report

now browsing by tag

 
 

#nationalcybersecuritymonth | Hillicon Valley — Presented by Facebook — FCC fines mobile carriers $200M for selling user data | Twitter verified fake 2020 candidate | Dems press DHS to complete election security report | Reddit chief calls TikTok spyware

Source: National Cyber Security – Produced By Gregory Evans

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills).

 

FCC FINES TOP MOBILE CARRIERS: The Federal Communications Commission (FCC) is proposing more than $200 million in fines against the country’s top mobile carriers after a lengthy investigation concluded T-Mobile, AT&T, Sprint and Verizon improperly sold access to their customers’ precise location information. 

The agency is alleging the companies broke the law by failing to protect information about the geolocation of their hundreds of millions of customers. 

“The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information,” FCC Chairman Ajit Pai (R) said. “And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t.”

“Today, we do just that,” Pai said.

The proposed fines — which Verizon, AT&T, T-Mobile and Sprint are now allowed to contest — are some of the largest the FCC has proposed in decades. But since reports began emerging about the fines on Thursday night, consumer advocates and privacy hawks in Congress have accused the regulatory agency of holding back and letting the telecom companies off the hook with fines that amount to a “rounding error” compared to their significant bottom lines.

Sen. Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Presented by American Health Care Association — California monitoring 8,400 people for coronavirus | Pence taps career official to coordinate response | Dems insist on guardrails for funding Schiff presses top intel official to declassify part of report on Khashoggi killing Top Trump advisers discuss GOP need to act on health care at retreat with senators MORE (D-Ore.), who was one of the first to shed light on the companies’ unlawful information sharing, released a statement accusing Pai of going easy on the companies.

“It seems clear Chairman Pai has failed to protect American consumers at every stage of the game – this issue only came to light after my office and dedicated journalists discovered how wireless companies shared Americans’ locations willy nilly,” Wyden said. “He only investigated after public pressure mounted.”

“And now his response is a set of comically inadequate fines that won’t stop phone companies from abusing Americans’ privacy the next time they can make a quick buck,” Wyden said.

Verizon, for instance, boasted a total revenue of $31.4 billion in 2019 and is facing a fine of $48 million.

The FCC is proposing a fine of $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon and $12 million for Sprint.  

T-Mobile, which is facing the largest fine by far, said in a statement Friday that it intends to dispute the FCC’s conclusions.

“We take the privacy and security of our customers’ data very seriously,” T-Mobile said. “While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine.” 

Public Knowledge, a consumer rights group, said the FCC’s fines indicate the chairman is enforcing the law “to the barest degree possible.” 

Read more on the fines here.

 

SPONSORED CONTENT — FACEBOOK

Elections have changed and so has Facebook

Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.

See how Facebook has prepared for 2020.

 

TURN IT IN: House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonRussian interference reports rock Capitol Hill Intel officials warned House lawmakers Russia is interfering to get Trump reelected: NYT Top Democrats demand answers on DHS plans to deploy elite agents to sanctuary cities MORE (D-Miss.) on Friday raised concerns around the Department of Homeland Security’s failure to submit a congressionally mandated election security report on time. 

DHS was required under the 2020 National Defense Authorization Act to submit a report to Congress on successful and attempted cyberattacks on U.S. election infrastructure during the 2016 elections, along with any future cyberattacks on elections that DHS anticipates. 

The agency was required by the NDAA to submit the report within 60 days of the bill being signed into law. President TrumpDonald John TrumpThe Memo: Biden seeks revival in South Carolina Congress eyes billion to billion to combat coronavirus Sanders makes the case against Biden ahead of SC primary MORE signed the NDAA on Dec. 20, with Feb. 18 marking the deadline for the report to be submitted to appropriate congressional committees. 

Thompson, whose committee is among those that DHS is required to submit the report to, said Friday that the failure of DHS to submit the report “further obstructs Congress’ abilities to conduct proper oversight,” and noted this was “in direct violation of the law.”

“The threat to our democracy from foreign governments is real, and the Administration’s pattern of denial must stop,” Thompson added. “With President Trump in office, the American people cannot expect our elections to be secure and free from foreign interference or cyber-attacks with status quo measures in place.”

Read more here.

 

‘WALZ’-ING AROUND: Twitter earlier this month verified an account for a fake 2020 congressional candidate created by a teenager.

The account was for a fictional Republican congressional candidate from Rhode Island named Andrew Walz.

His Twitter bio claimed that Walz was a “proven business leader” and a “passionate advocate for students,” CNN Business first reported.

The owner of the account was a 17-year-old high schooler from upstate New York who, according to the network, made the account over the holidays because he was “bored.”

“During Christmas break I was kind of bored and I learned a lot from history class, but also on the news they were talking more about misinformation,” the high school student told CNN Business.

The teen said it took him about 20 minutes to make the website for his candidate and then another five minutes to create the Twitter account.

He got his profile picture from a website called This Person Does Not Exist, which computer generates realistic photos of fake people.

Then, he filled out a short survey with information about his fake candidate on Ballotpedia, the nonprofit “Encyclopedia for American Politics.” Twitter announced in December that it would be partnering with the nonprofit in an attempt to verify more congressional candidates. 

However, according to the student, neither Twitter or Ballotpedia asked for any further kind of identification to confirm that Walz was, in fact, genuine.

The social media platform has received flak from candidates who say it has been slow to verify them.

Read more on the incident here.

 

REDDIT DINGS TIKTOK: TikTok is under scrutiny from Reddit CEO and co-founder Steve Huffman for practices he calls “fundamentally parasitic,” referring to serious privacy concerns surrounding the app.

The app is a video-sharing social networking service owned by ByteDance, a Beijing-based company established in 2012 by Zhang Yiming. TikTok launched in 2017 for iOS and Android in markets outside of China.

Huffman said one of the suspicious practices the company partakes in is fingerprinting, a method of tracking devices for each unique visitor, according to The Verge.

“Maybe I’m going to regret this, but I can’t even get to that level of thinking with [TikTok],” Huffman said at the Social 2030 venture capital conference. “I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone.”

Research by data protection expert Matthias Eberl highlights the fingerprinting Huffman refers to as an aggregate of audio and browser tracking, allowing the company to know the types of content each user is following. TikTok parent company ByteDance claims the fingerprinting methods are for recognizing malicious browser behavior, but Eberl offers his skepticism, as the platform seemingly works fine without the scripts enabled.

“I actively tell people, ‘Don’t install that spyware on your phone,’ ” Huffman said of TikTok’s software.

Read more here.

 

SPONSORED CONTENT — FACEBOOK

Elections have changed and so has Facebook

Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.

See how Facebook has prepared for 2020.

 

SCHEMING: Advocates are sounding the alarm over online scams that leave senior citizens particularly vulnerable, urging lawmakers and administration officials to take more steps to protect unsuspecting Americans.

Experts say that threat is heightened during tax season as online options for filing have grown in popularly, opening the door to more scams aimed at obtaining sensitive information or money from victims.

“Consumers should be especially vigilant as we approach tax season,” said Bill Versen, chief product officer at Transaction Network Services, a data services provider.

While there are a slew of scams at tax filing season, experts say that the elderly face a higher risk of being ensnared and experiencing financial hardship.

The most common kinds of tax scams are phishing and calls where a scammer impersonates an IRS official, according to Monique Becenti, a product specialist at cybersecurity firm SiteLock.

Phishing is a tactic used by hackers to get access to private information using fake emails, text messages and social media posts.

These communications are designed to bait unaware users, often the elderly, into giving up their personal information or clicking on links that can download dangerous malware onto computers and phones alike.

But the most common scam between 2014 and 2018 was fraudulent IRS calls, according to a yearly report released by the Senate Committee on Aging.

In those calls, the scammer impersonates an IRS official, demanding payment or sensitive information. In some cases, scammers have been known to threaten to suspend licenses, close businesses or even arrest individuals if they fail to pay fake bills.

“The overall goal is cyber criminals trying to file taxes on behalf of that person,” Becenti told The Hill. And once an individual falls victim, scammers can run further schemes. “Ultimately, they have their Social Security number. … Now they have the ability to open up fraudulent accounts on behalf of that individual.”

Read more here.

 

CHANGE OF PACE: Facebook sued a marketing company Thursday, alleging in federal court that the firm “improperly” collected data from users of the social media platform.

The lawsuit, filed in the Northern District Court of California, claimed oneAudience paid developers to use a malicious software development kit, or SDK, in their apps.

SDKs are tools that let developers make apps more quickly.

OneAudience’s SDK collected data in an improper fashion from Facebook users who opted to log in to certain apps, the lawsuit alleged.

Facebook claimed the data included names, email addresses and gender, in limited cases.

Facebook said it sent a cease-and-desist letter to oneAudience in November, but claimed the company did not cooperate with a requested audit.

OneAudience did not immediately respond to a request for comment.

In a blog post, Jessica Romero, Facebook’s director of platform enforcement and litigation, wrote that the lawsuit was filed to protect the platform’s users.

“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she wrote. “Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies.”

Read more here.

 

CAMEO: Former Illinois Gov. Rod Blagojevich (D) joined an app where people can pay for personalized video messages after President Trump commuted his sentence on corruption charges earlier this month. 

Blagojevich is on the app Cameo offering personal messages for $100. 

“Hey it’s Rob Blagojevich. I’m very excited to connect with you on Cameo. If you want a birthday greeting, an anniversary greeting, motivation or any other kind of shoutout, I can’t wait to hear from you,” the former lawmaker said on his account. 

The app features a variety of celebrities and personalities that offer personalized messages for fans upon request. 

Former Trump White House press secretary Sean SpicerSean Michael SpicerRod Blagojevich joins app where people can pay for personalized video message Press: It’s time to bring back White House briefings Rapid turnover shapes Trump’s government MORE also has an account on the app, as does former Trump administration communications director Anthony ScaramucciAnthony ScaramucciRod Blagojevich joins app where people can pay for personalized video message Scaramucci thanks John Kelly for speaking up against Trump Trump lashes out over Kelly criticism: ‘He misses the action’ MORE, former Trump aide Omarosa Manigault and former Trump campaign manager Corey LewandowskiCorey R. LewandowskiRod Blagojevich joins app where people can pay for personalized video message The Hill’s Morning Report – Sanders repeats with NH primary win, but with narrower victory Trump campaign chief relocating to Washington: report MORE

Trump commuted Blagojevich’s sentence earlier this month. He called Blagojevich’s 14-year sentence “ridiculous” 

“He served eight years in jail, a long time. He seems like a very nice person — don’t know him,” Trump said.

Read more here.

 

A LIGHTER CLICK: Hope y’all are happy

 

AN OP-ED TO CHEW ON: Indictment of Chinese hackers is wake-up call for better public-private cooperation

 

NOTABLE LINKS FROM AROUND THE WEB:

Vatican joins IBM, Microsoft to call for facial recognition regulation (Reuters / Philip Pullella, Jeffrey Dastin) 

The World Health Organization has joined TikTok to fight coronavirus misinformation (Verge / Makena Kelly)

Walmart is quietly working on an Amazon Prime competitor called Walmart+ (Recode / Jason Del Rey)

Source link

The post #nationalcybersecuritymonth | Hillicon Valley — Presented by Facebook — FCC fines mobile carriers $200M for selling user data | Twitter verified fake 2020 candidate | Dems press DHS to complete election security report | Reddit chief calls TikTok spyware appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Crypto is fueling organized crime in Latin America, claims new report

Source: National Cyber Security – Produced By Gregory Evans

In brief

  • Threat intelligence firm Intsights says criminals are turning to cryptocurrencies in greater numbers in Latin America.
  • Mixing services, P2P and unregulated crypto exchanges are the tools of choice to covertly wash and launder illicit funds.

Organized crime and drug cartels in Latin America are increasingly turning to cryptocurrencies to launder money and orchestrate scams, according to the latest collaborative report by threat intelligence firm Intsights and blockchain forensics firm CipherTrace. 

The report, “The Darkside of Latin America,” demonstrates how threat finance in Latin America has evolved with the rise of cryptocurrencies and peer-to-peer and unregulated exchanges. Researchers for Intsights say they arrived at their findings from access to “closed-access databases” and “hundreds of underground sources (deep web and dark web),” among other tactics.

The report claims that the region’s countries “top the list of the world’s worst money laundering nations,” and organized crime and cybercriminals are turning to cryptocurrencies to move money and to hire hackers. The report also highlights the fact that extreme political corruption in the region helps criminals operate without much resistance. 

One way criminals are specifically using cryptocurrency is through “mixing services” to obfuscate “potentially identifiable or ‘tainted’ cryptocurrency funds with others,” according to Intsights. Once “washed” through mixing services, criminals continue to trade their crypto on other exchanges to profit.

Further, criminals are laundering money through the many unregulated exchanges through Latin America, which lack the know-your-customer (KYC) and anti-money laundering (AML) policies that are commonplace in more developed countries. Criminals use these exchanges to trade Bitcoin for altcoins to further obfuscate and profit from their illicit funds. According to the researchers, they estimate that 97% percent of washed cryptocurrency ends up in places like Latin America that have “extremely lax KYC/AML regulations.” 

To compound this, criminals also turn to peer-to-peer exchanges (P2P), which remain the preferred way for criminals to exchange crypto to fiat money. The report cites P2P exchanges such as LocalBitcoins, which has relatively high trading volume in Latin America, as favorites for criminals to launder money because they ”typically lack AML programs and perform little or no KYC due diligence.” 

In recent months, P2P exchanges like Paxful and Local Bitcoins have stepped up their regulations to combat this reputation. 

The report cites the case of the now notorious Panamanian payment processing firm Crypto Capital as a prominent example of how criminals use crypto. The alleged operators of the “shadow bank” are charged with aiding drug cartels with money laundering operations between Latin America and Europe, among other misdeeds.

It’s a problem that’s unlikely to be resolved any time soon, according to the researchers, given Latin America’s lack of established anti-money laundering laws and poor enforcement of the laws that are in place.

Nevertheless, the report recommends firms that want to combat cybercrime in the region to “collect, monitor, and analyze cyber crime intelligence,” learn and “follow best security practices.”

Source link
——————————————————————————————————

The post #deepweb | <p> Crypto is fueling organized crime in Latin America, claims new report <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Trae Young, Hawks Beat Mavs as Luka Doncic, Kristaps Porzingis Sit with Injuries | Bleacher Report

Source: National Cyber Security – Produced By Gregory Evans

Scott Cunningham/Getty Images

Luka Doncic and Trae Young will forever be connected after they were traded for each other on draft day in 2018, and the latter helped prevent a season sweep Saturday with the former sidelined.

Young’s Atlanta Hawks defeated Doncic’s Dallas Mavericks 111-107 at State Farm Arena, evening the two-game season series as Atlanta improved to 17-41 following a second straight win.

Young gave his team the lead with a deep three-pointer in the final two minutes and then broke a tie with a shot in the lane in the final minute to take the lead for good.

As for the Mavericks, they can take solace in knowing they are the one eventually headed to the playoffs this year at 34-23 even though their two-game winning streak ended with Doncic and Kristaps Porzingis sidelined.

         

Player Stats

  • ATL G Trae Young: 25 points, 10 assists and six rebounds
  • ATL F John Collins: 35 points, 17 rebounds and two blocks
  • ATL G Cam Reddish: 20 points, six rebounds and three steals
  • DAL G Tim Hardaway Jr.: 33 points, five assists and four rebounds
  • DAL G Seth Curry: 22 points, six rebounds, five assists and two steals

              

Hawks’ Advantage in Star Power Makes the Difference

The primary storyline entering play was how the Mavericks would perform without Doncic and Porzingis after they defeated the Orlando Magic on Friday.

The Associated Press noted Doncic was resting his previously sprained right ankle on the second night of a back-to-back, while Porzingis was doing the same with his surgically repaired left knee.

The rotation was further depleted because Willie Cauley-Stein was out for personal reasons, and Jalen Brunson was ruled out with a right shoulder sprain in the first half.

Dallas didn’t need the Doncic and Porzingis pairing during a 23-point win over the Hawks on Feb. 1 and appeared to be well on the way to a similar result on the road Saturday. Tim Hardaway Jr. and Seth Curry combined for 34 points and five made three-pointers in the first half alone, and the Mavericks cruised into the final 10 minutes with a double-digit advantage.

Enter Young.

While Collins did much of the offensive work against a short-handed Dallas frontcourt in the early portion of the game, Young scored or assisted on 19 of the Hawks’ final 27 points. He drilled a game-tying three with three minutes left before he hit the go-ahead bucket down the stretch and consistently blew past the Mavericks’ perimeter defenders.

Stars take over in crunch time, and the visitors didn’t have any of their own in Saturday’s rotation to counter No. 11.

The Hawks turned to their promising young playmaker on possession after possession, and he stole a victory from a Western Conference playoff contender in dramatic fashion.

Doncic’s absence took away from the individual battle, but Young had no problem creating his story with the game on the line.

                       

What’s Next?

Both teams are in action Monday when the Mavericks host the Minnesota Timberwolves and the Hawks are at the Philadelphia 76ers.

Source link
——————————————————————————————————

The post #deepweb | <p> Trae Young, Hawks Beat Mavs as Luka Doncic, Kristaps Porzingis Sit with Injuries | Bleacher Report <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss

Source: National Cyber Security – Produced By Gregory Evans


As the internet has become an indispensable part of our lives, crimes committed on the internet have started to increase significantly. In the 2019 report of the FBI, it was emphasized that cybercrime cost $ 3.5 billion.

The Federal Bureau of Investigation (FBI) published the ‘2019 Internet Crimes Report’. According to the published report, the number of crimes complained during the year reached 467 thousand 361. The cost of the crimes complaining exceeds $ 3.5 billion.

Cybercrime increased in 2019
The Internet Crime Complaints Center (IC3), an FBI source that reports suspected cybercrime activities, was established in May 2020 and reached a total number of 4,883,231 complaints with 2019 reports.

While the number of complaints received in the last five years has reached 1.7 million, the total annual loss has increased from $ 1.1 billion (2015) to $ 3.5 billion (2019). The damage of cybercrime to individuals and businesses in the US has exceeded $ 10 billion in the past five years. 2019 was the worst year in this respect. During the year, the highest cyber crime complaints ever made, while the victims of cyber crime have also suffered their greatest losses. In the fight against cybercrime, an amount of $ 300 million was saved.

Company emails
In the fraudulent activities carried out via company e-mails, more than $ 1.7 billion was lost. A total of 23,775 complaints were made in this area in 2019. Business email scams have become the most dangerous group in cybercrime.

“Many organizations have been vulnerable to email attacks because criminals are developing their methods to compromise traditional email,” said Cencornet CEO Ed Macnair. The attackers targeted the most CEOs and staff working in the financial department in these areas.

Macnair said that cybercriminals trick employees and steal valuable information by using e-mail addresses similar to trusted companies’ e-mails. Macnair said this method is very difficult to catch by traditional defense systems and companies need to improve their security techniques.

Ransomware
The FBI warned about the magnitude of the ransomware’s impact on businesses and organizations. In the ransomware attack against the city of New Orleans in December 2019, it was revealed that the FBI’s warnings were not taken seriously.

In 2018, there were some reductions in complaints about ransomware attacks, but this number increased again in 2019 and reached the highest number of complaints after 2016. Ransomware attacks caused $ 2.4 million of damage in 2016, up from $ 8.9 million in 2019.

Source link

The post #cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report

Source: National Cyber Security – Produced By Gregory Evans

Apple dropped plans to offer end-to-end encrypted cloud back-ups to its global customer base after the FBI complained, a new report has claimed.

Citing six sources “familiar with the matter,” Reuters claimed that Apple changed its mind over the plans for iCloud two years ago after the Feds argued in private it would seriously hinder investigations.

The revelations put a new spin on the often combative relationship between the law enforcement agency and one of the world’s biggest tech companies.

The two famously clashed in 2016 when Apple refused to engineer backdoors in its products that would enable officers to unlock the phone of a gunman responsible for a mass shooting in San Bernardino.

Since then, both FBI boss Christopher Wray, attorney general William Barr and most recently Donald Trump have taken Apple and the wider tech community to task for failing to budge on end-to-end encryption.

Silicon Valley argues that it’s impossible to provide law enforcers with access to encrypted data in a way which wouldn’t undermine security for hundreds of millions of law-abiding customers around the world.

They are backed by world-leading encryption experts, while on the other side, lawmakers and enforcers have offered no solutions of their own to the problem.

Apple’s decision not to encrypt iCloud back-ups means it can provide officers with access to target’s accounts. According to the report, full device backups and other iCloud content was handed over to the US authorities in 1568 cases in the first half of 2019, covering around 6000 accounts.

Apple is also said to have handed the Feds the iCloud backups of the Pensacola shooter, whose case sparked another round of calls for encryption backdoors from Trump and others.

It’s not 100% clear if Apple dropped its encryption plan because of the FBI complaint, or if it was down to more mundane usability issues. Android users are said to be able to back-up to the cloud without Google accessing their accounts.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide

Source: National Cyber Security – Produced By Gregory Evans

Check Point Research has published its 2020 Cyber Security Report.

The report highlights the main tactics cyber-criminals are using to attack organisations worldwide across all industries and gives cybersecurity professionals and C-Level executives the information they need to protect their organisations from today’s fifth-generation cyber-attacks and threats.

The 2020 Security Report reveals the key attack vectors and techniques observed by Check Point researchers during the past year.

Highlights include:

Cryptominers still dominate malware landscape – Even though cryptomining declined during 2019, linked to cryptocurrencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.

This is because the use of cryptominers remains a low-risk, high-reward activity for criminals

Botnet armies surge in size – 28% of organisations globally were hit by botnet activity, an increase of over 50% compared with 2018.

Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services.

Other botnet actions such as sextortion email activity and DDoS attacks also rose sharply in 2019.  

Targeted ransomware hits hard – While the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations.

Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.

Mobile attacks decline – 27% of organisations worldwide were impacted by cyber-attacks that involved mobile devices in 2019, down from 33% in 2018.

While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.

The year Magecart attacks became an epidemic – These attacks which inject malicious code into e-commerce websites to steal customers’ payment data hit hundreds of sites in 2019, from hotel chains to from commerce giants to SMBs, across all platforms.

Rise in cloud attacks – Currently more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security, and compliance.

The magnitude of cloud attacks and breaches has continued to grow in 2019.

Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers. 

“2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Check Point Software Technologies major intelligence officer Lotem Finkelsteen.

“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cybercriminals and prevent attacks.

“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Security Report shares what organisations need to look out for, and how they can win the war against cyber-attacks through key best practices.”

Check Point’s 2020 Security Report is based on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months; and on a brand new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

It also includes analysis from Check Point’s thought leaders, to help organisations understand and prepare themselves for today’s and tomorrow’s complex threat landscape.

Source link

The post #comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Who Should the CISO Report To in 2020?

Source: National Cyber Security – Produced By Gregory Evans The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion, and you will get a variety […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report

Source: National Cyber Security – Produced By Gregory Evans

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!

LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.

The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.

Download the free report now to see the current state of password security, access, and authentication around the world – and learn what you can do today to better secure your company.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Source link

The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Raphael Varane Brace Leads Real Madrid to Easy 3-0 Win vs. Getafe | Bleacher Report

Source: National Cyber Security – Produced By Gregory Evans Quality Sport Images/Getty Images Raphael Varane scored twice as Real Madrid beat Getafe 3-0 in their first La Liga match of 2020 on Saturday at the Coliseum Alfonso Perez. Los Blancos took the lead on 34 minutes after goalkeeper David Soria failed to punch Ferland Mendy’s cross clear, […] View full post on AmIHackerProof.com

#deepweb | British accountant denies trying to hire hitman on the dark web to kill his ex-girlfriend in the US: report

Source: National Cyber Security – Produced By Gregory Evans

A 24-year-old British accountant has hit back at accusations he spent more than $5,000 in Bitcoin on the dark web in an attempt to hire a hitman to kill his American ex-girlfriend.

Adrian Fry’s name appeared in a Harper’s Magazine article profiling an alleged threat made against Alexis Stern, a recent high school graduate from Big Lake, Minn. The city’s police chief says the FBI has taken over the case – and Fox News has reached out to the bureau for comment.

“I would never think of killing anyone, I’ve never so much as harmed a fly,” Fry, from Bath, told The Daily Mail this week while describing the allegations as “flimsy nonsense.”

NEW YORK MAN WHO OFFERED $500 FOR MURDER OF ICE AGENT IS ACQUITTED ON ‘PROTECTED SPEECH’ GROUNDS

The pair are reported to have dated online before Fry visited Minnesota in March 2018. Stern claims he was becoming increasingly bossy and broke up with him during his trip.

“I said very clearly I didn’t want to be with him, and he tried telling me I wasn’t thinking right and I was making a mistake,” she told Harper’s. Stern claimed Fry kept trying to contact her even after he returned overseas and “wouldn’t take no for an answer”.

Then in July of that year, a user with the alias ‘Mastermind365’ posted a message on the secretive Camorra Hitmen website – which advertised assassination services — asking if it was possible for somebody to carry out a kidnapping, according to Harper’s.

A week later on July 15, the same user reportedly wrote: “I have changed my mind since I previously spoke to you.”

“I would not like this person to be kidnapped. Instead, i would just like this person to be shot and killed. Where, how and what with does not bother me at all. I would just like this person dead,” the user reportedly wrote.

FLORIDA MAN’S FORMER ESCORT WIFE TRIED HIRING A HIT MAN: ‘I WAS PRAYING IT WASN’T HER’

The magazine says the user then transferred more than $5,000 in Bitcoin to the website along with a photo of Stern.

The user’s messages were sent to Harper’s from Chris Monteiro, a London-based IT worker who the publication says “spends his nights as a white-hat hacker and independent cybercrime researcher, navigating the shadowy spaces of the dark web.”

Montiero, Harper’s says, believes a scammer was operating the Camorra Hitmen site – one that had no intention of completing any order.

Yet Stern that month was called in for an interview with the Big Lake Police Department, where she was informed about the details of the alleged threat, Harper’s reports. It added that her parents installed a new home security system and she carried around a knife in her purse following that meeting with investigators.

The department’s chief, Joel Scharf, told Fox News on Monday that after the case “originally was reported to our department, we in turn requested that the FBI assume the case, which they did.”

Scharf added that in their records, Fry was “listed as a suspect at the time we took the case.”

TEEN CHARGED WITH TRYING TO HIRE HITMAN TO KILL HIGH SCHOOL STAFF MEMBER 

The magazine says when it shared Mastermind365’s messages with Stern to see if she could identify who wrote them, she determined that it was Fry.

“It’s definitely him,” she told Harper’s, saying that the user wrote “thankyou” as one word – something Fry would do as well – and that the date of the murder request, July 15, happened to be the same day she informed Fry she was seeing somebody new.

When Fry was approached at his home by The Daily Mail newspaper this week, he said “I can’t believe what I’m hearing and what she’s accusing me of.

“I’m traumatized and hurt that she would even think that it could be me,” he added.

Fry also told The Daily Mail that nobody from the FBI has reached out to him and denied Stern’s claims.

“Sometimes I write thank you as one word and sometimes two,” he said. “I have bad grammar but that doesn’t mean I’m guilty of ordering somebody’s murder.”

CLICK HERE TO GET THE FOX NEWS APP

He added: “All I did when she told me about her new boyfriend was delete all her pictures and messages and de-friend her from Facebook. I’ve never spoken to her since.”

He continued: “None of the things that Alexis has pointed out is concrete evidence against me. It’s just flimsy nonsense. She’s understandably worried that somebody wants her killed and is looking for a scapegoat, who just happens to be me.”

Source link
——————————————————————————————————

The post #deepweb | <p> British accountant denies trying to hire hitman on the dark web to kill his ex-girlfriend in the US: report <p> appeared first on National Cyber Security.

View full post on National Cyber Security