now browsing by tag
The U.S. Navy issued a bulletin announcing that the widely used social app TikTok is now seen as a cybersecurity threat and will no longer be allowed on any government-supplied devices. Reuters reported that the bulletin, posted on a Facebook page used by military personnel, warned government members that any device with the TikTok app installed would be blocked from the Navy Marine Corps Intranet. TikTok is a highly popular video-sharing app owned by the Beijing company ByteDance, which is currently under a U.S. national security review. The Navy is the second U.S. military branch to flag TikTok after Army leadership instructed cadets not to use the app last month.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/us-navy-bans-tiktok-from-military-devices
The post #cybersecurity | #hackerspace |<p> US Navy Bans TikTok From Military Devices | Avast <p> appeared first on National Cyber Security.
View full post on National Cyber Security
2019 was filled with cybersecurity news, with fresh headlines every day of ransomware and data breaches, Internet of Things incidents and scam mobile apps. The bar for sheer weirdness was high. Here are a dozen stories that managed to clear it.
Forget thumb drives, meet the leg drive
A new device about the size of a pack of gum, called PegLeg is meant to be surgically inserted into your leg. Any Wi-Fi enabled device can access it, and the device can store hundreds of gigabytes of data. This would allow the embedded user to bootleg data into another country.
Ransomware victim hacks back
After paying his ransomware attacker 670 euros (about $747), Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key.
Crimes of the heart online
The FBI’s cybercrime report found that the second-costliest category of crime, behind only compromised business email, was confidence and romance fraud, with a 2018 cost of $363 million. The scams happened 18,493 times last year, the FBI reports – an average of more than 50 times a day.
Our music isn’t worth stealing
The band Radiohead has released 18 hours of previously unheard music after thieves threatened to release tracks unless the band paid them $150,000. The majority of the material, according to the band, is “only tangentially interesting. And very, very long.”
New cybercrime: Stealing school lunches
Keith Wesley Cosbey, CFO of California school lunch provider Choicelunch, was arrested in April on two felony counts — identity theft and unlawful computer access. The San Francisco Chronicle reported that law enforcement accused Cosbey of hacking into the network of longtime Choicelunch rival The LunchMaster, accessing sensitive student data including names, grades, meal preferences, and allergy info.
Happy birthday Facebook, your money’s no good
Facebook turned 15, celebrating the milestone with total monthly users of around 2.32 billion. The birthday and user base provided little protection from controversy. The social media giant announced its own digital currency, Libra, and experienced major pushback within hours as policymakers around the world voiced concerns it could heavily disrupt the global financial system.
Sleazy cop shut down and busted on the world stage
Germany fined a police officer $1,500 for looking up a driver’s mobile number using their license plate information and calling them for personal reasons.
Homeland security, eh?
For the last four fiscal years, the Department of Homeland Security continued to use unsupported systems, such as Windows XP and Windows Server 2003. Then-DHS Chief Information Officer Richard Staropoli summed up issues related to his cybersecurity management job by saying, “You can write this down and quote me: The problem is piss-poor management.”
The election couldn’t be hacked – and that was a fail
The U.S. government’s $10 million voting machine was supposed to be available for hackers to find security flaws at DefCon. An unexpected bug stopped the experiment from starting until the conference’s last day. More from CNET here.
Criminals use AI to impersonate CEO’s voice
A UK-based energy firm was scammed out of $243,000 when criminals targeted the company with an effective “vishing” campaign. Vishing is short for “voice phishing,” the tactic of tricking targets over the phone. This incident marked the first time AI-based voice fraud netted such a high payload, according to The Next Web.
FaceApp, the new fad and security threat that wasn’t
Remember FaceApp – the hot new app that turned out to be a big security risk? If that’s how you remember it, that’s understandable. It just isn’t true. Pop stars used it to look like senior citizens. Professional athletes made themselves unrecognizable. The “FaceApp challenge” became a thing in 2019 – until U.S. Sen. Chuck Schumer of New York, posted an alarming warning about the app message. Turns out, FaceApp had been around for two years – and had no new security issues.
Hacking Alexa and Siri with lasers
University of Michigan researchers demonstrated how to hack smart speakers via laser. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away.
The post #school | #ransomware | Weirdest Cybersecurity Stories Of 2019 | Avast appeared first on National Cyber Security.
View full post on National Cyber Security
The city of Pensacola, Fla. is recovering from a ransomware attack by the Maze group, which shut down the city the day after a shooting at its Naval Air Station. Maze, which has launched other recent U.S. ransomware attacks, told Bleeping Computer the attack was not related to the shooting, which is being investigated by the FBI as possible terrorism. “We did not know about this,” Bleeping Computer reportedMaze as saying. “It is just coincidence.”
The Florida panhandle city reported Thursday that it has recovered email and landline phone connections. Emergency services were not affected by the attack, which sought a $1 million ransom, Maze told Bleeping Computer.
On Monday Maze operators claimed responsibility for an attack against the wire and cable company Southwire, based in Carrollton, Ga., about 300 miles north of Pensacola. Last month Maze hit security staffing firm Allied Universal with another ransomware attack. “There is a wave of ransomware attacks targeting companies and institutions all over the world,” Avast Security Evangelist Luis Corrons said. “These attacks are so disruptive that many victims opt to pay the ransom, making this type of attack really profitable, and therefore the number of victims is growing every day.”
This week’s stat
Most people say they will get online for work over the holiday break – one-third say they will several times a day. Learn how to stay safe while working remotely.
Influencer gets 14 years for armed domain robbery scheme
The U.S. Department of Justice issued a press release announcing that Rossi Lorathio Adams II, a 27-year-old social media influencer in Iowa who goes by the online name “Polo,” has been sentenced to 14 years in federal prison for plotting an armed home invasion to coerce the owner of doitforstate.com to transfer the domain name. Adams recruited his homeless cousin Sherman Hopkins, Jr. to perpetrate the home invasion. The victim wrestled the gun from Hopkins hands, shot him, and called the police. Hopkins survived the shooting and was sentenced to 20 years in prison.
DoJ arrests 3 for BitClub Ponzi scheme
The U.S. Department of Justice has arrested three men for allegedly running a cryptocurrency Ponzi scheme that defrauded investors of $722 million. The men ran a company called BitClub Network, a membership-based organization that allowed users to buy shares of various crypto-mining pools. The DoJ says those pools never existed. Emails between the three BitClub owners revealed that they called their clients “idiots” and “sheep.” All three face charges that could result in prison time as well as fines up to $250,000. Read more on ZDNet.
This week’s quote
“Our business involves families’ babies, and our goal is for the food, experience, and cybersecurity to be healthy in every way.” – Melissa Blake, winner the Avast Sharks Startup Challenge for her company, Sweet Pea Spoons
Over 460,000 Turkish payment cards for sale on dark web
Researchers have spotted a mass batch of stolen credit card and bank card details from Turkey’s top ten banks. Sellers were offloading the card details at costs ranging from $1-$3 per card. The card records are known as “fullz,” which means they contain all pertinent info a user would need to make online payments with them, from name and street address to the CVV number. Read more on Bleeping Computer.
North Korea uses cybercrime-as-a-service
The notorious state-backed Lazarus Group in North Korea has deployed a new malware package created by the equally notorious TrickBot malware developers, Dark Reading reported. The revelation is part of a growing trend noted by cybersecurity experts, wherein national governments are more frequently using the services of common malware developers, even getting access to already infected systems that they can then compromise further. Researchers observed the Lazarus Group using the newly developed Anchor, a TrickBot-associated malware that specializes in stealth and data theft.
This week’s ‘must-read’ on The Avast Blog
Ever wonder about the three little numbers on your credit card – and who you shoiuld and shouldn’t disclose them to? Learn all about the card verification value (CVV).
750,000 applications for duplicate birth certificates exposed
A U.K. information security company discovered an unprotected Amazon Web Services bucket online filled with over 750,000 applications for duplicate U.S. birth certificates. The data belonged to a company which has not yet been named, but the information at risk included its customers’ contact information, past addresses, family names, and reasons for requesting the duplicate certificates. The oldest of the applications date back to 2017. Read more on TechCrunch.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.
The post #cybersecurity | #hackerspace |<p> Pensacola Hit with Ransomware Attack | Avast <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans In late November the Avast Threat Labs team discovered cyberattacks that exploited Brazilian users’ routers to send them to phishing pages designed to look like actual websites the victim wanted to visit. In this case, sites included Brazilian banking, and news sites, as well as Netflix. […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Analyst Discusses Reporting Hack Of Computer System At Indian Nuclear Reactor | Avast
Source: National Cyber Security – Produced By Gregory Evans This week a report of hackers gaining access to an Indian nuclear power plant’s computer network led to alarm, confusion, and denial before officials admitted the hack took place. The threat analyst who reported the issue experienced a unique vantage point in the middle of that […] View full post on AmIHackerProof.com