Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Files. Show all posts
Ransomware
Data Breach Files links Nova Scotia Ransomware

Ransomware Attack Exposes Private Data of Over 280,000 Nova Scotia Power Customers

 


A major cybersecurity incident has affected Nova Scotia Power, the province’s electricity provider. The company recently confirmed it was hit by a ransomware attack that led to a massive data leak, although electricity services were not disrupted.

The cyberattack was first detected in late March 2025, but the company didn’t reveal full details until much later. After noticing unusual activity on April 25, Nova Scotia Power quickly activated emergency measures. They called in cybersecurity professionals and informed local authorities.

By May, investigations confirmed that customer information had been accessed by unauthorized hackers. The stolen records include names, birth dates, email addresses, phone numbers, home and service addresses, electricity usage history, payment records, and details of past service requests. Some individuals were affected more severely, as sensitive documents like Social Insurance Numbers, driver's license numbers, and bank account information were also accessed—particularly for those using automatic payments.

Despite the attack, Nova Scotia Power chose not to give in to the ransom demands. In a public statement, they explained that their decision was based on advice from cybersecurity experts and legal authorities. Unfortunately, since the ransom wasn’t paid, the attackers responded by leaking the stolen data online.

To help affected customers, the company has partnered with TransUnion, a credit monitoring agency. Those impacted are being offered a free two-year subscription to a credit monitoring program called myTrueIdentity. Letters with instructions on how to sign up and tips to stay protected are being sent out.

Nova Scotia Power has advised customers to be cautious. People are warned not to respond to suspicious emails, texts, or phone calls pretending to be from the company. If contacted unexpectedly, it’s safer to double-check the message before sharing personal information. Avoid clicking on strange links or downloading unknown files.

While customer privacy has been compromised, the company confirmed that its electricity system remains secure. The power supply across the province has not been affected in any way. All power generation, delivery, and transmission systems continue to operate as usual.

Emera Inc., the parent company of Nova Scotia Power, stated that the cyberattack has not had a serious effect on its financial results. The company continues to report earnings and operate its business normally.

This incident is one of the largest data breaches in recent Canadian history. The company is still investigating what happened and is working with professionals to strengthen its digital systems and prevent future attacks. With so many people impacted, it raises growing concerns about how easily private data can be exposed in today’s digital world.

Read more »
Ransomware
Chrome Cyber Security Files Firefox Ransomware

Why Shouldn't You Upload Files So Readily On Your Browser?


The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.

The Rising Threat

Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.

What Is The Risk?

The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.

The Implications

Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.

The Scale of the Issue

Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.

Addressing the Threat

Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.

Recommended Practices 

The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.

1. Temporarily Halting Web Applications:

This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.

2. Monitoring Web Application Activity:

In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.

3. Introducing Permission Dialog Boxes:

To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.

As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.




Read more »
Vulnerabilities and Exploits
Data Exfiltration Files Microsoft SharePoint threats Vulnerabilities and Exploits

Secrets of SharePoint Security: New Techniques to Evade Detection

 



According to a recent discovery by Varonis Threat Labs, two new techniques have emerged that pose a significant threat to data security within SharePoint, a widely used platform for file management. These techniques enable users to evade detection and retreat files without triggering alarm bells in audit logs.

Technique 1: Open in App Method

The first technique leverages SharePoint's "open in app" feature, allowing users to access and download files while leaving behind only access events in the file's audit log. This method, which can be executed manually or through automated scripts, enables rapid exfiltration of multiple files without raising suspicion.

Technique 2: SkyDriveSync User-Agent

The second technique exploits the User-Agent for Microsoft SkyDriveSync, disguising file downloads as sync events rather than standard downloads. By mislabeling events, threat actors can bypass detection tools and policies, making their activity harder to track.

Implications for Security

These techniques pose a significant challenge to traditional security tools such as cloud access security brokers and data loss prevention systems. By hiding downloads as less suspicious access and sync events, threat actors can circumvent detection measures and potentially exfiltrate sensitive data unnoticed.

Microsoft's Response

Despite Varonis disclosing these methods to Microsoft, the tech giant has designated them as a "moderate" security concern and has not taken immediate action to address them. As a result, these vulnerabilities remain in SharePoint deployments, leaving organisations vulnerable to exploitation.

Recommendations for Organisations

To alleviate the risk posed by these techniques, organisations are advised to closely monitor access events in their SharePoint and OneDrive audit logs. Varonis recommends leveraging User and Entity Behavior Analytics (UEBA) and AI features to detect and stop suspicious activities, such as mass file access.

What Are the Risks?

While SharePoint and OneDrive are essential tools for facilitating file access in organisations, misconfigured permissions and access controls can inadvertently expose sensitive data to unauthorised users. Threat actors often exploit these misconfigurations to exfiltrate data, posing a significant risk to organisations across various industries.

Detection and Prevention Strategies

To detect and prevent unauthorised data exfiltration, organisations should implement detection rules that consider behavioural patterns, including frequency and volume of sync activity, unusual device usage, and synchronisation of sensitive folders. By analysing these parameters, organisations can identify and mitigate potential threats before they escalate.




Read more »
Subscribe to: Posts (Atom)