Cyber Risk News

Secret Service Launches Cyber-Fraud Task Force

Info Security - Mon, 07/13/2020 - 17:30
Secret Service Launches Cyber-Fraud Task Force

The United States Secret Service has announced the creation of a new network of task forces to tackle both traditional and newfangled financial crimes.

In recognition of the growing convergence of classic financial crimes with modern financial crimes that feature a cyber element, the service is formally merging its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into a single unified network. 

This new network of crime-fighting crews will be known as the Cyber Fraud Task Forces (CFTF). The Secret Service said that the mission of the CFTF is “to prevent, detect, and mitigate complex cyber-enabled financial crimes, with the ultimate goal of arresting and convicting the most harmful perpetrators.”

In a statement released on July 9, the Service said that the CFTF will pick up where the other two task forces left off, representing “an evolution, not a revolution from the ECTF and FCTF model.” 

The CFTF “will offer a specialized cadre of agents and analysts, trained in the latest analytical techniques and equipped with the most cutting-edge technologies,” according to US Secret Service Assistant Director Michael D’Ambrosio.

A trial of the new model had already improved America’s ability to disrupt and deter criminal activity, in particular scams that exploit the COVID-19 pandemic.

“The CFTF model has allowed for better data sharing, institutional alliance, and investigative skill development,” said a Service spokesperson.

“Through these efforts, the Secret Service has successfully disrupted hundreds of online COVID-19 related scams, investigated a number of cyber fraud cases, halted the illicit sales of online COVID-19 test kits, prevented tens of millions of dollars in fraud from occurring, and is leading a nation-wide effort to investigate and counter a vast transnational unemployment fraud scheme targeting the US state unemployment programs.”

D’Ambrosio said that the CFTF will focus in particular on holding accountable any cyber-criminals who seek to exploit the “perilous moment” created by the global health pandemic “for their own illicit gain.” 

The Secret Service has 42 domestic CFTF locations with two international sites in London and in Rome. Plans have been added to extend the CFTF network further to encompass 160 offices globally. 

Categories: Cyber Risk News

Belgium Suffers First Jackpotting Attack

Info Security - Mon, 07/13/2020 - 16:30
Belgium Suffers First Jackpotting Attack

Antwerp-based savings bank Argenta has fallen victim to what is believed to be Belgium’s first jackpotting attacks. 

Also known as a “logical attack,” jackpotting is a sophisticated crime in which cyber-criminals install malicious software and/or hardware on an ATM that forces the machine to spew out all of its cash on demand. 

The attack earned its name from the way in which it causes an ATM to mimic the action of a one-armed bandit slot machine when a player strikes it lucky. 

To carry out the attack, the malicious actor must gain control of the ATM by either making a physical connection by USB or hacking into it online using specialized malware. 

Argenta closed down 143 cash machines over the weekend after being hit by two jackpotting attacks. Cyber-criminals targeted West Flanders, attacking machines in Roeslare on Friday and in Ingelmunster on Saturday. 

The attacks follow in the wake of last month’s attempt by cyber-thieves to gain control over ATMs in Ranst and Borsbeek. 

In both instances, the thieves targeted some of the most antiquated machines in the bank’s network. The ATMs, which were manufactured by Diebold, had been scheduled to be replaced when they were attacked. 

The bank has not confirmed how much money was stolen in the first wave of attacks or even whether the attackers were successful in their attempts to force the ATMs to surrender their cash.  

An investigation into the Argenta attacks has been launched by Belgium’s federal police, who are working under the assumption that the same criminal gang masterminded the June and July attacks. 

“We note that despite the upgrades that have been carried out, this type of device remains in the cross-hairs of criminals,” said Argenta’s Christine Vermylen. “That is why we have decided to shut down 143 devices of this type now, pending the installation of new devices later this year. We are looking into whether that operation can be speeded up.”

Jackpotting has been around in Europe and Asia for several years and made its way to the US in 2018. According to The Brussels Times, the cybersecurity industry believes the attacks on Argenta to be the first cases of jackpotting in Belgium. 

Categories: Cyber Risk News

Personal Data of the Average Brit Held by at Least 39 Different Organizations

Info Security - Mon, 07/13/2020 - 15:43
Personal Data of the Average Brit Held by at Least 39 Different Organizations

At least 39 different organizations hold personal data of the average UK citizen, providing a wide-range of opportunities for hackers to access sensitive information. This is according to Nomidio’s State of Identity 2020 Analysis, which also found that almost a quarter of Brits are unaware of how many organizations hold their personal data.

This growing attack surface has led to a 67% increase in major data breaches since 2014. The problem is exacerbated by the fact that over half (53%) of the UK population use the same password to access multiple accounts.

Unsurprisingly therefore, 77% of those surveyed in Nomidio’s study said they feel vulnerable about multiple organizations holding their data.

The number of businesses, charities and public sector organizations holding personal information is also expected to grow in the wake of the COVID-19 pandemic, with an estimated 3.5 million people believed to have accessed digital services for the first time in the UK during lockdown in areas such as banking and shopping.

The findings suggest a new approach to digital identity is required.

“Why are we issued with a new digital identity every time we register with a new service provider? This situation is completely back to front, it is you or I, the individual, that should be able to present our identity to the different organizations we choose to interact with,” commented Ben Todd, VP of worldwide sales at Nomidio.

“Every time we allow a business to store our date of birth or mother’s maiden name, we’re expanding the attack surface and making it more likely our personal credentials will be lost forever. We need to centralize people’s identities, encrypt them and then give individuals the power to decide which organizations their data is shared with.” 

Last month it was reported that personal data of an estimated 350,000 social media influencers and users has been accessed and partially leaked.

Categories: Cyber Risk News

NCSC Introduces Remote Working Testing Tool for Small Businesses

Info Security - Mon, 07/13/2020 - 15:10
NCSC Introduces Remote Working Testing Tool for Small Businesses

An exercise which will enable small businesses to test their cyber resilience while staff work remotely has been launched by the National Cyber Security Center (NCSC).

Part of its Exercise in a Box toolkit, the ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.

The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration and what processes are in place to manage a cyber-incident remotely.

Sarah Lyons, NCSC deputy director for economy and society engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber-attacks.”

As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cybersecurity practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.

A spokesperson for Eventura, a managed services and business systems firm, said: “Exercise in a Box is just like the monthly fire alarm test or evacuation drill; it’s part of the preparation for a real event and the best way to learn and improve on anything is by doing it.”

Categories: Cyber Risk News

Trend Micro and Girls in Tech to Provide Cybersecurity Training to Girls Around the World

Info Security - Mon, 07/13/2020 - 12:00
Trend Micro and Girls in Tech to Provide Cybersecurity Training to Girls Around the World

Cybersecurity solutions company Trend Micro has announced that it is expanding its partnership with non-profit community Girls in Tech with a new initiative aimed at closing the gender diversity and talent gap in the technology industry.

Together, the two organizations will provide cybersecurity training to girls around the world to help develop a large talent pool of women eager to get their start in the industry.

Despite a global shortfall of more than four million cybersecurity professionals today, just a quarter (24%) of current roles are estimated to be taken by women.

As part of its expanded partnership with Girls in Tech, Trend Micro will develop a new Cybersecurity Fundamentals course for the non-profit. Trend Micro has called on its own security team to build a custom course for Girls in Tech specific to today’s market needs.

The course will feature a blend of online, instructor-led classes and a hands-on lab via Trend Micro Product Cloud covering cybersecurity essentials, network security threats, an introduction to malware analysis and more.

“I’ve always been passionate about and dedicated to encouraging greater gender diversity in the industry. It’s why at Trend Micro we’re committed to supporting equal opportunities in the workplace and in 2018 launched our Close the Gap initiative,” said Eva Chen, co-founder and CEO of Trend Micro. “I’m delighted to be teaming with Girls in Tech to further advance our efforts. Especially in light of recent events, I believe we must celebrate and encourage diversity at every turn today. It’s what makes us human.”

Trend Micro and Girls in Tech first worked together on the Close the Gap program at AWS re:Invent 2018 where they brought managing directors from 30 global Girls in Tech chapters together to brainstorm diversity ideas and programs with industry executives.

“Girls in Tech shares with Trend Micro a unified vision for a future in which women are provided the same opportunities to pursue professions in technology as their male counterparts,” said Adriana Gascoigne, founder and CEO of Girls in Tech. “We look forward to continuing our partnership with Trend Micro to positively impact the technology landscape for women today and generations to come.”

Registration for the new Cybersecurity Fundamentals course is now open. The virtual course will run from August 31 to September 25 and last four hours per week.

Categories: Cyber Risk News

Russian Hacker Finally Found Guilty of 2012 LinkedIn Breach

Info Security - Mon, 07/13/2020 - 11:00
Russian Hacker Finally Found Guilty of 2012 LinkedIn Breach

A Russian hacker has finally been convicted of cyber-attacks on LinkedIn, Dropbox and Formspring which breached millions of customer accounts, after spending years in custody.

Yevgeniy Nikulin, now 32, was arrested in 2016 in Prague and detained there for over a year while US and Russian officials submitted extradition requests.

He was eventually brought to the US but then faced further delays after violent behavior which led to a psychiatric evaluation. It has also been reported that Nikulin initially refused to meet with his defense counsel.

The case was then postponed due to COVID-19 lockdowns.

According to a 2016 indictment by US prosecutors, Nikulin hacked LinkedIn, Dropbox and Formspring back in 2012. The attacks are subsequently revealed to have hit 117 million LinkedIn accounts, 69 million Dropbox users and 28 million Formspring accounts.

He’s alleged to have used many of the stolen log-ins to launch subsequent attacks on individuals.

In the first case to be held in the Northern California district since the start of the pandemic, it took a jury just a few hours to convict Nikulin.

He now faces up to 10 years in prison for each count of selling stolen usernames and passwords and installing malware onto computers, and up to five years for each count of conspiracy and computer hacking. There’s also a two-year stretch potentially awaiting for identity theft.

Sentencing will be handed down on September 29.

Nikulin is one of the few Russian cyber-criminals to have ended up in court in the US. The Putin administration has taken an increasingly hard line on US extradition attempts of Russian citizens from other countries.

In fact, it claimed back in 2016 that Washington was systematically “hunting for Russian citizens across the world.”

Earlier this month, an indictment was unsealed naming Andrey Turchin as “Fxmsp” — an alleged prolific hacker who made millions from selling network access.

However, he lives in Kazakhstan, which has no extradition treaty with the US.

Categories: Cyber Risk News

Zoom Patches Legacy Windows Zero-Day Bug

Info Security - Mon, 07/13/2020 - 09:30
Zoom Patches Legacy Windows Zero-Day Bug

Zoom has fixed a zero-day vulnerability announced last week which affects legacy Windows customers.

The popular video conferencing platform worked quickly to patch the bug, which was announced by Acros Security in a blog post at the same time as the firm itself was informed.

“Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10,” noted a brief statement sent to Infosecurity.

“Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from”

There were no details provided of the software flaw at the time, but it’s believed to have required some kind of user interaction to exploit, possibly via a phishing email. It was characterized as enabling arbitrary remote code execution.

While Windows 7 is technically no longer officially supported by Microsoft, there are still plenty of organizations out there with Extended Security Updates or who use virtual patching to maintain legacy installations.

Zoom released a further update on Sunday designed to deliver “minor bug fixes,” as well as AES-256 bit encryption for Zoom phone devices, call monitoring capabilities, customized speed dial and more.

Back in April, Zoom became a victim of its own success after several serious vulnerabilities were found in its platform by researchers, after the product’s daily meeting participants had soared from 10 million in December to roughly 200 million in March.

These included a vulnerability in the Zoom Windows client which could have been exploited to steal user passwords, and two flaws in the macOS app which could have been abused to remotely install malware or eavesdrop on users.

The firm announced Salesforce senior vice-president of security operations, Jason Lee, as its new CISO last month, and has also brought on board several high-profile industry experts as consultants and advisors.

These include former Facebook CSO, Alex Stamos, John Hopkins cryptography expert Matthew Green, Luta Security and NCC Group.

Categories: Cyber Risk News

Central Government Loses 300+ Devices Since 2018

Info Security - Mon, 07/13/2020 - 08:40
Central Government Loses 300+ Devices Since 2018

Over 300 electronic devices have gone missing from the heart of government over the past two years, according to new research from Parliament Street.

The think tank sent Freedom of Information (FOI) requests to the Prime Minister’s Office, the Privy Council, the Equalities Office and the offices of the leaders of the House of Commons and the House of Lords.

In response, they revealed that 89 devices had disappeared in 2018 and 163 last year, an 83% year-on-year increase. So far this year, 64 items have been lost despite many employees working from home due to COVID-19 lockdowns in central government.

Stav Pischits, CEO of security consultancy Cynance, argued that cyber-criminals can be incredibly persistent in going after high value targets like government data.

“With an increasingly remote workforce due to the COVID-19 outbreak, it’s absolutely essential that government departments take the necessary steps to ensure all devices are correctly secured,” he added.

“Even though these devices were encrypted, hackers can find new ways to break through systems to access confidential files, which could be lethal in the wrong hands. So, ensuring robust encryption and cybersecurity measures at all times is essential.”

This is just the latest in a long line of FOI-related research highlighting the persistent challenge of government-owned mobile devices going missing.

In July 2019 an FOI request from MobileIron revealed that 508 devices and laptops had gone missing from eight departments over the previous year. In the Ministry of Justice alone laptop losses soared 400% from 2016-2019, with 201 going missing in the 2018/19 period, according to Apricorn research.

In February this year, another report, this time from global communications company Viasat, claimed that over 2000 mobile devices had gone missing from central government departments over the previous year, many of them unencrypted. The higher number may be explained by the fact that 27 departments responded to this study.

Categories: Cyber Risk News

Californian Jailed Over Identity Theft Scheme Targeting Military

Info Security - Fri, 07/10/2020 - 18:00
Californian Jailed Over Identity Theft Scheme Targeting Military

A California man has been put behind bars for his role in an identity theft scheme that victimized thousands of US veterans and service members. 

Trorice Crawford pleaded guilty on December 5 last year to one count of conspiracy to launder monetary instruments. The 32-year-old San Diego resident admitted conspiring with US citizen Robert Wayne Boling Jr. and others to steal millions of dollars between May 2017 and July 2019. 

Crawford hired at least 30 people to act as money mules, paying them to receive funds stolen from current and former military personnel into their bank accounts. 

Unauthorized transfers from victims’ accounts ranged from $8,000 to $13,000 on average, with Crawford keeping a cut from each transaction. Crawford also oversaw the transmission of stolen funds to Boling and others in the Philippines via international money remittance services. 

A federal judge in San Antonio yesterday sentenced Crawford to 46 months in federal prison. Chief US District Judge Orlando Garcia ordered Crawford to pay $103,700 in restitution and be placed on a three-year period of supervised release after completing his prison term.

Crawford’s co-defendant, Frederick Brown, pleaded guilty to charges in connection with the identity theft scheme in October 2019 and will be sentenced on September 17. The 38-year-old used his former position as a civilian medical records administrator for the US Army to steal the personal identifying information (PII) of thousands of military members. 

Brown admitted using his cell phone to capture members’ names, Social Security numbers, DOD ID numbers, dates of birth, and contact information while being logged into the Armed Forces Health Longitudinal Technology Application.

The Las Vegas resident further confessed to handing over the stolen PII to Boling and his Philippines-based co-defendants, Australian Allan Albert Kerr and South Korean Jongmin Seok, so that they could use it to access Department of Defense and Veterans Affairs benefits sites and steal millions of dollars. 

As asserted in the federal grand jury indictment, Boling, Kerr, and Seok used the stolen data to compromise a Department of Defense portal designed to enable military members to access benefits information online. 

The trio are charged with multiple counts of conspiracy, wire fraud, and aggravated identity theft. Measures are being taken to extradite them from the Philippines to Texas.

Categories: Cyber Risk News

SANS Institute Cyber-Skills Game Now Available in Middle East

Info Security - Fri, 07/10/2020 - 17:00
SANS Institute Cyber-Skills Game Now Available in Middle East

A platform created by the SANS Institute to teach core cybersecurity skills is now available to students and young adults across the Middle East and Africa.

CyberStart Game provides a gamified learning experience that can be used in the classroom or accessed at home. This 100% online learning platform is designed to teach complex security concepts while promoting self-guided exploration and investigation over traditional learning tropes. 

Users can access over 200 different challenges via the platform, working through each one at a pace dictated by their own schedule and ability. The platform was thoughtfully established with built-in clues, tips, and video hints to assist students when they get stuck and to help them complete the challenge. 

CyberStart Game was created by SANS Institute CTO James Lyne, who based each challenge on historical real-world cyber-attacks, security breaches, and other cybersecurity scenarios. 

SANS Institute has opened up the platform to students and young adults in Africa and the Middle East as part of an ongoing emphasis on online learning and because of the heightened level of cybersecurity threat triggered by the current global health pandemic.

Ned Baltagi, Managing Director, Middle East & Africa at SANS Institute, said: “Global communities and their families including school- and university-going students are now in a shelter-at-home position. On the flip side, threat actors are increasing their activities, using advanced social engineering phishing techniques to lure online workers to malicious sites and possible ransomware attacks.”

Baltagi believes that through playing CyberStart, youngsters can acquire valuable cyber-self-defense skills that will help protect them while online.

“At this stage, CyberStart Game is the most appropriate and suitable platform to build awareness of cyber security skills for young adults, who may encounter these threats as they move to the next level of their career or device usage,” he said.

SANS Institute is offering CyberStart Game Education and Enterprise packages that include flexible access for students and teachers. No prior cybersecurity expertise is required to play the game or teach others how to play it.

“We will help schools, universities and organizations in the Middle East and Africa to find the right option for them,” said Baltagi.

Categories: Cyber Risk News

Vulnerability Found in Kasa Camera

Info Security - Fri, 07/10/2020 - 16:00
Vulnerability Found in Kasa Camera

A hobby farmer on the hunt for a vegetable-eating critter has discovered a flaw in a popular outdoor home security camera. 

Midwesterner Jason Kent purchased a Kasa camera to help identify whatever creature it was that had been eating his cucumber plants. In addition to uncovering the antics of a groundhog, Kent was alarmed to discover an account takeover (ATO)/credential stuffing vulnerability in the security device.

Kent said: “Upon installation I realized the mobile application was connecting directly over the network to the camera, and if I wasn’t on the network, I still could see the images from my camera on the mobile app. As a security professional, this concerned me.”

Kent, who is hacker-in-residence at Cequence Security, said the cybersecurity flaw he found in the device could allow a bad actor to spy on a user's home and change the camera’s settings.

“This API vulnerability makes it easier for a cyber-criminal to take over someone’s Kasa camera account and then use that access to change passwords, modify camera settings, view private security footage or use it to surreptitiously snoop on a user’s home,” he said.

Through further investigation, Kent discovered that although the Kasa’s mobile application uses SSL, the SSL certificate wasn’t pinned. This made it “easy to open it up and look at the transactions.”

“I also found that the authentication is simply BASE64 encoded username:password being passed under SSL,” said Kent. 

“Security best practices dictate that the application should hash under the SSL rather than encoding and reiterated the value of pinning the certificate.”

Of equal concern to Kent was the finding that the authentication to the web platform was giving “very verbose” API error messages included phrases such as “password incorrect.” Kent posits that this could leave users who set up their username as their email address vulnerable to cyber-attack.

Kent reported his concerns to TP-LINK, parent company of the Kasa brand, in March 2020. On June 15, the company said that the vulnerability he found would be fixed. At time of publication, the flaw had still not been remedied.

Categories: Cyber Risk News

Cloud Adoption Held Back by Data Loss and Compliance Fears

Info Security - Fri, 07/10/2020 - 15:30
Cloud Adoption Held Back by Data Loss and Compliance Fears

UK businesses have been slow to move to the cloud because of concerns over data loss and compliance breaches, according to the 2020 UK Veritas Databerg Report. It showed that just 47% of corporate data is currently stored in the cloud, despite IT decision makers believing 43% would be held in the cloud within 12 months during the last Databerg report back in 2015.

The study revealed that the current fears regarding data loss and compliance breaches has replaced other reservations organizations had regarding cloud adoption in 2015; whilst 77% highlighted security as a challenge to cloud adoption in 2015, this has fallen to 59% today. In addition, concerns over the unpredictability of the cloud fell from 49% in 2015 to 21% in 2020.

Another finding from the report was that just 19% of enterprise data is regarded as usable and business critical, whereas 28% is redundant, obsolete or trivial (ROT). Additionally, 53% is considered dark, i.e. stored without knowledge of what it is or its value.

Jasmit Sagoo, UK & Ireland CTO at Veritas Technologies, commented: “Businesses have negotiated the cloud challenges of 2015, but old fears are being replaced by new ones – and these need to be overcome if companies are going to meet their transformational goals. Concerns around cloud security and unpredictability may have been resolved, but they have been replaced by fear of data loss and compliance breaches, 55% and 54% respectively. This is understandable, given the wider data challenges that organizations often have, many of which can be exacerbated by a multi-cloud strategy.”

Nevertheless, the IT decision makers surveyed expect cloud adoption to increase well above the current rate within the next year, predicting that 64% of enterprise data will be stored in the cloud over the coming 12 months.

A key driver of cloud adoption is to reduce IT costs, according to the report, cited by 66% of businesses.

Categories: Cyber Risk News

Google Bans Stalkerware Ads From its Pages

Info Security - Fri, 07/10/2020 - 11:01
Google Bans Stalkerware Ads From its Pages

Google has updated its advertising policy to effectively ban stalkerware from its pages.

The tech giant announced the move in an update to its Enabling Dishonest Behavior policy. Although it didn’t mention the category by its more commonly known name, the firm said it will “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”

Stalkerware is a type of monitoring tool downloaded secretly to a victim’s device, where it spies on their communications, location, photos and web browsing.

It’s commonly marketed by developers as a way for parents to monitor their children, or for adults to check whether their partners are having an affair. In reality, it is all-too-often used by domestic abusers, stalkers and violent ex-partners.

Google made it clear that the new policy doesn’t apply to “private investigation services” or tools designed to help parents monitor underage children.

The advertising ban will apply to the following:

“Spyware and technology used for intimate partner surveillance including but not limited to spyware/malware that can be used to monitor texts, phone calls, or browsing history; GPS trackers specifically marketed to spy or track someone without their consent; promotion of surveillance equipment (cameras, audio recorders, dash cams, nanny cams) marketed with the express purpose of spying.”

Figures released by Kaspersky in March this year to coincide with International Women’s Day revealed that the number of victims targeted by stalkerware jumped 91% in the UK from 2018 to 2019, while the global figure was 67%.

Although the AV vendor detected 67,500 cases worldwide over the period, this is likely to be just the tip of the iceberg.

In fact, Avast research has revealed a sharp rise in downloads following COVID-19 lockdowns. It claimed that installations of stalking apps in the UK rose 81% from March, versus January and February figures.

The new Google policy will come into force on August 11.

Categories: Cyber Risk News

Zoom Zero-Day Bug Hits Legacy Windows Users

Info Security - Fri, 07/10/2020 - 09:30
Zoom Zero-Day Bug Hits Legacy Windows Users

Zoom is scrambling to fix another zero-day vulnerability in its Windows client, this time potentially leading to arbitrary remote code execution.

Acros Security CEO, Mitja Kolsek, revealed the news in a blog post, claiming that the researcher who found the bug didn’t disclose to the vendor or a third-party broker, “but would not object to us reporting it to Zoom.”

“We analyzed the issue and determined it to be only exploitable on Windows 7 and older Windows systems. While Microsoft's official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life with Microsoft's Extended Security Updates or with 0patch,” he explained.

“We then documented the issue along with several attack scenarios, and reported it to Zoom earlier today along with a working proof of concept and recommendations for fixing. Should a bug bounty be awarded by Zoom, it shall be waived in favor of a charity of researcher's choice.”

Acros Security’s 0patch offering provides “micropatches” to running processes without the need for administrators to restart these processes.

The firm has decided to provide these patches for free to anyone that downloads the 0patch Agent. These will automatically become obsolete as soon as Zoom releases an update to fix the vulnerability, it said.

There are no technical details of the zero-day available at present.

Zoom has been on a hiring spree of late in a bid to ramp up its security credentials. Most recently it announced Salesforce SVP of security operations, Jason Lee, as its new CISO.

The video conferencing firm has also signed-up former Facebook CSO Alex Stamos as an advisor, Luta Security as a new partner to help rebuild its bug bounty program, John Hopkins cryptography expert Matthew Green, former Google privacy technology lead, Lea Kissner, and cybersecurity consultancy NCC Group.

Categories: Cyber Risk News

Pub-Goers at Risk of Cyber-Attacks as Lockdown Eases

Info Security - Fri, 07/10/2020 - 08:25
Pub-Goers at Risk of Cyber-Attacks as Lockdown Eases

UK pubs and restaurants are exposing their customers to the risk of phishing attacks as consumers head back to the bar after a long period of lockdown, according to Proofpoint.

The security vendor analyzed the and .com domains of 50 of the top 88 most popular dining brands in the country, to check whether they’ve implemented the strongest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection.

It found that 98% had not – in fact 70% had no published DMARC record at all, leaving their customers wide open to phishing.

Just 2% of pub and dining brands had the strongest policy (“p=reject”) in place.

While not a silver bullet, DMARC can help to limit the impact of spam and phishing, but malicious emails will only be prevented from reaching customers’ inboxes if p=reject is set. The weakest setting is p=none, which will allow brands to monitor activity but means phishing emails are still sent to users. The next level up, p=quarantine, will mean suspicious messages are sent to the receiver’s junk folder.

Pub- and restaurant-goers are particularly exposed at present as establishments are requiring many users to book online before they arrive, and/or to provide their details for contact tracing purposes.

This means customers will be primed to expect communications from these brands, something cyber-criminals could leverage to their advantage.

The Prime Minister announced the re-opening of these businesses from July 4 after several months under lockdown.

“We have seen during the pandemic that cyber-criminals don’t hesitate to prey on society’s anxiety around COVID-19 to target individuals and businesses. In times of fear and uncertainty, individuals are much more susceptible to these kinds of attacks, particularly if a fraudulent email looks like it has come from a genuine domain,” said Adenike Cosgrove, cybersecurity strategist, international, at Proofpoint.

“We recommend that people take steps to make sure that they don’t click on anything suspicious, even if it appears to come from an official source, and instead take steps to contact establishments if they aren’t sure.”

Categories: Cyber Risk News

Brits Desire More Regulation of AI

Info Security - Thu, 07/09/2020 - 22:51
Brits Desire More Regulation of AI

New research has found that the British public are in favor of increased regulation and more accountability in the field of Artificial Intelligence (AI).

An independent survey of 2,000 adults in the UK by AI firm discovered that 64% of respondents would like to see the introduction of additional regulation to make artificial intelligence safer.

Concern over the safety of AI varied according to age, with younger respondents adopting a more relaxed attitude. While 73% of those aged over 55 supported the introduction of extra guidelines to improve safety standards, only 53% of those aged between 18 and 34 concurred.

Britons also wanted to see companies take more accountability, with 72% of people believing that companies that develop AI should be held responsible for any mistakes that the technology makes. At 81%, those aged over 55 were the most likely to hold this view, while at 60%, millennials were the least likely to agree. 

The research, which was published today, revealed that Brits have high expectations regarding AI's performance and capabilities. The view held by 61% of respondents was that AI should not be making any mistakes when making decisions or performing an analysis.

While positive assumptions may prevail regarding the might of the technology's functional prowess, more than two-thirds of those surveyed felt that AI should be kept under the watchful eye of mankind. The survey found that 69% think that a human being should always be monitoring and checking decisions made by AI.  

Again, the more seasoned respondents were typically more in favor of human monitoring, with 77% of over-55s stating that AI's decisions should be checked and monitored. 

While William Shakespeare observed that "to err is human," machines can also get things wrong. When questioned about the chances of AI making a miscalculation, researchers found that 45% of survey respondents said it is harder to forgive errors that are made by machines than it is to forgive mistakes made by humans. 

This result concerning the ability to forgive—described as divine by the bard—was similar across the various age demographics surveyed. 

Nikolas Kairinos, founder of, said: "While lawmakers may need to refine responsibility for AI’s actions as the technology advances, over-regulating AI risks impeding the potential for innovation with AI systems that promise to transform our lives for the better.”

Categories: Cyber Risk News

Teen Murdered After Confronting Cyber-Bullies

Info Security - Thu, 07/09/2020 - 17:30
Teen Murdered After Confronting Cyber-Bullies

A teenager from San Diego has been fatally shot after confronting cyber-bullies who targeted her sister online. 

The life of 19-year-old Janessa Del Valle was tragically cut short on July 4 as America celebrated its national Independence Day. 

The young woman from Bonita was killed while attempting to stop bullies from using the internet to body-shame her 13-year-old sibling. 

Del Valle's mother said that her daughters were expecting to meet with a couple of girls they believed to be responsible for the bullying when they left the family’s apartment together on Saturday. 

“When they met up, they thought they were meeting two girls, but they ended up meeting a carload of four people,” Del Valle's mother said.

Deputies said that the confrontation escalated into a fight in which Janessa was fatally shot. 

Del Valle’s mother said that after shooting Janessa, the attackers then turned on her 13-year-old sister.  

The attack took place in a parking lot at the 5100 block of Cedarwood Road in Bonita just steps from the Del Valle family’s home. 

Janessa was a former high school athlete who had been studying at San Diego City College at the time of her death. Her mother said cyber-bullying was an issue that could impact any child. 

“If you have children, and you see your children getting bullied, you need to do something about it—don’t think it’s innocent or it’s going to go away,” Del Valle's mother said

A search is now underway for Janessa's killer(s), and the San Diego Sheriff’s Department is asking for any witnesses to call in tips. 

Categories: Cyber Risk News

Cyber-Attack Downs Alabama County’s Network

Info Security - Thu, 07/09/2020 - 16:15
Cyber-Attack Downs Alabama County’s Network

A suspected ransomware attack has caused the temporary closure of an Alabama county’s computer network.

Chilton County implemented a shutdown after being targeted by a suspected ransomware attack on the morning of July 7. County Commission Chairman Joseph Parnell announced the incident on the social media network Facebook.

“The incident has caused a temporary disruption to the County’s computer records systems including the tag office and probate court records,” wrote Parnell. 

“Persons needing services provided by our various departments should check with the clerks in the particular department before coming to the courthouse to ensure that needed records are accessible.”

As a result of the attack, local records required by the courthouse in the performance of its regular services have been rendered unavailable. 

In a phone interview with the Clanton Advertiser, Parnell said an investigation was underway to determine the severity of the cyber-incident. The county servers and computers in several departments have been closed in a bid to limit the spread of any malware infection that may have occurred. 

“Our databases and computers are shut down while the cyber guys are trying to figure out if and what the extent was of the intrusion,” said Parnell.  

The chairman said that until the severity of the attack had been diagnosed, the county was assuming the worst.

Parnell said: “It could be very minor, and it could be very serious, but we have to treat this like it is extremely serious until we know otherwise.”

A cyber-attack was suspected when the county’s computers started behaving in a way that was out of character. Parnell said that Chilton’s employees noticed “their computers were not functioning normally. They were sluggish, and some of their applications looked different.”

Employees reported the discrepancies to the local IT team, which then shut down the county’s internal network.  

“We have a cyber-policy in place and have hired a firm of professional IT people out of New York that is going to come in and assess the system,” Parnell said.

The cyber-branch of the FBI and the Alabama Attorney General’s Office have been notified of the incident.

Categories: Cyber Risk News

95% of Brits Unable to Consistently Identify Phishing Messages

Info Security - Thu, 07/09/2020 - 15:00
95% of Brits Unable to Consistently Identify Phishing Messages

Just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found.

Scam emails purporting to be from Facebook were shown to be most likely to trick people. Additionally, participants found it harder to spot scams via SMS messages compared to emails.

For the study, Computer Disposals created a quiz comprised of genuine recreated messages and emails from organizations including the UK government, Amazon, Disney Plus and Netflix alongside scam texts and emails that included the exact tactics being used by hackers to gain access to users’ accounts and personal details. They then asked 1000 individuals to try and distinguish between those that were genuine or fake.

The findings are especially concerning in light of a rise in phishing attacks during the COVID-19 pandemic, as cyber-criminals play on people’s economic and health fears during the crisis.

The respondents were observed to be naturally suspicious of all communications, however, with just 44% able to identify the genuine messages and emails.

Ben Griffin, director of Computer Disposals Limited, commented: “Over the past decade, cybercrime has risen to become a major risk for all of us – individuals and companies alike. As we live more and more of our lives online, phishing scams have become one of the most prevalent types of security breaches, especially as we use multiple devices interchangeably.

“Our data shows that only 5% of the British public are able to consistently identity phishing scam emails and texts, highlighting both how sophisticated and convincing these messages have become, as well as the need for us to constantly remain alert – especially so when we are spending more time at home. Vigilance is the key to remaining secure: safeguard your passwords, install recommended software updates and always treat messages with links or requesting information with due suspicion – even if they appear legitimate.”

Categories: Cyber Risk News

Alert Fatigue and Overload an Issue for Majority of Security Analysts

Info Security - Thu, 07/09/2020 - 14:01
Alert Fatigue and Overload an Issue for Majority of Security Analysts

Security professionals are struggling to effectively manage high volumes of security alerts.

According to the 2020 State of SecOps and Automation Report, a study conducted by Dimensional Research on behalf of Sumo Logic, managing the sheer volume of security alerts poses a significant problem for IT security professionals.

Its research of 427 qualified security individuals found 70 had faced more than double the volume of security alerts in the past five years, whilst 99% stated high volumes of alerts were causing problems for IT security teams.

This led 83% to say their security staff had experienced alert fatigue.

“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue,” said Diane Hagglund, principal for Dimensional Research.

“To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts. These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”

Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.

Speaking to Infosecurity, Virtually Informed CISO Sarb Sembhi said, in the last 20 years, technology has been about “collecting and giving you alerts” and until AI came along, there was little in the way of a solution to deal with alerts and to be able to see all alerts in a single view.

“The cause of this is so many different technologies that come into the security estate and give you an alert and tell you something is wrong and somebody has done something, and there is not a single view,” he said. “What you need is a single sense to tell you what the course of action should be.”

He concluded that there is an issue of seeing so many alerts and an analyst having a “so what” attitude, but even if one of a million alerts is dangerous “you cannot become complacent.”

Categories: Cyber Risk News