Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Rhysida ransomware gang
Cyber Security Data Leak data security Lawsuits Ransomware attack Ransomwares Rhysida Rhysida Ransomware Rhysida ransomware gang

Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant

 

In July, Columbus, Ohio, experienced a ransomware attack, which initially appeared to be a typical breach. However, the city’s unusual response sparked concern among cybersecurity experts and legal professionals. IT consultant David Leroy Ross, also known as Connor Goodwolf, uncovered a significant breach exposing sensitive data from various city databases, including arrest records, domestic violence cases, and personal information. 

This attack, carried out by the Rhysida Group, affected the city, police, and prosecutor’s office, with some databases going back to 1999. Goodwolf, whose expertise involves monitoring dark web activities, discovered that over three terabytes of data had been stolen. Among the exposed data were personal identifiable information, protected health information, and social security numbers. Goodwolf expressed particular concern over the exposure of sensitive information involving minors and domestic violence victims, emphasizing that they were now victimized a second time. 

Despite the serious implications, the city’s response appeared to downplay the breach. At a press conference in mid-August, Columbus Mayor Andrew Ginther claimed that the stolen data was encrypted or corrupted, making it largely unusable. Goodwolf, however, contradicted this statement, revealing that the data he found was intact and usable. When he attempted to notify city officials, he was met with resistance and a lack of cooperation. As a result, Goodwolf turned to the media, which led the city of Columbus to file a lawsuit and secure a temporary restraining order against him. The lawsuit, intended to prevent the further dissemination of sensitive information, raised concerns in the cybersecurity community. 

Legal experts pointed out that such lawsuits against data security researchers are uncommon and could have broader implications. Raymond Ku, a professor of law, noted that lawsuits against researchers typically arise when the disclosure of a vulnerability puts others at risk. However, cybersecurity professionals, such as Kyle Hanslovan, CEO of Huntress, argued that Goodwolf was acting as a responsible researcher. Hanslovan warned that this approach could set a dangerous precedent, silencing individuals who work to expose breaches. The city defended its actions, stating that it sought to prevent the release of confidential information, including undercover police identities. Although the restraining order expired, Columbus continues its civil lawsuit against Goodwolf, seeking up to $25,000 in damages. 

As Columbus works to recover from the attack, the broader implications of its actions toward Goodwolf remain a point of contention. Experts argue that the case highlights the need for a legal framework that balances the protection of sensitive information with the role of security researchers in revealing vulnerabilities. As Columbus strives to position itself as a tech hub, this legal battle could affect its reputation and relationships within the tech industry.
Read more »
WooCommerce
Cyber Security E-Commerce Skimming Attacks WooCommerce

E-commerce Threat: The WooCommerce Skimming Attacks

E-commerce Threat: The WooCommerce Skimming Attacks

The cybersecurity landscape advances daily and so do threats, e-commerce websites have become a main target for threat actors. In a recent incident, an advanced skimming attack on WooCommerce sites has shed light on the new methods hackers use to steal crucial data. 

The blog discusses the details of this attack, its impact, and the steps businesses can take to protect their e-commerce websites. 

Understanding the Attack

The attack, as explained by Sucuri, uses image extensions and style tags to deploy malicious code into WooCommerce websites. The technique is subtle due to its evasive nature, making it a challenge to detect it through traditional security measures:

1. Vector as Style Tags: Hackers used malicious Javascript within style tags. Style tags are generally used to explain the presentation of HTML elements, and their presence is sometimes overlooked by security scans that focus on script tags. By hiding the skimmer code in style tags, hackers successfully bypassed many security checks.

2. Image Extension Scam: The second layer of the attacks uses an image file extension to mimic a malicious script. The hackers used a fake payment overlay inside an image file, disguising as a favicon. When users interacted with the payment page, the skimmer stole their credit card info and sent it to the hackers’ server.

Impact on the e-commerce industry

This attack brings out various problems in the present state of cybersecurity threats in the e-commerce landscape:

1. Advanced Threats: Threat actors are improving their techniques, making it crucial for security measures to evolve accordingly. Using style tags and image extensions shows a new trend in the level of skimming attacks. 

2. Identifying Problems: Traditional security tools are not advanced enough to identify such sophisticated threats. This demands a more holistic approach to cybersecurity, employing advanced threat protection measures.

3. Gaining User Trust: The success of e-commerce sites depends on gaining user trust. Breaches that steal sensitive data can have long-term effects on an organization’s image and customer loyalty.

“Ultimately, this was a very well-thought-out and detailed skimming attack. There were no obviously malicious domains loading scripts on the checkout page, the footprint within the checkout page was overall quite minimal, and the main payload (in addition to the file location being concealed with some complicated character substitution) was cleverly hidden behind the website’s favicon image,” the Sucuri blog mentions.

Read more »
User Security
Chromebook Computer virus Cyber Security Data Privacy malware User Security

Here's How to Remove Malware From Your Chromebook

 

Imagine this: your Chromebook fails just before you click "Save" after spending hours working on your project. Let's imagine you want to watch a series, but it keeps crashing, making it impossible for you to get the most out of your favourite program. If these situations sound familiar to you, malware may have infected your Chromebook. 

Malware on your Chromebook can have detrimental effects, such as compromising your financial information, forcing you to lose work productivity, and compromising personal information. It is imperative that you take quick action if you think your Chromebook is infected. 

In this article, we'll walk you through the process of identifying whether your Chromebook is infected and give you the simplest method for virus removal: a reputable antivirus software. We'll also go over key precautions you should take to protect your Chromebook from future malware threats. 

Can malware infect Chromebooks ? 

As Chromebooks become more popular, fraudsters hunt for new ways to infect them and steal sensitive information for financial gain or identity theft. And, while Google's sophisticated ecosystem actively protects its users, no system is completely immune to cyber-attacks. 

Viruses, for example, are a popular sort of malware on the internet that adds malicious code to otherwise normal downloads. They are active when you download a malicious file, and they can also download and install automatically if you click on a link. Once the virus is installed on your system, it can cause damage and prevent you from using your device or network.

The positive news is that it is nearly impossible to become infected by an actual virus on Chrome OS. Because it does not enable the installation of any executable software, it is one of the most secure operating systems available today. 

The bad news is that Chromebooks are still vulnerable to some forms of malware, such as search hijackers (search redirection), malicious browser extensions, adware, spyware, phishing schemes, and downloads from unverified websites. 

Prevention tips

Chromebooks are vulnerable to several forms of malware, even though viruses rarely affect them, as mentioned above. Google recommends the following best practices to maintain a secure Chromebook experience: 

Stay updated: Keep your Chrome OS and applications up to date. Regular updates often have critical security patches. 

Use caution with extensions and apps: Read reviews and only use reliable browser extensions and apps from the Chrome Web Store or Google Play. 

Avoid phishing scams: Exercise caution while accessing suspicious websites or emails that ask for personal information. 

Consider security software: Although Chromebooks have built-in security safeguards, adding an extra layer of protection with reputable security software can provide additional peace of mind. 

As Chromebooks gain popularity as a low-cost and efficient alternative to traditional laptops, it is critical to understand their risks, particularly those related to malware. Chrome OS, with its web-based applications and regular updates, offers strong security, but it is still vulnerable to different types of malware such as search hijackers, adware, and spyware.
Read more »
NVIDIA
Big Tech Cyber Security CyberCrime Cyberhackers CyberThreat Facebook Meta NVIDIA

Big Tech Prioritizes Security with Zuckerberg at the Helm

 


Reports indicate that some of the largest tech firms are paying millions of dollars each year to safeguard the CEOs of their companies, with some companies paying more than others depending on the industry. There has been a significant increase in the costs relating to security for top executives, including the cost of monitoring at home, personal security, bodyguards, and consulting services, according to a Fortune report.

There was a lot of emphasis placed on securing high-profile CEOs, considering the risks they could incur, according to Bill Herzog, CEO of LionHeart Security Services. Even though it has been two months since Meta cut thousands of jobs on its technical teams, its employees are still feeling the consequences. 

The Facebook core app is supported by employees in many ways, from groups to messaging, and employees who have spent weeks redistributing responsibilities left behind by their departed colleagues, according to four current and former employees who were asked to remain anonymous to speak about internal issues. 

Many remaining employees are likely adjusting to new management, learning completely new roles, and - in some cases - just trying to get their heads around what is happening. The cost of security services offered by LionHeart Security Services is $60 per hour or more, which could represent an annual budget of over $1 million for two guards working full-time. 

In terms of personal security for Mark Zuckerberg, Meta has invested $23.4 million in 2023, breaking the lead among the competitors. The amount of $9.4 million is comprised of direct security costs, while a pre-tax allowance of $14 million is reserved for additional security-related expenses that may arise in the future. 

The investment by Alphabet Inc. in 2023 will amount to about $6.8 million, while Tesla Inc. has paid $2.4 million for the security services of its CEO Elon Musk, in 2023. Additionally, other technology giants, such as NVIDIA Corporation and Apple Inc. have also invested heavily to ensure the safety of their CEOs, with the two companies spending $2.2 million and $820,309, respectively, in 2023. 

In recent years, tech companies have become more aware of the importance of security for their top executives. Due to the increasing risks associated with high-profile clients, the costs of these services have increased as a result of the increase in demand. The fact that these organizations have invested significant amounts of money into security measures over the years makes it clear that they place a high level of importance on the safety of their leaders, which is reflected in their significant investments in these measures. 

The article also highlights the potential risks that are involved in leading a major tech company in today's world, due to technological advancements. Since Zuckerberg joined Meta's platforms over a decade ago, he has faced increasing scrutiny to prove he is doing what is necessary to ensure the safety of children on its platforms. Facebook's founder, Mark Zuckerberg, apologized directly to parents who have complained their children are suffering harm due to content on Meta's platforms, including Facebook and Instagram, during a recent hearing of the Senate Judiciary Committee. 

This apology came after intense questioning from lawmakers about Meta’s efforts to protect children from harmful content, including non-consensual explicit images. Despite Meta’s investments in safety measures, the company continues to face criticism for not doing enough to prevent these harms. Zuckerberg's apology reflected both an acknowledgement of these issues and his willingness to accept responsibility for them. 

However, it also highlighted the ongoing challenges Meta faces in addressing safety concerns in the future. In a multifaceted and complex answer to the question of whether Mark Zuckerberg should step down as Meta's CEO, there are many issues to consider. It is important to point out that there are high ethical concerns and controversy surrounding his conduct that have seriously compromised the public's trust in the leadership of the country. 

Meta has been well positioned for success due to his visionary approach and deep insight into the company which has greatly contributed to the success of the organization. What is important in the end is what will benefit the company's future, that is what matters in the end. However, if Zuckerberg can demonstrate that he is in fact trying to address ethical issues, as well as make the platform more transparent, and if he can prove it well and truly, then he might do well to keep the position at Meta, despite the fears that he may lose it. 

The business may require a change in leadership if these issues persist, which will lead to the restoration of trust, which will enable the business to maintain a more sustainable and ethical outlook.
Read more »
threat report
Business Security Chinese Hackers Cyber Security Mexico threat report

Here's How Criminals Are Targeting Users and Enterprises in Mexico

 

A recent Mandiant report highlighted the increasing cyber threats that Mexico is facing, including a sophisticated blend of domestic and global cybercrime that targets both individuals and businesses. 

Mexico's economy, ranked 12th largest in the world, makes it an appealing target for both financially driven hackers and cyber criminals from countries like North Korea, China, and Russia.

Since 2020, cyber espionage groups from over ten nations have been identified attempting to breach Mexican organisations. Among these, attackers affiliated with the People's Republic of China (PRC), North Korea, and Russia have been the most active, with China accounting for one-third of government-sponsored phishing activity.

Chinese actors are focussing specifically on news, education, and government organisations in Mexico; this is consistent with similar targeting strategies observed in regions where China has made large investments. 

Since the start of the war in Ukraine, North Korean outfits have focused on financial technology and cryptocurrency firms, while Russian cyber espionage activities have fallen substantially as resources have been diverted to other areas. The use of commercial spyware in Mexico is also highlighted in the report, with politicians, human rights advocates, and journalists being among the targets.

These tools are frequently sold to governments or attackers and are used to detect and exploit vulnerabilities in consumer devices. While spyware attacks only affect a few people at a time, they have significant implications for Mexico's press freedom and political integrity. 

Mandiant's report highlights a significant increase in ransomware and extortion operations in Mexico. From January 2023 to July 2024, Mexico ranked second in Latin America in terms of data leak site (DLS) listings following ransomware attacks, trailing only Brazil. LockBit, ALPHV, and 8BASE have been the most active in Mexico, concentrating on industries including manufacturing, technology, and financial services.

Threats from financial malware distribution efforts persist in Mexico, as attackers use lures related to taxes and finance to trick unsuspecting victims into downloading malicious software. UNC4984 and other groups have been seen distributing malware to Mexican banks via spoofed Mexican government websites, including the Mexican Tax Administration Service (SAT).
Read more »
US Port Security
Chinese Cranes Cyber Security Cyberattacks CyberCrime Cyberhackers CyberThreat Policy US Port Security

US Port Security Threatened by Chinese-Made Cranes, Says House Report

 


Despite its long-standing reliance on Chinese marine cranes, the U.S. is placing a national security risk over the cranes' ability to be operated remotely through built-in modems, according to a staff report released Friday by the House Select Committee on the Chinese Communist Party. 

"Hidden" and "unauthorized" modems have been found in U.S. ports, and the committee described the discovery as troubling, as U.S. ports have not requested the modems or specifically identified in legal agreements. Several cranes used at US ports may have been fitted with intelligence-gathering equipment installed by a Chinese company that could allow Beijing to spy on Americans and cripple critical infrastructure in the United States, according to a new report released by Congress. 

As a result of the Republican majority on both the House Select Committee on the Chinese Communist Party, as well as the House Homeland Security Committee, it was found that Shanghai-based ZPMC engineering company, a state-owned company, had pressured American port authorities to allow remote access to its cranes, “particularly on the West Coast” of the United States. 

Despite this, it is also possible that this access could be extended to other government entities within the People’s Republic of China, posing an additional risk because PRC national security laws mandate cooperation with state intelligence agencies, according to the report, resulting from a year-long investigation. As for the cranes in question, they are products of the Shanghai Zhenhua Heavy Industry Co., Ltd. (ZPMC), which is a Chinese state company that operates in overseas ports and is regarded as one of the leading crane manufacturers in the world. 

It is important to note that, when raising concerns about ZPMC and similar Chinese companies, the House Republicans also made the point that it was not contractually bound to prevent backdoors from being installed in their products. ZPMC and other Chinese state-owned companies are not contractually barred from installing backdoors into equipment or modifying technology in such a way that could allow unauthorized access or remote control to equipment. 

According to the report, this would enable them to compromise sensitive data or disrupt operations within the U.S. maritime sector in the future," In a statement released on Monday, lawmakers said that Chinese governments are collecting and analyzing shipping and logistics data under their country's "Going Out" strategy, which was first outlined by Chinese Premier Jiang Zemin during the 1990s. 

That strategy encompasses the construction of new ports in the Indian Ocean, as well as major infrastructure investments in Africa, and trade and commercial initiatives across the Asian continent. In their words, Congress described the policy as marking a pivotal shift in international economic dynamics, a noteworthy development. It is reported that the American Association of Port Authorities (AAPA) confirmed to The Hill on Friday that there have been no recorded security breaches of equipment at US ports because of his association. 

There has long been concern among U.S. officials about China-made products being used in critical infrastructure and other sensitive areas. There has only been an increase in tensions between the U.S. and China over Taiwan as it has become clear that the threat of a martial conflict is now very real. In an interview at the Center for Strategic and International Studies earlier this week, Rob Silvers, who oversees the Department of Homeland Security's policy division, explained that the Biden administration has made a recommendation to invest billions of dollars into cranes to counter Beijing's impact. 

Even though the U.S. and Chinese economies remain deeply intertwined, the U.S. still holds a huge amount of Chinese debt and the U.S. still holds a lot of Chinese debt. Even though Chinese products are sold in huge quantities, economic relations between the two countries have been under intense stress since the pandemic, as the supply and value chains were shut down, contributing eventually to a wave of global inflation as a result. In recent years, the U.S. policy on investment and manufacturing has shifted more towards domestic production, including in semiconductors, which has added some tailwind to the current volatility, even though many policy shops in Washington point out that the U.S. and China have a symbiotic relationship economically.
Read more »
Threat Landscape
Business Security Cyber Security Decryptor Ransomware Attackers Threat Landscape

Ransomware Actors Refused to Provide Decryptor Even After Recieving Ransom Payment

 

For C-suite executives and security leaders, learning that your organisation has been infiltrated by network attackers, critical systems have been locked down, and data has been compromised, followed by a ransom demand, could be the worst day of their professional life. 

But, as some executives recently discovered who had contracted the Hazard ransomware, things can go far worse. The decryptor that was provided in exchange for paying the ransom to unlock the encrypted files did not function. 

Security researchers did not talk to the victim organization in this case – its executives declined to be interviewed about their experience – hence the specifics remain unknown. 

Still, researchers believe that deciding that paying the criminals was the best way out of the scenario - for concerns regarding customer and employee data privacy, to bring business operations back online, to minimise reputational damage, or simply because there were no backups (oops) - was a painful decision in and of itself. But what if you pay the extortionists and still are unable to recover the files? That's excruciating. 

"Ransomware as a whole is extremely stressful for the victim," stated Mark Lance, ransomware negotiator with GuidePoint Security. "Now in this circumstance, specifically, where they've made the payment and the decryption tools don't work," the stress levels ratcheted up several notches. 

"In this, and in a lot of situations like this one, they're relying heavily on those decryption capabilities working on certain systems so that they can recover operations," Lance added. "So the stress substantially increases because they're like, 'Hey, we made this large ransom payment amount with established terms that said if we paid we're going to get access.'” 

Following their initial failure to decrypt their files, the compromised organisation acquired a new decryptor version from the hackers; however, this was also not functioning. Following a call from a third party participating in the ransomware discussions, GuidePoint attempted to contact the perpetrators' "technical support" desk but was informed that a new version of the decryptor was required on behalf of the victim. 

Whatever the reason, the organisation was unable to access the encrypted files, and the Hazard ransomware gang vanished. Eventually, GuidePoint was able to patch the decryptor binary and then brute-force 16,777,216 potential values until some critical missing bytes in the cryptographic process were discovered, resulting in a functional tool for decrypting the files. It's a good reminder, though, that paying a ransom does not ensure data recovery.
Read more »
two-factor authentication
2FA security account protection Cyber Security Malware Threats man-in-the-middle Phishing Attacks two-factor authentication

How to Protect Your Accounts from 2FA Vulnerabilities: Avoid Common Security Pitfalls

 

Securing an account with only a username and password is insufficient because these can be easily stolen, guessed, or cracked. Therefore, two-factor authentication (2FA) is recommended for securing important accounts and has been a mandatory requirement for online banking for years.

2FA requires two distinct factors to access an account, network, or application, which can be from the following categories:
  • Knowledge: Something you know, like a password or PIN.
  • Possession: Something you have, such as a smartphone or security token like a Fido2 stick.
  • Biometrics: Something you are, including fingerprints or facial recognition.
For effective security, the two factors used in 2FA should come from different categories. If more than two factors are involved, it's referred to as multi-factor authentication. While 2FA significantly enhances security, it isn't completely foolproof. Cybercriminals have developed methods to exploit vulnerabilities in 2FA systems.

1. Man-in-the-Middle Attacks: Phishing for 2FA Codes
Despite the secure connection provided by Transport Layer Security (TLS), attackers can use various techniques to intercept the communication between the user and their account, known as "man-in-the-middle" attacks. A common approach involves phishing pages, where attackers create fake websites that resemble legitimate services to trick users into revealing their login credentials. These phishing sites can capture not only usernames and passwords but also the 2FA codes, allowing attackers to access accounts in real time. This type of attack is highly time-sensitive, as the one-time passwords used in 2FA typically expire quickly. Despite the complexity, criminals often use this method to steal money directly.

2. Man-in-the-Browser Attacks: Malware as a Middleman
A variation of man-in-the-middle attacks involves malware that integrates itself into the victim’s web browser. This malicious code waits for the user to log in to services like online banking and then manipulates transactions in the background. Although the user sees the correct transfer details in their browser, the malware has altered the transaction to divert funds elsewhere. Notable examples of such malware include Carberp, Emotet, Spyeye, and Zeus.

Prevention Tip: When authorizing transactions, always verify the transfer details, such as the amount and the recipient's IBAN, which are typically sent by banks during the 2FA process.

3. Social Engineering: Tricking Users Out of Their 2FA Codes
Attackers may already have access to usernames and passwords, possibly obtained from data breaches or through malware on the victim's device. To gain the second factor needed for access, they may resort to direct contact. For instance, they may pose as bank employees, claiming to need 2FA codes to implement a new security feature. If the victim complies, they unknowingly authorize a fraudulent transaction.

Prevention Tip: Never share your 2FA codes or authorizations with anyone, even if they claim to be from your bank or another trusted service. Legitimate service representatives will never ask for such confidential information.

Understanding these threats and remaining vigilant can significantly reduce the risks associated with 2FA vulnerabilities.
Read more »
Subscribe to: Posts (Atom)