• #DataPrivacyDay: Leaks and Breaches Soared 93% in 2020Breaches and leaks of sensitive information from organizations doubled last year, even as consumer concerns over data privacy surged, according to two new reports published on Data Protection Day.January 28 marks the signing in 1981 of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Also known as Data Privacy Day in North America, it is now an awareness raising event aimed at organizati

  • #RSAC365: #COVID19 Fundamentally Altered Global Attack Surface

    #RSAC365: #COVID19 Fundamentally Altered Global Attack SurfaceSpeaking at the RSAC 365 Virtual Summit Jason Rivera, director, Strategic Threat Advisory Group at CrowdStrike, explored how the COVID-19 health crisis has fundamentally altered the attack surface for organizations across the world.“We had to use the internet so much more than we ever have in the past. If we use the internet more, then we have a larger, more complex attack surface. That in turn allows adversaries opportunities t

  • Emotet Disrupted Through Global ActionInfamous botnet Emotet has been brought down by an international law enforcement operation.Earlier today, Europol announced that Emotet’s infrastructure had been taken over by investigators in a coordinated action by authorities in Canada, France, Germany, Lithuania, the Netherlands, the United Kingdom, the United States, and Ukraine, with international activity coordinated by Europol and Eurojust.First discovered as a banking trojan in 2014, the m

  • #RSAC365: Will Recent Treasury Guidance Reduce Ransomware Payments in the US?The ways organizations should react following a ransomware attack were discussed during a session at the RSAC 365 Virtual Summit.This topic was highlighted in context of an advisory issued in October 2020 by the US Department of the Treasury concerning the payment of ransomware. Adam Hickey, deputy assistant attorney general, National Security Division, Department of Justice, explained that “essentially it re

  • UK Insurers Defend Covering Ransomware Payments Insurance providers in the United Kingdom have defended the inclusion of ransomware payments in first-party cyber-insurance policies.Cyber-risk insurance covers the cost of restoring loss to business income or reputation caused by damage to computers and computer networks.The Association of British Insurers (ABI) said that while insurance was “not an alternative” to taking appropriate action to minimize risk, firms could suffer financial ruin witho

  • Grindr Faces $11.7m Data Privacy FineThe world’s largest social networking and dating app for gay, bisexual, trans, and queer people is facing a hefty fine in Norway over an alleged breach of data privacy. On Tuesday, Norway’s Data Protection Authority (NDPA) announced its intention to fine Grindr 100 million Norwegian crowns ($11.7m) for illegally disclosing user data to advertising firms.The American company, which launched back in 2009, said that the allegations

  • Global Public-Private Partnerships Key to Fighting Cybercrime The importance of public-private engagement on a global scale in combatting cybercrime was discussed during a virtual Microsoft security briefing.Opening the discussion, Amy Hogan-Burney, general manager, digital crimes unit at Microsoft, highlighted how the cyber-threat landscape has evolved since the start of the COVID-19 pandemic. While the tactics used by cyber-criminals have not altered significantly as they were alread

  • Growing Digital Adoption Providing Extra Opportunities for Cyber-CriminalsIncreased digital adoption since the start of COVID-19 is leaving consumers more vulnerable to cyber-attacks, according to McAfee’s 2021 Consumer Security Mindset Report.The analysis found that Brits across all age groups have embraced new digital solutions amid ongoing social distancing restrictions. Nearly three-quarters purchased at least one connected device in 2020 and one in five brought at least three. However

  • More Security Vendors Admit to SolarWinds AttacksSeveral more cybersecurity vendors have revealed that they were attacked by the same threat actors that compromised SolarWinds, although there appears to have been minimal if any impact on customers.Mimecast revealed a couple of weeks ago that a “sophisticated threat actor” obtained one of its certificates used to authenticate Mimecast products to Microsoft 365 (M365) Exchange Web Services, in a bid to compromise customers’ M365

  • Manufacturing Giant Suffers Major Cyber-Disruption

    Manufacturing Giant Suffers Major Cyber-DisruptionA leading global manufacturer of cranes has been hit by what appears to be a ransomware attack disrupting IT operations around the world.Headquartered in Austria, Palfinger Group is renowned for producing hydraulic lifting and loading systems and runs scores of companies in over 30 countries.The firm issued a brief statement on Monday revealing it is the target of an ongoing global cyber-attack.“IT infrastructure is disrupted at the moment

  • UK Spies Called on to Help in Fraud FightFraud has become a serious threat to the UK’s national security, according to a think tank report calling for a major new government-led approach to tackle the issue.The report from the highly respected Royal United Services Institute (RUSI) argued that, while fraud has received more airtime from media and lawmakers lately, there needs to be a “major systemic shift” in government strategy.That’s because fraud is increasingly a thre

  • DDoS Attacks Surge in 2020 Due to #COVID19Distributed denial-of-service (DDoS) attacks rose substantially last year following the digital shift brought about by COVID-19, according to figures released by NETSCOUT.The cybersecurity company’s ATLAS Security Engineering and Response Team (ASERT) revealed it observed over 10 million attacks of this nature in 2020, which is around 1.6 million higher than in 2019.While acknowledging that it is normal for DDoS attacks to increase, the rate of gro

  • Syntax Releases First IT Trends ReportMulti-cloud and multi-ERP managed cloud services provider Syntax released its first ever “IT Trends Report” today.The report is based on an October 2020 survey of 500 IT leaders and decision makers in the US who were asked to describe how the COVID-19 pandemic had impacted their businesses and to share the strategic decisions they plan to make in 2021.The majority of those with in-house security teams (83%) said that they are considering

  • Hacker Admits Targeting Major US Websites

    Hacker Admits Targeting Major US WebsitesA hacker who became the first ever Cypriot national to be extradited to the United States has pleaded guilty to extorting major American website operators with stolen user data. Joshua Polloso Epifaniou was a teenager when he started hacking into websites, stealing information, and threatening to release it if he didn’t receive a ransom. The 21-year-old resident of Nicosia, Cyprus, was arrested by Cypriot authorities in February 2018.

  • Twitter Asks Users to Police Misinformation Social media giant Twitter has launched a new pilot scheme in the United States to tackle the spread of misinformation.Under the new Birdwatch scheme, users are invited to identify information in other people’s tweets they think is misleading and write notes that “provide informative context.”Twitter said it believes that a community-driven approach in which users monitor each other and provide a free fact-checking service will allow more con

  • Skilled Commonwealth migrants still facing 'unlawful' deportation

    More than 70 people refused right to remain despite 2019 ruling that Home Office misused Immigration Act, report findsDozens of highly skilled migrants from Commonwealth countries are still facing deportation almost two years after the court of appeal ruled the Home Office was acting unlawfully in refusing them leave to remain, according to a new report.In 2018, MPs and immigration experts criticised the use of the controversial section 322(5) of the Immigration Act, which was designed in part t

  • Dr Gary McGraw Appointed to IriusRisk Threat Modeling Technical Advisory Board

    Dr Gary McGraw Appointed to IriusRisk Threat Modeling Technical Advisory BoardApplication security threat modeling solutions provider IriusRisk has announced the appointment of Dr Gary McGraw to its threat modeling technical advisory board.Dr McGraw – who has a PhD in computer science and cognitive science – joins existing advisor Adam Shostack and will assist in the strategic direction and development of the AppSec firm. The board’s aim is to accelerate IriusRisk’s effor

  • Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security

    Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless SecurityCredit card firm Mastercard has unveiled new quantum-resistant standards that are designed to enhance the security and privacy of contactless payments.As a result of the move, Mastercard will become the first payments network to bring quantum-era security and privacy to contactless payments. The Enhanced Contactless (Ecos) specifications have been introduced following a surge in contactless payments over the past year,

  • TikTok Bug Gave Access to Contacts’ Profile Details Researchers have discovered a vulnerability in TikTok which could have allowed attackers to harvest users’ phone numbers and personal profile details.Check Point revealed today that the flaw, which has now been fixed by the popular social network, was found in the app’s “Find Friends” feature.The problem stems from the fact that TikTok allows users to sync their phone contacts with the app, thus connecting user pro

  • Cook County Leaks 320,000 Court Records Over 320,000 court records belonging to the second most populous county in the US have been discovered sitting on a misconfigured online database.Security researcher Jeremiah Fowler and a team from Website Planet soon found that the data was all from Cook County, Illinois, which is home to America’s third-largest city, Chicago.“There have been several high -profile data exposures of private companies that affected Cook County residents in the p

  • Misconfigured Cloud Server Exposes 66,000 GamersTens of thousands of users have had their personal details exposed after a popular online gaming site misconfigured the Elasticsearch server they were sitting on.A research team at WizCase found the wide-open server, with zero encryption and no password protection, through a simple search. It was traced back to VIPGames.com, a popular free-to-play card and board game platform with 100,000 Google Play downloads and roughly 20,000 active daily player

  • Mr. Double Website Operator Convicted A man from Texas has been convicted of operating a website dedicated to publishing stories detailing the sexual abuse of children.Brewster County resident Thomas Alan Arthur was convicted by a federal jury on January 21 following a trial that lasted three days. According to trial evidence, the 64-year-old started operating a website called Mr. Double in 1996. The website was devoted to publishing writings that described the sexual abuse of chi

  • San Francisco Law Firm Investigating PupBox Data BreachA San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company.The breach, which occurred over a six-month period last year, resulted in the exposure of the payment card information of tens of thousands of customers of PupBox, Inc.PupBox, which appeared on the entrepreneurial-themed reality TV show Shark Tank, sells customized puppy subscription boxes contai

  • Deloitte Acquires Root9B

    Deloitte Acquires Root9BProfessional services network Deloitte & Touche LLP today announced its acquisition of substantially all the assets of cybersecurity company Root9B, LLC (R9B).Founded in 2011 as a cybersecurity training company with a vision of delivering military-grade technology to the private sector, Root9B provides advanced cyber-threat-hunting services and solutions. The company also offers defense forensics and incident response, tech-enabled vulnerability as

  • US says support for Taiwan ‘rock-solid’ as Chinese jets buzz island

    DefenceTalkDefenceTalk The United States’ commitment to Taiwan is “rock-solid”, the State Department said late Saturday, as it warned that China’s “attempts to…

  • Russian Government Agency Warns Firms of US AttackThe Russian government has issued cybersecurity guidance to businesses in the country after claiming they are at risk of US reprisals for the recent SolarWinds attacks.The alert came late last week from the National Coordination Center for Computer Incidents (NKTsKI), an agency created in 2018 by KGB successor the Federal Security Service (FSB).It claimed the Biden administration had threatened to carry out retaliatory attacks on Russian critical

  • Intel: Earnings Leak Down to Internal Error

    Intel: Earnings Leak Down to Internal ErrorIntel was forced to issue its financial results earlier than expected last week after an internal error made public some of the information before it was due to be released, the firm has confirmed.Originally, Intel CFO, George Davis claimed a “hacker” had got hold of an infographic detailing the earnings, which was waiting to be published on the firm’s PR Newsroom site.An Intel spokesperson told the Financial Times at the time: &l

  • SonicWall Probes Attack Using Zero-Days in Own Products

    SonicWall Probes Attack Using Zero-Days in Own Products Security vendor SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products.An initial post on the vendor’s knowledgebase pages on Friday claimed that the NetExtender VPN client version 10.x and the SMB-focused SMA 100 series were at risk.However, an update over the weekend clarified that impacted products were confined to its Secure Mobile Access (SMA) version 10

  • Terrorism watchdog to open inquiry into radicalisation in prison

    Prison officers have suffered a ‘steady drumbeat’ of attacks by terrorists, says Jonathan Hall QCAn inquiry into the way prisons deal with convicted terrorists is being launched by the independent terror watchdog amid concerns of growing radicalisation behind bars.Jonathan Hall QC said there had been a succession of terror attacks on prison officers while other inmates were coming under the influence of “high status” terrorist prisoners. Continue reading…

  • New Cyber-attack Advice for European Hospitals

    New Cyber-attack Advice for European Hospitals
    The European Data Protection Board has issued new advice to hospitals regarding what action to take in the event of a cyber-attack.Currently released in draft form, the new set of recommendations urges healthcare providers hit with ransomware to report the attack even if no patient data is accessed or exfiltrated. The guidelines state: “The internal documentation of a breach is an obligation independent of the risks pertaining to the

  • Source link

    Is your business effected by Cyber Crime?

    If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

    Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

    Europe +31558448040
    UK +44 20 8089 9944
    ASIA +85239733884