Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security. Show all posts
VoIP number
Business Cyber Security Security Subscription VoIP number

Fixed VoIP Numbers: Major Benefits and Disadvantages for Businesses

 





One other consideration a business would use to evaluate communications solutions would be the choice between a fixed VoIP number and non-fixed VoIP number. The former costs more money and is associated with complexities in the setting up process. It still possesses some benefits that an organisation needs to operate, however.

Advantages of Fixed VoIP Number


1. Trustworthiness

Tied to a physical address, the fixed VoIP number adds more credence to the business. As compared to the non-fixed VoIP numbers mainly targeted by scammers, fixed numbers are useful in the promotion of greater customer checks on the authenticity of the company, especially for those firms handling regulated sectors like finance, wherein building trust with customers can be very hard.


2. Security 

Fixed VoIP numbers guarantee security because they connect directly to a registered address. Non-fixed numbers are accessed from any internet connection; therefore, the chance of being misused rises. When dealing with sensitive information companies, the fixed VoIP number extra layer security is an added guarantee against such attacks as data breaches.


3. Easier Compliance with Regulations

As in other heavily regulated industries, including finance and healthcare, emergency response also relies on location data accuracy. Fixed VoIP numbers help businesses easily comply with all the requirements, making the cost of compliance low and administrative burdens low.


4. Business Professional Image

With a fixed VoIP number, it is easier to present a stable and established impression. A fixed number helps companies look less like a temporary operation. This can be particularly important for small businesses looking to establish authority and trust in their market.


5. Greater Control for Administrators

Fixed VoIP numbers can guarantee better control over caller IDs and databases over caller names to enable businesses to ensure that their identity is consistent on all calls. The need for maintaining a professional brand image and having precise control over how the business presents itself to clients and partners is very important.


6. Support for Emergency Services

Exact location is a must-have in emergencies. Fixed VoIP numbers provide accurate location information, and this makes it possible to have a quicker response time in cases of crises. This is missing for non-fixed numbers; therefore, fixed VoIP is very useful for industries whose data on location can be termed as a matter of life or death.


Drawbacks of Fixed VoIP Numbers


1. More Costly

Fixed VoIP numbers also require relatively high setup and subscription fees in addition to the expense of address verification for higher-security access. For companies catering to overseas clients, fixed VoIP numbers frequently translate to costlier long-distance calls-however, non-fixed numbers represent a saving grace.


2. Complex Porting Procedure

The transfer of a fixed VoIP number from one place to another can be quite hectic, especially for growing businesses and those changing locations. This is because the porting process is very slow, leaving behind the inflexibility required by the businesses in such cases.


3. Slower Setup

It takes more time to set up a fixed VoIP number as against the prompt setting up for non-fixed numbers. Verification of the physical address and more regulatory compliance requirements extend the time taken to set up, making it inconvenient for businesses that need to access immediately.


4. Geographic Limitations

The fixed VoIP numbers are directly associated with a specific location, hence quite limiting to access the business market. Some clients might be sceptical about communicating with a company that they view as "not local," which may hinder outreach and expansion in areas beyond the business's core location.


Selection Between Fixed and Non-Fixed VoIP Numbers


Depending on the priorities of the business, a fixed VoIP number can be selected. Organisations that require greater security, credibility, and adherence to regulations can invest in fixed VoIP numbers. When cost efficiency and flexibility top the list, then non-fixed numbers are a better option for them.


Read more »
Security
AI Business Cyber Security India Mallox RansomHub Ransomware Security

India Faces Rising Ransomware Threat Amid Digital Growth

 


India, with rapid digital growth and reliance on technology, is in the hit list of cybercriminals. As one of the world's biggest economies, the country poses a distinct digital threat that cyber-crooks might exploit due to security holes in businesses, institutions, and personal users.

India recently saw a 51 percent surge in ransomware attacks in 2023 according to the Indian Computer Emergency Response Team, or CERT-In. Small and medium-sized businesses have been an especially vulnerable target, with more than 300 small banks being forced to close briefly in July after falling prey to a ransomware attack. For millions of Indians using digital banking for daily purchases and payments, such glitches underscore the need for further improvement in cybersecurity measures. A report from Kaspersky shows that 53% of SMBs operating in India have experienced the incidents of ransomware up till now this year, with more than 559 million cases being reported over just two months, starting from April and May this year.

Cyber Thugs are not only locking computers in businesses but extending attacks to individuals, even if it is personal electronic gadgets, stealing sensitive and highly confidential information. A well-organised group of attacks in the wave includes Mallox, RansomHub, LockBit, Kill Security, and ARCrypter. Such entities take advantage of Indian infrastructure weaknesses and focus on ransomware-as-a-service platforms that support Microsoft SQL databases. Recovery costs for affected organisations usually exceeded ₹11 crore and averaged ₹40 crore per incident in India, according to estimates for 2023. The financial sector, in particular the National Payment Corporation of India (NPCI), has been attacked very dearly, and it is crystal clear that there is an imperative need to strengthen the digital financial framework of India.

Cyber Defence Through AI

Indian organisations are now employing AI to fortify their digital defence. AI-based tools process enormous data in real time and report anomalies much more speedily than any manual system. From financial to healthcare sectors, high-security risks make AI become more integral in cybersecurity strategies in the sector. Lenovo's recent AI-enabled security initiatives exemplify how the technology has become mainstream with 71% of retailers in India adopting or planning to adopt AI-powered security.

As India pushes forward on its digital agenda, the threat of ransomware cannot be taken lightly. It will require intimate collaboration between government and private entities, investment in education in AI and cybersecurity, as well as creating safer environments for digital existence. For this, the government Cyber Commando initiative promises forward movement, but collective endeavours will be crucial to safeguarding India's burgeoning digital economy.


Read more »
Windows
Antivirus Memory Integrity Microsoft performance Protection Ransomware Security system Technology Virtualization Windows

How to Enhance Your Windows Security with Memory Integrity

 

Windows Security, the antivirus program built into Microsoft’s operating system, is generally sufficient for most users. It provides a decent level of protection against various threats, but a few important features, like Memory Integrity, remain turned off by default. This setting is crucial as it protects your system’s memory from malicious software that attempts to exploit Windows drivers, potentially taking control of your PC.

When you enable Memory Integrity, it activates Virtualization Based Security (VBS). This feature separates the code verification process from the operating system, creating a secure environment and adding an additional layer of protection. Essentially, VBS ensures that any code executed on your system is thoroughly checked, preventing malicious programs from sneaking through Windows’ defenses.

However, Microsoft disables Memory Integrity by default to maintain smoother app performance. Some applications may not function properly with this feature on, as the extra layer of security can interfere with the way certain programs execute code. For users who prioritize app performance over security, this trade-off may seem appealing.

But for those concerned about malicious attacks, enabling Memory Integrity is a smart choice. It prevents malware from bypassing the usual system checks, providing peace of mind when dealing with potential security threats. On older PCs, though, you might notice a slight reduction in performance once Memory Integrity is activated.

Curious to see how your system handles this extra protection? Enabling and disabling Memory Integrity is a simple process. First, type “Windows Security” into the search bar or Start menu. Under Device Security, you may see a notification if Memory Integrity is off. Click Core Isolation, then toggle Memory Integrity on. To deactivate it, return to the same settings and flip the switch off.

It’s not just Memory Integrity that comes disabled by default in Windows. Microsoft leaves certain protections off to strike a balance between security and user experience. Another useful feature you can enable is ransomware protection, which safeguards specific folders and prevents unauthorized apps from locking you out of your data. Similarly, you can turn on advanced app screening to block potentially harmful programs.

While leaving Memory Integrity and other protections off can offer a smoother computing experience, activating them significantly strengthens your system’s defenses against cyber threats. It’s a choice between performance and security, but for those prioritizing protection, flipping these settings on is an easy step towards a safer PC.
Read more »
TOR
anonymization Browser Cyber Security Darknet Encryption Network Online Privacy Security servers TOR

Exploring the Tor Network: A Comprehensive Look at Online Anonymity and Privacy

 

The Tor network, originally developed in the early 2000s by the U.S. Naval Research Laboratory, has been operated since 2006 by the independent non-profit organization, The Tor Project. The project's primary goal is to offer a free method for anonymizing internet traffic. Approximately 85% of The Tor Project’s funding comes from U.S. government entities, while the remaining 15% is sourced from private donations and NGOs.

Tor, which stands for "The Onion Router," functions by routing a user's connection through three randomly selected servers (nodes), layering encryption like the layers of an onion. The destination site only detects the IP address of the final node, called the exit server, masking the user's original address. The system refreshes the connection route every 10 minutes, though the access node remains stable for two to three months.

Data transferred within the Tor network is encrypted until it reaches the exit server. However, users must still encrypt any sensitive information entered on websites, as data exiting the network can be read if it's not further encrypted. To access Tor, users need a specialized browser—like the Tor browser, based on Mozilla Firefox and configured for secure browsing.

With about 6,500 servers currently active worldwide, individuals, companies, and organizations operate these nodes. Any internet user with a DSL connection can set up a Tor node. However, the network's openness can be a vulnerability; if an exit node operator is not vigilant, unencrypted data can be intercepted. Additionally, sophisticated entities, such as intelligence agencies, could potentially track Tor users by analyzing traffic patterns or compromising nodes.

Despite these risks, Tor remains the most secure method of maintaining anonymity online. Around two million people, particularly those in heavily monitored states, use the Tor network daily. The darknet, a collection of hidden websites, also depends on Tor's anonymization for access.
Read more »
TrickMo
Banking Security Banking Trojan C2 servers Cyberattack Data Breach device access malware Mobile Threats Security TrickMo

TrickMo Banking Trojan Unveils Advanced Threat Capabilities in Latest Variant

Malware Analyst at Zimperium, Aazim Yaswant, has released an in-depth report on the most recent TrickMo samples, highlighting worrisome new functionalities of this banking trojan. Initially reported by Cleafy in September, this new version of TrickMo employs various techniques to avoid detection and scrutiny, such as obfuscation and manipulating zip files. 

Yaswant’s team discovered 40 variants of TrickMo, consisting of 16 droppers and 22 active Command and Control (C2) servers, many of which remain hidden from the broader cybersecurity community.

Although TrickMo primarily focuses on stealing banking credentials, Yaswant's analysis has exposed more sophisticated abilities. "These features allow the malware to access virtually any data on the device," Yaswant stated. TrickMo is capable of intercepting OTPs, recording screens, remotely controlling the device, extracting data, and misusing accessibility services to gain permissions and perform actions without the user’s approval. Additionally, it can display misleading overlays designed to capture login credentials, enabling unauthorized financial transactions.

A particularly concerning discovery in Yaswant's findings is TrickMo’s ability to steal the device’s unlock pattern or PIN. This enables attackers to bypass security measures and access the device while it is locked. The malware achieves this by mimicking the legitimate unlock screen. “Once the user enters their unlock pattern or PIN, the page transmits the captured data, along with a unique device identifier,” Yaswant explained.

Zimperium’s researchers managed to gain entry to several C2 servers, identifying approximately 13,000 unique IP addresses linked to malware victims. The analysis revealed that TrickMo primarily targets regions such as Canada, the UAE, Turkey, and Germany. Yaswant’s investigation also uncovered millions of compromised records, with the stolen data including not only banking credentials but also access to corporate VPNs and internal websites, posing significant risks to organizations by potentially exposing them to larger-scale cyberattacks.
Read more »
Theft Prevention
Android Google Security Technology Theft Prevention

Google’s Latest Theft Protection for Android Devices

 




Google is introducing new high-level theft protection features for Android 10 and above devices across Google Play services. The new technologies were announced at the I/O 2024 event, with the main idea being to protect users' data and make possible recovery of the device in case it has been stolen. Read the breakdown of these new tools and how they work.

How to Get Theft Protection on Android

Features can be turned on in the Settings app by using the phrase "Theft protection" or in the "Personal & device safety" section, found under the "All services" tab of the new Google services page. These three Theft Protection built-ins, writes the Theft Protection webpage, safeguard personal data if one's device is stolen.

Theft Detection Lock

The first one identifies unusual movement through the combination of sensors, Wi-Fi and smart device connectivity. If some person grabs an unlocked phone and runs away, Theft Detection Lock will automatically lock the screen so that no one can thereafter access private information.

Offline Device Lock

The second feature delivers security when there is no internet connection available. When someone attempts to lock tracking by turning off the internet on the device, this lock will have some conditions triggered, because the device was unlocked and in operation. The screen may be locked up to two times a day through this feature, adding protection to users in the case of theft.

Remote Lock via Website 

Remote Lock lets one lock their device from elsewhere using the webpage android.com/lock once a device is stolen. At this point, users are simply required to input a confirmed number and security challenge to lock the phone. It is at this point that Google advises users to use the feature on the device of a trusted person to access the lock screen easily. In many cases, it is said to work faster than "Find My Device".

Limited Testing and Availability

First tested in Brazil in early this year, these theft protection tools have begun rolling out to Android users around the world in lots of different brands including Pixel and Samsung. These features are still found on the beta version of Google Play services (24.40.33) and should reach the stable version soon.

New Theft Protection features from Google mark the advancement of device protection, especially for those whose main fears are stolen devices. As this comes up, users are strongly advised to turn to their settings to help make their devices safer than ever.

In these updates, it becomes clear that Google is doing its best to stay ahead of possible data losses and to minimise the effects brought about by theft incidents in a very digital age.


Read more »
UK
attacks Businesses Cyber Crime CyberCrime global cooperation guidance insurance Ransomware resilience Security UK

Global Effort Unites Against Ransomware: New Guidance to Strengthen Business Defenses

  

Ransomware attacks continue to pose significant challenges for businesses worldwide, with incidents on the rise. 

In response, the UK, along with 38 other nations and international cyber insurance organizations, has collaborated to release updated guidance aimed at supporting victims and enhancing resilience. This guidance advises against making immediate ransom payments, as recovery of data or malware removal is not guaranteed, and paying ransoms often encourages further criminal activity.

Instead, businesses are urged to create a comprehensive response plan, with policies and contingency measures in place. Organizations that fall victim to ransomware should report the incident to law enforcement and consult security professionals for expert guidance.

Ransomware has become a lucrative venture for cybercriminals, causing an estimated $1 billion in losses in 2023. By removing the incentive for criminals, these new policies aim to weaken the ransomware business model and reduce future attacks.

"International cooperation is crucial in fighting ransomware as cybercrime knows no borders," stated Security Minister Dan Jarvis. He emphasized that this collective effort will hit cybercriminals financially and better protect businesses in the UK and beyond.

The UK is taking a leading role, collaborating with three major insurance organizations—the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association—to issue co-sponsored guidance. Meanwhile, the UK National Crime Agency has taken steps by sanctioning 16 individuals from the 'Evil Corp' cybercrime group, responsible for over $300 million in theft from critical infrastructure, healthcare, and government sectors.

Jonathon Ellison, Director for National Resilience at the NCSC, highlighted the urgency of addressing ransomware threats: "This guidance, backed by both international bodies and cyber insurance organizations, represents a united front in bolstering defenses and increasing cyber readiness."
Read more »
Security
Cyber Attacks Data Data Safety data security perso Safety Security

Cyberattack on Maui's Community Clinic Affects 123,000 Individuals in May

 

The Community Clinic of Maui, also known as Mālama, recently notified over 123,000 individuals that their personal data had been compromised during a cyberattack in May. Hackers gained access to sensitive information between May 4 and May 7, including Social Security numbers, passport details, financial account information (such as CVV codes and expiration dates), and extensive medical records.

In addition to this, hackers obtained routing numbers, bank names, financial account details, and some biometric data. A total of 123,882 people were affected by the breach, which resulted in the clinic taking its servers offline.

Local reports suggested the incident was a ransomware attack, sparking public frustration as Mālama was forced to close for nearly two weeks. Upon reopening at the end of May, the clinic operated with limited services, and nurses had to rely on paper charts due to system-wide computer outages.

Following the attack, Mālama worked with law enforcement and cybersecurity experts to investigate the breach, with the findings confirmed on August 7. 

In a statement on its website, the clinic offered complimentary credit monitoring to those whose Social Security numbers may have been exposed, although a regulatory filing in Maine indicated that identity theft protection services were not provided. The organization has not responded to requests for clarification, and a law firm is reportedly exploring potential lawsuits against Mālama related to the breach.

The ransomware group LockBit, which was taken down by law enforcement earlier this year, claimed responsibility for the attack in June. On Tuesday, Europol and other agencies announced a coordinated effort to target the gang, resulting in four arrests and the seizure of servers critical to LockBit's operations in France, the U.K., and Spain.

In 2024, healthcare providers across the U.S. have been increasingly targeted by cyberattacks, disrupting services and threatening public safety. Notably, McLaren Health Care and Ascension, two major health systems, have faced severe ransomware incidents, and last week, one of the region's only Level 1 trauma centers had to turn away ambulances following a cyberattack.

Read more »
Sensitive data
cyber attack identity Microsoft Security Sensitive data

Microsoft Tightens Cloud Security After Major Breaches

 



In its efforts to better its cloud security, Microsoft has done much to remove any potential vulnerabilities and tightened the process of authenticating individuals. This comes after the tech giant saw several security breaches within the past year. Under the Secure Future Initiative launched in November 2023, Microsoft has so far purged 730,000 unused applications and deactivated 5.75 million inactive tenants in its cloud system. The initiative has been a direct response to cyber intrusions that had resulted in the revelation of sensitive data.

Reducing the Cyber Attack Surface

The firm has sought to minimise its attack surface by identifying dead or idle areas of its cloud infrastructure and is working to eliminate them. Removing hundreds of thousands of applications and millions of unused tenants works at making Microsoft shrink down the possible avenues the hackers may employ to penetrate it. Furthermore, Microsoft has sought to make the software production environment more secure by equipping the software teams with 15,000 locked-down devices. In its other security measure, the company conducted video-based identity verification for 95 percent of its production staff for further security in the identity authentication process. 

Better Identity and Authentication Security

Cybersecurity is one aspect where Microsoft has improved much. For instance, the identity management systems for its Entra ID and Microsoft Account (MSA) platforms have been remarkably enhanced.

These updates target better generation, storage, and rotation of access token signing keys as means to advance the protection of the public and government cloud environments. This is partly because of an incident in 2023, when hacking group Storm-0558 from China successfully accessed Exchange Online systems and penetrated the private email accounts of dozens of state officials. 

Secure Future Initiative Focus Areas

The SFI project is the most ambitious cybersecurity effort Microsoft has undertaken to date, providing 34,000 engineers dedicated to bulking up the company's defences. It focuses mainly on six critical areas: identity and access control, securing cloud tenants and production systems, strengthening engineering systems, improving network security, enhancing threat detection, and perfecting incident response. By doing all of these broad strokes, the likelihood of any future breach of this scale is reduced.

Mitigating Past Security Mistakes

Analysis by the US Department of Homeland Security's Cyber Safety Review Board had shown that a succession of security lapses at the company allowed these breaches. The inquiry, focused on the Storm-0558 intrusion, had asserted that it was time for Microsoft to strengthen its security posture, which primarily revolved around identity and authentication processes. Based on this, the company has moved very quickly to shore up weaknesses and prevent something similar from happening in the future.

Progress in Key Security Areas

Microsoft says it made strides in several areas in the latest report on SFI.

Unused applications and tenants removed reduce cloud attack surface. In network security, the firm now maintains a central inventory for more than 99% of physical assets, providing greater oversight.

Virtual networks with back-end connectivity are isolated from the corporate networks, which in turn is subjected to even more rigorous security audits. Centralised pipeline templates accounting for 85% of the production builds have been so far a part of the security. Personal access tokens now also have a much shorter life. Proof-of-presence checks are also instituted at the most sensitive points of the software development pipeline. 

Organisational Changes for Better Security

Beyond the technical, there have been organisations which are aimed at ensuring the executives are held responsible for security outcomes. There have been those who tied senior leadership compensation to specific security goals and that the company's threat intelligence team reports directly to the Chief Information Security Officer. This is in the way that it gives the assurance that security is top of the agenda across the organisation.

The Microsoft Secure Future Initiative is a reflection of its attempt to learn from previous failures in the area of security and succeed further in the cloud environment. The company intends to secure itself and, by extension, its customers from future cyber-attacks by enforcing identity verification, reducing attack surfaces, and having a strong network as well as engineering security. Hence, through continuous actions, Microsoft aims to ensure that such instances-where confidential and sensitive data are leaked-would not recur in the future.





Read more »
Security
Brave Browser Cookies phishing Privacy Security

Brave Browser: The Secure and Private Way to Surf the Web

 



Data is more precious in today's digital world than ever. Companies are trying to collect as much as possible to sell it to third-party data brokers. Cybercrime is growing steadily and targeting unsuspecting victims. Addressing both issues is one of the reasons the more mindful browser, Brave, is integrating an array of features to keep data secure and private.

Another feature that differentiates Brave is that it has a built-in use of Brave Shields- the application engaged in blocking harmful elements that may track the behaviour of your browsing. In other types of browsers, users have to install third-party ad blockers. Brave Shields are installed directly in the browser and prevent intrusive ads and trackers from retrieving data regarding the activities you perform online.

It also solves a very common problem with ad blockers, which is that some websites break when the ads are blocked. To solve this issue, Brave replaces tracking codes with privacy-friendly alternatives while ensuring that the integrity of the webpage is maintained and your data is kept secure. As companies continue to devise new ways to hide trackers, Brave is countering this through CNAME uncloaking techniques by uncovering such hidden threats before they manage to collect data from you.

Blocking Cross-Site Cookies

Cookies are small files that download onto your computer, which track your surfing and, more often than not, targeted advertisements will follow you around the web. Cross-site cookies are blocked, by default, on Brave so websites cannot track movements from one site to the other. Brave provides temporary cookies for functionality, though without exposing any private data, for the occasional cookie-dependent website.

Phishing Protection with Google Safe Browsing

Though it puts much emphasis on privacy, Brave remembers security. It uses Google Safe Browsing, which won't enable a user to reach a phishing site or download harmful files. Being built upon Chromium, the same platform that Google Chrome runs on, Brave ensures users protection from known threats to their developers, hence making browsing safer.

While Google Safe Browsing is a service that compromises privacy within Google Chrome, it only serves Brave to block harmful websites without the collection of any personal data from browsing.

A Search Engine Respecting Your Privacy

Most search engines log your search history, accumulating information about the queries you made and selling that information to customise ads or even sell. In contrast, Brave Search does not collect, store, or share search queries when accessed through the browser. This is a completely private browser that does not believe in logging and selling your browsing habits. Additionally, Brave Search serves less biased results because it crawls the web itself rather than prioritising by SEO schemes or the behaviour of prior users.

Another advantage of Brave Search is that it can be utilised independently of the download of the Brave browser – so anyone can have private searches.

Inbuilt VPN and Firewall

It also has a built-in VPN and firewall from Brave, that's available on free trial for seven days, after which you can subscribe to it at $9.99 a month. This will ensure your activity is completely hidden from all the potential threats looking at you, and you won't let any malicious content get inside or leave your network. A VPN encrypts internet traffic so nobody can track your activity online, while the firewall keeps unwanted data from appearing in your system.

It's probably refreshing about Brave, considering it is committed to protecting personal data. Most companies have either policies or strategies that collect and sell a user's data. With Brave, what is striking is the no-sharing policy, full compliance with the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA), and as such, all users' benefit from strong data protection law, irrespective of their region.

For people who place importance on privacy and safety, Brave is a full answer. This is because the provider separates itself from the rest of the browsers by its focus on protecting the user from risks connected with the misuse of data or cybercrime through features like Brave Shields, cross-site cookie blocking, private search options, and built-in VPN and firewall services. These have extended to ensure that your web experience remains secure and private; from stopping trackers, malicious websites, and unwanted ads.


Read more »
Security
Data Breach Data Safety data security Safety Security

Seattle Port Suffers Data Breach, Rhysida Ransomware Suspected

 

The ransomware attack has significantly disrupted the port's operations, highlighting the challenges that critical infrastructure providers face in the immediate aftermath of a cybersecurity breach. While recovery efforts are ongoing, the impact continues for some areas.

Most affected systems have been restored, but the port's website, internal portals, and the airport's mobile app remain offline. Despite this, officials reported that the majority of flights have adhered to their schedules, and cruise ship operations have remained unaffected.

The port made it clear that it refused to meet the attackers' demands, warning that the hackers may attempt to post stolen data on the dark web. In an update on Friday, the port stated, "The Port of Seattle does not plan to pay the criminals responsible for this cyberattack," said Steve Metruck, the port’s executive director. "Paying them would go against the values of the port and our responsibility to wisely manage taxpayer funds."

Port authorities have confirmed that some data was compromised by the Rhysida group in mid-to-late August. An investigation is ongoing to determine the specific nature of the stolen information, and those affected will be informed as soon as the analysis is complete.

In November 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory regarding the Rhysida group.

Metruck emphasized the port's efforts not only to restore operations but to use the experience to strengthen future security. "We remain committed to building a more resilient port and will share insights from this incident to help safeguard other businesses, critical infrastructure, and the public," he said.
Read more »
Security
Cybersecurity Data Data Breach Data Safety data security Safety Security

Fortinet Confirms Data Breach Involving Limited Number of Customers, Linked to Hacker "Fortibitch"

 

Fortinet has disclosed a data breach impacting a "small number" of its clients after a hacker, using the alias "Fortibitch," leaked 440GB of customer information on BreachForums. The hacker claimed to have accessed the data from an Azure SharePoint site, following the company's refusal to meet a ransom demand. This incident emphasizes the need for companies to secure data stored in third-party cloud services, cybersecurity experts have noted.

In a statement released on September 12, Fortinet reported that the breach involved unauthorized access to files stored on its cloud-based shared file drive. The company did not confirm the exact source of the breach but reassured that the affected data represented less than 0.3% of its over 775,000 customers—approximately 2,300 organizations. Fortinet also stated that no malicious activity had been detected around the compromised data, and no ransomware or data encryption was involved. The company has since implemented protective measures and directly communicated with impacted customers.

Dark Reading noted that the hacker also leaked financial and marketing documents, product information, HR data from India, and some employee records. After unsuccessful attempts to extort the company, the hacker released the data. There was also a mention of Fortinet’s acquisitions of Lacework and NextDLP, as well as references to a Ukrainian threat group, though no direct connections were identified.

This breach highlights the growing risk of cloud data exposure. A recent analysis by Metomic revealed that more than 40% of sensitive files on Google Drive were vulnerable, with many shared publicly or with external email addresses. Experts stress the importance of using multifactor authentication (MFA), limiting employee access, and regularly monitoring cloud environments to detect and mitigate potential security lapses. They also recommend encrypting sensitive data both in transit and at rest, and enforcing zero-trust principles to reduce the risk of unauthorized access.
Read more »
User Safety
Data Breach Leak Personal Data Safety Security User Data User Safety

ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data

 

The London branch of the Industrial and Commercial Bank of China (ICBC) recently fell victim to a ransomware attack, resulting in the theft of sensitive data. According to a report by The Register, which references information posted on the hackers' data leak site, the bank has until September 13 to meet the ransom demand or risk the stolen data being publicly leaked.

The attack was orchestrated by a group called Hunters International, who claim to have exfiltrated 5.2 million files, amounting to 6.6 terabytes of sensitive information. Despite being a relatively new name in the ransomware scene, some experts believe Hunters International is a rebranded version of Hive, a notorious ransomware group that was dismantled by the FBI in July 2022. At that time, the FBI successfully infiltrated the Hive group, seizing decryption keys and halting its operations.

Emerging approximately a year ago, Hunters International has shifted its focus toward data theft rather than system encryption. Some cybersecurity researchers suggest that developing and deploying encryption tools is complex and time-consuming, making data theft alone an equally profitable, yet simpler, approach for the group.

ICBC, the world’s largest bank by total assets and market capitalization, is a state-owned financial institution in China. It provides a variety of banking services, including corporate and personal banking, wealth management, and investment banking. With an extensive global presence, ICBC plays a significant role in funding infrastructure projects both domestically and abroad.

As of now, ICBC has not made any public statements regarding the attack or responded to requests for comment.
Read more »
TfL
cyber attack Cyber Attacks London Ransomware Security TfL

TFL Hit by Cyberattack, Leaving Disabled Riders Stranded


 

Transport for London (TfL) recently confirmed that disabled passengers are the first group to feel the effects of a cyberattack that has hit their systems. This incident has severely impacted the Dial-a-Ride service, a specialised transport service designed for wheelchair users and individuals with long-term disabilities, leaving many unable to book their necessary door-to-door journeys.

TfL, the organisation responsible for managing London’s public transport network, initially acknowledged a cyber incident on September 2. In their first public statement, TfL reassured customers that no personal data had been compromised, and transport services across the network were unaffected. However, in the days following, it became clear that the cyberattack has caused more disruption than initially reported, particularly for disabled passengers who rely heavily on the Dial-a-Ride service.

The Dial-a-Ride service, which offers free transport for disabled passengers, was forced to suspend new bookings due to the ongoing cybersecurity incident. A recent update from TfL confirmed that the system is unable to process any new journey requests, inconveniencing those who depend on this service for mobility. In addition to suspending bookings, TfL also reported that many staff members operating the service have limited access to critical systems, making it difficult for them to respond to user inquiries or manage ongoing services efficiently.

For many disabled residents, Dial-a-Ride is a crucial service for daily travel. Without it, those with limited mobility are left without a reliable option to get around the city, exacerbating the challenges they already face in navigating public transportation.

Ransomware Likely Cause of the Attack

Although the full details of the cyberattack have not yet been disclosed, cybersecurity experts believe it may be a ransomware attack, a type of cybercrime where systems are locked down by hackers who demand payment in exchange for restoring access. The limited system access reported by TfL employees suggests that hackers may have taken control of essential systems, preventing the organisation from operating key services like Dial-a-Ride.

Mark Robertson, an expert from Acumen Cyber, noted that the involvement of Dial-a-Ride indicates the attack may be more serious than originally thought. He emphasised that being locked out of key systems is a common effect of ransomware, further hinting at the nature of the incident. However, he commended TfL for its incident response efforts, which have helped to manage the crisis and minimise further damage.

Despite the disruption, there has been some good news for Dial-a-Ride users. Following internal recovery measures, TfL announced that essential booking requests are now being accepted once again. Though services remain limited, there is optimism that the situation will continue to improve as the day progresses. 

As TfL continues to address the issue, it serves as a reminder that cyberattacks can have far-reaching impacts, particularly on vulnerable populations such as disabled individuals who rely on services like Dial-a-Ride for their daily mobility needs. TfL’s handling of this situation will likely set an example for other organisations on how to manage similar incidents in the future. 

There is a pressing need for both strong cyber defences and detailed response plans to minimise the fallout from these types of attacks.


Read more »
Security
cyber attack Cyber Attacks FBI IT Industry Passwords Ransomware Security

IT Manager Faces Charges for Locking Computers to Demand Money


 

A recent case has highlighted that ransomware threats can sometimes come from within an organisation. Daniel Rhyne, a 57-year-old IT administrator from Kansas City, Missouri, has been accused of holding his own company hostage by locking down their systems and demanding a ransom to restore access.

The incident occurred in November last year when Rhyne was employed at an industrial company based in Somerset County, New Jersey. According to the Federal Bureau of Investigation (FBI), Rhyne allegedly took control of the company’s network by resetting the passwords of network administrator accounts as well as those of hundreds of employees. He then proceeded to delete critical backups and locked out both servers and workstations, crippling the organisation’s operations.

An hour after initiating the attack, Rhyne allegedly sent an email to the company's employees informing them of the situation and demanding a ransom in exchange for unlocking the systems. The FBI claims this was an attempt at extortion, with Rhyne threatening further damage if his demands were not met.

Rhyne’s actions were investigated by the FBI, and he has been charged with multiple counts, including extortion, intentional damage to a protected computer, and wire fraud. Should he be convicted of all charges, he faces up to 35 years in prison and a $500,000 fine, as reported by The Register.

Several pieces of evidence were gathered by the FBI to support their case against Rhyne. For instance, he allegedly used a tool known as PsPasswd, a Windows Sysinternals utility, to reset user passwords. The new password set for the accounts was "TheFr0zenCrew!", a telling detail that investigators believe connects him directly to the attack. Rhyne also reportedly kept a hidden virtual machine (VM) on his company-issued laptop, allowing him to maintain remote access to the network's administrative controls.

Adding to the case, the FBI noted that Rhyne's digital activities prior to the attack were suspicious. He allegedly used his work laptop to search for ways to alter administrator passwords via command-line tools, which are often used by IT professionals to manage networks remotely. Investigators claim that on the day of the attack, Rhyne was seen logging into his work laptop, conducting these searches, and reviewing company password spreadsheets while also accessing the hidden VM.

The fact that he used his company-issued laptop to perform these actions leaves a strong digital trail linking him to the crime. The FBI’s detailed investigation paints a clear picture of how the attack was executed, utilising common IT tools to gain unauthorised control over the company’s systems.

If Rhyne is found guilty, his actions could serve as a warning to organisations about the potential for internal threats. It highlights the need for companies to have strong security protocols in place, not just to defend against external hackers but also to safeguard against malicious insiders who have privileged access to sensitive systems.

This case illustrates how cyberattacks are evolving and how attackers, even those within the organisation, can exploit their knowledge and access to launch devastating attacks. Organisations must remain vigilant and continually monitor for suspicious behaviour, no matter the source, to protect their critical digital infrastructure.


Read more »
Toronto
Data Breach Ransomware Security Sensitive data Toronto

Cyberattack on TDSB Exposes Student Data, Sparks Parental Concerns


 

In June 2024, the Toronto District School Board (TDSB), Canada's largest school board, suffered a ransomware attack that compromised the personal information of its students. The incident was first disclosed to the public on June 12, when the TDSB announced that an unauthorised party had accessed one of their technology testing servers. This server, utilised by the board’s IT technicians to test new software, contained sensitive student data from the 2023/2024 academic year.

What Data Was Compromised?

According to an email sent to parents on Thursday, the compromised server held a range of student information. The data accessed during the attack included students' names, school names, grades, TDSB email addresses, student numbers, and dates of birth. While this information was stored in a testing environment rather than a primary database, its exposure is nonetheless concerning, given the potential risks associated with data breaches.

Assessing the Risk

In response to the breach, TDSB officials have been working closely with their cyber security teams and external security partners to assess the situation. As of now, these teams have determined that the risk to students remains low. They have not observed any public disclosure of the compromised data, including on the dark web or other online platforms known for illicit activities. The board has also notified the Privacy Commissioner of Ontario about the potential breach as a precautionary measure.

The news of the cyberattack has sparked concerns among parents, with some feeling that the TDSB’s communication downplayed the seriousness of the incident. Anne Borden, a mother of TDSB students, expressed her dissatisfaction, noting that the board’s response did not instil confidence in their ability to safeguard student information in the future. Borden emphasised the need for the TDSB to prioritise student data security, questioning why crucial resources are allocated to other areas while cybersecurity seemingly takes a backseat.

Ransomware attacks have become an increasing concern for institutions across Toronto, including public organisations. This type of cyberattack involves malicious actors holding data or computer systems hostage until a ransom is paid. Over recent years, several prominent organisations in Toronto, such as the Toronto Public Library, SickKids Hospital, the Toronto Zoo, and the Toronto Transit Commission (TTC), have fallen victim to similar attacks.

The TDSB incident highlights the growing importance of robust cybersecurity measures within educational institutions. As schools increasingly rely on digital tools and platforms, the need to protect sensitive information becomes even more critical. Parents and the community at large are urging the TDSB to take immediate steps to enhance its security protocols and ensure that the personal data of students remains protected.

While the TDSB has stated that the risk to students is currently low, the vulnerability of school systems to cyber threats needs to be kept in check. Moving forward, it is crucial for the TDSB to rebuild trust by implementing stronger security measures and prioritising the safety of student information above all else.



Read more »
USDoD
CrowdStrike Cyber Security Hacking Security USDoD

Brazilian Hacker Behind Major Data Leaks



In a recent turn of events, cybersecurity firm CrowdStrike has identified the hacker known as USDoD, who has been linked to numerous data breaches, as a 33-year-old Brazilian man. This hacker, also known by the alias "EquationCorp," has been behind several high-profile cyber attacks targeting prominent organisations, including Airbus, the FBI's InfraGard portal, National Public Data, and TransUnion.

A report obtained by the Brazilian news site TecMundo, from an anonymous source within CrowdStrike, reveals that the individual behind USDoD is Luan BG, a resident of Minas Gerais, Brazil. The report states that CrowdStrike has shared this information with the authorities, which includes details such as his tax registration, email addresses, domains he registered, IP addresses, social media accounts, and his phone number. While personal information about Luan has been uncovered, specific details that could fully reveal his identity have been kept confidential by CrowdStrike, respecting privacy concerns despite his criminal activities.

According to the investigation, Luan BG has been involved in hacking activities since at least 2017, originally engaging in hacktivism. However, by 2022, his activities had escalated into more serious cybercrimes. His operational security mistakes played a crucial role in his identification. For instance, he repeatedly used the same email address and similar phrases across various social media platforms and forums, allowing investigators to track his activities. This email was also linked to personal accounts, domain registrations, GitHub contributions, and social media profiles, which collectively led to his identification. Additionally, early gaps in his technical abilities made it easier for investigators to compile a detailed profile of him, including photos and emails tied to his aliases.

Robert Baptiste, a well-known cybersecurity expert and CEO of Predicta Lab, has confirmed CrowdStrike's findings through an independent investigation. Baptiste’s work corroborates the evidence pointing to Luan BG as the individual behind the USDoD alias.

The report also highlights that Luan BG inadvertently exposed his identity during a 2023 interview with DataBreaches.net, where he falsely claimed to be around 30 years old with dual Brazilian and Portuguese citizenship, residing in Spain. However, further investigation into his online activities, including emails and social media posts, traced his location back to Brazil. Despite his attempts to mislead by claiming U.S. citizenship, CrowdStrike was able to connect him to Brazil using financial records and other digital traces.

Although authorities have been informed about Luan BG’s identity, there is concern that he may continue his cybercriminal activities. Despite the exposure, experts fear that Luan might deny the revelations or downplay them and persist in his illicit endeavours.

The exposure of USDoD’s identity by CrowdStrike is a crucial step in the ongoing battle against cybercrime. It highlights the complex challenges cybersecurity professionals face in tracking down and exposing individuals involved in high-level cyberattacks. As the case unfolds, the impact of this discovery on the broader cybercriminal community will be closely watched.


Read more »
Security
Cyber Fraud Data Leak Privacy Scam Scamster Security

Chemical Giant Orion Loses $60 Million in Email Scam

 

Luxembourg-based Orion S.A., a leading supplier of carbon black, has been defrauded of a staggering $60 million. The company alerted the US Securities and Exchange Commission (SEC) on August 10th through an official filing (Form 8-K).

The filing reveals that a non-executive employee became the target of a criminal operation. The document states: "On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulent wire transfers to accounts controlled by unknown individuals."

While Orion refrained from sharing specific details about the attack, the nature of the incident - multiple fraudulent wire transfers initiated by an employee - strongly suggests a BEC scam.

In a typical BEC scam, cybercriminals gain access to a legitimate email account belonging to a high-ranking official within a company or impersonate them through a spoofed email address. They then target employees with access to company finances, tricking them into authorizing unauthorized payments.

Common tactics employed by BEC scammers include:

  • Urgency and secrecy: Criminals may claim the company is in the process of acquiring a competitor and needs to expedite the transaction confidentially to avoid media attention or alerting rivals.
  • Impersonation: Scammers may use stolen email credentials or create lookalike email addresses to convincingly impersonate executives.
  • Phone calls: In some cases, the attackers may even follow up with phone calls to pressure the targeted employee into acting swiftly.

The effectiveness of BEC scams lies in their ability to exploit gaps in communication within large organizations. Many employees may not have personal interactions with senior management, making them more susceptible to falling for impersonations and deceptive tactics.

Reports indicate that BEC attacks are a major form of cybercrime, causing significant financial losses, and rivaling the damage inflicted by ransomware attacks.

Read more »
Sensitive data
Banks CrowdStrike outage Cyber Security Financial Institutions Security Sensitive data

Lessons for Banks from the Recent CrowdStrike Outage

 


The recent disruption caused by CrowdStrike has been a wake-up call for financial institutions, highlighting that no cybersecurity system is entirely foolproof. However, this realisation doesn’t lessen the need for rigorous preparation against potential cyber threats.

What Happened with CrowdStrike?

CrowdStrike, a well-known cybersecurity company based in Austin, Texas, recently faced a major issue that caused extensive system crashes. The problem originated from a software update to their Falcon Sensor, which led to a "logic error." This error caused systems to crash, showing the infamous "Blue Screen of Death" (BSOD). The company later revealed that a pre-deployment test, meant to catch such errors, failed, leading to widespread issues.

This incident impacted various organisations, including big names like ICE Mortgage Technology, Fifth Third Bank (with $214 billion in assets), TD Bank, and Canandaigua National Bank in New York, which holds $5 billion in assets.

The Need for Better Planning

Dave Martin, founder of the advisory firm BankMechanics, emphasised that while such events are often discussed in theoretical terms when planning for worst-case scenarios, they can quickly become real, underscoring the ardent need for being well-prepared.

According to Martin, this event has likely prompted bank leaders around the world to focus even more on their contingency plans and backup strategies. The fact that this outage affected so many organisations shows just how unpredictable such crises can be.

As cybersecurity threats become more common, financial institutions are increasingly focused on their defences. The risks of not being adequately prepared are growing. For example, after a cyberattack in June, Patelco Credit Union in California, which manages $9.6 billion in assets, is now facing multiple lawsuits. These lawsuits claim that the credit union did not properly secure sensitive data, such as Social Security numbers and addresses.

Andrew Retrum, a managing director at Protiviti, a consulting firm specialising in technology risk and resilience, pointed out that while organisations face numerous potential threats, they should focus on creating strong response and recovery strategies for the most likely negative outcomes, like technology failures or site unavailability.

Preparing for Future Cyber Incidents

Experts agree on the importance of having detailed action plans in place to restore operations quickly after a cyber incident. Kim Phan, a partner at Troutman Pepper who specialises in privacy and data security, advises financial institutions to be ready to switch to alternative systems or service providers if necessary. In some cases, this might even mean going back to manual processes to ensure that operations continue smoothly.

Phan also suggests that financial institutions should manage customer expectations, reminding them that the convenience of instant online services is not something that can always be guaranteed.

The CrowdStrike outage is a recurring reminder of how unpredictable cyber threats can be and how crucial it is to be prepared. Financial institutions must learn from this incident, regularly updating their security measures and contingency plans. While technology is essential in protecting against cyber threats, having a solid, human-driven response plan is equally important for maintaining security and stability.

By looking at past cyber incidents in the banking sector, we can draw valuable lessons that will help strengthen the industry's overall defences against future attacks.


Read more »
User Privacy
Data Breach Data Safety data security Safety Security User Data User Privacy

National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

 

Data breaches continue to be a persistent issue without a simple solution, as evidenced by the recent breach of the background-check service National Public Data. This incident highlights the escalating dangers and complexity of such breaches. After months of uncertainty, National Public Data has finally confirmed the breach, coinciding with a large amount of stolen data being leaked online.

In April, a hacker known as USDoD started selling a data set on cybercriminal forums for $3.5 million. The data, said to include 2.9 billion records, purportedly affected "the entire population of the USA, CA, and UK." As the weeks passed, samples of the data emerged, with researchers and other actors verifying its authenticity. By early June, it was confirmed that the data contained information like names, emails, and physical addresses.

Although the data's accuracy varies, it appears to consist of two main sets. One contains over 100 million legitimate email addresses along with other personal information. "There appears to have been a data security incident that may have involved some of your personal information," National Public Data announced on Monday. "The incident is believed to have involved a third-party bad actor who attempted to access data in late December 2023, with potential leaks occurring in April 2024 and summer 2024. The breached information includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses."

The company stated it is cooperating with law enforcement and government investigators. National Public Data now faces potential class action lawsuits due to the breach.

"We have become desensitized to the continuous leaks of personal data, but there is a serious risk," says security researcher Jeremiah Fowler, who has been monitoring the National Public Data situation. "It may not be immediate, and it could take years for criminals to figure out how to use this information effectively, but a storm is coming."

When data is stolen from a single source, such as Target, it is relatively easy to trace the source. However, when information is stolen from a data broker and the company does not disclose the incident, it becomes much harder to verify the data's legitimacy and origin. Often, people whose data is compromised are unaware that National Public Data held their information.

Security researcher Troy Hunt noted in a blog post, "The only parties that know the truth are the anonymous threat actors and the data aggregator. We're left with 134M email addresses in public circulation and no clear origin or accountability." Even when a data broker admits to a breach, as National Public Data has, the stolen data may be unreliable and mixed with other datasets. Hunt found many email addresses paired with incorrect personal information, along with numerous duplicates and redundancies.

"There were no email addresses in the Social Security number files," noted Hunt, who operates the website Have I Been Pwned (HIBP). "If you find your email in this data breach via HIBP, there's no evidence your SSN was leaked, and the data next to your record may be incorrect."

For those whose Social Security numbers were included in the breach, the threat of identity theft remains significant. They are forced to freeze their credit, monitor credit reports, and set up financial monitoring services. Notifications about the breach have already been sent out by credit monitoring and threat intelligence services. Although the stolen data is flawed, researchers warn that every data set attackers obtain can fuel scamming, cybercrime, and espionage when combined with other personal data compiled by criminals over the years.

"Each data breach is a puzzle piece, and bad actors and certain nations are collecting this data," Fowler says. "When combined systematically and organized in a searchable way, numerous breaches can provide a complete profile of individual citizens."
Read more »
Subscribe to: Posts (Atom)