#cybercriminals

#cybercriminals

It doesn't take long after announcing a data breach for companies to become targets of class-action lawsuits.One such company, Miramar-based Managed Care of North America Dental, reported on May 26 that it suffered a ransomware breach between Feb. 26 and March 7 that affected 8.9 million individuals.

Microsoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint."The cybercriminal ecosystem has experienced a monumental shift in activity and threat behavior over the last year in a way not previously observed by threat researchers," the security team wrote in a report [ PDF] just before the weekend.

Australian enterprise resource planning solutions provider TechnologyOne halted trading for a couple of days this week after detecting unauthorized access to some of its systems.The enterprise software maker halted trading on May 10, revealing in a statement that hackers had targeted its "internal Microsoft 365 back-office system".

Gmail users in the US can now run scans to find out whether their Gmail ID appears on the dark web, Google announced today at Google I/O, its annual developer conference.The feature was initially announced in March, when the internet giant released it for Google One users only.It allows users to run scans and receive a report informing them whether their information, including name, address, email address, phone number, and Social Security number, appears on dark web portals.

UK-based business process outsourcing and professional services company Capita said on Wednesday that it expects to incur costs ranging between roughly £15 million ($19 million) and £20 million ($25 million) as a result of the recent cybersecurity incident, but it has not clarified whether that includes a ransom payment to the hackers.

Western Digital confirmed on Friday that cybercriminals have stolen customer and other information after breaching its systems.According to the digital storage giant, a security breach was discovered on March 26.In early April, the company shut down some services as part of its incident response activities and informed customers about a cyberattack, but has not shared any updates until May 5.
Western Digital's second public statement comes just days after a ransomware group known as Alphv/BlackCat started publishing screenshots showing the extent of their access.

/
1. Millions of WordPress websites have been vulnerable to a critical 10-year-old vulnerability in Jetpack, which has now been patched.
2. Attackers could have exploited the vulnerability to gain access to user information, including passwords, and even take control of the server hosting the WordPress website.

Sustainable energy giant Hitachi Energy has blamed a data breach affecting employees on the exploitation of a recently disclosed zero-day vulnerability in Fortra's GoAnywhere managed file transfer (MFT) software.In a press release published on Friday, Hitachi Energy said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some countries.

A cybercrime group has been exploiting a zero-day vulnerability in the Microsoft SmartScreen security feature to deliver the Magniber ransomware, Google warned on Tuesday.Google's Threat Analysis Group (TAG) said the vulnerability, tracked as CVE-2023-24880, has been exploited since at least January.

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.However, it's a good idea to patch sooner than later to avoid being patient zero.

By: Mike Vizard  on  
Oxeye today disclosed that it has discovered a critical vulnerability in the open source Backstage software used to build developer portals.Backstage was originally created by Spotify.A 1.5.1 update to the Backstage platform remediated a sandbox escape vulnerability that can occur via a third-party Scaffolder plug-in that could be used to conduct unauthenticated remote code execution (RCE).

Following the success of OpenAI's , Microsoft's and Google Bard, researchers have created a new AI model with a much darker twist.While the large language models (LLMs) that power ChatGPT and Google Bard were trained on data from the open web, DarkBERT was trained exclusively on data from the .Yes, you read that correctly, this new AI model was trained using data from hackers, cybercriminals and other scammers.

(Image credit: CKA via Shutterstock)
Hackers are trying to capitalize on the enormous popularity of ChatGPT to distribute malware, security experts have warned.A report from cybersecurity researchers CloudSEK has detailed an elaborate scheme that includes stolen Facebook accounts, groups, and pages, malicious Facebook ads, and fake ChatGPT software.

Learn how this cryptocurrency campaign operates and its scope.Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat.The cybersecurity company CrowdStrike has observed the first-ever Dero cryptojacking campaign.The attack targets Kubernetes clusters that were accessible on the internet and allowed anonymous access to the Kubernetes API.

A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance, Proofpoint reports.Tracked as TA866, the adversary appears to have started the infection campaign in October 2022, with the activity continuing into January 2023.

Produce giant Dole has been forced to shut down plants as a result of a ransomware attack that appears to have resulted in product shortages in some grocery stores.In a statement posted on its website on Wednesday, Dole said it was dealing with a cybersecurity incident involving ransomware.The company has contacted law enforcement and external cybersecurity experts to help it address and investigate the attack.

The amount of money paid to ransomware attackers dropped significantly in 2022, and not because the number of attacks fell.It's that more victims are refusing to pay the ransoms, blockchain research firm Chainalysis said in a report Thursday.They estimate that since 2019, victim payment rates have fallen from 76 percent to just 41 percent.

On Thursday afternoon, a judge finally brought an end to the strange case of Filippo Bernardini, the Italian man who pleaded guilty earlier this year to impersonating hundreds of people in the book-publishing industry in order to steal unpublished manuscripts.While the government argued that Bernardini should spend a year in prison, Judge Colleen McMahon didn't agree.

Founded in 1872, the company provides ship management services to hundreds of organizations in the maritime industry, including monitoring of incoming and outgoing vessel traffic in ports, emergency response services, and more.Royal Dirkzwager fell victim to the cyberattack on March 6, being forced to take systems offline and suspend several services.

It's a good idea to install an ad blocker to help you avoid online scams -and apparently the FBI agrees.On Wednesday, the agency issued the recommendation in an alert(Opens in a new window)  about avoiding malicious ads over search engines.The threat of so-called " malvertising " has been around for years, but what was notable about the FBI's alert was its advice on how consumers can protect themselves from the threat.

Apple is planning to let users install alternative app stores on iOS, according to a report from Bloomberg.The shift would be a remarkable change from the company, which has famously only allowed iPhone and iPad users to download apps from the App Store.The plans are reportedly being spurred on by the EU's Digital Markets Act (DMA), which is meant to enact "rules for digital gatekeepers to ensure open markets" when its restrictions become a requirement in 2024, according to a press release.

A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients' names, Social Security numbers, and sensitive medical information, from its servers.Under the settlement [ PDF], Orlando Family Physicians, which operates 10 clinics in central Florida, will reimburse affected patients who submit a claim by July 1, and provide them with two years of free credit monitoring.

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt.Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails.For now, human cybercriminals are still more accomplished at devising successful phishing attacks, but the gap is closing, according to security trainer Hoxhunt's new report released Wednesday.

1Password is announcing today that, one day soon, it will support the option to create and unlock 1Password accounts using biometric-based passkey technology, ditching the feature that is the name of its entire product."For passkeys to be the way forward, it's not enough for them to replace some of your passwords," said 1Password chief product officer Steve Won.

The US and UK governments on Thursday sanctioned six Russians and one Ukrainian for their alleged involvement in an infamous Russia-based cybercrime network that infected millions of computers worldwide, including those in American hospitals.The sanctions target seven alleged core members of a cybercrime gang known as Trickbot, whose eponymous hacking tool has for years stalked US critical infrastructure, the US Treasury Department said in a statement.

GOOGLE users have been warned it's time to go ad-free as cyber advertisement scams continue to wreak havoc across the internet.The FBI released a warning last week saying cyber criminals are using search engine advertisement services to "impersonate brands and direct users to malicious sites."

In addition to cyberattacks, phishing attacks and malicious apps, cybercriminals can also abuse Google Ads to trick users into falling for their schemes.As reported by BleepingComputer (opens in new tab), if you searched for 'GIMP' on Google last week you may have seen an ad for the official website of the popular Photoshop alternative.

Few things evoke a level of disdain on par with computer passwords.They are inconvenient and incredibly insecure.Cybergangs attack them, hack them, and constantly wreak havoc with them.According to industry statistics, upwards of 80% of all breaches involve passwords in one form or another.Even more advanced multifactor authentication (MFA), whether in the form of text codes or rolling numbers on an authentication app, does not address the underlying problem.

Maksim Kabakou - Fotolia

By
Cyber security training is a vital security strategy for many enterprises across the world.Such training has been established at large companies and government organisations for many years now.Small to medium size businesses have increasingly seen the value in contracting in training to help users avoid common security issues.

Check out all the on-demand sessions from the Intelligent Security Summit here.For years, encryption has played a core role in securing enterprise data.However, as quantum computers become more advanced, traditional encryption solutions and public-key cryptography (PKC) standards, which enterprise and consumer vendors rely on to secure their products, are at serious risk of decryption.

in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times.The apps come from developer Mobile apps Group, and are infected with the Trojan known as HiddenAds, said security shop Malwarebytes.

By: Mike Vizard on
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform.Tomislav Peričin, chief software architect for ReversingLabs, said this addition will make it easier for DevSecOps teams to identify secrets that are inadvertently left in applications as plain text or that can be discovered because of weak cryptography, scripts that have been included in directories that have secrets configuration files, packaging automation mistakes, compromised developer accounts or the activities of malicious insiders.

Over the weekend, the cybercriminals behind the Play ransomware published data allegedly stolen from the City of Oakland last month.The cyberattack started on February 8 and was disclosed on February 10, when Oakland announced that it had taken systems offline to contain the incident, but that emergency services were not impacted.

Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.

Swansea Public Schools canceled classes Wednesday following a ransomware attack that shut down the district's network, according to the school superintendent."The cyber security company, with whom we contract, is working today to ascertain the extent of the attack on our network," Superintendent of Schools John J. Robidoux wrote on Twitter.

During the second half of 2022, a variant of the Mirai malware called V3G4 was seen targeting 13 vulnerabilities to ensnare Internet of Things (IoT) devices into a botnet, Palo Alto Networks reports.Following the successful exploitation of the targeted security flaws, the malware takes full control of the vulnerable devices and then abuses them to conduct various types of malicious activities, including distributed denial-of-service (DDoS) attacks.

The operators of a fairly new ransomware operation named HardBit are prepared to negotiate the ransom amount with their victims based on their cyberinsurance policy.The HardBit ransomware emerged in October 2022, with version 2.0 launched in late November.In a blog post published on Monday, data security company Varonis reported seeing samples of the malware throughout the rest of 2022 and into 2023.

Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident.The company was able to restore online payments and exchanges and returns two weeks ago.

By: Mike Vizard on
A survey of 2,500 C-level executives published today by Palo Alto Networks found 81% of organizations have embedded cybersecurity professionals within their DevOps teams.Despite the presence of those cybersecurity professionals, however, the survey also suggested there is much work to do in terms of optimizing DevSecOps workflows.

Check out all the on-demand sessions from the Intelligent Security Summit here.Social engineering scams are everywhere.Every day, cybercriminals are using whatever medium they can to trick users into handing over their data.This not only includes email, SMS and messaging services, but also online advertising services.

Corporate security is near the top of the list of CIO concerns for 2023 - but a security skills shortfall is also a problem.What can companies do to bring up the slack?In 2022, cybersecurity firm Fortinet conducted research that revealed 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and awareness, 64% of organizations experienced breaches that resulted in lost revenue or cost them fines during the past year, and 38% of organizations reported breaches that cost them over one million dollars.

(Image credit: Bryn Colton/ Getty Images)
The National Security Agency (NSA) has published some new advice for those working from home to secure their work devices and home networks.In issuing some fairly basic and standard advice, it noted that those in telecommunications specifically should make sure their user and networking devices are kept up to date to prevent compromises to their own and their organization's security posture.

Ethical hacking is a great skill to learn with new cyber threats on the rise.Learn how to fight back with this ethical hacking course bundle.After pretty much every form of cyberattack increased in 2022, cybercriminals have since found even more ways to target small businesses, from levying more sophisticated phishing attacks to taking advantage of vulnerable NFTs.

A 28-year-old Russian man accused of developing and selling a hacking tool used to obtain the login information for tens of thousands of computers worldwide was arrested in the country of Georgia and extradited to the US, the Justice Department said Wednesday.Dariy Pankov is accused of advertising access to more than 35,000 computers, earning more than $350,000 in illicit sales, and enabling cybercriminals to conduct ransomware attacks and tax fraud, prosecutors said.

WASHINGTON In a major breach of a U.S. Marshals Service computer system this month with ransomware, hackers stole sensitive and personally identifiable data about agency employees and targets of investigations, an agency spokesman said Tuesday.The hacked system was disconnected from the network shortly after the breach and stolen data were discovered Feb. 17.