• Indonesia Denies #COVID19 Test Data BreachAn alleged breach of COVID-19 test result data is being investigated by authorities in Indonesia.Concerns over a possible breach were raised after a hacker tried to sell what they claimed was the personal information of hundreds of thousands of people who had been tested for the novel coronavirus in Indonesia on an online forum.Posting on the database sharing and marketplace forum RaidForums on June 18, the alleged hacker claimed to have exfilt




  • Theresa Villiers denies being sacked from intelligence committee

    MP rejects claims she has been ousted for disloyalty and says PM appointed her just days agoThe former cabinet minister Theresa Villiers has denied being sacked from the intelligence and security committee, claiming she was personally appointed by Boris Johnson just days ago.The former environment secretary said she was initially under pressure from party whips over her voting record, having most recently voted to ban the import of chlorinated chicken into the UK in a post-Brexit trade deal. Con

  • Stalker Online Breach: 1.3 Million User Records StolenSecurity researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums.Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews.The firm explained that the passwords were stored only in MD5, which is one of the less secure encryption algorithms around.Two databases were found on underground

  • Online Fraudsters Steal £17m Over #COVID19 LockdownNearly £17m has been lost to online fraud over the COVID-19 lockdown period with younger shoppers most affected, according to Action Fraud.The UK’s National Fraud and Cybercrime Reporting Center claimed that online scams had snared 16,352 victims with online shopping and auction fraud since bricks and mortar stores were ordered to close on March 23.That amounts to around £16.6m in losses, with the larg




  • North Korean #COVID19 Phishing Campaign Targets Six CountriesSecurity researchers are warning of a multi-country North Korean phishing campaign designed to capitalize on government COVID-19 bail-out measures.The operation is being undertaken by Pyongyang’s notorious Lazarus Group, and is “designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” according to Cyfirma.The Goldman Sachs-backed cy

  • FEMA Employee Indicted for Hacking Medical Center A man from Michigan has been charged with hacking into a medical center’s database and stealing the personal information of 65,000 employees.Federal prosecutors unsealed a 43-count indictment yesterday accusing Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson of illegally accessing data held by the University of Pittsburgh Medical Center (UPMC). Johnson allegedly hacked into the center’s Oracle PeopleSoft database

  • Video Game Creator Battles Racist Bots A PC gaming service is taking action to eradicate a growing number of racist bots from one of its leading shoot-em-up titles.Valve said it has introduced new anti-spam measures to the game Team Fortress 2 in an attempt to “mitigate the use of new and free accounts for abusive purposes.”Earlier this month, Kotaku reported that offensive bots were “running rampant” in TF2, overwhelming chats “with everything from annoying troll-speak to full-on raci

  • US Deports NeverQuest Cyber-ThiefThe United States has deported a convicted cyber-criminal and malware creator back to his native Russia. Computer programmer Stanislav Vitaliyevich Lisov was arrested by Spanish authorities at Barcelona–El Prat Airport on January 13, 2017, at the request of the FBI, then extradited to the United States on January 19, 2018. Lisov is the creator of banking Trojan NeverQuest and part of a criminal enterprise that used the malware in attempts to steal




  • Facebook Pulls Trump Campaign Ad Featuring Nazi SymbolFacebook has removed advertising for Donald Trump’s re-election campaign because it featured a symbol heavily associated with Nazi Germany, in a move likely to dial-up tensions in the US.The inverted red triangle featured in the ad was reportedly used by the Nazis to mark out political prisoners in concentration camps.It ran alongside a message from the President claiming that ‘far-left mobs’ are causing mayhem in the US and

  • Malicious Chrome Extensions Downloaded Over 33 Million TimesGoogle has removed scores of malicious and fake Chrome extensions being used in a global eavesdropping campaign.The threat was spotted by Awake Security, which detected 111 of the malicious extensions over the past three months. When it notified Google of the issue last month, it claimed that 79 were present in the Chrome Web Store, where they had been downloaded nearly 33 million times.Figures for the others not in the official marketp

  • Sophisticated State-Backed Attack Rocks AustraliaAustralian Prime Minister Scott Morrison today warned of a major state-sponsored cyber-espionage campaign targeting government and private sector businesses.He urged domestic organizations to take steps to improve their resilience, including the use of multi-factor authentication to access cloud and internet-facing systems, and to patch online devices promptly.“This activity is targeting Australian organizations across a range of sectors, in

  • US Indicts Six Nigerians Over $6m Email ScamThe United States has sanctioned six Nigerians for operating cyber-scams that stole millions from American victims. Indictments were unsealed June 16 against Richard Uzuh, Michael Olorunyomi, Alex Ogunshakin, Felix Okpoh, Nnamdi Benson, and Abiola Kayode. The six men are charged with orchestrating elaborate schemes to defraud Americans through Business Email Compromise (BEC) attacks and romance scams. American citizens lost over $6,

  • ESET Reveals New Insights into Espionage Group InvisiMole In-depth insights into the operations and methods of the elusive InvisiMole organization have been revealed by ESET following an investigation into a new campaign by the espionage group. In this campaign, the group targeted a number of high profile military and diplomatic bodies in Eastern Europe from late 2019 until at least June 2020.ESET investigators found that InvisiMole collaborated with another cyber-threat actor, Gamaredon, to hel

  • FCC Warned Against Approving US/Hong Kong Subsea Cable America’s Federal Communications Commission (FCC) has been warned against fully approving the construction of a subsea cable that will directly link the United States to Hong Kong.A recommendation to partially deny the application to build the Pacific Light Cable Network (PLCN) was sent to the FCC by Team Telecom, formally known as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services

  • UK U-Turns on Contact Tracing App PrivacyThe UK government has abandoned its centralized coronavirus contact-tracing app in favor of a decentralized model, according to the BBC’s chief tech correspondent. Rory Cellan-Jones shared news of the UK’s U-turn on Twitter earlier today. Posting as @ruskin147, Cellan-Jones wrote: “BBC scoop – NHS abandons centralized contact tracing app, moves to Apple/Google decentralized model.”A petition by ProPrivacy asking the UK g

  • ICO Report Calls for Reforms Around Police Data ExtractionThe UK Information Commissioner’s Office (ICO) has issued a report on police practices regarding extraction of data from people’s phones, including phones belonging to the victims of crime.The report, which is the result of a 2018 complaint made by Privacy International (PI), highlights numerous risks and failures by the police in terms of data protection and privacy rights.Elizabeth Denham, information commissioner, state

  • Pandemic Popularity Forces Dark Web Forums to Recruit The COVID-19 crisis appears to have had an unexpected impact on underground cybercrime sites, leading to a surge in growth which has left many understaffed, according to Digital Shadows.The dark web monitoring firm’s Digital Shadows Photon Research Team revealed in a new blog that several forums have recently been forced to go on a hiring spree for new moderators.In April, an administrator post from English-language cybercrime forum Nul

  • #COVID19 Attacks Still Less Than 2% of Total ThreatsCOVID-19-themed cyber-attacks comprised only a tiny amount of overall threat volumes over the past four months despite sensational headlines, according to Microsoft.In comments echoing those it made at the start of the crisis, the Microsoft Threat Protection Intelligence Team claimed that even the peak of COVID-related attacks in the first two weeks of March was “barely a blip in the total volume of threats we typically see in a month.&rd

  • Zoom Will Offer End-to-End Encryption for All UsersZoom has reversed its controversial decision to restrict access to end-to-end encryption (E2EE) for some users and will now offer the feature to customers of both its free and premium services.The video conferencing app said it had consulted with rights groups, child safety advocates, government representatives, encryption experts and its own CISO council to gather feedback.“We are also pleased to share that we have identified a path forwa

  • BEC Attackers Ditch C-Suite in Favor of Fresh TargetThe number of Business Email Compromise (BEC) attacks being leveled at C-Suite executives has declined as threat actors focus on a new target.According to new research published today by Abnormal Security, BEC attacks on C-Suite executives decreased by 37% in the first quarter of 2020 compared to the final quarter of 2019. Researchers discovered that cyber-criminals had a new springtime victim in their sights, as BEC attacks

  • Sharp Rise in Web Attacks on GamersCyber-criminals stepped up their efforts to victimize gamers while millions of people stayed at home this spring to slow the spread of COVID-19.New research published today by Kaspersky found that in April, the daily number of blocked attempts to direct users to malicious gaming-themed sites increased by 54%, compared to January 2020.In the same month, the number of blocked attempts to force gamers onto phishing pages for one of the most popular gaming platform

  • Illinois Tech CEO Charged with #COVID19 Relief FraudThe founder and CEO of two Illinois software companies has been charged with fraudulently claiming over $400,000 from the Paycheck Protection Program (PPP).Evanston resident Rahul Shah allegedly lied on an application for a forgivable bank loan guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.The 51-year-old was charged in a federal criminal complaint filed in t

  • Illinois Tech CEO Charged with #COVID-Relief FraudThe founder and CEO of two Illinois software companies has been charged with fraudulently claiming over $400,000 from the Paycheck Protection Program (PPP).Evanston resident Rahul Shah allegedly lied on an application for a forgivable bank loan guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.The 51-year-old was charged in a federal criminal complaint filed in the

  • Widespread Security Vulnerabilities in Mobile Banking AppsHalf of mobile banks are vulnerable to fraud and theft of funds due to inadequate security on apps, according to a study by Positive Technologies. The analysis found that mobile banking applications have a raft of security flaws which can be exploited by cyber-criminals to access sensitive data and commit fraud.Positive Technologies said that none of the 14 mobile banking applications tested had an acceptable level of security. In regard

  • Petitions Demand Zoom Changes End-to-End Encryption StanceTechnology companies and rights groups are calling on Zoom to reverse its stance on end-to-end encryption, which currently denies users of its free service the strongest possible security and privacy protections.The video conferencing app controversially announced earlier this month that only users of its premium service would have their conversations protected by end-to-end encryption.“Free users for sure we don’t want to giv

  • Avast Appoints Nick Viney to Lead Telco, IoT and Family Security Business UnitGlobal digital Security and privacy product provider Avast has announced the appointment of Nick Viney as senior vice-president and general manager for its Telco, Internet of Things (IoT) and Family security business unit.Viney joins Avast from Cyber 1 – a publicly listed enterprise cybersecurity provider – where he was Group CEO. He has previously held roles at McAfee, Google and Microsoft.In his new role,

  • Aerospace Executives Targeted Via LinkedIn Recruitment MessagesAttackers leveraged LinkedIn and posed as recruiters in order to steal information and money from European military and aerospace executives.According to new research from ESET, the technique involved threat actors contacting the executives via LinkedIn posing as recruiters. Named Operation In(ter)ception, the actions took place from September to December 2019 and began with what ESET called “a quite believable job offer, seemi

  • #COVID19 Forces Positive Long-Term Changes to CybersecurityCOVID-19 lockdowns around the world have led to an increase in some of the most common attack types, but also a realization that businesses must change going forward, according to over 80% of IT professionals polled by Bitdefender.The security vendor interviewed 6724 security and IT staff in May across the UK, US, Australia/New Zealand, Germany, France, Italy, Spain, Denmark and Sweden, covering all sizes of organization.Some 86% cl

  • CIA Report Slammed Agency’s Security as “Woefully Lax”A US senator is demanding to know why the CIA is still not following the government’s advice on best practices after he obtained a 2017 report describing the agency’s day-to-day cybersecurity as “woefully lax.”The internal report was written by the CIA’s WikiLeaks Task Force in the wake of the Vault 7 disclosures to the whistleblowing site, which amounted to the “largest data loss&rdq

  • Ripple20 Vulnerabilities Affect Hundreds of Millions of IoT Devices Zero-day vulnerabilities have been discovered that could impact millions of IoT devices found in data centers, power grids, and elsewhere.The flaws, dubbed Ripple20, were detected by the JSOF research lab in a widely used low-level TCP/IP software library developed by Treck, Inc. In research published today, JSOF said Ripple20 includes multiple remote code execution vulnerabilities and affects “hundreds of mi





  • Source link

    Write a comment:
    *

    Your email address will not be published.