Category: Infosec

Was YOUR SSN Included In This Hack?

Posted on by esimantiras

Check if Your Social Security Number Is Included in the National Public Data Hack

source: cnet.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Check if your Social Security number was stolen in the massive data theft and what to do to secure your personal information.

If your Social Security number or other personal information was stolen in the December 2023 National Public Data breach, you can take steps to protect yourself. Here’s how. A reported 2.7 millionto 2.9 billion records from 170 million people were stolen, including full names and phone numbers along with Social Security numbers. 

According to an August statement from National Public Data — a data broker that sells personal information to private investigators, consumer public record sites, human resources and staffing agencies — “a third-party bad actor” hacked into the data and leaked the stolen information on the dark web. National Public Data obtained the information by scraping nonpublic sources without consent, according to a proposed class action lawsuit. A House of Representatives committee has opened an investigation in response.

Here are steps you can take to see if your information was stolen and then what to do if your Social Security number and other personal data were leaked in the massive data hack. For more information, here are the best identity theft protection services and how to freeze your credit. For more on Social Security, here’s when to expect your Social Security check to arrive this month and four ways you can lose your Social Security benefits.

How was my personal information stolen in the National Public Data hack?

National Public Data said it obtains personal information from public record databases, court records, state and national databases and other repositories nationwide.

According to a National Public Data statement in August, “The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.” Continue reading “Was YOUR SSN Included In This Hack?”

Safeguarding Secrets From Quantum Spying

Posted on by esimantiras

Safeguarding Secrets From Quantum Spying

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

The National Institute of Standards and Technology has released its highly anticipated standards for protecting encrypted data from future quantum technologies.

Why it matters: China and other foreign foes are likely already collecting encrypted U.S. secrets with the hopes of breaking into them once quantum computing technology catches up.

What’s happening: NIST this week formally approved three post-quantum cryptography standards, marking an important first step in protecting government and critical services from encryption-breaking quantum.

  • IBM researchers developed two of the three standards in collaboration with industry and academic partners.
  • The third standard was developed by a researcher who has since joined IBM.
  • Apple, Meta, Google and some other companies are already implementing these standards.

What’s next: These standards will serve as a blueprint for governments and private-sector organizations around the world.

Go deeper.

How Telegram Became a Destination for Criminals

Posted on by esimantiras

How Telegram Became a Destination for Criminals

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

Telegram has long been a hotbed for cybercriminal gangs boasting about their attacks and looking to recruit new members.

Why it matters: Billionaire Telegram CEO Pavel Durov’s arrest over the weekend has put a spotlight on what policies Telegram does — and doesn’t — have to deter cybercriminals and extremist groups who use its platform.

The big picture: Telegram’s relaxed content moderation policies and encrypted service offerings have made it an attractive destination for cybercriminals, terrorism organizations and drug dealers.

  • Terrorist organizations, including ISIS, have used Telegram to publicly claim responsibility for attacks.
  • Politically motivated hackers — including those tied to the war in Ukraine and the Israel-Hamas war — also post about their crimes in public Telegram forums.

Experts say Telegram has unique features that — taken in combination — hackers have been able to abuse in an effort to hide their activities.

  • Secret Chats allows users to turn on end-to-end encryption.
  • That means Telegram has no way of seeing what’s discussed in Secret Chat conversations. Users also can’t forward these messages, which can self-destruct — making it even harder for third parties to intercept their contents.
  • Apple Messages and WhatsApp messages are also encrypted by default, but neither allows users to sign up with a virtual phone number.
  • Telegram accounts don’t need to be linked to a SIM card, Taisiia Garkava, an intelligence analyst at Intel 471, told Axios.

Continue reading “How Telegram Became a Destination for Criminals”

Mysterious Hack Destroyed 600,000 Internet Routers

Posted on by esimantiras

Mysterious Hack Destroyed 600,000 Internet Routers

source: wired.com  |  image: pixabay.com

 

If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

Continue reading “Mysterious Hack Destroyed 600,000 Internet Routers”

NSA Warns iPhone And Android Users To Turn It Off And On Again

Posted on by esimantiras

NSA Warns iPhone And Android Users To Turn It Off And On Again

source: Forbes.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Updated Saturday, June 1: This article has been updated to include clarifcation around the safety of using public Wi-Fi networks and additional advice from the NCSC and FCC.

Although some people might worry about the National Security Agency itself spying on their phones, the NSA has some sage advice for iPhone and android users concerned about zero-click exploits and the like: turn it off and on again once per week.

How often do you turn off your iPhone or android device? Completely turn it off and then reboot it, rather than just going into standby mode, that is. I suspect that the answer for many people is only when a security or operating system update requires it. That, according to the NSA, could be a big mistake.

Users can mitigate the threat of spear-phishing, which can lead to the installation of yet more malware and spyware, by the same simple action. However, the NSA document does warn that the turn it off and on again advice will only sometimes prevent these attacks from being successful. Continue reading “NSA Warns iPhone And Android Users To Turn It Off And On Again”

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Posted on by esimantiras

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

source: technewsworld.com | image: pexels.com

 

Brute force cracking of passwords takes longer now than in the past, but the good news is not a cause for celebration, according to the latest annual audit of password cracking times released Tuesday by Hive Systems.

Depending on the length of the password and its composition — the mix of numbers, letters, and special characters — a password can be cracked instantly or take half a dozen eons to decipher.

For example, four-, five-, or six-number-only passwords can be cracked instantly with today’s computers, while an 18-character password consisting of numbers, upper- and lower-case letters, and symbols would take 19 quintillion years to break.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms — like bcrypt — for encrypting passwords in databases. Now, that same 11-character password takes 10 hours to crack.

Continue reading “Brute Force Password Cracking Takes Longer, But Celebration May Be Premature”

Apple Sued Over AirTags Privacy: Everything to Know

Posted on by esimantiras

Apple Sued Over AirTags Privacy: Everything to Know

source: cnet.com  |  image: pexels.com

AirTags digital trackers have raised privacy concerns since the beginning. But now, a lawsuit claims Apple didn’t implement sufficient safeguards.

A class-action lawsuit against Apple alleges the tech giant didn’t sufficiently resolve privacy issues raised by its AirTag digital tracking devices, leading to unwanted stalking and abuse.

The lawsuit, which was filed last year and given court approval to proceed earlier this month, says plaintiffs suffered “substantial” injuries from people who abused Apple’s $29 Bluetooth tracker in ways the company didn’t sufficiently work to address.

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

Cybersecurity Threats in Global Satellite Internet

Posted on by esimantiras

Cybersecurity Threats in Global Satellite Internet

 

 

source: cyberdefensemagazine.com  |  image:  pixabay.com

 

Internet via satellite was first used for military purposes in the 1960s and became available for wide-scale commercial use in the 1990s. Current satellite internet systems typically use low-orbit satellites and provide data transmission at low speeds due to limited bandwidth. Starlink, on the other hand, is a project developed by Elon Musk’s SpaceX company and aims to provide a faster, more reliable and more comprehensive internet experience with low latency and high bandwidth through a high number of low orbit satellites.

The surge in satellite internet usage has opened up a new frontier for cybersecurity threats, ranging from sophisticated hacking attempts to disruptive denial-of-service attacks.

Continue reading “Cybersecurity Threats in Global Satellite Internet”

NSA shares zero-trust guidance to limit adversaries on the network

Posted on by esimantiras

NSA shares zero-trust guidance to limit adversaries on the network

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: nsa.gov

 

The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles.

A zero-trust security architecture requires strict controls for accessing resources on the network, be they inside or outside the physical perimeter, to minimize the impact of a breach.

Compared to the traditional IT security model, which presumes that everything and everyone on the network is trusted, the zero-trust design assumes that a threat already exists and does not allow free rein inside the network. 

Continue reading “NSA shares zero-trust guidance to limit adversaries on the network”