Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How Cybercriminals U ...

 Cyber Essentials

Social media is no longer just an image sharing or content sharing medium. There is a darker underbelly to it. Its where the opportune cybercriminals reside. Reports suggest that more than half the companies lose over 30% of their total revenue annually due to fraudulent activities. Social media (37%) is among the   show more ...

means commonly used by fraudsters to dupe organizations, according to the Creditsafe report. Ginni Rometty, the former CEO of IBM, has said cybercrime is the greatest threat to every company in the world. Even tech giants like Yahoo, Target, Uber, Facebook, and Google have not been immune to this. When it comes to social media attacks, small businesses are particularly susceptible. In this article, we’ll take a look at how businesses get scammed on social media platforms and how to prevent it. 5 Ways How Cybercriminals Attack Businesses on Social Media 1. Phishing Scams Phishing scams are some of the most common methods cybercriminals implement on social media. They create fake profiles that impersonate company employees or business partners and send fraudulent links to employees or customers in an attempt to steal sensitive information like bank account details, Social Security numbers, passwords, and more. In some cases, con artists also send links to fraudulent websites to install malware on users’ devices. Some people think that clicking on links is harmless, when in reality it’s one of the easiest ways to steal money and data. 2. Social Engineering Social engineering is the technique through which scammers manipulate people into revealing personal information or performing certain actions such as downloading suspicious software, clicking on malicious links, or sending money to criminals. They impersonate executives or high-ranking employees to trick lower-level staff or customers into performing actions they otherwise wouldn’t, such as wire transfers or sharing sensitive information. 3. Credential Stuffing Credential stuffing is a cyber attack in which stolen credentials are used to log in to another account. Cybercriminals obtain login account credentials from a data breach and use them to perform actions like sending spam, stealing data, or spreading malware. Since all this is sent through an official social media account, some users don’t hesitate to open it, which results in them losing their money or personal information. 4. Negative Campaigns When the target of con artists is the company itself, and not its customers, they might launch campaigns to damage a company’s reputation by posting false information, reviews, or complaints. This leads to a loss of customer trust and may affect the business’s public image. In addition, such actions can result in financial losses due to decreased customer loyalty, reduced sales, and potential legal expenses if the company chooses to pursue legal action against the perpetrators. In some cases, if negative campaigns are too sophisticated, the negative publicity can have long-lasting effects, which might make it difficult for a company to recover its reputation even with effective methods. 5. Targeted Advertising Cybercriminals exploit social media advertising platforms to run fraudulent ads that can mislead users or redirect them to malicious sites. This is an effective tactic to mislead a business’s customers and jeopardize its reputation. Such deceptive advertisements result in companies suffering financial losses and driving potential customers to competitors. If left unaddressed, the consequences can be more and more severe. That’s why it’s important to take measures as soon as possible. How Businesses Can Prevent Social Media Attacks The more prompt the response to social media attacks, the more effective the recovery. Here are some protective measures organizations need to implement if they don’t want to fall victim to scammers or even if they already have: Use Strong Passwords for All Social Media Accounts: It may sound like a cliché, but this step can’t be ignored. Ensure your business’s social media accounts are protected with strong and unique passwords to avoid hacking or, if an incident has already occurred, to protect your company’s reputation from further damage. Respond Quickly to Incidents: Develop a plan for responding to social media attacks that will help you recover as fast as possible. When the attack takes place, don’t wait until it brings serious damage. Act promptly in order to protect your business and its customers. Educate and Train Your Employees: Provide training sessions on recognizing and responding to phishing attempts, social engineering tactics, and other cyber threats. Educate employees about the importance of safeguarding social media accounts and the potential risks associated with social media interactions. All employees, especially those in charge of company data, must be equipped with the necessary knowledge to prevent damage. Manage Access and Permissions: The fewer employees have access to the company’s social media accounts, the better. Use role-based access controls to ensure that employees have the appropriate level of access based on their job functions. In some cases, it would be wise to allow access only to staff who are responsible for managing social media accounts. Regularly Update Your Systems: Keep all systems, including social media management tools and third-party applications, up to date with the latest security patches and updates. One of the reasons for this is that most apps and tools add new features or improve the existing ones in order to address weaknesses. By not updating, your system could be exposed to exploitation through these weaknesses. Let’s Sum Up Cybercriminals are constantly improving their methods that help them attack businesses on social media. From phishing attacks to social engineering and targeted advertising, there are many ways they use to steal money and personal information or damage the reputation of a brand. There are, however, techniques that can help you avoid your business fall from grace and lose customers.

image for Financial Services G ...

 Firewall Daily

MoneyGram International has announced that it is actively working to restore its systems following a detected cybersecurity incident that has disrupted its operations. The financial services company confirmed the MoneyGram cyberattack and stated that it is collaborating closely with external cybersecurity experts and   show more ...

law enforcement to minimize the impact. In a statement on social media platform X (formerly known as Twitter), MoneyGram assured customers that progress is being made in bringing key transactional systems back online. “Our dedicated team is actively working around the clock on resuming normal business operations,” the company stated. “Once all systems are fully operational, transactions currently pending will be available to customers. We apologize for any inconvenience and will continue to share relevant updates as available.” Massive MoneyGram Cyberattack The MoneyGram cyberattack followed a series of social media posts from MoneyGram. Just three days prior, on September 21, the company acknowledged a network outage that was affecting connectivity across several of its systems. “We recognize the importance and urgency of this matter to our customers,” MoneyGram stated, highlighting their commitment to understanding the nature and scope of the ongoing issue. [caption id="attachment_90495" align="alignnone" width="737"] MoneyGram cybersecurity incident announcement (Source: X)[/caption] By September 23, MoneyGram had identified the incident as a cybersecurity breach affecting various systems. The company noted, “Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline which impacted network connectivity.” This rapid response in case of MoneyGram cyberattack highlights the company’s awareness of the critical nature of the situation, especially considering the risks associated with the recent MoneyGram cyberattack. The Threat of Cyberattacks on the Financial Sector Cybersecurity incidents are not uncommon in the financial sector. For instance, previous attacks have caused significant disruptions, as seen with the ransomware attack on C-Edge Technologies, which resulted in the shutdown of payment services for over 300 small banks in India. Such incidents highlight the vulnerabilities faced by financial institutions, which are often prime targets for cybercriminals due to the sensitive data and large sums of money they handle. According to research from the International Monetary Fund (IMF), the frequency of cyberattacks has more than doubled since the onset of the pandemic. While historical direct losses from these incidents have often been modest, the overall financial toll can be severe. Notably, Equifax, a U.S. credit reporting agency, paid over $1 billion in penalties following a massive data breach in 2017 that affected approximately 150 million individuals. The potential risks associated with cyber incidents are growing. The IMF reports that extreme losses from cyberattacks have quadrupled since 2017, reaching approximately $2.5 billion. Indirect costs, such as reputational damage and the need for enhanced security measures, can far exceed the direct financial losses, emphasizing the high stakes involved in managing cybersecurity effectively. The financial sector is particularly vulnerable to cyber risks, with attacks on financial institutions accounting for nearly 20% of all incidents. This category includes banks, which are often the most targeted due to the sensitive nature of their operations. A successful cyberattack could erode public confidence in the financial system, disrupt essential services, and lead to significant spillover effects affecting other institutions. A severe incident, for example, could trigger market sell-offs or even runs on banks. Although no major "cyber runs" have been reported so far, there have been modest deposit outflows at smaller U.S. banks following cyberattacks, indicating a growing unease among customers. Given the escalating cyber risks posed by ongoing digitalization and geopolitical tensions, financial firms must enhance their cybersecurity policies and governance frameworks. However, many organizations, particularly in emerging markets, lack robust cybersecurity strategies. An IMF survey revealed that only half of the countries surveyed had established national, financial sector-focused cybersecurity frameworks or regulations.

image for New Vulnerability in ...

 Firewall Daily

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University issued a warning about a security flaw in the Microchip Advanced Software Framework (ASF). This Microchip vulnerability, tracked as CVE-2024-7490, is a stack-based overflow issue linked to the tinydhcp server implementation within ASF. As a result,   show more ...

this vulnerability in Microchip software could allow attackers to execute remote code, raising alarms for developers and users of Microchip’s technology. Understanding the Microchip Vulnerability The Microchip vulnerability stems from inadequate input validation in the DHCP implementation of the ASF. When a specially crafted DHCP request is sent, it can lead to conditions ripe for a stack-based overflow, opening the door for potential remote code execution. The CERT/CC described the issue as particularly concerning because it resides in IoT-centric code, which is prevalent in numerous devices and applications globally. [caption id="attachment_90516" align="alignnone" width="530"] Microchip Vulnerability details (Source: CERT/CC)[/caption] “This vulnerability can be tested by sending a single DHCP Request packet to a multicast address,” the CERT/CC elaborated. This simplicity in exploitation makes the situation more alarming, as it suggests that attackers could leverage this flaw with relative ease. The affected versions of ASF, specifically 3.52.0.2574, and all earlier iterations, are at risk. Furthermore, developers utilizing forks of the tinydhcp server hosted on platforms like GitHub may also find their projects susceptible to this Microchip vulnerability. Background on Microchip ASF The Microchip Advanced Software Framework is a free and open-source code library designed for microcontrollers. It serves various stages in the product life cycle, including evaluation, prototyping, design, and production. However, the software is no longer actively supported by Microchip, which complicates matters for users who may be relying on outdated versions that contain this Microchip vulnerability. Andrue Coombes from Amazon Element55 discovered the flaw, leading to the CERT/CC's advisory. The center noted that the vulnerability’s prevalence in IoT applications means it could appear in multiple instances across the internet, potentially affecting countless devices that utilize Microchip technology. Implications of the Vulnerability The security risk posed by CVE-2024-7490 is considerable. With the capability for remote code execution, attackers could manipulate systems, deploy malware, or cause other significant damage. This is particularly critical given the rise of IoT devices, many of which could be operating on vulnerable ASF versions. Microchip's recent history adds another layer of concern; the company experienced a ransomware attack that compromised significant data assets. This incident highlights the pressing need for better cybersecurity measures, particularly for firms using outdated or unsupported software like the Microchip Advanced Software Framework. Users of the Microchip ASF are strongly encouraged to take action. CERT/CC has indicated that the most prudent course of action is to migrate to a currently supported software solution.  “The vendor has urged customers to migrate to a current software solution that is under active maintenance,” they stated. Unfortunately, there is no immediate fix available for the identified vulnerability in Microchip's technology, other than replacing the tinydhcp service with an alternative that does not share the same flaw.

image for MC2 Data Leak Expose ...

 Cyber News

An exposed database at background check company MC2 Data apparently leaked the data of more than 100 million Americans. MC2, which runs websites like PrivateRecords.net, PrivateReports, PeopleSearcher. ThePeopleSearchers and PeopleSearchUSA, apparently left a database with 2.2TB of data unprotected and easily   show more ...

accessible on the internet, exposing more than 100 million records containing private information about U.S. citizens. The new follows a breach earlier this year at background check service National Public Data that apparently leaked the data of nearly 3 billion people. MC2 Data Leak Exposes a Massive Amount of PII Cybernews researchers reported that the apparently misconfigured database exposed 106,316,633 records “containing private information about US citizens, raising serious concerns about privacy and safety. Estimates suggest that at least 100 million individuals were affected by this massive data leak.” MC2 Data customers were also hit by the data leak, as the data of 2,319,873 subscribers to MC2 Data services was also leaked. Background check services are used by employers, landlords and others to verify people’s background and gauge risk, and as such, they contain very sensitive data that shouldn’t be exposed or stolen. Services that leak such data also expose themselves to data protection and privacy regulatory consequences, civil lawsuits, and reputational and business damage. Indeed, the data exposed by MC2 contained a lot of sensitive and personally identifiable information (PII), including: Names Emails IP addresses User agents Encrypted passwords Partial payment information Home addresses Dates of birth Phone numbers Property records Legal records Property records Family, relatives, neighbors data Employment history [caption id="attachment_90550" align="aligncenter" width="600"] MC2 data leak example (Cybernews)[/caption] Cybernews security researcher Aras Nazarovas said that “Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims. While background-check services keep trying to prevent such cases, they haven't been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively.” MC2 Database Discovered in August It’s not clear from the Cybernews report if the data wound up in the hands of cybercriminals, and Cybernews had not responded to questions as of publication time. The database was discovered on Aug. 7, per the report: “On August 7th, the Cybernews research team uncovered that the company left a database with 2.2TB of people’s data passwordless and easily accessible to anyone on the internet.” The report says the researchers reached out to MC2 but never heard back, yet the database was eventually secured, raising the possibility that the data may not have wound up in the hands of cybercriminals: “Cybernews reached out to MC2 Data multiple times but received no response. At the time of publishing, access to the database had been secured.” The massive data leak shows the importance of vulnerability services like Cyble’s ODIN scanner, which presently shows 337,000 exposed AWS buckets and 171,000 exposed Google Cloud buckets.

image for Sweden Links Iran to ...

 Firewall Daily

Sweden has officially accused Iran of orchestrating a cyberattack aimed at sowing discord within the country. The Swedish Security Service (Sapo) revealed that Iranian intelligence hacked into a local text messaging service, sending out 15,000 messages that called for "revenge against Quran-burners." These   show more ...

cyberattacks on Sweden are linked to a series of burning incidents of Islamic religious text that provoked outrage in many Muslim-majority nations and led to serious security concerns for Sweden. The cyberattacks on Sweden occurred during the summer of 2023, with investigators detailing that a group named Anzu, acting on behalf of Iran's Revolutionary Guards (IRGC), was responsible for the breach. The hackers reportedly gained access to sensitive information, including passwords and usernames, before dispatching threatening messages to individuals. The first of these messages was sent on August 1, 2023, stating that "those who insulted the Quran must be punished for their work”, reported BBC. Islamic Text Burnings and Cyberattacks on Sweden Fredrik Hallstrom of Sapo emphasized the link between the perpetrators and the Revolutionary Guards, noting that the attack not only targeted individuals but also aimed to amplify the existing threats against Sweden. The security service is increasingly concerned that foreign actors like Iran are exploiting such incidents to create divisions and instability within the nation. The cyberattack on a Sweden company highlights the serious implications of state-sponsored cyber activities. Following the burnings of Islamic texts, which prompted legal actions and police interventions, Sweden’s government condemned the acts but faced backlash from various communities. Police attempts to ban the burnings were overturned by the courts, citing freedom of expression rights. Iran's embassy in Stockholm dismissed the accusations as "baseless," arguing that they could harm bilateral relations. However, Swedish authorities maintain that the evidence collected during the investigation paints a different picture. Prosecutor Mats Ljungqvist confirmed that investigators were able to identify the Iranian hackers but faced limitations in prosecuting them, given the complexities of international law regarding extradition. Multiple Allegations by the Sweden Government The Sweden cyberattack is part of a broader pattern of accusations against Iran by Swedish authorities. Last May, Sapo warned that Tehran had been utilizing criminal networks within Sweden to carry out hostile acts against individuals and groups deemed threats by the Iranian government. Alongside Russia and China, Iran has been identified as one of the principal security threats facing Sweden today. Justice Minister Gunnar Strommer expressed deep concern regarding the implications of state-sponsored cyberattacks, stating that it is particularly serious when a foreign state aims to "destabilise Sweden or increase polarisation in our country." This sentiment reflects a growing unease in Sweden about the potential for foreign influences to disrupt the social fabric of the nation. The unrest caused by the burnings of Islamic texts has had a tangible impact on Sweden’s diplomatic relations. Protests erupted in several countries, with Sweden’s embassy in Iraq set ablaze in response to the incidents. In the wake of this turmoil, Swedish prosecutors recently charged an Iraqi activist and an accomplice with incitement against an ethnic group about the burnings, highlighting the legal ramifications of the actions that sparked this international controversy.

image for Arkansas City Respon ...

 Cyber News

Arkansas City, Kansas, experienced a cybersecurity incident on Sunday, September 22, 2024, involving its Water Treatment Facility. While the nature of the incident has yet to be fully disclosed, the city government emphasized that the water supply remains safe and that no disruption to service has occurred. The   show more ...

Arkansas City water treatment cyberattack incident prompted the city to take precautionary measures and transition the water treatment operations to manual control as part of their response. Details About Arkansas City Water Treatment Cyberattack In a statement shared through the city’s official LinkedIn account, Arkansas City officials confirmed that the issue began early Sunday morning. The City of Arkansas City encountered a cybersecurity issue early Sunday morning, September 22, 2024, involving its Water Treatment Facility," the post read. City Manager Randy Frazer assured residents that despite the incident, there was no risk to public health or the quality of the water. Frazer further emphasized the city’s focus on maintaining operations during the incident. "Despite the incident, the water supply remains completely safe, and there has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period," Frazer stated. Although the full extent of the Arkansas City water treatment cyberattack is yet to be determined, city officials have already engaged cybersecurity experts and government authorities to resolve the issue. Meanwhile, the Arkansas City government has deployed enhanced security measures to safeguard the water treatment facility against further intrusions. Efforts are currently focused on restoring the facility’s automated operations, though no changes in water quality or supply interruptions are anticipated for the city's residents. Cybersecurity Threats to Water Utilities on the Rise This Arkansas City water treatment cyberattack comes amid growing concerns over the vulnerability of U.S. water utilities to cyberattacks. Cybersecurity breaches targeting critical infrastructure, particularly water treatment facilities, have increased in frequency and severity across the country. Earlier this year, the Environmental Protection Agency (EPA) issued a warning that water utilities, especially smaller ones, are becoming frequent targets of cyberattacks by malicious actors, including state-sponsored hackers. According to a recent report by the EPA, around 70% of utilities inspected in the past year were found to be in violation of cybersecurity standards designed to prevent breaches or other forms of unauthorized access. The EPA has urged water systems, including smaller and rural facilities, to improve their cybersecurity defenses immediately. These incidents pose significant risks, not only to the water supply but also to public health and safety. One of the most concerning developments involves foreign cybercriminal groups. Recent attacks have been traced back to groups with affiliations to Russia and Iran, targeting smaller and more vulnerable water utilities in the U.S. These groups have been particularly focused on disrupting critical infrastructure in rural or less populated areas, which often have fewer resources to implement advanced cybersecurity protocols. Response to Foreign Cyberattacks In August 2024, the U.S. State Department announced that six Iranian government hackers were identified as being responsible for a series of cyberattacks targeting U.S. water utilities in the fall of 2023. These hackers have been linked to various cyber operations against critical infrastructure, and in response, the U.S. has escalated efforts to track down and deter such activities. The State Department’s Rewards for Justice program is now offering up to $10 million for information leading to the identification or location of these six hackers. The program specifically targets individuals engaged in malicious cyber activities under foreign government control, with a focus on activities that violate the Computer Fraud and Abuse Act and threaten U.S. infrastructure, such as water treatment facilities. Similar Cybersecurity Incidents in Wichita Arkansas City Water Treatment cyberattack incident comes only a few months after a significant cyberattack on the City of Wichita, Kansas, in June 2024. The Wichita attack disrupted multiple city services, including water metering, billing, and payment processing systems. While most public-facing systems have since been restored, the recovery process has been lengthy, with some services still being gradually brought back online. Wichita city officials have reported progress in recovering from the attack, stating that water billing and payment systems have resumed normal operations. Customers can now pay their bills using various methods, including online portals, by phone, or in person. However, due to the disruption, some residents may see their June bills covering more than 60 days of service. Wichita has provided additional support to customers struggling with larger bills, encouraging them to set up payment plans. Moving forward, water systems nationwide, regardless of size, must prioritize cybersecurity as part of their overall operations to protect both infrastructure and public health. For now, Arkansas City residents can be confident that their water supply remains unaffected. City officials, alongside cybersecurity professionals, are working to resolve the incident and ensure that any vulnerabilities in the system are addressed.

image for How to make offline ...

 Tips

With browser bookmarks, Gmails bottomless inbox, the ever-present Wikipedia, and the effective backup of iOS devices in iCloud, its easy to get the impression that data online is stored both safely and forever. Sadly though —  its not always the case. Therefore, its a good idea to make a backup of important   show more ...

personal information and protect it from ransomware and spyware. This post examines the whats, whys, and hows of the backup process. Nine loss scenarios We could write a fat textbook on how online data can disappear or otherwise become inaccessible, but well limit ourselves here to listing some real-life instances of data going AWOL to better demonstrate their variety: You bookmark your favorite recipes on a cooking website, but, after a redesign and restructuring of the site, the articles move to new addresses and your links are broken. You listen to music on a streaming service, but songs disappear from your playlist because of copyright issues. You chat with friends in a messenger and expect the chat history to be there forever — but the service shuts down and your history is lost. You compile a bibliography for a thesis or research paper, but some of the referenced articles are published on sites that later close down or get paywalled. You use a free note-taking service that suddenly becomes payable or shuts down. You saved a link to a helpful tax and benefits guide on a government website, but some time later it becomes unavailable. You store your photos and videos in an online photo album, but the provider decides to lower the image resolution, which causes blurring of video backgrounds and text in screenshots. You published a website, but the hosting provider loses all your data in a cyberattack. You liked or published a social media post, but a few months later you cant find it. It might not even be deleted — you just have no means to search for it. Online content loss can be divided up into two distinct types: (1) where you can no longer find information that used to be publicly available; and (2) where you lose your own data: notes, photos, or documents. The first type of data loss is global in scale: according to a recent study, 38% of links active in 2013 were broken ten years later. For government websites, this figure is 13%; for Wikipedia links — 11%. A recent report on Chinas internet landscape stated that web pages published before 2004 were near impossible to find since site owners actively purge old content. In an ironic twist, the posts of a Chinese blogger on this topic were themselves deleted. Losing your own non-public data occurs less often, but hits much harder, so backing it up should be a priority. What to save and how First of all, make a list of all your important data. Think carefully about whats really valuable to you in the digital world, and where its stored. Family photos? Household accounts? PhD thesis? Design ideas for your future apartment? Personal notes? Tracks of all your runs? Sort everything in descending order of importance, and make backups working your way down. Depending on the type of information, there are several backup options. Downloading files to your drive This is the simplest way to back up photos, documents, and other files that are stored online and can be easily opened on a computer. Saving web pages in the same way is harder, but still doable — for example, you can use the Save as PDF option. We recommend creating a coherent storage system on your computer so that you can easily find such files later. If their volume is too large, you can use a removable drive or set up network-attached storage (NAS) at home. To protect your data from ransomware and spyware, use robust security software, such as Kaspersky Premium. And to insure against equipment malfunction, you can set up a RAID array of drives on your computer or NAS device (the simplest, most reliable, but pricier option is RAID 1). Exporting from online services Online applications and services that dont use files as such (messengers, email clients, databases, note apps) often let you export data, or create an archive file or backup. Read the respective help and explore the settings to find out how to export and what formats are available. Usually, the most common formats are offered: HTML, PDF, TXT, or CSV. In this case, exported data can be easily viewed without specialized software and then migrated to another service. At the end of this post youll find links to backup-guides for popular online services. But sometimes the export file is a black box containing a backup that only allows data restoration within the same service. This is the case, for example, with WhatsApp backups stored on Google Drive or iCloud. Using specialized software Some online services offer no export or backup options at all — social networks and streaming services are often guilty of this. In this case, its worth doing a search for a specialized export tool or online service using queries like SERVICENAME export or SERVICENAME backup. Two important warnings: before downloading anything, (1) install reliable protection on your computer to avoid picking up malware instead of a useful tool; and (2) make sure that the export procedure doesnt violate local laws or copyrights. Saving data backup to another online service For important web pages, you can create backups in specialized services. For example, Pocket is great for personal use — the premium version saves not just a link to the document, but a full-text copy of it. For public use, copies of web pages can be saved to the internet archive web.archive.org or the like-minded archive.is. Well soon be posting about these services separately. Storing backups in multiple online services at the same time This insures against shutdown or technical issues with one of the services. You can combine this tip with the first one above by downloading files and saving them, say, to a Dropbox local folder on your own drive, which will automatically sync with your cloud storage. This way, the file will have both offline and cloud backups. Storing two copies of a document, for example, in OneDrive and Google Drive may seem paranoid, but it truly is reliable. Setting up automatic backups to another service This is the pinnacle of internet archiving — eliminating the need to update backups manually. For files, you can create a scheduled task for copying from one folder to another — allowing you to duplicate them on your home server and in cloud storage. Some note-taking services have additional sync modules that let you automatically create, say, a note in Joplin or Obsidian when new tasks appear in Todoist, add movies marked favorite on IMDb to separate notes, copy articles saved in Pocket to Evernote, and so on. Many such scenarios can be implemented through ready-made recipes in cross-platform automation tools like IFTTT and Zapier. When data migration is backed up by the law In some countries and regions, the right to download ones data and migrate it to another service (data portability) is enshrined in law: among them are the European Union, India, Brazil, and the US State of California. If your online service offers no export or backup options, you can contact support, cite the relevant law, and get a copy of your data. Remember to back up your online data on a regular basis — at least once a month. How to back up data from specific online services Because recommendations vary depending on the service and type of data, we have a series of dedicated posts grouped together with the backup tag. The list will be updated and supplemented regularly, but right now you can read about creating backups for the following: Notion Telegram Whats?pp Authenticator apps for two-factor authentication Other services And dont forget to keep your backups safe!

image for Timeshare Owner? The ...

 A Little Sunshine

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two   show more ...

dozen phony escrow, title and realty firms. One of the phony real estate companies trying to scam people out of money over fake offers to buy their timeshares. One evening in late 2022, someone phoned Mr. & Mrs. Dimitruk, a retired couple from Ontario, Canada and asked whether they’d ever considered selling their timeshare in Florida. The person on the phone referenced their timeshare address and said they had an interested buyer in Mexico. Would they possibly be interested in selling it? The Dimitruks had purchased the timeshare years ago, but it wasn’t fully paid off — they still owed roughly $5,000 before they could legally sell it. That wouldn’t be an issue for this buyer, the man on the phone assured them. With a few days, their contact at a escrow company in New York called ecurrencyescrow[.]llc faxed them forms to fill out and send back to start the process of selling their timeshare to the potential buyer, who had offered an amount that was above what the property was likely worth. After certain forms were signed and faxed, the Dimitruks were asked to send a small wire transfer of more than $3,000 to handle “administrative” and “processing” fees, supposedly so that the sale would not be held up by any bureaucratic red tape down in Mexico. These document exchanges went on for almost a year, during which time the real estate brokers made additional financial demands, such as tax payments on the sale, and various administrative fees. Mrs. Dimitruk even sent them a $5,000 wire to pay off her remaining balance on the timeshare they thought they were selling. In a phone interview with KrebsOnSecurity, Mr. Dimitruk said they lost over $50,000. “They kept calling me after that saying, ‘Hey your money is waiting for you here’,” said William Dimitruk, a 73-year-old retired long-haul truck driver. “They said ‘We’re going to get in trouble if the money isn’t returned to you,’ and gave me a toll-free number to call them at.” In the last call he had with the scammers, the man on the other end of the line confessed that some bad people had worked for them previously, but that those employees had been fired. “Near the end of the call he said, ‘You’ve been dealing with some bad people and we fired all those bad guys,'” Dimitruk recalled. “So they were like, yeah it’s all good. You can go ahead and pay us more and we’ll send you your money.” According to the FBI, there are indeed some very bad people behind these scams. The FBI warns the timeshare fraud schemes have been linked to the Jalisco New Generation drug cartel in Mexico. In July 2024, the FBI and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned the Jalisco cartel is running boiler room-like call centers that target people who own timeshares: “Mexico-based [transnational criminal organizations] such as the Jalisco New Generation Cartel are increasingly targeting U.S. owners of timeshares in Mexico through complex and often yearslong telemarketing, impersonation, and advance fee schemes. They use the illicit proceeds to diversify their revenue streams and finance other criminal activities, including the manufacturing and trafficking of illicit fentanyl and other synthetic drugs into the United States.” A July 2024 CBS News story about these scams notes that U.S. and Mexican officials last year confirmed that as many as eight young workers were confirmed dead after they apparently tried to quit jobs at a call center operated by the Jalisco cartel. Source: US Department of the Treasury’s Office of Foreign Assets Control. The phony escrow company the Dimitruks dealt with — ecurrencyescrow[.]llc — is no longer online. But the documents sent by their contact there referenced a few other still-active domains, including realestateassetsllc[.]com The original registration records of both of these domains reference another domain — datasur[.]host — that is associated with dozens of other real estate and escrow-themed domains going back at least four years. Some of these domains are no longer active, while others have been previously suspended at different hosting providers. 061nyr[.]net 061-newyorkrealty[.]net 1nydevelopersgroupllc[.]com 1oceanrealtyllc[.]com advancedclosingservicesllc[.]com americancorporatetitle[.]com asesorialegalsiglo[.]com atencion-tributaria.[]com carolinasctinc[.]net closingandsettlementservices[.]com closingandsettlementsllc[.]com closingsettlementllc[.]com crefaescrowslimited[.]net ecurrencyescrow[.]llc empirerllc[.]com fiduciarocitibanamex[.]com fondosmx[.]org freightescrowcollc[.]com goldmansachs-investment[.]com hgvccorp[.]com infodivisionfinanciera[.]com internationaladvisorllc[.]com jadehillrealtyllc[.]com lewisandassociaterealty[.]com nyreputable[.]org privateinvestment.com[.]co realestateassetsllc[.]com realestateisinc[.]com settlementandmanagement[.]com stllcservices[.]com stllcservices[.]net thebluehorizonrealtyinc[.]com walshrealtyny[.]net windsorre[.]com By loading ecurrencyescrowllc[.]com into the Wayback Machine at archive.org, we can see text at the top of the page that reads, “Visit our resource library for videos and tools designed to make managing your escrow disbursements a breeze.” Searching on that bit of text at publicwww.com shows the same text appears on the website of an escrow company called Escshieldsecurity Network (escshieldsecurity[.]com). This entity claims to have been around since 2009, but the domain itself is less than two years old, and there is no contact information associated with the site. The Pennsylvania Secretary of State also has no record of a business by this name at its stated address. Incredibly, Escshieldsecurity pitches itself as a solution to timeshare closing scams. “By 2015, cyber thieves had realized the amount of funds involved and had targeted the real estate, title and settlement industry,” the company’s website states. “As funding became more complex and risky, agents and underwriters had little time or resources to keep up. The industry needed a simple solution that allowed it to keep pace with new funding security needs.” The domains associated with this scam will often reference legitimate companies and licensed professionals in the real estate and closing businesses, but those real professionals often have no idea they’re being impersonated until someone starts asking around. The truth is, the original reader tip that caused KrebsOnSecurity to investigate this scheme came from one such professional whose name and reputation was being used to scam others. It is unclear whether the Dimitruks were robbed by people working for the Jalisco cartel, but it is clear that whoever is responsible for managing many of the above-mentioned domains — including the DNS provider datasur[.]host — recently compromised their computer with information-stealing malware. That’s according to data collected by the breach tracking service Constella Intelligence [Constella is currently an advertiser on KrebsOnSecurity]. Constella found that someone using the email address exposed in the DNS records for datasur[.]host — jyanes1920@gmail.com — also was relieved of credentials for managing most of the domains referenced above at a Mexican hosting provider. It’s not unusual for victims of such scams to keep mum about their misfortune. Sometimes, it’s shame and embarrassment that prevents victims from filing a report with the local authorities. But in this case, victims who learn they’ve been robbed by a violent drug cartel have even more reason to remain silent. William Dimitruk acknowledged that he and his wife haven’t yet filed a police report. But after acknowledging it could help prevent harm to other would-be victims, Mr. Dimitruk said he would consider it. There is another reason victims of scams like this should notify authorities: Occasionally, the feds will bust up one of these scam operations and seize funds that were stolen from victims. But those investigations can take years, and it can be even more years before the government starts trying to figure out who got scammed and how to remunerate victims. All too often, the real impediment to returning some of those losses is that the feds have no idea who the victims are. If you are the victim of a timeshare scam like this, please consider filing a report with the FBI’s Internet Crime Complaint Center (IC3), at ic3.gov. Other places where victims may wish to file a complaint: Federal Trade Commission – https://www.ftccomplaintassistant.gov International Consumer Protection and Enforcement Network – https://www.econsumer.gov/en Profeco – Mexican Attorney General – https://consulmex.sre.gob.mx/montreal/index.php/en/foreigners/services-foreigners/318-consumer-protection

image for Sophisticated RAT Hi ...

 Feed

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.

 Feed

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

 Feed

Ubuntu Security Notice 7034-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.

 Feed

Ubuntu Security Notice 7032-1 - It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling.

 Feed

Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel   show more ...

did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.

 Feed

Ubuntu Security Notice 7031-2 - USN-7031-1 fixedCVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes theCVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.

 Feed

Ubuntu Security Notice 7031-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.

 Feed

Red Hat Security Advisory 2024-6827-03 - Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include an open redirection vulnerability.

 Feed

Red Hat Security Advisory 2024-6818-03 - Red Hat OpenShift Container Platform release 4.15.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6811-03 - Red Hat OpenShift Container Platform release 4.13.51 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the

 Feed

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions

 Feed

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many

 Feed

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs  Phishing URLs are often long, confusing, or filled with random characters. Attackers use these to disguise the link's true destination

 Feed

Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same

 Feed

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch

 Feed

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said

 Feed

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik

2024-09
Aggregator history
Wednesday, September 25
SUN
MON
TUE
WED
THU
FRI
SAT
SeptemberOctoberNovember