Protection of Information Assets
September 21, 2022 by David Lanter 11 Comments
Chinenye Marylyn Akinola says
September 27, 2022 at 12:59 am
Breached American Airlines Email Accounts Abused for Phishing: American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks.
Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July. As part of the incident, unknown threat actors compromised the email accounts of multiple American Airlines employees, which allowed them to access customer data in those accounts, the company said in the notification letters sent to the impacted customers. In a notification letter sample filed with the New Hampshire Attorney General’s Office, the airline also disclosed the fact that the data breach was not discovered until after it received complaints of phishing emails being sent from its employee email accounts. According to the company, the attackers might have also used the compromised accounts to access files stored on an employee SharePoint site.
American Airlines also notes that the attackers accessed the compromised mailboxes using the IMAP protocol, which could have allowed them to sync the contents of those mailboxes to another device. “American has no reason to believe that syncing the contents of the mailboxes was the purpose of the access. Based on the facts, it appears the unauthorized actor was using IMAP protocol as means to access the mailboxes and send phishing emails,” the notification letter reads.
The airline told US authorities that the breach has impacted roughly 1,700 customers and employees. The company notes that “the number of documents that contained personal information was small and it would have taken the unauthorized actor significant time and resources to locate the personal information on the mailboxes.”
Nishant Shah says
September 27, 2022 at 11:39 pm
When seeing is no longer believing!
AI is a powerful tool that can be helpful with solving complex problems or grow a business. But AI can also be used by cybercriminals to generate deepfakes. The concept of deepfakes is not new but has become more convincing now due to the technological advancements.
A deepfake is a computer generated media of a person in an audio or a video saying or doing something they did not do in the real world. These deepfakes are created to mislead or deceive people. AI generated fakes can disrupt business and have the potential to instigate riots and wars.
Generative Adversarial Networks (GAN) are commonly used to generate deepfakes on social media. One such case is of Katie Jones on LinkedIn who was connected to a few US government employees and claimed to have a government job. But “Katie” was never a real person and the account holder was a spy. Some examples of deepfakes seen in the past are of the former US President Barack Obama speaking about fake news in a video and Ukranian President Volodymyr Zelenskyy ordering the Ukranian troops to surrender to Russia.
Aayush Mittal says
September 27, 2022 at 11:48 pm
A major data breach was reported at Australian Telecoms Firm “Optus” which could impact upto 10 million customers. Last week, the attackers were able to breach company’s systems, gaining access to information such as names, birth dates, email addresses, phone numbers, addresses, and ID document numbers such as driver’s licenses and passport numbers. The technical details are still being looked upon, however, it is believed that phishing bot was used to generate attacks.
Earlier this week, the telecommunications company’s chief executive said that the hacker with the name “Optusdata” has demanded a $1 million ransom in cryptocurrency against the stolen personal data of 10,000 Optus customers.
However, as per the latest weird update, “Optusdata” sent a link to the new post that withdrew the ransom demand and claimed the stolen data had been deleted along with an apology to Optus as well as its customers.
Sunam Rijal says
September 28, 2022 at 11:14 am
Ukraine Predicts Massive Russian Cyber Assault:
Ukraine predicted that the energy industry would be a key target cause in December 2015 and 2016 also, they faced destructive attack launched by Kremlin that affected hundreds of thousands people without power. If they attack on electricity supply facilities then the offensive actions of Ukrainian defense forces will be slowed down.
and as per the intelligence, Ukrainian energy providers can expect more attacks using destructive and wiper malware. and they also claimed that Russia is planning to boost DDoS attack on critical infrastructure of Ukraine.
Mengqi Xiong says
September 28, 2022 at 8:49 pm
The size of the company does not protect it from network attacks – this is because hackers constantly scan the Internet to find loopholes they can exploit, which is also the best opportunity for hackers; A mistake, your enterprise will become the front page news for the wrong reason. MarketsandMarkets predicted that from 2022 to 2027, the market size of global penetration testing is expected to grow at a compound annual growth rate (CAGR) of 13.7%. However, the costs and constraints involved in conducting penetration testing have hindered market growth. Therefore, some enterprises are considering relying on the bug bounty program to help them get in touch with the ethical hacker community and continue to conduct security testing. The goal of the bug bounty program is to provide a means for those ethical hackers to discover and disclose these vulnerabilities before network criminals take advantage of them. The bug bounty program enables organizations to learn more about their security status before conducting deeper and often more expensive manual testing. The organization or company expects to increase the enthusiasm of security personnel for vulnerability discovery and maintain the ecological balance of information network security through the vulnerability reward mechanism.
Asha Kunchakarra says
September 28, 2022 at 9:44 pm
The department of homeland security is working on introducing a new fleet of electric vehicles to perform law enforcement functions. They are the first federal agency to upfit a battery electric vehicle for law enforcement use. The agency’s car overhaul coincides with the Biden administration’s larger goals to bring more sustainable infrastructure to the US. DHS is proactively seeking to reduce greenhouse emissions. The new mustang model went through various stress tests before being approved as DHS’s new law enforcements vehicle. As software technology in cars becomes more sophisticated and increasingly connected, many modern vehicles will be part of the IOT.
Shadrack Owusu says
September 28, 2022 at 10:01 pm
Discovery of ineffective physical, administrative, and technical controls have been uncovered at the veteran’s affairs Health Care Center in Harlingen, Texas, after an audit by the Office of Inspector General (OIG). The OIG purposefully selected the facility because it had not been previously reviewed during the annual FISMA audit.
The shocking revelation was that “almost 53 percent of the Harlingen center’s network switches used operating systems that no longer receive maintenance or vulnerability support from the vendor. Recommendations to ensure appropriate physical and environmental security measures are implemented have been made.
In a related development, OIG released a separate IT security assessment of the Alexandria VA Medical Center in Pineville, Louisiana on Sept. 22 that documented deficiencies in three of the facility’s four security control areas and found “critical and high-risk vulnerabilities on 37% of the devices” at the center.
What makes this interesting to me is the inconsistencies in inventories at VA and it highlights the need for adopting an effective strategy to accurately take stock of assets in an organization. Continuous monitoring is necessary to minimize threats and account for any discrepancies.
Pranavi Yadalam Sekhar says
September 28, 2022 at 10:18 pm
Hackers Use Telegram and Signal to Assist Protestors in Iran:
Multiple hacker groups are using Telegram, Signal and dark web tools to aid anti–government protestors in Iran to bypass regime restrictions.
Hacker groups have been witnessed by CPR, allowing people in Iran to communicate with each other despite the government’s censorship attempts.
More specifically, CPR shared five examples of these groups.
The second Telegram group spotted by CPR is ARVIN, which counts roughly 5000 members and provides news from the protests in Iran, reports and videos from the streets where the protests are, and information about the internet status in Iran
Wei Zhang says
September 28, 2022 at 10:34 pm
With the rise of multi-factor authentication(MFA), a social engineering technique called “MFA Fatigue” is gaining traction with hackers because it does not require malware or phishing to work. When push notifications for an organization’s multiple authentication configurations are turned on, employees will see a notification on their mobile devices if someone tries to log in.MFA fatigue causes users to tire by constantly sending push requests. Most users agree to log in to stop being harassed. In addition, the attackers would contact employees by email, phone, etc. They would pose as IT technical staff to persuade the target to accept the MFA prompt.
The solution to MFA Fatigue attack in this article is:
1. Strengthen staff training. Make employees aware that their accounts are at risk when they receive a similar notice and contact the organization’s IT or security team immediately.
2. Use rate limiting mechanisms.
3. Use a number matching mechanism. This requires the user to enter the number displayed on the laptop screen when the mobile device taps Yes.
Elizaveta Ibeme says
September 28, 2022 at 11:05 pm
TeamTNT hijacking servers to run Bitcoin encryption solvers
Threat analysts are suspecting that a malicious group named TeamTNT is behind several newly discovered types of attacks. The first type of attack is attempting to crack the Bitcoin public-key encryption. TeamTNT allegedly is hijacking servers and using their computational power to solve the encryption. The algorithm breaks up the key into manageable chunks which then get distributed among captured machines to be solved. It is important to note that only quantum computer computers are currently expected to be able to break the Bitcoin encryption. This attack was named “the kangaroo attack” because it is using the kangaroo WIF solver algorithm. Another type of attack allegedly used by this malicious group It’s so “what will be” attack. This utilizes the vulnerability of docker Daemons that allows to access the host from a running container and then uses SSH to roam the network.
Frank Kofi Kpotivi says
September 28, 2022 at 11:29 pm
Australia flags privacy overhaul after huge cyber attack on Optus
Australian Prime Minister Anthony Albanese at the Sydney Energy Forum
Australian Prime Minister Anthony Albanese speaks at the Sydney Energy Forum in Sydney, Australia July 12, 2022. Brook Mitchell/Pool via REUTERS/File Photo
SYDNEY, Sept 26 (Reuters) – Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms firm.
Optus, owned by Singapore Telecoms Ltd (STEL.SI), said last week that home addresses, drivers’ licences and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s biggest data breaches.
You must be logged in to post a comment.