Connect with us

Tech

Amnesty International: Hackers attacking Vietnam dissidents

Published

on

Amnesty International: Hackers attacking Vietnam dissidents

BANGKOK — Amnesty International says it has found that a hacking group known as Ocean Lotus has been staging more spyware attacks on Vietnamese human rights activists in the latest blow to freedom of speech in the communist-ruled country.

The human rights group said Wednesday that Amnesty Tech’s Security Lab found evidence of the hacking attempts in phishing emails sent to two dissidents, one in the Philippines and one in Germany.

Cybersecurity firms earlier identified hacking attempts by Ocean Lotus targeting dissidents, governments and companies across Southeast Asia. The hackers are suspected of having ties to Vietnam’s government, which has been cracking down on dissent.

Amnesty urged the Vietnamese government to investigate.

The report said that blogger and pro-democracy activist Bui Thanh Hieu was targeted with spyware at least four times between February 2018 and December 2019. He left Vietnam and has lived in Germany since 2013. It said another blogger based in Vietnam, who was not named due to fears for their safety, was targeted three times last year.

A Philippines-based nongovernmental organization, the Vietnamese Overseas Initiative for Conscience Empowerment, or VOICE, was targeted by hackers in April 2020, the report said.

It said former staff and volunteers for VOICE were harassed, prevented from traveling and had their passports confiscated when they returned to Vietnam.

The Amnesty report also said the hacking efforts involved emails pretending to share an important document with a link to download a file.

An analysis of the phishing emails indicated they were generated by Ocean Lotus, based on the tools and techniques they used, it said. The hacking targets Mac OS Android and Windows operating systems.

“More recently Ocean Lotus was found to have created fake online media websites based on content automatically gathered from legitimate news websites,” the report said.

Vietnam is one of the handful of the world’s remaining communist single-party states that tolerate no dissent.

Human rights groups have been urging Vietnam to cease its repressive activities towards critics, seen especially in severe punishments of bloggers.

According to the cybersecurity company Volexity, OceanLotus was identified as a Vietnam-based hacking group in 2015. The group is suspected of staging sophisticated, widespread digital surveillance and attack campaigns since 2013 against some Asian countries, the Association of Southeast Asian Nations and many people and groups linked to the media and human rights groups.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Latest Edelman survey rates trust in tech at a 21-year low

Published

on

Social media is not a trusted source of information.

The technology sector plummeted from being the most trusted industry sector in 2020 to 9th place in 2021, according to the 21st annual analysis from communications firm Edelman. Lack of accountability and unwillingness to self-govern is eroding the public’s trust in technology.

Trust in technology reached all-time lows in 17 of 27 countries over the past year, Edelman said in its recent 2021 Edelman Trust Barometer: Trust In Technology report. The report is based on a survey of more than 33,000 people from 28 countries, including both general population respondents and what the firm calls “informed public respondents” for a well-rounded picture.

Trust and fear have a reciprocal relationship: The faster one rises, the faster the other drops. Traditionally, the technology sector was something of an expert at managing the two, but that is no longer the case. Edelman found that fear of technology is growing at a faster rate than trust in technology. It will take years for the technology industry to bounce back and regain the public trust.

Tech broke trust

Edelman’s survey results show respondents feel both betrayed by, and fearful of, technology. Job loss is the single greatest driver of societal fears, followed by the loss of civil liberties. There is a 6% drop in the number of people who are willing to share their personal information online. Social media, traditional media, and search engines are also at record low levels of trust.

Above: Respondents did not view many information sources favorably when asked to rate each one on how trustworthy they were for general news and information. Source: 2021 Edelman Trust Barometer: Trust in Technology.

Image Credit: Edelman

While the technology industry is full of entrepreneurs who believe in unleashing creativity and innovation and pursuing moonshot ideas, there are also those who monitor customers and invade privacy. The tendency to use technology as an authoritarian tool to monitor dissent is a concern, which explains China’s 16% drop in trust. The sheer drop is ironic, because China is also a global leader in tech R&D, innovation, and tech manufacturing.

Pandemic amplified fears

Edelman recorded one of the steepest declines in trust in the eight months between May 2020 and January 2021, when the public’s trust in technology dropped from 74% to 67%. People were increasingly concerned about AI and robots, and 53% of the respondents in Edelman’s survey worried the pandemic would accelerate the rate at which their employers would replace human workers with AI and robots. Cyberattackers capitalizing on the pandemic didn’t help matters, as 35% of respondents reported being fearful of attackers and breaches.

Edelman’s Trust in Technology study presents a paradox between tech employees and their employers. Employer trust is highest among tech sector employees, with 83% saying they trust their employers, and 62% believing they have the power to make corporations change. Yet the public’s trust in those employers is plummeting. The disconnect comes from the public perception that humans are not controlling technology, but that technology is trying to control them. There is a growing perception that technology — especially social media — is more capable at manipulating people than previously believed.

One way for the industry sector to regain some trust is to re-evaluate how they handle customer data and to be transparent about what they do with the information.

Gain trust by guarding information quality

Businesses as a whole are still trusted in most of the countries surveyed, with 61% of all respondents trusting companies above nonprofit organizations, government, and media. The most effective step businesses can take to increase trust is to guard the quality of information. Additional factors include embracing sustainable practices, implementing a robust COVID-19 health and safety response, driving economic prosperity, and emphasizing long-term thinking over short-term profits.

However, just saying they will protect information isn’t enough. Businesses need to take a data-centric security approach to achieve greater resiliency and cybersecurity. Businesses should also address the concerns employees have over job loss and automation. They should be transparent and honest with their employees if robotics and automation are part of the business plan. Investing in re-skilling employees for new jobs is a great way to transform a business digitally.

In short, senior management teams should remember that lasting transformation starts with employees.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

Google makes business process tool AppSheet Automation generally available

Published

on

Google AppSheet Automation

Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.


Last year, Google launched AppSheet Automation, an “intent-driven” experience in Google Cloud powered by AI that enabled enterprises to connect to a number of data sources to model automated business processes. After several months in early access, Google today announced that AppSheet Automation is generally available with new capabilities, including document processing, a monitoring app, and expanded eventing support.

According to Forrester, while automation has been a major force reshaping work since before the pandemic, it’s taking on a new urgency in the context of business risk and resilience. A McKinsey survey found that at least a third of activities could be automated in about 60% of occupations. And in its recent Trends in Workflow Automation report, Salesforce reported that 95% of IT leaders are prioritizing workflow automation, with 70% seeing the equivalent of more than 4 hours saved each week per employee.

AppSheet Automation, which arose from Google’s acquisition of AppSheet in July 2020, is an AI-enabled, no-code development platform designed to help automate existing business processes. The service offers an environment for building custom apps and pipelines, delivering governance capabilities and leveraging AI to understand goals and construct process artifacts.

One new feature in AppSheet Automation, Intelligent Document Processing, automatically extracts text from unstructured files like invoices and W-9s to eliminate the need for manual entry. Another, a monitoring app, allows customers to build AppSheet apps that can then monitor their automations.

Google also extended AppSheet Automation’s data source eventing, which previously supported Salesforce, to include Google Workspace Sheets and Drive in the general release. Looking ahead, the company says it’s building the ability to embed rich AppSheet views in Gmail to enable users to perform approvals on the go.

Google AppSheet Automation

“Digital transformation has been an enterprise priority for years, but recent Google Cloud research reinforces that the mandate is more pressing today than ever, with most companies increasing their technology investments over the last year,” Prithpal Bhogill, product manager on AppSheet’s business application platform, wrote in a blog post. “While there are many dependencies shaping the future of work, the challenge is to leverage technology to support shifting work cultures. Automation is the rallying point for this goal.”

The launch of AppSheet Automation follows news that Google will collaborate with robotic process automation (RPA) startup Automation Anywhere to accelerate the adoption of RPA with enterprises “on a global scale.” As a part of its agreement with Automation Anywhere, Google plans to integrate the former company’s RPA technologies, including low- and no-code development tools, AI workflow builders, and API management, with Google Cloud services like Apigee, AppSheet, and AI Platform. Automation Anywhere and Google said they’ll also jointly develop solutions geared toward industry-specific use cases, with a focus on financial services, supply chains, health care and life sciences, telecommunications, retail, and the public sector.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

1Password expands into secrets management to help enterprises secure their infrastructure

Published

on

1Password expands into secrets management to help enterprises secure their infrastructure

Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.


Password-management platform 1Password is expanding into the “secrets management” space, helping developer teams across the enterprise safeguard private credentials, such as API tokens, keys, certificates, passwords, and anything used to protect access to companies’ internal applications and infrastructure.

Alongside the launch, 1Password has also announced its first acquisition with the purchase of SecretHub, a Dutch startup founded in 2018 that claims to protect “nearly 5 million enterprise secrets” each month. Following the acquisition, SecretHub will be shuttered entirely, with its whole team — including CEO Marc Mackenbach — joining 1Password.

Secret sauce

Recent data from GitGuardian, a cybersecurity platform that helps companies find sensitive data hidden in public codebases, revealed a 20% rise in secrets inadvertently making their way into GitHub repositories. If this data falls into the wrong hands, it can be used to gain access to private internal systems. By way of example, Uber revealed a major breach back in 2017 that exposed millions of users’ personal data. The root cause was an AWS access key hackers discovered in a personal GitHub repository belonging to an Uber developer.

There has been a flurry of activity across the secrets management space of late. Israeli startup Spectral recently exited stealth with $6.2 million in funding to serve developer operations (DevOps) teams with an automated scanner that finds potentially costly security mistakes buried in code. San Francisco-based Doppler, meanwhile, last month raised $6.5 million in a round of funding led by Alphabet’s venture capital arm GV and launched a bunch of new enterprise-focused features.

1Password has built a solid reputation over its 16-year history, thanks to a platform that can store passwords securely and simplify log-in. It allows consumers and businesses to log into all their online services with a single click (rather than having to manually input passwords) and can also be used to store other private digital data, such as credit cards and software licenses. The Toronto-based company raised its first (and only) round of funding back in 2019, securing $200 million to help it push further beyond the consumer sphere and cement itself as an integral security tool for the enterprise.

Machine secrets

Today, 1Password claims some 80,000 business customers, including enterprise heavyweights such as IBM, Slack, Dropbox, PagerDuty, and GitLab. With its latest “secrets automation” product, the company is striving to make its platform stickier for existing and potential clients searching for an all-in-one platform that protects all their credentials — from employees’ email passwords to core backend business systems.

Above: 1Password: Secrets automation

While 1Password’s existing password-management toolset helps people securely access accounts without having to remember dozens of passwords, the “automation” facet of its new product name refers to machine-based system workflows that, for example, enable an application to securely “talk” to a database. “This means being able to roll secrets into your infrastructure directly from within 1Password,” chief product officer Akshay Bhargava told VentureBeat. “We are the first company encompassing human and machine secrets.”

Typically, infrastructure secrets can be splayed across countless cloud providers and services, but according to 1Password, it’s not uncommon for companies to cut corners or use a dubious combination of hacks and homegrown tools to manage the security around this issue.

According to Bhargava, 1Password was working on a secrets management solution before it acquired SecretHub. In fact, many of 1Password’s customers were already storing their infrastructure secrets in its vaults.

“Our customers have raised this workflow as something they’d like 1Password to solve,” Bhargava said. “It’s fair to say our first version is homegrown, and we’ve been focused on solving this problem for a while.”

Secrets automation allows admins to define which people and services have access to secrets, as well as what level of access is granted. At launch, it integrates with HashiCorp Vault, Terraform, Kubernetes, and Ansible, with “more on the way.” However, 1Password is also announcing a deeper partnership with GitHub, which will see the duo collaborate to “solve problems for our shared customers and users,” according to Bhargava. “We plan to build a workflow to support customers in delivering secrets and configuration into their CI/CD pipelines on GitHub,” he said.

As for costs, all companies will receive three credits for free. The cost then rises to $29 per month for 25 credits, $99 for 100 credits, and $299 for 500 credits. “We prorate based on usage,” Bhargava added. “We will work with companies needing more than 500 credits a month on an individual basis.”

In terms of how credit is consumed, companies configure the 1Password vaults they want secrets automation to access and then stipulate the permissions for a development environment with tokens. “If an API client needs read and write access to data stored in a 1Password vault, that access is defined using a token,” Bhargava explained. “One token, accessing one vault, is what defines a credit. If that same API client needs to access two vaults, that then becomes two credits. And similarly, if a single token is created for read access to vault A and another for write access to vault B, that becomes two credits.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Trending