News

Final Member of ‘The Community’ Sentenced

Final Member of ‘The Community’ Sentenced

The United States has sent a fourth member of the international hacking group known as The Community to prison.

Garrett Endicott, of Warrensburg, Missouri, was the last of six defendants to be sentenced in connection with a multi-million-dollar SIM-swapping conspiracy that claimed victims across the country, including in California, Missouri, Michigan, Utah, Texas, New York and Illinois.

Endicott, along with 22-year-old Conor Freeman of Dublin, Ireland; Ricky Handschumacher, 28, of Pasco County, Florida; Colton Jurisic, 22, of Dubuque, Iowa; Reyad Gafar Abbas, 22, of Rochester, New York; and Ryan Stevenson, 29, of West Haven, Connecticut, was charged with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft in a 15-count indictment unsealed on May 9, 2019.  

After pleading guilty to the charges, 22-year-old Endicott was yesterday ordered to pay restitution in the amount of $121,549.37 and serve 10 months behind bars by United States District Judge Denise Page Hood.

Members of The Community would gain control of a victim’s cell phone number, then use it to access the victim’s email accounts, crypto-currency wallets, and cloud storage. By resetting passwords and requesting two-factor authentication codes, the hackers were able to bypass security measures and steal tens of millions of dollars’ worth of crypto-currency.

“Individual victims lost crypto-currency valued, at the time of theft, ranging from under $2,000 to over $5m. The sentenced defendants were involved in total thefts ranging from approximately $50,000 to over $9m,” said the US Attorney’s Office for the Eastern District of Michigan. 

Three of Endicott’s co-conspirators have already been handed custodial sentences in the United States. Handschumacher was sentenced to 48 months in prison and ordered to pay restitution in the amount of $7,681,570.03. 

Jurisic was sentenced to 42 months in prison and ordered to pay restitution in the amount of $9,517,129.29, and Abbas was ordered to pay restitution in the amount of $310,791.90 and sentenced to 24 months in prison. Stevenson pleaded guilty and was sentenced to probation in the District of Connecticut.

In January, the United States withdrew its extradition request for Freeman after the hacker was sentenced to three years in prison in Ireland in November for stealing crypto-currency, dishonestly operating a computer to make a gain, and knowingly engaging in the possession of the proceeds of crime.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

Twitter to Remove Private Media

Twitter to Remove Private Media

Twitter has altered its privacy rules so that images of individuals that were posted without the subject’s consent can be taken down from its online platform. 

The social media company said it was expanding its existing private information policy to include “private media” in a bid to combat cyber-harassment. 

News of the policy change came the day after Twitter co-founder Jack Dorsey announced that he is stepping down as the company’s chief executive officer. Parag Agrawal, a 37-year-old Twitter engineer who was appointed as the company’s chief technology officer in 2017, will take over the helm.

Under the new policy, which was announced by the company in a blog post on Tuesday, images do not need to be considered abusive to be removed.

“While our existing policies and Twitter Rules cover explicit instances of abusive behavior, this update will allow us to take action on media that is shared without any explicit abusive content, provided it’s posted without the consent of the person depicted,” stated Twitter. 

“This is a part of our ongoing work to align our safety policies with human rights standards, and it will be enforced globally starting today.”

The company said that it will take action in line with its “range of enforcement options” whenever it receives a report that a tweet features unauthorized private media.

Reports must be sent in from the individual depicted in the image or from their authorized representative before the company will determine whether its private media rule has been infringed.

Twitter said that the new policy “is not applicable to media featuring public figures or individuals when media and accompanying Tweet text are shared in the public interest or add value to public discourse.”

Current privacy rules put in place by Twitter ban users from publishing other people’s private data, such as phone numbers, addresses, and IDs. Users are also barred from threatening to share private information or encouraging other people to expose it.

In May, Twitter introduced a prompt feature to encourage users wishing to Tweet abusive language to think harder about what they are posting before they post it.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

SANS Institute Founder Dies

SANS Institute Founder Dies

American cybersecurity training advocate, technologist, and entrepreneur Alan Terry Paller has died at the age of 76. 

Paller’s death occurred on November 9 at his home in Bethesda, Maryland. His passing was announced by the Bethesda-based SANS Institute, which Paller and his wife, Marsha Mann Paller, founded in 1989.

The Institute went on to become one of the world’s leading nongovernment cybersecurity training programs. 

Paller was born in Indianapolis on September 17, 1945, to an engineer and a high school English teacher. In 1967, he graduated from Cornell University with a bachelor’s degree in mechanical engineering. Paller completed a master’s degree in engineering from the Massachusetts Institute of Technology in 1968. 

He began his career in the United States Navy, using computers to design ships. He went on to co-found a computer timeshare business in Hawaii, run a consultancy in applied computer graphics technology, and work for the Institute for Defense Analysis on missile-defense issues.

Cybersecurity was described by Paller as an “existential issue.” He was a firm believer in the use of regulation to improve America’s cybersecurity posture and earned a reputation as one of cybersecurity’s earliest cheerleaders. 

Speaking to the Washington Post in 2012, Paller said of cybersecurity: “Our future economic well-being and future national security are at stake if we don’t mandate it.”

In addition to championing cybersecurity and raising awareness of the importance of training cybersecurity professionals, Paller was an advocate for increasing the diversity of the cybersecurity workforce and actively sought ways to reach out to veterans, community colleges, communities of color, teens, and women. 

To attract more young people into pursuing a career in cybersecurity, Paller established game-based competitions that introduced teens to cybersecurity in a fun way.

Haya Arfat, a 20-year-old student at Texas A&M University, became interested in cybersecurity after joining the GirlsGoCyberStart program for high-schoolers that Paller set up. She later received a SANS Institute scholarship in 2019. 

“Alan was really encouraging and passionate,” said Arfat. “That’s what opened my eyes to the possibility of a career in cybersecurity.”

Paller is survived by his wife of 53 years, his daughters, Channing Paller and Brooke Paller, his two grandsons, and other family members.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

Organizations Now Have 76 Security Tools to Manage

Organizations Now Have 76 Security Tools to Manage

Organizations are presenting their attackers with an open goal because of tool bloat, a lack of visibility into key assets, and misplaced confidence in their security controls, according to Panaseer.

The security vendor polled 1,200 US and UK enterprise security decision-makers from various industries to compile its Panaseer 2022 Security Leaders Peer Report.

It found that the shift to cloud and remote working has driven a 19% increase over the past two years in the number of security tools organizations must manage – from 64 to 76.

This can increase reporting requirements and generate visibility and security controls gaps that are difficult to close.

Only a third (36%) of respondents said they feel very confident in their ability to prove controls were working as intended. In comparison, the vast majority (82%) claimed to have been surprised by a security event, incident or breach that evaded controls thought to be in place.

According to a Gartner poll of senior executives, security controls failures were the number one cited risk in Q1 2021.

Panaseer also found that just two-fifths of security leaders can confidently understand and remediate underperforming controls and track improvement. A majority (60%) of respondents admitted to not being confident in their ability to measure security controls designed to mitigate ransomware continuously.

Part of the challenge is a lack of insight into key assets such as databases (27%), devices (17%) and IoT endpoints (16%).

The amount of time the average security decision-maker spends on generating manual reports for the board has also surged in the past two years – from 40% to 54%

Panaseer CEO, Jonathan Gill, argued that tool overload has created a major data integration headache for security teams.

“Many organizations try to resolve this with spreadsheets and other in-house solutions that simply increase the reporting and administration burden on precious cybersecurity resources,” he added.

“It’s almost impossible to understand an organization’s assets, the status of controls relating to those assets, and the business context or ownership of the associated vulnerabilities. Most attacks happen despite organizations having invested in controls to defend themselves, but finding those controls were not deployed across all assets as intended.”

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

HP Printer Hijack Bugs Impact 150 Models

HP Printer Hijack Bugs Impact 150 Models

Security researchers have discovered two vulnerabilities in multi-function printers (MFPs) which impacted 150 product models.

F-Secure security consultants Timo Hirvonen and Alexander Bolshev have written up their findings in a detailed report, Printing Shellz.

Specifically, they found a physical access port vulnerability (CVE-2021-39237) and a font parsing bug (CVE-2021-39238) in HP’s MFP M725z device. They turned out to affect scores more products in the FutureSmart line dating back to 2013.

CVE-2021-3928 is the more dangerous of the two as it can be exploited remotely, potentially by tricking an employee into visiting a malicious website, to conduct a “cross-site printing” attack. Here, the website would automatically print a document containing a maliciously crafted font on a vulnerable MFP, said F-Secure.

This would allow an attacker to execute arbitrary code on the machine to steal any printed, scanned or faxed information, including device passwords.

The report claimed that it could also enable attackers to launch deeper attacks into the corporate network to spread ransomware, steal data from more sensitive data stores and achieve other goals.

The bugs are also wormable, meaning multiple MFPs on the same network could be automatically impacted.

“It’s easy to forget that modern MFPs are fully-functional computers that threat actors can compromise just like other workstations and endpoints. And just like other endpoints, attackers can leverage a compromised device to damage an organization’s infrastructure and operations,” explained F-Secure’s Hirvonen.

“Experienced threat actors see unsecured devices as opportunities, so organizations that don’t prioritize securing their MFPs like other endpoints leave themselves exposed to attacks like the ones documented in our research.”

HP has issued patches for the vulnerabilities, which are described as “medium” (CVE-2021-39237) and critical severity (CVE-2021-39238).

Although they’re only thought to be exploitable by advanced targeted attackers, enterprises were urged to patch them as soon as possible.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

MI6 Boss: Digital Attack Surface Growing “Exponentially”

MI6 Boss: Digital Attack Surface Growing “Exponentially”

One of the UK’s top spymasters has revealed that MI6 is pursuing partnerships with the technology industry to tackle the challenges posed by nation-states, cyber-criminals and global terrorists.

Head of the Secret Intelligence Service (SIS), Richard Moore, explained in a rare speech yesterday that, unlike the character Q from the James Bond films, the service cannot source all of its tech capabilities in-house.

“Through the National Security Strategic Investment Fund we are opening up our mission problems to those with talent in organizations that wouldn’t normally work with national security,” he added.

“I cannot stress enough what a sea-change this is in MI6’s culture, ethos and way of working, since we have traditionally relied primarily on our own capabilities to develop the world class technologies we need to stay secret and deliver against our mission.”

These partnerships will increasingly be needed in areas such as artificial intelligence (AI), quantum computing and synthetic biology, into which adversaries are “pouring money and ambition” to gain leverage, Moore warned.

New tech capabilities will help address MI6’s four key priorities: Russia, China, Iran and global terrorism. It’s a challenge made more acute as technology rapidly advances, he said.

“The ‘digital attack surface’ that criminals, terrorists and hostile states threats seek to exploit against us is growing exponentially. We may experience more technological progress in the next ten years than in the last century, with a disruptive impact equal to the industrial revolution,” Moore argued.

Much of his speech was focused on China, whose intelligence services Moore claimed were “highly capable” and both monitor foreign targets and aim to influence the Chinese diaspora.

Moore called out China’s growing disinformation operations via social media and its attempts to draw smaller nations into its sphere of influence via “debt traps” and “data exposure.”

He also warned that the country was increasingly exporting “Made in China” surveillance technology to create a “web of authoritarian control” around the planet.

James Griffiths, technical director of consultancy Cyber Security Associates, argued that technology like big data analytics could be a “force multiplier” in helping to automate key tasks and make intelligence analysts more productive.

“MI6 is very good at what it does within its own intelligence remit. It has also positively identified that to be the best across the board it needs to leverage the skillset of other organizations that are specialists in key areas, for example AI, machine learning quantum cryptography,” he added.

“By leveraging and working in partnership with these organizations MI6 will increase its overall effectiveness and the wider intelligence community as a whole.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains

Reimagining mobile security for the way we live our lives today, tomorrow, and beyond.

Online is a little different for everyone

How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go. 

This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you. 

As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal. 

For the new normal, a new approach to protection with mobile security 

What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect. 

 This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure. 

Introducing the new McAfee Security mobile app 

A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app. 

Identity Protection Service

Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web. 

Privacy protection with Secure VPN

Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption. 

Device protection 

At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices. 

Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile. 

The mobile app is available right now – here’s how to get it 

If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features. 

Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today. 

The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blogs.

—————
Boost Internet Speed
Free Business Hosting
Free Email Account
Dropcatch
Free Secure Email
Secure Email
Cheap VOIP Calls
Free Hosting
Boost Inflight Wifi
Premium Domains
Free Domains