Child Tweets Gibberish from U.S. Nuke Account

source: threatpost.com

 

Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away.

A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday.

The tweets were met with alarm since @USSTRATCOM controls the launch codes for the country’s nuclear arsenal. Mikael Thalen, a reporter with the Daily Dot, decided to file a Freedom of Information Act (FOIA) request to get answers.

“Filed a FOIA request with U.S. Strategic Command to see if I could learn anything about their gibberish tweet yesterday,” Thalen wrote. “Turns out their Twitter manager left his computer unattended, resulting in his ‘very young child’ commandeering the keyboard.”

USSTRATCOM stressed, according to Thalen, the post was not the result of a breach.

Continue reading “Child Tweets Gibberish from U.S. Nuke Account”

source: cbsnews.com

What is an NFT? The Trendy Blockchain Technology Explained

n early March, a tech company bought a piece of art worth $95,000. Then the executives lit it on fire. At the end of the spectacle, which was shared live on the internet, the group unveiled a copy of the art, this time in digital form. The creation, by elusive British artist Banksy, was called “Morons (White).”

As for the digital format, it’s getting more hype than the painting and the burning put together. It’s a rising type of technology called a non-fungible token, or NFT. Think of an NFT as a unique proof of ownership over something you can’t usually hold in your hand — a piece of digital art, a digital coupon, maybe a video clip. Like the digital art itself, you can’t really hold an NFT in your hand, either — it’s a one-of-a-kind piece of code, stored and protected on a shared public exchange. 

Continue reading “What is an NFT? The Trendy Blockchain Technology Explained”

Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report

source: technewsworld.com

The most vulnerable cybercrime victims are young adults and adults over 75, according to the latest research revealed in the LexisNexis Risk Solutions biannual Cybercrime Report.

Released Feb. 23, the report tracks global cybercrime activity from July 2020 through December 2020. The report reveals how unprecedented global change in 2020 created new opportunities for cybercriminals around the world, particularly as they targeted new users of online channels.

LexisNexis’ research found a 29 percent growth in global transaction volume compared to the second half of 2019. This growth came in the financial services (29 percent), e-commerce (38 percent) and media (9 percent) sectors. The number of human-initiated attacks dropped in 2020 by roughly 184 million, while the number of bot attacks grew by 100 million.

Continue reading “Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report”

Maza Russian Cybercriminal Forum Suffers Data Breach

source: zdnet.com


The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. 

On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. 

Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more. 

Once the forum was compromised, the attackers who took the forum over posted a warning message claiming “Your data has been leaked / This forum has been hacked.”

Continue reading “Maza Russian Cybercriminal Forum Suffers Data Breach”

What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

source: securitymagazine.com

A quick “work from home new normal” search on Google will return results somewhere in the ballpark of 2 billion. On the other hand, searches for “cybersecurity risks work from home” result in far less—around 32 million. While that may seem like a lot of coverage on any scale, it reflects the chasm between what we focus on and what we understand about this new environment as we begin 2021.

By now, most companies recognize there is no turning back the hands of time to the way it was before the pandemic. The digital transformation is not just upon us but part of life moving forward. That’s likely to mean digital or hybrid workforces, digital currency and digital content, all of which can be hacked, causing significant damage to enterprises and employees alike. And while cybersecurity has been a concern for as long as the Internet became a staple of life, the difference now is that instead of organizations considering a strong culture of cybersecurity “nice to have,” it is a necessity—regardless of where workers are located.

Continue reading “What You Cannot See You Cannot Secure”

How Email Attacks are Evolving in 2021

source:  threatpost.com


The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise (BEC) attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari.

These type of attacks don’t garner the same attention as high-profile hacks, he said. Why? Because BEC attacks are simple – yet potent. Instead of having to develop malware or complex attack chains, all attackers need to do is send an email – usually mimicking a coworker’s email account or using a compromised account –  and con victims to wire transfer money, for example. But the fallout from these types of attacks are devastating.

Continue reading “How Email Attacks are Evolving in 2021”

Netlab, the networking security division of Chinese security firm Qihoo 360, said it had discovered a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet, according to a ZDNetreport. 

The botnet, Matryosh, is going after Android devices that have left their ADB debug interface exposed on the internet. Netlab says Matryosh is a ADB-targeting botnet, using the Tor network to hide its command and control servers. The encryption algorithm implemented in this botnet and the process of obtaining C2 are nested in layers, “like Russian nesting dolls,” why is why Netlabnamed it Matryosh. 

Commenting on the news, Burak Agca, Engineer at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, “The key feature of this attack is the exploitation of ADB, a long standing Android feature that’s meant to provide developers a simple method to communicate with, and remotely control devices. ADB allows anyone to connect to a device, install apps and execute commands, without authentication.

Continue reading “New Matryosh Botnet Targeting Android Devices”

Photo by ThisIsEngineering from Pexels

Breach Data Shows Attackers Switched Gears in 2020

source:  darkreading.com

Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.

The number of data breaches declined by half last year — to less than 4,000 events — yet the number of leaked records more than doubled, as did the number of breaches that included a ransomware component, according to an annual analysis of breach events by Risk Based Security.

The diverging trends suggests that attackers are focusing more on ransomware, which is often not reported as a data breach if information is not exfiltrated. In addition, more than 80% of the at-risk records came from five events caused by misconfigured databases, suggesting that consolidation in the cloud may have led to more severe, if less frequent, data breaches.

 

Continue reading “Breach Data Shows Attackers Switched Gears in 2020”

Data Leak Exposes Details of Two Million Chinese Communist Party Members

source: infosecurity-magazine.com

Sensitive data of around two million members of the Communist Party of China (CPC) have been leaked, highlighting their positions in major organizations, including government agencies, throughout the world.

According to reports from The Australian newspaper, featured in the Economic Times, the information includes official records such as party position, birthdate, national ID number and ethnicity. It revealed that members of China’s ruling party hold prominent positions in some of the world’s biggest companies, including in pharmaceutical giants involved in the development of COVID-19 vaccines like Pfizer and financial institutions such as HSBC.

The investigation by The Australian centred around the data leak, which was extracted from a Shanghai server in 2016 by Chinese dissidents.

It noted that CPC members are employed as senior political and government affairs specialists in at least 10 consulates, including the US, UK and Australia, in the eastern Chinese metropolis Shanghai. The paper added that many other members hold positions inside universities and government agencies.

The report emphasized there is no evidence that spying for the Chinese government or other forms of cyber-espionage have taken place.

image - china tech

 

 

Beulah Graves

Product Management

In her report, The Australian journalist and Sky News host Sharri Markson commented: “What’s amazing about this database is not just that it exposes people who are members of the Communist Party, and who are now living and working all over the world, from Australia to the US to the UK, but it’s amazing because it lifts the lid on how the party operates under President and Chairman Xi Jinping.

“It is also going to embarrass some global companies who appear to have no plan in place to protect their intellectual property from theft, from economic espionage.”

In September, the Cybersecurity and Infrastructure Security Agency (CISA) and the US Department of Justice issued a joint advisory warning US government agencies and private sector companies to be on high alert for cyber-attacks by threat actors affiliated with the Chinese Ministry of State Security (MSS).

Jane May

Photographer

 

image - hacking

Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack

source:  nytimes.com

The broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected only a few weeks ago, is among the greatest intelligence failures of modern times.

 

WASHINGTON — Over the past few years, the United States government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Md., for United States Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.

It now is clear that the broad Russian espionage attack on the United States government and private companies, underway since spring and detected by the private sector only a few weeks ago, ranks among the greatest intelligence failures of modern times.

Einstein missed it — because the Russian hackers brilliantly designed their attack to avoid setting it off. The National Security Agency and the Department of Homeland Security were looking elsewhere, understandably focused on protecting the 2020 election.

The new American strategy of “defend forward” — essentially, putting American “beacons” into the networks of its adversaries that would warn of oncoming attacks and provide a platform for counterstrikes — provided little to no deterrence for the Russians, who have upped their game significantly since the 1990s, when they launched an attack on the Defense Department called Moonlight Maze.

Something else has not changed, either: an allergy inside the United States government to coming clean on what happened.

Continue reading “Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack”