million

now browsing by tag

 
 

Covid Scams Snare $1.79 Million – channelnews | #coronavirus | #scams | #covid19

SYDNEY: The Australian Competition and Consumer Commission says its ScamWatch operation has now received more than 3400 scam reports mentioning the coronavirus. This has involved more than $1.79 million in reported losses since the outbreak of Covid-19. Common scams have involved phishing for personal information, online shopping and superannuation scams. The ACCC says many scammers […] View full post on National Cyber Security

#deepweb | Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.

Source link
——————————————————————————————————

The post #deepweb | <p> Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Source: National Cyber Security – Produced By Gregory Evans

North Korea Hacking Cryptocurrency

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

The two individuals in question — Tian Yinyin (田寅寅, and Li Jiadong (李家东) — were both charged with operating an unlicensed money transmitting business and money laundering conspiracy.

Prosecutors said the defendants worked on behalf of the threat actors based in North Korea to allegedly launder over a $100 million worth of stolen cryptocurrency to obscure transactions, adding the hacking of cryptocurrency exchanges posed a severe threat to the security of the global financial system.

It’s worth noting that Lazarus Group was one among the three hacking outfits to be sanctioned by the US government last September for conducting a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country’s illicit weapon and missile programs.

Per the US Treasury, the Lazarus Group stole the funds in 2018 after an employee of a cryptocurrency exchange unwittingly downloaded malware through an email, which gave the threat actor access to private keys, virtual currency, and other customer information.

“Lazarus Group cyber actors used the private keys to steal virtual currencies (250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK’s estimated virtual currency heists that year.” the Treasury said.

While the name of the exchange remains unknown, a report by Kaspersky back in August 2018 detailed a campaign that involved dropping malware in the corporate networks of a number of crypto-exchanges by sending spear-phishing emails.

Stating that North Korea trains hackers to “target and launder stolen funds from financial institutions,” the Treasury added that both Tian and Li received $91 million from North Korea-controlled accounts that can be traced by the 2018 cryptocurrency exchange hack and an additional $9.5 million from a hack of a second exchange.

Prosecutors said the two individuals helped convert more than $34 million of the illicit funds they received back into Chinese yuan by moving them to a bank account linked to the exchange account, in addition to converting $1.4 million worth of cryptocurrency into Apple gift cards.

Created in 2007, the Lazarus Group has gone after a number of targets, including militaries, governments, financial institutions, media companies, and utility sectors, to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.

A United Nations report last August estimated North Korea to have generated an estimated $2 billion for its weapons programs through “widespread and increasingly sophisticated cyberattacks” targeting banks and cryptocurrency exchanges.

The Original Source Of This Story: Source link

The post 2 Chinese Charged with Laundering $100 Million for North Korean Hackers appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | More than 200 million MGM customers could have stolen info on the black market

Source: National Cyber Security – Produced By Gregory Evans

MGM RESORTS SAYS THERE WAS A DATA BREACH IN JULY 2019 — Morgan & Morgan has filed a lawsuit against MGM Resorts International over a data breach that has exposed the personal information of millions of people. The lawsuit was filed February 21, 2020 and states that in July of 2019, MGM’s computer network system was hacked. The stolen information was then posted on a closed Internet forum.

Related: Attorney files lawsuit against MGM Resorts over recent data breach

The report states more than 10.6 million MGM guests were impacted, but one of the lead attorneys said it could be much more.

“We absolutely have heard that we could be talking upwards of 200 million plus,” said Attorney Jean Martin.

She said one of their main concerns is what information was stolen. She said initially, MGM reached out to impacted customers in September of 2019, saying only names and maybe addresses had been posted online, but that information had been taken down. However in February, the lawsuit says even more personal information had been posted on an internet hacking forum, leading to prolonged risk of that stolen information spreading. Some of the information stolen included names, addresses, driver’s license numbers, passport numbers, military ID numbers, phone numbers, emails and birthdays.

“That’s what happens when your information is compromised. You never know when it’s going to go up on the web and on the dark web, when it’s going to be sold and when it’s going to be used, so now the people that have had their information compromised face this risk for the rest of their lives,” said Martin.

MGM Resorts released a statement prior to the lawsuit’s filing, and declined to give any updated information.

“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws. Upon discovering the issue, the Company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue. At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”

Source link
——————————————————————————————————

The post #deepweb | <p> More than 200 million MGM customers could have stolen info on the black market <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Zero Networks Launches Industry’s First Autonomous Network Access Orchestrator, Announces $4.65 Million in Funding

Source: National Cyber Security – Produced By Gregory Evans

Debuting at the RSA® Conference’s Launch Pad, the platform delivers adaptive user and machine-level policy enforcement to make a zero trust network model at scale a reality  

NEW YORK and TEL AVIV – February 20, 2020 – Zero Networks (www.zeronetworks.com), the pioneer in zero trust network access, today unveiled the Zero Networks Access Orchestrator, the first network security platform that automatically defines, enforces and adapts user- and machine-level network access policies to create a continuous airtight zero trust network model, at scale. The company was named one of three finalists for the prestigious RSAC Launch Pad, where it will debut the platform, on February 26th, during the RSA Conference, the world’s leading information security conference.

Zero Networks also announced it has raised $4.65 million in seed funding, led by F2 Capital and Pico Venture Partners. This funding will be used to accelerate product development and hire key positions in engineering, marketing, sales and business development.

Assuming users and machines inside the network can be completely trusted leaves the door open for malicious insiders and hackers to do almost anything they want. Zero Networks minimizes these risks, with the click of a button, constraining access in the network to only what users and machines should be doing. The Zero Networks Access Orchestrator is the first of its kind to deliver:

  • Autonomous policy enforcement – observes how users and machines normally communicate to automatically enforce a zero trust networking stance throughout your environment, with a two-factor authentication (2FA) mechanism to allow new or rare access, so users can always get what they need, when they need it.
  • Airtight security – establishes least privilege access for each and every user and machine, so they can only access only what they need, and nothing more. This provides a scalable and cost-efficient way for enterprises to establish user and machine-level perimeters that put an end to excessive allowances within the network. It also eliminates many internal attack vectors, such as network discovery, lateral movement, remote code execution and the introduction of commodity malware.
  • Access control at scale – provides a single source for all network access policies, so the entire environment is protected from managed and unmanaged devices, at scale, with the click of a button. There are no agents to deploy and no policies for IT to configure or manage.

“Zero Networks is making a zero trust security model at scale a reality,” said Jonathan Saacks, managing partner from F2 Capital. “Their approach is a radical change for the market, but not a radical change for enterprises, which is why it is so effective,” added Tal Yatsiv, operating partner at PICO Venture Partners. “Enterprises can go about their business and lock down the access of each of their users and machines to only what they need, without agents, without intervention, and without disruptions.”

Zero Networks founders Benny Lakunishok and Jossef Harush came up with the Zero Networks Access Orchestrator when they saw the burden that IT and security teams face in trying to maintain real-time access requirements for all users and machines across their environment. With deep experience in cybersecurity, they knew there had to be better, more scalable solution.

Mr. Lakunishok has been in cybersecurity for the past decade and was part of the leadership team of Aorato, which was acquired by Microsoft. Mr. Harush previously led the architecture and engineering team at CyberX. Together, they established Zero Networks to make it easy for enterprises to adapt and scale airtight, internal network access policies that keep attackers out and the business going.

The Zero Networks Access Orchestrator is currently being used by beta customers in the manufacturing, energy, retail and public sectors to defend their internal networks and will be commercially available at the end of Q1 2020.

About Zero Networks

Zero Networks automates the creation, enforcement and maintenance of zero trust network access policies for each user and machine to make zero trust security model at scale a reality. The Zero Networks Access Orchestrator enables organizations to keep up with the changes in their dynamic environment and prevent breaches from impacting operations, so they can be confident their users and machines are able to go about their business and nothing more. With Zero Networks, there are zero hassles, disruptions or worries - there’s just trust. For more information, please visit www.zeronetworks.com or follow Zero Networks on LinkedIn at https://www.linkedin.com/company/zero-networks or Twitter at https://twitter.com/ZeroNetworks.

 

Source link

The post #cybersecurity | #hackerspace |<p> Zero Networks Launches Industry’s First Autonomous Network Access Orchestrator, Announces $4.65 Million in Funding <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Ohio Man Caught For Laundering Bitcoin Worth $300 Million

Source: National Cyber Security – Produced By Gregory Evans

|

An Ohio resident has been arrested by the United States authorities for running a “Bitcoin mixer” service on the dark web which was helping the criminals for impersonating the Bitcoin transactions. Larry Harmon is a 36-old man who is caught for three-count indictment in Akron, Ohio. He was operating Helix which is an online website located on the dark web.

Ohio Man Caught For Laundering Bitcoin Worth $300 Million

The bitcoin blockchain is a public database which is open for everyone to purchase and invest in Bitcoin. It has been noticed that in many cases the transaction for new funds by the users are getting linked to a credit card, bank account, or Paypal account.

Helix works like a Bitcoin mixer, it is a type of service which collects funds from users and split them into minor portions and send them to a new Bitcoin address using thousands of transactions. This service helps users to hide the original funds.

“The sole purpose of Harmon’s operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise,” Don Fort, Chief, IRS Criminal Investigation, said today in a DOJ press release.

According to the reports, Harmon was indulged in running Helix as a secondary project which was attached to his primary service called Grams. It is a search engine which collects and delivers information about numbers of drugs-related marketplaces available on the dark web.

On Grams, users can search for a drug and find the cheapest one in their area and Helix was working as a way of transaction which was helping users to hide their identity while buying the products.

According to the reports, Harmon was operating Helix since 2014 during these years he had launder more bitcoin of worth $300 million at the time of the transaction, and now it has a net value of $3.5 billion.

Source

Best Mobiles in India

  • 23,999

  • 19,590

  • 22,990

  • 28,959

  • 19,890

  • 25,999

  • 34,854

  • 1,03,900

  • 15,690

  • 15,999

  • 16,999

  • 28,959

  • 10,990

  • 19,890

  • 12,999

  • 14,870

  • 15,098

  • 62,899

  • 34,854

  • 44,499


  • 13,545


  • 40,920


  • 73,999


  • 10,958


  • 24,000


  • 21,450


  • 51,150


  • 98,400


  • 20,000


  • 92,999

Source link
——————————————————————————————————

The post #deepweb | <p> Ohio Man Caught For Laundering Bitcoin Worth $300 Million <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

“INDIA-BIG-MIX” (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE)”

If you’re wondering what this seemingly random set of words mean, that is how a fresh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed.

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.

At the moment, the source of this new breach is unknown. The card records were uploaded on the 5th of February and that the total estimated value of the database according to Group-IB, is USD4.2 million, at around USD 9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.

The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In). The Economic Times will update this story as and when we hear from CERT-In on the steps they have taken.

With the sharp rise in digital payments in India and a lack of corresponding rise in awareness of the best practices to use payment cards safely online and offline, the country has become an attractive destination for nefarious elements online.

This newest breach has, according to Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

They also say that unlike earlier breaches what “distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Shestakov adds “such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.”

Source link
——————————————————————————————————

The post #deepweb | <p> Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Configuration Error Reveals 250 Million Microsoft …

Source: National Cyber Security – Produced By Gregory Evans Some the records, found on five identically configured servers, might have contained data in clear text. Researchers have found five servers revealing almost 250 million Customer Service and Support (CSS) records. Each server contains what appears to be the same set of data stored, with no […] View full post on AmIHackerProof.com

Big Microsoft data breach – 250 million records exposed – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Microsoft has today announced a data breach that affected one of its customer databases.

The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world.

Microsoft didn’t give details of how big the database was. However, consumer website Comparitech, which says it discovered the unsecured data online, claims it was to the order of 250 million records containing:

…logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019.

According to Comparitech, that same data was accessible on five Elasticsearch servers.

The company informed Microsoft, and Microsoft quickly secured the data.

Microsoft’s official statement states that “the vast majority of records were cleared of personal information,” meaning that it used automated tools to look for and remove private data.

However, some private data that was supposed to be redacted was missed and remained visible in the exposed information.

Microsoft didn’t say what type of personal information was involved, or which data fields ended up un-anonymised.

It did, however, give one example of data that would have been left behind: email addresses with spaces added by mistake were not recognised as personal data and therefore escaped anonymisation.

So if your email address were recorded as “name@example.com” your data would have been converted into a harmless form, whereas “name[space]@example.com” (an easy mistake for a support staffer to make when capturing data) would have been left alone.

Microsoft has promised to notify anyone whose data was inadvertently exposed in this way, but didn’t say what percentage of all records were affected.

What to do?

We don’t know how many people were affected or exactly what personal data was opened up for those users.

We also don’t know who else, besides Comparitech, may have noticed in the three weeks it was exposed, although Microsoft says that it “found no malicious use”.

We assume that if you don’t hear from Microsoft, even if you did contact support during the 2005 to 2019 period, then either your data wasn’t in the exposed database, or there wasn’t actually enough in the leaked database to allow anyone, including Microsoft itself, to identify you.

It’s nevertheless possible that crooks will contact you claiming that you *were* in the breach.

They might urge you to take steps to “fix” the problem, such as clicking on a link and logging in “for security reasons”, or to “confirm your account”, or on some other pretext.

Remember: if ever you receive a security alert email, whether you think it is legitimate or not, avoid clicking on any links, calling any numbers or taking any online actions demanded in the email.

Find your own way to the site where you would usually log in, and stay one step ahead of phishing emails!

Source link

The post Big Microsoft data breach – 250 million records exposed – Naked Security appeared first on National Cyber Security.

View full post on National Cyber Security

New Orleans Mayor: Ransomware Attack Cost City $7 Million

Source: National Cyber Security – Produced By Gregory Evans

The City of New Orleans ransomware attack has caused at least $7 million in financial damage & this figure is expected to grow, Mayor Latoya Cantrell says.

The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack’s financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.

Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.

A Closer Look at the New Orleans Ransomware Attack

The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.

New Orleans officials have taken steps to improve the city’s security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.

How Can Organizations Address Ransomware Attacks?

Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:

  • Perform regular IT security audits and penetration testing.
  • Deploy endpoint protection solutions across IT environments.
  • Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.

MSSP Alert Recommendations

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)


Return Home

Source

The post New Orleans Mayor: Ransomware Attack Cost City $7 Million appeared first on National Cyber Security.

View full post on National Cyber Security