Category: data breach

The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.

In today’s digital landscape, maintaining an active presence on social media platforms has become imperative for staying informed about societal trends, current events, and entertainment. However, the looming threat of data breaches often deters many from fully engaging on these platforms. In this article, we’ll delve into the practicalities of social media data leaks and explore strategies to mitigate associated risks.

As users, we are well-versed in the advantages and drawbacks of social media engagement. We understand the potential dangers these networks pose, particularly when it comes to mishandling account settings, falling victim to phishing attacks, or committing user errors.

Beyond these familiar risks, there exists another avenue through which hackers can exploit personal information stored on social media accounts: third-party applications. These apps, often developed for promotional purposes, can inadvertently expose sensitive user data.

A notable example is the now-defunct Cambridge Analytica, which leveraged Facebook to gather political insights by manipulating survey responses. Subsequently, the company utilized this data to construct user profiles, which were then disseminated to interested parties seeking voter sentiment.

Similarly, certain applications access extensive user data, including profile information, contact lists, and message exchanges. This data is subsequently utilized to tailor targeted advertisements based on users’ browsing habits and preferences.

So, how can individuals safeguard against these social media cyber threats and prevent data leaks?

a. Exercise caution when granting permissions to third-party applications, opting to authorize only reputable developers with a track record of trustworthiness.

b. Implement additional security measures such as two-factor authentication or biometric data verification to bolster account security and thwart unauthorized access attempts.

c. Remain vigilant against phishing attempts, and ensure that device software is regularly updated with the latest security patches to mitigate vulnerabilities.

By adopting these proactive measures, individuals can navigate the social media landscape with greater confidence, safeguarding their personal information from potential breaches and preserving their online privacy.

The post How to prevent social media data leak appeared first on Cybersecurity Insiders.

In recent days, the digital media has been abuzz with speculation regarding a potential breach of Britain’s defense database. Today, the Ministry of Defense, UK, officially confirmed that its servers experienced unauthorized access, resulting in the exposure of personal and financial information belonging to military personnel and certain political figures, particularly those within ministerial roles.

Reports indicate that the cyber intrusion targeted payroll systems managed by a third-party contractor enlisted by the defense ministry. While suspicions point towards potential involvement from Chinese actors, this remains unconfirmed.

A statement provided to Sky News suggests a broader concern that this breach may be part of a larger campaign to compromise government databases, possibly linked to a previous attack on the Electoral Commission in 2022.

In response to the incident, affected systems have been isolated, and a thorough government investigation has been initiated to uncover the full extent of the breach in the interest of national security.

Meanwhile, attention also turns to recent developments in the crackdown on cyber-criminal activity. The US Department of Justice has indicted the alleged administrator of the LockBit ransomware group, identifying the individual as Russian national Dmitry Yuryevich Khoroshev, also known as LockBitSupp.

Khoroshev, who reportedly amassed nearly $100 million in 2023 alone through illicit means using LockBit ransomware, now faces criminal charges from the FBI, Britain’s National Crime Agency, Europol, and the Australian National Cyber Crime Agency. As a result, he is subject to travel restrictions, and his international bank accounts have been frozen.

However, it’s important to note that these legal measures are enforceable only at the international level. If Khoroshev operates from within Russia, he may evade prosecution within his home jurisdiction.

Furthermore, the FBI has issued warnings that any company engaging in ransom payments to LockBit or negotiating with the criminal group could face legal repercussions. This extends to ransomware negotiators facilitating deals with potential victims.

LockBitSupp has been under the scrutiny of law enforcement since February 2023, and individuals providing information leading to Khoroshev’s apprehension may be eligible for a reward under the Rewards for Justice Program.

The post UK Military data breach and LockBit admin identified appeared first on Cybersecurity Insiders.

Dropbox has recently made headlines after falling victim to a sophisticated cyber attack, resulting in the exposure of user data. The incident occurred within Dropbox Sign, a service utilized for managing documents online, bearing similarities to DocuSign.

According to a media update issued by the cloud storage service, as also mentioned in regulatory filings, the data breach occurred on April 24, 2024. It led to the leakage of user information, including phone numbers, usernames, emails, hashed passwords, and authentication-related data such as OAuth Tokens and API Keys.

Security analysts highlight that the theft of authentication keys, such as tokens and certifications, could enable hackers to bypass security measures effortlessly and gain access to data stored on servers.

In the case of Dropbox Sign, previously known as HelloSign, the company asserts it has found no evidence indicating misuse of the stolen data by hackers, including payment information. However, the potential financial repercussions loom, prompting the online storage provider to reassure investors.

To mitigate risks, Dropbox recommends users reset passwords, log out of all connected devices, log back in, and rotate API keys and OAuth Tokens. Additionally, enabling multi-factor authentication can bolster account security. Given the siphoning of email data, users are advised against clicking on unsolicited links received via email and refraining from disclosing personal details.

This incident echoes a similar security breach experienced by Dropbox in early 2022, when hackers accessed data from over 130 code repositories by exploiting stolen credentials of one of a C level employee.

The post Dropbox Sign witnesses data breach appeared first on Cybersecurity Insiders.

Alert fatigue represents more than a mere inconvenience for Security Operations Centre (SOC) teams; it poses a tangible threat to enterprise security. When analysts confront a deluge of thousands of alerts daily, each necessitating triage, investigation, and correlation, valuable time is easily squandered on false positives, potentially overlooking genuine indicators of an enterprise-wide data breach.

On average, SOC teams contend with nearly 500 investigation-worthy endpoint security alerts each week, with ensuing investigations consuming 65% of their time. Compounding the issue, security teams grapple with under-resourcing, understaffing, and the burden of manual processes.

This is according to a recent Cybereason whitepaper titled ‘Eliminate Alert Fatigue: A Guide to more Efficient & Effective SOC Teams’.

These hurdles not only frustrate SOC team members, leading to stress, burnout, and turnover, but also detrimentally impact the organisation’s overall security posture. An operation-centric approach is imperative to effectively address these challenges, enabling the correlation of alerts, identification of root causes, provision of complete visibility into attack timelines, and simultaneous automation of tasks to enhance analyst efficiency significantly.

The relentless barrage of security alerts inundating SOC teams poses more than just a nuisance; it constitutes a genuine threat to enterprise security. The phenomenon known as alert fatigue not only overwhelms analysts but also compromises the ability to discern genuine threats amidst the noise, potentially leading to catastrophic consequences for organisational security.

At the core of alert fatigue lies information overload, exacerbated by the design of Security Information and Event Management (SIEM) platforms that prioritise visibility over discernment. An oversensitive SIEM inundates analysts with alerts for even the slightest anomalies, drowning them in a sea of data without clear indications of genuine threats.

Moreover, manual processes further impede efficiency, forcing analysts to navigate across disparate tools and siloed systems, amplifying the challenge of alert fatigue.

The consequences of alert fatigue extend far beyond mere inconvenience; they engender unacceptable outcomes for organisational security. Analysts, overwhelmed by the deluge of alerts and burdened by manual review processes, find themselves with insufficient time to focus on genuine threats, leading to critical detections being overlooked or delayed.

This not only prolongs response and remediation times but also increases the likelihood of undetected attacks, amplifying the damage inflicted upon the organisation.

To address the scourge of alert fatigue and enhance SOC efficiency, a paradigm shift is imperative. Enter the Cybereason Malicious Operation (MalOp) Detection, a groundbreaking approach that transcends traditional alert-centric models.

By contextualising alerts within the broader narrative of malicious operations, the MalOp provides analysts with a comprehensive view of attacks, correlating data across all impacted endpoints to streamline investigations and response efforts.

Central to the MalOp approach is the automation of mundane tasks, empowering analysts to focus their efforts on strategic analysis rather than laborious manual processes. By understanding the full narrative of an attack, Cybereason facilitates tailored response playbooks, enabling swift and decisive action with a single click, without sacrificing the necessity of human intervention.

Real-world success stories attest to the efficacy of the MalOp approach, with organisations experiencing exponential improvements in operational effectiveness and efficiency. By transitioning from an alert-centric to an operation-centric model, SOC teams can overcome the scourge of alert fatigue and bolster organisational security against evolving threats.

In essence, overcoming alert fatigue requires a holistic approach that combines advanced technology with human expertise, empowering SOC teams to stay ahead of adversaries and safeguard organisational assets.

 _______________________

 About Cybereason (https://www.cybereason.com/)

 Cybereason is a leader in future-ready attack protection, partnering with Defenders to end attacks at the endpoint, in the cloud, and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides predictive prevention, detection and response that is undefeated against modern ransomware and advanced attack techniques. The

Cybereason MalOp™ instantly delivers context-rich attack intelligence across every affected device, user, and system with unparalleled speed and accuracy. Cybereason turns threat data into actionable decisions at the speed of business. Cybereason is a privately held international company headquartered in California with customers in more than 40 countries.

Contact:

Brandon Rochat

Cybereason

Regional Sales Director, Africa

Mobile: +27824987308

Email:    brandon.rochat@cybereason.com

 

 

The post Overcoming security alert fatigue appeared first on Cybersecurity Insiders.

Cisco Duo, which was acquired by Cisco in 2018, has notified its user base about a potential breach in its database stemming from a compromise on its servers. The breach, initiated through a social engineering attack, underscores the importance of remaining vigilant against phishing attempts, the company emphasizes.

The incident unfolded on April 1st, 2024, when the telephony service responsible for delivering two-factor authentication (2FA) for service authentication fell victim to a cyber assault. Initial investigations suggest that the breach occurred due to the theft of an employee’s credentials, which were then exploited to access SMS logs, location data, carrier information, and timestamps from the database, all of which were recorded between March 1st and 31st of this same year. This breach has raised concerns about potential future breaches and phishing schemes.

The origin of the attack remains unclear, with speculations ranging from state-sponsored groups to individual actors. Nevertheless, the compromise of user phone number details poses significant risks, including potential sim swapping attacks in the near future.

Over the past two years, there has been a surge in cyber attacks targeting databases of technology providers such as Microsoft and Okta, aimed at stealing tokens and sensitive information like email content and source codes. This type of information is highly sought after on the dark web.

Given the escalating threat landscape, it is imperative to adopt proactive measures to defend against such attacks. While no system can claim to be entirely immune to cyber threats, enhancing defense mechanisms is crucial. Nevertheless, businesses must remain vigilant and prepare for potential breaches, acknowledging that complete immunity is unattainable.

The post Cyber Attack on Cisco Duo breaches its multifactor authentication appeared first on Cybersecurity Insiders.

Roku, a leading provider of streaming services boasting approximately 80 million accounts, has confirmed a second cyber attack occurring in March of this year, potentially affecting around 500,000 of its customers. This incident stands distinct from the earlier attack in January, which impacted over 15,000 customers.

The aftermath of this cyber incident has been reflected in the company’s stock performance, with shares experiencing a 2% decline from their original price last Friday.

Initial investigations suggest that threat actors utilized compromised credentials to make unauthorized purchases of additional streaming services and hardware products. Many affected users had stored their payment details in their accounts, exacerbating the impact. It appears that this latest attack stemmed from a previous breach earlier in the year.

Security experts at Roku have identified the second attack as resulting from unauthorized access via credential stuffing, a technique exploiting the prevalence of users employing the same login credentials across multiple platforms.

Compounding the issue are login practices by prominent service providers like Google, which encourage users to employ identical email IDs and logins across various online services, including gaming and shopping accounts.

Despite the challenges, cybersecurity professionals at Roku express confidence in their ability to mitigate the repercussions of the attack through strategic planning and the implementation of damage control measures.

One recommended measure to enhance security is the adoption of complex passwords, ideally comprising 16-18 characters incorporating a mix of alphanumeric and special characters. Furthermore, avoiding the use of identical passwords across different platforms can provide an additional layer of defense against cyber threats.

As exemplified by the Roku case, it is advisable for users to regularly review their account activity, particularly purchases and subscriptions, as a proactive measure against potential unauthorized access.

The post Streaming service ROKU witnessed 500K customers data leak appeared first on Cybersecurity Insiders.