Feed aggregator

Blockchain Startups Move From Coin Offerings to Investment for Funding

Info Security - Thu, 04/30/2020 - 11:35
Blockchain Startups Move From Coin Offerings to Investment for Funding

Almost 3000 new Blockchain companies have been created in the UK since 2008, but there is a move towards funding rather than initial coin offerings (ICOs).

According to research by MMC Ventures, 2700 Blockchain companies have been created in the UK since 2008 and in the first 10 years, only 9% were funded by investors and the majority by raising capital ICOs. However, the ICO funding model has become increasingly difficult due a crash in crypto prices, so companies are shifting to equity finance and placing a greater emphasis on company fundamentals.

The MMC Ventures report Crypto Winter or Crypto Spring? Reasons to be Optimistic on the UK’s Blockchain Ecosystem showed that between January 2017 and December 2019, UK Blockchain companies raised £1.2bn via ICOs, compared to £525m invested in equity. However, in an environment where entrepreneurs were focused on the token price rather than the business proposition, few were interested in creating long-term value, and a large number of ICOs were determined scams.

Since 2019, UK Blockchain startups have attracted £168m in equity funding. Report author Asen Kostadinov said that while capital may be less abundant than it was during the ICO bubble, resources are being deployed more efficiently and targeted at fundamental areas of the technology stack.

He said: “The growing share of ‘live’ Blockchain, or ‘Blockchain-inspired,’ deployments suggests we are seeing the first signs of maturity in the technology. While it took the internet approximately 30 years to become ‘usable’ by businesses, Blockchain has made that transition in a third of the time.
 
“At MMC Ventures, Blockchain will continue to be an area of research and investment focus. We back entrepreneurs that are changing industries at the most fundamental level and we believe that applications of Blockchain technology in the enterprise will have that kind of transformative impact in the coming years.”
 
Along with a rise in Blockchain adoption in the financial services sector, supply chain management is a core use-case for Blockchain technologies, while 11% of Blockchain businesses come from the media and advertising sector, where Blockchain enables efficient traceability via digital asset management and micropayments.

Categories: Cyber Risk News

Hospitals Deliberately Targeted by Ransomware During #COVID19 Peak

Info Security - Thu, 04/30/2020 - 11:00
Hospitals Deliberately Targeted by Ransomware During #COVID19 Peak

Despite promises from some ransomware groups to avoid targeting healthcare organizations (HCOs) during the COVID-19 crisis, multiple campaigns decided to activate in early April after months of planning, according to Microsoft.

The firm’s threat protection intelligence team claimed that the highly targeted “human-operated” attacks it has been monitoring were begun at the start of the year when victim networks were compromised.

The decision to activate the deployments in the first two weeks of April can therefore be seen as a deliberate ploy to maximize financial returns. Groups including Maze, NetWalker, DoppelPaymer and CLOP had promised to hold fire on HCOs during the pandemic.

Several weaknesses in victim organizations have been exploited: RDP or virtual desktop endpoints without multi-factor authentication, end-of-life platforms like Windows Server 2003, misconfigured web servers, Citrix Application Delivery Controller (ADC) systems affected by CVE-2019-19781 and Pulse Secure VPN systems affected by CVE-2019-11510.

Attackers use tactics familiar to classic APT-style multi-stage breaches, including credential theft, lateral movement using tools such as Mimikatz and Cobalt Strike, network reconnaissance, persistence and data exfiltration.

In fact, according to Microsoft, organizations should now assume data will be taken as part of a ransomware attack, if the payloads include RobbinHood, Maze, PonyFinal, Vatet loader, REvil or NetWalker. Other ransomware families used in similar attacks include Paradise, RagnarLocker, MedusaLocker and LockBit.

“While only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold data yet,” it said.

Microsoft advised HCOs and organizations in other affected sectors to urgently investigate affected endpoints and credentials and address internet-facing weaknesses. It also warned that the following vulnerabilities may soon be exploited by the same ransomware gangs: CVE-2019-0604CVE-2020-0688CVE-2020-10189.

“As ransomware operators continue to compromise new targets, defenders should proactively assess risk using all available tools,” it concluded.

“You should continue to enforce proven preventive solutions — credential hygiene, minimal privileges and host firewalls — to stymie these attacks, which have been consistently observed taking advantage of security hygiene issues and over-privileged credentials.”

Categories: Cyber Risk News

Europe’s GDPR Regulators Woefully Under-Resourced

Info Security - Thu, 04/30/2020 - 10:00
Europe’s GDPR Regulators Woefully Under-Resourced

Europe’s data protection regulators are woefully under-staffed with technology experts and financial resources, meaning they can’t adequately enforce the GDPR against Big Tech’s legal firepower, according to new data from Brave.

The web browser company claimed in a new report this week that Europe’s governments have failed to arm their data protection authorities (DPAs) with the tools they need to enforce the GDPR — which is an obligation under Article 52(4) of the regulation.

As a result, it has filed a complaint with the European Commission against 27 member states, requesting it launch an infringement procedure against them.

“If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities,” said Brave chief policy officer, Johnny Ryan.

“Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech,’ and act without fear of vexatious appeals, but the national governments of European countries have not given them the resources to do so. The European Commission must intervene.”

The report argued that only five of Europe’s 28 national GDPR enforcers have more than 10 tech specialists, while half have budgets of under €5m. The UK’s ICO, which is said to be the largest and most expensive watchdog to run, has only 3% of its 680 staff focused on tech issues.

Almost a third of the EU’s tech specialists work for one of Germany’s regional DPA’s, while in Ireland, whose DPA handles Facebook and Google complaints, budget and headcount are “decelerating,” it claimed.

In fact, the Irish Data Protection Commission (DPC) has the highest caseload of any DPA in the EU, but just 21 tech experts to deal with investigations and a budget around a quarter of the UK’s.

Brave argued that this lack of resources mean infringements by tech giants are either not investigated or limited because the DPAs don’t have the capacity to defend their decisions in court.

Categories: Cyber Risk News

#COVID19 Drives Network Security Disruption for Global Firms

Info Security - Thu, 04/30/2020 - 09:05
#COVID19 Drives Network Security Disruption for Global Firms

Nearly two-thirds (64%) of global firms have experienced network security disruption due to the sudden recent shift to home working, with some predicting a major surge in data breaches, according to new reports out this week.

IT services firm Neustar polled hundreds of security professionals across Europe and the US to compile its latest Neustar International Security Council (NISC) findings.

It revealed that almost a quarter (23%) are experiencing major disruption to network security practices, while 61% said their VPNs have suffered connectivity issues. The figures may be linked to the fact that 29% of responding companies admitted not having a fully executable business plan for network security in the event of a major crisis.

Rodney Joffe, chairman of NISC and fellow at Neustar, argued that government lockdowns have dramatically changed network connection patterns across the globe.

“More than 90% of an organization’s employees typically connect to the network locally with a slim minority relying on remote connectivity via a VPN, but that dynamic has flipped,” he added.

“The dramatic increase in VPN use has led to frequent connectivity issues, and — especially considering the disruption to usual security practices — it also creates significant risk, as it multiplies the potential impact of a distributed denial-of-service (DDoS) attack. VPNs are an easy vector for a DDoS attack.”

DDoS attacks were named as the greatest concern of respondents (23%), followed by system compromise (22%) and ransomware (18%). Social engineering via email was named an increasing threat to organizations by most respondents (61%).

In fact, the surge in COVID-19-themed phishing attacks since the start of the pandemic will likely lead to a “dramatic increase” in data breaches, according to one vendor.

IT asset disposal firm DSA Connect argued that home workers are more likely to visit suspicious websites, and are more exposed to spear-phishing due to the large number of online or phone-based meetings filling their days.

According to the firm, the number of COVID-specific fraud reports registered with the UK’s National Economic Crime Centre in March was 277% higher than for the six weeks to March 18.

“In the wake of coronavirus and with more people working from home, fraudsters have stepped up their targeting of companies and their employees, and this dramatically increases the chances of data breaches,” predicted chairman, Henry Benham.

Categories: Cyber Risk News

Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks

Info Security - Thu, 04/30/2020 - 08:47
Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks

New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users.

reCAPTCHA walls are typically used to verify human users before allowing access to web content, thus sophisticated scammers are beginning to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages, and to make phishing sites more believable in the eyes of the victim, Barracuda Networks warned.

In fact, the security solutions provider observed a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages. This campaign used the lure of a voicemail receipt to fool users into solving the reCAPTCHA wall before being redirected to the malicious page, with any log-in info entered then sent straight to the scammers.

Steve Peake, UK systems engineer manager at Barracuda Networks, explained that users are particularly susceptible to phishing attacks at the current time due to mass remote working and large numbers of COVID-19-themed scams.

“In this difficult time, it is no surprise to see that cyber-scammers are seeking increasingly sophisticated methods of stealing log-in credentials and data from unsuspecting, remote workers.”

Fortunately, he added, there are a number of proactive measures employers and business owners can take to prevent a security breach.

“Most importantly, users must be educated about the threat so they know to be cautious instead of assuming a reCAPTCHA is a sign that a page is safe. Furthermore, whilst reCAPTCHA-based scams make it harder for automated URL analysis to be conducted, sophisticated email security solutions can still detect these phishing attacks using AI-based email protection solutions. Ultimately, however, no security solution will catch everything, and the ability of the user to spot suspicious emails and websites is key.”

Categories: Cyber Risk News

Clario Launches Free 24/7 Cybersecurity Helpline

Info Security - Wed, 04/29/2020 - 17:55
Clario Launches Free 24/7 Cybersecurity Helpline

A free cybersecurity helpline was launched today by London digital privacy and security company Clario.

The helpline is open 24 hours a day, 7 days a week and is available to anyone in the world who needs support on how to safely use the internet. Inquiries on any cybersecurity or online privacy–related topics can be emailed to staysafetogether@weareclario.com or submitted via the helpline page.

Users are invited to enter the details of the problem they are experiencing into an online form and click send. Clario has promised that a tech expert will send a personalized solution to each user within four hours of their submission. 

A team of more than 600 tech-support agents will be on hand to resolve issues such as how to shop and pay bills online, how to resolve a slow internet connection at home, and how to protect yourself from cyber-attacks. 

Experts will also field inquiries on how to use technology to stay connected with family and friends while lockdown measures are in place to prevent the COVID-19 infection rate's rising to a level that overwhelms healthcare providers. 

Alun Baker, CEO of Clario Tech LTD, said the helpline had been inspired by the disruption to daily life caused by the outbreak of the novel coronavirus. 

“The pandemic has created much uncertainty in our daily lives. As of April 21, the FBI's Internet Crime Complaint Center has received more than 3,600 complaints related to COVID-19 scams," said Baker. 

“While we are diligently working towards bringing our highly anticipated security software to market, we felt a responsibility to utilize Clario's brilliant cybersecurity support staff to make a difference today. We want to help people feel more comfortable with migrating their day-to-day routines online.”

A recent survey of 2,000 Americans aged 18–55+ carried out by Clario and OnePoll found that a third of respondents were unaware that their personal data is being sold to third parties. It also found that, on average, Americans user the same password on 14 accounts. 

The new helpline "will serve as a convenient means of assisting people with overcoming these challenges," said a Clario spokesperson.

Categories: Cyber Risk News

Michigan Man Charged with N95 Mask Scam

Info Security - Wed, 04/29/2020 - 17:03
Michigan Man Charged with N95 Mask Scam

The United States has brought charges against a Michigan man accused of creating a fake e-commerce company that sold N95 masks online but didn't deliver them to customers. 

Rodney L. Stevenson II has been charged with wire fraud for his operation of an e-commerce website that allegedly scammed customers into paying for protective face masks that they never received. 

The 24-year-old Muskegon resident sold "Anti-Viral N95" masks for more than $40 per mask through the website EMGeneral.com, controlled by the limited liability company EM General, created by Stevenson in September 2019. While some customers were fobbed off with emails containing excuses about shipping issues, others said they were sent cheap fabric masks that did not conform to N95 standards. 

N95s are particulate-filtering facepiece respirator masks that meet the US National Institute for Occupational Safety and Health N95 standard of air filtration, requiring them to filter at least 95% of airborne particles.

Stevenson is accused of using stock photos from the internet to create an entirely fictitious professional management team for his e-commerce company. The nonexistent team was headed by CEO "Mike Thomas," whose identity Stevenson allegedly hid behind to send emails to customers who purchased masks, offering them more masks at a discount. 

Demand for Personal Protective Equipment (PPE), including face masks, has gone through the roof since the outbreak of COVID-19 in almost every country in the world. Lockdown measures imposed in an effort to slow the spread of the deadly virus mean shoppers are turning to online stores to meet their PPE needs.

"While sheltering in place, Americans are shopping on the internet like never before," said US Attorney David L. Anderson.

“Hospitals, healthcare providers and everyday people are understandably anxious to obtain N95 masks, N99 filters and other PPE."

Anderson described the alleged actions of Stevenson, who is accused of fraudulently profiting from a health crisis that has killed nearly 60,000 people in the United States alone, as a "consumer's nightmare."

“The criminal element is always ready to prey on fear and uncertainty, and it is all too easy to lie over the internet. The complaint alleges a consumer’s nightmare of fake web pages and false promises,” said Anderson. 

If convicted, Stevenson faces a maximum sentence of 30 years in prison, 5 years of probation, and a fine of $1m.

Categories: Cyber Risk News

PrimoHoagies Sued Over Data Breach

Info Security - Wed, 04/29/2020 - 16:11
PrimoHoagies Sued Over Data Breach

A Philadelphia chain of sandwich shops is facing a class-action lawsuit over a data breach that went undetected for 7 months.

Earlier this month, PrimoHoagies revealed that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020. Customers who made purchase in-store were not impacted. 

PrimoHoagies said it only discovered the breach "after receiving notice of unusual payment card activity from a few customers who ordered online."

According to a statement issued by PrimoHoagies Franchising, Inc. on April 17, "the affected payment card information may have included names, addresses, payment card numbers, expiration dates, and security codes."

The popular East Coast sandwich chain, which is based in Westville, franchises more than 85 eateries in eight states between Florida and New Jersey.

After discovering the prolonged breach, PrimoHoagies said it contacted "payment card brands so steps could be taken to prevent fraudulent activity on any affected cards," and advised customers to "carefully review and monitor their payment card account statements." 

On April 23, Edward D. Hozza III brought a suit against the sandwich shop chain, which he accuses of failing to take adequate steps to protect customers against the theft of "highly sensitive and personal payment card information."

In the filing, Hozza, of Lehigh County, Pennsylvania, states that his credit card company had to issue him with a new card after his account was used for fraudulent purchases in September 2019. 

According to the Cherry Hill Courier-Post, Hozza contends that the breach will cause victims "to undertake expensive and time-consuming efforts, including placing 'freezes' and 'alerts' with credit reporting agencies." He predicts that the number of PrimoHoagies customers affected by the cybersecurity breach is "likely in the millions."

The suit was filed in Camden Federal Court with Hozza represented by Anthony Christina of West Conshohocken, Pennsylvania. Hozza is seeking unspecified compensatory and punitive damages on behalf of all PrimoHoagies customers whose card payment data was exposed in the prolonged cybersecurity incident. 

The plaintiff is further seeking for PrimoHoagies to offer at least three years of identity theft– and credit card–monitoring services to all online customers affected by the breach.

Categories: Cyber Risk News

Five-Year PhantomLance Campaign Targeting Android Users

Info Security - Wed, 04/29/2020 - 11:00
Five-Year PhantomLance Campaign Targeting Android Users

An ongoing, multi-year cyber-espionage campaign targeted individuals in south-east Asia hundreds of times with malware that bypassed Google Play filters, according to Kaspersky.

Active since at least 2015, the PhantomLance campaign is thought to be the work of OceanLotus (aka APT32), a likely Vietnamese state-backed APT group that recently targeted the Wuhan provincial government and Chinese Ministry of Emergency Management to try and find more info on the origins of COVID-19.

PhantomLance features multiple versions of spyware varying in sophistication, which were designed to steal info such as geolocation, call logs, contact access, application lists and SMS access, as well as download additional malicious payloads.

They were distributed on multiple platforms including Google Play and APKpure, with the group’s actors going to great lengths to stay under the radar. This included creation of fake developer profiles on GitHub, as well as other tactics.

“The initial versions of applications uploaded to app marketplaces did not contain any malicious payloads or code for dropping a payload,” explained Kaspersky.

“These versions were accepted because they contained nothing suspicious, but follow-up versions were updated with both malicious payloads and code to drop and execute these payloads. We were able to confirm this behavior in all of the samples, and we were able to find two versions of the applications, with and without a payload.”

The security firm has spotted about 300 infection attempts on Android devices in India, Vietnam, Bangladesh and Indonesia, with Vietnam one of the top targeted countries as well as a location for malicious app development.

According to Kaspersky, PhantomLance payloads were at least 20% similar to the ones from an OceanLotus Android campaign and there were also overlaps with the APT group’s Windows and MacOS malware.

“This campaign is an outstanding example of how advanced threat actors are moving further into deeper waters and becoming harder to find. PhantomLance has been going on for over five years and the threat actors managed to bypass the app stores’ filters several times, using advanced techniques to achieve their goals,” argued Kaspersky security researcher Alexey Firsh.

“We can also see that the use of mobile platforms as a primary infection point is becoming more popular, with more and more actors advancing in this area. These developments underline the importance of continuous improvement of threat intelligence and supporting services, which could help in tracking threat actors and finding overlaps between various campaigns.”

Categories: Cyber Risk News

Twitter Switches Off SMS Services for Security Reasons

Info Security - Wed, 04/29/2020 - 09:45
Twitter Switches Off SMS Services for Security Reasons

Twitter has announced it is to switch off its SMS-based service in most countries for security reasons, marking the end of an era for the social network.

When it was first launched, the service was specifically built around SMS, with users texting their tweets, hence the 140-character limit. Things soon moved on as smartphones became near-ubiquitous and account holders switched to the more user-friendly app.

However, in an update this week, the firm said: “We want to continue to help keep your account safe. We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries.”

It’s unclear exactly what these vulnerabilities are, although Twitter previously switched off the ability to tweet via text after hackers hijacked the account of co-founder and CEO, Jack Dorsey.

On that occasion they managed to get hold of his phone number via a classic SIM-swap attack and used the feature to send out tweets in his name.

Twitter is not turning off SMS for two-factor authentication, although text-based authentication codes have been abused multiple times in the past by SIM-swap attackers.

“Everyone will still have access to important SMS messages needed to log in to and manage their accounts,” the firm said.

Twitter sought to tackle this problem in November last year when it allowed users to enroll in 2FA without a linked phone number, meaning they can choose any 2FA system that supports the FIDO2 WebAuthn protocol.

In February this year, the social network was forced to act to fix an API bug that was being abused by state actors to unmask individual users around the world.

The decision to abandon SMS-based tweets has been met with some resistance, as users took to the site to complain that the service is useful in situations such as power outages when internet connectivity goes down.

Categories: Cyber Risk News

Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

Info Security - Wed, 04/29/2020 - 08:52
Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

A major US pharmaceutical firm has revealed that ransomware attackers recently encrypted its servers and stole corporate and employee data.

ExecuPharm explained in a breach notification to the Office of the Vermont Attorney General that the incident occurred on March 13, when “unknown individuals” deployed ransomware to its IT systems and sought payment in return for a decryption key.

“As part of this incident, ExecuPharm employees received phishing emails from the unknown individuals,” it said.

“Upon a thorough investigation, ExecuPharm determined that the individuals behind the encryption and the sending of these emails may have accessed and/or shared select personal information relating to ExecuPharm personnel, as well as personal information relating to Parexel personnel, whose information was stored on ExecuPharm’s data network.”

Parexel is the Massachusetts-headquartered parent company of ExecuPharm.

The firm claimed that information stolen included: social security numbers, taxpayer IDs, driver’s license numbers, passport numbers, bank account details, credit card numbers, NI numbers and beneficiary information.

That represents a major haul for any data theft and one which could be sold on the dark web and/or, as has been reported, published online in an attempt to persuade the firm to pay the original ransom.

Matt Walmsley, EMEA director at Vectra, warned that there’s no publicly available decryption methods for the ransomware used in this attack, and that pharma companies rich with sensitive R&D represent a highly lucrative target for cyber-criminals.

“Attackers tend to target privileged entities associated with accounts, hosts and services due to the unrestricted access they can provide and to ease replication and propagation. Attackers will manoeuver themselves through a network and make that step from a regular user account, to a privileged account which can give them access to all the data they need in order to finalize their ransomware attack and bribe their victims,” he explained. 

“Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks. Early detection and response are key to gaining back control and stopping the attackers in their tracks before they can propagate across the organization, stealing and denying access to data.” 

Categories: Cyber Risk News

Researchers Develop Anonymization Model for #COVID19 Contact Tracing

Info Security - Wed, 04/29/2020 - 08:00
Researchers Develop Anonymization Model for #COVID19 Contact Tracing

A model for a contact tracing app that protects personal data has been developed by an interdisciplinary team at the Technical University of Munich (TUM). The researchers have created an encryption process that enables people who have come into close contact with a COVID-19-positive individual to be warned without their phones recognizing the infected person’s temporary contact number (TCN).

Contact tracing apps are seen as a crucial tool in slowing the spread of COVID-19 and helping to end lockdown measures, with a number currently in development in countries such as the UK. However, concerns over individual privacy regarding their use have been flagged in recent weeks, including fears that the personal data collected could be targeted by cyber-criminals.

Mobiles on which these apps are installed use Bluetooth technology to exchange randomly generated TCNs, which constantly change. The TCNs are collected locally on the devices and stored for a limited period. If someone tests positive for COVID-19, that person’s contacts are immediately notified.

Through an encryption process called private set intersection cardinality, the TUM team have found a means of cross-checking TCNs of infected individuals against those collected on mobile phones without the need to load the TCNs onto their contact’s phones.

“As a result, the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimized to a large extent,” explained physicist Kilian Holzapfel, TUM.

A successful qualification request for the app’s decentralized standard to the Bluetooth Special Interest Group has already been submitted. A prototype of the app is currently being tested with the Android operating system; however, the team expect it to be a few more weeks before it is available for use.

Categories: Cyber Risk News

US Attorney Advises Clients to Use McDonald's WiFi

Info Security - Tue, 04/28/2020 - 18:54
US Attorney Advises Clients to Use McDonald's WiFi

A US attorney has advised clients without a smartphone or mobile device to borrow one from a friend or neighbor and use the free WiFi provided by McDonald's to log onto virtual court hearings.

Elisabeth Trefonas, a senior assistant public defender based in Jackson, Wyoming, told the Associated Press that clients had experienced difficulties accessing hearings that have been held online since lockdown measures were introduced to slow the spread of COVID-19.

“Some of our clients don’t have tablets or smart devices,” said Trefonas, adding that she had also advised folks to connect via the free WiFi offered by public libraries. 

The Teton County Courthouse has been closed to the public since March 24, with Judge Timothy Day and Teton County Circuit Court Judge Jim Radda holding virtual hearings only. Instead of being surrounded by defendants, attorneys, victims, a bailiff, a clerk, court security, reporters, and spectators, Day and Radda simply sit on their own with a computer.

“All the video stuff I do from court with my robe on,” Day told the Jackson Hole News&Guide in a video interview. “It’s just me.”

Day said that despite the challenges posed by performing his role virtually, it was vital to keep the wheels of justice turning. 

“It is more important than ever during this that people have confidence the justice system is still working,” Day said. “Their rights are being protected, the rule of law is still being followed and it is important we continue to do as many hearings as we can.”

To facilitate the new way of operating, court orders are allowing attorney to e-file documents so they can meet filing deadlines and represent clients without visiting the courthouse in person. 

After a couple of weeks of advising defendants without smart devices or tablets to borrow from their friends or neighbors, the court settled on a different solution. 

“We have purchased a tablet and set up a hotspot in the lobby of the courthouse,” said Day, “It allows people to connect here.”

Head of court security, Teton County Sheriff’s Corporal Mike Crook, said that the tablet is sanitized before and after use and is not handed directly to anyone in adherence to social distancing guidelines.

Categories: Cyber Risk News

#COVID19 Tracking App Tells Untested Aussies They're Infected

Info Security - Tue, 04/28/2020 - 15:34
#COVID19 Tracking App Tells Untested Aussies They're Infected

A COVID-19 tracking app introduced by the Australian government has been informing users who haven't even been tested for the novel coronavirus that they have contracted the bug.

The CovidSafe app went live at 6pm on April 26 and was downloaded a million times on its first night. Australian prime minister Scott Morrison has said that for the voluntary app to be effective at helping to slow the spread of the contagious virus, at least 40% of the country's approximately 25 million people need to adopt it.

By using Bluetooth technology to track users who come within 1.5 meters of people who have tested positive for COVID-19, it is hoped that the app can help ease strict lockdown measures.

However, many Australians who downloaded the app were confronted with a screen informing them that they had tested positive for coronavirus, despite not having been tested for COVID-19. 

After selecting the option to "upload my information," users were shown the message: "You have tested positive for COVID-19. Unless you consent, your contact information will not be uploaded. If you consent, your contact information will be uploaded and shared with State or Territory health officials for contact tracing purposes."

A spokesman for Government Services Minister Stuart Robert said the message was not a flaw in the newly released tracking app. According to Robert, the confusion arose from users' interacting with the app incorrectly. 

"You don't upload if you haven't tested positive, that's the whole point of the app," Robert told Daily Mail Australia.

"You're only supposed to push that button if you've been asked to by a health official if you've tested positive."

Users of the app told the Daily Mail Australia, "Nowhere does it say, 'click if you've been diagnosed with coronavirus' or 'have you tested positive for COVID-19?'"

Since its launch on Sunday, several issues have been reported regarding the CovidSafe app. Noted problems include the failure of the app to recognize the user's phone number, missing confirmation emails, and the cessation of the Bluetooth signal when a cell phone enters low power mode. 

Australia had 6,714 coronavirus cases as of Sunday night, with 83 deaths, 1,086 active cases, and 5,541 patients fully recovered.

Categories: Cyber Risk News

Fortinet Offers Free Cybersecurity Training

Info Security - Tue, 04/28/2020 - 15:30
Fortinet Offers Free Cybersecurity Training

A cybersecurity company is offering free training courses to help keep businesses cyber-safe.

Fortinet has made all its online training programs free for the remainder of 2020 to address the skills gap in the cybersecurity industry, outlined in the 2019 (ISC)2 Cybersecurity Workforce Study. The study found that nearly two-thirds of companies lacked the skilled staff required to operate securely.  

The generous gesture comes as companies around the world have transitioned to remote working to comply with lockdown measures introduced to slow the spread of COVID-19. 

“The current reality has forced many organizations to face rapid change and new risks as they’ve transitioned to remote workforce models. IT teams are under pressure to effectively secure their organizations, in very dynamic environments which require broad security skill sets," said John Maddison, EVP of products and CMO at Fortinet.

“As both a technology company and a learning organization, we are making our entire online, self-paced catalogue of advanced training courses available for free so that any IT professional can expand timely knowledge and skills on-demand as needed to effectively protect their organizations.”

From today, Fortinet's entire catalog of 24 self-paced advanced security courses is free to access. Topics covered by the courses include Secure SD-WAN, public cloud security, and secure access.

The programs are designed to help security professionals expand their playbook while also providing "students and anyone looking to start a career in cybersecurity the opportunity to learn new skills or upskill."

Recorded lab demos for these courses will be available for on-demand viewing and supplemented with regularly scheduled live sessions with Fortinet Certified Trainers. 

The majority of courses are from the official Network Security Expert Institute curriculum. Fortinet established the NSE Institute in 2015, comprised of the NSE training and certification program, the Fortinet Network Security Academy, and the Fortinet Veterans program, to educate the next generation of cybersecurity professionals. 

As part of the program’s free training catalog, Fortinet provides foundational cyber-awareness courses for anyone through levels NSE 1 and NSE 2. In addition, the FortiGate Essentials training was recently added as an additional course for anyone interested in learning how to use firewall policies, user authentication, routing, and SSL VPN.

Categories: Cyber Risk News

Researchers Spot Banking Trojan Using #COVID19 Crisis to Attack Users

Info Security - Tue, 04/28/2020 - 15:00
Researchers Spot Banking Trojan Using #COVID19 Crisis to Attack Users

The banking Trojan Grandoreiro has been taking advantage of the COVID-19 crisis to attack users, an analysis by ESET has shown. The internet security company has found the Trojan hiding in videos on fake websites that promise to provide vital information about the virus. Attempting to play the video leads to the download of a payload on the visitors’ device.

Grandoreiro has been seen operating since 2016, and targets users in Brazil, Mexico, Spain and Peru. It has previously almost exclusively been distributed through email spam, in which the authors utilize a fake Java or Flash update. Through these fake pop-up windows, users are encouraged to give away sensitive information.

Now, Grandoreiro authors are shifting their tactics to target users through COVID-19 scams on fake websites. This coincides with a general shift towards cyber-attacks related to the virus that play on people’s fears as the crisis has developed in recent weeks.

Once a machine is affected, Grandoreiro is able to collect information about it using a variety of techniques. These include manipulating windows, updating itself, capturing keystrokes, simulating mouse and keyboard actions, navigating browsers to chosen URLs, signing out and restarting machines, and blocking access to websites. In some versions, it is also able to steal credentials stored in Google Chrome and data stored in Microsoft Outlook browsers.

The Trojan has also proven to be very difficult for cybersecurity experts to detect and remove.

“For a Latin American banking Trojan, Grandoreiro utilizes a surprisingly large number of tricks to evade detection and emulation. That includes many techniques to detect or even disable banking protection software,” explained ESET researcher Robert Šuman.

“They [the attackers] seem to be developing the banking Trojan very rapidly. Almost every new version we see introduces some changes. We also suspect they are developing at least two variants simultaneously. Interestingly, from a technical point of view, they also utilize a very specific application of the binary padding technique that makes it hard to get rid of the padding while keeping a valid file.”

Categories: Cyber Risk News

Cybersecurity Pros See Roles and Duties Change Due to #COVID19

Info Security - Tue, 04/28/2020 - 13:35
Cybersecurity Pros See Roles and Duties Change Due to #COVID19

A majority of cybersecurity professionals have said that their job functions have changed due to the COVID-19 pandemic, with 90% now working remotely full-time.

According to a survey of 256 cybersecurity professionals by (ISC)2, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. The survey, which was conducted this month, also found that 96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees.

Also, 23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents. Despite this, 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce.

One respondent, who chose to remain anonymous, said: “COVID-19 hit us with all the necessary ingredients to fuel cybercrime” including staff working from home before most organizations were ready, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information.

The survey also asked respondents to share comments about the challenges they face during the pandemic. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office. 

One respondent commented: “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”

Max Vetter, chief cyber-officer at Immersive Labs, said that the news comes as no real surprise. “With workforces transitioning to remote working, security teams have had to contend with a whole new set of problems and threats that many have not had to face before,” he explained.

“This raises the additional complexity of security professionals having to potentially learn new skills or how to handle new situations in a remote environment. This is a new situation for many security teams, and an area that traditional training cannot cover. It is important that teams are able to upskill themselves on the most recent threat data to ensure that they are sufficiently battle-tested if a hacker targets their company’s remote workforce or systems.”

David Grout, CTO for EMEA at FireEye, said: “The survey reports about the number of cyber-attacks doubling since the pandemic began, so the security of an organization’s technologies, applications and firewalls/anti-malware can’t slip despite security teams being spread thinly.

“It will also be important to ensure there is an increased awareness of security measures for the remote workers themselves. In particular, those who have not worked from home before will be unsure about best practices to protect themselves and business information.”

Categories: Cyber Risk News

Moscow’s Fraudsters Sell Fake #COVID19 Travel Passes

Info Security - Tue, 04/28/2020 - 11:00
Moscow’s Fraudsters Sell Fake #COVID19 Travel Passes

Muscovite fraudsters are capitalizing on the city’s COVID-19 lockdown by offering to sell desperate citizens the digital passes they now need to travel around the city.

Singapore-based security vendor Group-IB said it had helped identify 126 websites, Telegram channels and social media accounts peddling the fake passes.

As of April 15, locals have been forced to request a digital permit featuring a QR code in order to travel around the Russian capital using public or personal transport, according to an order issued by mayor Sergei Sobyanin.

However, before the official system for applications was up and running, scammers apparently stepped into the void to offer the passes, charging between $38-$65.

Group-IB said it managed to identify those behind one of the campaigns, which offered passes for Moscow, St Petersburg and Krasnodar.

Using a well-known messaging app to communicate with potential customers, they passed themselves off as law enforcers, and asked for passport or vehicle registration and license plate details.

Unfortunately, once the money was received, they would delete the chat, blacklist the victim and move on to the next target, the vendor explained.

Several arrests have been made in that case, and Group-IB is continuing to work with the Moscow Department of Information Technology on other scam campaigns. It claimed that 78 fraudulent websites, social media accounts and messenger channels have been blocked so far.

“Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to sell fake digital passes,” said Sergey Lupanin, head of cyber-investigations at Group-IB.

“The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.”

Categories: Cyber Risk News

OutSystems Launches Free Online Coding School for UK Developers

Info Security - Tue, 04/28/2020 - 09:45
OutSystems Launches Free Online Coding School for UK Developers

OutSystems, a global leader in low-code application development, has today announced the availability of its online Low-Code School for developers in the UK.

The no-cost Low-Code School, now in its 11th intake and having already trained and certified more than 200 developers across Europe, is open to 20 participants and will run from June 15 until June 26, providing a two-week online training program designed to upskill developers that know traditional coding languages.

According to OutSystems, the training sessions will run on weekdays outside of business hours and will be fully available online due to restrictions of the COVID-19 pandemic

In addition to the training, OutSystems is offering participants free access to its technology certification, which usually costs £145, and will introduce participants to job opportunities within its ecosystem of customers and partners. 

“These are challenging times, but we’ve developed our online program so that someone with a technical background can learn about and be certified on OutSystems during our two-week course,” said Gonçalo Gaiolas, VP of product and community at OutSystems. “This, combined with the number of jobs already available for professionals qualified in our technology, means that developers can upskill and find new opportunities with minimal risk.”

For further details about the OutSystems Low-Code School or to apply for the program, visit https://www.outsystems.com/events/low-code-school/.

Categories: Cyber Risk News

Warwick Uni Under Fire After Reported Breach Cover-Up

Info Security - Tue, 04/28/2020 - 09:15
Warwick Uni Under Fire After Reported Breach Cover-Up

A leading UK university has come under fire after reportedly failing to notify those affected after hackers breached its administrative network last year.

Warwick University, a member of the Russell Group comprising the country’s top 24 universities, suffered the attack when an employee unwittingly installed malware. That reportedly allowed hackers to lift personal information on students, staff and volunteers taking part in research studies.

However, the impact of the incident was compounded because data protection at the university was so poor that the institution couldn’t identify which information had been stolen, according to Sky News.

Registrar and executive lead for data protection, Rachel Sandby-Thomas, apparently took the decision not to inform those whose data was stored on the admin network about the incident. It’s unclear whether regulator the Information Commissioner’s Office (ICO) was told, as the incident would seem to fall under the remit of the GDPR.

However, a voluntary audit of the university by the ICO, published in March, revealed multiple failings of processes and procedures in governance and accountability, security of personal data and training and awareness. The latter category was described as having a “very limited” assurance rating.

The university apparently disbanded the data protection privacy group (DPPG) that Sandby-Thomas chaired after the ICO suggested she be replaced, admitting that she didn’t have the “specialist skill set and experience” needed, according to the news report.

That’s despite the individual having been the executive lead for IT and data protection at the Uni since 2016.

An internal email seen by the news channel also revealed that Sandby-Thomas tried to block the voluntary ICO audit until she was told that the alternative was a “compulsory less friendly one.”

Jake Moore, cybersecurity specialist at ESET, argued that any cover-up of data breach incidents is likely to do more harm than good.

“It is far better to own up to attacks, especially given that constant attacks against organizations from cyber-criminals across the world mean that breaches will inevitably happen,” he added. “Many people are more forgiving now and tend to appreciate when organizations own up at the earliest opportunity and even show where there have been failings.”

Categories: Cyber Risk News

Pages