Knowledge Shared By FireSale HackBoy...
The Art Of Exploitation...
Security Experts...Same Techniques To Make Hacker's Stuff Useless.
Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.
All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe
By Owais Sultan
Wordeep uses Artificial Intelligence to improve what you write. Writing may seem to be an easy task to overcome, but it is definitely not for the faint-hearted. No one can even master writing overnight, and it may take someone years to master it. You also have to consider the fact that writers tend to have […]
This is a post from HackRead.com Read the original post: How to become a better writer with Wordeep using artificial intelligence
Ransomware attacks are a kind of malware attacks where file-encrypting malware encrypts the entire database and remains so unless and until a ransom is paid in cryptocurrency like Bitcoins and Monero.
Security analysts say that the availability of options in digital currencies is also encouraging cybercriminals to launch more such malware attacks due to the fact that the payments received in the form are well hidden from the eyes of tax agencies and the law enforcement.
According to a report compiled by Gartner, the following cryptocurrencies are being much used by hackers-
Bitcoin- Till a decade ago, Bitcoin aka BTC was much popular with the dark web- all thanks to its nature of pseudo-anonymity. This shadowy connection has made many ransomware spreading gangs chose the said digital currency as their payment acceptance mode. For instance, the year 2017 witnessed WannaCry ransomware attack on UK NHS and other companies operating around the world. According to an unconfirmed report offered by a research firm the hackers made between 300-600 USD in Bitcoin for each affected computer earning them around a whopping $241,000 USD.
Monero- Currently, Monero happens to be the most privacy-centric digital currency in the whole world. And so its usage has become more popular on the dark web marketplace. Those who are found distributing Kirk Ransomware are said to be demanding $1,100 USD in Monero for decrypting a file.
Bitcoin Cash- This is another form of crypto which has been in fork since Aug’17 when Thanatos ransomware started infected machines around the world. The cybercriminals who started to spread the said ransomware demanded $200 to free up each infected computer and asked them to pay in Bitcoin cash.
Ethereum- After BTC, Ethereum happens to be the 2nd largest cryptocurrency by market capitalization as more and more hackers are seen demanding settlements in the said digital currency nowadays.
Apart from Ethereum, Verge and Dash are also other notable currencies prevailing in the ransomware underworld as these digital coins have equivalent privacy qualities that are appealing to most of the cybercriminals who are keen to avoid detection, arrests and legal judgment of conviction.
BTW, according to a report of Coveware, GandCrab ransomware occupies over 20.0% of market share along with Dharma which has a market share of 27.8% and Ryuk with 18.3% of market share respectively.
The post Prominent Cryptocurrencies used in ransomware attacks appeared first on Cybersecurity Insiders.
By Owais Sultan
Today, Cyber security is one of the fastest growing industry. The increasing numbers of the data breaches and cyber attacks have likewise increased the need for cyber security professionals to take defensive measures against these threats. Organizations are spending more and more on securing their data and hiring cyber security experts. They are also promoting […]
This is a post from HackRead.com Read the original post: Best Cyber Security Certifications 2019
As the trade war between the United States and China is soaring day by day, Beijing is planning to ban Microsoft Windows and related products completely in its country from September this year. The move came when Chinese intelligence has learned that United States military could be spying on the military network of President Xi Jinping led nation through the flaws of Windows operating system which were already explored and exploited by US NSA in 2017.
Already, the People’s Liberation Army’s Internet Security Information Leadership Group (ISILG) has been assigned the duty of developing a windows OS alternative by the Chinese military- likely a Unix System.
If we take history into account since 2012 China has been mulling to develop a Windows OS alternative. And the nation succeeded in the approach to a certain extent in the form of “Red Flag” OS- a Linux based alternative.
Now considering Microsoft products and services as a national security threat, China is planning to take the opportunity to retaliate to Huawei’s ban on the US soil.
In the meantime, Microsoft has announced at the recent Computex Conference that it is planning to release a more exciting operating system dubbed as Modern OS or Microsoft Lite OS (yet to be confirmed).
Cybersecurity Insiders has learned that the American Tech giant will be offering regular security updates by default on the new OS to protect the users from malicious attacks and will help them stay super-connected with 5G, LTE and Wi-Fi support to eradicate dead spots.
More details on how well the OS will be featured are yet to be known.
The post China to ditch Microsoft Windows and products to retaliate Huawei ban in the US appeared first on Cybersecurity Insiders.
When a ransomware attack takes place on a database all the files are encrypted making it inaccessible for the victim to read, modify or write them. This prolongs until the victim pays a demanded ransom in cryptocurrency to the ransomware author or the spreading agent.
Although companies and cybersecurity firms are constantly busy in releasing security and software patches to tackle ransomware, those who unfortunately fall prey to attacks generally end up paying the ransom to free up the data from the encrypting malware.
However, this could pretty soon change from the victim’s point of view as a group of security researchers from the University of Illinois has found a solution to tackle ransomware.
Recently, they released a whitepaper titled ‘Project Almanac- A time-traveling solid state drive(SSD)’ which helps the victim by storing modified files in a separate drive making it impossible for hackers to gain monetary benefits.
“The paper explains how the SSDs can be leveraged to storage newly written or modified data in a separate place other than the regular drive”, said Chance Coats, a researching student at the University of Illinois.
Nowadays, flash-based drives are part of every system like a laptop, desktop, mobile or IoT device. And that’s because they store the modified data in a new location rather than getting rid of an old version. Mr. Coats feels that those old versions of data will help in thwarting ransomware attacks as it helps in reviving the previous version of the file.
But the technological tool seen in SSDs comes with a tradeoff as the new data has to be stored on a new block or the block that has already been erased- all due to a policy of retention duration and storage performance.
Researchers have found a solution for this tradeoff by developing a tool to monitor and adjust the storage parameters on a dynamic note. Thus, it allows users the option to backup data within a stipulated amount of time.
Developments on the stage of retaining the data for longer periods of time with a lower performance overhead are being taken up which might help other applications such as systems debugging and digital forensics.
The post SSDs or Flash drives might save victims from Ransomware Attacks appeared first on Cybersecurity Insiders.
ProtonMail, the famous end-to-end encrypted email service from Switzerland, has denied the claims made by a Swiss lawyer Martin Steiger regarding the company’s involvement in voluntary assistance to Swiss authorities for real-time surveillance. The head of the Cybercrime Competence Center, Zurich, and public prosecutor Stephen Walder stated that the company doesn’t offer voluntary real-time surveillance […]
This is a post from HackRead.com Read the original post: ProtonMail denies that it offer real-time surveillance assistance
The MLA applies to IAF accrediting bodies, including ANSI, and shows that the organizations they accredit all meet the same rigorous standards.
According to a press release issued by ANSI, “Regional Accreditation Group members of IAF are admitted to the IAF MLA only after a most stringent evaluation of their operations by a peer evaluation team which is charged to ensure that the applicant member complies fully with both the international standards and IAF requirements.”
(ISC)² was the first cybersecurity certifying body to meet the requirements of ANSI/ISO/IEC Standard 17024, which is a global benchmark for certifying qualified professionals. The (ISC)² accredited certifications that are now recognized by the IAF include:
The post Additional Recognition for Cybersecurity Certifications appeared first on Cybersecurity Insiders.
Palo Alto Networks has made it official that it has acquired container security company Twistlock and serverless security company PureSec. Financial details are out that the cybersecurity company is purchasing Twistlock for $410 million, while the details of PureSec deal are yet to be known. Meanwhile, both the deals are expected to close in the 4th quarter of this year.
The technologies driving PureSec and Twistlock are expected to be used in the new cloud security suite of Palo Alto Networks called Prisma. And is said to help secure today’s modern day applications throughout the entire life cycle.
Meanwhile, another acquisition deal which has reached the desk of SEC happens to be tech investor ‘Insight Partners’ buying AI propelled threat intelligence company Recorded Future.
Insight Partners has released a press statement today and said that it is going to buy Recorded Future for $780 million via the all-cash deal.
Founded in the year 2009, the machine learning startup was being funded by Google’s Venture Arm, GV, In-Q-Tel and IA Ventures. Along with Reed Elsevier Ventures, MassMutual Ventures, and Balderton Capital.
New York-based Insight Partners is all set to buy all the stakes related to the Massachusetts startup named Recorded Future and will add an undisclosed amount into the company’s bank account as an additional fund. So, the CEO Christopher Ahlberg will only be a stakeholder in Recorded Future from now on after Insight Partners.
The post Trending Acquisition deals on Google now appeared first on Cybersecurity Insiders.
This post was originally published here by (ISC)² Management.
The (ISC)² Cybersecurity Workforce Study is conducted to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions to issues facing the industry.
The 2.93M workforce gap number has been reported on far and wide, but the gap is just one part of the report. It’s important that we focus on finding answers to the problems facing cybersecurity practitioners, management and organizations.
In just a few weeks, we will be conducting our next round of research and we want to hear from you! We need the opinions and insights from professionals on the front line, securing organizations’ critical assets and working day in and day out to excel in their careers.
If you’re a member, sign in to your Dashboard, visit the Preferences section and toggle “Yes” to the News and Resources option.
If you’re not a member, visit https://www.isc2.org/connect and check off the option below for news, resources and research.
We want to hear from you, so sign up for the emails today and let your voice be heard!
Photo:Live Law
The post BE PART OF THE WORKFORCE STUDY! appeared first on Cybersecurity Insiders.
This post was originally published here by gregg rodriguez.
AWS re:Inforce 2019 may still be a month away, but if you’re like most IT and security professionals you may have your hands full, leaving you with little time to prepare. If so, and you’re planning on attending, don’t worry–we wrote this blog post to help you get started.
AWS re:Inforce 2019 will take place June 25 and 26 at the Boston Convention and Exhibit Center.
As AWS’s first-ever conference exclusively focused on cloud security, AWS re:Inforce 2019 is a crucial event for security professionals and anyone else concerned about the security of their AWS infrastructure. Here are some tips to help you take advantage of great online resources so you can plan ahead and hit the ground running the minute you arrive.
Top AWS resources to help you re:Inforce like a pro
Photo:Change Congress
The post Tips for a Successful AWS re:Inforce 2019 appeared first on Cybersecurity Insiders.
This post was originally published here by Will Houcheime.
Here are the top cybersecurity stories of recent weeks:
G Suite User Passwords Stored in Plaintext Since 2005
Google has recently disclosed that a number of their enterprise G Suite customers had their passwords stored in plaintext. The discovery was announced this past Tuesday, but Google did not specify the exact amount of accounts that were affected. Passwords encrypted by the use of hashing algorithms, which hinder humans from reading them. Google was able to highlight the issue of plaintext copies of passwords for accounts by discarding the original passwords and recovery settings prior to G Suite in 2005. The affected accounts had their passwords reset, and Google claims that no additional data has been compromised.
Contact Data of Millions of Instagram Influencers Exposed
A database containing 49 million records belonging to Instagram influencers was recently breached. The Amazon Web Services hosted database was unprotected, leaving it accessible to anyone who knew how to find it. The personally identifiable information (PII) found on the database included names, locations, email addresses, and phone numbers. Anurag Sen, a security researcher, discovered the database and was able to trace it back to Chtrbox – a marketing team operating out of Mumbai. Chtrbox reported that the database was open for 72 hours, but that only 350,000 users were affected. The information has since been removed from Shodan – a search engine for exposed databases.
Rogue Iframe Phishing Used to Steal Payment Card Information
Iframe-based phishing systems have been increasingly implemented in the efforts to steal payment card industry (PCI) data. A security researcher has discovered that hackers are using a phishing system to swipe credit card numbers. Magecarts would previously insert JavaScript-based payment data skimmers into the codes of websites to steal information. Segura remarks that hackers are plaguing Magento checkout websites with the phishing script. Since then, shoppers have been warned to pay close attention to checkout phases as phishing scripts have left behind small red flags, such as redirecting them to different websites after placing an order.
London Commuters to be Tracked Through the Use of Wi-Fi Hotspots
Transport for London (TfL), a UK travel agency, is planning to enforce a system that would track commuters using Wi-Fi hotspots throughout London’s underground transportation. The agency has said this effort is being made in hopes of better understanding where and how commuters are traveling. According to TfL, only connection requests to hotspots are to be recorded, but not search history or any other activity on the passengers devices. TfL will be using the data to grasp where to invest in transportation budgeting and to provide improved customer services such as delay and congestion guidance. In a four-week trial test back in 2016, TfL recorded over 509 million pieces of data, giving the agency a massive amount of feedback on how journeys are completed across the network.
Thousands of Tp-Link Routers at Risk of Hijack
A bug which allows control through remote access has made thousands of Tp-Link routers susceptible to cyberattacks. The exposure has allowed any intruder to gain access to affected routers by simply using default passwords. Security researcher, Andrew Mabbitt, first disclosed the bug to Tp-Link in October 2017, but the router manufacturer took longer than a year to roll out patches to solve the issues. Modifications of certain router settings can have adverse effects on a network and could lead users to malicious websites.
Photo: Bitdefender
The post Bitglass Security Spotlight: G Suite User Passwords Stored in Plaintext appeared first on Cybersecurity Insiders.
An audit conducted by Australia’s Victorian Auditor General’s Office (VAGO), Andrew Greaves has found that the data related to Victoria’s Public Health System can easily be hacked due to issues related to weak physical security, password management, and other access controls.
“Our audit has discovered that the data related to the health services were vulnerable to hackers who could potentially steal it for malicious means or sell it on the dark web”, says the report conducted by Andrew Greaves.
As two of the state water boards lacked a strategic approach to mitigate cyber risks and since most of the government departments were practicing a poor security culture the risks associated to such practices were termed to be high on the threat scale.
Greaves revealed that his IT team could gain access to servers where most of the critical info was stored without much of a strain. Also, the team of researchers was able to get into restricted domains of admin and corporate offices of all the agencies which were a serious concern. And that was possible as most of them were using default account names and passwords set by the manufacturers.
Barwon Health, Royal Children’s Hospital, Royal Victorian Eye and Ear Hospital along with the departments of Digital Health Branch and Health Technology Solutions were found not be proactive when it came to the procedural follow of cyber hygiene.
Although the security posture of Government buildings and the Department of Health and Human Services along with the Department of Justice and Community Safety was termed to be adequate; its effectiveness was undermined by human error.
Mainly the flaw exists over lack of proper coordination of protective security or due to non-availability of leadership that guides through physical security policies and guidelines.
The VAGO’s review and recommendations were accepted by all the audited health services and the departments.
The post Data of Victoria’s Public Health System is vulnerable to cyber attacks appeared first on Cybersecurity Insiders.
Multinational company Flipboard which is into news & social media aggregation and operating from Beijing, Canada and New York have released a press statement a few hours ago that its database was hacked giving hackers access to sensitive details including usernames, passwords, email addresses, and digital tokens.
Cybersecurity Insiders has learned that hackers infiltrated the database of Flipboard on June 2nd last year and the incident came to notice of the IT staff of the Flipboard on March 23rd, 2019.
Palo Alto-based Flipboard released a press statement early today saying that it has taken control of the situation now by resetting all passwords. And the law enforcement agency has been asked to investigate the incident.
The company says that all users can continue the use the services via app downloaded on the phone. However, those who are accessing the app from a new device or logging after a long out will be asked to create a new password.
With over 150 million users on board, the company hasn’t collected any personal info or government ID details from its users till date.
Note 1- Those who have used their Facebook and Google accounts for login purposes may also have their account tokens stolen.
Note 2- Flipboard which was released first on July 2010 and the service can be accessed via a web browser or an application which works on Microsoft Windows and MacOS and on Mobile operating systems such as iOS and Android. From the year 2011, the web service was banned by the Great Firewall of China and from Feb’15 the company started to self censor those using its app from China.
The post Flipboard database hackers and passwords stolen appeared first on Cybersecurity Insiders.
AWS re:Inforce 2019 may still be a month away, but if you’re like most IT and security professionals you may have your hands full, leaving you with little time to prepare. If so, and you’re planning on attending, don’t worry–we wrote this blog post to help you get started.
AWS re:Inforce 2019 will take place June 25 and 26 at the Boston Convention and Exhibit Center.
As AWS’s first-ever conference exclusively focused on cloud security, AWS re:Inforce 2019 is a crucial event for security professionals and anyone else concerned about the security of their AWS infrastructure. Here are some tips to help you take advantage of great online resources so you can plan ahead and hit the ground running the minute you arrive.
Top AWS resources to help you re:Inforce like a pro
We hope you have a great AWS re:Inforce 2019.
The post Tips for a Successful AWS re:Inforce 2019 appeared first on Cybersecurity Insiders.
By Owais Sultan
When we connect to the Internet, we provide a considerable amount of information to our ISP and third-party advertisers. Although we use the incognito mode on the browser, protecting our privacy and preventing companies from tracking our online activity is complicated. If you are concerned about our privacy it is necessary to have a reliable […]
This is a post from HackRead.com Read the original post: BEST VPN 2019: Do You Really Need It? This Will Help You Decide!
By Uzair Amir
Hackers managed to breach Flipboard’s security for sensitive database multiple times putting millions of users at risk. Just yesterday, it was reported that the online graphic-design tool website Canva had suffered a massive data breach in which a hacker stole over 139 million accounts of registered users. Now, the highly popular social sharing and news […]
This is a post from HackRead.com Read the original post: News aggregator app Flipboard hacked; user data stolen
American Cybersecurity firm Palo Alto Networks has announced an innovative cloud security suite today called Prisma which offers advanced security features to protect data, govern its access and secure applications.
The security suite will be available in 4 variants- Prisma Access, Prisma Public Cloud, Prisma SaaS, and the VM-Series.
Prisma Access is being offered with a scalable cloud-native architecture which allows branch office and mobile users to connect to the cloud platform from anywhere. The service is aptly designed to promptly provision secure internet connectivity to customers.
Coming to Prisma Public Cloud it is basically a machine learning equipped platform that correlated data and helps analyze cyber risks across the cloud environment.
Prisma SaaS is a software as a service application that acts as a multi-layered cloud access security broker which helps discover risks, offers access control, prevents data loss, assures compliance-related issues are resolved, offers data governance, and ensures advanced threat prevention.
Palo Alto Networks Prisma VM-Series is a virtualized firewall that can be deployed in public and private cloud environments.
“Prisma from Palo Alto Networks offers a strong security posture from the start to consistently prevent attacks”, said Lee Klarich, Chief Product Office, Palo Alto Networks.
Note 1- Prisma was developed by Palo Alto with the technology acquired cloud security startup Redlock and Evident.io
Note 2- Prisma VM Series Firewall can be used on public clouds such as Amazon web services, Google Cloud, Microsoft Azure, Oracle, and Alibaba Cloud along with VMware NSX.
The post Palo Alto Networks introduces Prisma Cloud Security Suite appeared first on Cybersecurity Insiders.
He hacked his way into the tech giant’s mainframe by creating false credentials. Now that is what we call a very unorthodox approach, an out of the box invocation to realize what you are desperately after. An Australian teenager, an Apple fanboy, longing for a job in Apple evinced an unusual way of forwarding his […]
This is a post from HackRead.com Read the original post: Teen hacked Apple twice hoping for a job
Whether it is a marketing gimmick to tarnish the image of Apple Inc or a real report, according to an article published in The Washington Post, Apple devices operating on iOS are collecting massive amounts of data while the user is in sleep.
The news resource claims that most of the popular iOS apps indulge in a practice of collecting sensitive info such as location details, IP addresses, emails and phone carrier name without the consent or the knowledge of the user.
Technically speaking, all app trackers are busy at night time or when the user isn’t using the smartphone. In the case of Apple devices, the advantage of Apple’s “Background App Refresh” feature helps the applications transmit data when they are not being used by the owner.
Research conducted by a third party in commission with The Washington Post suggests that companies like Amplitude, Appboy, and Demdex were found to be transmitting data to ad agencies. Even Microsoft’s OneDrive, Intuit Mint, Nike, Spotify, The Weather Channel, Yelp, Citizen, and DoorDash were all caught slurping up large amounts of personal data. Details on how much data the app related to The Washington Post collects are yet to be revealed.
Note- App trackers are usually hard to block unlike cookies as they are hard to be identified.
On contrary to what is being reported the iPhone maker claims that the hardware and the software used in the devices are incepted with advanced security and privacy traits. As a result of which utmost data control is being offered to prevent apps and websites serving advertisements to the devices.
Also, the company argues that its apps on the store are developed with greater transparency so that over time users are better aware of how their data is being monitored.
The post Apple iPhone harvests data when its users sleep appeared first on Cybersecurity Insiders.
Pretty soon your Alexa virtual assistant is going to record all the conversations which take place before it or in the room of its operation. Yes, you’ve read it right! And that too without the name of ‘Alexa’ pronounced first.
A new patent filed by Amazon might make the virtual assistant start listening before its ‘wake word’ is said. And this will surely raise the privacy concerns among the users of Alexa soon.
Till date, Amazon has been insisting on the fact that its virtual assistants only operate when the ‘Wake words- Echo, Computer, Alexa’ are uttered.
Pretty soon the process is going to change as the tech giant feels that users may not always structure a spoken command in the form of a wake word while using their virtual assistant. So, anything and everything spoke before the device will likely be captured- raising serious privacy concerns.
Amazon has reacted to the media reports and stated that the conversations in the length of 30 seconds will only be processed and then wiped from the hard drive when the new ones emerge.
Some sources from the retail giant said that such patent’s often never seen light and might get archived as the feasibility of certain technicalities has to be determined and analyzed before presenting them to the world. But that doesn’t discourage companies from filing a number of forward-looking patent apps.
Note- Alexa is virtual assistant software which runs in the Amazon Echo speakers.
The post New patent of Alexa allows it to record everything causing data privacy concerns appeared first on Cybersecurity Insiders.
By Uzair Amir
Canva has contacted the FBI to investigate the data breach. Canva, an online graphic-design tool website operated from Australia has suffered a massive data breach in which personal data of over 139 million registered users has been stolen – The breach took place on Friday, May 24. The stolen data includes usernames, real names, email […]
This is a post from HackRead.com Read the original post: Online graphic-design tool Canva hacked; 139 million accounts stolen
The 2.93M workforce gap number has been reported on far and wide, but the gap is just one part of the report. It’s important that we focus on finding answers to the problems facing cybersecurity practitioners, management and organizations.
In just a few weeks, we will be conducting our next round of research and we want to hear from you! We need the opinions and insights from professionals on the front line, securing organizations’ critical assets and working day in and day out to excel in their careers.
If you’re a member, sign in to your Dashboard, visit the Preferences section and toggle “Yes” to the News and Resources option.
If you’re not a member, visit https://www.isc2.org/connect and check off the option below for news, resources and research.
We want to hear from you, so sign up for the emails today and let your voice be heard!
The post Be Part of the Workforce Study! appeared first on Cybersecurity Insiders.
As Baltimore is suffering from a ransomware attack since the past two weeks, security analysts are busy finding out ways in preventing ransomware attacks on public and private networks.
So, if you are a company CEO or CTO then Cybersecurity Insiders recommends you these proactive measures which can help prevent your company from ransomware attacks.
1.) Firstly following cyber hygiene will put a full stop to most of your troubles. Hygiene in the sense using a 2-factor authentication, backing up data on a regular note, using internal firewalls, regularly updating the passwords and educating your employees on the prevailing cyber threats while accessing remote networks.
2.) Also as phishing emails bring in most of the ransomware troubles avoid opening attachments or clicking on malicious links. And to do so, you must first be able to identify such emails. So, emails subject-lines with misspelled words, strange word choices, odd links, unusual attachments especially a zip file or .exe file must be totally avoided.
3.) Make sure that your PC is having an updated software- both at the Operating system level and at the anti-malware solution note. Also occasionally hackers try to find vulnerabilities within software such as MS word, adobe reader or at the OS level. Though many of these vendors patch the vulnerabilities from time to time, it is up to the user to update them as well.
4.) Lastly, if at all your network or device gets infected with malware do not pay the ransom as it encourages the crime to propel and moreover there is no guaranty that the ransom paid will help regain the access to files.
Note- Ransomware is a data encrypting malware which has turned into a lucrative earning stream to hackers these days. UK NHS, Baltimore, Atlanta, Newark, Sarasota have all been hit by the said malware.
The post Proactive measures to prevent ransomware attacks appeared first on Cybersecurity Insiders.
By Uzair Amir
The laptop is a Samsung model now known as ‘Persistence of Chaos’ due to dangerous malware infection. A few days ago it was reported that a laptop (2008 Samsung 10.2-inch – NC10-14GB netbook) infected with some of the more dangerous malware was up for sale and the highest bid received at that time was $1.1 […]
This is a post from HackRead.com Read the original post: World’s most dangerous laptop has been sold for $1.3 million
Three Apple iTunes users from Rhode Island and Michigan have filed a federal lawsuit against Apple Inc accusing the tech giant of selling iTunes data of its users with third parties. Those who filed the lawsuit have claimed in their petition that their class action will also be representing hundreds of thousands of residents from their respective states who allege that their data is being shared without their consent.
The Plaintiffs argue that Apple Inc has breached their trust by sharing the data with advertising firms in contrary to what it preaches – “What happens on your iPhone, stays on your iPhone”.
Note 1- The said phrase was put by Apple on a billboard on the Las Vegas Strip in an effort to pull the leg of companies like Facebook, Google, and Amazon on the issue of data security and the privacy blunders.
Apple is yet to react to the petition filed against it in the district courts of the United States. But a source from the iPhone maker says that the company never shares personal info with ad firms and the latest allegation might have erupted due to a misunderstanding.
However, the lawsuit clearly specified that the Tim Cook led company shares iTunes listening data with 3rd parties and it includes full name, the home address of customers and specific titles of digitally recorded music. Later on, the data is sold to ad firms which exploit it further for monetization purposes.
Cybersecurity Insiders has learned that the lawsuit is claiming a compensation of $250 each/ Apple customer in Rhode Island and $5000 each for customers in Michigan.
Note 2- In Feb. this year, Apple faced sharp criticism over a bug that allowed Facetime video chatting app lets users hear a person even before the other person they were calling picked up.
The post Apple hit with a federal lawsuit for selling iTunes data of its users appeared first on Cybersecurity Insiders.
Bittium, a Finland based company which engineers secure communication and connectivity solutions has produced the world’s most secure smartphone named Tough Mobile 2. The company claims that the model has a multilayered security structure with security hardware and software integrated into the source code.
Bittium says that the phone’s defense line ensures that the data stored and being transferred remains protected from all sorts of intercepts.
Powered by Android 9 i.e Google Pie operating system, the smartphone is incepted with several encryption solutions such as authentication and key management related features such as boot & runtime security checks, tamper-proof info security platform and a privacy mode.
Moreover, with a single touch interface button disabling of Microphone, camera, Bluetooth and the accuracy of sensors can be done.
Bittium secure suite software which enables remote management of phone and secures data transfer is also available in Bittium Tough Mobile 2.
The worlds most secure smartphone will be available for display at the Infosecurity Europe event in London, the United Kingdom in between June 4-6 of 2019.
Bittium Tough Mobile 2 features include a Qualcomm Snapdragon 670 Chipset, Global Connectivity option, dual sim, 12MP autofocus rear camera and a 5MP front facing the camera, high-quality speakers and a Multi Microphone with an active noise cancellation feature along with water & dust proof rating of UP67 and a 5.2 inches touch screen.
The pricing of the phone will likely start from €1,550 and pre-order details will be available onsite.
The post Finland Bittium produces the world’s most secure Smartphone appeared first on Cybersecurity Insiders.
By Owais Sultan
The dark web is 99% of the Internet we can’t access from the browsers we’ve got. Regularly used by hackers and black hats, any information available out there is not safe. And if you are unfortunate enough to have your email exposed on the dark web, you need to be a little concerned. Seriously? Yes, if […]
This is a post from HackRead.com Read the original post: What to do if your email is found on the Dark Web
By Waqas
The Youtuber also claimed that the OnePlus 7 Pro’s fingerprint sensor is the quickest in-display sensor they have ever seen. The new OnePlus 7 Pro from OnePlus is definitely a refreshing change in the smartphones market because of its popup camera and triple cam setup, full-screen display, UFS 3.0, 30W Warp Charging and excellent functionality. […]
This is a post from HackRead.com Read the original post: YouTuber hacks fingerprint scanner of OnePlus 7 Pro using hot glue
By Uzair Amir
This time the hacking tool being used is EternalBlue. The New York Times has reported that the recent ransomware attacks in major US cities specifically Baltimore are closely linked together due to the fact that the key component in all the campaigns is a stolen NSA tool EternalBlue. Interestingly, attackers are using NSA’s own designed […]
This is a post from HackRead.com Read the original post: Baltimore city ransomware attack is powered by stolen NSA hacking tool
If you want to use the web, email and instant messaging service without being monitored or blocked by your country’s law enforcement or a mobile service provider then you can start using a TOR browser on your Android OS based mobile phones.
After 9 full months of alpha testing, Google has included Tor functionalities induced browser into its Google Play Store.
Yes, earlier you used to get the service via an Android app named Orbot which used to bring almost all functionalities of TOR to Android Mobile Operating System. But now Tor Android will be available exclusively to do as per your expectations.
So, all those privacy enthusiasts who are craving for a browser which keeps your online activity anonymous, Tor Android can prove as the best solution.
Google has specified in its latest blog statement that the objective of introducing TOR to its mobile Android users is to offer them privacy and anonymization which was only available as a desktop version till date.
Moreover, the web search giant states that Tor Android users will get privileges as follows-
• The browser will be an anti-surveillance proof so ISPs will not be able to figure out which website the user is visiting
• All 3rd party trackers will be blocked
• TOR Android will make it hard for websites to track users
• It will encrypt all traffic by routing it through a 3 layer dedicated relay before it reaches the destination i.e to the server or the device.
• Websites which a country has censored will be reachable via Tor android
• The browser also bundles extension such as HTTPS Everywhere and NoScript
The post TOR browser is now available for Mobile Android users appeared first on Cybersecurity Insiders.
Canva, an online tool which offers various graphic designing options to its users has released an official statement in the last weekend stating that a cyber attack on its database has led to the leak of its user’s passwords on May 24th, 2019.
The Australian tech startup has however assured that the leaked passwords were in salted form- means they were highly encrypted and were outside the reach to hackers or any third parties. But as a precautionary measure, the Sydney based company is urging its users to change their passwords on an immediate note.
Scribes working for Cybersecurity Insiders have learned that the hackers have also managed to access usernames and passwords during the hack.
“We have taken note of the incident and have taken all necessary steps to determine the nature and impact of the cyber incident. The law enforcement has been informed about the hack and a third party analysis on the cyber attack is awaited!” says the company statement.
Canva adds that it is 100% committed to protecting the data and privacy of all its users and will take necessary steps to safeguard their info in the future. The graphics as a service offering company added in its statement that there is no evidence that user designs were stolen in the incident.
In the meantime, Canva officially notified The Australian Cyber Security Center (ACSC) about the incident on Saturday last week.
Note 1- Those using the service with their Google or Facebook credentials remained unaffected by the data breach. So, they are not required to change their password.
Note 2- Founded in 2012 by Melanie Perkins, the company has now reached a valuation of $1 billion to earn a moniker of a tech Unicorn. Recently, that is in June 2018 the company partnered with cloud company ‘Dropbox’ to integrate all its user designs and images into the cloud-based infrastructure.
The post Cyber Attack on Canva leaks passwords appeared first on Cybersecurity Insiders.
Recently, two of the former employees of Snapchat have disclosed that the company’s user data was abused by employees a few years ago. The past employees of the multimedia messaging app say that the company allows its staff to spy on the information of its users such as phone numbers, email addresses, location info and saved snaps.
Why the access to user information is provided to Snapchat employees and how well the info is handled afterward is not yet known.
However, the company states that it offers controlled access to its employees for development purposes and the story published in the MotherBoard is completely false.
Coming to the second news which is trending now on Google and related to Cybersecurity, a research conducted by a security analyst named Filippo Cavallarin states that a bug in MacOs is allowing hackers to bypass the Gatekeeper Security functionality in the Apple’s operating system and is permitting them to install malware without a permission request.
Technically speaking, the Gatekeeper tool verifies the apps downloaded onto the MacOs and prevents them from running the app without the permission of the user. As network shares don’t come into the checking radar of Gatekeeper, any hacker can target a victim with a maliciously crafted ZIP file which could then lead the hacker into a hacker-owned site tricking them to download a virus masqueraded document folder.
Cavallarin said that the issue was brought to the notice of Apple Inc in Feb this year. But a fix to it hasn’t been released yet.
The Dutch Intelligence Service (MIVD) has issued a cyber threat alert last week stating that spying campaigns launched by China and Russia were posing as a great threat to the country’s national infrastructure.
Netherlands says that Chinese military intelligence was showing a lot of interest in spying on its traditional areas of interest and Russia was also supporting it to a great extent. The Dutch have also issued a warning that country’s like Iran, North Korea, Pakistan, and Syria were also posing as cyber threats to the nation’s critical infrastructure- especially after the recent European elections 2019.
The post Cybersecurity News trending on Google right now appeared first on Cybersecurity Insiders.
By Uzair Amir
A cyber attack can cripple critical infrastructure and businesses and generate negative press. In other cases, it could open you and your business to litigation. This and other factors can seriously hurt a business, and it forces many of them to pay for data recovery or IT security services to undo the damage. However, many […]
This is a post from HackRead.com Read the original post: Why So Many Businesses Can Never Recover After Cyber Attacks
By Uzair Amir
Excitement is mounting among gamers as Microsoft and Sony continue to tease tantalizing details of their upcoming next-generation console releases. The PlayStation 5 is expected to launch towards the end of 2020 and lead architect Mark Cerny has already revealed details of the powerful specs that fans can look forward to. The current consensus among […]
This is a post from HackRead.com Read the original post: Xbox Two vs PlayStation 5: Which console is winning the race of anticipation?
This post was originally published here by gregg rodriguez.
Global data breaches hit 1,500 in 2018, based on public disclosures, making security and compliance in the cloud a top priority for enterprises.
While cloud computing can quickly expand your capabilities and help you achieve your business goals, it also introduces complexity to securing these new computing environments.
Despite the complexity, many enterprises now consider cloud infrastructure the default hosting strategy for new application development projects. According to Forrester, nearly 60% of North American businesses now rely on cloud on public cloud platforms–five times the percentage of five years ago.
For IT organizations typically managing costs across all application hosting, public cloud, or IaaSenvironments give them the ability to use the entire hosting environment to host many applications and enable them to optimize budgets, time and resources using a single approach.
While cloud computing offers agility, flexibility and cost savings, as enterprises move more data, systems and services to the cloud, they are increasing their cloud attack service. Often unknowingly exposing themselves to potential security and compliance challenges. Additionally, the cloud’s interconnected nature makes it possible for an attacker who identifies a single vulnerability to easily and quickly compromise a number of your systems.
Top reasons maintaining security and compliance is a challenge in public cloud:
Security and Compliance Critical in the Cloud
With the enormous potential for data breaches, having a strong cloud security program along with an effective cloud security solution in place is more critical than ever. You cannot mitigate data security and compliance risks in public cloud environments by using traditional approaches. Security professionals must now utilize proven security controls and best practices as the most effective way to protect sensitive data and meet compliance requirements.
As a security practitioner, you likely have a requirement for tracking fast-moving IaaS assets, their potential threats and exposures, as well as related events pertaining to security and compliance. How to resolve them all at high scale and high speed is more important than ever.
Below are things to look for in a solution when trying to improve security and compliance in the cloud. Choose a solution that enables:
If you’re hosting critical applications in public cloud infrastructure, security and compliance visibility is critical. Changes happen often and fast, so automation to ensure risk visibility is critical. Without it, you might be in for some very unpleasant surprises.
Halo Cloud Secure is an automated public cloud security solution that delivers comprehensive visibility, protection, and continuous compliance monitoring to reduce cyber risk.
In Datamation’s 2019 side-by-side product-comparison from its Top 8 Cloud Security Solution Providers, CloudPassage Halo was the only cloud security solution noted for its regulatory security and compliancepolicy use cases.
Download our product brief to learn more about how Halo Cloud Secure can help you gain the critical comprehensive security and compliance visibility you need to effectively monitor and protect your IaaS environment.
The post Making Security and Compliance a Priority in the Cloud appeared first on Cybersecurity Insiders.
This post was originally published here by Bill Ng.
The Bitglass team was in full force at Caesar’s Palace for Evolve 2019. As usual, our amazing partner Trace3, put on a world-class event which included over 1,000 attendees from a variety of industries. This annual conference provides an opportunity for customers and partners to learn, network, and evolve. Attendees had the chance to discover new ideas on a myriad of topics, ranging from cutting-edge technology, the importance of leadership, customer service, and more.
Bitglass held down the fort at the Exhibitor VIP Lounge, which allowed us to have many conversations with companies about securing their data and migrating to the cloud. We introduced our real-time agentless approach to cloud security, and explained the various benefits it has in comparison to other solutions.
More highlights included:
All in all, we had a great time networking with customers, prospects, and Trace3 peers. Being a part of the event gave us the opportunity to get a better understanding of different security concerns in various fields. The bet on CASB is a safe one, and this was validated throughout all of the many conversations that we had.
Photo:Tech Funnel
The post Betting Big on CASB: Bitglass at Evolve appeared first on Cybersecurity Insiders.
By Uzair Amir
BestMixer.io was among the three largest cryptocurrency mixing services launched in May 2018. Europol in collaboration with the Dutch Fiscal Information and Investigative Service (FIOD), Luxembourg has shut down a well-known and one of the world’s leading cryptocurrency tumblers BestMixer.io. The bitcoin transaction mixer was shut down officially on May 22. The operation against cryptocurrency […]
This is a post from HackRead.com Read the original post: Crypto tumbler BestMixer.io seized for large-scale money laundering
Verizon has released its 2019 Data Breach Investigations Report (DBIR), and not surprisingly its findings are receiving a lot of attention from industry media and analysts. Security Boulevard’s “SecurityExpert” writes it provides “…the most valuable annual ‘state of the nation’ report in the security industry.” ZDNet Editor-in-Chief Larry Dignancalls it “basically the bible of security,” a designation also bestowed on it by Security Week’s Kevin Townsend who says that “purely from its detail and breadth of coverage, DBIR has become the breach bible for the security industry.”
Are they being a bit hyperbolic? Perhaps. But then again, maybe not, considering the incredible volume of data Verizon collects and analyzes: 41,686 security incidents, of which 2,013 were confirmed data breaches, provided by 73 public and private sources from 86 countries.
At 77 pages full of numbers and charts, it will take you a good chunk of time to read through the entire report. That’s not to say it isn’t fascinating and educational, so I encourage you to find the time. But in the interim, let’s take a look at the top-level findings according to the report’s authors and some journalists and industry experts.
More Nation-State Attacks – a Lot More
The report showed a sharp rise in the number of nation-state attacks last year. It attributes 23 percent of all breaches to nation states or state-sponsored actors – more than double the number from last year’s report. The public sector is a primary target of cyberespionage with the number of espionage-driven breaches for government entities jumping 168% year over year.
SearchSecurity.com Associate Editorial Director Rob Wright reports the increase in attacks motivated by cyberespionage coincides with a slight drop in financially motivated attacks – from 76 percent to 71 percent breaches year-over-year.
Attackers Sticking with the Tried and True
We hear a lot nowadays about how attackers are growing more and more sophisticated in their methods and tactics. However, Verizon found the typical organization received more than 90 percent of their detected malware through email messages. One-third of all breaches involved phishing, and nearly 80 percent of all cyberespionage-related incidents leveraged phishing.
“You would think these things would be defended a little better by now, but things like phishing and social engineering tactics where they may be asking you for information to keep an account open, that stuff still works and it works pretty well,” adds ZDNet’sDignan.
Malcolm Harkins, chief security and trust officer at BlackBerry Cylance, told SearchSecurity’s Wright that while many breaches are attributed to advanced threat actors, the attacks often begin with simple phishing email messages.
“It doesn’t take an advanced actor to create an email that looks like it came from your boss, your wife or your kid, then take a picture from [a] social media site or something else and send you an email,” Harkins said. “And guess what? You’re going to click on the damn thing.”
Targeting Senior Executives
One finding I found very interesting is whom cyberattackers are targeting: senior-level executives are six times more likely to be a target of social engineering than they were only a year ago. Attacks on the C-suite are 12 times more likely than on all other employees, and C-suite executives are nine times more likely to be targets of social engineering attacks. The report draws the conclusion that “typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through.”
As the HIPAA Journal’s editorial team points out, “these figures show just how important it is for C-suite executives to receive regular security awareness training.”
As I explained in a previous blog post, holding regular employee education sessions to raise their awareness levels alone is not adequate. The security team needs to be able to identify an attack even after a user clicks on a phishing link. That’s why we developed PARANOID to be agnostic to vulnerabilities, malware or attack vectors old and new. If malware succeeds in slipping past your perimeter defenses and tries to exfiltrate, corrupt, encrypt or delete data, corrupt system settings, move laterally or communicate with a C2 server, PARANOID blocks it in real-time.
I could go on and on citing all of the fascinating findings and conclusions in this year’s Verizon DBIR, but in the interest of brevity, here’s a short list:
I encourage you to download and read the report here, and follow the links to the various news articles I’ve hyperlinked to throughout this post. And if you’re a technology history buff, try to pick out all of the retro products on ZDNet’s video studio set like the seemingly pristine Commodore 64.
The post “The Bible of Security” Finds a Sharp Rise in Nation-State Cyberattacks appeared first on Cybersecurity Insiders.
Cybercrime is on the rise new exploits are released every day along with new companies that simply aren’t prepared to defend against and deal with issues like data breaches and network-wide malware infections. Whether you’re a business person looking to improve company security, or just a curious party, you might be wondering how the largest […]
This is a post from HackRead.com Read the original post: 7 steps large companies are taking to safeguard against cybercrime
by Dr. Sanjana Mehta, Head of Market Research Strategy – EMEA
May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the EU member states. It also has significant ramifications for companies outside the EU that hold personal information relating to EU citizens and organizations. Failure to comply with the GDPR can and will result in fines and other legal sanctions.
The GDPR has already had significant financial and reputational implications for organizations that are found to be in breach of the legislation. There has been a stark increase in the number of disclosed breaches as organizations embrace transparency in order to meet the 72-hour disclosure requirement. Doing so has, in many cases, helped organizations avoid financial penalties, although nearly 100 fines have been issued to date.
Data from law firm DLA Piper revealed that the UK reported the third highest number of breaches following the implementation of the GDPR, trailing only the Netherlands (15,400) and Germany (12,600). The number of reported breaches is significant and made more compelling when you consider the sanctions that compromised businesses could face if they are found to have been in breach of the legislation.
The maximum fine for a data breach or data privacy compliance failure has increased from £500,000 (in the UK) to €20 million or four percent of global GDP, whichever is higher. While the EU and its member states have yet to fully exercise the maximum penalties, we have seen Google fined €50 million by the French data protection watchdog for GDPR violations – the largest GDPR fine handed out to date. This one fine comprises the bulk of the €56 million in GDPR fines issued in the region in the last 12 months.
The importance of and need for ongoing understanding of the GDPR legislation and the best practices needed to achieve compliance 
GDPR for Security Professionals: A Framework for Success is an online self-paced course designed to help security professionals contribute to the strategy, direction and implementation of the GDPR. It is an interactive, immersive training experience that provides the tools, knowledge and resources needed to maintain organizational compliance with GDPR mandates, providing supplementary education for any cybersecurity professional tasked with ensuring the organization meets its GDPR obligations.
As we begin the second year of the GDPR era, now is the time to take stock and look at what we have learned over the last year about how we collect, use, protect and defend personal and sensitive data. Through continuous education, especially in multi-functional teams, we can improve these processes and ensure that the GDPR does not become a burden on organizations in the course of their business dealings.
The post GDPR – One Year On appeared first on Cybersecurity Insiders.
It’s been a fortnight since Baltimore city servers have experienced a ransomware attack and as a result of which all IT services including internal email systems and online payment systems have been suspended by the city officials.
In order to stay in touch with each other, the officials created new Gmail accounts for correspondence on May 9th of this year. But as the accounts were created in bulk from the same network, Google’s servers suspended all those accounts after two days of their creation as they suspected them as spammers.
Today news is out that after a review of 5 days, the Alphabet Inc’s subsidiary decided to restore access to those Gmail accounts as it came to know who created them and why?
Coming to the news on disruption, Baltimore is reported to be still suffering a lot from malware attack. The whole administration services have been blocked till date, people still cannot pay their tax bills & parking fines and the sale of houses were put on hold.
The cybercriminals who launched that attack on May 7th of this year are reported to be demanding a payment of $100,000 in Bitcoins to restore the entire disrupted systems.
Cybersecurity Insiders has learned that over 10,000 servers of Baltimore city services were infected by the Robinhood ransomware and City Mayor Bernard Young has confirmed the news.
FBI and Secret services were pressed into service to investigate the incident as the authorities have refused to pay the demanded amount by the hackers.
The post Google shuts down newly created accounts of Baltimore ransomware victims appeared first on Cybersecurity Insiders.
