What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay?
The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity
AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.
Antinalysis, as it existed in 2021.
In August 2021, KrebsOnSecurity published “New Anti Anti-Money Laundering Services for Crooks,” which examined Antinalysis, a service marketed on cybercrime forums that purported to offer a glimpse of how one’s payment activity might be flagged by law enforcement agencies and private companies that track and trace cryptocurrency transactions.
“Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” read the service’s opening announcement. “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”
Antinalysis allows free lookups, but anyone wishing to conduct bulk look-ups has to pay at least USD $3, with a minimum $30 purchase. Other plans go for as high as $6,000 for 5,000 requests. Nick Bax, a security researcher who specializes in tracing cryptocurrency transactions, told KrebsOnSecurity at the time that Antinalysis was likely a clone of AMLBot because the two services generated near-identical results.
AMLBot shut down Antinalysis’s access just hours after last year’s story went live. However, Antinalysis[.]org remains online and accepting requests, as does the service’s Tor-based domain, and it is unclear how those services are sourcing their information.
AMLBot spokesperson Polina Smoliar said the company undertook a thorough review after that discovery, and in the process found two other services similar to Antinalysis that were reselling their application programming interface (API) access to cybercrooks.
Smoliar said that following the revelations about Antinalysis, AMLBot audited its entire client base, and implemented the ability to provide APIs only after a contract is signed and the client has been fully audited. AMLBot said it also instituted 24/7 monitoring of all client transactions.
“As a result of these actions, two more services with the name AML (the same as AMLBot has) were found to be involved in fraudulent schemes,” Smoliar said. “Information about the fraudsters was also sent to key market participants, and their transaction data was added to the tracking database to better combat money laundering.”
The Antinalysis homepage and chatter on the cybercrime forums indicates the service was created by a group of coders known as the Incognito Team. Tom Robinson, co-founder of the blockchain intelligence firm Elliptic, said the creator of Antinalysis is also one of the developers of Incognito Market, a darknet marketplace specializing in the sale of narcotics.
“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero, a cryptoasset offering heightened anonymity,” Robinson said. “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.”
Technology has typically had a reputation for being exciting and inventive. Unfortunately, this hasn’t always been the case for security. But times have changed. We are now recognizing the crucial role security plays in any groundbreaking technology. Without strong defenses, even the most visionary app is likely to crash and burn. So it’s imperative that big security players like Cisco stay on top of what’s next.
I am thrilled to announce that in November, we will be launching our new video series, “NEXT” by Cisco Secure. In the series, my esteemed co-host TK Keanini and I will interview some of the brightest new minds in tech to find out more about the future of the industry and how we can best secure it. Watch the series preview below!
As the CTO of Cisco Secure, TK has over 25 years of networking and security expertise, as well as a penchant for driving technical innovation. As for me, I’m a cybersecurity specialist of 10 years with an obsession for communication and empathy. Together, TK and I will bring new cyber pioneers to the forefront and highlight the criticality of digital protection and privacy for everyone.
Whether we’re discussing Web3, the metaverse, or next-generation healthcare, we’ll learn and laugh a lot. Through simple conversations about complex topics, we’re building a bridge between leading-edge tech and how Cisco is helping to safeguard what’s on the horizon.
And what better time to preview this series than during Cybersecurity Awareness Month? A time when we focus on the reality that security belongs to everyone — not just the threat hunter, or the product engineer, or the incident responder — but everyone.
We all have a responsibility to protect the world’s data and infrastructure, and should all have a seat at the table for important security conversations. We hope you’ll join us as we dive into what’s making waves out there, and how we can keep it safe.
Follow our Cisco Secure social channels to catch our first episode in November, when we will speak with Michael Ebel, CEO of Atmosfy. Atmosfy is revolutionizing restaurant reviews by incorporating engaging live video that inspires others and supports local businesses. TK and I will chat with Michael about the origin of Atmosfy, and how the company keeps its content authentic and organization resilient.
In the meantime, explore our other Cybersecurity Awareness Month resources.
Who do you want to hear from next? Tell us your ideas for future guests in the comments.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
From a little girl financially helping her family in Jerusalem to a Nobel Prize laureate. That is the exceptional life of Ada Yonath in a nutshell.
The post Life in pursuit of answers: In the words of Ada Yonath appeared first on WeLiveSecurity
Sharing is caring… but on the internet, sharing can also be tricky! When we post something, we have to look at the forest and not just the trees. Doxxers usually start with one or two pieces of relatively innocent or public information, but by connecting the dots between those pieces they can build a frighteningly detailed picture of an individual.
Seemingly innocuous details can be pieced together into a much more personal profile when collected and leveraged to learn more. As one example, your wish list/wedding registry makes it easy for friends and family to get you gifts that you actually want, but could also be used to find out products/services you’re interested in as pretext (setting the scene) of a conversation or phishing email trying to gather more. You may have Google Alerts set up for your name (a great idea!), but this may not flag text in scanned documents such as school yearbooks, newspapers and other digitized paper records available online.
If the above sounds scary – don’t panic! Your first step in this auto-dox is going to be brainstorming as much personally identifying information (PII) shared online as possible. I suggest doing this either in a secure note or longhand. The goal is to write down all of the accounts/addresses/phone numbers that come to mind, as these are some of the top things that attackers will try to gather in their search. Start your list here:
Email addresses are an especially juicy target for someone trying to locate you, because most people only use one personal and maaaybe a second school or work email account. Those accounts are tied to all our other online identities and often double as our username for logging in.
When you finish this process, you will likely have dozens or even hundreds of “breadcrumbs” between your account list and search results. Read through your list again, and we’re going to sort it into three categories:
Great job! You’ve already got a much better idea of what people can learn about you than most folks ever do, and are well on your way to cleaning up your online footprint. In our next step, we’ll start locking down everything that you want to keep!
P.S. If you’re enjoying this process and value keeping people safe online, please check out our open roles at Cisco Secure.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in the Windows COM+ event service, which provides system notifications when users logon or logoff. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.
“Despite its relatively low score in comparison to other vulnerabilities patched today, this one should be at the top of everyone’s list to quickly patch,” said Kevin Breen, director of cyber threat research at Immersive Labs. “This specific vulnerability is a local privilege escalation, which means that an attacker would already need to have code execution on a host to use this exploit. Privilege escalation vulnerabilities are a common occurrence in almost every security compromise. Attackers will seek to gain SYSTEM or domain-level access in order to disable security tools, grab credentials with tools like Mimkatz and move laterally across the network.
Indeed, Satnam Narang, senior staff research engineer at Tenable, notes that almost half of the security flaws Microsoft patched this week are elevation of privilege bugs.
Some privilege escalation bugs can be particularly scary. One example is CVE-2022-37968, which affects organizations running Kubernetes clusters on Azure and earned a CVSS score of 10.0 — the most severe score possible.
Microsoft says that to exploit this vulnerability an attacker would need to know the randomly generated DNS endpoint for an Azure Arc-enabled Kubernetes cluster. But that may not be such a tall order, says Breen, who notes that a number of free and commercial DNS discovery services now make it easy to find this information on potential targets.
Late last month, Microsoft acknowledged that attackers were exploiting two previously unknown vulnerabilities in Exchange Server. Paired together, the two flaws are known as “ProxyNotShell” and they can be chained to allow remote code execution on Exchange Server systems.
Microsoft said it was expediting work on official patches for the Exchange bugs, and it urged affected customers to enable certain settings to mitigate the threat from the attacks. However, those mitigation steps were soon shown to be ineffective, and Microsoft has been adjusting them on a daily basis nearly each day since then.
The lack of Exchange patches leaves a lot of Microsoft customers exposed. Security firm Rapid7 said that as of early September 2022 the company observed more than 190,000 potentially vulnerable instances of Exchange Server exposed to the Internet.
“While Microsoft confirmed the zero-days and issued guidance faster than they have in the past, there are still no patches nearly two weeks out from initial disclosure,” said Caitlin Condon, senior manager of vulnerability research at Rapid7. “Despite high hopes that today’s Patch Tuesday release would contain fixes for the vulnerabilities, Exchange Server is conspicuously missing from the initial list of October 2022 security updates. Microsoft’s recommended rule for blocking known attack patterns has been bypassed multiple times, emphasizing the necessity of a true fix.”
Adobe also released security updates to fix 29 vulnerabilities across a variety of products, including Acrobat and Reader, ColdFusion, Commerce and Magento. Adobe said it is not aware of active attacks against any of these flaws.
For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.
As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.
“I’ll just Uber home.”
Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb.
Uber’s reputation has ebbed and flowed since its creation in 2009, and it’s taken another hit recently as more details are coming to light about a massive 2016 cybersecurity breach and the chief security officer’s attempts to cover it up.
In 2016, a ransomware group trawled the internet and gathered Uber’s credentials that opened the door into the company’s server database. The cybercriminals then stole the information of customers and drivers alike and held it for a $100,000 Bitcoin ransom. Joe Sullivan, Uber’s chief security officer at the time, paid the ransom and the criminal group agreed to delete the information they uncovered. While it’s not uncommon for large corporations to give in to cybercriminals and dole out huge ransom payments, Sullivan is facing potential jail time because he didn’t report the incident to the Federal Trade Commission. He was recently found guilty of wire fraud and concealing a felony from authorities.
Uber account holders had their personally identifiable information in nefarious hands without their knowledge. The cybercriminals allegedly downloaded the names, email addresses and phone numbers of 57 million Uber customers and drivers, plus the license plate numbers of 600,000 drivers.1
Organizations have a responsibility to their customers to report any cyberbreaches. With a full name, email address, and phone number, cybercriminals can inflict a lot of damage on an innocent person’s credit, steal money from online accounts, or invade someone’s digital privacy. Customers must act swiftly to put the proper safeguards in place, but they can’t do that if they don’t even know a breach has happened! The longer a cybercriminal has to poke and prod someone’s digital footprint, the more havoc they can wreak and profits they can gain.
Acting swiftly is key to keeping your personally identifiable information (PII) private after a breach, though there are a few measures you can take right now that could prevent your information from being compromised. Here’s what you can do before and after a breach.
One way to shrink your attack surface – or the number of possible entry points into your digital life – is to regularly vet your online accounts and apps. For example, when you’re cleaning your closet, it’s common to donate or trash any clothing you haven’t worn in a year. The same method works for your digital life. If you haven’t logged into a shopping site or mobile gaming app in over a year, it’s unlikely that you will use them anytime soon, so it’s time to say goodbye and delete it.
McAfee credit lock and security freeze are other preventive measures that can keep your credit safe in case your PII is ever compromised. These services make it easy to prevent one or all three major credit bureaus from accessing your credit. In turn, this prevents anyone other than you from opening a bank account, applying for a loan, or making a substantial purchase. If you’re not planning on needing a credit report, it’s a great practice to freeze your credit.
When you first hear of a company’s data leak with which you have an account, the first step you should take is to change your account password. Login and password combinations are often compromised in a data breach. Make sure your new password is strong and is not a duplicate of a password you use elsewhere.
Next, consider running a Personal Data Cleanup scan. Personal Data Cleanup checks risky data broker sites and alerts you if your information appears on any of them. From there, you can take steps to remove your information.
Finally, for the next few weeks, keep close tabs on your financial, online, and email accounts. Watch for suspicious activities like purchases you didn’t make, electronic receipts, notifications, or mailing lists that you didn’t sign up for. McAfee+ Ultimate can help you here with its identity monitoring and full-service Personal Data Cleanup. McAfee+ gives you a partner to alert you and help you recover if your digital privacy is compromised.
Protecting your identity and digital privacy is a two-way street. While identity and privacy protection tools go a long way, individuals also have a responsibility to remain vigilant and take quick action if they suspect their information is compromised. And the ultimate responsibility lies with companies to alert the authorities and their customers after a data leak and to take serious steps to shore up their security to make sure it never happens again.
1The Verge, “Former Uber security chief found guilty of covering up massive 2016 data breach”
The post 57 Million Users Compromised in Uber Leak: Protect Your Digital Privacy and Identity appeared first on McAfee Blog.
How do organizations earn and build trust when it comes to the personal data that customers share with them? Customers certainly expect these organizations to comply with all privacy laws that are now in place in more than 130 countries. Customers also expect them not to sell personal data without consent and to try to avoid data breaches that could expose personal data. While these actions are necessary, organizations still need to do more when it comes to customer trust. According to our latest research, consumers’ top priority is, in fact, for organizations to be more transparent about how they use personal data.
The Cisco 2022 Consumer Privacy Survey, released today, explores what organizations can do to earn and build trust with customers, the actions individuals are taking to protect their data, the impact of privacy laws around the world, and some of the benefits and costs of Artificial Intelligence (AI) and data localization requirements. The report, our fourth annual look at consumer privacy issues, draws on anonymous responses from 2600 adults in 12 countries.
Here are some highlights from the survey:
Check out the associated infographic that provides visual and easily consumable descriptions of the key data.
At Cisco, we believe that privacy is a fundamental human right. Privacy continues to be a high priority for consumers, and organizations need to do their part to protect personal data and build consumer confidence in how this data is being used. Some recommendations for organizations include:
Privacy remains a critical element of trust. Consumers want more transparency and control of their personal data, especially as we continue to see innovations in technology. As we are now in the midst of Cybersecurity Awareness Month in the US and other countries around the world, it’s a great time to learn more and join in activities and discussions that advance cybersecurity.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels