Preço das casas aumentou mais de 10% em 130 concelhos em 2023

[5640533]

Trump não quer saber. Quanto pior tanto melhor. Desde início de Outubro não tem security briefing. Afinal, o homem está ocupado com golfe e processos na Justiça. Não se pode ter tempo para tudo.

[MarcoAntonio]

Trump, que vive no seu próprio mundo alternativo, minimiza o ataque e lança duvidas sobre o envolvimento da Russia. Clássico Trump:

Trump downplays Russian-linked cyberattack on U.S.

President Trump responded to the massive cyberattack on U.S. government departments and agencies and private companies on Twitter Saturday, claiming that the "Fake News Media" is exaggerating the extent of the hack.

Why it matters: Trump, who had been silent on the attack until now, claimed that China may be responsible, contradicting Secretary of State Mike Pompeo and other governmental officials who have said that the breach was carried out by Russia.

Context: The U.S. Cybersecurity and Infrastructure Security Agency said the hack "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

What he's saying: "The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control," Trump said in a tweet.

"Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA."

Between the lines: The president’s tweets are a continuation of his broad defense of Russia.

Throughout his time in office, Trump has defended the country against multiple claims, including that it interfered in the United States' 2016 election and the nation paid the Taliban to kill U.S. troops in Afghanistan.

The big picture: President-elect Biden said on Thursday that the hack "is a matter of great concern" and promised to impose "substantial costs" to those responsible for the attack.

Microsoft President Brad Smith said on Thursday that it effectively amounted to "an attack on the United States and its government and other critical institutions, including security firms."

Thomas Bossert, Trump's former homeland security adviser, wrote in the New York Times on Wednesday that the "magnitude of this ongoing attack is hard to overstate" and that it "will take years to know for certain which networks the Russians control and which ones they just occupy."

[MarcoAntonio]

A Russia já vinha sendo apontada como a provável responsável para este ataque informático sem precedentes nos Estados Unidos (uma acção semelhante já tinha sido conduzida na Ucrânia). Mas, entretanto, Mike Pompeo (Secretário de Estado) admite que é claro que a Rússia está por detrás deste ataque, a figura mais importante do governo americano a fazê-lo até agora:

Pompeo says Russia 'pretty clearly' behind cyberattack against US as Trump remains mum

The first damage assessment of a sprawling cyberattack linked to Russia has been chilling enough.

With intrusions reported across a huge swath of the government – including at the Department of Energy's National Nuclear Security Administration – federal officials already are signaling that the worst may be yet to come.

The Department of Homeland Security's cybersecurity unit has acknowledged that the full scope of the attack is not yet known, with an untold number of local government and private sector systems at "grave risk."

Secretary of State Mike Pompeo said U.S. officials are "still unpacking" the cyber intrusion but he publicly blamed the Kremlin.

"This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo said in an interview on the Mark Levin Show, a conservative talk radio program.

Although federal authorities have so far traced the attack's launch back to March, it remains unclear just how long operatives have been lurking in some of the government's most critical agencies – including the departments of State, Homeland Security, Treasury and Commerce –and what may have been lost or compromised.

Because the attacks employed sophisticated tactics unseen in past intrusions, according to Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), eliminating the threat is expected to be even more difficult.

Where is the White House?

Most striking, perhaps, has been the White House's silence as other parts of the government have been ringing the alarm about the cascading threat and the uncertain risk, raising questions about how the U.S. should respond.

Sen. Mitt Romney, R-Utah, Friday called President Donald Trump's lack of response "extraordinary" as the country faces the modern equivalent of "Russian bombers reportedly flying undetected over the entire country."

"They had the capacity to show that our defense is extraordinarily inadequate; that our cyber warfare readiness is extraordinarily weak," Romney said in an interview with Sirius XM, adding that the Kremlin acted with "impunity."

"And in this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary," he added.

Michael Chertoff, a former Homeland Security secretary in the George W. Bush administration, said Friday that the breaches underscored the need for a "deterrent strategy during a time of cyber conflict."

"I think we may need to up our game," Chertoff said.

Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., characterized the hack Friday as "a devastating breach" that requires the president's attention.

"An incident of this magnitude and lasting impact requires an engaged and public response by the U.S. government, led by a president who understands the significance of this intrusion and who is actively marshaling a domestic remediation strategy and an international response," Warner said. "It is extremely troubling that the president does not appear to be acknowledging, much less acting upon, the gravity of this situation.”

Pompeo defended the president's silence after Levin, the show's host, suggested the Trump administration might be working "behind the scenes" to address Russia's role in the attack.

"That’s absolutely true," Pompeo said, although he did not elaborate on what, if anything, the president might be doing to confront Moscow.

"There are many things that you’d very much love to say, 'Boy, I’m going to call that out,' but a wiser course of action to protect the American people is to calmly go about your business and defend freedom," Pompeo said.

Yohannes Abraham, executive director of President-elect Joe Biden’s transition, repeated Biden’s Thursday warning that there would be consequences to those who attack the U.S. with malicious cyber operations.

“There will be substantial costs,” Abraham said Friday. “While our adversaries shouldn’t expect us to telegraph our punches, they should expect that the president-elect is a man of his word.”

He added that while much is unknown, "what we do know is a matter of great concern.”

While the Energy Department has acknowledged that its systems have been affected, including the agency that maintains the nation’s nuclear weapons stockpile, it doesn’t mean that hackers have access to nuclear weapons and codes. That’s because weapons systems are usually isolated from the traditional internet, says Dvir Sasson, head of research for CyberInt, a Tel Aviv, Israel-headquartered security firm.

DOE spokeswoman Shaylyn Hynes said late Thursday that its review is ongoing but has so far determined that the malware has been "isolated to business networks only." The breach had not, Hynes said, spread to "mission essential national security functions of the department, including the National Nuclear Security Administration."

"When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network," Hynes said.

What we don't know can hurt us

Much of what the government has so far disclosed publicly is replete with the unknown.

A joint statement this week by the FBI, CISA and Director of National Intelligence referred to "significant cyber incident" as "a developing situation," suggesting that intrusions are ongoing.

In a separate bulletin, CISA said the attack continued to pose "a grave risk," not only to federal networks but to state, local and tribal governments along with critical infrastructure entities and private organizations.

The agency also acknowledged that suspected additional compromises "have not yet been discovered."

"This ... actor has demonstrated patience, operational security, and complex trade-craft in these intrusions," CISA said of the hackers, adding that the ongoing effort to eliminate the threat "will be highly complex and challenging."

Understanding the full extent of this hacking campaign "will take a very long time,” Sasson said. “It’s not unlike contact tracing during a pandemic in that we are already finding that the impact and scale of this campaign is much larger than originally understood. In less than a week, this has grown from one security vendor being hacked ... to a major assault on significant government agencies and businesses across the globe.”

'Top-tier offensive capabilities'

The attackers penetrated federal computer systems through a popular piece of server software offered through a company called SolarWinds.

The threat apparently came from the same cyberespionage campaign that has afflicted cybersecurity firm FireEye, foreign governments and major corporations.

The system is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies, which are now scrambling to patch their networks.

The initial DHS alert came a few days after FireEye announced that it had been breached "by a nation with top-tier offensive capabilities," FireEye CEO Kevin Mandia has said.

FireEye found malicious code was included in normal software updates for SolarWind’s products. The so-called “supply chain attack” comes from a vendor that is trusted, especially an IT management software company, so bad actors are “coming from the back door, the least expected place to get infected from,” Sasson said.

Once within a network, the code attacked Microsoft Office 365 products. Such an attack through Microsoft’s products “could have major consequences. Microsoft products are used globally, touching individual operating systems, video game services, cloud infrastructure, and more,” said Sivan Tehila, director of solution architecture at Perimeter 81, a cloud software security company also based in Tel Aviv, Israel.

Microsoft, which has released an update to block the malicious code, noted that the code, once in the network, sought to collect credentials to gain additional access.

Such an attack “is quite rare,” Sasson said. “The way the malware acts it is (as if it is) shutting itself down. It’s trying to be very secretive and trying to communicate low and slow, what we call in the industry, to make sure it is not being detected."

Tehila urged organizations to update their Microsoft software and follow the DHS recommendations to shut down SolarWinds software and quarantine parts of networks where the software is installed.

Microsoft, which says its own networks were not breached, was able to find that its products were compromised “because they have world-class capabilities to discover these kinds of issues,” said Eric Noonan, CEO of CyberSheath, a Reston, Va.-based cybersecurity company. “But the reality is most breached organizations don’t have the capabilities or resources to investigate this and will find out they were hacked through third parties at a later time.”

Noonan compared the situation to "smelling smoke in your house and getting everyone out, compared to waking up to fire engines at three in the morning."

This cyber attack "will likely rank as one of the worst (very possibly the worst ever) in the last decade given the targeted and cyber espionage nature of this attack," said Daniel Ives, an analyst with Wedbush Securities, in a note to investors Friday.

Perhaps escalating its repercussions is that employers across the U.S. for private and federal agencies have millions of employees working from home.

"This breach could not have come at a worse time with nearly all government agencies as well as enterprises having employees work from home likely until at least mid 2021 and accessing applications/data from ubiquitous endpoints globally," Ives said

[mais_um]

Já tinha referido no tópico do Trump. É um ataque massivo, com contornos semelhantes ao que já tinha ocorrido na Ucrânia.

Vários departamentos e agências governamentais e milhares de empresas do sector privado atingidos.

Os estragos e potencial para estragos futuros? Ninguém sabe ainda bem...

Penso que nunca se vai saber o verdadeiro impacto, as consequências deverão perdurar por anos, não só no que foi pirateado como daquilo que não foi mas na duvida vai ter que ser entendido como tenha sido. Os estragos serão brutais.

[MarcoAntonio]

Já tinha referido no tópico do Trump. É um ataque massivo, com contornos semelhantes ao que já tinha ocorrido na Ucrânia.

Vários departamentos e agências governamentais e milhares de empresas do sector privado atingidos.

Os estragos e potencial para estragos futuros? Ninguém sabe ainda bem...

[mais_um]

Washington (CNN Business)The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia. Investigators are still trying to figure out how much of the government may have been affected and how badly it may have been compromised.
But what little we know has cybersecurity experts extremely worried — with some describing the attack as a literal wakeup call.
"I woke up in the middle of the night last night just sick to my stomach," said Theresa Payton, who served as White House Chief Information Officer under President George W. Bush. "On a scale of 1 to 10, I'm at a 9 — and it's not because of what I know; it's because of what we still don't know."

On Sunday evening, the Commerce Department acknowledged it had been hit by a data breach after Reuters first reported that sophisticated hackers compromised the agency through a third-party software vendor known as SolarWinds. While SolarWinds is not a household name, it works with many businesses and organizations that are.
Since then, more details have emerged suggesting a much wider pattern of compromise. As many as 18,000 SolarWinds customers — out of a total of 300,000 — may have been running software containing the vulnerability that allowed the hackers to penetrate the Commerce Department, the company disclosed in an investor filing this week.


https://edition.cnn.com/2020/12/16/tech ... index.html

[mais_um]

isto não é mais um cyberataque, é algo muito grave, aparentemente ter acesso durante 9 meses sem ser detectado, por uma potência como a Rússia a um conjunto de informação abrangente, desde militar, económico, tecnologico, etc... dos EUA tem impacto brutal no governo dos EUA e nas empresas atingidas.

Algo a seguir com atenção.

US cybersecurity agency warns suspected Russian hacking campaign broader than previously believed

(CNN)An alarming new alert issued by the Department of Homeland Security's cyber arm Thursday revealed that Russian hackers suspected of a massive, ongoing intrusion campaign into government agencies, private companies and critical infrastructure entities used a variety of unidentified tactics and not just a single compromised software program.
Specifically, the Cybersecurity and Infrastructure Security Agency said it has determined that the SolarWinds Orion software vulnerability disclosed earlier this week is not the only way hackers compromised a variety of online networks -- warning that in some cases, victims appeared to have been breached despite never using the problematic software.
The news will likely only compound already escalating concerns about the scale and scope of the data breach, which CISA said Thursday "poses a grave risk" to networks across both the public and private sector.

"CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations," the alert issued by the agency said. "CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
https://edition.cnn.com/2020/12/17/poli ... index.html