CySecurity News - Latest Information Security and Hacking Incidents: Cyberhacks

CBC CVSS CyberCrime Cyberhacks Data Breach Hackers Hackers Breach Microsoft Flaw Microsoft vulnerability

Microsoft Flaw Blamed as Hackers Breach Canada’s House of Commons

In a recent security incident involving Canada's parliamentary network, hackers exploited a recently released Microsoft vulnerability to breach the House of Commons network, shaking up the country's parliament.

According to an internal e-mail obtained by CBC News, the intrusion occurred on Friday and affected a database that was used to manage computers and mobile devices. The data revealed in the email included names, titles, email addresses, and details about computers and mobile devices, including operating systems, model numbers, and telephone numbers.

Officials have not been able to link the attack with any nation-state or criminal group, but questions remain as to whether additional sensitive information has been accessed. According to a statement from Olivier Duhaime, spokesperson for the Speaker's Office, the House of Commons is cooperating closely with its national security partners to conduct an investigation. However, he declined to provide further information due to security concerns.

An unauthorised actor gained access to the House's systems, which was first reported by CBC News on Monday, leading to the public discovery of the breach. According to an internal email of the intruders, they exploited a recent Microsoft vulnerability in order to gain access to parliamentary computers and mobile devices.

There was a lot of information exposed, including employee names, job titles, office locations, e-mail addresses, as well as technical information about devices controlled by the House. A cybersecurity agency such as Canada's Communications Security Establishment (CSE) has joined the investigation, although no one knows who the attackers are.

According to the CSE, a threat actor is defined as any entity seeking to disrupt or access a network without authorisation. In a recent report, the agency warned that foreign nations like China, Russia, and Iran are increasingly targeting Canadian institutions, despite this fact. Nevertheless, no attribution has been established in this case, and officials have cautioned against using the compromised information for scams, impersonation, or further invasions.

According to Canada's latest Cyber Threat Assessment, the country faces an ever-increasing exposure to digital threats, and it is described as a "valuable target" for both state-sponsored adversaries and criminals who are financially motivated to do so. In the last two years, the Canadian Centre for Cyber Security has reported a significant increase in the number and severity of cyber-attacks, with a warning that state actors are increasingly aggressive.

It has also been noted that cybercriminals are increasingly using illicit business models and artificial intelligence to expand their capabilities, according to Rajiv Gupta, head of the centre. Chinese cyber threats pose the greatest threat to Canada, according to the report, and it indicates that at least 20 government networks were compromised by threat actors affiliated with the People's Republic of China over the past four years.

The House of Commons incident is likely to be linked to a recently exploited zero-day Microsoft SharePoint vulnerability, which is known as CVE-2025-53770, although officials have not confirmed which particular flaw was exploited. During the exploitation of untrusted data in on-premises SharePoint Server, a vulnerability that has a CVSS score of 9 was discovered, which could allow an attacker to remotely execute code.

The vulnerability has been reported by Viettel Cyber Security through Trend Micro’s Zero Day Initiative since July. Since then, the vulnerability has been actively exploited, which prompted Microsoft to issue a warning and recommend immediate measures to mitigate the problem while a full patch is being prepared. As a result of the breach of parliament, members and staff have been urged to stay vigilant against potential scams.

The incident occurs at a time when Canada is facing an escalation of cyber threats that are becoming increasingly sophisticated as both adversaries and financially motivated criminals are increasingly leveraging advanced tools and artificial intelligence in order to gain an edge over their adversaries. During the past four years, the federal government has confirmed at least 20 network compromises linked to Beijing, indicating that China is the most sophisticated and active threat actor.

There is an increasing pressure on Canada's critical infrastructure due to recent incidents like the hack on WestJet in June that disrupted both the airline's internal systems as well as its mobile application. Initially discovered in May, this vulnerability, which was confirmed to be actively exploited in late July, can allow the attacker to execute code remotely, allowing them to gain access to all SharePoint content, including sensitive configurations and internal file systems.

As Costis pointed out, many major organisations, including Google and the United States, have recently been breached as a result of vulnerabilities in Microsoft platforms like Exchange and SharePoint. Several ransomware groups, including Salt Typhoon and Warlock, have been reported to have exploited these vulnerabilities by targeting nearly 400 organisations worldwide as a result of these campaigns.

In addition, the United States Cybersecurity and Infrastructure Security Agency (CISA) has also warned about the vulnerability, known as the “ToolShell” vulnerability. It was warned earlier this month that the vulnerability could enable not only unauthenticated access to systems, but also authenticated access to them through the use of network spoofing. This type of exploit could allow attackers to take complete control of SharePoint environments, including file systems and internal configurations.

A Mandiant CEO, Charles Carmakal, emphasised on LinkedIn that it is not just about applying Microsoft's security patch, but about taking steps to mitigate this risk along with implementing Mitigation strategies, in addition to applying Microsoft's security patch. It was reported by Microsoft in a July blog post that nation-state actors based in China have been actively trying to exploit the vulnerability, including Linen Typhoon, Violet Typhoon, and possibly Storm-2603, among others.

The group has historically targeted the intellectual property of governments, the defence sector, the human rights industry, strategic planning, higher education, as well as the media, finance, and health sectors throughout North America, Europe, and Asia. It has been reported that Linen Typhoon is known for its "drive-by compromises" that exploit existing vulnerabilities, whereas Violet Typhoon constantly scans exposed web infrastructure to find weaknesses, according to Microsoft.

The House of Commons breach echoes a growing trend of security concerns linked to enterprise technologies that have been widely deployed in the past few years. As a result, government and corporate systems have become increasingly fragile. Because Microsoft platforms are omnipresent, security analysts argue that they provide adversaries with a high-value entry point that can have far-reaching consequences when exploited by adversaries.

The incident highlights how, not only is it difficult to safeguard sensitive parliamentary data, but also to deal with systemic risks that cross critical sectors such as aviation, healthcare, finance, and higher education when they are exploited. There is an argument to be made that in order to achieve this goal, it will require not only timely patches and mitigations, but a cultural shift as well—one that integrates intelligence sharing, proactive threat hunting, and ongoing investments in cyber defence—along with the ongoing use of cyber defence technologies.

Even though global threat actors are growing in strength and opportunity, the incident serves as a reminder that it is vital that national institutions are protected with vigilance that matches the sophistication and scale of their adversaries.

Hidden Surveillance Devices Pose Rising Privacy Risks for Travelers



 

Travelers

Airbnb CyberCrime Cyberhacks Cybersecurity CyberThreat Hidden Cam Privacy Privacy Breach Travelers

Hidden Surveillance Devices Pose Rising Privacy Risks for Travelers

Travellers are experiencing an increase in privacy concerns as the threat of hidden surveillance devices has increased in accommodations. From boutique hotels to Airbnb rentals to hostels, the reports that concealed cameras have been found to have been found in private spaces have increased in number, sparking a sense of alarm among travellers across the globe.

In spite of the fact that law and rental platform policies clearly prohibit indoor surveillance, there are still instances in which unauthorised hidden cameras are being installed, often in areas where people expect the most privacy. Even though the likelihood of running into such a device is relatively low, the consequences can be surprisingly unsettling.

For this reason, it is recommended that guests take a few precautionary measures after arriving at the property. If guests conduct a quick but thorough inspection of the room, they will be able to detect any unauthorised surveillance equipment. Contrary to the high-tech gadgets portrayed in spy thrillers, the hidden cameras found inside real-life accommodations are often inexpensive devices hidden in plain sight, such as smoke detectors, alarm clocks, wall outlets, or air purifiers.

It has become more and more apparent to the public that awareness is the first line of defence as surveillance technology becomes cheaper and easier to obtain. Privacy experts are warning that hidden surveillance technology is rapidly growing in popularity and is widely available, which poses a growing threat to private and public security in both public and private environments. With the advent of compact, discreet, and affordable covert recording devices, it has become increasingly easy for individuals to be secretly monitored without their knowledge.

Michael Auletta, president of USA Bugsweeps, was recently interviewed on television in Salt Lake City on this issue, emphasising the urgency of public awareness regarding unauthorised surveillance. Technological advancements in recent years have allowed these hidden devices to blend effortlessly into the everyday surroundings around them, which is why these devices are now being used by more and more people across the globe.

The modern spy camera can often be disguised as a common household item such as a smoke detector, power adapter, alarm clock or water bottle, something that seems so ordinary that it is often difficult to notice. There are a number of gadgets that are readily available for purchase online, allowing anyone with a basic level of technical skills to take advantage of these gadgets. Due to these developments, it has become more and more challenging to detect and defend against such devices, even in traditionally safe and private places. This disturbing trend has heightened concern among cybersecurity professionals, legal advocates, and frequent travellers alike.

As it is easier than ever to record personal moments and misuse them, it has become necessary to exercise heightened vigilance and take stronger protections against possible exploitation. With the era of increasing convenience and invading privacy in the digital age, it becomes increasingly important to understand the nature of these threats, as well as how to identify them, to maintain personal safety in this digital era.

Travellers are increasingly advised to take proactive measures to ensure their privacy in temporary accommodations as compact surveillance technology becomes increasingly accessible. There have been numerous cases of hidden cameras being found in a variety of environments, such as luxury hotels to private vacation rentals, often disguised as everyday household items. Although laws and platform policies are supposed to prohibitunauthorisedd surveillance in guest areas, their enforcement may not always be foolproof, and reports of such incidents continue to be made throughout the world.

A number of practical tools exist to assist individuals in identifying potential surveillance devices, including common tools such as smartphones, flashlights, and even knowledge of wireless networks, which they can use to detect them. Using the following techniques, guests will be able to identify and mitigate the risk of hidden cameras while on vacation. Scan the Wi-Fi Network for Unfamiliar Devices. A good place to start is to verify if the property has a Wi-Fi network.

Most short-term accommodations offer Wi-Fi access for guests, and once connected, travellers can use the router's interface or companion app (if available) to see all the devices that are connected to the router. It may be worth noting that the entries listed on this list are suspicious or unidentified. For example, devices with generic names or hardware that does not appear to exist in the space could indicate hidden surveillance equipment.

There are free tool,s such as Wireless Network Watcher, that can help identify active devices on a network when router access is restricted. It is reasonable to assume that hidden cameras should avoid Wi-Fi connections so that they won't be noticed, but many still remain connected to the internet for remote access or live streaming, so this step remains a vital privacy protection step. Use Bluetooth Scanning to Detect Nearby Devices.

In case a hidden camera is not connected to Wi-Fi, it can still be operated with Bluetooth if it's enabled by a smartphone or tablet. Guests are able to search for unrecognised Bluetooth devices by enabling Bluetooth pairing mode on their smartphones or tablets and walking around the rental. Since many miniature cameras transmit under factory model numbers or camera-specific identifiers, it is possible to cross-reference those that have odd or cryptic names online.

The idea behind this process is to detect low-energy Bluetooth connections that are generated by small battery-operated devices that might otherwise go unnoticed as a result of low energy.

Perform a Flashlight Lens Reflection Test

Using a flashlight in a darkened room has been a time-tested way of finding concealed camera lenses. Even the smallest surveillance cameras need lenses that reflect light. In order to identify hidden lenses, it is important to turn off the lights and sweep the room slowly with a flashlight, particularly around areas that are high or hidden, in order to be able to see glints or flickers of light that could indicate hidden lenses.

The guest is advised to pay close attention to all objects in doorways, bathrooms, or changing areas, including smoke detectors, alarm clocks, artificial plants, or bookshelves. It is common for people to hide in these items due to their height and unobstructed field of vision.

Use Your Smartphone Camera to Spot Infrared.

It has been shown that hidden cameras often use infrared (IR) to provide night vision, and while this light is invisible to the human eye, it can often be detected by the smartphone's front-facing camera. In a completely dark room, users can sometimes identify faint dots that are either white or purple, indicative of infrared emitters in the room. Having this footage carefully reviewed can provide the user with a better sense of where security equipment might be located that is not visible during the daytime.

Try Camera Detection Apps with Caution

While several mobile applications claim to assist in the discovery of hidden cameras through their ability to scan for magnetic fields, reflective surfaces, or unusual wireless activity, these tools should never replace manual inspection at all and should only be used in conjunction with other methods as a complementary one. As a result of these apps, reflections in the camera view are automatically highlighted as well, and abnormal EMF activity is alerted to the user.

However, professionals generally advise guests not to rely on these apps alone and to use them simultaneously with physical scanning techniques.

Inspect Air Vents and Elevated Fixtures

Usually, hidden cameras are placed in areas that provide a wide view of the room without drawing any attention. A lot of travellers will look for hidden devices in areas such as ceiling grilles, wall vents, and overhead lighting because they are less likely to be inspected closely by guests.

Using a flashlight, travellers can look for small holes, wires, or unusual glares that may indicate that there is a hidden device there. Whether it is a subtle modification or an unaligned fixture, even a few of these can be reported as red flags.

Invest in a Thermal or Infrared Scanner

It is highly recommended that travelers who frequently stay in unfamiliar accommodations or who are concerned about their privacy consider purchasing a handheld infrared or thermal scanner, which ranges from $150 to $200, which detects the heat signatures that are released by electronic components.

Although more time-consuming to use, they can be used close to walls, shelves, or behind mirrors to detect active devices that are otherwise lost with other methods. Aside from being more time-consuming, this method offers one of the most detailed techniques for finding hidden electronics inside the house.

Technical surveillance countermeasures (TSCM) specialists report a marked increase in assignments related to covert recording hardware, which shows the limitations of do-it-yourself inspections. As cameras and microphones have become smaller and faster, they have been able to be embedded into circuit boards thinner than the size of a credit card, transmit wirelessly over encrypted channels, and run for several days on a single charge, so casual visual sweeps are virtually ineffective nowadays.

Therefore, security consultants have recommended periodic professional “bug sweeps” for high-risk environments such as executive suites, legal offices, and luxury short-term rentals for clients who are experiencing security issues. With the help of spectrum analysers, nonlinear junction detectors, and thermal imagers, TSCM teams can detect and locate dormant transmitters hidden in walls, lighting fixtures, and even power outlets, thereby creating a threat vector that is not easily detectable by consumer-grade tools.

In a world where off-the-shelf surveillance gadgets are readily available for delivery overnight, ensuring genuine privacy is increasingly dependent on expert intervention backed by sophisticated diagnostic tools. It is important for guests who identify devices which seem suspicious or out of place to proceed with caution and avoid tampering with or disabling them right away, if at all possible. There is a need to document the finding as soon as possible—photographing the device from multiple angles, as well as showing its position within the room, can be very helpful as documentation.

Generally, unplugging a device that is obviously electronic and possibly active would be the safest thing to do in cases like these. It is extremely important that smoke detectors are not dismantled or disabled under any circumstances, because this will compromise fire safety systems, resulting in a loss of property, and could result in a liability claim. As soon as the individual discovers a suspicious device, they should notify the appropriate authority to prevent further damage from occurring to the property. In hotels, this involves notifying the front desk or management.

For vacation rentals, such as Airbnb, the property owner should be notified immediately. There is a reasonable course of action for guests who are feeling unsafe when their response is inadequate or in cases where they request an immediate room change, or, in more serious cases, choose to check out entirely.

When guests cannot relocate, it is possible for them to temporarily cover questionable lenses with non-damaging materials such as tape, gum, or adhesive putty that can be reused. In addition to reporting the incident formally, guests should take note of all observations and interactions, including conversations with property management and hosts, and report it to local authorities as soon as possible.

In cases where a violation is reported directly to the platform's customer support channels, a violation should be reported directly to Airbnb for rentals booked through the platform. In a direct breach of Airbnb's policies, unauthorized indoor surveillance may result in penalties for the host, including the removal of the host's listing.

While there are a lot of concerns about the practice of Airbnb, it is crucial to emphasize that most accommodations adhere to ethical standards and prioritize guest safety and privacy as much as possible. It takes only a few minutes to detect surveillance devices, so they can become an integral part of a traveller’s arrival routin,e just as they do finding the closest exit or checking the water pressure in the room.

As a result of integrating these checks into a traveller’s habits, guests will have increased confidence in their stay, knowing that they have taken practical and effective measures to protect their personal space while away on vacation. In order to maintain privacy when traveling, travelers must take proactive and informed measures in order to prevent exposure to hidden surveillance devices.

With the increase in accessibility and concealment of these devices, guests must be aware of these devices and adopt a mindset of caution and preparedness. Privacy protection is no longer solely an area reserved for high-profile individuals and corporate environments—any traveller, regardless of location or accommodations, may be affected.

Using routine privacy checks as a part of their travel habits and learning how to recognize subtle signs of unauthorized surveillance is a key step individuals can take to significantly reduce their chances of being monitored by invasive authorities. In addition, supporting transparency and accountability within the hospitality and short-term rental industries reinforces broader standards of ethical conduct and behaviour. Privacy should not be compromised because of convenience or trust; instead, it should be protected because of a commitment to personal security, a knowledge of how things work, and a careful examination of every detail.

Homeland Security Alerts on Increasing Risks for Schools



 

Homeland Security

Cyber Security Cyberalert CyberCrime Cyberhacks CyberThreat Homeland Security

Homeland Security Alerts on Increasing Risks for Schools

Educators and other school professionals are playing an increasingly crucial role in providing a safe environment in which students can learn in an era where children are being targeted by increasing physical and online attacks, according to US Homeland Security Secretary Alejandro Mayorkas, in his statement Wednesday.

During his remarks at the opening of the National Summit on K-12 Safety and Security in 2024, Mayorkas referred to the school shooting that took place in Georgia on Sept. 4 that killed two students and two teachers, as well as his son. Since Sandy Hook Elementary School, in Connecticut, was targeted in a horrific attack nearly 12 years ago, the number of instances of gunfire on school grounds has surpassed 1,300, and this is just one of thousands of incidents that have followed since this heinous attack.

Jeremy said that as a result of these attacks combined, there have been at least 436 deaths and 936 injuries. Even if there is no credible plan to plot an attack, threats of violence can cause an enormous amount of disruption to schools when it comes to the learning process. School administrators must be able to investigate the reports of threats, determine if they are imminent, and make plans for supporting students involved, as well as to reassure parents that their children are in safe hands.

It's been reported that at least seven Houston Independent School District students have been arrested and charged as a result of an increase in school threats over the past few weeks. As the Houston ISD school district has informed us, many of the students arrested for making threats have been charged with felonies as a result of these threats. Earlier this month, Bellaire High School went into locked mode after receiving a bomb threat and unidentified officers arrested a student at the school, according to reports in the media.

There are laws in place that prohibit hoax threats, such as the district's. It's not a joke, and the consequences can be very serious." This is not some kind of joke. Schools around the country have been plagued with an influx of hoax threats in the last few years. At least thirty reports of school threats have been made in August, which is the highest number in three years according to the FBI Houston field division, and it is a growing trend.

According to Connor Hagan, acting spokesman for the FBI's Houston division, hoax threats can have devastating consequences for both the public and perpetrators if they are not taken seriously. In a scenario where an investigation reveals that a false or hoax threat has been made to a school or another public place, then the possibility of a federal charge, which carries a maximum sentence of ten years in prison, may be considered.

As Mayorkas noted, it is common for kids to experience a flood of emotions at the beginning of any school year, especially if many are facing challenges. In addition, he remarked, "It is a tragedy that too many schools across the country have seen terror as a result of an attack over the last few weeks, which is entirely unnecessary.". Mayorkas also stressed that schools face challenges related to online threats, despite a lack of resources.

According to a cybercriminal group claiming responsibility for a recent ransomware attack against some Rhode Island school districts, the attack resulted in the theft of 200 gigabytes of personal information, such as Social Security numbers, medical records, and counselling records. A ransom of $1 million is allegedly demanded to get the data back, and if it does not receive it, the data will be posted online.

It has also been revealed that a group of men from Michigan, including a high school teacher, are to be charged under federal law with using social media to solicit explicit pictures from local children, said Mayorkas. Aside from the bomb threats that have been made against schools in Springfield, Ohio, Mayorkas also pointed out that social media have been filled with debunked but viral claims spreading worldwide that the town's Haitian immigrant population has stolen and eaten pets in the house.

The city's officials and the police insist that there is no evidence that cats and dogs have been eaten and stolen. However, it is still worth noting that during the Sept. 10 presidential debate, former President Donald Trump emphasized the falsehood, bringing it to the centre of attention nationwide. In today's world where schools face increasing physical and online threats, it is necessary to take comprehensive security measures and exercise heightened vigilance to protect students and staff.

During his speech, Secretary Mayorkas reiterated that the safety of students and educators was a top priority for her department, and that state, local, and federal authorities should work together as a team to ensure their safety. Despite the fierce rise of dangers in schools, administrators, law enforcement officials, and other stakeholders must remain proactive in helping to ensure that schools continue to be safe environments for children to learn in.

It has never been more urgent than now to ensure that the nation's most vulnerable members' children are protected, especially in light of these challenges.

Microsoft Uncovers Moroccan Cybercriminals Exploiting Gift Card Scams



 

Moroccan Cybercrime

Cyber Crime Cyberattacks Cyberhacks Cyberscams CyberThreat Gift Card Microsoft Moroccan Cybercrime

Microsoft Uncovers Moroccan Cybercriminals Exploiting Gift Card Scams

An armed cybercriminal group working out of Morocco has been targeting major retailers for creating fake gift cards, infiltrating their systems to steal millions of dollars by using them as a source of revenue, according to a new report by Microsoft. It's not just any old gift card scam that's trying to get shoppers to buy fake gift cards. Its goal is to compromise the internal systems of large retailers, luxury brands, and fast-food chains to steal money. This group is dubbed "Atlas Lion" or "Storm-0539."

Researchers at Microsoft have tracked the Moroccan group Storm-0539 since 2021, known as Atlas Lion, which specializes in the theft of gift cards. It has been estimated that this cybercriminal group has been active for more than a decade. They create fake charity websites to fool cloud companies into giving them access to their online computers free of charge. To avoid detection, they then trick employees at big US stores into giving them access to their gift card systems to steal gift cards without exceeding the limit.

Once inside, they use their techniques to steal gift cards. Unlike most cybercriminals who launch a single attack and move on, Storm-0539 establishes a persistent presence within a compromised system, allowing them to repeatedly generate and cash out fraudulent gift cards. This tactic makes them especially dangerous, with Microsoft reporting a troubling 30% increase in their activity leading up to the Memorial Day holiday compared to the previous two months.

It has always been a common practice for cybercriminals to target gift cards since they are typically unlinked to a specific account, making it difficult for them to be traced. Storm-0539 has taken it to the next level. Cybercriminals have long been drawn to gift cards because they usually are not linked to specific accounts or customers, which makes their use more difficult to scrutinize. It is common for gift card scams to increase during holiday periods such as Christmas and Labor Day because they are usually associated with different companies or customers.

In the days leading up to Memorial Day, Microsoft revealed that Storm-0539 had conducted a 30% increase in activity compared to the last two months when compared to the previous two months. During this period, Microsoft has been tracking Storm-0539 since late 2021. The group has developed from using malware on retail cash registers and kiosks for stealing payment card information to using malware for stealing payment information from the cards.

Their strategy changed as technology advanced, and they began targeting cloud services and card systems for large retailers, luxury brands, and fast-food chains. Indeed, fraudsters sometimes ask victims to use gift card codes as payment to avoid tracing them. In this case, however, the hackers have gone to the source and printed gift card codes worth thousands of dollars. When that is done, the hackers will then redeem the gift cards for their value, sell them to others, or cash them out using money mules.

Storm-0539, also known as Atlas Lion, has been active since at least late 2021 and focuses its activities on cybercrime, such as breaking into payment card accounts. But in recent months, Microsoft has also observed the group compromising gift card code systems, particularly before major holiday seasons. It is reported that Microsoft observed a 30% increase in intrusion activity from Storm-0539 between March and May 2024, before the summer vacation season. It has been observed that an increase of 60% in attack activity between the fall and winter holidays in 2023, coincided with an increase in attack activity between September and December.

As part of the attack, the hackers often infiltrate corporations by sending phishing emails to employees' inboxes and phones to trick them into providing the hijackers with access to their accounts when they are not supposed to. A hacker attempts to identify a specific gift card business process that is associated with compromised employee accounts within a targeted organization by moving sideways through the network until they find compromised accounts that are linked to that specific portfolio," Microsoft explains. In his research, Jakkal observed that Storm-0539 has evolved to be adept at resetting the process of issuing gift cards to organizations and granting access to employees before compromising their account accesses.

Taking the form of legitimate organizations, Storm-0539 adopts the guise of non-profit organizations as part of its ongoing effort to remain undetected by cloud providers. According to Jakkal, "They often exploit unsuspecting victims by creating convincing websites using misleading "typosquatting" domain names that are only a few characters different from legitimate websites to lure them into paying for them, showing their cunning and resourcefulness," he explained. According to Microsoft, the hackers have recovered legitimate copies of 501(c)(3) letters from nonprofit organizations' public websites, and they are using these to gain access to discounted cloud services from cloud service providers by downloading them.

After they have gained access to login information by phishing and smishing emails, they register their devices into a victim's network and proceed to bypass the two-factor authentication by registering them into the victim's network, allowing them to continue to access the environment despite the MFA. They create new gift cards to resell them to other cybercriminals on the dark web at a discount or cash them out through money mules to cash out. According to Microsoft researchers, there have been instances where threat actors have stolen up to $100,000 from certain companies each day using ordinary gift cards that have been purchased by employees.

There is a warning from Microsoft that it wants to remind organizations that issue gift cards to treat the portals used to process the cards as high-value targets that need to be extensively checked and balanced before issuing the cards. In a recent report, Microsoft issued a warning about the rise of cybercriminal activities involving gift card scams, specifically highlighting the actions of a group known as Storm-0539. This warning follows a similar alert from December, where Microsoft reported an increase in attacks by Storm-0539 during the holiday season.

According to Emiel Haeghebaert, a senior hunt analyst at the Microsoft Threat Intelligence Center, this group is comprised of no more than a dozen individuals based in Morocco. Storm-0539 employs phishing campaigns to target employees and gain unauthorized access to both personal and corporate systems. The FBI has elaborated on their tactics, explaining that once initial access is obtained, the group uses further phishing campaigns to escalate their network privileges.

Their strategy involves targeting the mobile phones of employees in retail departments, exploiting both personal and work devices through sophisticated phishing kits capable of bypassing multi-factor authentication. Upon compromising an employee's account, Storm-0539 conducts detailed reconnaissance within the business network to identify processes related to gift card management. They then pivot to infiltrate the accounts of employees handling the specific gift card portfolio.

Within these networks, the attackers seek to obtain secure shell (SSH) passwords and keys, along with the credentials of employees in the gift card department. After securing the necessary access, the group creates fraudulent gift cards using compromised employee accounts. The recent report from Microsoft underscores the severity of this threat, echoing an earlier alert issued by the FBI concerning Storm-0539.

To mitigate such risks, Microsoft advises that merchants issuing gift cards should regard their gift card portals as high-value targets, necessitating constant monitoring and auditing for any suspicious activity. Microsoft further recommends that organizations establish stringent controls over user access privileges. According to Microsoft, attackers like Storm-0539 typically assume they will encounter users with excessive access privileges, which can be exploited for significant impact. Regular reviews of privileges, distribution list memberships, and other user attributes are essential to limit the fallout from initial intrusions and to complicate the efforts of potential intruders.

In conclusion, both Microsoft and the FBI emphasize the importance of vigilance and proactive security measures in combating the sophisticated tactics employed by groups like Storm-0539. By treating gift card systems as critical assets and implementing rigorous access controls, organizations can better defend themselves against these evolving cyber threats.

Cyberattack Fallout: UnitedHealth Reveals Personal Data Breach Impact



 

UnitedHealth

Cyberattacks CyberCrime Cyberhacks Cybersecurity Data Breach Healthcare Personal Data UnitedHealth

Cyberattack Fallout: UnitedHealth Reveals Personal Data Breach Impact

As part of its ongoing data breach response, UnitedHealth Group has informed its subsidiaries, Change Healthcare, that they have recently experienced a data breach. Following the February cyberattack on its subsidiary Change Healthcare, UnitedHealth Group revealed on Monday that it had paid ransom to cyber threat actors to protect patient data.

Additionally, the company confirmed that there was a breach of files with personal information that had been compromised. In the aftermath of the attack, Change Healthcare's payment processing service was affected, and other vital services such as prescription writing, payment processing, and insurance claims were adversely affected, affecting healthcare providers and pharmacies across the United States.

It was reported that $872 million worth of financial damage had been sustained as a result of the cyberattack. On Monday, UnitedHealth Group announced that it had published an update about the status of its monitoring of the internet and dark web to determine if data had been leaked. The update was published along with leading external industry experts.

There are many tools provided by Change Healthcare for managing the payment and revenue cycle. This company facilitates more than 15 billion transactions each year, and one in three patient records pass through the company's systems each year.

UnitedHealth has revealed that 22 screenshots of compromised files, allegedly taken from the compromised files, had been uploaded to the dark web, which means even patients who are not UnitedHealth customers may have been affected by the attack. There has been no publication of any additional data by the company, and they have not seen any evidence that doctor's charts or full medical histories have been accessed in the breach.

As part of its earlier ransomware attack on its subsidiary, Change Healthcare, UnitedHealth Group has revealed that the company has suffered a significant breach that has exposed private healthcare data from "substantially a quarter" of Americans. The Change Healthcare Group manages the insurance and billing for hospitals, pharmacies, and medical practices in the U.S. healthcare industry, which offers extensive health data on approximately half of all Americans, as well as providing insurance services to numerous hospitals, pharmacies, and medical practices.

Considering the complexity and ongoing nature of the data review, it is likely to take several months to be able to identify and notify individuals and customers who have been affected by the situation. Rather than waiting until the completion of the data analysis process for the company to provide support and robust protections, the company is immediately providing support and robust protections as part of its ongoing collaboration with leading industry experts to analyze the data involved in this cyberattack.

In May, The Record reported that UnitedHealth Group's CEO Andrew Witty will be expected to testify before a House panel regarding the ransomware attack. Two representatives of the House Subcommittee on Health testified at the hearing last week about the cyberattack. UnitedHealth Group failed to make anyone available during the hearing.

UnitedHealth Group reported in March that it had spent $22 million on recovering data and systems encrypted by the Blackcat ransomware gang after paying the ransom. As a result of their attack on UnitedHealth in 2008, BlackCat was accused by a member of the gang known as "Notchy" of cheating them out of their ransom payment because they had UnitedHealth data. After all, they had conducted the attack and BlackCat had fallen into their trap.

It was confirmed by researchers that the transaction was visible on the Bitcoin blockchain and that it had reached a wallet used by BlackCat hackers at the time the transaction was reported. The U.S. government launched an investigation about a week after the ransomware attack on Optum, investigating whether or not any health data had been stolen.

On February 21, 2018, a cyberattack hit Change Healthcare, a subsidiary of UnitedHealth Group that is owned by Optum, a company that is a subsidiary of Optum. Due to this downtime, hospitals and physician groups across the country were unable to receive their claims payments from the company. Change has been working to restore connectivity to the provider network; however, delays in the submission and receipt of payments continue to affect provider revenue, despite the improvement in connectivity.

There was "strong progress" being made by UnitedHealth in the restoration of its Change services during its status update on Monday. After the cyberattack on Change Healthcare, UnitedHealth Group has been vigilantly monitoring the internet and dark web to ensure that any sensitive data has not been exposed further on the internet and dark web.

There has been an increase in external cybersecurity experts that the company has enlisted to enhance its monitoring capabilities. The company has also developed a group of advanced monitoring tools that search continuously for evidence of data misuse on the Internet and dark web, which allows it to identify and take action quickly when there is any evidence.

UnitedHealth Group has developed expert cybersecurity partnerships which are intended to mitigate data breaches by collaborating with cybersecurity professionals. Furthermore, UnitedHealth Group's law enforcement and regulatory agencies, as well as other regulatory bodies, are constantly communicating with and cooperating with UnitedHealth Group.

Counting the Cost: $9.2 Trillion Annual Impact of Cybercrime Looms



 

malware

Cyberattacks CyberCrime Cyberhacks Cybersecurity CyberThreat GDP Mac malware

Counting the Cost: $9.2 Trillion Annual Impact of Cybercrime Looms

According to a new Statista Market Insights report, cybercrime is rising at an unprecedented pace. Approximately one-third of the United States' GDP or about 24 times Apple's annual revenue in 2023 will be incurred as a result of cyberattacks, according to a new survey from Statista Market Insights. A similar study from Statista Market Insights found that cybercrime costs have risen by 245% between 2018 and 2020, increasing from $860 billion to $2.95 trillion.

With the spread of the pandemic, the cost of health care has more than doubled to $5.49 trillion in 2021 and is expected to increase by $1 trillion annually in 2023 to $8.15 trillion. In addition to impacting businesses and governments, cybercrime has become one of the world's largest illegal economies, as well as the everyday people of the world. Cyberattacks are known for causing financial losses such as ransom payments, loss of productivity, system downtime and data theft, among others.

Contributing factors In terms of attack surfaces, IoT devices are providing cybercriminals with an increasingly large attack surface, increasing the number of potential victims and supplying them with a more relevant attack surface over time. There is no reason for Mac users to be excluded from this. There was an increase of 50% in new Mac malware families in 2023 in Jamf's report.

The number of instances of malware that can be found within each of these families could be hundreds. With the growing number of users of Macs, cybercriminals are more and more interested in targeting it as an easy target. It is important to keep in mind that geopolitics plays a significant role in cyberattacks as many countries use them for strategic advantage, disruption of critical infrastructure, and intelligence gathering.

A heightened escalation in the number of state-sponsored attacks is taking place as a result of the conflict between Ukraine and Israel. A significant number of cybersecurity jobs have gone unfilled as a result of the skills shortage we're going through today. Due to this shortage, many cybersecurity positions have gone unfilled. It will therefore be more difficult to monitor and defend against specific threats as there will be fewer professionals.

Moreover, the shortage of skilled professionals can also increase the workload for employees who are already working, so that productivity can be negatively impacted. Further to this, employees are burned out as a result of their jobs. Threat actors count on this. In the world of ransomware-as-a-service (RaaS), there are very few barriers to entry, and this has made it very popular thanks to a combination of tough economic factors, swift financial gains, and little technical knowledge.

Operators develop the software under this model and affiliates pay to use pre-built tools and packages to launch attacks on the network. Each affiliate pays a fee for each attack they launch. A ransomware attack can be carried out by non-programmers lacking the skills to develop and deploy their ransomware.

There is no shortage of RaaS kits available on the dark web, but they aren't always the best. Due to a simple lack of awareness, the risks and consequences associated with cyberattacks remain undetected by many individuals and organizations, making them vulnerable to cybercrime. It was found that 40% of Jamf's mobile users and 39% of the organizations in their annual trends report are running on a device that is known to have vulnerabilities, according to the report.

In light of recent incidents regarding a popular Apple device management platform, it has become evident that there remains a notable lack of awareness concerning the security measures necessary to protect Mac devices. Ensuring the security of the Mac is imperative in safeguarding against potential threats such as malware and phishing attacks. Here are some essential steps to bolster the security of the Mac:

1. Keep the device up-to-date: It is crucial to regularly update the Mac's operating system to incorporate the latest security patches. By staying current with updates, users can effectively address known vulnerabilities that may be exploited by malware.

2. Utilize antivirus software: Despite common misconceptions, Macs are not impervious to malware. Therefore, employing reputable antivirus software is highly recommended. Tools such as Malwarebytes offer free applications for individual users, capable of detecting and removing potential threats. Additionally, MacPaw’s CleanMyMac X now features a malware removal tool powered by MoonLock, enhancing protection against malicious software.

3. Exercise caution when clicking: Email remains a primary vector for malware distribution, with phishing attacks experiencing a significant rise in success rates. According to recent reports, phishing success rates increased from 1% in 2022 to 9% in 2023. Hence, exercising caution and scepticism when interacting with email links and attachments is essential to mitigate the risk of falling victim to such attacks.

4. Enable a firewall: Enabling the built-in firewall on the Mac is an effective measure to prevent the acceptance of unauthorized connections and services. By managing both incoming and outgoing connections, the firewall helps fortify the device's defences against potential threats.

5. Use strong, unique passwords: Employing robust and distinctive passwords is imperative for bolstering the security of the Mac. Avoid using easily guessable passwords, such as common phrases or pet names followed by predictable characters. Instead, opt for complex combinations of letters, numbers, and symbols to enhance password strength and resilience against unauthorized access.

6. Enable disk encryption: Leveraging features such as FileVault, which encrypts all user data stored on the disk in real-time, enhances the security of sensitive information on the Mac. In the event of device loss or theft, disk encryption ensures that the data remains inaccessible to unauthorized individuals, thereby safeguarding privacy and confidentiality.

7. Limit user privileges: Restricting user privileges is crucial in preventing unauthorized software installations and minimizing the potential impact of malware infections. By limiting user permissions, users can effectively mitigate the risks associated with malicious activities and enhance overall device security.

In summary, prioritizing the implementation of robust security measures is paramount in safeguarding the Mac against evolving threats. By adopting proactive strategies such as keeping the device updated, utilizing antivirus software, exercising caution when interacting with emails, enabling firewalls, employing strong passwords, enabling disk encryption, and limiting user privileges, users can significantly enhance the security posture of the Mac and protect against potential vulnerabilities and cyber threats.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

Microsoft Flaw Blamed as Hackers Breach Canada’s House of Commons