Tag Archive for: individuals

Ransomware: Victim Insights on Harms to Individuals, Organisations and Society



Ransomware incidents remain a scourge on UK society. Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK …

Source…

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone 


Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign.

AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud.

Nevertheless, impacted customers are being offered free credit monitoring and identity protection services. 

In response to the breach, the MOVEit application was temporarily disabled by AutoZone, the vulnerability was patched, and the affected system was rebuilt.

AutoZone pointed out that it is one of the more than two thousand organizations impacted by the MOVEit hack. However, the company determined that the exploitation of the MOVEit vulnerability resulted in data exfiltration only on August 15, more than two months after news of widespread exploitation broke.

Starting in late May and possibly earlier, the Cl0p ransomware group exploited a MOVEit software vulnerability tracked as CVE-2023-34362 to steal data from many organizations that had been using the application to transfer files. 

According to cybersecurity firm Emsisoft, the number of impacted organizations — both directly and indirectly — reached 2,620 as of November 21, with more than 77 million individuals being affected.

The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants Siemens Energy, Schneider Electric, and Shell

Related: SEC Investigating Progress Software Over MOVEit Hack

Advertisement. Scroll to continue reading.

Related: 10 Million Likely Impacted by Data Breach at French Unemployment Agency

Related: Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw

Source…

Can true crime stories about the internet keep individuals safe from cybercrime?


If you were to visit the office of Joe Carrigan, a senior security engineer at Johns Hopkins University’s Information Security Institute (ISI), you’d notice a television screen displaying a looping slideshow. Among the featured content in the loop is a 2022 article from The New York Times, which recognizes his podcast for delving into discussions about the “dark side of the internet.”

That podcast is Hacking Humans, cohosted by Dave Bittner, who is also a producer for the pod by way of CyberWire, a B2B cybersecurity audio network. Hacking Humans focuses on the human side of cybersecurity problems.

“The idea of the Hacking Humans podcast is that it’s not a very technical podcast,” Carrigan said. We don’t talk about vulnerabilities, you know — we mention them tangentially, we mention them as necessary.”

According to Carrigan, a University of Maryland Global Campus computer science program alum, many people believe hackers are only interested in high-profile targets like nation-state actors or penetration testers. But anyone can become a target if they don’t protect themselves.

The Columbia, Maryland resident cited a country-by-county pay gap as a possible influence for those who might be employed by “scam centers” in countries like India and Nigeria — both known contributors to cyber crime, he said.

“If you look at the two countries, the average American makes around 73 times what the people in Nigeria and India make per year,” Carrigan told Technical.ly. “… If these guys [scammers] can scam somebody out of 25 bucks every day, seven days or six or seven days a week, in a year, they make three to four times what the average income is in their country, and they’re doing well.”

The podcast aims to bridge the gap between more technical cybersecurity discussions and the general public.

On a recent episode of the podcast (Season 6, Episode 262), for instance, Bittner — who is also an alumnus of the University of Maryland system — sounds surprised as Carrigan presents findings from a survey about people’s understanding of cybersecurity, including the jargon commonly used in the field. The survey was conducted by ISI and commissioned by…

Source…

University of Michigan says hackers gained personal information of individuals in cyberattack


CBS News Detroit Digital Brief for Oct. 23, 2023


CBS News Detroit Digital Brief for Oct. 23, 2023

03:03

(CBS DETROIT) – The University of Michigan said on Monday that hackers were able to get the personal information during a cyberattack back in August.

University officials say an investigation launched an investigation and learned of suspicious activity on the computer network. 

The investigation revealed that an “authorized third party was able to access personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants,” the university said.

The information included social security numbers, driver’s licenses or other government-issued identification numbers, financial account or payment card numbers, and health information. The university determined that the hacker gained access between Aug. 23-27.

In response to the suspicious activity, officials disconnected the campus network on Aug. 27 for its Ann Arbor, Dearborn, and Flint campuses. At that time, University President Santa Ono said it was investigating a “security issue.” The internet was restored on Aug. 30.

The university says in addition to the investigation, it is also “continuing to work with third-party cybersecurity experts to take steps to harden our systems and emerge from this incident as a more secure community.”

U of M sent letters on Monday to all individuals whose information was involved. The university is offering free credit monitoring services to those individuals.

The university also launched a call center to address the incident. Anyone who believes their information was involved and does not receive a letter can call the toll-free number at 888-998-7088 between 9 a.m. and 9 p.m. Monday through Friday.

Source…