Tag Archive for: Highlights

SEC social media hack highlights value of MFA

/in


Cryptocurrency markets fluctuated wildly on the evening of Monday 9 January after the US financial regulator, the Securities and Exchange Commission (SEC), briefly appeared to claim it had approved spot bitcoin exchange-traded funds (ETFs) for the first time.

The fake announcement was made via X, the service formerly known as Twitter, at around 9pm GMT on 9 January, and was widely reported at the time. It stated that the SEC had granted approval for bitcoin ETFs on all registered national securities exchanges, which it may yet do later this week, and will be a landmark moment for crypto assets should it happen.

The statement, which was swiftly retracted, was in fact the result of a compromise of the SEC’s X account, which was confirmed by chair Gary Gensler moments later.

“The @SECGov Twitter account was compromised, and an unauthorised tweet was posted,” said Gensler via X. “The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.”

Computer Weekly understands the SEC was able to regain control of the account within an hour.

Following an investigation overnight, a spokesperson for X, which has been beset with problems since its takeover by erratic billionaire Elon Musk, said: “We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation.

“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.

“We can also confirm that the account did not have two-factor authentication [2FA, MFA] enabled at the time the account was compromised. We encourage all users to enable this extra layer of security,” they said.

ESET global cyber security adviser Jake Moore said: “This proves that accounts on X continue to be targeted, and if an official account is compromised, then serious consequences can follow. Cryptocurrency scams remain the focal point, and with social pressure on X, they can still reap huge gains.

“Legitimate third-party access compromise or targeted social engineering are still the most common ways to…

Source…

Hstoday Ukrainian Telecoms Hack Highlights Cyber Dangers of Russia’s Invasion

/in


A recent cyber attack on Ukraine’s largest telecommunications provider, Kyivstar, caused temporary chaos among subscribers and thrust the cyber front of Russia’s ongoing invasion back into the spotlight. Kyivstar CEO Oleksandr Komarov described the December 12 hack as “the biggest cyber attack on telco infrastructure in the world,” underlining the scale of the incident.

This was not the first cyber attack targeting Kyivstar since Russia launched its full-scale invasion in February 2022. The telecommunications company claims to have repelled around 500 attacks over the past twenty-one months. However, this latest incident was by far the most significant.

Kyivstar currently serves roughly 24 million Ukrainian mobile subscribers and another million home internet customers. This huge client base was temporarily cut off by the attack, which also had a knock-on impact on a range of businesses including banks. For example, around 30% of PrivatBank’s cashless terminals ceased functioning during the attack. Ukraine’s air raid warning system was similarly disrupted, with alarms failing in several cities.

Read the rest of the story at Atlantic Council, here.

Source…

New research highlights difficulty of preventing Outlook security exploits

/in


Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike.

Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors. Li has investigated many of these cases personally. Li used the most recent versions of a Windows Outlook client and Exchange servers.

Outlook exploits — given its widespread use — continue to grab headlines, even some of the older ones that haven’t been diligently patched or where new variations come into play. This is the case for a recently uncovered case this past week in Bleeping Computer where Russian state-sponsored attackers leveraged a flaw patched in March.

The first category – malicious hyperlinks – forms the foundation of all phishing emails, not to mention other vectors such as SMS text messages. “For this attack vector, the attacker basically uses emails as a bridge to perform web-based attacks, whether they are social-engineering-based phishing attacks, browser exploits, or even highly technical browser zero-day exploits,” Li wrote. That means a user simply has to click on the link to launch a web browser, which is where the exploit actually begins.

The second category of attachments is also very familiar to users, and the success of the exploit depends on whether a user clicks once or more times on the attached file. Outlook does mark some files as unsafe or risky file types and Microsoft offers several suggestions on how to process them more securely.

Li describes several scenarios, depending on what file type is attached, its origins and various security features that Microsoft has to prevent malware infections. Li has a very thorough collection of use cases, differentiating among previewing the file and just clicking on it to run the associated application directly. This is the meat of Li’s post and can be useful for security managers to review and understand the various modalities.

The third category is where things get interesting. These types of attacks can happen when a…

Source…

Fidelity National Financial hack highlights why many are increasingly concerned about cybersecurity

/in


Recently, Fidelity National Financial, a Fortune 500 provider of title insurance for buyers and sellers, was hit by a devastating cyber attack.

Fidelity National Financial submitted regulatory documents to the U.S. Securities and Exchange Commission acknowledging the attack on Nov. 21, 2023, describing how it handled the situation. “Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures.”

The next day, AlphV/Black Cat ransomware gang claimed credit.

On Nov. 30, 2023, FHF submitted an updated filing to the SEC regarding the attack. “The incident was contained on November 26, 2023. The company is restoring normal business operations and is coordinating with its customers.” As we write this, a week after FNF initially acknowledged the attack, Fidelity National Financial’s website is finally back online. The company hasn’t said whether it paid a ransom to restart its systems. While its website may be back online, many of its title company and settlement agent services were, at the time, still suffering an outage.

Regardless, the hack compromised the ability for the title company to close deals for its buyer and seller customers over the Thanksgiving weekend. For most people, when you buy or sell a home, you’re closing on the single biggest financial transaction of your life. Having that go awry can cause confusion, concern and even panic.

The FNF hack also highlights why so many in the financial services industry are increasingly concerned about cybersecurity. On its website, FHF has a link to a page discussing its “Commitment to Helping Combat Wire Fraud” and another to “potentially fraudulent employment offers.”

Business Email Compromise (BEC) is one way wire fraud happens in real estate. A hacker targets employees of a business. They send phishing emails that look real enough for someone in the business to click on them. The hacker then gains access to that…

Source…