Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

Data Leak Exposes 750K Birth Certificate Applications

Data Leak Exposes 750K Birth Certificate Applications

Over 750,000 applications for US birth certificates have been found exposed online thanks to a misconfigured cloud server.

UK security firm Fidus Information Security found the trove, which was left unsecured in an Amazon Web Services (AWS) bucket with no password protection.

The company in question hasn’t been named because it has yet to respond to attempts by the research team to notify it of the privacy snafu. It provides a service to US citizens allowing them to request copies of birth and death certificates from state governments.

As such, the data exposed is highly sensitive, including: applicant name; date of birth; home and email address; phone number; and other personal information such as previous addresses and names of family members.

That’s all information that would be highly valuable to potential scammers, to help commit identity fraud and craft convincing phishing emails to harvest even more sensitive information.

The identities of children are particularly highly sough after; because they have limited financial records associated with them it is easier for scammers to open new accounts in their name. Over one million US kids fell victim to identity fraud in 2017, resulting in losses of $2.6bn, according to Javelin Strategy & Research.

“Examples such as this show just how important it is for consumers to know precisely which companies are part of the software supply chain delivering any given service to them,” argued Synopsys senior principal consultant, Tim Mackey.

“That repeated contacts went unanswered is a clue that the company delivering this service likely is being operated using a high degree of automation and with a limited understanding of how valuable the data they interact with might be. Properly securing any data store is 101-level work, but we consistently see companies omitting this critical task from their ‘go-live’ checklist."

Hackers are increasingly prepared to scan for exposed cloud data stores like the one publicized above. In 2019 there have been several incidents where databases have been stolen and ransomed, such as those belonging to Mexican bookstore Libreria Porrua.

Source: Information Security Magazine

UK Government Laptop Losses Soar 400%

UK Government Laptop Losses Soar 400%

The UK’s Ministry of Justice (MoJ) has seen laptop losses soar by 400% over the past three years, according to new Freedom of Information (FOI) data.

Security vendor Apricorn sent FOI requests to five government departments to better understand the extend of their risk exposure through lost or stolen devices.

Of the three that responded, the MoJ appeared to show the largest increase in losses: with the number of laptops going missing rising from just 45 in 2016/17 to 201 in 2018/19.

The combined figure for laptops, PCs, mobile phones and tablets saw a 55% increase in losses from 2017/18 to last year, when they reached 354 in total.

The Department for Education (DfE) reported 91 devices lost or stolen in 2019, whilst NHS Digital has lost 35 to date in 2019.

On the plus side, all responding departments claimed they encrypt any USB or storage devices, with the MoJ saying USB ports on laptops are blocked by default.

“Whilst devices are easily misplaced, it’s concerning to see such vast numbers being lost and stolen, particularly given the fact these are government departments ultimately responsible for volumes of sensitive public data. A lost device can pose a significant risk to the government if it is not properly protected,” said Jon Fielding, managing director, EMEA, Apricorn.

“Modern day mobile working is designed to support the flexibility and efficiency increasingly required in 21st century roles, but this also means that sensitive data is often stored on mobile and laptop devices. If a device that is not secured is lost and ends up in the wrong hands, the repercussions can be hugely detrimental, even more so with GDPR now in full force.”

A separate FOI report from MobileIron earlier this year revealed that 508 mobiles and laptops were lost or stolen from eight government departments between January 2018 and April 2019.

Source: Information Security Magazine

UK Government Laptop Losses Soar 400%

UK Government Laptop Losses Soar 400%

The UK’s Ministry of Justice (MoJ) has seen laptop losses soar by 400% over the past three years, according to new Freedom of Information (FOI) data.

Security vendor Apricorn sent FOI requests to five government departments to better understand the extend of their risk exposure through lost or stolen devices.

Of the three that responded, the MoJ appeared to show the largest increase in losses: with the number of laptops going missing rising from just 45 in 2016/17 to 201 in 2018/19.

The combined figure for laptops, PCs, mobile phones and tablets saw a 55% increase in losses from 2017/18 to last year, when they reached 354 in total.

The Department for Education (DfE) reported 91 devices lost or stolen in 2019, whilst NHS Digital has lost 35 to date in 2019.

On the plus side, all responding departments claimed they encrypt any USB or storage devices, with the MoJ saying USB ports on laptops are blocked by default.

“Whilst devices are easily misplaced, it’s concerning to see such vast numbers being lost and stolen, particularly given the fact these are government departments ultimately responsible for volumes of sensitive public data. A lost device can pose a significant risk to the government if it is not properly protected,” said Jon Fielding, managing director, EMEA, Apricorn.

“Modern day mobile working is designed to support the flexibility and efficiency increasingly required in 21st century roles, but this also means that sensitive data is often stored on mobile and laptop devices. If a device that is not secured is lost and ends up in the wrong hands, the repercussions can be hugely detrimental, even more so with GDPR now in full force.”

A separate FOI report from MobileIron earlier this year revealed that 508 mobiles and laptops were lost or stolen from eight government departments between January 2018 and April 2019.

Source: Information Security Magazine

Wipro Launches Cyber Defense Center Down Under

Wipro Launches Cyber Defense Center Down Under

An Indian information technology, consulting, and business process services company has opened its first of what could eventually be many cybersecurity centers in Australia.

Wipro Limited announced the launch of the NextGen Cyber Defense Center on Thursday. The new state-of-the-art facility, which is located in the coastal city of Melbourne, is expected to create over 100 jobs. 

A Wipro spokesperson said: "With the launch of this center, Wipro aims to make substantial investments to upskill its employees, hire more local resources and generate more than 100 jobs in Melbourne for cybersecurity specialists."

With an eye on the future, the company shared plans to roll out similar Cyber Defense Centers in other Australian cities to "offer cyber resilience and provide digital protection to large government organizations."

Manoj Nagpaul, senior vice president of Asia Pacific and Japan at Wipro Limited, said: "We will offer our customers in the Australian market the ability to leverage our global experience, technical expertise and strategic cyber investments to secure their digital operations. 

"Our CDC will be equipped with state-of-the-art technology–enabled infrastructure with continuous security monitoring, a large pool of experienced security professionals and a global delivery model to achieve and scale highly secure integrated platforms."

The new Melbourne facility was inaugurated by Tim Pallas, minister for economic development, Parliament of Victoria, in the presence of customers, technology partners, the leadership team, and local employees.

Pallas said: "Melbourne is Australia’s leading tech city, and we welcome this investment by Wipro—a leading global information technology company. The establishment of this Defense Center will strengthen Victoria’s capability in cybersecurity and draw on the local expertise to help Wipro protect Australian organizations from cyber-related incidents."

According to Wipro’s recently released "State of Cybersecurity Report 2019" (in which 10% of the global organizations surveyed were from Australia), 55% of the respondents highlighted digital lockdowns due to ransomware attacks are their top cyber-risk. 

The report found that the worldwide breach rate, calculated as the number of records stolen per second, has gone up to 232 records per second from the previous year’s average of 88 records/second. 

Despite the rise in the number of security incidents, the same report found that only 25% of respondents said that they carry out security assessments in every build cycle before pushing applications out to the internet.

Source: Information Security Magazine

British Cybersecurity Firm Goes Under Owing Millions

British Cybersecurity Firm Goes Under Owing Millions

An award-winning British cybersecurity firm has gone into administration owing £3.5m to unsecured creditors.

XQ Digital Resilience Limited, which traded as XQ Cyber, brought in administrators David Rubin & Partners after declaring bankruptcy in October by placing a notice in the London Gazette

The company was best known for developing CyberScore, a security testing and rating service that converts raw vulnerability data into more easily digestible security remediation and risk management plans.

According to a statement of affairs document published on the Companies House website this week and dated October, trade creditors are owed just over £500,000. 

The unsecured creditor who is owed the largest single sum of money by the Gloucestershire-based cybersecurity firm is an individual who made a £2.4m loan to the business. He was listed as someone who had significant control of the business in January 2017. 

Aside from this individual investor, HM Revenue and Customs is the largest creditor, left out of pocket for a total amount of £473,649. Five- and six-figure sums are also owed to a small number of tech suppliers. 

The statement of affairs estimates that assets totaling £304,374 are available to be used to pay back unsecured creditors. 

The administrators stated that while XQ Cyber's intellectual property and goodwill have a book value of £645,599, they expect to be able to use them to realize just £200,000.

The National Cyber Security Centre (NCSC)–approved company, which boasted many former GCHQ staffers among its employees, had gone through a recruitment drive in 2019 and made new hires just six weeks before going into administration.  

At XQ Cyber's demise, around 60 workers were made redundant, according to posts made on LinkedIn by former XQ Cyber staff members. 

XQ Cyber was featured as one of 20 UK security start-ups to watch in a profile in Information Age in June. The company's Twitter account has been inactive since November 7; however, its website—which states that the trading name of the company is now CS Information Security Limited—is still up and running.

The news of the company's decline took the cybersecurity industry by surprise, as public-sector UKCloud had reportedly added XQ Cyber’s CyberScore cybersecurity testing and rating tool to its portfolio in May, potentially creating a lucrative sales channel.

Source: Information Security Magazine

Ransomware Attack on Minnesota Health Facility

Ransomware Attack on Minnesota Health Facility

A Minnesota healthcare facility specializing in treatments for the face, teeth, mouth, and jaw has been hit by a ransomware attack.

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) announced the data security incident on Thursday via their website.

On September 23, 2019, threat actors struck a server used by the organization. IT staff were able to intervene immediately to restore the impacted data. No mention was made as to the amount of money demanded by the attackers or whether the ransom was paid. 

All 80,000 patients of the facility are being informed of the incident, which SEMOMS said "may have resulted in the inadvertent exposure of patients’ health information."  

In a statement published on their website, SEMOMS said: "Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed."

Computer forensic experts, hired by SEMOMS to discover what, if any, information had been accessed in the attack, were unable to give a definitive answer. 

SEMOMS said: "After examining the impacted server, the investigation was unable to determine if patients’ names and X-ray images had been viewed or accessed by an unknown, unauthorized third party.  

"While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution."

Letters sent to potentially impacted patients include information about what occurred and a toll-free number where patients can learn more about the incident.

SEMOMS gave a reassurance that any patients' financial information, medical records, or Social Security numbers that had been provided to the health organization had not been impacted by the event. 

The incident has spurred SEMOMS to carry out a review of their current cybersecurity protection and procedures.

SEMOMS said: "SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures."

Source: Information Security Magazine

Vietnamese Hackers Compromised BMW and Hyundai: Report

Vietnamese Hackers Compromised BMW and Hyundai: Report

A Vietnamese state-backed threat group has been blamed for cyber-attacks that compromised the networks of BMW and Hyundai over recent months.

APT32, also known as “Ocean Lotus,” has been operational for the past few years. This spring it managed to infiltrate the network of the German car giant, installing a pen testing tool known as Cobalt Strike to remotely spy on machines, according to local reports.

However, BMW’s cybersecurity team caught wind of the attack and carefully monitored the group's activity, before finally kicking the attackers out in early December, Bayerischer Rundfunk claimed.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” the carmaker said in a general statement.

It was claimed that the hackers may be looking for trade secrets that will help to spur development at privately owned Vietnamese automotive start-up VinFast, which is currently supplied almost 100% by German manufacturers.

Hyundai’s corporate network was apparently also targeted, but there are no further details about that raid.

APT32 is known mainly for cyber-espionage activities targeting foreign businesses with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors. It has also targeted political activists and free speech supporters inside Vietnam and across south-east Asia, according to FireEye.

“The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam],” the security vendor said in its 2017 report on the group.

“While the motivation for each APT32 private sector compromise varied—and in some cases was unknown—the unauthorized access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organizations.”

Source: Information Security Magazine

FTC: Cambridge Analytica Deceived Facebook Users

FTC: Cambridge Analytica Deceived Facebook Users

Cambridge Analytica deceived tens of millions of Facebook users by working to harvest their personal data for use in political targeting, the FTC has ruled.

The regulator voted 5-0 in favor of issuing the Opinion and Final Order to the notorious consulting firm, which worked with developer Aleksandr Kogan to obtain data on as many as 87 million Facebook users.

That data, harvested via an innocuous-looking app, was subsequently used to target swing voters ahead of the 2016 US Presidential election, it is claimed.

The FTC Opinion confirms the allegations made in an administrative complaint issued in July: “that app users were falsely told the app would not collect users’ names or other identifiable information.”

It also states that Cambridge Analytica falsely claimed it still participated in the Privacy Shield data transfer agreement between the US and EU, despite its certification having lapsed.

“The Final Order prohibits Cambridge Analytica from making misrepresentations about the extent to which it protects the privacy and confidentiality of personal information, as well as its participation in the EU-US Privacy Shield framework and other similar regulatory or standard-setting organizations,” the FTC noted.

“In addition, the company is required to continue to apply Privacy Shield protections to personal information it collected while participating in the program (or to provide other protections authorized by law), or return or delete the information. It also must delete the personal information that it collected through the GSRApp.”

The FTC earlier this year fined Facebook a record $5 billion for deficiencies which allowed third-party app developer Kogan to get away with misleading customers and harvesting data without obtaining informed consent — on both Facebook users and their friends and family.

The social network has since announced a major new privacy-by-design push which will introduce more stringent processes to control what developers can and can’t do.

Although Kogan and former Cambridge Analytica CEO Alexander Nix have agreed to settle the FTC’s allegations, the consultancy itself filed for bankruptcy in 2018.

Source: Information Security Magazine

Bernie Sanders Pledges High-Speed Internet for All

Bernie Sanders Pledges High-Speed Internet for All

US presidential candidate Bernie Sanders today released a plan to introduce high-speed internet to every American household if he wins the 2020 election. 

The High-Speed Internet for All proposal suggests giving local and state governments $150bn in grants and aid to create publicly owned broadband networks. Of this funding, $7.5bn would be ring-fenced to "expand high-speed broadband in Indian Country and fully resource the FCC’s Office of Native Affairs and Policy."

In a statement released on his website that will likely strike a chord with voters far younger than he is, Sanders said that the internet must be treated as "a public utility that everyone deserves as a basic human right." If elected as president next year, the Vermont senator said he would roll out the plan by the end of his first term. 

The plan Sanders has drawn up involves antitrust authorities taking action to dismantle the "internet service provider and cable monopolies" that are currently in play in the US and would see the reinstatement of the net neutrality regulation that was repealed in June last year. 

Sanders said the proposal would stop the internet from operating as a "price-gouging profit machine" for service providers. Internet and cable companies would be required to put a stop to hidden fees and be more transparent in disclosing the cost of services.

Earlier today on Twitter Sanders wrote: "The internet as we know it was developed by taxpayer-funded research, using taxpayer-funded grants in taxpayer-funded labs. Our tax dollars built the internet. It should be a public good for all, not another price-gouging profit machine for Comcast, AT&T and Verizon."

With supreme confidence in his own historical significance, Sanders likened his proposal to President Franklin D. Roosevelt's campaign to bring electricity to every rural community in America. In 1933, when Roosevelt first took office, only one in ten farms in rural America was on the grid.

"Just as President Roosevelt fundamentally made America more equal by bringing electricity to every community, urban and rural, over 80 years ago, as president, I will do the same with high-speed internet," Sanders wrote on Twitter today.

In broadband deployment, the United States ranked tenth out of 22 in a 2018 comparison with European countries, and in America's rural communities, more than 31 percent of people are without broadband. 

Source: Information Security Magazine

Real Life Director of Evil Corp Indicted for 10-Year Cybercrime Spree

Real Life Director of Evil Corp Indicted for 10-Year Cybercrime Spree

US and UK authorities have indicted the leader of a notorious cybercrime gang that stole $70m from bank accounts around the world using malware.

Ukrainian-born Russian national Maksim V. Yakubets allegedly headed up an organized crime syndicate that used Bugat malware—also known as Cridex and Dridex—to drain money from the customers of just under 300 organizations in 40 different countries. 

He is further accused of participating in a second scheme involving Zeus malware, which similarly used a botnet and money mules to pilfer bank accounts.   

Yakubets, who is known online primarily as Aqua, is wanted in relation to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present day. 

The 32-year-old was indicted in a US federal court on Thursday along with a fellow alleged cyber-criminal, 38-year-old Igor Turashev from Russia's Yoshkar-Ola-Ola. Turashev is wanted in connection with the deployment of Bugat malware. 

According to the UK's National Crime Agency, the organized crime syndicate of which Yakubets was the ringleader called itself Evil Corp—the nickname given to fictional multi-national conglomerate E Corp in the smash hit TV series Mr. Robot

Yakubets allegedly ran his large-scale criminal organization from the basements of Moscow cafes, employing dozens of people. He is currently thought to be in Russia, where he is known to sport a coiffed hairdo and cruise around in a customized Lamborghini supercar with a personalized number plate that translates to "Thief." 

A reward of $5m—the largest ever to be offered for a cyber-criminal—is being offered under the Transnational Organized Crime Rewards Program for information leading to the arrest or conviction of Yakubets.  

Lynne Owens, director general of the NCA, said: "The significance of this group of cyber-criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade. We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions."

FBI Deputy Director David Bowdich said: "The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft. By calling out those who threaten American businesses and citizens, we expose criminals who hide behind devices and launch attacks that threaten our public safety and economic stability."

Source: Information Security Magazine