A naukri.com initiative
Cyber Crime News
Cybersafe
2d
161
Image Credit: Cybersafe
Dell API abused to steal 49 million customer records in data breach
- 49 million customer records were stolen in a data breach involving Dell.
- The threat actor gained access to a partner portal API using a fake company.
- The stolen data includes customer names, warranty information, and order numbers.
- Dell was notified about the breach by the threat actor but did not respond until two weeks later.
Read Full Article
9 Likes
Medium
2d
150
Image Credit: Medium
What is Vulnerability Assessment and Penetration Testing (VAPT)?: Tools, Strategies, and Benefits
- VAPT is a comprehensive security testing methodology designed to identify, prioritize, and remediate vulnerabilities in your IT infrastructure.
- It combines the analytical power of a Vulnerability Assessment (VA) with the real-world simulation of a Penetration Test (PT).
- A diverse arsenal of tools is available for conducting VAPT exercises.
- Regular VAPT exercises offer advantages beyond the initial assessment, reducing the risk of cyberattacks and protecting valuable assets.
Read Full Article
9 Likes
Gbhackers
2d
288
Hackers Abuse GoTo Meeting Tool to Deploy Remcos RAT
- Hackers are using the online meeting platform GoToMeeting to distribute a Remote Access Trojan called Remcos.
- The attackers manipulate GoToMeeting notifications to disguise the Remcos payload and trick users into executing the malware.
- Remcos allows attackers to remotely control infected computers, steal sensitive information, and deploy additional malicious payloads.
- GoToMeeting's parent company is taking measures to enhance the platform's security and raise user awareness to mitigate similar attacks.
Read Full Article
17 Likes
Securityaffairs
2d
332
Image Credit: Securityaffairs
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
- Since April, the Phorpiex botnet has been used to send millions of phishing emails as part of a LockBit Black ransomware campaign.
- The botnet, active since 2016, has been involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping, and ransomware attacks.
- In August 2021, the criminal organization behind the Phorpiex botnet shut down their operations and put the bot's source code for sale on the dark web.
- In December 2021, a new variant of the Phorpiex botnet, named Twizt, was observed, allowing the theft of crypto assets worth $500,000.
Read Full Article
19 Likes
Medium
2d
329
Image Credit: Medium
9 Cases, How Human Error can lead to significant cybersecurity breaches
- Misdelivery of Emails: A common error that can have severe consequences is the misdelivery of emails, where sensitive information is sent to the wrong recipient. This type of error was highlighted by a 2018 incident involving Dignity Health, where 56,000 patients’ emails were misdirected, potentially exposing sensitive personal information. Using automated data loss prevention (DLP) tools and thorough security training can help mitigate these risks.
- Toyota Boshoku Corporation: In August 2019, a European subsidiary of Toyota suffered a business email compromise (BEC) attack resulting in a financial loss of $37.3 million. The attackers duped employees into transferring funds to a fraudulent account by posing as a legitimate business partner. This case emphasizes the need for rigorous verification procedures and employee training to recognize phishing attempts.
- Sequoia Capital: In February 2021, Sequoia Capital, a well-known venture capital firm, experienced a cybersecurity breach due to human error. An employee fell victim to a phishing attack, leading to exposure of personal and financial information of investors. This breach underscores the importance of continuous cybersecurity awareness and training to help employees spot and avoid phishing schemes.
- The Equifax data breach in 2017 was a significant cybersecurity failure that affected approximately 148 million consumers. The breach was triggered by a vulnerability in the Apache Struts software, which Equifax failed to patch despite being alerted by the Department of Homeland Security. This oversight allowed hackers to access sensitive data. Further compounding the issue, an expired digital certificate on a key network monitoring device went unnoticed for 19 months, preventing the detection of suspicious network activity and data exfiltration. The breach could have been avoided with better visibility and management of digital certificates and more timely action on known software vulnerabilities.
Read Full Article
19 Likes
Medium
3d
131
Image Credit: Medium
SENDING FLASH BITCOIN AND USDT TO BINANCE & OTHER CRYPTOCURRENCY EXCHANGE
- Flash BTC and USDT are being advertised as a way to quickly transfer coins and have them disappear from wallets within 50 days.
- The Flash BTC and USDT coins cannot be transferred more than 12 times and will disappear after 50 days.
- A software called Flash BTC Transaction and Flash USDT Transaction are being sold online for this purpose.
- There is also a tool available for recovering lost or stolen USDT by recovering the coins to a new wallet.
Read Full Article
7 Likes
Securityaffairs
3d
159
Image Credit: Securityaffairs
City of Helsinki suffered a data breach
- The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel.
- The breach occurred on 30 April 2024 and is currently being investigated by the Police of Finland.
- The data breach affected the City's Education Division's computer network, exposing personal information of students, guardians, and personnel.
- The City has implemented security measures and is closely monitoring its networks to prevent further breaches.
Read Full Article
9 Likes
Medium
3d
191
Image Credit: Medium
SOC140 — Phishing Mail Detected — Suspicious Task Scheduler
- Phishing Mail Detected - Suspicious Task Scheduler
- An email with a suspicious URL for file download was detected.
- The domain of the URL was flagged as malicious by several security vendors.
- The email was delivered to the user, but it was identified as a true positive and removed.
Read Full Article
11 Likes
Medium
3d
367
Image Credit: Medium
Southern Ontario Hospitals Cyber Incident Analysis
- The hospitals’ online services, such as patient records and email, were affected by a cyberattack on their systems provided by TransForm.
- Daixin Team, an organized cybercrime gang, claimed responsibility for the attack and published stolen patient data.
- The incident highlights the importance of robust cybersecurity in healthcare institutions and the potential harm caused by cyberattacks.
- The hospitals are working on recovery and improving digital security, and have reported the findings to the Ontario Information and Privacy Commissioner.
Read Full Article
22 Likes
Infoblox
3d
307
Image Credit: Infoblox
How to Implement Commercial Data Protection for Copilot using Infoblox DNS
- This article explains the risk commercial copilot users face and how to implement the right Commercial Data Protection (CDP). Leakage of sensitive data, compliance violations, intellectual property risks, productivity loss, and reputation damage are the top risks associated with not using CDP. The article recommends enabling the “Commercial Data Protection for Microsoft Copilot” Service Plan and setting up DNS configuration to prevent access to Copilot without CDP. Best practices suggest deploying DNS rules to a forwarding layer to protect the commercial environment. This simplifies CDP enforcement hence reduces the risk of accidental misconfiguration that could expose sensitive data.
- Commercial data protection (CDP) is crucial for users of Microsoft's generative AI system, Copilot. This article outlines how organizations can implement CDP to prevent data breaches and privacy violations. CDP can also help organizations avoid compliance violations, preserve intellectual property, and maintain trust, productivity, and reputation. The article recommends enabling the Commercial Data Protection for Microsoft Copilot Service Plan and updating the DNS configuration to prevent unauthorized access to Copilot. Enterprises deploying Copilot can also use DNS security to redirect Internet traffic and enforce CDP rules. Best practices suggest deploying DNS rules to a forwarding layer to protect the commercial environment. This simplifies CDP enforcement hence reduces the risk of accidental misconfiguration that could expose sensitive data.
- Without Commercial Data Protection (CDP), users of Copilot risk data leakage and privacy concerns that may cost their organizations a lot. It can cause compliance violations like General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA), which lead to legal penalties, fines, and reputation damage. Copilot users generate code, documents, and other content based on user input, which means that CDP is critical to maintain IP and competitiveness. By deploying the best practices suggested in this article, you can enhance your security and responsible AI usage within your organization.
- CDP implementation is essential in avoiding data leakage and privacy breaches that may result from using Microsoft's Copilot AI system. This article highlights the possible risks of not implementing CDP, such as legal penalties, financial damage, sensitive data exposure, and complexity in enforcing compliance regulations. The article recommends using DNS configuration to prevent users' unauthorized access to Copilot and leveraging DNS security to redirect traffic from public-facing Copilot to the secured environment. This approach reinforces CDP policies to reduce the risk of accidental misconfiguration that could impact data privacy and security.
- CDP is vital for commercial users of Microsoft's generative AI system, Copilot. In this article, risks associated with using Copilot without CDP are highlighted, including data leakage, compliance violations, intellectual property risks, productivity loss, and reputation damage. Implementing CDP helps preserve user trust, compliance with regulatory, IP, and competitive edge. The article recommends activating the Commercial Data Protection for Microsoft Copilot Service Plan and updating DNS configurations to prevent users from accessing Copilot without CDP. It also suggests leveraging DNS security to redirect Internet traffic and endorse CDP rules hence protecting the commercial environment.
- Users of Copilot require Commercial Data Protection (CDP) to prevent potential data breaches and privacy violations. Non-compliance with set industry regulations may attract penalties and damage the organizations' reputation. To enhance your organization's security and responsible AI usage, you can activate the 'Commercial Data Protection for Microsoft Copilot' Service Plan, setup DNS configuration, and deploy DNS rules to the forwarding layers to protect the commercial environment. By following these recommended practices, you will ultimately reinforce CDP practices and prevent accidental misconfiguration, which may leak sensitive data.
- Commercial Data Protection (CDP) is necessary for commercial Copilot users to avoid privacy breaches and data leakage. This article identifies the significant risks that users of Copilot without CDP face, including compliance violations, productivity loss, and damage to their reputation. Microsoft recommends enabling the 'Commercial Data Protection for Microsoft Copilot' Service Plan and configuring DNS setups to prevent unqualified access without CDP. Using DNS security to redirect internet traffic is also a best practice to validate Copilot's safe usage. Redirecting traffic with DNS security distributes CDP rules enforcement further simplifying CDP protection policy applications.
- This article highlights the significance of Commercial Data Protection (CDP) for commercial Copilot users in avoiding privacy breaches and data leakage. Not adhering to CDP guidelines poses risks to enterprises, including intellectual property risks, productivity losses, and reputational damage. The article recommends enabling the 'Commercial Data Protection for Microsoft Copilot' Service Plan, using DNS configuration to prevent unauthorized access to Copilot, and redirecting internet traffic using DNS security. Best practices suggest that deploying DNS rules to the forwarding layer protects commercial environments and simplifies CDP implementation.
- This article explains why it's essential for Commercial Copilot users to implement the right Commercial Data Protection (CDP) to avoid data breaches, privacy violations, and other associated risks. The article recommends activating the Commercial Data Protection for Microsoft Copilot Service Plan and setting up DNS configurations to prevent unauthorized access to Copilot. DNS security is also crucial for redirecting public-facing Copilot traffic to a secured environment, allowing organizations to enforce CDP policies. Employing these best practices enhances security and facilitates responsible AI usage in business operations.
- To prevent privacy breaches and data leakage, commercial Copilot users must implement commercial data protection (CDP). Non-compliance with industry regulations could lead to legal penalties, financial damages, and reputation loss. Best practices for optimal security recommended by this article include activating the 'Commercial Data Protection for Microsoft Copilot' Service Plan, updating DNS configurations, and deploying DNS rules to the forwarding layers. DNS security is also advised. Leveraging these practices helps enforce CDP policies with minimal risks associated with accidental misconfiguration.
Read Full Article
18 Likes
Medium
3d
179
Image Credit: Medium
Detecting and Mitigating the XZ Backdoor >
- XZ is a compression algorithm and file format widely used in Unix-like operating systems for data compression purposes.
- A backdoor was discovered in the XZ compression algorithm in 2023 by a malicious developer named Jia Tan who had gained commit and release manager permissions for the project over two years of contribution.
- The backdoor was sophisticated and consisted of multiple parts introduced over multiple commits.
- Currently, it appears that the backdoor is added to the SSH daemon on the vulnerable machine, enabling a remote attacker to execute arbitrary code.
- The Popeye XZ tool has been developed to detect and fix the XZ-utils backdoor vulnerability (CVE-2024–3094).
- The Popeye XZ tool works by analyzing XZ compressed files for potential security vulnerabilities or suspicious patterns, and it may employ pattern recognition algorithms to detect known signatures of malicious XZ archives.
- The tool also performs behavioral analysis, examining the behavior of extracted files or payloads for signs of malicious activity.
- Jia Tan used fake accounts to send myriad feature requests and complaints about bugs to pressure the original maintainer, eventually causing the need to add another maintainer to the repository.
- The vulnerability was assigned CVE-2024–3094 by Red Hat.
- Vegard Nossum’s script is mentioned as a means to detect potentially vulnerable SSH binaries on systems.
Read Full Article
10 Likes
Securityaffairs
3d
192
Image Credit: Securityaffairs
Russian hackers defaced local British news sites
- A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group.
- Local media websites in the UK are vulnerable to cyber attacks, threat actors can target them to spread fake news.
- In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites.
- The attackers used to replace existing legitimate articles on the sites with the fake content, instead of creating new posts.
Read Full Article
11 Likes
Gbhackers
3d
192
Scattered Spider Attacking Finance & Insurance Industries WorldWide
- The Scattered Spider group of hackers has been actively attacking the finance and insurance industries worldwide.
- Hackers target these sectors due to the large volumes of sensitive data they possess, including financial information and personal identities.
- Breaches in these industries can lead to financial manipulation, extortion, and fraud.
- Scattered Spider employs sophisticated tactics such as SIM swapping and domain impersonation to gain access to targeted systems.
Read Full Article
11 Likes
Gbhackers
3d
108
Tycoon 2FA Attacking Microsoft 365 AND Google Users To Bypass MFA
- Tycoon 2FA is a phishing platform targeting Microsoft 365 and Gmail accounts.
- It uses an AitM technique to steal user session cookies and bypass MFA.
- The platform has updated its features to evade security defenses and avoid detection.
- Tycoon 2FA employs various tactics such as fake authentication links and QR codes to steal credentials.
Read Full Article
6 Likes
Tech Story
3d
60
Data Breach at DELL! Investigation Begins as Dell Confirms Data Breach
- Dell is currently investigating a data breach that occurred on one of its portals containing customer information.
- The breach involved a database with limited customer details such as names, physical addresses, and certain Dell hardware and order information.
- No sensitive information like financial details, email addresses, or phone numbers was compromised.
- Dell is taking proactive measures to notify affected customers and is committed to cybersecurity and risk mitigation.
Read Full Article
3 Likes
For uninterrupted reading, download the app