Tim Starks – Page 55 – WindowsTechs.com

Wine scams spiked during COVID-19 lockdown

Posted on April 7, 2021 by Tim Starks

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown→

CNA shares details about ransomware attack, recovery effort

Posted on April 2, 2021 by Tim Starks

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery. The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind. In an update on Thursday, the company said it had restored normal email operations after a ransomware attack, adding that it instituted multi-factor authentication and a security platform for detecting and blocking threats. “Our team deployed additional endpoint detection and monitoring tools for an added layer of security and visibility across our network,” the update reads. “We expect that there will be a number of other remediation and infrastructure enhancements.” The attack has proven a source of misery for the company since hackers hit on March 21. Like other insurers, CNA would represent a tempting target for hackers […]

The post CNA shares details about ransomware attack, recovery effort appeared first on CyberScoop.

Continue reading CNA shares details about ransomware attack, recovery effort→

Biden’s cyber executive order to include new rules for federal agencies, contractors

Posted on April 1, 2021 by Tim Starks

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors→

DeepDotWeb boss pleads guilty to laundering millions

Posted on March 31, 2021 by Tim Starks

The administrator of a dark web marketplace that served as a gateway for purchasing heroin, firearms and hacking tools pleaded guilty to money laundering charges on Wednesday. The Justice Department said that Tal Prihar administered DeepDotWeb, where he received $8.4 million in kickbacks from dark web marketplaces for providing prospective customers with direct links to those sites, which sold illegal goods but weren’t easily found via search engines. When law enforcement indicted Prihar and an alleged co-conspirator in 2019, authorities hailed it as “the single most significant law enforcement disruption of the Darknet to date.” French law enforcement captured Prihar, an Israeli native who had lived in Brazil. Israeli law enforcement arrested the alleged co-owner of the site, Michael Phan, who handled day-to-day operations. U.S. authorities previously seized DeepDotWeb. “For six years, DeepDotWeb was a gateway to facilitate the illegal purchase of items to include dangerous drugs, weapons, and malicious […]

The post DeepDotWeb boss pleads guilty to laundering millions appeared first on CyberScoop.

Continue reading DeepDotWeb boss pleads guilty to laundering millions→

Hacker team-ups pose 2021 threat to financial industry, group cautions

Posted on March 30, 2021 by Tim Starks

An information sharing group for the financial sector warned on Tuesday that banks will encounter growing danger this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks. The report from the Financial Services Information Sharing and Analysis Center serves as a recap of threats the industry endured last year, as well as a forecast for 2021. Ransomware and other kinds of extortion attacks were among the biggest hazards for the financial services industry last year, FS-ISAC said. The organization said it expects further use of the increasingly common ransomware method of hackers leaking partial data to incentivize higher victim payments, and it said that more than 100 financial companies received distributed denial-of-service extortion threats last year. The organization also suggested that state-sponsored groups would leverage access or other techniques established by financially motivated scammers to boost their own operations. FS-ISAC did not point […]

The post Hacker team-ups pose 2021 threat to financial industry, group cautions appeared first on CyberScoop.

Continue reading Hacker team-ups pose 2021 threat to financial industry, group cautions→

Senator hammers Facebook, Instagram over COVID-19 misinformation

Posted on March 26, 2021 by Tim Starks

One day after a House panel grilled social media executives about misinformation on their platforms, a top senator blasted Facebook for its “continued amplification of harmful” posts about COVID-19, especially via Facebook-owned Instagram. Senate Intelligence Chairman Mark Warner, D-Va., wrote Facebook CEO Mark Zuckerberg on Friday, saying the company needed to do more to eradicate misinformation about the COVID-19 vaccine than promising action. “Facebook’s enforcement of its own policies is consistently and demonstrably insufficient, a trend we have seen in other areas where Facebook has pledged to address misuse of its products or instances of its products amplifying harmful content,” Warner said in the letter. Warner juxtaposed Facebook’s February update of its policies on medical misinformation with the fact that on the day it announced them, some of the top search results for “COVID vaccine” on Instagram lead to anti-vaccine accounts. In particular, Warner said he was disturbed by a […]

The post Senator hammers Facebook, Instagram over COVID-19 misinformation appeared first on CyberScoop.

Continue reading Senator hammers Facebook, Instagram over COVID-19 misinformation→

Top insurer CNA disconnects systems after cyberattack

Posted on March 24, 2021 by Tim Starks

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack→

IT consultant sentenced to 2 years in revenge-hacking case

Posted on March 23, 2021 by Tim Starks

A U.S. judge has sentenced a man to two years in prison for hacking into a company and deleting 1,200 Microsoft user accounts as part of a revenge plot. Deepanshu Kher had worked for an IT consulting firm that deployed him to a Carlsbad, Calif. company in 2017 to help it migrate to Microsoft Office 360. The company provided bad reviews to Kher’s employer, which then pulled him from the assignment and later fired him, according to a Justice Department news release, which named neither Kher’s employer or the firm he pleaded guilty to hacking. After his firing, Kher, an Indian national, returned there and in 2018 accessed the California company’s server to delete nearly all of its 1,500 Microsoft user accounts, prompting the firm to have to completely shutter operations for two days. It then experienced longer-lasting troubles that stretched for three months. “They could not access their email, […]

The post IT consultant sentenced to 2 years in revenge-hacking case appeared first on CyberScoop.

Continue reading IT consultant sentenced to 2 years in revenge-hacking case→

SpaceX engineer makes a first with dark web securities violations case

Posted on March 19, 2021 by Tim Starks

First, U.S. authorities say, SpaceX engineer James Roland Jones tried to fake his way into a dark web insider trading forum, but that didn’t work out very well. Afterward, he still managed to sell fake insider trading information on the dark web anyway, according to the Securities and Exchange Commission. And on top of that, he bought sensitive personal information from a hard-to-reach forum with the goal of making transactions based on purported insider info, according to the Justice Department. (U.S. authorities did not disclose the names of the companies from which Jones claimed to have inside information.) Now, after the FBI used some of Jones’ own methods on him, he has pleaded guilty on charges of conspiracy to commit securities fraud. And the SEC has filed a complaint against the man who also went by the name “MillionaireMike” seeking to recoup his ill-gotten gains and civil penalties. It’s all […]

The post SpaceX engineer makes a first with dark web securities violations case appeared first on CyberScoop.

Continue reading SpaceX engineer makes a first with dark web securities violations case→

Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says

Posted on March 18, 2021 by Tim Starks

In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […]

The post Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop.

Continue reading Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says→