hacker

now browsing by tag

 
 

#cybersecurity | hacker | APT40 hackers linked to 13 alleged front companies in Hainan, China

Source: National Cyber Security – Produced By Gregory Evans The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40. The alleged front companies all purport to be science and […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Federally funded Unimax smartphone pre-loaded with malware

Source: National Cyber Security – Produced By Gregory Evans The Unimax UMX U686CL is a Chinese-made smartphone distributed by the federally funded Assured Wireless by Virgin Mobile has been found to come pre-loaded with two malicious applications. Malwarebytes researchers found the malware every owner finds on their phone is Wireless Update and amazingly the device’s […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Experiential learning – the key to forgetting about the Forgetting Curve

Source: National Cyber Security – Produced By Gregory Evans In 1885, a psychologist named Hermann Ebbinghaus published his theory on education retention called the Forgetting Curve. His research theorizes that most people forget up to 80 percent of what they’ve learned within 48 hour, unless the information is reviewed time and again. With Deloitte reporting […] View full post on AmIHackerProof.com

#cybersecurity | hacker | State actors may be behind ongoing cyberattack on Austria’s foreign ministry

Source: National Cyber Security – Produced By Gregory Evans


An ongoing and “serious cyberattack” at
Austria’s foreign ministry could be the work of nation-state actors, the
country’s government said.

The ministry has set up a “coordination
committee” to respond to the attack, which started as the country’s Greens
party okayed an alliance with conservatives.

While the foreign ministry discovered the attack
and responded quickly, the incident is ongoing.

“Due to the gravity and nature of the attack, it
cannot be excluded that it is a targeted attack by a state actor,” the foreign
and interior ministries said in a joint statement cited in a report by the
Associated Press.

It is similar in nature to a pair of attacks against Germany in 2015 and 2018 believed to be the work of Russia’s Fancy Bear APT group.





Next post in Security News

Original Source link

The post #cybersecurity | hacker | State actors may be behind ongoing cyberattack on Austria’s foreign ministry appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Achieving an audacious goal by treating cybersecurity like a science

Source: National Cyber Security – Produced By Gregory Evans When humans discovered and learned to ‘obey’ the laws of physics and chemistry, we began to thrive in our world.  It enabled us to make fire, build machines much stronger than ourselves, to cure diseases, to fly. What will it take for us to thrive in […] View full post on AmIHackerProof.com

#cybersecurity | hacker | UK New Year Honours list mistakenly doxes honorees

Source: National Cyber Security – Produced By Gregory Evans


The 1,000-plus New Year Honours 2020 recipients in the UK received a doxing in addition to the acknowledgement of their good deeds by the Cabinet Office.

The annual
list of those honored for their activity in the arts, science, medicine, sport
or government had not only their names published as is the normal custom, but
also mistakenly their home and work addresses and postal codes, reported the BBC. The list
of honorees
was posted on December 28 and included those ranging from Elton
John, to cricketer Ben Stokes, former Conservative Party leader Iain Duncan
Smith along with many lesser-known figures such as senior police officers.

“A
version of the New Year Honours 2020 list was published in error which
contained recipients’ addresses. The information was removed as soon as
possible,” the spokesman said,” the Evening Standard reported.

The government
has reported the incident to its own Information Commissioner’s Office for
further investigation.





Next post in Privacy & Compliance News and Analysis

Original Source link

The post #cybersecurity | hacker | UK New Year Honours list mistakenly doxes honorees appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Inside the connected home and its implications for cybersecurity and privacy

Source: National Cyber Security – Produced By Gregory Evans

Over
the last few years, the introduction of connected devices into our homes has
become a boon for consumer convenience and entertainment. But this dynamic has
important cybersecurity and privacy considerations. The astounding increase of
connected devices has not only given attackers new points of entry but also
allows more of our information to be collected and potentially shared than ever
before.

To
find out how consumers address cybersecurity and privacy risks of connected
devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United
States, 2,000 in Canada. Overall, the results show a large disconnect between
what people say they do to protect themselves and what they are actually doing
in practice.

The Heart of the Connected Home

Starting at the central point of a connected home, the router, ESET polled respondents if they had changed their router username and password, either directly or through a technician when it was first acquired. About 57 percent of Americans either said the username and password were not changed or they do not know if they were changed. In a similar vein, 57 percent either could not or do not know if they could name every device connected to their home network.

A
secure router is the basis of an effective home network. The router is both the
heart of the network and is in the majority of scenarios the single internet-facing
device, taking ineffective security measures (or taking none at all) makes
every device connected to it more vulnerable. At a minimum, passwords and usernames
should be changed from either their factory or ISP/cable provider default. As
the public-internet facing device attackers may be able to gain some
information by default and even the slightest knowledge about a device will
open the opportunity to try connecting to it using the default administrative
credentials, making the device an incredibly easy target.

The devices connected to that network pose a risk as well. Almost 44-45 percent of respondents have between one and five connected devices, which one would think should be easy to keep track of. The respondents that have more than 10 devices is where keeping track of them all starts to get tricky. Giving each device a recognizable name is a must to make it easier to keep track of the authorized vs. unauthorized devices on a network.

Connected Device Security

Consumers claim to be worried about cybercriminals targeting connected home devices, yet 42 percent of respondents are not worried about something they sit in front of for hours every week – their connected TVs.

When
connected to the internet a connected TV can potentially be taken attacked by
ransomware, the resources abused by coinminers or the credentials used to
access your favorite streaming service could be stolen. Anything connected to
your home router can be targeted by cybercriminals.

Interestingly, about 17 percent of total respondents have connected devices (not just smart TVs) that they did not connect to the internet. Some didn’t have time to set up the features, while others simply don’t care enough about the additional features to connect the devices to the internet.

We found that more than half (61 percent) of Americans don’t turn off features that they do not use. Keeping with the television example, consumers may buy a smart TV for its streaming features only to realize after-the-fact that there are certain apps they want to use to connect to these services are not available on the device. The consumer purchases an additional streaming device, such as Apple TV or uses a gaming console to stream, but they never turn off the internet connection on the TV. That device is now connected to the home network and is likely not monitored or updated. That’s a hazard to home network security.

Start with the Basics

It’s
clear there is still a learning curve for many consumers with connected homes.
A whole host of problems can be avoided simply by changing the default username
and password on the router and keeping the software up to date. This is
especially important as consumers add new types of devices to their networks
every year, a trend this set to continue.

Consumers would do well to remember the saying, “an ounce of prevention is worth a pound of cure.” Our survey found that, even though 35 percent of Americans and 37 percent of Canadians said they were concerned about the security of their connected homes, only 20 percent of Americans and 29 percent of Canadians did any type of research on the data collection and storage policies of connected home device manufacturers.

Consumers
who spend hours evaluating price, features and the aesthetics of their home
devices would do well to spend a few minutes researching the reputation of the
manufacturer, the security of the device, known issues and vulnerabilities and
the degree to which their data is shared or sold to third parties.

Original Source link

The post #cybersecurity | hacker | Inside the connected home and its implications for cybersecurity and privacy appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Names, SSNs exposed in Moss Adams breach

Source: National Cyber Security – Produced By Gregory Evans


The accounting,
consulting and wealth management firm Moss Adams has posted a cybersecurity
incident notice centered on an employee email account that was accessed by an
unauthorized person compromising PII.

In the statement,
which appeared on the California Attorney General’s data breach website, Moss Adams stated
that on October 10, 2019 a staffer’s email account was accessed by an unknown
third party. Some of the information contained in the breached account included
names and Social Security numbers of an undisclosed number of customer or
employees.

Only
information contained in the email account was exposed, the malicious actor did
not obtain access to the company’s general computer network.

The company is
in the process of notifying those affected, has started an internal
investigation and is offering a year of free account monitoring.

Moss Adams
has not yet responded to an SC Media request for additional information.





Next post in Data Breach

Original Source link

The post #cybersecurity | hacker | Names, SSNs exposed in Moss Adams breach appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Ransomware shuts down The Heritage Company

Source: National Cyber Security – Produced By Gregory Evans


The telemarketing firm The Heritage Company has become the
latest ransomware victim to shut down, at least temporarily, its operations
even after making a ransom payment to its attackers.

Company CEO Sandra Franecke broke the news in a letter to her
300 employees that the 61-year-old firm would suspend activities. Each was told
to call the office number on January 2 for an update on whether or not to
report for work, reported KATV.

In a copy of the letter obtained by KATV, Franecke said the
ransomware attack occurred two months ago and she opted to pay the ransom. A
decryption key was received but the IT staff has been unable to bring the
systems back online.

“What we hope is just a temporary setback is an opportunity
for IT to continue their work to bring our systems back and for leadership to
restructure different areas in the company in an attempt to recoup our losses
which have been hundreds of thousands of dollars,” she wrote.

Paying a ransom and not receiving an effective decryptor key is one of the primary reasons why law enforcement and cybersecurity pros warn against giving in to a ransomware attacker’s demands. While some cybercriminals do release files, others either don’t have the correct key or simply have permanently encrypted or wiped the data.

The other side of the argument is more pragmatic believing
that sometimes a business must do what is necessary to stay in business.

Chris Bates,
vice president of security strategy at SentinelOne, says there is only one
truly correct answer to the problem. Take a proactive approach and update
legacy defense systems susceptible to sophisticated attacks, in addition to
allocating additional resources to security team staffing, training and support
because the odds of regaining access to your data is not in the victim’s favor.





Next post in Ransomware

Original Source link

The post #cybersecurity | hacker | Ransomware shuts down The Heritage Company appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Two information-disclosing bugs found in Twitter Android

Source: National Cyber Security – Produced By Gregory Evans In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts. In a Dec. […] View full post on AmIHackerProof.com