#cybercriminals

#cybercriminals

It doesn't take long after announcing a data breach for companies to become targets of class-action lawsuits.One such company, Miramar-based Managed Care of North America Dental, reported on May 26 that it suffered a ransomware breach between Feb. 26 and March 7 that affected 8.9 million individuals.

On Wednesday, May 3, the Columbian Lawyers Association of Brooklyn hosted a monthly meeting at Gargiulo's Restaurant in Coney Island, where attorney Daniel Garrie, a top voice in the cybersecurity and computer forensic space for over 20 years, gave an enlightening lecture on cybersecurity.The issue has become increasingly important since the pandemic, Columbian Lawyers President Salvatore Scibetta explained.

Gmail users in the US can now run scans to find out whether their Gmail ID appears on the dark web, Google announced today at Google I/O, its annual developer conference.The feature was initially announced in March, when the internet giant released it for Google One users only.It allows users to run scans and receive a report informing them whether their information, including name, address, email address, phone number, and Social Security number, appears on dark web portals.

Founded in 1872, the company provides ship management services to hundreds of organizations in the maritime industry, including monitoring of incoming and outgoing vessel traffic in ports, emergency response services, and more.Royal Dirkzwager fell victim to the cyberattack on March 6, being forced to take systems offline and suspend several services.

Ethical hacking is a great skill to learn with new cyber threats on the rise.Learn how to fight back with this ethical hacking course bundle.After pretty much every form of cyberattack increased in 2022, cybercriminals have since found even more ways to target small businesses, from levying more sophisticated phishing attacks to taking advantage of vulnerable NFTs.

Swansea Public Schools canceled classes Wednesday following a ransomware attack that shut down the district's network, according to the school superintendent."The cyber security company, with whom we contract, is working today to ascertain the extent of the attack on our network," Superintendent of Schools John J. Robidoux wrote on Twitter.

Facebook parent company Meta says it disrupted a novel malware family within weeks after it emerged earlier this year.Dubbed NodeStealer, the threat was designed to steal cookies and usernames and passwords from browsers such as Chrome, Edge, Brave, and Opera, to compromise online accounts.A custom JavaScript malware first observed in January 2023, NodeStealer is likely of Vietnamese origin, being distributed disguised as PDF and XLSX files.

On Thursday afternoon, a judge finally brought an end to the strange case of Filippo Bernardini, the Italian man who pleaded guilty earlier this year to impersonating hundreds of people in the book-publishing industry in order to steal unpublished manuscripts.While the government argued that Bernardini should spend a year in prison, Judge Colleen McMahon didn't agree.

Coinbase, one of the world's largest cryptocurrency exchanges, was recently targeted in a sophisticated cyberattack that appears to have been conducted by the same threat group that targeted Twilio, Cloudflare and many others last year.Coinbase revealed on Friday that its employees were targeted in an SMS phishing campaign on Sunday, February 5.

Chatbots are taking away a key line of defence against fraudulent phishing emails by removing glaring grammatical and spelling errors, according to experts.Phishing emails are a well-known weapon of cybercriminals and fool recipients into clicking on a link that downloads malicious software or tricks them into handing over personal details such as passwords or pin numbers.

A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients' names, Social Security numbers, and sensitive medical information, from its servers.Under the settlement [ PDF], Orlando Family Physicians, which operates 10 clinics in central Florida, will reimburse affected patients who submit a claim by July 1, and provide them with two years of free credit monitoring.

Maksim Kabakou - Fotolia

By
Cyber security training is a vital security strategy for many enterprises across the world.Such training has been established at large companies and government organisations for many years now.Small to medium size businesses have increasingly seen the value in contracting in training to help users avoid common security issues.

Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident.The company was able to restore online payments and exchanges and returns two weeks ago.

Over the weekend, the cybercriminals behind the Play ransomware published data allegedly stolen from the City of Oakland last month.The cyberattack started on February 8 and was disclosed on February 10, when Oakland announced that it had taken systems offline to contain the incident, but that emergency services were not impacted.

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt.Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails.For now, human cybercriminals are still more accomplished at devising successful phishing attacks, but the gap is closing, according to security trainer Hoxhunt's new report released Wednesday.

Indigo Books & Music Inc. is dealing with what it calls a "cybersecurity incident" that has affected customer orders in-store and online.It started at the Toronto-based retailer on Wednesday.As of Friday afternoon, Indigo's website was still offline."We are working with third-party experts to investigate and resolve the situation," the company said in a message posted on its website.

Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.

Corporate security is near the top of the list of CIO concerns for 2023 - but a security skills shortfall is also a problem.What can companies do to bring up the slack?In 2022, cybersecurity firm Fortinet conducted research that revealed 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and awareness, 64% of organizations experienced breaches that resulted in lost revenue or cost them fines during the past year, and 38% of organizations reported breaches that cost them over one million dollars.

These days, every organization comes up against cybercriminals.Each new device, user or data point expands the attack surface, giving threat actors more opportunities to compromise environments.At Palo Alto Ignite '22, hosted by Palo Alto Networks, threat intelligence experts recapped the biggest threats of 2022.

A cybercrime group has been exploiting a zero-day vulnerability in the Microsoft SmartScreen security feature to deliver the Magniber ransomware, Google warned on Tuesday.Google's Threat Analysis Group (TAG) said the vulnerability, tracked as CVE-2023-24880, has been exploited since at least January.

A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance, Proofpoint reports.Tracked as TA866, the adversary appears to have started the infection campaign in October 2022, with the activity continuing into January 2023.

That didn't take long.A week after the US Cybersecurity and Infrastructure Security Agency (CISA) and FBI released a recovery script to help victims of the widespread ESXiArgs ransomware attacks recover infected systems, an updated variant of the malware aimed at vulnerable VMware ESXi virtual machines can't be remediated with the government agencies' code, according to Malwarebytes.

(Image credit: Bryn Colton/ Getty Images)
The National Security Agency (NSA) has published some new advice for those working from home to secure their work devices and home networks.In issuing some fairly basic and standard advice, it noted that those in telecommunications specifically should make sure their user and networking devices are kept up to date to prevent compromises to their own and their organization's security posture.

The US Environmental Protection Agency on Friday announced new requirements for public water facilities to boost their cybersecurity while expressing concern that many facilities have failed to take basic steps to protect themselves from hackers.The new EPA memo requires state governments to audit the cybersecurity practices of public water systems and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.

A senior FBI official warned secretaries of state from across the US Thursday that Chinese hackers pose a growing threat and said their willingness to target the infrastructure of political parties ahead of the 2022 election demonstrates that we could see more significant Chinese cyber activity against your states in the coming year.

The US and UK governments on Thursday sanctioned six Russians and one Ukrainian for their alleged involvement in an infamous Russia-based cybercrime network that infected millions of computers worldwide, including those in American hospitals.The sanctions target seven alleged core members of a cybercrime gang known as Trickbot, whose eponymous hacking tool has for years stalked US critical infrastructure, the US Treasury Department said in a statement.

Carding marketplaces, also referred to as card shops, are cybercrime websites that facilitate the trading and unauthorized use of stolen payment card details.Active for less than a year, BidenCash has quickly become one of the top carding marketplaces, making a name for itself by releasing the details of hundreds of thousands of cards in June 2022.

By: Mike Vizard on
A survey of 2,500 C-level executives published today by Palo Alto Networks found 81% of organizations have embedded cybersecurity professionals within their DevOps teams.Despite the presence of those cybersecurity professionals, however, the survey also suggested there is much work to do in terms of optimizing DevSecOps workflows.

1Password is announcing today that, one day soon, it will support the option to create and unlock 1Password accounts using biometric-based passkey technology, ditching the feature that is the name of its entire product."For passkeys to be the way forward, it's not enough for them to replace some of your passwords," said 1Password chief product officer Steve Won.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.However, it's a good idea to patch sooner than later to avoid being patient zero.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are warning organizations of malicious attacks using legitimate remote monitoring and management (RMM) software.IT service providers use RMM applications to remotely manage their clients' networks and endpoints, but threat actors are abusing these tools to gain unauthorized access to victim environments and perform nefarious activities.

Malvertising campaigns impacting Google Ads are on the rise.While the technique of convincing internet users to download malware by clicking on seemingly legitimate adverts is not a new one, its popularity has spiked due to an increase in the sophistication of malware as well as the value of credentials they can be harvested.

A Twitter user has sued the troubled social media platform over an alleged data leak that exposed more than 200 million account users' information.In a class-action lawsuit [PDF] filed January 13 in a US district court in San Francisco, Stephen Gerber claims Twitter exposed his and "tens of millions" of other users' personal information - specifically email addresses and phone numbers linked to accounts - between June 2021 and January 2022 because of an API flaw.

While many of us were unplugging from the internet to spend time with loved ones over the holidays, LastPass, the maker of a popular security program for managing digital passwords, delivered the most unwanted gift.It published details about a recent security breach in which cybercriminals had obtained copies of customers' password vaults, potentially exposing millions of people's online information.

One day I got a call from Sarah*, the in-house counsel at a large financial institution."Our [information security] team was doing a routine search and found a list of our employee passwords for sale on the dark web," she told me."The business folks want to buy it back.What should we do?

A screen displaying the price of Bitcoin during the Bitcoin 2022 conference in Miami, Florida, U.S., on Friday, April 8, 2022.The Bitcoin 2022 four-day conference is touted by organizers as "the biggest Bitcoin event in the world."Photographer: Eva Marie Uzcategui/Bloomberg (Bloomberg)The crypto community has a lexicon of buzzwords and slang that can seem like a foreign language to the uninitiated.

Check out all the on-demand sessions from the Intelligent Security Summit here.Social engineering scams are everywhere.Every day, cybercriminals are using whatever medium they can to trick users into handing over their data.This not only includes email, SMS and messaging services, but also online advertising services.

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time.Through different techniques, attackers have used embedded Visual Basic for Applications macros to infect computers with different kinds of malware for cybercrime and cyberespionage.In most cases, users still needed to click their agreement when executing code inside those applications, but some social engineering tricks have enticed unsuspecting victims to click and allow the execution of the malicious macros themselves.

By: Mike Vizard  on  
Rezilion has updated its open source MI-X vulnerability discovery tool to include mitigation and remediation recommendations.In addition, the tool can now produce machine-readable output in either a JSON or CSV format.Finally, the company added Windows support for Heartbleed and SpookySSL vulnerabilities in Windows environments.

Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware.

By: Mike Vizard  on  
Chainguard today added a private preview of a Chainguard Enforce Signing service, enabled by the open source Sigstore project, that allows developers to generate digital signatures for software artifacts using identities and one-time-use keys they create themselves.Kim Lewandowski, head of product for Chainguard, said Chainguard Enforce Signing provides an alternative to relying on a public service to generate those digital signatures.

Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far.The new TikTok trend is called Invisible Challenge, and it involves a person filming themself naked while using an effect called Invisible Body that removes the body from the video.

Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology.Those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities

Researchers with Microsoft's Security Threat Intelligence unit examined an April report from cybersecurity company Recorded Future about the intrusion efforts into India's power grid dating back to 2020 and, more recently, into a national emergency response system and a global logistics company's Indian subsidiary.

By: Mike Vizard  on  
Oxeye today disclosed that it has discovered a critical vulnerability in the open source Backstage software used to build developer portals.Backstage was originally created by Spotify.A 1.5.1 update to the Backstage platform remediated a sandbox escape vulnerability that can occur via a third-party Scaffolder plug-in that could be used to conduct unauthenticated remote code execution (RCE).

By: Mike Vizard  on  
At the Pulumi Cloud Engineering Days event, Pulumi announced today it has added a code deployment capability to its Pulumi Cloud platform for managing infrastructure-as-code (IaC).Pulumi CEO Joe Duffy said Pulumi Deployments will make it possible for DevOps teams to provision infrastructure and deploy applications via a single Git commit that can be invoked via an application programming interface (API) or graphical tool.

in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times.The apps come from developer Mobile apps Group, and are infected with the Trojan known as HiddenAds, said security shop Malwarebytes.

In addition to cyberattacks, phishing attacks and malicious apps, cybercriminals can also abuse Google Ads to trick users into falling for their schemes.As reported by BleepingComputer (opens in new tab), if you searched for 'GIMP' on Google last week you may have seen an ad for the official website of the popular Photoshop alternative.