Tag Archive for: Effectively

2,430 hacking crimes investigated; 7,092 suspects arrested since 2022, effectively safeguarding cybersecurity: public security authority

/in


hacker Photo: VCG

Photo: VCG

Since 2022, public security organs across China have investigated 2,430 hacking crimes and arrested 7,092 suspects, effectively cutting off the chain of hacking crimes, protecting network and data security, and safeguarding the normal order of cyberspace, the Ministry of Public Security announced on Thursday at a press conference.

The authority noted that according to its latest statistics, the number of hacking cases in China has been increasing for three consecutive years, with an average annual growth rate of 27.7 percent. The ministry also noted that the average age of hackers has been decreasing year by year, and there have even been cases of elementary school students proficiently using hacker tools.

The rise in hacking crimes has become increasingly prominent in recent years. During the press conference in Beijing, Shi You, the deputy director of the Bureau of Network Security Protection of the ministry, introduced that hacking crimes mainly involve illegal intrusion into computer information systems, unauthorized access to computer data, illegal control of computer information systems, providing programs and tools for illegal intrusion and control of computer information systems, as well as the destruction of computer information systems.

The ministry released 10 typical cases of hacker crimes, as part of the efforts and significant achievements by the authority during the nationwide campaign called “Clean up the Internet.”

In one typical hacking case, the Panzhihua public security bureau in Southwest China’s Sichuan Province successfully handled in January a case of making profit through illegal remote manipulation of older mobile phones, with the whole chain making illegal profits of more than 100 million yuan ($14.02 million).

The local public security authority in September 2022 uncovered multiple cases of automatic ordering of value-added services on older phones, resulting in monthly deductions of 1 to 10 yuan ($1.4) for related value-added services, indicating that the phones were remotely controlled.

After investigation, it was found that the suspects surnamed Chen and Gao colluded with vendors and manufacturers of older phones to implant Trojan programs…

Source…

pCloud launches two free online tools to enhance security among Internet users quickly and effectively

/in


ZUG, SWITZERLAND – Media OutReach – 2 May 2023 – In Taiwan, the need to improve online security is urgent, with organizations experiencing an average of 3,118 attacks per week last year (https://www.taiwannews.com.tw/en/news/4783488). This trend will likely worsen due to the rise in remote work and digital transformation acceleration.

Screenshot 2023-04-25 at 15.48.43.png

It is in this context that World Password Day will take place on May 4th. One of its objectives will be to raise awareness among Internet users of best practices for securing their data.

On this occasion, pCloud, the European service that offers a secure online storage solution and an encrypted password manager, launches two free online tools:

Password Checker, to easily validate the security level of each password ;
Data Breach Checker, to find out if an email is part of a hack… and it often is!

“With data breaches on the rise in 2023, we offer these free and easy-to-use tools to help build good practices that increase online security.”

Screenshot 2023-04-25 at 15.48.16.png

Check your password security quickly and effectively

The Password Strength Checker can identify how quickly a password can be cracked, with hackers usually taking just a few seconds to do so.

This is a significant concern since 78% of Generation Z use the same password for everything.

Concrete tips on creating strong passwords and avoiding the risk of being hacked are also shared by pCloud.

Find out immediately if an email is part of a data breach

pCloud’s Data Breach Checker allows users to find out instantly if their email is part of one or more known data breaches.

This is important since popular sites like Deezer, Twitter, Dropbox, and Canva have already been victims of data breaches.

Sensitive personal information associated with emails, such as credit cards, addresses, and passwords, may also have been hacked.

The problem is that people are not always aware of it, because they were not alerted when it happened or because they do not have a full picture of the scale of the phenomenon.

Accessible at any time, this tool allows the user to know instantly if their email is part of one or more known data breaches.

Here again, the Swiss company takes the opportunity to share 3 practical tips to ensure better…

Source…

Five ways security teams can more effectively manage identities in the cloud

/in


Managing identities in the cloud has been described as a “big mess” by many security pros – and that’s why SC Media decided to focus on this issue as we celebrate Data Privacy Day.

For starters, the comparatively orderly on-prem days in which all identities were managed by Microsoft Active Directory, or network admins could geo-locate an employee based on an IP address that was in the company’s building are long gone.

Rather, the confluence of the cloud accelerated by the pandemic moved companies outside the building, where they are now managing hundreds of applications and data sets, and permissions and access right for all those applications and data.

“For just AWS alone, a company may have 100 different applications,” said Frank Dickson, vice president for security and trust at IDC. “Someone may have access to Salesforce, but only to the files for their customers. So think about the exponential scaling of that complexity across multiple applications and you begin to understand how challenging managing identities in the cloud has become.”

Based on interviews with Dickson and other security pros here’s a list of tips to consider for managing identities in the cloud.

  • Invest in core identity technology. Dickson said once a company gets past 100 users, managing identity becomes unwieldy. Businesses need to invest in a tool such as Okta or Azure AD that can automate the management of all the cloud-based identities – and that’s especially true for large organizations with hundreds, if not thousands of users.
  • Consider cloud identity management tools for IaaS and SaaS. There’s no one-size-fits-all solution to managing identifies in the cloud, said Dickson. There are products from the likes of CrowdStrike, Microsoft and Sonrai Security for example, under the umbrella of cloud infrastructure entitlement management (CIEM), that let different teams and developers implement least privilege access at scale. It lets security teams grant access to a specific segment in public cloud environments, and it can do this across all the major public cloud environments, such as AWS, Azure and the Google Cloud Platform. And then there are tools known as SaaS Detection and Response…

Source…

Effectively closing entry gates for hackers: How strong authentication protects against ransomware

/in


Ransomware is a problem that is here to stay and that will in time become an even bigger issue – that is a fact that is clear to everyone involved in IT security. According to the international study “The State of Ransomware”, more than half of all organizations have experienced a ransomware cyberattack in 2020. Once hit, giving in to criminal demands or restoring the system wholesale is an expensive strategy, if it can be deemed a strategy at all. True risk mitigation should first ask what the main attack vectors exploited by this type of malware actually are. This is the only solution that not only staves off the problem of ransomware, but ideally minimizes the risk permanently. 

The three main attack vectors of ransomware  

Attack vector number 1 – the technology: As in many other attack scenarios, hackers exploit vulnerabilities and backdoors of infrastructure for their ransomware attacks in order to smuggle malware into a system. Infrastructure is especially vulnerable when it is based on unpatched systems. For example, the well-known Wannacry ransomware – which gained notoriety by taking out entire universities and hospitals – directly targets computers running outdated versions of Microsoft Windows. It exploits a known programming flaw in the SMB implementation to create crashes and persistent bluescreens (hence the name “Eternal-Blue”), spying on computers and locking users out of systems. The Wannacry ransomware attack shows just how virulent the problem of unpatched computers is. The attack spread to 150 countries and infected more than 230,000 computers. 

Source…