Normal view
- Cybersecurity News and Magazine
- TCE Cyberwatch: Weekly Wrap on AI, Deepfakes, Cybersecurity Challenges Affecting Nations Worldwide
- Cybersecurity News and Magazine
- This Week on TCE Cyberwatch: AI Rise, Government Crackdowns, and Global Cybercrime
This Week on TCE Cyberwatch: AI Rise, Government Crackdowns, and Global Cybercrime
TCE Cyberwatch: A Weekly Round-Up
Keep reading to ensure your safety and stay up to date with the cyber world.U.S. Charges Four Iranians with Hacking Government Agencies and Defense Contractors
Four Iranians in the U.S. were accused of alleged allegiance with hacking operations which attacked entities like the U.S. Treasury and State departments, defence contractors, and two New York-based companies. The Treasury Department of the U.S. believes that all four individuals have ties to IRGC front companies. Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab can face up to five years in prison for computer fraud conspiracy charges and up to 20 years for each count of wire fraud and conspiracy to commit wire fraud. Speaking on the development, Attorney General Merrick Garland stated,“ Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability… These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign.” Read MoreIndian Telecom Giant BSNL Suffers Data Breach, Millions Potentially Affected
Bharat Sanchar Nigam Limited (BSNL), a major telecommunications provider owned by the Indian government, faced a data breach a while ago which has resurfaced and been claimed by threat actor ‘Perell’. They released a database which allegedly belongs to BSNL and contains more than 2.9 million records. Perell claims that the stolen data includes sensitive information from BSNL, and that although it claimed to be from BSNL in 2024, it actually comes from around 2023. However, it still raises concerns as it is of a large quantity and contains sensitive information. Read MoreCybersecurity Giant Darktrace Acquired by Thoma Bravo for $4.6 Billion
Thoma Bravo, a U.S.-based private equity firm, recently acquired the British cybersecurity giant Darktrace for $4.6 billion. This acquisition carries significant implications for both companies and the cybersecurity industry at large. Following the announcement, Darktrace's shares surged by approximately 19%, demonstrating investor confidence in the deal.
Shareholders of Darktrace could now receive $7.75 for each share they hold, marking a 44.3% increase compared to recent stock prices. Darktrace, renowned for its AI-based cybersecurity solutions, has experienced a surge in demand for its services. Read More
Global Operation Shuts Down LabHost, Arrests 37
An online service called Lab Host, operating in 19 countries, which sells phishing kits to cybercriminals, has recently been shut down. It is alleged that they have made almost a million dollars from this activity and have directly and indirectly attacked thousands of people. Lab Host has been in operation since 2021 and provides tools for hackers to create fake websites that deceive people into revealing sensitive information such as email addresses, passwords, and bank details.
Following the shutdown, 37 people were arrested, and London’s police reported that 2,000 users were registered on the site, paying a monthly subscription fee. Lab Host is reported to have obtained 480,000 bank card numbers, 64,000 PIN numbers, and around 1 million passwords. Read MoreBig Fines for AT&T, Verizon, T-Mobile in Privacy Scandal
Major phone carriers AT&T, Sprint, T-Mobile, and Verizon have been fined a total of $200 million for illegal data sharing of customer locations with third parties. T-Mobile, AT&T, and Verizon were fined approximately $80 million, $57 million, and $47 million, respectively. These companies sold customer location data to aggregators, who then resold it to third parties.
AT&T had connections with two aggregators, LocationSmart and Zumigo, which were then linked to third-party location-based service providers. According to the FCC, "In total, AT&T sold access to its customers’ location information (directly or indirectly) to 88 third-party entities." Informally, all three phone carriers stated that the program in question ended about five years ago. Read MoreUK Cracks Down on Weak Passwords: "Admin123" No Longer an Option
The UK Government is banning weak passwords such as "admin" or "12345" to bolster cybersecurity. The initiative, named the 'UK Product Security and Telecoms Infrastructure (PSTI) Act 2022', mandates that manufacturers, distributors, and importers of products and services for UK consumers adhere to these new rules. Manufacturers and other vendors face significant fines for non-compliance. They could be fined up to £10 million, four percent of their global turnover, or £20,000 per day for ongoing violations. This move signals the government's commitment to tackling cybersecurity issues. Read MoreChatGPT Accused of Privacy Violations and Inaccurate Information
ChatGPT has recently faced criticism from a privacy advocacy group, along with the Austrian data protection authority (DSB), for generating inaccurate information that violates European Union privacy regulations. Noyb, the privacy advocacy group, pointed out that ChatGPT's method of guessing instead of providing accurate information poses problems. They also claim that OpenAI, the company behind the AI, refuses to correct inaccurate responses and is reluctant to share information about its data processing practices. Read MoreOkta Warns of Surge in Password Reuse Attacks
Okta recently issued a warning about a surge in credential stuffing attacks, in which usernames and passwords obtained from previous data breaches and attacks are used to target accounts.
According to Okta, they have "observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials, and scripting tools."
This spike in credential stuffing attacks is believed to be linked to brute force attacks, as warned by Cisco a few weeks earlier. Cisco had observed a rise in attacks on VPN services, web application authentication interfaces, and others since around March 18. To address this, Okta recommends blocking requests from suspicious services, ensuring the use of secure passwords, implementing multi-factor authentication (MFA), and remaining vigilant in monitoring any suspicious activity. Read MoreTo Wrap Up
This week's TCE Cyberwatch painted a vivid picture of the ever-evolving cybersecurity landscape. While advancements like AI offer exciting possibilities, they necessitate enhanced security measures to mitigate potential risks. The increasing focus on regulations and enforcement by governments worldwide signifies a collective effort to combat cybercrime.
Remember, staying informed and practicing safe online habits are crucial in protecting yourself from cyber threats.
TCE Cyberwatch remains committed to keeping you informed about the latest cybersecurity developments. By staying vigilant and taking proactive measures, we can navigate the digital age with greater confidence and security.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
- Cybersecurity News and Magazine
- TCE Cyberwatch: From Ransomware to Deepfakes, This Week’s Top Cybersecurity Threats
TCE Cyberwatch: From Ransomware to Deepfakes, This Week’s Top Cybersecurity Threats
TCE Cyberwatch Weekly Update
Let's dive into the latest developments and equip ourselves with the knowledge to stay safe online.Samourai Wallet Founders Sentenced to Prison Over Money Laundering Charges
Samourai Wallet, a popular crypto app founders, Keonne Rodriguez and William Lonergan Hill, were recently arrested with serious charges regarding money laundering and unlicensed money transmitting. The allegations address over $2 billion in transactions and laundering more than $100 million in criminal proceeds. The transactions originated from dark web markets like Silk Road and Hydra Market, and the charges seem to be amounting to a maximum of 20 years in prison for Rodriguez and five years for Hill. Along with this, the company's web servers were seized, and prevention of further downloads of the Samourai mobile app in the U.S. was implemented. Read MoreChina Cracks Down on Messaging Apps: WhatsApp, Threads Removed from App Store
The Chinese government, pushed by concerns over censorship, recently ordered Apple to remove WhatsApp and Threads from their App Store in China. Reportedly, Telegram and Signal have also been removed. China’s Cyberspace Administration had asked Apple to remove the apps because they apparently contained political content that included negative comments and posts about President Xi Jinping. Apple is known to work alongside the Chinese government's wishes as in 2021, Apple had supposedly agreed to store the personal data of Chinese users in servers accessible by the government. Apple addressed in a statement that, “We are obligated to follow the laws in the countries where we operate, even when we disagree.” Read MoreCybersecurity Nonprofit MITRE Breached by Nation-State Actor
MITRE reports that they have recently been exposed to breaches and cyber threats despite working to safeguard themselves from them. A foreign nation-state threat actor was confirmed on their Networked Experimentation, Research, and Virtualization Environment, or NERVE, network. MITRE immediately took the network offline, making sure to start an investigation to find out the extent of the damages as well as contacting those affected. Jason Providakes, president and CEO, MITRE, shared his response to the incident stating that, “The threats and cyber-attacks are becoming more sophisticated and require increased vigilance and defence approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.” Read MoreGoogle Fires Employees Over Pro-Palestine Protest Against Israeli Contract
Google recently terminated 28 staff members after they had protested against the company’s contract with the Israeli government. The pro-Palestine employees had protested by staging hour-long sit-ins at their offices. In a statement, Google employees’ part of the “No Tech for Apartheid” campaign, revealed that some employees who had not directly participated in the protests had also been fired. Gabriel Schubiner, an ex-Google employee, revealed that he knew of co-workers who had to provide training on how to use Google Cloud directly to Israel’s national intelligence agency and that the contracts were not primarily meant for t civil services and society as claimed, but rather the military. Furthermore, he says that Palestinian and Muslim employees faced “the most intense retaliation bias” when speaking out against the contracts. Read MoreParis Olympics Braces for Cyber Siege: Millions of Hacking Attempts Expected
Paris Olympic organizers are preparing for a hoard of cyberattacks during this year’s events, as officials expect millions of hacking attempts. These attacks could entail minor issues like inconveniencing processes, or major damages that could result in the event being stunted. The organizers are preparing themselves by offering bug bounties to those who can scope out vulnerabilities in systems; Additionally, they are training staff to be able to recognize and respond to phishing scams. While fans and spectators are potential victims, there are also issues with smart equipment like CCTV cameras, alarm systems, badges, etc. The 2021 Tokyo Olympics reportedly faced about 450 million hacking attempts, and this year is predicted to be almost 8 to 12 times that number. Read MorePayPal Appoints Shaun Khalfan as New CISO
PayPal, a famous digital payments company, has recently appointed Shaun Khalfan as their new Senior Vice President and Chief Information Security Officer. Khalfan has over 20 years of experience in information security and risk management, and his presence in the company cements their cybersecurity fields further. PayPal is one step closer to ensuring the security and defence of the company’s digital infrastructure and everyone involved digital assets, data and payments. Khalfan stated, “I am excited to embark on a new challenge as SVP, Chief Information Security Officer at PayPal! I am inspired by the leadership team, growth strategy, and look forward securing a digital company on a global scale.” Read MoreAI Deepfakes and Foreign Interference: Challenges in India's Elections
With India currently holding general elections to select members of Parliament, there seem to be a plethora of cybersecurity challenges present. There seems to be a large amount of AI-generated content and deepfakes by political entities and foreign agents against one another to manipulate the game and cause tensions amongst the public and the politicians. Cybersecurity experts and Industry leaders, such as IBM and McAfee have already predicted a treacherous voting season, but the use of AI generated content adds to the stilted integrity of the election. Foreign interference also seems to be an issue for the Indian voting process. Chinese hackers are an example of those identified to try to manipulate public opinion and influence election outcomes. Read MoreAustralia Fines Social Media Platform for Refusing to Remove Stabbing Videos
On April 15, a bishop and a priest were stabbed in Sydney, with the entire event being live-streamed. Graphic footage of the attack has been circulating online, leading to riots and the government calling the stabbing an act of terrorism. Due to this, Australia eSafety Commissioner Julie Inman Grant asked social media companies X and Meta to take down the videos due to the country’s Online Safety Act. Meta abided but X argued that some posts “did not violate X’s rules on violent speech,” and are now being threatened with a fine of AUD 785,000 (USD 500,000) if the posts aren’t taken down. Anthony Albanese, the Australian Prime Minister showed disapproval of Elon Musk and X’s actions by stating, “This isn’t about freedom of expression… Social media has a social responsibility.” Read MoreTikTok Faces US Ban: Bill Demands App Sale or Removal Over Security Concerns
Lawmakers in the U.S. recently passed a bill that will ban the app in the country if TikTok’s Chinese owner, ByteDance, refuses to sell their stake in the American business. TikTok’s head of public policy for the U.S. stated that the bill was unconstitutional, going against the First Amendment and that TikTok would fight it in the courts. TikTok has always denied any affiliation with Beijing authorities and them having any access to user data. They have also stated they would always refuse if asked to do so. Yet, TikTok still faces scrutiny and pressure from lawmakers in the US, and other Western politicians including in the UK, over suspicion that users’ data is accessible by the Chinese government. The Bill is now headed toward President Joe Biden, who has stated that “I will sign this bill into law and address the American people as soon as it reaches my desk.” Read MoreTesla Cybertruck Woes Mount with Recalls and Rust
Teslas Cybertrucks have started mass malfunctioning recently, with the company receiving many complaints regarding faulty loose accelerator pedestals. This has led to future orders of the Cybertrucks being canceled as the company asks for their product to be recalled by the US National Highway Traffic Safety Administration (NHTSA). Elon Musk’s claims of the car being bulletproof, and the “best off-road vehicle” are shown to be untrue as users are unable to drive them properly through sand or snow, windows are broken by balls and windshields by hailstorms, rust occurs, along with some peoples cars just stopping to work at all. This doesn’t help Tesla as they currently face low earnings, having to cut staff by 10% globally, amounting to around 14,000 jobs. Read MoreU.K. Phone Maker "Nothing" Faces Data Breach
Nothing, a U.K.-based phone manufacturer recently admitted to facing a data breach where 2,250 peoples information and privacy was endangered. While no sensitive information like passwords seemed to be accessed, user emails themselves being exposed caused concerns surrounding the security of the community members. Nothing traced the breach back to a vulnerability first known from December 2022, and immediately responded and took action against the vulnerability during this event. However, there seems to be no indication that the company reached out to the people affected regarding the situation which causes concerns surrounding communication and transparency. Read MoreUnitedHealth Group Pays Ransom After Change Healthcare Data Breach
After Change Healthcare recently experienced a data breach, UnitedHealth has admitted to paying the ransom to retrieve patient information. The company stated, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure." Wired magazine, analyzing forum posts and other sources, estimates that the company likely paid around $22 million.
The breached files, containing health information and personally identifiable information, have the potential to affect a large portion of the U.S. population if not reclaimed by the health group. Consequently, restoring pharmacy software, claims management, etc., along with financial assistance, has been a priority for the company. However, it seems that paying the ransom was the only way they could protect their members and their information from the hackers. Read MoreRussian Malware "GooseEgg" Targets Government Networks: Microsoft Sounds Alarm
Microsoft recently discovered a new malware named GooseEgg being used by Russian hackers to gain elevated access, steal credentials, and facilitate lateral movement within compromised networks. The malware is attributed to a group called "Forest Blizzard," believed by the U.S. and U.K. governments to be associated with Unit 26165 of Russia’s military intelligence agency, the GRU.
According to Microsoft, Forest Blizzard has been using GooseEgg since around June 2020. The group has targeted various sectors including state, non-governmental, educational, and transportation institutions in Ukraine, Western Europe, and North America. GooseEgg is deployed after gaining access to a device, enhancing the hackers' capabilities within the network. Read More This week's TCE Cyberwatch has painted a sobering picture of the current cybersecurity landscape. From data breaches and ransomware attacks to government censorship and social media manipulation, no corner of the digital world seems immune. Yet, there's also reason for hope. Advancements in AI offer potential solutions, while increased awareness empowers individuals and organizations to fight back. Stay vigilant, stay informed, and remember – together, we can build a more secure digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.TCE Cyberwatch: A Look at This Week’s Top Cybersecurity Incidents
TCE Cyberwatch: Weekly Round-Up
Palo Alto Warns: Critical Firewall Flaw Could Lead to Cyberattacks
A new vulnerability named "Kaby Lake" was found in Palo Alto, a cybersecurity firm, Networks' firewall devices potentially exposing them to cyber threats, specifically devices running PAN-OS, the operating system produced for and used by Palo Alto Networks' firewalls. The vulnerability, which allows attackers to execute arbitrary code on affected devices, seems to have no patch released to address the issue and customers are currently being provided temporary fixes. Users are advised to stay informed about security updates from Palo Alto Networks and take necessary precautions to mitigate the risks. Read MoreHTW Halts Work to Recover From Data Breach
Herron Todd White (HTW), an Australian valuation firm is currently dealing with the aftermath of an alleged data breach, causing a pause in new work. Major banks that work with HTW regarding property-related assessments have taken precautionary measures as well. National Australia Bank and Commonwealth Bank have taken action to suspend HTW from any further commercial and agricultural valuation work due to this breach but allow for residential valuations unaffected by it. The motive behind the attack, whether malicious or a security lapse within HTW’s infrastructure, remains uncertain. Australia has become vigilant against cyberattacks due to past reoccurring incidences and now requires organizations to make a report to the Australian Cyber Security Centre (ACSC) within 12 hours of the attack. Read MoreCyberattack Disrupts French Municipal Governments, Investigation Underway
Multiple French municipal governments recently experienced a cyberattack, disrupting their operations. Attributed to a group identified as the "Shadow Kill Hackers,” the attack targeted numerous municipalities throughout France. Exploiting vulnerabilities in the computer systems of these municipalities, the attackers gained unauthorized access and disrupted essential services, including emails and administrative functions. The motive behind the attack remains unclear, prompting French authorities, including the National Agency for the Security of Information Systems (ANSSI), to launch an investigation and initiate efforts to restore the affected systems. Read MoreCisco Duo Data Breach Exposes User Information
Recently, Cisco's Duo security product encountered a breach that exposed information related to multi-factor authentication (MFA). The breach, facilitated by a phishing attack through SMS and VOIP, targeted employee details and impacted Duo's MFA service. As a result, usernames, email addresses, and MFA device information were potentially compromised. However, Cisco has reassured users that sensitive information such as passwords or authentication methods remained secure. In response to the incident, Cisco promptly notified affected users and implemented necessary security measures to prevent future breaches. Nevertheless, users are advised to remain vigilant and monitor their accounts for any signs of suspicious activity. Read MoreRansomware Attack Targets UNDP, Stealing HR Data
The United Nations Development Programme (UNDP) recently experienced a cyberattack resulting in the breach of human resources (HR) data. The attack compromised the personal information of current and former employees at a branch in Denmark, including staff contracts and internal documents. UNDP issued a notice acknowledging that they had received a threat intelligence notification indicating that a data extortion actor had stolen certain human resources and procurement information. Taking swift action, UNDP promptly implemented necessary precautions and is currently conducting a comprehensive assessment to determine the nature and extent of the cyberattack. Read MoreUnitedHealth Takes $1.6 Billion Hit from Change Healthcare Cyberattack
UnitedHealth Group, one of the largest healthcare companies in the U.S., recently issued a warning about a cyberattack that resulted in a potential financial impact of $1.6 billion. The attack, targeting Change, led to disruptions in payments to doctors and healthcare facilities nationwide, as well as adversely affecting community health centers serving over 30 million impoverished and uninsured patients for a month. UnitedHealth estimates that the hack will reduce profits by $1.15 to $1.35 per share this year but emphasizes that the impact is not as severe as initially anticipated. While the company has not yet disclosed the extent of the personal data breached in the attack, federal law mandates that they do so within 60 days. Read MoreCyberattack Cripples Ukrainian Media Giant 1+1 Media
1+1 Media, a prominent media conglomerate in Ukraine, recently experienced a severe cyberattack targeting its satellite TV channels. In a statement released on Wednesday addressing the cyber assault, the media giant disclosed that 39 channels, including some of its flagship networks, became inaccessible, dealing a significant blow to the country's media infrastructure.
Officials stated that the cyberattack on 1+1 Media coincided with escalated tensions in the region, notably the "cynical attack" on the peaceful city of Chernihiv. The attack involved deliberate efforts to disrupt satellite communications on the Astra 4A 11766 H transponder. Read MoreTrust Wallet Warns of $2 Million iMessage Exploit
Trust Wallet, a prominent provider of cryptocurrency wallets, has issued a cautionary notice to Apple users concerning a potential vulnerability in iMessage. The alert arises from reliable information suggesting the existence of a zero-day exploit within the iOS iMessage platform, which is reportedly being sold on the dark web for an exorbitant $2 million.
As per Trust Wallet, this zero-day exploit in iMessage poses a significant risk as it enables hackers to take control of iPhones without any interaction from the device user. Unlike conventional exploits that necessitate clicking on malicious links or downloading infected files, this exploit operates seamlessly, posing a particularly serious threat to high-profile targets. Read MoreBreachForums Breached! Rival Hackers Claim User Data
The primary website of the infamous BreachForums, a forum known for data leaks and hacking activities, has been shut down by competing threat actors. The group of threat actors known as R00TK1T, in collaboration with the pro-Russian Cyber Army of Russia, declared that they had breached user data subsequent to the takedown of BreachForums.
Additionally, the hackers behind the BreachForums attack asserted their intention to release a roster containing user details, IP addresses, and email addresses from the forum. Despite the assault, the TOR version of the website remains functional. Read MoreBenjamin Ambrose Appointed as CISO at NPCI
Benjamin Ambrose has been appointed as the Chief Information Security Officer (CISO) at the National Payments Corporation of India (NPCI), marking a strategic move aimed at bolstering cybersecurity measures in India's rapidly evolving digital payments sector.
Bringing with him extensive experience gained from notable roles at AWS and Citi, Ambrose offers a seasoned perspective to NPCI's cybersecurity initiatives. Read MoreWrap Up
This week's TCE Cyberwatch roundup paints a sobering picture of the ever-evolving cyber threat landscape. From critical infrastructure vulnerabilities to attacks on international organizations and healthcare providers, no entity seems immune.
However, amidst this complexity, there's a crucial takeaway: vigilance is key. By staying informed about the latest threats, implementing robust security practices, and fostering a culture of cybersecurity awareness, we can all play a vital role in mitigating these risks.
TCE remains committed to keeping you informed about the latest developments in the cybersecurity world. We encourage you to stay tuned for future updates and actively participate in building a more secure digital future.