Search This Blog

Showing posts with label data security. Show all posts

Cyber-Terrorism In The Skies

 

Prior to 9/11, plane hijackings were thought to be the stuff of Hollywood scriptwriters. Major movie plots frequently reflect current societal themes in character scenarios and, in some cases, technology. 

There are numerous cyber-crime-themed films that accurately predicted our future. If we stop and think about it, nearly everything around us is becoming more digitized than ever before, from car navigation and control systems to Wi-Fi-enabled temperature sensors in backyard grills. You can't avoid it, so it's no surprise to learn how much technology goes into a modern aircraft. Aside from in-flight entertainment, Wi-Fi, and LED lighting, there are intricate sensors, controls, and computing systems that work together to provide the safest, best flights possible.

Unfortunately, in today's world, the general public is well-informed about how terrifying hijacked planes can be. And, as time has passed, the threat of terror in the skies has evolved technologically.
For many years, the terrifying prospect of cyber-attacks on commercial flights has haunted the airline industry. One of the first incidents to garner public attention was when security researcher Chris Robert was detained by the FBI on a domestic flight after claiming to have briefly seized control of the plane.

At the Black Hat cybersecurity conference in Las Vegas, another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while they were in flight from the ground. The cybersecurity researcher claimed he used flaws in satellite equipment to remotely hack into the planes.

We would be dealing with a very dangerous threat if a plane's technical systems were compromised by malicious hackers. And we've had some close calls. A malware infection, for example, prevented a Spanair flight from taking off several years ago. In that case, the detection occurred before the flight was even possible, but the entire scenario highlights a significant risk and an ever-present threat.

Protection in the air is important, as is protection from potentially malicious passengers-turned-hackers, but what about safeguarding at other points in the flight industry's technology chain? Is it possible that mission-critical IT systems will be as vulnerable as satellites and onboard computers have proven to be?

Consider it from the perspective of a hacker. Nobody attempts to enter a fort through the guarded front gates. They sneak in through an unguarded wall or disguise themselves as the gate maintenance team. In other words, hackers find ways to circumvent perceived barriers and all the costly fortifications or processes in order to find a vulnerable point of entry.

Bugs and malicious software, for example, can infiltrate a simple software update. Although updating software is a good practice, the possibility of something dangerous occurring during these specific times is always present.

Almost like the vulnerable moments when vigilance is low during a guard change. Conditions like these require us to validate versions, and baseline systems and understand how to identify and isolate threats. They compel us to keep an eye out for compromise behavior and metrics. As a result, the security challenges encountered are closely related to enterprise security.

The Real World vs Hollywood

Planes, like any other interconnected IT system, can and probably will be hacked at some point. At this point, the question is not if, but when. Using intelligent precautions, processes, and technologies, we can hopefully predict and prevent whatever that sober incident turns out to be. And, if this terrifying situation occurs, we hope that quick recovery is triggered in accordance with well-planned disaster plans. Even if we are not in the airline industry, we should have the same mindset when it comes to our mission-critical internal IT systems.

Throughout the service lifecycle of our own IT infrastructure, are we sufficiently monitoring and protecting our mission-critical systems from cyber threats? No enterprise IT system is safe if planes can be hacked. The same questions regarding vulnerability mitigation and disaster recovery planning should be directed toward every IT system in every organization.

It is critical to understand that when it comes to commercial flights, the stakes could not be higher because human lives are at stake. Fortunately, industry leaders and government task forces are committed to developing solutions that address cyber threats to the commercial flight industry in a proactive manner. Eventually, their awareness and diligence will ensure that this remains a plot line for Hollywood thrillers rather than a potential opportunity for another devastating terror attack that weaponizes commercial airliners.

What is Data Synchronization and How Does it Operate?


Considering how data could get lost, it has become essential that you have multiple data sets. However, manually maintaining numerous data sets has its own drawbacks. Individual data asset changes might introduce inconsistencies that can create security loopholes and operational problems. Data synchronization makes it easier to manage and secure numerous data sets without fuss. 

Data Synchronization

Data synchronization is a continuous process of maintaining data sets across various applications in a consistent and accurate manner so as they are identical, no matter where they are located. Since maintaining data uniformity manually across various applications is not the best course of action, for despite your best efforts, errors might still occur in the process. Data synchronization is an automatic process that maintain consistency over your data sets. 

Having a data set located at different places may lead to inconsistencies, for when an individual will interact with a data set, he may as well alter it intentionally or accidently. Thus, distinguishing it from the others. The various data assets could have errors that make backups ineffective or expose your system to cyber threats. 

How does Data Synchronization Operate? 

How the data synchronization operate will depend on what parameters did the user set on beforehand. In order to ensure that the synchronization completes a full cycle, you must connect the various applications where your data sets are stored. 

Data synchronization works in following steps: 

1. Trigger Update: Changes you make to one data set push an update across all data sets once your preferred update trigger has been set. The system constantly monitors your data and initiate an update as soon as a change is detected. 

2. Identify Information: Data synchronization does not include the overall revamp of an entire data set. Once an update alert goes off, the system recognizes the specific information you have changed when an update alert sounds, and it applies your changes to the same areas of other applications. 

3. Choose Frequency: Depending on your preference, data synchronization might happen synchronously or asynchronously. Changes are immediately reflected in the synchronous mode, eliminating any possibility for errors. If you select the asynchronous option, the changes will take effect at certain intervals, for an instance, once every hour. 

4. Align Format: In some circumstances, the new data may be presented in a different format than the data existing in other data sets. The incoming data is formatted in a manner that makes it compatible with the old information. 

5. Confirm Update: Once the data is successfully synchronized, the system displays a message of update confirmation, in the absence of which may indicate an error in the synchronization process. The system may retry the update for a number of times. If the process still reckons unsuccessful, an error message will then be sent to the user, indicating failure of the synchronization. 

Taking into consideration of how a large chunk of work we do in the digital space revolves around data, one way or the other. Thus, marking the importance of maintaining data integrity, for inability of doing so could result in flawed data, moreover flawed results. One can therefore utilize data synchronization in order to maintain the accuracy of data sets. 

Once, you secure your data assets in a synchronized order, you can secure them more effectively by establishing a single security framework across various applications. Consequently, in a long-term, you will be able to save time and resources.  

Private Data Leaked in Ransomware Attack on Virginia Mason Franciscan Health

 

The parent firm of Virginia Mason Franciscan Health was recently the target of a ransomware assault, the healthcare system disclosed earlier this week. 

The organization linked to 10 VMFH hospitals spread across the Puget Sound region, CommonSpirit Health, stated some patients' names, addresses, phone numbers, and dates of birth were included in leaked files while the cyberattack was being investigated. Additionally included were special IDs that the hospital utilized internally (not insurance IDs or medical record numbers). 

According to Chad Burns, a spokeswoman for CommonSpirit, it's unclear how many patients were impacted. The firm acknowledged that there is currently no proof that any private information has been "misused." 

“We apologize for any concern this may cause. CommonSpirit Health and its affiliated entities … take the protection and proper use of personal information very seriously.” CommonSpirit said in a statement. 

Midway through October, the Chicago-based healthcare organization revealed it had become the victim of ransomware, a type of malicious software. Patients and professionals in the Puget Sound region had started to notice system disruptions at VMFH institutions. MyChart, a patient interface used to maintain electronic health data, medicines, and test results, was unavailable for roughly two weeks as the business took some systems offline and started looking into the issue. Appointments were canceled or rescheduled. 

Earlier this week, CommonSpirit acknowledged that between September 16 and October 3, an "unauthorized third party" had acquired access to some areas of its network. According to the statement, the third party might have had access to patients' private information over those two weeks. 

Since then, the statement stated, electronic systems have been brought back online with more security and monitoring measures. 

CommonSpirit, which operates 140 hospitals throughout 21 states, alerted the authorities and is still assisting with the investigation. The business claimed that it took action to safeguard its technological equipment, control the situation, and preserve the continuity of care. 

St. Michael Medical Center in Silverdale, St. Anne in Burien, St. Anthony in Gig Harbor, St. Clare in Lakewood, St. Elizabeth in Enumclaw, St. Francis in Federal Way, and St. Joseph in Tacoma are among the VMFH facilities in Washington. 

No other information was revealed on whether the cyberattack also impacted patient data from CommonSpirit's other facilities across the nation because the investigation is still underway, according to Burns. 

Beginning on Thursday, CommonSpirit intends to mail letters to all impacted patients. Additionally, it urged patients of VMFH institutions to check their healthcare accounts for accuracy and notify their physician or insurer of any odd services or expenditures.

CISO Discuss Main Safety Concerns

 

In terms of cyber threats, 2022 was a crucial year. Enterprises are under increased pressure to enhance their security operations in order to stay up with the republic hackers and skilled cybercriminals who have been encouraged by the Russia-Ukraine conflict.

Frank Kim, a professional and fellow of SANS Institute, has joined YL Ventures as the organization's new full-time CISO-in-residence. In order to offer assistance and direction as companies develop their cybersecurity solutions and expand their businesses, YL Ventures links startup entrepreneurs with CISOs.

Former CISO of the SANS Institute and founder of ThinkSec, a security consulting and CISO consultancy firm, Kim will focus on the financial implications of enhancing security in his new position.

An increasing number of users are worried about data security, particularly how securely organizations may use, share, and exploit data. The key to encouraging and facilitating the adoption and use of data, looking at future revenue streams for businesses. It is justified in being a top priority for CISOs because it has grown to be such a crucial component of the company and a highly profitable target for attackers. Kim said, "We have to stay up with the changing and moving data in the modern, dynamic corporate climate with M&As and consolidation."

Top characteristics of a future chief data security officer:

Exhibit strategic focus
The most effective will approach problems from a business standpoint as opposed to a technical or tactical one. They present themselves as visionary leaders rather than firefighters who are only called in during emergencies.

Assess opportunity and risk
Risk need not always be nasty or destructive, but the risk that is not handled can be. If the CISO insists that all risk is bad and must be eliminated, they risk losing the support of their colleagues and impeding forward-thinking initiatives.

Permits the display of leadership ability
The organization as a whole and the security sector esteem next-gen CISOs for their charisma, ingenuity, connections, and respectability. They never miss a chance to highlight the benefits information security has for the company.

Possesses business skills, strengthens trust, and demonstrates empathy
Through routine interaction and cooperation, they should contribute to increasing the trust of their team members, clients, partners, and other company stakeholders.






Hackers Employing Encryption are Successfully Infiltrating Organizations Worldwide

 

Threat analysts find it “increasingly difficult” to spot and thwart cyber assaults targeting their businesses, according to the latest findings from Security AI-driven hybrid cloud threat detection and response firm Vectra. 

According to the study, 70% of businesses have experienced an assault that exploited encrypted traffic to evade detection. 45% acknowledged that they have been a victim more than once. Unfortunately, 66% of respondents still lack visibility into all of their encrypted traffic, making them extremely susceptible to additional encryption attacks. 

As per the survey, analysts are unable to respond to complex threats due to the burdens placed on cybersecurity and networking specialists, which are continually growing. Major conclusions include:

  • 40% more resources in the cloud and 36% more devices on the network are to blame for the growth in workloads in threat detection and response, according to 45% of cybersecurity and networking professionals. 
  • 37% think that as threats have become more sophisticated, it has become more difficult for analysts to identify real attacks. 
  • 69 percent concur that the time between exploitation and detection provides hackers too much time to infiltrate a network – with 29 percent also citing communication issues between the security operations center and other IT teams. 
  • In addition, 23 percent believe SOC analysts do not have the right level of skills, and 18 percent believe they're understaffed, indicating security teams are not equipped to mitigate the cyberattacks. 
  • More than half (60%) of small and medium-sized businesses feel threat detection and response is now harder – suggesting smaller businesses are struggling to keep pace with the evolving landscape of cybercrime. 

“Organizations face a barrage of threats on all fronts – in their network, cloud, and IT environments – while cybercriminals use techniques like encryption to breach firms undetected. What’s more, many don’t have the skills or staff to deal with increasing security workloads,” stated Mark Wojtasiak, VP of Product Strategy at Vectra. 

“To stem the tide against them, security teams need total visibility into their environments, so they can spot the signs of an attack before it becomes a breach.”

Has Your Password Been Compromised? Here’s How to Find Out

 

If your online accounts have been hacked, you may be thinking about what to do next. There are multiple ways to find out if your accounts were hacked — and the severity of the breach. 

HaveIBeenPwned 

Have I Been Pwned, a searchable data breach database was created by Troy Hunt, a Microsoft regional director, and MVP in December 2013. With 1.5 lakh visitors every day, and three million email subscribers it is, by far, the biggest and most popular method to find out if your password has been stolen. 

You start by simply entering your email address or username, and within seconds details of any data breaches that your credentials were stolen will appear. However, the site won't tell you which sites the password was found on since this could make it possible for someone to piece together a username and password that hasn't been changed yet. 

DNS Hijack 

 A domain name system (DNS) hijack is another way that hackers can find out if their victims are using a particular website. DNS hijacks redirect your computer’s web browser to an entirely different website — usually, one that looks like the real website you’re trying to reach. 

History Scan 

You can also check your browser’s activity history to see if a hacker accessed your computer via your browser. See if there are any entries that indicate that someone used your computer to visit a website your browser normally doesn’t go to. 

Mitigation Tips 

You can't protect against everything. The most important thing you can do is to always keep your personal information secure. And even if you do everything right, there is always a chance that you'll get hacked. A breach is a catastrophe for any business, not just one dealing with large amounts of sensitive data. 

The more you know about hacks and how to mitigate them, the better equipped you are to respond to a breach. There are a number of ways to protect your online accounts, including using a password manager, two-factor authentication, and multi-factor authentication. 

If you do not think your account was accessed by someone other than you, the best thing to do is to log out of all sessions and change your password. And activate two-factor authentication, which will cut down on the likelihood that someone will gain access to your account, even if they have your password. Once you're sure that you didn't have unauthorized access to your account, you can get back to business as usual. 

There are other ways, too, that you can protect yourself from online threats, including installing your operating system's built-in protection or using a virtual private network (VPN). And if you do think your account was accessed by someone other than you, make sure to report it as a potential hacking attempt.

Businesses Need to Ramp Up Their Security to Counter Future Attacks

 

The report, which was published by Perception Point and Osterman Research this week, found that firms typically spend $1,197 per employee each year to deal with cybersecurity incidents, which can add up quickly over time. Because of this, Deloitte believes that employees and board members will be better equipped to thwart cyberattacks in 2023. 

Moreover, Deloitte anticipates that securing emerging technologies, bolstering connected device visibility, and data security practices will be priorities for organizations in 2023. Security supply chains, in addition to security talent shortages and issues, are also likely to continue. The talent shortage, however, is likely to persist as security supply chains continue to struggle, the company leaders mentioned. 

The experts predicted that future-forward preparedness and organizational resilience will play an important role in helping enterprises better manage their vulnerability to adversary actors in the future, in addition to cybersecurity. 

Mulesoft, a Salesforce-owned company, also made predictions about the businesses in 2023. It noted that, up until now, companies have remained committed to digital transformation, speeded up by automation, composable agility, low-code, and no-code tools, data automation, and layered cyber defenses to continue to grow. 

Quantum Growth 

While tech giants like Google, IBM, Microsoft, and Intel made headlines this week, they are also pushing ahead with cloud services and other tools to test quantum algorithms. 

Sandeep Pattathil, a senior analyst at IT advisory firm Everest Group, told VentureBeat that quantum computing’s algorithmic improvements will remain the biggest challenge. He said that IBM, Microsoft, and Google are all working on cloud services to test quantum algorithms. It will also be difficult for them to develop speedy quantum computing programs. 

 AI Needs Change 

According to Kevin McNamara, CEO, and founder of synthetic data vendor, Parallel Domain, which just raised $30 million in a series B round led by March Capital, Artificial intelligence (AI) may be eating the world as we know it, but Ai itself is also starving — and needs to change its diet. 

“Data is food for AI, but AI today is underfed and malnourished,” stated Kevin McNamara. “That’s why things are growing slowly. But if we can feed that AI better, models will grow faster and in a healthier way. Synthetic data is like nourishment for training AI.”

Multiple Flaws in Popular Redaction Tools Put Secret Data at Risk

 

The latest findings from a team at the University of Illinois disclosed multiple security vulnerabilities in the most popular tools for redacting PDF documents. 

The report, which has been published as a preprint by Maxwell Bland, Anushya Iyer, and Kirill Levchenko, examined 11 popular redaction tools. Out of 11, the team identified that PDFzorro and PDFescape Online allowed full access to text that had allegedly been redacted by merely copying and pasting it. 

The findings go further than copy and pasting. It also highlights the latest technique to target PDF documents and employ hidden fingerprints to disclose names that have been redacted. The team’s primary focus was on names, as they are commonly redacted and are sensitive in nature. It does not seem possible to unredact large blocks of text, Bland explained. 

To extract secret details from the text, the team devised a tool, called Edact-Ray, that can “identify, break, and fix redaction information leaks.”

“Even if you do the redaction, supposedly correctly, even if you remove the text, there’s a lot of latent information that is dependent on the content that was redacted, and even that can leak information,” Levchenko stated. “If you redact a name in a PDF, if the attacker has any context—they know this is an American—they will be able to, with high probability, either recover that name or narrow it down to a very small list of candidates.” 

Over the past three decades, numerous high-profile redaction failures have leaked sensitive data. These have involved mistakes in the redaction process, failure to properly safeguard the data, and the inclusion of enough details to allow people to decipher what the redactions were meant to be. 

For example, in 1991 researchers employed a “desktop computer” to reverse engineer the Dead Sea Scrolls resulting in the leak of their full text and documents. Seventeen years later in 2008, sensitive information regarding wiretapping agreements between the US government and telecom companies was easily accessible by the aforementioned method of copy and paste. And in February last year, the European Commission disclosed a version of its Covid-19 contract for the AstraZeneca vaccine that it didn’t properly redact. 

When it comes to successfully redacting archives and safeguarding people’s data, the Illinois researchers hope their work will encourage the software program builders to include tools that restricts secret data from being leaked. According to the researchers, the NSA’s advisory for redacting documents is perhaps the best method to shield redactions. If a user redacts Word documents, then it should alter the content material of the original document before redacting the resulting PDF.

Malicious Chrome Extension Discovered Siphoning Private Data of Roblox Players

 

Customers at Roblox, the popular online game platform, are being targeted via malicious Google Chrome browser extension that attempts to siphon their passwords and private data. 

Threat analysts at Bleeping Computer uncovered two separate chrome extensions called SearchBlox, with more than 200,000 downloads, containing a backdoor that allow the hackers to steal users’ Roblox credentials and their Rolimons assets. 

It remains unclear clear whether the designer of these two extensions added the backdoor intentionally or if another hacker did, however, threat analysts were able to analyze their code and find the backdoor. 

The malicious extensions identified on the Chrome Web Store add a player search box to the users’ page that allows it to scan the game’s servers for other players. Although they have different icons, the extensions were both designed by the same developer and have identical descriptions. 

Surprisingly, the first extension was actually featured on the Chrome Web Store despite its three-star rating. Upon scanning the comment section on its review page, Roblox players seemed quite satisfied with the extension before the backdoor was suddenly added, which indicates that a threat actor was responsible and not its developer TheM2. 

To mitigate the potential threat, researchers advised Roblox players to uninstall the extension immediately, clear browser cookies, and alter the login credentials for Roblox, Rolimons, and other websites where they logged in while the extension was active. 

Additionally, the Google spokesperson confirmed that the extensions were removed immediately and would also be automatically erased from systems where they were installed. 

"The identified malicious extensions are no longer available on the Chrome Web Store," Google stated. The extensions are block listed and will be automatically removed from any user machine that previously downloaded them." 

This is not the first instance Roblox users have been the victims of cybercrime. Earlier this year in May, security experts identified a malicious file concealed inside the legitimate Synapse X scripting tool which is utilized to inject exploits or cheat codes into Roblox. 

Malicious hackers exploited Synapse X to deploy a self-executing program on Windows PCs that installs library files into the Windows system folder. This has the potential to break applications, corrupt or erase data or even send data back to the attackers responsible.

Experts Look into WhatsApp Data Leak: 500M User Records for Sale

 

On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum. The dataset is said to contain WhatsApp user data from 84 different countries. 

According to the threat actor, there are over 32 million US user records included. Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey each have a sizable number of phone numbers (20 million). The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens. The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.

Since such data is frequently used by attackers in smishing and vishing attacks, we advise users to be cautious of any calls from unknown numbers, as well as unsolicited calls and messages. According to reports, WhatsApp has more than two billion monthly active users worldwide. The seller of WhatsApp's database provided a sample of data to Cybernews researchers upon request. The shared sample included 1097 UK and 817 US user numbers.

Cybernews probed all of the numbers in the sample and was able to confirm that they are all WhatsApp users. The seller did not say how they obtained the database, only that they "used their strategy" to collect it, and assured Cybernews that all the numbers in the instance belong to active WhatsApp users.

Cybernews contacted WhatsApp's parent company, Meta, but received no immediate response. We will update the article as soon as we learn more. The data on WhatsApp users could be obtained by harvesting information at scale, also known as scraping, which is against WhatsApp's Terms of Service.

This claim is entirely speculative. However, large data dumps posted online are frequently obtained through scraping. Over 533 million user records were leaked on a dark forum by Meta, which has long been chastised for allowing third parties to scrape or collect user data. The actor was practically giving away the dataset for free.

Days after a massive Facebook data leak made headlines, a popular hacker forum listed an archive containing data purportedly scraped from 500 million LinkedIn profiles for sale. Phone numbers that have been leaked could be used for marketing, phishing, impersonation, and fraud.

Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data. We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”

Microsoft Announces the Microsoft Supply Chain Platform

 

Software as a Service (SaaS) applications from Microsoft that combine artificial intelligence, collaboration, low-code, security, and supply chain management have been launched as the Microsoft Supply Chain Platform.

Dynamics 365, Microsoft Teams, Power BI, Power Automate, Power Apps, Azure Machine Learning,
Azure Synapse Analytics, Azure IoT, the Microsoft Intelligent Data Platform, Azure Active Directory,
Defender for IoT and Microsoft Security Services for Enterprise are among the Microsoft
applications and platforms in this group.
 
Microsoft's PowerApps low-code development platform is intended to let users create a connected supply chain. It enables supply chain information, supply and demand insights, performance tracking, supplier management, real-time collaboration, and demand management to lessen risk.

Additionally, it addresses order tracking and traceability, pricing management, warehouse
management, and inventory optimization. According to Microsoft, businesses are suffering from an overabundance of petabytes of data that are dispersed among legacy systems, enterprise resource planning (ERP) software, and custom solutions, giving them a fragmented view of their supply chain.

The Microsoft Supply Chain Center preview has also been released by Microsoft. It promises to track global events that may impact a customer's supply chain, coordinate actions across a supply chain, and use AI to lessen supply and demand mismatches. According to Microsoft, this constitutes the foundation of the supply chain platform.

"Although supply chain disruption is not new, its complexity and the rate of change are outpacing organizations' ability to address issues at a global scale. Many solutions today are narrowly focused on supply chain execution and management and are not ready to support this new reality," said Charles Lamanna, corporate vice president, of Microsoft Business Applications and Platform, in a press release.

"Businesses are dealing with petabytes of data spread across legacy systems, ERP, supply chain management and point solutions, resulting in a fragmented view of the supply chain," Lamanna stated. 

"Supply chain agility and resilience are directly tied to how well organizations connect and orchestrate their data across all relevant systems. The Microsoft Supply Chain Platform and Supply Chain Center enable organizations to make the most of their existing investments to gain insights and act quickly." 

Even though it wants to serve as a platform for the entire supply chain, it will continue to collaborate with businesses like Accenture, Avanade, EY, KPMG, PwC, and TCS. Data from standalone supply chain systems, SAP and Oracle ERP systems, Dynamics 365, and other systems will be fed into the Microsoft Supply Chain Center.

Data ingestion for supply chain visibility is made possible via the Supply Chain Center's Data Manager capability. FedEx, FourKites, Overhaul, and C.H. Robinson are some of the partners in the preview launch. The supply and demand insights module, the order management module, the built-in Teams connection, and partner modules within the center are just a few of the prebuilt modules that the Supply Chain Center provides to solve supply chain disruptions.

According to Microsoft, the data remains consistent regardless of the module used because the center runs on a Dataverse common data service environment, eliminating the need to check which reports have the most recent data.

IoT Security: A Major Concern for Businesses Worldwide

 

As technology continues to evolve and more industries across the globe become connected, understanding the security challenges linked with the industrial internet of things (IoT) deployments is increasingly important. 

Businesses planning to roll out a manufacturing or industrial IoT initiative, or link existing technology for automated and remote monitoring or access, will need to consider all of the potential threats and attack vectors linked with those decisions. The most common security challenges with industrial IoT security are as follows: 

Security Breach Via Old Systems 

The surge in the volume of IoT apps has made it easier for malicious hackers to identify vulnerabilities to infiltrate organizational data. The operation of multiple IoT devices through the same internet connection makes it easier for attackers to exploit them as a point of illegal access to other resources. This lack of network segmentation can be devastating, as one successful assault on an IoT device can open the door to attackers to siphon sensitive data. 

To safeguard IoT-powered enterprises from data breaches, it’s important to boost the security of the devices with a hardware-based VPN technology and execute a real-time monitoring solution that will continuously scan and report the behavior of the linked devices. 

DDoS Attack 

The hackers can target businesses' endpoint devices by flooding them with overwhelming traffic so that they cannot complete the work they were intended to do. 

For example, when an industrial thermostat is linked to unprotected internet, a coordinated DDoS attack on the entire system could lead to system downtime. One of the best ways to mitigate this type of IIoT threat is to safeguard internet connection with a firewall. 

Device Spoofing  

In IIoT, a device spoofing assault is launched when the hackers pose themselves as a legitimate device to send information between businesses' centralized network and the IIoT endpoint device. For example, the hacker can pose a trusted IoT sensor to send back false information that could alter an organization’s manufacturing process. However, this risk can be mitigated by employing a hardware-based security solution.

Device Theft 

Another common issue, particularly with devices out in the field, is the theft of the physical devices themselves. This threat increases when endpoint devices are storing critical data that may cause concern if that information is stolen by the attackers. 

To minimize the threat, it’s necessary to avoid storing sensitive information on endpoint devices and use cloud-based infrastructure to store critical data. 

Data Siphoning 

The smooth deployment of data by endpoint devices can be blocked via an eavesdropping attack. What the hacker does here is eavesdrop on the network traffic from the endpoint device to secure access to collected data. 

The industries most impacted by this type of IoT attack are the health, security, and aerospace industries. To mitigate the threat, organizations must have a security policy ensuring that all transmitted data is adequately encrypted using the best encryption software. 

“Organizations need to think through this. There are a lot of requirements and they need to figure out a strategy. When looking at product security requirements, I see this as a challenging aspect as organizations get a handle around what they are manufacturing,” Robert M. Lee, CEO at Dragos Incorporation raised a concern regarding organizations' security. 

“There are organizations for example in industries such as health care, medical devices, and power and utilities that are starting to ask questions of their suppliers as they consider security before they deploy devices into their customer ecosystem. Where I see a lot of organizations struggle is in understanding system misconfiguration or not having the architecture, they thought they did in order to make sure their manufacturing environment is reliable.”

SWFD Alerts Patients About the Ransomware Attack


Santa Rosa Beach, Fla.(WMBB) – The South Walton Fire District is facing a ransomware attack, that initially took place in May 2022. 

The threat actor reportedly targeted computer systems in the past Memorial Day. The hack may impact patient information, particularly the data the fire district transported between the years 2007 and 2019, says South Walton Fire District officials. 

While the officials confirmed that no information so far has been leaked, a thorough investigation of the incident is ongoing. The district officials as well are taking additional precautionary measures in order to secure the leaked information of the patients. 

Details of The Ransomware Attack 

On Memorial Day, SWFD discovered that someone had encrypted their dispatch system's data, acquired temporary access, and left a ransom note. 

“In essence, what somebody had done was get access to the system, encrypted the data, and left a ransom note for us to, basically, pay that ransom in order to get that data back […] Fortunately, internally we have a pretty robust mechanism in place to do backups. So we never had to engage that threat actor to gain that data back. We were able to re-install that data and be back up and running in about a day and a half,” says South Walton Fire District Fire Chief Ryan Crawford. 

Chief Crawford mentions that immediate measures were put into action after the district learned about the attack, by calling in federal, state, and local law enforcement. He says that they are continuously working on newer methods and technologies against threat actors in order to secure data. 

“We have already taken a number of additional layers of protection to try and mitigate the issue and prevent further instances like this from occurring,” says Crawford. 

Describing one of the cautionary measures, Crawford says, “One of the easiest ways is to take those archived medical records completely offline […] And so now, you know, those are really accessible to us for when people do public records requests and those sorts of things, it now requires us to go into the room where that server is located to pull that information rather than doing that remote.”

In addition to this, SWFD has also established a toll-free call center to solve queries regarding the incident and address related concerns. The call center agents can be reached at 1-800-939-4170 from 8 a.m. to 8 p.m. Central Time, Monday through Friday.  

Apple is Tracking Your Every Move, Here's All You Need to Know

 

Tech giant Apple projects itself as a privacy-focused firm, but according to the latest research, the company might be contradicting its own practices when it comes to collecting App Store data. 

According to a Twitter thread published by an iOS developer and security researcher Tommy Mysk, Apple tracks customers' activity via 'Directory Services Identifier' or DSLD which is linked to the customer’s iCloud and is able to collect private data like name, email address, and contacts. 

What’s more worrying is that the revelations reported in the thread state that even if customers switch off device analytics in the ‘Settings menu, the company deploys this dsId to other apps too. 

“Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you,” Mysk tweeted. 

However, the tech giant’s Device Analytics & Privacy document says that none of the user information collected is linked to that individual, suggesting that as a user, you would appear anonymous.

“None of the collected information identifies you personally. Personal data is either not logged at all, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple. You can review this information on your iOS device by going to Settings > Privacy & Security > Analytics & Improvements and tapping Analytics Data,” the document reads.

Even though Apple continues to prattle that it is a privacy-oriented firm that values customers’ privacy and focuses to give them more control over what data they want to share or not share with advertisers and app designers, it can still employ DSLD for its own personal benefits, whatever those may be. 

Earlier this month, Gizmodo reported that a lawsuit was filed against Apple, with the plaintiff stating that Apple illegally siphons user data even when the firm's own privacy settings promise not to. The lawsuit was filed based on Mysk’s research; however, the researcher was unable to analyze the data in iOS 16 due to its encryption.

The Need of Identity Security: AI and CyberSecurity Hand-In-Hand

 

Automated processes powered by artificial intelligence (AI) are reshaping society in significant ways, from robotic assembly lines to self-driving cars. However, AI cannot do everything on its own; in fact, many organizations are realizing that automation works best when it collaborates with a human operator. Similarly, when well-trained AI assists them, humans can often operate more efficiently and effectively. Identity security, in particular, is an excellent example of a field where augmenting the human touch with AI has produced extremely positive results.

Consider the sheer number of identities that exist in today's world. Users, devices, applications, servers, cloud services, databases, DevOps containers, and a plethora of other entities (both real and virtual) now require identity management. Furthermore, in order to be productive in enterprise environments, modern employees use a wide range of technologies and data. Together, these two dynamics pose a challenge for identity security — at today's scale, determining which identities require access to which systems are well beyond human capacity.

This is significant because cybercriminals are increasingly targeting identities. According to the most recent "Verizon Data Breach Investigations Report" (DBIR), credential data is now used in nearly half of all breaches, and stolen credentials are one of the most common ways attackers compromise identities. Attackers use a variety of methods to obtain those credentials, the most common of which is social engineering. Hackers have gotten very adept at recognizing ways to trick people into making mistakes. This is a major reason why today's attackers are so difficult to stop: Humans are frequently the weak link, and they cannot be patched. It is simply not possible to create a preventative solution that will stop 100% of attacks.

This is not to say that preventative measures such as employee education, multifactor authentication, and frequent password changes aren't necessary; they are. They are, however, insufficient. A determined attacker will eventually find a vulnerable identity to compromise, and the organization will need to know what systems the attacker had access to and whether those privileges exceeded its actual needs. If an accountant's user identity is compromised, that is a problem — but it should be limited to the accounting department. However, in a company where overprovisioning is common, an attacker who compromises a single identity could gain access to a variety of systems.

This is a more frequent problem than you might think — when an organization has tens of thousands of identities to manage, it is tricky to ensure that each one has privileges that correspond to its essential functions.

It used to be, at least. When applied to identity security, AI-based technologies have enabled enterprises to not only manage identity permissions at scale but also to evolve identity security decisions over time to ensure that they match the changing needs and dynamics of the business. AI can be trained to recognize patterns that normal human users would miss. 

For example, they may look for permissions that are rarely used and recommend that they be revoked — after all, why risk allowing an attacker to exploit them if they aren't being used? These tools can be trained to recognize when the same type of user repeatedly requests access to specific data. They can then report that information to an IT team member, who will determine whether additional permissions are required.

AI-based identity tools can help to develop more appropriate permissions for identities across the organization by identifying these patterns, while also providing IT staff with the information they need to make aware decisions as circumstances change. AI tools ensure that giving up a single identity does not grant an attacker complete control of the system by removing extraneous, unnecessary permissions. They also imply that, rather than impeding productivity, the IT team can boost it. They can ensure that all identities under management have access to the technology and data they require by quickly identifying when it is safe and appropriate to grant additional permissions. None of this would be possible unless humans and AI collaborated.

Gone are the days when managing identities and their permissions could be done manually; today, ensuring that each identity has the appropriate level of access requires significant assistance from artificial intelligence-based technology. Organizations can merge the speed and accuracy of automation with the contextual judgment of human decision-making by augmenting the human touch with AI. Together, they can assist organizations to manage their identities and entitlements more effectively while significantly reducing the impact of any potential attack.

How these Invisible Images Enable Companies Eavesdrop on your Email — Here’s all you need to know

 

The emails are eavesdropping on you. Most of the billions of emails that arrive in our inboxes every day contain hidden trackers that can tell the recipient when you open them, where you open them, how many times you've read them, and much more — a privacy nightmare that many call "endemic." Fortunately, you can take measures to safeguard yourself and your inbox. 

Advertisers and marketing firms, in particular, embed tracking pixels in their promotional emails to keep track of their mass campaigns. Senders can learn which subject lines are the most "clickable," and which of their targets are potential customers, based on how people interact with them.

Though this is beneficial from an analytics standpoint, it is frequently done covertly and without consent.  There is a simple way to disable email tracking. Continue reading to learn more about these troublesome little pixels and how to get rid of them.
 
Email tracking pixels:

The email tracking pixel is a surprisingly simple concept that allows anyone to secretly collect a plethora of information about you as soon as you interact with their messages.

When someone wants to know if you read their email, they insert a tiny 1 pixel by 1 pixel image into it. When you open the email, it sends a ping to the server where the image is stored and records your interaction. The sender can tell your location by checking where that network ping was launched and what type of device was used, in addition to whether or not you clicked their email and how many times you clicked it.

There are two possible explanations for why you never notice that tracking graphic. For starters, it's insignificant. Second, it's in GIF or PNG format, enabling the company to keep it transparent and invisible to the naked eye. A sender will frequently conceal this in their signature. As a result, that fancy font or flashing company logo at the bottom of a commercial email may be more than just a cosmetic presence.

More importantly, studies have revealed that by pairing your location and device specifications, advertisers and other malicious actors can link your email activities with your browser cookies. This opens a can of worms because it allows them to identify you wherever you go online and connect your email address.

Most email clients, including Gmail and Outlook, do not have this feature built-in, but you can use third-party tools. It's recommended to use the Chrome and Firefox extensions Ugly Email for Gmail. It places an "eyeball" icon next to emails containing tracking pixels and prevents them from spying on you. If you use Yahoo or Outlook, you can also use Trocker, which marks emails with trackers on their websites.

These extensions, however, are only available on your computers. You'll need to subscribe to a premium email client like HEY to detect email trackers on your phone.

How to block email tracking pixels?

Email trackers are easy to detect because they rely on hidden media attachments. The simplest method is to simply disable image loading in your email apps by default and only do it manually for emails you trust or when there is an attachment to download.

1. Adjust your existing inbox: On Gmail, the option to block external images is available under Settings > Images > Ask Before Displaying External Images on the web and mobile apps. On Outlook apps, it’s found under Options > Block External Images on mobile and Options > Trust Center > Automatic Download on desktop.

Though Apple Mail also lets you accomplish this from Preferences > Viewing > Load remote content in messages, you can directly block trackers on it as long as you’re on macOS Monterey. Head over to Mail > Preferences > Privacy and check the “Protect Mail Activity” box. 

2. Get yourself a private relay email address: The issue with the methods discussed previously is that they only block tracking pixels after the email has already arrived in your inbox — they don't remove them entirely. To ensure that you never open an email containing trackers by accident, you'll need a proxy address that scans your messages and eliminates any malware before they show up in your inbox.

Another advantage is that you can keep your personal email address private and only provide a relay ID to websites, newsletters, and other services. There are numerous free services that provide a proxy email address. 

Email Protection from DuckDuckGo is recommended. It allows you to create a new custom relay address, which secures your mail before forwarding it to your personal inbox by booting the trackers and encrypting any unsecured links in the body. DuckDuckGo adds a small section at the top of forwarded emails that tells you whether it found any trackers in it and, if so, which companies were responsible for it.

To sign up for the DuckDuckGo app on an Android or iPhone, go to Settings > Email Protection. You can get started on a desktop with the DuckDuckGo browser extension or its Mac browser.


Scammers are Targeting Black Friday and Cyber Monday Shoppers

 

As Black Friday and Cyber Monday (BFCM) approach, hackers are plotting new tricks to spoil the party of shoppers. 

Last year, US shoppers spent USD 10.90 billion on Cyber Monday and another USD 9.03 billion on Black Friday. At the same time, merchants also hope to cash in on any additional traffic that BFCM brings to their ecommerce sites. 

But, while more traffic often brings more opportunities, it also directs to increased rates of online fraud. According to the UK's National Cyber Security Centre (NCSC), victims of online shopping frauds lost an average of ($1,176) each during the holiday shopping period last year – and the figure is rising. 

Sophisticated Technique 

To understand the patterns of cyber fraud, threat analysts at Bitdefender Antispam Lab have examined the fraudulent activities associated with Black Friday and Cyber Monday. 

During their study of fraud patterns between October 26 and November 9, the analysts detected that rate of unverified Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related mail. The fraudsters employed multiple email subjects in an attempt to lure the recipients into visiting the fake websites to receive huge discounts. 

The researchers also identified a widespread online campaign inviting recipients to claim gift cards from popular retailers like Home Depot. In this case, the malicious emails include links to bogus online survey pages that have nothing to do with the retailer’s gift card. 

Once the victims have completed the survey, they were directed to another page where they could choose the ‘prize.’ To receive the prize at their doorstep, recipients were requested to pay for the shipment by providing private and banking details. 

“We scored an iPhone 13, though. The displayed page uses the recipients’ IP address to display a localized version of the scam – in our case Romania. We need to pay 15 RON (roughly 3.06 USD) for shipping and enter our name and address,” one of the recipients of fraud mail stated. “After entering our shipping details, we were prompted to enter our payment information, including cc number and CVV code.” 

Prevention Tips 

  1. Always scan the sender’s email address and look for typos 
  2. Never interact with unsolicited giveaway correspondence 
  3. Always shop on verified websites you already know 
  4. Research properly before providing details to a new vendor 
  5. Avoid accessing links or attachments from unverified sources

This Infostealer has a Lethal Sting for Python Developers

 

Checkmarx cybersecurity researchers discovered over two dozen malicious packages on PyPI, a popular repository for Python developers, and published their findings in a new report (opens in new tab). 

These malicious packages, which are designed to look almost identical to legitimate ones, attempt to dupe inexperienced developers into downloading and installing the wrong one, thereby spreading malware. The practice is known as typosquatting, and it is widely used by cybercriminals who target software developers. 

The attackers use two distinct methods to conceal the malware: steganography and polymorphism. Steganography is the practice of concealing code within an image, allowing threat actors to spread malicious code via seemingly innocent.JPGs and.PNGs. Polymorphic malware, on the other hand, changes the payload with each installation, allowing it to avoid detection by antivirus software and other cybersecurity solutions.

These techniques were used by the attackers to deliver WASP, an infostealer capable of stealing people's Discord accounts, passwords, cryptocurrency wallet information, credit card data, and any other information on the victim's endpoint that the attacker deems interesting.

When the data is identified, it is returned to the attackers via a hard-coded Discord webhook address. The campaign appears to be a marketing ploy, as researchers discovered threat actors advertising the tool on the dark web for $20 and claiming that it is undetectable.

Furthermore, the researchers believe this is the same group that was behind a similar attack reported earlier this month by Phylum(opens in new tab) and Check Point researchers (opens in new tab). It was previously stated that a group known as Worok had been distributing DropBoxControl, a custom.NET C# infostealer that uses Dropbox file hosting for communication and data theft, since at least September 2022.

Worok, based on its toolkit, is thought to be the work of a cyberespionage group that operates quietly, moves laterally across target networks, and steals sensitive data. It also appears to be using its own, proprietary tools, as no one else has been observed using them.

Ransomware Remains a Major Cyber Threat for Organizations Worldwide

 

Trellix, the cybersecurity firm delivering the future of extended detection and response (XDR), has published 'The Threat Report: Fall 2022,' examining cybersecurity patterns and attack techniques from the first quarter of the year. 

The threat report includes evidence of malicious activity linked to ransomware and state-linked advanced persistent threat (APT) hackers. The researchers examined proprietary data from its sensor network, open-source intelligence, and investigations by the Trellix Advanced Research Center. Here are some of the report’s key findings: 

• Transportation was the second most active sector globally, following telecom. APTs were also detected in transportation more than in any other sector. 

• Ransomware attacks surged 32% in Germany in Q3 and contributed 27% of global activity. Germany also experienced the most threat detections related to malicious hackers in Q3, with 29% of observed activity. In the United States, ransomware activity increased 100 % quarter-over-quarter in the transportation and shipping industries for Q3 2022. 

• Mustang Panda, a China-linked APT group, had the most identified threat indicators in Q3, followed by Russian-associated APT29 and Pakistan-linked APT36. 

• Phobos, ransomware sold as a complete kit in the cybercriminal underground, accounted for 10% of global detected activity and was the second most used ransomware detected in the US. 

• The infamous LockBit remained the most propagated ransomware in the third quarter of 2022, generating over a fifth (22%) of detections 

• Years-old security loopholes continue to remain a perfect target spot for threat actors. Threat analysts detected Microsoft Equation Editor vulnerabilities CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 to be the most abused among malicious emails received by users during Q3. 

• Cobalt Strike, an authentic third-party tool, was employed in 33% of detected global ransomware activity and in 18% of APT detections in Q3. 

“So far in 2022, we have seen unremitting activity out of Russia and other state-sponsored groups. This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education. The need for increased inspection of cyber threat actors and their methods has never been greater,” John Fokker, Trellix head of threat intelligence, stated. 

Earlier this year, Trellix announced its partner program to include multiple latest features along with 10 new technology associates and technology integrations with its flagship platform. The partner additions bring Trellix’s ecosystem to some 800 partners associated with its XDR platform.