their

now browsing by tag

 
 

While #Western Union #wired customers’ money, #hackers #transferred their #personal #deets

Source: National Cyber Security News

Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.

A Register reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant’s customer records was vulnerable to plundering, and hackers were quick to oblige.

“We have discovered that some of your information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage,” the letter read.

“We promptly moved our external secure storage to a different vendor’s system. We immediately notified law enforcement, and are actively cooperating with its investigation. Expert assistance was also immediately engaged to determine what personal information may have been compromised.”

In other words, it sounds as though a cloud-based or off-site backup storage provider was hacked. Now that system has been shut down, the cops alerted, and digital forensics teams are probing the network intrusion.

Suspicious
“Upon detecting suspicious activity, Western Union permanently discontinued all use of the vendor’s system and the system was taken offline,” a spokesperson for Western Union told The Register today.

Read More….

advertisement:

View full post on National Cyber Security Ventures

How #Parents Can Protect Their #Children From Infant #Identity Theft

Source: National Cyber Security – Produced By Gregory Evans

An identity thief can wreck credit scores, drain bank accounts, and cause underserved legal troubles. But the victims of identity theft aren’t always adults with established finances.

In fact, according to Robert Chappell Jr, the author of “Child Identity Theft: What Every Parent Needs to Know,” around 1.

Read More….

The post How #Parents Can Protect Their #Children From Infant #Identity Theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #seriously are #SMEs taking their #cyber security?

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is essential for organisations of all sizes. Organisations need to ensure they have taken all the necessary precautions to protect their data.

In the past year, 46% of businesses identified at least one cyber attack or breach, with 875,000 of these victims being an SME. Despite these statistics, a recent survey found that many SMEs don’t believe they are at risk, with 59% thinking that their information would be of little value to cyber criminals.

This mindset is a major issue for small businesses because their lack of interest in cyber security makes them a favourable target for criminal hackers.

Why do criminals target SMEs?

Many small businesses do not put enough money and resources into cyber security. They do not monitor or implement strong enough cyber security defences that will adequately protect their data. Not having these defences in place makes their data more susceptible to attacks.

Although they may not feel that their information has much value to criminals, it very often does. Small businesses still hold personal and financial information, but they do not have the security defences in place that large organisations do. This makes them an easy and attractive target.

When an organisation has been hit by a ransomware attack, the criminals responsible will demand it pays a ransom to retrieve its data. It’s very difficult for small businesses to recover from ransomware attacks, so they are often more willing to pay the ransom than larger organisations would be. Again, this makes them an attractive target for many criminals.

How are SMEs being hacked?

The most common ways SMEs are hacked are by phishing, poor passwords and IT vulnerabilities.

Phishing schemes are fake emails that impersonate someone that you may trust: an online provider, bank, popular website or sometimes a colleague. These emails try to trick you into giving away sensitive information.

Passwords are vital for ensuring the security of your data. If a password is easy to guess or used for multiple platforms, it becomes less secure and easier to hack. Passwords should be unique and complex, and should never be shared..

IT vulnerabilities are a result of a network not having the right security measures in place in order to protect data. These vulnerabilities can lead to malware attacking an organisation’s data.

What precautions should SMEs take?

There are many simple ways an SME can protect itself from a cyber attack. Implementing a firewall is one of the first things an organisation should do, as this will put up a barrier between your data and the hacker, restricting their access.

It is very important to educate your employees to follow cyber security procedures. They should complete staff awareness training to ensure they can identify a phishing email, and follow basic security measures such as regularly changing passwords and adopting security policies.

Installing security software is vital to keep your data secure. Even after you have trained your staff, there is still the chance they may fall for a phishing email. Installing anti-malware software will help protect your organisation from malware that may be contained in these types of email.

Evaluate your cyber security posture

Gain a high-level evaluation of your organisation’s cyber security posture and a documented summary of recommendations for improvements with the Cyber Security Audit.

 

The post How #seriously are #SMEs taking their #cyber security? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

Source: National Cyber Security – Produced By Gregory Evans

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.

The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.

The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.

The post Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year

Source: National Cyber Security – Produced By Gregory Evans

54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year

A successful cyberattack on your enterprise may be imminent, and security experts say many companies aren’t doing enough to protect themselves. Increasingly, risks are coming from within.

Ask a cybersecurity expert or hacker to name the weakest link in any security plan and they will inevitably answer “the people.” Just like everything else, security can’t account for the unpredictability of the human factor. In an enterprise setting, employees will circumvent protocols for the sake of convenience, offer bits of information to strangers because they asked nicely, and generally make a mess of any well-laid enterprise-wide cybersecurity plan.

According to the Cybersecurity Trends 2017 Spotlight Report (PDF), 54% of cybersecurity professionals surveyed anticipate a successful cyberattack on their organization in the next 12 months. Some 40% of those professionals also view the lack of employee awareness as a major obstacle to stronger cybersecurity.

With increases in mobility and the adoption of a BYOD culture in the enterprise, 69% of the surveyed cybersecurity professionals are increasingly concerned about data leakage. Another 64% believe their organizations will have to deal with the download of unsafe applications and the introduction of malware stemming from portable storage devices and the like in the next year.

While workforce mobility and the culture of BYOD certainly produce tremendous benefits for modern enterprises, the technology presents a challenging risk for cybersecurity professionals. The only viable approach to overcoming, or at least mitigating, the human factor is to educate employees and establish a comprehensive policy to govern how personal devices, especially portable storage devices, will be introduced to an enterprise network.

TechRepublic’s premium sister site, Tech Pro Research, offers a ready-made Portable Storage Device Policy to help you regulate and secure usage of portable storage devices to help reduce the risks.

The post 54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers are #conning homebuyers out of their down #payment

Source: National Cyber Security – Produced By Gregory Evans

Scammers are #conning homebuyers out of their down #payment
  • Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
  • Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
  • Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.

$52,660.57.

It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at FrugalBeautiful.com and now, after her experience, at Realestatewirefraud.com. You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.

WHAT TO DO IF YOU’RE VICTIMIZED

If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.

The post Scammers are #conning homebuyers out of their down #payment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Three out of five #Americans concerned #hackers could #spy on them via their #webcam

Source: National Cyber Security – Produced By Gregory Evans

Three out of five Americans concerned hackers could spy on them via their webcam

Avast solutions help users control who can access their webcam to prevent unwanted spying.

In October, we conducted an online survey around webcam security awareness and found that 61% of Americans are concerned hackers could spy on them through their computer’s camera.

They have every reason to be concerned.

Tools that can hack a computer’s webcam are available on the regular web, as well as the darknet, in some cases even for free. Although many computers come with a light that indicates the webcam has been activated, tools can circumvent the light from being triggered.

The survey reveals that Americans are more aware that hackers can spy on them without activating their webcam’s indicator light compared to the global results. Globally, two in every five (40%) respondents are unaware of the threat, while two-thirds of Americans claim they know of the possibility.

Many people, like former FBI Director, James Comey, and Facebook CEO, Mark Zuckerburg, cover their webcam to prevent unwanted spies from watching them. However, despite concerns being high, only 52 percent of Americans have physically covered up their computer’s webcam.

Covering webcams is a good start, but can be an inconvenience if you frequently need to use your webcam. We at Avast understand this inconvenience, which is why we give our users complete control over who can use their camera, without having to physically cover it up. – Ondrej Vlcek, CTO of Avast

Avast’s new feature, Avast Webcam Shield, which comes with Avast Premier, ends webcam spying for good by blocking malware and untrusted apps from hijacking webcams. Furthermore, users have the option of forcing all apps to ask their permission before they can access the computer’s webcam. The same feature is offered in AVG Internet Security, under a different name, Webcam Protection.

Source:

The post Three out of five #Americans concerned #hackers could #spy on them via their #webcam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers are locking people out of their MacBooks – here’s how to stay safe

Source: National Cyber Security – Produced By Gregory Evans

Hackers using stolen iCloud credentials have been able to use Apple’ Find My Device features to remotely lock down computers and demand Bitcoin ransoms from affected users. However, that doesn’t mean Apple’s iCloud was hacked. Instead, hackers are likely trying their luck with some of the many available username and…

The post Hackers are locking people out of their MacBooks – here’s how to stay safe appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

FDs need to change their approach or be caught out

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is repeatedly in the news, with headlines shouting about security breaches and stolen data, as PR teams scrabble to fix the reputational damage to companies. With all this noise on cyber security, it would seem safe to assume that there is also a wealth of informed and collected…

The post FDs need to change their approach or be caught out appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin users are opening their wallets to hackers through mobile networks

Source: National Cyber Security – Produced By Gregory Evans

Cryptocurrencies like Bitcoin make a big deal of their security; theoretically, they are almost impossible to hack. Every transaction is stored in a ‘digital ledger’, shared across multiple machines; an attacker would need to compromise every computer in the chain to successfully hack the system. However, the digital wallets that…

The post Bitcoin users are opening their wallets to hackers through mobile networks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures