Wednesday, July 8

Malware Ransomware

The next cybersecurity headache: Employees know the rules but just don’t care
Breach Hack, Cyber Security, Free, Guide, Malware Ransomware, Phsihing Spam, Resources, Safety Security, Scams Fraud, Tools Apps Software

The next cybersecurity headache: Employees know the rules but just don’t care

Employees are still ignoring cybersecurity best practice despite being more aware of the risks. Cybersecurity has shot to the top of many IT leaders' priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice, according to new findings. Security firm Trend Micro surveyed more than 13,000 remote workers across 27 countries for its latest Head in the Clouds survey, which sought to understand individuals' attitudes towards risk in terms of cybersecurity. SEE: Mobile d...
When Security Takes a Backseat to Productivity
Breach Hack, Cyber Security, Free, Malware Ransomware, Safety Security, Tools Apps Software

When Security Takes a Backseat to Productivity

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive entities, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today. The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data...
Turn on MFA Before Crooks Do It For You
Addiction, Breach Hack, Children Teens, Cyber Security, Free, Games, Malware Ransomware, Privacy Data Protection, Safety Security, Tools Apps Software

Turn on MFA Before Crooks Do It For You

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. As a career chief privacy officer for different organizations, Dennis Dayman has tried to instill in his twin boys the importance of securing their online identities against account takeovers. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft ac...
Russian Cybercrime Boss Burkov Gets 9 Years
Breach Hack, Cyber Crime, Cyber Security, Identity Theft, Malware Ransomware, Safety Security, Scams Fraud

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers. As KrebsOnSecurity not...
COVID-19 ‘Breach Bubble’ Waiting to Pop?
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Safety Security, Scams Fraud, Tools Apps Software, Virus

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data. An ad for a site sell...
Ransomware Gangs Don’t Need PR Help
Cyber Crime, Cyber Security, Malware Ransomware, Parents Family, Safety Security

Ransomware Gangs Don’t Need PR Help

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism. Currently, more than a dozen ransomware crime ga...
FCC Designates Huawei & ZTE as National Security Threats
Cyber Security, Free, How-to Tips, Malware Ransomware, Privacy Data Protection, Safety Security, Senior Aging

FCC Designates Huawei & ZTE as National Security Threats

Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.The US Federal Communications Commission (FCC) Tuesday formally designated China's Huawei and ZTE Corp. as national security threats, citing their close relationship with the Chinese government. The decision means that US carriers can no longer use money available under the FCC's Universal Service Fund (USF) to purchase 5G — or any other — equipment, services, or systems from either of the two Chinese equipment manufacturers or any of their subsidiaries and affiliates. The US Department of Defense and other government agencies previously announced decisions to discontinue use of technologies from Huawei and ZTE equipment from their networks. “Both companies have close ties to the...
Ripple20 Threatens Increasingly Connected Medical Devices
Cyber Security, Free, How-to Tips, Malware Ransomware, Safety Security, Tools Apps Software

Ripple20 Threatens Increasingly Connected Medical Devices

A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.Earlier this month, JSOF security researchers disclosed the "Ripple20" vulnerabilities, a series of flaws affecting connected devices in the enterprise, industrial, and healthcare industries. Experts worry about the implications for connected medical devices, which could provide attackers with a gateway into a hospital network or enable them to affect patient care. Ripple20 exists in a low-level TCP/IP software library built by software company Treck. Many IoT device manufacturers build the library directly into their devices or integrate it through embedded third-party components. As a result, organizations may not know they're exposed. These vulnerabilities range in severity from small b...
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Safety Security, Scams Fraud, Tools Apps Software, Virus

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs. Months into the COVID-19 pandemic,countless large and small businesses across the globe are operating in survival mode, focused on pushing through the storm. While companies concentrate on getting through each day and week, one at a time, we would be careless not to encourage them to scrutinize the potential bad actors — specifically, nation-states — that are looking to capitalize on the weaknesses created or exposed by the pandemic. According to a security vendor Radware, by the end of 2019, over a quarter of companies had experienced a foreign government/nation-state attack. In 2018, 19% of organizations believed they were attacked by a nation-state. That f...
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Cyber Security, Free, How-to Tips, Malware Ransomware, Resources, Safety Security, Tools Apps Software, Virus

Chinese Software Company Aisino Uninstalls GoldenSpy Malware

Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable. For those who followed the GoldenSpy story last week from Trustwave, where tax software from China-based Aisino was used as a backdoor to gain access to the networks of foreign firms doing business with a Chinese bank, there's an interesting wrinkle. While doing a routine follow-up investigation in a sandbox after last week's initial disclosure, Trustwave researchers found that after being discovered, Aisino sent software out with one mission in mind: to delete GoldenSpy with an uninstaller and remove any trace it existed. Brian Hussey, Trustwave's vice president of cyber threat detection and response, says this new development was significant because ...