Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

AI Takes the Controller: Revolutionizing Computer Games

  The computer games industry has been a part of Andrew Maximov's life for 12 years and despite all of this experience, he still marvels...

All the recent news you need to know
Privacy Threats
Australian Data Breach Outabox Privacy Breach Privacy Threats

Privacy Breach Rocks Australian Nightlife as Facial Recognition System Compromised

 

A significant privacy breach has shaken up the club scene in Australia, as a facial recognition system deployed across multiple nightlife venues became the target of a cyberattack. Outabox, the Australian firm responsible for the technology, is facing intense scrutiny in the aftermath of the breach, sparking widespread concerns regarding personal data security in the era of advanced surveillance. 

Reports indicate that sensitive personal information, including facial images and biometric data, has been exposed, raising alarms among patrons and authorities. As regulators rush to assess the situation and ensure accountability, doubts arise about the effectiveness of existing safeguards against such breaches. 

Outabox has promised full cooperation with investigations but is under increasing pressure to address the breach's repercussions promptly and decisively. Initially introduced as a safety measure to monitor visitors' temperatures during the COVID-19 pandemic, Outabox's facial recognition kiosks evolved to include identifying individuals in self-exclusion programs for gambling, showcasing the company's innovative use of technology. 

However, recent developments have revealed a troubling scenario with the emergence of a website called "Have I Been Outaboxed." Claiming to be created by former Outabox employees based in the Philippines, the site alleges mishandling of over a million records, including facial biometrics, driver's licenses, and various personal identifiers. 

This revelation highlights serious concerns regarding Outabox's security and privacy practices, emphasizing the need for robust data protection measures and transparent communication with both employees and the public. Allegations on the "Have I Been Outaboxed" website suggest that the leaked data includes a trove of personal information such as facial recognition biometrics, driver's licenses, club memberships, addresses, and more. 

The severity of this breach is underscored by claims that extensive membership data from IGT, a major supplier of gaming machines, was also compromised, although IGT representatives have denied this assertion. This breach has triggered a robust reaction from privacy advocates and regulators, who are deeply concerned about the significant implications of exposing such extensive personal data. 

Beyond the immediate impact on affected individuals, the incident serves as a stark reminder of the ethical considerations surrounding the deployment of surveillance technologies. It underscores the delicate balance between security imperatives and the protection of individual privacy rights.
Read more »
USB Tactics
cyber attack Cyber Attacks Honeywell Report Industrial Cyberattack USB Tactics

Industrial Cyberattackers Reverting to USB Tactics, Says Honeywell Report

 

In a surprising turn of events, the use of removable media, particularly USB devices, has resurged as a favoured tactic among industrial cyber attackers. Honeywell's recently released "2024 USB Threat Report" sheds light on this concerning trend, emphasizing its prevalence within Operational Technology (OT) networks. 

The report reveals a clear shift in the strategies employed by threat actors, who are now bypassing sophisticated exploitation techniques and zero-day vulnerabilities in favour of leveraging old tools and bugs. Rather than relying on novel malware, attackers are exploiting the inherent capabilities of OT control systems to gain a foothold in industrial networks. 

This resurgence of USB-based attacks underscores the critical importance of robust cybersecurity measures within industrial environments. With threat actors exploiting vulnerabilities that may have been overlooked or underestimated, organizations must remain vigilant and implement comprehensive defense strategies to safeguard their OT infrastructure. 

Let's Understand Why USBs?

USBs possess a unique advantage that sets them apart from even the most cutting-edge attack methods: the ability to breach air gaps. In high-risk industries like nuclear, military, and finance, air gaps act as physical barriers between Operational Technology (OT) and Information Technology (IT) networks, ensuring no malicious activity can cross over. 

Matt Wiseman, director of OT product marketing at OPSWAT, elaborates, "Many operational facilities maintain strict air gaps. Traditional network-based attacks, such as those via email, are ineffective when OT systems are isolated from the internet. To breach such defenses, you need unconventional tactics. USBs and removable media are particularly intriguing because they're the only threat that can be carried across the air gap in your pocket." 

Additionally, in a recent report released by Mandiant, alarming details have emerged regarding two separate USB-delivered malware campaigns observed in the current year. The first campaign, dubbed 'Sogu,' has been attributed to the Chinese espionage threat group 'TEMP.HEX.' 

Meanwhile, the second campaign, named 'Snowydrive,' has been linked to UNC4698 and specifically targets oil and gas firms in Asia. Notably, Mandiant's report also references a prior incident in November 2022, where a China-nexus campaign utilized USB devices to infect entities in the Philippines with four distinct malware families. This earlier discovery serves as a precedent, highlighting the recurrence of similar tactics by cyber threat groups with geopolitical motivations.
Read more »
Vastaamo Centre
Data Breach Finland Healthcare Sensitive data Therapy Vastaamo Centre

Cyber Criminal Sentenced for Targeting Therapy Patients


In a recent legal case that has shaken Finland, cyber offender Julius Kivimäki, known online as Zeekill, has been sentenced to six years and three months behind bars for his involvement in a sophisticated cybercrime operation. The case revolves around the breach of Vastaamo, Finland's largest psychotherapy provider, where Kivimäki gained unauthorised access to sensitive patient records.

The Extent of the Breach

Kivimäki's method involved infiltrating Vastaamo's databases, compromising the privacy of thousands of therapy patients. Despite his unsuccessful attempt to extort a large sum of money from the company, he resorted to directly threatening patients with exposure to their therapy sessions unless they paid up. The repercussions of his actions were severe, with at least one suicide linked to the breach, leaving the nation in shock.

Legal Proceedings and Conviction

Throughout the trial, Kivimäki insisted on his innocence, even going as far as evading authorities and fleeing. However, the court found him guilty on all counts, emphasizing his ruthless exploitation of vulnerable individuals. The judges emphasized the significant suffering inflicted upon the victims, given Vastaamo's role as a mental health service provider.

A History of Cybercrime

Kivimäki's criminal journey began at a young age, participating in various cyber gangs notorious for causing chaos between 2009-2015. Despite being apprehended at the age of 15 and receiving a juvenile sentence, he persisted in his illicit activities, culminating in the Vastaamo breach.

How Law Enforcement Cracked the Case?

Law enforcement's efforts, combined with advanced digital forensics and cryptocurrency tracking, played a pivotal role in securing Kivimäki's conviction. His misstep led authorities to a server containing a wealth of incriminating evidence, aiding in his arrest and subsequent sentencing.

The Human Toll of Cyber Intrusion

Tiina Parikka, one of the affected patients, described the profound impact of receiving Kivimäki's threatening email, leading to a deterioration in her mental health. The breach not only compromised patients' privacy but also eroded their trust in the healthcare system.

Corporate Accountability

While Kivimäki faced legal consequences, Vastaamo's CEO, Ville Tapio, also received a suspended prison sentence for failing to protect customer data adequately. The once esteemed company suffered irreparable damage, ultimately collapsing in the aftermath of the breach.

Moving Forward 

As legal proceedings conclude, civil court cases are expected as victims seek compensation for the breach. The incident has stressed upon the vulnerability of healthcare data and the pressing need for robust cybersecurity implementation to safeguard the information of such sensitivity. After all, maintaining confidentiality is the first step towards establishing a healthy environment for patients.  

The Vastaamo case serves as a telling marker of the devastating consequences of cybercrime on individuals and businesses. In an age of advancing technology, it is essential for authorities and organisations to remain armed in combating such threats to ensure the protection of privacy and security for all.


Read more »
UAE
Data Breach Data Expose Data Leak Threat actor UAE

Hackers Claim Biggest Attack On UAE in History

Hackers Claim Biggest Attack On UAE in History

The United Arab Emirates government was the target of a significant data breach attack that has the cybersecurity industry on edge. The attacker, who goes by the username "UAE," has not been recognized. Unless a ransom of 150 bitcoins (about USD 9 million) is paid, the threat actor threatened to disclose the data from the purported UAE hack in a post on BreachForums.

Major UAE government organizations including the Executive Council of Dubai, the Federal Authority for Nuclear Regulation, the Telecommunications and Digital Government Regulatory Authority, and important government programs like Sharik.ae and WorkinUAE.ae are among the victims of the purported attack. The UAE Space Agency, Ministry of Finance, and Ministry of Health and Prevention are among the other ministries impacted.

The threat actor released a few samples, claiming to have access to personally identifiable information (PII) belonging to different government personnel. These samples included the roles, genders, and email addresses of high-ranking individuals.

Hackers exposed samples from the UAE attack

The threat actor purportedly posted screenshots of internal data from multiple prominent government agencies in the United Arab Emirates. The threat actor displayed samples of personally identifiable information (PII) including names, roles, and contact data, claiming to have obtained access to PII of high-ranking government personnel.

The threat actor's purported possession of samples raises questions about the safety of government employees and the integrity of national activities. The hacker's sudden appearance complicates the situation and raises questions about the accuracy of the statements made, but it may also point to a high-risk situation.

Such a compromise might have serious repercussions for public safety, national security, and the UAE's economic stability. The world's cybersecurity community is keeping a careful eye on the events and highlighting the necessity of a prompt and forceful government probe to determine the full scope of the hack and minimize any possible harm.

Experts advise to be cautious with UAE attacks

The hacker's sudden rise to prominence and lack of past experience or evidence of similar actions raises questions about the veracity of the claims.

There hasn't been any independent confirmation of the breach, nor have the UAE government or the impacted agencies addressed these allegations as of yet. For further details on the attacks, the Cyber Express team has gotten in touch with the Telecommunications and Digital Government Regulatory Authority (TDRA) in Dubai.

The vast number of impacted organizations and the type of purportedly stolen data point to a very sophisticated and well-planned operation, which is inconsistent with the image of a lone, inexperienced hacker.

Read more »
Tech Giant
Application Vulnerability Mobile Security Phone Alarm Social Media Tech Giant

Apple Working to Patch Alarming iPhone Issue

 

Apple claims to be working rapidly to resolve an issue that resulted in some iPhone alarms not setting off, allowing its sleeping users to have an unexpected lie-in. 

Many people rely on their phones as alarm clocks, and some oversleepers took to social media to gripe. A Tiktokker expressed dissatisfaction at setting "like five alarms" that failed to go off. 

Apple has stated that it is aware of the issue at hand, but has yet to explain what it believes is causing it or how users may avoid a late start. 

It's also unknown how many people are affected or if the issue is limited to specific iPhone models. The news was first made public by the early risers on NBC's Today Show, which sparked concerns. 

In the absence of an official solution, those who are losing sleep over the issue can try a few simple fixes. One is to prevent human error; therefore, double-check the phone's alarm settings and make sure the volume is turned up. 

Others pointed the finger at Apple designers, claiming that a flaw in the iPhones' "attention aware features" could be to blame.

When enabled, they allow an iPhone to detect whether a user is paying attention to their device and, if so, to automatically take action, such as lowering the volume of alerts, including alarms. 

According to Apple, they are compatible with the iPhone X and later, as well as the iPad Pro 11-inch and iPad Pro 12.9-inch. Some TikTok users speculated that if a slumbering user's face was oriented towards the screen of a bedside iPhone, depending on the phone's settings, the functionalities may be activated. 

Apple said it intends to resolve the issue quickly. But, until then, its time zone-spanning consumer base may need to dust off some old gear and replace TikTok with the more traditional - but trustworthy - tick-tock of an alarm clock.
Read more »
Ransomware
Citirix Account Cyber Security Cyberattacks CyberCrime CyberThreat Healthcare Hijacking Malware attacks MFA Ransomware

No MFA, No Defense: Change Healthcare Falls Victim to Citrix Account Hijacking

 


A UnitedHealth spokesperson confirmed that the black cat ransomware gang had breached Change Healthcare's network, using stolen credentials to get into the company's Citrix remote access service, which was not set up to support multi-factor authentication. It was revealed in a written statement issued by UnitedHealth's CEO Andrew Witty ahead of the hearing scheduled for tomorrow by a House Energy and Commerce subcommittee. 

This incident illustrates the significance of the healthcare giant failing to protect a critical system by failing to turn on multi-factor authentication, a consequential mistake the healthcare giant made in failing to identify the source of the intrusion into Change Healthcare's system that UnitedHealth Group previously confirmed on March 13. It is clear, according to Tom Kellerman, SVP of Cyber Strategy at Contrast Security, that UnitedHealth has shown pure negligence in this incident. 

According to the report, cybersecurity negligence resulted in systemic breaches throughout the U.S. healthcare industry. In his opinion, MFA would have likely prevented the attack chain that led to the breach, which will have long-term consequences. According to Casey Ellis, founder and chief strategy officer at Bugcrowd, the long-term effects of this massive breach will last for years. According to Ellis, at first glance, it appears that the software itself wasn't the issue that was causing the original access problem.

There was a threat of unauthorized access through remote access software without multi-factor authentication, and the credentials could have been leaked or guessed, leading to the most disruptive cyberattack on critical infrastructure in U.S. history. As a result of UnitedHealth Group's discovery and disclosure of the attack on Feb. 21, the medical claims and payment processing platform of Change Healthcare was paralyzed for more than one month, causing it to cease working completely. 

It was in late February 2024 that Optum's Change Healthcare platform was severely disrupted by a ransomware attack, resulting in a severe disruption of Optum's Change Healthcare platform. In addition to affecting a wide range of critical services used by healthcare providers all over the country, this also caused financial damages of approximately $872 million as a result of the disruption. These services included payment processing, prescription writing, and insurance claims processing. 

An exit scam was used by the BlackCat ransomware gang to steal money from UnitedHealth, which was allegedly a $22 million ransom payment made by UnitedHealth's affiliate. The affiliate claimed to still have the data shortly thereafter and partnered with RansomHub to begin an additional extortion demand by leaking stolen information in an attempt to extort the company of the affiliate. Despite recently acknowledging that it paid a ransom for people's data protection following a data breach, the healthcare organization has not released any details of the attack or who carried it. 

The company has confirmed that it paid a ransom to the hackers who claimed responsibility for a cyberattack and the subsequent theft of terabytes of data due to this cyberattack, which occurred last week. As part of their ransom demand, the hackers, known as RansomHub, threatened to post part of the stolen data to the dark web, if they did not sell the information. This is the second gang to claim theft and threaten to make money from it. 

A company that makes close to $100 billion in revenue every year, UnitedHealth said earlier this month that the company has suffered a $800 million loss due to the ransomware attack, which took place in the first quarter of 2017
Read more »
Two Factor Authentication
CrowdStrike Cyber Attacks cybercriminals Employee Data Employees IBM Identity Theft MFA phishing Two Factor Authentication

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.
Read more »
Subscribe to: Posts (Atom)