Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label unauthorised access. Show all posts
unauthorised access
Cyber Fraud Financial crime Financial Loss Information Technology Online fraud Online Scam OTP unauthorised access

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.
Read more »
unauthorised access
AI Chatbots AI Tool Artificial Intelligence Chat GPT Cyber Security Encryption generative AI tools MFA Samsung Sensitive Information unauthorised access

Securing Generative AI: Navigating Risks and Strategies

The introduction of generative AI has caused a paradigm change in the rapidly developing field of artificial intelligence, posing both unprecedented benefits and problems for companies. The need to strengthen security measures is becoming more and more apparent as these potent technologies are utilized in a variety of areas.
  • Understanding the Landscape: Generative AI, capable of creating human-like content, has found applications in diverse fields, from content creation to data analysis. As organizations harness the potential of this technology, the need for robust security measures becomes paramount.
  • Samsung's Proactive Measures: A noteworthy event in 2023 was Samsung's ban on the use of generative AI, including ChatGPT, by its staff after a security breach. This incident underscored the importance of proactive security measures in mitigating potential risks associated with generative AI. As highlighted in the Forbes article, organizations need to adopt a multi-faceted approach to protect sensitive information and intellectual property.
  • Strategies for Countering Generative AI Security Challenges: Experts emphasize the need for a proactive and dynamic security posture. One crucial strategy is the implementation of comprehensive access controls and encryption protocols. By restricting access to generative AI systems and encrypting sensitive data, organizations can significantly reduce the risk of unauthorized use and potential leaks.
  • Continuous Monitoring and Auditing: To stay ahead of evolving threats, continuous monitoring and auditing of generative AI systems are essential. Organizations should regularly assess and update security protocols to address emerging vulnerabilities. This approach ensures that security measures remain effective in the face of rapidly evolving cyber threats.
  • Employee Awareness and Training: Express Computer emphasizes the role of employee awareness and training in mitigating generative AI security risks. As generative AI becomes more integrated into daily workflows, educating employees about potential risks, responsible usage, and recognizing potential security threats becomes imperative.
Organizations need to be extra careful about protecting their digital assets in the age of generative AI. Businesses may exploit the revolutionary power of generative AI while avoiding associated risks by adopting proactive security procedures and learning from instances such as Samsung's ban. Navigating the changing terrain of generative AI will require keeping up with technological advancements and adjusting security measures.

Read more »
Vulnerabilities and Exploits
China Data Privacy Laws Data protection geolocation Military Data Sensitive data unauthorised access Vulnerabilities and Exploits

China Launches Probe into Geographic Data Security

China has started a security investigation into the export of geolocation data, a development that highlights the nation's rising concerns about data security. The probe, which was made public on December 11, 2023, represents a major advancement in China's attempts to protect private information, especially geographic information that can have national security ramifications.

The decision to scrutinize the outbound flow of geographic data comes amid a global landscape increasingly shaped by digital technologies. China, like many other nations, recognizes the strategic importance of such data in areas ranging from urban planning and transportation to military operations. The probe aims to ensure that critical geographic information does not fall into the wrong hands, posing potential threats to the nation's security.

The official statements from Chinese authorities emphasize the need for enhanced cybersecurity measures, especially concerning data breaches that could affect transportation and military operations. The concern is not limited to unauthorized access but extends to the potential misuse of geographic information, which could compromise critical infrastructure and national defense capabilities.

"Geographic information is a cornerstone of national security, and any breaches in its handling can have far-reaching consequences," a spokeswoman for China's Ministry of Public Security said. In order to stop unwanted access or abuse, our objective is to locate and fix any possible weaknesses in the system."

International watchers have taken notice of the development, which has sparked concerns about the wider ramifications for companies and organizations that deal with geolocation data. Other countries might review their own cybersecurity regulations as a result of China's aggressive steps to bolster its data protection safeguards.

This development aligns with a global trend where countries are increasingly recognizing the need to regulate and protect the flow of sensitive data, particularly in the digital age. As data becomes a valuable asset with strategic implications, governments are compelled to strike a balance between fostering innovation and safeguarding national interests.

China's security probe into the export of geographic data signals a heightened awareness of the potential risks associated with data breaches. As the world becomes more interconnected, nations are grappling with the challenge of securing critical information. The outcome of China's investigation will likely shape future policies and practices in data security, setting a precedent for other countries to follow suit in safeguarding their digital assets.

Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
URL Shortener
CERT Critical Flaw cyber security agency DHS DNS attacks Domain Malicious actor Phising Attacks unauthorised access URL URL Shortener

PUMA Network: Unmasking a Cybercrime Empire

A massive cybercrime URL shortening service known as "Prolific Puma" has been uncovered by security researchers at Infoblox. The service has been used to deliver phishing attacks, scams, and malware for at least four years, and has registered thousands of domains in the U.S. top-level domain (usTLD) to facilitate its activities.

Prolific Puma works by shortening malicious URLs into shorter, more memorable links that are easier to click on. These shortened links are then distributed via email, social media, and other channels to unsuspecting victims. When a victim clicks on a shortened link, they are redirected to the malicious website.

Security researchers were able to track Prolific Puma's activity by analyzing DNS data. DNS is a system that translates domain names into IP addresses, which are the numerical addresses of websites and other devices on the internet. By analyzing DNS data, researchers were able to identify the thousands of domains that Prolific Puma was using to deliver its malicious links.

Prolific Puma's use of the usTLD is particularly noteworthy. The usTLD is one of the most trusted TLDs in the world, and many people do not suspect that a link with a usTLD domain could be malicious. This makes Prolific Puma's shortened links particularly effective at deceiving victims.

The discovery of Prolific Puma is a reminder of the importance of being vigilant when clicking on links, even if they come from seemingly trusted sources. It is also a reminder that cybercriminals are constantly developing new and sophisticated ways to attack their victims.

Here are some tips for staying safe from Prolific Puma and other malicious URL shortening services:

  • Be wary of clicking on links in emails, social media posts, and other messages from unknown senders.
  • If you are unsure whether a link is safe, hover over it with your mouse to see the full URL. If the URL looks suspicious, do not click on it.
  • Use a security solution that can detect and block malicious links.
  • Keep your web browser and operating system up to date with the latest security patches.

The security researchers who discovered Prolific Puma have contacted the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (DHS) about the service. Both agencies are working to take down Prolific Puma's infrastructure and prevent it from being used to launch further attacks.

Prolific Puma is not the first malicious URL-shortening service to be discovered. In recent years, there have been a number of other high-profile cases of cybercriminals using URL shortening services to deliver malware and phishing attacks.

The discovery of Prolific Puma is a reminder that URL shortening services can be abused for malicious purposes. Users should be cautious when clicking on shortened links, and should take steps to protect themselves from malware and phishing attacks.

Read more »
unauthorised access
Black Cat Confidential Data Cyber Security Law Enforcement Protocol Ransomware Attacks. Ransomware Groups Sensitive Information unauthorised access

Progressive Leasing Cyberattack: Sensitive Data Stolen

Progressive Leasing, a well-known company that specializes in product leasing, has unexpectedly become the victim of a devastating cyberattack that has resulted in the unauthorized collection of private data. The breach has prompted significant worry among its stakeholders and consumers, which the corporation revealed in an official statement. 

According to reports, the attack was carried out by a sophisticated ransomware group. The group, known for its aggressive tactics, managed to infiltrate the company's systems, gaining unauthorized access to a trove of confidential data. Progressive Leasing has since taken immediate action to contain the breach and enlisted cybersecurity experts' help to investigate the incident. 

According to the company's official statement: 

“Progressive Leasing recently experienced a cybersecurity incident affecting certain Progressive Leasing systems. Promptly after detecting the incident, we engaged leading third-party cybersecurity experts and launched an investigation. We also notified law enforcement. Our team is working diligently alongside our cybersecurity experts and with law enforcement to investigate and respond to this incident. Importantly, there has been no major operational impact to any of Progressive Leasing’s services as a result of this incident, and PROG Holdings’ other subsidiaries have not been impacted. The investigation into the incident, including identification of the data involved, remains ongoing.” 

The stolen information reportedly includes customers' details, financial records, and proprietary business data. This breach poses a significant threat to the privacy of individuals but also raises concerns about potential misuse of the company's internal information. 

The incident has prompted Progressive Leasing to reinforce its cybersecurity measures and invest in advanced protective technologies. The company is also working closely with law enforcement agencies to track down and hold the responsible parties accountable. 

Customers of Progressive Leasing are advised to remain vigilant and monitor their accounts for any suspicious activity. Additionally, the company has set up a dedicated helpline and support team to assist affected individuals in navigating this challenging situation. 

This incident is a sobering reminder of the vital importance of strong cybersecurity measures in the current digital environment. Companies need to be on the lookout for emerging security dangers and invest in cutting-edge security processes as they grow in sophistication and scope. Neglecting cybersecurity can have disastrous repercussions on both the targeted firm and the people whose sensitive information is in danger. 

Progressive Leasing's steadfast response in the wake of this assault highlights the company's dedication to safeguarding its clients' data. Businesses from all sectors are being strongly cautioned by this occurrence to address cybersecurity in an environment where connectivity is growing.

Read more »
unauthorised access
Artificial Intelligence ChatGPT Cybersecurity OpenAI unauthorised access

Cybercrooks Pirate OpenAI API Keys for GPT-4


The cybersecurity landscape is facing a new challenge as cybercriminals have successfully scraped OpenAI API keys, allowing them to pirate the highly anticipated GPT-4 (Generative Pre-trained Transformer) model. This development raises concerns about the potential misuse and unauthorized distribution of OpenAI's cutting-edge AI technology. 

The incident came to light when a developer exploited an API flaw, granting unauthorized access to the GPT-4 model. This flaw enabled free usage of the powerful language model, paving the way for its uncontrolled dissemination among cybercriminals and other malicious actors. 

The unauthorized access to GPT-4 poses significant risks to the security and integrity of OpenAI's intellectual property. With the model's capabilities, malicious actors can exploit it for various nefarious purposes, such as generating realistic-sounding deepfake content, spreading disinformation, or launching sophisticated phishing attacks. 

The implications extend beyond the potential misuse of GPT-4 itself. The scraping of OpenAI API keys raises concerns about the overall security of APIs and the protection of sensitive information. This incident highlights the importance of robust security measures, including strong access controls and regular vulnerability assessments, to prevent unauthorized access and potential breaches.

OpenAI has swiftly responded to the situation, revoking the compromised API keys and implementing additional security measures to prevent similar incidents in the future. However, the incident emphasizes the ongoing cat-and-mouse game between cybersecurity professionals and cybercriminals, as vulnerabilities may continue to be discovered and exploited. 

To address this growing threat, organizations and developers must prioritize security throughout the development and deployment of AI technologies. This includes implementing secure coding practices, regularly updating and patching systems, and conducting thorough security audits to identify and mitigate vulnerabilities. 

Additionally, industry collaboration is crucial in tackling the evolving landscape of AI-related cyber threats. OpenAI and other technology companies should work closely with cybersecurity experts, researchers, and policymakers to establish best practices, guidelines, and regulations to ensure the responsible and secure use of AI technologies. 

As the demand for advanced AI models continues to grow, it is imperative to strike a balance between accessibility and security. While OpenAI aims to make powerful AI technologies available to the public, it must also remain vigilant in protecting its intellectual property and preventing unauthorized access.
Read more »
unauthorised access
CISA & FBI Data Breach education sector Law Enforcement PaperCut Ransomware Attacks. Sensitive Data Leak unauthorised access

Bl00dy Ransomware Targets Education Orgs via PaperCut Flaw

The Federal Bureau of Investigation (FBI) has issued a warning about the Bl00dy ransomware gang targeting educational organizations through vulnerabilities in the popular print management software, PaperCut. The cybercriminals are exploiting a critical flaw in PaperCut to gain unauthorized access and launch ransomware attacks, posing a significant threat to the education sector.

The Bl00dy ransomware gang has been actively targeting schools and other educational institutions, taking advantage of the vulnerabilities in PaperCut's software. By exploiting this flaw, the attackers can gain unauthorized access to the system and deploy ransomware, encrypting critical files and demanding a ransom for their release.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have urged educational organizations to take immediate action to address this vulnerability and strengthen their security measures. It is crucial for educational institutions to promptly update and patch their PaperCut installations to protect against potential attacks.

The Bl00dy ransomware gang's targeting of the education sector is particularly concerning as schools and colleges hold sensitive data, including student records and financial information. The impact of a successful ransomware attack can be severe, leading to significant disruptions in educational services and potential data breaches.

To defend against such attacks, educational organizations must adopt a multi-layered approach to cybersecurity. This includes regularly updating and patching software and systems, implementing robust network security measures, and conducting regular backups of critical data. Additionally, user awareness training can help educate staff and students about potential threats and how to avoid falling victim to social engineering tactics.

The FBI and CISA have emphasized the importance of reporting any suspected or confirmed cyberattacks to law enforcement agencies promptly. Timely reporting can assist authorities in tracking and apprehending cybercriminals, while also providing valuable intelligence to help prevent future attacks.

The PaperCut vulnerability was used by the Bl00dy ransomware gang to extort money, underscoring the constantly changing nature of cyber threats and the necessity for ongoing monitoring. Prioritizing cybersecurity measures is essential as businesses continue to rely on digital systems and services to protect sensitive information and ensure smooth operations.

In order to effectively address risks and adopt cybersecurity measures, educational institutions must be proactive. The education sector may reduce the chance of falling victim to ransomware attacks and safeguard the integrity of their systems and data by being watchful, updating software, and working with law enforcement organizations.



Read more »
unauthorised access
Cyber Attacks cybercrime gang Data Stolen Dragos Dragos cybersecurity Dragos hacked Hacked SharePoint cloud platform unauthorised access

Dragos Hacked: Cybersecurity Firm Reveals “Cybersecurity Event”, Extortion Attempt


Industrial cybersecurity company Dragos  recently revealed a “cybersecurity event,” where a notorious cybercrime gang attempted to breach Dragos' defenses and access the internal network to encrypt devices.

The firm disclosed the incident on its blog on May 10, alleging that it took place on May 8 where hackers acquired access to SharePoint and the Dragos contract management system by compromising a new sales employee's personal email address before the employee's start date. The hacker then impersonated the employee to complete the first steps of Dragos' employee-onboarding procedure using the stolen personal information from the hack.

After infiltrating Dragos’ SharePoint cloud platform, the hackers apparently downloaded “general use data” and access 25 intel reports, generally only made available to the customers.

“Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure[…]No Dragos systems were breached, including anything related to the Dragos Platform,” the company noted. 

Due to role-based access control (RBAC) regulations, the threat actors were unable to access several Dragos systems during the 16 hours they had access to the employee's account, including its messaging, IT helpdesk, finance, request for proposal (RFP), employee recognition, and marketing systems.

Eleven hours into the attack, after failing to break into the company's internal network, they sent an email of extortion to Dragos executives. Because the message was sent after business hours, it was read five hours later.

Five minutes into reading the extortion message, Dragos disabled the compromised user account, terminated all open sessions, and prevented the hackers' infrastructure from accessing company resources.

The cybercriminal group also attempted to extort the firm by threatening to make the issue public in emails sent to CEOs, senior employees, and family members of Dragos who have public contacts.

One of the IP addresses specified in the IOCs is 144.202.42[.]216, earlier discovered hosting SystemBC malware and Cobalt Strike, both frequently used by ransomware gangs for remote access to compromised systems.

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos said.   

Read more »
zero-day
Anonymous Data Breach ICAN Italy Kali Linux PowerShell servers Software Trojan unauthorised access zero-day

Global Ransomware Attack Targets VMware ESXi Servers



Cybersecurity firms around the world have recently warned of an increase in cyberattacks, particularly those targeting corporate banking clients and computer servers. The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers, urging organisations to take action to protect their systems.

In addition, Italian cybersecurity firm Cleafy researchers Federico Valentini and Alessandro Strino reported an ongoing financial fraud campaign since at least 2019 that leverages a new web-inject toolkit called drIBAN. The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments, altering legitimate banking transfers performed by the victims and transferring money to an illegitimate bank account.

These accounts are either controlled by the threat actors or their affiliates, who are then tasked with laundering the stolen funds. The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that's capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim's own computer.

The operators behind drIBAN have become more adept at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Organisations need to be aware of these threats and take immediate action to protect their systems from cyberattacks. The ACN has reported that dozens of Italian organisations have been likely affected by the global ransomware attack and many more have been warned to take action to avoid being locked out of their systems.


Read more »
Subscribe to: Posts (Atom)