Tag Archive for: Among

Security awareness training among govt workers needed • BusinessMirror Editorial

/in


Hacking incidents have affected many big companies and government agencies in recent years, including a 2018 Facebook data breach that enabled attackers to access millions of user data. That year, it was discovered that political consulting firm Cambridge Analytica had obtained access to the personal information of millions of Facebook users without their consent. This was made possible by access control vulnerability in the social media’s application programming interface (API) that allowed third-party developers to access user data.

The scandal brought to light the issue of data privacy and the need for stricter access control measures. Facebook faced widespread criticism for mishandling users’ personal information and was fined $5 billion by the US Federal Trade Commission for violating users’ privacy.

No one knows the number of hackers around the world since many of those with malicious intentions are unidentified. However, some hackers join the ethical hacking community. Based on the 2018 Hacker Report, there are more than 166,000 registered ethical hackers worldwide.

India and the United States were the top countries where hackers were located, with 43 percent combined representatives. Russia, Pakistan, and the United Kingdom follow, with 14 percent combined representatives, according to the HackerOne hacker community.

CrowdStrike, the company that discovered that the Russians had hacked the Democratic National Committee, said that Russian hackers are known to be the fastest hackers. They can access a computer network in just 18 minutes, while Korean hackers gain access in two and a half hours, and Chinese hackers need four hours.

In the Philippines, a recent hacking incident stole personally identifiable information (PII) of Philippine Health Insurance Corp. members and its employees. PhilHealth was hacked by the Medusa group, and the hackers were demanding a $300-million ransom in exchange for the deletion of the stolen PhilHealth files posted on the dark web. PhilHealth President and CEO Emmanuel Ledesma Jr. said the insurer will not pay the ransom, but it had to spend P172 million to buttress its cyber defense.

This is the “unfortunate…

Source…

Two teenagers among 13 arrested over links to Android banking-related malware scams

/in


SINGAPORE: Two teenagers were among 13 people arrested for their suspected involvement in banking-related malware scams targeting Android users. 

The 15-year-old individuals were nabbed alongside seven men and four women aged 17 to 25, said the police in a news release on Saturday (Aug 26). 

All of them were arrested during an anti-scam enforcement operation conducted by the police between Aug 14 and Aug 25.

Two other women, aged 29 and 39, and another 15-year-old teenager are assisting with investigations.

Preliminary police investigations revealed that the 13 suspects had allegedly facilitated the scam cases by relinquishing their bank accounts. Some of them also relinquished their internet banking credentials or disclosed their Singpass credentials for monetary gain.

Cases of malware being used to compromise Android mobile devices have been on the rise since January, said the police. 

This results in unauthorised transactions made from the victims’ bank accounts even though they did not reveal their internet banking credentials, one-time passwords or Singpass credentials to anyone.

In such cases, the victims responded to advertisements on social media platforms and were later instructed by the scammers to download a malicious Android Package Kit from non-official app stores to facilitate the purchases, leading to malware being installed on the victims’ mobile devices. 

The scammers then convince the victims via phone calls or text messages to turn on accessibility services on their Android phones. This allows the scammers to take full control of the mobile devices.

“This means that the scammers can log every keystroke and steal banking credentials stored in the phones and allows them to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules,” said the police.

The scammers can further delete SMS and email notifications of the bank transfers to cover their tracks.

The police advised members of the public to not click on suspicious links, scan unknown QR codes or download mobile apps from third-party websites. 

“These unverified apps may contain malware, which can severely…

Source…

Children among 26,000 people impacted by Dallas ransomware attack, city employee says

/in


DALLAS (CBSNewsTexas.com) — On Tuesday, the City of Dallas disclosed that over 26,000 people were affected by a ransomware attack that occurred three months ago.

In early May, hackers accessed names, addresses, medical data and other information through city government servers. 

A group called “Royal” later claimed they encrypted the city’s critical data and threatened to post sensitive information online. Their alleged cyber intrusion also impacted 911 dispatch services for police and fire departments, municipal courts, water utilities and other services.

An image of the ransomware note obtained by J.D. Miles

City of Dallas


As a whole, 26,212 people were affected. And CBS News Texas has since learned that some city employees are already reporting identity theft. What’s more is that some of their children have also had their personal information stolen.

“Unfortunately, it was what I expected,” said Dallas Fire Fighters Association President Jim McDade. “That’s why I took out the identity theft protection back in May.”

McDade—whose personal information was also compromised—said his 1,500 members have been outraged at what they believe has been a sluggish response by the city.

On top of that, he said his 10-year-old son and the children and spouses of other city employees have had their information stolen, too.

Cyber security expert Andrew Sternke said if children have been victimized, it can haunt them into adulthood.

“This information is released out onto the dark web to be sold,” Sternke said. “When that kid turns 18, it’s a free-for-all and that’s another concerning aspect: that it’s not just the adults we have to worry about.”

Those concerns prompted the city to release a statement defending the time it took to report its findings…

Source…

Florida patients among victims of spate of data hacking

/in


TAMPA — A criminal group now being pursued by the FBI had access to Tampa General Hospital’s computer system for three weeks.

Its attempt to encrypt and ransom the hospital’s data — which could have significantly impeded care of patients — was thwarted by internal security measures. Nonetheless, hackers were still able to download personal data on 1.2 million patients.

The crime is among a spate of recent data breaches affecting Florida patients. HCA Healthcare in July reported that an unauthorized user stole data on about 11 million patients in 20 states, including Florida, and posted it on an online forum. And this week, Johns Hopkins Health System, which runs All Children’s Hospital in St. Petersburg, reported the theft of personal information on 310,000 patients, including almost 10,000 from Florida.

Nationwide, more than 50 million patient records were compromised in 2022, according to analysis by cybersecurity firm Critical Insight. The records of more than 3.4 million Florida patient have been compromised this year and 36 data breaches are still under investigation, according to the Department of Health and Human Services, suggesting that health care firms will continue to remain a favorite target of hackers.

The health care sector is perceived as being more vulnerable than those in the finance, defense or aerospace sectors, said Joe Partlow, chief technology officer at ReliaQuest, a firm that provides computer security guidance to banks, utility companies and health care providers among others. Finance firms tend to invest more in security measures, in part because of regulations, he said. Health data also typically includes Social Security numbers and insurance details prized by hackers.

”They are a good target,” he said. “They know it’s a good trove of personal data.”

The damage is not just to patient confidentiality. The average cost of a health care breach rose to $11 million this year, a 53% increase since 2020, according to an IBM report.

Phishing emails that entice employees to enter log-ons and passwords are still the primary means used by hackers to gain access to computer systems, Partlow said.

Once they have broken in, one tactic is…

Source…