Tag Archive for: Headlines

Data leaks, AI and ransomware topped the headlines in 2023 for SC Media

/in


Ransomware, cloud leaks and AI — oh my! It was a year when both old and new cyber threats shared center stage, while cybersecurity teams also raced to meet creeping compliance deadlines.

Here is a roundup of 10 of SC Media’s most-viewed stories this year, including a mix of news, analysis and opinion, as well as “honorable mentions” that hit on the topics that mattered most to you.

1. 260K dating profiles leaked in publicly accessible ASW S3 storage

Sensitive data doesn’t get much more sensitive than the 340 GB of files leaked by an app called 419 Dating – Chat & Flirt. As we reported in July, a publicly accessible database was discovered in an Amazon Web Services S3 storage bucket by vpnMentor researcher Jeremiah Fowler, who believed the leak was most likely due to a misconfigured firewall. In addition to 260,000 user account email addresses, the database contained explicit photographs and Software Development Kit files for two other dating apps.

Honorable mentions – more on cloud security:

2. NPM software repository flooded with 15K phishing packages

This incident in February highlights dangers lurking in the open-source ecosystem. Thousands of software packages promising game cheats and increased followers on social media platforms like TikTok were uploaded to the NPM repository to lure users to phishing websites. Researchers from Checkmarx said they believed the phishing packages were distributed using an automated process and carried out through multiple user accounts, making it difficult to quickly detect and remove the malicious packages.

Honorable mentions – more on phishing:

3. Google details 0-click bug in Pixel 6 modem

This vulnerability — or rather, a combination of two critical vulnerabilities — could allow an adversary with the right resources to hijack a victim’s Android handset simply by initiating a phone call. Because the exploit relies on the ability to downgrade the Pixel 6’s cellular modem communication to 2G, the Android Red Team members who disclosed the bug at Black Hat in August recommended that all Android users disable 2G communication.

Honorable mentions – more on vulnerability management:

4. Cybercriminals are already using ChatGPT to…

Source…

Ransomware May Grab the Headlines, But You Shouldn’t Ignore the Cyber Threat of FTF : Risk & Insurance

/in


Funds transfer fraud may not make headlines like ransomware, but it can be just as devastating for small businesses if they are not prepared.

When we think about cyber-related risk, the term “ransomware” isn’t far behind. Ransomware is indeed an extremely detrimental risk for companies, sometimes even going so far as to bankrupt and shutter doors; but, it’s not the only cyber risk businesses should be watching.

Business email compromise (BEC) has proven to be an expanding avenue for funds transfer fraud, or FTF, which is a low-tech attack that disproportionately targets small businesses.

As Catherine Lyle, head of claims at Coalition, explained, threat actors (TAs) often perpetuate FTF using social engineering techniques like phishing. They intend to gain access to a business’ email system to cause a business email compromise. Once a TA has access to a corporate mailbox, the TA often manipulates a user’s contacts and inbox, looking for payment instructions.

This kind of attack usually happens without triggering any security alerts.

“The TA, using rule changes or other hidden techniques, then launches a game of ‘monkey in the middle,’ pretending to be the email sender and hiding real emails requesting payment or changes in wiring instructions from the waiting victim” Lyle said.

Because the email appears to come from a trusted source, the victim doesn’t question its authenticity and complies with the request. Even if the victim responds to ask if the payment request is legitimate, the TA will reply as their assumed host.

FTF is often the primary means of attack, and, as a result, it’s a very common tactic for targeting small businesses.

With fewer options to pivot inside a network and less infrastructure and data to hold hostage in a ransomware attack, smaller organizations become easier targets for TAs. In fact, funds transfer fraud is becoming more common, skyrocketing in the first half of 2021.

Small Business’ Risk

According to Coalition’s 2022 Cyber Claims Report, the initial FTF loss, defined as the loss before Coalition recovered funds, surged to an

Source…

Today’s Headlines and Commentary – Lawfare

/in


Subscribe to receive this newsletter directly to your inbox.

British Prime Minister Boris Johnson survived a no-confidence vote held by his party, reports the BBC. Johnson won the support of 59 percent of Tory members of parliament, which protects him from a leadership challenge for a year. But critics say the narrow vote reflects Johnson’s weakened position in the party and are calling for his resignation.

Russia says it has advanced in eastern Ukraine, with troops now occupying 97 percent of the territory in Luhansk, writes AP News. The announcement comes as Russia deploys additional reinforcements in the area and the country’s artillery barrage continues its offensive on Ukrainian forces, according to an Ukrainian official.

According to Western officials, China is covertly building a military base in Cambodia, writes the Washington Post. The reports indicate that the facility will be exclusively used by the Chinese military, which both countries deny. As China has only one other foreign military base, in Djibouti, a facility in Cambodia would significantly advance its desires for greater influence in the South China Sea. 

Dozens of people were killed at a church in Ondo, Nigeria, by gunmen disguised as worshippers, reports ABC News. The massacre occurred during Pentecost Sunday services, which celebrate the 50th day after Easter. It is unclear who orchestrated the attack , and police have yet to identify the gunmen.

Mexican President Andrés Manuel López Obrador said he will not attend the Summit of the Americas in Los Angeles, following a decision from the White House not to include the governments of Cuba, Nicaragua, and Venezuela, writes the Washington Post. López Obrador is sending his foreign minister in his place and plans to meet with President Biden in July.

Five members of the Proud Boys, a far-right group, were charged in a superseding indictment with seditious conspiracy in connection with the Jan. 6 attack on the Capitol, according to the New York Times. The group’s former leader, Enrique Tarrio, is among those indicted. The charges, if proven, would carry a maximum prison sentence of 20 years.

Israeli Prime Minister Naftali Bennett’s coalition…

Source…

Despite the Headlines, There’s No Need to Feel Hopeless About Cybersecurity

/in


The recent Colonial Pipeline attack set off gasoline panic-buying on America’s East Coast and reportedly cost the company $90 million in ransom. An adversarial nation’s Sunburst hack penetrated major U.S. corporations and key government agencies with repercussions yet unknown. Looking at these and other incidents, friends and customers have asked me, “What’s the use? Why bother? If these powerful organizations can be held for ransom or lose key data, what chance does my organization have to defend itself?”

I understand the feelings of helplessness behind the question. It can sometimes seem cybersecurity experts are preaching fire safety while all around us the house is burning down.

The lesson of the Colonial Pipeline, Sunburst, and other cyberattacks isn’t for companies to lose hope. It’s to realize that every business, no matter how modest, is sitting on highly inflammable assets and must invest in the best fire protection available.

By “invest,” I don’t mean “spend more money.” I mean work to understand the true nature of cyber attackers, cyber defense strategies, and the extent of business-critical data every organization has at risk.

The story of cybersecurity is overwhelmingly not one of superheroes battling super villains. The headline-grabbing hacks and ransomware attacks are merely the visible top layer of a grueling, relentless cyberwar between companies and government agencies trying to protect their network and data infrastructures versus criminal and political keyboard invaders trying to penetrate those infrastructures.

It’s rarely secret cyberattack weapons versus secret cybersecurity defenses. The vast majority of cyberattacks that succeed take advantage of known vulnerabilities that the victim could have defended against but didn’t. Many times, it comes down to organizations simply failing to patch vulnerable software for which patches are readily available.

The bad cyberguys aren’t mysterious apparitions. They appear on “WANTED” posters everywhere. Their faces are familiar. The U.S. National Security Agency (NSA) has emphasized the extreme rarity of zero day hacks, meaning most breaches are not the result…

Source…