Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CyberCrime. Show all posts
Software
Cyber Attacks Cyber Victim CyberCrime Cybersecurity CyberThreat Ransomware Threat Software

California's Major Trial Court Falls Victim to Ransomware Attack

 


It has been reported that the computer system at the largest trial court in this country has been infected by ransomware, causing the system to crash. Superior Court officials said they were investigating the incident. As soon as the court learned that the computer network systems had been hacked, the systems were disabled, and they are expected to remain down until the weekend at the very least. 

Following the statement, a preliminary investigation revealed no evidence that the user's data had been compromised in any way. According to officials with the Superior Court of Los Angeles County, the nation's largest trial court was closed Monday as a ransomware attack shut down its computer system late last week, resulting in a shutdown of its library and many other departments. 

As soon as the court became aware of the cyberattack early Friday morning, its computer network was disabled, and the system remained offline throughout the weekend due to the attack. There will be no courthouse operations on Monday, despite reports that the county's 36 courthouses will all remain open to the public on Friday. According to a statement released by the FBI on Friday morning, officials do not believe the cyberattack related to the faulty CrowdStrike software update that has disrupted airlines, hospitals, and governments worldwide is related to the security breach. 

Once the court was made aware of the attack, all computer systems connected to its computer network were disabled. An initial investigation has revealed no evidence that the data of users has been compromised, according to the statement released by the company. KCAL, the CNN affiliate based in Los Angeles, reported Monday that the judicial system continues to be closed as it tries to recover. 

As the largest court system in the United States that serves a broad range of services to more than 10 million residents in 36 courthouses, the Superior Court of Los Angeles County is the largest unified court system in the country. The number of cases filed in 2022 is expected to reach nearly 1.2 million, and there will be almost 2,200 jury trials. According to the Presiding Judge Samantha P. Jessner, "The Court has been experiencing a cyber-attack which has resulted in almost all of our network systems being shut down. 

Companies have contained the damage to their network, ensured data integrity and confidentiality, and ensured future network stability and security" during an unprecedented cyber-attack on Friday. The court has reopened all 36 courthouses tomorrow, July 23, following the tireless dedication of the staff and security experts required to assist in restoring the court to full operation," according to a statement published on the court's website. Court users need to be aware that there will be delays and potential impacts due to limitations in functionality.
Read more »
Vulnerabilities and Exploits
Artificial Intelligence Cyber flaws Cyberattacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Data Breach LangChain Vulnerabilities and Exploits

LangChain Gen AI Under Scrutiny Experts Discover Significant Flaws

 


Two vulnerabilities have been identified by Palo Alto Networks researchers (CVE-2023-46229 and CVE-2023-44467) that exist in LangChain, an open-source computing framework for generative artificial intelligence that is available on GitHub. The vulnerabilities that affect various products are CVE-2023-46229. It is known as the CVE-2023-46229 or Server Side Request Forgery (SSRF) bug and is an online security vulnerability that affects a wide range of products due to a vulnerability triggered in one of these products.

It should be noted that LangChain versions before 0.0.317 are particularly susceptible to this issue, with the recursive_url_loader.py module being used in the affected products. SSRF attacks can be carried out using this vulnerability, which will allow an external server to crawl and access an internal server, giving rise to SSRF attacks. It is quite clear that this possibility poses a significant risk to a company as it can open up the possibility of unauthorized access to sensitive information, compromise the integrity of internal systems, and lead to the possible disclosure of sensitive information. 

As a precautionary measure, organizations are advised to apply the latest updates and patches provided by LangChain to address and strengthen their security posture to solve the SSRF vulnerability. CVE-2023-44467 (or langchain_experimental) refers to a hypervulnerability that affects LangChain versions 0.0.306 and older. It is also known as a cyberattack vulnerability. By using import in Python code, attackers can bypass the CVE-2023-36258 fix and execute arbitrary code even though it was tested with CVE-2023. 

It should be noted that pal_chain/base.py does not prohibit exploiting this vulnerability. In terms of exploitability, the score is 3.9 out of 10, with a base severity of CRITICAL, and a base score of 9.8 out of 10. The attack has no privilege requirements, and no user interaction is required, and it can be launched from the network. It is important to note that the impact has a high level of integrity and confidentiality as well as a high level of availability. 

Organizers should start taking action as soon as possible to make sure their systems and data are protected from damage or unauthorized access by exploiting this vulnerability. LangChain versions before 0.0.317 are vulnerable to these vulnerabilities. It is recommended that users and administrators of affected versions of the affected products update their products immediately to the latest version. 

The first vulnerability, about which we have been alerted, is a critical prompt injection flaw in PALChain, a Python library that LangChain uses to generate code. The flaw has been tracked as CVE-2023-44467. Essentially, the researchers exploited this flaw by altering the functionality of two security functions within the from_math_prompt method, in which the user's query is translated into Python code capable of being run. 

The researchers used the two security functions to alter LangChain's validation checks, and it also decreased its ability to detect dangerous functions by setting the two values to false; as a result, they were able to execute the malicious code as a user-specified action on LangChain. In the time of OpenSSL, LangChain is an open-source library that is designed to make complex large language models (LLMs) easier to use. 

LangChain provides a multitude of composable building blocks, including connectors to models, integrations with third-party services, and tool interfaces usable by large language models (LLMs). Users can build chains using these components to augment LLMs with capabilities such as retrieval-augmented generation (RAG). This technique supplies additional knowledge to large language models, incorporating data from sources such as private internal documents, the latest news, or blogs. 

Application developers can leverage these components to integrate advanced LLM capabilities into their applications. Initially, during its training phase, the model relied solely on the data available at that time. However, by connecting the basic large language model to LangChain and integrating RAG, the model can now access the latest data, allowing it to provide answers based on the most current information available. 

LangChain has garnered significant popularity within the community. As of May 2024, it boasts over 81,900 stars and more than 2,550 contributors to its core repository. The platform offers numerous pre-built chains within its repository, many of which are community-contributed. Developers can directly use these chains in their applications, thus minimizing the need to construct and test their own LLM prompts. Researchers from Palo Alto Networks have identified vulnerabilities within LangChain and LangChain Experimental. 

A comprehensive analysis of these vulnerabilities is provided. LangChain’s website claims that over one million developers utilize its frameworks for LLM application development. Partner packages for LangChain include major names in the cloud, AI, databases, and other technological development sectors. Two specific vulnerabilities were identified that could have allowed attackers to execute arbitrary code and access sensitive data. 

LangChain has issued patches to address these issues. The article offers a thorough technical examination of these security flaws and guides mitigating similar threats in the future. Palo Alto Networks encourages LangChain users to download the latest version of the product to ensure that these vulnerabilities are patched. Palo Alto Networks' customers benefit from enhanced protection against attacks utilizing CVE-2023-46229 and CVE-2023-44467. 

The Next-Generation Firewall with Cloud-Delivered Security Services, including Advanced Threat Prevention, can identify and block command injection traffic. Prisma Cloud aids in protecting cloud platforms from these attacks, while Cortex XDR and XSIAM protect against post-exploitation activities through a multi-layered protection approach. Precision AI-powered products help to identify and block AI-generated attacks, preventing the acceleration of polymorphic threats. 

One vulnerability, tracked as CVE-2023-46229, affects a LangChain feature called SitemapLoader, which scrapes information from various URLs to compile it into a PDF. The vulnerability arises from SitemapLoader's capability to retrieve information from every URL it receives. A supporting utility called scrape_all gathers data from each URL without filtering or sanitizing it. This flaw could allow a malicious actor to include URLs pointing to intranet resources within the provided sitemap, potentially resulting in server-side request forgery and the unintentional leakage of sensitive data when the content from these URLs is fetched and returned. 

Researchers indicated that threat actors could exploit this flaw to extract sensitive information from limited-access application programming interfaces (APIs) of an organization or other back-end environments that the LLM interacts with. To mitigate this vulnerability, LangChain introduced a new function called extract_scheme_and_domain and an allowlist to enable users to control domains. 

Both Palo Alto Networks and LangChain urged immediate patching, particularly as companies hasten to deploy AI solutions. It remains unclear whether threat actors have exploited these flaws. LangChain did not immediately respond to requests for comment.
Read more »
Smishing Exposed
Cyber Attacks Cyber Scams CyberCrime CyberThreat Smishing Exposed

Smishing Exposed How to Recognize Report and Prevent Text Message Scams

 


In cybersecurity, SMS phishing is intercepting a user's text message through a mobile device. Phishing refers to a scam whereby victims are tricked into providing sensitive information to an attacker disguised as someone they trust. To carry out SMS phishing, malware or fraudulent websites can assist attackers. Several mobile platforms support text messaging, as well as non-SMS channels and mobile apps that use data for texting. 

A cyberattack occurred earlier this year, in which hackers stole the personal information, including health information, of more than 13 million Australians, making it one of the country's biggest cyberattacks. This may not seem like much, but keeping your phone's operating system up-to-date protects it from getting infected with malware by preventing it from becoming infected in the future. It is important to keep calm if this message seems to have an urgent feel to it. 

Users should be wary of receiving urgent messages from unknown numbers and approach them calmly so they recognize it is probably not a person looking out for their best interest. An answer given by a two-digit number is most likely to be from a scammer whose real phone number is disguised through email to text services that scammers use to conceal their real numbers: It is unlikely that a credible business, or their friends and family, would be using such a service to contact their customers.

The best way to protect your account is to use two-factor or multi-factor authorization whenever it is possible to do so. In this way, users can have their data secure from unwanted prying eyes, which increases their security. Providing a password via a text message is never a good idea. Entering the password or account recovery code directly into the official app or website that is supposed to be used for entering the password or account recovery code can help users.  

There has been a theft of customer data from MediSecure over the past couple of weeks, according to the company's announcement on Thursday, with an unknown number of such records being uploaded to the dark web. After being alerted to the breach on April 13 by suspicious ransomware being discovered on a server containing sensitive personal health data, the company publically confirmed the breach in May, almost a month after it was first discovered. 

To ensure that the information is kept safe, one of the best methods is to contact the company that is supposed to be the sender of the text. This is especially useful if the user has a bank account. If that's the case, they should contact their bank directly to get this information. A bill or statement can normally contain a direct phone number to call so that a human representative can be contacted if any questions or concerns arise. 

Please do not click on any links that may be mentioned in the text, and do not respond to any of the questions as well. Certainly! Here's a formal and expanded version of the information provided: Phishing, a form of cyberattack through SMS, relies on deceptive tactics and technological manipulation to exploit victims' trust and gather sensitive information. 

This method mirrors traditional email phishing but leverages the immediacy and personal nature of text messaging to lower recipients' defences. The approach begins with the attacker sending text messages, often personalized with the recipient's name and location, to create a sense of familiarity and legitimacy. These messages typically contain links to malicious websites or apps designed to extract private information or install malware on the victim's smartphone. 

To enhance credibility, attackers may use spoofing techniques to conceal their identity by displaying false sender information or utilizing email-text services to obfuscate their phone numbers. This masking helps them appear as legitimate entities such as banks, government agencies, or well-known organizations, thereby increasing the likelihood that recipients will comply with their requests. Social engineering plays a pivotal role in smishing attacks by exploiting human psychology and emotions. 

Attackers craft messages that evoke urgency, fear, or curiosity, prompting recipients to act hastily without due skepticism. By manipulating these emotions, attackers override critical thinking and persuade victims to divulge sensitive information or click on malicious links. The success of a smishing attack hinges on the recipient's response to the initial bait message. Once a victim interacts with the malicious link or provides personal details, attackers proceed to exploit this information for financial gain or identity theft purposes. 

Common objectives include unauthorized access to bank accounts, fraudulent credit card applications, or the unauthorized disclosure of sensitive corporate data. Mitigating the risk of smishing involves maintaining awareness of common tactics used by attackers and adopting security best practices. These include avoiding clicking on links from unknown or suspicious sources, verifying the authenticity of messages through official channels, and refraining from disclosing sensitive information via text messages. 

Furthermore, enabling two-factor authentication (2FA) wherever possible adds a layer of security by requiring a secondary form of verification before accessing accounts or services. By remaining vigilant and informed about the tactics employed by smishing attackers, individuals and organizations can better protect themselves against these increasingly sophisticated cyber threats.
Read more »
Medisecurity
Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Data Exposure Datathreat Medisecurity

Sensitive Health Data of 12.9 Million Individuals Stolen in Cyberattack

 


One data breach has led to the exposure of several personal and medical data about 12.9 million people who have become victims of cybercrime. Several customers of MediSecure, one of Australia's leading healthcare providers, have been affected by the huge data breach. There has been a breach of data relating to prescriptions distributed by the company's systems from March 2019 to November 2023 that have been exposed. 

MediSecure, a company that provides electronic prescriptions, said today that a total of 12.9 million customer records have been stolen and that an unknown amount of these records have been uploaded online. When it first learned of the data breach on April 13, when other servers holding sensitive personal and health data were discovered to be infected with suspected ransomware, the company publicly confirmed the hack in May. 

In an attack on MediSecure, which provides medical prescriptions, almost 13 million Australians were impacted by an incident where their personal and health data was breached. Based on a comprehensive investigation into the metadata accessed by its attackers in May 2024, MediSecure has uncovered that 12.9 million individuals, who used the service from March 2019 to November 2023 for the delivery of prescriptions, were affected by the breach. 

In addition to this, information regarding patient prescriptions is stored in this database. According to the authors of this evaluation, which was published on July 18, a detailed analysis of healthcare identifiers for individuals was conducted. The dataset consists of a wide variety of information related to both personal and health issues, some of which are sensitive by nature. 

Name, title, date of birth, gender, e-mail address, home address, and phone number are the personal information requested. Individual healthcare identifiers (IHI); Medicare card number; Commonwealth Seniors card number and expiration date; Healthcare Concessions card number and expiration date; Health care concessions card number and expiration date; Department of Veterans Affairs (DVA) card number and expiration date; prescription medication, including the name of the drug, the strength, the quantity, the number of repeats and the reason for the prescription. 

It has now been announced in a statement by the Department of Home Affairs that certain details about the system breach have been revealed. There have also been several links that have been provided that give victims information on how to identify scammers and protect their personal information as well as where they may find guidance. A support program is also in place to assist those who may be distressed by the nature of the attack; mental health care is also available to those affected. 

Nevertheless, it is important to emphasize that prescriptions were not affected by this change and healthcare providers were still able to prescribe and dispense medicines accordingly. There have been further breaches at another major healthcare provider, this time in the US, so the overall cost of the breach is still being calculated. A third of Americans may be impacted by the ransomware attack that took place on Change Healthcare. 

In this case, there would be 110 million individuals who would be affected by this catastrophe. There is no doubt that this attack dwarfed the Anthem attack suffered in 2015, which involved the personal records of 78.8 million people. According to The HIPAA Journal, the projected cost of addressing the cyberattack on Change Healthcare that occurred in February is estimated to be between $2.3 billion and $2.45 billion. 

This figure, however, does not account for the expenses associated with notifying all affected customers. These cyberattacks have left millions of individuals justifiably worried that their personal information may be accessible to malicious entities who could repeatedly exploit it for fraudulent purposes.

Additionally, these incidents have significantly undermined public trust in medical providers, who are entrusted with some of the most sensitive personal details. The ramifications of these breaches extend beyond financial losses, eroding confidence in the security measures of healthcare institutions tasked with safeguarding patient information.
Read more »
Technology
Cyberattacks CyberCrime CyberThreat GPS Location Quantum Navigation Technology

Quantum Navigation as the Successor to GPS

 


The cause of the recent flight cancellations by Finnair planes flying into Estonia did not have anything to do with mechanical failures or bad weather the cause was the GPS signal not being received by the aircraft. To prevent GPS denial, an aircraft deliberately interferes with the navigation signals that it relies on as part of its navigation. 

The International Air Transport Association (IATA) has been providing maps of areas where GPS is unavailable or unreliable for a long time, and this is not a new phenomenon. Although GPS jamming and spoofing are becoming increasingly powerful weapons of economic and strategic influence around Europe, the Middle East, and Asia, there is growing concern as conflict spreads quickly across these regions.

In some conflict zones, it has been documented that adversarial nations have used false (spoofed) GPS signals to disrupt air transit, shipping, trade, or military logistics and disrupt the daily activities of the nation. There have also been recent talks about anti-satellite weapons, and these discussions have rekindled fears that deliberate actions may be planned to disrupt GPS systems to wreak havoc on the economy. So many aspects of people's lives cannot function without GPS, and they do not even think about it when they do not have it. 

In case of a GPS outage, many online services will not function properly (these rely on GPS-based network synchronization) as well as the in-vehicle Satnav not working. On the other hand, users' mobile phones will not be able to access location-based services. According to studies conducted in the United States and the United Kingdom over the past few years, An analysis by two different academic institutions recently identified that the cost of a temporary outage in economic terms was about $1 billion per day. 

However, the strategic impacts could be even greater, especially during times of war.  As the saying goes, infantry win battles, but logistics win wars, and this is a testament to this assertion. The concept that it would be almost impossible to operate military logistics supply chains without GPS, given the heavy dependence on synchronized communication networks, general command and control, and locating and tracking vehicles and materials, is almost impossible to imagine. 

The entire system relies on GPS-based information and is susceptible to disruptions in any of them at any time. Most of the large military and commercial ships as well as aircraft carry GPS backup systems for steering since it was not long ago that navigation was performed without GPS. At high latitudes and underwater, GPS signals are not always available in all settings-for example, underground and underwater. 

It has been found that GPS alternatives depend on signals that can be measured locally (for example, motion or magnetic fields, such as the magnetic field in a compass), meaning that a vessel can navigate even in the absence of GPS or if GPS cannot be trusted at all. Inertial navigation, for example, uses special accelerometers that measure the movement of the vehicle, in a similar way to how one of those in a user's mobile phone can reorient itself when rotated in a certain direction. 

Then, based on the data users notice that the vehicle is moving, and using Newton's laws, users can calculate their likely position after a considerable period. In another technique called "alt-PNT," measurements are made of magnetic and gravitational fields to determine whether the Earth's surface is different from the known variation of these fields. Certainly! Here is the expanded and formalized version of the provided paragraphs. Reliable GPS is approaching its technological limits, and emerging quantum technologies present a promising path forward. 

Ultrastable locally deployed clocks are a key component of these advancements, ensuring that communications networks remain synchronized even during GPS outages. Traditionally, communications networks relied on GPS timing signals for synchronization. However, quantum technology offers a robust alternative. At the core of this technological shift is the fundamental behaviour of atoms. 

Satellite navigation systems depend on signals reflected from space, whereas quantum navigation leverages the precise movement of a single atom tracked under cryogenic conditions. According to New Atlas, a leading science publication, quantum navigation systems operate independently within each vehicle, with measurements taken at the point of use. This method ensures that the signal remains stable and resistant to interception, as noted by Richard Claridge, a physicist at PA Consulting Group. In May, the United Kingdom conducted two distinct quantum navigation tests one aboard a Royal Navy ship and another on a small jet plane. 

Subsequently, in June, London's underground transport system served as a testing ground for this cutting-edge technology. These tests demonstrated that quantum navigation systems are resistant to jamming, underscoring the UK's pioneering role in the future deployment of this technology on a broader scale. Quantum sensors exploit the immutable laws of nature to detect previously inaccessible signals, providing unprecedented sensitivity and stability. 

Consequently, quantum-assured navigation systems offer a reliable defence against GPS outages and enable innovative new missions. The most advanced quantum navigation systems integrate multiple sensors, each detecting unique environmental signals pertinent to navigation. This approach mirrors the technology used in autonomous vehicles, which combines lidar, cameras, ultrasonic detectors, and other sensors to achieve optimal performance. The evolution of navigation begins with an improved generation of quantum inertial navigation. 

However, the capabilities of quantum sensing extend beyond traditional methods by accessing new signals that were previously challenging to detect in real-world environments. As a result, quantum navigation technology represents a significant advancement, ensuring enhanced reliability and opening new possibilities for future applications.
Read more »
Telecommunication
Cyberattacks CyberCrime Cyberfraud Cybersecurity CyberThreat Technology Telecommunication

Government Shuts Down Two Telemarketing Giants for 5.5 Million Fraudulent Calls

 


Several telemarketing entities, notably V-Con Intelligent Security and OneXtel Media, have been suspended by the Department of Telecommunications (DoT) for disseminating malicious messages through their services. According to a report by the Economic Times (ET), these two telemarketers alone were responsible for sending a record 55.5 million spam messages since January of this year. 

In light of the escalating incidence of SMS fraud within the country, the DoT has taken decisive action to suspend these two telemarketing companies, aiming to mitigate the risks associated with such scams. The DoT's directive, issued on July 15, identified V-Con Intelligent Security and OneXtel Media as platforms for sending customers malicious and phishing SMSes. Reports submitted to the Sanchar Saathi portal, particularly from the 'Chakshu' facility listed under the 'Services' section, highlighted these malicious activities. 

Comprehensive analysis of information provided by citizens enabled the DoT to make significant discoveries and undertake specific interventions. In its efforts to combat the proliferation of malicious SMS activities, the DoT has issued orders for the suspension and blacklisting of 131 Principal Entities (PEs), as well as approximately 5,000 SMS templates and 700 SMS headers linked to these activities. Despite these measures, new headers emerge, allowing fraudulent SMSes to be sent to citizens and raising ongoing concerns. 

Investigations have revealed that Onextel Media Pvt Ltd and V-Con Intelligent Security Pvt Ltd were responsible for a substantial portion of these malicious SMSes, accounting for 5.55 crore out of the 5.66 crore reported incidents. The DoT directive also mandates telecom companies to file police complaints against these telemarketers for circumventing the Distributed Ledger Technology (DLT) platform and distributing phishing messages.

The DLT platform is utilized to authenticate registered telemarketers and their messaging components, preventing unregistered entities from sending promotional messages. The DoT's actions were prompted by numerous complaints from telecom users regarding malicious SMSes. In response, the DoT employed facial recognition technology to block 6.76 lakh SIM cards and 10,296 mobile phones in Gujarat that were linked to cybercrime activities. 

Further investigations revealed financial connections between the identified companies and various organized transnational crimes, including fraudulent stock investments, prompting the Gujarat Police to launch inquiries. Despite the collaborative efforts involving telecom companies and regulatory bodies such as the Telecom Regulatory Authority of India (TRAI), the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), significant challenges persist in curtailing spam and scam activities. The continuous evolution of spamming techniques poses a formidable challenge, necessitating ongoing adaptation and enhancement of countermeasures to effectively mitigate such threats.
Read more »
Technology
Chinese Tech CyberCrime Cyberhackers. Cybersecurity CyberThreat EU Germany Cyberbreach Technology

Alarm Bells Ring in Germany Over Chinese Tech Advancements

 


During the next five years, Germany will phase out components made by Chinese companies Huawei and ZTE from its 5G wireless network. This will likely worsen its already strained ties with the second-largest economy in the world, which may further strain its relations with Germany. According to the German Interior Ministry (BMI), by the end of 2026, components made by Chinese technology companies such as Huawei and ZTE will not be allowed to be used in the construction of the country's next-generation 5G mobile networks made by the German industry. 

To comply with this decision, the BMI decided that all existing components must be replaced by the year 2029. Considering 5G networks as a critical infrastructure, the German government maintains that they will have a key role to play in the energy, transportation, health care, and finance sectors in the coming years. A statement made by Huawei has been issued to CNN, stating that there has been no evidence or scenario that explicitly illustrates that its technology poses any security risks. 

A statement from the Chinese embassy in Germany said it was committed to taking whatever "necessary measures" to protect the interests of Chinese companies in Germany. According to the ban, Chinese technology companies are increasingly viewed with suspicion due to their alleged too-close ties to the government in Beijing as a result of their proliferation of investments. 

Particularly Beijing's desire to turn Huawei and ZTE into world leaders in higher-tech sectors has made Western governments wary of giving them too much influence over their national infrastructures, as it wants to establish them as the hub of the world's high-tech sector. In the meantime, another collaboration between several German and Chinese companies has created a stir in the industry. It has been announced that Luxcara, an independent asset manager based in Hamburg, Germany, has signed a contract with a Chinese company, Ming Yang, to construct wind turbines as part of a project that will be based off the coast of Germany. 

Ming Yang said in a statement on July 2 that its decision was based upon an extensive due diligence exercise that covered all aspects of the supply chain, environmental, social and governance compliance aligned with the EU taxonomy, as well as cybersecurity. It was a result of independent expertise provided by reputed international advisors. The German government also considers energy supply a critical infrastructure to generate 80% of the country's electricity by 2035 from renewable sources, which means that they will use less fossil fuels in the process. 

There is no doubt that wind power will play a significant role in the future mix of electric power sources in the world. As per official German data, during the first three months of this year, 38.5% of all electricity produced in Germany was generated by wind power, as well as 16.3% from solar energy. Among all the renewable sources of energy, wind power has seen the most significant growth. It has been important to Luxcara, according to Lars Haugwitz, senior consultant at Luxcara to select the most powerful turbines for their project to be a success. 

DW reported that only Ming Yang could deliver the unit on time with an 18.5-megawatt capacity by the end of 2028. He added that the decision was based on a thorough review of all the bids that DW had received throughout the international tender. In Europe, Vestas, a Danish offshore wind company, and Siemens Gamesa, a German-Spanish company, have held the majority of offshore wind power installations to date. The Chinese companies are now also considered by another German wind farm operator as a possible supplier for his project. 

 The German business daily Handelsblatt reports that RWE, the world's biggest energy company, is among those looking for alternatives, noting that there are limited wind turbine supplies in Europe, along with high demand. The German-based utility company recently issued a statement asserting that it currently has no Chinese suppliers within its wind energy portfolio and intends to maintain its collaboration with established European suppliers. 

However, a company spokesperson informed Deutsche Welle (DW) that the offshore wind industry must evaluate the offerings of Asian suppliers to determine if they meet the necessary standards in technology, quality, safety, and cost-effectiveness. According to Michael Tenten, managing director of Pure ISM—a company specializing in data security within the renewable energy sector—there are multiple reasons for the technological advancements of Asian companies, primarily economic. Tenten explained to DW that the swift availability of equipment is a significant factor. 

However, research conducted by the Kiel Institute for the World Economy (IfW) in Germany revealed that in 2022, over 99% of listed Chinese companies benefited from direct state subsidies. These companies also enjoyed privileged access to critical raw materials, enforced technology transfers in joint ventures, and support in public procurement processes. An example highlighted is China's car manufacturer BYD, which has emerged as the world's leading electric vehicle producer, largely due to substantial subsidies. Dirk Dohse, research director at IfW, recently told Handelsblatt that BYD has also received subsidies for battery production and component manufacturing. 

Dohse noted that while European industries often struggle to compete with Chinese pricing, without China's subsidized technology, the products essential for Germany's green transformation would be more expensive and less available. Michael Tenten of Pure ISM added that another source of mistrust towards Chinese suppliers is data security concerns. He pointed out that manufacturers typically operate their own control centres to monitor the wind farms they construct, and unless these centres are located in Germany, there remains a risk of foreign influence on operations. Lars Haugwitz of Luxcara considers this risk to be more theoretical, as there will be "no direct data link" between the German offshore wind park and the Chinese turbine manufacturer. 

Haugwitz assured that the control, operation, and maintenance of the turbines would be entirely managed within Germany. China's Ministry of Foreign Affairs issued a statement asserting that Germany’s actions severely damaged mutual trust and could affect future cooperation between China and Europe in related fields. This decision could further strain Germany’s relationship with China, its largest trading partner. Recently, Berlin blocked the sale of a Volkswagen subsidiary to a Chinese state-owned company on national security grounds, eliciting a strong response from Beijing. 

Concurrently, China is engaged in a trade dispute with the European Union, which recently increased tariffs on Chinese electric vehicles. A spokesperson for China’s Ministry of Foreign Affairs commented on Thursday that politicizing economic, trade, and technological issues would only disrupt normal technological exchanges. Germany has been deliberating for years on how to handle Huawei components in its 5G network, following the lead of the United States, the United Kingdom, Australia, and Japan, which have effectively banned the company from their 5G infrastructure due to concerns that Beijing could use Chinese tech companies to conduct espionage.
Read more »
VMware Attacks
APT INC Babuk Locker Cyberattacks CyberCrime Cyberhackers Cybethreat SEXi Ransomware VMware Attacks

SEXi Ransomware Rebrands to APT INC, Continues VMware ESXi Attacks

 


SEXi ransomware group and its affiliates, which have been involved in a series of cyber-attacks that began in February of this year against several organizations, have been operating under the name "APT Inc." since June of this year. To encrypt a VMware ESXi server with a Babuk encryptor, and a Windows server with a LockBit 3 encryptor, the group uses a leaked LockBit encryptor. 

In its rebranded form, the group continues to use its original techniques of encryption whilst wreaking havoc on new victims around the world, issuing ransom demands that range from thousands to millions of dollars, all to obtain access to the victims' data. Often called Babyk, Babuk Locker is a ransomware operation that began targeting businesses in 2021, encrypting their data and stealing it in a double-extortion attack to gain cash. 

As part of the launch, SEXi is being offered as an optional add-on to the platform that targets it, as a play on its name. As noted in a statement issued by CRONUp cybersecurity researcher Germán Fernández, PowerHost CEO Ricardo Rubem confirmed that his servers had been locked up by a ransomware variant called SEXi. It has not yet been revealed exactly how the malware gained access to PowerHost's internal network. However, the ransomware variant was called SEXi. 

During its statement, Rubem said that he was clarifying that Rubem would not be paying the ransom demanded by the attackers as a form of punishment. It is worth noting that after attacking the Washington DC metropolitan police department (MPD), a ransomware gang claimed that they had shut down their operations due to pressure from U.S. law enforcement. There were several attacks carried out by threat actors in February 2024 using the leaked data encryptor Babuk that was targeted at VMware ESXi servers and the lost LockBit 3 encryption system was targeted at Windows systems. 

It was not long after the cybercriminals began their campaign of attacks and gained media attention because of an attack they launched on IxMetro Powerhost, a Chilean hosting service whose VMware ESXi servers were encrypted by the cybercriminals. In an attempt to disguise its victims' identity, the ransomware operation has been given the name SEXi based on the name of the ransom note, SEXi.txt, as well as the extension.SEXi. 

Interestingly, Will Thomas, a cybersecurity researcher, found another variant called SOCOTRA, it also used the name FORMOSA, and it also used the name LIMPOPO. As noted above, the ransomware operation uses a combination of Linux and Windows encryptors, but it is more known to target VMware ESXi-based systems. According to cyber security researcher Rivitna, the ransomware operation has rebranded itself as APT INC and continues to encrypt files with Babuk and LockBit 3 encryptors, which BleepingComputer reported they continued to use until June. 

The experts at BleepingComputer have been receiving numerous reports from victims who have been impacted by APT INC attacks in recent weeks, along with posts on our forums about their similar experiences. Threat actors have gained access to VMware ESXi servers, and they have encrypted files that are related to these virtual machines, including virtual disks, database files, and backup images used in creating the virtual machines.  The rest of the files that are part of the operating system are not encrypted at all. 

Each victim of APT INC ransomware will be assigned a random name that is not associated with their company. This name will be used for both the ransom note and the encrypted file extension. The ransom notes will contain information on how to contact the threat actors using the Session encrypted messaging application.

Notably, the session address remains consistent with the address used in previous SEXi ransom notes. BleepingComputer has reported that ransom demands can range from tens of thousands to millions of dollars. For instance, the CEO of IxMetro Powerhost publicly disclosed that the threat actors demanded two bitcoins per encrypted customer. 

Unfortunately, the encryptors used by Babuk and LockBit 3 ransomware are secure and have no known vulnerabilities, making it impossible to recover files without paying the ransom. The leaked Babuk and LockBit 3 encryptors have been repurposed to power new ransomware operations, including APT INC. The Babuk encryptors, in particular, have gained widespread adoption due to their capability to target VMware ESXi servers, which are heavily utilized in enterprise environments. 

The VMware ESXi hypervisor platform operates on Linux and Linux-like operating systems, capable of hosting multiple, data-rich virtual machines (VMs). This platform has been a favoured target for ransomware actors for several years, partly due to its extensive attack surface. According to a Shodan search, tens of thousands of ESXi servers are exposed to the Internet, most of which run older versions. This figure does not account for servers that become accessible following an initial breach of a corporate network. 

Additionally, the growing interest of ransomware gangs in targeting ESXi is attributed to the platform’s lack of support for third-party security tools. As reported by Forescout last year, unmanaged devices such as ESXi servers are prime targets for ransomware threat actors. This is due to the valuable data stored on these servers, the increasing number of exploitable vulnerabilities affecting them, their frequent exposure to the Internet, and the challenges in implementing security measures such as endpoint detection and response (EDR). 

ESXi servers represent high-value targets since they host multiple VMs, enabling attackers to deploy malware once and encrypt numerous servers with a single command. To mitigate these risks, VMware has published a guide to securing ESXi environments. Key recommendations include ensuring that ESXi software is patched and up-to-date, hardening passwords, removing servers from the Internet, monitoring network traffic and ESXi servers for abnormal activities, and maintaining backups of VMs outside the ESXi environment to facilitate recovery.
Read more »
Privacy
Cyber Hackers Cyberbreach CyberCrime Cybersecurity CyberThreat Data Major Breach Password Breach Privacy

Security Nightmare with Hackers Releasing 1,000 Crore Passwords in Major Breach

 


Cyber-security breaches are becoming more and more prevalent and this is causing a lot of concerns amongst the public. The report by Semafor claims that some 10 billion (1,000 crore) passwords have been leaked from a hacking forum online about a file that contains nearly 10 billion (1,000 crore) passwords. The incident that took place on July 4th is regarded as being among the largest cyber-security breaches that have been recorded in history. As a result of the massive leak, a credential stuffing attack could be performed with the help of this massive leak, highlighted the report. 

As a type of cyberattack, credential stuffing involves hackers stealing usernames and passwords from several related data breaches to gain access to other accounts owned by the same individual. A significant increase in cyberattacks and malicious attempts to steal data in the past five years has led to an increase in the probability of financial harm becoming a worldwide problem, not only for individual citizens but also for governments and financial institutions spread around the globe. 

Cybersecurity reports state that around 10 billion passwords belonging to various people have been made public on global forums, whether they represent social media accounts or email accounts owned by individuals. There is no doubt that this was one of the biggest data breaches ever in the history of mankind. 

The Semafor news website reports that a file containing around 10 billion (1,000 crores) passwords was leaked via online hacking forums, which was compiled by an anonymous hacker. Several old and new password breaches were compiled into the compilation, which was uploaded to the internet on July 4 and is one of the largest leaks that anyone has seen to date. According to the SEMAFO report, this massive leak has increased the risk that credential-stuffing attacks will become possible. 

As a result of the leak's nature, as it yields a single searchable file, hackers will have an easier time discovering user data thanks to the single searchable file. An attack called credential stuffing occurs when hackers use an infected password to access multiple accounts connected to the same user as soon as the password has been compromised. In the example below, it is possible to break into user A's bank account by using the email password that they use for their email. 

The cyber-news is reporting that credential stuffing attacks are compromising users across various platforms such as AT&T, Santander Bank, Ticketmaster, 23andMe, and several other companies. It was also noted in the report that related to a report by the International Monetary Fund (IMF) and a study published by Lancet Journal, the number of malicious cyberattacks has doubled globally since 2020, with the financial industry (20,000 cyberattacks since 2020) and health sectors being hit hardest. 

The size of the leak, however, has provided some relief for worried netizens - some analysts have suggested that, as a result of its sheer size, the file may not be able to be accessed. Even though more accounts have been leaked, the report notes that the likelihood of cyberattacks is not heightened just by more passwords being leaked - but of course, it highlights the "glaring holes" in the security systems in place.
Read more »
Vulnerabilities and Exploits
Clock PoC CloudFlare CVE Cyberattacks CyberCrime Cybersecurity CyberThreat Vulnerabilities and Exploits

Breaking Down the Clock PoC Exploits Utilized by Hackers Within 22 Minutes

 


It has been shown that threat actors are swift in weaponizing available proof-of-concept (PoC) exploits in real attacks, often within 22 minutes of publicly releasing these exploits. In that regard, Cloudflare has published its annual Application Security report for 2024, which covers the period between May 2023 and March 2024 and identifies emerging threat trends. It has been observed that Cloudflare, which currently processes an average of 57 million requests per second of HTTP traffic, continues to experience an increase in scanning for CVEs, followed by command injection attacks and attempts to weaponize available proofs-of-concept. 

Attackers may exploit a new vulnerability in as little as 22 minutes after the release of a proof-of-concept (PoC), depending on the vulnerability. It has been found that between May 2023 and May 2024, Cloudflare will receive 37,000 threats, which is the most significant number since May 2023. According to Cloudflare's Application Security Report for 2024, hackers are becoming more sophisticated in their search for previously unknown software vulnerabilities, also known as CVEs. They take immediate action when they find them, identifying how to exploit them and attempting to inject commands into them to execute attacks as soon as possible. 

Several CVE vulnerabilities have recently been revealed as vulnerabilities, but hackers have already been able to exploit them within 22 minutes of their disclosure. It was reported in the open-source community that CVE-2024-27198, a vulnerability in JetBrains TeamCity, was exploited by hackers. As a result of the evaluated period, the most targeted vulnerabilities were CVE-2023-50164 and CVE-2022-33891 within Apache software, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 within Coldfusion software, and CVE-2023-35082 within Mobile Iron software. CVE-2024-27198 is a characteristic example of how weaponization is developing at an extremely fast rate since it is a vulnerability in JetBrains TeamCity that allows authentication bypass. 

During a recent incident, Cloudflare picked up on the fact that an attacker deployed a PoC-based exploit 22 minutes after it had been published, giving defenders very little time to remediate the attack. There can only be one way of combating this speed, according to the internet firm, and that is through the use of artificial intelligence (AI) to rapidly come up with effective detection rules. As DDoS attacks continue to dominate the security threat landscape, targeted CVE exploits are becoming a greater concern as well in the coming years.

Over a third of all traffic is automated today, and there is a possibility that up to 93% of it is malicious. Approximately 60% of all web traffic now comes from APIs, but only a quarter of companies know which API endpoints they have. Moreover, enterprise websites typically have 47 third-party integrations that are part of their platform. Cloudflare has also been able to gather some valuable information from the study, which is that in the case of API security, companies are still relying on outdated, traditional methods of providing API security. 

In the case of traditional web application firewall (WAF) rules, a negative security model is typically used in the design of those rules. It is assumed that the vast majority of web traffic will be benign in this scenario. Several companies utilize a positive API security model, where strictly defined rules dictate the web traffic that is allowed, while all other access is denied. Cloudflare's network currently processes 57 million HTTP requests per second, reflecting a 23.9% year-over-year increase. The company blocks 209 billion cyber threats daily, which is an 86.6% increase compared to the previous year. These statistics underscore the rapid evolution of the threat landscape. 

According to Cloudflare's report covering Q2 2023 to Q1 2024, there has been a noticeable rise in application layer traffic mitigation, growing from 6% to 6.8%, with peaks reaching up to 12% during significant attacks. The primary contributors to this mitigation are Web Application Firewalls (WAF) and bot mitigations, followed by HTTP DDoS rules. There is an increasing trend in zero-day exploits and Common Vulnerabilities and Exposures (CVE) exploitation, with some exploits being utilized within minutes of their disclosure. 

Distributed Denial of Service (DDoS) attacks remain the most prevalent threat, accounting for 37.1% of mitigated traffic. In the first quarter of 2024 alone, Cloudflare mitigated 4.5 million unique DDoS attacks, marking a 32% increase from 2023. The motivations behind these attacks range from financial gains to political statements.
Read more »
Websites
Customer Manipulation Cyber Security Cyberattacks CyberCrime Cyberthreats Dark Patterns ICPEN Websites

Subscription Services Accused of Using 'Dark Patterns' to Manipulate Customers

 


It is a widespread practice among subscription sites to manipulate customers' behaviour around subscriptions and personal data to influence their decisions, according to a new report by two international consumer protection organizations. It is defined as the practice of guiding, deceiving, coercing, or manipulating consumers in ways that often aren't in their best interests when using an online user interface. 

An international research effort was conducted by the International Consumer Protection and Enforcement Network, along with the Global Privacy Enforcement Network, both of whom are responsible for conducting consumer protection and enforcement investigations. As a result of a review of selected websites and apps, the Federal Trade Commission and two international consumer protection networks reported that a significant portion of the websites and applications examined may be manipulative of consumers into buying products or services or revealing personal information to third parties. 

These dark patterns, and digital design techniques, can be found in most of the websites and apps examined that use these techniques. These types of strategies may be able to persuade consumers to take actions that they would not generally take. In an internet survey carried out by the Internet Society, an analysis was carried out of the websites and mobile apps of 642 traders. The study found that 75,7% of them had at least one dark pattern on their websites, and 66,8% had at least two or more dark patterns on their websites. 

An online user interface's shadow patterns are defined as the subtle, deceptive, coercive, or manipulative strategies used to steer, deceive, coerce, or manipulate users into making decisions that are not necessarily in their best interest and are rather detrimental to them. As part of the annual International Consumer Protection and Enforcement Network (ICPEN) sweep, which took place from January 29 to February 2, 2024, the 2018 Sweep was hosted by ICPEN. 

To conduct the study, participants were asked to serve as sweepers, representing 27 consumer protection enforcement authorities from 26 different countries. There has been a coordinated sweep between the ICPEN and the Global Privacy Enforcement Network (GPEN) for the very first time. In a world that is becoming increasingly global in terms of standards, regulations, and technology, GPEN is a membership-based network of over 80 privacy enforcement authorities, whose mission is to foster cross-border cooperation among privacy regulators and effectively protect personal privacy. 

Consumer protection is increasingly becoming intertwined with other spheres of the regulatory system due to the growing intersections. The assessment of the deceptive design patterns by both privacy and consumer protection sweepers who were conducting a review of website and app content demonstrated that many of these sites and apps employ techniques that interfere with the ability of individuals to make educated decisions to protect their rights as consumers and privacy. 

As a result of the analysis, the scourges rated the sites and apps from a point of view of six indicators that are characteristic of dark business practices according to the Organisation for Economic Co-operation and Development (OECD). A study conducted by ICPEN found that there were several potential sneaky practices, for example, the inability to turn off auto-renewal of subscription services by consumers, or interference with the user interface. These practices, such as highlighting a subscription that is beneficial to the trader, were particularly frequent during the survey period. 

In a recent publication, ICPEN and GPEN, a pair of organizations that are helping improve consumer protection and privacy for individuals throughout the world, have both released reports that outline their findings. On the ICPEN's website, users will find the report, and on the GPEN's website, they will find the report. GPEN has released a companion report exploring black patterns that could encourage users to compromise their privacy as a result of them. The majority of the more than 1,00 websites and apps analyzed in this study used a deceptive design practice in the development of their websites. 

As many as 89 per cent of these organizations had privacy policies that contained complex and confusing language. In addition to interface interference, 57 per cent of the platforms made the option with the least amount of privacy protection the easiest one to pick, and 42 per cent used words that could influence users' opinions and emotions in the privacy choices. The subtle cues that influence even the most astute individuals can lead to suboptimal decisions. 

These decisions might be relatively harmless, such as forgetting to cancel an auto-renewing service, or they might pose significant risks by encouraging the disclosure of more personal information than necessary. The recent reports have not specified whether these dark patterns were employed illicitly or illegally, only confirming their presence. This dual release underscores the critical importance of digital literacy as an essential skill in the modern age. Today's announcement coincides with the Federal Trade Commission (FTC) officially assuming the 2024-2025 presidency of the International Consumer Protection and Enforcement Network (ICPEN).

ICPEN is a global network of consumer protection authorities from over 70 countries, dedicated to safeguarding consumers worldwide by sharing information and fostering global enforcement cooperation. The FTC has long been committed to identifying and combating businesses that utilize deceptive and unlawful dark patterns. In 2022, the FTC published a comprehensive staff report titled "Bringing Dark Patterns to Light," which detailed an extensive array of these deceptive practices. 

The Federal Trade Commission collaborates with counterpart agencies to promote robust antitrust, consumer protection, and data privacy enforcement and policy. The FTC emphasizes that it will never demand money, issue threats, instruct individuals to transfer funds, or promise prizes. For the latest news and resources, individuals are encouraged to follow the FTC on social media, subscribe to press releases, and subscribe to the FTC International Monthly.
Read more »
Mule Accounts Menace
Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Money Laundering Mule Accounts Menace

Unveiling the Mule Accounts Menace in Modern Money Laundering

 


In a recent statement, a member of the RBI's board of governors has urged banks to step up efforts against mule accounts. According to Piyush Shukla, money mules in India do much more than move money. A MULE ACCOUNT IS a bank account that receives funds from illegal activities and then transfers those funds to other accounts, thus serving as a bridge for money laundering and other illegal practices to take place. 

It is not uncommon in India to come across people who are opening mule accounts based on their bank accounts that they are offering in place of money as payment. The account holder's onboarding process is not automated in this way, which makes it more difficult to detect such accounts. Even though there are ways to put a stop to these accounts, the right controls and monitoring of the user's behaviour throughout the lifecycle of the account can be employed to give the user the greatest protection. 

Last November it was reported about the arrests of six people in Bengaluru about the alleged operation of 126 mule accounts. There has been raised concern by the Reserve Bank of India (RBI) earlier this week regarding certain banks having a huge number of fraudster accounts used for fraudulent transactions and loan evergreening by their customers. In a move to curb digital fraud, Shaktikanta Das, the governor of the Reserve Bank of India, has directed banks to crack down on the use of mule accounts as well as increase customer awareness and education initiatives.

Money mules can be generally categorized into five different kinds based on their level of complicity in a money laundering scheme and the way they are employed. A victim mule is a person who is unaware, for example, that his account has been compromised and that it is being abused by a fraudster who wants to launder money through his account. An incident of data breach most likely resulted in the victim's account details being leaked. 

Money mules can also come in the shape of misled parties, who are misled into sending and receiving money on behalf of fraudsters, believing that the money they are sending and receiving is clean. It is not uncommon for mules to respond to job advertisements they find interesting, and they respond to one or more of them that involve them executing transactions on behalf of the employers. One of the most common types of money mules is the deceiver. He or she opens new accounts by using stolen or synthetic identities to send and receive stolen funds. 

One way in which money is mulled is through the use of "peddlers", or people who sell their information to fraudsters, who then use that information to send and receive stolen funds. Mules can also be accomplices, who can open a new account in his name or use an existing one to send and receive funds at the direction of a fraudster, who instructs him to do so. In the study conducted by BioCatch, a digital fraud detection company, it was revealed that nine out of ten accounts were undetected as mule accounts by one of its Indian partners. 

During the first month of documented mule account activity, 86% of the sessions that were posted from within India were documented, however after a month those numbers dropped to just 20%, and 16% of those sessions were using a VPN to access such accounts. Although most of the activity in mule accounts happens in Bhubaneswar—15% —Lucknow and Navi Mumbai are each responsible for 3.4% of the activity. Two cities in West Bengal, Bhagabatipur and Gobindapur, recorded 1.7% and 2.6% of mule account activity, respectively. In comparison, Mumbai and Bengaluru reported 2.2% and 1.8% of such activity, respectively. 

To help customers prevent their bank accounts from becoming mule accounts, the following practices are recommended: 
1. Treat all unexpected communications, especially those offering lucrative, effortless jobs, with scepticism. 
2. Unrealistically high payments for straightforward tasks should raise alarms. 
3. Be wary of job offers with ambiguous descriptions and responsibilities, particularly if money transfers are involved. 
4. Scammers often pressure customers into making swift decisions, such as hurriedly confirming their identity or claiming a reward. Customers must pause and assess their demands carefully. 
5. Be extremely cautious while using unconventional payment methods, such as gift cards or virtual currencies. 

 In October 2023, the Reserve Bank of India (RBI) tightened the customer due diligence (CDD) norms by instructing banks and regulated entities to adopt a risk-based approach for periodic updating of know-your-customer (KYC) data. According to the latest Master Directions, the risk-based approach for periodic updating of KYC has been amended to state: “Registered Entities (REs) shall adopt a risk-based approach for periodic updating of KYC, ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where it is high-risk.” 

Furthermore, the Master Directions emphasize that instructions on opening accounts and monitoring transactions should be strictly adhered to, to minimize the operations of money mules. These mules are used to launder the proceeds of fraud schemes, such as phishing and identity theft, by criminals who gain illegal access to deposit accounts. 

Banks are required to undertake diligence measures and meticulous monitoring to identify accounts operated as money mules, take appropriate action, and report suspicious transactions to the Financial Intelligence Unit.
Read more »
Rasomware Attack
Banks Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Rasomware Attack

Major Ransomware Attack Targets Evolve Bank, Impacting Millions

 


An Arkansas-based financial services organization confirmed the incident on July 1 shortly after the ransomware gang published data it claimed had been stolen during the attack and published it on its website. According to the company, there was no payment made to the ransom demand, so the stolen data was leaked online due to the failure to pay the ransom. 

Additionally, the bank also reported that the attackers had exfiltrated personal information from some of the bank's customers, including their names, Social Security numbers, and the bank account numbers associated with their accounts, along with their contact information. One of the nation's largest financial institutions, Evolve Bank & Trust, has shared the news of a data breach posing a massive threat to all 7.64 million individuals impacted by the data breach. 

After a period of system outages started occurring at the Arkansas-based bank in late May, officials initially thought that a "hardware failure" had caused the outages, but an investigation revealed that the outages were caused by a cyberattack. It was confirmed by Evolve that hackers infiltrated the company's network as early as February. This could have had a significant impact on sensitive customer data. 

Understandably, the official notification letter filed with the Maine Attorney General avoids specific details. Still, it is worth noting that the bank has acknowledged that it has lost names, social security numbers, bank account numbers, and contact information. The Maine Attorney General's Office was informed by one of the financial institutions on Monday that the personal information about 7,640,112 individuals was compromised in the attack and that it would provide them with 24 months of credit monitoring and identity protection due to the breach. 

Also on Monday, Evolve Bank started sending out written notifications to the impacted individuals, explaining that the ransomware attack occurred on May 29 and that the attackers had access to its network since at least February. Evolve did not specify what types of data had been compromised in the filing, but it previously said in a statement on its website that attackers accessed the names, Social Security numbers, bank account numbers, and contact information belonging to its personal banking customers, the personal data of Evolve employees and information belonging to customers of its financial technology partners. 

There are several partners in this list, including Affirm, which recently made a statement assuring customers that the Evolve breach "may have compromised some personal information and data" of its customers." Evolve's partner Mercury, which offers fintech solutions to businesses, made a statement on X in regards to the data breach that affected "some account numbers, deposit balances, and business owner names as well as emails" that were exposed. 

The money transfer company Wise (formerly TransferWise) confirmed last week that there may have been an issue with the confidentiality of some of its customers' personal information. A statement by Evolve confirmed this week that the intrusion was the result of a ransomware attack that was instigated by the Russia-linked LockBit group. LockBit's administrator, who was disrupted earlier this year by a multigovernmental operation, is still at large. 

When the bank discovered the hacker had accessed its systems in May, it was able to identify the intrusion as an attack by hackers. It's no secret that LockBit made a deal with hackers to release the compromised data on its dark web leak site, which has since been revived after Evolve refused to pay the ransom demand.  This letter, sent to customers, expresses Evolve's concern over the hacking of its customer database and a file-sharing system during February and May 2024, during which data about customers was accessed and downloaded. 

RaaS groups, like this one, often deploy misinformation or disinformation campaigns alongside cyberattacks as part of their tactics to cause confusion and add maximum impact to their operations. As a result of the breach at Evolve, financial institutions can be reminded of the critical need for them to take robust cybersecurity measures to prevent data breaches in the future. 

A growing number of open banking platforms are on the rise and several RaaS attacks are ever-present, as well as a growing warning about data security threats. Institutions need to prioritize data security and implement strong access controls, encryption, and incident response protocols to ensure that their data is secure.
Read more »
Technology
Authenticity Cyberattacks CyberCrime Cyberhackers CyberThreat F-15 F-35 Fighter Jets Technology

Chinese Expert Confirms Authenticity of Leaked F-35 and F-15 Documents

 


One of the key findings of a Chinese expert on information security is the authenticity of recent documents that leaked information on the F-35 fighter jet and sensitive US weapons. According to the expert, the documents appear authentic. Ivan Ivanov, an alleged Russian pilot with the handle Fighterbomber, claimed to be a Telegram encrypted messaging service user. He argued that an American company had provided him with 250 gigabytes of US military data between the two countries. 

It was published on July 2 by Fighterbomber on their YouTube channel, which has more than 500,000 subscribers. A day later, on July 3, he uploaded more leaked data to the YouTube channel. There are still a few documents that can be downloaded from the uploaded folder. When it came to gaining information about a potential adversary's military secrets, the intelligence community once had gone to great lengths. 

In the early 1980s, the U.S. Central Intelligence Agency (CIA) spent several years attempting to acquire a Soviet T-72 main battle tank (MBT), while it reportedly paid $5,000 to the Afghan Mujahedeen for capturing the first AK-74 assault rifle. It has been reported that several documents have been leaked, including F-35 aircraft manuals and documents concerning the F-15, its modifications, weapons systems, and the Switchblade drone and precision-guided missiles. 

Tang said, the documents are detailed and their format is similar to other US military information that has also been leaked on the web earlier this year. There is no doubt that these documents are not strictly blueprints or design documents, and only professionals can truly assess their actual value. In response to the leaks, military enthusiasts have been discussing how they could now construct a fighter jet in the garage if they had the right parts. 

 As the Chinese aviation blogger Makayev mentioned on his video channel, there appear to be three distinct categories when it comes to aircraft leaks. First, there are flight manuals, maintenance manuals, and aircrew weapons delivery manuals for the F-15SA, the version of the aircraft sold to Saudi Arabia over a decade ago. There are two types of manuals in the collection: the first is for the engine maintenance manual for the F110 engine that is used in the F-15SA, and the second is for the precision-guided missile user manuals. 

It appears that these texts are more likely to be simplified introductions to the design processes than detailed descriptions. They are likely to be orientated toward maintenance personnel and less likely to offer insights that could benefit China's mature military aviation industry, according to Makayev. As other commentators have pointed out, despite the Russian pilot's claim of having access to 250 gigabytes of data, additional manuals regarding aircraft maintenance and weapon designs may still be released later in the future, including some that may disclose the aircraft's weaknesses, especially given the pilot's assertion that he has access to 250 gigabytes. 

As Tang pointed out, there were several possibilities for the leaks, including a breach from a US defence firm or a third party pretending to be one of them. There were some parts of the F-35 documents that were partially redacted, which may indicate that they had already been declassified by that point. The official secrecy surrounding the older F-15 is lower, according to Tang, because it is regarded as a less valuable model. 

Tang stated that similar leaks were unlikely to occur in China, attributing this to the country's robust data security and confidentiality laws. According to Tang, the effectiveness of these policies, when properly implemented by security departments, would ensure that any potential breaches could be effectively contained. An anonymous expert from a Chinese military research institution emphasized that the institution regularly conducts data security training and evaluations. 

These measures were designed to ensure strict compliance with confidentiality obligations and to maintain the highest standards of data protection. Rising Information Technology, through a WeChat post, advised the public against downloading suspicious documents. The advisory warned that hackers might exploit popular events to disseminate viruses. It cautioned that downloading malicious documents could lead to devices being infected with ransomware or Trojan viruses, thus posing significant risks to users' data security.
Read more »
Privacy
Banks Cyberattacks CyberCrime Cyberhackers CyberThreat Digital Token OTP Passwords Privacy

Singapore Banks Phasing Out OTPs in Favor of Digital Tokens

 


It has been around two decades since Singapore started issuing one-time passwords (OTPs) to users to aid them in logging into bank accounts. However, the city-state is planning to ditch this method of authentication shortly. Over the next three months, major retail banks in Singapore are expected to phase out the use of one-time passwords (OTP) for account log-in by digital token users as part of their transition away from one-time passwords. 

With an activated digital token on their mobile device, customers will need to either use the token to sign in to their bank account through a browser or the mobile banking app on their mobile device. In a joint statement on Tuesday (Jul 9), the Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) said that, while the digital token is designed to authenticate customers' logins, there will not be an OTP needed to prove identity, which scammers can steal or trick victims into disclosing. 

There is also a strong recommendation to activate digital tokens by those who haven't already done so, as this will greatly reduce the chance of having one's credentials stolen by unauthorized personnel. According to The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS), within the next three months, major retail banks in Singapore will gradually phase out the use of One-Time Passwords (OTPs) to log into bank accounts by customers who are using digital tokens. 

By doing this, the banks hope to better protect their customers against phishing attacks - at the very least against scams in which scammers get their customers to divulge their OTPs. To secure bank accounts, MAS and ABS encourage the use of digital tokens - apps that run on smartphones and provide OTPs - as a source of second-factor authentication, as opposed to software programs that are installed on computers. 

There will be better protection for them against phishing scams since they have been among the top five scam types over the past year, with at least SGD 14.2 million being lost to these scams, as outlined in the Singapore Police Force Annual Scams and Cybercrime Brief 2023, which was released in January of this year. When customers activate their digital tokens on their mobile devices, they will have to use these tokens when logging in to their bank accounts through the browser or by using the mobile banking app on their mobile devices. 

With the help of the token, scammers will be unable to steal your OTP, which customers may be tricked into revealing, or steal non-public information about themselves that they will be asked to provide. To lower the chances of having identity credentials phished, MAS and ABS have urged customers who haven't activated their digital token to do so, so that they don't become a victim of identity theft. The use of One Time Passwords (OTPs) has been used since early 2000 as a multi-factor authentication option to strengthen the security of online transactions. 

Nevertheless, technological advancements and more sophisticated social engineering tactics have since made it possible for scammers to manipulate phishing requests for customers' OTPs with more ease, such as setting up fake bank websites that closely resemble real banks' websites and asking for the OTP from them. As a result of this latest step, the authentication process will be strengthened, and it will be harder for scammers to trick customers out of money and funds by fraudulently accessing their accounts using their mobile devices without explicit authorization. 

During the 2000s, one-time passwords were implemented as a means to enhance the security of online transactions to strengthen multi-factor authentication. MAS and ABS have both warned consumers to be cautious about phishing for their OTP as a result of technological improvements and increasingly sophisticated social engineering techniques. There have been several phishing scams in Singapore over the past year, with at least $14.2 million lost to these scams, according to records released by the Singapore Police Force earlier this month. 

It is expected that this latest measure will enhance authentication and will ensure that scammers will not be able to fraudulently access a customer's accounts and funds without the explicit permission of the customer using their mobile devices," they commented. According to ABS Director Ong-Ang Ai Boon, this measure may cause some inconveniences for some consumers, but it is essential to help prevent unscrupulous suppliers and protect customers in the long run. 

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced a collaborative effort to strengthen protections against digital banking scams. This initiative involves the gradual phasing out of One-Time Passwords (OTPs) for bank logins by customers utilizing digital tokens on their mobile devices. This rollout is anticipated to occur over the next three months. MAS, represented by Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), emphasized their ongoing commitment to safeguarding consumers through decisive action against fraudulent digital banking activities. 

The elimination of OTPs aims to bolster customer security by mitigating the risks associated with phishing attacks. Phishing scams have evolved alongside advancements in technology, enabling fraudsters to more effectively target customer OTPs. They often achieve this by creating deceptive websites that closely mimic legitimate banking platforms. ABS, represented by Director Ong-Ang Ai Boon, acknowledged that this measure might cause minor inconveniences. 

However, they firmly believe such steps are essential to prevent scams and ensure customer protection. MAS, through Ms. Loo, reaffirmed the significance of maintaining good cyber hygiene practices in conjunction with this latest initiative. Customers are urged to remain vigilant and safeguard their banking credentials at all times. MAS and ABS jointly urge customers who haven't activated their digital tokens to do so promptly. 

This action minimizes the vulnerability of their credentials to phishing attempts. By implementing this multifaceted approach, MAS and ABS aim to create a more secure digital banking environment for customers in Singapore.
Read more »
Subscribe to: Posts (Atom)