Tag: data leak
Cybercriminals pose as law enforcement agencies
The US Federal Bureau of Investigation (FBI) has issued an urgent warning to business and law enforcement agencies that cybercriminals are using genuine stolen US and foreign government email addresses to hack into companies. As of August this year, the FBI has observed an increase in posts on criminal forums relating to fraudulent emergency data requests. In August 2024, a cyber-criminal known to the FBI offered for sale, “High Quality .gov emails for espionage/social engineering/data extortion requests, etc”, that included official US credentials. The cyber-criminals also offered to guide buyers through emergency data requests and to sell real stolen subpoena documents to allow the buyer(s) to pose as law enforcement officers.
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
The Chinese Communist Party is watching you
Research conducted by Which, the consumer watchdog magazine, has confirmed something the smartphone industry has known for years: Chinese electronic products are routinely used to spy on citizens in countries like the US and the UK. The latest suspects, domestic air fryers, join a long list of products the Chinese are accused of having used to spy on the West, which already ranges from smart watches to automobiles. Which analyzed three air fryers sold in the UK and found that Aigostar, Xiaomi Mi Smart, and Cosori CAF-LI401S knew their customers' precise locations and demanded permission to listen in on users' conversations. The Aigostar air fryer even wanted to know the user's gender and date of birth when setting up an account. Disturbingly, both the Aigostar and Xiaomi air fryers are reported to have sent personal data to servers in China.
The root of the problem for dentists
In an exclusive interview with Cyber Intelligence, Tom Terrenez, the chief executive of Medix Dental IT, describes the cyber-threats currently overwhelming many US dental practices. His warnings concerning data can be equally applied to doctors’ surgeries, upmarket beauticians and hairdressers, and other small businesses that provide personal services.
US is top target for mobile cybercrime
The US is the top target for cyber-attacks focusing on mobile devices and those connected by the Internet of Things (IoT) plus the operational technology (OT) systems than run facilities such as power plants. According to cybersecurity firm Zscaler’s ThreatLabz 2024 Mobile, IoT, and OT Threat Report, mobile remains a top threat vector, with 111% growth in spyware and 29% growth in banking malware. Technology (18 percent), education (18 percent) and manufacturing (14 percent) continue to be the sectors most targeted by mobile malware. The education sector saw the most dramatic rise in blocked transactions, with a 136 percent increase on the previous year.
Chinese phisher steals top US military secrets
This week, the US Department of Justice (DOJ) announced criminal charges against a Chinese national, Song Wu, accused of wire fraud and aggravated identity theft in an effort to obtain National Aeronautics and Space Administration (NASA) computer software and source code. The DOJ has now revealed that the specialized software allegedly stolen by Song could be used by potentially hostile enemies to attack the US. According to the DOJ, the stolen software could be used for “industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”
Sharp rise in blindside cyber-attacks
More than one in five cybersecurity professionals report having had a cyber hit requiring immediate attention despite having threat-based detection and response security measures in place. According to a survey conducted by cybersecurity firm Criticalstart, 2024 Cyber Risk Landscape Peer Report, 2023’s figure of 83 percent represents a 21 percent increase from 2023. Criticalstart also reports a sharp rise in the cost of data breaches. The average cost of a data breach reached an all-time high of $4.45 million in 2023 - a 15 percent increase over the past three years. Organizations with under 500 employees reported an average breach-impact increase from $2.92 million to $3.31 million—a rise of 13.4%.
Exclusive: CrowdStrike crash is only the beginning…
The famous “blue screen of death,” witnessed with horror by 8.5 million Microsoft Windows users worldwide as a result of the ongoing CrowdStrike outage, may soon become a far more familiar sight across a wide range of sectors. While there is no evidence that the widespread Microsoft Windows outage caused by the CrowdStrike upgrade was anything but accidental, many in the cybersecurity industry are seeing the past week’s experience as a dummy run for a full-fledged cyber-attack aimed at crippling critical infrastructure. As the current media pictures of people sleeping in airports testify, some sectors appear to be faring better than others.
US Data Compromises Double Year-on-Year
It's official – the US is losing the battle against cybercrime. The first quarter of this year has seen 841 publicly reported data compromises - a 90 percent increase compared to 442 compromises in Q1 2023. According to the Identity Theft Resource Center (ITRC), the picture may be even grimmer than these bald statistics suggest. Year-on-year, the number of cyberattack-related data breach notices without information about the root cause of the attack leapt from 166 in Q1 2023 to 439 in Q1 2024. This represents a staggering rise of 265 percent in unsolved data breaches.
Rise in Tax-Related Phishing Scams Detected – March 22nd
Microsoft's Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data. These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
Security Flaws Found in ChatGPT Plugins – March 15th
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts. Leveraging security gaps in ChatGPT plugins' large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
27,000 Private Data Stolen from Stanford Ransomware Attack – March 12th
Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack. The University also disclosed that only one system was breached, namely the "Department of Public Safety" network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver's license numbers.