Tag Archive for: Pwned

Overdue to be ‘pwned’? Here’s how to keep hackers out of your online accounts

/in


New data shows hundreds of New Zealanders have been victims of recent cyber attacks. In the latest instalment of IRL, Dylan Reeve explores how you can avoid becoming one of them. 

After a balmy day lounging with her husband on a secluded Portuguese beach during a three week holiday in 2019, Sharon, an Auckland office manager in her early 60s, returned to her hotel room to discover dozens of new emails on her phone. The messages were replies to emails Sharon was certain she hadn’t sent, all in Russian. She began to panic. 

“I thought, ‘If they have got into my phone, and are able to send emails, what on earth else have they got?’” Sharon said. “It wasn’t like we had millions stashed away or anything, but I felt quite vulnerable being away from home.” 

Sharon didn’t know what to do – she was miles from New Zealand, wasn’t exactly a computer whizz, and had never encountered a situation like this. So she did the one thing that felt safest: “I turned my phone off.”

Sharon’s experience isn’t uncommon: new data released last week by CERT NZ, the government’s Computer Emergency Response Team, revealed that hundreds of New Zealanders were the victims of cyber attacks over a three month period this year – per the online lingo, they were pwned. CERT NZ has seen a steady rise in incident reports in the four years it’s been around, partly because people are becoming aware of the organisation’s work but also because more New Zealanders are falling victim to cyber criminals.

“We suspect it’s still only a small part of the bigger picture,” said CERT NZ director Rob Pope. “It’s an upward trend.”

A large part of the problem, according to Erica Anderson, chief operating officer of security consultancy SafeStack and self-described security nerd, is that “you can’t do anything nowadays without having some type of online account”. Today, many New Zealanders begrudgingly comply as their supermarkets, hairdressers, TV channels and even news outlets pester them to create yet another login.

But with so much personal information online, New Zealanders are putting themselves at risk of security breaches. Even a seemingly inconsequential…

Source…

FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims

/in


The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet

The United States’ Federal Bureau of Investigation (FBI) has shared more than 4.3 million email addresses, harvested by the Emotet botnet, with data breach tracking website Have I Been Pwned (HBIP) in an effort to help alert victims of the notorious botnet.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies during the takedown,” said HBIP founder Troy Hunt in a blog post.

The move comes on the heels of an operation on Sunday where law enforcement agencies pushed out an update to all systems compromised by Emotet in order to cleanse them of the notorious Back in January, authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine joined forces to disrupt the botnet by gaining control of its infrastructure and taking it down from the inside. Some 700 command-and-control servers were taken offline.

In the aftermath of the operation, the Bureau reached out to Hunt to inquire whether there was an efficient way of alerting the victims that their systems and accounts had been compromised by Emotet.

The FBI shared email login information that was stored by Emotet for spamming via victims’ email providers, along with web credentials that were harvested from browsers that were saved to speed up logins with HIBP.

While, usually, these would be treated as two separate breaches, Hunt said that they were uploaded as a single breach since “the remediation is very similar”. However, users who want to check whether they’ve been affected by Emotet won’t be able to do so using the search bar on HIBP’s homepage. This is due to the fact that the incident has been classified as sensitive by Hunt, who explained that he chose this approach so that users impacted by Emotet wouldn’t become targets.

“A sensitive data breach can only be searched…

Source…

How Have I Been Pwned became the keeper of the internet’s biggest data breaches – TechCrunch

/in

How Have I Been Pwned became the keeper of the internet’s biggest data breaches  TechCrunch
“data breach” – read more