fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " hacking "

Security in a Digital World

In recent years, the issue of cybersecurity has garnered significant attention in the national conversation. Attacks like those on Facebook as well as others have caused Americans to worry about the security of their personal information and whether or not they are sufficiently protected from such potential threats.

Recent reports have shown a significant increase in the number of cyber attacks, many perpetrated against large banks and other institutions with highly sensitive information. The contrast to a decade ago, when cyber attacks were much less prevalent, is stark.

Full article: Security in a Digital World | Harvard Political Review

Largest collection of breached data ever seen is found

The largest collection of breached data ever seen has been discovered, comprising of more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.

The 87GB data dump was discovered by security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload “Collection #1”, said it is probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.

Source: Largest collection of breached data ever seen is found | Technology | The Guardian

Should cyber officials be required to tell victims of cyber crimes they’ve been hacked?

Since early December Germany’s Federal Office for IT Safety (BSI for its German initials) had been tracking a cyber attack targeting some of the country’s parliamentarians that ultimately led to the public release of their mobile phone numbers, credit card information and ID card details.

Only some MPs were informed by BSI about the attacks, while others learned about them only after the details were published in the media. MPs were outraged that BSI had failed to notify them that their personal data was being targeted, despite knowing about elements of the attack for up to four weeks.

Full article: Should cyber officials be required to tell victims of cyber crimes they’ve been hacked?

2-factor authentication may be hackable, expert says

Cybersecurity professionals have advised enabling two-factor to add an extra layer of security — but according to at least one expert, this may not be a silver-bullet. Kevin Mitnick, who was once the FBI’s most wanted hacker and now helps companies defend themselves, found that two factor authentication can be vulnerable.

Full article: 2-factor authentication may be hackable, expert says

How Hackers Bypass Gmail 2FA at Scale

Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.

Full article: How Hackers Bypass Gmail 2FA at Scale – Motherboard

How one hacked laptop led to an entire network being compromised

A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organisation’s entire infrastructure.

The incident was detailed by cybersecurity firm Crowdstrike as part of its Cyber Intrusion Services Casebook 2018 report and serves as a reminder that laptops and other devices that are secure while running inside the network of an organisation can be left exposed when outside company walls.

Full article: How one hacked laptop led to an entire network being compromised | ZDNet

Cybersecurity in 2019

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn’t put to rest.

Will 2019 be the year we see a nation-state take down a large-scale industrial installation? How much of the world’s cryptocurrency will be mined by hackers using unsuspecting endpoints? What kind of damage can we expect from well-intentioned but misguided vigilantes? And what does it all mean to you?

Full article: Cybersecurity in 2019: From IoT & Struts to Gray …

New malware pulls its instructions from code hidden in memes posted to Twitter

Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.

What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

Full article: New malware pulls its instructions from code hidden in memes posted to Twitter | TechCrunch

Cyber attackers to use sophisticated tools against Cloud in 2019

Cyber attackers will use more sophisticated tools in 2019 to take advantage of the changing technology landscape and prey upon evolving corporate technology environments especially Cloud.

The attackers will leverage proven methods against growing Cloud adoption; more vulnerabilities will be found in Cloud infrastructure, such as containers, and weak Cloud security measures will allow greater exploitation of accounts for cryptocurrency mining.

Full article: Cyber attackers to use sophisticated tools against Cloud in 2019: Report- Technology News, Firstpost

Cyber crooks increasingly targeting home devices

Cyber criminals are shifting their attention from traditional computers to internet-connected devices in Canadian homes, says the government’s cyber security agency.

Enterprising cybercriminals have even infected devices connected to the internet with malware to mine cryptocurrency — with the owner of the device often being oblivious to what is going on.

Full article: Cyber crooks increasingly targeting home devices: report | CBC News

>