now browsing by tag


#deepweb | Scarlett Johansson reveals how Iron Man inspired her to join the ‘groundbreaking’ Marvel Universe

Source: National Cyber Security – Produced By Gregory Evans

Scarlett Johansson reveals how Iron Man inspired her to join the ‘groundbreaking’ Marvel Universe

One of the Avengers’ most quirky superheroes coaxed Scarlett Johansson to join the Marvel Universe.

The actress revealed how knew she was inspired to join the comic-inspired film saga after seeing Robert Downey Jr. in Iron Man back in 2008, during a new interview with Vanity Fair.

‘I just loved it. I’d never really seen anything like it before.

Super-heroine in waiting: Scarlett Johansson said she knew she wanted to join the Marvel Universe after seeing Robert Downey Jr. in Iron Man in 2008

‘It was not particularly that I was a fan of superhero stuff, or that genre, but it seemed groundbreaking,’ the 35-year-old said.

‘I wanted to work with Marvel. It seemed like an exciting place to be.’

The actress met director Jon Favreau when he was casting Black Widow for Iron Man 2. But to Scarlett’s disappointment he chose Emily Blunt instead.

‘And then that was it. You, know, life went on. I mean, I’ve certainly had enough experience of rejection.’

Her inspiration: 'I just loved it,' the 35-year-old gushed after seeing Iron Man. 'I¿d never really seen anything like it before'

Her inspiration: ‘I just loved it,’ the 35-year-old gushed after seeing Iron Man. ‘I’d never really seen anything like it before’

But Emily had to pull out due to a scheduling conflict and the part went to Scarlett.

‘I’m not one to hold a grudge or anything,’ she said. ‘I was super excited about it.

‘And I met with Jon again, and we had a funny conversation about how he had not cast me. But I was excited. I was so stoked.’

Weaving her web: The part of the Black Widow originally went to Emily Blunt but she had to drop out due to scheduling conflicts, leaving Scarlett 'stoked' to step in to the roll

Weaving her web: The part of the Black Widow originally went to Emily Blunt but she had to drop out due to scheduling conflicts, leaving Scarlett ‘stoked’ to step in to the roll 

Now Scarlett, who is engaged to SNL’s Colin Jost and shares daughter Rosie, five, with second husband Romain Dauriac, has just wrapped the first standalone Black Widow movie, which she hopes will ‘elevate the genre.’

‘I mean I hope that it can be both explosive and dynamic and have all that great fun stuff that goes with the genre.

‘But I hope that we can also talk about, you know, self-doubt and insecurity and shame and disappointment and regret and all that stuff too. 

‘It has many different things, it’s not just that. But there’s a lot of deep stuff, I think, that drives it.’  Black Widow is due out on May 1. 

Changing style: Now the star has just wrapped filming on the first standalone Black Widow movie, which she hopes will 'elevate the genre.' It's due out on May 1

Changing style: Now the star has just wrapped filming on the first standalone Black Widow movie, which she hopes will ‘elevate the genre.’ It’s due out on May 1

Source link

The post #deepweb | <p> Scarlett Johansson reveals how Iron Man inspired her to join the ‘groundbreaking’ Marvel Universe <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Report Reveals Businesses Aren’t Ready for 5G

Source: National Cyber Security – Produced By Gregory Evans

A new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration. 

The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to automate security. 

A degree of reticence was also detected when it came to the planned adoption of a shared security model that would enable certain functions to be shifted to carriers.

The report was built using data drawn from a survey of 704 cybersecurity professionals from around the globe, all of whom work for organizations with more than 500 employees. 

Nearly all respondents in the survey expect to make 5G-related security changes within the next five years, and 16% say they have already started preparing before the mainstream wave of 5G deployments arrives. 

Asked about what their preparations were focused on, the larger attack surface topped the list as a worry for 44% of respondents, followed by the greater number of devices accessing the network, which was a concern for 39%. 

Ranking third and fourth, drawing the focus of 36% and 33% of respondents, respectively, were the need to extend security policy to new types of IoT devices and the need to authenticate a larger number and wider variety of devices.

Only 29% of respondents said they plan to implement security virtualization and orchestration during the next five years.

Researchers wrote: “Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind. 

“The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services. Many enterprises are not considering this as a possibility, according to our data.”

With 5G, the size of the cyber-attack surface expands, creating more opportunities for bad actors to strike. Despite this, researchers found that enterprises did not appear to have fully considered how to boost their vulnerability management programs (both patching and mitigation) for devices at the edge, which may carry vulnerabilities that go unnoticed and unpatched.

Additionally, only 33% of enterprises surveyed had implemented multi-factor authentication, and 7% said they plan to implement it during the next five years.

A spokesperson for AT&T wrote: “To better realize how large (and vulnerable) the attack surface becomes with 5G, consider that 274 petabytes of data are currently crossing AT&T’s network each day, and with 5G this number is expected to increase by 10x.”

Currently, neither 5G service nor 5G phones are available everywhere in the United States, and release dates vary for every carrier. Verizon, Sprint, Starry, AT&T, and T-Mobile are providing some coverage already, mostly in major cities, including New York, Washington, DC, Los Angeles, Houston, Chicago, Phoenix, Atlanta, Boston, Denver, and Dallas–Fort Worth.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Report Reveals Businesses Aren’t Ready for 5G appeared first on National Cyber Security.

View full post on National Cyber Security

Facebook Reveals New Data Leak Incident Involving Groups’ Members

Source: National Cyber Security – Produced By Gregory Evans

facebook groups data leak

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users’ data in certain Facebook groups, including their names and profile pictures.

In a blog post published Tuesday, Facebook said the app developers that unauthorizedly access this information were primarily social media management and video streaming apps that let group admins manage their groups more effectively and help members share videos to the groups, respectively.

For those unaware, Facebook made some changes to its Group API in April 2018, a month after the revelation of the Cambridge Analytica scandal, limiting apps integrated with a group to only access information, like the group’s name, the number of members and the posts’ content.

To get access to additional information like names and profile pictures of members in connection with group activities, group members had to opt-in.

However, it seems like Facebook once again failed to protect its users’ information despite the company changing its Group API access parameters back in April 2018.

In an ongoing review, Facebook said it found that the developers of some apps retained the ability to access Facebook Group member information from the Groups API for longer than the company intended.

Though Facebook did not disclose the total number of users affected by the leak or if the data also involved other information beyond just names and profile pictures, the company did assure its users that it stopped all unauthorized access to the data and that it found no evidence of abuse.

“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained, and we will conduct audits to confirm that it has been deleted,” the company said.

Facebook also believes that the number of app developers that actually accessed this data is smaller and decreased over time, as it says that of roughly 100 app developers retaining user data access through Groups API since the last 18 months, “at least 11 partners accessed group members’ information in the last 60 days.”

In July, Facebook agreed to pay a $5 billion fine as a settlement with the Federal Trade Commission (FTC) over the Cambridge Analytica scam and also accepted a 20-year-long agreement with the FTC that enforces new guidelines for how the social media handles its users’ privacy and their data.

“[T]he new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products,” Facebook said.

“As we continue to work through this process, we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform.”

In the recent news surrounding the social media giant, Facebook sued Israeli mobile surveillance firm NSO Group late last month for its involvement in hacking WhatsApp users, including diplomats, government officials, human rights activists, and journalists, using its well-known spyware called Pegasus.

The Original Source Of This Story: Source link

The post Facebook Reveals New Data Leak Incident Involving Groups’ Members appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations

Source: National Cyber Security – Produced By Gregory Evans

BERLIN–(BUSINESS WIRE)–SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today released findings of its latest cybersecurity research at it-sa (Booth #127). The research highlights the threats technology professionals face today and those they expect over the next 12 months, revealing internal factors as the most prominent cybersecurity threat.

The research of over 100 IT professionals in Germany revealed internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organisation’s network or systems (31%).

Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most common cause of accidental or careless insider breaches, while 42% cited sharing passwords as the most common problem. Password management issues, accidental exposure, deletion, corruption or modification of critical data (40%), and copying data to unsecured devices (36%) were the other leading causes reported that lead to insider mistakes.

The survey results also found that 89% of tech pros surveyed indicated they feel unequipped to successfully implement and manage cybersecurity tasks today with their current IT skillset.

“Our research shows once again that the biggest risk to the organization comes from the inside, aligning with research SolarWinds conducted in other regions earlier this year,” said Tim Brown, vice president of security, SolarWinds. “This underscores the continued need for organizations to address the human side of IT security and consistently educate users on how to avoid mistakes, while encouraging an environment of learning and training. However, that alone is not enough; tech pros also need the best possible technology to effectively fight against both threats from the inside and potentially more sophisticated threats from the outside. SolarWinds is committed to helping IT and security teams by equipping them with powerful, affordable solutions that are easy to implement and manage. Good security should be within the reach of all organizations.”

SolarWinds at it-sa, The IT Security Expo and Congress

Booth 127, Hall 9

  • When: October 8 – 10, 2019
  • Where: Nuremberg, Germany

At it-sa, Europe’s largest IT security expo, SolarWinds Head Geek™, Sascha Giese, along with other technical experts, will be onsite to provide in-depth demos of SolarWinds security solutions. These include SolarWinds® Access Rights Manager (ARM), SolarWinds Security Event Manager (SEM), SolarWinds Backup, and SolarWinds Patch Manager—plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response. These products address the gaps identified by the research findings, including the need for more affordable solutions, technologies that help mitigate skills shortages, a layered approach to security, and solutions that fight threats from both the inside and outside of an organization’s technology infrastructure.

“SolarWinds security solutions help address the gaps identified by the research findings,” stated Sascha Giese. “ARM, for example, helps organizations detect compromises or malicious behavior from inside the company, while helping to drive more effective compliance programs. Nearly two-thirds of tech pros surveyed indicate they already use an access rights management solution, underscoring its importance. At it-sa, I’m looking forward to learning even more about the security pain points of our customers and prospects—so we can do even more to help get them resolved.”

Key Findings

Threat Trends: Internal Users Put Organisations at Risk

Types of cybersecurity threats leading to security incidents within the past 12 months:

  • Out of a variety of security incidents, 80% of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 31% attributed at least a portion to external threat actors; followed by 36% that indicated exposures caused by poor network system and/or application security have led to security incidents.
  • 70% indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse, followed by privileged IT administrators and executives (45% and 33%, respectively).
  • 45% named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 42% of tech pros surveyed state that sharing passwords is the most common cause, followed by accidentally exposing, deleting, corrupting, and/or modifying critical data and copying data to unsecured devices (40% and 36%, respectively).

The following cybersecurity threats could lead to security incidents in the next 12 months:

  • 55% of respondents are extremely concerned or moderately concerned (combined) about internal users making mistakes that put organisations at risk. This is followed by 50% and 42% indicating exposure caused by poor network system and/or system security and external threat actors infiltrating their organisation’s network and/or systems as the top concerns, respectively.
  • Nearly half of tech pros surveyed are extremely concerned or moderately concerned (combined) that cybercriminals will lead to security incidents in the next twelve months, while one-third of tech pros feel the same about cyberterrorists—and one-fifth of tech pros indicating nation-state actors as top concerns within the same timeframe.

IT Skillsets and Landscape: Not Sufficiently Equipped

  • 89% of tech pros feel unequipped to successfully implement and manage cybersecurity tasks today given their current IT skillset, while over half of tech pros surveyed (54%) feel unequipped to utilize predictive analytics to determine the likelihood of outcomes in their architecture.
  • One-fourth of tech pros feel the most significant barrier to maintaining and improving IT security within their organisation is the complexity of their IT infrastructure, followed by budget constraints (20%), and lack of manpower (19%).
  • 45% of tech pros surveyed have adopted a hybrid approach to their IT security, protecting and managing the security of their own network but also using a managed provider to deliver some security services—while 43% are self-managed and 6% outsource entirely.

Top Security Technologies

  • Top technologies used by technology professionals according to respondents include:
  • Detection:

    • Access rights management (64%)
    • IDS and/ or IPS (48%)
    • Vulnerability assessment (38%)
  • Protection:

    • Email security (77%)
    • Data encryption (70%)
    • Endpoint protection (65%)
    • Patch management (65%)
  • Risk management:

    • Identity governance (58%)
    • Asset management (55%)
    • Governance, risk, and compliance (GRC) (45%)
  • Response and recovery:

    • Backup and recovery (70%)
    • Access rights management (50%)
    • Incident response (37%)

The findings are based on a survey fielded in August/September 2019, which yielded responses from 110 technology practitioners, managers, and directors in Germany from public- and private-sector small, mid-size and enterprise organisations.

Additional Resources

Connect with SolarWinds

Information regarding employment opportunities with SolarWinds Berlin is available at




About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models. We continuously engage with all types of technology professionals—IT operations professionals, DevOps professionals, and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and highly available IT infrastructures. The insights we gain from engaging with them, in places like our THWACK online community, allow us to build products that solve well-understood IT management challenges in ways that technology professionals want them solved. This focus on the user and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as a worldwide leader in network management software and MSP solutions. Learn more today at

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

Source link

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

The post #cybersecurity | SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations appeared first on National Cyber Security.

View full post on National Cyber Security

New #Book Reveals How #Obama Team #Plotted #Cyberattacks Against #Russia in #2016

Source: National Cyber Security News

On March 13, a book titled “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump” will hit the shelves. Written by Michael Isikoff and David Corn, the book specifically focuses on Russia’s alleged interference in the 2016 US presidential elections.

In the summer of 2016, the Obama team prepared a plan for a large-scale cyber-operation against the Russian media, the country’s most influential businessmen and President Vladimir Putin personally, according to former White House cybersecurity coordinator Michael Daniel.

His remarks are included in “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump,” a book by Michael Isikoff’s and David Corn’s which is due to go on sale on March 13. Excerpts were released by Yahoo News earlier this week.

Daniel explained that the cyber-offensive against Moscow was co-authored by Celeste Wallander, the US National Security Council’s former chief Russia expert.

The plan stipulated that the National Security Agency (NSA) would conduct a number of cyberattacks to neutralize Russian websites and the Guccifer 2.0 hacker, who compromised the emails of the campaign headquarters of former Secretary of State Hillary Clinton and the Democratic Party’s National Committee.

Read More….


View full post on National Cyber Security Ventures

State #institutions in #Denmark #vulnerable to #hacking, expert #reveals

Source: National Cyber Security News

Last summer one of Denmark’s biggest companies, Maersk, was hit by a hacking attack that paralysed its computer systems and ended up costing the firm an estimated 1.9 billion kroner.

And the shipper is not the only one. Twice in 2017, the Southern Denmark region experienced ransomware attacks that locked users out of their accounts and databases.

A survey of state institutions undertaken by the national auditor, Rigsrevisionen, has shown that the Foreign Ministry, health service databank Sundhedsdatastyrelsen, state railway track owner Banedanmark and the emergency response service Beredskabsstyrelsen are all potentially vulnerable to similar attacks, reports DR Nyheder.

Update your security systems!
The auditors noted that security to prevent ransomware attacks was not sufficient and that none of the institutions have fully ensured that their programs all have the latest security updates.

IT security expert Christian Dinesen from the consultancy firm NNIT feels that these institutions are making it much too easy for cyber criminals.

“It is critical, because all these institutions perform vital functions in our society,” said Dinesen.

“What the report shows unfortunately is an immaturity that is also found in other places. Things like local administrators’ rights and security programs not being updated have been in the spotlight for the last 15 years.

Read More….


View full post on National Cyber Security Ventures

A new #Facebook #security feature reveals #fraudulent #Facebook-like #mails

Source: National Cyber Security – Produced By Gregory Evans

A new Facebook security feature protects users from identity theft, the tech giant is taking note of every email it has “recently” sent to its users.

Facebook has rolled out a new security feature to protect users from identity theft, the tech giant is taking note of every email it has “recently” sent to its users.

The full list of email sent by Facebook is available under the Settings menu on the social network platform.

Facebook users that will receive a message allegedly sent by the social network giant can check its authenticity by viewing the new “See recent emails from Facebook” section at the bottom of the Security and Login page.

Facebook security feature

If the message is not included in the list it is fraudulent and must be discarded.

“ is a common domain that Facebook uses to send notifications when we detect an attempt to log in to your account or change a password. If you’re unsure if an email you received was from Facebook, you can check its legitimacy by visiting to view a list of security-related emails that have been recently sent.” states the announcement published by Facebook. 

Even if threat actors are able to disguise emails, to make them look like official messages sent by Facebook, the new Facebook security feature will help users to identify phishing attacks.

Crooks use phishing attacks to obtain victim’s credentials, access their profile, and perform a wide range of fraudulent activities.

Compromised accounts could be used to send out phishing messages or to spread malware.

Users that will discover email scam pretending to be sent from the Facebook platform can report it to

If your account has been compromised due to a phishing attempt, visit

“If you’ve checked this tool and determined that an email you received is fake, we encourage you to report it to, and if you believe your account has been compromised due to a phishing attempt, you may attempt to regain access to your account at: ” concludes Facebook.

The post A new #Facebook #security feature reveals #fraudulent #Facebook-like #mails appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals

Source: National Cyber Security – Produced By Gregory Evans

Kaspersky Lab has updated its investigation on the hacking of a home computer used by an NSA employee.

MOSCOW (Sputnik) — Kaspersky IT security company has announced that access to information on the home computer of the employee of the US National Security Agency (NSA) could have been obtained by an unknown number of hackers.

According to the Kaspersky Lab probe that is linked to media reports about the company’s software allegedly having been used to search and download classified information from the home computer of a NSA employee, the user’s computer was infected with Mokes backdoor, a malware that allows the hackers to obtain access to a device.

“The malware… was a full blown backdoor which may have allowed third parties access to the user’s machine,” the Kaspersky Lab has stated.

However, it is possible that Mokes was not the only malware that infected the computer in question, the company said, adding that while Kaspersky software on the computer was enabled, it reported 121 alarms on different types of malware.

“The interesting thing about this malware is that it was available for purchase on Russian underground forums in 2011. Also noteworthy is that the command-and-control servers of this malware were registered to a (presumably) Chinese entity going by the name ‘Zhou Lou’ during the period of September to November 2014,” the statement explained.

Allegations Against Kaspersky Lab

The internal investigation by Kaspersky Lab was launched after The Wall Street Journal reported in October that a group of hackers allegedly working for the Russian officials had stolen classified data through the National Security Agency (NSA) contractor, which used antivirus software made by the Russian software producer.

Shortly later, the New York Times reported that Israeli intelligence services have hacked into the network of Kaspersky, and warned their US colleagues that the Russian government was allegedly using Kaspersky software to gain access to computers around the world, including in several US government agencies.

Both reports came a month after the US Department of Homeland Security ordered state agencies and departments to stop using Kaspersky Lab software within the next 90  days, with the company’s CEO Eugene Kaspersky refuting all the allegations spread by the media regarding the Russian cybersecurity company’s involvement in spying on US users through its products and calling such claims groundless and paranoiac.

When commenting on the situation in an interview to Die Zeit newspaper, Eugene Kaspersky has, “There is a feeling that we just had been doing our job better than others, that we had been protecting our clients better than others … Probably, someone in the United States is very unhappy about it.”

Most recently, Wikileaks has revealed that the CIA had written a code to “impersonate” Russia-based Kaspersky Lab, which had been used at least three times.

READ MORE: WikiLeaks: CIA Wrote Code to ‘Impersonate’ Russia-Based Kaspersky Lab

Kaspersky Lab is one of the largest private cybersecurity companies in the world, with its technologies protecting over 400 million users and 270,000 corporate clients.

The post Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Wikileaks release #reveals #CIA impersonated #Kaspersky Lab while #hacking people

Source: National Cyber Security – Produced By Gregory Evans

The Central Intelligence Agency created and used code that pretended to be from Kaspersky Lab while hacking people, a big twist on what has been an ongoing saga of allegations of Kaspersky colluding with the Russian government, according to the latest release by Wikileaks of leaked top secret U.S. government files.

The Vault 8 release, issued Thursday, detailed the source code and development logs behind the CIA’s “Project Hive,” designed by the agency to implant malware to spy on targets outside the country. Within the released code was evidence that the CIA used fake certificates pretending to have been from Kaspersky Lab, meaning essentially that the agency was hacking people across the globe while impersonating Kaspersky.

“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said in a statement. “Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention.”

Kaspersky Lab has been in the spotlight since June after the Federal Bureau of Investigation raided the company’s employees as part of an investigation into claims the company was colluding with the Russian government to hack and steal information from the U.S. government. Despite there being no solid evidence to date, the company has since been banned by The White House and Department of Homeland Security from use by U.S. government agencies.

In a surprising twist in a story that already reads like a poorly edited self-published spy drama in Inc.’s Kindle book store, Kaspersky claimed last month that it had indeed gained access to top secret spying tools used by the National Security Agency, but only because a contractor accidentally installed malware on his or her computer. The company then claimed that after being made aware that it had accidentally accessed the code, it immediately deleted it.

Although much of the story to date has appeared to be nothing more than a witch hunt against Kaspersky Lab, the fact that Wikileaks has now revealed that the CIA itself was pretending to be the company while hacking people may finally provide some relief to the company going forward.

The post Wikileaks release #reveals #CIA impersonated #Kaspersky Lab while #hacking people appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches

Source: National Cyber Security – Produced By Gregory Evans

Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.

Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used the same username and password on multiple online accounts.

While data breaches are bad news for internet users, Google’s study finds that phishing is a much more dangerous threat to its users in terms of account hijacking.

In partnership with the University of California Berkeley, Google pointed its web crawlers at public hacker forums and paste sites to look for potential credential leaks. They also accessed several private hacker forums.

The blackhat search turned up 1.9 billion credentials exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. The vast majority of the credentials found were being traded on private forums.

Despite the huge numbers, only seven percent of credentials exposed in data breaches match the password currently being used by its billion Gmail users, whereas a quarter of 3.8 million credentials exposed in phishing attacks match the current Google password.

The study finds that victims of phishing are 400 times more likely to have their account hijacked than a random Google user, a figure that falls to 10 times for victims of a data breach. The difference is due to the type of information that so-called phishing kits collect.

Phishing kits contain prepackaged fake login pages for popular and valuable sites, such as Gmail, Yahoo, Hotmail, and online banking. They’re often uploaded to compromised websites, and automatically email captured credentials to the attacker’s account.

Phishing kits enable a higher rate of account hijacking because they capture the same details that Google uses in its risk assessment when users login, such as victim’s geolocation, secret questions, phone numbers, and device identifiers.

The researchers find that 83 percent of 10,000 phishing kits collect victims’ geolocation, while 18 percent collect phone numbers. By comparison, fewer than 0.1 percent of keyloggers collect phone details and secret questions.

The study finds that 41 percent of phishing kit users are from Nigeria based on the geolocation of the last sign-in to a Gmail account used to receive stolen credentials. The next biggest group is US phishing-kit users, who account for 11 percent.

Interestingly, the researchers found that 72 percent of the phishing kits use a Gmail account to send captured credentials to the attacker. By comparison, only 6.8 percent used Yahoo, the second most popular service for phishing-kit operators. The phishing kits sent were sending 234,887 potentially valid credentials every week.

Gmail users also represent the largest group of phishing victims, accounting for 27 percent of the total in the study. Yahoo phishing victims follow at 12 percent. However, Yahoo and Hotmail users are the largest group of leaked credential victims, both representing 19 percent, followed by Gmail at 12 percent.

They also found most victims of phishing were from the US, whereas most victims of keyloggers were from Brazil.

The researchers note that two-factor authentication can mitigate the threat of phishing, but acknowledges that ease of use is an obstacle to adoption.

The post Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures