Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Safety. Show all posts
User Safety
Cyber Safety Data Data Breach Data Leak Safety Security User Data User Safety

ERP Firm Data Breach Exposes Over 750 Million Records

 

A leading Enterprise Resource Planning (ERP) company based in Mexico inadvertently left an unsecured database online, exposing sensitive information on hundreds of thousands of users. This was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to Website Planet. According to Fowler, the database contained 769 million records and was accessible to anyone who knew where to look.

The exposed data included highly sensitive and personally identifiable information such as API keys, secret keys, bank account numbers, tax identification numbers, and email addresses. The database, which is 395GB in size, belongs to ClickBalance, a software provider that offers a range of cloud-based business services including administration automation, accounting, inventory, and payroll.

Website Planet describes ClickBalance as one of Mexico’s largest ERP technology providers. Upon discovering the database, Fowler immediately contacted ClickBalance, which secured the database within hours. However, it remains unclear whether any malicious actors accessed the data before it was secured or whether the data has been used in any malicious activities. Fowler emphasizes that only a comprehensive forensic investigation can determine the full extent of the exposure.

The exposure of tax identification numbers and bank account details poses significant risks, enabling cybercriminals to conduct fraudulent activities. The theft of active email addresses is particularly concerning, as it allows criminals to launch phishing attacks that can deliver malware and ransomware.

Despite the severe potential consequences, unsecured databases continue to be a common cause of data breaches. Many large enterprises and government organizations have been found with online databases lacking adequate protection. For instance, a previous incident resulted in the personal information of the entire Brazilian population being leaked.
Read more »
Safety
Cyber Safety Cyber Security Data Online Security Safe Safety

How to Protect Your Online Accounts from Hackers

 

Hackers are increasingly targeting individuals to steal cryptocurrency, access bank accounts, or engage in stalking. Although these attacks are relatively rare, it's crucial to know how to protect yourself if you suspect someone has accessed your email or social media accounts.

A few years ago, I wrote a guide to help people secure their accounts. Many companies provide tools to enhance account security, which you can use even before contacting their support teams.

Here, we break down steps you can take across various online services.

First, it's important to note that these methods don't guarantee complete security. If you still feel compromised, consider consulting a professional, especially if you are a journalist, dissident, activist, or someone at higher risk.

Enable multi-factor authentication (MFA) on all your accounts, or at least the most critical ones like email, banking, and social media. This directory provides instructions for enabling MFA on over 1,000 websites. You don't have to use the recommended MFA app; many alternatives are available.

Some services also offer physical security keys or passkeys stored in password managers, providing high-level protection against password-stealing malware and phishing attacks.

Securing Your Gmail Account

If you suspect your Gmail account has been compromised, scroll to the bottom of your inbox and click on "Last account activity" in the bottom right corner. Then click on "Details" to see all the locations where your Google account is active. If you notice any unfamiliar activity, such as logins from different countries, click on "Security Checkup." Here, you can see which devices your account is active on and review recent security activity.

If you spot suspicious activity, click on "See unfamiliar activity?" and change your password. Changing your password will sign you out of all devices except those used for verification and third-party apps you've granted access to. To sign out from those devices, visit Google Support and click on the link to view apps and services with third-party access.

Consider enabling Google’s Advanced Protection for enhanced security. This feature makes phishing and hacking more difficult but requires purchasing security keys. It's highly recommended for individuals at higher risk.

Remember, your email account is likely linked to other important accounts, so securing it is crucial.

Checking Microsoft Outlook Security

To check if your Microsoft Outlook account has been accessed by hackers, go to your Microsoft Account, click on "Security" in the left-hand menu, and then under "Sign-in activity," click on "View my activity." You'll see recent logins, the platform and device used, browser type, and IP address. If anything looks suspicious, click on "Learn how to make your account more secure," where you can change your password and find instructions for recovering a hacked or compromised account.

Given that your email is often linked to other critical accounts, securing it is vital.

Securing Your Yahoo Account

Yahoo also provides tools to check your account and sign-in activity for unusual signs of compromise. Go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, then click on "Manage your account." Next, click on "Review recent activity." You can see recent activity on your account, including password changes, phone numbers added, and connected devices with their IP addresses.

Since your email is likely linked to sensitive sites like your bank, social media, and healthcare portals, it's essential to secure it diligently.

By following these steps and using the tools provided by these services, you can enhance the security of your online accounts and protect yourself from potential threats
Read more »
Security
Cyber Insurance Cyber Security insurance Safety Security

Significant Drop in Cyber-Insurance Premiums Makes Coverage More Affordable

 

Over the last year, a steady decline in premium rates has made cyber-insurance coverage more accessible and affordable for organizations of all sizes.

The primary driver behind this decrease is the increasingly competitive marketplace, with more insurance companies offering coverage for cybersecurity incidents such as ransomware attacks and data breaches. Additionally, improved cyber hygiene among insured organizations has contributed to the lower rates, according to a recent report from London-based Howden Insurance.

Howden's report highlighted a 15% reduction in average cyber-insurance premium rates in 2023 compared to the previous year. This decline follows a two-year period from December 2020 to December 2022 when rates surged due to a significant increase in ransomware-related claims.

Sarah Neild, head of cyber retail, UK, at Howden, stated, "Favorable dynamics have persisted into 2024, with the cost of cyber insurance continuing to fall despite ongoing attacks, heightened geopolitical instability, and the proliferation of GenAI. At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls."

Howden’s findings are echoed by US-based Aon, which reported a 17% decline in premium rates in 2023 compared to 2022. Aon also anticipates stable pricing through the end of the year due to ample capacity and a competitive market environment. Aon’s analysis showed that a rise in ransomware and other cyberattacks, alongside heightened regulatory reporting requirements, has increased interest in cyber insurance among organizations.

Shawn Ram, head of insurance at Coalition Insurance, noted that premium rates have declined even as cybersecurity-related claims have risen over the past year. "In 2023, overall claims frequency increased 13% year-over-year, and overall claims severity increased 10% YoY, resulting in an average loss of $100,000. Claims frequency increased across all revenue bands, with businesses between $25 million and $100 million in revenue seeing the sharpest spike — a 32% YoY increase." Despite the increased claims activity, pricing for cyber insurance remains stable due to the robust capacity in the market.

Insurance companies have become more adept at evaluating cyber risk, says Andrew Braunberg, an analyst with Omdia. "Carriers are getting a lot smarter in how they assess the cyber risks of prospects and the way they write up coverage," he explains, adding that insurers now conduct more thorough risk assessments and expect proactive security technologies to be in place.

Howden expects demand for cyber insurance from small and midsize enterprises (SMEs) to drive growth and price stability in the market over the next few years. SMEs, which contribute nearly half of the GDP in major economies, represent an underserved demographic offering significant growth opportunities for insurers and brokers. The market is also projected to expand significantly as insurance companies look to grow outside the US, which currently accounts for two-thirds of the global market.

Xing Xin, CEO and co-founder of cyber insurer Upfort, believes that while there are enough insurers eager to write more business around cybersecurity to keep prices stable for now, increased claims frequency and severity may eventually impact underwriting and rates. "A widespread cybersecurity issue that systemically triggers a high count of policies could reverse the current trend, leading to accelerated rate growth," he cautions.

By leveraging these insights, Elivaas can stay ahead in the rapidly evolving landscape of cyber-insurance, ensuring robust protection for their clients and continued market leadership.
Read more »
Security
Cybersecurity Threats Fickle Stealer Infostealer Malware Safety Security

New Infostealer 'Fickle Stealer' Targets Sensitive Data Using Multiple Distribution Methods

 

Security experts are raising alarms about a new infostealer named Fickle Stealer, which is being disseminated through various techniques across the internet. Fickle Stealer engages in typical malicious activities, such as stealing sensitive files, system information, browser-stored files, and cryptocurrency wallet details. However, what sets Fickle Stealer apart is its construction using the Rust programming language.

"Beyond targeting popular applications, this stealer searches for sensitive files in the parent directories of common installation paths to ensure thorough data collection," stated security researcher Pei Han Liao. "It also fetches a target list from the server, adding flexibility to Fickle Stealer's operations."

According to cybersecurity researchers from Fortinet FortiGuard Labs, Fickle Stealer employs four distinct distribution methods: a VBA dropper, a VBA downloader, a link downloader, and an executable downloader. Some of these methods utilize a PowerShell script that bypasses User Account Control (UAC) mechanisms. This script also transmits system information, such as the device's location (country and city), IP address, operating system version, computer name, and username, to a Telegram bot.

Infostealers are among the most prevalent and disruptive forms of malware, second only to ransomware. They enable cybercriminals to access sensitive services, including banking accounts, social media profiles, and corporate platforms. With access to cryptocurrency wallet data, hackers can transfer funds to their own wallets, effectively stealing any available money. Furthermore, infostealers allow criminals to access email inboxes, leading to phishing attacks, impersonation, identity theft, and potentially ransomware attacks on corporate IT systems.

Securing devices against infostealers involves the same precautions as defending against other types of malware. Users should avoid downloading and running suspicious files and thoroughly verify email attachments before opening them. By adhering to these practices, individuals and organizations can better protect their sensitive data from cyber threats.
Read more »
Safety
Cyber Security Data data security Information and Security Safety

Tech Giants Aid Rural Hospitals in Cybersecurity Battle

 


Microsoft and Google have announced initiatives to offer free or discounted cybersecurity services to rural hospitals across the United States, aiming to reduce their vulnerability to cyberattacks that have disrupted patient care and threatened lives, according to a joint statement from the White House and the tech companies on Monday.

In a statement to CNN, Microsoft revealed plans to provide eligible rural hospitals with free security updates, as well as security assessments and staff training. Google will offer free cybersecurity advice and launch a pilot program to tailor its cybersecurity services to the specific needs of rural hospitals.

The nation's approximately 1,800 rural community hospitals are particularly susceptible to ransomware attacks due to their limited IT security resources and lack of cybersecurity-trained staff. These hospitals often serve as the only healthcare facility within a wide radius, so a ransomware attack that halts their operations can endanger patients' lives.

This initiative follows private discussions between tech firms and the White House National Security Council, which has been increasingly concerned about cyber threats to hospitals. By leveraging the widespread use of Microsoft and Google's software in hospitals across the country, the effort aims to strengthen the healthcare sector's defenses.

Anne Neuberger, the top cyber official at the White House National Security Council, highlighted the urgency of addressing this threat: "We’re in new territory as we see this wave of attacks against hospitals."

The Biden administration is also working on establishing minimum cybersecurity requirements for US hospitals. Although the details are not yet finalized, the American Hospital Association has expressed opposition, arguing that the proposal could penalize victims of cyberattacks.

Rising Ransomware Attacks

Ransomware attacks on the US healthcare sector surged by 128% in 2023 compared to 2022, as reported by the Office of the Director of National Intelligence. Recent incidents underscore the sector's vulnerabilities. In February, a ransomware attack on a major health insurance billing firm disrupted billions of dollars in healthcare payments, pushing some clinics to the brink of bankruptcy. UnitedHealth Group paid a $22 million ransom to recover patient data, affecting one third of Americans.

In May, a ransomware attack on one of America's largest hospital chains forced nurses to manually enter prescription information, jeopardizing patient safety.

The FBI and international allies have targeted ransomware gangs, seizing their computers and decrypting victim files. However, ransomware remains lucrative, partly because many perpetrators operate with impunity from Russia. Hospitals, desperate to restore services, often pay ransoms, perpetuating the cycle of attacks.

"We see a more permissive environment in Russia for hacktivists and criminals, which is concerning," Neuberger said. "More companies paying ransoms only fuels further attacks."


Cyberattacks continue to disrupt other essential services. The City of Cleveland is investigating a cyber incident that led to the closure of City Hall on Monday and Tuesday as a precaution. While internal systems and software are shut down, emergency services, including 911, police, fire department, ambulances, and the Department of Public Utilities, remain operational but with limited IT capabilities.

"Over the weekend, the city identified some abnormalities," said Commissioner Kimberly Roy-Wilson of the Division of Information Technology Services. "We have initiated our containment protocols and are now investigating the nature and scope of these abnormalities."

Mayor Justin Bibb did not disclose the agencies involved in the investigation.
Read more »
Secure
attackers Cyber Security Safety Safety Data Secure

Why Mid-Sized Businesses Are Attractive Targets for Cyber Criminals

 

An increase in cybersecurity incidents among mid-market firms has been observed in recent years. For example, a survey in the UK revealed that 45% of medium-sized businesses experienced cybercrimes, with phishing attacks being the most common. Despite this, many mid-sized companies struggle with being prepared for such threats, with only 55% having formal incident response plans in place.

Ransomware attacks, in particular, have caused significant financial and operational damage to businesses. A report found that recovery from these attacks took an average of 22 days, with costs often surpassing the ransom demand by fiftyfold.

Mid-sized companies are vulnerable to cyber threats due to limited budgets and resources for cybersecurity measures. With valuable data at stake, these businesses are attractive targets for cybercriminals seeking to profit from selling stolen information. Additionally, mid-sized firms serving as suppliers to larger corporations can make global supply chains more vulnerable to cyber attacks.

The increasing regulatory pressures surrounding data protection also pose challenges for mid-sized businesses in complying with standards such as GDPR and HIPAA. Non-compliance can lead to hefty fines and legal repercussions, making it crucial for these companies to enhance their cybersecurity measures.

To address these challenges, mid-sized firms should take proactive steps to improve their cybersecurity posture. Adopting Public Cloud ERP solutions can significantly enhance security by providing built-in features, regular updates, compliance support, scalability, and advanced threat detection.

By investing in cybersecurity and leveraging cloud-based solutions, mid-market companies can protect their valuable assets, comply with regulations, and maintain trust with customers and partners. This proactive approach can help mitigate the risks posed by evolving cyber threats and ensure the security of business operations in a cost-effective manner.
Read more »
Software Issues
CVEs Cyber Security Data Data Safety data security Safety Software Software Issues

Why CVEs Reflect an Incentives Problem

 

Two decades ago, economist Steven Levitt and New York Times reporter Stephen Dubner published "Freakonomics," a book that applied economic principles to various social phenomena. They argued that understanding how people make decisions requires examining the incentives they respond to. Using a range of sociological examples, they demonstrated how incentives can lead to unexpected and sometimes counterproductive outcomes.

Reflecting on these unintended consequences brings to mind a growing issue in cybersecurity: the rapid increase in software vulnerabilities tracked as Common Vulnerabilities and Exposures (CVEs). Last year, a record 28,902 CVEs were published, averaging nearly 80 vulnerabilities per day—a 15% rise from 2022. 

These software flaws are costly, with two-thirds of security organizations reporting an average backlog of over 100,000 vulnerabilities and patching fewer than half. The surge in CVEs is partly because we’ve improved at discovering vulnerabilities, and partly due to inadequate safeguards in the creation and tracking mechanisms for CVEs. It’s crucial to consider the incentive structure that motivates the identification and assignment of vulnerabilities.

While the system for assigning and scoring CVEs is widely used, it has significant flaws. Established by MITRE in 1999, the CVE system provides a standardized method for identifying and cataloguing software vulnerabilities, helping organizations prioritize and mitigate them. However, the incentive mechanisms behind CVE assignment and scoring present challenges that can undermine this system’s effectiveness.

Some security researchers seek a reputation within the cybersecurity community by gaming the CVE system. This drive for recognition or professional advancement can result in a focus on the quantity over quality of submissions, cluttering the system with trivial or noncritical issues and diverting attention from more severe vulnerabilities. The ability to file CVEs anonymously or with minimal evidence also introduces opacity, allowing for erroneous, exaggerated, or malicious submissions. This lack of accountability necessitates rigorous verification processes to maintain trust in the system.

The Common Vulnerability Scoring System (CVSS) has been criticized for not accurately reflecting the actual risk posed by vulnerabilities in real-world environments. High-scoring vulnerabilities may receive undue attention, while more critical, exploitable flaws in specific contexts are deprioritized. For instance, security researcher Dan Lorenc highlighted a day when 138 CVEs were published, two with a critical priority score of 9.8, but none were true vulnerabilities. This raises the question: Are we seeing more CVEs because there are more vulnerabilities, or because the rewards for reporting them have increased?

To address these issues, we need to rethink the incentive structure of CVE reporting. Here are some suggestions:

1. Reward quality over quantity: Implement rewards based on the quality and impact of reported vulnerabilities, encouraging researchers to focus on significant exploits rather than sheer numbers.

2. Enhance verification and accountability: Introduce a tiered verification process requiring substantial proof of a vulnerability’s existence and impact before assigning a CVE, while still protecting researchers' identities.

3. Redefine CVSS to reflect real-world risk: Revamp the CVSS to better indicate real-world risk and exploitability, possibly incorporating feedback from organizations that have experienced exploit attempts.

Incentives play a crucial role in motivating the discovery and disclosure of vulnerabilities. To address the current issues in CVE reporting, we must reconsider how incentives shape behaviour. Until then, we can expect another record-breaking year for CVEs.
Read more »
Safety
Cyber Security Data Data Safety data security Safety

Ransomware Attack Struck This Medical Device Manufacturer

 

LivaNova employees have been impacted by a ransomware attack, with the LockBit group claiming responsibility.

The UK-based medical device manufacturer, LivaNova, has notified current and former employees about a “cybersecurity incident” that compromised their personal data.

The stolen information includes:

- Name
- Telephone number
- Email
- Address
- Social Security number
- Date of birth
- Financial account information
- Health insurance information
- Online credentials
- Work-related information such as employee ID, compensation, disability status, and evaluations

The ransomware attack, which occurred on October 26th, 2023, disrupted LivaNova’s IT systems. The LockBit ransomware group has claimed responsibility, asserting on December 9th that they have 2.2TB of the company’s data.

In response, LivaNova’s breach notification to affected individuals stated that they “quickly took steps to protect its systems and data and to mitigate the impact of the incident, including shutting down certain systems and requiring personnel to change their passwords.”

To support affected individuals, the company is offering two years of free identity protection and credit monitoring services.
Read more »
Safety
$7.8 million settlement Armenia Cyber Security BetterHelp data security health data sharing Safety

BetterHelp Agrees to $7.8 Million Settlement for Health Data Sharing with 800,000 Users

 

The LockBit ransomware group has resurfaced, targeting Hooker Furniture, a significant player in the U.S. furniture industry. Alleging the theft of customer and business data, LockBit has set a deadline of May 08, 2024, for its publication.

Meanwhile, BetterHelp, a mental health platform offering online counseling since 2013, has reached a $7.8 million settlement with the U.S. Federal Trade Commission (FTC). The settlement addresses accusations of mishandling and sharing consumer health data for advertising purposes.

BetterHelp, known for its accessibility and range of therapy options including text, live chat, phone, and video sessions, serves individuals grappling with various mental health issues. An FTC investigation revealed the platform's unauthorized collection of user data, which was subsequently shared with third-party platforms for targeted advertising.

As part of the settlement, BetterHelp is obligated to refund $7.8 million to consumers who utilized its services between August 1, 2017, and December 31, 2020. This refund program extends to users of affiliated platforms such as MyTherapist and Teen Counseling, encompassing approximately 800,000 individuals.

Overseeing the refund process, Ankura Consulting will offer payment options including checks, Zelle, and PayPal. Consumers have until June 10, 2024, to select their preferred payment method.
Read more »
Sweden
Cyber Security Cyberattacks DDOS Attacks Hackers NATO Safety Sweden

Sweden Faces Influx of DDoS Attacks Following NATO Membership

 


A significant uptick in distributed denial of service (DDoS) attacks has plagued Sweden as the nation navigates its path towards joining NATO, reports network performance management provider Netscout.

The onslaught commenced notably in May 2023, following a colossal 500 Gbps attack targeting Swedish government infrastructure. Subsequent to this initial strike, the frequency and intensity of DDoS assaults against Swedish entities have steadily escalated, reaching a peak in late 2023 with attacks soaring to 730 Gbps.

However, the year 2024 witnessed a further exacerbation of the situation, particularly intensifying from February onwards. On February 14, Sweden’s Foreign Minister hinted at Hungary's support for their NATO bid, serving as a catalyst for a significant event. 

Netscout documented an astounding 1524 simultaneous DDoS attacks targeting Swedish organizations the subsequent day. This surge indicated a marked escalation in tensions and retaliatory actions from various politically motivated hacker groups, as underscored in Netscout's public statement.

The climax of the attacks occurred on March 4, 2024, when Netscout observed an unprecedented 2275 attacks in a single day, marking a staggering 183% increase compared to the same date in the previous year. Remarkably, this surge transpired merely three days before Sweden's formal admission into NATO.

Netscout's analysis has identified several hacker groups involved in these assaults, including NoName057, Anonymous Sudan, Russian Cyber Army Team, and Killnet, all of which are aligned with Russian interests.
Read more »
Software Developers
bogus npm packages cybersecurity threat malware malware installation Safety social engineering campaign Software Developers

Fraudulent npm Packages Deceive Software Developers into Malware Installation

 

A new cyber threat dubbed DEV#POPPER is currently underway, targeting software developers with deceitful npm packages disguised as job interview opportunities, aiming to dupe them into downloading a Python backdoor. Securonix, a cybersecurity firm, has been monitoring this activity and has associated it with North Korean threat actors.

In this scheme, developers are approached for fake job interviews where they are instructed to execute tasks that involve downloading and running software from seemingly legitimate sources like GitHub. However, the software actually contains a malicious payload in the form of a Node JS script, which compromises the developer's system upon execution. The individuals involved in tracking this activity, namely Den Iuzvyk, Tim Peck, and Oleg Kolesnikov, have shed light on this fraudulent practice.

This campaign came to light in late November 2023 when Palo Alto Networks Unit 42 revealed an operation known as Contagious Interview. Here, threat actors pose as potential employers to entice software developers into installing malware such as BeaverTail and InvisibleFerret during the interview process. Moreover, in February of the following year, Phylum, a software supply chain security firm, uncovered similar malicious packages on the npm registry delivering the same malware families to extract sensitive information from compromised developer systems.

It's important to distinguish Contagious Interview from Operation Dream Job, associated with the Lazarus Group from North Korea. While the former targets developers primarily through fake identities on freelance job portals and utilizes developer tools and npm packages leading to malware distribution, the latter involves sending malicious files disguised as job offers to unsuspecting professionals across various sectors.

Securonix outlined the attack chain, which begins with a ZIP archive hosted on GitHub sent to the target as part of the interview process. Within this archive lies a seemingly harmless npm module containing a malicious JavaScript file, BeaverTail, which acts as an information stealer and a loader for a Python backdoor named InvisibleFerret retrieved from a remote server. This backdoor is capable of various malicious activities, including command execution, file enumeration, exfiltration, clipboard monitoring, and keystroke logging.

This development underscores the ongoing efforts of North Korean threat actors to refine their cyber attack techniques, continuously updating their methods to evade detection and maximize their gains. Maintaining a security-focused mindset, especially during high-pressure situations like job interviews, is crucial in mitigating such social engineering attacks, as highlighted by Securonix researchers. The attackers exploit the vulnerability and distraction of individuals during these situations, emphasizing the need for vigilance and caution.
Read more »
Web browser
Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

 

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.
Read more »
Windows security flaw
Command Injection Attacks Cyber Security Data Rust vulnerability Safety Windows security flaw

Windows Systems Vulnerable to Attacks Due to Critical 'BatBadBut' Rust Flaw

 

A significant security loophole within the Rust standard library has emerged, posing a threat specifically to Windows users by enabling potential command injection attacks. Designated as CVE-2024-24576 and carrying a maximum severity score of 10.0 according to the Common Vulnerability Scoring System (CVSS), this vulnerability is significant. However, it's worth noting that it solely affects situations where batch files are called upon in Windows environments with untrusted arguments.

The Rust Security Response working group, in an advisory issued on April 9, 2024, highlighted that the flaw arises from inadequacies in the Rust standard library's handling of arguments when initiating batch files (bearing the .bat and .cmd extensions) on Windows via the Command API. Essentially, the flaw permits attackers to execute arbitrary shell commands by circumventing the established escaping mechanisms.

This vulnerability affects all Rust versions preceding 1.77.2 and was initially discovered and reported by security researcher RyotaK to the CERT Coordination Center (CERT/CC). RyotaK, who named the vulnerability "BatBadBut," emphasized that it impacts multiple programming languages and stems from the manner in which these languages utilize the CreateProcess function in Windows while incorporating escape mechanisms for command arguments.

According to CERT/CC, the vulnerability underscores a broader issue wherein programming languages lack robust validation mechanisms for executing commands within the Windows environment. This oversight potentially allows attackers to execute disguised arbitrary code as command arguments.

The extent of the vulnerability's impact hinges on the implementation of vulnerable programming languages or modules. As not all programming languages have rectified the issue, developers are advised to exercise caution when executing commands on Windows platforms.

In order to mitigate the risk of inadvertent execution of batch files, RyotaK recommends relocating such files to a directory not included in the PATH environment variable. By doing so, batch files would only execute upon specification of their full path, thereby reducing the likelihood of unexpected execution.
Read more »
SEO
Cyber Security digital data emerging asset class fund manager investment Safety SEO

Fund Manager Outlines Digital Data as Rising Asset Class

 

In a recent dialogue, Roundtable host Rob Nelson and Lisa Wade, CEO of wholesale fund manager DigitalX, explored the burgeoning data revolution, discussing the profound implications of data ownership and the transformative potential of Web3 and blockchain technology on traditional economic and investment frameworks.

Nelson initiated the conversation by emphasizing the dawn of the data revolution, highlighting the significant potential and influence of owning personal data. He suggested that as society becomes more aware of this potential, innovative applications of data will emerge, reshaping financial and economic paradigms. This perspective aligns with the growing belief that traditional economic models may soon be supplemented or challenged by new principles driven by advancements in data science and technology.

Wade contributed to the discussion by expressing her enthusiasm for recognizing data as a crucial asset class and the role of Web3 (and potentially Web5) in redefining data ownership. Her insights envisioned a future where individuals have control over their data, disrupting the traditional narrative surrounding data ownership. This shift, she argued, not only empowers individuals but also makes data more attractive for investment, diverging from the current landscape where personal financial information is fragmented and susceptible to online threats.

Additionally, Wade elaborated on DigitalX's innovative investment approach, employing a "universal scoring matrix" that utilizes data asset classifications to develop investment algorithms. This approach symbolizes a shift towards a new financial era where investment strategies are increasingly influenced by network effects and the intrinsic value of cryptocurrencies, rather than conventional metrics such as the Federal Reserve’s risk-free rate.

Referencing a Citigroup report, Wade described the current period as a "financial revolution," emphasizing the transition towards new financial models centered around staking rates within reputable networks. This transition is not merely theoretical but is being put into practice by DigitalX, demonstrating the tangible implications of these concepts on investment strategies and the broader economic landscape.
Read more »
Tycoon
Gmail malware MFA Bypass Microsoft 365 multifactor authentication phishing kit Safety Security Tycoon

'Tycoon' Malware Kit Bypasses Microsoft and Google Multifactor Authentication

 

An emerging phishing kit called "Tycoon 2FA" is gaining widespread use among threat actors, who are employing it to target Microsoft 365 and Gmail email accounts. This kit, discovered by researchers at Sekoia, has been active since at least August and received updates as recent as last month to enhance its evasion techniques against multifactor authentication (MFA).

According to the researchers, Tycoon 2FA is extensively utilized in various phishing campaigns, primarily aimed at harvesting Microsoft 365 session cookies to bypass MFA processes during subsequent logins. The platform has amassed over 1,100 domain names between October 2023 and late February, with distribution facilitated through Telegram channels under different handles such as Tycoon Group, SaaadFridi, and Mr_XaaD.

Operating as a phishing-as-a-service (PhaaS) platform, Tycoon 2FA offers ready-made phishing pages for Microsoft 365 and Gmail accounts, along with attachment templates, starting at $120 for 10 days, with prices varying based on the domain extension. Transactions are conducted via Bitcoin wallets managed by the "Saad Tycoon Group," suspected to be the operator and developer of Tycoon 2FA, with over 1,800 recorded transactions as of mid-March.

The phishing technique employed by Tycoon 2FA involves an adversary-in-the-middle (AitM) approach, utilizing a reverse proxy server to host phishing webpages. This method intercepts user inputs, including MFA tokens, allowing attackers to bypass MFA even if credentials are changed between sessions.

Despite the security enhancements provided by MFA, sophisticated attacks like Tycoon 2FA pose significant threats by exploiting AitM techniques. The ease of use and relatively low cost of Tycoon 2FA make it appealing to threat actors, further compounded by its stealth capabilities that evade detection by security products.

Sekoia researchers outlined a six-stage process used by Tycoon 2FA to execute phishing attacks, including URL redirections, Cloudflare Turnstile challenges, JavaScript execution, and the presentation of fake authentication pages to victims.

The emergence of Tycoon 2FA underscores the evolving landscape of phishing attacks, challenging the effectiveness of traditional MFA methods. However, security experts suggest that certain forms of MFA, such as security keys implementing WebAuthn/FIDO2 standards, offer higher resistance against phishing attempts.

To assist organizations in identifying Tycoon 2FA activities, Sekoia has published a list of indicators of compromise (IoCs) on GitHub, including URLs associated with Tycoon 2FA phishing campaigns.
Read more »
third-party provider
Cyber Security Data fast food chain Global Outage McDonald's Safety Security technical issues third-party provider

McDonald's Attributes Worldwide Outage to Third-Party Provider

McDonald's faced significant disruptions in its fast-food operations on Friday, attributing the widespread technical issues to a third-party provider rather than a cyber attack. The outage, which occurred during a "configuration change," affected stores in various countries including the UK, Australia, and Japan.

According to McDonald's, the problem led to the inability to process orders, prompting closures and service interruptions across affected regions. However, the company clarified that it swiftly identified and resolved the global technology system outage.

Brian Rice, McDonald's chief information officer, emphasized that the incident was an anomaly not directly linked to cybersecurity threats but rather stemmed from a third-party provider's actions during a system configuration change. He assured that efforts were underway to address the situation urgently.

Reports indicated that numerous McDonald's outlets, particularly in the UK and Australia, experienced disruptions, causing frustration among customers unable to place orders. The impact varied across regions, with some locations forced to close temporarily.

Despite the challenges, McDonald's reported progress in restoring operations across affected countries. Stores in Japan, initially hit by the outage, began resuming operations, albeit with temporary cash-only transactions and manual calculations.

While the disruption garnered attention on social media platforms, including complaints from customers unable to order through the McDonald's app, the company thanked customers and staff for their patience as services gradually resumed.

The outage affected McDonald's restaurants worldwide, highlighting the scale of the incident across its extensive network of approximately 40,000 outlets globally, with significant footprints in the UK, Ireland, the United States, Japan, and Australia.
Read more »
Security
Cyber Attacks Data Data Safety Hamilton Safety Security

Cyberattack on Hamilton City Hall Expands to Impact Additional Services

 

Hamilton is currently facing a ransomware attack, causing widespread disruptions to city services for more than a week. City manager Marnie Cluckie disclosed the nature of the cyber attack during a virtual press conference on Monday, marking the first public acknowledgment of the incident since it began on February 25. 

The attack has resulted in the shutdown of almost all city phone lines, hampering city council operations and affecting numerous services such as the bus schedule app, library WiFi, and permit applications.

Cluckie mentioned that the city has not provided a specific timeframe for resolving the situation, emphasizing that systems will only be restored once deemed safe and secure. While the city has not detected any unauthorized access to personal data, Hamilton police have been alerted and will conduct an investigation.

Regarding the attackers' demands, Cluckie remained cautious, refraining from disclosing details such as the requested amount of money or their location due to the sensitive nature of the situation. However, she mentioned that the city is covered by insurance for cybersecurity breaches and has enlisted the expertise of cybersecurity firm Cypfer to manage the incident response.

Ransomware attacks, characterized by denying access to systems or data until a ransom is paid, can have devastating consequences, as highlighted by the Canadian Centre for Cyber Security. Although paying the ransom does not guarantee system restoration, it is sometimes deemed necessary, as seen in previous cases involving other municipalities like St. Marys and Stratford.

Once the city's systems are restored, Cluckie will oversee a comprehensive review to understand the breach's cause and implement preventive measures. Council meetings have been postponed until at least March 15 due to operational constraints, with plans to resume once the situation stabilizes.

The impact of the attack on various city services is extensive. Phone lines for programs, councillors, and essential facilities like long-term care homes are down. Online systems for payments and services related to fire prevention, permits, and property are inaccessible. Engineering services, cemeteries, libraries, public health, property taxes, Ontario Works, vendor payments, waste management, child care, transit, Hamilton Water, city mapping, and recreation facilities are all affected to varying degrees, with disruptions in communication, payments, and service availability.

Efforts are underway to mitigate the effects of the attack, but until the situation is resolved, residents and city officials must navigate the challenges posed by the ransomware attack.
Read more »
Safety
communication Cyber Security Cyberattack Cybersecurity data security Optum CEO Safety

Optum CEO Stresses Communication's Vital Role in Cyberattack Management

 

UnitedHealth Group's subsidiary, Change Healthcare, is anticipated to provide a significant update possibly by Tuesday, following a severe ransomware attack that has persisted for five consecutive days, causing disruptions in healthcare services nationwide.

Change Healthcare plays a pivotal role in handling claims and payments for various healthcare entities, including hospitals and pharmacies.

Dr. Amar Desai, CEO of Optum Health, a division of UnitedHealthcare, stated that the company is actively addressing the issue. Desai, along with other Optum executives, has been in constant communication with affected companies' top executives, particularly those in charge of security, information, and technology.

Desai emphasized the importance of robust communication channels among stakeholders during such incidents to ensure a coordinated response. He made these remarks during the Vive healthcare conference in Los Angeles, where he was part of a panel discussion alongside Huntington Health CEO Dr. Lori Morgan, moderated by Yahoo Finance.

UnitedHealth initially reported the cyberattack to the Securities and Exchange Commission (SEC) on Thursday, revealing that the attack commenced on February 21. The filing indicated that the company was suspected of involvement of a nation-state-linked cyber threat actor.

According to Optum, the perpetrator behind the attack has been identified as Blackcat, a ransomware group with Russian sponsorship. Despite the FBI's efforts to dismantle Blackcat late last year, the group has persisted in its malicious activities, targeting healthcare entities and government agencies.

In response to the ongoing threat, the American Hospital Association (AHA) advised healthcare systems to disconnect from Change Healthcare and develop contingency plans should the attack prolong.

As of the latest update on Monday, Change Healthcare stated that it promptly disconnected its systems upon detecting the threat. Notably, Optum, UnitedHealthcare, and UnitedHealth Group systems remain unaffected.

Change Healthcare reiterated its commitment not to compromise on security measures during the recovery process, emphasizing a proactive approach to addressing any potential issues promptly.

The full extent of the impact on Change Healthcare's partners remains unclear, and it may take some time before a comprehensive assessment is possible.
Read more »
Swipe sounds
biometric vulnerability Cyber Security Cybersecurity Data Devices Fingerprint Attack fingerprint recreation Phone Safety side-channel attack Swipe sounds

Researchers Unveil Sound-Based Attack: Swipe Sounds Used to Recreate Fingerprints

 

A group of researchers from China and the US has introduced an intriguing new method for compromising biometric security systems. Their study, titled "PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound," presents a novel side-channel attack aimed at the sophisticated Automatic Fingerprint Identification System (AFIS). 

This attack exploits the sound produced by a user's finger swiping across a touchscreen to extract fingerprint pattern details. Through testing, the researchers claim success rates of attacking "up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%." This research marks the first instance of utilizing swiping sounds to deduce fingerprint information.

Fingerprint biometric security measures are prevalent and widely trusted, with projections suggesting the fingerprint authentication market could reach nearly $100 billion by 2032. However, with growing awareness of potential fingerprint theft, individuals and organizations are becoming more cautious about exposing their fingerprints, even in photographs.

In the absence of direct access to fingerprints or detailed finger images, attackers have found a new avenue for obtaining fingerprint data to bolster dictionary attacks like MasterPrint and DeepMasterPrint. The PrintListener study reveals that "finger-swiping friction sounds can be captured by attackers online with a high possibility," using common communication apps such as Discord, Skype, WeChat, and FaceTime. By exploiting these sounds, the researchers developed PrintListener, a sophisticated attack method.

PrintListener overcomes significant challenges, including capturing faint friction sounds, separating fingerprint influences from other user characteristics, and advancing from primary to secondary fingerprint features. The researchers achieved this through the development of algorithms for sound localization, feature extraction, and statistical analysis.

Through extensive real-world experiments, PrintListener demonstrates remarkable success rates in compromising fingerprint security, surpassing unassisted dictionary attacks. This research underscores the importance of addressing emerging threats to biometric authentication systems and developing robust countermeasures to safeguard sensitive data.
Read more »
travel account security
Cyber Security cybersecurity tips Data Safety preventing hacking Protecting online travel accounts Safety Security travel account security

Here's How to Safeguard Your Online Travel Accounts from Hackers

 

Just days following Kay Pedersen's hotel reservation in Chiang Mai, Thailand, via Booking.com, she received a troubling email. The email, poorly written in broken English, warned her of "malicious activities" within her account.

Subsequently, Kay and her husband, Steven, encountered issues. Steven noticed unauthorized reservations at different hotels, prompting them to report the fraudulent activity to Booking.com. In response, Booking.com cancelled all their bookings, including the one in Chiang Mai. Despite their immediate action, restoring their original reservation proved challenging. While Booking.com eventually reinstated the reservation, the new rate was more than double the original.

The Pedersens are not isolated cases. A recent surge in hacking incidents has targeted travellers. Criminals reportedly obtained Booking.com passwords through its internal messaging system. Loyalty program accounts and other online travel agencies have also been popular targets.

The susceptibility of travel accounts to attacks is attributed to the wealth of sensitive information they hold, including passports, driver’s licenses, and travel dates. Caroline McCaffery, CEO of ClearOPS, underscores the importance of safeguarding this information.

To mitigate the risk of hacking, travellers can employ several strategies:

1. Utilize two-factor authentication, preferably through an authenticator app, to enhance security.
2. Enable login notifications to receive alerts of any unauthorized account access.
3. Avoid reusing passwords and opt for strong, unique passwords for each account. Password management services like Google Password Manager can be helpful.
4. Exercise caution when using public Wi-Fi networks, and employ a Virtual Private Network (VPN) for added security.

However, travellers themselves also contribute to the problem by sharing excessive personal information and falling victim to phishing scams. Bob Bacheler, managing director of Flying Angels, highlights the risks associated with oversharing on social media and with unknown websites.

Phishing, in particular, remains a prevalent method for hacking attempts. Albert Martinek, a customer cyber threat intelligence analyst at Horizon3.ai, emphasizes the dangers of clicking on suspicious links.

The Pedersens' case underscores the challenges travellers face in resolving hacking incidents. While Booking.com investigated and secured their account, the couple endured uncertainty regarding their hotel reservation.

Ultimately, responsibility for addressing these security concerns lies with the companies that handle travellers' data. Implementing passwordless authentication systems like Passkeys could offer a solution to mitigate hacking risks. However, until travel companies prioritize safeguarding personal information, travellers will continue to bear the consequences.
Read more »
Subscribe to: Posts (Atom)