Jump to content

Search the Community

Showing results for tags 'breaches'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 5 results

  1. Over 22 billion records exposed in breaches in 2020 From January through October 2020 there have 730 publicly disclosed events resulting in over 22 billion records exposed worldwide according to a new report from Tenable's Security Response Team (SRT). Of breaches analyzed 35 percent were linked to ransomware attacks, resulting in major financial cost, while 14 percent of breaches were the result of email compromises. Threat actors have relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities. From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6 percent. In 2020, 18,358 CVEs were reported, representing a six percent increase over the 17,305 reported in 2019. Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge have been the primary target for zero-day vulnerabilities, accounting for over 35 percent all those exploited in the wild. "As defenders, it's difficult enough to prioritize remediation given the hundreds of vulnerabilities released on Microsoft's Patch Tuesday every month and Oracle's Critical Patch Update each quarter. Add in the impact from COVID-19 for defenders trying to protect their newly remote workforce and you have a recipe for chaos," says Satnam Narang, staff research engineer at Tenable. "Security teams know to pick their battles, but when there is a flurry of vulnerabilities with a CVSSv3 score of 10.0 released within weeks of each other, the battles are being chosen for you and they're happening simultaneously. In order to manage vulnerability overload, you’ll need to take inventory of your entire network, identify your most critical assets and ensure they receive patches in an appropriate time frame. Additional indicators, such as CVSSv3 scores and the availability of PoC exploit scripts, can provide further insight into whether or not a vulnerability is more likely to be exploited in the wild, helping your team focus first on the most severe threats facing your network." The full report is available from the Tenable site. Source: Over 22 billion records exposed in breaches in 2020
  2. Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad. Elliott Peterson struggles a bit when asked to identify the most frustrating part of his job as an FBI agent fighting cybercrime. "Actually, most of the time our job is awesome," he finally says. "We are often the only ones that can effect really permanent solutions in this space." As a special agent in the FBI's Anchorage field office in Alaska, Peterson and his teammates are among those at the forefront of the US government's dogged battle against criminals in cyberspace. Heavily outnumbered and outpaced by their targets, small FBI cybersquads like the one in Anchorage have been quietly notching up major wins against online criminals operating out of home and abroad in recent years. At least some of the success is the result of efforts to build up partnerships with private industry and from cooperation with international law enforcement agencies. Peterson's own team was responsible for investigating and bringing to justice the three-person operation behind the massive Mirai distributed denial-of-service (DDoS) attacks in 2016 that impacted Internet service provider Dyn and several others. More recently, Peterson led a major investigation that in December resulted in some 15 Web domains associated with DDoS-for-hire services being seized and the operators of several being arrested. The actions resulted in a sharp — but temporary — drop-off in DDoS activity early this year. Such victories are a long way from chilling cybercrime, which by some accounts has become even bigger and more organized than even drug trafficking. But the arrests, the indictments, the seizures, and the takedowns are not going entirely unnoticed either. "We see them talk about this stuff on forums and Discord chats," Peterson said in an interview with Dark Reading at Akamai's Edge World user conference in Las Vegas last week. "We've had a lot of wins in the areas we focus on." Lessons from Mirai Peterson's cybercrime-fighting career began as part of an FBI team that went after East European cybergroups stealing money from online accounts of US companies. The law enforcement efforts were so successful that for a brief period between 2013 and 2014, there was an enormous dip in cybertheft targeting US organizations. "I remember thinking, 'Oh, we figured this out. This isn't hard,'" Peterson says wryly. The Mirai investigation was something of an eye opener for Peterson and other members of the Anchorage cybersquad — not necessarily because of how sophisticated the malware was, but because of the sheer scale of the attacks it enabled. Mirai was the first malware tool designed to exploit weaknesses in ordinary IoT devices, such as home routers and IP cameras. It allowed attackers to quickly assemble botnets capable of launching DDoS floods bigger than anything seen up to that point. The sheer scale of the damage the malware could inflict surprised both the FBI and even the malware's own creators — Josiah White of Washington, Pennsylvania; Paras Jha of Fanwood, New Jersey; and Dalton Norman of Metairie, Louisiana. "These guys underestimated the scale of manufacture of [IoT] devices and how widely placed they were throughout the world," recalls William Walton, supervisory special agent at the Anchorage FBI field office. "So when they developed the Mirai botnet, I think they inadvertently harnessed way more power than they set out to harness." What Mirai showed was how drastically the threat landscape had changed as a result of more devices coming online constantly. "The interconnectedness of the Internet's architecture became readily apparent," Walton says. DDoS and botnet activities continue to be a core focus of the Anchorage cybersquad. But business email compromise scams and enterprise ransomware attacks are vying for attention as well. Tapping Private Industry As threats have evolved, so has the FBI's understanding of how best to approach them. One area where the agency has made a lot of improvement is in scoping requests for data from service providers when carrying out investigations. "We have gotten better at getting the right evidence from service providers," Walton says. Instead of hitting them with blanket requests and then having to wade through lots of data in the hope of finding something useful, the focus these days is on first gaining a technical understanding of how particular crimes are carried out. "We try and understand the types of things we can and should be asking for," Walton says. Helping them in a major way is the private industry. Over the past several years, the FBI has been working with researchers and engineers from within the security industry to try and understand new and emerging threats and trends. The informal interactions and relationships have been key to the FBI's ability to hunt down and dismantle criminal networks on the Internet. One example is the role Akamai played in the Mirai investigation. Researchers from the company reverse-engineered Mirai's command-and-control (C2) infrastructure and built a tool that helped the FBI and others keep track of the botnet, says Tim April, principal architect at the content delivery network services provider. When the massive DDoS attacks on Dyn began, Akamai researchers were able to quickly point the FBI to the exact C2 that issued the attack command, he says. The company's information played a big role in the FBI's ability to definitively attribute the attacks to Jha and his pals. "We try to keep close tabs on what's going on, and we update [the FBI] whenever we see something new or novel" on the threat landscape, April says. The interaction is mutual, voluntary, and beneficial to both sides. Peterson himself calls in to meetings at least once a week with security researchers from companies like Akamai. The meetings are an opportunity to hear what everybody is doing and to provide updates on cases the FBI might be investigating. He finds such exchanges to be more useful, at least from a purely investigative standpoint, than formal information-sharing groups. "ISACs absolutely have their place. They are super-important," he emphasizes. But it's the researchers and other contacts on the frontlines who usually have the information needed to move quickly on investigating new threats. "People really move their schedules around to do them because it is so useful to hear what the government is seeing and what all these different private entities are seeing in this space," Peterson notes. "That visibility is really not something we had a few years ago." The interaction with private industry has also helped the FBI prioritize investigations better. The process typically involves looking at the scope of existing damage caused by a threat or group and the potential for future damage. "We rely on private industry partners to give us a sense of the scale of what we are facing," Walton says. The Anchorage office is able to prioritize some threats locally using available agents and bandwidth. Sometimes the task involves having to work with headquarters to identify where the bureau has the best resources to put up against a particular threat. International Cooperation The FBI's efforts at building relationships with its international law enforcement counterparts are helping as well. Walton and Peterson often travel to other countries in pursuing cybercriminals operating out of the direct reach of US law. On some of those trips, the two agents have taken US prosecutors along with them to meet prosecutors in other countries. In other cases, they have hosted law enforcement agents from other countries on US soil. For the Mirai case, for instance, a team from France flew to the US to observe and sit in on interviews with the suspects in an example of what Peterson describes as an almost unprecedented level of cooperation on cyber matters between the two sides. British and Polish teams have visited the US in connection with other investigations, too. Such interactions have given the FBI a better understanding of the legal and time constraints under which law enforcement in other countries operate. Importantly, they have also enabled a better understanding internationally about how US law enforcement conducts cybercrime investigations. "There is a growing understanding and appreciation for what matters in terms of gathering evidence and the speed at which that has to occur," Walton says. Even so, international investigations still take longer than ideal. The speed at which the FBI was able to pursue the Mirai operators and with which they were prosecuted was helped by the fact the attackers were based in the US. The time lag is a whole lot longer in an international setting. "For me the most frustrating thing is the ability to match the pace of cybercriminals as we pursue them," Walton says. Legal process takes time, developing relationships with private industry takes time, and working internationally takes time. "All of those time constraints aren’t really a factor for cybercriminal operations," Walton says. At the end of the day, fighting cybercrime requires broad cooperation, Peterson says. Everybody has an interest in an Internet that is safer and more secure, so people and organizations need to find ways to work together and make that happen. "If your company is an island, you are not contributing to all of us trying to solve the problem," he says. "Team up. Find a way to help. That's the only way to get ahead of this." Source
  3. Data breaches and exposures have been so rampant over the last few years that it's difficult to even keep track at this point, much less step back to mull a solution. But, perhaps out of necessity, researchers from the database giant MongoDB have spent the last two years developing a new database encryption scheme aimed squarely at reducing these damaging incidents. Their secret weapon? Radical simplicity. The idea of encrypting databases in various ways isn't new. But in practice there have been limitations on where and when data was actually protected. Databases are often encrypted "server-side," meaning that random strangers can't just query it for information, but credentialed users can access some or all of the information in it. But that also means that anyone with full access to the data—like the database operator and administrators—can decrypt and access everything. This puts the data at risk to both outside hackers wielding stolen credentials, and rogue insiders who have been granted more access than they need. Other types of encryption schemes, though, typically add both complexity and cost, which is why it's taken so long for companies like MongoDB to offer something that's both usable and secure. And given that companies as large as Adobe and Google rely on MongoDB database architecture, it's a solution that could have outsized impact. "One reason that no one did this before was because they didn’t perceive customer demand the way that it’s easy to perceive today," says Davi Ottenheimer, MongoDB's vice president of trust and digital ethics. All those high-profile database breaches have finally started to make companies aware of what solid encryption is worth. MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side" encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user's device as needed. That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either. For regular users, not much will be visibly different. If their credentials are stolen and they aren't using multi-factor authentication, an attacker will still be able to access everything the victim could. But the new feature is meant to eliminate single points of failure. With Field Level encryption in place, a hacker who steals an administrative username and password, or finds a software vulnerability that gives them system access, still won't be able to use these holes to access readable data. The focus, Ottenheimer says, was on trying to offer that security in a form customers would actually adopt—a classic cybersecurity problem. "We really focused on making this easy for developers to put into their path to release," he says. "We want them to be able to release new products and code as quickly as possible." Field Level Encryption is built on well-tested, public encryption standards, and is open source, so it can be extensively vetted by the cryptoanalysis community. That auditing process has already begun, but will expand significantly during the tool's beta testing phase, set to start next week. So far the early analysis has been promising, says Seny Kamara, a cryptographer at Brown University and cofounder of the data security firm Aroki Systems, who has been assessing Field Level Encryption. Kamara says that MongoDB has already made changes based on his and his team's feedback. "This cryptographic technology is new and like much of cryptography there are tradeoffs between efficiency and security," he says. "MongoDB’s effort to involve the cryptography community is unusual and welcomed. Being proactive about getting new cryptography analyzed is definitely the right way to do things." As with any defense mechanism, Field Level Encryption does come with some limitations and caveats. Most importantly, MongoDB databases are what's called "NoSQL" databases, meaning they can accommodate all sorts of unstructured data and fan out across many servers as they grow. And while MongoDB offers the most popular type of NoSQL database, so-called "SQL" databases, or relational databases, are more common overall. This means that Field Level Encryption, or something like it, won't be coming to every database anytime soon. Additionally, the new feature creates challenges to managing all of the different system encryption keys across cloud providers, and also makes it more complicated for the database system to perform certain types of information sorting and querying, since data is scrambled and unreadable. Still, given MongoDB's reach, Field Level Encryption is an important step—one the company hopes other database makers will now be motivated to take, too. And Kenn White, MongoDB's product security lead, says that he thinks the company will be able to overcome more and more of these limitations as it works with beta testers and beyond. Above all, the goal of the new defense, he says, is to limit access to the data as much as possible. He likens the feature to putting valuables in a safe, and then placing the safe in a locked storage unit. Even if someone pressures the storage provider to cut the lock, they'll still have to contend with your safe. Nothing can ever be a total security panacea, though. "If you put a pair of bolt cutters and a sticky note with the safe combo on the ground outside your unit then, yeah, I got nothing," White says. "But if you have confidential workloads, now you don’t need to trust MongoDB. If you have a backup that's sitting in a cloud bucket—no one can read the encrypted fields. You can run highly sensitive workloads and have protection against an insider attack or an internal breach. That's a much better position to be in." Source
  4. New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year. DNS protection could prevent approximately one-third of the total losses due to cybercrime – which translates into billions of dollars potentially saved. According to "The Economic Value of DNS Security," a new report published by the Global Cyber Alliance (GCA), DNS firewalls could annually prevent between $19 billion and $37 billion in losses in the US and between $150 billion and $200 billion in losses globally. GCA used data about cybercrime losses from the Council of Economic Advisors and the Center for Strategic and Internation Studies as the basis for its GCA's estimates of how much DNS protection, such as a DNS firewall, could save the economy. "The benefit from using a DNS firewall or protective DNS so exceeds the cost that it's something everyone should look at," says Philip Reitinger, GCA president and CEO. In many cases, he says, the DNS protection service or DNS firewall will be available at no cost to purchase or license. But could any cost, no matter how small, be offset by the difficulty in deploying or managing the protection? Not likely. "In most cases, it will be extremely easy to do. There's no new software here," Reitinger says. When it comes to protecting endpoints, it could be as simple as changing the address used for DNS resolution in the computer's network settings. And for some companies, the adoption will be only slightly more difficult. The only real difficulty, Reitinger says, comes if the firewall begins generating false-positives, blocking traffic to destinations that serve a legitimate business purpose. Should that happen, firewall rules will need to be manually overridden. "If you see people trying to going out to various services, you get to write the rules that allow or block the destination in spite of the firewall," he says. One legitimate point of concern is the data on DNS traffic that the protection provider might collect, Reitinger adds. Knowing about an organization's traffic patterns provides a great deal of information about the organization itself, he says. In this case, asking serious questions of the provider before signing a contract or changing a resolution server address can prevent privacy concerns in the future. Source
  5. Rising healthcare breaches driven by hacking and unsecured servers 2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic. Hacking and IT incidents affected the industry to a larger extent last year, accounting for more than 67% of all breaches and exposed the personal data of tens of millions of individuals. Highest breach count Analyzing data from the U.S. Department of Health and Human Services, threat protection company Bitglass found that the count of healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year (386). Most of the breaches were caused by hacking and IT incidents, which exposed data from 24.1 million individuals, making them vulnerable to identity theft and phishing attacks. However, despite the rise in incidents, the total number of affected individuals is slightly lower compared to 2019. A breakdown of the breaches per state shows that California had the highest number, 49 incidents, followed by Texas with 43. New York with 39 breaches, and Florida and Pennsylvania, each with 38 breaches, take the next three spots. Looking at the states that had the largest count of individuals affected, Michigan ranks first, mostly because of a single incident at the Trinity Health healthcare delivery system, which impacted 3.3 individuals. According to the Ponemon Institute, breaches affecting healthcare organizations are the most expensive to deal with and have the longest recovery time. On average, the cost per breached record in 2020 was $499, and recovery took about 236 days. Also on the downside is the fact that healthcare institutions take 96 days to identify a breach, more than any other industry. Ransomware attacks While the report from Bitglass does not break down the hacking incidents by their type, ransomware attacks likely account for a significant proportion. Maze, Ryuk, REvil (Sodinokibi), SunCrypt, Snake, and Clop are just some of the ransomware groups that attacked hospitals and healthcare organizations. A report from Check Point earlier this year named Ryuk and REvil the top threats for the healthcare sector at a global level. At the end of October 2020, the U.S. Government released a warning about Ryuk ransomware attacks targeting hospitals and healthcare providers. An earlier notification, in April, sounded the alarm about ransomware groups breaching hospitals by exploiting a remote execution vulnerability in Pulse Secure VPN servers. News about ransomware hitting various hospitals in the U.S. trickled all through 2020, most of them towards the end of the year (1, 2, 3, 4, 5), and some organizations ending up paying the hackers hundreds of thousands of U.S. dollars to return to normal activity. Source: Rising healthcare breaches driven by hacking and unsecured servers
×
×
  • Create New...