Feed aggregator

Global Firms Delayed Key Security Projects as Pandemic Struck

Info Security - Wed, 07/29/2020 - 08:38
Global Firms Delayed Key Security Projects as Pandemic Struck

Over 90% of global organizations were forced to delay key security projects as they transitioned to remote working earlier this year and many stopped patching, exposing themselves to cyber-threats, according to Tanium.

The unified endpoint management and security vendor polled 1000 CXOs to better understand how the pandemic has altered the risk landscape.

It revealed that identity and asset management (39%) and security strategy (39%) were the most common projects that had to be shelved. In the UK, anti-virus and malware sandboxing (37%) and networking zoning (36%) initiatives were most in danger of being delayed.

Patching was also a key challenge for many organizations, with 88% admitting they have experienced difficulties during the pandemic and a quarter (26%) claiming they have completely side-lined the practice. This is despite a huge Microsoft Patch Tuesday workload for admins over the past few months, including the largest ever set of CVEs issued in June.

Many CXOs Tanium polled seem to have had a false sense of confidence at the start of the crisis: 85% said they felt ready for the shift to remote working, but in the end 98% admitted they were caught off guard by security challenges in the first two months.

The top three challenges they faced were: identifying new personal computing devices (27%), overwhelmed VPNs (22%) and security risks to video conferencing (20%).

Further more, 90% of respondents revealed that cyber-threats had increased, with data exposure (38%), business email or transaction fraud (37%) and phishing (35%) the most common attacks.

Tanium CISO, Chris Hodson, argued that many organizations were unprepared for such an abrupt shift to remote working at the start of the pandemic.

“It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyber-attacks and critical vulnerabilities has made it apparent that we’re still far from an effective strategy for the new IT reality,” he added.

“IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organizations have visibility of computing devices in their IT environment.”

Categories: Cyber Risk News

Dell EMC Patches iDRAC Vulnerability

Info Security - Tue, 07/28/2020 - 19:15
Dell EMC Patches iDRAC Vulnerability

A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected.

The controller was designed for secure local and remote server management to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers.

Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov at Positive Technologies. It has a score of 7.1, reflecting a high degree of danger.

By exploiting the flaw, a remote authenticated user could turn the product on or off or change its cooling or power settings. Such actions may sound relatively harmless, but they could potentially eat into the profits of businesses already struggling as a result of the global pandemic. 

"If important services are running on these servers, that could cause them to become temporarily unavailable, potentially resulting in losses for businesses," said a Positive Technologies spokesperson. 

Kiguradze said that if attackers obtained the backup of a privileged user, they could use the vulnerability to block or disrupt the server's operation. 

He explained: “The iDRAC controller is used to manage key servers, effectively functioning as a separate computer inside the server itself. iDRAC runs on ordinary Linux, although in a limited configuration, and has a fully-fledged file system. The vulnerability makes it possible to read any file in the controller's operating system, and in some cases to interfere with operation of the controller (for instance during reading symbolic Linux devices like /dev/urandom)."

Researchers found that the vulnerability affects Dell EMC iDRAC9 controllers with firmware versions prior to and can be exploited internally or externally. 

"This attack can be performed externally—if an attacker has credentials, perhaps by bruteforcing, although this is unlikely given the product's anti-bruteforcing protections—or internally, such as with the account of a junior admin with limited access to the server,” said Kiguradze. 

iDRAC is offered as an option for almost all current Dell servers. Following the flaw's detection, Dell EMC has released updated firmware and urges users to install it as soon as possible.

Users are advised not to connect iDRAC directly to the internet but rather to place it on a separate administration network. 

Categories: Cyber Risk News

Operators of VHD Ransomware Unveiled

Info Security - Tue, 07/28/2020 - 18:29
Operators of VHD Ransomware Unveiled

A state-sponsored threat group has created its own ransomware and is using it against large organizations for financial gain. 

New research published today by Kaspersky claims that a strain of ransomware named VHD that was first detected in the spring can be attributed to threat group Lazarus with "high confidence." 

Lazarus is a state-sponsored cyber-criminal organization operating with the support of North Korea.

The link between VHD and Lazarus was made during the analysis of a recent cyber-attack targeting businesses in France and Asia. Analysts found that the companies had simultaneously been hit with known Lazarus tools in conjunction with the newly created ransomware.  

Researchers subsequently concluded that it was Lazarus that had created the ransomware and that was now using it to hit large organizations, a practice known as big-game hunting. 

"The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups," said a Kaspersky spokesperson.

VHD ransomware was first reported on in March and April 2020, when it stood out due to its self-replication method. 

"This malware’s use of a spreading utility, compiled with victim-specific credentials, was reminiscent of APT campaigns," said Kaspersky. 

Researchers found that the attackers using VHD had used a backdoor that was a part of a multiplatform framework called MATA. A number of code and utility similarities link this platform to Lazarus. 

“We have known that Lazarus has always been focused on financial gain, however, since WannaCry we had not really seen any engagement with ransomware,” said Ivan Kwiatkowski, senior security researcher at Kaspersky’s GReAT. 

“The question we have to ask ourselves is whether these attacks are an isolated experiment or part of a new trend and, consequently, whether private companies have to worry about becoming victims of state-sponsored threat actors."

Kwiatkowski advised organizations to avoid becoming ransomware victims by taking preemptive action.

He said: "Organizations need to remember that data protection remains important as never before—creating isolated back-ups of essential data and investing in reactive defenses are absolute must-dos.”

A state-sponsored threat group has created its own ransomware and is using it against large organizations for financial game. 

New research published today by Kaspersky claims that a strain of ransomware named VHD that was first detected in the spring can be attributed to threat group Lazarus with "high confidence". 

Lazarus is a state-sponsored cyber-criminal organization operating with the support of North Korea.

The link between VHD and Lazarus was mooted during the analysis of a recent cyber-attack targeting business in France and Asia. Analysts found that the companies had simultaneously been hit with known Lazarus tools in conjunction with the newly created ransomware.  

Researchers subsequently concluded that it was Lazarus who had created the ransomware and who were now using it to hit large organizations - a practice known as big-game hunting. 

"The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups," said a Kaspersky spokesperson.

VHD ransomware was first reported on in March and April 2020 when it stood out due to its self-replication method. 

"This malware’s use of a spreading utility, compiled with victim-specific credentials, was reminiscent of APT campaigns," said Kaspersky. 

Researchers found that the attackers using VHD had used a backdoor that was a part of a multiplatform framework called MATA. A number of code and utility similarities link this platform to Lazarus. 

“We have known that Lazarus has always been focused on financial gain, however, since WannaCry we had not really seen any engagement with ransomware,” said Ivan Kwiatkowski, senior security researcher at Kaspersky’s GReAT. 

“The question we have to ask ourselves is whether these attacks are an isolated experiment or part of a new trend and, consequently, whether private companies have to worry about becoming victims of state-sponsored threat actors."

Kwiatkowski advised organizations to avoid becoming ransomware victims by taking pre-emptive action.

He said: "Organizations need to remember that data protection remains important as never before – creating isolated back-ups of essential data and investing in reactive defenses are absolute must-dos.”

Categories: Cyber Risk News

Accountability Concerns Main Reason Security Pros Want to Quit

Info Security - Tue, 07/28/2020 - 16:31
Accountability Concerns Main Reason Security Pros Want to Quit

The main reason security professionals want to leave their jobs is a lack of executive accountability for strategic security decisions, according to new research.

A survey of more than 300 security professionals and executives around the world conducted by LogRhythm found that 42% of participants wanted to quit over inadequate executive accountability. 

The findings of the survey were published today in the report "The State of the Security Team: Are Executives the Problem?" LogRhythm commissioned the report to understand the root causes of the stress under which security teams operate, obtain feedback on how stress can be alleviated, and identify the best paths to remediation. 

Worryingly, the report revealed that 75% of security professionals feel they now experience more work-related stress than they did just two years ago.

“Now, more than ever, security teams are being expected to do more with less, leading to increasing stress levels. With more organizations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern,” said James Carder, CSO and VP of LogRhythm Labs. “This is a call to action for executives to prioritize alleviating the stress and better support their teams with proper tools, processes, and strategic guidance.”

When asked what causes the majority of work-related stress, the two most commonly given answers were not having enough time (41%) and working with executives (18%). More than half of respondents (57%) stated that their security program lacks proper executive support, defined in the survey as the provision of strategic vision, buy-in, and budget.

The top five responses given as to what would help alleviate workplace stress were an increased security budget (44%), experienced security team members (42%), better cooperation from other IT teams (42%), a supportive executive team (41%), and a fully staffed security team (39%). 

Other key findings of the survey were that 93% of security professionals felt they lack the tools to detect known security threats, and 92% said they do not have the appropriate preventative solutions to close current security gaps.

Only one in three companies (32%) said that they have a real-time security dashboard that provides a clear, consolidated view of all their security solutions.

Categories: Cyber Risk News

No More Ransom Initiative Reflects on Achievements on Fourth Anniversary

Info Security - Tue, 07/28/2020 - 14:30
No More Ransom Initiative Reflects on Achievements on Fourth Anniversary

The No More Ransom Initiative has reached its fourth anniversary this month, having marked some considerable achievements in that time. According to one of the founders, Europol, the No More Ransom decryption tool repository has registered over 4.2 million visitors from 188 countries in the last four years, preventing an estimated $632m from getting into the hands of criminals.

The initiative was set up back in July 2016 as a collaboration between law enforcement and IT security companies to disrupt cyber-criminal businesses with ransomware connections. They set up an online portal that informs the public about the dangers of ransomware and helps victims to recover their data without having to pay a ransom to cyber-criminals.

The portal, which has added 28 new tools this year alone, is now capable of decrypting 140 different types of ransomware infections. The portal is also available in 36 languages.

From the founding members of the Dutch National Police, Europol, McAfee and Kaspersky, No More Ransom has now expanded to 163 partners from across the world.

Commenting on the anniversary, Fedor Sinitsyn, security expert at Kaspersky, said: “The success of the No More Ransom initiative is a shared success, one that cannot be achieved by law enforcement or private industry alone. By joining forces, we enhance our ability to take on the criminals and make it harder for them to harm people, businesses and critical infrastructure.

“What ransomware has taught us for sure is that prevention is no doubt better than a cure. Internet users need to avoid becoming a victim in the first place. Many relevant prevention tips are available on the No More Ransom website. If you do become a victim, it is important not to pay the ransom and report your infection to the police.”

John Fokker, head of cyber-investigations at McAfee, added: “Organizations should also remember to do their due diligence when it comes to securing systems and training employees: social engineering is still an incredibly efficient tactic for criminals looking to infect systems.

“Ultimately, when it comes to fighting ransomware, we will need to continue working together to keep pace with attackers – whether that’s coordination between public and private organizations, sharing of threat intelligence or education and training within individual businesses.”

Categories: Cyber Risk News

Garmin Confirms Cyber-Attack as Ransomware Recovery Rumored

Info Security - Tue, 07/28/2020 - 12:50
Garmin Confirms Cyber-Attack as Ransomware Recovery Rumored

Garmin has finally admitted that its recent outage was caused by a cyber-attack.

In an update last week, the company initially said it was “experiencing an outage that affects flyGarmin and as a result, the flyGarmin website and mobile app are down at this time.” However, following rumors online that the company had actually suffered a ransomware attack, and that it had even paid a $10m ransom, the company has updated its statement to confirm that it suffered a “cyber-attack that encrypted some of our systems on July 23 2020.”

This resulted in many of its online services being interrupted, including website functions, customer support, customer facing applications and company communications. “We immediately began to assess the nature of the attack and started remediation.”

It said there was no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen and the functionality of Garmin products was not affected, and the only damage was to services which were taken offline. “Affected systems are being restored and we expect to return to normal operation over the next few days,” it added.

According to some reports, sources confirmed that the company had suffered a ransomware attack, and that it had been hit by WastedLocker, which SentinelOne explained was a “relatively new ransomware family which has been tracked in the wild since April/May 2020” and targets high-value companies.

Denis Legezo, senior security researcher at Kaspersky, said: “Technically speaking, WastedLocker is a targeted ransomware, which means its operators come for selected enterprises instead of every random host they can reach.

“The encryption algorithms in use are nothing special for ransomware: modern and strong. The ransomware’s operators add the victim company’s name in the ransom messages – the messages with information about how to contact the malefactors through secure e-mail services and the like. So it's pretty obvious they know for whom they came after.”

It was also reported by iThome that Garmin’s IT department sent a notice to various departments in Taiwan stating that internal IT servers and databases were attacked and production lines were also suspended for two days. Later it was rumored that the attackers had demanded a $10m ransom payment, and that Garmin had obtained the decryption key.

Categories: Cyber Risk News

Identity Governance Business Critical as Orgs Return to Work, Say IT Experts

Info Security - Tue, 07/28/2020 - 12:00
Identity Governance Business Critical as Orgs Return to Work, Say IT Experts

The majority of IT experts believe that monitoring for cybersecurity threats will become more challenging over the next 18 months as organizations return to work from a variety of locations, with identity management key to cybersecurity success.

That’s according to a new survey from identity and cybersecurity firm SailPoint which discovered that 86% of IT experts in EMEA expect their organization’s number of Software-as-a-Service (SaaS) applications to grow over the next year-and-a-half, even as UK workers begin heading back to physical office spaces as the COVID-19 lockdown continues to ease.

Identity governance is therefore going to be business critical to effectively manage cybersecurity threats, the survey noted. In fact, 62% of respondents said they are considering expanding their organization’s identity platform over the next year to help meet the challenges ahead.

Ben Bulpett, EMEA director at SailPoint, said: “The shift to remote working has made it more difficult for IT teams to monitor the enterprise security perimeter, with hackers looking to take advantage of multiple user access points.

“For many companies, security and compliance gaps have surfaced in the rush to maintain business continuity, and it’s crucial these issues are resolved to ensure business survival. As organizations brace themselves for a new economic storm, identity governance is one of the tools that can help them navigate through the challenging times ahead.”

Whether employees continue working from home, return to the office with different responsibilities, or enter into a contract-based role, identity governance plays a crucial part in protecting the enterprise security perimeter, Bulpett added.

“Through this, IT teams can speed up the process of enabling and securing their users’ access to key applications, data and infrastructure, pivoting quickly as the business’ and users’ needs change.”

Categories: Cyber Risk News

Cosmetics Giant Avon Leaks 19 Million Records

Info Security - Tue, 07/28/2020 - 10:40
Cosmetics Giant Avon Leaks 19 Million Records

A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs.

Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.

“The vulnerability effectively means that anyone possessing the server’s IP address could access the company’s open database,” it explained in a subsequent report.

The London-headquartered firm, which boasts over $5.5bn in annual worldwide sales, was apparently exposing the 7GB database for nine days before it was discovered on June 12.

It contained personally identifiable information (PII) on customers and potentially employees, including full names, phone numbers, dates of birth, email and home addresses, and GPS coordinates. Also included in the haul were 40,000+ security tokens, OAuth tokens, internal logs, account settings and technical server information.

While the PII could have been leveraged to commit a wide range of identity fraud and follow-on phishing scams, the exposed technical details also posed a risk to Avon, according to SafetyDetectives.

“Given the type and amount of sensitive information made available, hackers would be able to establish full server control and conduct severely damaging actions that permanently damage the Avon brand; namely, ransomware attacks and paralyzing the company’s payments infrastructure,” it argued.

Interestingly, a June 9 filing with the Securities and Exchange Commission revealed the firm had suffered a “cyber-incident in its information technology environment which has interrupted some systems and partially affected operations.”

A second filing on June 12 claimed that the firm was planning a restart of its systems.

“Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data,” it continued. “Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”

It’s unclear whether the incident was linked to this exposed cloud server or not.

Categories: Cyber Risk News

UK/US Governments Warn of QNAP NAS Malware

Info Security - Tue, 07/28/2020 - 09:45
UK/US Governments Warn of QNAP NAS Malware

The UK and US governments have issued another joint cybersecurity alert, this time warning organizations about a strain of malware targeting network attached storage (NAS) devices from QNAP.

As of mid-June, the QSnatch malware (aka “Derek”) had infected 62,000 devices worldwide, including 3900 in the UK and 7600 in the US, according to the notice from GCHQ’s National Cyber Security Center (NCSC) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

This is the result of two campaigns, one running from 2014 to mid-2017 and the other starting in late 2018.

“Although the identities and objectives of the malicious cyber-actors using QSnatch are currently unknown, the malware is relatively sophisticated, and the cyber-actors demonstrate an awareness of operational security,” the alert said of the current campaign.

“The infection vector has not been identified, but QSnatch appears to be injected into the device firmware during the infection stage, with the malicious code subsequently run within the device, compromising it. The attacker then uses a domain generation algorithm (DGA) to establish a command and control (C2) channel that periodically generates multiple domain names for use in C2 communications.”

QSnatch apparently features a credential scraper, SSH backdoor, CGI password logger, webshell functionality and the ability to exfiltrate a predetermined list of files, including system configs and log files.

It is said to achieve persistence by modifying the system host’s file to redirect domain names to out-of-date versions in order to prevent updates from installing on the NAS device itself.

The NCSC/CISA urged administrators to follow the guidance issued by QNAP last November.

“Once a device has been infected, attackers have been known to make it impossible for administrators to successfully run the needed firmware updates. This makes it extremely important for organizations to ensure their devices have not been previously compromised,” the notice added.

“Organizations that are still running a vulnerable version must run a full factory reset on the device prior to completing the firmware upgrade to ensure the device is not left vulnerable.”

Of current infections, 46% of devices are located in Western Europe, while 15% are North American.

Categories: Cyber Risk News

Over Half of Universities Suffered Data Breach in Past Year

Info Security - Tue, 07/28/2020 - 08:30
Over Half of Universities Suffered Data Breach in Past Year

Over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each, according to new Freedom of Information (FOI) data collected by Redscan.

The security firm received back answers from 86 of the 134 higher education institutions it contacted, to compile the new report: The state of cyber security across UK universities.

It revealed that although the country’s universities host over 2.3 million students and 430,000 staff and contribute an estimated £87bn of value to the national economy, cybersecurity remains neglected by many.

Nearly half (46%) claimed that staff had received no security training in the past year, while just 51% said they proactively provide training and information to students. Some 12% don’t offer any kind of guidance or support to students when it comes to cybersecurity best practices.

Those that do go in for training spend on average just £7529 per year, according to the report.

What’s more, over a quarter (27%) of institutions said they never commission external pen tests.

These deficiencies are exposing UK universities to third-party attack and the consequences of staff negligence, leading to accidental insider breaches.

Recent events have shown how vulnerable they are to cyber-attack: a breach at US cloud provider Blackbaud has compromised data at over 20 charities and universities in the UK and North America.

Redscan CTO, Mark Nicholls, argued that these organizations represent an attractive and lucrative target for financially motivated and even state-sponsored attackers.

“Work to develop a COVID-19 vaccine is just one in a long line of world-changing research projects currently being undertaken by our universities. However, it is one example that should really focus minds on the need to secure important research and IP against the latest cyber-threats, including state-sponsored attacks,” he told Infosecurity

“Aside from negatively impacting an institution’s reputation and funding, data breaches leading to the loss of vital scientific research have the potential to seriously hamper innovation and affect lives.”

Categories: Cyber Risk News

Virginia Startup CEO Charged with Investment Fraud

Info Security - Mon, 07/27/2020 - 18:14
Virginia Startup CEO Charged with Investment Fraud

The CEO of a technology startup based in Virginia is facing federal charges for allegedly masterminding an investment scam whose victims lost millions of dollars. 

Danny Boice was the founder and CEO of the now bankrupt privately held company Trustify Inc that was established in 2015. From its headquarters in Crystal City, the firm provided an online marketplace for private investigations. 

The ill-fated business was named Startup of the Week by the Washington Business Journal in 2016, drawing comparison with Uber for providing quick access to hire-on-demand private dicks. 

According to PInow, Trustify fell apart after direct deposits for investigators failed to clear and paper checks issued in lieu of the digital payments bounced. 

An indictment unsealed in federal court on July 24 alleges that Boice fraudulently solicited investments in Trustify from 2015. The 41-year-old resident of Alexandria, Virginia, allegedly lied about how much money the business was making in order to secure funds from multiple investors. 

The Department of Justice claims that via means that included overstating Trustify’s financial performance, Boice fraudulently raised approximately $18.5m from over 90 investors. 

In total, Boice is accused of committing five counts of wire fraud, one count of securities fraud, and two counts of money laundering.

Boice is further accused of being dishonest with investors regarding what proportion of the investor funds he would personally receive. According to the Department of Justice, the CEO issued false statements to investors and diverted "a substantial amount of the investor money to his own benefit." 

Trustify shut down abruptly in late 2018. Four lawsuits were later brought against the company by PR firms, private investigators, and a real estate investment company who claimed they were not paid, and by investors who sued for malfeasance. 

An investigation into the case is being carried out by the Federal Bureau of Investigation's Washington Field Office. Individuals who believe that they may have fallen victim to Boice's alleged investment scam are advised to contact the Victim Witness Services Unit of the U.S. Attorney’s Office for the Eastern District of Virginia.

Trustify's co-founder and Boice's ex-wife Jennifer Mellon is not named in the indictment.

Categories: Cyber Risk News

American Insurer Charged Over Sustained Data Breach

Info Security - Mon, 07/27/2020 - 17:30
American Insurer Charged Over Sustained Data Breach

A subsidiary of insurance company First American Financial Corp. has been charged by a New York regulator regarding a data breach that went on for several years.

The New York State Department of Financial Service (DFS) filed charges on July 22 alleging that First American Title Insurance Co. exposed hundreds of millions of documents containing sensitive information. Data compromised in the breach included Social Security numbers and bank account information.

According to the DFS, the company leaked data because it was using a flawed document management system that allowed anyone to access files. The department claims that no passwords or other security measures were in place to prevent sensitive information stored within the system from being viewed. 

The court case is the first cybersecurity enforcement action brought by the regulator under a set of rules debuted in March 2017 that require banks and other financial services companies to implement and maintain cybersecurity protections. 

The laws require financial services companies licensed to operate in New York to limit access to sensitive data, carry out regular risk assessments, and inform users of any cybersecurity incidents in a timely manner. 

First American is accused of violating six sections of the rules. If found guilty, the company could be ordered to pay fines of up to $1,000 per violation. 

First American Title Insurance Co. is the second largest insurer of real estate in the United States. A spokesman for the company said First American intends to contest the charges.

“First American strongly disagrees with the New York Department of Financial Services’ charges,” the company said in a statement. 

The charges filed by DFS state that First American was aware of vulnerabilities in its document management system for a number of months before news of the flaws was published in 2019 by journalist Brian Krebs. The regulator said the weaknesses were unearthed during a penetration test authorized by First American in late 2018.

According to DFS, mismanagement and a series of administrative errors meant that the flagged flaws went unfixed. 

First American said an investigation into the breach by the Nebraska Department of Insurance had found that the company had adequate cybersecurity in place to comply with the New York regulations as of June 30, 2019.

Categories: Cyber Risk News

Google Accused of Privacy Breaches by Australian Watchdog

Info Security - Mon, 07/27/2020 - 16:30
Google Accused of Privacy Breaches by Australian Watchdog

Australia's consumer watchdog has accused technology giant Google of misleading account holders over how much of their personal data was being collected and how it would be used. 

The Australian Competition and Consumer Commission started legal proceedings against Google on Monday. A claim filed in Australia's Federal Court alleges Google misled millions of Australians to obtain their consent to gather additional personal data.

The ACCC claims that Google wanted the extra data concerning users' internet activity to target advertising but neglected to obtain the consent necessary to collect it. 

"We allege that Google did not obtain explicit consent from customers to take this step,” said Rod Sims, the commission’s chair, in a statement.

“The ACCC considers that consumers effectively pay for Google’s services with their data, so this change introduced by Google increased the ‘price’ of Google’s services, without consumers’ knowledge."

The allegations stem from a decision made by Google in 2016 to start combining users’ personal information in their Google accounts with information from their activity on non-Google sites powered by specific Google ad technology. Formerly known as DoubleClick, the technology is used to display ads.

Sims said: "We are taking this action because we consider Google misled Australian consumers about what it planned to do with large amounts of their personal information, including internet activity on websites not connected to Google.

"Google significantly increased the scope of information it collected about consumers on a personally identifiable basis. This included potentially very sensitive and private information about their activities on third-party websites."

Google told ABC news that it had cooperated with the ACCC's investigation into the alleged privacy breach. The company said that consent had for the data collection had been sought from Google account holders “via prominent and easy-to-understand notifications.”

A Google statement issued in response to the ACCC's claims said: “We strongly disagree with their allegations and intend to defend our position."

The Federal Court case is the second to be launched by the ACCC against Google. An earlier case, filed when the commission uncovered that Android users did not realize a two-step process was needed to block Google from collecting location data from their devices, is due to be heard on November 30.

Categories: Cyber Risk News

Sheffield Hallam University Confirms Blackbaud-Linked Data Breach

Info Security - Mon, 07/27/2020 - 14:35
Sheffield Hallam University Confirms Blackbaud-Linked Data Breach

Sheffield Hallam University has confirmed that it is dealing with a data breach linked to the software provider Blackbaud.

University secretary Michaela Boryslawskyj said in an email to members of its community that it was notified by Blackbaud that Sheffield Hallam and a number of other universities had been affected by the incident. As detailed in the Sheffield Star, the email said Blackbaud’s systems were hacked and personal information relating to its alumni and other members of the community were stolen on Thursday July 16 2020.

“The data taken does not include bank details, financial information or sensitive personal data; and you do not have to take any direct action in relation to this incident at this stage,” Boryslawskyj said. “However, the university takes its approach to data security very seriously and we have established a full incident response group to review and respond to this issue. More information on the incident is included in this email.”

Sheffield Hallam University also believed the “names and contact details for alumni, donors and other stakeholders” were taken during the cyber-attack, and the university is managing the incident in accordance with its data security procedures.

“We sincerely apologize for any distress that this data security breach by Blackbaud may cause,” Boryslawskyj said. “The university takes data protection very seriously and we regret any inconvenience caused by this incident.”

Blackbaud, one of the world’s largest providers of education administration, fundraising and financial management software said in a statement that it “discovered and stopped a ransomware attack” in May 2020, however the attacker was able to remove a copy of a subset of data from Blackbaud’s self-hosted environment. Blackbaud did not disclose the incident until universities began to investigate incidents in the last few weeks.

Jonathan Knudsen, senior security strategist at Synopsys, said: “The aftershocks from the Blackbaud compromise continue to ripple outward, causing heartburn, financial damage and reputational damage in equal parts.

“The Blackbaud incident shows that managing software risk has a larger scope than just one organization. The software security deficiencies of partner or supplier organizations become your own problems when you depend upon them for delivering products or services. Correctly managing software and business risk encompasses managing risk from external vendors. It is easy to take software for granted as just part of doing business, but it is crucial to understand that the software we all use is itself a significant source of risk and must be managed just like any other business risk.”

Rufus Grig, CSO at Maintel, said the breach should act as a reminder to universities that they remain strong targets for hackers, due to the huge amounts of high-value personal and financial data they hold. “With more and more students now connecting remotely from all over the world, unless universities stay on top of their cybersecurity, breaches will become increasingly common,” Grig added.

“In addition, as IT infrastructure is gradually moved to the cloud, organizations must ensure how they transfer data is secure and that its stored safely.”

Categories: Cyber Risk News

Panaseer Establishes Advisory Board to Help Expand Cybersecurity Vision

Info Security - Mon, 07/27/2020 - 14:01
Panaseer Establishes Advisory Board to Help Expand Cybersecurity Vision

Cybersecurity firm Panaseer has established a new advisory board to help it accelerate its vision of preventing cybersecurity incidents through effective risk management. The board members come from a cross-section of the information security industry, with expertise in leadership, sustainability, business and security.

Panaseer hopes the move will increase adoption of its Continuous Controls Monitoring platform for enterprise security, particularly among large organizations and highly regulated industries.

Nik Whitfield, CEO of Panaseer, commented: “Panaseer was the first company to create a Continuous Controls Monitoring platform, which finally solves the cyber-metrics and measurement challenges faced by large organizations today. By bringing together this ‘dream team’ of visionaries and experienced leaders we will be able to fully leverage this opportunity as they will be instrumental in enabling us to further enhance our offering and get the word out to the market.”

The chair of the new board is renowned leader and explorer Robert Swan, OBE – the first person to walk to both the North and South Poles.

Swan said: “Panaseer is a trailblazer in cyber. Its platform addresses a problem that goes largely unaddressed by others in the market. It thought differently and now is the time for it to capitalize on this foresight. Being a pioneer requires a certain mindset, and I am excited to guide the team on its journey to growth.”

The other members of the board are the following:

  • David Fairman: an experienced CSO/CISO, whose previous roles include being CISO for the Royal Bank of Canada
  • Andreas Wuchner: his main area of expertise is in highly regulated environments such as life science and financial services. Wuchner is currently head of IT and risk governance at Credit Suisse
  • Raffael Marty: has 20 years of experience across engineering, analytics and research. He is currently chief research and intelligence officer at Forcepoint
  • James Doggett: comes from a wealth of experience in the security sector, including being chief technology risk officer for AIG
  • Andrew Jaquith: former global operational risk officer for cyber and information risk at JPMorgan Chase and author of Security Metrics: Replacing Fear, Uncertainty, and Doubt.
Categories: Cyber Risk News

Six Former NFL Players Charged with $4m Fraud Scheme

Info Security - Mon, 07/27/2020 - 11:01
Six Former NFL Players Charged with $4m Fraud Scheme

Six former NFL players have been charged with crimes related to a major healthcare fraud scheme that resulted in pay-outs of over $3.4m.

The superseding indictment follows a December 2019 indictment charging 10 former players allegedly involved in the operation. Seven of those have now pleaded guilty and this new document adds three more names to the list.

They are said to have taken advantage of reimbursements for out-of-pocket medical care expenses not covered under the Gene Upshaw NFL Player Health Reimbursement Account Plan.

Specifically, the players allegedly submitted claims of around $40-50,000 for expensive medical equipment that was never purchased or received. This included hyperbaric oxygen chambers, cryotherapy machines, ultrasound machines and even electromagnetic therapy devices designed for use on horses, according to the Department of Justice (DoJ).

Some of them are said to have forged invoices, prescriptions and medical letters to support these fraudulent claims.

Over $3.9m in false claims were submitted to the plan, which paid out over $3.4m between June 2017 and December 2018.

The former NFL players listed in the new indictment are: Darrell Reid, 38, of Farmingdale New Jersey; Antwan Odom, 38, of Irvington, Alabama; Anthony Montgomery, 36, of Cleveland, Ohio; Clinton Portis, 38, of Fort Mill, South Carolina; Tamarick Vanover, 46, of Tallahassee, Florida and Robert McCune, 41, of Riverdale, Georgia.

They have each been charged with one count of conspiracy to commit healthcare fraud and wire fraud. Reid, Odom, Montgomery and Portis were also each charged with one count of wire fraud and one count of healthcare fraud, while Vanover was also charged with two counts of wire fraud and two counts of healthcare fraud. 

McCune was also charged with 10 counts of wire fraud, 12 counts of health care fraud and three counts of aggravated identity theft.

McCune, Vanover and others are alleged to have recruited other players into the scheme in exchange for kickbacks that sometimes topped $10,000.

Categories: Cyber Risk News

Phishing Scam Promises £400 Council Tax Cut

Info Security - Mon, 07/27/2020 - 09:30
Phishing Scam Promises £400 Council Tax Cut

Email users are being warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut.

The email appears to come from the ‘Government Digital Service Team’ and claims to offer a rebate of nearly £400, according to think tank Parliament Street.

“You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits,” the email begins.

“Total amount of benefits: GBP 385.50. The refunded amount will be transferred directly on your Debit/Credit card. Apply now to claim the reductions made over your past two years of Council Tax payments.”

However, the refund amount stated in the subject header is apparently £385.55, just one of several mistakes that would indicate to a suspicious recipient that this may be a scam.

Parliament Street said it had evidence the message had been delivered to hundreds of inboxes.

“Since the start of COVID-19, the cyber-threats facing adults in the UK has surged, and this latest attack is one of many which have been designed to prey on individuals’ vulnerability and fear during this trying time,” argued Absolute Software VP, Andy Harcup.

Stav Pischits, CEO of Cynance, added that it’s relatively easy for cyber-criminals to copy government-branding and text from official websites in order to create scam emails.

“All too often, weary workers who are struggling with the financial impact of the COVID-19 outbreak will jump at the chance for a discount or refund like this,” he argued.

“Anyone receiving an email like this should also double check the source address of the sender and carefully examine the communication for typos and errors, often associated with online scams. Failure to do so could put the financial and personal data of the individual and their employer at risk.”

Although there has been a notable increase in COVID-19 scam emails over the first half of the year, overall cybercrime is not up, according to Microsoft and others.

Categories: Cyber Risk News

US Digital Bank Dave Admits Customer Data Breach

Info Security - Mon, 07/27/2020 - 08:32
US Digital Bank Dave Admits Customer Data Breach

A US fintech giant has admitted that it suffered a breach of customers’ personal data via a third party supplier, after researchers found a database containing millions of records for sale online.

LA-based Dave offers digital banking services, and in 2019 hit a valuation of $1bn after just two years in business.

However, reports emerged over the past week that its customers’ details were being traded on the dark web. Prolific cybercrime trader ShinyHunters released the trove for free on Friday, although in the weeks previous it was being auctioned by a new user on a separate forum.

It is claimed that there are over 7.5 million records associated with three million email addresses in the haul.

Over the weekend, Dave issued an official statement confirming the breach.

“As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form using bcrypt, an industry-recognized hashing algorithm,” it explained.

“The stolen information also included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers.”

Although Dave claimed that there’s no evidence the theft has led to financial loss or unauthorized account access, both are on the cards now the trove has been made freely available.

The passwords could technically be decrypted and then used in credential stuffing across other accounts, while the personal information exposed in the incident could be deployed to make phishing attacks more convincing.

Dave said it is in the process of notifying all affected customers and has performed a mandatory reset of all Dave customer passwords.

Categories: Cyber Risk News

US Plans Quantum Internet

Info Security - Fri, 07/24/2020 - 18:50
US Plans Quantum Internet

The United States government is teaming up with the University of Chicago to develop a nationwide quantum internet.

The network, which would run in parallel with the current internet, could be used to securely send sensitive financial information and data pertaining to matters of national security. If all goes to plan, a functional network could be up and running within ten years.

“What we’re moving forward on is building out quantum networks [to] someday . . . turn into a full second internet, a parallel internet to the digital internet,” said Paul Dabbar, undersecretary for Science at the Department of Energy (DOE).

Unlike today's internet, which transmits information by encoding the data in light particles called photons that are run along fiber-optic cables underground and over wireless communication technologies and satellites, the quantum internet would transmit data using photons that are entangled. 

Entangled photons are linked with one another despite being separated by distance. Any attempts by hackers to intercept data encoded in entangled photons while it is being transmitted would disturb the particle of light and break that link. As a result, the intercepted data, for example an image, would appear scrambled to both the hacker and the recipient. 

Funding for the project will come from the $1.275bn budget allocated as part of President Donald Trump’s National Quantum Initiative. The initiative was established under the National Quantum Initiative Act, passed into law at the end of 2018 as part of America's plan for advancing quantum technology, particularly quantum computing.

A group of around 50 organizations led by the DOE and University of Chicago has been formed to bring the project to life. At a news conference held yesterday, it was announced that the DOE’s 17 National Laboratories will serve as the backbone of the coming quantum internet.

In February of this year, scientists from DOE’s Argonne National Laboratory in Lemont, Illinois, and the University of Chicago successfully established one of the longest land-based quantum networks in the nation when they entangled photons across a 52-mile “quantum loop” in the Chicago suburbs. That network will soon be connected to DOE’s Fermilab in Batavia, Illinois, to create a three-node, 80-mile testbed.

Categories: Cyber Risk News

Former Florida Tax Collector Charged with Identity Theft

Info Security - Fri, 07/24/2020 - 18:00
Former Florida Tax Collector Charged with Identity Theft

A former Florida tax collector has been indicted on charges of stalking a political opponent and stealing their identity.

Federal stalking charges were brought against Lake Mary resident Joel Greenberg in June. The 35-year-old is accused of spreading false information about a political opponent who worked at a Seminole County school.

According to the indictment, Greenberg created fake social media accounts claiming to be a “very concerned teacher” at the victim's school. Documents show that between October 10 and November 15, 2019, the elected official attempted to spread false information about his opponent online and in a letter sent to the victim's employer.

Misinformation allegedly cast about by Greenberg included the accusation that the victim was having a sexual relationship with a student. 

Greenberg is also accused of setting up a fake Twitter account with the victim’s name and image and using it to portray the victim as a segregationist and white supremacist. 

The Department of Justice said that Greenberg's alleged actions caused the victim and his family “substantial emotional distress."

Greenberg pleaded not guilty to the stalking charges on June 28 via his attorney. In a second indictment filed last week, the former tax collector is further accused of using his office to create fake driver's licenses for himself. 

Greenberg was elected as Seminole County Tax Collector in 2016 and began serving the public in 2017. He resigned from his office on June 24, a week after being indicted by a grand jury. 

Greenberg’s alleged stalking victim is Brian Beute, whose name emerged in a report released by social media monitoring company Graphika. The report detailed how Roger Stone hired people to harass political opponents and critics on Facebook. 

The Orlando Sentinel reports that "one of the 'assets' identified by Facebook as working on behalf of Stone shared content on social media about Beute similar to the smears Greenberg is accused of spreading."

Seminole County Tax Collector candidate Brian Beute confirmed through his attorney that he was the target of the actions Greenberg is accused of in the federal indictment.

If convicted, Greenberg faces a minimum 10 years in federal prison.

Categories: Cyber Risk News