It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

So far it is unknown who may be behind the attack. The hackers originally targeted an external company in Switzerland, which is contracted to store the ICRC’s data. Currently there is no evidence that the sensitive data has been released to public domain. The most pressing concern, however, is the potential risk that comes with this breach. Particularly, any confidential information being shared on the internet, as the data in question belongs to individuals whom the Red Cross and Red Crescent network seeks to protect.

Brian Higgins, security specialist at Comparitech commented: “Egregious attacks such as this are unfortunately becoming an occupational hazard for charity and relief organisations as the vital nature of the data they possess coupled with the extreme vulnerability of the individuals to whom it relates provides a highly attractive target for certain groups of cyber criminals.In the absence of any clear idea of motivation at this stage the Red Cross are clearly doing everything they reasonably can to respond but I’m sure more information will soon come to light. It’s a sad yet sobering fact that network security is becoming more and more difficult as third party and supply chain organisations are vital elements of doing business in any sector, but it is almost impossible to implement consistent security protocols and defences across an entire enterprise. Attackers will always find a weak link in the chain and exploit it. Now that this highly sensitive, humanitarian stolen data is in the wild one can only support the Red Cross Director General in his call.

The post Red Cross Hack exposes data of 515,000 appeared first on IT Security Guru.

A new scam website has been impersonating Nintendo’s official website, pretending to sell discounted Nintendo Switch consoles. Last week, the Japanese video game company warned customers to be wary of the scam.  Nintendo rarely warns customers of such issues, so it has been said that this gives insight into the severity of the scams.

On Friday, Nintendo tweeted, “We have confirmed the existence of a fake website that impersonates Nintendo’s homepage”. Nintendo has said that scammers have replicated their logo to trick customers into believing the website is an official Nintendo page, advertising discounts on what have been speculated to be counterfeit products.

Nintendo has warned customers of the risks of using counterfeit websites, stating, “Purchasing products on fake sites may result in fraudulent damage such as unauthorized acquisition of personal information. Please be careful not to mistake it for our website, and do not purchase products from fake websites.”

The post Spoof Nintendo sites advertising discounted Switch consoles appeared first on IT Security Guru.

In Q4 of 2021, DHL was threat actors’ preferred brand to imitate when launching phishing campaigns. This pushed Microsoft into second place and Google into fourth. These findings were unsurprising as the last three months of the year include holidays such as Black Friday, Cyber Monday and Christmas; holidays that hackers frequently exploit as victims let their guard down. As these holidays see an increase in online purchases and package deliveries, scams impersonating the international package delivery and express mail service have a higher chance of success.

Typical scam emails used tactics such as claiming a package is stuck at customs and requires special action for clearance as well as fake parcel tracking links.

The post DHL most imitated brand in phishing scams appeared first on IT Security Guru.

Eight people have been charged by Moscow court for their alleged involvement in the REvil ransomware gang, Russian News Agency (TASS) reported. The arrests were made as part of a larger raid on Friday across 25 locations in Moscow, St. Petersburg and Lipetsk. The men were charged on Saturday with violating Part 2 of Article 187 of Russia’s Criminal Code, referring to the “illegal circulation of payments.” As a result, they are facing up to seven years in prison along with a fine of approximately $13,150.

The FSB stated it went ahead with the raid after receiving information about the ransomware group’s alleged leader and other members from US authorities. During these raids, the Russian Federal Security Service seized 20 luxury cards, 426 million rubles, $600,000 and Є500,000.

The post Alleged REvil hackers charged in court appeared first on IT Security Guru.

Researchers at Broadband Genie have found that millions of Wi-Fi routers in the UK are left vulnerable to threats because their owners don’t take the basic security measures to protect them. Broadband Genie surveyed 1,320 broadband users, with 88% stating that they have never updated their Wi-Fi router’s firmware, while 84% have never even bothered changing the router’s admin password.

When asked why they were not taking these precautions, 73% revealed that they simply didn’t understand why they would need to do so, while 20% admitted that they didn’t know how to.

Editor of Broadband Genie, Matt Powell, said: “In 2018, we ran a similar study that found 52% had never modified their router’s default settings. It’s disappointing to see this number has barely shifted. Most concerning is the very high percentage of UK broadband subscribers who don’t even know why they should be making any of these changes.”

The post Millions of UK Wi-Fi routers are vulnerable to security threats appeared first on IT Security Guru.

A London-based cyber fraudster who targeted 670 women, including one who was terminally ill, has been arrested by UK police and pleaded guilty to fraud and money laundering charges. Taking more than £20,000 from his marks, Osagie Aigbonohan operated out of a flat in Abbey Wood, London.

Police arrested Aigbonohan in July 2021 after he was found with a fake driving licence and overstaying his visa in the UK for two years. “Romance fraud is a particularly callous offense, involving exploitation of an individual’s emotional needs and caring qualities, to extract money from them. People should be particularly vigilant over the coming month as we head towards Valentine’s Day and more people seek a partner,” warned James Lewis of the Crown Prosecution Service (CPS).

The post Romance Fraudster who Targeted more than 650 Victims has been Convicted for Two Years appeared first on IT Security Guru.

The Federal Communications Commission (FCC) has called for more in-depth requirements for data breach reporting in the telecommunications industry. The proposal follows the recent increase of attacks seen in the telecommunications sector. The proposal was shared on Wednesday by the Chairwoman of the FCC, Jessica Rosenworcel, in a Notice of Proposed Rulemaking (NPRM). The proposal outlined that the first step the FCC intends to take will be to change the rules for alerting customers and federal agencies about a breach.

Chairwoman Jessica Rosenworcel said in the statement, “current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information. But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information. I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

The proposal also went on to outline several other changes which include: “Eliminating the current seven business day mandatory waiting period for notifying customers of a breach; Expanding customer protections by requiring notification of inadvertent breaches; and Requiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service.”

The post The FCC propose new rules for data breach reporting appeared first on IT Security Guru.

Over a dozen Ukrainian government website have been down since Friday, following a cyber-attack that also targeted the embassies. Among the embassies impacted were the UK, US and Sweden, as well as the foreign and education ministries. It is still unclear who is behind the attack. Before the website went down a message appeared on the screens of those affected with a warning that said “prepare for the worst.” A spokesperson has said previous cyber-attacks had originated from Russia, who has not yet provided a comment.

It has been confirmed that as of now no personal data has been leaked, and no content has been changed. Foreign policy chief, Josep Borrell has stated that the EU’s resources are all going toward helping Ukraine deal with this incident.

The post Ukrainian government targeted in cyberattack appeared first on IT Security Guru.

The post Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector appeared first on IT Security Guru.

Later this week, EU governments will be staging a large-scale cyberattack against multiple of the member states. The attacks will specifically target supply chains and will aim to push governments to coordinate public communications and a diplomatic response. This exercise will last around six weeks and its purpose is to test Europe’s stress resilience, strengthen government preparedness and cooperation and improve the overall joint response to such incidents. This simulation comes amid growing anxiety surrounding Russia’s plans in the Ukraine, especially after the SolarWinds Corp. hack was tied back to possible Russian intelligence.

While the EU already has appropriate tools to respond to cyber aggression, it has yet to develop a framework to coordinate a joint response between the member states.

The post EU to launch Cyberattack simulations on supply chains appeared first on IT Security Guru.

Recently, it has been revealed that several EA Sports accounts were compromised by hackers via phishing techniques. The threat-actors exploited EA’s live chat, targeting high-profile players for account takeover. The attackers utilised social engineering methods, exploiting errors within the customer experience team and using this to bypass two-factor authentication.

As a result, EA has released their strategy on how to prevent similar issues going forward and better secure player accounts. The steps are outlined below:

• All EA Advisors and individuals who assist with service of EA Accounts are receiving individualised re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance.
• We are implementing additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests. 
• Our customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.

The post Several EA accounts compromised by phishing mails appeared first on IT Security Guru.

London, UK, January 11, 2022 – Kiteworks, which governs and protects sensitive digital content moving within, into, and out of global enterprises, announced today that Kiteworks and totemo, the leading email encryption gateway provider used by hundreds of the largest multinational enterprises in the German, Austrian, and Swiss markets, have joined forces. Integration of totemo’s email encryption gateway technology into the Kiteworks platform will deliver the most comprehensive private content communications governance, compliance, and risk protection in the global market.

Kiteworks empowers organizations to manage risk and ensure compliance effectively and efficiently of every send, share, receive, and save of sensitive content. The Kiteworks platform accomplishes this by unifying, tracking, controlling, and securing all sensitive digital content communications sent through the platform via email, file share, managed file transfer, web forms, and application programming interfaces (APIs). 

The union of Kiteworks and totemo extends coverage of the email capability of the Kiteworks platform from user or plug-in activation within the platform into the mail client natively. This provides automatic coverage of all sensitive digital content sent and received via email. Additionally, as totemo’s technology is integrated into the Kiteworks platform in coming months, email content metadata on users, apps, devices, networks, protocols, and files will be centrally ingested and normalized. This unified intelligence will enable organizations to implement centralized and comprehensive tracking and controls to greatly reduce the risk of exposure of private information and more effectively meet regulatory compliance requirements. Enterprises that leverage this integrated intelligence will expand and improve their overall cyber-defense strategy—expanding privacy protection and compliance beyond data center, cloud, and wide area network (WAN) perimeters into third-party sensitive content communications. 

“The merging of totemo with Kiteworks automates and extends our platform’s email encryption with S/MIME, OpenPGP, and TLS standards,” said Jonathan Yaron, Chairman and Chief Executive Officer of Kiteworks. “And the integration of the metadata from totemo’s technology into the Kiteworks platform further enhances the visibility of senior management around the tracking and control of digital content as it moves into and out of the corporate network via email—all without jeopardizing the privacy of the content itself. The joining of Kiteworks and totemo creates a winning combination for real-time security, tracking, and control of sensitive content communications that enterprises need for compliance and risk management.” 

This announcement comes at a critical time when sensitive information like personally identifiable information (PII), protected health information (PHI), and intellectual property (IP) are targeted more than ever before by criminal syndicates and nation states for ransom, fraud, competitive advantage, and other nefarious purposes. Organizations must do more to protect their sensitive information, and this transaction gives them the tools they need—ensuring that all email communications are secure, tracked, and controlled.  

“The combination of Kiteworks and totemo presents a great opportunity to expand the reach of totemo’s email encryption use cases further into other markets and provide a much more comprehensive set of sensitive content tracking and control capabilities to totemo’s extensive customer base, including those in the Swiss, German, and Austrian markets,” said totemo’s Cofounder and CEO Dario Perfettibile. totemo’s Cofounder and CTO Marcel Mock also said, “The merger also bolsters our ability to deliver continuous, 24×7 support to our customers by integrating our operations into Kiteworks Customer Support organization while concurrently keeping our European support that our customers value.” Both Perfettibile and Mock are now members of Kiteworks’ executive team.

As part of the merging of the two companies, totemo’s offices in Zurich will become the EMEA headquarters for Kiteworks.

For more information on this announcement, visit Kiteworks.com.

About Kiteworks

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To this end, we created a platform that delivers content governance, compliance, and protection to customers. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

About totemo

totemo offers solutions for the secure exchange of business information. totemo protects email communication and file transfer through encryption, placing special emphasis on maximum user-friendliness—naturally also on mobile devices. The patented and FIPS 140-2-validated totemo security platform enables seamless and quick integration into any existing IT infrastructure. Around the world, more than 3.8 million users in 1,800 companies and organizations across all industries, including major corporations, rely on totemo’s security solutions. Founded in 2001, the company has its headquarters at Zurich Airport and an office in Sofia, Bulgaria.

The post KITEWORKS AND TOTEMO JOIN FORCES TO DELIVER MOST COMPREHENSIVE PRIVATE CONTENT COMMUNICATIONS PLATFORM appeared first on IT Security Guru.

New data has found that the number of global weekly cyberattacks has reached the highest record to date. The data has shown that there were 925 attempts per organization in Q4 2021. The data also revealed that the number of attempted attacks has been on a steady increase since Q2 2020, having seen 50% more attacks per week on corporate networks in 2021 in comparison to 2020.

The data from CheckPoint was gathered from millions of global sensors across endpoints, mobiles, and networks, collecting valuable data from a number of industries. For instance, the findings showed that both the research and education sector witnessed the highest amount of attacks in 2021, with an average of 1605 attacks every week, per organization. This was a 75% increase compared to 2020. Military and government attacks followed closely, with 1136 attacks, while the communications sector experience 1079 in 2021.

George Papamargaritis, MSS Director, Obrela Security Industries said, “it is no surprise that we have continued to see a rise in cyber-attacks throughout 2021. Cybercriminals have used the pandemic to prey on victims when they are most vulnerable, and unfortunately, many businesses were unprepared for the uncertainty brought about by the global pandemic. What this data does show is that organisations today must stop seeing cyber attacks simply as a technical nuisance when they are much more than that. They are a reality.”

Peter Draper, director of EMEA, Gurucul said, “it is interesting that the Education and Research sector has been hit hardest, probably skewed due to COVID and attacks trying to gather information regarding treatments and vaccinations. We have also seen a dramatic shift in the attackers who are now targeting individuals to great effect, not just enterprises. Attackers are starting to find greater success in these low-level attacks, such as targetting employees who may not follow the correct protocol with private or corporately sensitive information. Cyber security teams need to be looking at new ways of working, as the old ways are obviously not working well.”

The post Cyber attacks on corporations hit record breaking highs appeared first on IT Security Guru.

Today marks National Human Trafficking Awareness Day. While predominately recognised in the US, it is for sure a global issue that banks can help address with the right technology and training, according to Brian Ferro, director of AML at Feedzai and certified anti-money laundering specialist.

More than 40 million people are trapped in modern-day slavery, according to the latest data from the International Labour Organization. This figure includes almost 25 million people roped into forced labour and more than 15 million pressured into forced marriages. UNODC’s research found the number of children who fall victim to trafficking has tripled in the past 15 years, with the percentage of boys trafficked increasing fivefold in the same period. And that’s just the tip of a very disturbing iceberg. There are signs that, with the number of people being out of work and school due to the pandemic, trafficking is only poised to get worse.

Ferro notes that banks and FIs can play a significant role in thwarting human trafficking and saving victims by embracing strong anti-money laundering practices. By acting as financial gatekeepers, FIs can stop the flow of illegal money into the financial system, alert authorities to investigate potential human trafficking crimes.

He offered some guidance for banks and FIs looking to make a positive impact on real people’s lives by countering human trafficking:

Use Visual Link Analysis to Be a Champion for Humanity

Technology has made it easier for criminals to profit from human trafficking. Technologies like remote onboarding and person-to-person transfers make it easier than ever for these bad actors to move money and evade detection. But banks can also use technology to uncover patterns linked to money laundering and disrupt traffickers’ networks. It’s also important for banks not to think of this as a cost function. If your bank’s efforts are only successful in rescuing even one victim from others’ control or exploitation, the surveillance investment is worth every dollar. Efforts like these will position banks and their people as champions of humankind.

Train Bank Staff to be Alert for Human Trafficking

Bank staff are usually on the front lines of anti-trafficking efforts. Banks should invest in training their tellers to understand and respond to signs that someone might be in danger or possibly a victim of trafficking. An older man accompanied by several scared-looking younger women could be signs of trouble, for instance. Many banks have trained their staff to look for signs of similar crimes (like elder abuse) and offered a trafficking hotline to report them. Many trafficking hotlines allow staff to make anonymous reports that can be used to open investigations. Empowering front line staff with the training and tools can help them look out for customers’ (and people as a whole) best interests.

Work with Law Enforcement 

Banks should already have open lines of communication with law enforcement both in their local communities and regional level. If bank staff suspect they witnessed a human trafficking incident, they should consult with their police contacts. Law enforcement frequently partners with non-profit organisations and advocacy groups that support human trafficking victims and provides them with the resources to get out their current situations and take back control of their lives.

The post How banks can help counter Human Trafficking appeared first on IT Security Guru.

Users of dating sites have been warned to be weary of romance scams between Christmas Day and Valentine’s Day. This is because during this time, scammers are out in full force seeking to establish contact and build rapport with victims and extort them for money. According to the National Fraud Intelligence Bureau (NFIB), just last year, losses soared from £8.7m last March to £14.6m in May. Losses for the entire year were recorded at astonishing £92m, based on 8,863 reported cases. That being said, figures are predicted to be much higher, as many victims are ashamed to report being targeted and don’t get the police involved.

The City of London Police has warned of the scammers’ tactics and what individuals should be on the lookout for: “typically, romance fraudsters will spend weeks gaining their victims’ trust, feeding them fabricated stories about who they are and their lives – and initially make no suggestion of any desire to ask for any money, so the victim may believe their new love interest is genuine. But weeks, or sometimes months later, these criminals will ask for money for a variety of emotive reasons, and as the emotional relationship has already been formed, victims often transfer money without a second thought.”

Users are advised not to fall for these tricks, and under no circumstances share money with anyone, whether that be to pay for travel to visit the victim, emergency medical expenses or investment opportunities.

The post £92m lost to romance scammers in 2021 appeared first on IT Security Guru.

Distributed denial-of-service (DDoS) attacks are increasingly being accompanied by huge demands against their marks, according to an annual survey from Cloudflare.

Ransom-motivated DDoS attacks increased 29% year-on-year and 175% between Q3 2021 and Q4 2021, according to the research on cyberattack trends showing that companies must do more to prevent DDoS attack vectors.

The manufacturing industry was the most targeted vector in Q4 of 2021 by application-layer DDoS attacks, racking up a concerning seven-fold (641%) increase in the number of attacks. The business services and gaming & gambling industries were the second and third most targeted industries by DDoS attacks.

Source: https://portswigger.net/daily-swig/report-ddos-attacks-increasing-year-on-year-as-cybercriminals-demand-extortionate-payouts

The post DDoS Attacks Increasing Again appeared first on IT Security Guru.

Applications using the open-source libraries ‘colors’ and ‘faker’ have been breaking and printing gibberish. These libraries serve hundreds of thousands of projects, with millions of weekly downloads for open-source projects like Amazon’s Cloud Development Kit. Projects that were using the code began to print messages, including text, such as ‘LIBERTY LIBERTY LIBERTY’, to the surprise of their developers and teams.

It was thought that these libraries had been compromised. However, it appears that the developer of these libraries has actually intentionally introduced mischievous commits into them. The developer of these libraries, Marak Squires, possibly put these mischievous codes in place in retaliation against corporations and commercial consumers who are using cost-free open-source projects while not giving back to the community.

Marak has previously spoken on this topic, saying “respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn’t much else to say.”

The post NPM libraries ‘colors’ and ‘faker’ corrupted appeared first on IT Security Guru.

The threat posed by the Log4j vulnerability hasn’t gone away over the holidays, with the UK’s National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves.

“Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately or subsequently consult the NHS Digital High Severity Cyber Alert CC-3995,” said the advisory.

In early January, the Federal Trade Commission went furtherand also shared an announcement warning that it will go after any US company that fails to protect its customers’ data against ongoing Log4J attacks.

“Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers,” said the FTC’s official warning.

“The Log4j vulnerability is part of a broader set of structural issues. It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.[1] This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security,” it concluded.

In a blog published last week, cybersecurity vendor Armis stated that hackers continued to exploit Log4j over the holidays , noting a significant increase in the number of attacks detected in ICS/OT networks. The most targeted devices were virtual machines, servers and personal computers, though IP cameras, printers, mobile phones, and cameras were also subjected to attack. Dana Tamir, VP of product marketing at Armis said “We expect to see more attacks targeting organizations in 2022. And while organizations are working furiously to patch vulnerable systems, vulnerable systems will continue to exist in our environments, either because they are difficult to patch, or can’t be patched at all. This requires us to keep track of unpatched, vulnerable systems, and ensure other protections are in place to prevent exploitation. In addition, it’s important to detect threats targeting these systems in real-time, to properly respond to this threat.”

The post The latest on the Log4j vulnerability appeared first on IT Security Guru.

An emergency notice was filed by Bernalillo County in federal court last week, after a ransomware attack affected the Metropolitan Detention Center. The incident made it impossible for the MDC to comply with terms of a settlement agreement in a lawsuit over the jail conditions. The attack impacted the offices and systems in a variety of country government operations, including county buildings and services which were closed until further notice. Consequently, the MDC has been unable to access cameras, the inmates’ time outside their cells has been restricted and their access to telephones and tables has been reduced.

The most concerning aspect of the incident is the inability to access cameras, as this is one of the main reasons the MDC is seen as non-compliant in the McClendon vs. City of Albuquerque lawsuit. As a result, the facility has been on lockdown since Wednesday, however jail officials were optimistic for progress to be made this week.

The post Cyberattack causes jail lockdown appeared first on IT Security Guru.

Around 7.5 million DatPiff users‘ account credentials and emails are available to download on RaidForum, a popular hacking forum. DatPiff is a mixtape hosting site that allows users to upload or download samples for free. The site has gained over 15 million users since launching in 2005.

It appears that DatPiff’s users’ data has been available to buy publicly since July 2020, according to a report from BleepingComputer. Currently, it is unclear when the breach took place.

The post DatPiff’s users’ data available on hacking forum appeared first on IT Security Guru.