Tag: scenario | SpinSafe

“Worst-case scenario”: Cybersecurity experts confirm school security blueprints stolen in MPS ransomware attack

May 18, 2023/in Computer Security

MINNEAPOLIS — It was known then but it’s even more apparent now: the ransomware attack against Minneapolis Public Schools was massive.

Mark Lanterman, former member of the U.S. Secret Service Electronic Crimes Task Force, described it as a “worst-case scenario,” and confirmed that highly sensitive security information, including campus blueprints, alarm schematics and the placement of surveillance cameras, were all among the documents stolen.

“My advice to the school district – get new IT staff because someone fell asleep at the wheel during this event,” Lanterman said bluntly. “The faucet of data was on for a long time. This was not a transfer of data like downloading a movie on iTunes that took 10 minutes. This took hours if not days if not longer. There are hundreds of thousands of files here.”

Emails from Minneapolis Public School officials obtained by WCCO show a nearly two-week delay before the district acknowledged that staff and family members’ personal data could be compromised.

Hackers have since released information onto the dark web, where users are untraceable. Cybersecurity experts warn that anyone associated with the district — current and former students, parents, staff and vendors — should assume they have been compromised until they’ve been told otherwise, and take action to protect themselves.

“Understanding how this breach affects each specific family is important because it will either put your mind at ease or give you and your legal representative a course of action. This should not have happened,” Lanterman added, while also urging parents to demand answers to a series of questions. “What information about my family are you currently storing and how are you storing it? Is it encrypted? Who has access? Is it being stored on a system that’s connected to the internet?”

The breach was first discovered on Feb. 17. A short email sent to Interim Superintendent Rochelle Cox says there was a “system incident that has impacted many MPS systems.” The district’s IT services says it was “determining scope and restoring services as quickly as possible.”

An email went out to district families on Feb. 21, which noted that “no data will be lost due to the…

Source…

Dark Souls 3 & Elden Ring “doomsday scenario” RCE hack discovered

January 23, 2022/in Computer Security

A startling discovery took place on Friday, after a streamer was a victim of what appears to be a Remote Code Execution (RCE) attack in Dark Souls 3 live on stream. In the clip, the streamer experiences a hack that can be seen crashing his game, after which Powershell reportedly opened up and ran a script that trash-talked the player using Microsoft text-to-speech.

According to a message linked in the SpeedSouls Discord server, only one non-malicious person to public knowledge currently knows how to execute this code, and they are working to bring attention to the developers regarding this issue. The hack has been demonstrated but is not widespread yet.

In that message referenced in the server, a user who goes by the name Princess Slut stated: “A person who isn’t malicious discovered a new RCE method, and tried to contact From about it through multiple channels. They ignored him. In an attempt to raise awareness to it so that it would be fixed (as this is a SEVERE security flaw), he did a live benign showcase on stream. It didn’t leak. Nobody has it beside him.”

Princess Slut continued: “He is in contact with sfix so we can fix it on [Blue Sentinel] but this isn’t ideal, as the base product is insecure. We’re also thinking about Elden Ring as it will have that exploit as well. The attempts to get From’s attention and get an official fix for their exploits is what drives most of us.”

An IT specialist I talked to about the potential for this type of hack said: “This is literally the doomsday scenario, someone could completely destroy your computer beyond repair with this exploit… If people can run code on your computer, it is over, they can do anything they want.”

Among the things that hackers could carry out with an RCE exploit are:

Bricking your PC entirely
Stealing sensitive data and passwords stored on your PC
Executing malware on your PC
Using your PC to mine crypto-currency
Pretty much anything you can think of

We don’t know the extent of the RCE, is it probable that they can elevate permissions on the PC. It isn’t confirmed they can, but it is likely, according to experts I talked to…

Source…

Consumer Mobile Security App Market 2021-2026 Detailed Analysis and Growth Strategies, Regional and Recent Scenario Analysis

April 26, 2021/in Mobile Security

The exploration report of worldwide Consumer Mobile Security App Market advertise offers the extensive information about the topmost makers and sellers which are directly working right in the market now and which have great market area according to the country and region and other aspects. The Global Consumer Mobile Security App showcase study report presents a top to bottom investigation about the market based on key sections, for example, item type, application, key organizations and key locales, end clients and others.

The Consumer Mobile Security App market research report identifies and analyses all the parameters that positively or negatively influence the industry performance, to guide stakeholders in making right choices. It comprises of a comparative study of the past and current business scenario to support the forecasts given in the document. Besides, the research literature expounds the various market segments and unfolds the prominent areas that will assure profitability in the ensuing years.

As per industry analyst, Consumer Mobile Security App market is expected to showcase an appreciable growth over 2021-2026, bolstering at a CAGR of XX% throughout.

Request Sample Copy of this Report @ https://www.business-newsupdate.com/request-sample/88612

Furthermore, the document discusses the aftereffects of COVID-19 on this vertical, highlighting challenges such as supply-demand fluxes, cost management, and digitizing operations faced by businesses. In this context, it also proposes solutions that will guarantee high returns in the coming years.

Importantpointers from Consumer Mobile Security App market report:

Consequences of COVID-19 on industry remuneration
Estimates for the growth rate of the market and sub-markets
Key trends in the market
Growth opportunities
Pros and cons of indirect and direct sales channel
Leading dealers, providers, and traders

Consumer Mobile Security App market segments covered in the report:

Regional bifurcation: North America, Europe, Asia-Pacific, South America, Middle East & Africa

Evaluation of business arena at country-level for each regional market
Overall sales and revenue of every area
Market share captured by top…

Source…

Ransomware 3.0 – Where the CISO’s most feared scenario goes next

January 28, 2021/in Internet Security

Ask any CISO what keeps them awake at night and the answer is bound to be: ransomware. A proven money-maker for cybercriminals, ransomware can be devastating to your business – it can wipe out core operational systems; can cost you millions of dollars to recover from; can result in a stock downturn and job losses; and it should be entirely avoidable.

A brief history of ransomware

Ransomware 1.0 really kicked in with the advent of cryptocurrency, allowing cyber criminals to anonymously monetize the attacks. In this first iteration, the malware was sent out in massive quantities of malicious emails into the wild and it would demand payment from whatever machine it happened to infect. This reached a peak when, in May 2017, the global WannaCry outbreak used an automated attack mechanism to infect hundreds of thousands of machines, bringing panic across the security industry, and impacting critical national infrastructure like healthcare institutions. Unprecedented in its scale, WannaCry underlined the fact that ransomware was able to create massive extortion opportunities from public and private organizations alike.

The current incarnation, often called big game hunting ransomware or ransomware 2.0, is a more targeted and methodical attack. Criminals will compromise an individual endpoint (either via email, remote desktop protocol, or a vulnerable internet-facing device like a VPN), enter the network and attempt to hide. Over time they will escalate their access privileges, identify valuable data, exfiltrate information, poison backups, and then plant the ransomware.

When the malware is detonated, the victim has little recourse. The option of not paying is challenging because backups are compromised, and, even if they do recover on their own, the attacker will leak all their sensitive data. It’s a bleak situation – and the reason that CISOs the world over fear this very situation.

So, while this is bad enough, what comes next?

The next stages in ransomware

As cloud adoption has accelerated, partially driven by Covid, firms have more reliance on third party systems and data storage. In 2021, we can expect to see ransomware evolve to more aggressively target the cloud infrastructure,…

Source…

Tag Archive for: scenario

A brief history of ransomware