Around 27,482 cybercrime cases in 2017: Will Windows 10 OS upgrade prevent cyberattacks in India? ::
With an estimated 50 million Windows users in the country and only a small percentage of them running the latest Windows 10 OS, the government is too keen on protecting these computers from rampant cyber-attacks. Windows 10 OS upgrade to prevent cyberattacks In the wake of recent cyberattacks, the Narendra Modi government had urged Microsoft for a one-time special discount on Windows 10 OS upgrade. This is a drastic increase in the frequency of cyber-attacks compared to last year (2016), when one such crime was reported every 12 minutes. This move gains precedence as the country is plagued with pirated versions of Windows, which could make computers too vulnerable to cyberattacks. “It will be a one-time upgrade offer to Windows 10 and it will be a discounted price for the entire country,” said Rai who has been appointed as the country’s first cyber security chief by India’s PM Narendra Modi. Cybercrime incidents in India are seeing a rise, as at least one such incident was reported in the country every 10 minutes in the last six months of 2017. “It is not just enough to make efforts at the government level, which is, in some sense happening, but cybercrime affects hundreds of individual systems and firms, all of whom need to be ready with specialized teams,” said cybercrime expert Mirza Faizan Asad, according to Times of India. Cyber experts have warned corporate offices and business organisations to ensure basic security against cyber threats while also committing to implement critical measures to predict and prevent cybercrimes. The cybercrime report for the last three-and-a-half years looks intimidating as it touches 1. This includes ransomware, denial-of-service (DOS) attacks, site intrusions, phishing, as well as virus and Trojan attacks.
Is free public Wi-Fi a rat trap in India? The risks Indians fail to see ::
According to Norton, 96 percent of Indians put personal information at risk while using open Wi-Fi networks for banking or sharing personal photos and videos. According to the survey, 31 percent Indians use public Wi-Fi for viewing porn and explicit content and 44 percent of them admit to do so at work and 49 percent in hotels. If the Norton’s report is a sign, Indians have little knowledge about the risks involved with open, public Wi-Fi networks. Norton released its latest Wi-Fi Risk report on Tuesday, revealing Indian users’ behavior on public Wi-Fi networks and their understanding of the same. Other statistics from Norton’s survey revealed that 48 percent users have accessed Wi-Fi without the network owner’s permission and 18 percent have hacked the password. While security experts have warned of the risks of open networks, more than 57 percent respondents act carelessly online. User’s behavior on public Wi-Fi raises the question whether India is ready to be a nation with public Wi-Fi connectivity. The report also highlights the extent of risk Indians are exposed to on open networks when they access non-HTTPS websites. Users are basically handing a key to their personal information, and 73 percent Indians appear to do so just to access free Wi-Fi. The statistics shared by the US-based software company that specializes in security, storage and backup, reveal shocking user habits while using an open network.
More than half of companies in Germany hit by spying, sabotage or data theft in past two years ::
Over the past few months, several major global cyberattacks affected German companies including the WannaCry ransomware attack in May and the NotPetya attacks in late June that brought production to a halt in some Germany companies for over a week. ” Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said the high number of companies affected “clearly shows that we still have work to do on cyber security in Germany. More than half the companies in Germany have been victims of sabotage, industrial espionage or data theft in the past two years, German IT industry association Bitkom said on Friday. About 62% of companies affected found that the perpetrators behind espionage, sabotage or data theft were current or former employees of the company while 41% blamed competitors, suppliers or service providers for these attacks. In 17% of cases, sensitive digital data was stolen while 11% said the perpetrators made away with patents and R&D data. According to the report, 36% of firms reported that financial data was stolen by threat actors while 41% said communication data such as emails were swiped by attackers. Another 10% said employee data was stolen in such attacks. About 53% of companies in Germany have been hit with such attacks, up from 51% in a 2015 study, costing an estimated €55bn (£49. In an interview with Reuters, Schoenbohm said hardware and software makers need to step up to bolster cybersecurity and address vulnerability much more quickly once they are identified. “Companies need to do much more for their digital security”, Bitkom President Achim Berg said in Berlin on Friday.
Hackers hit Bank of America customers with new phishing scam to steal financial and personal data ::
According to a report by HackRead, the phishing email has been designed to trick users into clicking on a malicious link that redirects victims of the scam to a fake BOA page, prompting them to type in their login credentials to “sign in. The phishing email, which reportedly poses as an official email from the bank, informs users that their bank account has been imposed with new limits, which can only be gotten rid of by providing proof of the account’s ownership. The scammers also look to harvest victims’ personal and financial information by asking them to fill up a form. ” The hosting provider has allegedly been informed about the phishing campaign, however, it is unclear if any action has been taken to shut down the scam. In other words, the phishing email is cleverly designed to trick users into divulging their login credentials and personal information. The scam allegedly involves hackers sending out phishing emails to BOA customers that tricks them into clicking on malicious links. Victims are prompted to provide sensitive data, including first and last name, address, city, zip code, mobile number, email address, credit card number, card expiry date and CVV number. Cybercriminals are reportedly targeting customers of the Bank of America (BOA) with a phishing campaign, designed to steal personal and financial information. HackRead reported that cybercriminals are operating the scam via Russia-based hosting provider called “Beget. It is also unclear how many victims have been targeted successfully by the scam.
Kansas data breach: Over 5.5 million Social Security Numbers in 10 states exposed to hackers ::
The Kansas News Service filed its open records request on 24 May, which the commerce department fulfilled on 19 July. While more than half a million of the SSNs were from Kansas residents, other states affected by the breach include Illinois, Arizona, Vermont, Oklahoma, Maine, Arizona, Idaho, Arkansas, Delaware, Alabama. The Kansas News Service, which obtained the information from the agency through an open records request, reported that the breach also exposed another 805,000 accounts that did not contain Social Security Numbers. While the impact of the breach on Kansas residents was first reported in May, the extent of the attack including its impact on millions of people in other states had not been previously reported. Hackers who infiltrated a Kansas Department of Commerce data system were able to access around 5. Kansas will have to pay for up to a year of credit monitoring services for victims in nine out of the 10 affected states. Due to contractual obligations with Delaware, state residents affected by the breach will be eligible for three years of services. In May, the Department of Commerce said it had sent 260,000 emails to victims affected by the breach. At the time of the breach, the department was managing data for 16 states. The department also contacted a third-party IT company to verify that the coding error that was exploited by hackers in the attack had been patched and helped identify the user accounts affected by the breach.
UK Parliament hack: Commons select committee mailbox compromised, data breach under investigation ::
More than 70 people who sent personal information to a Commons select committee mailbox have been informed that their data may have been compromised in the recent cyberattack targeting the Houses of Parliament. In the case of one compromised generic organisational mailbox, a Commons Select Committee mailbox, 77 people have been notified that personal data – information on personal circumstances provided to support the work of the Committee – was contained in the mailbox and so may be at risk of compromise”, the Commons said in an update. The Commons said 26 people had their accounts compromised in the attack, including six MPs and ten MPs’ staffers, a member of the House of Lords and one member of their staff as well as five personnel from the House of Commons Administration. The House of Commons said 39 email accounts were affected in the cyberattack, including a select committee mailbox that contained emails with personal information. Both the House of Commons and House of Lords have notified the Information Commissioner’s Office of the data breach. “Three of the six MPs had accounts compromised because their mailboxes were linked to their members of staff whose passwords were compromised. ” “These compromises were made possible by the use of passwords that were compliant with the technical controls in place but did not conform to guidance issued by the Parliamentary Digital Service”, the Commons said. ” The National Crime Agency and National Cyber Security Centre are currently investigating the cyberattack and the perpetrators behind it. The parliamentary account holders affected in the attack have not been identified. In June, hackers targeted the British Parliament in a “sustained and determined” 12-hour-long cyberattack that breached less than 0.5% of parliament’s 9,000 email addresses.
TrickBot malware gets boost from Necurs botnet in new attacks targeting US banks ::
“TrickBot’s operators have been investing heavily into widening the scope of their attacks and are preparing redirection attacks against banks in 19 different countries,” IBM executive security adviser Limor Kessom said in a blog. According to IBM X-Force researchers, TrickBot is targeting banks in over 24 countries and is ranked seventh as a financial malware. The hackers behind the TrickBot banking trojan are now targeting US banks in new attacks. “TrickBot is the first and only banking Trojan to cover this many geographies and language zones with redirection schemes, an attack type known to be more resource-intensive to produce and maintain than dynamic webinjection schemes,” Kessom added. Flashpoint researchers said the Necurs-powered TrickBot campaign “will likely continue to evolve and target customers of U. “TrickBot now accounts for about 4% of attacks on a global scale,” Kessom said. According to researchers at Flashpoint, TrickBot shares several similarities with the Dyre banking trojan, which was shut down in 2015 by Russian police. According to Kessom, since the start of Q2 2017, TrickBot’s camapigns have entered “rather intensive period of updates and attacks. Flashpoint researchers suggested that the cybercriminals behind Trickbot “may have either had deep knowledge of Dyre or simply re-used old source code. TrickBot is considered to be Dyre’s successor.
‘Keys to kingdom’ leaked by Sweden exposing millions’ data, military secrets and EU secure intranet ::
Given how much the establishment has got each other’s backs, this sentence was roughly equivalent to life in prison for a common person on the street, meaning they must have done something really awful to get not just a guilty verdict, but actually be fined half a month’s salary,” Falkvinge said. ” Unfortunately, the STA’s leaked database remains under management of the two foreign firms, even as the Swedish government continues to investigate the scope of the leak. Meanwhile, the leaked database may be secured in the fall, according to STA’s new director-general Jonas Bjelfvenstam, Swedish newspaper Dagens Nyheter reported. Although the leak occurred in 2015, Sweden’s Secret Service only discovered the breach in 2016 and began investigating the incident. “The net effect here is that the EU secure Intranet has been leaked to Russia by means of deliberate lawbreaking from high ranking Swedish government officials. Sweden’s government has exposed sensitive and personal data of millions, along with the nation’s military secrets, in what is now considered to be one of the worst government IT disasters ever. The leak occurred after the Swedish Transportation Agency (STA) decided to outsource its database management and other IT services to firms such as IBM and NCR. IBM’s Serbian branch was also allegedly contracted to operate Sweden’s secure government intranet, which in turn is connected to the EU’s secure network STESTA. According to local reports, the value of data leaked was tantamount to handing over the “keys to the kingdom. “Let’s be clear: if a common mortal had leaked this data through this kind of negligence, the penalty would be life in prison.
Hackers could turn your home security camera into a spy hole with ‘Devil’s Ivy’ security flaw ::
Millions of internet-connected smart devices around the world may be vulnerable to hacking due to a newly-discovered security flaw in piece of software code that is widely-used across the internet-of-things (IoT) industry, security experts have warned. “Devil’s Ivy was found while researching a security camera, but our research shows that a wide range of IoT devices have similar problems. Researchers from Senrio eventually turned to gSoap’s developer, called Genivia, which revealed that the flawed software had more than one million downloads in total. Despite this, the fallout from the incident may be “difficult to entirely eliminate” because flaw is “nearly impossible to kill and spreads quickly through code reuse,” the experts warned. Experts found a critical vulnerability in the software toolkit gSoap (Simple Object Access Protocol), used by developers to enable internet connectivity. Dubbed “Devil’s Ivy” by researchers from cybersecurity company Senrio, the flaw can be exploited to completely hijack web-connected cameras. Senrio said software or device manufacturers relying on gSoap support will be affected by Devil’s Ivy, but would not comment on the full amount of vulnerable products in the wild. “The Internet of Things is ushering in an age of ambient computing,” Senrio researchers warned in a blog post, published on Tuesday 18 July. “We forget or don’t realise that many of the devices we use every day are computers— from the stoplight at your street corner to the Fitbit you wear on your wrist — and therefore are just as, if not more, vulnerable as the PC you sit in front of every day. Genivia has released a patch which all gSoap users are advised to urgently install.
Ocean’s Eleven: How hackers tried to steal from a casino by hijacking a smart fish tank ::
Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Feir, director for cyber intelligence and analysis at Darktrace, told CNN. “By targeting an unconventional device that had recently been introduced into the network, the attack managed to evade the casino’s traditional security tools,” Darktrace said in its report. Security researchers at Darktrace said that the hackers managed to steal some data and send it to a device in Finland before the attack was stopped. Hackers have escalated from leveraging phishing attacks to actually using innocent fish and their habitats in real-life attacks. The internet connected fish tank, which featured advanced sensors that “automatically regulate temperature, salinity, and feeding schedules,” was configured to an individual VPN, to ensure that its communications network and data were safe from the hands of malicious entities. Last year, hackers leveraged the proliferate Mirai botnet in numerous attacks, one of which notably, led to a massive internet outage in the US. However, despite the security measures the casino took to secure the smart fish tank, hackers still managed to gather data. “The incident demonstrates the need to have complete visibility of every user and device – including internet-connected fish tanks. ” Security researchers have warned about the risks posed by IoT (Internet of Things) devices. Unknown hackers recently attempted to steal from an unspecified North American casino by hijacking a high-tech smart fish tank.