Category Archives: Data Breach

Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion

Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion. Healthcare: The most targeted industry Healthcare emerged as the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45B, an increase from 164 incidents costing over $633 million in 2018. Despite healthcare … More

The post Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion appeared first on Help Net Security.

Cyber News Rundown: Bank of America Breach Reveals PPP Info

Reading Time: ~ 2 min.

Bank of America Breach Reveals PPP Information

After processing over 300,000 Paycheck Protection Program applications, Bank of America has revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. The data includes tax information and social security numbers relating to both businesses and their owners and could have extremely devastating effects in the wrong hands. Fortunately, the SBA secured the compromised data within a day of being notified and Bank of America has reached out to affected customers offering of two years of identity theft protection. null

Bank of Costa Rica Suffers Data Breach

Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic.

Old LiveJournal Breach Data Re-emerges

Researchers have been looking into a recent data dump that appears to have originated from the 2014 LiveJournal breach and contains over 33 million records up to 2017. It is hard to precisely date the breach, as LiveJournal is a Russian-owned journaling service and never reported it, though many LiveJournal users were targeted in a past spam extortion email campaign. More recently, users of Dreamwidth, which shares the LiveJournal codebase, has seen reports of compromised accounts.

Turla Hackers Grabbing Antivirus Logs to Check for Detection

One of the largest state-sponsored hacker groups, Turla, has turned their attention to accessing antivirus logs on infected systems to determine if their malicious activity has been discovered. With the use of ComRAT V1 (and later versions), Turla has been gaining highly sensitive information from major national organizations for over a decade and continues to improve on their methods. By viewing the logs created by local antivirus software, the attackers can adjust more quickly to avoid future detections.

New COVID-19 Tracker Drops [F]Unicorn Ransomware

The latest to capitalize on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting systems in Italy by dropping a new ransomware variant dubbed [F]Unicorn. The malicious payload comes disguised as a file from the Italian Pharmacist Federation. It then directs the victim to a beta version of the yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the encryption process begins. The ransomware demands a 300-Euro payment but displays an invalid email address, so users would be unable to prove payment to the attackers even if they choose to pay.

The post Cyber News Rundown: Bank of America Breach Reveals PPP Info appeared first on Webroot Blog.

Most companies suffered a cloud data breach in the past 18 months

Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals. According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments. Meanwhile, 80% reported they … More

The post Most companies suffered a cloud data breach in the past 18 months appeared first on Help Net Security.

There was no data breach in the cyberattack against Minneapolis Police

Last week a massive distributed denial-of-service (DDoS) attack shut down the websites and systems of Minneapolis, but there is no evidence of a breach.

Over the weekend, Anonymous demanded justice for George Floyd and threatened to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes.

While widespread civil unrest escalated in the US and the protest against the brutality of the police is spreading in the principal cities, Anonymous released a video, threatening Minneapolis Police Department (MPD) that it will “expose your many crimes to the world.”

On Thursday, the city’s website was not reachable due to the cyberattack that was launched as a retaliation for the death of George Floyd.

Most of the operations at the city were restored quickly, the Minneapolis CIO Fadi Fadhil said announced that the city had put on place proactive measures to mitigate such attacks.

“Although these types of attacks are not completely unavoidable, they are fairly common, and the city of Minneapolis has proactive measures in place to respond to and mitigate disruptions when they do occur,” said Fadhil. “The city of Minneapolis IT continues to monitor its cyber platforms to ensure further disruption doesn’t happen again.”

On Sunday, while the turmoil was continuing in the US, alleged members of the group (@PowerfulArmyGR, @namatikure) announced on Pastebin that the site was hacked and leaked the database of email and passwords.

But some security experts argued that the data were not obtained as result of a security breach occurred during the DDoS attack.

The popular cybersecurity expert Troy Hunt, who operates the data breach notification site Have I Been Pawned, raised doubts of the alleged data leak.

Hunt speculates the data was amassed from past data breaches, most of the email addresses in the leak were already present in Have I Been Pawned.

Hunt analyzed the email in the dump and discovered that some email addresses are duplicated and are reported with different passwords, a circumstance that suggests they were originated from different sources and aggregated to appear the result of the Minneapolis Police hack.

“There are 798 email addresses in the data set but only 689 unique ones. 87 of the email addresses appear multiple times, usually twice, but one of them 7 times over.” reads the Hunt’s analysis. “I’ll come back to the passwords associated with that account in a moment, what I will say for now is that it’s extremely unusual to see the same email address with multiple different passwords in a legitimate data breach as most systems simply won’t let an address register more than once.”

Hunt discovered that of the 689 unique email addresses in the list, 654 of them are already in Have I Been Pwned. 

“The conclusion I draw from this is that a huge amount of the data is coming from aggregated lists known to be in broad circulation.” concludes Hunt.

Pierluigi Paganini

(SecurityAffairs – Minneapolis Police, cybersecurity)

The post There was no data breach in the cyberattack against Minneapolis Police appeared first on Security Affairs.

Passenger Railroad Service Says Data Breach Might Have Affected PII

A passenger railroad service announced that a data breach might have affected some passengers’ personally identifiable information (PII). In a “Notice of Data Breach” letter sent to the Attorney General’s Office of Vermont, Amtrak revealed that it had discovered the data breach on April 16 2020. Amtrak looked into the matter and discovered that an […]… Read More

The post Passenger Railroad Service Says Data Breach Might Have Affected PII appeared first on The State of Security.

The team behind the Joomla CMS discloses a data breach

Maintainers at the Joomla open-source content management system (CMS) announced a security breach that took place last week.

Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site ( on an unsecured Amazon Web Services S3 bucket operated by the company.

The company did not reveal is third-parties have found and accessed to the S3 bucket.

“JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket. The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach.” reads the data breach notification. “Known to the current Team Leader at the time of the breach. ( Each backup copy included a full copy of the website, including all the data.”

The backup contained details for approximatively 2,700 users who registered and created profiles on the JRD website.

The Joomla Resources Directory portal allows professionals and developers to advertise their services.

Joomla team is investigating the data leak said they are still investigating the incident. It is currently unclear if anyone found and download the data from the third-party company’s S3 server.

The Joomla team also carried out a full security audit of the portal.

“The audit also highlighted the presence of Super User accounts owned by individuals outside Open Source Matters,” continues the notification.

Data contained in the backup includes :

  • Full name
  • Business address
  • Business email address
  • Business phone number
  • Company URL
  • Nature of business
  • Encrypted password (hashed)
  • IP address
  • Newsletter subscription preferences

The data breach notification states that most of the data was public, because it was a public directory, anyway private data (unpublished, unapproved listings, tickets) was exposed in the breach.

The Joomla team is urging JRD users to change their password on the JRD portal and on other sites where they share the login credentials.

“Even if we don’t have any evidence about data access, we highly recommend people who have an account on the Joomla Resources Directory and use the same password (or combination of email address and password) on other services to immediately change their password for security reasons.” concludes the notification.

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

The post The team behind the Joomla CMS discloses a data breach appeared first on Security Affairs.

KingNull leaks DB of Daniel’s Hosting dark web hosting provider

Earlier this year a hacker breached Daniel’s Hosting, the largest free web hosting provider for dark web hidden services and now leaked its DB.

A threat actor has leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web hidden services.

The hacker has stolen the data in March when he breached the hosting provider, almost 7,600 dark web portals have been taken offline following the security breach.

Daniel Winzen, a German software developer that operated the service, revealed that attackers accessed the backend of the hosting provider and deleted all the databases of the websites hosted by Daniel’s Hosting.

Winzen definitively shut down the service on March 26.

Today ZDNet reported that a hacker that goes online with the moniker ‘KingNull’ uploaded a copy of Daniel’s Hosting database on a file-hosting site.

“According to a cursory analysis of today’s data dump, the leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains.” reported ZDNet.

Threat intelligence firm Under the Breach that analyzed the leaked database told ZDNet that the archive includes sensitive information on the owners and users of thousands of darknet sites. IP addresses of administrators and users were not included in the archive.

The database could allow law enforcement agencies to deanonymize administrators of dark web services that were involved in illegal activities.

Unfortunately, the leak could put in danger activists and dissidents that use the darknets to avoid the censorship applied by regimes.

In November 2018, Daniel’s Hosting provider was victims of another incident, attackers hacked the service and deleted 6,500+ sites.

ZDNet revealed that Winzen plans to launch again the hosting service in several months.

Pierluigi Paganini

(SecurityAffairs – dark web, hacking)

The post KingNull leaks DB of Daniel’s Hosting dark web hosting provider appeared first on Security Affairs.

Security Affairs newsletter Round 266

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Experts observed a spike in COVID-19 related malspam emails containing GuLoader
Silent Night Zeus botnet available for sale in underground forums
The Florida Unemployment System suffered a data breach
Voter information for 2 millions of Indonesians leaked online
25 million Mathway user records available for sale on the dark web
Online education site EduCBA discloses data breach and reset customers pwds
Personal details and documents for millions of Indians available in the deep web
Unc0ver is the first jailbreak that works on all recent iOS versions since 2014
3 hacking forums have been hacked and database have been leaked online
Cisco fixed a critical issue in the Unified Contact Center Express
Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid
Maze ransomware operators leak credit card data from Costa Ricas BCR bank
Ragnar Ransomware encrypts files from virtual machines to evade detection
Bugs in open-source libraries impact 70% of modern software
Hangzhou could permanently adopt COVID-19 contact-tracing app
New Turla ComRAT backdoor uses Gmail for Command and Control
StrandHogg 2.0 Android flaw affects over 1 Billion devices
Boris Johnson to reduce Huaweis role in national 5G network
Fuckunicorn ransomware targets Italy in COVID-19 lures
Grandoreiro Malware implements new features in Q2 2020
Microsoft warns about ongoing PonyFinal ransomware attacks
Real estate app leaking thousands of user records and sensitive private messages
Researchers dismantled ShuangQiang gangs botnet that infected thousands of PCs
The evolution of ransomware in 2019: attackers think bigger, go deeper and grow more advanced
Google TAG report Q1 details about nation-state hacking and disinformation
Israel s national cyber chief warns of rising of cyber-warfare
Ke3chang hacking group adds new Ketrum malware to its arsenal
NSA warns Russia-linked APT group is exploiting Exim flaw since 2019
Security breach impacted Cisco VIRL-PE infrastructure
Valak a sophisticated malware that completely changed in 6 months
An archive with 20 Million Taiwanese citizens leaked in the dark web
Himera and AbSent-Loader Leverage Covid19 lures
ICT solutions provider NTT Com discloses security breach
Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHub
Steganography in targeted attacks on industrial enterprises in Japan and Europe
A new COVID-19-themed campaign targets Italian users
A New York man was charged with stealing credit card data via SQL Injection attacks
API Security and Hackers: Whats the Need?
NetWalker ransomware gang threatens to release Michigan State University files

Pierluigi Paganini

(SecurityAffairs – newsletter, hacking)

The post Security Affairs newsletter Round 266 appeared first on Security Affairs.

ICT solutions provider NTT Com discloses security breach

NTT Communications (NTT Com), a subsidiary of tech giant NTT Corp, disclosed a data breach that impacted hundreds of customers.

NTT Communications (NTT Com), a subsidiary of the tech giant NTT Corp, disclosed a data breach that impacted hundreds of customers.

NTT Com provides network management, security and solution services[3] to consumers, corporations and governments.

NTT Com Group has more than 30 companies in the Asia-Pacific regionEurope and the Americas.

The company launched an investigation after discovering unauthorized access to some systems on May 7, then this week it confirmed that threat actors may have been stolen.

“NTT Communications (hereafter NTT Com) detected an unauthorized access to our equipment that has been made by an attacker on May 7, and the possibility that some information may have leaked to the outside was confirmed on May 11.” reads the data breach notification.

Experts at NTT Com initially noticed suspicious activity on an Active Directory server, then they discovered that threat actors have breached an operational server and an information management server that stored customer information.

The internal investigation revealed that attackers initially targeted a server in Singapore, then used it for lateral movements and reach the infrastructure in Japan.

In response to the incident, the company shut down impacted servers to avoid the malware from spreading and communicating with external servers.

According to NTT, the security breach could impact 621 companies whose information was stored on the information management server.

The company announced that it has taken additional measures to prevent similar attacks in the future.

Other major Japanese companies recently disclosed security breaches, some of them took place years ago, including NEC, Mitsubishi ElectricPasco and Kobe Steel.

Pierluigi Paganini

(SecurityAffairs – NTT, hacking)

The post ICT solutions provider NTT Com discloses security breach appeared first on Security Affairs.

Despite lower number of vulnerability disclosures, security teams have their work cut out for them

The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk Based Security reveals. Vulnerabilities of interest disclosed in Q1 2020 Vulnerabilities disclosed in Q1 2020: What happened? Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic, though its precise impact may not be known for another year. “Although the … More

The post Despite lower number of vulnerability disclosures, security teams have their work cut out for them appeared first on Help Net Security.

Why is SDP the most effective architecture for zero trust strategy adoption?

Software Defined Perimeter (SDP) is the most effective architecture for adopting a zero trust strategy, an approach that is being heralded as the breakthrough technology for preventing large-scale breaches, according to the Cloud Security Alliance. “Most of the existing zero trust security measures are applied as authentication and sometimes authorization, based on policy after the termination of Transport Layer Security (TLS) certificates,” said Nya Alison Murray, senior ICT architect and co-lead author of the report. … More

The post Why is SDP the most effective architecture for zero trust strategy adoption? appeared first on Help Net Security.

C-suite execs often pressure IT teams to make security exceptions for them

The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) – despite also being highly targeted by malicious cyberattacks, according to MobileIron. The study combined research from 300 enterprise IT decision makers across Benelux, France, Germany, the U.K. and the U.S., as well as 50 C-level executives from both the U.K. and the U.S. The study revealed that C-level executives feel frustrated by mobile security protocols and … More

The post C-suite execs often pressure IT teams to make security exceptions for them appeared first on Help Net Security.

Real estate app leaking thousands of user records and sensitive private messages

Real estate app leaking thousands of user records and sensitive private messages

The CyberNews research team uncovered an unsecured Amazon Simple Storage Service bucket of confidential user chat logs belonging to Real estate app Tellus, a US-based software company.

Tellus is a software company based in Palo Alto, California, backed by “well-known investors” that aims to “reimagine Real Estate for the modern era.” The company’s app portfolio includes the Tellus App, a real estate loan, management and investing program. Its target users are American landlords and tenants who can receive and pay rent money, as well as keep all of their ownership and rent related data like rental listings, personal information, and correspondence between tenants and landlords in one place.

The data bucket in question contains a folder with 6,729 CSV files related to the Tellus app that include the app’s user records, chat logs, and transaction records left on a publicly accessible Amazon storage server.

How we found the Tellus app bucket

We discovered the exposed data by scanning through open Amazon Simple Storage Service (S3) buckets, which are online servers that can be used to store data for websites, apps, archives, IoT devices, and more.

Amazon S3 buckets are also known for being challenging to secure, leaving many servers unprotected – and often in the news

We identified Tellus as the owner of the database and notified the company about the leak. As of May 15, the data bucket security issue has been fixed by the Tellus security team and the data is no longer accessible. 

What’s in the data bucket?

The unsecured and unencrypted Amazon S3 bucket contains, among other things:

  • 16,861 user records, including 3,194 verified property owner records and 1,294 verified tenant records stored in separate files
  • Chat logs of private messages between thousands of Tellus platform users, including landlords, tenants, building managers, investors, and Tellus support staff between early 2018 and January 2020
  • Tens of thousands of timestamped property owner transaction records
  • Detailed tenant lead and payment records, including transaction metadata

All of this data is conveniently stored in spreadsheet format that can be easily opened, read, and downloaded by anyone who knows what to look for.

The exposed user records contain:

  • Full names of users, including verified tenants and property owners
  • Traceable user IDs used in transaction records and other logs
  • Email addresses
  • Phone numbers

Example of leaked user records:

The private messages in the chat logs and tenant lead files contain not only the texts of the conversations themselves, but also deeply sensitive content attached therein, including:

  • Full names of the parties involved in the conversation
  • Rent amounts and dates when they are due
  • Tenants’ rented home addresses
  • Case charges and court dates
  • Tenant document scans
  • Screenshots of sensitive images, including other conversations on social media

Example of leaked private messages:

Example of leaked tenant lead messages:

Example of leaked tenant lead messages

Example of leaked transaction records:

Example of leaked transaction records

This means that, in the worst-case scenario, leaving the Tellus S3 bucket unsecured and unencrypted might have led to the continued exposure of data belonging to the entire Tellus user base over a period of up to two years, from 2018 to 2020.

Who had access?

The exposed data was hosted on an Amazon Simple Storage Service (S3) server and located in the US. It is currently unknown for how long the data was left unprotected, and we assume that anyone who knew what to look for could have accessed the data bucket without needing any kind of authentication during the unspecified exposure period.

With that said, it is unclear if any malicious actors have accessed the unsecured data bucket until it was closed by Tellus.

What’s the impact?

While numbers-wise this might not appear like a major leak, the impact on the nearly 17,000 Americans whose records were exposed could be significant if certain data was made publicly available.

Here’s how attackers might use the information found in the Tellus S3 bucket against the exposed users:

  • Blackmailing both tenants and landlords by threatening to publicize the sensitive content found in their private messages and transaction logs
  • Using the information found in private messages to mount targeted phishing attacks, hack online bank accounts, and engage in identity theft
  • Spamming emails and phones
  • Brute-forcing the passwords of the email addresses 
  • Brute-forcing the passwords of the Tellus accounts and stealing the funds therein

Original post available on Cybernews:

About the author Edvardas Mikalauskas

Edvardas Mikalauskas is a writer for Ed’s interests include all things tech and cybersecurity. You can reach him via email or find him on Twitter giggling at jokes posted by parody accounts.

Pierluigi Paganini

(SecurityAffairs – Real estate app leaking, hacking)

The post Real estate app leaking thousands of user records and sensitive private messages appeared first on Security Affairs.

Account credentials of 26+ million LiveJournal users leaked online

A data dump containing account information of over 26 million LiveJournal users has been offered for sale on dark web marketplaces and is now being shared for free on underground hacker forums. The data dump, supposedly originating from a 2014 LiveJournal breach, contains email addresses, usernames, profile URLs and plain text passwords of 33+ million users. After removing duplicates, Troy Hunt has added the dump to the Have I Been Pwned? service, which potentially affected … More

The post Account credentials of 26+ million LiveJournal users leaked online appeared first on Help Net Security.

Breached Mathway App Credentials Offered on Dark Web

Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach.

Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin. 

ShinyGroup, a hacking group notorious for selling compromised data, announced that they had breached Mathway in January 2020. It is currently unknown if the salts and hashes used to encrypt the passwords can be deciphered, but if they are the value of the data to hackers would increase significantly.

“We recently discovered that certain Mathway customer account data–emails and hashed and salted passwords–was acquired by an unauthorized party.  Upon learning of this, we retained a leading data security firm to investigate, address any vulnerabilities and remediate the incident,” Mathway announced after discovering the breach.

Mathway users are urged to update their account passwords and monitor their accounts for suspicious activity.

The post Breached Mathway App Credentials Offered on Dark Web appeared first on Adam Levin.

3 hacking forums have been hacked and database have been leaked online

Three hacking forums,, and have been hacked and their databases have been leaked online

Researchers from intelligence firm Cyble made the headlines again, this time they have discovered online the databases of three hacking forums. The three forums are Sinful SiteSUXX.TO and Nulled, they were all hacked.

These cybercrime forums are places of aggregations for hackers and cybercriminals, that could use them to participate in general discussion and sharing related resources.

hacking forums

Members of the forums share and sell data leaks, hacking tools, malware, tutorials, and much more. The databases appear to have been leaking in May 2020.

“Recently, the Cyble Research Team obtained the database leaks of these hacking forums which appear to have been leaking in May 2020. The Cyble’s researchers obtained-:

  • The databases of SUXX.TO and Nulled contains detailed information of their users, which appears to be dumped on 20 May 2020.
  • The full database of Sinful Site including the private messages, which appear to be dumped on 15 May 2020.

” reads the post published by security firm Cyble.

Cyble experts said that all the above databases have been indexed at AmIBreached data breach lookup service.

Pierluigi Paganini

(SecurityAffairs – data breach, cyber crime forums)

The post 3 hacking forums have been hacked and database have been leaked online appeared first on Security Affairs.

25 million Mathway user records available for sale on the dark web

A threat actor is offering for sale on a dark web marketplace a database containing 25 million user records belonging to the Mathway.

A data breach broker, known as Shiny Hunters, is offering for sale on a dark web marketplace a database that contains 25 million user records for Mathway.

Early May, Shiny Hunters attempted to sell on a dark web marketplace databases containing more than 73.2 million user records from 11 different companies.

Shiny Hunters started offering the Tokopedia dump, then it began proposing 22 million user records for Unacademy and data allegedly obtained from the hack of the Microsoft’s GitHub account.

Recently the group has begun selling databases for the meal kit and food delivery company HomeChef, the photo print service ChatBooks, and

Mathway is a free math problem solver, from basic algebra to complex calculus, it instantly solves users’ math problems simply by typing their problem in (or point their camera and snap a pic!). Users will receive instant free answers through their website or mobile apps (both iOS and Android).

The Mathway app has over 10 million installs on Android Play Store and the Apple Store.

The dump was discovered by cyber intelligence firm Cyble, which confirmed that the archive was being sold in private sales in underground markets.

The Shiny Hunters group is offering for sale the Mathway database for $4,000.

Users’ records in the dump include email addresses and hashed passwords.

“We are aware of reports of a potential data compromise.  We are working with cybersecurity experts to investigate further, and will take the appropriate steps to ensure the security of customer information.” reads a statement published by Mathway.

Mathway is currently investigating the security breach, meantime its users should also change their password on the site and on any other site where they used the same credentials.

Mathway users could check if their account was impacted by the data breach by querying the Cyble’s AmIBreached data breach lookup service.

Pierluigi Paganini

(SecurityAffairs – Mathway, hacking)

The post 25 million Mathway user records available for sale on the dark web appeared first on Security Affairs.

Security Affairs newsletter Round 265

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Elexon, a middleman in the UK power grid network hit by cyber-attack
Experts reported the hack of several supercomputers across Europe
A bug in Edison Mail iOS app impacted over 6,400 users
FBI warns US organizations of ProLock ransomware decryptor not working
Mandrake, a high sophisticated Android spyware used in targeted attacks
Stored XSS in WP Product Review Lite plugin allows for automated takeovers
Texas Department of Transportation (TxDOT) hit by a ransomware attack
129 million records of Russian car owners available on the dark web
Australian product steel producer BlueScope hit by cyberattack
Bluetooth BIAS attack threatens billions of devices
Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways
Easyjet hacked: 9 million customers data exposed along with 2,200+ credit card details
Hackers Target Oil Producers During COVID-19 Slump
Adobe fixed several memory corruption issues in some of its products
Israel is suspected to be behind the cyberattack on Iranian port
Researchers disclose five Microsoft Windows zero-days
Security Service of Ukraine arrested the popular hacker Sanix who sold billions of stolen credentials
Three flaws in Nitro Pro PDF reader expose businesses to hack
VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director
Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia
Japan suspects HGV missile data leak in Mitsubishi security breach
Meal delivery service Home Chef discloses data breach
Santander, one of the biggest European banks, was leaking sensitive data on their website
Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware
Tens of thousands Israeli websites defaced
Cyber-Criminal espionage Operation insists on Italian Manufacturing
Experts found a Privilege escalation issue in Docker Desktop for Windows
Microsoft warns of massive campaign using COVID-19 themed emails
Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry
Experts observed a spike in COVID-19 related malspam emails containing GuLoader
Silent Night Zeus botnet available for sale in underground forums
The Florida Unemployment System suffered a data breach
Voter information for 2 millions of Indonesians leaked online

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 265 appeared first on Security Affairs.

Personal details and documents for millions of Indians available in the deep web

Researchers have discovered a dump containing 29.1M Indian jobseekers personal details that was offered for free in the hacking underground.

Researchers discovered a dump containing 29.1M Indian jobseekers personal details that was offered for free in the hacking underground.

An anonymous entity told Cyble researchers that the data were stored on an unprotected elastic search instance that is no longer accessible.

While Cyble was investigating the issue, a threat actor published more than 2,000 Indian Identity cards (Aadhaar cards) on one hacking forum, files appears to have originated from 2019.

Indian Identity card leak

Then the threat actor leaked 1.8M identity cards belonging to citizens of the Madhya Pradesh state on their forum.

“Cyble has indexed this information on their data breach monitoring and notification platform, People who are concerned about their information leakage, can ascertain the risks by registering to the platform.” reads the post published by Cyble.

Cyble researchers also discovered that a threat actor posted 2.3 GB (zipped) file on one of the hacking forums.

This time the leak contains a lot of personal details of millions of Indians Job seekers from different states. At the time of writing this article, the experts are still investigating the source of the leak.

“It appears to have originated from a resume aggregator given the sheer volume and detailed information.” state the experts.

“Cyble researchers have identified a sensitive data breach on the darkweb where an actor has leaked personal details of ~29 Million Indian Job Seekers from the various states. The original leak appears to be from a resume aggregator service collecting data from various known job portals. Cyble’s team is still investigating this further and will be updating their article as they bring more facts to the surface. This breach includes sensitive information such as email, phone, home address, qualification, work experience etc.”

Crooks could use personal information exposed in both data leaks to conduct various malicious activities, including identity thefts, scams, and corporate espionage.

Pierluigi Paganini

(SecurityAffairs – Indians data leaks, hacking)

The post Personal details and documents for millions of Indians available in the deep web appeared first on Security Affairs.

Online education site EduCBA discloses data breach and reset customers’ pwds

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident.

Online education website EduCBA discloses a data breach, it has started notifying customers that in response to the incident it is resetting their passwords.

EduCBA is a leading global provider of skill based education with 500,000+ members across 40+ Countries. It offers 2500+ courses prepared by top-notch professionals from the Industry to help participants achieve their goals successfully. 

The company is notifying by email the incident to its customers confirming that their data have been accessed by an unauthorized party.

“Therefore, as a caution, we have invalidated passwords of all the users. You may retrieve your password here,” the data breach notification.

The data breach notification doesn’t include technical details about the attack, it only states that email, name, password, courses visited, etc may have been compromised.

The online education website states that no financial information was exposed as they use third-party processors such as PayPal and 2Checkout to process payments.

EduCBA data breach
Source BleepingComputer

As a precaution, EduCBA states that they have reset all user’s passwords.

As usual, customers that have used their EduCBA credentials at other sites have to change their passwords at these sites too.

Customers should remain vigilant of cyber attack, crooks may use their data to carry out spear-phishing attacks.

Pierluigi Paganini

(SecurityAffairs – EduCBA, hacking)

The post Online education site EduCBA discloses data breach and reset customers’ pwds appeared first on Security Affairs.

Voter information for 2 millions of Indonesians leaked online

A hacker has leaked the 2014 voter information for close to 2 million Indonesians on a well-known hacker forum and threatens to release 200 million.

A threat actor has published the 2014 voter information for close to 2 million Indonesians on a popular hacker forum and threatens to release data for a total of 200 million voters.

The dump includes voter records in individual PDF files that were allegedly stolen from the general election commission of Indonesia KPU.

According to intelligence firm Under the Breach, the PDFs were organized by Indonesia cities, threat actor leaks information on 2,300,000 Indonesian citizens. Leaked details include names, addresses, ID numbers, birth dates, and more, they appear to date back to 2013.

The KPU replied that the data was public information, it was available for anyone during the 2014 election. The KPU highlighted that its systems were not hacked.

Pierluigi Paganini

(SecurityAffairs – Indonesians, hacking)

The post Voter information for 2 millions of Indonesians leaked online appeared first on Security Affairs.

The Florida Unemployment System suffered a data breach

Officials revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims.

The Florida Department of Economic Opportunity revealed that the Florida Unemployment System suffered a data breach that impacted some residents who have made unemployment claims.

It has notified 98 people that have been impacted by the incident, government representatives didn’t disclose when the breach took place either the number of the affected individuals and the type of information compromised.

The agency spokeswoman Paige Landrum announced that the breach was addressed within one hour after the officials became aware of it. The Florida Department of Economic Opportunity is offering tho the impacted citizens identity protection services for free.

Impacted users should be vigilant and report any unauthorized activity on their financial accounts.

“The DEO has received more than 2 million claims seeking unemployment benefits from Floridians since the coronavirus pandemic caused mass business closings around the state, though only 1.6 million claims have been verified.” reported the AP agency. “Just under 1 million jobless workers in Florida have been paid more than $2.6 billion in benefits.”

State Sen. Linda Stewart, D-Orlando, expressed concern about the response of the agency to the security breach and the measures it has adopted to prevent future incidents. Stewart sent a letter to Department of Management Services Secretary Jonathan Satter, whose office oversees information technology for other state agencies.

“Given the agency’s (DEO) track record with processing unemployment applications, I’m sure you will understand the great concern I have that all remedies have been quickly taken and that Floridians can be assured that their personal information is now secured and will be protected from future attacks,” Stewart wrote.

The good is that the Florida Department of Economic Opportunity is not aware of malicious activity abusing exposed data.

Pierluigi Paganini

(SecurityAffairs – Florida, hacking)

The post The Florida Unemployment System suffered a data breach appeared first on Security Affairs.

Santander, one of the biggest European banks, was leaking sensitive data on their website

Santander Consumer Bank, the Belgian branch of the bank, had a misconfiguration in its blog domain that was allowing its files to be indexed.

Our new research recently discovered a security issue with Santander, the 5th largest bank in Europe and the 16th largest in the world. This Spanish multinational bank controls approximately $1.4 trillion in total assets globally, and has a $69.9 billion total market capitalization on the Euro Stoxx 50 stock market index.

Our analysts found that the Belgian branch, Santander Consumer Bank, has a misconfiguration in its blog domain, allowing its files to be indexed. 

When we looked through these files, we were able to see sensitive information, including an SQL dump and JSON file that can be used by hackers to potentially phish Santander’s bank customers.

We contacted Santander immediately when we discovered the misconfiguration on April 15.  Representatives from the leading European bank responded to our emails and seem to have fixed the issue, as we are presently unable to access the information.

A Santander Consumer spokesperson said:

“The incident highlighted relates specifically to the Santander Consumer Bank Belgium blog only. The blog contains only public information and articles, and therefore no customer data or critical information from the blog  has been compromised. Our security team has already fixed the issue to ensure the blog is secure.”

What exactly is wrong with the Santander website?

When we visited the Santander blog on its Belgian domain, we noticed that the www endpoint of the blog subdomain had a misconfiguration that allowed all of its files to be indexed by search engines

Included in these indexed files was an important info.json file that seemed to contain its Cloudfront API keys.

Cloudfront is a Content Display Network (CDN) created by Amazon. Websites use CDNs to host large files, such as videos, PDFs, large images and other static content, that would normally slow down their own websites. Because these large files are hosted on the CDNs instead, websites are faster for users.

If a hacker were to get a hold of Santander’s apparent Cloudfront API keys, they would be able to switch out the content hosted on Cloudfront with any other content

For example, if a PDF or Word document was hosted on Cloudfront, and this document contained sensitive information – such as what accounts a customer should send money to – then the hacker would be able to switch that document out with their own version. In that way, they’d be able to change the real account number to his own, and thereby steal the customer’s money.

If a static HTML file was hosted, then the hacker would be able to switch that out with an entire webpage, allowing them to create a phishing page to steal the user’s financial information, all while on Santander’s official Belgian domain.

How to protect yourself

On April 15, we notified Santander’s Belgian website of the misconfiguration, and on April 24 they responded and seem to have fixed the issue. Their CyberSecurity Team stated: “We take cyber security seriously and strive to maintain the highest security standards and best practices and welcome responsible disclosure attitudes in security researchers.”

When we checked for the misconfiguration again on April 27, we received the following message:


You don’t have permission to access this resource.

For Santander’s customers, as well as all other banking customers, we’d recommend that you always check the domain and subdomain that a suspicious bank email is sending you to. Make sure that the domain is the bank’s real domain, but also know that important financial information requests would never be hosted on the blog subdomain of a bank.

Editor’s note: this article was updated on May 19 to reflect new information in collaboration with BitSight that the keys may not have been active Cloudfront API keys at the time of our discovery.

Original post:

About the author: Bernard Meyer

Bernard Meyer is the Senior Researcher at CyberNews. He has a strong passion for security in popular software, maximizing privacy online, and keeping an eye on governments and corporations. He’s been featured in Fortune, Forbes, Wired, Mirror, TechRadar and more. You can usually find him on Twitter arguing with someone about something moderately important.

Pierluigi Paganini

(SecurityAffairs – Santander, hacking)

The post Santander, one of the biggest European banks, was leaking sensitive data on their website appeared first on Security Affairs.

Meal delivery service Home Chef discloses data breach

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information.

Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. Home Chef also explained that only a portion ot its customers were impacted in the security incident.

In early May, Shiny Hunters hacking group started offering for sale the databases containing tens of millions from user records from over 11 companies.

Below the complete list published by BleepingComputer:

CompanyUser RecordsPrice
Tokopedia91 million$5,000
Home Chef8 million$2,500
Bhinneka1.2 million$1,200
Minted5 million$2,500
Styleshare6 million$2,700
Ggumim2 million$1,300
Mindful2 million$1,300
StarTribune1 million$1,100
ChatBooks15 million$3,500
The Chronicle Of Higher Education3 million$1,500
Zoosk30 million$500

At the time, the Shiny Hunters were offering more than 8 million records for $2500.

Now the company confirmed the data breach, saying that the incident has impacted select customer information.

Exposed data includes email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.

“Was My Credit Card Information Compromised? Home Chef does not store complete credit or debit card information” reads the FAQ published by the company.

“Information such as frequency of deliveries and mailing address may also have been compromised,”.

Home Chef also underlined the fact that it does not store complete credit or debit card information. The company is investigating the incident and announced that it is taking action to strengthen its security defenses and prevent similar incidents in the future.

Although the company stores passwords in encrypted format, it recommends users to change the password in an abundance of caution following these process:

  1. Visit
  2. Click on “Log in”
  3. Click on “Account Information”, which is located under the “Account” dropdown menu
  4. Complete the “Change Your Password” section and click “Save your settings.” There’s no need to adjust the other sections on the Account page (e.g. “Subscription”)

Home Chef users should remain vigilant against phishing attacks and suspicious activity in their accounts.

The company is notifying the incident to the impacted users.

Pierluigi Paganini

(SecurityAffairs – HomeChef, hacking)

The post Meal delivery service Home Chef discloses data breach appeared first on Security Affairs.

BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history. In an incident report published on its website, BlockFi was keen to stress that the hacker’s activity had been logged […]… Read More

The post BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost appeared first on The State of Security.

Japan suspects HGV missile data leak in Mitsubishi security breach

Japan continues to investigate a cyberattack that hit this year Mitsubishi Electric Corp., it suspects a possible leak of data including details of a prototype missile.

Japan is still investigating a cyberattack that was disclosed by Mitsubishi Electric Corp. early this year.

In January, the company disclosed a security breach that might have exposed personal and confidential corporate data, at the time, it claimed that attackers did not obtain sensitive information about defense contracts.

Mitsubishi revealed that personal data on some 8,000 people also might have been leaked.

The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attackers deleting activity logs.

The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019. Mitsubishi Electric disclosed the security incident only after two local newspapers, the Asahi Shimbun and Nikkei, reported the security breach.

Mitsubishi Electric had also already notified members of the Japanese government and the Ministry of Defense.

Now, the authorities suspect a data leak that could have exposed details of a prototype missile.

“The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan’s remote islands amid China’s military assertiveness in the region.” states the AP press agency.

“The ministry suspects the information might have been stolen from documents sent from several defense equipment makers as part of a bidding process for the project, Mitsubishi Electric did not win the bid, Japanese media reports said.”

The advanced prototype missile was designed to be deployed in Japan’s remote islands as a deterrence to military activities conducted by China in the area.

Chief Cabinet Secretary Yoshihide Suga announced that the Defense Ministry is investigating “the possible impact of the information leak on national security.”

Mitsubishi Electric

The Defense Ministry was working on a prototype of supersonic missile known as HGV, a technology also being studied by the U.S., China, and Russia.

In January, the two media outlets attributed the cyber attack to a China-linked cyber espionage group tracked as Tick (aka Bronze Butler).

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012,

According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data.

The ministry suspects the information might have been stolen from documents sent from several defense equipment makers as part of a bidding process for the project, Mitsubishi Electric did not win the bid, Japanese media reports said.

Other Japanese defense contractors were hit by cyber attacks, including NEC Corp. , Pasco Corp. and Kobe Steel Ltd.

Pierluigi Paganini

(SecurityAffairs – Mitsubishi, hacking)

The post Japan suspects HGV missile data leak in Mitsubishi security breach appeared first on Security Affairs.

Adam Levin Discusses Covid-19 Scams on CNBC

Adam Levin was featured on CNBC where he discussed how the Covid-19 pandemic has created an ideal environment for scammers.

“We are working with our children and home schooling. We’re sharing devices with our children. We’re trying to juggle work and family. But to a hacker, we are their day job,” said Levin.

The post Adam Levin Discusses Covid-19 Scams on CNBC appeared first on Adam Levin.

Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors

It’s DBIR season! Put down your pens, stop watching “The Last Dance” and get to reading the key findings of the 13th edition of the annual Verizon Data Breach Investigations Report! If “experience is merely the name men gave to their mistakes,” as Oscar Wilde puts it in The Picture of Dorian Gray, then the […]… Read More

The post Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors appeared first on The State of Security.

EasyJet data breach: 9 million customers affected

British low-cost airline group EasyJet has revealed on Tuesday that it “has been the target of an attack from a highly sophisticated source” and that it has suffered a data breach. The result? Email address and travel details of approximately 9 million customers and credit card details (including CVV numbers) of 2,208 customers were accessed. How did the attackers manage to breach EasyJet? EasyJet did not share in their official notice about the incident when … More

The post EasyJet data breach: 9 million customers affected appeared first on Help Net Security.

Easyjet hacked: 9 million customer’s data exposed along with 2,200+ credit card details

British airline EasyJet announced it was the victim of a “highly sophisticated” cyber attack that exposed email addresses and travel details of around 9 million of its customers.

British airline EasyJet announced that a “highly sophisticated” cyber-attack exposed email addresses and travel details of around 9 million of its customers.

“Following discussions with the Information Commissioner’s Office (“ICO”), the Board of easyJet announces that it has been the target of an attack from a highly sophisticated source.” reads a statement from the company. “Our investigation found that the email address and travel details of approximately 9 million customers were accessed.” 

According to the company, hackers also accessed a small subset of customers and obtained credit card details for 2,208 of them, no passport details were exposed.

“Our forensic investigation found that, for a very small subset of customers (2,208), credit card details were accessed.” continues the company.

At the time of writing the airline did not disclose details of the security breach, it is not clear when the incident took place and how EasyJet discovered the intrusion.

EasyJet conducted a forensic investigation and once identifies the unauthorized access has locked it.

The airline reported the incident to the Information Commissioner’s Office (“ICO”), the good news is that the company is not aware of any attack in the wild that abused the stolen information.

EasyJet is still investigating the security breach.

“We take the cybersecurity of our systems very seriously and have robust security measures in place to protect our customers’ personal information. However, this is an evolving threat as cyber attackers get ever more sophisticated,” says EasyJet Chief Executive Officer Johan Lundgren.

“Since we became aware of the incident, it has become clear that owing to COVID-19, there is heightened concern about personal data being used for online scams. Every business must continue to stay agile to stay ahead of the threat.”

The airline has started notifying the incident to all the impacted customers and is recommending them to be “extra vigilant, particularly if they receive unsolicited communications.”

According to the Reuters that cited two people familiar with the investigation, hacking tools and techniques used by attackers point to a group of suspected Chinese hackers that targeted multiple airlines in recent months.

Pierluigi Paganini

(SecurityAffairs – EasyJet, hacking)

The post Easyjet hacked: 9 million customer’s data exposed along with 2,200+ credit card details appeared first on Security Affairs.

Money is still the root of most breaches

Verizon has released its annual Data Breach Investigations Report (DBIR), which offers an overview of the cyber security incidents and data breaches that happened in/were discovered in the past year. Based on an analysis of incident and breach reports by 81 contributing organizations – companies, CERTs, law enforcement agencies and cybercrime units, etc. – from around the world, the DBIR offers insight into current cyber attack trends and the threats organizations in various industry verticals … More

The post Money is still the root of most breaches appeared first on Help Net Security.

129 million records of Russian car owners available on the dark web

A hacker is offering for sale on a dark web forum a database containing 129 million records of car owners in Moscow.

A hacker is attempting to sell on a dark web forum a database containing 129 million records of car owners in Moscow.

As a proof of the authenticity of the data, the hacker has leaked some anonymized data containing all the car details present in the traffic police registry.

The archive doesn’t include car owners’ details, exposed data includes the car’s make and model, place of registration, and the date of first and last registration.

The seller is offering the full version of the database for 0.3 BTC, which at the current rate is about $ 2677, paying 1.5 BTC ($ 13.386) it is possible to purchase information for “exclusive use.”

The accuracy of the data has been verified by Vedomosti media.

“Hackers posted a darknet database of Russian car owners, it includes 129 million positions from the traffic police registry. The authenticity of the information was confirmed by an employee of the car-sharing company, Vedomosti reports.” reads the website

“In the published data there is only anonymized information. These include: place and date of registration of the car, make and model. According to hackers, the full version also contains the name, address, date of birth, passport numbers of car owners and their contact information.”

According to the Russian blog Nora the Hedgehog, several portals where people can pay fines for violating COVID-19 quarantine are leaking their full names and passport numbers by simply providing the registration number of the ticket.

The worst news is that the portals don’t implement any protection against brute-force attacks, allowing attackers to try all the possible combinations of unique ticket numbers to retrieve personal details of the people that paid the fines.

Pierluigi Paganini

(SecurityAffairs – dark web, hacking)

The post 129 million records of Russian car owners available on the dark web appeared first on Security Affairs.

A bug in Edison Mail iOS app impacted over 6,400 users

A security bug in the iOS app has impacted over 6,400 Edison Mail users, the issue allowed some users to access other people’s email accounts.

An update released for iOS application of the Edison Mail introduced a security bug that resulted in some users being given access to other people’s email accounts.

“On Friday, May 15th, 2020, a software update enabled users to manage accounts across their Apple devices. This update caused a technical malfunction that impacted approximately 6,480 Edison Mail iOS users. The issue only impacted a fraction of our iOS app users (and no Android or Mac users were affected). This temporary issue was a bug, and not related to any external security issues.” reads a post published by the company.

“Data from these individual’s impacted email accounts may have been exposed to another user. No passwords were compromised. “

The Edison Mail app allows users to manage their Gmail, Yahoo, Outlook, iCloud, and other email services in a single place. The company offers apps for iOS, Android and macOS, and says its products are used by millions of individuals.

edison mail assistant-ios

The update was rolled out on May 15, it included a feature that allows users to manage their accounts across their Apple devices.

Shortly after the patch was released, some users started reporting they could access other people’s email accounts from the iOS app without authentication.

Edison quickly solved the issue, the company confirmed that the bug potentially impacted 6,480 iOS users.

Edison Mail also confirmed that user credentials were not exposed.

The company addressed the issue with two updates, the first one on Saturday that prevented impacted users from accessing any account from the Edison app, the second one on Sunday morning, which re-enabled access for impacted users.

“A new version of the application was made available early Sunday morning in the App Store that restores full functionality for these 6,480 users. Other users were not impacted and no action is required.” added the company.

“We have notified all individual users who may have been impacted by this issue via email, and as an additional safety precaution, suggested that impacted users also change their email account password. If you did not receive an email on this issue then your account was not impacted,”

Pierluigi Paganini

(SecurityAffairs – Edison Mail, hacking)

The post A bug in Edison Mail iOS app impacted over 6,400 users appeared first on Security Affairs.

Shifting responsibility is causing uncertainty and more security breaches

Data security is creating fear and trust issues for IT professionals, according to a new Oracle and KPMG report. The study of 750 cybersecurity and IT professionals across the globe found that a patchwork approach to data security, misconfigured services and confusion around new cloud security models has created a crisis of confidence that will only be fixed by organizations making security part of the culture of their business. Data security is keeping IT professionals … More

The post Shifting responsibility is causing uncertainty and more security breaches appeared first on Help Net Security.

Identity-related breaches on the rise, prevention still a work in progress

The number of workforce identities in the enterprise is growing dramatically, largely driven by DevOps, automation, and an increase in enterprise connected devices, which will only continue to accelerate identity growth, an IDSA survey of 502 IT security and identity decision makers reveals. At the same time, compromised identities remain one of the leading causes of a data breach. According to the study, the vast majority of IT security and identity professionals have experienced an … More

The post Identity-related breaches on the rise, prevention still a work in progress appeared first on Help Net Security.

Security Affairs newsletter Round 264

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Blue Mockingbird Monero-Mining campaign targets web apps
Shiny Hunters group is selling data from 11 companies on the Dark Web
Swiss rail vehicle manufacturer Stadler hit by a malware-based attack
ATM vendor Diebold Nixdorf suffered a Ransomware attack
Experts disclose security flaws in Oracles iPlanet Web Server
GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce
Sodinokibi ransomware uses MS API to encrypt open and locked files
STAMINA, a new approach to malware detection by Microsoft, Intel
VMware is going to fix recent Salt issues in vROps
A cyber attack hit a port on Strait of Hormuz, Iran said
Adobe addresses critical issues in Acrobat, Reader, and DNG SDK
Patch now your vBulletin install before hacker will target your forum
Popular Page Builder WordPress plugin fixes critical issues. Update it now!
Trojan Lampion is back after 3 months
Zeus Sphinx continues to be used in Coronavirus-themed attacks
Chancellor Merkel has ‘hard evidence of Russian hackers targeted her
Crooks continues to use COVID-19 lures, Microsoft warns
Expert found 1,236 websites infected with Magecart e-skimmer
Healthcare giant Magellan Health discloses data breach after ransomware attack
Microsoft May 2020 Patch Tuesday fixes 111 flaws, 13 Critical
USCYBERCOM shares five new North Korea-linked malware samples
China-linked hackers are attempting to steal COVID-19 Vaccine Research
Crooks stole $10 million from Norways state investment fund Norfund
Google WordPress Site Kit plugin grants attacker Search Console Access
New Ramsay malware allows exfiltrating files from air-gapped computers
Zerodium will no longer acquire certain types of iOS exploits due to surplus
Chinese APT Tropic Trooper target air-gapped military Networks in Asia
Interserve UK defense contractor hacked, up to 100,000 past and present employees details exposed
Palo Alto Networks addresses tens of serious issues in PAN-OS
Russian APT Turlas COMpfun malware uses HTTP status codes to receive commands
Threat actors are offering for sale 550 million stolen user records
APT group targets high profile networks in Central Asia
Microsoft is open-sourcing COVID-19 threat intelligence
QNodeService Trojan spreads via fake COVID-19 tax relief

Pierluigi Paganini

(SecurityAffairs – newsletter, hacking)

The post Security Affairs newsletter Round 264 appeared first on Security Affairs.

Hackers Double Ransom Demands, Implicate Trump in Celebrity Law Firm Hack

The hackers who attacked a major entertainment and media law firm have now doubled the sum they’re demanding, and have included a threat to reveal compromising data on President Donald Trump.

Grubman Shire Meiselas & Sacks represents high-profile clients including U2, Madonna, Lizzo, Drake, and Lady Gaga among many others. The firm was targeted with ransomware earlier this month, which led to the reported exfiltration of 756 gigabytes of data, including contracts and client correspondence. REvil, the hacking group claiming responsibility for the attack, initially demanded $21 million in ransom and released contracts relating to a recent Madonna tour as proof of their access to the firm’s data. They have since doubled their demand.

“The ransom is now $42,000,000,” the hackers announced in a statement on the dark web. “The next person we’ll be publishing is Donald Trump… Grubman, we will destroy your company down to the ground if we don’t see the money.”

Donald Trump is not a client of the firm, which raises questions as to what data, if any, they have access to.

Grubman Shire Meiselas & Sacks has refused to cooperate with the hackers’ demands.

“The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others,” the firm said in an announcement.

The post Hackers Double Ransom Demands, Implicate Trump in Celebrity Law Firm Hack appeared first on Adam Levin.

Interserve UK defense contractor hacked, up to 100,000 past and present employees details exposed

Britain’s Ministry of Defence contractor Interserve has been hacked, intruders have stolen up to 100,000 past and present employees’ details.

Interserve, a contractor for the Britain’s Ministry of Defence suffered a security breach, hackers have stolen up to 100,000 of past and current employees details. The company currently has around 53,000 employees. Stolen data includes payment information and details of their next of kin.

“Outsourcing group Interserve is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen.” reported The Telegraph.

“Hackers broke into a human resources database owned by the outsourcing firm, which recently helped build the Birmingham Nightingale Hospital, on May 9 and stole information on current and former Interserve employees, a company insider said.”

Attackers might have accessed to names, addresses, bank details, payroll information, next of kin details, HR records, dates of absences, and pension information.

The security breach took place early May, at the time there are no details about the attack and it is unclear the number of affected individuals.

“Interserve was the target of a cyber security attack earlier this month.” reads a press release published by the company on its website.

“Interserve is working closely with the National Cyber Security Centre (NCSC) and Strategic Incident Response teams to investigate, contain and remedy the situation. This will take some time and some operational services may be affected. Interserve has informed the Information Commissioner (ICO) of the incident. We will provide further updates when appropriate.”

The defense contractor is investigating the incident with the help of the National Cyber Security Centre.

According to the defense contractor’s website, Interserve is present on 35 MoD sites, the company also announced that it is supporting the NHS during COVID-19.

Pierluigi Paganini

(SecurityAffairs – data breach, hacking)

The post Interserve UK defense contractor hacked, up to 100,000 past and present employees details exposed appeared first on Security Affairs.

Threat actors are offering for sale 550 million stolen user records

Threat actors are offering for sale tens of databases on a hacker forum that contains roughly 550 million stolen user records.

Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020.

The data could be used by crooks to launch credentials stuffing attacks against individuals and organizations.

Hackers are also offering for sale a separate database containing 47.1 million phone numbers that are part of Dubsmash data breach that occurred in 2018.

Below the list of databases, published by Bleepingcomputer, that are available for sale:

CompanyAmountData Breach Date
Evite.com101 millionMarch 2019
Tokopedia.com91 millionApril 2020
piZap.com60.9 millionApril 2018 ( millionNovember 2012 Phone numbers47.1 millionDecember 2018
Shein.com42 millionJune 2018
Fotolog.com33.5 millionDecember 2018
CafePress.com23.6 millionFebruary 2019 Customers23.2 millionDecember 2018
OMGPop.com21.4 millionAugust 2019
SinglesNet.com16.3 millionSeptember 2012
Bukalapak.com13 millionFebruary 2018
Bookmate.com8 millionJuly 2018
ReverbNation.com7.9 millionJanuary 2014
Wego.com6.5 millionN/A
EatStreet.com6.4 millionMay 2019
PumpUp.com6.4 millionN/A
CoffeeMeetsBagel.com6.2 millionMay 2018
Storybird.com4 millionDecember 2018
Minube.net3.2 millionMay 2019
Sephora.com3.2 millionJanuary 2017
CafeMom.com2.6 millionApril 2014
Coubic.com2.6 millionMarch 2019
Roadtrippers.com2.5 millionMay 2019
DailyBooth.com1.6 millionApril 2014
ClassPass.com1.6 millionOctober 2017
ModaOperandi.com1.3 millionApril 2019 ( millionJanuary 2019
StreetEasy.com1 millionMay 2018
Yanolja.com1 millionMarch 2019

Users can verify if their credentials are part of one of the above breaches querying the the Cyble’s data breach lookup service.

Those who have their account exposed in one of the above incidents are recommended to change their password.

Pierluigi Paganini

(SecurityAffairs – threat actors, hacking)

The post Threat actors are offering for sale 550 million stolen user records appeared first on Security Affairs.

Businesses vulnerable to emerging risks have a gap in their insurance coverage

The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group. The report surveyed business decision makers about cyber vulnerabilities and risk mitigation efforts. Insurance purchasing decisions influenced by media coverage Most businesses surveyed indicated they had purchased cyber insurance, and more than 70% … More

The post Businesses vulnerable to emerging risks have a gap in their insurance coverage appeared first on Help Net Security.

Employee mistakes lead to information exposure in Nova Scotia, U.K.

It’s bad enough that hackers are able to exploit software vulnerabilities in IT environments to make off with sensitive data, but too often mistakes and misconfigurations by employees also lead to data being exposed. Two incidents reported this week show how serious this can be.

CBC News discovered the first incident recently which involved perhaps a decade’s worth of unedited appeal decisions of the Nova Scotia Workers Compensation Board being posted on a legal website name of workers. Some of the informati0n also included intimate personal information about claimants. Usually, names and other identifying information in those cases are deleted.


Nova Scotia removed the unedited documents after being told of their discovery by CBC.

“It’s terrible to hear,” the broadcaster quoted one WCB claimant whose 2009 case was posted. “I was shocked more than anything.”

The incident involves decisions between 1998 and 2009 of the Nova Scotia Workers Compensation Appeals Tribunal (WCAT) that were uploaded to the website of the Canadian Legal Information Institute (CANLII). Lawyers and legal researchers use the decisions filed there to support their cases. However, the database is open to the public.

According to the CBC, all WCAT cases filed after 2010 had the names of the worker and their employer redacted.

Asked for comment, the tribunal issued a statement saying it “is aware of this situation, and WCAT is following the Province’s privacy breach protocol. The WCAT has reported this incident to the Privacy Review Officer.”

The provincial information and privacy commissioner’s office has been notified of the incident. Provincial legislation doesn’t mandate that victims of a WCAT data breach be notified.

In the second case, discovered a presumably confidential U.K. health department document on a public Google drive with possible new features for the country’s COVID-19 contact tracing app. The series of slides, marked ‘OFFICIAL – SENSITIVE’, was part of a group of documents intended to be open so the public can see how the app, now in a trial, was developed.

Wired says the sensitive document was part of a group published by the U.K. National Health Service (NHS) on a Google Drive. It was accompanied by a privacy impact assessment of a U.K. COVID-19 contact tracing app now being tested and could be seen by anyone with a link. While other documents could not be accessed without approval, the sensitive slide deck with potential features wasn’t.

What could make the slide deck embarrassing to the government is it contains possible features to be added to the already controversial app now being tested among the population of the Isle of Wight. In addition to disputes over whether such mobile apps are effective in helping control the rate of infection, privacy and health experts are fighting over whether an approved app should hold encrypted contact information on a mobile device (the decentralized model pushed by Google and Apple) or uploaded to a government-controlled server (the centralized model). The U.K. app being tested uses a centralized model. However, this week news emerged that the U.K. government is also paying for the development of a decentralized app.

The slides say a future version of the app being tested could allow users to periodically enter their personal health status, as well as their postal code, demographic and location information to help the NHS in infection planning.

Magellan Health Ransomware Attack Exposes Customer Data

In the wake of an April ransomware attack, Fortune 500 healthcare company Magellan Health announced that a hacker exfiltrated customer data.

The ransomware attack was first detected by Magellan Health April 11, 2020, and was traced back to a phishing email that had been sent and opened five days earlier. Subsequent investigation revealed that customer data had been exfiltrated prior to the deployment of the ransomware.

“The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords,” stated the company in a letter sent to affected individuals.

This incident comes months after the company announced several of its subsidiaries had been targeted by phishing attacks that resulted in the compromise of the health information of more than 55,000 members.


The post Magellan Health Ransomware Attack Exposes Customer Data appeared first on Adam Levin.

Smashing Security #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

Celebrity Data Stolen in Major Data Breach

A major entertainment and media law firm experienced a massive data breach that may have compromised the data of many celebrities including Bruce Springsteen, Lady Gaga, Madonna, Nicki Minaj, Christina Aguilera, and others.

Grubman Shire Meiselas & Sacks, a New York-based law firm, was hit by a ransomware attack that compromised at least 756 gigabytes of client data, including contracts, non-disclosure agreements, contact information and personal correspondence. The hackers appear to have used REvil, or Sodinkobi, a ransomware strain behind several high-profile cyberattacks on targets including Kenneth Cole, Travelex, and Brooks International.

Whoever is behind the hack has threatened to publish the stolen data in nine installments unless the law firm pays an undisclosed ransom. They have since released documents belonging to Madonna and Christina Aguilera on the dark web to prove they have the goods and are willing to make them public.

Grubman Shire Meiselas & Sacks has yet to issue a statement on the breach. As of May 12, their website is still currently offline. 

The post Celebrity Data Stolen in Major Data Breach appeared first on Adam Levin.

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency.

Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. 

“The mining attempt… quickly overloaded most of our systems which alerted us to the issue immediately,” the company announced May 3, adding that “[t]here is no direct evidence that private customer data, passwords or other information has been compromised. 

The hackers compromised Ghost’s servers by exploiting two major vulnerabilities in SaltStack, a network automation tool typically used by IT support and system administrators. Ghost is just one of several companies and organizations that have been compromised since the vulnerabilities were disclosed, including LineageOS, an Android-based operating system, and Digicert, a security certificate authority. 

As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems. The company also stated that they would be notifying their customers, which include NASA, Mozilla, and DuckDuckGo.


The post Ghost Blogging Platform Hacked To Mine Cryptocurrency appeared first on Adam Levin.

Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

From late 2019, MAZE Ransomware started becoming infamous for its Encryption, data stealing and the subsequent selling of the stolen data. Few other reasons behind its popularity are also its unique targets and the ransom demands. From its inception around May 2019, MAZE actors are targeting multiple sectors, prominent ones…

Cybersecurity Trends

Trends are interesting since they could tell you where things are going.

I do believe in studying history and behaviors in order to figure out where things are going on, so that every Year my colleagues from Yoroi and I spend several weeks to study and to write what we observed during the past months writing the Yoroi Cybersecurity Annual Report (freely downloadable from here: Yoroi Cybersecurity Report 2019).

The Rise of Targeted Ransomware

2019 was a breakthrough year in the cyber security of the European productive sector. The peculiarity of this year is not strictly related to the number of hacking attempts or in the malware code spread all over the Internet to compromise Companies assets and data but in the evolution and the consolidation of a new, highly dangerous kind of cyber attack. In 2019, we noticed a deep change in a consistent part of the global threat landscape, typically populated by States Sponsored actors, Cyber-Criminals and Hack-tivists, each one having some kind of attributes, both in motivations, objectives, methods and sophistications.

During the 2019 we observed a rapid evolution of Cyber Crime ecosystems hosting a wide range of financially motivated actors. We observed an increased volume of money-driven attacks compared to previous years. But actors are also involved in cyber-espionage, CEO frauds, credential stealing operations, PII (Personally Identifiable Information) and IP (Intellectual Property) theft, but traditionally much more active in the so called “opportunistic” cyber attacks. Attacks opportunistically directed to all the internet population, such as botnets and crypto-miners infection waves, but also involved in regional operations, for instance designed to target European countries like Italy or Germany as branches of major global-scale operations, as we tracked since 2018 with the sLoad case and even earlier with the Ursnif malware propagations waves.
In 2019 like what happened in 2018, Ransomware attacks played a significant role in the cyber arena. In previous years the whole InfoSec community observed the fast increase in o the Ransomware phenomenon, both in term of newborn ransomware families and also in the ransom payment options, driven by the consolidation of the digital cryptocurrencies market that made the traditional tracking techniques – operated by law enforcement agencies – l less effective due to new untrackable crypto currencies. But these increasing volumes weren’t the most worrying aspect we noticed.

Before 2019, most ransomware attacks were conducted in an automated, mostly opportunistic fashion: for instance through drive by download attacks and exploit kits, but also very frequently using the email vector. In fact, the “canonical” ransomware attacks before 2019 were characterized by an incoming email luring the victim to open up an attachment, most of the times an Office Document, carefully obfuscated to avoid detection and weaponized to launch some ransomware malware able to autonomously encrypt local user files and shared documents.

During 2019, we monitored a deep change in this trend. Ransomware attacks became more and more sophisticated. Gradually, even major cyber-criminal botnet operators, moved into this emerging sector leveraging their infection capabilities, their long term hacking experience and their bots to monetize their actions using new malicious business models. Indeed, almost every major malware family populating the cyber criminal landscape was involved in the delivery of follow up ransomware within infected hosts. A typical example is the Gandcrab ransomware installation operated by Ursnif implants during most of 2019. But some criminal groups have gone further. They set the threat level to a new baseline.

Many major cyber criminal groups developed a sort of malicious “RedTeam” units, lest call them “DarkTeams”. These units are able to manually engage high value targets such as private companies or any kind of structured organization, gaining access to their core and owning the whole infrastructure at once, typically installing ransomware tools all across the network just after ensuring the deletion of the backup copies. Many times they are also using industry specific knowledge to tamper with management networks and hypervisors to reach an impressive level of potential damage.
Actually, this kind of behaviour is not new to us. Such methods of operations have been used for a long time, but not by such a large number of actors and not with such kind of objectives. Network penetration was in fact a peculiarity of state sponsored groups and specialized cyber criminal gangs, often threatening the banking and retail sectors, typically referenced as Advanced Persistent Threats and traditionally targeting very large enterprises and organizations.
During 2019, we observed a strong game change in the ransomware attacks panorama.

The special “DarkTeams” replicated advanced intrusion techniques from APT playbooks carrying them into private business sectors which were not traditionally prepared to deal with such kinds of threats. Then, they started to hit organizations with high impact business attacks modeled to be very effective for the victim context. We are facing the evolution of ransomware by introducing Targeted Ransomware Attacks.

We observed and tracked many gangs consolidating the new Targeted Ransomware Attacks model. Many of them have also been cited by mainstream media and press due to the heavy impact on the business operation of prestigious companies, such as the LockerGoga and Ryuk ransomware attacks, but they only were the tip of the iceberg. Many other criminal groups have consolidated this kind of operations such as DoppelPaymer, Nemty, REvil/Sodinokibi and Maze, definitely some of the top targeted ransomware players populating the threat landscape in the last half of 2019.
In the past few months we also observed the emergence of a really worrisome practice by some of these players: the public shame of their victims. Maze was one of the first actors pionering this practice in 2019: the group started to disclose the name of the private companies they hacked into along with pieces of internal data stolen during the network intrusions.

The problem rises when the stolen data includes Intellectual Property and Personal Identifiable Information. In such a case the attacker leaves the victim organization with an additional, infaust position during the cyber-crisis: handling of the data breach and the fines disposed by the Data Protection Authorities. During 2020 we expect these kinds of practices will be more and more common into the criminal criminal ecosystems. Thus, adopting a proactive approach to the Cyber Security Strategy leveraging services like Yoroi’s Cyber Security Defence Center could be crucial to equip the Company with proper technology to acquire visibility on targeted ransomware attacks, knowledge, skills and processes to spot and handle these kind of new class of threats.

Zero-Day Malware

Well Known threats are always easier to be recognized and managed since components and intents are very often clear. For example a Ransomware, as known today, performs some standard operations such as (but not limited to): reading file, encrypting file and writing back that file. An early discovery of known threat families would help analysts to perform quick and precise analyses, while unknown threats are always difficult to manage since analysts would need to discover firstly the intentions and then bring back behaviour to standard operations. This is why we track Zero-Day Malware. Yoroi’s technology captures and collects samples before processing them on Yoroi’s shared threat intelligence platform trying to attribute them to known threats.

As part of the automatic analysis pipeline, Yoroi’s technology reports if the malicious files are potentially detected by Anti-Virus technologies during the detection time. This specific analogy is mainly done to figure-out if the incoming threat would be able to bypass perimetral and endpoint defences. As a positive side effect we collect data on detected threats related to their notoriety. In other words we are able to see if a Malware belonging to a

threat actor or related to specific operation (or incident) is detected by AV, Firewall, Next Generation X and used endpoints.
In this context, we shall define what we mean for Zero-Day Malware. We call Zero-Day malware every sample that turns out to be an unknown variant of arbitrary malware families. The following image (Fig:1) shows how most of the analyzed Malware is unknown from the InfoSec community and from common Antivirus vendors. This finding supports the even evolving Malware panorama in where attackers start from a shared code base but modify it depending on their needed to be stealth.

Immagine che contiene dispositivo, disegnando

Descrizione generata automaticamente

The reported data are collected during the first propagation of the malicious files across organizations. It means Companies are highly exposed to the risk of Zero-Day malware. Detection and response time plays a central role in such cases where the attack becomes stealth for hours or even for days.
Along with the Zero-Day malware observation, most of the known malware at time of delivery have not so high chances of being blocked by security controls. The 8% of the malware is detected by few AV engines and only 33% is actually well identified at time of attack. Even the so-called “known malware” is still a relevant issue due to its capability to maintain a low detection rate during the first infection steps. Indeed only less than 20% of analyzed samples belonging to “not Zero-Day” are detected by more than 15 AV engines.

Drilling down and observing the behavioural classification of the intercepted samples known by less than 5 AntiVirus engines at detection time, we might appreciate that the “Dropper” behaviour (i.e. the downloading or unpacking of other malicious stages or component) lead the way with 54% of cases, slightly decreasing since the 2018. One more interesting trend in the analyzed data is the surprising decrease of Ransomware behaviour, dropping from 17% of 2018 to the current 2%, and the bullish raise of “Trojan” behaviours up to 35% of times, more than doubled respect to the 15% of 2018.
This trend endorses the evidence that ransomware attacks in 2019 begun to follow a targeted approach as described in the “The Rise of Targeted Ransomware” section.

Immagine che contiene dispositivo

Descrizione generata automaticamente

A reasonable interpretation of the darkling changes on these data, could actually conform with the sophistication of the malware infection chain discussed in the previous section. As a matter of fact, many of the delivered malware are actually a single part of a more complex infection chain. A chain able to install even multiple families of malware threats, starting from simple pieces of code behaving like droppers and trojan horses to grant access to a wider range of threats.   

This trend gets another validation even in the Zero-Day malware data set: the samples likely unknown to Info.Sec. community – at the time of delivery –  substantially shifted their distribution from previous years. In particular, Ransomware behaviour detections dropped from 29% to 7% in 2019, and Trojan raised from 28% to 52% of cases, showing similar macro variations.

Immagine che contiene dispositivo

Descrizione generata automaticamente

If you want to read more details on “DarkTeams” and on what we observed during the past months, please feel free to download the full report HERE.

Internet Safety for Kids: A Refresher for Homebound Families

internet safety for kids

Editor’s Note: This is part II of our internet safety for kids series. Part I focuses on younger children and can be read here.

Parents have always been concerned about keeping their kids safe online — especially their tweens and teens. That conversation is even more critical with parents and kids now working and learning at home. But as the days turn into weeks, the line between safe and risky digital behavior may get a little blurry. Maybe we can help by refreshing some basics.

Why is internet safety for kids important?

There’s no way around it. Young and old, over time, we’ve tethered nearly every aspect of our lives to the digital realm. If we want to work, bank, shop, pay bills, or connect with family and friends, we have to plugin. A wired life makes internet safety not just important, but mission-critical for parents.

Kids go online for school, to be entertained, and to connect with friends; only they don’t have the emotional maturity or critical thinking skills to process everything they will encounter on the other side of their screens.

That’s where proactive digital parenting comes in.

If our parenting goal is to raise wise, responsible, caring adults, equipped for real life, that goal must also include helping them safeguard their emotional and physical health from online risk. There’s no such thing as a digital platform or product that is 100% safe. So, our best strategy is to learn and pass on skills that mitigate that risk.

What are the dangers of the internet?

Any danger that exists offline is potentially multiplied when we log online due to the vast access the web affords each one of us. In a few clicks, we can unlock a world of possibilities. The flip side? There’s an ever-present battalion of crooks and bullies out to exploit that access. Online we will encounter the best and the worst of humankind. The daily threats to children include bullying, inappropriate content, predators, and the loss of privacy. Add to that list, digital viruses and malware, phishing scams, sharing regrettable content, and gaming addiction.

How can homebound kids avoid digital risk?

So what can we do to ensure the weeks ahead don’t bring more digital risk into our homes? We start by having consistent, candid conversations with our kids about online safety (even if eye-rolling begins). Truth: Your family’s cybersecurity is as strong as the weakest security link in your family. If one family member is lax about internet safety, your entire family’s security is compromised.

So let’s get started with some internet safety basics to share with your tweens and teens. To read internet safety guidelines for younger children, click here.

11 Internet Safety Basics for Homebound Teens

internet safety for kids

  1. Get candid about content. Your tweens and teens have likely come across inappropriate material online. You can minimize further exposure by discussing expectations and family values around acceptable content — both sharing it and receiving it. Reminder: “Vanishing” Snapchats and deleted content can be easily captured in a screenshot — nothing shared online is private. For extra monitoring muscle, consider adding a parental control software to your family’s internet safety plan.
  2. Keep passwords, software, apps updated. Being homebound gives us all extra time for details. Go through personal and family devices and update all passwords. Keeping device software and apps updated also protects kids from outside risk.
  3. Balance life and tech. Kids can lose their entire day surfing, scrolling, and watching YouTube or TikTok videos. Establish screen limits help kids grow healthy tech habits. Consider scheduling device breaks, no phone zones (dinner table, movie time, bedtime), and installing software that features time limits.
  4. Be a leader online. Yoda was on target — with much power comes much responsibility. Many online dangers can be diminished by consistently teaching kids to be upstanders online. Practicing empathy, respect, tolerance, and compassion makes the digital world safer for everyone.
  5. Address peer pressure. Kids with devices can share unwise, personal photos with friends they trust. When friendships end, however, those photos can be shared or used for bullying or extortion. Discuss digital peer pressure with your child and how to respond.
  6. Look out for scams. Talk frequently about the many forms scams can take, such as phishing, malware, catfishing, fake news, and clickbait.
  7. Don’t friend strangers. Sexual predators create fake social media accounts specifically to befriend kids. In turn, kids share personal info, daily plans, location, and may even agree to meet in person with online friends. Discuss these risky scenarios and other manipulation tactics of predators with your child. Be aware of his or her friend circles, and look for chat apps such as WhatsApp or Kik.
  8. Maximize privacy on social profiles. Help kids maximize privacy settings on social profiles and delete any profile or post information that unintentionally gives away personal data. Consider removing the names of family members, pets, school, hometown, and birthdays. Hackers can piece together this information to crack passwords or create authentic-looking phishing scams.
  9. Consider a family VPN. Virtual Private Networks are becoming the most popular way to conduct business, shop, and safeguard a family’s online activity from outsiders. VPN encryption can protect a child against several virtual threats.
  10. Review gaming safety. If your kids spend a lot of time on games like Fortnite and Call of Duty, they can encounter strangers, bullying, and scams that target gamers. Teen gamers should use a firewall to help block would-be attackers from gaining access to their PC and home networks and as well as a comprehensive security solution to protect devices from malware and other threats.
  11. Monitor devices. Consider spot-checking all devices routinely. Review privacy settings on social networks (kids change them), look for new apps, review browsing history, chats, and texts. Need to go a step farther? Keep your child’s phone for a few hours to check notifications that pop up. You may find activity that wasn’t necessarily visible otherwise.

Taming all the moving parts of internet safety isn’t easy, and balancing your relationship with your child and parental monitoring can get turbulent at times. While kids can experience more drama and anxiety by going online, social networks remain critical channels for affirmation, self-expression, and connection. In the weeks to come, take time to listen, learn, and get to know your child’s digital passions and patterns. Identify safety gaps and reinforce those areas. Good luck, parents, you’ve got this!

The post Internet Safety for Kids: A Refresher for Homebound Families appeared first on McAfee Blogs.

Cyber Security Roundup for April 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2020.

The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and 
businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
Convincing COVID-19 Scam Text Message (Smishing)

I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.

I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams.  It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.

March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way.  There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution

Away from the deluge of coronavirus cybersecurity news and threats, Virgin Media were found to have left a database open, which held thousands of customer records exposed, and T-Mobile's email vendor was hacked, resulting in the breach of their customers and employees personal data.  

International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guestsTony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”

Five billion records were found to be exposed by UK security company Elasticsearch.  Researchers also found an Amazon Web Services open MongoDB database of eight million European Union citizen retail sales records was left exposed, which included personal and financial information.  And Let’s Encrypt revoked over 3 million TLS certificates due to a bug which certification rechecking

March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants.  Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.

Stay safe, safe home and watch for the scams.


      Little Ones Online More? Here Are 10 Basics To Keep Them Safe

      protecting kids online

      Online safety conversations look dramatically different depending on the age and stage of your child. For very young children, toddlers through elementary school, parents have a golden opportunity to lay the foundations that will shape a child’s digital perspectives and behaviors for a lifetime.

      One way to keep younger children safe online is simply to begin. How early, you might ask? From the day they arrive. If you’ve ever seen a four-month-old reach for mommy’s smartphone only to cry when mommy takes it away, it’s clear the baby has observed the culture around him. He knows that the shiny toy that hums is one of mommy’s favorite things. It has the power to capture and hold her attention. It makes her laugh, cry, and influence her routine and emotions.

      Protecting kids online

      Modeling balanced screen habits is a powerful way to influence behavior as toddlers begin to discover television, apps, interactive toys, and online learning sites. At this stage, intentional steps such as limiting screen time, reviewing content, and talking with your little one in simple concepts about the images and stories encounter will help grow their digital IQs. Note: The American Academy of Pediatrics (AAP) recommends keeping all screens turned off around babies and toddlers younger than 24 months.

      Move With The Curve

      As kids move into elementary school, technology is often part of the learning experience. Some children (depending on the household) may even own smartphones. Because the integration of technology begins to increase, this stage requires parents to move with the curve of a child’s online safety needs. Priorities: Securing devices kids take to school, setting filters on web browsers, limiting screen and gaming time, encouraging physical activity and hobbies, and having consistent, age-appropriate conversations about the online world is more important than ever.

      10 Online Safety Basics for Younger Children

      1. Keep devices in a common area. By locating all computers, TVs, and devices in a common area, parents can easily monitor a child’s online activity. This simple step also helps kids get used to parental monitoring and responsible digital behavior.
      2. Follow family device rules. Establish family ground rules for technology use and repeat them to your younger children. Every child’s maturity and self-control level is different. If you think your child’s connection with his or her technology begins to tip toward the unhealthy, make adjustments as you go. If you set a 20-minute game time limit, be ready to enforce it consistently. In our experience, inconsistency in enforcing technology rules when kids are young is one of the biggest regrets among parents of teens.
      3. Introduce password security. As we accumulate IoT devices, it’s common for younger children to interact with home assistants, SmartTVs, digital toys, and online games. When password prompts come up on a login screen, explain to your child what you are doing (use your password) and why passwords are necessary. Get into the habit of using 2-factor authentication for passwords and locking your device home screens with a pin code.
      4. Filter content. Younger kids accept content at face value and don’t have the critical thinking skills process information or to be alone online. If you allow younger kids online, consider sitting with them, and explaining the content in front of them. To avoid the chance of your child encountering inappropriate content by mistake, consider adding parental control software to family devices.protecting kids online
      5. Start the privacy conversation. Kids of all ages understand the word “mine.” As your kids interact with the online in the early years, explain why it’s essential to keep their name, picture, family member names, school name, and address private.
      6. Introduce VPN use early. Browsing on a secure network (VPN, Virtual Private Network) from an early age reinforces the concept of privacy online. Explain to your child how the private encryption “tunnel” your content (searches, activity, messages) passes through and how that keeps other people from grabbing your private information. Even a text conversation with Grandma could accidentally give away information.
      7. Explain the concept of scams. When age-appropriate, explain how (and why) some people online try to trick you into clicking a box or a link to learn more about you. Discuss why you shouldn’t click on pop-up ads, hyperlinks, and messages that could contain malware or phishing links. To guard family devices against malicious links, consider free tools like Web Advisor.
      8. Discuss digital stranger danger. When you open a web browser, you open your home to content and people you don’t know. Children of any age can inadvertently run into digital danger zones. Teach young children not to talk to a stranger online or send (or share) photos with others. It’s also a good idea to cover the camera lens on your laptop or tablet, advise children to never stay on a website you would not approve of, and to never download or click a link without asking your permission.
      9. Introduce safe social networking. Online communities are here to stay, so consider starting social network safety talks early. Several kid-friendly browsers, apps, and social networks exist online for younger kids and are perfect for teaching them about privacy settings, how to collaborate and interact with others online.
      10. Start talking. Keep talking. Of all the principles we’ve featured, we’ve saved the best for last. Creating an open, trusting dialogue with your child is your #1 security tool in keeping your child safe online today and into the future.

      While schools introduce kids to internet safety basics to protect kids online and do well to refresh concepts along the way, it’s the consistent, intentional work of parents that shape the values and skills a child needs to navigate the online world. By putting some of these foundational principles in place early and committing to consistent follow-through, it’s possible to maintain critical influence as your children move into different phases of their digital lives.

      The post Little Ones Online More? Here Are 10 Basics To Keep Them Safe appeared first on McAfee Blogs.

      Honey, We’re Home! Securing Your Devices and Your Family Bond  

      family device security

      More and more parents and their kids are experiencing what it’s like to work and learn together from home these days. With this increase in device use, it’s more important than ever to verify that all the technology humming under your roof is as secure as possible.

      Securing family technology

      Run an overall security check. Taking an inventory of all your family’s connected devices and their security should be as important as keeping your doors locked and keeping batteries in your smoke alarms — your family’s safety depends on it. Consider installing a comprehensive security solution across all devices. This will help protect your family against malware, viruses, phishing attacks, and alert you to malicious websites. As part of your security check, be sure to update the software on all devices, including IoT products, TVs, and toys.

      Review parental controls. There’s no way around it. Device use will likely skyrocket under your roof for a while. Kids will be online for school, as well as for fun. You may have turned on some filtering on some devices and some social networks, but it may be time to bring on an extra set of eyes and ears with comprehensive filtering software. With increased tech use, parental controls will help monitor your child’s digital activity. Too, with a new work-at-home lifestyle, the software (with time limits) can also make scheduling family breaks together much more manageable.

      Secure your home router. Your router is akin to your family’s front door, and now is a great time to change the locks (your passwords) on this critical entryway into your home. If you are reluctant to change your passwords or think its a hassle, consider the simplicity of a password manager. Using a password manager will make changing passwords easy to change and easy to keep track of, which can boost overall security. If you are working from home, make sure your home network aligns with your company’s security expectations. For specifics on business security, read this post on working securely from home.

      Introduce a VPN (Virtual Private Network). If you’ve toyed with the idea of a VPN but just haven’t made a move, now is a great time. While you may not venture into public spaces much at the present moment, a VPN will add a significant layer of security on your devices if you take a break and go to a public park or if your kids need to go online while at a friend’s. Explain VPN benefits to your kids and how to log on. It’s easy, it’s smart, and it’s secure.

      Securing your family bond

      Create a schedule that works for everyone. Your home network is likely working on overdrive by now. With the extra online schooling, devices, and video calls taking place, your bandwidth may start to lag. This is because residential internet doesn’t rival business internet. Discuss a schedule for online time and the challenge of accomplishing mutual deadlines each day. Respect and honor one another’s responsibilities. If you’ve never had the chance to talk about the specifics of your job and daily tasks, maybe this is your chance.

      Acknowledge the stress of uncertainty. There are feelings — lots of feelings — that accompany change, and everyone’s response to it will vary. Shifting into an abrupt, new routine may feel confusing and confining to a child of any age and cause anxiety and emotions to run high. Talk through these feelings together as often as needed. Acknowledge your child’s losses — connection with teachers, sports, friends, events — and offer empathy and support.

      Explore new possibilities — together. No doubt, considerable shifts in a family’s routine can be stressful. Even so, there’s opportunity woven throughout every challenge. With some extra time management, it’s possible to discover some hidden opportunities and adventures along the way. Hiking, canoeing, and exploring the outdoors could become a new love for your family. Watching movie classics together, learning a new skill online, building something, or tackling overdue projects together may open up a new, shared passion. Endless possibilities await.

      Balance work, health, and family. Nothing will undermine your efforts to work from home more than a skewed work-life balance or school-life (yes, kids can go overboard too)! A recent study shows that remote workers are more productive than office workers and spend more time at their desks. For balance, consider setting firm office/school hours (for both you and the kids), taking exercise breaks throughout the day, and getting an accountability partner to help you stay on track. And, don’t forget — lots of eyes are watching you always — so modeling work-life-and-technology balance for your kids is teaching them with the same value.

      It’s a new frontier parent, but with the right tools and the proper support around you, anything is possible. Stay healthy, stay happy, and stay secure in this new remote, family adventure.

      The post Honey, We’re Home! Securing Your Devices and Your Family Bond   appeared first on McAfee Blogs.

      WhatsApp Security Hacks: Are Your ‘Private’ Messages Really Ever Private?

      WhatsApp hacks

      WhatsApp one of the largest instant messengers and considered by many a social network of its own. So, in continuing our app safety discussion, we’re diving into some of the top security hacks and questions many WhatsApp app users and parents may have.

      But first, what’s a security hack? In short, it’s an attempt to exploit the weaknesses in an app, network, or digital service to gain unauthorized access, usually for some illicit purpose. Here are just some of the concerns WhatsApp users may have and some suggestions on boosting security.

      WhatsApp Hack FAQ

      Are WhatsApp conversations private?

      Yes — but there are exceptions. More than any other app, WhatsApp offers greater privacy thanks to end-to-end encryption that scrambles messages to ensure only you and the person you’re communicating with can read your messages or listen to your calls. Here’s the catch: WhatsApp messages (which include videos and photos) are vulnerable before they are encrypted and after they are decrypted if a hacker has managed to drop spyware on the phone. Spyware attacks on WhatsApp have already occurred. Safe Family Tip: No conversation shared between devices is ever 100% private. To increase your WhatsApp security, keep sensitive conversations and content offline, and keep your app updated. 

      Can anyone read my deleted WhatsApp messages?

      A WhatsApp user can access his or her own deleted messages via the chat backup function that automatically backs up all of your messages at 2 a.m. every day. WhatsApp users can delete a message by using the Delete for Everyone button within an hour after sending though it’s not foolproof. Here’s the catch: Anyone who receives the message before it’s deleted can take a screenshot of it. So, there’s no way to ensure regrettable content isn’t captured, archived, or shared. There are also third-party apps that will recall deleted messages shared by others. Another possibility is that a hacker can access old chats stored in an app user’s cloud. Safe Family Tip: Think carefully about sharing messages or content you may regret later.

      Can WhatsApp messages be deleted permanently?

      Even if a WhatsApp user decides to delete a message, it’s no guarantee of privacy since conversations are two-way, and the person on the receiving end may screenshot or save a copy of a chat, video, or photo. On the security side, you may delete a message and see it disappear, but WhatsApp still retains a “forensic trace of the chat” that can be used by hackers for mining data, according to reports. Safe Family Tip: For extra security, turn off backups in WhatsApp’s Settings.

      WhatsApp hacksHow can I secure my WhatsApp?

      It’s crucial when using WhatsApp (or any other app) to be aware of common scams, including malware, catfishing, job and money scams, spyware, and file jacking. To amplify security, turn on Security Notifications in Settings, which will send an alert if, for some reason, your security code changes. Other ways to boost security: Use two-step verification, never share your 6-digit SMS verification code, disable cloud back up, and set your profile to private. Safe Family Tip: Install comprehensive family security software and secure physical access to your phone or laptop with a facial, fingerprint, or a passcode ID. Don’t open (block, report) messages from strangers or spammers. Never share personal information with people you don’t know. 

      How do I delete my WhatsApp account from another phone?

      To delete a WhatsApp account go to > Settings > Account > Delete My Account. Deleting your account erases message history, removes you from groups, and deletes your backup data. According to WhatsApp, for users moving from one type of phone to another, such as from an iPhone to an Android, and keeping the same phone number, your account information stays intact, but you won’t be able to migrate messages across platforms. If you’re not keeping your number, you should delete WhatsApp from your old phone, download WhatsApp to your new phone, and verify your new phone number. Upgrading the same phone type will likely include options to migrate messages. Safe Family Tip: Before you give away or exchange an old phone, wipe it clean of all your data.

      How do you know your WhatsApp is scanned?

      WhatsApp users can easily sync devices by downloading the WhatsApp web app and activating it (Settings > WhatsApp Web/Desktop). Devices sync by scanning a QR code that appears on your laptop screen. You know your device is scanned when you see the green chat screen appear on your desktop. Safe Family Tip: It’s possible for a person with physical access to your desktop to scan your QR code and to gain account access. If you think someone has access to your account log out of all your active web sessions in WhatsApp on your mobile phone.

      How long are WhatsApp messages stored?

      According to WhatsApp, once a user’s messages are delivered, they are deleted from WhatsApp servers. This includes chats, photos, videos, voice messages, and files. Messages can still be stored on each individual’s device. Safe Family Tip: The moment you send any content online, it’s out of your control. The person or group on the receiving end can still store it on their device or to their cloud service. Never send risky content. 

      How secure is WhatsApp?

      There’s no doubt, end-to-end encryption makes it much more difficult for hackers to read WhatsApp messages. While WhatsApp is more secure than other messaging apps — but not 100% secure.

      Is it true that WhatsApp has been hacked?

      Yes. Several times and in various ways. No app, service, or network has proven to be unhackable. Safe Family Tip: Assume that any digital platform is vulnerable. Maximize privacy settings, never share risky content, financial information, or personal data.

      Is WhatsApp safe to send pictures?

      Encryption ensures that a transmission is secure, but that doesn’t mean WhatsApp content is safe or that human behavior is predictable. People (even trusted friends) can share private content. People can also illegally attempt to gain access to any content you’ve shared. This makes WhatsApp (along with other digital sharing channels) unsafe for exchanging sensitive information or photos. Safe Family Tip: Nothing on the internet is private. Never send or receive pictures that may jeopardize your privacy, reputation, or digital footprint.

      WhatsApp isn’t the only popular app with security loopholes hackers exploit. Every app or network connected to the internet is at risk for some type of cyberattack. We hope this post sparks family discussions that help your kids use this and other apps wisely and helps keep your family’s privacy and safety online top of mind.

      The post WhatsApp Security Hacks: Are Your ‘Private’ Messages Really Ever Private? appeared first on McAfee Blogs.

      Infographic: Cyber Attacks and Data Breaches of 2019

      Throughout 2019, we kept an eye on cyber attack and data breach reported in mainstream publications, releasing our findings in our monthly blog series. 

      This allowed us to see how many security incidents were occurring, how many records were involved and which industries were worst affected. 

      Did you know, for example, that July was the worst month of the year in terms of breached records? Or that the leading cause of data breaches was internal error? 

      With 2019 in the books, we’ve summarised these and other facts in an infographic. 

      data breach and cyber attacks 2019
      Download the full infographic >>

      The post Infographic: Cyber Attacks and Data Breaches of 2019 appeared first on IT Governance UK Blog.

      TikTok Challenge, Hoop App, and Other Headlines You May Have Missed

      TikTok Challenge

      Digital news that affects families seems to be dominating the headlines these days. To keep parents in the know, here are some of the stories you may want to give extra family discussion time to this week.

      Skull Breaker Challenge Proving Unfunny 

      Apps — video apps especially — can help kids tap into their creativity and give kids a critical way to connect. Where the fun can take a dangerous turn is in the way kids choose to use their technology. In this case, the poor choice is in the Skull Breaker Challenge (also called the Trip Jump Challenge), a prank resulting in some kids being hospitalized.

      The prank, designed to get laughs and accumulate TikTok views, includes two kids tricking a third friend into making a dance video together. Three kids line up side by side for a planned group dance that will be videotaped and posted. As everyone jumps as planned, the two kids on either side swipe the legs out from under the middle person causing him or her to fall backward. According to reports, the prank is surfacing mainly on TikTok but also Youtube.

      Safe Family Tip: Consider talking to your child about the dangers of online challenges and the risks already reported in the news. 1) Discuss the physical dangers doctors are warning the public about, including neck strain, concussion, skull fracture, long-term complications, or even death. 2) Using current news stories, explain personal responsibility and what can happen legally if your child hurts another person during a prank.

      Snapchat’s Hoop App Being Called ‘Tinder for Teens’

      Snapchat users (over 2.5 million in fact) are flocking to a new Tinder-like app called Hoop that interfaces with Snapchat. The developer app allows other Hoop users to swipe through other Hoop users and request to connect via their Snapchat profile name.

      While the app asks a user’s age, much like other social sites, there’s no way to prove a user’s age. And, users can change their age at any time after creating an account. This type of app format can be tempting for kids who are naturally curious and seeking to meet new friends outside of their familiar social circle. There’s a potential for common issues such as catfishing, predator behavior, and inappropriate content. Kids as young as 12 can form connections with strangers. While their profile may be harmless, they can’t control the type of content that pops up on their screen from other users. Another red flag: Hoop users are rewarded with “diamonds” for sharing their Snapchat name and getting others to join Hoop, so the incentive to daily share and connect with a wide circle outside of one’s known friend group may prove tough for some kids to resist.TikTok Challenge

      Safe Family Tip: While it’s challenging to stay on top of the constant array of new apps, it’s not impossible. One way to understand where your child spends his or her time online is with comprehensive monitoring software. Another way of monitoring activity is to physically check your child’s phone once a week for new app icons (see right) and take the time to talk about his or her favorite apps. Consider explaining the dangers of connecting with strangers and the real possibility that a new “cute 16-year-old” may be a predator attempting to win your child’s trust (it happens every day). Review and agree on which apps are considered safe and the expectations you have for your family’s online choices.

      Another app to keep on your radar is Wink. Nearly identical to Hoop, Wink interfaces with Snapchat and is being promoted as a “new friend finder.” It has a similar “swipe” feature that connects kids to random Wink users and is currently ranked #15 in the app store.

      Should phones be banned from schools?

      A conversation gaining a quiet but consistent buzz is the merit of prohibiting phones from schools — a law France has enforced for two years that has parents, educators, and legislators talking. Several recent studies reveal that phone bans can lead to higher test scores, higher test grades and attention spans, and increased cognitive capacity. Some schools in the U.S. have independently taken steps to curb and ban phones in hopes of focusing on distracted students.

      Proponents of phones in school say a ban would be impossible to enforce and that technology is needed to help parents stay in touch with kids during the school day, especially for emergencies. Others say phones at school are a critical part of learning and raising self-sufficient, tech-savvy students prepared for a digital workforce.

      Safe Family Tip: Begin the discussion with your child about the pros and cons of devices at school. Listen closely to his or her perspective. Discuss potential device-related issues that can be amplified during the school day such as cyberbullying, group chat conflicts, sexting, gaming during class, and using devices to cheat. Review expectations such as using phones only before and after school to connect with parents.

      Stay tuned in the weeks to come as we take a closer look at other apps such as TikTok and WhatsApp Messenger that — when used unwisely — can lead to some surprising risks for kids. Until then, keep the digital safety conversation humming in your home. You’ve got this, parents!

      The post TikTok Challenge, Hoop App, and Other Headlines You May Have Missed appeared first on McAfee Blogs.

      Security Lessons From 2019’s Biggest Data Breaches

      2019 already feels like it’s worlds away, but the data breaches many consumers faced last year are likely to have lasting effects. As we look back on 2019, it’s important to reflect on how our online security has been affected by various threats. With that said, let’s take a look at the biggest breaches of the year and how they’ve affected users everywhere.

      Capital One breach

      In late July, approximately 100 million Capital One users in the U.S. and 6 million in Canada were affected by a breach exposing about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and more. As one of the 10 largest banks based on U.S. deposits, the financial organization was certainly poised as an ideal target for a hacker to carry out a large-scale attack. The alleged hacker claimed that the data was obtained through a firewall misconfiguration, allowing for command execution with a server that granted access to data in Capital One’s storage space.

      Facebook breach

      In early September, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts. The exposed server was left without password protection, so anyone with internet access could find the database. The breached records contained a user’s unique Facebook ID and the phone number associated with the account. In some instances, the records also revealed the user’s name, gender, and location by country.

      Collection #1 breach

      Last January, we met Collection #1, a monster data set that exposed 772,904,991 unique email addresses and over 21 million unique passwords. Security researcher Troy Hunt first discovered this data set on the popular cloud service MEGA, specifically uncovering a folder holding over 12,000 files. Due to the sheer volume of the breach, the data was likely comprised of multiple breaches. When the storage site was taken down, the folder was then transferred to a public hacking site, available for anyone to take for free. breach

      Less than two months after Collection #1, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm This company provides a service for email marketing firms to outsource the extensive work involved with validating mass amounts of emails. This service also helps email marketing firms avoid the risk of having their infrastructure blacklisted by spam filters. Therefore, was entrusted with a lot of data, creating an information-heavy database complete with names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, and more.

      Orvibo breach

      In mid-June, Orvibo, a smart home platform designed to help users manage their smart appliances, left an Elasticsearch server (a highly scalable search and analytics engine that allows users to store, search, and analyze big volumes of data in real-time) online without password protection. The exposure left at least two billion log entries each containing customer data open to the public. This data included customer email addresses, the IP address of the smart home devices, Orvibo usernames, and hashed passwords, or, unreadable strings of characters that are designed to be impossible to convert back into the original password.

      What Users Can Learn From Data Breaches

      Data breaches serve as a reminder that users and companies alike should do everything in their power to keep personal information protected. As technology continues to become more advanced, online threats will also evolve to become more sophisticated. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of massive data leaks. If you think you might have been affected by a data breach or want to take the necessary precautions to safeguard your information, follow these tips to help you stay secure:

      • Research before you buy.Although you might be eager to get the latest new device, some are made more secure than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks these features, consider upgrading.
      • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
      • Use strong, unique passwords. Make sure to use complex passwords for each of your accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords consistently to further protect your data.
      • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
      • Use a comprehensive security solution. Use a solution like McAfee Total Protection to help safeguard your devices and data from known vulnerabilities and emerging threats.

      Stay Up to Date

      To stay on top of McAfee news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

      The post Security Lessons From 2019’s Biggest Data Breaches appeared first on McAfee Blogs.

      Cyber Security Roundup for January 2020

      A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, December 2019.

      Happy New Year!  The final month of the decade was a pretty quiet one as major security news and data breaches go, given cybers attack have become the norm in the past decade. The biggest UK media security story was saved for the very end of 2019, with the freshly elected UK government apologising after it had accidentally published online the addresses of the 1,097 New Year Honour recipients.  Among the addresses posted were those of Sir Elton John, cricketer and BBC 'Sports Personality of the Year' Ben Stokes, former Conservative Party leader Iain Duncan Smith, 'Great British Bakeoff Winner' Nadiya Hussain, and former Ofcom boss Sharon White. The Cabinet Office said it was "looking into how this happened", probably come down to a 'user error' in my view.

      An investigation by The Times found Hedge funds had been eavesdropping on the Bank of England’s press conferences before their official broadcast after its internal systems were compromised. Hedge funds were said to have gained a significant advantage over rivals by purchasing access to an audio feed of Bank of England news conferences. The Bank said it was "wholly unacceptable" and it was investigating further. The Times claimed those paying for the audio feed, via the third party, would receive details of the Bank's news conferences up to eight seconds before those using the television feed - potentially making them money. It is alleged the supplier charged each client a subscription fee and up to £5,000 per use. The system, which had been misused by the supplier since earlier this year, was installed in case the Bloomberg-managed television feed failed.

      A video showing a hacker talking to a young girl in her bedroom via her family's Ring camera was shared on social media. The hacker tells the young girl: "It's Santa. It's your best friend." The Motherboard website reported hackers were offering software making it easier to break into such devices. Ring owner Amazon said the incident was not related to a security breach, but compromised was due to password stuffing, stating "Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services."

      Ransomware continues to plague multiple industries and it has throughout 2019, even security companies aren't immune, with Spanish security company Prosegur reported to have been taken down by the Ryuk ransomware.

      Finally, a Microsoft Security Intelligence Report concluded what all security professionals know well, is that implementing Multi-Factor Authenication (MFA) would have thwarted the vast majority of identity attacks. The Microsoft study found reusing passwords across multiple account-based services is still common, of nearly 30 million users and their passwords, password reuse and modifications were common for 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses. This behaviour puts users at risk of being victims of a breach replay attack. Once a threat actor gets hold of spilled credentials or credentials in the wild, they can try to execute a breach replay attack. In this attack, the actor tries out the same credentials on different service accounts to see if there is a match.


      Lessons Learned: A Decade of Digital Parenting

      digital parenting

      Give yourself a high-five, parents. Pour yourself a cup of coffee or your favorite celebratory drink and sip it slow — real slow. Savor the wins. Let go of the misses. Appreciate the lessons learned. You’ve come a long way in the last decade of raising digital kids, and not all of it has been easy.

      As we head into 2020, we’re tossing parenting resolutions (hey, it’s a victory to make it through a week let alone a year!). Instead, we’re looking back over the digital terrain we’ve traveled together and lessons learned. Need a refresher? Here’s a glimpse of how technology has impacted the family over the past decade.

      In the last decade

      • Smartphone, social, gaming growth. Social media and gaming platforms have exploded to usage and influence levels no one could have imagined. Smartphone ownership has increased and as of 2019: 81% of adults own a smartphone and 72% use social media, 53% of kids own a smartphone by the age of 11, and 84 % of teenagers have phones.

      • Video platform growth. Video platforms like YouTube have become the go-to for teens and tweens who spend nearly three hours a day watching videos online.

      • Streaming news. Smartphones have made it possible for all of us to carry (and stream) the world in our pockets. In 2018, for the first time, social media sites surpassed print newspapers as a news source for Americans.

      • Dating apps dominate. We’re hooking up, dating, and marrying using apps. A Stanford study found that “heterosexual couples are more likely to meet a romantic partner online than through personal contacts and connections.”

      • The rise of the Influencer. Internet influencers and celebrities have reached epic levels of fame, wealth, and reach, creating an entire industry of vloggers, gamers, micro and niche-influencers, and others who have become “instafamous.”

      • Lexicon changes. Every day, technology is adding terms to our lexicon that didn’t exist a decade ago such as selfie, OMG, streaming, bae, fake news, the cloud, wearables, finsta, influencers, emojis, tracking apps, catfish, digital shaming, screen time, cryptojacking, FOMO, and hashtag, along with hundreds of others.

      What we’ve learned (often the hard way)

      Most people, if polled, would say technology has improved daily life in incalculable ways. But ask a parent of a child between five and 18 the same question, and the response may not be as enthusiastic. Here are some lessons we’ve learned the hard way.

      Connection brings risk. We’ve learned that with unprecedented connection comes equally unprecedented risk. Everyday devices plug our kids directly into the potential for cyberbullying, sexting, inappropriate content, and mental health issues.  Over the past decade, parents, schools, and leaders have worked to address these risks head-on but we have a long way to go in changing the online space into an emotionally safe and healthy place.

      Tech addiction isn’t a myth.  To curb the negative impact of increased tech use, we’ve learned ways to balance and limit screen time, unplug, and digitally detox. Most importantly, it’s been confirmed that technology addiction is a medical condition that’s impacting people and families in very painful ways.

      The internet remembers. We’ve witnessed the very public consequences of bad digital choices. Kids and adults have wrecked scholarships, reputations, and careers due to careless words or content shared online. Because of these cases, we’re learning — though never fast enough — to think twice about the behaviors and words we share.

      We’re equipping vs. protecting. We’ve gone from monitoring our kids aggressively and freaking out over headlines to realizing that we can’t put the internet in a bottle and follow our kids 24/7. We’ve learned that relevant, consistent conversation, adding an extra layer of protection with security software, and taking the time to understand (not just monitor) the ways our kids use new apps, is the best way to equip them for digital life.

      The parent-child relationship is #1. When it comes to raising savvy digital kids and keeping them safe, there’s not a monitoring plan in existence that rivals a strong parent-child relationship. If you’ve earned your child’s heart, mind, and respect, you have his or her attention and can equip them daily to make wise choices online.

      The dark web is . . . unimaginably dark. The underbelly of the internet — the encrypted, anonymous terrain known as the Dark Web — has moved from covert to mainstream exposure. We’ve learned the hard way the degree of sophistication with which criminals engage in pornography, human trafficking, drug and weapon sales, and stolen data. With more knowledge, the public is taking more precautions especially when it comes to malware, phishing scams, and virus attacks launched through popular public channels.

      There’s a lot of good going on. As much negative as we’ve seen and experienced online over the past decade, we’ve also learned that its power can be used equally to amplify the best of humanity. Social media has sparked social movements, helped first responders and brought strangers together in times of tragedy like no other medium in history.

      Privacy is (finally) king. Ten years ago, we clicked on every link that came our way and wanted to share every juicy detail about our personal lives. We became publishers and public figures overnight and readily gave away priceless chunks of our privacy. The evolution and onslaught of data breaches, data mining, and malicious scams have educated us to safeguard our data and privacy like gold.

      We’ve become content curators. The onslaught of fake news, photo apps, and filter bubbles have left our heads spinning and our allegiances confused. In the process, we’ve learned to be more discerning with the content we consume and share. While we’re not there yet, our collective digital literacy is improving as our understanding of various types of content grows.

      Parents have become digital ninjas. The parenting tasks of monitoring, tracking, and keeping up with kids online have gone from daunting to doable for most parents. With the emotional issues now connected to social media, most parents don’t have the option of sitting on the sidelines and have learned to track their kids better than the FBI.

      This is us

      We’ve learned that for better or worse, this wired life is us. There’s no going back. Where once there may have been doubt a decade ago, today it’s clear we’re connected forever. The internet has become so deep-seated in our culture and homes that unplugging completely for most of us is no longer an option without severe financial (and emotional) consequences. The task ahead for this new decade? To continue working together to diminish the ugly side of technology — the bullying, the cruelty, the crime — and make the internet a safe, fun experience for everyone.

      The post Lessons Learned: A Decade of Digital Parenting appeared first on McAfee Blogs.

      How the Cyber Grinch Stole Christmas: Managing Retailer Supply Chain Cyber Risk

      Cyber threats are always a prominent risk to businesses, especially those operating with high quantities of customer information in the retail space, with over 50% of global retailers were breached last year.  BitSight VP, Jake Olcott, has written guidance for retailers, on how to manage their supply-chain cyber risk to help prevent the 'Cyber Grinch' from not just stealing Christmas, but throughout the year, with four simple steps.

      Cyber risk in retail is not a new concept. Retail is one of the most targeted industries when it comes to cyber-attacks. In fact, over 50% of global retailers were breached in the last year. Given the sensitive customer data these organizations often possess — like credit card information and personally identifiable information (PII) – it’s not surprising that attackers have been capitalizing on the industry for decades.

      The Christmas shopping season can increase retailers’ cyber risk, with bad actors looking to take advantage of the massive surge of in-store and online shoppers that comes with it. What is important for retailers to keep in mind is that it’s not only their own network they have to worry about when it comes to mitigating cyber risk, but their entire supply chain ecosystem – from shipping distributors and production partners to point-of-sale technologies and beyond.

      Take for example the infamous 2017 NotPetya attack that targeted large electric utilities, but actually ended up stalling operations for many retailers as a result. This nation-state attack had a snowball effect, wreaking havoc on shipping companies like FedEx and Maersk who are responsible for delivering many retail orders. FedEx operations were reduced to manual processes for pick-up, sort and delivery, and Maersk saw infections in part of its corporate network that paralyzed some systems in its container business and prevented retail customers from booking ships and receiving quotes.

      For retailers, a cyber disruption in the supply chain can fundamentally disrupt operations, causing catastrophic harm to brand reputation, financial performance and regulatory repercussions – and the stakes are even higher during the make-or-break holiday sales period.

      Here are some important steps they can take now to mitigate supply chain cyber risk this holiday season and beyond.
      Step 1: Inventory your Supply Chain
      A business today relies on an average of 89 vendors a week that have access to their network in order to perform various crucial business. As outsourcing and cloud adoption continue to rise across retail organizations, it is critical that they keep an up-to-date catalogue of every third party and service provider in the digital (or brick-and-mortar) supply chain and their network access points. These supply chain ecosystems can be massive, but previous examples have taught us that security issues impacting any individual organization can potentially disrupt the broader system.

      An inventory of vendors and the systems they have access to allows security teams to keep track of all possible paths a cybercriminal may exploit and can help them better identify vulnerabilities and improve response time in the event of an incident.

      Step 2: Take control of your Third-Party Accounts
      Once you have a firm grasp of the supply chain, a critical focus should be to identify and manage any network accounts held by these organizations. While some suppliers may need access to complete their daily tasks, this shouldn’t mean handing them a full set of keys to the kingdom on their terms.

      Retailers should ensure each vendor has an email account and credentials affiliated and managed by the retailer – not by the supplier organization and certainly not the user themselves. By taking this step, the retailer can ensure they are the first point of notification if and when an incident occurs and are in full control over the remediation process.

      Step 3: Assess your Suppliers’ Security Posture
      Retail security teams often conduct regular internal audits to evaluate their own security posture but fail to do so effectively when it comes to their supply chain relationships.

      While a supplier’s security posture doesn’t necessarily indicate that their products and services contain security flaws, in the cyber world, where there’s smoke, there’s eventually fire. Poor security performance can be indicative of bad habits that could lead to increased vulnerability and risk exposure.

      Having clear visibility into supplier security performance can help retailers quickly pinpoint security vulnerabilities and cyber incidents, while significantly speeding up communication and action to address the security concern at hand.

      Step 4: Continuously Monitor for Changes
      Third-party security performance assessment should not be treated as a one-and-done item on the supply chain management checklist.

      The cyber threat landscape is volatile and ever-evolving, with new vulnerabilities and attack vectors cropping up virtually every day. That means retailers need solutions and strategies in place that provide a real-time, continuous and measurable pulse check of supplier security posture to ensure they are on top of potential threats before they impact the business and its customers.

      Just as retailers track billions of packages and shipments in real-time to ensure there are no mistakes or bumps in the road, their vendor risk management program should be treated with the same due care.

      This holiday season and beyond, it is critical that retailers invest in supply chain security management to reduce the risk of data breaches, slowdowns, and outages – and the costs and reputational damage that come along with them. After all, retailers are only as secure as their weakest third-party.

      Cyber Security Roundup for November 2019

      In recent years political motivated cyber-attacks during elections has become an expected norm, so it was no real surprise when the Labour Party reported it was hit with two DDoS cyber-attacks in the run up to the UK general election, which was well publicised by the media. However, what wasn't well publicised was both the Conservative Party and Liberal Democrats Party were also hit with cyber attacks. These weren't nation-state orchestrated cyberattacks either, black hat hacking group Lizard Squad, well known for their high profile DDoS attacks, are believed to be the culprits.

      The launch of Disney Plus didn’t go exactly to plan, without hours of the streaming service going live, compromised Disney Plus user accounts credentials were being sold on the black market for as little as £2.30 a pop. Disney suggested hackers had obtained customer credentials from previously leaked identical credentials, as used by their customers on other compromised or insecure websites, and from keylogging malware. It's worth noting Disney Plus doesn’t use Multi-Factor Authentication (MFA), implementing MFA to protect their customer's accounts would have prevented the vast majority of Disney Plus account compromises in my view.

      Trend Micro reported an insider stolen around 100,000 customer accounts details, with the data used by cyber con artists to make convincing scam phone calls impersonating their company to a number of their customers. In a statement, Trend Micro said it determined the attack was an inside job, an employee used fraudulent methods to access its customer support databases, retrieved the data and then sold it on. “Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said. The employee behind it was identified and fired, Trend Micro said it is working with law enforcement in an on-going investigation.

      Security researchers found 4 billion records from 1.2 billion people on an unsecured Elasticsearch server. The personal information includes names, home and mobile phone numbers and email addresses and what may be information scraped from LinkedIn, Facebook and other social media sources.

      T-Mobile reported a data breach of some their prepaid account customers. A T-Mobile spokesman said “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities”.

      A French hospital was hit hard by a ransomware attack which has caused "very long delays in care". According to a spokesman, medical staff at Rouen University Hospital Centre (CHU) abandon PCs as ransomware had made them unusable, instead, staff returned to the "old-fashioned method of paper and pencil". No details about the strain of the ransomware have been released.

      Microsoft released patches for 74 vulnerabilities in November, including 13 which are rated as critical. One of which was for a vulnerability with Internet Explorer (CVE-2019-1429), an ActiveX vulnerability known to be actively exploited by visiting malicious websites.

      It was a busy month for blog articles and threat intelligence news, all are linked below.