Hacking and Cyber Security News

Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malspam messages that reported issues related to a debt of the year 2018. In detail, the emails are related to the Rendimento de Pessoas Singulares – IRS (annual tax declaration), and any citizen who has received the message can be misled by criminals – as the end of the year is the right time to discuss issues within this context. The malware was named ‘Lampion’ as this is the name used as part of its internal name. Regarding a broad analysis, it looks like the Trojan-Banker.Win32.ChePro family, but with improvements that make hard its detection and analysis.

The report predicts hackers will increasingly target the political scene and activists using deepfake content and other infamous cyber weapons. A top prediction on Experian’s list involves phishing, a time-tested vector favored by hackers. Another noteworthy projection is that cyber-crooks will begin leveraging deepfake content to help influence political outcomes – i.e. in nation-states with upcoming elections or ongoing political turmoil. “As this technology comes of age and becomes readily accessible it will increasingly be used by cybercriminals and nation states to foster real disruption – both in financial markets and in politics,” according to the forecast. As the technology used to create deepfakes advances rapidly, motivated threat actors will likely increasingly harness its believability to achieve a plethora of end goals, including to sow political discord in targeted nation-states.

The Development and Technology Committee of the House of Representatives today passed the Information Technology Bill ignoring the opposition of Nepali Congress lawmakers in the panel. The bill proposes a severe penalty for an offence against the state and computer hacking. The bill also provisions a fine not exceeding Rs 1.5 million or a jail term not exceeding five years, or both, for posting content on social networking sites that may pose a threat to the country’s sovereignty, security, unity or harmony. The committee proposed to impose a fine of up to Rs 50,000 or six months jail term or both on those found guilty of cyber bullying. The original bill had proposed to punish people guilty of cyber bullying with a fine not exceeding Rs 1 million or jail term not exceeding five years or both. The original bill had only stated that those found guilty of the above-mentioned crimes shall be prosecuted under offense against state laws. For those responsible for deleting or interfering wit...

Automated filtering and quick takedown requirements would disrupt the volunteer model of real-time editing of information, Wikimedia has said in a letter to IT Minister Ravi Shankar Prasad. Automated filtering and quick takedown requirements would disrupt the volunteer model of real-time editing of information followed by the online encyclopaedia, the Wikimedia Foundation has said in a letter to Information Technology Minister Ravi Shankar Prasad. Short response times for removals that would essentially require the use of automatic systems would interfere with people’s ability to collaborate in real time on Wiki, the collaborative, open editing model that has been crucial to Wikipedia’s growth,” the letter said. Fulfilling mandatory content removal requirements from one country would leave problematic gaps in Wikipedia for the whole world, break apart highly context-specific encyclopedic articles, and prevent people from accessing information that may be legal in their country.”

Each year, millions of ransomware attacks paralyze computer systems of businesses, medical offices, government agencies and individuals. As a result, although many companies cite ransomware in filings as a risk, they often don’t report attacks or describe them in vague terms, according to experts in securities law and cybersecurity. Even when companies do allude to an attack in SEC filings, they typically resort to euphemisms rather than the very word that best describes what paralyzed their business and caused millions of dollars in losses.

The Patiala police have registered over two dozen online fraud cases in the district in the past one year. Not only common man, but ministers and singers too fell prey to such frauds. On December 8, Punjabi singer Paramjit Singh alias Pammi Bai was cheated of Rs 1.09 lakh in a case of online fraud, prompting the Patiala police to register a case against one Sahil Pirzada of Faridabad, Haryana. In his complaint, Pammi said he received an invitation through an email for a recording session with ‘Coke Studio’ and a reputed TV channel at Mumbai in February. He said the accused posed himself as a public relations officer (PRO) of the TV channel. On his demand, the singer transferred Rs 26,400 as fee and Rs 26,400 as security deposit in his bank account. After four days, the accused asked him to pay 1% of the amount he is getting on YouTube for his songs, following which Pammi allegedly paid him Rs 16,000. He told police that he again deposited an amount of Rs 20,000 as security to be on air...

Wyze, a company that sells smart devices like security cameras, smart plugs, smart lightbulbs, and smart door locks, confirmed today a server leak that exposed the details of roughly 2.4 million customers. Song showed his dissatisfaction with how the two parties, Twelve Security and IPVM, handled the data leak disclosure, giving Wyze only 14 minutes to fix the leak before going public with their findings. Song confirmed that the leaky server exposed details such as the email addresses customers used to create Wyze accounts, nicknames users assigned to their Wyze security cameras, WiFi network SSID identifiers, and, for 24,000 users, Alexa tokens to connect Wyze devices to Alexa devices. The Wyze exec denied that Wyze API tokens were exposed via the server. The Wyze exec said they only collected health data from 140 users who were beta-testing a new smart scale product. Either way, Wyze said it decided to forcibly log out all Wyze users out of their accounts and unliked all third-party ...

Attackers are taking no breaks and actually pull harder before holidays, as shown by a San Antonio mental health services provider and a New Mexico hospital impacted by malware attacks according to reports and disclosures published before Christmas. Mental health provider takes down systems The CHSC provides various mental health services to adults and children with "mental health conditions, substance use challenges and intellectual or developmental disabilities" from San Antonio, Texas. "We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact." Patients encouraged to monitor credit reports New Mexico's RGH issued a security incident notice on December 23 to disclose a malware infection that affected one of its radiology servers last month, on November 14. "Although it is not been confirmed that the compromise of any data actually occurred, RGH is alerting potentially affected pa...

Maastricht University (UM) announced ransomware infected almost all of its Windows systems on Monday, December 23. “Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services.” reads the notice published by the UM. UM is investigating if the cyber attackers have had access to this data.” The UM is investigating the incident and is working to restore operations, it also reported the incident to law enforcement. The university did not reveal details of the attack, it is not clear the family of ransomware that infected its systems. In response to the attack, the UM has taken down its systems as a precautionary measure.  “In order to work as safely as possible, UM has temporarily taken all of its systems offline.” reads an update published by the university.

Malicious USB sticks are leveraged where an attacker needs physical access to a computer. The first notorious incident was observed back in 2010 when the notorious Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility.

The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. "Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files," says the USCG. Operations shut down for over 30 hours Even though the Marine Safety Information Bulletin (MSIB) doesn't mention the type of facility or its name, it's safe to assume that it must be a port seeing that the ransomware managed to infiltrate cargo transfer industrial control systems. "The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations," adds the USCG.

A cyber attack has shut down the computer network at the Center for Health Care Services, Bexar County’s largest provider of mental health and substance abuse services. CEO Jelynne LeBlanc Burley confirmed Tuesday that the company’s system was included in a larger-scale cyber attack last week that’s under investigation by federal law enforcement agencies. Burley said she doesn’t know whether the attacker demanded a ransom from the center. She said federal officials called the center last week about the attack, and that the center’s techs isolated the threat to a single computer server. Burley decided to shut down the center’s entire computer system as a precaution. “We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact.” CHCS operates several locations in San Antonio, including a walk-in mental health clinic and mobile crisis outreach team, substance abuse recovery facilities and programs at the homeless services cam...

Connecticut Secretary of the State Denise Merrill says the state will receive about $5 million in federal funds to help protect the 2020 elections from cyberattacks. According to a news report, Merrill says the money is Connecticut’s share of a $425 million federal fund approved by Congress to enhance the integrity of electoral systems all across the country. Merrill says it will be used for cybersecurity for Connecticut’s unique election system of 169 independent towns and give voters the confidence that their ballots are secure. In addition, Merrill says she’s grateful to the state’s congressional delegation and the U.S. House of Representatives for fighting to secure the federal funds. “Without that faith in elections, we will really have a problem in 2020. Because I don’t need to tell you people are already suspicious of everything. And so we want to make sure that we can do everything we can to make sure this is the smoothest election we’ve ever had,” Merrill says.

Machines also need to authenticate themselves to each other so they can communicate securely, relying on cryptographic keys and digital certificates, which serve as machine identities. To better understand the gap between implementation of security controls for human identities and those for machine identities, Venafi evaluated responses from over 1,500 IT security professionals from the U.S., U.K., France, Germany, and Australia across a range of company sizes and industries. Just half (54%) of organizations have a written policy on length and randomness for keys for machine identities, but 85% have a policy that governs password length for human identities. Organizations will spend over $10 billion protecting human identities this year, but they are just getting started with machine identity protection. “Machine identities are a relatively new, and very effective, point of attack, but there is a huge gap between the security controls applied to human identities and those applied to m...

To understand the evolving, shadowy world of cyberwarfare, start with Ukraine. “You can’t really find a space in Ukraine where there hasn’t been a [cyber] attack,” a NATO ambassador tells Wired correspondent Andy Greenberg. “Turn over every rock, and you’ll find a computer network operation.” Beginning in 2015, Ukraine was on the receiving end of vicious cyberattacks that experts later determined were launched by Russia. The attacks were ruthless, targeting every aspect of Ukrainian society: government servers, media organizations, transportation hubs. Ukrainian cyber experts watched helplessly as systems began to crash all around them. There were no public schedules or train service one day. ATMs went dark the next. The coup de grace came when the hackers targeted the electricity grid, plunging hundreds of thousands of innocent Ukrainians into darkness.

Truckstop.com, a leading provider of software-enabled services to the trucking industry suffered a malware attack that crippled the company over the Christmas holiday week. The customer fallout for Truckstop.com is likely to be short-lived assuming the company is able to fully restore services by January 6th, when most trucking companies and brokers are back in full swing. Many members of the Truckstop team worked tirelessly through the Christmas week to restore systems and resume operations, sacrificing time with friends and family. The company, which is one of the largest payment and factoring providers in trucking, processed thousands of freight bills the night before Christmas. The malware attack was first reported by FreightWaves Monday morning, with Truckstop.com providing continuous updates to customers and FreightWaves through the holiday week. Truckstop.com teams have restored most major desktop services and continue working to bring critical systems back online, including mob...

Patients of Roosevelt General Hospital in Portales, New Mexico are told to monitor their credit reports after the healthcare unit discovered malware on a digital imaging server used in radiology that contained patient information. Although it’s unclear if any patient data was compromised in the hack, RGH is alerting potentially affected patients and offering assistance in monitoring their information, local news outlet The Roosevelt Review reports. Information contained on the server included names, addresses, date of birth, driver’s licenses numbers, Social Security numbers, phone numbers, insurance information, medical information and gender, the hospital said in its advisory. RGH says its IT staff “secured and restored” the server and patient information as soon as the breach was identified, suggesting the infection may have damaged the data – i.e. a ransomware contagion. RGH Marketing and Public Relations Director Jeanette Orrantia advises patients who receive a notice to monitor t...

Billy Altidor, 29, and Evanie (Eva) Louis, 27, admit that in 2014 and 2015, they stole Social Security benefits owed people old enough to be their grandparents. As part of a conspiracy, the defendants accessed, or attempted to access, My Social Security online accounts belonging to more than 1,400 people, prosecutors said. To gain access, they used stolen data called “personally identifiable information.” That's sensitive data such as Social Security numbers, dates and places of birth, and mothers’ maiden names — information that fraudsters covet since it fuels a long list of crimes. People complained of unauthorized changes to their addresses or bank accounts, according to the SSA's Office of Inspector General (OIG), a government entity that investigates waste, fraud and abuse in the agency's programs and operations. It's a theft of benefits via the redirection of the payment from the account of the beneficiary to the fraudster,” Gail S. Ennis, the inspector general fo...

CCPA is regarded by data privacy advocates as one of the most sweeping data privacy regulations in the US to date. CCPA is somewhat similar to the General Data Protection Regulation (GDPR), the data privacy law in the European Union, in that companies are required to disclose to their users what personal data of theirs is being collected, whether it is sold, and to whom. While I applaud Microsoft, Google, and other companies for leading the way with ambitious data privacy policies, I also have a healthy dose of skepticism about the motivations for doing so, and also about their ability to actually execute on this. In an early Dark Reading column, I explored the ramifications of the British Airways data breach involving an orchestrated phishing campaign that compromised the personal data of almost 500,000 customers of the airline. This includes making companies minimize the data they collect about people, specify the purposes for which they are collecting and using people's data, a...

This gives Firefox users more options as to which DoH provider they use for secure DNS lookups. When Mozilla announced that they would be testing the DoH implementation solely with Cloudflare DNS servers, users were concerned that using a single provider decreased user's privacy and gave that provider too much data about Firefox's users. In a blog post, Firefox has announced that they have vetted NextDNS through their Trusted Recursive Resolver Program and that they will be an additional DoH provider that users can select in Firefox. The Trusted Recursive Resolver Program requires DNS providers to adhere to certain security and privacy practices before being approved by Mozilla. In Firefox Nightly 73, if users go to the Firefox options > General > Settings under Network Settings > Enable DNS over HTTPS, they can now select NextDNS as a DoH provider. NextDNS as a DoH Provider in Firefox Giving users more options and choices is a far better approach th...