Advertisements

CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

No matter what you do to protect your business from hackers, cybersecurity will always be a moving target.

Increasingly sophisticated hacking techniques mean CEOs always have to stay one step ahead of the latest ploys. A November Inc. survey of CEOs and other senior executives from more than 150 Inc. 5000 companies asked respondents about their level of confidence in the security of both their company and personal data. The results: 53 percent of respondents said they feel more confident about the security of their company’s data now compared to five years ago, while just 28 percent said the same about their personal data.

Matt Singley, founder of Chicago real estate firm Pinnacle Furnished Suites, is concerned about new methods being used by hackers, but feels confident in his company’s defenses against them. One way the company minimizes the potential impact of a breach is by storing customer information only when necessary. Pinnacle also performs regular audits to purge its system of data it doesn’t need. “The only way to be completely secure with your data,” he says, “is to not store it.”

John Kailunas II, CEO of wealth management firm Regal Financial Group, says that the external threats his company faces have increased in both quantity and complexity. The company has countered this by adding required security awareness training for every employee and hiring cybersecurity consultants to recommend changes. Kailunas says cybersecurity is an issue that requires constant examination. “Still,” he adds, “we have seen a significant improvement in our ability to identify potential threats.”

Advances in hacking practices aren’t the only factor that have made security more challenging. “More and more, people are working from different devices that companies own,” says Shana Cosgrove, CEO of cloud software firm Nyla Technology Solutions, which provides software and cybersecurity services to the Department of Defense. “It’s a lot harder to handle security when you don’t own the entire platform.”

Jack Wight, CEO of device rebate company Buyback Boss, says his company is under near-constant attack from hackers trying to access bank account information. Scammers will spoof the company’s vendors over email and ask for wire payments, so Buyback Boss has implemented a policy of always calling vendors before sending payments. “Five years ago there just wasn’t as much of this going on,” he says. “Now we’re dealing with scammers almost on a daily basis.”

Claude Burns used to work in data security for the U.S. Navy before founding corporate beverage service Office Libations. He says his knowledge of the cybersecurity field has led him to be constantly on guard. “I don’t think any information is safe or secure,” he says. “Your personal information is out there. Companies whose whole job is to protect it, like Equifax, are getting breached and hacked repeatedly.”

Burns compares being hacked to getting in a car accident: Drive enough miles, and it’s going to happen eventually. For him, the key is making sure that if something does look weird, his team can detect it quickly. “That way,” he says, “when something does happen, you’re able to mitigate the damage from it. In other words, wear your seat belt.”

Source: CEOs Are Feeling Better About Data Security–but Hackers Aren’t Far Behind

Thanks Bitdefender for sponsoring this video! Try Bitdefender Total Security 2019 FREE for 90 days at https://lmg.gg/tqbitdefender There have been plenty of headlines about data breaches lately…but where does all that data go once it’s been stolen? Techquickie Merch Store: https://www.lttstore.com Follow: http://twitter.com/linustech Join the community: http://linustechtips.com Leave a reply with your requests for future episodes, or tweet them here: http://twitter.com/jmart604

Advertisements

Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves

Russian cybercriminal group Evil Corp is using Microsoft Excel to infect victims

Evil Corp may well be best known to millions of viewers of the Mr. Robot TV drama as the multi-national corporation that Elliot and FSociety hack. However, back in the real world, Evil Corp not only exists but is weaponizing Microsoft Excel to spread a malware payload. Researchers from Microsoft Security Intelligence have this week taken to Twitter to warn users to be alert to the ongoing campaign being run by Evil Corp, also known as TA505. Like most successful cybercriminals, Evil Corp is constantly evolving in terms of techniques and tools. The latest twist in this felonious tale involves Microsoft Excel as a payload delivery vehicle.

Who or what is Evil Corp?

Evil Corp, or TA505, is a Russia-based hacking group that has been credited with being the mastermind behind a $100 million (£76 million) global bank fraud. Two alleged members of Evil Corp were charged by U.S. prosecutors with bank fraud in December 2019, although both remain at large. One of them, Moscow-based Maksim Yakubets, is thought to be the Evil Corp leader and currently carries a $5 million (£3.8 million) bounty issued by the U.S. Justice Department. Meanwhile, the U.S. Department of the Treasury has stated that Yakubets is believed to provide “direct assistance to the Russian government’s malicious cyber efforts.”

Thought to have been active since at least 2014, Evil Corp shows little sign of reigning back on the cybercrime activities it is renowned for: the distribution of banking Trojans and ransomware malware. New research from cyber-intelligence outfit Prevailon suggests that TA505 has compromised more than 1,000 organizations. Organizations that include two U.S. state government networks, two U.S. airlines and one of the world’s top 25 banks.

What is the Excel alert that Microsoft Security Intelligence researchers have tweeted?

In something of a tweetstorm on January 30, the Microsoft Security Intelligence team alerted users to a new and active malware campaign from the Evil Corp actors. After what the Microsoft researchers referred to as “a short hiatus” by Evil Corp, they warned that a new “Dudear” phishing campaign was up and running, still deploying an information-stealing Trojan known as GraceWire but doing so using tweaked tactics.

The use of HTML redirectors, to avoid having to use malicious links in emails or infected attachments, means that the threat actors can directly download a malicious Excel file on the victim to drop the Trojan payload. Not that there is no interaction from the user required, of course. The victim still needs to open the Excel file that is automatically downloaded, and they will still have to enable editing and enable content in order to be infected.

How can you mitigate against the Evil Corp Excel threat?

Microsoft is proving to be more than just reactive to malware threats, adopting a proactive position as far as these kinds of phishing campaigns are concerned. When the Microsoft Digital Crimes Unit and the Microsoft Threat Intelligence Center discovered an advanced persistent threat (APT) hacking group, thought to be operating out of North Korea, using carefully constructed fake domains to spoof victims into thinking they were dealing with Microsoft, a powerful legal counterpunch soon closed them down.

As far as this latest Evil Corp campaign is concerned, however, the biggest mitigation clue has already been given in my last paragraph: don’t enable editing of that Excel file you didn’t ask for, and certainly don’t enable content. Microsoft Security Intelligence has confirmed that Microsoft Threat Protection will stop this latest attack threat, Office 365 also detects malicious attachments and URLs used in such phishing emails. Finally, Microsoft Defender ATP will detect and block the Evil Corp threat trinity of malicious HTML, Excel file and payload.

Follow me on Twitter or LinkedIn. Check out my website.

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994….

Source: Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves

Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000

In mid-August, Amanda Gorton and Chris Wade sat dumbfounded in their Boynton Beach, Florida, offices. They had just been sent a lawsuit that might yet kill their startup.

Within Gorton’s inbox was an email sent by a reporter containing a complaint filed by tech titan Apple against the married couple’s company, Corellium. The suit’s unceremonious appearance belied the gravity of the allegations they were facing: that they’d illegally copied the world’s most famous tech device, the iPhone.

Dubbed “magic” by some users, Corellium “virtualizes” iPhones, turning Apple phones into something you can play with on a PC. For Corellium customers, it lets them tinker with the iOS operating system to find functional problems or security vulnerabilities, all without risking breaking the iPhone, a famously locked-down device that doesn’t welcome anything not approved Apple. Unlike testing with the real thing, if the phone suddenly dies, you can just load up another one, making it useful for security researchers, developers and hobbyists, known as jailbreakers, who want to wrest back control of their iPhone. For Apple, though, this amounted to a copyright infringement of its product by “replicating” it without permission.

Today In: Innovation

To Wade, a curly-haired, bespectacled Australian with the wide, intense eyes of a wired tech guy, and the more composed Yale-educated partner Gorton, the news that Apple was suing landed like a “gut punch.” Via exclusive interviews with the founders and documents they provided ahead of their legal response to Apple filed late Monday night, Forbes has learned the iPhone maker was considering buying Gorton and Wade’s first startup, a Corellium predecessor called Virtual. And it appears subsequent years-long relations between the parties were ostensibly amicable before the big bust up in August.

When Wade first heard about the suit he thought it was a joke. It’s no joke. Onlookers who spy a Goliath flexing its muscles against a plucky David are hoping, for the sake of iPhone security, an agreement is found. “As I understand it, many security researchers have used Corellium and submitted bugs to Apple,” said Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation.

Apple declined to comment on the claims made in this article. It pointed Forbes to the original complaint against Corellium, in which it said the suit was not trying to “encumber good-faith security research, but to bring an end to Corellium’s unlawful commercialization of Apple’s valuable copyrighted works.” Summing up Apple’s withering opinion of Corellium, the Cupertino company wrote: “Corellium’s true goal is profiting off its blatant infringement. Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.”

Cutting to the Apple core

Gorton and Wade’s long relationship with Apple can be dated back to at least the early 2010s. At the time the couple were working at OpenPeak, an enterprise mobile management company that had caught the attention of Mark Templeton, then Citrix CEO, who was considering an acquisition. Not long after Templeton met Wade, saying he was impressed by the Australian’s ability to do things considered “impossible,” Citrix bought Virtual, a startup founded by the married couple in 2014.

But in selling to Templeton, Virtual had to snub another suitor: Apple. A document outlining an agreement between Apple and Virtual, seen by Forbes, prevented the latter from talking to any other company about an acquisition for 45 days as the Cupertino company considered whether it wanted to splurge.

Did that upset the Apple cart? Is this a revenge story? Wade and Gorton aren’t sure. Gorton says she and her husband were excited such a formidable company was interested in their embryonic business.

The pair paints a picture of friendly Apple relations. Wade says he’s consistently handed details of security weaknesses to Apple. In 2016, after Apple announced it was launching a so-called Bug Bounty, where researchers are given monetary reward for disclosing vulnerabilities in iOS (now up to $1.5 million), Wade planned on partly funding Corellium with those bounties. He wanted to do it transparently, he says, and in one email dated September 27 2017, Wade explicitly told Apple’s manager for security and privacy programs, Jason Shirk, that he would start submitting bugs to fund his iPhone virtualizing startup.

The filing also suggests Apple encouraged Corellium’s early business. Emails provided to Forbes indicate Apple was at least impressed. Just as Corellium was getting started, in August 2017, Apple hosted a dinner in China for the Tencent Security Conference. Wade and Shirk dined together on Apple’s dime and later exchanged messages, according to the email threads. In one Wade boasted that he could virtualize the latest iPhone. Shirk’s response? “Wow! You got iOS 10.3 running virtually?” Wade cheekily messaged back: “Actually, we’re running iOS 11 :).”

At some point in the last year, something soured. In its filing on Monday, Corellium said that it hasn’t been paid for any of the vulnerabilities it submitted. In a counterclaim, the startup said that rather than it owing Apple anything, the Cupertino company owed it more than $300,000. And Corellium claimed Apple had launched a rival product in handing out custom iPhones for security researchers, letting them dive deeper into iOS.

Right now, Gorton says the bootstrapped Corellium is profitable, with a handful of customers across government and private industry paying thousands for its products: up to $62,500 for an on-site appliance and $575 a month for a cloud-based, single-user license for a month. But with legal fees mounting and the threat of being forced to kill the killer feature of its product, that profit could dwindle and leave Corellium facing collapse.

Apple, meanwhile, might be facing a backlash from the cybersecurity community. It’s already faced criticism this year. When Google released research in September regarding attacks on iPhone users from the persecuted Uighur community in China, Apple’s response was controversial. In a rare public post, it sought to downplay what happened. To some onlookers, including former Facebook chief security officer Alex Stamos, Apple was suggesting that attacks on Uighurs weren’t “as big a deal as Google makes it out to be.” “Apple’s response to the worst known iOS attack in history should be graded somewhere between ‘disappointing’ and disgusting,’” Stamos tweeted.

There’s the sense that after having opened up in the post-Steve Jobs years—with its industry-leading bug bounty and Tim Cook’s ostensibly aggressive stance on protecting user privacy—Apple is taking a few steps back. And one of those steps might squish one of the more intriguing startups to enter the often mundane cybersecurity market.

Follow me on Twitter. Check out my website. Send me a secure tip.

I’m associate editor for Forbes, covering security, surveillance and privacy. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals. I like to hear from hackers who are breaking things for either fun or profit and researchers who’ve uncovered nasty things on the web. Tip me on Signal at 447837496820. I use WhatsApp and Treema too. Or you can email me at TBrewster@forbes.com, or tbthomasbrewster@gmail.com

Source: Exclusive: A ‘Magic’ iPhone Hacking Startup Bites Back At Apple Lawyers — And Demands $300,000

500K subscribers
A 16-year-old hacked Apple and stole 90GB of data over the period of one year. You know the best part is that he stored it all in a folder called “hacky hack hack.” It would make my day if you could also follow me on: Instagram: https://www.instagram.com/mrtechtalktv/ Twitter: https://twitter.com/Mr_TechTalkTV Music used: ‘beatsbyNeVs-Ridin’ https://youtu.be/bbtzvwKwql8 Thanks for watching and have a blessed day. Be sure to like, comment, share, and subscribe! Subscribe to TechTalkTV: https://goo.gl/9j4P1c IMPORTANT: Don’t forget to click the “bell” next to the subscribe button and select “Send me all notifications for this channel”. Otherwise, you may not receive notification when I upload.

Crypto Scammers – Lions Wealth Company The Most Victim Grabber

1.png

Lions Wealth…A risky company who deceives so many people around the world but nobody could touch its president or ever meet him or her directly…Who is behind the doors of this fancy blockchain company..The master mind behind this curtain is a man called Alexander Erber who has so many profiles in Instagram and social media and mostly make pleasure in DUBAI…

Last year reports have taken records around 57 individuals who has given their investments to him to pay back profit but nothing gained until now. Who is supporting him really.

As bitcoin has become more popular, more people have sought to acquire it. Unfortunately, nefarious people have taken advantage of this and have been known to set up fake bitcoin exchanges. These fake exchanges may trick users by offering extremely competitive market prices that lull them into thinking they’re getting a steal, with quick and easy access to some cheap bitcoin. Be sure to use a reputable exchange when buying or selling bitcoin.

His project for dupping people is called CLASSIC CAR COIN. In contrast to most other crypto currencies, the Classic Car Coin is underpinned by a genuine, real equivalent in the form of old- and youngtimers. All profits from the project will be reinvested immediately. This increases the countervalue per token over time, which triggers a positive price development. A strong increase in the value of the tokens on the Exchange and thus the realisation of massive price gains is the aim of the project. At the same time, token holders gain access to an exclusive old- and youngtimer market as well as to exclusive services.

2.png

Due to the viral nature of how information spreads across on the internet, scammers seek to take advantage of people by offering free giveaways of bitcoin or other digital currencies in exchange for sending a small amount to register, or by providing some personal information. When you see this on a website or social network, it’s best to immediately report the content as fraudulent, so that others don’t fall victim.

But instead all of these ends up to something dreaming and fancy style..What shall we do right now??Is it a time to stop these financial criminals and help those victims whom loose their assets which hardly managed to get it after hours and weeks of troublesome efforts?Do not ever try to register or trust to this company and never try to put your investment in danger in any circumstances.

Do not trust people who entice you or others to invest because they claim that they know what the bitcoin price is going to be. In a pump and dump scheme, a person (or persons) try to artificially drive up or pump the price so that they can dump their holdings for a profit.

 

$3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

The infamous Cryptopia hack of January 14, which led to over $16 million in stolen Ethereum (ETH) and ERC20 tokens, has been under close investigation by New Zealand police and specialists worldwide.Thanks to the open nature of cryptocurrencies on the blockchain, analysts and investigators have been successful in tracking the stolen crypto funds, leading major cryptocurrency exchanges to liquidate $3.2 million in stolen tokens on February 4…………

Source: $3.2 Million From Cryptopia Hack Liquidated on Major Crypto Exchanges

Blockchain Security Experts Claims That $2.5 Million is Stolen From Crypto Exchanges Daily

https://www.pivot.one/share/post/5c496d72016de70bb6160d37?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

The plans of the security researcher under with the twitter username 0xffff0800 to spend a relaxing movie night at home did not turn out as he expected since after downloading a movie from a torrent uploaded to The Pirate Bay, he found a new (and interesting) type of malware that almost infects his computer………

Source: Malware Found on a Movie Downloaded via Torrent Steals your Crypto and Poisons your Search Results – Ethereum World News

How Hackers Bypass Gmail 2FA at Scale – Joseph Cox

1.jpeg

If you’re an at risk user, that extra two-factor security code sent to your phone may not be enough to protect your email account. Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account. The news acts as a reminder that although 2FA is generally a good idea, hackers can still phish certain forms of 2FA, such as those that send a code or token over text message, with some users likely needing to switch to a more robust method.

“Virtually in that way they can bypass any token-based 2FA if no additional mitigations are implemented” Claudio Guarnieri, a technologist at Amnesty, told Motherboard in an online chat. 2FA is adding another layer of authentication onto your account. With token-based 2FA, you may have an app that generates a code for you to enter when logging in from an unknown device, or, perhaps most commonly, the service will send a text message containing a short code that you then type into your browser.

 

 

Donate us if you like

 

 

Here’s how to protect your bitcoin and ethereum from hacking

https://www.pivot.one/share/post/5c1f94ab016de74b6531f993?uid=5bd49f297d5fe7538e6111b6&invite_code=JTOJYV

This Kid Has Been Begging For A Bitcoin For Over 15,000 Tweets

1.jpg

Begging in the Bitcoin world is nothing new. Go to any gambling site or even some exchange troll boxes, and you will find people asking for Bitcoin. Look at any Tweet by a major Bitcoin personality, and you will find people asking for Bitcoin. Go to any forum, Reddit related to cryptocurrency, or anything else of that nature, and you will find the same. This reporter has occasionally seen such people who consistently beg for cryptos referred to as “begshits” or “trolls.” The negative connotation is not without merit. After all, there are plenty of ways to get crypto without buying it or even really working for it. This Twitter account, which is likely powered by a script of some sort, has spammed “BeastGangPaulers” for crypto consistently..Read more…

 

 

Donate us if you like

 

 

 

%d bloggers like this:
Skip to toolbar