FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Tuesday, March 31, 2020

Artificial Intelligence-based App uses the human voice to test for Corona Virus

To all those who are concerned that they might be a victim of Corona Virus and are in a panic situation on whom to approach and what to do to confirm the infection, here’s some good news.

 

Researchers from Carnegie Mellon University have developed an Artificial Intelligence-based app that analyzes the voice of a user and tells them if they are infected by the Novel COVID 19 Virus.

 

According to the details available with Cybersecurity Insiders, the app picks up the breathing patterns and other parameters of the user and then matches it with huge data sets to confirm whether the virus has infected the lungs of a user.

 

The only bad news is that the app is still in the testing phase and needs a lot of voice recording data from infected Coronavirus patients to improve the algorithm- thus improving its efficacy.

 

Dubbed as COVID Voice Detector, this AI-powered app doesn’t come with the approval from FDA or CDC and so should not be used in place of medical tests or examinations.

 

With more than 40,000 deaths around the globe and infecting more than 900,000(appx) positive cases, the said virus which emerged from Wuhan, China in November 2019 has been labeled as the deadliest infection in the history of the world. And in the wake of shortage of test kits, the new app can reduce the burden on the healthcare, if it comes up as efficient as seen on paper.

 

Note– To all those who have lost the hope at the end of Corona Virus spread, here’s some good news. Fujifilm’s Pharmaceutical branch has started its phase 3 test trials of its Avigan (Favipiravir) drug from Tuesday to those infected with COVID 19 in Japan. It is reported that the drug stands as a one-shot antiviral drug solution against 18 types of flu and might prove effective getting rid of Corona Pandemic from the infected nations. So, the clinical trials made on the infected people in Japan have yielded excellent results and have already clinically proven by experts that it can eradicate the Ebola Virus to the core. Already Fujifilm has ramped its production in March 2020 after it started its trials in November 2019 after seeing the spread of the Wuhan Virus in China.  

 

Let’s hope for the best!

The post Artificial Intelligence-based App uses the human voice to test for Corona Virus appeared first on Cybersecurity Insiders.


April 01, 2020 at 10:14AM

Cyber Attack on Marriot Hotel leaks data related to 5.2 million guests

Marriot has announced that it has become a victim of a major cyber attack which could have probably leaked information of more than 5.2 million guests. And FYI, Marriot experienced a similar cyber incident in Nov’18 when suspected Chinese hackers reportedly accessed info of more than 383 million guests.

News is out that this time; hackers might have accessed info related to passports, credit cards and other details of more than 5.25 million guests which includes card details of more than 8.6 million guests.

Cybersecurity Insiders has learned that the threat actors who attacked the database of Marriot using login credentials of two employees could have accessed and stolen data related to names, phone numbers, birthdays and loyalty information which included room preferences and the number of days of stay and the purpose of staying in the hotel.

Authorities have stated that the data breach took place somewhere in between Jan-Feb 2020 and the credentials of the two employees have been disabled in March mid-week.

FBI has been informed about the incident and an investigation has been ordered on this note.

All impacted customers will be informed about the new breach in the next two weeks and the Maryland based company is prepared to offer its users a free enrollment to personal information monitoring services for up to a year.

As the Marriot Group has a Cyber Insurance cover, most of the costs to remediate the incident will be borne by the Company which is offering the Insurance.

The post Cyber Attack on Marriot Hotel leaks data related to 5.2 million guests appeared first on Cybersecurity Insiders.


April 01, 2020 at 10:11AM

9 Reasons to hire an InfoSec candidate without experience: Focus on skillset vs. experience

This blog was written by an independent guest blogger.
$37-$145k jobs for InfoSec specialists without experience. Hiring immediately.
This is what a simple internet search has to offer for people looking to get entry-level jobs in Information security (InfoSec), or cybersecurity. It seems like a good deal, considering that the requirements for candidates are much lower compared to many other jobs.
But hold on a second, why are employers willing to pay so much money to someone who has little or no experience?
There are at least nine legit answers to this question.
Below, I’m going to describe these reasons to help employers understand why hiring InfoSec candidates without experience is a good idea.
9 Reasons to hire an InfoSec candidate without experience
1. Talent shortage
There’s a shortage of skilled InfoSec professionals in all industries, which leaves valuable data more vulnerable to cyberattacks (and keeps companies…

Daniela McVicker Posted by:

Daniela McVicker

Read full post

      

The post 9 Reasons to hire an InfoSec candidate without experience: Focus on skillset vs. experience appeared first on Cybersecurity Insiders.


March 31, 2020 at 09:09PM

US Air Force launches Cyber Attacks on GPS Systems

US Air Force reportedly launched cyber attacks on GPS Systems early this year says a source familiar with the news due to Congressional mandate. However, the attack was launched by an experts team of Booz Allen on behalf of US Air Force on the digital replica of satellites and not the original ones and was intended to test the vulnerabilities of GPS Systems.

An official statement released on this note on March 26th of this year in Air Force Magazine( Monthly journal of Air Force Association) confirms the same and affirms the use of ‘Digital Twins’- conventional simulators which usually help in predicting the engine performance and help train pilots with automated systems before flying a flight and emerging technologies.

Dubbed as ‘SatSim’ and built by Booz Allen Hamilton Inc, the GPS Simulator is aimed to conduct penetration tests and vulnerability scans on trusted computing systems across GPS systems. This includes testing of ground control stations, satellites, and other radio frequency links.

A team of experts is allowed to launch man-in-the-middle attacks on the communication links to track down the vulnerabilities and fix them on time before any untoward incident takes place.

Highly placed sources say that SatSim was built by Booz Allen Hamilton with the help of its 4 engineers who then transformed it into a suite of scalable software testing simulator which helps validate cyber threats on GPS systems.

Booz Allen says that such simulators carried out at frequent intervals help track down susceptible links between ground stations and satellites. This helps nations cut down costs in repairing the satellite equipment if it’s targeted by a state-funded actor, as all the risks and mitigation measures are already tabulated.

The post US Air Force launches Cyber Attacks on GPS Systems appeared first on Cybersecurity Insiders.


March 31, 2020 at 08:35PM

Monday, March 30, 2020

Japan to invest $237.12 million in Artificial Intelligence to counter Cyber Attacks

The Ministry of Defense (MoD) of Japan has confirmed that it is going to invest over 25.6 billion Yen or $237.12 million in USD to develop Artificial Intelligence-based tools to counter cyber attacks.

Japan aims to develop an all-inclusive AI system that can detect malevolent emails, respond to cyberattacks in an automated way through machine learning skills and eventually neutralize the effect of attacks on public and private sector targets.

The MoD is also planning to procure a Cyber Information Gathering System for $31.5 million resourceful to gather tactics, techniques, and procedures (TTP) or to adhere to Self-Defense Forces (SDF).

Highly placed sources say that the government of Japan woke up to a digital alert when a massive scale Cyber Attack was launched on Mitsubishi Electric by a hacking group from China.

Some media resources from Japan reported on an international note that some critical info about MoD and Nuclear Regulation Authority was accessed and stolen by hackers in the attack. Furthermore, digital documents related to private firms, railway operators and a car manufacturer visionary approach for the year 2022 were also reportedly accessed by the threat actors.

To prevent such attacks any further on public and private entities, Japan’s MoD has now initiated measures to thwart such attacks shortly. And as a plan to strategize a framework to defend the critical infrastructure from cyber attacks the company

The post Japan to invest $237.12 million in Artificial Intelligence to counter Cyber Attacks appeared first on Cybersecurity Insiders.


March 31, 2020 at 10:33AM

Hacked Houseparty App infiltrates Netflix and Spotify accounts

Houseparty App which allows people to video chat with a group of friends or relatives at a time or one-by-one is in news for all wrong reasons during the 8th day of UK Lockdown.

 

Some users of the said video-based social networking website are seen complaining on Twitter that hackers are seen infiltrating into their Netflix and Spotify by taking control of their Houseparty App account on a respective note.

 

A few of them have also shared their experience with evidence on Twitter claiming that the hackers who were accessing their online content on Netflix and Spotify were tracked down to Poland & United States.

 

One person also encouraged the users to delete their Houseparty app as quickly as possible, as it was leading to the drain out of their Netflix and Spotify accounts. Another person wrote on Twitter that his friend’s email and the bank account was hacked as the hackers gained access to her system by infiltrating her Houseparty app as an unwanted guest.

 

Technically speaking, Houseparty allows its users to video chat in the group by sharing their contacts on chat rooms- a service that is similar to that of Facebook and Snapchat. However, the service comes with a difference as anyone can join the conversation if they are saved in the Contacts list of anyone people in the group.

 

So, for all your privacy advocates over there, if in case you happen to use Houseparty, then don’t forget to click on the padlock at the bottom which helps keep uninvited guests at bay.

 

Note- Houseparty App has released an official statement yesterday saying that the service is 100% secure and hasn’t been compromised to date. Also, the company assured that it doesn’t collect passwords for other sites making it clear that breach of Netflix, Spotify, and bank accounts was nearly impossible.

 

The post Hacked Houseparty App infiltrates Netflix and Spotify accounts appeared first on Cybersecurity Insiders.


March 31, 2020 at 10:31AM

Stories from the SOC- RIG Exploit Kit

Executive summary
AT&T Alien Labs® Open Threat Exchange® (OTX) recently created a pulse for a new threat entitled the RIG Exploit Kit which had been observed distributing ransomware to victim companies across a variety of industry verticals. This exploit was discovered by BroadAnalysis who outlined the exploit’s intricacies in a whitepaper that was released December 2, 2019. BroadAnalysis provided a step-by-step explanation of this exploit’s lifecycle, including all indicators of compromise (IOCs). Using the pulses created in OTX and threat intelligence from Alien Labs, AT&T’s Security Operations Center (SOC) was able to identify the initial behaviors of this threat and work in concert with the customer’s staff to mitigate the ongoing activity.
Investigation
Initial alarm review
Indicators of Compromise (IOCs)
The initial alarm surfaced as the result of a Domain Name System (DNS) request to the OTX…

Andrew Lukosevic Posted by:

Andrew Lukosevic

Read full post

      

The post Stories from the SOC- RIG Exploit Kit appeared first on Cybersecurity Insiders.


March 30, 2020 at 09:09PM

Data Security fears make way to Huawei App Gallery

As soon as US President Donald Trump decided to ban the use of Huawei smartphones, and 5G related devices on the soil of North America, the Chinese Telecom giant started to work on its own App Gallery which will help those using Huawei smartphones search, download, manage, and share mobile apps.

 

Released in March 2020 and dubbed as Huawei App Gallery, it stands as an official app distribution platform where users can download and use all sorts of apps on their respective mobile phones.

 

Yes, from March 25th,2020 the Huawei App Gallery has become fully functional where users can enjoy exclusive content along with some free welcome gifts in the form of some prize draws, competitions, events, and rewards.

 

As Google has barred the Chinese firm from using its Android License, Huawei has decided to ship all its phones and services sans Google apps and of course its search engine.

 

On the launch of its other product from its flagship P40 series of smartphones, the company has pledged that it will protect all its user’s privacy and security while assuring them unique and utmost experience.

 

“Privacy will be in your control”, said Richard Yu, the CEO of Huawei and added that the app store is still under development stage.

 

It’s being reported that over 3,000 engineers have and are working in the development of the app ecosystem engineering where users will be provided with utmost protection as application developers are allowed to submit their real name and identification which then is followed by a 4-step review process for app security and operation.

 

Note- According to the stats obtained by Cybersecurity Insiders, Huawei has become the 3rd largest marketplace for apps, as its App Gallery is being used by over 400 million active users across 170 countries.

The post Data Security fears make way to Huawei App Gallery appeared first on Cybersecurity Insiders.


March 30, 2020 at 08:39PM

Sunday, March 29, 2020

Microsoft disinvests from Israeli Startup due to Espionage allegations

Microsoft has made it official that it is going to withdraw from an investment agreement that is made with an Israeli startup which was into the development of facial recognition software. Although the company never made its intention for disinvestment clear, a source from the tech giant says that the decision was taken after it learned that the startup’s product was being used by the government to conduct surveillance on the populace of West Bank- a region located near the border of Jordan.

The company in the discussion is AnyVision which is a company based in Tel Aviv and offering facial recognition software.

Highly placed sources say that the AnyVision facial recognition software was being used to monitor border crossings between West Bank and Israel. But it is still not clear whether the videos are a part of mass surveillance programs- similar to the espionage program being conducted in China.

It was in June 2019, that Microsoft Venture Capital Unit named M12 Ventures invested in the development of AnyVision. But after an investigation carried out by US Attorney General Eric Holder confirmed that the software used by the company was being used to conduct mass surveillance on West Bank, Microsoft decided to pull out from its investment strategy as it was against its Venture Funding policies like Lawful surveillance, notice, consent, non-discrimination, accountability and transparency along with fairness.

For reasons, the Redmond based technology giant has also paused all its investments made on the R&D of Facial Recognition technology and software.

The post Microsoft disinvests from Israeli Startup due to Espionage allegations appeared first on Cybersecurity Insiders.


March 30, 2020 at 10:54AM

How to keep your Work from Home strategy Cyber Secure

As many people across the world are working from home these days to keep their office operations going, hackers are seeing these devices as vulnerable points to infiltrate corporate networks. So, here are some strategies that can make your work from home experience spectacularly cyber secure.

 

  1. Security experts are recommending telecommuting workers to use VPN services to keep their homes protected from hackers.
  2. As your employer trusts you immensely and is sharing critical data and apps to be used from home, it is your responsibility to keep the information and application super- safe from hackers. Therefore, it’s better if you do not save your office data on your cloud-based personal accounts to avoid accidental spills.
  3. Make sure that your lock your device when you are away for a break or at the end of the day as there is a good amount of chance that your kids might open up your emails and video chat with your boss and create a mess.
  4. Never use the same browser for your personal use and office work and better stick to Firefox and its tools.
  5. Never share your selfies or workstation pictures on your respective social media accounts as we never know when they fall prey to prying eyes.
  6. Do not reveal your work from home details on your social media accounts as it might attract the attention of hackers.
  7. Never share your device with your spouse who works for a different company as it can lead to data steal or leak accidentally or sometimes intentionally.
  8. Use a separate work folder for your office data and personal information as there is a chance that your company’s IT staff might get access to the information which you might never want to share.
  9. Never use your social media accounts on your browser when working on an office-related project. As nowadays, services such as Facebook do offer web tools that unknowingly start keeping track of your browser activities.

 

The post How to keep your Work from Home strategy Cyber Secure appeared first on Cybersecurity Insiders.


March 30, 2020 at 10:52AM

Friday, March 27, 2020

Examining Potential Election Vulnerabilities – Are They Avoidable?

By Tim Matthews, Chief Marketing Officer at Exabeam

In the U.S and global communities, election security is a large concern because so many aspects of it can be insecure and open to attacks that may shift public opinion or be used for personal gain. Not only does the complexity of the U.S. government raise concerns about security, campaigns also have weak points that make it a target for attacks.

Limited IT Resources Put Campaigns and Voters at Risk

Given limited IT budgets, volunteers— who often work directly with voters, sometimes use their own personal devices and applications to communicate with other team members and supporters; they also have access to key private data belonging to candidates and team members. These personal devices are also used to access campaign systems such as the Voter Activation Network (NGP VAN) that include voter information to support operations such as phone banking and door-to-door canvassing. Without proper security controls, these personal devices can be used by adversaries to put both the campaign and voters at risk. Additionally, the threat of fake news has evolved with the advent of deepfake technology, which in recent times has been combined with artificial intelligence (AI), video and audio to create media that appears to be authentic— but is not.

Although security controls such as two-factor authentication (2FA) are helpful, campaigns and voters may still be at risk. Abel Morales, a security engineer at Exabeam, recommends that campaigns use user and entity behavior analysis (UEBA) to detect anomalous authentications. “By monitoring staffers’ behaviors and detecting anomalies from their typical workflows, IT would be able to reduce the impact of threats introduced through social engineering, phishing and other malicious techniques.” This method also can be used to detect voter anomalies as well.

The continuing threat of ransomware attacks and nation-state attacks

Ransomware attacks on voter databases and systems can facilitate payments in exchange for voter information. Ransomware encrypts data until a ransom is paid and could also be used to manipulate voting results or lock administrators out of critical data during an election therefore compromising voter confidence. Additionally, the increase in nation-state attacks are another major concern. Some officials believe that foreign influence on our elections will more likely come through social media to shape public opinion towards whatever direction serves their specific goals. In particular, the FBI is worried that Russia will use social media to cause further division between the political parties or hack campaign websites to spread misinformation.

Does the government’s structure make election security more difficult?

The intricacies of the U.S. voting system also affect the security of elections because state and local governments are not forced to use the federal government’s testing standards. State and local governments have the option to adopt these security standards, use their own, or a hybrid. Also, testing for state and local governments can be completed by private companies or local universities, as there is no single federal test certification program. This deviation from the federal standard is also seen in the lack of mandatory audits to verify the integrity of the machines and testing procedures, and the management of the voter registration database system which contains voter records. Many of these database systems are outdated and ill-equipped to handle today’s cybersecurity threats, making it easier for adversaries to delete or add voters. Although these differences can be detrimental to the security of elections, they make it difficult for attackers to launch a large-scale, coordinated attack.

The makeup of the voting machine market is a huge risk

Three companies make up more than 90 percent of the voting machine market, suggesting that a compromise of just one of these three companies could have a significant impact on any election.  Manipulation is not a formidable task given many of these machines are running outdated software with existing vulnerabilities. As transitioning to machines running newer Windows operating systems in time for the 2020 election may not be possible, Microsoft has committed to providing free updates for all certified voting machines in operation running on Windows 7.

Internet-connected devices increase risk

Our U.S. voting system is comprised of many different types of devices with varying functions including tallying and reporting votes. Security experts note that web-based systems such as election-reporting websites, candidate websites and voter roll websites are easier to attack compared to a voting machine. Many of these systems are IoT devices that have their own unique security challenges. Often, they are shipped with factory-set, hardcoded passwords; they’re unable to be patched or updated; and have outdated protocols and lack encryption.  They are also susceptible to botnets that can exploit large numbers of devices in a short period. IoT attacks could also compromise a user’s browser to manipulate votes and cut power to polling stations.

Proactive responses to help understaffed election IT teams

To prevent targeted attacks, campaign IT tech teams and staffers are performing training courses to learn how to detect and report suspicious emails. The DNC has created a security checklist for campaigns with recommendations, and the Center for Internet Security has also developed a library of resources to help campaigns including a Handbook for Elections Infrastructure Security.  Machine-based learning systems enable limited teams to operate 50 percent more efficiently through automation – which is essential given the scale and number of elections. Security orchestration, automation, and response (SOAR) as part of a modern SIEM can also orchestrate remediation in response to an identified anomaly through playbooks.  SOAR automatically identifies and prioritizes cybersecurity risks and responds to low-level security events, which is extremely useful for state and local government agencies that operate with small cybersecurity teams.

Republicans and Democrats unite to offer a helping hand

In late 2019, recognizing the seriousness of election attacks and the lack of security resources, former campaign managers for Hillary Clinton and Mitt Romney launched a non-profit organization, Defending Digital Campaigns (DDC), which offers free to low-cost security technology and services to federal election campaigns. Some experts predict that the 2020 election will be one of the most anticipated digital security events in U.S. history. Given the complexity of the election process and voting system, security automation, behavior analytics and security education can be a part of the solution for managing a secure voting process.

The post Examining Potential Election Vulnerabilities – Are They Avoidable? appeared first on Cybersecurity Insiders.


March 28, 2020 at 05:56AM

Google tracks down 40000 State-funded Cyber Threats

Google Threat Analysis Group(TAG) has announced that it has tracked down more than 40,000 state-backed cyber attacks on its account holders in 2019. The web search giant claims that the year 2018 witnessed 25% higher cases when compared to last year. Meaning the previous year witnessed a dip in the number of cyberattacks.

 

All these details were revealed in a report by the TAG Security Engineer Toni Gidwani who claims that the attacker’s motive seems to have slowed down last year- which is a true sign of relief.

 

Note 1- In between July and September, the TAG of Google is said to have issued over 12,000 warnings to its users in over 149 countries about government-backed cyber attacks. Details on which countries backed these attacks are yet to be revealed on an official note.

 

Technically speaking, TAG’s underlying objective is not to stop cyber attacks, but to track down those which have been launched by state-funded actors and warn their targets beforehand.

 

What’s interesting in this report is that those who have signed for Google’s Advanced Protection Program(APP) have never been targeted and over 20% of the user who received the warning from the 40,000 received multiple updates on this note.

 

Note 2- Google’s Advanced Protection Program is a service initiated by Google and dedicated to those who want their accounts safeguarded from state-funded attacks. So, journalists, politicians, business leaders and activists along with individuals can opt for this free service program.

The post Google tracks down 40000 State-funded Cyber Threats appeared first on Cybersecurity Insiders.


March 27, 2020 at 08:41PM

Phishing Threats Increase with COVID 19 Outbreak

The recent COVID 19 pandemic has changed the way that businesses are operating around the entire country. Some businesses are forced to temporarily shut down, while others are trying to adjust to the changes of working remote and innovating new and unique ways to operate their business. Every business has been affected by this pandemic outbreak, and unfortunately, cyber criminals are using this outbreak to their advantage to target remote workers and health organizations via Phishing scams.  

Phishing threats are nothing new but, with the outbreak of the coronavirus, this virus has provided cybercriminals with the perfect pretext for their phishing emails. At Nuspire, our team has identified a nearly 100% increase in malicious emails since the coronavirus originated in China in December 2019. 

 

Remote workers 

This virus, and the fear and uncertainty that it has produced, increases the probability that people will click on or open any email that claims to provide useful information about the outbreak. Additionally, with the increase in remote workers, those organizations might not have the proper cybersecurity best practices set up to proactively detect and block phishing threats from entering their mailbox. 

Our team at Nuspire has seen Coronavirus themed phishing attempts within our sample mailbox that appear to come from the CDC along with health advice emails that attempted to steal user credentials.These emails can include a link or an attachment that downloads malicious malware on your computer. 

Healthcare  

In the healthcare industry, companies are trying their best to cater to patients and not break the system, while overcoming the challenge of not having the right equipment amidst this major outbreak. While these healthcare organizations are trying to overcome these challenges, security is getting lost in the shuffle. However, it’s crucial that organizations do not lose sight of cybersecurity.  

Nuspire Threat Intelligence has identified a 150% increase of cybersecurity attacks in the Healthcare sector over the past two months. Hackers are using this virus as the perfect time to hold an organization that is already overtaxed with patient flow and uncertainty to ransom because they are likely to pay instead of face operational downtime during this critical phase of care. 

The post Phishing Threats Increase with COVID 19 Outbreak appeared first on Cybersecurity Insiders.


March 27, 2020 at 05:20PM

Thursday, March 26, 2020

French government announces $4.3 billion plan to support startups

As France and entire Europe is struggling to contain the spread of Covid 19 pandemic, financial experts suggest that the chances are ripe for the next recession to emerge by August this year.

So, under such circumstances, the government of France has announced a $4.3 billion support package for companies that are struggling with revenue as well as funding issues to sustain in business.

The Ministry of State for Digital Affairs in association with Bpifrance and led by Ludovic Marin has announced that the French government has taken an initiative to bridge the financial vacuum with refinancing and liquidity measures for freshly started companies which are providing employment.

Cedric O the Secretary of State Digital Economy has made an official statement on this note yesterday and stated that the funding will initially focus on companies that are offering innovation-driven products and services during the Coronavirus pandemic and lockdowns such as telemedicine appointments, remote work solutions, and some delivery related initiatives.

During the lockdown, companies which are facing funding issues can skip their annual tax payments, utility bills and rental reimburse. To do so, the government of France has mobilized $320 billion as liquidity support- making it easier for startups to gain loans.

Also, those companies which have initiated short-time working schemes giving opportunities for freelances will receive a funding backup from the government as most of the employee salary will be repaid by the Emmanuel Macron led government.

Hope, all this backing up of Startups pays back the government in one way or the other as loan repayment options might affect the national economy in a holistic way in the long run.

The post French government announces $4.3 billion plan to support startups appeared first on Cybersecurity Insiders.


March 27, 2020 at 10:51AM

Data Stealing Ransomware hits Chubb Insurance and Kimchuk

1.) Chubb Insurance has issued an official statement yesterday that it was hit by data-stealing Maze Ransomware who are now threatening to release a portion of sensitive data if the company doesn’t bow down to the demands of its hackers.

 

Authorities at the world-renowned insurance firm have confirmed that some of its digital assets were targeted by Maze, a ransomware operator but failed to admit that sensitive data was accessed and stolen by hackers.

 

However, a newsletter released by Maze suggests that personally identifiable info of the insurance giant was accessed by its hackers which will go on sale by this month’s end- only if the Insurance firm refuses to pay the ransom.

 

A third party firm has been hired to deal with the situation and bring back the server operations to normalcy by this weekend.

 

Jeffery Jack, the spokesperson of Chubb has confirmed the news and added that the main network of Chubb was fully operational and so the customers might not feel the impact while dealing with the claims and paying their regular premiums.

 

Note- A security researcher following Maze activities has responded that the said ransomware spreading gang has information such as names, contact numbers and email addresses of several key people from the company and that includes the credentials belonging to 3 senior executives and the CEO Evan Greenberg.

 

2.) Kimchuk which happens to be electronics manufacture for the medical and military industry and based in Danbury, Connecticut, United States has admitted that its database was hit by ransomware which has the potential to steal data.

 

The electronics manufacturer which offers equipment to telecom industries, power grids, and nuclear modules has stated that DopplePaymer Ransomware is suspected to have hit its network exfiltrating data to remote servers owned by those spreading the said ransomware.

 

As the file-encrypting malware hit the database early this month, the threat actors are said to have demanded a sum of $10 million in Crypto in exchange to free up the data. And as the company failed to pay up the ransom, the hackers started to slowly publish a part of the stolen Kimchuk’s data on the dark web.

 

Jim Marquis, the Chief Executive Officer of Kimchuk has endorsed the news and partially agreed that the attack took place around March 5th, 2020.

The post Data Stealing Ransomware hits Chubb Insurance and Kimchuk appeared first on Cybersecurity Insiders.


March 27, 2020 at 10:49AM

Ransomware attack on City of Shelby and suspected on Essilor Group

France based Essilor Group which is into the manufacturing of optical solutions and eye gear has made it official that it became a victim of a cyber attack on March 21st,2020. And highly placed sources say that the attack could be a ransomware variant as it has locked down several servers from access.

However, no official from Essilor has confirmed the news that it was a file-encrypting malware attack. But a source based on the condition of anonymity confirmed that it was a malware attack that was identified in time and contained.

The French Ophthalmic company said that it has immediately replaced new software and hardware firewalls in its server environment to prevent such incidents shortly.

More details are awaited!

Meanwhile, the officials from the City of Shelby, Cleveland County, North Carolina, United States are stating that they are slowly recovering from the ransomware attack which took last week.

Most of the disrupted systems are either shut down or have been shut down to contain the spread of the malware. And the investigation is going on to determine the extent of damage the file-encrypting malware has done to the IT Infrastructure.

The email communication has been shut down and as there is zero impact on financial services, employees are being assured that they will get their pay on time for this month.

Note- A Ransomware is a kind of malware that encrypts the files on a database until a ransom is paid in cryptocurrency. However, as the attack interface has evolved many times in the past two years, hackers are seen first stealing data and then encrypting the database. So that they can earn in either way if the victim fails to pay for the locked-up data by selling the stolen data on the dark web.

The post Ransomware attack on City of Shelby and suspected on Essilor Group appeared first on Cybersecurity Insiders.


March 26, 2020 at 08:40PM

Wednesday, March 25, 2020

Cybersecurity experts join to stop Coronavirus Cyber Attack campaigns

As a surge in cyberattacks is being witnessed on Healthcare agencies that are otherwise fighting in curbing the spread of the Covid 19 pandemic, an international group consisting of around 400 volunteers has emerged to fight the hacking campaigns named after the Novel Corona Virus.

From the past two weeks, hackers are seen indulging in the spread of malware such as ransomware by disguising their attack campaigns as something related to the Wuhan Virus. And it is estimated that over 204 companies have fallen prey to such campaigns, out of which 74 have been identified as healthcare providers.

So, a team of volunteers called the Covid 19 CTI ( Cyber Threat Intelligence) League, for Cyber Threat Intelligence, has been formed to fight against the cyber threats emerging in the name of Covid 19 spread. And information is now out that such teams will span across 40 countries and will have senior professionals from noted companies such as Microsoft and Amazon as members.

The Objective of the Covid 19 CTI League will be to boost the cyber defense capabilities of various companies and train the employees on how to identify and thwart such attacks in an effective way- especially in scenarios where work from home has become a necessity than just a mere option.

In the past two days, the group has succeeded in fighting against cybercrime related to phishing attacks and other such digital financial crimes. Notably, a cyber-attack campaign was also successfully dismantled yesterday that used software vulnerability in MS office to spread malicious software.

The post Cybersecurity experts join to stop Coronavirus Cyber Attack campaigns appeared first on Cybersecurity Insiders.


March 26, 2020 at 10:34AM

Dark Hotel hacking group behind WHO Cyber Attack

Finally, some evidence is out that the hacking group behind the WHO Cyber Attack could be ‘Elite Hackers’ aka Dark Hotel. According to an article published in Reuters, the said group was behind the domain name registration of a fake site that impersonated the internal email system used by WHO and tried to lure the WHO employees in submitting their online credentials on March 13th this year.

 

Taking a tip-off from a Blackstone Law Group Cybersecurity expert named Alexander Urbelis, a reporter from Reuter is said to have published the article after verifying some facts thoroughly.

 

A team of security experts from Kaspersky have confirmed the news and said that the effort was to block the digital access of ‘WHO’ in the wake of Covid 19 pandemic- only to deepen the crisis response by blocking help.

 

Meanwhile, multiple reports are in that hackers are using the World Health Organization in their subject-lines to distribute malware in the form of Phishing emails. So, security experts from Kaspersky are warning people not to click on the links or download a file which starts with subject lines such as How you can save from the Coronavirus Pandemic, medicine for Covid 19, Home Remedies to treat corona or Covid 19 and how to curb the spread of Coronavirus….

 

Note- The only way to contain the spread of Coronavirus is to practice “Social Distancing”, keep your throat hydrated with warm water mixed with salt or vinegar and contact the emergency care if you have symptoms such as cough, and fever along with cold. Basking in sun, intake of Vitamin A, B, C, and D also helps in raising your immunity levels against such viruses.

 

The post Dark Hotel hacking group behind WHO Cyber Attack appeared first on Cybersecurity Insiders.


March 26, 2020 at 10:32AM

The future of cybersecurity for connected cars 

Connected cars have slowly become mainstream, with more than 700 million of them expected to be operating on roads by 2030. Most new vehicles are leaving production lines with a host of features that require a connection to the online world, including GPS, lane assistance, collision avoidance, and modern infotainment systems. However, while connected vehicles offer abundant opportunities for the consumer, automakers need to seriously consider what they mean for consumer privacy and security. Any software vulnerabilities could undermine the safety of connected car systems and features, putting the user’s sensitive information at risk as well as their physical safety. As such, automakers need to adopt a cybersecurity culture that not only addresses the obvious exposures in their vehicle’s software, but other hidden vulnerabilities that could arise from third-party components in their vehicles. 
The current state of cybersecurity in connected vehicles 
Cybersecurity is still…

Karoline Gore Posted by:

Karoline Gore

Read full post

      

The post The future of cybersecurity for connected cars  appeared first on Cybersecurity Insiders.


March 25, 2020 at 09:09PM

Over Two Million Email Cyber Attacks on The National Gallery London

According to a study and data released by Absolute Software, The National Gallery London was hit by over 2 million email cyberattacks in the year 2019. The endpoint security offering company clarified that it obtained the data via Freedom of Information act and then verified the info with its sources before disclosing the facts to the world.

The National Gallery London is a paintings museum which has been established in the 18th century and is renowned to exhibit over 2,800 paintings- some dated from the 13th century AD.

Now, the info is out that the gallery witnessed over 1,875,250 email cyber attacks in 2019 which came in varied forms such as viruses and spam.

“The aim was to steal confidential data from the National Gallery”, says Andy Harcup, Vice President of Absolute Software. He added that the issue was elevated to the Department for Digital, Culture, Media, and Sport which has the history of supervising the mitigation and thwarting efforts of such attacks.

Cybersecurity Insiders says that the Gallery uses the email threat monitoring software from Absolute which reportedly quarantined over 1,176,658 email threats that include 18,378 spam, 443,741 phishing, and 179,846 spoofings, 10,959 with manual envelope rejection and such.

Currently, the National Gallery London is facing a new cyber threat as some of its workers are working from home due to Covid 19 pandemic outbreak. So, the IT staff of the Trafalgar square art-museum is said to have taken all precautions to mitigate all risks associated with the situation such as encryption, use of anti-malware solutions, firewall protection and implementing endpoint security software protection.

The post Over Two Million Email Cyber Attacks on The National Gallery London appeared first on Cybersecurity Insiders.


March 25, 2020 at 08:42PM

Tuesday, March 24, 2020

Microsoft Windows document vulnerability has no fix

Microsoft has issued an official warning that the recently discovered font vulnerability has no fix as of now and users need to wait till April 14th, 2020 i.e. the next patch Tuesday.

 

Going by the details, a group of security researchers has found that hackers are exploiting a vulnerability in Windows handling and rendering fonts. They confirm that the flaw might help them deliver malicious documents- spreading malware such as ransomware.

 

Currently, it’s still unclear how many systems are impacted by this flaw. But the OS offering giant has clarified that the susceptibility will hit Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2019, Win Server 2016 and 2012 R2 and 2008 along with Windows 7.

 

A security advisory posted on the website of the technology giant says that the vulnerability is similar to that of an unpatched version of Adobe Type Manager Library which is used to handle a specially crafted multi-master font.

 

Microsoft says that hackers can target a PC by asking the user to open a specially crafted document or view it in a Windows preview pane.

 

For those using the Win 7 operating system, the flaw is reported to be extremely ‘critical’ as the support for the operating system has been withdrawn from Jan 2020.

 

Note– Windows 7 is an operating system produced by Microsoft on July 22nd, 2009 and the mainstream support for the said OS was withdrawn on Jan 13th, 2015 while the extended support ended on January 14th, 2020.

The post Microsoft Windows document vulnerability has no fix appeared first on Cybersecurity Insiders.


March 25, 2020 at 11:22AM

Ransomware claims have doubled in 2019 say insurers

As the year 2019 has passed, a London based Insurance Company Beazley Group says that the number of ransomware claims doubled last year as the spike in the malware attacks was more evident in healthcare, professional services, and financial sector.

Till 2016 reports from our insurers on ransomware attacks were infrequent. But the dynamics changed last year as our team got busy in settling more and more claims” said a media briefing made by Beazley’s Data Breach briefing.

Supporting the finding is a new report compiled by Trend Micro which says that a 10-20% increase was witnessed in the ransomware detections the past year. The cyber threat detecting company also came up with the fact that the past year witnessed a rise in ransomware attacks on healthcare companies as it was estimated that more than 700 providers were impacted.

Kaspersky reported even more high figures suggesting a 60% increase in ransomware attacks in 2019 when compared to the previous year. As more than 178 municipalities and 3,000 SMBs were targeted with the file-encrypting malware by hackers.

Barracuda Networks released a similar threat report in Aug’19 saying that a two-thirds increase was witnessed in the spread of ransomware attacks.

Beazley Breach’s report says that in many cases organizations did not become the direct targets, but were impacted when their IT services provider or a 3rd party entity was impacted.

On reason for witnessing the rise in ransomware attacks is because there has been an increase in new ransomware strains which were hard to contain. Moreover, the malware strains which targeted organizations last year were those which were developed with more sophistication in mind like hard to detect, no free decryption tools, having data-stealing capabilities and could wipe off the encrypted data if the victim failed to pay. And once in the network, the ransomware could infect more systems and networks like in a chain syndrome.

Email filters to track down phishing emails, password protectors, multi-factor authentication; employee training to recognized malicious messages and emails are being advised by Cybersecurity experts to avoid the ransomware rise this year.

The post Ransomware claims have doubled in 2019 say insurers appeared first on Cybersecurity Insiders.


March 25, 2020 at 11:20AM

10 tips for working remotely

We’re all working together to help slow the spread of COVID-19 through new policies and guidelines such as working remotely and socially distancing ourselves from others.  Working remotely can be challenging.
I can offer some advice about working remotely, as I have worked both remotely and in a travel capacity for over 10 years, and I really love working that way. Here are a few things I regularly do to ensure success while still managing a work-life balance.
Working from home can make it difficult to maintain a work-life balance because, well, you’re at home. So, you have to prepare your work daily and complete what you have prepared for yourself.
I plan every day, at the end of the day for how to the start the next morning. (I usually do it at night because I like to put in a few hours in the…

Tony DeGonia Posted by:

Tony DeGonia

Read full post

      

The post 10 tips for working remotely appeared first on Cybersecurity Insiders.


March 24, 2020 at 09:08PM

Google introduces the Chronicle to detect Enterprise level Cyber Threats

Google has introduced the Chronicle to detect enterprise-level cyber threats to businesses that are vying for quick digital detection & response. The web search giant is offering the product which can use machine learning tools to analyze huge volumes of data to detect any anomalies.

 

Factually speaking, the Chronicle is functional in Google Cloud since Oct’19 as it helps the internet juggernaut with advanced threat detection capabilities. Now, the same tool will be implemented to help businesses in investigating cyber threats launched on business networks and that too with the help of new programming language YARA-L.

 

Technically, YARA-L is a product of VirusTotal which was acquired by Google in 2012 and is a malware detection solution that can be applied to security logs n telemetry aspects.

 

Now, the Chronicle is enhanced by adding intelligent data fusion to analyze huge data sets to develop comprehensive threat responses to Google Cloud customers.

 

Note- According to the inside sources, Chronicle technology was meant to leverage the Alphabet’s huge computing power to build threat awareness to make Cybersecurity easy, automatic and proactive. But as soon as it got integrated into Google Cloud, it lost its sheen and is now being treated as a dead technology. Now, with the new announcement, Google wants to revive the technology and help enterprises mitigate cyber threats in a proactive and automated way. 

 

Hope it succeeds well in doing so!

The post Google introduces the Chronicle to detect Enterprise level Cyber Threats appeared first on Cybersecurity Insiders.


March 24, 2020 at 08:50PM

Monday, March 23, 2020

Failed Cyber Attack on Paris Hospital Authority

While entire Europe is busy containing the spread of Coronavirus, the news is out that a failed cyber attack on the Paris Hospital Authority aka AP-HP was attempted on March 22nd of this year.

AP-HP stands for Assistance Publique- Hopitaux de Paris and is a very popular University Hospital Trust in Paris.

Highly placed sources say that the attack was launched to disrupt the digital operations of the hospital trust to hinder the containment operations of Covid-19 spread. But fortunately, the incident was launched on time by the authorities and was significantly curbed at the right moment.

AP-HP happens to be the largest hospital network across Europe and is into offering services like research, prevention, healthcare, teaching, and education along with 24×7 emergency medical services.

So, disrupting the operations of such trust means making the people of the region suffer and this might have been the motive of the hackers who launched the digital attack on the hospital trust.

Furthermore, as trust happens to be sharing its duties with military hospitals such as Val-de-grace, the threat actors might have had the intention of infiltrating the military operations via the network of AP-HP.

Note– Last week a group of hackers pledged that they will not launch cyberattacks on healthcare providers across the world due to the outbreak of Corona Virus Pandemic. But from the past couple of days, reports are in that the US Health and Human Services Department and Australian government’s internet network were hit by cyber incidents such as DDoS and Ransomware……please have some mercy guys!

The post Failed Cyber Attack on Paris Hospital Authority appeared first on Cybersecurity Insiders.


March 24, 2020 at 10:29AM

Coronavirus and Email Phishing scam and Cyber Attack on WHO

As the panic of Covid 19 is slowly gripping the entire world, some hacking groups are seen spreading malware in the form of email phishing scams delivered in the name of the World Health Organization (WHO).

Security experts say that the subject lines of such emails often seem to be authentic like How to curb Coronavirus spread; how you can save from the pandemic; medicine for Covid 19; the home remedy to treat Coronavirus or Covid-19…and such.

Strictly speaking, these emails are fake and are meant to spread malware by enticing the target to download a file or click on a phishing link.

So, all your web services users out there, please make sure that you stay away from such phishing emails hereon…

Coming to the other news update issued by WHO CIO Flavio Aggio, the World Health Organization is said to have become a victim of a cyber attack early this month. But as the attack was neutralized by the related authorities, no digital services were impacted by the attack and so the media was kept dark about the incident to date.

According to the press release available with Reuters, Flavio Aggio said that the identity of hackers was yet to be established and was first red-flagged by a cybersecurity expert from the US named Alexander Urbelis.

Mr. Urbelis discovered the incident on March 13 of this year when he found a fake website from WHO in the disguise of an internal email system of healthcare. It is being suspected that the site could have been launched to steal passwords from the agency staff members.

The post Coronavirus and Email Phishing scam and Cyber Attack on WHO appeared first on Cybersecurity Insiders.


March 24, 2020 at 10:27AM

Windows Server 2019 OS hardening

This blog was written by an independent guest blogger.
Windows Server 2019 ships and installs with an existing level of hardening that is significantly more secure compared to previous Windows Server operating systems. Gone are the bloat of Xbox integration and services and the need for third-party security solutions to fill security gaps.
Operating System (OS) hardening provides additional layers of security and preventative measures against both unauthorized changes and access. Hardening is critical in securing an operating system and reducing its attack surface.
Be careful!  If you harden an operation system too much, you risk breaking key functionality. 
Hardening approach
Harden your Windows Server 2019 servers or server templates incrementally. Implement one hardening aspect at a time and then test all server and application functionality. Your cadence should be to harden, test, harden, test, etc.
Mistakes to avoid
Reducing the surface area of vulnerability is the…

Thomas Jung Posted by:

Thomas Jung

Read full post

      

The post Windows Server 2019 OS hardening appeared first on Cybersecurity Insiders.


March 24, 2020 at 09:09AM

Ransomware attack on Hammersmith Medicines Research and Ameren Missouri

Maze Ransomware spreading hackers have targeted a healthcare provider that was associated with the British government to test the Covid-19 vaccine. And the news is out that the hackers have also stolen some data from the testing center and have posted it online.

Malcolm Boyce, the director of Hammersmith Medicines Research has confirmed the news and disclosed that the incident took place on March 14th this month and was spotted and contained the same day by restoring data from the data backups without paying a ransom.

What’s interesting in this whole news fact is that the group spreading Maze Ransomware has pledged last week that it won’t target any healthcare provider at least for few weeks or till the Coronavirus pandemic subsides across the world.

FYI, Hammersmith Medicines is the same company which previously tested a vaccine for Ebola a few years ago and is on the verge of introducing a new vaccine to curb the spread of Wuhan Virus

Coming to the other news related to the Ransomware attack, a third-party vendor that supplies equipment to Ameren Missouri Power Plant is reported to have become a victim of a ransomware attack recently.

Although no data related to customers was leaked in the incident, highly placed sources say that equipment diagrams and schematics related to two Ameren Missouri power facilities could have been accessed by hackers.

The 3rd party in question happens to be Ohio based LTI power systems and the leaked data files include those related to companies Ameren Sioux Power Plant based in West Alton and the Labadie Power Plant.

The post Ransomware attack on Hammersmith Medicines Research and Ameren Missouri appeared first on Cybersecurity Insiders.


March 23, 2020 at 08:39PM

Sunday, March 22, 2020

Buncombe County is struggling with Cyber Threats amid Covid 19 fears

As the number of positive Coronavirus cases has increased in Buncombe County, North Carolina, the news is now out that the Public Health Emergency Preparedness team is struggling hard to deal with malicious emails, phishing attempts and ransomware attacks on its infrastructure.

Coordinator of the healthcare Fletcher Tove confirmed the incident and said that the IT infrastructure was witnessing an increase in cyber attacks from the past one week in parallel to the rise in a number of cases of Covid 19.

“The bad guys are picking up targets in the name of charities, the World Health Organization and the Center for Disease Control and are seen asking for critical data such as social security numbers, and credit card information”, said Tove, in a special media update on Friday.

Tove added that the incident came into light just a couple of days after the Cleveland County’s Shelby city offices reported about a ransomware incident hitting their database.

“As the world is going through a health crisis, hackers are seen leveraging the situation to make money by targeting vulnerable points”, said Maria Thompson, the State Chief Risk Officer. She added that cybercriminals are taking advantage of the situation and might hit those who are working from home.

From the past few days, most of the public, as well as private companies, have advised their employees to Telework from their homes wherever n whenever possible. And this might make hackers snatch every opportunity to exploit the endpoints to infiltrate networks added to Ms.Thompson.

Maria is advising companies to back up data and at the same time learn about the threat possibilities lurking in the cyber landscape. Also, she is advising network admins to keep a vigil on the workloads to isolate the digital infrastructure from cyber attacks.

The post Buncombe County is struggling with Cyber Threats amid Covid 19 fears appeared first on Cybersecurity Insiders.


March 23, 2020 at 10:59AM

Cyber Attack news trending on Google

Finastra, a London based technology solutions providing company has issued a press statement yesterday that it is shutting down some of its critical servers due to a cyberattack that targeted it on Thursday.

Although the company hasn’t stated the details of the attack variant in its public statement, its incident response team is reported to be following a playbook related to ransomware attacks. However, no official confirmation has been made on this note until today.

“We have detected an anonymous activity on our systems and have taken appropriate measures to contain & curb it”, said Tom Kilroy, the COO of the Finastra.

Meanwhile, the other news related to cyber-attack and is trending on Google; MyGov website which is being used by Centrelink services online is reported to have been hit by a distributed denial-of attack (DDoS) in the early hours of Monday.

The cyberattack was targeted amid the federal government’s decision to close down parts of the economy in a bid to contain the spread of Coronavirus pandemic.

Stuart Robert, the Government services minister said that MyGov website was abruptly shut down as it witnessed immense web traffic at a go- say 55,000 Australian people accessing it at a time. As this was possibly non-practical, the officials suspect the hand of hackers in launching a DDoS cyber-attack on the web portal.

Highly placed sources say that the website services were shut down when people were lining up to claim unemployment benefits amid Covid 19 spread fears.

The third news happens to be related to the spread of Mespinoza ransomware strain on the government and private networks of the French government. News is out that hackers were spreading a newly discovered ransomware strain on government networks when the officials are finding ways to contain the spread of the Chinese Virus in France and the continent of Europe.

Reports are in that the said ransomware can steal data and sell it on the dark web to make money worth in millions.

France’s government’s Cybersecurity Team CERT-FR has confirmed the incident and is reported to have taken all measures to contain the incident.

The post Cyber Attack news trending on Google appeared first on Cybersecurity Insiders.


March 23, 2020 at 10:57AM

Friday, March 20, 2020

South Korea Startup to share Cyber Threat Intelligence with Interpol

France based International Criminal Police Organization (INTERPOL) has announced that a South Korean Start-up S2W Lab has signed an agreement with it to share cyber threat intelligence. And as a part of this agreement, the Korean Startup is all set to share information regarding dark web analysis with the international law enforcement agency.

As it is very difficult to track down criminals on the dark web, the police agencies across the world are finding it hard to arrest them- especially the hackers.

S2W Lab will ease this difficulty by sharing the data related to threat actors who are active on the dark web with regards to accessing and purchasing information regarding credit cards, passport numbers, passwords, revenge P$$n and other such details from across the world.

Coming to the details of S2W, it is a company that emerged into operations from September 2018 and specializes in capturing and analyzing huge amounts of data related to the Dark Web. In this process, the company uses natural processing as well as machine learning techniques to link multiple domains across numerous time-frames.

“Cybercrime of dark web is hard to track due to its characteristics and wide usage of crypto-currencies and this is where S2W lab specializes in offering a technology which will help the Interpol to mitigate cyber threats prevailing on the dark web landscape”, said Suh Sangduk, the CEO of S2W Lab.

As the company has employed network researchers from Korea’s Advanced Institute of Science and Technology (KAIST), S2W has shot to fame in data analysis within no time.

Now the news is out that the company bagged the deal from Interpol last year when the CTO Shin Seung, who is also a Professor at KAIST won and was appointed as the member of Global Cryptographic Bank Crime Prevention Subcommittee of Interpol.

The post South Korea Startup to share Cyber Threat Intelligence with Interpol appeared first on Cybersecurity Insiders.


March 20, 2020 at 08:39PM