#infoSec

now browsing by tag

 
 

#cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Source: National Cyber Security – Produced By Gregory Evans

FBI seizes control of WeLeakInfo.com which sold passwords stolen in data breaches

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

For as little as $2 per day, anyone could search the controversial website’s database of records and in many instances extract names, email addresses, phone numbers, and passwords. These passwords could then be used by unscrupulous hackers to break into other accounts where users had made the mistake of reusing the same credentials.

Weleakinfo

With the seizure of the WeLeakInfo.com domain, the website’s operations are effectively suspended.

Visitors to the WeLeakInfo.com website are now greeted by a message from the various law enforcement agencies who have been investigating the website’s activities.

Seized website

A 22-year-old man was arrested by police on Wednesday in Fintona, County Tyrone, Northern Ireland, in connection with the website, and another 22-year-old male has been arrested by East Netherland Cyber Crime Unit (Politie) in Arnhem.

According to an NCA press release, the two individuals are suspected by police of having made profits in excess of £200,000 from the site.

Prosecutors are likely to argue that those behind the website were profiting from the unlawful sale of stolen data, and assisting third-parties in also accessing sensitive details.

It’s important to recognise that there is a clear difference between the likes of WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.

WeLeakInfo allowed anyone to scoop up the passwords of those involved in a data breach, meaning they could be used in future security breaches.

HaveIBeenPwned, on the other hand, doesn’t store or share anybody’s password – instead the service, which I heartily recommend individuals and organisations sign up for, informs you if your email address has been included in a data breach. And that’s it. The onus is then on you to take steps to protect yourself (which may mean resetting passwords, and ensuring that you are not using the password you use on the hacked website anywhere else).

Authorities say they continue to investigate WeLeakInfo, and one can’t help but wonder if there will be more arrests if the site’s customer details are extracted from the seized infrastructure.

Source link

The post #cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Fidelis Cybersecurity Acquired by Skyview Capital

Source: National Cyber Security – Produced By Gregory Evans An American company dedicated to thwarting cyber-attacks has been snapped up by a global private equity firm.  Skyview Capital, LLC announced its acquisition of Fidelis Cybersecurity, Inc yesterday. Fidelis is located in the Maryland town of Bethesda, which a 2015 NerdWallet survey found to be the most educated place […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report

Source: National Cyber Security – Produced By Gregory Evans

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!

LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.

The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.

Download the free report now to see the current state of password security, access, and authentication around the world – and learn what you can do today to better secure your company.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Source link

The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Man who hacked National Lottery for just £5 is jailed for nine months – HOTforSecurity

Source: National Cyber Security – Produced By Gregory Evans

A 29-year-old British man has been jailed for nine months after admitting using hacking tools to break into UK National Lottery gambling accounts.

Anwar Batson, of Notting Hill, West London, downloaded the readily-available Sentry MBA hacking tool to launch a credential stuffing attack against the National Lottery website.

Credential stuffing takes lists of usernames and passwords exposed in data breaches and uses the same credentials to see if they will unlock other accounts online. As so many users make the mistake of reusing passwords on different websites, credential stuffing is a technique commonly deployed by attackers and tools such as Sentry MBA make the process even easier for the attacker.

Prosecutors told Southwark Crown Court that after Batson downloaded Sentry MBA he joined a WhatsApp group devoted to hacking under the alias of “Rosegold,” and provided to accomplices a configuration file specifically designed to launch Sentry MBA against the National Lottery website.

The attack, in late 2016, caused National Lottery operators Camelot to issue a warning to thousands of gamblers that their accounts may have been accessed, and forced a password reset on affected accounts.

Batson’s accomplices, Daniel Thompson and Idris Akinwunmi, were jailed in 2018 after admitting their involvement in the attack.

Batson was arrested in May 2017 by the National Crime Agency (NCA), and initially denied that he was involved in the attack – claiming that his devices had been cloned or hacked
by online trolls.

But when NCA officers examined his devices they uncovered the conversations between Rosegold and others on WhatsApp where they discussed hacking, the buying and selling of lists of usernames and password, and more.

In addition, officers found at Batson’s flat clothes which had been addressed to someone calling themself “Rosegold”.

Time and time again, people roll out the adage that “crime doesn’t pay.”

Well, it certainly doesn’t pay in the case of Batson.

As the NCA reports, Batson gave the username and password of one National Lottery player to Akinwunmi, who stole the entire contents of the account – a grand total of £13. Batson’s split of the ill-gotten gains? A mere £5.

Lottery operator Camelot says that responding to the attack cost it £230,000, and that 250 players had closed their accounts due to the negative publicity.

Source link

The post #cybersecurity | #infosec | Man who hacked National Lottery for just £5 is jailed for nine months – HOTforSecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | MAZE Relaunches “Name and Shame” Website

Source: National Cyber Security – Produced By Gregory Evans A threat group has once again taken to the internet to publish data stolen from alleged victims who refuse to cooperate with its ransom demands.  In December 2019, the MAZE ransomware group published online a portion of the 120 GB of data they claimed to have stolen […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | Graham Cluley on Totally Unprepared Politics podcast

#infosec | US Pressures UK on Final Huawei Decision

Source: National Cyber Security – Produced By Gregory Evans The US made a last ditch bid to convince the British government to fall into line over Huawei this week, as newly introduced legislation proposed excluding allies from intelligence sharing agreements. Secretary of state, Mike Pompeo, was expected to press his counterpart Dominic Raab at a […] View full post on AmIHackerProof.com

#infosec | UK Banks Foiled by Travelex Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans

The New Year’s Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers. 

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a “software virus” on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.

Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally. 

The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant. 

RBS, Sainsbury’s Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident. 

Requests for foreign currency are being handled in-branch by many of the banks affected. 

According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company’s data. 

Travelex said on Tuesday that it was not yet clear what data had been affected by the incident. 

“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” Travelex stated on January 7.

Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: “Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim.”

With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | UK Banks Foiled by Travelex Ransomware Attack appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Man jailed for using webcam RAT to spy on women in their bedrooms

Source: National Cyber Security – Produced By Gregory Evans

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.

27-year-old Scott Cowley, of St Helens, Merseyside, was arrested last November as part of an international investigation into purchasers of the Imminent Monitor RAT.

Imminent Monitor (also known as IM-RAT) had been sold online since 2012, purporting to be a legitimate remote access tool.

Imminent Monitor’s claims of legitimacy, however, are somewhat undermined by some of its abilities – such as the ability to allow remote users to disable a subject’s webcam light while they are being monitored. One version of the software even introduced the ability to mine for cryptocurrency on victim’s PCs.

Security researchers at Palo Alto Networks claim that they have observed Imminent Monitor being used in attacks against its customers on over 115,000 unique occasions.

International law enforcement agencies were finally able to dismantle the infrastructure behind Imminent Monitor last November, in an operation that executed 85 warrants, seized 434 devices, and arrested 13 people.

And, of course, when police cracked the IM-RAT’s distribution network they were also able to seize records detailing thousands of purchasers, which resulted in the arrest in Merseyside of Scott Cowley.

At Liverpool Crown Court prosecutors described how the Cowley had used a PayPal account connected to his own name and personal email address to buy the IM-RAT software. Cowley successfully managed to have the software installed on the computers of three women, and seized remote control of their webcams in order to allow him to secretly film them as they undressed and had sex.

Specialist police officers from the North West Regional Organised Crime Unit (NWROCU) were able to forensically examine Cowley’s own laptop computer, finding the software as well as furtive video recordings of his victims.

The court found Cowley guilty, and sentenced him to two years imprisonment for computer misuse and sexual offences.

“Today we welcome the sentencing of Scott Cowley who used highly technological methods to obtain private videos and images of innocent victims for his own sexual gratification. This conviction demonstrates that despite the high tech nature of the Cyber Crime, offenders have no place to hide,” said Detective Sergeant Steve Frame from the NWROCU. “We take all reports of cybercrime seriously and are absolutely committed to tackling and undermining this evolving threat. If you have been the victim of a similar crime, or suspect somebody is involved in committing this type of crime please call 101 and report it to your local police force.”

No doubt police investigations into the users of IM-RAT will continue, and we can hope for more successful prosecutions for those who preyed on innocent computer users.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Man jailed for using webcam RAT to spy on women in their bedrooms appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Las Vegas Suffers Cyber-Attack – Infosecurity Magazine

Source: National Cyber Security – Produced By Gregory Evans

The city of Las Vegas is licking its wounds after suffering a cyber-attack on its computer network.

It is not yet known whether any sensitive information was compromised in the incident, which took place in the early hours of Tuesday morning. 

City spokesperson David Riggleman said that it was likely that the threat actors gained access to the city’s network via a malicious email. 

Riggleman said that the city’s IT department moved fast to counter the invasion and stated that “the city is taking extensive steps to protect its systems.”

City officials were notified after unusual activity occurred at around 4:30 a.m. on Tuesday, but by the evening the full extent of the damage wrought by the incident was yet to be confirmed. Riggleman said a clearer picture is likely to emerge over the next day or two.

According to Riggleman, the City of Lost Wages encounters an average of 279,000 attempts to breach its systems every month. 

He observed: “A lot of people out there . . . are trying to open that cyber door.”

While Las Vegas works out who it was that managed to step over its digital threshold and what they got up to, city residents are likely to experience some disruption. 

Riggleman said that the city’s emails may be affected by system analysts’ ongoing investigation into the breach. He expected any disruption, however, to be “minimal.”

If the breach turns out to be the latest in a string of ransomware attacks on US cities, then it is highly unlikely that Las Vegas will cough up the money. The city’s mayor, Carolyn Goodman, went on record in July as sponsor of a resolution not to pay ransoms in the event of a cybersecurity breach. The resolution was approved by the US Conference of Mayors. 

Given the timing of the attack, some may wonder if it was launched by a vengeful Iran as retaliation for the recent killing of Iranian major general Qassem Suleimani. 

Following the announcement of Suleimani’s death on January 2, the US Department of Homeland Security issued a warning for Americans to be on high alert for cyber-attacks coming from Iran.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Las Vegas Suffers Cyber-Attack – Infosecurity Magazine appeared first on National Cyber Security.

View full post on National Cyber Security