• Misconfigured Cloud Server Exposes 66,000 GamersTens of thousands of users have had their personal details exposed after a popular online gaming site misconfigured the Elasticsearch server they were sitting on.A research team at WizCase found the wide-open server, with zero encryption and no password protection, through a simple search. It was traced back to VIPGames.com, a popular free-to-play card and board game platform with 100,000 Google Play downloads and roughly 20,000 active daily player

  • Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security

    Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless SecurityCredit card firm Mastercard has unveiled new quantum-resistant standards that are designed to enhance the security and privacy of contactless payments.As a result of the move, Mastercard will become the first payments network to bring quantum-era security and privacy to contactless payments. The Enhanced Contactless (Ecos) specifications have been introduced following a surge in contactless payments over the past year,

  • TikTok Bug Gave Access to Contacts’ Profile Details Researchers have discovered a vulnerability in TikTok which could have allowed attackers to harvest users’ phone numbers and personal profile details.Check Point revealed today that the flaw, which has now been fixed by the popular social network, was found in the app’s “Find Friends” feature.The problem stems from the fact that TikTok allows users to sync their phone contacts with the app, thus connecting user pro

  • Cook County Leaks 320,000 Court Records Over 320,000 court records belonging to the second most populous county in the US have been discovered sitting on a misconfigured online database.Security researcher Jeremiah Fowler and a team from Website Planet soon found that the data was all from Cook County, Illinois, which is home to America’s third-largest city, Chicago.“There have been several high -profile data exposures of private companies that affected Cook County residents in the p

  • Mr. Double Website Operator Convicted A man from Texas has been convicted of operating a website dedicated to publishing stories detailing the sexual abuse of children.Brewster County resident Thomas Alan Arthur was convicted by a federal jury on January 21 following a trial that lasted three days. According to trial evidence, the 64-year-old started operating a website called Mr. Double in 1996. The website was devoted to publishing writings that described the sexual abuse of chi

  • San Francisco Law Firm Investigating PupBox Data BreachA San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company.The breach, which occurred over a six-month period last year, resulted in the exposure of the payment card information of tens of thousands of customers of PupBox, Inc.PupBox, which appeared on the entrepreneurial-themed reality TV show Shark Tank, sells customized puppy subscription boxes contai

  • Deloitte Acquires Root9B

    Deloitte Acquires Root9BProfessional services network Deloitte & Touche LLP today announced its acquisition of substantially all the assets of cybersecurity company Root9B, LLC (R9B).Founded in 2011 as a cybersecurity training company with a vision of delivering military-grade technology to the private sector, Root9B provides advanced cyber-threat-hunting services and solutions. The company also offers defense forensics and incident response, tech-enabled vulnerability as

  • US says support for Taiwan ‘rock-solid’ as Chinese jets buzz island

    DefenceTalkDefenceTalk The United States’ commitment to Taiwan is “rock-solid”, the State Department said late Saturday, as it warned that China’s “attempts to…

  • Russian Government Agency Warns Firms of US AttackThe Russian government has issued cybersecurity guidance to businesses in the country after claiming they are at risk of US reprisals for the recent SolarWinds attacks.The alert came late last week from the National Coordination Center for Computer Incidents (NKTsKI), an agency created in 2018 by KGB successor the Federal Security Service (FSB).It claimed the Biden administration had threatened to carry out retaliatory attacks on Russian critical

  • Intel: Earnings Leak Down to Internal Error

    Intel: Earnings Leak Down to Internal ErrorIntel was forced to issue its financial results earlier than expected last week after an internal error made public some of the information before it was due to be released, the firm has confirmed.Originally, Intel CFO, George Davis claimed a “hacker” had got hold of an infographic detailing the earnings, which was waiting to be published on the firm’s PR Newsroom site.An Intel spokesperson told the Financial Times at the time: &l

  • SonicWall Probes Attack Using Zero-Days in Own Products

    SonicWall Probes Attack Using Zero-Days in Own Products Security vendor SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products.An initial post on the vendor’s knowledgebase pages on Friday claimed that the NetExtender VPN client version 10.x and the SMB-focused SMA 100 series were at risk.However, an update over the weekend clarified that impacted products were confined to its Secure Mobile Access (SMA) version 10

  • Terrorism watchdog to open inquiry into radicalisation in prison

    Prison officers have suffered a ‘steady drumbeat’ of attacks by terrorists, says Jonathan Hall QCAn inquiry into the way prisons deal with convicted terrorists is being launched by the independent terror watchdog amid concerns of growing radicalisation behind bars.Jonathan Hall QC said there had been a succession of terror attacks on prison officers while other inmates were coming under the influence of “high status” terrorist prisoners. Continue reading…

  • New Cyber-attack Advice for European Hospitals

    New Cyber-attack Advice for European Hospitals
    The European Data Protection Board has issued new advice to hospitals regarding what action to take in the event of a cyber-attack.Currently released in draft form, the new set of recommendations urges healthcare providers hit with ransomware to report the attack even if no patient data is accessed or exfiltrated. The guidelines state: “The internal documentation of a breach is an obligation independent of the risks pertaining to the

  • Home Security Technician Admits Spying on Customers A former home security technician has admitted habitually hacking into customers’ home surveillance cameras to spy on people without their consent. Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT. The 35-year-old carried out the cyber-intrusions for his own sexual gratification. He made a note of which camera feeds were lin

  • Court Date for Woman Accused in Theft of Pelosi’s LaptopA woman from Pennsylvania will appear before a federal court on Monday to face charges in connection with the theft of a laptop belonging to Speaker of the United States House of Representatives Nancy Pelosi.The computer was stolen from Pelosi’s office earlier this month when a crowd of people who had been attending a political protest forced their way into the US Capitol building and disrupted the certification of then President-

  • Defense More Effective Than Offense in Curbing Nation State Threat Actors

    Defense More Effective Than Offense in Curbing Nation State Threat ActorsThe effectiveness of offensive capabilities in deterring nation state actors was discussed by a panel during the recent ‘RSAC 365 Innovation Showcase: Cyber Deterrence’ webinar.Chair of the session, Jonathan Luff, co-founder at Cylon, observed that now is the ideal time to be asking if and when offensive strikes should be used following the Russian state-backed SolarWinds attacks at the end of last year, as well

  • ICO Urged to Investigate Secretive Tory Party ConsultancyA leading rights group has asked the UK’s data protection regulator to urgently investigate the role of a shadowy political consultancy over claims that helped the Conservative Party to general election victory in 2019.CT Group is a global lobbying and consulting firm founded by long-time Tory collaborator Lynton Crosby. Its CT Partners Limited business accounted for nearly 40% of the Conservative Party’s £4.5m spend

  • Human Error to Blame as Exposed Records Top 37 Billion in 2020

    Human Error to Blame as Exposed Records Top 37 Billion in 2020Publicly reported global breach volumes dropped 48% last year compared to 2019, but the number of exposed records soared 141% to top 37 billion, according to new data from Risk Based Security.The security vendor uses automated tools to crawl the internet for info on breaches, which are then manually verified by human researchers, who also obtain data from Freedom of Information requests.The resulting 2020 Year End Report revealed a to

  • More Malware May Be Lurking on Govt School LaptopsSecurity experts have warned that more nasty surprises may be in store for recipients of a Department for Education (DfE) laptop scheme, after malware was found on some machines.Malicious files were found on some laptops that were sent to a Bradford school as part of the government’s attempt to support remote learning for vulnerable children, the BBC reported yesterday.They’re said to be infected with the legacy Gamarue.I worm, which

  • Truckers’ Medical Records Leaked Medical records belonging to truck drivers and rail workers may have been exposed following an alleged cyber-attack on an occupational healthcare provider in Virginia. Data apparently belonging to employees of the United Parcel Service (UPS) and Norfolk Southern Railroad was published online to a leak site by the gang behind Conti ransomware. The cyber-criminals claimed to have obtained the data during a December cyber-attack on Taylor Made Diagnos

  • France Arrests 14 Over Online Child Sexual Abuse

    France Arrests 14 Over Online Child Sexual Abuse Fourteen people have been arrested in France as part of a nationwide sweep to combat the sexual exploitation of children online. The arrests were made by the French Gendarmerie (Gendarmerie nationale) with the support of Europol as part of an operation that was code-named Horus. All suspects were taken into custody between November 16 and November 20, 2020.In a statement released yesterday, Europol said: “The alleged suspects used s

  • Exploit Allows Root Access to SAPA team of enterprise resource planning security experts in Massachusetts have identified a functional exploit affecting SAP that is publicly available.The exploit was discovered by Onapsis Research Labs on code-hosting platform GitHub, where it had been published by Russian researcher Dmitry Chastuhin on January 14. Researchers said the exploit can be used against SAP SolMan, the administrative system used in every SAP environment that is simi

  • Barmak Meftah Joins Board of Directors at Nozomi NetworksIoT and OT security firm Nozomi Networks has announced that enterprise security leader Barmak Meftah has joined its board of directors.Meftah brings more than 25 years of experience in building market-leading enterprise SaaS and cybersecurity companies to Nozomi Networks and most recently served as president of AT&T Cybersecurity where he established its cybersecurity division and grew revenue by double digits.In addition to his indepe

  • California WeChat users claim China surveillance in lawsuit

    DefenceTalkDefenceTalkCalifornia WeChat users sued its parent company Tencent on Wednesday, saying the mobile app is used for spying on and censoring users for the Chinese government. US-based…

  • Russia urges Biden to be ‘more constructive’ on arms treaty

    DefenceTalkDefenceTalkRussia on Wednesday urged US President Joe Biden’s new administration to take a “more constructive” approach in talks over the extension of the New START…

  • Delicate dance: handing off the US ‘nuclear football’

    DefenceTalkDefenceTalkWhen an outgoing president hands the keys to the White House to the incoming one, another discrete handover takes place: the systems and codes for the US leader to launch a…

  • Global Cybersecurity Spending to Soar 10% in 2021The worldwide cybersecurity market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers from the pandemic, according to Canalys.The analyst firm clarified that double-digit growth from $54.7bn in 2020 would be its best-case scenario. However, even in the worst case, cybersecurity spending would reach 6.6%, it predicted.That would factor in a deeper-than-anticipated economic impact from lockdowns, although the s

  • Security Biggest Barrier to Cloud Adoption for Over Half of UK FirmsOver half (58%) of UK businesses have cited security concerns as the biggest barrier to public cloud adoption, according to a new study from Centrify.The survey of 200 business decision makers in large and medium-sized enterprises in the UK also found that over a third (35%) who have adopted cloud are less than 80% confident it is completely secure.Additionally, more than a quarter (28%) of those surveyed revealed that their org

  • Threat Actor Dumps 1.9 Million Pixlr Records Online

    Threat Actor Dumps 1.9 Million Pixlr Records OnlineA notorious threat actor appears to have published 1.9 million user records for the popular online photo editing site Pixlr, putting customers at risk of follow-on attacks.“ShinyHunters” dumped the files over the weekend for free on an underground forum, claiming the site was breached at the same time as 123RF, which is owned by the same company, Inmagine.Among the data up for grabs are email addresses, usernames, hashed passwor

  • Interpol: Dating App Victims Lured into Investment ScamsInterpol has issued a global warning that dating app users are being groomed for investment fraud scams.The policing body’s Purple Notice claimed that lonely hearts are picked off online, when the fraudsters establish an “artificial romance” with their victims. Once they have built up a level of trust through regular communication, they share investment tips and encourage the victim to join up to a scheme.“Victims do

  • Source link

    Is your business effected by Cyber Crime?

    If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

    Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

    Europe +31558448040
    UK +44 20 8089 9944
    ASIA +85239733884