Monday, July 6

Breach Hack

The next cybersecurity headache: Employees know the rules but just don’t care
Breach Hack, Cyber Security, Free, Guide, Malware Ransomware, Phsihing Spam, Resources, Safety Security, Scams Fraud, Tools Apps Software

The next cybersecurity headache: Employees know the rules but just don’t care

Employees are still ignoring cybersecurity best practice despite being more aware of the risks. Cybersecurity has shot to the top of many IT leaders' priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice, according to new findings. Security firm Trend Micro surveyed more than 13,000 remote workers across 27 countries for its latest Head in the Clouds survey, which sought to understand individuals' attitudes towards risk in terms of cybersecurity. SEE: Mobile d...
When Security Takes a Backseat to Productivity
Breach Hack, Cyber Security, Free, Malware Ransomware, Safety Security, Tools Apps Software

When Security Takes a Backseat to Productivity

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive entities, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today. The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data...
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy
Breach Hack, Cyber Crime, Cyber Security, Free, Identity Theft, Resources, Safety Security, Scams Fraud, Tools Apps Software

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identity theft. Federal prosecutors in Pittsburgh allege that in 2013 and 2014 Johnson hacked into the Oracle PeopleSoft databases for UPMC, a $21 billion nonprofit health enterprise that includes more than 40 hospitals. According to the indictment, Johnson stole employee information on all 65...
Turn on MFA Before Crooks Do It For You
Addiction, Breach Hack, Children Teens, Cyber Security, Free, Games, Malware Ransomware, Privacy Data Protection, Safety Security, Tools Apps Software

Turn on MFA Before Crooks Do It For You

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. As a career chief privacy officer for different organizations, Dennis Dayman has tried to instill in his twin boys the importance of securing their online identities against account takeovers. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft ac...
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
Breach Hack, Cyber Crime, Cyber Security, Free, Guide, Resources, Safety Security, Tools Apps Software

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data. A partial screenshot of the BlueLeaks data cache. In a post on Twitter, DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that ...
New Charges, Sentencing in Satori IoT Botnet Conspiracy
Addiction, Breach Hack, Children Teens, Cyber Crime, Cyber Security, Drugs Alcohol, Free, Rehab, Safety Security, Sex Porn, Tools Apps Software, Treatment

New Charges, Sentencing in Satori IoT Botnet Conspiracy

The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy. Indictments unsealed by a federal court in Alaska today allege 20-year-old Aaron Sterritt from Larne, Northern Ireland, and 21-year-old Logan Shwydiuk of Saskatoon, Canada conspired to build, operate and improve their IoT crime machines over several years. Prosecutors say Sterritt, using the hacker aliases “Vamp” and “Viktor,” was the b...
Russian Cybercrime Boss Burkov Gets 9 Years
Breach Hack, Cyber Crime, Cyber Security, Identity Theft, Malware Ransomware, Safety Security, Scams Fraud

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers. As KrebsOnSecurity not...
COVID-19 ‘Breach Bubble’ Waiting to Pop?
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Safety Security, Scams Fraud, Tools Apps Software, Virus

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data. An ad for a site sell...
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Reviews, Safety Security, Scams Fraud, Tools Apps Software, Virus

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs. Months into the COVID-19 pandemic,countless large and small businesses across the globe are operating in survival mode, focused on pushing through the storm. While companies concentrate on getting through each day and week, one at a time, we would be careless not to encourage them to scrutinize the potential bad actors — specifically, nation-states — that are looking to capitalize on the weaknesses created or exposed by the pandemic. According to a security vendor Radware, by the end of 2019, over a quarter of companies had experienced a foreign government/nation-state attack. In 2018, 19% of organizations believed they were attacked by a nation-state. That f...
Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign
Addiction, Breach Hack, Cyber Security, Free, How-to Tips, Malware Ransomware, Parents Family, Privacy Data Protection, Safety Security, Senior Aging, Sex Porn, Tools Apps Software

Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign

Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.Attackers recently compromised dozens of US newspaper websites belonging to the same parent company and used the sites to distribute malicious code for downloading ransomware on networks belonging to targeted organizations across multiple sectors. Several major US organizations that were recently found infected with the malware appear to have been initially compromised when their employees visited one of the news websites, Symantec said. The security vendor last week had reported discovering "SocGholish," a JavaScript-based malware masquerading as a software update, on networks belonging to at least 31 major enterprise customers. A Russia-based group called E...