Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Information Security risk. Show all posts
Sensitive data
BBC Chat GPT Data Privacy Laws Information Security risk Italy Malicious actor OpenAI Privacy Sensitive data

ChatGPT and Data Privacy Concerns: What You Need to Know

As artificial intelligence (AI) continues to advance, concerns about data privacy and security have become increasingly relevant. One of the latest AI systems to raise privacy concerns is ChatGPT, a language model based on the GPT-3.5 architecture developed by OpenAI. ChatGPT is designed to understand natural language and generate human-like responses, making it a popular tool for chatbots, virtual assistants, and other applications. However, as ChatGPT becomes more widely used, concerns about data privacy and security have been raised.

One of the main concerns about ChatGPT is that it may need to be more compliant with data privacy laws such as GDPR. In Italy, ChatGPT was temporarily banned in 2021 over concerns about data privacy. While the ban was later lifted, the incident raised questions about the potential risks of using ChatGPT. Wired reported that the ban was due to the fact that ChatGPT was not transparent enough about how it operates and stores data and that it may not be compliant with GDPR.

Another concern is that ChatGPT may be vulnerable to cyber attacks. As with any system that stores and processes data, there is a risk that it could be hacked, putting sensitive information at risk. In addition, as ChatGPT becomes more advanced, there is a risk that it could be used for malicious purposes, such as creating convincing phishing scams or deepfakes.

ChatGPT also raises ethical concerns, particularly when it comes to the potential for bias and discrimination. As Brandeis University points out, language models like ChatGPT are only as good as the data they are trained on, and if that data is biased, the model will be biased as well. This can lead to unintended consequences, such as reinforcing existing stereotypes or perpetuating discrimination.

Despite these concerns, ChatGPT remains a popular and powerful tool for many applications. In 2021, the BBC reported that ChatGPT was being used to create chatbots that could help people with mental health issues, and it has also been used in the legal and financial sectors. However, it is important for users to be aware of the potential risks and take steps to mitigate them.

While ChatGPT has the potential to revolutionize the way we interact with technology, it is essential to be aware of the potential risks and take steps to address them. This includes ensuring compliance with data privacy laws, taking steps to protect against cyber attacks, and being vigilant about potential biases and discrimination. By doing so, we can harness the power of ChatGPT while minimizing its potential risks.
Read more »
Third party file
Data Breach Encrypted Files FBI Federal Trade Commission Information Security risk Software Vulnerability Third party file

The Medical Review Institute of America Alerts Patients of a Privacy Breach

 

On November 9, 2021, MRIoA discovered that it had been the victim of a sophisticated cyber-attack that affected over 134,000 people, according to a data breach notification filed by the Maine Attorney General's Office. Following the realization of the security incident, the institution set forth to protect and restore the organization's systems and operations. MRIoA also promptly enlisted the assistance of third-party forensic and incident response experts to conduct a thorough investigation into the nature and scope of the problem, as well as sought assistance with remediation efforts. The incident was further reported to the FBI as well. 

According to MRIoA, which discovered the incident on November 12, 2021, the security incident primarily involved the unauthorized gathering of information; MRIoA retrieved and validated the deletion of the received information to the best of its abilities and knowledge on November 16, 2021. 

The HITRUST Common Security Framework (CSF) and associated standards/regulations, such as HIPAA, HITECH, and state data and privacy legislation, are incorporated into MRIoA's privacy and security program, according to the company's conditions. MRIoA enforces tight access controls, including privileged access, file integrity monitoring, input validation, and complete audit logging, and protects data confidentiality by encrypting data at rest with AES-256 and data in transit using TLS1.2. 

"We place a high importance on the security and privacy of the information stored on our systems, and we were astonished and disheartened to learn that we were one of the thousands of victims of this type of cyberattack," MRIoA's CEO, Ron Sullivan said. 

Meanwhile, as iterated below, additional cybersecurity precautions were installed and are being deployed to MRIoA's existing infrastructure to better limit the possibility of this type of event occurring again. 

  • Continuous threat hunting and detection software monitoring of their systems.
  • When attempting to access the systems, add extra multifactor authentication protections.
  • To ensure that all threat remains were eradicated, new servers were constructed from the ground up. Working with outside cybersecurity specialists to help them with their security initiatives.
  • Creating a new and hardened backup environment; enhancing their cybersecurity training for employees.

As MRIoA reviews, rewrites, and amends their existing cybersecurity rules in the wake of the attack, they suggest individuals report any fraudulent conduct to the appropriate law enforcement agencies, such as their state attorney general and the Federal Trade Commission (FTC).
 
Affected individuals are being offered free credit monitoring and identity protection services by the MRIoA. Further, individuals who want to sign up for the free credit monitoring service must do so within 90 days of getting their MRIoA notice letter. 
Read more »
Vulnerabilities and Exploits
Information Security risk National Cyber Security Russia Russian Cyber Security Vulnerabilities Vulnerabilities and Exploits

Every tenth significant IT system in Russia is infected with malware

 According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.

Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.

Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.

"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.

In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.

The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.

Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.


Read more »
Vulnerability and Exploits
Information Security News Information Security risk Russia Russian Cyber Security Russian Hackers Vulnerability and Exploits

Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Read more »
Phishing Attacks
Data Breach Data Leak Information Security risk Phishing Attacks

Freedom Finance's customer data got leaked after employee fell for phishing attack

Broker Freedom Finance admitted the fact of hacking its internal network and stealing data leaks about 16,000 clients of the company for 2018. The founder and CEO of the company Timur Turlov announced this on Instagram.

He called the incident "an extremely unpleasant and shameful incident in information security", which occurred on December 24, and admitted: "We screwed up."

According to him, one employee of the company received a phishing email, which he opened and ran on the local machine despite the security warning. "And then all the weak points of our security were revealed," said Turlov.

“Cyber ransomware attacked a segment of our internal network and stole some data from the local machines of a number of employees in Russia. These are machines belonging to the employees of a Russian broker that provides access to the Russian stock market and almost the entire data packet is dated 2018,” wrote Turlov on his Instagram.

Almost no customers who opened accounts in the United States were affected. The broker's international clients were not affected either.

He assured that hackers did not get access to CRM, back-office reports, trading platform data, and also did not get customer passwords.

Turlov promised that the company will contact affected customers as soon as possible, tell them what documents have been made publicly available, and advise on how to minimize risks.

"Of course, now we have completely cleaned out the network and all local machines, have already rebuilt it, and are convinced that data is no longer leaking," assured he.

Turlov believes that the system was hacked to blackmail the company with media publicity and extort money.

"The company has decided to admit its mistake and not cooperate with criminals," said Turlov.

On November 24, Ashot Hovhannisyan, the founder of the Data Leakage & Breach Intelligence (DLBI) service, announced the appearance of Freedom Finance's customer data.

Read more »
US Government
AI Artificial Intelligence Cybersecurity Information Security risk US Government

Trukno: "On A Mission To Deliver Cyber Intelligence, Not Cyber News"

 

Trukno: Virtual Threat Intelligence Analyst to launch their Broad Beta Version on 22nd December. Every second a new attack in cyberspace takes place, according to a report by Acronis 32% of companies are attacked at least once a day and to keep up with these threats and attacks is a mind picking process. There are two ways of keeping up with Cyber Security- a) being updated with cyber blogs or b) hiring your own cyber threat analyst. But Trukno is a platform that provides a virtual threat intelligence analyst for people who want to keep up with cybersecurity, be up to date on recent attacks as well as to know the threat actors and attack landscape trend with their syndicated search engine and threat curator. 

Set to launch their Broad Beta version on 22nd December, for individuals who are full-time cybersecurity analysts as well as for the majority of people who want to know the how and happenings in cybersecurity in a much faster, easier, and detailed way. 

Ehacking news had a discussion with Trukno CEO and Founder Manish Kapoor, Co-Founder Noah Binstock, and Team about their platform, how it works, features and advantages. 

I'm sharing below the details from the interview with you all, read to know about Trukno and how you can set up a beta account for yourself: 

The Story Behind Trukno Mr. Manish (CEO and Founder): We formed Trukno in Oct 2018 in Denver Colorado. Before that I was in Cisco, which is a big networking company also very focused on Cybersecurity, I was there for 10 years and what I did day to day was to help the world’s largest service providers like AT&T, Telstra help them understand the latest going on in cybersecurity and based upon that help them build cybersecurity services they could sell to their enterprise customers using Cisco system products - that was the essence of what my team and I did and when you do that you’re going in front of the world’s largest cybersecurity companies so they know what they’re talking about in cybersecurity and hence I had the constant pressure to keep up with cybersecurity latest threats and how those could be turned into new services and I tell you it’s easier said than done. In preparation, I would blog hop from one blog to another and very quickly I started to realize, there is a difference between keeping up with cyber news vs. keeping up with cyber threats. 

The whole process would take me hours leaving me more confused and that's when I realized something is missing either I don't have the right tools or there must be a better way since then we have probably talked to 504 folks in cybersecurity from Cisco to stock analyst to researchers and we realized that this problem was not just isolated for me that problem exists for the cyber community in general. So what tools that exist today in cybersecurity are targeted for deep-dive practitioners who want to see the bits and bytes and it's a full-time job just to keep up with it and only the largest corporations in the world can hire dedicated threat intelligence analysts and everybody else who wants to keep up with cyber threats really struggles. So that is the problem we are trying to solve, and the mission we are on is to deliver cyber threat intelligence and not cyber security news. We intend to do so in the most efficient comprehensive and affordable way to the masses so that is the story behind Trukno.  

Mr. Noah (Co-founder): We found that when it comes to threat researchers and external strategic analysts there is often one position that is providing these reports for an organization and what we realized is that those reports and those patterns and findings these people are curating; they have benefits of all cybersecurity and not just the organization they are working for, so we are actually trying to find ways to scale that information. The objective information about external threats landscapes and the inner workings and patterns that are occurring in front of our eyes so we can give that to organizations and individuals without access to a dedicated intelligence analyst.

Trukno Breakdown and Features: 

Newsfeed: A news feed that you can create based on your interests; it's basically a news feed from a hundred and fifty sources for people who want to keep up with cybersecurity news at one place and users can create their own feed and have all their news sources at one place 

Dashboard: You can choose your interests of information using filters from industry, Technology, Malware, and actors. The sweet thing about this threat analyst is you can go from shallow to deep in a way that’s organized and detailed. It informs you about threat actors, breach specifics; how many times the threat was used thus the user gets very detailed information in a very short time. 

My Boards (and Team Collaboration):  You can assign Custom Tags to threats, breaches, and discussions; and comment and converse with your team. 

Trukno Vision: Mr. Manish: Our Vision is to get critical vital threat information to the broad cyber community; you don’t have to have PhD. to keep up with cyber threats. That is what we believe. That is the reason we are going to the extent of not only breaking down TTPs (Tactics, techniques, and procedures) but breaking down text associated with that TTPs in each specific breach because we want to make it a ten-second visual that gives you the summary verses a thirty-minute read. 

How it works: Mr. Manish: What we are doing is with all this curation is we are building an automated engine which is AI-driven but with human intervention to maintain quality analysis and to do that we break down every single article until the AI takes over. That is to say, It’s a combination of Artificial and Human Intelligence as 90% of the breaches use the same TTPs and on a day to day basis there are new threats surfacing that have never been seen before and AI is not going to be able to that on its own; it will always be human aided AI. So our AI will become more and more efficient with more training data but it will always be human intelligence aided. 

Next Step: Mr. Manish: Add more sources for people who want more content, people who want details we will give them IUCs, people who want news feed but more flexibility customization we’ll add custom URL capabilities and people who want more collaboration, we’ll be adding integration slack and some basic team capabilities on our side. 

How is this threat intelligence different from MITRE? Mr. Manish: Think of MITRE as a US government organization, and it has created all the rules and regulations but you won’t go to MITRE to know what happened an hour ago, what breach happened, and how that happened in the MITRE framework. So, we are creating a dashboard that uses the MITRE framework to pull all that information together. 

EndNote: Mr. Manish: We are truly on a mission to solve this very critical problem in society, cybersecurity has become one of the biggest problem facing humanity and we think that cybersecurity is not about IT, bigger boxes, and fancy software; it's about threat risk management - the importance of knowing the right threats at the right time is so critical and right now it is so hard to do that we truly believe we can move the needle on this thing with the platform to make it simple, affordable and comprehensive – that’s our mission and that's what we stand for. 

The Trukno broad beta will be open for everyone, to avail go to their website (https://www.trukno.com/). In their Beta version, all features are free for everyone, with the full version coming in the first quarter of next year will have a freemium model that is free News Feed and My Board and subscription-based Dashboard.
Read more »
Information Security risk
Cyber Security Cyber Security News Information Security risk

Russian experts warn about security risks of Bluetooth on a smartphone

Associate Professor of computer science at the Russian University of Economics, Alexander Timofeev said that hackers can use Bluetooth to break into an electronic device.

"The possibility of Bluetooth hacking can endanger any information stored on the device (photos, emails, texts). In addition, an attacker can gain control of the device and send unwanted data to it,” noted Timofeev.

According to him, at the hacker festival What The Hack, which takes place in the Netherlands, experts showed how using a laptop and a special program with a directional antenna people can eavesdrop on what the driver of a passing car is talking about through a Bluetooth headset.

The head of Check Point Software Technologies Ltd. Sergey Zabula agreed that constantly enabled Bluetooth carries a significant threat to the security of the phone and its owner. Scammers are constantly improving their attack methods, and the small range of Bluetooth signal propagation is no longer a problem for them.

"Using amplifiers, hackers can get into a user's device without even asking for their permission and without knowing the secret key of the connection”, noted Mr. Zabula.

The consequences of attacks using Bluetooth can be varied. So, in just a few seconds, fraudsters can connect to a user's device, install malware, and eventually steal or delete valuable information. Moreover, via Bluetooth, hackers can listen to calls, set their forwarding, and send calls and text messages, which in turn leads to financial losses of the victim. Also, using a Bluetooth connection, fraudsters can carry out a DoS attack and completely disable the phone.

Experts recommend disabling Bluetooth as soon as it is no longer necessary, since this function, when activated, is a "godsend for scammers."

Read more »
Vulnerabilities and Exploits
Cyber Security News Information Security risk IT Security Vulnerabilities Vulnerabilities and Exploits

About 84% of Russian companies have vulnerable IT system

More than 80% of companies in Russia neglect the basic means of protecting information systems and data, as a result of which 84% of companies have vulnerabilities in their IT systems that can be exploited, including by novice hackers who do not have a high level of programming skills.

According to Ekaterina Kilyusheva, head of the research group of the information security analytics department at Positive Technologies, companies suffer from inexperienced hackers in about 10% of cases.

Based on the testing of 19 large companies from different sectors of the economy, it turned out that in 58% of cases, companies have at least one security breach that can be hacked by publicly available software for hackers.

It is noted that most often in Russian companies, security gaps are associated with the use of outdated software, the vulnerabilities of which are already known.

As noted by ESET security specialist Tony Anscomb, in addition to outdated software, companies often have poorly configured network infrastructure and operating systems, lack of encryption and two-factor authentication, which also increases the likelihood of a system being compromised.

It is noted that the best protected are companies in the financial sector and energy industry, which process large amounts of personal information and where the high dependence of business development on the stability of the IT direction, explained the head of Analytics and special projects InfoWatch Andrey Arsentiev.

Read more »
Russia
Data Breach Database Leaked Information Security risk Russia

The prosecutor's office identified a leak of the full database export and import operations in Russia for eight years


Yekaterina Korotkova, the representative of the Moscow Interregional Transport Prosecutor's Office reported that the Northern Transport Prosecutor’s Office revealed a leak on the Internet of a full database of export-import operations of Russian companies at customs posts over eight years.
“It was established that one of the Darknet sites has on sale a complete, regularly-updated customs database for all export-import operations of Russian companies for 2012-2019 (data for all customs posts of the Russian Federation),” said Korotkova.

According to her, the site contains full declarations of all participants in foreign economic activity of Russia, TIN of recipients, senders, information about the processed goods, indicating the Declaration numbers, the country of origin of the goods, surnames, first names, patronymics of their representatives, vehicle numbers, contact numbers, as well as information about risks.

"The customs authorities' databases on the website for acquiring contain information of limited access and personal data," added the representative of the Ministry of Transport and Trade of Ukraine.

The Prosecutor's office through the court demanded to recognize this information prohibited on the territory of Russia.

The court granted the claim. After entering into force, the court's decision will be sent to Roskomnadzor to include the resource in the Unified register of information, the distribution of which is prohibited on the territory of the Russian Federation.

In December 2019, the Investigative Committee reported that during operational activities it was possible to establish a hacker who was to blame for the leak of personal data of several hundred thousand employees of the Russian Railways company on the Internet. A 27-year-old hacker from Krasnodar was charged with illegally obtaining and disclosing trade secrets and illegally accessing protected information.

Investigators found that in June 2019, the accused was able to access internal resources of the Russian Railways computer network. He copied the personal data of several hundred thousand employees, including managers, of Russian Railways and posted it on the Internet. The young man pleaded guilty to committing this cyberattack.
Read more »
Information Security risk
Bank Information Security Information Security News Information Security risk

Hackers stole 150 thousand rubles from the accounts of Belarusian enterprises through the Client Bank

At the beginning of April 2019, the police received a statement from an employee of one of a metropolitan organization, who reported that an unknown person had made unauthorized access to the computer of the organization, which uses the Client Bank software.

As it became known, the hacker not only made unauthorized access to the organization's computer, but also infected it with malware, which allowed him to make illegal payments to a certain account.

It turned out that the scammer had used RTM malware (Redaman) and sent it by e-mail.

During the investigation, it was found that the attacker made three money transfers to the account of another Bank. The amount of damage was about 30 thousand rubles (470 $). The account to which the amounts were transferred was opened in the name of the foreigner.

The investigators found out that the hacker gained access to the Bank account via a USB key, which the chief accountant had left inside the computer after the end of the working day. This allowed remote access to the system and illegally transfer money.

It was established that such a malicious program was sent by e-mail to more than 90 business entities, the total damage amounted to more than 150 thousand rubles (2 350 $).



Read more »
User Privacy
Avast Information Security risk User Privacy

Users Making Themselves Vulnerable To Hackers; Keeping Outdated Versions of Popular Applications on Their Pcs




The users and their own personal information are rapidly becoming to be vulnerable against security risks proves yet another research from the global security company Avast as it discharged its PC Trends Report 2019.

As per the said report the users are making 'themselves' defenseless against hackers by not implementing the security patches and keeping out-dated versions of well-known applications on their PCs, these include Adobe Shockwave, VLC Media Player and Skype.


This is a matter of grave concern as out-dated software's are turning into the greatest dangers of cyber-attack , as they give hackers unapproved access to the framework as well as the known vulnerabilities with which they can easily exploit the user in question.

 “While most of us replace our smartphone regularly, but the same cannot be said for our PCs. With the average age of a PC now reaching six years, we need to be doing more to ensure our devices are not putting us at unnecessary risk, but with the right amount of care, such as cleaning our hardware's insides using cleaners, optimisation and security products, PCs will be safe and reliable for even longer," says Ondrej Vlcek, President, Avast.

The report is said to have accumulated information from approximately 163 million devices over the globe, and has even covered the most popular PCs, software, hardware equipment utilized today in on a worldwide basis. Among the applications installed 55% of them are not their latest versions, those applications utilizing the structures and tools, contain vulnerabilities and for security reasons ought to be updated as soon as possible.

The most installed softwares of 2018 include, Google Chrome, Adobe Reader, WinRAR, Microsoft Office, and Mozilla Firefox.
Read more »
Information Security risk
Information Security risk

Almost 2,000 Vodafone users “open to fraud” after details stolen


A week after TalkTalk, a phone and broadband provider, attack incident came into light, Vodafone, a telecommunication provider, has confirmed nearly 2,000 of its customers have had their details accessed, which happened between Wednesday and Thursday last week.

The telecommunications giant reported that its 1,827 customers have had their accounts accessed, with criminals potentially accessing customers' names, their mobile phone numbers, bank sort codes and the last four digits of their bank account numbers.

However, Vodafone said its security protocols had been "fundamentally effective".

The company said that its systems had not been hacked and it had carried out “mitigating actions” so meant only a "handful" of customers had been subject to any fraudulent attempts to use their data.
A report published in BBC confirms that the accessed information have been used to try and access Vodafone users accounts were allegedly bought on the ‘dark web'.

The company has informed the affected users and other customers do not have to worry.

The company has suggested its users to be aware of phishing emails that appear to be from a trusted source and seek to gain personal details. Similarly, avoid giving out private details such as banking passwords, login details or account numbers.

A Vodafone spokesperson said the affected Vodafone accounts had been blocked and their banks notified.

He said that the National Crime Agency (NCA), the Information Commissioner's Office and Ofcom have been notified of the incident.

The NCA spokeswoman said, "The NCA can confirm that we have been contacted by Vodafone in relation to a compromise of customer data, and we are in dialogue with the company. Anyone who thinks they have been subject to attempted or successful fraud, or other online crime, should report it to action fraud at www.actionfraud.police.uk."
Read more »
Security News
hacker news Information Security Information Security risk Security News

Gmail now automatically displays images, helps attacker to know when you open the mail


Google yesterday announced that it will automatically display the embedded images in emails by default, which was previously disabled by Google. 

By enabling this feature, Google made a mistake, now sender is able to track whether the user have opened the mail or not.

An attacker with a unique image link (eg:www.breakthesecurity.com/123456.jpg) can easily determine when the recipient opened the mail.

"Turning those images on means we’ll be more accurate when tracking unique opens."MailChimp, a bulk Mail service, said in their blog post.

"GMail's new image caching doesn't occur until the user views the message, still provides read tracking." HD Moore, security researcher commented about this new feature in his tweet.

You can disable this feature by choosing the option "Ask before showing" in the "image" section under the General tab in settings. However, it is still in question how many of users going to disable it, most of them don't bother.
Read more »
Security News
hacker news Information Security Information Security risk Security News

Stolen laptop of Poker Player mysteriously returned with Remote Administration Tool


Jens Kyllönen, a professional Poker player from Finland, has shocked when his laptop apparently stolen from his hotel room while he was playing in a tournament, mysteriously returned to the same place where he left it.

Jens complaint about this incident to the hotel however the staffs are not helpful. They told him that camera's are not working properly so not able to find out how it was happened.

Interestingly, the laptop again stolen while he was getting help from staffs and placed in hotel lobby. The one who accessed his laptop managed to remove the password security.

Then, he got an idea to visit the F-Secure Labs to do forensics investigation on his laptop to find out what happened.

According to F-Secure Labs, the laptop was in fact infected with a java-based Remote Administration Tool(RAT). Based on the timestamps, the malware was introduced to the laptop when the laptop had gone missing.

He is not the only person who fell victim to this attack, there is another professional player, Henri Jaakkola who stayed in the same room at the event, had the same exact same trojan installed in his laptop.

Those who have laptop with sensitive information are advised to put it in a safe when you are not around it, and encrypt disks.
Read more »
Information Security risk
Breaking News Information Security Information Security News Information Security risk

Used memory sticks being sold online contains sensitive Government data


Selling an used memory sticks often pose an information security risk-  We might be thinking that we completely erased the data from it, but it is possible to recover the files that are not properly deleted with the help of some tools.

A recent study found that "old memory sticks" being sold online contain sensitive Australian Government data.

The research paper which is to be presented at a cyber security conference in Perth reveals how researchers discovered the confidential Government data while they are researching the used memory sticks, The Australian news reports.

The study found that sellers are sending memory cards without properly erasing the data. The recovered data not only contains a personal info but also appears to be information belong to Australian government.

"It is evident that actions must be taken by second hand auction sites, and the media to raise awareness and educate end-users on how to dispose of data in an appropriate manner," the study says.
Read more »
Subscribe to: Posts (Atom)