But IBM warns credential compromise is number one initial access vector

Read More

I’m such a fan of RUOK? Day. Started in 2009, it’s an Australian non-profit suicide prevention that is all about having conversations with others to address social isolation and promote a sense of community. What I love the most, is that RUOK? Day has become quite an event on the Australian calendar. You’d be hard-pressed to find a workplace that doesn’t host a morning tea or a retailer that’s not selling a ribbon or badge in support of the day. In my opinion, it has given many of us the confidence to talk about mental health and that, my friends, is a very good thing!

When You’re Not Feeling OK

You wouldn’t be human if you hadn’t ever felt a little down or anxious. It’s the natural ebb and flow of daily life. However, if these symptoms are hanging around and are affecting your ability to ‘do’ life then, it’s time to take some action.

Remember, it is incredibly common for someone to experience a dip in their mental health. Recent research shows that over 2 in 5 Aussies aged 16 to 85 will experience a mental disorder at some time in their life, with 1 in 5, experiencing a mental disorder in the previous 12 months.

If you’re not feeling OK, the most important thing to remember is that you do not need to deal with this all by yourself. Sometimes when you’re feeling really low, the thought of leaving the house and facing the world can feel too much. I totally get it! And that’s where the online world can play a huge role. There is an abundance of resources available online for anyone who needs mental health support which makes it so much easier to get the help you need when facing the world just feel a bit much.

Where To Go Online When You’re Not Feeling OK

Here is a list of organisations that offer online mental health services here in Australia. This list is not exhaustive however these are the most commonly used, and hence best funded, support services. If you are based in the US, please find details at the end of the post for organisations that can provide mental health support.

When Things Are Pretty Dire

The Suicide Call-Back Service offers free professional 24/7 counselling support to Aussies at risk of suicide, concerned about someone at risk, affected by suicide as well as people experiencing emotional or mental health issues. There is an option for telephone support as well as online chat and video counselling also.
If you need to speak to someone ASAP then contact Lifeline. They offer a free 24/7 confidential one to one counselling service that can help you in a crisis. You can, of course, choose to speak to someone on the telephone (13 11 14) but you also have the option of either messaging or texting (0477 13 11 14) with a counsellor also.
Beyond Blue is another great Aussie mental health and wellbeing support service that can help in an emergency. Again, it offers 24/7 confidential counselling services for anyone who is struggling. Telephone counselling is an option here (1300 22 4636) but if you’d prefer, you can use their web chat option here.

Online Help Specifically For Young People

Kids Helpline is a dedicated 24/7 support service for young people aged 5 to 25 who want to chat for any reason. It’s free (even from a mobile phone) and there is a choice of telephone counselling or support via web chat or email. You can also access support if you are an adult supporting a young person. Since it was established in 1991, the service has supported over 8.5 million people. The service offers everything from life-saving crisis intervention through to emotional support when young people just need someone to listen.
Headspace is Australia’s Mental Health Young Foundation. It also provides free online and telephone support from 9am to 1am AEST, 7 days a week for young people (12-25) and their families. In addition to its crisis support services, it also offers regular counselling options through its network of 150 centres around Australia.

Other Services

The Butterfly Foundation’s National Helpline is a free confidential service that provides information, counselling, and treatment referral for people (and their families) with eating disorders and body image issues. It operates between 8am and midnight, 7 days a week and offers support via telephone (1800 33 4673), email and web chat. This is not a crisis service.
Friendline is a telephone and chat support service for anyone who’s feeling lonely, needs to reconnect or just wants a chat. You can call them 7 days a week on 1800 424 287, or chat online with one of their trained volunteers. All conversations with FriendLine are anonymous. This is not a crisis service.
MensLine Australia is a professional telephone and online counselling service offering support to Australian men 24 hours/7days a week. Whether it’s addiction issues, domestic violence, anxiety or depression, the service is able to offer support on 1300 78 99 or via online or video chat.
Open Arms – Veterans and Families Counselling provides 24/7 free and confidential telephone and webchat counselling to anyone who has served at least one day in the Australian Defence Force, their partner, and their families. It isn’t a crisis service, but it can offer ongoing mental health treatment and services.

So, if you are not just yourself at the moment and are feeling really low – or you know someone that is – please know that there is help available online 24/7. So, make yourself a cuppa and get started because you are not alone.

Alex xx

P.S. For my US friends:

The 988 Suicide & Crisis Helpline provides 24/7 free and confidential support and crisis resources for people in distress, and their families. Simply text or call 988 to access help.

The Crisis Text Line is a free and confidential 24/7 support service for anyone who resides in the US. Support can be accessed by text message (text HOME to 741-741) and online chat.

The post RUOK Day – How to Get Help Online When You’re Not Feeling OK appeared first on McAfee Blog.

Read More

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

In a post on the English language cybercrime forum BreachForums, USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems.

USDoD didn’t say why they decided to leak the data on the 22nd anniversary of the 9/11 attacks, but there was definitely an aircraft theme to the message that accompanied the leak, which concluded with the words, “Lockheed martin, Raytheon and the entire defense contractos [sic], I’m coming for you [expletive].”

Airbus has apparently confirmed the cybercriminal’s account to the cyber intelligence firm Hudson Rock, which determined that the Airbus credentials were stolen after a Turkish airline employee infected their computer with a prevalent and powerful info-stealing trojan called RedLine.

Info-stealers like RedLine typically are deployed via opportunistic email malware campaigns, and by secretly bundling the trojans with cracked versions of popular software titles made available online. Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal).

Hudson Rock said it recovered the log files created by a RedLine infection on the Turkish airline employee’s system, and found the employee likely infected their machine after downloading pirated and secretly backdoored software for Microsoft Windows.

Hudson Rock says info-stealer infections from RedLine and a host of similar trojans have surged in recent years, and that they remain “a primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage.”

The prevalence of RedLine and other info-stealers means that a great many consequential security breaches begin with cybercriminals abusing stolen employee credentials. In this scenario, the attacker temporarily assumes the identity and online privileges assigned to a hacked employee, and the onus is on the employer to tell the difference.

In addition to snarfing any passwords stored on or transmitted through an infected system, info-stealers also siphon authentication cookies or tokens that allow one to remain signed-in to online services for long periods of time without having to resupply one’s password and multi-factor authentication code. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Microsoft Corp. this week acknowledged that a China-backed hacking group was able to steal one of the keys to its email kingdom that granted near-unfettered access to U.S. government inboxes. Microsoft’s detailed post-mortem cum mea culpa explained that a secret signing key was stolen from an employee in an unlucky series of unfortunate events, and thanks to TechCrunch we now know that the culprit once again was “token-stealing malware” on the employee’s system.

In April 2023, the FBI seized Genesis Market, a bustling, fully automated cybercrime store that was continuously restocked with freshly hacked passwords and authentication tokens stolen by a network of contractors who deployed RedLine and other info-stealer malware.

In March 2023, the FBI arrested and charged the alleged administrator of BreachForums (aka Breached), the same cybercrime community where USDoD leaked the Airbus data. In June 2023, the FBI seized the BreachForums domain name, but the forum has since migrated to a new domain.

Unsolicited email continues to be a huge vector for info-stealing malware, but lately the crooks behind these schemes have been gaming the search engines so that their malicious sites impersonating popular software vendors actually appear before the legitimate vendor’s website. So take special care when downloading software to ensure that you are in fact getting the program from the original, legitimate source whenever possible.

Also, unless you really know what you’re doing, please don’t download and install pirated software. Sure, the cracked program might do exactly what you expect it to do, but the chances are good that it is also laced with something nasty. And when all of your passwords are stolen and your important accounts have been hijacked or sold, you will wish you had simply paid for it.

Read More