now browsing by tag
According to data assembled by the K-12 Cybersecurity Resource Center, no state has experienced a greater number of publicly disclosed school cybersecurity incidents in recent years than Texas. These incidents have resulted in the theft of millions of taxpayer dollars, widespread destruction and outages of school IT systems, and large-scale identity theft.
Consider that Manor Independent School District lost $2.3 million in a targeted email phishing scam in January. In similar attacks last year, nearly $2 million was stolen from Crowley ISD, while Henderson ISD lost more than $600,000.
Malicious actors have employed other digital weapons, such as ransomware, to extort money from at least a half dozen Texas districts since 2017. The most recent incident, in Port Neches-Groves ISD, resulted in a $35,000 bitcoin payment to cybercriminals in exchange for the digital keys to restore access to the district’s IT systems. And school vendors such as Pearson have experienced large-scale breaches of student data at the same time that thousands of Texas educators and administrators have had their identities and personal bank accounts emptied by cyberthieves.
Given that schools’ reliance on technology for teaching, learning and operations will continue to grow, trustees and administrators should embrace their responsibility to safeguard their school communities from emerging digital threats.
The passage of Senate Bill 820 by the Texas Legislature encourages school districts to put in place commonsense security controls, but it falls short of guaranteeing such controls will be implemented effectively or in proportion to the threats facing districts.
If school trustees and administrators are to make real progress in managing cybersecurity risks, they will need to foster better information-sharing and cooperation across districts; make the case in their communities for spending time and resources on building cybersecurity awareness, tooling and expertise; and embrace the legislative requirement to develop meaningful cybersecurity policies and plans.
While there is variability in how school districts use and rely on technology, there are more similarities in terms of security challenges than differences. Since cybercriminals target school districts nationwide with the same scams, it is imperative IT leaders in school districts collaborate. Indeed, one of the biggest challenges in responding to these threats is the veil of secrecy surrounding school cybersecurity.
Any meaningful response to the issue will also require more money and more expertise. While state — and even federal — resources would undoubtedly help, school districts will likely have to look for other funding and sources of support. Students, parents and teachers should all be allies in this cause.
While educational technology offers exciting opportunities for students and teachers, its use introduces new risks. While the passage of SB 820 is laudable, it is only one step in a much longer journey to keep Texas school districts cybersecure. In the end, we won’t see fewer successful phishing attacks, fewer ransomware incidents or fewer data breaches until all superintendents and trustees jointly embrace their cybersecurity governance responsibilities.
Doug Levin is president and founder of the K-12 Cybersecurity Resource Center (k12cybersecure.com), which was launched in 2018 to shed light on the emerging cybersecurity risks facing public schools.
View full post on National Cyber Security
Google Chrome’s seamless updates have long been a big part of its appeal. But perhaps not anymore. With the latest version of Chrome already installed on hundreds of millions of computers and smartphones around the world, a significant warning has been issued that you might not like what it has running inside.
Picked up by The Register, Chrome 80 (check your version by going to Settings > About Chrome) contains a new browser capability called ScrollToTextFragment. This is deep linking technology tied to website text, but multiple sources have revealed it is a potentially invasive privacy nightmare.
To understand why requires a brief guide to how ScrollToTextFragment works. The simple version is it allows Google to index websites and share links down to a single word of text and its position on the page. It does this by creating its own anchors to text (using the format: #:~:text=[prefix-,]textStart[,textEnd][,-suffix]) and it doesn’t require the permission of the web page author to do so. Google gives the harmless example:
“[https://en.wikipedia.org/wiki/Cat#:~:text=On islands, birds can contribute as much as 60% of a cat’s diet] This loads the page for Cat, highlights the specified text, and scrolls directly to it.”
The deep linking freedom of ScrollToTextFragment can be very useful for sharing very specific links to parts of webpages. The problem is it can also be exploited. Warning about the development of ScrollToTextFragment in December, Peter Snyder, a privacy researcher at Brave Browser explained:
“Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with [the anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.”
And it was Snyder who spotted that ScrollToTextFragment is now active inside Chrome 80 stating that “Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a ‘don’t break the web’, never-cross, redline. This spec does that.”
David Baron, a principal engineer at Mozilla, maker of Firefox, also warned against the development of ScrollToTextFragment, saying: “My high-level opinion here is that this a really valuable feature, but it might also be one where all of the possible solutions have major issues/problems.”
Defending the decision, Google’s engineers have issued a document outlining the pros/cons of the deep linking technology in ScrollToTextFragment and Chromium engineer David Bokan wrote this week that “We discussed this and other issues with our security team and, to summarize, we understand the issue but disagree on the severity so we’re proceeding with allowing this without requiring opt-in.”
Bokan says the company will work on an opt-out option, but how many will even know ScrollToTextFragment exists? And here lies the nub of it: Google has such power it can be judge and jury to decide what is or isn’t acceptable. So ScrollToTextFragment, with its unresolved privacy concerns and lack of support from other browser makers, is now out there, running in the background of hundreds of millions of Chrome installations.
Whether you want to be part of that is up to you.
Follow Gordon on Facebook
More On Forbes
Google Pixel 4, Pixel 4 XL Review: Smart Phones, Dumb Decisions
Google Pixel 3a Review: The Best Smartphone Under $500
Apple iPhone 12: Everything We Know So Far
Apple AirPods Pro Vs AirPods: What’s The Difference?
The post #deepweb | <p> Google Just Gave Millions Of Users A Reason To Quit Chrome <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | A Well-Equipped Security Team Could Save You Millions of Dollars a Year
Data breaches are expensive. By now, most organizations are well aware of this fact. When it comes to resource planning, however, SecOps teams need concrete data to ensure adequate funding is available to handle a breach.
Taking a look at recent breaches and industry analysis can help.
The Financial Cost of a Data Breach Is Rising
IBM conducts an annual “Cost of a Data Breach” study as the basis for a global analysis of the cost impact of data breaches. According to the study, the average cost of a data breach in the U.S. is growing:
· 2017: $7.35 million
· 2018: $7.91 million
· 2019: $8.19 million
Between 2017 and 2019, the average financial impact of a data breach at a U.S. based company rose 10 percent. Companies that experience “mega breaches” involving millions of records can expect to pay anywhere from $40 million to $350 million to clean up the mess.
IBM expects these figures to continue climbing in the coming year.
What factors impact the cost of a data breach?
A data breach is not limited to a single incident to be mitigated in just a few days. IBM estimates that it takes companies an average of 280 days to fully recover from a breach. Responding to these breaches extends beyond addressing the root cause of the hack.
Companies must satisfy notification requirements, preserve affected documents and logs, and address potential PR concerns. If the breach involved PHI (protected health information) or identifying information like Social Security Numbers, the response becomes even more complicated. Most companies will need to hire outside legal consultants to ensure a proper response has taken place.
Beyond these immediate issues, companies that experience a data breach will face “long-tail” costs, those occurring beyond a year year after a breach. These costs include class action lawsuits, regulatory fines, and the potential loss of customers who have lost trust in the company. IBM estimates that lost business accounts for 36 percent of the average total data breach cost.
Proactive Companies Fare Better
Not only will the cost of a data breach increase, so will the odds that a given company will experience a breach.
Companies are more than 30 percent more likely to experience a breach in the coming years, according to IBM. The Herjavec Group estimates that a ransomware attack will affect a new business every 11 seconds by 2021.
The risk of a data breach is not a vague threat intended to scare companies into investing more in backend security response. The risk is simply the reality companies must overcome to protect their clients’ data and their own future success. Bad actors are here to stay, unfortunately, and they are becoming savvier all the time.
Still, companies can make proactive decisions to reduce the risk of a data breach. Key actions that can help include:
· Establishing in-house incident response capabilities
· Integrating advanced machine-learning AI into security platforms
· Increased cybersecurity education for all employees
· Creating DevSecOps teams who address data security from the start of the development process
IBM estimates that the presence of an in-house incident response team has a significant impact on reducing data breach costs. Using incident response teams can reduce the cost of a data breach by an average of 10.5 percent, a figure that can save companies hundreds of thousands of dollars.
Don’t wait until you’re in response mode to come up with a data security strategy. MixMode’s third-wave, machine-learning AI detects vulnerabilities before they attract bad actors, giving our clients the upper hand when it comes to cybersecurity.
Why is machine learning better?
Machine learning is a subset of AI that adds automation and intelligence to computer programs. A music platform that can predict which songs and artists a listener will likely enjoy is one example of machine learning at work.
MixMode takes the concept of machine-learning a few steps further. Not only could our context-aware AI make accurate song predictions, but it could also actually create original music compositions in the same vein.
While today’s hackers and cybercriminals are often well-versed in typical machine-learning AI, MixMode’s unique context-aware AI is a world apart.
Our platform takes a deep dive into your network to develop a baseline level of knowledge it will use to evaluate network anomalies. The result is at least a 12 percent reduction in the cost of detecting and responding to data breaches. That’s what happens when SecOps teams don’t have to wade through a mountain of false positives to address real issues.
Learn how MixMode can ensure your organization won’t become the next company to make the news thanks to a data breach. Reach out to MixMode today to set up a demo.
MixMode Articles You Might Like:
Network Data: The Best Source for Actionable Data in Cybersecurity
Using the MixMode query language to integrate with Splunk
3 Cyberthreats Facing Federal and State Governments in 2020
Staying CCPA Compliant with MixMode’s Unsupervised AI
5 Cybersecurity Threats That Will Dominate 2020
Wire Data: What is it Good For?
Yesterday’s SIEM Solutions Can’t Combat Today’s Cyberthreats
View full post on National Cyber Security
#cyberfraud | #cybercriminals | The cyber pirates of the Caribbean responsible for online fraud that robs Australians of millions
They ride the high seas of the global financial system, preying on everyday Australians and stealing millions of dollars. They are the outlaws of the digital world and authorities seem powerless to stop them.
Jane Smith* had run a successful business for years and was finally in a place where she could think about investing her and her husband’s retirement fund.
They had both worked hard and put aside a sizeable nest egg, but she was worried as she neared retirement age they needed a top-up.
So when a simple offer promising a healthy return popped up on her Facebook feed, she thought she would give it a try.
It sounded similar to something she had heard about from a friend whose son worked for a major investment firm that was using automated trading software on currency exchange markets.
And it came from a firm with a slick-looking website and a friendly investment manager who sounded highly educated and knew current market trends.
Little did she know her savings would be flushed into a river of cash flowing out of Australia and into a global network of offshore accounts, where it would be laundered and channelled into the pockets of highly organised criminals.
Scammers who are smarter than us
Jane’s life has changed irrevocably since she was targeted.
She is now forced to contemplate a future where she and her husband will have to keep working, then when they get too old perhaps turn to the Government for support.
And Jane is far from alone.
Many of us think we are too smart to fall for scammers, but investment scams cost Australians at least $86 million in 2018 — topping all other forms of scams that robbed people of their savings.
Fake investment offers in cryptocurrencies, such as Bitcoin, are becoming more popular, resulting in record losses in 2019, according to the Australian Competition and Consumer Commission (ACCC).
Trading in cryptocurrencies such as Bitcoin has become a hunting ground for cyber scammers. (Supplied: Hybridreserve.com)
But despite the massive cost, victims say when they report these crimes, action is rarely taken.
An ABC investigation has peeled back the glossy facade of the scam that robbed Jane of her savings, to reveal an extensive global network including shell companies, sophisticated marketing and high-pressure sales tactics all designed to get what it wants — your money.
Fake news and bogus endorsements
For Jane, the scam started at her home in the West Australian city of Bunbury.
From there, it went all the way to the regulatory havens of the Caribbean, Europe and Asia that allow these financial pirates safe harbour.
It began with a fake ABC news story about a bogus endorsement by mining billionaire Andrew Forrest for a financial scheme that promised great riches.
A screenshot of one of the bogus ABC News articles used to publicise the scam. (Supplied: Consumer Protection WA)
There are endless variations of this ad floating around Facebook, LinkedIn and other social networks, but the formula remains the same.
A name-brand celebrity like Microsoft founder Bill Gates or Virgin billionaire Richard Branson is ostensibly interviewed by a reliable news outlet, with public comments from supposed clients raving about the money they say they have made:
“Is this really working? Has anyone tried it yet?”
“It really is! I already earned 1352$ [sic] and it just keeps coming. I can’t wait to earn more with the app.”
“I’m very surprised that this is fully legal, with the amount I’m earning.”
Australian versions of the scam also feature former NSW premier and now NAB banking executive Mike Baird.
Jane read the article and was intrigued. She followed the links and found herself on a website using the name HybridReserve.
“HybridReserve set out to allow ANY person sitting at home or in the office to be able to invest modest sums of money and offer them the 100% support and guidance needed for beginners,” the site claims.
“Confusing terminology and complicated technologies, are not our thing.”
She started off with small amounts, but as the returns flowed in and she received some early payouts, she was encouraged to invest more heavily.
She eventually deposited $670,000 over several months into HybridReserve’s online trading platform, believing it was being invested on her behalf.
But once the money was deposited, her investment manager suddenly became hard to contact, despite the previous daily calls and emails.
And heading over to their office to speak to him was not an option.
HybridReserve lists a main address in the picturesque Caribbean nation of St Vincent and the Grenadines.
The tiny nation lies in a chain of tropical islands that also includes famous offshore tax and regulatory havens such as the British Virgin Islands, the Cayman Islands and The Bahamas.
When the ABC called the only number listed on HybridReserve’s website that was still connected, the man who answered claimed no knowledge of HybridReserve.
He said he was only there to “connect” callers to other agents, but also that he was available for anything the ABC “wished to do that considers trading, and such”.
He then said he would put the call through to management, and hung up the phone.
A very busy address
The address listed by HybridReserve — Suite 305, Griffith Corporate Centre, Beachmont, Kingstown — is well known to authorities and IDCare, a not-for-profit identity theft and cyber fraud support service.
The man who answered the phone said he was in St Vincent and the Grenadines, at “Suite 305 Griffith”, but later backtracked, saying he could not reveal where he was located.
In the past two years IDCare has dealt with 41 complaints linked to that address out of 583 cases of alleged investment fraud.
The Australian Securities and Investments Commission (ASIC) also lists 12 business names or entities associated with this address on their companies you should not deal with list.
It is a modest office block that sits in a semi-industrial part of the capital, Kingstown, next door to a private medical centre.
The ABC does not suggest all firms linked to this address are involved in fraud, as there are legitimate reasons for incorporating your business offshore.
But a number of brokers who are the subject of complaints by Australian investors have this listed as their main address.
Griffith Corporate Centre is advertised online as offering virtual office space and registered office services.
The ABC made repeated attempts to contact the centre, but received no reply.
There are legitimate locations like this one all over the world. Often they are just post office boxes.
They can be used by people who want to incorporate a company in a particular jurisdiction, but either don’t have their own property located there or want to list a different location to their bricks and mortar office.
Bank accounts can then be opened in the names of incorporated companies, which can be useful for people wanting to move large amounts of money around the globe.
This office desk picture was uploaded to Griffith Corporate Centre’s address on Google in September, 2019. (Google: Griffith Corporate Centre)
In Saint Vincent and the Grenadines, an incorporated company must have a locally registered office and agent, although the directors and owners can be located offshore.
A firm offering offshore company incorporation services, which is headquartered at Suite 305 at the Griffith Corporate Centre, is Wilfred International Services (WIS).
WIS managing director Merma DeFreitas said the majority of her clients used WIS as their registered office, but she denied knowing anything about alleged fraud committed by firms incorporated at the address.
“Wilfred Services Ltd is the registered agent ONLY and does NOT own or operate any of the entities that are incorporate[d] through our firm,” Mrs DeFreitas said in a written statement to the ABC.
“Therefore our firm is NOT linked to OR aware of any alleged fraud committed against any individuals.”
The ABC requested information about 10 firms that list this address — including HybridReserve — which have had complaints against them registered with ASIC or IDCare.
Mrs DeFreitas said she could not make any comment about these firms as WIS only responded to requests made by local financial regulatory authorities.
Why harbour in the Caribbean?
Saint Vincent and the Grenadines is renowned worldwide for its soft sand beaches and tropical paradise image — which saw it feature as the backdrop to the blockbuster Disney film series Pirates of the Caribbean.
But it is famous for another reason in the global financial community.
The cluster of islands often referred to as SVG is known for its lack of financial transparency, to the extent that firms specialising in offshore businesses, such as offshore-protection.com, spruik it as having “one of the most restrictive confidentiality laws globally”.
SVG has issued public warnings that currency trading businesses registered in its jurisdiction are not regulated by the government, but its response to tackling the problem has so far been limited.
SVG has flagged changes to comply with European Union requirements for good governance, after it was threatened with blacklisting as an uncooperative tax jurisdiction.
But those reforms have focused so far on local taxation and not on “economic substance” reforms, which could require companies to have a physical presence in the country and local staff.
The ABC approached the country’s Financial Services Authority for information relating to businesses incorporated at the Griffith Corporate Centre, but it was not provided.
The Estonian connection
HybridReserve’s international connections are not limited to Saint Vincent and the Grenadines.
The terms and conditions say the website is owned by a company called Singlebell OU, which is incorporated in the eastern European Baltic state of Estonia, and that this firm is fully liable for claims, losses, costs or damages.
Estonia also allows people to incorporate companies from offshore, and this is often done with the assistance of law firms that can register multiple entities at any single address.
But Estonia is more open than St Vincent and the Grenadines, as it does make company records available.
Company documents from Estonia show Singlebell OU is registered to an address in the capital, Tallinn.
ASIC lists another 10 firms all appearing to offer brokerage services linked to this address on their companies you should not deal with — unlicensed companies list.
The address where Singlebell OU is incorporated is an unassuming office building in Tallinn. (Source: Google Street View)
Company records from Estonia show Singlebell OU was registered in March 2018, but the members of the management board changed the following month.
The management’s location shifted south to the Mediterranean.
The new solo management board member, Serge Michou Tchio Daloko, listed an address on the business registration in the Cyprus capital of Nicosia.
But Mr Daloko’s tenure on the board of Singlebell, and its status as a Cyprus-listed company, lasted little more than a year.
In July this year, Singlebell’s management board changed again, shifting across the Atlantic Ocean to Central America.
The new structure saw Mr Daloko replaced on the business registration by a man named Daniel Lopez Romero, who listed his address as a small two-storey building in a quiet residential street in Mexico City.
Exploiting the global network
ASIC executive director for assessment and intelligence Warren Day has spent years chasing criminals who seek to defraud Australians.
Mr Day said criminals registered official companies and bank accounts to look legitimate and move money across the globe to avoid detection.
“What we know is the minute those funds hit those accounts they move on to another account in another country, and then probably another country again, so that the trail goes cold,” he said.
“So it’s very hard for regulators and money tracking authorities such as AUSTRAC to identify where they’ve gone.”
He said these scams had become an “intractable problem” because of the mobility of the perpetrators and the way money could be quickly moved.
“Effectively trying to arrest someone, and let alone get a successful prosecution, the chances of that are low to non-existent,” Mr Day admitted.
ASIC’s Warren Day says the prospects of arresting cyber criminals are almost non-existent. (ABC News: Chris Sonesson)
“That’s cold, that’s really cold news to a victim, and the best thing we can say is, ‘you’ve been scammed’. But the good news is, by you telling us, you’ve prevented other people from losing a lot of money as well.
“I fully acknowledge that’s really cold comfort to the person who may have lost tens to, in some cases, hundreds of thousands of dollars.
“But the reality is, these people have disappeared, they were never here in Australia, they’re not even in the countries they say they operate in.”
Australia seen as an easy target
The former head of the Australian Crime Commission, David Lacey, has seen first-hand the impact of investment fraud after he started IDCare, a charity that supports victims of identity fraud.
He has seen calls about investment fraud to his service quadruple in the past 12 months.
“Often for a lot of people they are life-changing events,” Mr Lacey said.
“They’re going to have to make decisions like, do they sell their house, are they applying for welfare, are they going to work to a later age — that’s the human toll a lot of these things have.”
David Lacey was the former executive director of the Australian Crime Commission. (ABC News: Chris Gillette)
Mr Lacey said Australia tended to be “a bit slow off the mark” promoting awareness of scams that crossed jurisdictions and may already have been reported by overseas financial regulatory authorities.
But he said there also needed to be a focus on deterrence.
“What we haven’t seen is perhaps the deterrence and the intervention that we would like to see, to send a message — a very clear message — to criminals offshore that Australia is no longer an easy target,” he said.
“At the moment, we think there’s a bit of a gap.”
Trying to track the scammers
Australian authorities were notified about HybridReserve, but the information seemingly failed to filter back to Jane’s bank — the Commonwealth Bank — or even ASIC.
The Australian Competition and Consumer Commission (ACCC) said it received 25 reports about HybridReserve last year, and first notified ASIC on January 1 — but it only publicly listed HybridReserve as an entity you should not deal with on November 25.
This is despite details about HybridReserve being listed on the International Organisation of Securities Commissions (IOSCO) investor alerts portal on March 4, at least a month before Jane made her first major transfer.
Belgian financial authorities flagged it even earlier, in February.
Australia is seen as an easy target for cyber fraudsters. (Reuters: Kacper Pempel/Illustration)
Mr Day said ASIC was working with the ACCC to better streamline how they exchanged information.
He also said ASIC did not automatically list scams from IOSCO on its blacklist, but it was in the process of reviewing that policy.
“There are so many scams operating at any one time, we would flood our own blacklist,” Mr Day said.
“Our experience at ASIC has been that often the scams that are being perpetrated against a citizen in Belgium, or Spain, or Portugal, or the UK, don’t necessarily mean that they’re being perpetrated on people in Australia.
“That obviously now is changing, the behaviour is changing, and we are reviewing our practices in that space.”
No red flags were raised for Jane
HybridReserve instructed Jane to transfer her money into two Australian accounts set up in the names of shell companies.
Neither of these were registered with the Australian Transaction Reports and Analysis Centre’s (AUSTRAC) remittance register, which is required for firms whose business is transferring money overseas.
The woman said the fake stories looked so authentic she believed the scam was real. (ABC News: Anthony Pancia)
One transaction alone was more than $300,000, which Jane said should have raised red flags.
She even called the transfers “HybridReserve” on her Commonwealth Bank statement.
Jane was also told to send her money to a German account, registered to a firm based in Berlin.
German financial authorities flagged that firm two months after Jane made her first transfer, telling the company to desist from conducting money remittance and specifically naming HybridReserve.
The Commonwealth Bank said it were only notified by Jane some months after her last transfer that she had been the victim of a scam and wanted to try to recover the money.
“Unfortunately despite our efforts, we were unable to recall the funds concerned,” a spokesperson said in a statement.
The Australian Banking Association said in a statement banks worked closely with AUSTRAC to protect the Australian community from serious crime and terrorism.
“The financial intelligence and information provided by banks significantly contributes to Australia’s intelligence picture, helping AUSTRAC and our government partners in their work to detect and disrupt criminal activity — here and overseas,” the statement said.
Mr Lacey said while banks played a critical role, they should be the very last line of defence, and multinational companies which profited from selling ads and server space to criminals should also step up.
“For investment fraud to succeed for a criminal, there’s a lot of enabling activities that need to occur,” he said.
“We’re seeing a lot of very large multinational companies involved in … assisting in advertising investment fraud offerings, so they’re receiving money from criminals who are paying to advertise their investment frauds so that Australians can fall for these scams.
“If your organisation is enabling these things to occur … you need to be asking yourself the question whether or not your products and services are involved in that criminal enterprise.”
He said many clients had expressed an interest in a class action against such firms.
Jane’s money remains lost at sea
While she waits for justice, Jane’s money remains unaccounted for as it travels the world in the hands of the cyber pirates.
It has been more than three months since she contacted police, but they had not yet taken a formal statement.
She said she felt let down by the Australian law enforcement system and the banks.
“Three months later, they [have] failed to understand whose jurisdiction this whole case falls under,” she said.
“It’s just handballing and no action. In three months … they haven’t even taken a statement from me, or contacted any international authorities, or held anybody accountable.
“All financial institutions have to be responsible enough to keep their database up to date of all these scams, in order to protect their customers, their clients’ money.
“I think they let us down.”
*Name has been changed to protect the woman’s identity
- Reporting: Rebecca Trigger
- Video and graphics: Claire Borrello
- Digital production: Liam Phillips and Rebecca Trigger
- Editor: Liam Phillips
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Potentially the biggest tech issue New Zealanders will confront this year, will be the growing impact of fake news and an inability to discern real from fake, says NZTech chief executive Graeme Muller says. With massive increases in scams and phishing, criminals are benefiting from Kiwis’ […] View full post on AmIHackerProof.com
A search engine showing 1.4 billion of leaked or hacked passwords, including those of some 3.3 million Dutch, is officially online. On Gotcha.pw Dutch people can now check whether their password was stolen by searching for their email address. If there is a leaked password associated with that email address, the site shows the first two characters of the password, NU.nl reports.
You can also search domain names on the site. In this way organizations can see which of their employees’ email addresses and passwords are on the street. Passwords from the National Coordinator for Counter-terrorism and Security, among others, can be found on the site, according to the newspaper. It is not clear whether these are old or current passwords.
The Gotcha.pw site administrator collected these passwords from previous data leaks and bundled them into a search engine. Such search engines have existed for some time. The Dutch police offer a similar service, and people can also use Have I Been Pwned to find out if their password is not safe.
The arrival of the Gotcha.pw search engine was announced with great fanfare last week – in a front page story on AD. The search engine was online for a short time last week Friday, but was taken down again. It initially showed the full hacked password, which is illegal. The administrator therefore adjusted the site to only show the first two letters of the passwords, according to NU.nl.
The post SEARCH #ENGINE WITH #MILLIONS OF #HACKED DUTCH #PASSWORDS #ONLINE appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Tight Inventory Continues To Dog Housing Market Steve starts his Real Estat Roundup segment by asking Terry how long a typical For Sale house stays on the market before it gets a confirmed buyer. Terry says the national average was 27 days for the month of May 2017, well below…
The post Be Alert! Hackers Are Stealing Millions From Buyers By Using These Real Estate Scams appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
The KMBZ Cover Story for Thursday is “When Hackers Hit Home,” all about criminals who use technology to steal peoples’ identities and property. One victim in the Kansas City Metro is Scott, who found that he and his family were victimized when he tried to file his taxes. “When we…
The post Sophisticated criminals victimize millions with technology, online scams appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
‘UNFAIR’ SHARE Wife who made millions in ‘eye-watering’ bonuses battles cheating ex-husband after judge awarded him HALF of her fortune
A WIFE who made millions in “eye-watering” bonuses as a city trader is battling her cheat ex-husband after a divorce judge awarded him HALF of her fortune. Energy trader Julie Sharp and IT consultant Robin Sharp both earned around £100,000 … View full post on National Cyber Security Ventures