into

now browsing by tag

 
 

#speeddating | #tinder | #pof | #blackpeoplemeet | Council for Entrepreneurial Development’s interim CEO says it’s ‘full speed ahead’ into a virtual world | romancescams | #scams

RESEARCH TRIANGLE PARK – Kelly Rowell, interim CEO at the Council for Entrepreneurial Development, says much of the organization’s entrepreneurial support programs “translated well to a virtual environment and we’re […] View full post on National Cyber Security

#cyberbullying | #cyberbully | Transforming troll spewings into posters, songs, art – more lifestyle | #parenting | #parenting | #kids

Internet comments are a world unto themselves. No opinion is too ignorant to air, no input too trivial to share. Readers respond to pasta-sauce recipes with tales of infidelity. Heavy-metal […] View full post on National Cyber Security

New wave of attacks aiming to rope home routers into IoT botnets | #corporatesecurity | #businesssecurity | #

A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. The report urges users to […] View full post on National Cyber Security

#infosec | Sextortion Fallout Scam Tricks Users into Malware Download

Source: National Cyber Security – Produced By Gregory Evans

Security researchers are warning of a new sextortion-related campaign designed to trick the recipient into clicking on a nude image booby-trapped with malware.

The unsolicited email contains a message from ‘Red Skull’ hacking crew, who claim to have compromised the account of a contact of the recipient and found images of his naked girlfriend.

As this individual didn’t pay up, the hackers are now emailing the image to everyone in his contacts list, or so the scam goes.

To view the picture, the user is encouraged to “enable content” and in so doing execute macros on the machine. However, doing so will run a PowerShell command in the background to download and execute the Racoon information-stealing malware, according to IBM X-Force.

Fortunately, the associated domain has been taken down.

“This new take on sextortion is quite remarkable. It makes the victim believe that someone they know has been exploited in an attack that has nothing to do with them. If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually targeted,” the security vendor explained.

“Thanks to the quick removal of the domain, it is safe to say that the success of this single campaign should be less significant, despite the sophistication and creativity of its emails. Nevertheless, the threat actor distributing these emails has been very actively exploring new methods of social exploitation, so this will certainly not be the last time we write a collection about these types of emails.”

In fact, the same hackers are behind a new campaign in which malicious spam is sent to users posing as an “indictment message” sent by a court. The relevant information on the hearing is said to be included in the malicious attachment.

Other phishing emails use DocuSign as a lure to click through and unwittingly download Racoon.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Sextortion Fallout Scam Tricks Users into Malware Download appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Maze ransomware publicly shaming victims into paying

Source: National Cyber Security – Produced By Gregory Evans

At least
five law firms have been hit and held hostage by the Maze ransomware group in
the last four days with these attacks being part of a wider campaign possibly
affecting between 45 and 180 total victims in January.

Maze is
using a somewhat unique tactic with its latest victims. Instead of simply
placing a ransom note on the infected system and waiting for payment, the gang places
the company name on a website. If a payment is not forthcoming immediately it
then places a small amount of the stolen data on the site as proof, reported Brett
Callow, threat analyst with Emsisoft.

If payment
is received the name is removed. The websites are hosted by two Chinese
companies, one a Singapore-based division of Alibaba and the other by Tencent,
although there is no indication these entities are involved in the ransomware
scheme.

“Hackers
claim to have stolen data from at least five law firms – three in the last 24
hours alone – and, in two of the cases, a portion of the stolen data has
already been posted online. The data, which includes client information, has
been published on the clear web where it can be accessed by anybody with an
internet connection,” Callow told SC Media.

Emsisoft has
what it believes to be firm data that at least 45 companies were targeted by
Maze in January, but Emsisoft believes this represents only about 25 percent of
the total number of firms involved.

“My concern, as usual, is disclosure,” Callow said discussing the chart below. “It’s submissions we’ve had for Maze (each one represents an actual incident) and we’d estimate it represents only about 25% of the total number. In other words, there’re a lot more submissions than there are companies listed on the website – which means they pay before being listed.”

Source: Emsisoft

The group
has also placed the stolen content on dark forums with instructions telling malicious
actors to “Use this information in any nefarious ways that you want.”

Another
differentiating factor is Maze attempts to fully monetize its criminal endeavor
by demanding $1 million to decrypt the data and then another $1 million to delete
the stolen information, although Callow noted “it seems highly unlikely that a
criminal enterprise would actually delete that it may be able to monetize at a
later date.”

Maze has targeted several high-profile entities within the last few months, including Allied Universal, Southwire and the city of Pensacola. It also recently struck the Canadian firm Bird Construction, which holds several military contracts, and exposed some of the stolen data from Bird subcontractor Suncor and the PII on a few Bird employees, including names, home addresses, phone numbers, banking info., social insurance numbers, tax forms, health numbers, drug and alcohol test results.

Original Source link

The post #cybersecurity | hacker | Maze ransomware publicly shaming victims into paying appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Laredo College goes into the darkside of the web

Source: National Cyber Security – Produced By Gregory Evans

LAREDO, TX (KGNS) – Our local college is shedding light on the dangers of modern-day technology.

Laredo College is joining forces with MileOne, UISD, and local authorities to host a discussion on cybersecurity to educate the community on the dangers of the internet.

Experts will share impactful information such as the importance of cybersecurity and all the dangerous material that can be found on the dark web.

The first session at the South Texas Cybersecurity Series will be at 10 a.m. and the second will be at 6 p.m. at MileOne located at 1312 Houston Street.

Organizers invite all local businesses, and students to take part in the conference.

Source link
——————————————————————————————————

The post #deepweb | <p> Laredo College goes into the darkside of the web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | New Insights into Privileged Access Management (PAM) Best Practices

Source: National Cyber Security – Produced By Gregory Evans

The increasingly sophisticated and persistent nature of cyber threats underscores the importance of protecting your privileged accounts, along with their respective privileged users and privileged credentials. Privileged accounts, by their very nature, tend to be the sort of digital “crown jewels” that are much sought-after by hackers. Best practices for Privileged Access Management (PAM), the main countermeasure for this risk, are thus evolving as the threats become better understood.

A Brief Overview of Privileged Access Management

PAM comprises a collection of practices, policies and technologies that protect administrative or “privileged” access to the back ends of critical systems. Privileged users operate privileged accounts, where they are authorized to set up, configure, reconfigure or delete systems, e.g. servers, databases and storage volumes. They can also set up, modify or erase user accounts—or promote regular users to privileged status and so forth.

Privileged users are necessary for the proper functioning of your IT department. However, their power makes them very attractive targets for hackers. Some of the most notorious data breaches in recent memory resulted from the abuse of privileged accounts and the impersonation of privileged user identities. Protecting privileged credentials is therefore a major goal of cyber security policy and security operations (SecOps).

PAM Best Practices

The basic idea of PAM is easy to understand: Restrict privileged access only to privileged users. It seems simple enough. Indeed, some companies still use spreadsheets and common sense to manage privileged accounts. This is no longer a viable approach though, operationalizing PAM will take focus and effort, along with the right tools.

Virtually all organizations that take PAM seriously have acquired dedicated PAM solutions. In some cases, it’s a good practice to integrate PAM with your Identity and Access Management (IAM) system. This approach creates a single source of user data. From this master data set, you can then elevate access privileges while tracking all user identities in the same place

#1 Map your privileged accounts

It’s wise to know where your privileged accounts are and who has access to them. This may seem unnecessary, but in today’s IT world of cloud servers, APIs and mobile endpoints, you might be surprised to learn how many previously unknown systemic backdoors you have. If your organization has distributed management of business units, the problem can be even worse than you imagine. Furthermore, if outside entities like IT consultants have privileged access, that expands the attack surface area that much more. In many cases, a privileged user might even be a machine, not a human being.

#2 Establish Privileged Account Governance

This may seem a bit overly formal, but governance is an essential element of an effective PAM program. The execution of PAM governance doesn’t have to be fancy, but it’s a good idea to commit rules and policies to writing and then make sure that stakeholders understand them. One reason this is so important has to do with the circumstances in which privileged access is granted. For example, if an IT admin gets a call at home on the weekend, with someone asking to be given access to the email server, how should he or she respond? If you’ve established that privileged access can never be granted based on a call to a personal cell phone, you’ll be protected against a potential social engineering hack.

#3 Get organization-wide buy-in

Everyone has to be aware of your PAM program and how it works. This includes senior executives. PAM should factor into general security training, so people will understand and follow privileged access policies. They’ll know it’s happening for everyone’s benefit.

#4 Create a written privileged account password policy

This falls under governance, but it’s worth calling out on its own. Hackers thrive in ambiguity, particularly when there’s turnover of personnel and a lack of clarity about who is allowed to do what. For instance, if your company has an external IT provider managing the ERP system, a hacker can impersonate one of their employees to gain back end access. However, if you have a written policy that requires sign-off from a senior executive at the IT contractor, then you have taken a step toward mitigating that risk. Privileged password policies templates are available from SANS, NIST, GLBA and the ISO (e.g. ISO17799 and ISO9000).

#5 Protect the PAM Solution

Understand that the PAM solution itself is a major target for hackers. What better way is there to get inside an organization and steal its data or wreak utter havoc? If hackers can penetrate the PAM solution, they can create privileged users at will. Or, they can switch off privileged account access for actual privileged users—blunting incident response capabilities at the same time. A compromised but functioning PAM system could mask unauthorized privilege assignments and erase privileged account sessions. For these reasons, it’s a highly recommended practice to devise countermeasures that provide defense in depth for the PAM solution.

The breach events of 2019 only serve to heighten the importance of robust privileged access management. The threats aren’t likely to get any less serious or advanced. Bad actors are coming for your privileged accounts. Now is the time to increase the depth and intensity of your countermeasures.

Are your current privileged access management efforts enough? Learn how Hysolate isolates PAM access for top grade endpoint security. Request a demo with a specialist today.

The post New Insights into Privileged Access Management (PAM) Best Practices appeared first on Hysolate.

*** This is a Security Bloggers Network syndicated blog from Blog – Hysolate authored by Jessica Stanford. Read the original post at: https://www.hysolate.com/blog/new-insights-into-privileged-access-management-pam-best-practices/

Source link

The post #cybersecurity | #hackerspace |<p> New Insights into Privileged Access Management (PAM) Best Practices <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Wasp seizes control of victims’ brains to turn them into zombie slaves

Source: National Cyber Security – Produced By Gregory Evans A newly-discovered member of the Acrotaphus wasp family (Image: Kari Kaunisto) Scientists have discovered a new species of wasp that can seize control of its victim’s brains. Lurking in the dark depths of the Amazon rainforest is a ‘parasitoid’ wasp that can ‘manipulate the behaviour of […] View full post on AmIHackerProof.com

#comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s

Source: National Cyber Security – Produced By Gregory Evans

In 2020 we will see more and more sophisticated attacks perpetrated by a larger number of threat actors, including many who are backed by organised crime or nation-states. According to the 2019 Verizon Data Breach Investigations Report (DBIR), organised criminal groups were behind 39 per cent of breaches in 2019, and actors identified as nation-state or state-affiliated were involved in 23 per cent of breaches.

These attacks may leverage side-channel attack techniques (similar to Spectre, Meltdown and the slew of other discovered hardware-related vulnerabilities that are so hard to address purely through software fixes), attacks living in firmware and others going beyond a traditional file-based or even living-off-the-land (aka fileless) malware. While the industry is still struggling with old known malware, these types of attacks will proliferate mostly unchecked.

For the first time, we may see an attack that results in death(s). Internet of Things (IoT) devices incorporated into critical infrastructure systems (e.g. electric grid, water treatment, communications), as well as life-critical medical devices, will see a slew of new disclosed vulnerabilities that could prove deadly, particularly to the most vulnerable patients in intensive care units (ICU). Attackers will become more specialised in different areas of IoT device types.

The evolution of ransomware

Ransomware has been around since 1989, yet it will remain a very effective malware type for attackers in 2020. McAfee’s researchers found that ransomware attacks have more than doubled this year, including a Q1 increase of 118 per cent.

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee.

To that point, we can not only expect the number of ransomware attacks to increase in 2020, but as the discovery of the RIPlace evasion technique demonstrates, they will become more difficult — if not impossible — to detect.

All organisations across all industries are potential targets, but healthcare and government organisations appear to have the biggest targets on their backs. CNN reports 140 attacks targeting public state and local governments and health care providers this year (and counting).

The attacks hit schools, local government offices and hospitals, wreaking havoc and costing victims hundreds of millions of dollars. The victims included:

A network of Alabama hospitals had to stop accepting new patients.

The city of Baltimore, which ended up spending more than $18 million recovering from an attack.

Louisiana schools – Governor John Bel Edwards was forced to activate a state of emergency after ransomware took down three school districts’ IT systems

Three Florida cities – Key Biscayne, Lake City and Riviera Beach – were unable to provide residents with access to many vital government services while officials scrambled to spend hundreds of thousands of dollars to bring downed IT systems back online. The attackers collected ransoms totaling over $1.1 million.

The most recent victim (as of this writing) was the city of Pensacola, Florida, was hit by ransomware that took phones, email, electronic “311” service requests, and electronic payment systems offline.

As Dave Hylender, a senior risk analyst at Verizon and one of the authors of the 2019 Verizon Data Breach Investigations Report said, “There’s an impression that ransomware has sort of run its course. It hasn’t. I don’t think ransomware is ‘back’ this year because I don’t think it ever left.”

Gone phishing

An organisation’s employees will continue to initiate some of the most devastating losses. Companies rely on awareness training to educate users on how to avoid falling victim to attacks,  but that cannot eliminate user error entirely.

Consider that nearly a third of all breaches in 2019 were the result of phishing attacks, according to the Verizon DBIR. Worse, it’s easy for attackers to secure and use well-built, off-the-shelf tools, lowering the skill required to launch a phishing campaign. According to the IDG Security Priorities Study, 44 per cent of companies will increase their security awareness programs and make staff training priorities is a top priority.

Attackers will respond by improving the quality of their phishing campaigns by minimising or hiding common signs of a phish. Expect greater use of business email compromise (BEC), too, where an attacker sends legitimate-looking phishing attempts through fraudulent or compromised internal or third-party accounts.

Organisations in 2020 need to prioritise strengthening the environment around users to reduce the opportunity for them to be presented with attacks, strengthening the technology around the user to ensure that users cannot initiate losses, and then proactively anticipating the losses that users can initiate and putting technologies in place to mitigate the resulting losses.

Look for both the bad and the good

The reason for ransomware and other malware so easily being able to inflict damage is our continued reliance on security tools that chase badness (rather than ensuring good). It is impossible to detect all badness with a high degree of confidence by relying on the enumeration of badness approach.

Organisations should complement their existing security layers with an approach that does the exact opposite – ensuring what’s good. The emphasis is on the word “complement.” Do not rip out your existing solutions. When you combine your existing tools focusing on the bad with ones that track the good, by applying a whitelisting-like approach, you create the most effective defense in depth posture.

Rene Kolga, CISSP, heads Product Management and Business Development for North America, Nyotron

Source link

The post #comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s appeared first on National Cyber Security.

View full post on National Cyber Security