Tag Archive for: data

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley


Fujitsu hack raises questions, after firm confirms customer data breachFujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcementFujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.


Source…

Scientists Hack Weather Satellite Data to Quantify Methane Leaks


(Bloomberg) — Satellites sitting more than 22,200 miles (35,700 kilometers) above the Earth’s surface have been capturing storms and weather data for decades. Now, scientists have essentially hacked the data coming back for another purpose: spotting methane emissions.

Most Read from Bloomberg

The innovation could have far-reaching consequences for fossil fuel operators unable or unwilling to halt major methane releases because it allows researchers to observe emissions every five minutes and estimate the total amount emitted. The approach, which uses shortwave infrared observations from the National Oceanic and Atmospheric Administration’s Geostationary Operational Environmental Satellites (GOES), can detect large-emitting events of around tens of metric tons an hour or larger.

Satellites observe concentrations of methane from space by analyzing the way sunlight reflects off the Earth. As light passes through a cloud of the gas, its intensity is weakened on certain wavelengths. Methane absorbs light in the short-wave infrared portion of the electromagnetic spectrum. Although the GOES system wasn’t built to detect methane, its sensor includes short-wave infrared channels designed to observe things like snow cover and fire hot spots.

The new technique is already being used by geoanalytics firms and scientists to quantify major emissions events in North America. Kayrros SAS used the approach to estimate that a fossil gas pipeline spewed about 840 metric tons of methane into the atmosphere after it was ruptured by a farmer using an excavator. That’s very close to the 50.9 million cubic feet of gas operator Williams Cos. said leaked, which works out to about 900 metric tons of methane. The short-term climate impact of the event was roughly equal to the annual emissions from 17,000 US cars.

Read more: Regulators Probe Why Williams Took More Than an Hour to Halt a Methane Leak

The new approach, which was executed for the first time last year by scientists at Harvard University, enables near continuous, real-time coverage and contrasts with all other satellites currently used to detect methane, which are in low-Earth orbit and snap images as they circumnavigate the…

Source…

How to Think Like a Hacker — and Defend Your Data


How do hackers hack?

What tools and techniques are commonly used against organizations to gain unauthorized access into systems?

Where can we learn about the mindset of hackers and how to best protect our personal and professional data?


How can you disrupt (or stop) your information from being stolen?

WHO IS MISHAAL KHAN?

A few weeks back, I was in Las Vegas for the World Game Protection Conference as an invited keynote speaker covering ransomware stories. The presentation immediately prior to mine on the main stage was given by Mishaal Khan, who gave an entertaining keynote that demonstrated how hackers “do their thing” — often with information that is openly available to everyone online.

Not only did I enjoy and learn from Khan’s presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity practice lead, in addition to his hacking roles. Mishaal is also an advocate for better online privacy, and he offers tips to audiences on how to protect your data.

You can learn more about Khan at his website bio. He’s co-author of The Phantom CISO, and he leans into the “hacker with a hoody” persona — which many in the cybersecurity industry shy away from. He also offers many presentations, podcasts and other online cyber resources at his website.

mishaal.jpg

Dan Lohrmann (DL):  Have you always wanted to be a hacker? When did you discover that you “think like a hacker”?

Mishaal Khan (MK): Ever since my middle school days, I’ve been immersed in a world of gadgets and computer parts, all thanks to my dad’s computer repair shop. Surrounded by the hum of computer fans, I couldn’t help but be drawn into the intricate workings of computers. As my understanding…

Source…

Ransomware Groups’ Data Leak Blogs Lie: Stop Trusting Them


Fraud Management & Cybercrime
,
Ransomware


March 15, 2024    

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them
Ransomware leak sites are not reliable sources of data. (Shutterstock)

Ransomware gangs are not reliable sources of information. Groups that run data leak blogs – and not all do – use them to pressure new and future victims into paying for the promise of either a decryptor or a pledge to delete stolen data.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The number of victims that end up on a data leak site is inherently incomplete. Victims who pay a ransom quickly don’t get posted; criminals don’t publish these numbers. In addition, “some groups post more of their nonpaying victims than others,” and it’s often not clear why, said Brett Callow, a threat analyst at Emsisoft.

As a result, relying on data leak blogs to build a picture of attack volume can lead to wildly inaccurate results, not only about victim count but about the impact of any given attack. Unfortunately, some cybersecurity organizations, often aided and abetted by us in the media, regularly track fresh victims claimed by ransomware groups via their Tor-based data leak blogs, aka “name and shame” sites.

“Relying on shame blogs is the last thing we should do while assessing a group threat,” said Yelisey Bohuslavskiy, chief research officer at RedSense. “Blogs reflect how often extortion fails, and the victim decides to show the criminals a middle finger. Often, the fewer victims are on the blogs, the more successful the group…

Source…