Cyber Security News

11 Aug 2023 20:14

Data Breach Exposes Personal Information of 612K Medicare Recipients

Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said.

No CMS or Department of Health and Human Services systems were impacted, the agency added.

CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 17:03

Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

Collide+Power is a generic software-based attack that works against devices powered by Intel, AMD or Arm processors and it’s applicable to any application and any type of data.

The chipmakers are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.

However, the researchers pointed out that Collide+Power is not an actual processor vulnerability — it abuses the fact that some CPU components are designed to share data from different security domains.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 13:50

DARPA Program Aims to Strengthen Cybersecurity Via Automation

DARPA says that the INGOTS program will last three years and have two phases: Phase 1 will focus on exploring, designing, developing, and demonstrating tools and techniques;

While Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 07:39

Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves

Data has never been more valuable or more vulnerable than it is today.

Ransomware has evolved from taking data hostage to new and malicious ways of monetizing and exploiting businesses and personal data.

But whatever the motivation of an attacker — hackers showing their prowess, hostile governments attacking perceived enemies, criminal greed — the key to being a guardian of one's data is recognizing that security must be built into a data system, not bolted on.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 03:48

Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites

Most of the recently named victims are from Canada and include Air Canada, Altus, Amdocs, Constellation Software, EY-Continental Transition, Laurentian Bank of Canada, LendLease, Sierra Wireless, SSC Fraud Risk Assessment, St. Mary's General Hospital Surgical Services Review, Staples Canada, Sun Life Assurance of Canada, United Parcel Service Canada Ltd. and more.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 22:37

Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales

The first on the Dark Reading list is so fresh that it hasn't even been released yet.

You'll be able to rent it starting Aug. 15, so it'll be perfect for when you're unpacking or otherwise recovering back home.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 18:15

Case from Mid- July: Apple fixes critical zero-day hole in iPhones, iPads and Macs

That’s because Apple doesn’t want users to be able to downgrade on purpose to reintroduce old bugs that they now know can be used for jailbreaking devices or installing an alternative operating system, even on devices that Apple itself it no longer supports.

Even if you completely wipe and reinstall your iDevice from scratch via a USB cable, using the built-in DFU (direct firmware update) utility, Apple’s servers know what version you were using before the reinstall, and won’t let you activate an old firmware image onto a device that’s already been upgraded past that point.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 14:33

How to Enable or Disable Bitlocker Encryption in Windows

Just as when you encrypted the drive, this process will take a while to complete, but you can keep using your computer as normal with the possibility of slightly worse performance.

Most modern computers should have no noticeable performance differences with BitLocker switched on, so there’s little downside to using the feature unless you lose your recovery key, but then your most important data should always be backed up in more than one location, such as cloud storage.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 06:35

Case Study: Spain. New Regulation on Commercial Calls

It establishes a set of prohibitions and a series of conditions to be able to make such commercial phone calls in compliance with the General Data Protection Regulation (GDPR).

The rules are more oriented towards B2C (“business to consumers”) commercial campaigns, the circular also regulates the processing of personal data of professionals involved in B2B (“business to business”) commercial phone calls.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 22:07

Analysts: Cybersecurity Funding Set for Rebound

"While the theme of conservatism and expectations for continued headwinds have remained throughout the first half of the year, we do expect to see strategic activity slowly begin to rebound in the second half of 2023 and into 2024," says Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber.

Financing and M&A activity will both eventually pick up as companies that were able to make do financially so far begin to feel the need for fresh capital to fuel their business, he says.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 14:45

Data Breach of Android Tracking App “LetMeSpy” Exposes Contact Information, Messages

The tracking app has been available for about 10 years now, and the company boasts of monitoring over 230,000 devices and logging over 100 million calls and text messages during that time.

Security researchers that have pored through the dumped database believe that the data breach contains information from at least 13,000 devices that the app has been installed on, along with contact information for about 26,000 of its customers and location data points for about 13,400 people.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 06:55

Serious Security: Rowhammer Returns to Gaslight Your Computer

The giveaway to his criminality is that, in his nightly visits, he not only makes noises that can be heard downstairs, but also needs to turn on the gas lights to see what he’s doing.

Because the entire building is connected to the same gas supply (the play is set in 1880s London, before household electricity replaced gas for lighting), opening and igniting a gas burner in any room causes a temporary pressure drop in the whole system, so that the murderer’s wife notices a brief but telltale dimming of her own lights every time he’s upstairs.

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 22:28

Demystifying Cyber Threats: A Deep Dive Into Lesser-Known Dangers

Trojans, ransomware, phishing, spear phishing, whaling, and social engineering have become household terms. However, there are many more cyber threats – equally potent, if not more – that often go unnoticed.

Form jacking Attacks,IoT Attacks,Deepfake Technology,Side-Channel Attacks,Cloud Jacking,AI-Powered Cyberattacks are some of these threats .

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 17:36

36% of Europeans Don’t Even Have an IoT Device

More than 9 out of 10 Europeans who have voice assistants use them, although only 25% use them frequently.

More than half of Europeans (55%) believe that such Internet-connected devices do NOT respect their privacy.

Nearly 70% of respondents are aware of the amount of data being shared via voice assistants even when they are not in use.

62% of respondents are very concerned that these devices collect information and audio on them.

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 13:55

Oblivious: Unlocking Sensitive Data Without Compromising Privacy

Data is the building block of the modern digital economy.

However, one of the biggest challenges around data is walking the tightrope between using valuable information to gain business insights and respecting the privacy rights of individuals.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 19:31

What is Data Anonymization? Importance, Tools and Use Cases

The surge in the adoption of advanced technologies such as artificial intelligence, large language models, and growing adoption of cloud-based services, especially by different scale enterprises and mitigating the risk of data breaching, can be considered as attributable factors to the growth of the data masking market.

Data anonymization is critical in many industries where sensitive information is collected and analyzed to gain business insights and comply with regulations

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 15:57

Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers

Several ransomware collectives, including new kid on the block Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, REvil, and others have all made the move to Linux and locking up ESXi machines.

Stoking the trend is the release of the VMware-focused Babuk source code, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.

Ransomware hunter Michael Gillespie told BleepingComputer that Abyss Locker's Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as the Cyberpunk 2077 gaming attack two+ years ago.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 11:50

A New Era of Transatlantic Data Privacy: Implications for Emerging Markets Within Europe

The adoption of the adequacy decision for the EU-US Data Privacy Framework by the European Commission signals that the US data protection standards meet the rigorous requirements of the EU General Data Protection Regulation (GDPR).

This allows for a seamless flow of data between the EU and the US, providing a high level of protection for European citizens’ data being transferred across the Atlantic.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 05:55

SEC Demands Four-Day Disclosure Limit for Cybersecurity !reaches

Simply put, if you’re running a company that offers shares to the public, you need to comply with the rules and regulations of the SEC, which are supposed to give your investors some sort of protection against unsubstantiated claims that disingenuously talk up a proposal, or that sneakily misrepresent the level of risk involved.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 01:35

Best Practices for Enterprise Private 5G Security

It's clear there is a shared responsibility in 5G networks, and this isn't going to be the same for every organization. 5G networks are likely to be deployed in different ways, as depicted in the figure below.

No matter the deployment model, the enterprise will likely be working with service providers and system integrators at some point throughout their journey, whether that be planning, deployment, or operation.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 20:01

'ScarletEel' Hackers Worm Into AWS Cloud

ScarletEel also continues to refine its tactics, according to the latest analysis from the firm — evading cloud security detection mechanisms and reaching into the little-touched AWS Fargate compute engine.

And it has expanded its arsenal by adding DDoS-as-a-service to its list of exploitation techniques.

"So, compared to their prior activity, we see that they're more aware of the victim environment, and they enhanced their abilities in terms of where to go, how to exploit it, and how to evade the defensive security measures that the customers have already begun to implement," says Alessandro Brucato, threat research engineer for Sysdig.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 16:31

Choice Hotels: Radisson Guest Info Breached in MOVEit Attacks

“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 12:58

Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.

While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.

@Cyber_Security_Channel

Cyber Security News

10 Aug 2023 01:53

Ten years on, Snowden Has Had Tremendous Impact – Good and Bad – on Corporate Security

Snowden’s leaks also made us more aware of the lack of data privacy, and it took many years before states began to formulate better laws to protect our privacy.

Some circumstances, such as fighting malware attacks, haven’t changed much, although they have gotten more sophisticated.

We have gotten better tools to defend ourselves and our privacy, and the pace of development was hastened by what Snowden did and how he did it.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 18:32

Guardz Identifies New 'ShadowVault' macOS Stealer Malware

Guardz's research team first identified the 'ShadowVault' info-stealer in the underground XSS forum in June 2023.

The malicious software is designed to secretly collect sensitive information from compromised systems – like login credentials, financial information, personal identification details, cryptocurrency wallet seed phrases, and more, with the potential to wreak havoc on systems and disrupt operations.

The Guardz team of experts has long maintained anonymous avatars on the dark web to fuel its research in protecting SMEs from rising cyber threats such as this. In doing so, Guardz was able to obtain access to the exclusive forum and identify the new macOS stealer, originally available for rent at $500/month.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 11:59

Amazon Prime Day Draws Out Cyber Scammers

Currently Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.

@Cyber_Security_Channel

Cyber Security News

09 Aug 2023 02:03

Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

“The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted".

HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients” - the company says.

The information was extracted from “an external storage location exclusively used to automate the formatting of email messages”.

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 19:09

Razer Data Breach: Alleged Database and Backend Access Sold for $100k

In exchange for the stolen data, ‘Nationalist’ requested a payment of US$100,000 in Monero (XMR) cryptocurrency, but also indicated a willingness to negotiate offers below the asking price.

Monero, unlike Bitcoin, Ethereum or other cryptocurrencies, prioritizes privacy and anonymity, making it challenging to track the movement of funds and identify those involved.

“I have stolen the source code, encryption keys, database, backend access logins etc for razer.com & its products. I do not waste my time with non-serious buyers.

I will be selling this one time. I am looking for $100K in XMR for the entire set of data, including access. MM only. I am looking for offers, not just $100k, can be less,” said the threat actor.

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 15:26

Suncor Reports Data Breach Affected Petro-Points Members’ Basic Contact Data

“We are notifying Petro-Points members and the appropriate privacy regulators. If we discover additional information was obtained, we will notify affected parties as appropriate,” Suncor said.

Suncor’s operations cover oil sands development, production, offshore oil and gas, petroleum refining in Canada and the U.S.

The company noted that the cyber security incident has not impacted the safety and reliability of its field operations.

@Cyber_Security_Channel

Cyber Security News

08 Aug 2023 11:47

What Happens to Your Personal Info After a Data Breach?

Cybercriminals get their hands on a host of your data through hacks, leaks, physical theft, human error, phishing attacks, ransomware, and other means.

That includes Social Security numbers, bank account and credit card details, health records, passwords, device info and lots more.

Companies and institutions are legally required to disclose data breaches, so if you’ve been involved, you’ll get some kind of communication informing you what was accessed (if that info is available at the time).

@Cyber_Security_Channel