Hunt

now browsing by tag

 
 

#infosec | UK Spies Hunt Down Covid-19 Threats

Source: National Cyber Security – Produced By Gregory Evans

The UK’s National Cyber Security Centre (NCSC) has stepped in to remove malicious and phishing websites linked to Covid-19 scams, but warned that attacks could increase if the outbreak does.

The GCHQ body said that phishing efforts using the Coronavirus as a lure have led to victims losing money and sensitive data across Europe.

It urged businesses and consumers to consult its advice on email scams and dealing with malware to better insulate them from the threat of ransomware, credential theft and fraud.

“The NCSC has seen an increase in the registration of web pages relating to the Coronavirus suggesting that cyber-criminals are likely to be taking advantage of the outbreak,” it said.

“Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber-criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”

Security vendors have been sounding the alarm over phishing attacks for more than a month. Emails are often spoofed to appear as if sent from the World Health Organisation (WHO), the US Center for Disease Control (CDC) or other official bodies, and claim to contain new information on the outbreak in an attachment or via a link.

Some are laden with malware while others request the user enter their email and password, Outlook log-ins or other credentials to proceed. There are also reports, cited by the NCSC, of fraudsters requesting Bitcoin donations to fund a fake vaccine, and even scam sites selling fake antiviral equipment.

“We know that cyber-criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak,” said NCSC director of operations, Paul Chichester.

“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | UK Spies Hunt Down Covid-19 Threats appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Hunt for cyber crook Vikas proves pointless

Source: National Cyber Security – Produced By Gregory Evans CCB sleuths who went to track down cyber criminals to Rajasthan, return empty handed The Central Crime Branch (CCB) sleuths trip to track down cyber-crooks to a remote village in Rajasthan, seemed like a waste of time. The CCB only managed to arrest one person, who […] View full post on AmIHackerProof.com

Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches

Source: National Cyber Security – Produced By Gregory Evans

Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.

Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used the same username and password on multiple online accounts.

While data breaches are bad news for internet users, Google’s study finds that phishing is a much more dangerous threat to its users in terms of account hijacking.

In partnership with the University of California Berkeley, Google pointed its web crawlers at public hacker forums and paste sites to look for potential credential leaks. They also accessed several private hacker forums.

The blackhat search turned up 1.9 billion credentials exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. The vast majority of the credentials found were being traded on private forums.

Despite the huge numbers, only seven percent of credentials exposed in data breaches match the password currently being used by its billion Gmail users, whereas a quarter of 3.8 million credentials exposed in phishing attacks match the current Google password.

The study finds that victims of phishing are 400 times more likely to have their account hijacked than a random Google user, a figure that falls to 10 times for victims of a data breach. The difference is due to the type of information that so-called phishing kits collect.

Phishing kits contain prepackaged fake login pages for popular and valuable sites, such as Gmail, Yahoo, Hotmail, and online banking. They’re often uploaded to compromised websites, and automatically email captured credentials to the attacker’s account.

Phishing kits enable a higher rate of account hijacking because they capture the same details that Google uses in its risk assessment when users login, such as victim’s geolocation, secret questions, phone numbers, and device identifiers.

The researchers find that 83 percent of 10,000 phishing kits collect victims’ geolocation, while 18 percent collect phone numbers. By comparison, fewer than 0.1 percent of keyloggers collect phone details and secret questions.

The study finds that 41 percent of phishing kit users are from Nigeria based on the geolocation of the last sign-in to a Gmail account used to receive stolen credentials. The next biggest group is US phishing-kit users, who account for 11 percent.

Interestingly, the researchers found that 72 percent of the phishing kits use a Gmail account to send captured credentials to the attacker. By comparison, only 6.8 percent used Yahoo, the second most popular service for phishing-kit operators. The phishing kits sent were sending 234,887 potentially valid credentials every week.

Gmail users also represent the largest group of phishing victims, accounting for 27 percent of the total in the study. Yahoo phishing victims follow at 12 percent. However, Yahoo and Hotmail users are the largest group of leaked credential victims, both representing 19 percent, followed by Gmail at 12 percent.

They also found most victims of phishing were from the US, whereas most victims of keyloggers were from Brazil.

The researchers note that two-factor authentication can mitigate the threat of phishing, but acknowledges that ease of use is an obstacle to adoption.

The post Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers

Source: National Cyber Security – Produced By Gregory Evans

Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers

Today’s topics include a Georgia congressman looking to breathe new life into a controversial proposed hack back bill; Google adding new anti-phishing features to Gmail; IBM and Cisco joining forces to integrate threat intelligence to improve cyber-security; and Microsoft partners readying Windows mixed reality headsets in time for the holidays….

The post Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Delhi police install cameras on patrol car doors to help in hunt for stolen vehicles

Source: National Cyber Security – Produced By Gregory Evans

Delhi police install cameras on patrol car doors to help in hunt for stolen vehicles

While Delhi Police have launched a slew of mobile apps for reporting crime, its South district branch has set up a new app to track stolen vehicles parked on streets. A special camera is installed at PCR vans which will register the number plates of vehicles parked on the streets. The camera is equipped with special software which will further match the data captured with the data of stolen vehicles. Though the project is launched on trial basis, soon the entire unit of Delhi Police will start using the app. According to South district police officials, this technology will improve the cops’ efficiency to trace stolen vehicles. Prem Nath, Deputy Commissioner of Police, South District, told Mail Today that ‘Vehiscan’ is on trial run and things will be finalised after some time. “We have used this technology in various areas of Saket and Mehrauli where it performed effectively. Currently we are using it for stolen vehicles but soon it will be used to trace vehicles involved in other crimes as well,” he added. “Recently, we have started using this technology and successfully found five expensive cars stolen from various parts of Delhi,” a senior police official said. Explaining the technology, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Delhi police install cameras on patrol car doors to help in hunt for stolen vehicles appeared first on National Cyber Security.

View full post on National Cyber Security

OpenSSL bug hunt!!

A campaign has started to raise $250,000 for an OpenSSL bug – and its organizers hope it will help ensure the Heartbleed omnishambles is never repeated.

The campaign, spearheaded by computer security startup Bugcrowd, aims to raise the cash by 29 April: the money will be distributed as rewards to infosec bods who discover and report bugs in crucial crypto-library OpenSSL.

A pitch on crowdtilt.com explains:
“With many eyes and the right incentive all bugs are shallow. It’s up to the Internet to come to the table and provide the incentive required to make sure wide-scale security exposures like Heartbleed don’t happen again.
This Crowdtilt will fund a focused crowd-sourced security assessment on OpenSSL. 100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation.
Anyone can sponsor at any amount. Sponsors will be credited as Defenders of the Internet, and sponsors who commit over $5,000 will be specially mentioned and thanked.
Together let’s make the Internet a safer place.”

Donations thus far stand at a modest $5,400, but the fund has only just opened. Even so, the fundraiser is working on what looks like a tight deadline.

Casey Ellis, chief exec of Bugcrowd, explained that the initiative was independent from OpenSSL.
“The [OpenSSL] developers are aware of our efforts but are also obviously quite busy at the moment, so it’s fair to say that we are doing this independently,” Ellis said.

Bug-bounty programs have become commonplace across the IT industry: the schemes reward researchers for reporting flaws to vendors, rather than hawking them through exploit brokers or vulnerability marketplaces.

Heartbleed is a serious flaw in the widely used OpenSSL: a programming blunder allows miscreants to silently read passwords, private crypto-keys and other sensitive data from the memory of vulnerable servers, PCs, phones, tablets and other devices.

That’s bad, but it’s no remote-code execution hole, admittedly; there have been worse flaws in other internet-facing software that allowed attackers to plant all sorts of nasties on systems.

Source: http://whogothack.blogspot.co.uk/2014/05/openssl-bug-hunt.html#.VhV7wPmqqko

The post OpenSSL bug hunt!! appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

Global hunt for cyber criminals behind online black market

Source: National Cyber Security – Produced By Gregory Evans

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. Seventy people across the globe have been charged or face search warrants in connection to the online hacking marketplace Darkode, which has been shut down in an investigation that spanned 20 countries in the largest takedown of a cyber crime forum. Darkode was used by cyber criminals as a black market for credit card data, hacking tools, ransomware, email addresses and other information useful in targeting individuals, companies and governments. High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. h Of the 70 people wanted in relation to Darkode, 28 have been arrested and 12 are facing charges in the US. A notice on darkode.com on Wednesday said the domain and website had been seized by the FBI and the US attorney’s office in Pittsburgh. “Of the roughly 800 criminal internet forums worldwide, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Global hunt for cyber criminals behind online black market appeared first on National Cyber Security.

View full post on National Cyber Security

Rape case at elite Indonesian expat school. A witch hunt?

For more than six decades, the Jakarta Intercultural School has educated the children of expats and Indonesian elites, offering an alternative to the country’s woeful public schools. Cloistered in a posh neighborhood, its 2,700 K-12 students amble freely on a sprawling campus. The feel is progressive. Most students are issued iPads. They arrange their desks in class as they like or tackle assignments on large comfy cushions. Read More….

The post Rape case at elite Indonesian expat school. A witch hunt? appeared first on Dating Scams 101.

View full post on Dating Scams 101

Bounties to Hunt Down Hackers and ThievesNational Cyber Security

nationalcybersecurity.com – Roger Ver is so well known for his role in the rise of the world’s most popular digital currency that some people call him “The Bitcoin Jesus.” That makes him a prime target for hackers. They’ve st…

View full post on Hi-Tech Crime Solutions Weekly

Bounties to Hunt Down Hackers and Thieves

Bounties to Hunt Down Hackers and Thieves

Roger Ver is so well known for his role in the rise of the world’s most popular digital currency that some people call him “The Bitcoin Jesus.” That makes him a prime target for hackers. They’ve stolen his money, and […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security