now browsing by tag


#cybersecurity | hacker | Cloud Infrastructure IAM Lessons from the Capital One Breach

Source: National Cyber Security – Produced By Gregory Evans Cloud infrastructure is the foundation of more companies than ever. As with any foundation, any crack can lead to significant damage to the infrastructure. One potential crack is a trusted identity with unnecessary and excessive privileges. A “trusted identity” is invariably associated with people — employees, […] View full post on

#infosec | US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach

Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on

#cybersecurity | #hackerspace | End-of-Life Devices Pose Data Breach Risk

Source: National Cyber Security – Produced By Gregory Evans End-of-life devices not properly sanitized of data can cause compliance issues and make corporate data vulnerable GDPR, CCPA and the rest of the alphabet soup of privacy laws should have organizations looking more deeply at how and where they store and use data. While most companies […] View full post on

#nationalcybersecuritymonth | Pollies to face phishing tests after Parliament breach – Strategy – Security

Source: National Cyber Security – Produced By Gregory Evans Parliamentarians and their staff will be subject to phishing email simulations in the wake of the state-sponsored cyber attack against Parliament House earlier this year. The Department of Parliamentary Services will conduct the simulations as part of a new program to test the cyber security awareness […] View full post on

#infosec | Magento Marketplace Breach Exposes User Details

Source: National Cyber Security – Produced By Gregory Evans

Users of one of the world’s most popular e-commerce marketplaces have been informed that their account information may have been stolen after a data breach at the firm.

The Adobe-owned Magento Marketplace offers thousands of free and premium extensions and themes for users to customize online stores built on the open source platform for e-tailers.

However, the Magento team “became aware of” a vulnerability in the marketplace on November 21, according to a brief statement from Jason Woosley, vice-president of commerce product & platform in Adobe’s experience business.

“We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services,” he continued. “We have notified impacted Magento Marketplace account holders directly.”

In an email to affected customers, Magento Marketplace support described the vulnerability as allowing an unauthorized third party to access information including: name, email, MageID, billing and shipping address and phone number, and “limited commercial information.”

Although no passwords or financial information were disclosed, the haul would still allow scammers to attempt follow-on phishing or identity fraud.

It’s unclear how many users were affected, but Woosley claimed the Magento Marketplace is “the largest open source community in e-commerce.”

Magento is no stranger to security incidents: many of the infamous Magecart digital skimming attacks are designed to harvest card data from companies running implementations. In fact, Magento was forced to patch over 30 bugs in an urgent security update earlier this year.

One security company warned earlier this month that slated end-of-support for Magento 1, which powers around 12% of the world’s e-commerce sites, could provide hackers with even more opportunities to target exposed sites.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Magento Marketplace Breach Exposes User Details appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Why Cybersecurity Breach Survivors are Valued Assets

Source: National Cyber Security – Produced By Gregory Evans

Guest article By Ewen O’Brien, VP of Enterprise, EMEA at BitSight

No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organisation against future threats.

The report reveals that just over half of the 3,000 CISOs surveyed believe that learning from failure is incredibly valuable and a vital part of improving corporate cybersecurity postures. Indeed, these professionals may very well be your company’s best line of defence in the face of a potential cyberattack.

The Value of “Cybersecurity Breach Survivors”
Security professionals who have lived through an avoidable breach possess a unique mindset. They are less likely to experience burnout, are less indifferent to their work, less likely to think about quitting their job, feel less personally responsible for an incident, and are more likely to share their learning experiences. Cybersecurity breach survivors also have the first-hand experience of what works on the frontlines of security performance management and what doesn’t and are well versed in crisis management, recovery procedures, and team focus.

Furthermore, cyberattack veterans have unique perspectives on cybersecurity risk management. They understand that risk mitigation requires more than the right tools and technology. Unless an organisation takes a risk-based view of security, where all stakeholders (not just IT) understand the inherent threat of doing business in a digital world, then all the firewalls, endpoint protection, and other security measures won’t help.

Sharing Insights About Cybersecurity Breaches: The Best Defence
Unfortunately, while many businesses tend to extol the virtues of openness and information-sharing, cybersecurity remains a taboo subject for many. Cyber breaches are treated like a scarlet letter, and security teams are often hesitant to share information or discuss vulnerabilities that led to breaches and lessons learned from those incidents.

That might be why security professionals who’ve “been there and done it” remain unfortunately tight-lipped about their experiences. The Symantec/Goldsmiths study shows that 54% of respondents don’t discuss breaches or attacks with their industry peers, with 36% fearing that sharing this information could impact their professional reputation and career prospects.

This new report flips that thinking on its head, and boldly asserts several best practices: that these learnings should be shared, that company boards should foster a more open learning culture for security teams, and that data breach survivors should be at the top of your company’s list of hiring priorities.

Indeed, sharing experiences is critically important, especially since everyone in the company must be involved in protecting the organisation. The cybersecurity skills shortage mandates that everyone, from the CEO on down, needs to take responsibility.

Not adhering to this policy can yield some sobering results. The average cost of a cyber breach has now reached $4.6 million per incident. But the impact extends beyond potential financial and reputational ruin. Security teams are also feeling the burn with 51% of tech executives experiencing cybersecurity burnout and stress-related illnesses as a result of cyberattacks, breaches, and outages.

Experience with Vulnerabilities Can Strengthen Security Performance Management 
We’re all vulnerable about our vulnerabilities. But cybersecurity professionals who have witnessed an attack first-hand should be applauded, not vilified. And they should feel confident that their experience can help their organisations be better prepared for the future. Their experiences–and the knowledge they’ve gained from those experiences–can be used to bolster security performance management and create a formidable front against potential threats.

*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Why Cybersecurity Breach Survivors are Valued Assets <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Takeaways from the $566M BriansClub Breach

Source: National Cyber Security – Produced By Gregory Evans

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.

In September, an anonymous source sent KrebsOnSecurity a link to a nearly 10 gb set of files that included data for approximately 26 million credit and debit cards stolen from hundreds — if not thousands — of hacked online and brick-and-mortar businesses over the past four years.

The data was taken from BriansClub, an underground “carding” store that has (ab)used this author’s name, likeness and reputation in its advertising since 2015. The card accounts were stolen by hackers or “resellers” who make a living breaking into payment card systems online and in the real world. Those resellers then share the revenue from any cards sold through BriansClub.

KrebsOnSecurity shared a copy of the BriansClub card database with Gemini Advisory, a New York-based company that monitors BriansClub and dozens of other carding shops to learn when new cards are added and when existing inventory is removed (sold).

Gemini estimates that the 26 million cards — 46 percent credit cards and 54 percent debit cards — representing almost one-third of the existing 87 million credit and debit card accounts currently for sale in the underground.

“While many of these cards were added in previous years, more than 21.6 million will not expire until after October 2019, offering cybercriminal buyers ample opportunity to cash out these records,” Gemini wrote in an analysis of the BriansClub data shared with this author.

Cards stolen from U.S. residents made up the bulk of the data set (~24 million of the 26+ million cards), and as a result these far more plentiful cards were priced much lower than cards from banks outside the U.S. Between 2016 and 2019, cards stolen from U.S.-based bank customers fetched between $12.76 and $16.80 apiece, while non-U.S. cards were priced between $17.04 and $35.70 during the same period.

Image: Gemini Advisory.

Unfortunately for cybercrime investigators, the person who hacked BriansClub has not released (at least not to this author) any information about the BriansClub users, payments, vendors or resellers. [Side note: This hasn’t stopped an unscrupulous huckster from approaching several of my financial industry sources with unlikely offers of said data in exchange for bitcoin].

But the database does have records of which cards were sold and which resellers (identified only by a unique number) supplied those cards, Gemini found.

“While neither the vendor nor the buyer usernames appeared in this database, they were each assigned ID numbers,” Gemini wrote. “This allowed analysts to determine how prolific certain threat actors were on BriansClub and derive relevant metrics from this data.”

According to Gemini, there were 142 resellers and more than 50,000 buyers of the card data sold through BriansClub. These buyers purchased at least 9 million of the 27.2 million cards available.

Image: Gemini Advisory

One reseller in particular (ID: 174,829) offered just shy of 6 million records, posted for $106 million. Of those, almost 940,000 were sold, grossing over $16 million in profits shared between BriansClub and the reseller. In the quote below, a “base” refers to a distinct batch of freshly-stolen card data uploaded to BriansClub.

“For context, the collective price for the entirety of exposed BriansClub records was $566 million, while the total dollar amount of all sold records exceeded $162 million,” Gemini noted. “The top 20 buyers bought 5% of the entire set of records in this shop, while the top 100 buyers accounted for 11%. The shop had a total of 11,000 bases, with most vendors uploading multiple bases.”

Image: Gemini Advisory

All the 26 million+ card records leaked from BriansClub were shared with multiple trusted sources that work directly with financial institutions to inform them when their customers’ cards go up for sale in the cybercrime underground.

Banks at this point basically have three options. Ignore the report and hope for the best. Cancel the card and reissue. Or monitor the card more closely and place tighter fraud controls on that account.

But here’s the thing: Not all banks got the data at the same time. The larger banks got it first and largely shrugged. At least according to anti-fraud sources at two large U.S.-based financial institutions: Their anti-fraud teams had already identified 90-95 percent of the cards as potentially compromised in one of hundreds of breaches since 2015, mostly those involving malware inside point-of-sale payment terminals.

The sources I spoke with at smaller financial institutions found out about the cards they’d issued to customers that wound up in the BriansClub database by receiving alerts last week from Visa and MasterCard. Most of those sources seemed genuinely surprised at the number of cards exposed, and two sources at different credit unions each estimated they were previously unaware of about 80 percent of the cards listed in the alerts from the credit card companies.

Also, smaller financial institutions are far more likely to eat the cost of re-issuing cards at risk of fraudulent use than are larger institutions, which typically have much a higher tolerance for financial losses from counterfeit card fraud. So far, however, there is no evidence this flood of card data intelligence to the banking sector is causing much of stampede for re-issuing cards.

Visa maintains that smaller financial institutions receive the same alerts sent to larger banks about cards thought to be exposed in specific breaches. The alerts include cards specific to each bank, but smaller banks are often limited in the resources they have available to do much with the reported card data, aside from re-issuing the card.

Gemini CEO and co-founder Andrei Barysevich said so far the feedback from the banks has been all over the place.

“While the larger US banks told us that most of the cards have been previously flagged as compromised, the mid and small size financial institutions were caught completely off-guard,” he said. “As to the European and Asian banks, to them the data was mostly new, in some cases upwards of 60% of cards were still open and active.”

I thought perhaps the card associations could provide some meta-statistics on the BriansClub dump, but also those hopes were dashed. MasterCard did not respond to requests for comment. Visa declined to share any information related to the BriansClub database (even though they got it indirectly courtesy of Yours Truly), but issued the following statement:

“As part of our core mission to ensure security across the payment system, we are very aware of carder forums and other criminal enterprises. Visa continuously invests in intelligence and technology to detect cyber threats and works with law enforcement, clients and other partners, to mitigate and disrupt such threats.

“Whenever we discover compromised account information, Visa uses its payment intelligence and investigative capabilities to determine the source. We also work with our financial institution clients to provide card issuers with the compromised account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, by reissuing cards. Incidents such as these reinforce the need for secure technologies such as chip and tokenization to devalue account information so that even if stolen, data cannot be leveraged for fraud.””

Gemini found that exactly two-thirds of the stolen cards (66.6 percent) siphoned from BriansClub were Visa-branded, and 23 percent MasterCard. A full 85% of the total records were EMV (chip) enabled, with the remaining 15% using only a magnetic stripe.

One final note: Gemini report also challenges claims made by the administrator of BriansClub, namely that he removed the breached cards from his online store and that the data leak stemmed from a breach in February as his site’s data center.

The BriansClub admin, defending the honor of his stolen cards shop after a major breach.

“While the administrator of BriansClub, operating under the moniker ‘Brian Krebs,’ claimed that the breach took place in February 2019, this appears to be false,” Gemini observed in its report. “The number of records from South Korea corresponds to a previous spike in South Korean records that occurred from March 2019 through July 2019. If BriansClub were breached in February, the South Korean-issued cards would number under 10,000 rather than over 1 million.”

The report continues:

“This threat actor also claimed to have removed the compromised records from the shop. Gemini has found this claim to be false as well. Since BriansClub offers a ‘checker service’ for all purchased records to determine whether compromised payment cards are still open, it may be unnecessary to remove the cards. The shop likely assumes that even if the banks received the compromised card data from this breach, they are unlikely to close down and reissue every single card.”

*** This is a Security Bloggers Network syndicated blog from Krebs on Security authored by BrianKrebs. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Takeaways from the $566M BriansClub Breach <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Data breach causes 10 percent of small businesses to shutter

Source: National Cyber Security – Produced By Gregory Evans Data breaches hitting massive entities like Equifax, Facebook and Target grab headlines, but the impact on small businesses is just as severe with attacks causing bankruptcy or even forcing a firm to shutter its doors. A report issued by the National Cyber Security Alliance, based on […] View full post on

What the #Eir #breach and #GDPR can teach us about #multilayered #data #security

Source: National Cyber Security – Produced By Gregory Evans

Amit Parbhucharan analyses the recent Eir data breach and what it says about the state of GDPR at this early point in its tenure.

Recently, Irish telecommunications company Eir experienced a data breach event in which the theft of a staff member’s laptop resulted in the potential exposure of personal data belonging to 37,000 of its customers. While the laptop itself remained password-protected, the data on it was wholly unencrypted having unfortunately been stolen during a window of time in which a faulty security update from the previous working day rendered the device decrypted and vulnerable.

Because the computer held customer data that included specific names, email addresses, phone numbers and other legally protected data, Eir followed the procedure dictated by the General Data Protection Regulation (GDPR) that went into effect on 25 May, reporting the incident to the Irish Data Protection Commissioner.

‘Portable devices with access to sensitive data will always be an area of potential data breach risk to organisations, and the worst-case scenarios can and will occur’

GDPR introduced data privacy regulations requiring companies to meet specific standards when handling the personal data of EU citizens and residents, including the responsibility to notify the information commissioner’s office within 72 hours of discovering a data breach. GDPR is enforced through steep penalties for non-compliance, which can reach as high as the greater of €20m or 4pc of a business’s total worldwide revenue for the previous year.

However, GDPR regulators will consider an enterprise’s organisational and technological preparedness, and intentions to comply when judging whether such penalties are necessary.

Risky human behaviour

It appears that Eir did many things right in its data breach response. The company demonstrated its established capability to recognise the breach and to report it promptly.

That said, data was still put at risk. Laptops and other such portable devices with access to sensitive data (phones, USB drives etc) will always be an area of potential data breach risk to organisations, and the worst-case scenarios can and will occur. Loss and theft are facts of life, as are other high-risk circumstances that can be much more difficult to anticipate.

In one odd case from our experience, a resident of an in-patient healthcare organisation actually threw a laptop containing protected health data out of a window due to frustration that those devices were for staff use only. A technician deployed to site to understand why the laptop wasn’t online discovered it near the street, where it lay for hours before (luckily, that time) being recovered.

Obviously, wild circumstances like these are unforeseen, but they need to be prepared for nevertheless. There are also those cases where an employee’s lapse in judgement opens the possibility for dire consequences. Laptops get left unattended during credentialed sessions, passwords get written on sticky notes for convenience and stolen along with devices. To ‘Eir’ is human, if you’ll excuse the pun, and small windows of risk too often turn into major (and costly) incidents.

Beyond encryption

This is why organisations need to implement robust, layered data security strategies such that devices have more than one line of defence in place when challenges pop up. Encryption is essential to protecting data, and should serve as the centrepiece of any data security strategy – GDPR compliance requires as much.

But measures must also go beyond encryption. Employee training in secure practices is certainly another critical component to a successful execution. Similarly, capabilities such as those that enable remote data deletion when a device is out of hand offer a reliable safeguard in those circumstances where encryption is rendered ineffective.

‘Each effective layer of data security in place beyond encryption demonstrates a genuine commitment to protecting individual privacy’

Ensuring the security of customer data has always been critical to protecting an organisation’s reputation and maintaining customer trust – GDPR only raises those stakes.

In the unfortunate event that a data breach must be reported under GDPR, and regulators conduct an official audit, each effective layer of security in place beyond encryption demonstrates a genuine commitment to protecting individual privacy. That commitment serves as a positive factor in the eyes of both those auditors and the public who must continue to trust the organisation with their data going forward.

By Amit Parbhucharan

Amit Parbhucharan is general manager of EMEA at Beachhead Solutions, which provides cloud-managed PC and mobile device encryption, security, and data access control for businesses and managed service providers.


The post What the #Eir #breach and #GDPR can teach us about #multilayered #data #security appeared first on National Cyber Security .

View full post on National Cyber Security

9 in 10 #Canadian Companies suffered at least one #cyber security #breach last #year

Source: National Cyber Security News

Canadian companies face almost constant cyber security threats, resulting in a rising number of incidents where sensitive data is stolen, according to the findings of a new study from Scalar Decisions Inc. of more than 420 Canadian IT and security workers.

Released today, the 2018 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that Canadian organizations are attacked in varying degrees of severity more than 450 times per year, with 87% suffering at least one successful breach. Almost half (46%) are not confident in their ability to defend against attacks.


“As cyber security breaches become the new normal, organizations can’t be complacent. Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Chief Security Architect, Scalar Decisions. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”

The study, examining the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, also found:

  • Of the companies that suffered a security breach, 47% had sensitive data stolen.

    Read More….

View full post on National Cyber Security Ventures