Armorblox uncovers another new tactic used by email fraudsters

Read More

Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Expel wanted to find out what cybersecurity issues were most important to organisations in the United Kingdom, so it surveyed 500 IT decision-makers (ITDMs) to get a better sense for the state of … Continue reading “Expel’s UK cybersecurity landscape report sheds light on the challenges facing organisations”

Read More

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns.

Phones may end up in police custody for any number of reasons — such as its owner was involved in identity theft — and in these cases the phone itself was used as a tool to commit the crime.

“We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner,” the researchers explained in a paper released this month. “Unfortunately, that expectation has proven false in practice.”

The researchers said while they could have employed more aggressive technological measures to work out more of the PINs for the remaining phones they bought, they concluded based on the sample that a great many of the devices they won at auction had probably not been data-wiped and were protected only by a PIN.

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc. — the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found.

Some readers may be wondering at this point, “Why should we care about what happens to a criminal’s phone?” First off, it’s not entirely clear how these phones ended up for sale on PropertyRoom.

“Some folks are like, ‘Yeah, whatever, these are criminal phones,’ but are they?” said Dave Levin, an assistant professor of computer science at University of Maryland.

“We started looking at state laws around what they’re supposed to do with lost or stolen property, and we found that most of it ends up going the same route as civil asset forfeiture,” Levin continued. “Meaning, if they can’t find out who owns something, it eventually becomes the property of the state and gets shipped out to these resellers.”

Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients.

One phone had full credit files for eight different people on it. On another device they found a screenshot including 11 stolen credit cards that were apparently purchased from an online carding shop. On yet another, the former owner had apparently been active in a Telegram group chat that sold tutorials on how to run identity theft scams.

The most interesting phone from the batches they bought at auction was one with a sticky note attached that included the device’s PIN and the notation “Gry Keyed,” no doubt a reference to the Graykey software that is often used by law enforcement agencies to brute-force a mobile device PIN.

“That one had the PIN on the back,” Levin said. “The message chain on that phone had 24 Experian and TransUnion credit histories”.

The University of Maryland team said they took care in their research not to further the victimization of people whose information was on the devices they purchased from PropertyRoom.com. That involved ensuring that none of the devices could connect to the Internet when powered on, and scanning all images on the devices against known hashes for child sexual abuse material.

It is common to find phones and other electronics for sale on auction platforms like eBay that have not been wiped of sensitive data, but in those cases eBay doesn’t possess the items being sold. In contrast, platforms like PropertyRoom obtain devices and resell them at auction directly.

PropertyRoom did not respond to multiple requests for comment. But the researchers said sometime in the past few months PropertyRoom began posting a notice stating that all mobile devices would be wiped of their data before being sold at auction.

“We informed them of our research in October 2022, and they responded that they would review our findings internally,” Levin said. “They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren’t wiped.”

A copy of the University of Maryland study is here (PDF).

Read More

Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering.

Lancefly has been deploying the Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on corporate networks.

To read this article in full, please click here

Read More

Nozomi Networks has announced the upcoming release of Vantage IQ, a new AI-based analysis and response engine designed to address security gaps and resource limitations in critical operational infrastructure. The new offering will be available from Q3 2023 as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform. It is built to enhance threat detection and remediation with AI-assisted data analysis to help security teams reduce cyber risk and response times, the firm said.

Critical infrastructure is a prime target for cyberattacks, particularly during periods of geopolitical tensions with state-backed actors posing significant threats. Securing national critical infrastructure (CNI) and improving its cyber resilience is therefore high on the agenda for organizations, governments, and industry collectives.

To read this article in full, please click here

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital age, sensitive information is constantly being shared and transmitted over various electronic devices and networks. Whether it’s personal information like social security numbers and financial information like card information, or business information like trade secrets and client data, it’s important to ensure that this information is kept secure and protected from unauthorized access. One of the most effective ways to do this is through encryption.

Encryption is the process of converting plain text or data into an unreadable format using an encryption algorithm, which can only be deciphered or decrypted by those who have the decryption key. This ensures that if the file or email is intercepted or accessed by unauthorized users, they will not be able to read the information.

In cybersecurity, encryption plays a crucial role in ensuring data confidentiality, integrity, and authenticity. In day-to-day life, encryption is used in various ways to make life easier for the common man. For example, encryption is used in online transactions to protect the user’s financial information from being intercepted and stolen by hackers. Encryption is also used in messaging and email applications to protect the privacy of conversations and messages from being read by unauthorized users.

Why encrypt files and Emails?

It is important for computer users to encrypt their files and emails because they may contain sensitive information that could be intercepted or accessed by unauthorized users. Encryption adds an extra layer of security to protect against the risks. Encryption ensures that even if the information is intercepted by a malicious user, it is unreadable and unusable. This can prevent the loss of sensitive data.
Encryption is becoming more important for organisations in order to comply with privacy and data protection regulations like GDPR, PCI-DSS, and HIPAA. These regulations require businesses to take steps to protect sensitive data, and failure to comply can result in legal and financial penalties. Encrypting emails and files can save individuals and organisations from various cyberthreats such as identity theft, financial fraud etc., as well encryption ensures the confidentiality and integrity of data.

How to encrypt files:

Here are some steps you can follow to encrypt files:

Identify the file you want to encrypt, it can be any file such as document, image, video etc.
Choose the encryption software, there are various tools available alongside built in encryption features in Windows and MacOS. Some popular encryption tools available are Veracrypt, 7-zip, GnuPG, AxCrypt. Proceed with the installation of the tool you chose.
Browse the file which you want to encrypt in the encryption tool you installed.
Choose the encryption algorithm, you can choose as per your needs from algorithms given in the tool, such as AES, blowfish etc.
Now, encryption tool will ask you to create a passphrase or password, which will be used to encrypt and decrypt the file. Choose a strong and complex password. Keep the password safe since it is the key to decrypt the file and avoid sharing it with anyone.
After choosing the password, start the encryption process within the encryption tool. Time consumed for encrypting files may vary based on file size and encryption algorithm chosen.
Once the encryption process is complete, the encrypted will be saved with a new file extension depending on the encryption tool used.

By following these steps, you can encrypt your files and protect sensitive information from unauthorized access and interception.

How to encrypt E-mails:

Encrypting emails is another effective way to protect sensitive information from unauthorized access or interception. Here are some steps to follow to encrypt emails:

There are various email encryption tools and software available, including PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail Extensions).
Once you have chosen an email encryption tool, you will need to install the tool and configure it to work with your email account with the steps provided in documentation of the tool. There are also extensions available for PGP and other encryption algorithms available to configure it easily for your email.
After setting up your email encryption account, compose your email as usual. While composing your email, you can encrypt it using the tool you choose, this usually involves selecting the option to encrypt the email and choosing the public key of recipient. Choosing the recipient’s public key while encrypting the email will ensure that the recipient is able to decrypt the email using their private key.
Once the email is encrypted, you can send it as usual. The recipient will need to have the corresponding private key to decrypt the email and view its contents.

Encrypting files and emails is a critical tool in protecting sensitive information from unauthorized access, interception, and tampering. By following the steps outlined above, you can ensure that your files and emails are encrypted using strong encryption algorithms and passwords or passphrases, and that your sensitive information is kept secure and protected.

Read More

Like all healthcare providers, US-based Northfield Hospital has a big responsibility when it comes to cybersecurity as sensitive data and the lives of patients could be at stake. A study by Proofpoint and the Ponemon Institute released in September 2022 found that patient mortality rates increased across more than 20% of healthcare organizations that suffered the most common types of attacks.

“If that healthcare organization is down and the patient doesn’t have access to health care that delays their care and can increase mortality, especially if you’re talking about a stroke victim or a heart attack where time is important. And when you don’t have automation to move that patient through your system and get them the care they need, that can increase the risk of mortality,” Vern Lougheed, Northfield Hospital’s security information officer, tells CSO.

To read this article in full, please click here

Read More

Actor is using leaked Babuk code to target firms

Read More