now browsing by tag


Russian group #hacked German #government’s secure #computer #networks

Source: National Cyber Security News

A Russian-backed hacker group known for many high-level cyber attacks was able to infiltrate the German government’s secure computer networks, the dpa news agency reported Wednesday.

Dpa cited unidentified security sources saying the group APT28 hacked into Germany’s foreign and defence ministries and managed to steal data.

The attack was noticed in December and may have lasted a year, dpa reported.

The Interior Ministry said in a statement that “within the federal administration the attack was isolated and brought under control.” The ministry said it was investigating.

A spokesman wouldn’t give further details, citing the ongoing analysis and security measures being taken.

“This case is being worked on with the highest priority and considerable resources,” the ministry statement said.

APT28, which has been linked to Russian military intelligence, has previously been identified as the likely source of an attack on the German Parliament in 2015, as well as on NATO and governments in eastern Europe.

Also known by other names including “Fancy Bear,” APT28 has also been blamed for hacks of the U.S. election campaign, anti-doping agencies and other targets.

Read More….


View full post on National Cyber Security Ventures

The #Trick To #Winning At #Cybersecurity? Expect To Get #Hacked

Source: National Cyber Security News

When the ATM started spewing cash at the Citizens Bank in Cromwell, Conn. on Jan. 27, it was no freak mechanical accident.

Instead, this is one of the first instances in the U.S. of so-called “jackpotting,” where thieves attempt to hack into ATMs by installing malware, causing money to fly out spontaneously. That day, Cromwell Police officers arrested two men who were found near an ATM as it was dispensing $20 bills — the suspects allegedly possessed more than $9,000 in $20 bills, according to the U.S. Attorney’s Office in the District of Connecticut. And while it may sound like a scene lifted from a Hollywood caper, it is no anomaly: the U.S. Secret Service reportedly warned about this new technological capacity in the U.S. last month, previously seen overseas. Other instances have been reported in Hamden and Guilford, Conn. as well as Providence, Rhode Island.

These are some of the latest examples of one of the growing worries of our increasingly interconnected and wired world. Just ask Dr. Eric Cole. Cole is a former member of the Commission on Cyber Security and chief technology officer of McAfee, whose mounting concerns about risks to consumers prompted him to write his new book Online Danger:

Read More….


View full post on National Cyber Security Ventures

1.4 #billion #hacked #passwords leaked #online, now you’re at #risk

Source: National Cyber Security – Produced By Gregory Evans

Staying protected from cybercriminals is something everyone needs to stay on top of now that we’re living in a digital world. New data breaches, malware and phishing scams are popping up constantly.

Having sensitive information fall into the hands of criminals is the last thing that we need. You definitely don’t want your identity stolen or hackers having access to your bank accounts.

Unfortunately, a massive archive of stolen credentials was recently discovered online that could put you at risk.

Have your credentials been exposed?

Security researchers at 4iQ recently discovered a 41GB archive that contains more than 1.4 billion stolen user credentials. The credentials, including passwords, are unencrypted on the Dark Web.

The database includes email addresses, passwords and usernames. This isn’t actually a new data breach, it’s a collection of information that had been stolen in previous data breaches.

Researchers who discovered the file said, “While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials–the largest aggregate database found in the dark web to date.”

More than 250 previous data breaches contributed to this collection of stolen credentials. The stolen information was well organized, even indexed alphabetically by the criminal who put it together.

Anytime there is a massive data breach, there are steps that you need to take to make sure your information is secure. Keep reading for suggestions.

Change your password

Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites, which is a bad idea.

If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.

Keep an eye on your bank accounts 

You should already be frequently checking your bank statements, looking for suspicious activity. It’s even more critical when sensitive information has been exposed through a data breach.

If you see anything that seems strange, report it immediately. It’s the best way to keep your financial accounts safe.

Set up two-factor authentication 

Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.

Investigate your email address 

This is a critical step and it will only take a few seconds of your time. You need to find out if your credentials are part of any recent data breach. The best way to find out if you’re impacted is with the Have I Been Pwned website. 

It’s an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest breaches. You can even set up alerts to be notified if your email address is impacted in the future.

Beware of phishing scams 

Scammers will try and piggyback on data breaches like this. They will create phishing emails, hoping to get victims to click on malicious links that could lead to more problems. You need to familiarize yourself with what phishing scams look like so you can avoid falling victim to one.


When our PCs work normally, we sometimes take them for granted. We recklessly fill up our hard drives with data, download files, install applications and browse the web as we please. But of course, all it takes is one installation of a malicious application to ruin your PC and worse, have all your information stolen.

The post 1.4 #billion #hacked #passwords leaked #online, now you’re at #risk appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.


Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Do you have a #jailbroken #Apple TV running #Kodi? You are in #danger of being #hacked!

Source: National Cyber Security – Produced By Gregory Evans

The Apple TV has long been a wonderful device for consuming media on your big-screen television. From video to music, it is a great experience. Some people weren’t satisfied with the default functionality, however, opting to jailbreak Apple’s media box. In fact, the jailbroken Apple TV 2 was one of the most popular XBMC/Kodi boxes for this reason.

Are you running one of those jailbroken Apple TV 2 devices? You should be worried then. You see, as the folks over at TVAddons warn, the jailbreak process installed OpenSSH by default. This means your network could be compromised by the fairly outdated media box. A hacker only needs your ip address to attack you.

“Under normal circumstances, most people are aware of the need to set a strong password on their computer. However, in this circumstance, most users aren’t aware that their jailbroken Apple TV 2 is a computer that can be programmed for any purpose. Anyone who gains access to your insecured [sic] jailbroken Apple TV 2 device could run code to do things like send spam, DDoS, or even infiltrate your phone and personal computer,” says TVAddons.

The group also says, “Who’s to blame? We hate to say it, but the company behind the popular Seas0npass jailbreak for Apple TV 2 should have known better. For years Firecore distributed what was the only method of jailbreaking the Apple TV 2, and knowingly chose to include OpenSSH with the jailbreak. They should have seen this coming, and given the user the chance to change the SSH password at the time of jailbreak. Instead they likely turned a blind eye in order to make things simple for the average joe, to whom they also tried to upsell other premium apps.”

Before you get too scared, just know that disconnecting the jailbroken Apple TV 2 from your network will take away the threat. In other words, if you don’t use it, just get rid of it — it is outdated anyway. If you are still using it, however, you can just change the default root password to secure yourself — easy peasy.

The post Do you have a #jailbroken #Apple TV running #Kodi? You are in #danger of being #hacked! appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pacemakers and #patient #monitors can be #hacked in seconds, #San Diego experts discuss #threat

Source: National Cyber Security – Produced By Gregory Evans

 San Diego cyber security expert Ted Harrington with Independent Security Evaluators invited us to his Downtown office to see how quickly and easily he and his colleagues demonstrate successful hacks of modern medical devices. Medical devices like pacemakers and patient monitors are some of the newest vulnerabilities to cyber attack in the healthcare industry.

The threat hits home. According to the California Life Sciences Association, the state has more medical device jobs that anywhere in the nation, with 74,000 employees. A total of 7,700 of them are based in San Diego.

San Diego is a city that’s no stranger to malicious software or “malware” assaults on the medical sector. Last year, the 306-bed Alvarado Medical Center had its computer system affected by what it called a “malware disruption”. The hospital briefly considered doing an on-camera interview with us about the security changes that have been implemented since the incident, but then it backed out.

The hospital spokesperson cited in part, “A careless slip during an interview can reveal possible [vulnerabilities] in our ‘armor’ that a hacker can take advantage of.”

Also last year, nearby Hollywood Presbyterian Medical Center made headlines when it paid a $17,000 ransom to the hacker who froze its computer system for several days.

“Healthcare is attacked more than any other industry because that’s where the money is,” writes prominent cybersecurity company Sophos in its SophosLabs 2018 Malware Forecast report.

A records check on the U.S. Department of Health and Human Services’ Office of Civil Rights website shows a total of thirteen California healthcare facilities that are currently under investigation for reported hacks.

Now, the threat to patient privacy could be challenged by a threat to patient safety.

Harrington and his team connected my finger to a sensor that was attached to a patient monitor. My healthy vitals were displayed on the patient monitor screen and on the screen representing a nurse’s computer.

In a real-world setting, that nurse’s computer would be in a different room from the patient and his or her monitor. 10News Reporter Jennifer Kastner was asked to remove my finger from the sensor, to make it look like she was flat-lining, but Harrington and his team hacked the nurse’s computer in seconds to make the nurse’s computer show that she was still healthy.

He and his team also showed us they could hack a patient’s displayed blood type.

“If the physician thinks the patient is a certain blood type and orders a transfusion of a different blood type, that directly hurts the patient. It would most likely result in a fatality,” says Harrington.

In October, the FBI put out a warning about the growing concern over cyber criminals targeting unsecured “Internet of Things (IoT)” devices, including medical devices like wireless heart monitors and insulin dispensers.

Years ago, it was reported that former Vice President Dick Cheney had his pacemaker altered to prevent an assassination attempt.

“We can’t bury our heads in the sand anymore. These types of medical cybersecurity vulnerabilities are going to become commonplace,” says Dr. Christian Dameff with UC San Diego Emergency Medicine.

Dameff is also a self-described hacker. Despite the FDA’s claim that there aren’t any known cases of patients’ devices getting hacked, Dameff believes attacks have happened and they were likely accidental, but never got reported.

“These devices in our systems are not well equipped to even discover these types of attacks,” he said. “It’s essentially like asking a toaster to figure out if your house has been hacked. They’re just not designed to find out.”

The experts we spoke to want to make it clear that while there’s a threat of cyber attacks on medical devices, the likelihood of it happening to the average patient is low. They urge people to stay mindful of the risks and talk to their healthcare providers about solutions.

The post Pacemakers and #patient #monitors can be #hacked in seconds, #San Diego experts discuss #threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Source: National Cyber Security – Produced By Gregory Evans

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Hackers have once again targeted Verticalscope, a Canadian firm that manages hundreds of popular web discussion forums with over 45 million user accounts. The breach has compromised at least 2.7 million user accounts. The Toronto-based company runs a network of support forums and online community websites catering to a wide range of interests, from outdoor and automotive to sports and technology.

In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource.com.

The latest breach impacted six websites, including Toyotanation.comJeepforum.com – the company’s second-most popular website – and Watchuseek.com, security expert Brian Krebs first reported.

Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.

Holden initially suspected that a nefarious actor was just trying to resell data stolen in the 2016 breach.

“That was before he contacted one of the hackers selling the data and was given screen shots indicating that Verticalscope.com and several other properties were in fact compromised with a backdoor known as a ‘Web shell’,” Krebs wrote. “With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account.”

The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope’s website and Toyotanation.com, one of the company’s most popular forums.

Krebs reported that a simple search on one of Verticalscope’s compromised domains led to a series of Pastebin posts that have since been deleted “suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB”.

“Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address,” Krebs noted. “The first search is free, but viewing results requires purchasing a subscription for between $5 and $400 in Bitcoin.”

“The intrusion granted access to each individual website files,” Verticalscope said in a statement to Krebs. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.”

The company did not provide any details regarding when and how the attack took place or who carried out the hack. IBTimes UK has reached out to Verticalscope for further details.

The post Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

Source: National Cyber Security – Produced By Gregory Evans

Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps

A bevy of mobile dating apps including the infamous Tinder, have vulnerabilities that could reveal a user’s messages and the people they have viewed in the apps.

Researchers from security firm Kaspersky Lab found that it was very easy to effectively online stalk Tinder, Bumble and Happn users due to the amount of information the apps display about their users, such as jobs and education, as well as linking to easily accessed Instagram accounts.

With this data, the researchers found that in 60% of cases, they were able to find a user’s social media profile on sites such as Facebook and LinkedIn, which reveal the person’s full or real name.

Furthermore, stalkers with a bit of technical nous and plenty of time on their hands can use location based apps like Tinder and Happn to work out a user’s exact location.

“Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the researchers explained.

“This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.”

But more alarming still is that in a clutch of dating apps data flowing between them and the social media sites they connect to in order to authenticate user’s, mainly Facebook, is vulnerable to interception.

Authentication tokens from Facebook can be stolen by hackers and used to gain access to the victim’s dating app account. From there the hackers can access messages and other user-specific content and activities.

“In addition, almost all the apps store photos of other users in the smartphone’s memory. This is because apps use standard methods to open web pages: the system caches photos that can be opened. With access to the cache folder, you can find out which profiles the user has viewed,” the researchers added.

This situation isn’t helped with some of the apps found to be transmitting unencrypted sensitive data, for example Mamba transmits message data in an unencrypted format.

Kaspersky Lab has alerted the app makers, who should move to fix the vulnerabilities, but in the meantime the researchers suggest users of dating apps don’t put their job or place of work on their profiles and avoid unsecured public Wi-Fi networks.


The post Tinder hacked? #Scary #security #flaws discovered in #raft of popular #dating apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Was Equifax Hacked Again?

Source: National Cyber Security – Produced By Gregory Evans

Was Equifax Hacked Again?

While Equifax continues to deal with the fallout of the massive data breach it announced in September, a security expert is raising fears that the consumer credit rating agency might have another security problem on its hands.

Independent security analyst Randy Abrams says the site redirected some visitors to download a fraudulent update for Adobe Flash that, when clicked, would infect the user’s computer with Malware. (Fortune was unable to reproduce the steps that caused the ‘update’ to appear on Thursday morning.)

Abrams, who says he encountered the spyware three times on Wednesday, posted a video warning people what to look out for.

When users attempted to contest incorrect information on their credit report, the site redirected them to an unfamiliar URL, which prompted the update.

The Flash “update” was actually a file called MediaDownloaderIron.exe, which was infected with Adware.Eorezo, an adware program that only sounds alarms on three of the leading virus scanners.

Equifax, in a statement, said they were aware of the matter and have taken the page offline.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” said a spokesperson. ” Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

The September breach at Equifax exposed the personal data of nearly half the country. It has spawned class-action lawsuits and Congressional investigations, but many have criticized the company’s response, which included executive stock selloffs and a security check tool that asked for even more personal information.


The post Was Equifax Hacked Again? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures