Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Schneier

New Attack on VPNs

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
The attack, named TunnelVision, compromises the purpose of VPNs by exposing incoming and outgoing Internet traffic and the user's IP address, rendering VPNs ineffective.
The researchers believe that this attack affects all VPN applications except those running on Linux or Android when connected to a hostile network.
The attack manipulates the DHCP server to divert VPN traffic, bypassing the encrypted tunnel and potentially exposing the data.

Read Full Article

4 Likes

TechCrunch

197

Image Credit: TechCrunch

US, UK police identify and charge Russian leader of LockBit ransomware gang

Russian national Dmitry Yuryevich Khoroshev, known as LockBitSupp, has been identified as the leader of the LockBit ransomware gang.
Khoroshev has been charged by the U.S. Department of Justice for computer crimes, fraud, and extortion.
Law enforcement has seized LockBit's dark web site and announced a $10 million reward for information leading to Khoroshev's arrest and conviction.
LockBit is one of the most prolific ransomware groups, responsible for targeting over 2,000 victims and stealing more than $100 million in ransom payments.

Read Full Article

11 Likes

Medium

172

Image Credit: Medium

AT&T Data Breach: Technical Analysis of the 73 million Record Leak

AT&T underwent cyberattacks in the past and in April 2022, the dataset was posted for sale for $200,000.
In October 2022, the Everest Ransomware group claimed to have hacked AT&T and was selling access to the corporate network.
Attacker can use breached PII like full names, SSNs, and telephone numbers to exploit users.
AT&T showed a lack of transparency and avoided accepting any connection with the breach.
Customers experiencing the breach may face identity theft, and financial fraud which is a lasting effect on victim’s life.
The data leak violated the confidentiality factor of CIA triad.
The breached data was associated with past customers from 2019, highlighting the importance of protecting data no longer in use.
AT&T has already reset the passcodes of its 7.6 million current account users, who have been alerted to the incident. Former clients who provided compromised information are being approached.
The company is also providing credit monitoring to affected users to actively monitor their accounts and credit reports.
AT&T must improve its cybersecurity infrastructure, adopt advanced encryption methods, and motivate their vendors to implement robust information security policies.

Read Full Article

10 Likes

Medium

Image Credit: Medium

Redefining Cyber Resilience: Addressing AI-Powered Threats in the 2024 Security Landscape

AI-powered cyber attacks use ML — algorithms to automate as well as enhance their effectiveness, making them difficult to predict and prevent.
Adversarial attacks target AI systems and can lead an AI-based system to misclassify data fed, which means that the integrity of data is violated.
AI-powered attacks can compromise the confidentiality of data by gaining unauthorized access to sensitive data, as well as enhance the effectiveness of social engineering attacks such as spear phishing.
The integrity of data is at risk as AI-powered attacks can manipulate data without detection, which misleads AI systems and causes incorrect predictions or classifications.
Additionally, AI-powered attacks can violate the availability principle of the CIA triad by launching sophisticated DDoS attacks, which can analyze network traffic patterns in real-time and adapt their strategies to maximize disruption.
The escalation of AI-powered attacks necessitates a re-evaluation and potential update of existing security measures and regulatory frameworks.
As the landscape of cyber threats evolves with the integration of AI technologies, it becomes imperative for policies to adapt and incorporate safeguards against these advanced tactics.
Amid ongoing technological evolution, the significance of basic security protocols like executing consistent security evaluations, enlightening employees on the detection and deterrence of cyber threats, and keeping abreast of current hazard trends and protective tactics.
A cybersecurity team with AI-specific knowledge can detect AI-assisted phishing attacks and reduce the attack surface.
Companies and firms should expect a cat-and-mouse game in defending against AI-backed threats, and the National Institute of Standards and Technology's AI RMF and MITRE ATLAS are recommended resources for managing AI cybersecurity risks.

Read Full Article

1 Like

Discover more

Medium

357

Image Credit: Medium

PSNI Must Investigate Maurice O’Sullivan, Bradley Hale and Asad Mahmud in Cyber Espionage…

A human rights defender is urging the PSNI to investigate Maurice O’Sullivan, Bradley Hale, and Asad Mahmud for their involvement in cyber espionage.
These individuals are suspected of aiding prominent figures, potentially including Mr. Donal Herlihy, in unlawfully accessing personal digital devices, Google knowledge panel, student aid, and social media accounts.
The transnational nature of the criminal activities necessitates collaboration with authorities in the Republic of Ireland and beyond.
Cooperation between law enforcement agencies and the community is crucial in combating cybercrime.

Read Full Article

21 Likes

Medium

416

Image Credit: Medium

Underbelly of Cyber Warfare: The Critical Role of Cybersecurity in Times of Conflict

Russia is diversifying its cyberwarfare arsenal by employing previously unidentified hacking groups, targeting Ukrainian networks for financially motivated cyberattacks.
Nearly 40 percent of reported incidents in Ukraine were related to financial theft, highlighting the vulnerability of the finance sector to cyber threats.
The finance sector becomes a prime target during times of conflict, as disrupting banking systems and manipulating markets can have far-reaching consequences.
Robust cybersecurity measures are crucial to mitigate risks and safeguard economic stability and national security amidst geopolitical turmoil.

Read Full Article

25 Likes

Medium

Web Hosting Third-Party Risk Management: Techniques for Assessing and Reducing Supplier Risks

Web hosting companies must use third-party risk management to identify, evaluate, and reduce risks associated with outside vendors and suppliers.
Important elements of third-party risk control include vendor due diligence and contractual protections.
Web hosting companies can prevent service interruptions, secure customer data, and uphold trust by implementing strong risk management frameworks.
Continuous evaluation, improvement, and adjustment of risk management policies help ensure the integrity and availability of hosting services.

Read Full Article

2 Likes

Gbhackers

223

New TunnelVision Attack Lets Attackers Snoop on VPN Traffic

Cybersecurity experts have discovered a new type of cyberattack called "TunnelVision" that targets Virtual Private Networks (VPNs).
TunnelVision bypasses VPN encryption, putting sensitive data at risk of unauthorized snooping.
Attackers exploit vulnerabilities in VPN routing mechanisms to decloak and expose encrypted data.
Regularly updating VPN software and using strong encryption protocols are recommended to enhance VPN security.

Read Full Article

13 Likes

Silicon

101

Image Credit: Silicon

Notorious Finnish Hacker Jailed Over Patient Records Hack

Finnish hacker Julius Kivimäki has been sentenced to six years and three months in prison.
He was found guilty of offences including data breach, blackmail attempts, and dissemination of private information.
The crimes were very damaging to the fragile state of mental health patients.
Kivimäki hacked a psychotherapy center, attempted to extort ransom, and leaked sensitive patient records.

Read Full Article

6 Likes

Securityaffairs

Image Credit: Securityaffairs

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Alexander Vinnik, operator of BTC-e exchange, pleaded guilty to money laundering.
Vinnik operated the cryptocurrency exchange BTC-e from 2011 to 2017, processing over $9 billion in transactions and serving over one million users globally.
BTC-e received criminal proceeds from various illegal activities, including computer intrusions, ransomware attacks, identity theft, corruption, and drug distribution.
Vinnik was convicted of money laundering but not of extortion, and French prosecutors believe he was involved in the Locky ransomware attacks.

Read Full Article

3 Likes

Medium

134

The Rise of AI in Cybersecurity: How Artificial Intelligence is Changing the Game

AI-powered security systems can analyze network traffic, user behavior, and data to detect threats before they unfold.
AI systems constantly learn from new data and evolving threats, allowing them to identify zero-day attacks and adjust their defenses accordingly.
AI can automate mundane cybersecurity tasks, freeing up professionals to focus on more strategic initiatives.
While there are obstacles like bias in training data, AI is becoming an increasingly potent tool in cybersecurity.

Read Full Article

8 Likes

Medium

387

Image Credit: Medium

How to Choose the Best Software Testing Company

Choosing the right software testing company is crucial for the success of your project.
Factors to consider include expertise, testing methodologies, quality assurance, cost-effectiveness, and return on investment.
Bug Hunters is a recommended choice with over a decade of industry experience and a wide range of testing services.
They offer customized solutions, leverage cutting-edge technologies, and prioritize client communication.

Read Full Article

23 Likes

Medium

Image Credit: Medium

Devshield WordPress Template Kits

Devshield is a WordPress Template Kit designed for Cybersecurity Services websites.
It comes with a selection of templates for Cyber Security Services Company, Digital Security Consulting, Cyber Security Agency, Risk Compliance & IT Security, and more.
The kit is optimized for use with the free "Hello Elementor" theme and is easy to customize using Elementor.
For support and further information, users can visit the Support Center or Elementor > Get Help in WordPress.

Read Full Article

1 Like

TechCrunch

240

Image Credit: TechCrunch

Police resurrect Lockbit’s site and troll the ransomware gang

An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang.
The authorities are planning to release new information about the hackers in the next 24 hours.
LockBit first emerged in 2019 and has become one of the most prolific ransomware gangs, netting millions in ransom payments.
The group's leader, known as LockBitSupp, will have their identity revealed on Tuesday according to a post on the seized website.

Read Full Article

14 Likes

Medium

143

Image Credit: Medium

The Evolving Frontline of Cybersecurity

The Cyber National Mission Force, part of US Cyber Command, has been actively involved in cyber operations across more than a dozen countries to strengthen defenses and counteract threats.
Presence of US cyber specialists in regions like Ukraine and the Baltics, and potentially in Asia-Pacific regions like Taiwan and the Philippines, help in understanding adversary tactics and demonstrate US readiness to defend allies.
The Defense Department is seeking an increase in its budget for cyber operations, requesting $14.5 billion for fiscal year 2025, highlighting the importance of cyber defense in national security strategy.
Cyberattacks have global repercussions, making international cooperation and investment in cyber defense imperative.

Read Full Article

8 Likes

For uninterrupted reading, download the app