Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Warning. Show all posts

Experts Warn Criminals Could Exploit Jogging Apps for Targeting People

 

Experts caution that users of running apps should heighten their privacy settings to thwart potential stalkers and other malicious actors from accessing sensitive information regarding their activities. 

While platforms like Strava enable joggers and hikers to share route details and performance metrics with friends and followers, tech company Altia raises concerns about the possibility of criminals constructing a detailed profile of users' routines, including their start and end points, potentially exposing their home addresses. Altia advises users to review their security settings, ensuring that sensitive information isn't shared publicly by default and recommending a switch to private settings if necessary.

Highlighting the surge in stalking and harassment offenses, Altia underscores the significance of safeguarding personal data on fitness apps. These apps, utilizing GPS technology, can meticulously track users' movements, map out their routes, and gather various performance metrics, including pace, time, elevation gain, heart rate, and calories burned. 

With the popularity of apps like Strava soaring during the pandemic, Altia urges users to be vigilant, especially professionals in sensitive fields like security, law enforcement, banking, or the legal sector, who may inadvertently expose confidential information through their running activity.

Altia emphasizes the importance of maximizing app security settings and exercising caution regarding followers' activities and interactions. Users are advised to scrutinize their followers and assess whether their engagement seems genuine, as potential criminals could exploit the data for various purposes, including identifying secure or restricted locations like workplaces. 

By prioritizing privacy settings and remaining vigilant, users can mitigate the risk of their data falling into the wrong hands while enjoying the benefits of fitness-tracking apps safely.

UK Cybersecurity Agency Issues Warning: AI to Enhance Authenticity of Scam Emails

 

The UK's cybersecurity agency has issued a warning that artificial intelligence (AI) advancements may make it challenging to distinguish between genuine and fraudulent emails, particularly those prompting users to reset passwords. The National Cyber Security Centre (NCSC), affiliated with the GCHQ spy agency, highlighted the increasing sophistication of AI tools, such as generative AI, which can create convincing text, voice, and images based on simple prompts.

According to the NCSC's assessment of AI's impact on cyber threats, it anticipates a significant rise in cyber-attacks over the next two years. Generative AI, coupled with large language models like those powering chatbots, is expected to complicate the identification of various attack types, including phishing, spoofing, and social engineering.

The agency emphasized that by 2025, assessing the legitimacy of emails or password reset requests would become challenging for individuals, regardless of their cybersecurity expertise. Ransomware attacks, which have affected institutions like the British Library and Royal Mail, are also projected to increase. The NCSC pointed out that AI's sophistication lowers the entry barrier for amateur cybercriminals, enabling them to paralyze computer systems, extract sensitive data, and demand cryptocurrency ransoms.

Generative AI tools are already being used to create more convincing approaches to potential victims by crafting fake "lure documents" without typical errors associated with phishing attacks. While generative AI won't enhance ransomware code effectiveness, it will assist in identifying potential targets.

In 2022, the UK reported 706 ransomware incidents, compared to 694 in 2021, according to the Information Commissioner's Office. The NCSC warned that state actors likely possess enough malware to train AI models capable of creating new code that can evade security measures.

The report acknowledged AI's dual role, stating that it can also serve as a defensive tool by detecting attacks and designing more secure systems. In response to the rising threat of ransomware, the UK government introduced new guidelines, the "Cyber Governance Code of Practice," urging businesses to prioritize information security alongside financial and legal management.

Despite these measures, cybersecurity experts, including Ciaran Martin, the former head of the NCSC, have called for stronger actions. Martin emphasized the need for a fundamental shift in approaching ransomware threats, suggesting stronger rules on ransom payments and abandoning unrealistic notions of retaliatory measures.

Microsoft Defender Log4j Scanner Prompts False Positive Alarm


Microsoft Defender for Endpoint is presently displaying "sensor tampering" alarms for Log4j processes, which are related to the company's newly created Microsoft 365 Defender scanner.

Windows has been experiencing a variety of other alert difficulties with Defender for Endpoint since October 2020. This includes an alert that incorrectly identified Office documents as Emotet malware payloads, another that incorrectly identified network devices as Cobalt Strike infected, and still another that incorrectly identified Chrome upgrades as PHP backdoors. 

Microsoft 365 Defender not only unifies your perspective on security events across many advancements but also offers a slew of advanced connectivity and automation capabilities. 

This increases the effectiveness and viability of having a security investigator on staff. Microsoft has been working on the secret foundations for Microsoft 365 Defender for quite some time now, employing Microsoft 365 Defender will assist you with running inquiries that can recognize any or the entirety of the accompanying:

  •  Machines tainted with a particular payload.
  •  Altered letter drops.
  •  Malevolent action and the personalities in question. 
  • Weaknesses brought about by an uncovered CVE. 
Microsoft 365 Defender consolidates the telemetry and bits of knowledge drawn from the accompanying items: 
  • Microsoft Defender for Office 365 (recently known as Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (recently known as Azure Advanced Threat Protection) 
  • Microsoft Defender for Endpoint (recently known as Microsoft Defender Advanced Threat Protection) 
  • Microsoft Cloud App Security (MCAS) 
  • Purplish blue Identity Protection (AIdP) 

Microsoft 365 Defender brings all of these advancements together in a single security task center. You can see how Microsoft 365 Defender associates and provides information from these advancements in the control center, and you may use crucial automated exercises to address them. 

Although the behavior of this Defender process is categorized as malicious, there is no need to be concerned because these are false positives, as per Tomer Teller, Principal Group PM Manager at Microsoft, Enterprise Security Posture,

Microsoft is presently researching the Microsoft 365 Defender issue and working on a patch that should be available to affected PCs soon. "This is a result of our efforts to detect Log4J instances on disc." "The team is looking into why this is causing the warning," Teller further added. 

FBI Alerts: BEC Scammers are Posing as Construction Companies

 

The FBI has issued a warning to private sector enterprises about scammers masquerading construction companies in business email compromise (BEC) cyberattacks targeting firms in a variety of critical infrastructure sectors across the United States. 

BEC scammers utilize a variety of techniques (such as social engineering and phishing) to hijack or spoof business email accounts in order to redirect pending or future payments to bank accounts under their control. 

The alert was delivered to enterprises today via a TLP:GREEN Private Industry Notification (PIN) to assist cybersecurity professionals in defending against these ongoing threats. 

The instances are part of a BEC campaign that began in March 2021 and has already resulted in monetary losses ranging from hundreds of thousands of dollars to millions of dollars. 

The scammers use data collected from web services about the construction companies they spoof and the customers they're targeting to successfully carry out these BEC attacks. Local and state government budget data portals, as well as subscription-based construction sector data aggregators, are used to gather valuable data (e.g., contact information, bid data, and project prices). 

The attackers can modify emails to undermine the victim's business relationship with the construction contractors using the information they've gathered. The scammers send emails urging the victims to update their direct deposit account and automated clearing house (ACH) information to make the emails more convincing. The new account information leads to bank accounts controlled by criminals. 

To make sure the victims won’t be able to tell that the messages are fraudulent, they are sent using names that impersonate the contractors' actual sites and real corporate logos and visuals. 

Around $2 billion lost in 2020 BEC scams:

Between November 2018 and September 2020, the FBI warned of a new wave of BEC attacks increasingly targeting US state, local, tribal, and territorial (SLTT) government bodies, with losses ranging from $10,000 to $4 million. 

Microsoft discovered a large-scale BEC operation targeting over 120 companies last month that used typo-squatted domains registered just days before the attacks began. 

The FBI stated, "The FBI's Internet Crime Complaint Center (IC3) notes BEC is an increasing and constantly evolving threat as criminal actors become more sophisticated and adapt to current events. There was a 5 percent increase in adjusted losses from 2019 to 2020, with over $1.7 billion adjusted losses reported to IC3 in 2019 and over $1.8 billion adjusted losses reported in 2020." 

The FBI also warned last year that BEC scammers were using email auto-forwarding and cloud email platforms like Microsoft Office 365 and Google G Suite in their attacks.  

FBI Warns of PYSA Ransomware Attacks on Educational Institutions

 

The Federal Bureau of Investigation (FBI) has issued a warning notifying of an increase in PYSA ransomware attacks targeting educational institutions. While singling out educational institutions, the FBI notes the PYSA ransomware surge is also targeting government bodies, private firms, and the healthcare department in the US and the UK.

PYSA, also known as Mespinoza was first discovered in October 2019. It has the capability of exfiltrating and encrypting files and data, with the threat actors specifically targeting higher education, K-12 schools, and seminars. 

The advisory issued by the FBI stated: “These actors use PYSA to exfiltrate data from victims prior to encrypting victim’s systems to use as leverage in eliciting ransom payments. The cyber actors then exfiltrate files from the victim’s network, sometimes using the free opensource tool WinSCP5, and proceed to encrypt all connected Windows and/or Linux devices and data, rendering critical files, database, virtual machines, backups, and applications inaccessible to users.”

The attackers often use phishing and Remote Desktop Control (RDP) attacks for initial access to targeted networks and then use tools such as PowerShell Empire, Mimikatz, and Koadic to gain further access. They also gather and exfiltrate sensitive files from the victims’ networks, including personally identifiable information (PII), payroll tax information, and other types of data that could be used to force the victims to pay a ransom under the threat of leaking the stolen info.

The FBI researchers have also discovered Advanced Port Scanner and Advanced IP Scanner used by the attackers to conduct network reconnaissance. These are open-source tools that allow users to identify open network computers and discover the versions of programs on those ports. From there, threat actors are deploying various open-source tools for lateral movement. 

“Educational institutions are big targets for hackers as thousands of people’s sensitive information is potentially involved, and the substantial shift towards e-learning has made them even more appealing to hackers and ransomware. These attacks on schools can bring education to a halt while potentially exposing every student and teacher’s personal data within the organization. Parents are also targeted and may be coerced into paying ransom for personal information or school assignments if information falls into bad actors’ hands,” James Carder, CSO at LogRhythm stated.