Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Data. Show all posts
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
Healthcare
Ascension Cyber Attacks Financial Data Healthcare

New Finds from The June Ascension Hack




Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room for hackers into their network exposing patient information, among others.


During the past months, the healthcare system has worked with experts in cybersecurity to analyze how the breach affected them and the amount of patient and employee data that was taken. Since the investigation has been concluded, Ascension has informed the public regarding the data stolen and measures undertaken to safeguard the victims.

The investigation established that several kinds of personal information were accessed during the breach. Though the specifics vary for each individual, the leaked information may include:  

  • Medical Records: Medical record numbers, service dates, types of lab tests, and procedure codes.  
  • Financial Data: Credit card numbers, bank account information, and insurance details such as Medicaid and Medicare IDs.
  • Government Identifications: Social Security numbers and other governmental IDs. 

Ascension has come out to clarify that their main Electronic Health Records, which hold extensive patient's medical histories, were unaffected. This means that those operations that are considered most core in healthcare, such as viewing patient records and prescribing drug therapies, remain safe and unimpeded.


How Ascension is Reacting

To make amends for the breach, Ascension is offering free credit monitoring and identity protection services to anyone affected. Those affected will be sent formal notification letters within the next two to three weeks, which will detail step-by-step instructions to enroll in protection services so those affected may protect themselves from potential misuse of their data.

The credit monitoring service will be offered for two years and can be used to track suspicious activity regarding an individual's personal information. Ascension also informed those who had already enrolled in protection services after the initial breach that they could continue coverage without any interruption.


If you receive a notification, enrolling in the complimentary identity protection services is crucial. For assistance, you can visit Ascension’s website or contact their support line at (866) 724-3233 during business hours.  

Additionally, Ascension advises practicing general security measures, such as monitoring bank statements and staying alert for unusual activity. These steps can help minimize potential risks.

Ascension acknowledged the hurdle caused by the cyberattack and gave thanks to its patients, employees, and clinicians for their continued support. The organization highlighted its ability to persevere with such a team, and it assured the community that utmost care will be taken in protecting the information of its patients in the future.




Read more »
iPhones
AirDrop Apple Pay Cyber Security Financial Data iPhones

Debunking the Viral TikTok Myth: Apple Pay and AirDrop Security




Recent viral TikTok videos have raised unnecessary alarm among iPhone users by claiming that hackers can steal financial information from Apple Pay via AirDrop. According to these videos, simply having AirDrop enabled would allow a nearby stranger to gain access to sensitive credit card information. However, cybersecurity experts have thoroughly debunked these claims, confirming that they are baseless and entirely unfounded.

The central rumor suggests that if AirDrop is active on an iPhone, a hacker could exploit it to perform a so-called "walk-by hack," thereby gaining unauthorized access to financial data through Apple Pay. Viewers were urged to disable AirDrop to protect themselves from this imagined threat. Despite the buzz, experts, including reports by Apple Insider, have dismissed these claims as misinformation, emphasizing that AirDrop and Apple Pay function independently and cannot interact in the manner described.

AirDrop does not facilitate automatic data transfers, as it requires the recipient to manually accept incoming files. Additionally, the "Everyone" mode is only active for 10 minutes unless reactivated, with most users defaulting to "Contacts Only" or "Off" settings. Similarly, Apple Pay uses advanced encryption and secure technology that makes such a breach impossible. Each card added to Apple Pay generates a unique Device Account Number stored securely within the Secure Element—a tamper-proof chip designed to keep sensitive data isolated from the operating system. Transactions are further protected by biometric authentication like Face ID or Touch ID, along with dynamic security codes, ensuring card details are never reused or exposed.

The confusion surrounding this claim may stem from the introduction of Apple’s **NameDrop** feature in 2023. NameDrop allows users to exchange contact details by bringing two iPhones close together, but this feature only shares basic contact information—not financial data. While this new functionality may have caused some misunderstanding, there is no connection between NameDrop, AirDrop, or Apple Pay’s secure payment system.

Although the viral claims are false, users are encouraged to follow basic smartphone security practices to safeguard their devices. For instance, turning AirDrop off when not needed can reduce exposure to unwanted file sharing. It is also important to rely on trusted sources for information regarding potential security risks instead of viral social media posts. These steps, combined with Apple Pay’s robust security infrastructure, provide comprehensive protection for users’ financial information.

This incident underscores the importance of critically evaluating viral content before sharing it. Spreading unverified rumours can lead to unnecessary panic, despite the lack of credible evidence supporting such claims. Users can rest assured that Apple Pay remains one of the safest payment methods, supported by encryption, biometric authentication, and secure design principles.

Read more »
Personal Data Breach
Cybernews Data Breach Data Leak Financial Data healthcare data breach Healthcare Industry Personal Data Breach

Data Breach at Datavant Exposes Thousands of Minors to Cyber Threats

 

While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive information of thousands of minors. This incident highlights the vulnerabilities of even the youngest members of society in today's digital age.

The Datavant Breach: A Timeline of Events

The breach occurred in May following a phishing attack targeting Datavant employees. Hackers sent deceptive emails to trick employees into revealing their login credentials—a tactic relying on human error rather than exploiting technical vulnerabilities. While most employees recognized the phishing attempt, a few fell victim, granting attackers unauthorized access to one of the company’s email accounts.

An investigation revealed that between May 8 and 9, the attackers accessed sensitive data stored in the compromised inbox. Over 11,000 minors were affected, with stolen information including:

  • Names and contact details
  • Social Security numbers
  • Financial account details
  • Driver’s licenses and passports
  • Health information

Implications of the Breach

The stolen data poses severe risks, particularly identity theft and targeted scams. Among these, medical identity theft is particularly alarming. Hackers can use health data to file fraudulent insurance claims or manipulate medical records, which may disrupt access to healthcare services and create significant financial and administrative challenges for victims.

Unlike standard identity theft, medical identity theft carries unique dangers, such as incorrect medical information being added to a person’s records. This could lead to inappropriate treatments or delayed care, further complicating the recovery process for affected families.

Datavant’s Response

In response to the breach, Datavant has implemented additional security measures, including:

  • Strengthened cybersecurity protocols
  • Enhanced employee training on phishing awareness

While these steps aim to prevent future incidents, the emotional and financial toll on affected families remains substantial. For many, the breach represents a loss of security that is not easily restored.

Protecting Affected Families

Families impacted by the breach are advised to take proactive measures to safeguard their children’s identities, including:

  • Monitoring credit reports regularly
  • Freezing their child’s credit if necessary
  • Remaining vigilant against phishing attempts and unusual account activity

Lessons from the Breach

The Datavant breach is a stark reminder of the evolving tactics used by cybercriminals and the devastating consequences of compromised data. Organizations handling sensitive information, particularly data about children, must prioritize cybersecurity practices and invest in training to mitigate risks. For individuals, heightened awareness and vigilance are crucial defenses against potential threats.

Conclusion

As cyberattacks become increasingly sophisticated, incidents like the Datavant breach underscore the importance of robust security measures and proactive steps to protect sensitive information. The digital age brings immense benefits, but it also demands constant vigilance to ensure the safety of personal data—especially when it comes to protecting our youngest and most vulnerable populations.

Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
Rhadamanthys malware
AI CAPTCHA cryptocurrency wallet Financial Data malware Rhadamanthys malware

AI-Powered Malware Targets Crypto Wallets with Image Scans

 



A new variant of the Rhadamanthys information stealer malware has been identified, which now poses a further threat to cryptocurrency users by adding AI to seed phrase recognition. The bad guys behind the malware were not enough in themselves, but when added into this malware came another functionality that includes optical character recognition or OCR scans for images and seed phrase recognition-the total key information needed to access cryptocurrency wallets.

According to Recorded Future's Insikt Group, Rhadamanthys malware now can scan for seed phrase images stored inside of infected devices in order to extract this information and yet further exploitation.

So, basically this means their wallets may now get hacked through this malware because their seed phrases are stored as images and not as text.


Evolution of Rhadamanthys

First discovered in 2022, Rhadamanthys has proven to be one of the most dangerous information-stealing malware available today that works under the MaaS model. It is a type of service allowing cyber criminals to rent their malware to other cyber criminals for a subscription fee of around $250 per month. The malware lets the attackers steal really sensitive information, including system details, credentials, browser passwords, and cryptocurrency wallet data.

The malware author, known as "kingcrete," continues to publish new versions through Telegram and Jabber despite the ban on underground forums like Exploit and XSS, in which mainly users from Russia and the former Soviet Union were targeted.

The last one, Rhadamanthys 0.7.0, which was published in June 2024, is a big improvement from the structural point of view. The malware is now equipped with AI-powered recognition of cryptocurrency wallet seed phrases by image. This has made the malware look like a very effective tool in the hands of hackers. Client and server-side frameworks were fully rewritten, making them fast and stable. Additionally, the malware now has the strength of 30 wallet-cracking algorithms and enhanced capabilities of extracting information from PDF and saved phrases.

Rhadamanthys also has a plugin system allowing it to further enhance its operations through keylogging ability, cryptocurrency clipping ability- wallet address alteration, and reverse proxy setups. The foregoing tools make it flexible for hackers to snoop for secrets in a stealthy manner.


Higher Risks for Crypto Users in Term of Security

Rhadamanthys is a crucial threat for anyone involved with cryptocurrencies, as the attackers are targeting wallet information stored in browsers, PDFs, and images. The worrying attack with AI at extracting seed phrases from images indicates attackers are always inventing ways to conquer security measures.

This evolution demands better security practices at the individual and organization level, particularly with regards to cryptocurrencies. Even for simple practices, like never storing sensitive data within an image or some other file without proper security, would have prevented this malware from happening.


Broader Implications and Related Threats

Rhdimanthys' evolving development is part of a larger evolutionary progress in malware evolution. Some other related kinds of stealer malware, such as Lumma and WhiteSnake, have also released updates recently that would further provide additional functionalities in extracting sensitive information. For instance, the Lumma stealer bypasses new security features implemented in newly designed browsers, whereas WhiteSnake stealer has been updated to obtain credit card information stored within web browsers.

These persistent updates on stealer malware are a reflection of the fact that cyber threats are becoming more mature. Also, other attacks, such as the ClickFix campaign, are deceiving users into running malicious code masqueraded as CAPTCHA verification systems.

With cybercrime operatives becoming more sophisticated and their tools being perfected day by day, there has never been such a challenge for online security. The user needs to be on the alert while getting to know what threats have risen in cyberspace to prevent misuse of personal and financial data.


Read more »
Mastercard
AI cybersecurity Credit Card Fraud Credit Card hack Cyber Attacks Financial Data Financial Scam Financial Security Mastercard

Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts

 

Credit card fraud is a growing issue, with over 60% of cardholders experiencing attempted fraud in 2023. The use of AI by cybercriminals has dramatically increased, allowing them to open hundreds of accounts daily. Global losses from card fraud reached $33 billion in 2022, with the U.S. accounting for 40% of these losses. 

Although AI is part of the problem, it is also crucial to the solution. Companies like Visa and Mastercard are using AI to enhance their fraud detection systems, reducing false alerts while improving accuracy. Beyond traditional credit card fraud, criminals are now focusing on stealing other types of personal data, such as social security numbers, to commit more sophisticated financial crimes. This shift highlights the importance of comprehensive fraud prevention systems that account for more than just card theft. 

The decrease in false credit card purchases, down 5.4% from 2023, reflects improvements in fraud detection, with Mastercard noting a 20% increase in fraud detection accuracy thanks to AI technology. To minimize the risk of fraud, consumers should adopt strong security measures such as two-factor authentication, biometric passcodes, and password managers. Shopping on reputable sites and using secure payment methods like tap-to-pay can also help reduce exposure to fraudulent activity. Monitoring services and setting personalized fraud alert thresholds can ensure that consumers are notified only when necessary, cutting down on false alerts. 

One key trigger for fraud alerts is changes in shopping behavior, such as buying high-ticket items or frequent purchases from new vendors. These patterns raise red flags, prompting card companies to issue alerts or block transactions. To avoid these issues, consumers can notify their card companies of upcoming travel or large purchases in advance, helping to reduce false fraud alerts. Despite the inconvenience of fraud alerts, they are essential in preventing unauthorized transactions. Consumers are encouraged not to ignore these alerts, even if they seem excessive. 

Experts like Satish Lalchand emphasize the importance of vigilance, as fraud is expected to remain a significant threat. Properly understanding fraud alerts and securing personal data is crucial in staying one step ahead of cybercriminals. To further protect against fraud, individuals should avoid using public Wi-Fi for online transactions and consider freezing their credit to limit unauthorized access. Regularly monitoring credit reports and financial accounts for unusual activity is also essential. Using secure mobile payment methods like tap-to-pay or mobile wallet apps adds an extra layer of protection. 

Financial institutions are continuing to enhance their fraud detection systems, and consumers must take proactive steps to stay vigilant. This combination of personal responsibility and advanced security measures can significantly reduce the chances of falling victim to fraud.
Read more »
Vulnerability management
Cyber Security Ethical Hacker Financial Data Threat Landscape Vulnerability management

The Vital Role of Ethical Hacking in Cyber Security

 

The possibility of cyber attacks is a major issue, with the global average cost of a data breach expected to reach $4.45 million in 2023, a 15% increase over the previous three years, according to an IBM analysis. This stark figure highlights the growing financial and reputational threats companies face, emphasising the importance of ethical hacking in an increasingly interconnected world. 

Ethical hackers are the first line of defence, utilising their knowledge to replicate cyber attacks under controlled conditions. These individuals play an important role in averting potentially disastrous data breaches, financial loss, and reputational harm caused by cyber attacks by proactively fixing security vulnerabilities before they are exploited. 

This article explores the importance of ethical hacking, the tactics used by ethical hackers, and how to pursue a career in this vital sector of cyber security. 

What is ethical hacking? 

Ethical hacking, commonly referred to as penetration testing or white-hat hacking, is a technique for testing computer systems, networks, or online applications for security flaws. Unlike criminal hackers, who attempt to make money from vulnerabilities, ethical hackers utilise their expertise to uncover and patch them before they are exploited. 

They utilise their expertise with authorization, hoping to improve security posture before a real hacker exploits vulnerabilities. This preemptive strike against possible breaches is an important part of modern cyber security tactics and a technique of protecting against the most dangerous cyber security threats. Ethical hacking adheres to a fixed code of ethics and legal restrictions. 

Ethical hackers must have clear permission to explore systems and ensure that their actions do not stray into illegal territory. Respect for privacy, data integrity, and the lawful exploitation of uncovered vulnerabilities is critical. 

Methodologies of Ethical Hacking 

Ethical hackers employ a variety of methodologies to assess the security of information systems. These include: 

Risk assessment: Scanning systems and networks to identify known vulnerabilities. 

Penetration testing: Simulating cyber attacks to evaluate the effectiveness of security measures. 

Social engineering: Testing the human element of security through phishing simulations and other tactics. 

Security auditing: Examining the adherence of systems and policies to security standards and best practices. 

Process of ethical hacking

Step 1: Reconnaissance - The ethical hacker collects as much information about the target system or network as possible utilising techniques such as WHOIS databases, search engines, and social media to obtain publically available information. 
 
Step 2: Scanning – They look for live hosts, open ports, services running on those hosts, and vulnerabilities connected with them. Nmap may be used to scan ports, while Nessus or OpenVAS can be used to check for vulnerabilities that can be exploited. 

Step 3: Gaining Access – They use the identified vulnerabilities to gain unauthorised access to the system or network. Metasploit is commonly used to exploit vulnerabilities. Other tools include SQL injection tools for database attacks, as well as password cracking programmes such as John the Ripper or Hydra. 

Step 4: Maintaining Access – Ensure continued access to the target for further exploration and analysis without being detected. Tools like backdoors and trojans are used to maintain access, while ensuring to operate stealthily to avoid detection by security systems.

Step 5: Covering Tracks – Delete evidence of the hacking process to avoid detection by system administrators or security software. Log tampering and the use of tools to clear or modify entries in system logs. Tools such as CCleaner can also be used to erase footprints.
Read more »
Technology
AI technology Financial Data Microsoft Microsoft Copilot Technology

Microsoft Copilot for Finance: Transforming Financial Workflows with AI Precision

 

In a groundbreaking move, Microsoft has unveiled the public preview for Microsoft Copilot for Finance, a specialized AI assistant catering to the unique needs of finance professionals. This revolutionary AI-powered tool not only automates tedious data tasks but also assists finance teams in navigating the ever-expanding pool of financial data efficiently. 

Microsoft’s Corporate Vice President of Business Applications Marketing, highlighted the significance of Copilot for Finance, emphasizing that despite the popularity of Enterprise Resource Planning (ERP) systems, Excel remains the go-to platform for many finance professionals. Copilot for Finance is strategically designed to leverage the Excel calculation engine and ERP data, streamlining tasks and enhancing efficiency for finance teams. 

Building upon the foundation laid by Microsoft's Copilot technology released last year, Copilot for Finance takes a leap forward by integrating seamlessly with Microsoft 365 apps like Excel and Outlook. This powerful AI assistant focuses on three critical finance scenarios: audits, collections, and variance analysis. Charles Lamanna, Microsoft’s Corporate Vice President of Business Applications & Platforms, explained that Copilot for Finance represents a paradigm shift in the development of AI assistants. 

Unlike its predecessor, Copilot for Finance is finely tuned to understand the nuances of finance roles, offering targeted recommendations within the Excel environment. The specialization of Copilot for Finance sets it apart from the general Copilot assistant, as it caters specifically to the needs of finance professionals. This focused approach allows the AI assistant to pull data from financial systems, analyze variances, automate collections workflows, and assist with audits—all without requiring users to leave the Excel application. 

Microsoft's strategic move towards role-based AI reflects a broader initiative to gain a competitive edge over rivals. Copilot for Finance has the potential to accelerate impact and reduce financial operation costs for finance professionals across organizations of all sizes. By enabling interoperability between Microsoft 365 and existing data sources, Microsoft aims to provide customers with seamless access to business data in their everyday applications. 

Despite promising significant efficiency gains, the introduction of AI-driven systems like Copilot for Finance raises valid concerns around data privacy, security, and compliance. Microsoft assures users that they have implemented measures to address these concerns, such as leveraging data access permissions and avoiding direct training of models on customer data. 

As Copilot for Finance moves into general availability later this year, Microsoft faces the challenge of maintaining data governance measures while expanding the AI assistant's capabilities. The summer launch target for general availability, as suggested by members of the Copilot for Finance launch team, underscores the urgency and anticipation surrounding this transformative AI tool. 

With over 100,000 organizations already benefiting from Copilot, the rapid adoption of Copilot for Finance could usher in a new era of AI in the enterprise. Microsoft's commitment to refining data governance and addressing user feedback will be pivotal in ensuring the success and competitiveness of Copilot for Finance in the dynamic landscape of AI-powered financial assistance.
Read more »
User Privacy
Cyber Fraud Financial Data KYC Scam RBI Threat Landscape User Privacy

RBI Issues Warning Against Scam Via KYC trick

 

On February 2, 2024, the Reserve Bank of India (RBI) reiterated its prior warning to the public, offering further suggestions in response to a rising tide of scams involving Know Your Customer (KYC) updates. RBI amplified the cautionary tips issued earlier to the public on September 13, 2021, citing continuing incidents/reports of consumers falling victim to scams being perpetrated in the name of KYC updation. 

Modus operandi 

Customers typically receive unsolicited calls, texts, or emails requesting personal information, account or login credentials, or the installation of unapproved apps via links in the message. 

Frequently, the messages intentionally instil a false feeling of urgency by threatening to freeze or close the customer's account if they don't cooperate. Customers provide fraudsters unauthorised access to their accounts and enable them to commit fraudulent operations when they divulge critical private details or login credentials. 

Quick reporting 

The Reserve Bank of India (RBI) advised victims of financial cyber fraud to report the incident right away on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or by calling the cybercrime hotline in 1930. 

Preventive measures 

To prevent people from becoming victims of KYC fraud, the RBI published a list of dos and don'ts. Critical data such as card details, PINs, passwords, OTPs, and account login credentials should never be shared with third parties, the RBI cautions the public. 

Individuals are also advised not to click on dubious or unverified links they receive via email or mobile devices, nor share KYC documents with unrecognised or unknown parties. "Do not share any sensitive information through unverified/unauthorised websites or applications," the central bank advised.

For confirmation and help, get in touch with the bank or financial institution immediately when you get a request for KYC updates. Get phone numbers for customer service or contact information exclusively from the official website or other sources. Report any incidents of cyber fraud to the bank right away. Ask the bank about the possible ways to update your KYC information.
Read more »
TransUnion
Data Breach Financial Data hack N4ughtySecTU Group Personal Data Ransomware Groups SABRIC South Africa data breach TransUnion

Hackers Threaten to Leak South Africa’s Private Financial Data, Demand R1.1 Billion Ransom


In a recent cyber threat, hackers have threatened to release all of South Africa’s private financial data unless TransUnion and Experian, the two biggest consumer credit reporting companies in the country, agree to pay ransom of R1.1 billion.  

The companies – TransUnion and Experian – were the ones that were hit by the cybercrime attack. 

According to Times Live, the hackers, the Brazil-based N4ughtySecTU Group, who had previously breached TransUnion's security and firewalls, claimed to have successfully evaded the safeguards of the company once again, following which they stole the data.  

Apparently, the hackers have demanded $30m [about R565m] from TransUnion and $30m from Experian.

The hackers, in a message sent to the managers and directors of the impacted companies, stated: “Ensure your response teams contact us on Session [a private communication platform] for payment instructions.”

While acknowledging the demands, TransUnion and Experian refuted the group's allegations of an ongoing hack on their systems.

“Following recent media coverage, TransUnion South Africa confirms it is aware of a financial demand from a threat actor asserting they have accessed TransUnion South Africa’s data. We have found no evidence that our systems have been inappropriately accessed or that any data has been exfiltrated,” TransUnion said.

“We’ve likewise seen no change to our operations and systems in South Africa related in any way to this claim. We are continuing to monitor closely. We treat matters regarding our information security seriously, and data security remains our top priority,” they continued. 

Not the First Attempt to Hack

Previously, in March 2022, N4ughtysecTU claimed responsibility for targeting TransUnion in their ransomware campaign. 

TransUnion South Africa later confirmed the hack, confirming that at least 3 million individuals were affected.  

Apparently, the threat actors gained access to the personal data of over 54 million people, which included information about their dates of birth, ID numbers, gender, marital status, and other sensitive facts. 

Experian also suffered a data breach in August 2020, reported by the South African Banking Risk Centre (SABRIC). The data breach compromised the personal information of around 24 million individuals and several business entities to a fraudster. 

Karabo Phungula, an Experian data fraudster, was given a 15-year prison sentence in March by the Specialized Commercial Crimes Court for obtaining the dataset under false pretence.   

Read more »
Ransomware attack
Australian Government Critical Data Cyber Security Financial Data Malicious actor Payment Ransomware attack

Australia's Cyber Strategy: No Ransomware Payment Ban

Australia has recently unveiled its new Cyber Security Strategy for 2023-2030, and amidst the comprehensive plan, one notable aspect stands out – the absence of a ban on ransomware payments. In a world grappling with increasing cyber threats, this decision has sparked discussions about the efficacy of such a strategy and its potential implications.

The strategy, detailed by the Australian government, outlines a sweeping resilience plan aimed at bolstering the nation's defenses against cyber threats. However, the decision not to ban ransomware payments raises eyebrows and prompts a closer examination of the government's rationale.

According to reports, the Australian government aims to adopt a pragmatic approach to ransomware, acknowledging the complex nature of these attacks. Instead of an outright ban, the strategy focuses on improving cybersecurity, enhancing incident response capabilities, and fostering collaboration between government agencies, businesses, and the wider community.

Critics argue that allowing ransom payments may incentivize cybercriminals, fueling a vicious cycle of attacks. The concern is that paying ransoms may encourage hackers to continue their activities, targeting organizations with the expectation of financial gain. In contrast, proponents of the strategy contend that banning payments may leave victims with limited options, especially in cases where critical data is at stake.

Australia's decision aligns with a growing trend in some parts of the world where governments are grappling with finding a balance between protecting national security and providing victims with avenues for recovery. The approach reflects an understanding that rigid and one-size-fits-all policies may not be effective in the ever-evolving landscape of cyber threats.

The new Cyber Security Strategy also emphasizes the importance of international cooperation to combat cyber threats. Australia aims to actively engage with international partners to share threat intelligence, collaborate on investigations, and collectively strengthen global cybersecurity.

Australia's experiment with a more nuanced approach to ransomware payments is being watched by the whole world, and the results will probably have an impact on how other countries formulate their cybersecurity laws. The continuous fight against cyber dangers will depend on finding the ideal balance between deterring illegal activity and helping victims.

In contrast to other nations that have taken more restrictive measures, Australia has decided not to outlaw ransomware payments in its new Cyber Security Strategy. In light of the always-changing cybersecurity landscapes, it underscores the significance of a comprehensive, cooperative, and flexible approach and demonstrates a practical recognition of the difficulties presented by cyber attacks. The future course of international cybersecurity regulations will surely be influenced by this strategy's success.

Read more »
Wall Street Market
China Data Breach Financial Data Financial Sector ICBC cyberattack Ransomware Attacks. servers Threat actor Wall Street Market

Ransomware Shakes ICBC: Global Financial Markets on High Alert

In a startling turn of events, Wall Street was rocked by a devastating ransomware attack that affected China's Industrial and Commercial Bank of China (ICBC), the country's biggest lender. The attack disrupted trade and brought attention to the growing threat of cybercrime in the financial sector.

The attack, which targeted ICBC, was not only a significant blow to the bank but also had far-reaching implications on the global financial landscape. Wall Street, closely intertwined with international markets, experienced a temporary halt in trade as the news of the cyber assault reverberated across financial news outlets.

The ransomware attack on ICBC serves as a stark reminder of the vulnerability of even the most robust financial institutions to sophisticated cyber threats. The attackers, exploiting weaknesses in ICBC's cybersecurity infrastructure, managed to compromise critical systems, causing widespread disruptions and raising concerns about the broader implications for the global financial ecosystem.

As information about the attack unfolded, reports indicated that ICBC struggled to contain the breach promptly. The incident prompted regulatory bodies and financial institutions worldwide to reevaluate their cybersecurity measures, recognizing the urgent need for robust defenses against evolving cyber threats.

The consequences of such attacks extend beyond financial disruptions. They underscore the importance of collaborative efforts among nations and private enterprises to strengthen global cybersecurity frameworks. The interconnected nature of the modern financial system demands a united front against cyber threats, with a focus on information sharing, technological innovation, and proactive defense strategies.

In the aftermath of the ICBC attack, financial markets witnessed increased scrutiny from regulators, urging institutions to fortify their cybersecurity postures. This incident serves as a wake-up call for the industry, emphasizing the need for continuous investment in cybersecurity measures, employee training, and the adoption of cutting-edge technologies to stay ahead of evolving threats.

The broader implications of the ICBC ransomware attack are not limited to the financial sector alone. They underscore the need for a collective and proactive approach to cybersecurity across industries, as cyber threats continue to grow in scale and sophistication. As nations and businesses grapple with the aftermath of this attack, it becomes increasingly evident that cybersecurity is a shared responsibility that transcends borders and industries.

Read more »
Skimmer
ATM Bank Credentials Card Skimming Credit Card Cyber Security Financial Data Financial Security Phishing Attacks Skimmer

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Read more »
Unauthorized access
Data Breach Encryption Financial Data Firewalls Healthcare Healthcare Data Identity Theft Sensitive Information Unauthorized access

McLaren Health Data Breach

McLaren Health Care, a major healthcare provider, was hit by a ransomware attack. This type of cyberattack encrypts a victim's data and demands a ransom to decrypt it. The hackers stole sensitive patient data and threatened to release it if McLaren didn't pay them. This incident highlights the need for strong cybersecurity measures in the healthcare industry.

Residents received messages from McLaren Health Care on October 6, 2023, alerting them to the cyber threat that had put patient data confidentiality at risk. This incident serves as a sobering reminder of the growing cyber threats facing healthcare organizations around the world.

Ransomware attacks involve cybercriminals encrypting an organization's data and demanding a ransom for its release. In this case, McLaren Health Care's patient data is at stake. The attackers aim to exploit the highly sensitive nature of healthcare information, which includes medical histories, personal identification details, and potentially even financial data.

The implications of this breach are far-reaching. Patient trust, a cornerstone of healthcare, is at risk. Individuals rely on healthcare providers to safeguard their private information, and breaches like this erode that trust. Furthermore, the exposure of personal medical records can have severe consequences for individuals, leading to identity theft, insurance fraud, and emotional distress.

This incident emphasizes the urgency for healthcare organizations to invest in state-of-the-art cybersecurity measures. Robust firewalls, up-to-date antivirus software, regular security audits, and employee training are just a few of the essential components of a comprehensive cybersecurity strategy.

Additionally, there should be a renewed emphasis on data encryption and secure communication channels within the healthcare industry. This not only protects patient information but also ensures that in the event of a breach, the data remains unintelligible to unauthorized parties.

Regulatory bodies and governments must also play a role in strengthening cybersecurity in the healthcare sector. Strict compliance standards and hefty penalties for negligence can serve as powerful deterrents against lax security practices.

As McLaren Health Care grapples with the aftermath of this attack, it serves as a powerful warning to all healthcare providers. The threat of cyberattacks is real and pervasive, and the consequences of a breach can be devastating. It is imperative that the industry acts collectively to fortify its defenses and safeguard the trust of patients worldwide. The time to prioritize cybersecurity in healthcare is now.


Read more »
Software
Data Encrypting Malware Decryption Key Digital threats Encryption Financial Data Malicious actor malware Protocols Ransomware Attacks. Software

Key Group Ransomware: Free Decryptor Released

A free decryptor to tackle the infamous Key Group ransomware has been launched, making a huge contribution to the fight against cybercrime. This finding represents a win for cybersecurity professionals and victims alike, offering some hope to those who have been affected by this harmful program.

The ransomware known as Key Group has been making news for all the wrong reasons by encrypting data and demanding large ransom payments from victims. However, a recent development has provided some solace. Organizations and security professionals have teamed up to create a decryptor that can free users from the grip of this digital threat.

The Key Group ransomware, like many others of its kind, infiltrates computer systems, encrypts data, and demands a ransom for the decryption key. These attacks have wreaked havoc on individuals and organizations, causing data loss and financial distress. Victims were left with two grim choices: pay the ransom and hope for a decryption key, or suffer the loss of valuable data.

The release of this free decryptor is a game-changer in the battle against cybercriminals. It allows victims to regain access to their data without succumbing to the demands of the attackers. This development underscores the importance of collaboration within the cybersecurity community. Researchers, analysts, and organizations came together to reverse-engineer the ransomware and develop a tool capable of undoing its malicious work.

Notably, this free decryptor is a testament to the relentless efforts of cybersecurity professionals who work tirelessly to protect individuals and businesses from the perils of the digital world. Their commitment to innovation and the pursuit of solutions to emerging threats is commendable.

While the release of a free decryptor is undoubtedly a significant step forward, it should also serve as a reminder of the importance of proactive cybersecurity measures. Prevention is often the best defense against ransomware attacks. Regularly updating software, implementing robust security protocols, and educating users about phishing and malware are crucial steps in reducing the risk of falling victim to such attacks.


Read more »
Security
Carding Credit Card Cyber Fraud Data Financial Data Fraud Safety Security

Carding: What is it and how can you Safeguard Yourself ?

 

Carding has attracted a lot of attention recently, but not everyone understands what it includes. Carding is a type of credit card fraud that occurs when a stolen bank card is used to make purchases. It is a criminal act that affects both consumers and merchants. So, what exactly is carding, how do cybercriminals do it, and what are the risks? 

Carding is the illegal acquisition of goods or services through the use of another person's credit card information. This can be accomplished by stealing someone's credit card information or purchasing stolen financial data on the internet. Cybercriminals target online stores because they can purchase goods like electronics and other high-value items anonymously.

In some cases, criminals may sell or exchange stolen credit card information with others in underground forums. However apart from that, since such transactions are difficult to track, many cybercriminals buy gift cards or other types of prepaid cards. 

Many malicious hackers buy items with stolen cards and then sell them for a lower price for cash, earning money illegally. The main danger of carding is identity theft, as criminals can use stolen credit card information to buy items with someone else's money. If a credit card is used fraudulently and the user is unaware, financial losses or even criminal charges may result. 

Carding is carried out in a variety of ways by lawbreakers. They can use a variety of software tools to scan and find vulnerable websites, as well as brute-force password, cracking. Here are some other popular methods of carding used by cybercriminals:

  • Phishing: One of the most common methods is "phishing," in which criminals send emails or messages posing as legitimate companies and requesting credit card information.
  • Skimming: Skimmers, which are devices attached to ATMs and card readers, can also be used by criminals. Without the user's knowledge, the device collects credit card information.
  • PoS Malware: PoS malware is a type of malicious software that is designed to steal credit card information from retail stores and restaurants. This is a more advanced method of carding because it necessitates specialised knowledge and resources.
  • Zero-day vulnerabilities: Some criminals also use zero-day vulnerabilities, which are security flaws in software applications and operating systems that vendors have not yet discovered. To gain access to private data stored in databases, zero-day vulnerabilities can be exploited.
What is the process of carding?

Carding is usually implemented in the following steps.

Step 1: Card information has been stolen.
The first step in carding is to obtain credit card information. This can be accomplished through one of the aforementioned methods, such as phishing, skimming, and so on.

Step 2: Card information is validated.
Once the credit card information has been obtained, it must be verified to ensure that it is valid. Criminals typically carry out this step by making a small purchase on one or more websites and then watching to see if it is successful. It could be as little as $1, for example.

Step 3: Card information is used for purchases.
Criminals are now using substantiated card details to buy products or services from various websites. This enables them to profit by reselling the purchased items for cash (or they might just enjoy the products themselves).

Step 4: The transfer of funds
Finally, criminals transfer their illegally obtained cash using money laundering methods. They might also sell stolen credit card information on underground forums and dark web markets.

How to guard against carding attacks?

The best way to avoid carding is to take preventive measures and be cautious when using or sharing your credit card information.

The most obvious piece of advice is to be cautious with your information. Don't give out your credit card information to anyone, and be especially cautious when providing it online, as criminals may use phishing techniques to gain access to your information. Check your credit card statements on a regular basis to ensure that all transactions are legitimate. If you notice any suspicious activity, contact your bank right away. Use strong passwords for all of your online accounts. This will prevent criminals from accessing your financial information.
Read more »
Security
Credit Card Fraud Cyber Fraud Financial Data Fraud Safety Scam Security

How to Prevent Online Credit Card Frauds ?

 

Approximately 80% of Americans shop online. That's more than 263 million people, and the number is expected to grow by 31.2 million by 2025. (via Statista). E-commerce is popular because it is convenient, but the unforeseen result is cybercrime. 

According to a 2020 report by the FBI's Internet Crime Complaint Center (IC3), US citizens lost more than $1.8 billion to online skimming and related crimes that year. Shady characters continue to devise inventive methods to steal money from connected accounts by lifting or scraping unsuspecting victims' credit card information. Credit card fraud schemes vary — sometimes fraudsters create spoof websites and phish credit card information from the checkout page, and you will, of course, not receive the items you paid for.

Other times, they may send you text messages or emails claiming you are eligible for a refund for an item or service you never purchased, then demand your credit card information to "credit" you.
According to The Ascent research, approximately 35% of American consumers have been victims of credit card fraudsters. Because the likelihood of falling for these schemes increases with age, we'll share a few tips to help you avoid becoming a statistic. But first, let's go over the fundamentals.

Online credit card skimming:

Skimming is not a recent concept. Physical card skimming began with physical card skimming, which you may have viewed in movies: a scammers attaches a small device known as a skimmer to a card reader at a gas station, ATM, or other point of sale terminal. The skimmer steals unsuspecting customers' credit card information, which the fraudster then recovers and uses to make online purchases.

However, online skimming is not the same. Magecart attacks are a combination of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. This is how it works: Instead of using physical hardware, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift payment card numbers.

Malicious actors could also insert malicious fields into payment forms or create redirect links to steal customers' credit card information. Magecart skimmers typically sell the information they collect on the dark web for as little as $5. (via PCMag).

Magecart malware is difficult to detect on websites. Everything works and looks the same for the most part. However, being cautious can help you detect when something is amiss, such as being redirected to a website that does not appear secure. There are several ways to determine this.

To begin, click on the lock in the address bar to ensure the security of the website. If the lock is not closed, the connection is not secure, and the site may not be genuine. You could also look at the website's copyright date at the bottom. 

To protect visitors from compromise, secure websites frequently update the interface and protocols, ensuring that the copyright is always up-to-date or at least recent. If a website's copyright is out of date, this is a red flag (via Norton). Finally, avoid clicking on links or downloading attachments from text messages or emails. Unfortunately, being cautious will not completely protect you from skimming.

Magecart attackers steal the payment application infrastructure, which is typically provided to e-commerce merchants by third-party service providers, so even completely secure websites may contain skimming malware (via SISA). However, there is a better line of defence.  

As the number of skimming attacks grows, banks and other financial institutions are taking steps to safeguard their customers from fraud, and virtual cards are one of those solutions. They are linked to your credit card, but they can generate one-time use account numbers, security codes, expiration dates, and CVV codes for online transactions while protecting your actual credit card information.

It's also a good idea to use only one credit card for online shopping so that you can keep track of it easily. Also, contact your bank and request that international purchases on your credit card be disabled. The majority of skimming scams are card-not-present (CNP) transactions, which means that the fraudsters will use a compromised card to make a purchase in a location other than the card owner's. The victim could be in Milwaukee and receive strange debit alerts for purchases made in Miami.  
Read more »
User Priavcy
API Data Leak Financial Data Mobile Security Payment Faud User Priavcy

Countering Financial Data Leak in the Era of Digital Payments

 

Over the past five years, there has been a huge surge in the usage of financial services technologies and with that, the risk of a financial data breach has also increased. Multiple financial services technologies use screen scraping to access the private banking data of consumers.

 Screen scraping is a technology by which a customer provides its banking app login credentials to a third-party provider (TTP). The TTP then sends a software robot to the bank’s app or website to log in on behalf of the user and access data.

“The way consumers traditionally connect to their bank accounts is facilitated through screen scraping, where providers require internet banking login information,” explained Joe Pettersson, Chief Technology Officer at Banked. 

One safer alternative to screen scraping is APIs, which let two systems work together. Here are the three benefits of using API: 

Easier for developers 

APIs come with inbuilt documentation, which helps developers code between two systems with a common language. So, they don’t have to learn the details of a full fraud prevention engine’s code, they only need to look at the documentation to understand exactly how quickly they can access certain functions. Once again, this saves time and effort for the whole IT team and helps in making the fraud system more cost-effective. 

Good for Scaling

 Regardless of how efficient a person is, there’s simply no way to review all the user data manually. This is where APIs play an important role by offering fast queries and responses for hundreds of thousands of user logins, transactions, or signups. 

Automates everything 

Because APIs are linked to web apps, there’s no need to regularly tweak them or wait for IT updates. All the fixes and improvements are made from the server side, so individuals can focus on their business instead. It’s not only cheaper in terms of IT resources, but also much more efficient and faster.

Conclusion 

To mitigate fraud risk, propagating knowledge and awareness of new payment technologies, channels, and products, and the risks involved — to both customers and employees — is a crucial part of a fraud prevention strategy. Embedding the fraud management process into overall customer engagement and experience should be the first step forward.
Read more »
Trojan
Banking Trojan data security Financial Data Google Play Store malware Trojan

10K Victims Infested via Google Play 2FA App Loaded with Banking Trojan

 

The Vultur trojan obtains bank credentials but then requests authorization to inflict even more damage later. 

A fraudulent two-factor authentication (2FA) software has been deleted from Google Play after being available for more than two weeks — but not before it was downloaded more than 10,000 times. The Vultur stealer malware, which targets and swoops down on financial information, is put into the app, which is completely functioning as a 2FA authenticator. 

Researchers at Pradeo warn users who have the malicious app, just named "2FA Authenticator," to delete it straight away since they are still at risk — both from banking-login theft and other assaults made possible by the app's broad over permissions. 

Using open-source Aegis authentication code combined with malicious add-ons, the threat actors constructed an operable and convincing app to mask the malware dropper. According to a Pradeo analysis issued, this enabled it to proliferate unnoticed via Google Play. 

“As a result, the application is successfully disguised as an authentication tool, which ensures it maintains a low profile,” the report added. 

The Vultur banking trojan is installed once the software is downloaded, and it harvests financial and banking data from the affected smartphone, among other things. The Vultur remote access trojan (RAT) malware, initially discovered by ThreatFabric investigators in March, was the first of its type to employ keylogging and screen recording as its main approach for stealing banking data, allowing the organisation to systematize and expand the process of stealing credentials. 

“The actors chose to steer away from the common HTML overlay strategy we usually see in other Android banking trojans: this approach usually requires more time and effort from the actors to steal relevant information from the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result,” ThreatFabric said at the time. 

According to the Pradeo team, the fake 2FA authenticator also requests device rights that aren't shown in the Google Play profile. The attackers can use those tricksy, enhanced privileges to do things like access user location data so attacks can be aimed at specific regions, disable device lock and password security, download third-party apps, and take control of the device even if the app is shut down, according to the report. 

Once the device is fully hacked, the app installs Vultur, “an advanced and relatively new kind of malware that mostly targets online banking interface to steal users’ credentials and other critical financial information,” the report said. 

Pradeo discovered another sneaky tactic used by the malicious 2FA by acquiring the SYSTEM ALERT WINDOW permission, which allows the application to modify the interfaces of other mobile apps. 

"Very few apps should use this permission; these windows are intended for system-level interaction with the OS," Google stated. 

Despite the fact that the researchers reported their disclosure to Google Play, the malicious 2FA Authenticator app loaded with the banking malware remained accessible for 15 days, according to the Pradeo team.
Read more »
Subscribe to: Posts (Atom)