.  Authenticating the end user in session
5.  A model that authorizes the actions users are taking on resources in the system

Butcher noted that while these are not new, there is now an effort to create an identity-based segmentation standard with the National Institute of Standards and Technology (NIST). "If you look at things like API gateways and ingress gateways, we do these checks usually," he said. "But we need to be doing them, not just at the front door, but every single hop in our infrastructure. Every single time anything is communicating, we need to be applying, at minimum, these five checks."

**NIST Standard Coming Up**

During a breakout session, Butcher and NIST computer scientist Ramaswamy "Mouli" Chandramouli explained the five controls and how they fit into a zero-trust architecture. Tools such as a service mesh can help implement many of those controls, Butcher said.

The presentation is an outline for a proposal that will be presented as NIST SP 800-207A: A Zero Trust Architecture (ZTA) Model for Access Control in Cloud Native Applications in Multi-Location Environments. "We expect to have this out for initial public review sometime in June," Butcher said.

Butcher said supply chain security is a critical component of a zero-trust architecture. "If we can't inventory and attest what's running in our infrastructure, we leave a gap for attackers to exploit," he said. "Zero trust as a philosophy is all about mitigating what an attacker can do if they are in the network. The goal is bounding their attack in space and time, and controlling the applications that execute in that infrastructure is a key element of bounding the space an attacker has to work with."

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

"Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.

On Feb. 22, the education news site The 74 Million revealed that the hacking group Vice Society had posted hundreds, if not thousands, of psychological evaluations of special education students in the Los Angeles Unified School District (LAUSD).

The leaked information reportedly includes personal information like names, diagnoses, family immigration status, and allegations of physical and sexual abuse.

Since The 74's story, the official @LASchools Twitter account has sent messages about Dream Act applications, Anti-Bullying Day, and Eva Longoria. The account of LAUSD Superintendent Alberto Carvalho has tweeted about school building improvements, Narcan, and a new Portuguese language center. The LAUSD website has not posted updates on the breach, first reported over Labor Day weekend in 2022, since Sept. 30.

Subsequent news stories refer to a written statement from IT infrastructure senior administrator Jack Kelanic, which was distributed upon individual request and not posted to the district site or Twitter. About Kelanic's statement, the Los Angeles Daily Mail wrote, "The 500 psychological evaluation forms analyzed by The 74 were primarily from former students born in the late 1980s and 1990s. Kelanic also said that 60 of the leaked student assessments were those of current students."

When a hospital system lets that kind of information go public, it faces fines and other repercussions under HIPAA. However, when a school leaks it, the breach is covered by the Family Educational Rights and Privacy Act (FERPA), meaning the responsibility to file complaints lies with individual parents.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Student Medical Records Exposed After LAUSD Breach

The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.

People using pirated versions of Apple's Final Cut Pro video editing software may have gotten more than they bargained for when they downloaded the software from the many illicit torrents through which it is available.

For the past several months at least, an unknown threat actor has used a pirated version of the macOS software to deliver the XMRig cryptocurrency mining tool on systems belonging to people who downloaded the app.

Researchers from Jamf who recently spotted the operation have been unable to determine how many users might have installed the weaponized software on their system and currently have XMRig running on them, but the level of sharing of the software suggests it could be hundreds.

**Potentially Wide Impact for XMRig**

Jaron Bradley, macOS detections expert at Jamf, says his company spotted over 400 seeders — or users who have the complete app — making it available via torrent to those who want it. The security vendor found that the individual who originally uploaded the weaponized version of Final Cut Pro for torrent sharing is someone with a multiyear track record of uploading pirated macOS software with the same cryptominer. Software in which the threat actor had previously sneaked the malware into includes pirated macOS versions of Logic Pro and Adobe Photoshop.

"Given the relatively high number of seeders and \[the fact\] that the malware author has been motivated enough to continuously update and upload the malware over the course of three and a half years, we suspect it has a fairly wide reach," Bradley says.

Jamf described the poisoned Final Cut Pro sample that it discovered as a new and improved version of previous samples of the malware, with obfuscation features that have made it almost invisible to malware scanners on VirusTotal. One key attribute of the malware is its use of the Invisible Internet Project (i2p) protocol for communication. I2p is a private network layer that offers users similar kind of anonymity as that offered by The Onion Router (Tor) network. All i2p traffic exists inside the network, meaning it does not touch the Internet directly.

"The malware author never reaches out to a website located anywhere except within the i2p network," Bradley says. "All attacker tooling is downloaded over the anonymous i2p network and mined currency is sent to the attackers' wallet over i2p as well."

With the pirated version of Final Cut Pro that Jamf discovered, the threat actor had modified the main binary so when a user double clicks the application bundle the main executable is a malware dropper. The dropper is responsible for carrying out all further malicious activity on the system including launching the cryptominer in the background and then displaying the pirated application to the user, Bradley says.

**Continuous Malware Evolution**

As noted, one of the most notable differences between the latest version of the malware and previous versions is its increased stealth — but this has been a pattern. 

The earliest version — bundled into pirated macOS software back in 2019 — was the least stealthy and mined cryptocurrency all the time whether the user was at the computer or not. This made it easy to spot. A later iteration of the malware got sneakier; it would only start mining cryptocurrency when the user opened a pirated software program. 

"This made it harder for users to detect the malware's activity, but it would keep mining until the user logged out or restarted the computer. Additionally, the authors started using a technique called base 64 encoding to hide suspicious strings of code associated with the malware, making it harder for antivirus programs to detect," Bradley says.

He tells Dark Reading that with the latest version, the malware changes the process name to look identical to system processes. "This makes it difficult for the user to distinguish the malware processes from native ones when viewing a process listing using a command-line tool.

One feature that has remained consistent through the different versions of the malware is its constant monitoring of the "Activity Monitor" application. Users can often open the app to troubleshoot problems with their computers and in doing so could end up detecting the malware. So, "once the malware detects that the user has opened the Activity Monitor, it immediately stops all its processes to avoid detection."

Instance of threat actors bundling malware into pirated macOS apps have been rare and far between. In fact, one of the last well-known instances of such an operation was in July 2020, when researchers at Malwarebytes discovered a pirated version of application firewall Little Snitch that contained a downloader for a macOS ransomware variant.

Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery

**ARLINGTON, VA, USA, February 23, 2023 --** Today, AUVSI announced the launch of Green UAS, a new program to expand the number of commercial Uncrewed Aircraft Systems (UAS) that have been verified to meet the highest levels of cybersecurity and National Defense Authorization Act (NDAA) supply chain requirements. Green UAS mirrors the Defense Innovation Unit (DIU)’s Blue UAS certification program but is designed for customers who do not immediately require Department of Defense (DoD) authority to operate. Green UAS also offers a ​more streamlined ​pathway to the Blue UAS 2.0 cleared list. Green UAS is the next evolution of drone security certification for customers who are increasingly relying on commercial, off-the-shelf drones to conduct diverse operations. These users include federal government agencies, local law enforcement, first responders, and state departments of transportation; and industrial enterprise users such as energy and utilities, telecoms, manufacturing, food and agriculture, and logistics and mapping/surveying companies. DIU’s Blue UAS has successfully created a pathway for the DoD to purchase compliant commercial drone technology that meets the requirements Congress set forth in the 2020 NDAA; however, the program ​does not have the funding or mandate to ​scale to meet growing demand for non-DoD customers in government, civil and commercial sectors. “​Strengthening the​ domestic drone industry ​is critical in providing options for Government agencies to get the trusted UAS they need to meet their mission​— and industry organizations are well-suited to ​help the Government ​meet the need for a rapid, scalable solution,” said David Michelson, DIU Program Manager for Blue UAS. “We look forward to reviewing AUVSI’s certifications when drone companies that are Green UAS certified ​have a DoD sponsor that wants them​ to ​​​​convert ​to ​Blue UAS certification.”   
Green UAS is the first product of AUVSI’s broader Trusted Cyber Program, which AUVSI launched in August 2022 with collaboration from Fortress Information Security, a leading cybersecurity firm with experience in industry-led cyber standards development. AUVSI will work with a network of cybersecurity firms to rapidly vet drones that are seeking Green UAS certification. Elements that will be assessed include product and device security, corporate cyber hygiene, and for drones that are not seeking to go from Green to Blue, remote operations and connectivity.   
This launch also builds on the collaboration AUVSI announced with DIU in September 2022 to further commercial cyber methodologies to build a shared requirement. AUVSI’s unique position with commercial drone vendors and close coordination with DIU gives its Trusted Cyber Program the unique ability to meet growing demand for vetted drones and to standardize cybersecurity requirements.   
“AUVSI’s Green UAS is a solution to existing cybersecurity and supply chain verification challenges and will serve the UAS community, end-users, and federal partners,” said Michael Robbins, Chief Advocacy Officer at AUVSI. “This falls squarely in line with our mission to help drive a safe and secure UAS market demand and provide a more competitive marketplace for all.”   
Learn more at https://www.auvsi.org/green-uas. 

**About AUVSI**

The Association for Uncrewed Vehicle Systems International (AUVSI) — the world's largest non-profit organization dedicated to the advancement of uncrewed systems, autonomy and robotics — represents corporations and professionals from more than 60 countries involved in industry, government and academia. AUVSI members work in the defense, civil and commercial markets. For more information, visit AUVSI.org.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones

A federal grand jury in the District of Oregon returned an indictment today charging four founders of Forsage, a purportedly decentralized finance (DeFi) cryptocurrency investment platform, for their roles in a global Ponzi and pyramid scheme that raised approximately $340 million from victim-investors.

According to court documents, Vladimir Okhotnikov, aka Lado; Olena Oblamska, aka Lola Ferrari; Mikhail Sergeev, aka Mike Mooney, aka Gleb, aka Gleb Million; and Sergey Maslakov, all Russian nationals, allegedly touted Forsage as a decentralized matrix project based on network marketing and “smart contracts,” which are self-executing contracts on the blockchain. As alleged in the indictment, the defendants aggressively promoted Forsage to the public through social media as a legitimate and lucrative business opportunity, but in reality, the defendants operated Forsage as a Ponzi and pyramid investment scheme that took in approximately $340 million from victim-investors around the world.

“Together with our partners, the department is committed to holding accountable fraudsters who cheat investors, including in the emerging DeFi space,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “Today’s indictment showcases the department’s ability to use all available investigative tools, including blockchain analysis, to uncover sophisticated frauds involving cryptocurrency and digital assets.”

According to court documents, the defendants allegedly coded and deployed smart contracts that systematized their combined Ponzi-pyramid scheme on the Ethereum (ETH), Binance Smart Chain, and Tron blockchains. Analysis of the computer code underlying Forsage’s smart contracts allegedly revealed that, consistent with a Ponzi scheme, as soon as an investor invested in Forsage by purchasing a “slot” in a Forsage smart contract, the smart contract automatically diverted the investor’s funds to other Forsage investors, such that earlier investors were paid with funds from later investors.

“Today’s indictment is the result of a rigorous investigation that spent months piecing together the systematic theft of hundreds of millions of dollars,” said U.S. Attorney Natalie Wight for the District of Oregon. “Bringing charges against foreign actors who used new technology to commit fraud in an emerging financial market is a complicated endeavor only possible with the full and complete coordination of multiple law enforcement agencies. It is a privilege to work alongside the agents involved in these complex cases.”

As further alleged in the indictment, the defendants falsely promoted Forsage to the public as a legitimate, low-risk, and lucrative investment opportunity through Forsage’s website and various social-media platforms. However, blockchain analytics confirmed that over 80% of Forsage investors received fewer ETH back than they had invested in Forsage’s Ethereum program, with over 50% of investors never receiving a single payout. Additionally, according to court documents, the defendants coded at least one of Forsage’s accounts (known as the “xGold” smart contract on the Ethereum blockchain) in a way that fraudulently siphoned investors’ funds out of the Forsage investment network and into cryptocurrency accounts under the founders’ control, which was contrary to representations made to Forsage investors that “100% of the \[Forsage\] income goes directly and transparently to the members of the project with zero risk.”

“While advancements in the virtual asset ecosystem bring new opportunities to investors, criminals are also finding new ways to orchestrate illicit schemes,” said Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division. “The FBI remains committed to working alongside our domestic and international law enforcement partners to investigate and pursue subjects who orchestrate these scams and attempt to defraud investors.”

“Technology is always changing and scams and swindles evolve alongside it,” said Inspector in Charge Eric Shen of the U.S. Postal Inspection Service (USPIS), Criminal Investigations Group. “The U.S. Postal Inspection Service is committed to investigating those who engage in schemes involving cryptocurrency investment fraud, which can cause significant financial harm to unsuspecting victims. We urge individuals to be cautious when considering investments and to always do their due diligence before providing money or personal information to any individual or organization.”

“These individuals are alleged to have used trendy technology and opaque language to swindle investors out of their hard-earned cash,” said Special Agent in Charge Ivan J. Arvelo of Homeland Security Investigations (HSI) New York. “But, as the indictment alleges, all they were doing was running a classic Ponzi scheme. The technology may change, but the scams remain the same and with the collaboration amongst all our partners, we’re able to see through the phony promises and bring the schemes to light. HSI is committed to being at the forefront of financial investigations, using the full extent of our investigative capabilities to track down criminals no matter what new tricks they use.”

Okhotnikov, Oblamska, Sergeev, and Maslakov are each charged with conspiracy to commit wire fraud. If convicted, the defendants face a maximum penalty of 20 years in prison.

The FBI Portland Field Office, USPIS, and HSI New York’s El Dorado Task Force are investigating the case.

Trial Attorneys Sara Hallmark and Tian Huang of the Criminal Division’s Fraud Section and Assistant U.S. Attorneys Quinn Harrington and Meredith Bateman for the District of Oregon are prosecuting the case.

All investor victims of the Forsage scheme are encouraged to visit the webpage www.justice.gov/criminal-vns/case/united-states-v-vladimir-okhotnikov-et-al to identify themselves as potential victims and obtain more information on their rights as victims, including the ability to submit a victim impact statement.

_An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law._

Forsage Founders Indicted in $340M DeFi Crypto Scheme

The produce company said it suffered a ransomware attack earlier this month.

Dole Food Company earlier this month temporarily shut down its North American production plants and shipments to grocery stores in the wake of a ransomware attack.

"Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole's internal teams to remediate the issue and secure systems," the company said in a press statement.

Dole, which confirmed it is also working with law enforcement on the case, said the ransomware attack had "limited" affect on its operations.

Even so, CNN — which first broke the news of the attack — reported that some grocery shelves were left empty of Dole salad kits for a few days due to shipment issues tied to the cyberattack.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cyberattack on Dole Causes Temporary Salad Shortage

Diverse ecosystem of global technology, finance, and university leaders join as first OpenWallet Foundation Members, many more expected.

**BRUSSELS and SAN FRANCISCO, February 23,  2023 --** Linux Foundation Europe, an independent trusted supporter and vendor-neutral home for open source projects in Europe, today announced the official formation of the OpenWallet Foundation (OWF). This new, collaborative effort will develop open source software to support interoperability for a wide range of wallet use cases, including making payments, proving identity, storing validated credentials such as employment, education, financial standing, and entitlements — to enable trust in the digital future. 

Inaugural Premier members sponsoring the OWF include Accenture, Gen, Futurewei and Visa. General members sponsoring the foundation include American Express, Deutsche Telekom / T-Systems, esatus AG, Fynbos, Hopae, IAMX, IDnow, IndyKite, Intesi Group, Ping Identity, SmartMedia Technologies (SMT), Spruce and Swisscom. 

Additionally, 20 leading nonprofits and academic and government entities have joined the foundation, including Customer Commons, Decentralized Identity Foundation (DIF), Digital Identification and Authentication Council of Canada (DIACC), Digital Dollar Project, Digital Identity New Zealand (DINZ), Digital Identity and Data Sovereignty Association (DIDAS), DizmeID Foundation (DIZME), Hyperledger Foundation, Information Technologies ics and Telematics Institute / Centre for Research and Technology Hellas (CERTH/ITI), Johannes Kepler University Linz, ID2020, IDunion SCE, Mifos Initiative, MIT Connection Science, Modular Open Source Identity Platform (MOSIP), OpenID Foundation, Open Identity Exchange (OIX), Secure Identity Alliance (SIA), Universitat Rovira i Virgili, and the Trust Over IP Foundation (ToIP).

The OWF will not publish a wallet itself, nor offer credentials or create new standards. Instead, its open source software engine aims to become the core that other organizations and companies leverage to develop their own digital wallets. The wallets will seek feature parity with the best available wallets and interoperability with major cross-border projects such as the EU’s Digital Identity Wallet.

"Wallets are critical infrastructure for payments, for identity, and for secure access. Open source  — driven by collaboration among for-profits large and small, non-profits, and government leaders — is a great role model for infrastructure that is vital for digital societies and benefits everyone," said Daniel Goldscheider, founder of the OpenWallet Foundation. "With open source at the core of wallets, like it is at the core of web browsers, anyone can build a digital wallet that works with others and gives consumers the freedom to maintain their identity and verifiable credentials and share relevant data when, where, and with whom they choose."

With such a consequential and diverse group of members, OWF underscores how important it is to have an open foundation to support a plurality of digital wallets to ensure consistency, interoperability, and portability while protecting consumer privacy.

"The world needs a place to store digital assets that matter, and the work of this foundation has the potential to redefine the credentials landscape globally, creating in turn much better digital experiences for people everywhere and new market opportunities," said Gabriele Columbro, general manager of Linux Foundation Europe. "The EU has been a leading force in data privacy and consumer protection, and efforts like OWF offer a concrete opportunity for policy makers to 'shift left' their engagement, enabling a continuous and transparent feedback cycle between regulations and regulated technology. That’s why we are honored to bring such a relevant group of cross-industry players together in OWF under Linux Foundation Europe."

The OWF is the second project hosted by Linux Foundation Europe. Project Sylva was added in November 2022 to create an open source telco cloud software framework. 

Launching in tandem with OWF is a new report, Why the World Needs an Open Source Digital Wallet Right Now, from the OWF in partnership with Linux Foundation Research. The report notes:

*   Digital wallets are the world’s leading payment method for e-commerce and  point-of-sale retail. In 2021, the value of digital wallet transactions came to $15.9 trillion. 
*   Hundreds of digital wallets exist, but suffer from a host of problems, including vendor lock in, no interoperability, questionable security, and limited capabilities.
*   New wallets are underway, too, but without them all staying in sync, every country or organization that issues credentials could become a walled garden. IDs and wallets from elsewhere won’t work, disrupting travel, international students, and mobile workforces. 
*   The future will include multiple wallets, which is why we need a world-class wallet engine to ensure that interoperability is built in.

Quotes from inaugural members are available here.

For more information about the project and how to participate in this work, please visit: openwallet.foundation.

Join Open Wallet Foundation members for a livestream and Q&A on February 23rd, at 5:00 pm CEST/11:00 am ET. Register here.

**About Linux Foundation Europe**

Linux Foundation Europe was launched in September 2022 to facilitate open collaborations originating in Europe that succeed on a global scale, supporting one of the largest and most influential open source ecosystems in the world. The Linux Foundation and Linux Foundation Europe together are supported by more than 3000 members internationally. The Linux Foundation is the world's leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger Foundation, PyTorch, RISC-V, and more. Linux Foundation Europe methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.eu.

Linux Foundation Europe Announces Formation of OpenWallet Foundation

Through its Cybersecurity Assurance Program, UL Solutions is helping the automotive industry advance cybersecurity management systems for connected vehicle technologies.

**NORTHBROOK, Ill.****,** **Feb. 23, 2023** **/PRNewswire/ --** UL Solutions, a global leader in applied safety science, today announced it issued the first Cybersecurity Assurance Program Certificate for ISO/SAE 21434:2021, Road Vehicles — Cybersecurity Engineering to LG Innotek. The UL Solutions Cybersecurity Assurance Program (CAP) Certificate recognizes that LG Innotek's cybersecurity management system meets the requirements of the ISO/SAE 21434:2021 standard, which was introduced last year.

Cybersecurity is increasingly crucial for occupant protection as road vehicles become more connected and less isolated. Without a compliant cybersecurity management system, connectivity technology can leave road vehicles more vulnerable to automotive cybersecurity risks and ultimately affect the safety of the driver and passengers.

UL Solutions helps automotive original equipment manufacturers (OEMs) and suppliers assess cybersecurity risk throughout the complete product life cycle to help them identify problems earlier in the design phase before discovering issues in the final product.

"Cybersecurity risk management frameworks empower manufacturers to demonstrate that they prioritize cybersecurity and have mitigation measures in place in case of incidents or breaches," said Jody Nelson, managing director of Automotive Cybersecurity and Functional Safety at UL Solutions. "This proactive approach builds trust among buyers, which is fundamental to building valued brands. Congratulations to LG Innotek for achieving the first CAP certificate issued for the automotive industry. This milestone showcases LG Innotek's commitment to building a process that meets requirements set by current automotive cybersecurity standards."

The 2021 Global Automotive Consumer Study from Deloitte revealed that the majority of more than 24,000 consumers surveyed are concerned about someone hacking into their connected car systems and compromising their safety. Among consumers participating in the study, 66% in India, 64% in the United States and 58% in China indicated concerns regarding automotive cybersecurity risks.

Given the rapidly growing complexity of connected vehicles, it is increasingly challenging to eliminate cybersecurity risks. As a result, emerging regulations, such as ISO/SAE 21434:2021 and UN Regulation No. 155, Cybersecurity and Cybersecurity Management System, guide developing a risk management framework designed to assess risk early in the development phases, address cybersecurity challenges as they present themselves and track progress over time.

"Cybersecurity risk management proves critical to successfully delivering quality automotive components and connected vehicles in both commercial and passenger segments," Nelson said. "In today's world, security is intrinsic to quality. Our security experts offer a cross-functional technical experience to support the global automotive industry and suppliers such as LG Innotek in the shift toward connected vehicles."

ISO/SAE 21434:2021 specifies engineering requirements for cybersecurity risk management regarding the concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces. The standard defines a framework that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk.

**About UL Solutions**  
A global leader in applied safety science, UL Solutions transforms safety, security and sustainability challenges into opportunities for customers in more than 100 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers' product innovation and business growth. The UL Certification Marks serve as a recognized symbol of trust in our customers' products and reflect an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage.

SOURCE UL Solutions

Source

DARKReading