Feed aggregator

$200m Spear Phished from Cryptocurrency Exchanges

Info Security - Fri, 06/26/2020 - 14:46
$200m Spear Phished from Cryptocurrency Exchanges

A newly detected threat group has stolen an estimated minimum of $200m from cryptocurrency exchanges in just two years.

The dastardly deeds of cyber-criminal organization CryptoCore were discovered by security firm ClearSky Cyber Security. Recently published research by the company revealed that the threat group has been active since at least May 2018, primarily targeting victims in the United States and Japan. 

CryptoCore appears to have achieved dizzying heights of financial success despite relying on unsophisticated attack techniques. 

"This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless," wrote researchers. 

"The CryptoCore group is known for having accumulated a sum of approximately 70mil USD from its heists on exchanges. We estimate that the group managed to rake in more than 200mil USD in two years."

CryptoCore almost exclusively targets cryptocurrency exchanges and companies working with them via supply-chain attacks. 

The key goal of the group's heists is to gain access to digital wallets associated with cryptocurrency exchanges, including corporate wallets and wallets belonging to the exchanges' employees. Researchers say that access is gained via spear phishing.

"The group’s key infiltration vector to the exchange is usually through spear phishing against the corporate network," wrote researchers, adding that "the executives’ personal email accounts are the first to be targeted."

The spear phishing is typically carried out by impersonating a high-ranking employee either from the target organization or from another organization with connections to the targeted employee. 

Contained within the spear phishing email is a malicious Bitly link that appears to go to a Google Drive folder but actually sends the victim to a landing page controlled by the threat group.

After gaining an initial foothold, the group accesses the victim’s password manager account and steals their crypto-wallet keys.

ClearSky has been tracking the threat group for two years, observing a fairly constant stream of activity, though attacks did slow in the first half of 2020, with researchers attributing the lull to the COVID-19 pandemic. 

Despite their prolonged tracking of CryptoCore, researchers were unable to conclusively pinpoint the threat group's origin. Researchers would say only that "we assess with medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular."

Categories: Cyber Risk News

Microsoft: Patch IIS Bug Now to Protect Exchange Servers

Info Security - Fri, 06/26/2020 - 10:50
Microsoft: Patch IIS Bug Now to Protect Exchange Servers

Microsoft has warned Exchange customers to patch their servers urgently after reporting a surge in attacks exploiting an Internet Information Service (IIS) vulnerability.

That flaw, CVE-2020-0688, was patched in February, but attackers are still finding victims compromised by such attacks. With access to the targeted server, hackers often deploy a web shell to steal data or perform other malicious actions in the future, explained Hardik Suri of the Microsoft Defender ATP Research Team.

Multiple APT groups were detected exploiting the bug back in March, but a month later 350,000 servers were still unpatched, according to Rapid7.

“If compromised, Exchange servers provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance,” Suri added.

“This is exacerbated by the fact that Exchange servers have traditionally lacked anti-virus solutions, network protection, the latest security updates and proper security configuration, often intentionally, due to the misguided notion that these protections interfere with normal Exchange functions. Attackers know this, and they leverage this knowledge to gain a stable foothold on a target organization.”

Following a web shell deployment, attackers may perform reconnaissance, perhaps using EternalBlue to identify vulnerable machines on the network. If the server has been misconfigured, they may have gained privileges that enable them to add a new account for persistence.

Compromised Exchange servers can also enable credential access for some of the “most sensitive users and groups in an organization,” said Suri.

Lateral movement, Exchange Management Shell abuse, remote access and exfiltration typically follow, he added.

Apart from applying the latest security updates, Microsoft recommended Exchange server customers keep anti-virus and other protections on at all times, review highly privileged groups, restrict access and prioritize alerts.

Categories: Cyber Risk News

European Commission: Still Work to Do on GDPR

Info Security - Fri, 06/26/2020 - 09:30
European Commission: Still Work to Do on GDPR

The GDPR has successfully met its main objectives but work still needs to be done to improve cross-border investigations, increase regulator resources and address fragmented approaches across the EU, according to the European Commission.

The review of the data protection legislation two years on highlights several areas for improvement.

One of the most pressing is the need for harmonization across the region. This is because, although the regulation must be applied across the board, it allows for member states to legislate in some areas and provide specificity in others.

This has led to the “extensive use of facultative specification clauses,” which has made for differences in areas such as the age of children’s consent across different countries, the report claimed.

This could create problems for cross-border business and innovation, especially in tech and cybersecurity innovation, the Commission said.

“A specific challenge for national legislation is the reconciliation of the right to the protection of personal data with freedom of expression and information, and the proper balancing of these rights,” it argued.

“Some national legislations lay down the principle of precedence of freedom of expression, whilst others lay down the precedence of the protection of personal data and exempt the application of data protection rules only in specific situations, such as where a person with public status is concerned.”

Other areas that need continued work include the more efficient handling of cross-border cases and the disparity in “human, financial and technical” resources between many regulators.

This echoes a report issued in April by web browser firm Brave, which claimed that regulators are unable to match the financial might of technology giants like Google and Facebook, which puts them at a distinct disadvantage in investigations.

Only five of Europe’s 28 GDPR regulators have over 10 tech specialists, while half have budgets of under €5m. The UK’s ICO, which is the largest and most expensive watchdog to run, has only 3% of its 680 staff focused on tech issues, the report claimed.

Stewart Room, global head of data protection and cybersecurity at DWF, took issue with the Commission’s claim that GDPR has “successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU.”

“A key problem to note is that there is an absence of such evidence on data protection performance levels under the previous legal regime (the 1995 Directive), so, therefore, there isn't a benchmark available to substantiate progress made under the GDPR,” he argued. 

“In contrast, reports of personal data security breaches have not run dry, there are still structural problems in the AdTech environment and with the ceaseless progression of developments in technology, such as facial recognition and AI, there have to be doubts about the ability of the law and the regulatory system to keep up speed.”

Categories: Cyber Risk News

Domestic Abuse Victims Exposed in Cloud Misconfiguration

Info Security - Fri, 06/26/2020 - 08:30
Domestic Abuse Victims Exposed in Cloud Misconfiguration

Thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.

Researchers at vpnMentor led by Noam Rotem and Ran Locar found the voice recordings stored on a publicly accessible AWS S3 bucket.

They were traced back to Aspire News, an application built by US non-profit When Georgia Smiled, which features an emergency help section via which domestic abuse victims can send their distress messages. It’s backed by US TV celebrity and clinical psychologist Dr Phil.

In total, the researchers found around 230MB of data, containing around 4000 voice recordings dating back to September 2017. Fortunately, once contacted, AWS informed the non-profit and the issue was shut down the same day.

However, the data exposed in the voice recordings was highly sensitive, including victims’ full names and home addresses, details of their circumstances and their abusers’ names and personal details.

Domestic violence cases are said to have surged dramatically during lockdown, when abusers are often confined at home with their victims for extended periods.

“Had malicious or criminal hackers accessed these recordings, they could be weaponized against both victims and abusers to pursue blackmail and extortion campaigns,” said vpnMentor.

“The potential devastation caused by such an outcome can’t be overstated, risking the health, emotional wellbeing and safety of all those impacted.”

Cloud configuration errors surged by 80% between 2018 and 2019, according to DivvyCloud by Rapid7.

“This particular instance is a critical reminder of the importance of securing data in the cloud,” said the firm’s co-founder, Chris DeRamus.

“By implementing a proactive and holistic approach to detecting risks and misconfigurations in the cloud in the build process, security lapses can be identified and remediated before data ever has a chance to be exposed.”

Categories: Cyber Risk News

Police Seize Alleged Bitcoin Raider's $90m in Assets

Info Security - Thu, 06/25/2020 - 18:00
Police Seize Alleged Bitcoin Raider's $90m in Assets

Police in New Zealand have seized $90m worth of assets belonging to a man wanted for cybercrimes in France and the United States. 

Alexander Vinnik allegedly masterminded a Bitcoin laundering ring that handled billions of dollars via a digital currency exchange. He is also wanted for some minor crimes in his native Russia.

Digital cash allegedly laundered by the exchange is believed to have included $4bn in funds stolen from the now defunct Tokyo-based bitcoin exchange Mt. Gox in a cyber-heist. 

US authorities assert Vinnik has committed a string of crimes ranging from computer hacking and money laundering to drug trafficking while in control of digital currency exchange BTC-e. 

The 38-year-old alleged criminal has declared himself innocent of all the charges made against him, some of which date as far back as 2011. Vinnik maintains that he was merely a technical consultant to BTC-e and was not employed in an operational capacity. 

The alleged criminal mastermind was admitted to a French hospital earlier this year after staging a hunger strike to protest his innocence. 

Vinnik was arrested in Greece in 2017 on money laundering charges and has since been extradited to France, where he is being held in custody. 

French officials charged Vinnik on counts of extortion, aggravated money laundering, conspiracy, and harming automatic data-processing systems. 

Zoe Konstantopoulou, a member of Vinnik's defense team, said: "Alexander’s crime is to be Russian and a person with extraordinary technological knowledge that could liberate people economically."

The multi-million-dollar seizure of Vinnik's assets—worth NZ$140m—is the largest restraint of funds in New Zealand Police history. 

New Zealand Police Commissioner Andrew Coster said the funds are probably ill-gotten gains pilfered from a slew of victims around the world.

"This restraint demonstrates that New Zealand is not, and will not be, a safe haven for the illicit proceeds generated from crime in other parts of the world," said Coster.

The seizure was a joint effort achieved by close cooperation between the New Zealand Police and the US Internal Revenue Service. New Zealand cops said that it has applied to the High Court seeking forfeiture of the funds. 

Categories: Cyber Risk News

HelpSystems Acquires Two Security Software Companies

Info Security - Thu, 06/25/2020 - 17:00
HelpSystems Acquires Two Security Software Companies

Minnesota software company HelpSystems has acquired two data classification companies in response to “brisk” demands for its security software. 

The company said that the addition of Canadian company Titus and British firm Boldon James to its security portfolio establishes HelpSystems as “the leading platform in data classification and meets customers’ needs for a comprehensive, powerful suite of data security options.”

From its headquarters in Ottawa, Titus provides solutions that enable businesses to accelerate their adoption of data protection. The company’s products enable organizations to discover, classify, protect, analyze, and share information. 

Titus has millions of users in over 120 countries. Customers of the company include some of the largest financial institutions and manufacturing companies in the world, government and military organizations across the G7 and Australia, and Fortune 2000 companies. 

Boldon James is a 30-year-old company based in the small village of Farnborough, just outside of London. HelpSystem's new acquisition describes itself as an industry specialist in data classification and secure messaging, delivering globally recognized innovation, service excellence, and technology solutions that work.

“Bringing Titus and Boldon James into the HelpSystems family is another step toward our unwavering goal of giving customers the most robust collection of trusted security and automation solutions available, backed by a people-first commitment to long-term customer success,” said Kate Bolseth, CEO, HelpSystems. 

“The talent, success, and market-leading solutions that characterize both Titus and Boldon James enrich and expand our ability to help our customers keep their data safe.”

HelpSystems said that the solutions offered by Titus and Boldon James will work in lockstep with its GoAnywhere Managed File Transfer and Clearswift email and web security solutions to ensure sensitive information is classified properly and secured throughout its life cycle.

"Titus fits well with HelpSystems’ security portfolio, and we are thrilled to expand the range of solutions for our customers,” said Jim Barkdoll, CEO, Titus. 

“We are confident we have found the right place to continue driving our innovation and business forward.”

CEO of Boldon James Martin Sugden added: “Joining these well-known players in the data security space is the ultimate way to offer global organizations the ability to detect and protect their ever-growing troves of sensitive data.”

Categories: Cyber Risk News

350,000 Social Media Influencers and Users at Risk Following Data Breach

Info Security - Thu, 06/25/2020 - 16:06
350,000 Social Media Influencers and Users at Risk Following Data Breach

Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams.

The leak was discovered by Risk Based Security’s data breach research team on June 6 when a known threat actor revealed they had compromised Preen.Me’s systems and were holding the personal information of over 100,000 affiliated influencers under ransom on a popular deep web hacking forum. The actor shared 250 records via PasteBin on the same day, and two days later on June 8, stated their intention to release the other 100,000 records, although this has not yet occurred.

The information includes influencers’ social media links, email addresses, names, phone numbers and home addresses. It was noted that those affected appear to be associated with cosmetic or lifestyle-related content.

Roy Bass, senior dark web analyst, Risk Based Security, commented: “While passwords were not leaked, threat actors can search for compromised passwords from other database leaks and link them to the accounts through email addresses/other personal information, or employ brute force techniques. We observed one threat actor state his intention to do so.

“They [those exposed] are also susceptible to spam and substantial harassment via their leaked contact information, as well as spear-phishing and identity theft scams if enough personally identifiable information is gathered.”

Then on June 14, the same cyber-criminal fully leaked the details of over 250,000 social media users who use Preen.Me’s application, ByteSizedBeauty. This includes their social media links, as well as personal information such as home and email address, date of birth, eye color and skin tone.

Bass added: “Regarding the other social media users, they are vulnerable to the previously mentioned threats with an increased risk for spear-phishing and identity theft scams due to more personal information being leaked.”

Categories: Cyber Risk News

PlayStation Announces Bug Bounty Program

Info Security - Thu, 06/25/2020 - 14:07
PlayStation Announces Bug Bounty Program

PlayStation has announced that it will pay hackers thousands of dollars to unearth vulnerabilities in its network and entertainment products. 

The gaming titan launched its PlayStation Bug Bounty program yesterday morning in hopes of rooting out flaws and providing players with a more secure user experience. 

The initiative is being run in collaboration with well-known security platform HackerOne

PlayStation has been running a private Bug Bounty program for some time in partnership with an elite group of researchers. Now, for the first time in the 26-year-old gaming console's history, the public are being invited to report bugs in return for cash.

A PlayStation spokesperson said: "We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network."

The new program recognizes the high levels of skill and resourcefulness needed to be among the ethical hacking netizenry.

"To date, we have been running our bug bounty program privately with some researchers," said PlayStation. "We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community."

Under the new program, vulnerabilities will attract different sized monetary rewards depending on their severity and on the quality of the report submitted. 

While hackers are invited to flag flaws in both the PlayStation Network and the PlayStation 4, higher bounties will be awarded for faults found in the latter. Detecting a critical vulnerability impacting PlayStation 4 could earn an ethical hacker an extremely pretty penny. 

"Our bug bounty program has rewards for various issues, including critical issues on PS4," said a PlayStation spokesperson. "Critical vulnerabilities for PS4 have bounties starting at $50,000."

PlayStation did not reveal the maximum amount that could be paid out for a single flaw. 

Explaining which flaws they are most concerned about, PlayStation said: "We are currently interested in reports on the PlayStation 4 system, operating system, accessories and the PlayStation Network."

Domains within the scope include .playstation.net, .sonyentertainmentnetwork.com, api.playstation.com, my.playstation.com, store.playstation.com, social.playstation.com, transact.playstation.com and wallets.api.playstation.com.

Categories: Cyber Risk News

NCSC: One Million Phishing Messages Reported in Two Months

Info Security - Thu, 06/25/2020 - 13:45
NCSC: One Million Phishing Messages Reported in Two Months

The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports.

According to a statement, the service, which was launched in April as part of the Government’s Cyber Aware campaign, receives a daily average of 16,500 emails.

NCSC chief executive officer Ciaran Martin called the number of reports a “milestone” and said it was “testament to the vigilance of the British public.”

He added: “The kind of scams we’ve blocked could have caused very real harm and I would like to thank everyone who has played their part in helping to make the internet safer for all of us.”

Ed Macnair, CEO of Censornet, said: “Although it is positive to see people being vigilant against spam and phishing attacks, these figures from the NCSC demonstrate the extent of the problem. Cyber-criminals will continue to capitalize on the hysteria surrounding COVID-19 to exploit both organizations and individuals, preying on their curiosity and vulnerability.”

Figures show that 10% of the scams were removed within an hour of an email being reported, and 40% were down within a day of a report. Also, 10,200 malicious URLs linked to 3485 individual sites have been removed thanks to the one million reports received.

The Suspicious Email Reporting Service was co-developed with the City of London Police. Its commander Karen Baxter said: “Unquestionably, a vast number of frauds will have been prevented, thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks.”

Fake cryptocurrency investment lures made up more than half of all the online scams detected as a result of reporting from the public. In these cases, investors are typically promised high returns in exchange for buying currency such as Bitcoin, but scammers masquerade as crypto exchanges or traders to trick people into handing over money by using fake celebrity endorsements and images of luxury items.

According to the FCA, cryptocurrency investment scams have cost the British public around £27m, as victims are encouraged to invest more and more money.

Macnair also warned of the danger of social engineering attacks, and said it is crucial that organizations take it upon themselves to protect employees from these email attacks in the first instance. “Businesses need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks,” he said.

Categories: Cyber Risk News

IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda

Info Security - Thu, 06/25/2020 - 13:00
IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda

The Information and Records Management Society (IRMS) – the association for information professionals and students in information governance, records management, data protection and information security – has announced the appointment of Reynold Leming to the position of chair.

Leming, who has worked in the data processing and information governance industry for over 30 years, will focus on initiatives that promote diversity and inclusion, as well as encourage new talent to choose a career in the sector.

Leming will be commissioning a comprehensive survey of diversity within the information and records management profession, including investigating barriers to entry and career progression.

Leming said: “We have an important role in advocacy and must ensure the IRMS is representative, rich in diversity and inclusivity.”

In addition to leading a research program, Leming and the executive team will also focus on engagement with the skills and education sector.

“We will seek to collaborate with schools and colleges to actively promote the teaching of data and information and encourage the next generation to take qualifications and/or vocational pathways that will lead them to a successful career in our sector.”

Categories: Cyber Risk News

33% Surge in Financial Fraud Attempts During #COVID19 Lockdown

Info Security - Thu, 06/25/2020 - 12:15
33% Surge in Financial Fraud Attempts During #COVID19 Lockdown

Financial fraud attempts rose by 33% in April as the UK entered lockdown due to the COVID-19 pandemic, new analysis from Experian and the National Hunter Fraud Prevention Service has revealed.

Fraudsters targeted a myriad of financial products, including current and savings accounts, as they sought to take advantage of the disruption to both businesses and their customers brought about by the virus outbreak.

Across all financial products, fraud rates increased by a third when compared with previous monthly averages. The largest increase was in fraudulent car and other asset finance applications, which saw a rise of 181%, followed by current accounts (35%) and then saving accounts (28%), according to Experian.

Fraudulent credit card applications (17%) and unsecured loans (10%) also went up, Experian claimed.

However, while the findings highlight an increase in the proportion of fraudulent applications, they also signal that fraud teams have been able to successfully identify and investigate new fraudulent activity since the pandemic began.

Micah Willbrand, managing director of identity and fraud at Experian, said: “The rise in fraud rates across each category is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraudulent applications, even in the unique circumstances the country finds itself in.”

It's likely fraudsters have been looking to take advantage of the situation under the belief that the disruption would give them a better chance of success, “but they have been largely disappointed," added Willbrand.

“Fraud teams have had greater capacity to flag and investigate openings that otherwise may have gone unchecked, resulting in incidents of fraud being successfully identified.”

Categories: Cyber Risk News

Medical Devices Among Most Risky to Security

Info Security - Thu, 06/25/2020 - 11:02
Medical Devices Among Most Risky to Security

Medical devices, physical access operations and networking equipment are among the most risky when it comes to risks posed to businesses.

Using analysis of metrics and data from the Forescout Device Cloud, the company identified points of risk inherent to device type, industry sector and cybersecurity policies. It determined that the riskiest device groups include smart buildings, medical devices, networking equipment and VoIP phones.

The data, which was correlated from around 11 million devices, determined the risk posed by connected medical devices because of their potential impact, both in terms of business continuity and their potential to harm patients. Forescout said that alongside a reliance on new technologies and increased connectivity, it was witnessing an increase in the number and sophistication of vulnerabilities in medical devices and cyber-attacks on hospitals, although these rarely target medical devices directly.

Speaking to Infosecurity, Forescout research manager Daniel De Santos said this is the first time the company had undertaken such research at this scale, where there is a lot of available and powerful data. Looking at the details on medical and healthcare devices, De Santos said there are many types of devices, and some are directly connected and some are on the diagnosis side, and they have an impact in different ways. “It doesn’t matter about the vulnerability as the easiest action is to crash the infusion pump, but whether the vulnerability is critical enough to be able to execute the attacker’s demands,” he said.

This also impacted the medical supply chain, where De Santos said devices are connected to workstations and ultimately to patient databases and prescriptions. “They should not talk to one another and networks should be isolated and segmented so the laptop doesn’t talk to the infusion pump,” he explained.

Forescout added, according to its data sample, physical access control solutions were the most risky due to the presence of many critical open ports, connectivity with devices and the presence of known vulnerabilities. In particular, De Santos named badge readers as being a surprise, as research showed that a badge reader could be reprogramed to allow anyone to enter a building “and it is not the worst thing for an office, but think about airports, hospitals or government buildings, critical buildings.”

De Santos said he expected improvements on this type of data year-on-year, especially as awareness of the issue is growing, and with more improvements in segmentation. “We see signs of improvements and companies are more aware and know what to do and can mitigate risk,” he said.

Categories: Cyber Risk News

Firms Plan Hiring Spree to Bolster Remote Working Security

Info Security - Thu, 06/25/2020 - 10:30
Firms Plan Hiring Spree to Bolster Remote Working Security

Around half (48%) of UK businesses have admitted that their cybersecurity policies aren’t fit-for-purpose in the “new normal” of mass remote working, according to Centrify research.

The access management vendor polled 200 senior decision makers in medium and large businesses to better understand their evolving security challenges during the current pandemic.

While many are aware that current policies will need to be updated, they do seem to be taking steps to try and bolster security. Three-quarters (75%) of those polled said they have issued formal guidance or training to staff on secure home working, and half are planning to hire new IT or security staff to enhance security processes.

However, this won’t be easy given current skills shortages, which are estimated at over four million positions globally, including over 290,000 in Europe. Many may have to seek outside help via managed service providers and contracting staff.

On that point, nearly three-fifths (59%) of respondents said they now treat outsourcers and other third parties as an equal cyber-risk as remote working employees, which should help to reduce the threat from the supply chain.

Half of all cyber-attacks revealed by Carbon Black in a report last year involved some form of “island hopping” from a supply chain partner.

According to Centrify, most (65%) decision makers in medium and large firms expect an increase in phishing attacks and attempts to steal sensitive data going forward. This is to be expected, as cyber-criminals look to ramp up attacks against potentially distracted employees and unpatched remote access infrastructure.

Although Microsoft has claimed that the volume of COVID-specific threats remain very small, less than 2% of all threats, it has also warned of sophisticated ransomware attacks on hospitals and other organizations during the crisis.

“Unfortunately, remote workers including third-party contractors have been deemed a desirable target by cyber-criminals, who are assuming that these employees have not been properly trained in, or protected by, the correct security measures in their transition to remote working during the COVID-19 pandemic,” said Centrify VP Andy Heather.

“However, it’s promising to see that so many businesses have adjusted security policies in response to this threat and are still considering bolstering security and IT staff.”

Categories: Cyber Risk News

Zoom Hires Former Salesforce SVP as New CISO

Info Security - Thu, 06/25/2020 - 09:30
Zoom Hires Former Salesforce SVP as New CISO

Zoom has made another high-profile hire as it looks to bolster its security credentials, with the recruitment of Salesforce SVP Jason Lee as its new CISO.

Lee was previously SVP of security operations at the SaaS pioneer, where he was responsible for corporate network and system security, incident response, threat intelligence, data protection, vulnerability management, intrusion detection, identity and access management, and the offensive security team.

Prior to that role, Lee spent 15 years at Microsoft, where he rose from a position as senior manager to principal director of security engineering for the Windows Device Group.

“Our customers’ security is extremely important and is at the core of everything we do. We are excited to welcome Jason, who has deep industry experience, understands the complexity of servicing a wide variety of users, and can lead Zoom’s efforts to strengthen the security of our platform during this time of rapid expansion,” said Lee’s new boss, Zoom COO, Aparna Bawa.

The new hire comes on the back of several big-name announcements over recent weeks, as Zoom seeks to recover the initiative after some bad publicity earlier in the year.

In April it announced Luta Security as a new partner to help rebuild its bug bounty program, alongside John Hopkins cryptography expert Matthew Green, former Google privacy technology lead, Lea Kissner and cybersecurity consultancy NCC Group.

Former Facebook CSO Alex Stamos, who had been vocal on social media about the challenges facing the video conferencing firm, was hired as an advisor.

The firm is nearly at the end of a 90-day security and privacy plan which CEO Eric Yuan instigated after the platform’s massive growth due to COVID-19 seemed to catch it on the back foot. Several critical vulnerabilities were found in the software and there was criticism of its default settings and exposure to “Zoombombing.”

Most recently, the firm backtracked on an earlier decision and committed to offering end-to-end encryption for all users, not just those on its premium service.

Categories: Cyber Risk News

New Indictment Seeks to Tie Assange Closer to Hacking Conspiracy

Info Security - Thu, 06/25/2020 - 08:40
New Indictment Seeks to Tie Assange Closer to Hacking Conspiracy

The US Department of Justice (DoJ) has filed a new indictment against Julian Assange which explains in more detail why the authorities believe he went beyond publishing in the public interest to get hands-on in a hacking conspiracy.

The superseding indictment adds no more counts to the 18-count indictment issued in May 2019, but it seeks to “broaden the scope” of the conspiracy the WikiLeaks founder was previously charged with.

It alleges that in 2010 he “gained unauthorized access” to a NATO member’s government IT system, and that two years later he was in direct communication with a “leader” of hacking collective LulzSec, who was an FBI informant at the time.

The indictment claims that Assange provided a list of hacking targets for LulzSec, asking the leader to look for and provide WikiLeaks with mail, documents, databases and PDFs.

“In another communication, Assange told the LulzSec leader that the most impactful release of hacked materials would be from the CIA, NSA or the New York Times,” the DOJ announcement explained.

“WikiLeaks obtained and published emails from a data breach committed against an American intelligence consulting company by an Anonymous and LulzSec-affiliated hacker. According to that hacker, Assange indirectly asked him to spam that victim company again.”

This is in addition to the original charge that Assange conspired with whistleblower Chelsea Manning to crack a password hash stored on US Department of Defense computers connected to the Secret Internet Protocol Network (SIPRNet).

The new superseding indictment appears to be an attempt by the authorities to tie Assange more closely to hacking conspiracies.

The other charges, relating to the publication of hundreds of thousands of secret diplomatic cables and other documents about US wars in Afghanistan and Iraq, have been heavily criticized. Observers claim they were done in the public interest and should be protected by the First Amendment.

Assange is currently in custody in the UK awaiting the outcome of an extradition request from Washington.

Categories: Cyber Risk News

COVID-Themed Ransomware Attack on Android Users Revealed

Info Security - Thu, 06/25/2020 - 08:10
COVID-Themed Ransomware Attack on Android Users Revealed

Details of a new COVID-themed ransomware attack on Android users in Canada, known as CryCryptor, have been revealed by ESET researchers. In the attack, people were lured into downloading a ransomware app disguised as an official COVID-19 tracing tool through two COVID-themed websites. This came shortly after the Canadian government announced its support for the creation of a nation-wide, voluntary tracing app to be called COVID Alert.

The websites have now been taken down and ESET researchers wrote a decryption tool for its victims, based on a bug in the malicious app. However, the discovery highlights the heightened susceptibility to attacks of this kind that are linked to the COVID-19 pandemic, with a sense of urgency and fear making people more likely to click on dangerous links. Lukáš Štefanko, malware analyst at ESET, said: “Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app.”

ESET began its investigation after responding to a tweet announcing a discovery of what was thought to be Android banking malware. Štefanko explained: “CryCryptor contains a bug in its code that allows any app installed on the affected device to launch any service provided by the buggy app. So, we created an app that launches the decrypting functionality built into CryCryptor.”

Whilst this particular version of CryCryptor is no longer a threat, ESET emphasized that Android users must remain vigilant of similar forms of attacks in the coming weeks. “Besides using a quality mobile security solution, we advise Android users to install apps only from reputable sources such as the Google Play store,” said Štefanko.

A number of countries around the world have sought to use contact tracing apps to help them continue to contain the virus as lockdown measures are eased. However, this has raised a number of concerns over the security and privacy risks that are brought about by the data that is recorded.

Categories: Cyber Risk News

US Soldier Indicted Over Mass Murder Plot

Info Security - Wed, 06/24/2020 - 18:00
US Soldier Indicted Over Mass Murder Plot

A soldier in the US Army has been charged with terrorism offenses after conspiring with extremist groups to arrange a deadly ambush of his own unit.

An indictment unsealed on June 22 in a Manhattan federal court accuses Ethan Melzer of passing sensitive information about the location, movements, and security of his unit to Al-Qaeda and to members of the Order of the Nine Angles (O9A). 

The order was established by a woman in the UK in the 1960s. It rose to prominence in the 1980s for its neo-Nazi ideologies and adherence to Satanism. 

Melzer, of Louisville, Kentucky, is charged with conspiring and attempting to murder US nationals, conspiring and attempting to murder military service members, providing and attempting to provide material support to terrorists, and conspiring to murder and maim in a foreign country. 

During a voluntary interview with military investigators and the FBI, the 22-year-old soldier declared himself to be a traitor against the United States and admitted his role in plotting a terrorist attack. 

The proposed attack, designed to result in the deaths of as many of Melzer's fellow service members as possible, was thwarted by the FBI and the US Army in late May 2020. 

In April 2020, after learning of plans for his unit to be deployed overseas, Melzer allegedly used an encrypted application to send messages to O9A members and associates. In these messages, he revealed the upcoming movements of his unit and plotted with co-conspirators to carry out a “jihadi attack” that would result in a “mass casualty.”

In May, Melzer allegedly passed information about an anticipated deployment of his unit to a purported member of Al-Qaeda, adding that he would be willing to supply further intelligence. 

“Ethan Melzer plotted a deadly ambush on his fellow soldiers in the service of a diabolical cocktail of ideologies laced with hate and violence,” said Assistant Attorney General for National Security John Demers.

“Our women and men in uniform risk their lives for our country, but they should never face such peril at the hands of one of their own.”  

Melzer joined the US Army in 2018 and the O9A in 2019. He was arrested by the FBI on June 10.

Categories: Cyber Risk News

Two-Year Data Breach at Florida Senior Care Provider

Info Security - Wed, 06/24/2020 - 16:30
Two-Year Data Breach at Florida Senior Care Provider

A cybersecurity breach at a Florida senior care provider went unnoticed for two years and impacted patient data.

Cano Health discovered in April 2020 that some email accounts belonging to its employees had been compromised by threat actors.

After investigating the incident, the healthcare company found that the accounts had been accessed multiple times in a prolonged security breach that took place between May 18, 2018, and April 13, 2020. 

The cyber-incident came to light on April 13, when some messages received by one of the compromised accounts were forwarded to a third party outside of the company. 

Cano Health found that a total of three employee accounts had been compromised and subsequently took steps to secure them. An examination into the breach revealed that an unknown person or persons may have accessed patients' personal information.

Cano Health operates 46 medical centers located throughout Florida. Earlier this month, the company began notifying patients of a potential data security issue. 

In a statement published on their blog June 12, the company said: “Based on its investigation, Cano Health cannot confirm that any emails were accessed by the unknown perpetrator, but because some emails contained documents or messages with personal information, it is notifying all potentially affected individuals out of an abundance of caution.”

The information in the compromised email accounts included patient names, dates of birth, contact information, healthcare information, insurance information, Social Security numbers, government identification numbers, and/or financial account numbers.

“We take the protection of our patients’ information very seriously and sincerely apologize for any concern or inconvenience this incident has caused or may cause to anyone who has been affected,” said Cano's chief executive officer, Dr. Marlow Hernandez-Cano. 

“We are committed to continuously updating our information security to guard against new and emerging threats.”

Cano Health said that patients who may have been impacted by the breach would be notified in writing. The company advised these patients to “regularly review and monitor their personal information, accounts, and benefits statements.”

The company is offering complimentary credit monitoring services to patients whose financial information may have been affected by the data breach. 

Categories: Cyber Risk News

EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

Info Security - Wed, 06/24/2020 - 15:58
EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

EEMA, the leading independent European think tank focused on identity, privacy and trust, has appointed Hans Graux to its Board of Management. Graux is a partner at law firm Timelex and an attorney-at-law specializing in electronic identity and trust services.

Brussels-based EEMA provides world-class events, projects, collaboration, education, engagement, communication, participation and networking for companies, the public sector and individuals to help build enduring and mutually beneficial working relationships.

Commenting on his position on the EEMA Board of Management, Graux said: “EEMA has been the point of reference on electronic identification, digital signatures and cybersecurity in the EU for as long as I can remember. No organization has done as much to bring authoritative voices on these topics together, and to make sure they are heard. It is an honor and a privilege to be able to support its future work.”

Chair of EEMA, Jon Shamah, added: “Timelex and EEMA have a longstanding relationship. The expert counsel and insight Hans is able to bring to Horizon 2020 projects is vital.

“Hans is generous with his time and expertise and many EEMA members have benefited greatly from his advice. I am proud that Hans has accepted our invitation to join the Board of Management to help shape the future of EEMA.”

Categories: Cyber Risk News

‘Wagatha Christie’ Spat Leads to Lawsuit

Info Security - Wed, 06/24/2020 - 15:20
‘Wagatha Christie’ Spat Leads to Lawsuit

Rebekah Vardy is suing Colleen Rooney after the latter accused the former of leaking private information to a British tabloid.

The women, who are both married to British soccer players and used to socialize together, fell out last year. Their public spat took place over Twitter.

In a lengthy post published on October 9, Rooney stated that a mysterious mole in her friendship group had been handing information “about me, my friends and my family” over to The Sun newspaper “for a few years.”

Determined to discover who was blabbing, amateur sleuth Rooney narrowed down the source of the leak to someone whom she had trusted to follow her on her personal Instagram account.

After forming a suspicion as to the mole's identity, Rooney came up with a plan to test her theory.  

“I blocked everyone from viewing my Instagram stories except ONE account,” wrote Rooney. “Over the past five months I have posted a series of false stories to see if they made their way into The Sun newspaper. And you know what, they did!”

Phony stories Rooney used as bait included a tall tale that her house had flooded and a story that she and her husband were traveling to Mexico for medical assistance to get pregnant with a female fetus.

“I have saved and screenshotted all the original stories which clearly show just one person has viewed them,” wrote Rooney. “It's Rebekah Vardy's account.”

Rooney’s status as a WAG (a term for footballers’ wives and girlfriends) and her impressive detective work earned her the nickname ‘Wagatha Christie’ in the British press. 

According to the Independent, Rebekah Vardy has now issued a claim of libel against Colleen Rooney. In the claim, Rooney is accused of publishing false statements that were damaging to Vardy's reputation. 

Court records reveal that Vardy filed a claim in the High Court on June 12 for “defamation—libel and slander.”

Rooney previously offered to meet Vardy in person to resolve the issue. Her lawyers said she found Vardy's decision to start legal proceedings “disappointing” and thought that the former model could put her time and money “to better use.”

Categories: Cyber Risk News