Tag Archive for: Questions

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley


Fujitsu hack raises questions, after firm confirms customer data breachFujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcementFujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.


Source…

Microsoft hack: Five questions enterprises should ask their IT leaders


Software giant Microsoft revealed in mid-January 2024 that its systems were successfully infiltrated at the end of 2023 by Russia-backed hacking group Midnight Blizzard, as part of a coordinated and targeted information-gathering exercise.

Microsoft confirmed the details of the attack in a statement published online on Friday 19 January 2024,  where it revealed the attack was first detected on 12 January 2024 and the immediate activation of its internal response processes meant it was able to immediately remove the hackers from its systems.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI [artificial intelligence] systems,” said Microsoft in its statement.

“We will notify customers if any action is required. This attack does highlight the continued risk posed to all organisations from well-resourced nation-state threat actors like Midnight Blizzard.”

And while Microsoft made it clear in its statement that no customer data or services were put at risk during the attack, Microsoft did publish a broader warning in its Security Threat Intelligence Blog on 25 January 2024  that stated its investigation into the hack is still on-going and further details about the impact of the attack may still come to light.

As a result, here are five questions enterprise users of Microsoft’s cloud services should be asking of their CIO, CTO and CISO in the wake of this attack.

  1. Microsoft presents itself as being an intrinsically secure platform – is that still the case?

This is a key question because a company’s risk profile should be under continuous, ongoing re-assessment in any event, and the flurry of recent Microsoft hacks ought to be on their risk radar.

It is not clear how (or even if) Microsoft will be able to 100% guarantee its entire cloud environment is now clean and free from hackers, and they’ve reported being attacked successfully multiple times by Chinese and Russia-backed hacking groups.

  1. Are we relying on the same security controls as Microsoft do?

Microsoft disclosed the Midnight Blizzard hackers were inside its systems for up to 42 days before they were…

Source…

Y0ur P@ssw0rd S*cks: Hacker Answers Security Questions


Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.


You may know crimew as the hacktivist who discovered the TSA No Fly List on an unsecured server earlier this year, as exclusively reported by the Daily Dot. The discovery even spawned an internet meme, but that’s a story for another day.

We asked crimew three questions that are most commonly asked by those interested in the world of hacking.

First things first, what exactly is a hacker? It may seem like a silly question. While many people associate the term with criminal activity, hacker is a very broad term. Although the context of this conversation will center around computer hackers, a hacker doesn’t even have to be someone who focuses on electronic devices.

As crimew puts it: “A hacker is anyone who finds creative solutions to problems.”

So, what one piece of advice would a skilled hacker give to help everyday users stay safe online from nefarious actors? It’s much simpler than you’d think.

There’s a popular belief that criminal hackers are spending most of their time breaking into individual people’s social media accounts, leading to worry among many. But in reality, most hacks are done at scale. Criminal hackers steal passwords, credit card numbers, and health data from large databases, for example.

One of the best moves you can make, crimew says, is to keep all your software updated. Sometimes you’re worried that an update will introduce a new feature you aren’t excited about. We get it. But applying all your updates, especially those for your web browsers and operating systems, will help keep you from randomly getting hacked.

Also make sure to check out web_crawlr’s other security tips, which cover a wide array of topics related to everyday life in the digital age.

Now, an answer to the question you have almost certainly asked at some point: “Why haven’t…

Source…

23andMe Hack Prompts DNA Testing Security Questions


The FTC also claimed that Vitagene deceived consumers about their ability to delete their own data. Over a two-year period, the agency said, it warned the company at least three times about storing unencrypted genetic, health and other personal information in publicly accessible data “buckets.” Vitagene has since discontinued its product line.

What are the risks of hacked databases?

Amassing information, not copying DNA. When a person’s exposed data is combined with other known or discovered data, the peril increases. And no one knows how the emergence of artificial intelligence might play a role.

See more Technology & Wireless offers >

Source…