#cybercriminals

#cybercriminals

Ransomware has become the top threat to the transport sector in the EU, and the European Union Agency for Cybersecurity (ENISA) expects ransomware groups to disrupt operational technology (OT) systems.The overall number of cyberattacks targeting aviation, maritime, railway and road transport organizations has increased between January 2021 and October 2022, with cybercriminals responsible for most of the incidents (54%), according to a new report from ENISA.

By: Mike Vizard on
A global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive.The survey, conducted by Chainguard, the Eclipse Foundation, the Rust Foundation and the Open Source Security Foundation (OpenSSF), found that just over half (51%) of respondents are either concerned or are extremely concerned about software supply chain security.

Chatbots are taking away a key line of defence against fraudulent phishing emails by removing glaring grammatical and spelling errors, according to experts.Phishing emails are a well-known weapon of cybercriminals and fool recipients into clicking on a link that downloads malicious software or tricks them into handing over personal details such as passwords or pin numbers.

Cloud data management and data security firm Rubrik has confirmed being targeted in an attack exploiting a recent GoAnywhere zero-day vulnerability after a ransomware group named the company on its leak website.Fortra, previously known as HelpSystems, alerted users of its GoAnywhere managed file transfer (MFT) software on February 1 about a zero-day remote code injection exploit.

Medical technology developer Zoll Medical is notifying roughly one million individuals that their personal information might have been compromised in a recent data breach.Zoll develops and markets medical equipment and software for advanced emergency care, including cardiac monitoring, oxygen therapy, ventilation, data management, and more.

Coinbase, one of the world's largest cryptocurrency exchanges, was recently targeted in a sophisticated cyberattack that appears to have been conducted by the same threat group that targeted Twilio, Cloudflare and many others last year.Coinbase revealed on Friday that its employees were targeted in an SMS phishing campaign on Sunday, February 5.

Indigo Books & Music Inc. is dealing with what it calls a "cybersecurity incident" that has affected customer orders in-store and online.It started at the Toronto-based retailer on Wednesday.As of Friday afternoon, Indigo's website was still offline."We are working with third-party experts to investigate and resolve the situation," the company said in a message posted on its website.

WASHINGTON Hackers who broke into a Washington, D.C. health insurance marketplace stole sensitive personal data on members of Congress, their employees and family and the size and scope of the impact could be extraordinary, House leadership says.DC Health Link, which runs the exchange, said an unspecified number of customers were affected and it was notifying them and working with law enforcement to quantify the damage.

(Image credit: CKA via Shutterstock)
Hackers are trying to capitalize on the enormous popularity of ChatGPT to distribute malware, security experts have warned.A report from cybersecurity researchers CloudSEK has detailed an elaborate scheme that includes stolen Facebook accounts, groups, and pages, malicious Facebook ads, and fake ChatGPT software.

Learn how this cryptocurrency campaign operates and its scope.Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat.The cybersecurity company CrowdStrike has observed the first-ever Dero cryptojacking campaign.The attack targets Kubernetes clusters that were accessible on the internet and allowed anonymous access to the Kubernetes API.

A recently identified financially motivated threat actor is targeting companies in the United States and Germany with custom malware, including a screenlogger it uses for reconnaissance, Proofpoint reports.Tracked as TA866, the adversary appears to have started the infection campaign in October 2022, with the activity continuing into January 2023.

Produce giant Dole has been forced to shut down plants as a result of a ransomware attack that appears to have resulted in product shortages in some grocery stores.In a statement posted on its website on Wednesday, Dole said it was dealing with a cybersecurity incident involving ransomware.The company has contacted law enforcement and external cybersecurity experts to help it address and investigate the attack.

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.

The amount of money paid to ransomware attackers dropped significantly in 2022, and not because the number of attacks fell.It's that more victims are refusing to pay the ransoms, blockchain research firm Chainalysis said in a report Thursday.They estimate that since 2019, victim payment rates have fallen from 76 percent to just 41 percent.

On Thursday afternoon, a judge finally brought an end to the strange case of Filippo Bernardini, the Italian man who pleaded guilty earlier this year to impersonating hundreds of people in the book-publishing industry in order to steal unpublished manuscripts.While the government argued that Bernardini should spend a year in prison, Judge Colleen McMahon didn't agree.

Founded in 1872, the company provides ship management services to hundreds of organizations in the maritime industry, including monitoring of incoming and outgoing vessel traffic in ports, emergency response services, and more.Royal Dirkzwager fell victim to the cyberattack on March 6, being forced to take systems offline and suspend several services.

It's a good idea to install an ad blocker to help you avoid online scams -and apparently the FBI agrees.On Wednesday, the agency issued the recommendation in an alert(Opens in a new window)  about avoiding malicious ads over search engines.The threat of so-called " malvertising " has been around for years, but what was notable about the FBI's alert was its advice on how consumers can protect themselves from the threat.

Apple is planning to let users install alternative app stores on iOS, according to a report from Bloomberg.The shift would be a remarkable change from the company, which has famously only allowed iPhone and iPad users to download apps from the App Store.The plans are reportedly being spurred on by the EU's Digital Markets Act (DMA), which is meant to enact "rules for digital gatekeepers to ensure open markets" when its restrictions become a requirement in 2024, according to a press release.

Sustainable energy giant Hitachi Energy has blamed a data breach affecting employees on the exploitation of a recently disclosed zero-day vulnerability in Fortra's GoAnywhere managed file transfer (MFT) software.In a press release published on Friday, Hitachi Energy said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some countries.

A Florida healthcare group has settled a class-action lawsuit after thieves stole more than 447,000 patients' names, Social Security numbers, and sensitive medical information, from its servers.Under the settlement [ PDF], Orlando Family Physicians, which operates 10 clinics in central Florida, will reimburse affected patients who submit a claim by July 1, and provide them with two years of free credit monitoring.

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt.Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails.For now, human cybercriminals are still more accomplished at devising successful phishing attacks, but the gap is closing, according to security trainer Hoxhunt's new report released Wednesday.

1Password is announcing today that, one day soon, it will support the option to create and unlock 1Password accounts using biometric-based passkey technology, ditching the feature that is the name of its entire product."For passkeys to be the way forward, it's not enough for them to replace some of your passwords," said 1Password chief product officer Steve Won.

The US and UK governments on Thursday sanctioned six Russians and one Ukrainian for their alleged involvement in an infamous Russia-based cybercrime network that infected millions of computers worldwide, including those in American hospitals.The sanctions target seven alleged core members of a cybercrime gang known as Trickbot, whose eponymous hacking tool has for years stalked US critical infrastructure, the US Treasury Department said in a statement.

GOOGLE users have been warned it's time to go ad-free as cyber advertisement scams continue to wreak havoc across the internet.The FBI released a warning last week saying cyber criminals are using search engine advertisement services to "impersonate brands and direct users to malicious sites."

A cybercrime group has been exploiting a zero-day vulnerability in the Microsoft SmartScreen security feature to deliver the Magniber ransomware, Google warned on Tuesday.Google's Threat Analysis Group (TAG) said the vulnerability, tracked as CVE-2023-24880, has been exploited since at least January.

Few things evoke a level of disdain on par with computer passwords.They are inconvenient and incredibly insecure.Cybergangs attack them, hack them, and constantly wreak havoc with them.According to industry statistics, upwards of 80% of all breaches involve passwords in one form or another.Even more advanced multifactor authentication (MFA), whether in the form of text codes or rolling numbers on an authentication app, does not address the underlying problem.

By: Mike Vizard on
ReversingLabs today announced it added an ability to detect secrets exposed in application binaries to its Software Supply Chain Security (SSCS) platform.Tomislav Peričin, chief software architect for ReversingLabs, said this addition will make it easier for DevSecOps teams to identify secrets that are inadvertently left in applications as plain text or that can be discovered because of weak cryptography, scripts that have been included in directories that have secrets configuration files, packaging automation mistakes, compromised developer accounts or the activities of malicious insiders.

Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident.The company was able to restore online payments and exchanges and returns two weeks ago.

Over the weekend, the cybercriminals behind the Play ransomware published data allegedly stolen from the City of Oakland last month.The cyberattack started on February 8 and was disclosed on February 10, when Oakland announced that it had taken systems offline to contain the incident, but that emergency services were not impacted.

Find out how Beep malware can evade your security system, what it can do and how to protect your business.Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software.The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.

Swansea Public Schools canceled classes Wednesday following a ransomware attack that shut down the district's network, according to the school superintendent."The cyber security company, with whom we contract, is working today to ascertain the extent of the attack on our network," Superintendent of Schools John J. Robidoux wrote on Twitter.

Maksim Kabakou - Fotolia

By
Cyber security training is a vital security strategy for many enterprises across the world.Such training has been established at large companies and government organisations for many years now.Small to medium size businesses have increasingly seen the value in contracting in training to help users avoid common security issues.

The operators of a fairly new ransomware operation named HardBit are prepared to negotiate the ransom amount with their victims based on their cyberinsurance policy.The HardBit ransomware emerged in October 2022, with version 2.0 launched in late November.In a blog post published on Monday, data security company Varonis reported seeing samples of the malware throughout the rest of 2022 and into 2023.

This holiday season, consider giving the gift of security with an ad blocker.That's the takeaway message from an unlikely source - the FBI - which this week issued an alert warning that cybercriminals are using online ads in search results with the ultimate goal of stealing or extorting money from victims.

During the second half of 2022, a variant of the Mirai malware called V3G4 was seen targeting 13 vulnerabilities to ensnare Internet of Things (IoT) devices into a botnet, Palo Alto Networks reports.Following the successful exploitation of the targeted security flaws, the malware takes full control of the vulnerable devices and then abuses them to conduct various types of malicious activities, including distributed denial-of-service (DDoS) attacks.

(Image credit: Bryn Colton/ Getty Images)
The National Security Agency (NSA) has published some new advice for those working from home to secure their work devices and home networks.In issuing some fairly basic and standard advice, it noted that those in telecommunications specifically should make sure their user and networking devices are kept up to date to prevent compromises to their own and their organization's security posture.

Ethical hacking is a great skill to learn with new cyber threats on the rise.Learn how to fight back with this ethical hacking course bundle.After pretty much every form of cyberattack increased in 2022, cybercriminals have since found even more ways to target small businesses, from levying more sophisticated phishing attacks to taking advantage of vulnerable NFTs.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.However, it's a good idea to patch sooner than later to avoid being patient zero.

Corporate security is near the top of the list of CIO concerns for 2023 - but a security skills shortfall is also a problem.What can companies do to bring up the slack?In 2022, cybersecurity firm Fortinet conducted research that revealed 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and awareness, 64% of organizations experienced breaches that resulted in lost revenue or cost them fines during the past year, and 38% of organizations reported breaches that cost them over one million dollars.

A 28-year-old Russian man accused of developing and selling a hacking tool used to obtain the login information for tens of thousands of computers worldwide was arrested in the country of Georgia and extradited to the US, the Justice Department said Wednesday.Dariy Pankov is accused of advertising access to more than 35,000 computers, earning more than $350,000 in illicit sales, and enabling cybercriminals to conduct ransomware attacks and tax fraud, prosecutors said.

WASHINGTON In a major breach of a U.S. Marshals Service computer system this month with ransomware, hackers stole sensitive and personally identifiable data about agency employees and targets of investigations, an agency spokesman said Tuesday.The hacked system was disconnected from the network shortly after the breach and stolen data were discovered Feb. 17.

By: Mike Vizard on
A survey of 2,500 C-level executives published today by Palo Alto Networks found 81% of organizations have embedded cybersecurity professionals within their DevOps teams.Despite the presence of those cybersecurity professionals, however, the survey also suggested there is much work to do in terms of optimizing DevSecOps workflows.

Check out all the on-demand sessions from the Intelligent Security Summit here.For years, encryption has played a core role in securing enterprise data.However, as quantum computers become more advanced, traditional encryption solutions and public-key cryptography (PKC) standards, which enterprise and consumer vendors rely on to secure their products, are at serious risk of decryption.

Check out all the on-demand sessions from the Intelligent Security Summit here.Social engineering scams are everywhere.Every day, cybercriminals are using whatever medium they can to trick users into handing over their data.This not only includes email, SMS and messaging services, but also online advertising services.

These days, every organization comes up against cybercriminals.Each new device, user or data point expands the attack surface, giving threat actors more opportunities to compromise environments.At Palo Alto Ignite '22, hosted by Palo Alto Networks, threat intelligence experts recapped the biggest threats of 2022.

By: Mike Vizard  on  
Chainguard today added a private preview of a Chainguard Enforce Signing service, enabled by the open source Sigstore project, that allows developers to generate digital signatures for software artifacts using identities and one-time-use keys they create themselves.Kim Lewandowski, head of product for Chainguard, said Chainguard Enforce Signing provides an alternative to relying on a public service to generate those digital signatures.

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe.And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck.Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports.