Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Don’t Fall for the ...

 Cybersecurity News

The FBI has issued a warning about scammers who target people with false work-from-home job offers. These work-from-home job scams frequently involve easy tasks, like evaluating restaurants or constantly clicking a button to "optimize" a service. The scammers pretend to be a legitimate business, like staffing   show more ...

or recruiting agencies and may contact potential victims through spontaneous calls or messages. How Does Work-From-Home Job Scam Work? Scammers dupe victims by convincing them that they will earn money through a complicated compensation structure that involves cryptocurrency payments. These payments are ostensibly required to earn more money or unlock extra tasks, but in reality, they go straight to the scammers. Victims are directed to a fake online interface that shows they are earning money, but none of it can be cashed out. [caption id="attachment_74901" align="aligncenter" width="1024"] Source: FBI[/caption] The FBI further urges anyone who encounters these fraudulent job offers to report them to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov. The Internet Crime Complaint Center, or IC3, is the Nation’s central hub for reporting cybercrime. It is run by the FBI, the lead federal agency for investigating cybercrime. Victims should provide any transaction details related to the scam. So, What Are the Red Flags to Watch For? You are asked to make cryptocurrency payments as part of the job. The fake work-from-home job involves simple tasks described with terms like "optimization." In the hiring process, no references will be required. Steps to Protect Yourself From Scams Be cautious of unsolicited employment offers and avoid clicking on links, downloading files, or opening attachments in such messages. Don't transfer money to anyone purporting to be an employer. Avoid paying for firms that claim to retrieve stolen cryptocurrency funds. • Do not provide financial or personal information to unsolicited employment offers.

image for U.S. Navy Punishes S ...

 Cybersecurity News

The U.S. Navy took action against a senior enlisted leader who installed an unauthorized Wi-Fi system aboard a combat ship. According to documents obtained by the Navy Times, Grisel Marrero, the former command senior chief of the littoral combat ship USS Manchester's gold crew, pleaded guilty in March to charges   show more ...

related to the operation of the illicit network and a subsequent cover-up. The network appears to have been set up through the use of a Starlink satellite connected to the ship. U.S. Navy Chief Attempted to Cover Up Illicit Network The U.S. Navy began investigating the ship's network installation in June 2023 when a crew member attempted to report the network to the ship's commanding officer. However, Marrero intercepted the tip from being sent and avoided sharing information about the deployment of the Wi-Fi network. The installation was eventually uncovered in August after Marrero edited an image of the ship's Starlink data usage to conceal the Wi-Fi network's activity. Prosecutors believe Marrero attempted this operation to impede pending disciplinary action against another sailor. It is unclear if the sailor was involved with the operation of the Wi-Fi network. Marrero, who had a background in Navy intelligence, was relieved of her leadership position aboard the Manchester in September 2023 due to a "loss of confidence," the Navy's Surface Force Pacific (SURFPAC) command said in a statement. The phrase “loss of confidence” is commonly used as a euphemism among military branches to announce that that enlisted officers and senior leaders have been relieved of their duty and while avoiding specific details or behavior behind the decision such as  performance or  misconduct. Marrero later faced a court-martial, where she pleaded guilty to willful dereliction of duty and making false statements to her superiors. She was also demoted from the E-8 level rank to E-7 as punishment. Other U.S. Sailors Implicated in the Wi-Fi Scandal The Navy has also disciplined other sailors in connection with the illegal Wi-Fi network. While details of their involvement are scarce, a spokesperson for the Navy confirmed that other sailors were also punished for their role in the operation of the illicit network. The extent of their punishments is not yet clear, as the spokesman declined to provide further details. The Manchester's gold crew has faced significant changes in the past year, with Marrero and the ship's second-in-command, Cmdr. Matthew Yokeley, both being relieved of their duties. The Manchester, which was in or around San Diego, Hawaii and Guam during Marrero's alleged deeds, is a littoral combat ship assigned to SURFPAC, part of the U.S. Pacific Fleet. The reasons for Yokeley's ouster are unclear, and SURFPAC officials have declined to provide further details. In previous official press releases relating to the dismissal of Navy officers for unspecified reasons, such as the relieving of commodore Richard A. Zaszewski in March 2024, and commodore James Harne from duty in December 2023, the navy often made the following statement: Navy leaders are held to high standards of personal and professional conduct. They are expected to uphold the highest standards of responsibility, reliability, and leadership, and the Navy holds them accountable when they fall short of those standards. This incident serves as a reminder of the security concerns stemming from the use of unauthorized networks or digital communications while operating in official military or Navy duty. An official press release from the Navy, along with further information on other punishments involved with the unauthorized network, is expected in the coming months. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hackers Hijack High- ...

 Firewall Daily

Malicious actors recently hacked high-profile TikTok accounts of big companies and celebrities and exploited a zero-day vulnerability in TikTok's direct messaging feature. This TikTok zero-day vulnerability allowed the hackers to take control of accounts without the need for victims to download anything or click   show more ...

on any links. For all those who are unaware of what is a zero-day vulnerability, it is a security hole in software that the makers themselves are unaware of. The reason why it’s a prime target of the hackers is that there's no patch or public information about the flaw. The TikTok zero-day vulnerability has impacted and hijacked accounts belonging to CNN, Sony, and Paris Hilton. According to the Semaphor, CNN's account was the first to be compromised last week. Afterward, similar cyberattacks targeted Sony and Paris Hilton’s accounts. To prevent any further misuse, TikTok took these accounts offline. How Did the TikTok Zero-Day Vulnerability Occur? According to Forbes, which first reported the incident, hackers simply opened a malicious direct message to compromise an account. It was noted that there was no need to download any files or click on any links, making the attack easy to carry out and difficult to detect. Alex Haurek who leads TikTok's security team, responded to Forbes noting, "Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We're working directly with affected account owners to restore access if needed." TikTok has also notified that only a small number of accounts were compromised, but it hasn't given specific numbers or detailed the vulnerability until they fix it completely. Prior Security Issues This isn't the first time TikTok has faced security issues. In August 2022, Microsoft discovered a flaw in TikTok’s Android app that allowed hackers to take over accounts with a single tap. TikTok has also fixed other security bugs that let attackers steal private user information, bypass privacy protections, and manipulate user videos. In another example, Apple released a software update to fix a bug in WebKit, which runs Safari and other web apps. This bug could have allowed malicious code to run on affected devices. Apple quickly patched this across all its devices, including iPhones, iPads, Macs, and Apple TV. In mid-2023, TikTok was fined £12.7 million by the Information Commissioner’s Office (ICO) for multiple breaches of data protection laws. These include allowing over one million children under 13 to use its platform without parental consent in 2020, contrary to its own terms of service. The ICO’s investigation found that TikTok had allowed an estimated 1.4 million UK children under 13 to create accounts and use its platform, despite its rules stating that users must be at least 13 years old. This resulted in the unlawful processing of children’s data without proper consent or authorization from their parents or guardians, a requirement under UK data protection law for organizations offering information society services to children under 13.  Furthermore, TikTok failed to provide adequate information to its users, especially children, on how their data was being collected, used, and shared in a clear and understandable manner.  This lack of transparency made it difficult for users to make informed choices about their engagement with the platform.

image for TSCOP App Cyberattac ...

 Cybersecurity News

Less than a week after The Cyber Express exposed the data breach of a crime reporting app in India’s Telangana State, a hacker has now claimed to have engineered yet another cyberattack on Telangana Police's data. The Thread Actor (TA) has claimed to have carried out the TSCOP App Cyberattack, which is the   show more ...

Telangana Police’s internal crime detection app across all its wings. The massive data breach claims to expose the personal details of police officers, criminals, and gun license holders in Telangana. Understanding the TSCOP App Cyberattack TSCOP app was launched on January 1, 2018, to ensure better collaboration and operational efficiency of the police at all levels across the state of Telangana. The app received a boost when it was equipped with the Facial Recognition System (FRS) whereby the police could identify criminals in a few seconds by comparing a suspect's face with lakhs of digital photographs of people, including previous offenders, wanted and those missing stored in the central database. The App was also adjudged the ‘Best IT Project’ in India, for empowering police with information technology. [caption id="attachment_74941" align="alignnone" width="1200"] Source: Telangana Police Website[/caption] The TSCOP App Cyberattack was masterminded by a threat actor who goes by the name “Adm1nFr1end.” The same thread actor was responsible for Telangana Police’s Hawk Eye app data breach last week. The claims of cyberattack on the TSCOP app emerged on June 5, 2024, when the TA posted the alleged leaked data on BreachForums site. According to the TA, the leaked data includes the names, phone numbers and email addresses of police personnel from the Anti-Corruption Bureau, the Anti-Narcotics Bureau, Intelligence, Greyhounds (counter-insurgency wing against terrorists), Home Guards, and a host of other wings of the Telangana Police. TSCOP App Cyberattack Samples To substantiate the claims of cyberattack, the thread actor shared a few samples which revealed the phone number, name and designation of police officers. In a few cases, the district and zone of the concerned police officer were also leaked, along with the cop’s IMEI mobile number. But what could be major concern to the police is the leak of data related to criminals who were recently booked. The TA shared samples of offenders who were recently booked, which revealed the operations carried out by the concerned police station, the names, ages, mobile numbers, and addresses of the accused, the date on which they were booked, and in a few cases, the crime for which they were booked. The hacker also shared another sample, which could be of critical concern owing to breach of privacy of citizens. This data breach revealed the names, addresses, voter ids, date of birth and license number of citizens who had applied for a gun license and the reason for holding a weapon. Experts Site Weak System Behind TSCOP App Cyberattack When the Telangana Police’s website was hacked last week, cybersecurity experts had warned the cops of multiple attacks in the future. India’s popular data security researcher Srinivas Kodali said, “It is easy to hack into their system as they used basic authentication and encoding.” He condemned the state police for not hiring proper developers and putting the privacy of several thousand users at risk. [caption id="attachment_74951" align="alignnone" width="687"] Source: X[/caption] The Cyber Express has reached out to the Telangana Police, seeking their response on the cyberattack. We will update this story as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for London Hospitals Rep ...

 Cyber Essentials

Several major hospitals in London have faced service disruptions following a ransomware attack on a third-party responsible for providing pathology services. As a result, the Synnovis ransomware attack has been assigned a critical incident emergency status by the authorities. On Monday, a ransomware attack targeted   show more ...

Synnovis, a company offering pathology services such as blood tests for transfusions to various healthcare organizations. A spokesperson for NHS England London confirmed the incident, stating that the hospital network was currently disconnected from Synnovis IT servers. Synnovis Ransomware Attack Has 'Significant Impact' The Synnovis ransomware attack was having a "significant impact" on the delivery of services at Guy’s and St Thomas’ hospitals, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast London, the spokesperson added. "The immediate impact was reported on patients using NHS services within the two partner hospitals, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth boroughs." Royal Brompton and Harefield hospitals, renowned heart and lung centers in the UK, have also reportedly been impacted. As a result of the attack, some appointments have been canceled and patients redirected with short notice, placing additional strain on other hospitals. "We are currently experiencing disruption to our pathology services, particularly blood tests." "This is following a cyber attack affecting our pathology service provider Synnovis," said the NHS statement. "Very regrettably we have had to cancel some procedures and operations. We apologise unreservedly to all patients who are affected." The disruption in the blood transfusion IT system poses a risk to trauma cases, with only urgent blood components being transfused when critically necessary for patients. Efforts are underway by the Department of Health and Social Care, NHS England, and the National Cyber Security Centre to address the cyber incident and support affected organizations while prioritizing patient safety. The uncertainty surrounding the duration of the disruption raises concerns about resource availability and potential further critical incidents. The attack follows a similar one that hit NHS services in Scotland in March. CEO's Statement on Synnovis Ransomware Attack Mark Dollar, the CEO of Synnovis, acknowledged the severity of the situation, emphasizing the collaborative efforts between IT experts from Synnovis and the NHS to assess the extent of the damage and implement necessary measures. Patient care has been disrupted, leading to some activities being canceled or redirected to alternative providers to prioritize urgent needs, Dollar said. "It is still early days and we are trying to understand exactly what has happened." A taskforce of IT experts from Synnovis and the NHS is working to fully assess the impact this has had, and to take the appropriate action needed. We are working closely with NHS Trust partners to minimise the impact on patients and other service users." "Regrettably this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised." "We are incredibly sorry for the inconvenience and upset this is causing to patients, service users and anyone else affected. We are doing our best to minimise the impact and will stay in touch with local NHS services to keep people up to date with developments," Dollar added. Synnovis has invested heavily in ensuring that IT arrangements are of the highest order of safety but Dollar, citing the ransomware attack, said, "This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect." As the healthcare sector continues to navigate the evolving landscape of cyber threats, stakeholders must remain vigilant, prioritize cybersecurity protocols, and collaborate to fortify defenses against ransomware attacks. Safeguarding patient data and preserving the trust of individuals relying on healthcare services are critical imperatives in the ongoing battle against cybercrime in the healthcare industry.

image for PandaBuy Allegedly H ...

 Firewall Daily

A threat actor known as Sanggiero has claimed responsibility for a data breach affecting the UK-based e-commerce platform PandaBuy. The threat actor, who operates on BreachForums, posted an advertisement offering more than 17 million user records for sale. The announcement of PandaBuy data breach comes after Sanggiero   show more ...

partially shared PandaBuy's data on March 31, 2024. PandaBuy, a Chinese online marketplace known for selling counterfeit products, has over one million downloads on Google Play Store and 2.95k reviews. According to the TA's post on the breach fourm, the compromised data includes first name, last name, user ID, email address, order data, order ID, login IP address, country, name of the employee, and hashed password. To prove the authenticity of the breach, Sanggiero shared a screenshot of the compromised JSON file and the total number of records. The hacker claims the data was obtained by exploiting critical vulnerabilities in PandaBuy’s platform and plans to publicly disclose these weaknesses on their blog soon. I would also explain on my blog all the vulnerabilities which have not yet been fixed by PandaBuy," the hacker stated. PandaBuy Data Breach: Threat Actor Set a Price Tag Sanggiero is offering the complete database for a price of $40,000. The hacker's post read, “We sell the whole database of PandaBuy. Indeed, you will have seen a few months ago we partially disclosed PandaBuy data. Now we sell all of the data that include 17 millions of lines on users for a price of $40,000.” In addition to the ransom, Sanggiero warned of disclosing the names of PandaBuy employees along with their passwords, which are encoded in base-64. The post also left an open invitation for PandaBuy to resume negotiations to prevent further disclosures. “The names of the employees will also be disclosed with their passwords (encoded in base-64). If PandaBuy wants to resume negotiations, they are welcome. No more time to waste.” PandaBuy Legal Troubles This data breach adds to the growing list of troubles for PandaBuy. In April 2024, Chinese authorities targeted the platform for supplying counterfeit goods. Police raided its warehouses, which held millions of packages destined for overseas buyers. The crackdown involved more than 200 public security branch officers, 50 private sector investigators, and local police. The raids led to the detention of over 30 people and the seizure of millions of parcels, including hundreds of thousands of fake branded sports shoes. Prior to this, PandaBuy faced legal action from 16 brands over copyright infringement. The Hangzhou office and several warehouses of PandaBuy were raided, resulting in significant legal and reputational challenges for the company. The investigation, first publicized by World Trademark Review, was carried out in cooperation with the City of London police and several intellectual property protection firms, including Corsearch, Rouse, and Rouse’s China-based strategic partner Lusheng Law Firm. What This Means for PandaBuy Users For PandaBuy users, this alleged data breach is a serious concern. The compromised data includes sensitive personal information that could be used for identity theft, phishing attacks, and other malicious activities. Users are advised to: Change their PandaBuy passwords immediately. Monitor their email accounts for suspicious activity. Be wary of phishing emails or messages that may try to exploit the stolen data. Additionally, PandaBuy users should consider using two-factor authentication (2FA) for their accounts to add an extra layer of security. Looking Ahead For PandaBuy, the road to recovery will be challenging. The company not only needs to address the security flaws that led to the alleged PandaBuy data breach but also rebuild trust with its users and partners. The ongoing legal battles over counterfeit goods add another layer of complexity to their situation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australian Privacy W ...

 Data Breach News

The Australian privacy watchdog on Wednesday filed a lawsuit against Medibank, the country's largest private health insurer, for failing to protect its 9.7 million customers' personal information in a 2022 data breach incident. The Australian Information Commissioner said in a civil penalty proceedings filed   show more ...

in the Federal Court that Medibank "seriously interfered" with the privacy of Australians by failing to take reasonable steps to protect their data from misuse and unauthorized access. These issues are allegedly in breach of the country's Privacy Act 1988, according to the OAIC. The legal actions follow an investigation from the Australian Information Commissioner Angelene Falk into the Medibank cyberattack in which threat actors accessed the personal information of millions of current and former Medibank customers. The personally identifiable data that was stolen in this breach also ended up being published on the dark web. “The release of personal information on the dark web exposed a large number of Australians to the likelihood of serious harm, including potential emotional distress and the material risk of identity theft, extortion and financial crime,” said acting Australian Information Commissioner Elizabeth Tydd. Tydd emphasized that Medibank’s business as a health insurance services provider involves collecting and holding customers’ personal and sensitive health information. “We allege Medibank failed to take reasonable steps to protect personal information it held given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach,” Tydd said. “We consider Medibank’s conduct resulted in a serious interference with the privacy of a very large number of individuals.” Privacy Commissioner Carly Kind put the responsibility of data security and privacy on the organizations that collect, use and store personal information. These orgnizations have a considerable responsibility to ensure that data is held safely and securely, particularly in the case of sensitive data, she said. “This case should serve as a wakeup call to Australian organizations to invest in their digital defenses,” Kind added. Aim and Findings of OAIC's Medibank Data Breach Investigation OAIC commenced the investigation into Medibank’s privacy practices in December 2022 following an October data breach of Medibank and its subsidiary ahm. The investigation focused on whether Medibank's actions constituted a privacy interference or breached Australian Privacy Principle (APP) 11.1. This law enforcement mandates organizations to take reasonable steps in the protection of information from misuse, interference, and unauthorized access. The OAIC's findings suggested that Medibank's measures were insufficient given the circumstances. Under section 13G of the Privacy Act, the Commissioner can apply for a civil penalty order for serious or repeated privacy interferences. For the period from March 2021 to October 2022, the Federal Court can impose a civil penalty of up to AU$2.2 million (approximately US$1.48 million) per violation. A spokesperson for the health insurer did not detail the plan of action against the lawsuit but told The Cyber Express that ”Medibank intends to defend the proceedings.” Set Aside Millions to Fix the Issues Australia's banking regulator last year advised Medibank to set aside AU$250 million (approximately US$167 million) in extra capital to fix the weaknesses identified in its information security after the 2022 data breach incident. The Australian Prudential and Regulation Authority (APRA) said at the time that the capital adjustment would remain in place until an agreed remediation programe was completed by Medibank to the regulator's satisfaction. Medibank told investors and customers that it had sufficient existing capital to meet this adjustment. APRA also said it would conduct a technology review of Medibank that would expedite the remediation process for the health insurer. It did not immediately respond to The Cyber Express' request for an update on this matter. Medibank Hacker Sanctioned and Arrested The United States, Australia and the United Kingdom earlier in the year sanctioned a Russian man the governments believed was behind the 2022 Medibank hack. 33-year-old Aleksandr Gennadievich Ermakov, having aliases AlexanderErmakov, GustaveDore, aiiis_ermak, blade_runner and JimJones, was said to be the face behind the screen. Post the sanctions, Russian police arrested three men including Ermakov, on charges of violating Article 273 of the country's criminal code, which prohibits creating, using or disseminating harmful computer code, said Russian cybersecurity firm F.A.C.C.T. Extradition of Ermakov in the current political environment seems highly unlikely. The legal action against Medibank serves a critical reminder for organizations to prioritize data security and adhere to privacy regulations. The outcome of this lawsuit will likely influence how Australian entities manage and protect personal information in the future, reinforcing the need for stringent cybersecurity practices in an evolving digital landscape. “Organizations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe,” Kind said.

image for Generative AI and Da ...

 Features

By Neelesh Kripalani, Chief Technology Officer, Clover Infotech Generative AI, which includes technologies such as deep learning, natural language processing, and speech recognition for generating text, images, and audio, is transforming various sectors from entertainment to healthcare. However, its rapid advancement   show more ...

has raised significant concerns about data privacy. To navigate this intricate landscape, it is crucial to understand the intersection of AI capabilities, ethical considerations, legal frameworks, and technological safeguards. Data Privacy Challenges Raised by Generative AI Not securing data while collection or processing- Generative AI raises significant data privacy concerns due to its need for vast amounts of diverse data, often including sensitive personal information, collected without explicit consent and difficult to anonymize effectively. Model inversion attacks and data leakage risks can expose private information, while biases in training data can lead to unfair or discriminatory outputs. The risk of generated content - The ability of generative AI to produce highly realistic fake content raises serious concerns about its potential for misuse. Whether creating convincing deepfake videos or generating fabricated text and images, there is a significant risk of this content being used for impersonation, spreading disinformation, or damaging individuals' reputations. Lack of Accountability and transparency - Since GenAI models operate through complex layers of computation, it is difficult to get visibility and clarity into how these systems arrive at their outputs. This complexity makes it difficult to track the specific steps and factors that lead to a particular decision or output. This not only hinders trust and accountability but also complicates the tracing of data usage and makes it tedious to ensure compliance with data privacy regulations. Additionally, unidentified biases in the training data can lead to unfair outputs, and the creation of highly realistic but fake content, like deepfakes, poses risks to content authenticity and verification. Addressing these issues requires improved explainability, traceability, and adherence to regulatory frameworks and ethical guidelines. Lack of fairness and ethical considerations - Generative AI models can perpetuate or even exacerbate existing biases present in their training data. This can lead to unfair treatment or misrepresentation of certain groups, raising ethical issues. Here’s How Enterprises Can Navigate These Challenges Understand and map the data flow - Enterprises must maintain a comprehensive inventory of the data that their GenAI systems process, including data sources, types, and destinations. Also, they should create a detailed data flow map to understand how data moves through their systems. Implement strong data governance - As per the data minimization regulation, enterprises must collect, process, and retain only the minimum amount of personal data necessary to fulfill a specific purpose. In addition to this, they should develop and enforce robust data privacy policies and procedures that comply with relevant regulations. Ensure data anonymization and pseudonymization – Techniques such as anonymization and pseudonymization can be implemented to reduce the chances of data reidentification. Strengthen security measures – Implement other security measures such as encryption for data at rest and in transit, access controls for protecting against unauthorized access, and regular monitoring and auditing to detect and respond to potential privacy breaches. To summarize, organizations must begin by complying with the latest data protection laws and practices, and strive to use data responsibly and ethically. Further, they should regularly train employees on data privacy best practices to effectively manage the challenges posed by Generative AI while leveraging its benefits responsibly and ethically. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for Google Announces Inv ...

 Firewall Daily

Google has announced a new initiative to establish 15 cybersecurity clinics across the US. The move attempts to address escalating cybersecurity threats as well as additional risks and opportunities presented by bleeding-edge technology such as AI. These clinics aim at providing funding, mentorship, and additional   show more ...

resources to higher education institutions, within the area of cybersecurity. The initiative expects that its support of the increase in a skilled and dedicated cybersecurity workforce will help protect critical infrastructure and organizations and help address the cybersecurity skills shortage. Cybersecurity Clinics Aim At Building Resilient Workforce The cybersecurity clinic initiative, launched in collaboration with the Consortium of Cybersecurity Clinics, invites higher education institutions to apply for funding to establish new clinics. Approved clinics will receive $1 million in cybersecurity funding, mentorship, Titan Security Keys (phishing-resistant 2FA keys), and scholarships for Google's Cybersecurity Certification. Mentorship from these clinics attempts to serve as a bridge between academic knowledge and real-world application by allowing students to gain important hands-on experience. The clinics will also help regional organizations protect themselves from potential cyber threats. For example, Indiana University cybersecurity clinic students have been helping the local fire department in devising contingency plans for online communications compromise scenarios. At the Rochester Institute of Technology, students helped their local water authority review and improve their IT security configurations across operating sites. Google's collaboration page mentions the list of institutions through which the new cybersecurity clinics will be set up, marking them as 'New Grantees': Tougaloo College Turtle Mountain Community College University of Hawai’i Maui College Cyber Center of Excellence (CCOE), San Diego State University (SDSU), California State University San Marcos (CSUSM) and National University West Virginia State University Dakota State University University of North Carolina Greensboro University of Arizona Franklin Cummings Tech Spelman College NSI CTC - HUSB Northeastern State University in Oklahoma Trident Technical College Eastern Washington University The University of Texas at El Paso These new clinics add to the ten actively operating cybersecurity clinic grants to various institutes: University of Texas at San Antonio UC Berkeley Rochester Institute of Technology Massachusetts Institute of Technology Stillman College Indiana University University of Nevada, Las Vegas The University of Alabama University of Georgia University of Texas at Austin Clinics Attempt to Focus on Diversity and Inclusivity In the announcement, Google also affirmed its commitment to foster diversity and inclusivity within the cybersecurity industry. In recognition of these values, Google has has extended its cybersecurity funding support to organizations such as the Computing Alliance of Hispanic-Serving Institutions (CAHSI), Stillman College, and the American Indian Science and Engineering Society (AISES). These institutions aid colleges and universities that served large populations of minorities such as black, Hispanic, indigenous or tribal students. "Cyber attacks are a threat to everyone's security, so it's essential that cyber education is accessible," said a Google spokesperson. "With these newest 15 clinics, we're supporting institutions that serve a variety of students and communities: traditional colleges and universities as well as community and technical colleges in both rural and urban communities." [caption id="attachment_75162" align="alignnone" width="588"] Source: stillman.edu[/caption] Google's investment in these clinics represent a strategic move to address the nation's workforce shortage, with at least 450,000 cybersecurity positions remaining open across the country. Google stated that its new cybersecurity clinics would help impart cybersecurity training to hundreds of students, while increasing its own commitment by $5 million, amounting to a total of about $25 million in support across clinics. The tech giant expects that these moves will help enable the operation of 25 cybersecurity clinics nationwide by 2025. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for New Chinese Espionag ...

 Cybersecurity News

Threat actors linked to Chinese state interests have been targeting an unnamed high-profile Southeast Asian government organization since at least March 2022, according to new research from Sophos. The Chinese espionage threat, dubbed “Crimson Palace” by the researchers, was first observed in May 2023 by Sophos   show more ...

MDR’s Mark Parsons, who uncovered “a complex, long-running Chinese state-sponsored cyberespionage operation” during a threat hunt across Sophos Managed Detection and Response telemetry. The threat actors appear to remain active. VMware DLL Sideloading Discovery Launched Investigation MDR launched the hunt after the discovery of a DLL sideloading technique that exploited VMNat.exe, a VMware component, the Sophos researchers wrote in a report published today. The investigation uncovered “at least three clusters of intrusion activity” between March 2023 and December 2023. The threat hunt uncovered previously unreported malware associated with the threat clusters, as well as a new improved variant of the EAGERBEE malware. Sophos is tracking the clusters as Cluster Alpha (STAC1248), Cluster Bravo (STAC1807), and Cluster Charlie (STAC1305). “While our visibility into the targeted network was limited due to the extent to which Sophos endpoint protection had been deployed within the organization, our investigations also found evidence of related earlier intrusion activity dating back to early 2022,” the researchers wrote. “This led us to suspect the threat actors had long-standing access to unmanaged assets within the network.” Chinese Espionage Threat Uses Familiar Tools and Infrastructure The Crimson Palace clusters were found to use tools and infrastructure connected to Chinese threat actors BackdoorDiplomacy, REF5961, Worok, TA428, Unfading Sea Haze and the APT41 subgroup Earth Longzhi. Sophos “has observed the actors attempting to collect documents with file names that indicate they are of intelligence value, including military documents related to strategies in the South China Sea,” the report said. “Though we are currently unable to perform high-confidence attribution or confirm the nature of the relationship between these clusters, our current investigation suggests that the clusters reflect the work of separate actors tasked by a central authority with parallel objectives in pursuit of Chinese state interests,” the researchers wrote. Cluster Bravo appears to have been short lived, observed operating only in March 2023. Cluster Alpha’s last active known implant ceased C2 communications in August 2023, “and we have not seen the cluster of activity re-emerge in the victim network. However, the same cannot be said for Cluster Charlie.” Cluster Charlie has been active at least through April 2024. “After a few weeks of dormancy, we observed the actors in Cluster Charlie re-penetrate the network via a web shell and resume their activity at a higher tempo and in a more evasive manner,” the researchers said. Activities included exfiltration efforts, and “instead of leaving their implants on disks for long periods of time, the actors used different instances of their web shell to re-penetrate the network for their sessions and began to modulate different C2 channels and methods of deploying implants on target systems.” While the clusters had their own patterns of behavior, “the timing of operations and overlaps in compromised infrastructure and objectives suggest at least some level of awareness and/or coordination between the clusters in the environment,” they wrote. The researchers detailed differences and overlaps between the clusters in a Venn diagram republished below. [caption id="attachment_75161" align="aligncenter" width="300"] Tactics and overlap of the Crimson Palace threat clusters (source: Sophos)[/caption] Chinese Espionage Threat Uses Novel Malware, DLL, Evasion Tactics of the Chinese espionage threat actors include accessing critical IT systems, performing reconnaissance of specific users, collecting sensitive military and technical information, and deploying various malware implants for command-and control (C2) communications. Sophos researchers noted three key findings on the threat actors’ tools and tactics. Novel malware variants: Researchers identified the use of previously unreported malware they call CCoreDoor that was concurrently discovered by BitDefender, and PocoProxy, and an updated variant of EAGERBEE malware with the ability to “blackhole communications to antivirus (AV) vendor domains in the targeted organization’s network.” Other malware variants they noted include NUPAKAGE, Merlin C2 Agent, Cobalt Strike, PhantomNet backdoor, RUDEBIRD malware, and the PowHeartBeat backdoor. Extensive dynamic link library (DLL): Researchers observed more than 15 distinct DLL sideloading scenarios, most of which abused Windows Services, legitimate Microsoft binaries, and AV vendor software. Prioritization of evasive tactics and tools: The researchers noted “many novel evasion techniques, such as overwriting dll in memory to unhook the Sophos AV agent process from the kernel, abusing AV software for sideloading, and using various techniques to test the most efficient and evasive methods of executing their payloads.” Sophos cited 10 researchers for their work investigating the threat: Colin Cowie, Jordon Olness, Hunter Neal, Andrew Jaeger, Pavle Culum, Kostas Tsialemis, and Daniel Souter of Sophos Managed Detection and Response, and Gabor Szappanos, Andrew Ludgate, and Steeve Gaudreault of SophosLabs.

image for Romanian Charged for ...

 Cybersecurity News

A Romanian citizen has been charged with identity theft and bank fraud, which he conducted using card skimming at several large retail stores in Puerto Rico, the U.S. Attorney's Office said Tuesday. The accused, Vlad Terebes, was extradited on May 31 from the United Kingdom to Puerto Rico to face multiple charges   show more ...

related to identity theft and bank fraud. A federal grand jury indicted Terebes on September 21, 2023, with a 12-count indictment including conspiracy to commit identity theft, aggravated identity theft, conspiracy to commit access device trafficking in counterfeit access devices, trafficking in device-making equipment, and bank fraud. [caption id="attachment_75138" align="aligncenter" width="296"] Vlad Terebes (source: PR Informa)[/caption] Data of More Than 1,200 Customers Stolen According to court documents, Terebes and his co-conspirators installed illicit card skimming equipment at various large retail stores in Manatí, Canóvanas, Caguas, and Carolina, Puerto Rico. The skimming equipment was used to steal credit and debit card information from unsuspecting customers. In a five-day period beginning March 8, 2022, Terebes and his co-conspirators collected the card numbers, names, and personally identifying information of approximately 1,215 customers, the Justice Department said. The scammers attempted to withdraw around $20,421 from these customers' bank accounts, but whether they were successful remains unclear. A local news agency in Puerto Rico, at the time, said the alleged group of hackers also installed card skimmers at Walmart stores and later fled the island. [caption id="attachment_75112" align="aligncenter" width="320"] One of the Card Skimmers allegedly installed by Vlad Terebes and his co-conspirators (source: PR Informa)[/caption] One of them, identified as Terebes by the U.S. Secret Service, took a flight to Ft. Lauderdale, a preliminary investigation revealed. [caption id="attachment_75115" align="aligncenter" width="320"] Vlad Terebes and his co-conspirators in Puerto Rico (source: PR Informa)[/caption] Terebes and his co-conspirators are allegedly all from Europe and ran a racket of stealing credit and debit card data to sell it on the underground market or the dark web. Terebes was arrested on February 2, 2024, in the UK at the request of U.S. law enforcement. Terebes was presented in federal court on June 3 before U.S. Magistrate Judge Marcos López of the District of Puerto Rico. López ordered detention of Terebes. If convicted, Terebes faces a maximum penalty of 30 years in prison, plus a mandatory consecutive sentence of at least two years for each aggravated identity theft charge. The final sentence will be determined by a federal district court judge, who will consider the U.S. Sentencing Guidelines and other statutory factors. "Financial fraud is one of the largest challenges facing American citizens and businesses today. Prevention and prosecution of crimes of this nature will remain a top priority for the U.S. Attorney’s Office, and we will not be deterred by individuals who attempt to flee from prosecution. In coordination with the Justice Department’s Office of International Affairs, we remain committed to the arrest and extradition of those who commit crimes in Puerto Rico," said W. Stephen Muldrow, United States Attorney for the District of Puerto Rico. The Card Skimming Menace Skimming involves installation of illegal hardware devices at ATMs, point-of-sale (POS) terminals, or fuel pumps. This hardware equipment captures data or records cardholders’ PINs based on its functionality. Criminals further use this data to create fake debit or credit cards and steal victims’ funds. [caption id="attachment_75111" align="aligncenter" width="612"] Source: FBI[/caption] The FBI estimates that card skimming costs financial institutions and consumers more than $1 billion each year. 2023 saw a significant increase in compromised cards resulting from skimming activity, according to a report from business analytics company FICO. Total number of compromised debit cards were up 96% from 2022, with more than 315,000 impacted cards identified. [caption id="attachment_75123" align="aligncenter" width="990"] Source: FICO[/caption] Although the card skimming activities have seen a sharp rise, law enforcement has also stepped up its game cracking down these criminals. In February, the U.S. arrested five individuals for engaging in ATM skimming schemes involving theft of account information and PIN numbers. “The five defendants allegedly illegally obtained financial information using hidden devices implanted in ATMs to create counterfeit debit cards and steal thousands of dollars from over 600 unsuspecting victims,“ said FBI Assistant Director-in-Charge Smith. “The defendants' concerted efforts to conceal this fraudulent activity allowed the scam to plague the community for almost a year, highlighting the pervasive nature of criminal financial schemes.“

image for Nationwide Call Disr ...

 Cybersecurity News

Telecommunications company AT&T, announced late Tuesday that the issue preventing calls to other wireless carriers had been resolved. However, they have yet to disclose the cause behind the outage. Responding to the outage, AT&T stated that the problem which was impacting calls to other wireless carriers had   show more ...

been rectified. "The issue disrupting calls between carriers has been resolved. We collaborated with the other carrier to find a solution and appreciate our customers patience during this period.," AT&T said in a statement. Earlier in the day, following complaints of users being unable to complete calls to other networks, major U.S wireless carries -- AT&T, Verizon, and T-Mobile -- began investigating the matter, which, many speculated, could be linked to a cyberattack. The incident also prompted a response from the Federal Communications Commission (FCC), triggering an investigation into the matter. "We’re aware of reports that consumers in multiple states are unable to make wireless calls and we are currently investigating," tweeted the official FCC account while addressing the multiple complaints received by them. Nationwide Call Disruptions: What Happened? According to reports, several users of AT&T, Verizon, and T-Mobile were struggling to make phone calls across different carriers. In response to the complaints, AT&T stated that the disturbance was a "part of a broader, nationwide issue". “There is a nationwide issue that is affecting the ability of customers to complete calls between carriers. We are working closely with Verizon to determine the nature of the issue and what actions need to be taken, " AT&T said, The Global News reported. Meanwhile, Verizon confirmed that while their network was functioning as normal, some users in the U.S. Northeast and Midwest were facing issues when attempting to call or text customers on other networks. In a statement, Verizon stated that they were aware of the issue and are monitoring the situation. T-Mobile also addressed the situation, stating that they were not directly experiencing an outage but, there was noticeable activity related to outages with other providers as seen on Downdetector.com. This could suggest that T-Mobile customers might be encountering issues when connecting with users from different networks. [caption id="attachment_74858" align="alignnone" width="951"] (Source: Downdetector.com)[/caption] The real-time outage tracker Downdetector.com logged over 2,300 reports by late Tuesday afternoon, highlighting significant disruption in major urban areas including Brooklyn, Chicago, and Philadelphia. AT&T Issue Resolved, But What Caused the Outage? [caption id="attachment_74857" align="alignnone" width="750"] (Source: X/@ATTNEWS)[/caption] While the issue has been resolved, the reason behind the outage has not been disclosed. This gives space to speculation as to the reason behind the said outage, which evidently impacted users nationwide. This could be a technical issue, there has been a recent increase in cyberattacks in the telecommunications sector, with many companies being prime targets of the hacker community. Earlier this year, there was another disruption that stirred concerns. Back in February, the FCC and New York Attorney General Letitia James began investigating an AT&T outage that impacted over 70,000 customers and persisted for over 10 hours. There were initial worries that this might have been the result of a cyberattack. However, AT&T clarified that the issue was due to a software update, thereby dismissing the cyberattack concerns. However, in March, AT&T experienced a data breach, with personal information belonging to 73 million current or former customers leaked online. The U.S. telecom giant stated that the data, including addresses, social security numbers, and passcodes, was found on the dark web. Although AT&T had not found evidence that the data was stolen, it engaged cybersecurity experts to conduct an investigation. In response to the incident, the company has reset customer passcodes and urged individuals to remain alert by monitoring their account activities and credit reports. The compromised data, dating back to 2019 or earlier, impacted 7.6 million current customers and 65.4 million former account holders. It encompassed details like full names, email addresses, and dates of birth. However, AT&T confirmed that no financial information was disclosed in the said leak.

image for ARRL Cyberattack Upd ...

 Cybersecurity News

The American Radio Relay League (ARRL), the national body for amateur radio in the United States, has provided additional information concerning the May 2024 cyber incident. The ARRL cyberattack pulled its Logbook of the World (LoTW) down, leaving many members upset with the organization's perceived lack of   show more ...

information. According to the latest update from ARRL, on or around May 12, 2024, the company experienced a network attack by a malicious international cyber group. Upon discovering the ARRL cyberattack, the organization immediately involved the FBI and joined third-party experts to assist with the investigation and remediation efforts. The FBI categorized the ARRL cyberattack as "unique," due to its nature, compromising network devices, servers, cloud-based systems, and PCs. ARRL's management quickly set up an incident response team to contain the damage, restore servers, and test applications to ensure proper operation. In a statement, ARRL emphasized its commitment to resolving the issue: "Thank you for your patience and understanding as our staff continue to work through this with an outstanding team of experts to restore full functionality to our systems and services. We will continue to update members as advised and to the extent we are able." ARRL Cyberattack: Lack of Information Despite ARRL's efforts, many members felt that the company was not forthcoming enough with information. A Facebook user posted a lengthy note criticizing ARRL's communication strategy. The Facebook user post read, "We still don’t know what they haven’t told us and maybe it is important, maybe not. The point is very clear that the communication to the membership about the incident is very unprofessional and limited in its scope. Nobody needed critical details, they needed to be treated like they are members of an organization, not subjects to the king." [caption id="attachment_74996" align="aligncenter" width="1015"] Source: Facebook[/caption] The Facebook user pointed out several gaps in ARRL cyberattack updates, such as the absence of information about the phone systems being down and the lack of a communication path for interim assistance. Timeline of ARRL Cyberattack Updates and Service Restoration May 17, 2024: ARRL assured members that their personal information, such as credit card numbers and social security numbers, was not stored on their systems. The organization only holds publicly available information like names, addresses, and call signs. However, there was still no mention of the phone systems being down or alternative communication paths for assistance. May 22, 2024: ARRL provided an update stating that the LoTW data was secure and not affected by the server issue. They also mentioned the upcoming July issue of QST magazine, which would be delayed for print subscribers but on time digitally. Yet again, there was no mention of the phone systems or email service disruptions. May 29, 2024: The ARRL Volunteer Examiner Coordinator resumed processing Amateur Radio License applications with the FCC. Voice bulletins at W1AW, the Hiram Percy Maxim Memorial Station, also resumed. ARRL's store orders resumed shipping, and the e-newsletter services were back online. Finally, the organization acknowledged the phone system outage. May 31, 2024: ARRL announced that their phone system was back in service, and provided contact information for members. They also shared details about upcoming contests and magazine issues, including limited functionality of the Contest Portal. Members were reminded that they could renew their memberships online or by phone. Ongoing Communication Issues Despite these updates on ARRL cyberattack, members continued to express dissatisfaction with ARRL's handling of the situation. The Facebook post that critiqued ARRL's communication was particularly poignant, summarizing the frustration felt by many. While ARRL has taken significant steps to address the data breach and reassure its members, there is a clear need for more consistent and detailed communication moving forward.

image for TikTok Zero-Click vu ...

 Threats

Do you use TikTok? Do your kids? You can put your hands down, I know that the question was more rhetorical than anything. If youve any interest in the network, youve probably seen the news sweeping the interwebs over the past week – news thats come to a head in the last 24-48 hours as of this writing. The popular   show more ...

social network TikTok has acknowledged a security issue thats allowed attackers to take control of its accounts. How was TikTok hacked? The issue stems from a zero-click exploit thats been used by illicit groups whove been taking over high-profile accounts (and possibly smaller accounts) via the platforms direct message function. To date, accounts that have been targeted or compromised include those of CNN, Paris Hilton and Sony. What makes this case all the more tricky is that users dont need to click a malicious link, but rather just open the direct message in TikTok for the malware to trigger. According to a statement to the media, TikToks spokesperson noted that they were taking this vulnerability seriously and have worked to halt the attack. We have taken measures to stop this attack and prevent it from happening in the future. Were working directly with affected account owners to restore access, if needed. This is an evolving story, and we will update this post as more information comes to light and can add additional context. What can you do? As mentioned in our post dedicated to them, zero-click exploits are very difficult to stop and decipher. With that said, there are some things you can do to try to reduce some of the risk – especially on social profiles. Use strong and unique passwords. As with any site, the weakest link is often the entry point to the platform – the password. This should be unique and not one that you re-use on multiple platforms. If you struggle to come up with a unique password, consider using a password manager to generate a unique and strong password. Use two-factor authentication. Most platforms allow for some form of two-factor authentication to secure users. While many people default to using SMS or email as the source of the second verification, Id recommend using an authenticator application. If you dont know, dont click. OK, time to put on the Momma Jeff hat for a minute. You shouldnt talk to strangers. Just like the creepy white van with free candy stenciled on the side that your parents warned you about, there are creepy people sliding into your direct messages. If you dont know the person messaging you, theres no reason for you to assume that you should click on any link sent from these accounts and expect anything but a scam. Similarly, if you dont know the person, why even bother opening the message? As you can see with this TikTok vulnerability, curiosity can still kill the cat – even in this digital age we live in. While it may be a goal to chase the influencer wagon and make fast cash, if something sounds too good to be true, it probably is. Educate your kids. If you have kids, or are an uncle/aunt/grandma/pawpaw, please consider talking to them about basic safety on social networks. As the adults in the room, we have to be the folks who teach the next generation about security. This post is short, but I hope it serves as a good example of how a tiny mistake (a quick peek) can see someone lose control over their accounts. Read our detailed guide to setting up security and privacy on TikTok. Also, use our free Privacy Checker service to configure both the privacy and security of other social networks, online services and applications.

image for How to set up privat ...

 Tips

Ask anyone how to protect your privacy online, and theyll probably mention private browsing. Every major browser has it, although the names differ: its Incognito in Chrome, InPrivate in Edge, Private Window/Tab in Firefox, and Private Browsing in Safari. All these names evoke a sense of security — even invisibility:   show more ...

like you could browse the web safely and in full anonymity. Alas, this mode is far from being incognito in reality, although it is still helpful if you understand how it works and supplement it with anti-surveillance security. How incognito mode works In private mode, your browser doesnt save your browsing history, remember information you enter in web forms, or store the graphics and code of the websites you visit in its cache. The tiny text files called cookies in which websites save your settings and preferences are only stored for as long as the private window stays open, and are deleted when you close it. This way, no traces of your browsing activity are left on your computer. However, your actions are still visible from the outside. The websites you visit, your browser itself, browser extensions, your ISP, the office or school system administrator, and various advertising and analytics systems — such as those owned by Google — can all still track you. Some browsers, such as Firefox, include additional privacy measures in private mode. These may include disabling browser extensions and blocking known analytics sites that track users and third-party cookies that werent set by the website youre opening. However, even this doesnt guarantee complete invisibility. Five billions worth of incognito data To get an idea of how much information can be collected about incognito users, look no further than the Brown v. Google lawsuit, which ended in the internet giants defeat. The company was ordered to destroy billions of data records pertaining to the activities of users who were browsing in incognito mode, and collected up until the end of 2023. Data that wont be deleted immediately must be further de-identified, for example by removing part of each users IP address from the records. The court estimated the monetary value of the data to be deleted plus the data that will no longer be collected at a staggering $5 billion. However, affected plaintiffs will have to seek monetary compensation individually, so Google isnt likely to lose much money. More significantly for all users though, Google was ordered to start blocking third-party cookies in Incognito mode and generally provide a clearer description of how Incognito works. While Googles methods for collecting information in Incognito mode werent fully disclosed to the public during the legal proceedings, some of the techniques were mentioned publicly: gathering data through Google Analytics, recording IP addresses, and collecting HTTP header data. None of the above is news or a secret: any website on the internet can collect and use the same data, and this data gets sent out in private mode just fine. How websites track incognito visitors By login. If you enter your email, phone number or username, and password on a website, your browser configuration no longer matters: youve announced your identity to the website. Cookies. Although the website cant read regular cookies from your browser as long as its running in private mode, it can still set new ones. If you use a private browsing window day in, day out, without closing it, therell be plenty of information gathered about your movements around the web. The IP address. Private browsing doesnt hide your IP address in any way. Digital fingerprinting. By combining information transmitted from your browser in HTTP headers with data that the webpage can collect with JavaScript (such as screen resolution, battery level for mobile devices, and the list of installed fonts), the website can generate a digital fingerprint for the specific browser on the specific device and use that later to identify you. Private browsing mode has no effect on this. All of the above. Advanced analytics and tracking systems try to use a number of techniques to track you. Even if old cookies are unavailable due to private browsing, you can be remembered with an auxiliary method, such as digital fingerprinting. This means that even if you visit an online store in a private browsing mode without logging in, you might still see products you were interested in during previous sessions in your search history. What you should and shouldnt do in private browsing mode 😠Search for a birthday present for a family member. Private mode will come in handy, as the keywords that could spoil the surprise wont come up in the browsing and search history. It also will reduce the likelihood of the context ads that permeate todays web, giving away your plan with banners about the subject. However, private mode will be of no help if you sign in to your account at the online store or marketplace and make a purchase, as the website will remember both you and the purchase. The search history and recently viewed items also may display on other devices where youre logged in to the same account, so theres still a chance of that surprise getting ruined. To sum it up, logging in to any account is a bad idea when browsing in private mode. 🤔 Look for a new job or secretly check medical symptoms. The computer will retain no traces of the activity, but your ISP will, and so will your office networks system administrator. This isnt something you should do at work for example, as you cant rely on private browsing to help. 😡 Download illegal content. Dont. And if you do download something like that in private mode, your ISP will still have recorded this activity under your account. 😎 Sign in to your account on someone elses or a public computer. In this case, private browsing is the least you can do to protect yourself. It prevents you from leaving any undesired traces like an account name, web form data, a saved password, or locally stored cookies or personal files — unless you save something manually. Thats a start, but it doesnt guarantee complete security: public computers are often infected with malware that can steal any data from the browser, with private browsing or not. So if you have to use someone elses computer, its best to make sure it has reliable malware protection. If youre not sure, we recommend changing your password for each account that you signed in to on that computer and enabling two-factor authentication after you log off and get back to your usual device. 🧠Sign in to two accounts with the same site. Most browsers make this possible: you can sign in to one of the accounts in regular mode, and to the other — in private mode. This is about convenience rather than privacy, so private mode doesnt really have any drawbacks when used this way. Whats better than private browsing? Private browsing mode is helpful, and theres no reason to shun it entirely. For maximum privacy though, it should be combined with other measures: An encrypted data channel (VPN) keeps your ISP and (work) system administrator from tracking your online wanderings, and allows you to change your IP address when visiting websites. Tracking and ad blockers reduce the likelihood of your being identified by your digital fingerprint. Every browser supports anti-surveillance extensions, available from the official browser extension marketplace. For maximum security, turn on Private browsing in Kaspersky Standard, Kaspersky Plus, or Kaspersky Premium. For added secrecy, you can set up a separate browser with the most rigorous tracking protection settings, which our guide can help you select.

image for Spotlight Podcast: O ...

 APT

Chris Walcutt, the CSO at DirectDefense talks about the rapidly changing threat landscape that critical infrastructure owners and operators inhabit, and how savvy firms are managing OT cyber risks. The post Spotlight Podcast: OT Is Under Attack. Now What? appeared first on The Security Ledger with Paul F. Roberts.   show more ...

Click the icon below to listen. Related StoriesSpotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT RiskCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramEpisode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement

 Feed

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations. Impacted models include NAS326

 Feed

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to

 Feed

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests," Sophos researchers Paul Jaramillo, Morgan Demboski, Sean

 Feed

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of

 Feed

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain. It's operational across multiple platforms,

2024-06
Aggregator history
Wednesday, June 05
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust