Cybersecurity Articles
- EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.
- “With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.
- Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.
- Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.
- In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.
- Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.
- This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.
- The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
- “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.
- “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.
- What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
- Those links led to webpages mimicking the Okta authentication page used by the target’s employer.
- Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- After a recent dip, ransomware attacks are back on the rise.
- With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.
- It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
- Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.
- New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
- Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
- Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
- According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
- Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.
- In this guide, we'll walk you through how to fully delete your X account and take all of your valuable data with you.
- How to delete your X accountUnlike some other sites that let you immediately delete your information and close your account, X requires a 30-day deactivation period when you choose to delete your account.
- Deactivate third-party services The first step you should take when deleting your account is to unlink all third-party services: Log in to your X account.
- Archive your X data When your deactivated X account reaches the end of the 30-day deactivation window, all your data will be permanently deleted from the social network's servers.
- Fully delete your X account Because this process differs somewhat between a PC and a phone, we'll describe each scenario individually.
- While many companies ship routers with bugs, sources told the WSJ, TP-Link doesn't take necessary steps to address security flaws.
- A TP-Link spokesperson told the WSJ it does address security concerns, but one Chinese hacking entity has used its network – mostly TP-Link devices – to launch several cyberattacks, including ones against Defense Department suppliers.
- What happens if the government bans TP-Link routers?
- The most likely ban would be one limiting the purchase of new devices.
- This means that if you're in the market for one, you'd be looking at higher-priced options from other manufacturers.
- One method that can help is placing an Apple AirTag inside your bag.
- According to MacRumors, the full list of airlines supporting the feature as of now includes United, Delta, British Airways, Lufthansa, Air Canada, Air New Zealand, Turkish Airlines, Aer Lingus, Austrian Airlines, Brussels Airlines, Swiss International Airlines, Eurowings, and Iberia Airlines.
- The location sharing automatically stops when you find your item, though you can manually turn off the sharing whenever you wish.
- Only a few people will be able to see the location link.
- At the next screen, tap the link for Share Item Location in the Lost AirTag section.
- The high volume prompts bad actors to try scamming users out of their money while making it more challenging for email providers to protect users against them.
- However, despite the protections, the company encourages users to watch for scams and to report suspicious emails such as spam and phishing.
- In particular, Google identifies three scams that are frequently used during the holiday season: invoice, celebrity, and extortion scams.
- In an invoice scam, the scammer sends a fake invoice to users, claiming the user owes them money.
- For example, a message will appear to come from the celebrity themself or have a celebrity endorse a specific product.
- Benson George/Getty ImagesWhen Microsoft introduced Windows 11 in 2021, its new, stringent hardware compatibility test included checking for the presence of a Trusted Platform Module (TPM) -- specifically, one that meets the TPM 2.0 standard.
- In Windows, the TPM works with the Windows Secure Boot feature, which verifies that only signed, trusted code runs when the computer starts up.
- Intel CPUs from that era include a TPM 2.0 that's embedded in firmware (Intel calls this feature Platform Trust Technology, or PTT).
- To see details about the TPM in your Windows PC, open Device Manager and look under the Security Devices heading.
- For details, see "How to upgrade your 'incompatible' Windows 10 PC to Windows 11."
- That means someone with this capability can avoid tolls and tickets, or even change their plate to be the same as their enemy.
- Staff at the Cybersecurity and Infrastructure Security Agency are preparing for an uncertain future.
- As such, its use could further degrade victims of these scams or shame them into not reporting a crime.
- Each week, we round up the security and privacy news we didn’t cover in depth ourselves.
- The announcement comes as panic over reported mysterious drone sightings in the two states has surged in recent weeks.
- Using a VPN, according to the tutorials, introduces a delay that makes it easier to sneak up and tag other players.
- The free VPN app that the video tutorials point to, Big Mama VPN, is also selling access to its users’ home internet connections—with buyers essentially piggybacking on the VR headset’s IP address to hide their own online activity.
- While the Big Mama VPN works as it is supposed to, the company’s associated proxy services have been heavily touted on cybercrime forums and publicly linked to at least one cyberattack.
- An unpublished analysis that Trend Micro shared with WIRED says its data shows that the VR headsets were the third most popular devices using the Big Mama VPN app, after devices from Samsung and Xiaomi.
- “If you’ve downloaded it, there’s a very high likelihood that your device is for sale in the marketplace for Big Mama,” says Stephen Hilt, a senior threat researcher at Trend Micro.
- The US Senate passed the National Defense Authorization Act (NDAA) on Wednesday after congressional leaders earlier this month stripped the bill of provisions designed to safeguard against excessive government surveillance.
- The Senate’s 85–14 vote cements a major expansion of a controversial US surveillance program, Section 702 of the Foreign Intelligence Surveillance Act (FISA).
- The vague text was introduced into the law by Congress in April, with Democrats in the Senate promising to correct the issue later this year.
- But as a result of Congress redefining the term, the new limits of the government’s wiretap powers are unclear.
- Due to the classified nature of the 702 program, however, the updated text purposefully avoids specifying which types of new businesses will be subject to government demands.
- The Department of Homeland Security issued warnings to state and local law enforcement agencies this summer regarding the “growing illicit use” of commercial drones, internal documents show.
- Among the recommended steps was to conduct “exercises to test and prepare response capabilities.”A DHS memo from August, which has not been previously reported, paints US cities as woefully underprepared for the “rising” threat of weaponized drones.
- Additionally, the agency has urged local agencies to generously deploy, where legal, sensors capable of detecting and identifying commercial drones.
- New Jersey residents have been steadily reporting bright lights and flying objects in the sky over the past few weeks.
- At the same time, federal authorities have worked to downplay the significance of the reports.
- The rise of so-called pig butchering investment scams over the past few years largely caught the world unawares, capitalizing on conditions surrounding pandemic lockdowns and global economic instability to fool people into giving away their money to attackers.
- But as researchers and law enforcement have scrambled to raise awareness about the crisis—including scammers’ use of forced labor—any way they can, the term “pig butchering” itself has emerged as an attention-grabbing and recognizable symbol.
- Because the term was coined by scammers themselves, though, officials from the intergovernmental law enforcement organization Interpol now say that they will stop using it.
- Invoking scammers’ derogatory terminology, though, is dehumanizing and further perpetuates the stigma that many scam victims feel about having been deceived.
- In recent months, both independent researchers and some at major tech companies have told WIRED they had concerns about the phrase “pig butchering,” its origins, and implications.
- In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior government officials and politicians – to lock down and protect their smartphones as much as possible and to use “Signal or a similar app” for secure communications.
- Security advice for iPhone, Android users“Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” says the US Cybersecurity and Infrastructure Security agency.
- The guide also lists iPhone and Android-specific recommendations, such as restricting app permissions, using encrypted DNS services, using Apple and Google-provided security protections such as Lockdown Mode, Apple iCloud Private Relay, and Google Play Protect.
- “While no single solution eliminates all risks, implementing these best practices significantly enhances protection of sensitive communications against government affiliated and other malicious cyber actors,” the agency noted.
- Earlier this month, CISA and cybersecurity agencies from Australia, Canada and New Zealand published a guide advising telecommunications providers on how to harden their communications infrastructure and strengthen their capability to identify threats, anomalous behavior, and vulnerabilities.
- A 30-year old Romanian man was sentenced to 20 years in prison for leveraging the Netwalker ransomware to extort money from victims, the US Department of Justice announced on Thursday.
- “According to court documents, Hulea admitted to participating in a conspiracy to use a sophisticated form of ransomware known as NetWalker.
- In early 2021, a coordinated international law enforcement action disrupted the group’s dark web site used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims.
- At the same time, another affiliate – Canadian national Sebastien Vachon-Desjardins – was indicted for using the ransomware to obtain over $27.6 million form victims.
- He was sentenced in late 2022, also to 20 years in prison.
- As the energy sector undergoes significant modernization, particularly with the integration of renewable energy sources and smart grid technologies, how do you perceive the role of cybersecurity in ensuring the resilience and reliability of energy infrastructure?
- With the digitalization of the energy sector, there are various cybersecurity issues that have a direct impact on the resilience and reliability of the entire energy infrastructure.
- Reflecting on recent cyber incidents that have impacted the energy sector, what key lessons can be drawn to enhance the cybersecurity posture of critical energy infrastructure?
- These insights are then forwarded to formal legislative and standardization bodies, strengthening global cybersecurity efforts in the energy sector.
- What emerging technologies are most promising for enhancing the cybersecurity of critical energy infrastructure?
- Additionally, hackers are increasingly using GenAI solutions, with 77% now reporting the adoption of such tools—a 13% increase from 2023.
- 66% of survey respondents report security teams can’t keep up with AI-powered developers.
- Two-thirds of organizations prioritize AI risk assessment using existing internal processes (65%) and/or guidance and best practices from professional organizations (63%).
- Nearly half of respondents describe their risk tolerance towards AI as very high (17%) or high (29%), while only 12% report a low (9%) or very low (3%) AI risk tolerance.
- 92% of security pros have security concerns around generative AI, with specific apprehensions including employees entering sensitive company data into an AI tool (48%), using AI systems trained with incorrect or malicious data (44%), and falling for AI-enhanced phishing attempts (42%).
- Financial institutions face growing cyber threatsIn 2024, roughly 65% of financial organizations worldwide reported experiencing a ransomware attack, compared to 64% in 2023 and 34% in 2021.
- 46% of financial companies recorded indicated they had a breach in just the last 24 months.
- Majority of existing identity security solutions do not cover non-employees (contractors, partners, etc.)
- Reducing cyber and compliance risks are among the most important factors when considering an identity security solution.
- All identity data within an organization needs to be unified within a singular, centralized holistic platform for better visibility and management of all identities.
- BadBox rapidly grows, 190,000 Android devices infectedPierluigi Paganini December 21, 2024 December 21, 2024Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones.
- Bitsight researchers uncovered new BADBOX infrastructure, company’s telemetry shows that over 192,000 devices were infected with the BADBOX bot.
- Most of the infected devices are in Russia, China, India, Belarus, Brazil and UkraineBitsight sinkholed a BADBOX domain, logging over 160,000 unique IPs in 24 hours, with the number tha continues to increase.
- The BadBox malware, pre-installed on devices, creates email and messaging accounts for spreading disinformation.
- Unfortunately, the BSI’s recent operation had a limited impact on BadBox operation, as the law enforcement action was limited to the country.
- Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacksPierluigi Paganini December 21, 2024 December 21, 2024Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.
- Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks.
- Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during COVID-19.
- In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.
- “NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities.
- Sophos fixed critical vulnerabilities in its Firewall productPierluigi Paganini December 20, 2024 December 20, 2024Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution.
- Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution.
- “Sophos has resolved three independent security vulnerabilities in Sophos Firewall.” reads the advisory.
- “No action is required for Sophos Firewall customers with the “Allow automatic installation of hotfixes” feature enabled on remediated versions (see Remediation section below).
- Early this month, the U.S. charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020.
- U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalogPierluigi Paganini December 20, 2024 December 20, 2024U.S.
- Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog.
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
- A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allowAn unauthenticated attacker can exploit the vulnerability to inject commands that are run as a site user.
- “All BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions contain a command injection vulnerability which can be exploited through a malicious client request.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, BeyondTrust, CISA Known Exploited Vulnerabilities catalog)
- Raccoon Infostealer operator sentenced to 60 months in prisonPierluigi Paganini December 20, 2024 December 20, 2024Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution.
- The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware.
- “Ukrainian national Mark Sokolovsky was sentenced today to 60 months in federal prison for one count of conspiracy to commit computer intrusion.” reads the DoJ’s press release.
- In October 2020, the US Justice Department charged Sokolovsky with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer.
- The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.