An Explosive Spyware Report Shows the Limits of iOS Security

Posted on July 24, 2021 by esimantiras

source: wired.com

THE SHADOWY WORLD of private spyware has long caused alarm in cybersecurity circles, as authoritarian governments have repeatedly been caught targeting the smartphones of activists, journalists, and political rivals with malware purchased from unscrupulous brokers. The surveillance tools these companies provide frequently target iOS and Android, which have seemingly been unable to keep up with the threat. But a new report suggests the scale of the problem is far greater than feared—and has placed added pressure on mobile tech makers, particularly Apple, from security researchers seeking remedies.

Continue reading “An Explosive Spyware Report Shows the Limits of iOS Security” →

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

Posted on July 24, 2021 by esimantiras

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

source: threatpost.com

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn.

The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors — however, the Federal Bureau of Investigation’s Cyber Division has issued a chilling warning the Games’ TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that spectators have been barred due to COVID-19 concerns.

“Adversaries could use social-engineering and phishing campaigns in the leadup to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event,” the FBI notification said. “Social-engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks.”

Continue reading “FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics” →

NSA And FBI Blame Russia For Massive ‘Brute Force’ Attacks On Microsoft 365

Posted on July 7, 2021July 8, 2021 by esimantiras

NSA And FBI Blame Russia For Massive ‘Brute Force’ Attacks On Microsoft 365

source: forbes.com

American intelligence and law enforcement agencies have pointed the finger at a Kremlin-backed hacking crew for a two-year campaign to break into Microsoft Office 365 accounts.

The NSA, FBI and DHS, in a joint report with U.K. intelligence, placed the blame for the widespread “brute force” attacks on Fancy Bear, a group best known for its breach of the Democratic National Committee in the lead up to the 2016 Presidential Elections. Brute force attacks see repeated attempts to guess the usernames and passwords for email and cloud accounts.

Continue reading “NSA And FBI Blame Russia For Massive ‘Brute Force’ Attacks On Microsoft 365” →

Largest Password Compilation Of All Time…

Posted on June 25, 2021June 25, 2021 by esimantiras

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

source: cybernews.com

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.

Continue reading “Largest Password Compilation Of All Time…” →

Secretive NSA Opens Doors to New “Collaboration Center”

Posted on June 25, 2021June 25, 2021 by esimantiras

Secretive NSA opens doors to new “collaboration center” as cyberthreats mount

source: cbsnews.com

Fort Meade, Maryland — One of the most notoriously secretive U.S. intelligence agencies has opened a new facility that it hopes, uncharacteristically, will welcome plenty of outside visitors.

While most of the National Security Agency’s (NSA) outposts are closed-off, highly restricted spaces, the agency’s newly launched Cybersecurity Collaboration Center, located a few miles outside its main campus in Fort Meade, Maryland, is meant to serve as a gathering point for government and private sector cybersecurity experts to exchange information about hacking threats from adversaries in real time.

Continue reading “Secretive NSA Opens Doors to New “Collaboration Center”” →

Department of Justice Seizes Ransomware $2.3M

Posted on June 11, 2021June 12, 2021 by esimantiras

Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside

source: justice.gov

WASHINGTON – The Department of Justice today announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million. These funds allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation. The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.

Continue reading “Department of Justice Seizes Ransomware $2.3M” →

Ransomware: A National Security Threat

Posted on June 11, 2021June 10, 2021 by esimantiras

U.S. Suffers Over 7 Ransomware Attacks An Hour. It’s Now A National Security Risk

source: npr.org

The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse.

What was previously seen as a nuisance is fast becoming a national security problem as cybercriminals target key parts of the country’s infrastructure. A recent attack on Colonial Pipeline sparked panic buying that emptied many gas stations across the Southeast, while another attack on JBS raised fears about the domestic beef supply.

Continue reading “Ransomware: A National Security Threat” →

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

Posted on June 11, 2021June 10, 2021 by esimantiras

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

source: thehackernews.com

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally.

Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.

A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol called it the “biggest ever law enforcement operation against encrypted communication.”

Continue reading “Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals” →

Critical Infrastructure Under Attack

Posted on May 28, 2021May 24, 2021 by esimantiras

Critical Infrastructure Under Attack

source: darkreading.com

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.

Critical infrastructure is becoming more dependent on networks of interconnected devices. For example, only a few decades ago, power grids were essentially operational silos. Today, most grids are closely interlinked — regionally, nationally, and internationally as well as with other industrial sectors. And in contrast to discrete cyberattacks on individual companies, a targeted disruption of critical infrastructure can result in extended supply shortages, power blackouts, public disorder, and other serious consequences.

Continue reading “Critical Infrastructure Under Attack” →

Mobile Devices Under Siege by Cyberattackers

Posted on May 28, 2021May 24, 2021 by esimantiras

source: technewsworld.com

Mobile Devices Under Siege by Cyberattackers

Mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. Cyberattackers are deliberately targeting phones, tablets, and Chromebooks to increase their odds of finding a vulnerable entry point.

A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets, according to a new Lookout research team report released May 6.

The Financial Services Threat Report disclosed that almost half of all phishing attempts tried to steal corporate login credentials. Other findings include that some 20 percent of mobile banking customers had a trojanized app on their devices when trying to sign into their personal mobile banking account.

Despite a 50 percent increase in mobile device management (MDM) adoption from 2019 to 2020, average quarterly exposure to phishing rose by 125 percent. Malware and app risk exposure increased by over 400 percent.

Seven months after the release of iOS 14 and Android 11, 21 percent of iOS devices were still on iOS 13 or earlier, and 32 percent of Android devices were still on Android 9 or earlier. That delay of users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organization’s infrastructure and steal data, according to the report.

Continue reading “Mobile Devices Under Siege by Cyberattackers” →