Tag: warns

Dell warns of user data breach — 49 million customers affected in security incident, here’s what we know

Post author By lisa nichols
Post date May 10, 2024
No Comments on Dell warns of user data breach — 49 million customers affected in security incident, here’s what we know

[ad_1]

Dell has begun sending breach notification emails to some 49 million people whose data was apparently stolen in a recent cyberattack.

The type of information involved includes people’s names, postal addresses, and Dell hardware and order information, such as service tags, item description, order dates, and different warranty information.

“We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell,” the company said in the notification letter. “We believe there is not a significant risk to our customers given the type of information involved.”

Tangible risk

Dell has notified relevant authorities and brought in third-party cybersecurity experts to assess the damage. So far we don’t know if this was a simple data smash-and-grab, or a ransomware attempt.

The company believes the risk to its customers is not significant since financial and payment information, email addresses, and phone numbers were not stolen in this attack.

However, the risk of phishing or even major malware and ransomware attacks still exists, since threat actors can send out personalized letters with removable drives and deploy malicious code that way. It has happened in the past.

At the same time, there is always a risk someone most likely already bought the database on the dark web.

A cybercriminal with the alias Menelik posted a new thread on a dark web forum, advertising a Dell database fitting the company’s description: “49 million customer and other information systems purchased from Dell between 2017-2024.” The thread was quickly deleted, which usually happens if someone buys the database.

Since the information was most likely already acquired, if you are a Dell customer who purchased hardware between 2017 and 2024, it would be wise to be extra wary of any communication claiming to be from the company, especially if you get it in the mailbox.

Via BleepingComputer

Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns

Post author By lisa nichols
Post date April 18, 2024
No Comments on Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns

[ad_1]

For a month now, hackers have been mounting a large-scale credential stuffing attack against multiple Virtual Private Network (VPN) instances around the world. At the moment, it’s hard to say who is behind the attack, or what the motives are, but researchers have some clues.

As reported by Ars Technica, Cisco’s Talos security team recently warned of an ongoing campaign in which attackers keep trying more than 2,000 usernames and some 100 passwords against different VPNs. Some of the products in the attackers’ crosshairs include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, and Ubiquiti, however others could be targeted, as well.

The victims are scattered all over the world, and operate in various verticals, prompting the researchers to conclude that the attackers don’t have a preferred target, but are rather casting as wide of a net as possible.

Growing in strength

“Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions,” the researchers said in their report. “The traffic related to these attacks has increased with time and is likely to continue to rise.”

While the evidence is inconclusive, the researchers believe this could be the work of the same threat actor that targeted Cisco a few weeks back. They are basing this assumption on the facts that there are “technical overlaps” in how the attacks were conducted, and that in both instances, the same infrastructure was used. In the Cisco campaign, the goal was reconnaissance, so the speculation is that it’s the same this time around.

The IP addresses found from the previous attack were already added to Cisco’s block list for its VPN, and organizations worried about these attacks are advised to do the same, for any third-party VPN they have deployed.

You haven’t actually got a massive road toll bill – it’s a phishing scam, FBI warns

Post author By lisa nichols
Post date April 16, 2024
No Comments on You haven’t actually got a massive road toll bill – it’s a phishing scam, FBI warns

[ad_1]

If you get an SMS message from a toll service, claiming you owe $12.51 in unpaid fees and that if you don’t move fast, you’ll be fined an additional $50, don’t fret – it’s not real.

The Federal Bureau of Investigation (FBI) has issued a warning concerning an ongoing smishing campaign that seems to have hit thousands of American citizens so far.

“Since early-March 2024, the FBI Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts representing road toll collection service from at least three states,” the FBI said.

Do not act

The message reads “(State Toll Service Name): We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”

So far, only certain US regions have been hit, with the FBI speculating this means the scam is moving from state to state, and that drivers in other regions could receive a similar SMS message soon. Should that happen, the law enforcement agency says victims should file a complaint with the IC3, and include the scammer’s phone number and the website listed in the message.

Those suspicious if they really do have unpaid tolls should check their account using the service’s legitimate website (as opposed to clicking on the link provided in the SMS message), or by dialing the toll service’s customer service phone number.

Among those impersonated in this campaign is Pennsylvania Turnpike, which later warned the drivers directly: “Some customers have received phishing-attempt text messages claiming to be from the PA Turnpike’s toll services,” BleepingComputer cited the warning. “If you receive such a text, providing you with a link to pay an outstanding toll, do not click on the link, and delete the text.”

International Monetary Fund warns cyberattacks could trigger bank runs

Post author By lisa nichols
Post date April 11, 2024
No Comments on International Monetary Fund warns cyberattacks could trigger bank runs

[ad_1]

The International Monetary Fund (IMF) has warned that the increasing number and cost of cyberattacks could destabilize economies leading to bank runs. The knock-on effects of dealing with cyberattacks, such as reputational and financial losses, can spill over onto clients and other businesses, disrupting critical services.

The increasing reliance on third-party security providers over in-house teams is further exacerbating the problem, as a successful breach on a third-party could affect a significant number of businesses.

Heightening geopolitical tensions could also prompt state-backed hackers to target the biggest companies in order to weaken national economies and overall stability.

One cyber attack could topple the dominoes

Malicious cyber threats seem to be growing at an exponential rate, and the costs are rising too. In the US alone, the financial sector has lost $12bn as a result of cyber incidents, with banks bearing the brunt, accounting for almost half of all financial industry cyber incidents since 2004.

According to a survey carried out by the IMF, the policies, frameworks and supervisory bodies dealing with cyberattacks are insufficient and do not account for their widespread effects outside of the targeted company.

The IMF recommends that governments, particularly those in emerging markets or developing countries, should develop robust national cybersecurity strategies that regularly review the security landscape, provide cybersecurity expertise to business leaders, set standards of cyber hygiene, and prioritize information sharing between industry participants to improve cyber preparedness.

Commenting on the IMF recommendations, Kev Breen, Senior Director of Threat Intelligence at Immersive Labs, said, “Knowing that a specific threat actor may be targeting banks with a DDOS is not the same as being prepared to respond or proactively mitigate against the potential impact of these threats.”

“To truly improve cyber resilience in the financial sector, organizations need to upskill all employees, including board members and C-Suite executives. Regular and measured real-life cyber crisis simulations and drills will ensure people have the right knowledge, skills, and judgement across the entire organization to defend against a cyberattack,” Breen concluded.

Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

Post author By miranda cosgrove
Post date April 11, 2024
No Comments on Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

[ad_1]

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do.

According to TechCrunch, Apple sent the alerts to the individuals at 12 p.m. Pacific Time, delivered via email and iMessage using the contact details associated with the user’s Apple ID. A notification also appears at the top of the page if the user signs into appleid.apple.com.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company wrote in the warning to affected customers. “We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.”

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” added the warning.

In an updated support document, Apple said it has sent similar threat notifications to users in over 150 countries since 2021. “The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today,” said the company. “As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”

Last October, Apple sent similar warnings to some journalists and politicians in India. Soon after, nonprofit advocacy group Amnesty International reported that it had found Israeli cyber-arms company NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India. Users in India are among those who received the latest threat notifications, according to people familiar with the matter who spoke to TechCrunch.

The alerts come at a time when many nations are preparing for democratic elections. Apple previously described the attackers as “state-sponsored” in the support document, but has replaced those references with “mercenary spyware attacks.” The warning to customers reads: “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”

Apple advises those who have received a threat notification to seek expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website.

Users who have not received an Apple threat notification but have good reason to believe they may be individually targeted by mercenary spyware attacks are advised to enable Lockdown Mode on their devices for additional protection.

[ad_2]

Source Article Link

Tags Apple, Attacks, countries, Mercenary, Spyware, users, warns

Featured

Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

Post author By lisa nichols
Post date April 8, 2024
No Comments on Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

[ad_1]

The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems.

The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital employee, providing the helpdesk with stolen identification.

The hackers then request that their device be set up to use the employee’s multi-factor authentication. Once they have access to the hospital’s internal systems, they are free to steal data and re-route transactions into their own bank accounts.

Hospital data and finances a honeypot for hackers

The Health Sector Cybersecurity Coordination Center (HC3) issued a warning for hospitals to be vigilant in the face of hackers using elaborate social engineering campaigns to gain access to hospital systems. The HC3 stated that the hackers “specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts” in order to steal money.

“Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts,” HC3 continued. “The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).

While no threat actor has been formally identified as responsible for these attacks, HC3 issued a number of guidance points to IT help desks in order to avoid succumbing to such an attack: (PDF)

Require callbacks for employees requesting new device MFA enrollment or password resets using the number on file for the employee
Monitor ACH changes for suspicious activity and frequently revalidate users who have access to payer websites
Employees requesting MFA device enrollment, password resets, or ACH changes should report in person to the IT helpdesk
Where this is not possible, contact the employee supervisor for verification
Train helpdesk employees to identify social engineering techniques and spearphishing attempts

Via BleepingComputer

Visa warns dangerous new malware is attacking financial firms

Post author By lisa nichols
Post date April 5, 2024
No Comments on Visa warns dangerous new malware is attacking financial firms

[ad_1]

Visa is warning its partners, clients, and customers, of an ongoing phishing attack that aims to deliver a banking trojan.

The Visa Payment Fraud Disruption (PDF) unit sent out a security alert to card issuers, processors, and acquirers, noting it had observed a new phishing campaign that started in late March this year.

The campaign targets mostly financial institutions in South and Southeast Asia, the Middle East, and Africa, and aims to drop a new version of the banking trojan called JsOutProx. “While PFD could not confirm the ultimate goal of the recently identified malware campaign, this eCrime group may have previously targeted financial institutions to conduct fraudulent activity.”

Impersonating legitimate institutions

Unfortunately, we don’t know the name of the threat actor behind the campaign, or the number of companies that fell victim. The researchers speculate, based on the sophistication of the attacks, the profile of the victims, and their geographical location, that the attackers are most likely China-based, or at least China-affiliated.

We also know is that JsOutProx is a remote access trojan that was first spotted in late 2019, and is described as a “highly obfuscated” JavaScript backdoor that allows its users to run shell commands, download additional malware, run files, grab screenshots, control various peripherals, and establish persistence on the target endpoint. It’s hosted on a GitLab repository, apparently.

In the phishing emails, the attackers are impersonating legitimate institutions, showing victims fake SWIFT and MoneyGram payment notifications.

Phishing remains one of the most lucrative ways to deploy malware. It’s cheap and easily scalable, and now with the help of generative artificial intelligence, relatively difficult to spot. IT teams are advised to educate their employees to identify a phishing attack, as well as to install email security software, firewalls, and antivirus tools.

Via BleepingComputer

UN warns e-waste is being created far faster than we can recycle it

Post author By lisa nichols
Post date March 22, 2024
No Comments on UN warns e-waste is being created far faster than we can recycle it

[ad_1]

The UN’s International Telecommunication Union (ITU) and the UN Institute for Training and Research (UNITAR) have issued a stark warning about the rapid growth in e-waste, which has outpaced how quickly we can recycle and safely dispose of unwanted products.

According to the 2024 Global E-waste Monitor (GEM) report, the world generates around 2.6 million metric tonnes of e-waste annually, a figure that’s expected to skyrocket to a staggering 82 million tonnes by 2030.

More alarmingly, documented recycling efforts only account for a fraction of the total waste produced, with an estimated five times more waste being created than recycled through officially recognized procedures.

Our e-waste generation is about to blow up

Handling and recycling e-waste is a more complex issue than it may seem at first. While there are environmental benefits, such as reducing greenhouse gases and recovering valuable materials like gold, copper, and iron, the extraction processes can be extremely costly.

The UN report estimates the net annual economic cost of e-waste at $37 billion, with projected costs set to rise to $40 billion by the end of the decade if the industry fails to make substantial improvements to management and policies.

There’s also a geographical disparity when it comes to e-waste, says the UN. According to the figures, Europe leads the way with a recycling rate of 42.8% – a comparably positive sum, but one that still leaves a lot of room for improvement. However, Africa is way behind with a recycling rate of only 0.7%.

With such a long way to go, the report calls for urgent action to improve current recycling processes and systems globally to address rising rates of electronic waste, hoping that the industry can make some substantial sustainability gains.

The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge

Post author By miranda cosgrove
Post date March 21, 2024
No Comments on The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge

[ad_1]

Electrical engineer Gilbert Herrera was appointed research director of the US National Security Agency in late 2021, just as an AI revolution was brewing inside the US tech industry.

The NSA, sometimes jokingly said to stand for No Such Agency, has long hired top math and computer science talent. Its technical leaders have been early and avid users of advanced computing and AI. And yet when Herrera spoke with me by phone about the implications of the latest AI boom from NSA headquarters in Fort Meade, Maryland, it seemed that, like many others, the agency has been stunned by the recent success of the large language models behind ChatGPT and other hit AI products. The conversation has been lightly edited for clarity and length.

Person in a suit smiling in front of the American and National Security Agency flags

How big of a surprise was the ChatGPT moment to the NSA?

Oh, I thought your first question was going to be “what did the NSA learn from the Ark of the Covenant?” That’s been a recurring one since about 1939. I’d love to tell you, but I can’t.

What I think everybody learned from the ChatGPT moment is that if you throw enough data and enough computing resources at AI, these emergent properties appear.

The NSA really views artificial intelligence as at the frontier of a long history of using automation to perform our missions with computing. AI has long been viewed as ways that we could operate smarter and faster and at scale. And so we’ve been involved in research leading to this moment for well over 20 years.

Large language models have been around long before generative pretrained (GPT) models. But this “ChatGPT moment”—once you could ask it to write a joke, or once you can engage in a conversation—that really differentiates it from other work that we and others have done.

The NSA and its counterparts among US allies have occasionally developed important technologies before anyone else but kept it a secret, like public key cryptography in the 1970s. Did the same thing perhaps happen with large language models?

At the NSA we couldn’t have created these big transformer models, because we could not use the data. We cannot use US citizen’s data. Another thing is the budget. I listened to a podcast where someone shared a Microsoft earnings call, and they said they were spending $10 billion a quarter on platform costs. [The total US intelligence budget in 2023 was $100 billion.]

It really has to be people that have enough money for capital investment that is tens of billions and [who] have access to the kind of data that can produce these emergent properties. And so it really is the hyperscalers [largest cloud companies] and potentially governments that don’t care about personal privacy, don’t have to follow personal privacy laws, and don’t have an issue with stealing data. And I’ll leave it to your imagination as to who that may be.

Doesn’t that put the NSA—and the United States—at a disadvantage in intelligence gathering and processing?

II’ll push back a little bit: It doesn’t put us at a big disadvantage. We kind of need to work around it, and I’ll come to that.

It’s not a huge disadvantage for our responsibility, which is dealing with nation-state targets. If you look at other applications, it may make it more difficult for some of our colleagues that deal with domestic intelligence. But the intelligence community is going to need to find a path to using commercial language models and respecting privacy and personal liberties. [The NSA is prohibited from collecting domestic intelligence, although multiple whistleblowers have warned that it does scoop up US data.]

[ad_2]

Source Article Link

Tags Adversaries, Data, Edge, free, NSA, private, warns

Featured

US government warns water services are being targeted in cyberattacks

Post author By lisa nichols
Post date March 20, 2024
No Comments on US government warns water services are being targeted in cyberattacks

[ad_1]

The US government has issued a warning to its allies that state-backed hackers from Iran and China are increasingly targeting critical infrastructure, with the most notable attacks against water systems.

The Cybersecurity and Infrastructure Security Agency (CISA) probed a number of Iranian attacks targeting Unitronic programmable logic controllers (PLC) used in water facilities.

China has also turned its attention to probing critical US infrastructure in what government officials claim could be practice for a wider playbook in the event of war between the US and China.

Targeting the weakest link in the chain

A public letter issued by Environment Protection Agency (EPA) Administrator, Michael Regan, and National Security Advisor, Jake Sullivan, said, “Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

While the attack conducted by an Iranian-backed group did not affect the water supply at the targeted facility, a breach of the PLCs used to control the supply of water means that had the attack progressed further, the attackers could have contaminated the water, damaged the facility itself, or even turned off the municipal water supply.

Volt Typhoon is the most likely culprit behind the attacks carried out by China, with water facilities alongside power grids, port infrastructure, and at least one oil and gas pipeline. The letter continued, stating, “Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.”

Water facilities in the US have long been an easy target for cyber attacks due to the critical underfunding, low staffing levels, and a general lack of cyber security. The Biden Administration recently announced that the burden of responsibility for cyber security should be shifted onto private enterprises that are best positioned to reduce the risks for small businesses and public institutions.

“In many cases, even basic cybersecurity precautions — such as resetting default passwords or updating software to address known vulnerabilities — are not in place and can mean the difference between business as usual and a disruptive cyberattack,” the letter stated.

Via Bloomberg