Author Archives: Tim Starks

JP Morgan artificial intelligence researcher says AI goal is to ‘eradicate financial crime’

Posted on by

J.P. Morgan envisions a chief role for artificial intelligence in putting an end to financial crimes, the company’s head of AI research said Monday. Financial crimes that institutions like J.P. Morgan might have to reckon with include money laundering, sanctions violations, fraud and outright cyber theft. Across all industries and organizations, financial crime cost companies and organizations $1.45 trillion in 2019, according to one estimate, with cybercrime and fraud reportedly the most common varieties. “There is this concept of values” for AI, said Manuela Veloso, who besides her work for J.P. Morgan has worked as a professor in Carnegie Mellon University’s school of computer science. “First, we want AI to be able to eradicate financial crime.” Veloso’s comments came Monday during AI Week, an event produced by Scoop News Group. Along with direct money heists, cybercriminals run afoul of the law in other ways that can be categorized as financial […]

The post JP Morgan artificial intelligence researcher says AI goal is to ‘eradicate financial crime’ appeared first on CyberScoop.

Continue reading JP Morgan artificial intelligence researcher says AI goal is to ‘eradicate financial crime’

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

Posted on by

When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering  extortion payouts to criminals, ransomware and cyber insurance experts had two reactions. They wondered why it took so long, and how long it would take others to follow suit. Ransomware is an ever-increasing cause of cyber-insurance claims, according to industry estimates, and having such insurance may make policyholders more likely to be attacked. A representative of the REvil ransomware gang said in a March interview that the group specifically targets victims known to have cyber-insurance, because they’re “one of the tastiest morsels” who can more easily afford to pay. In perhaps the biggest ransomware payment of 2020, smartwatch maker Garmin paid a reported $10 million and said it wasn’t sure how much its insurance would cover of all the costs, which it didn’t enumerate by type of expense.  Those conditions can perpetuate themselves. […]

The post Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent appeared first on CyberScoop.

Continue reading Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

Google to make multi-factor authentication its default mode

Posted on by

Google will soon enroll users into multi-factor authentication by default, the technology giant said on Thursday. In a blog post commemorating World Password Day, the company announced the move to make users sign in via a second step after entering a password, such as a phone app. “Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” wrote Mark Risher, director of product management, identity and user security. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.” While multi-factor authentication isn’t entirely foolproof, and users will be allowed to opt out, Google’s embrace of automatically enrollment could be a big security boon. Microsoft said its […]

The post Google to make multi-factor authentication its default mode appeared first on CyberScoop.

Continue reading Google to make multi-factor authentication its default mode

Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest

Posted on by

A teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. Carroll was an assistant principal at Bellview Elementary School, while her daughter attended Tate High School. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. A Florida State Department of Law Enforcement investigation concluded that phones and computers from their Pensacola suburb household were used to access student records. “The primary reason for the decision is, she was almost 18 years of age and would age out of the juvenile system in a very short period of […]

The post Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest appeared first on CyberScoop.

Continue reading Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest

After more than a decade, SentinelOne researchers weed out Dell vulnerabilities

Posted on by

Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday. Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm. “They can basically do whatever they want,” Guerrero-Saade told CyberScoop. Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research. Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years. In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. […]

The post After more than a decade, SentinelOne researchers weed out Dell vulnerabilities appeared first on CyberScoop.

Continue reading After more than a decade, SentinelOne researchers weed out Dell vulnerabilities

Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

Posted on by

A hacking group exploited a SonicWall zero-day software flaw before a fix was available in order to deploy a previously unreported ransomware strain, FireEye researchers said Thursday. The disclosure of the ransomware comes one week after FireEye revealed three previously unknown vulnerabilities in SonicWall’s email security software. But the latest hacking tool emerges from an earlier zero-day  found in SonicWall’s mobile networking gear. Mandiant, FireEye’s incident response unit, dubbed the malware FiveHands, which bears similarities to another hacking tool, dubbed HelloKitty, that attackers deployed against a video game company. The security firm linked it to a group they call UNC2447. “UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums,” reads a blog post from the company. “UNC2447 has been observed targeting organizations in Europe and North America and has […]

The post Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says appeared first on CyberScoop.

Continue reading Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says

Posted on by

Malicious use of manipulated visual and audio files — technology known as deepfakes — is swiftly migrating toward crime and influence operations, according to findings published Thursday. Threat intelligence company Recorded Future pointed to a recent surge in such activities and a burgeoning underground marketplace that could spell trouble for individuals and companies that use tools like facial identification technology as part of multi-factor authentication. The report mirrors similar conclusions from an FBI alert last month warning that nation-backed hackers would themselves begin using deepfakes more frequently for cyber operations as well as misinformation and disinformation. “We believe that threat actors have begun to advertise customized deepfake services that are directed at threat actors interested in bypassing security measures and to facilitate fraudulent activities, specifically fake voices and facial recognition,” the company’s Insikt Group wrote in a blog post. Recorded Future’s work focuses more on that development in the criminal […]

The post Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says appeared first on CyberScoop.

Continue reading Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says

Do credit monitoring and ID protection services do much for breach victims?

Posted on by

It has become a staple for companies that are hit by big data breaches: extending free crediting monitoring and identity protection services to customers whose sensitive personal information is at risk. There’s nothing wrong with companies doing that, say consumer advocates — but those advocacy groups also say breached companies can do much, much better. The latest company to get hit by hackers and then offer credit monitoring or identity protection services, Geico, last week outlined a package that’s a little improved above the usual versions, one advocate said. These existing services seem to offer help, yet in some cases that benefit is limited and in others it’s difficult to measure their effectiveness. But overall, there’s little incentive for companies to offer improved redress, consumer advocacy groups contend. “Most breached entities go with credit monitoring because it’s a relatively inexpensive thing for someone to contract with to provide,” said Susan […]

The post Do credit monitoring and ID protection services do much for breach victims? appeared first on CyberScoop.

Continue reading Do credit monitoring and ID protection services do much for breach victims?

Twitter alarms users with messages that resembled phishing emails

Posted on by

Twitter sparked a panic among some users that they were the subjects of a phishing attack in what was instead an accidental mass email. The message sent to some Twitter users went out Thursday, asking them to confirm their email addresses by clicking on a button. To many of those users who commented about it on the social media platform, it smelled like a possible phishing attempt. Twitter clarified what had happened later that same evening. “Some of you may have recently received an email to ‘confirm your Twitter account’ that you weren’t expecting,” the company said. “These were sent by mistake and we’re sorry it happened. If you received one of these emails, you don’t need to confirm your account and you can disregard the message.” In the cybersecurity sphere, Twitter usually gains the most attention for its efforts to combat online misinformation, or criticisms about how it’s handling […]

The post Twitter alarms users with messages that resembled phishing emails appeared first on CyberScoop.

Continue reading Twitter alarms users with messages that resembled phishing emails

Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed

Posted on by

“Snoop onto them… as they’d snoop onto us.” Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. To accompany a blog post on what Marlinspike and his team of researchers learned, Signal produced a demonstration video featuring the above line of dialogue from the movie “Hackers.” In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. The vulnerabilities would amount to an ironic turn for Cellebrite, which makes its money hacking into smartphones. Its customer base includes the U.S. government and some authoritarian regimes, although the Israeli company recently announced it would stop doing business with Russia or […]

The post Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed appeared first on CyberScoop.

Continue reading Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed