Trending cyber news

Google and Microsoft invest $30 bilion in cybersecurity for over the next five years :-

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide.

Microsoft will invest $20 billion over the next five years to deliver advanced security solutions, in addition to making available $150 million in technical services to help federal, state, and local governments with upgrading security protections.
Google will invest over 10 bilion dollar to bolster cybersecurity, including expanding zero-trust programs, helping secure the software supply chain and enhancing open-source security. It’s worth noting that the search giant, earlier this June, announced a framework called the Supply chain Levels for Software Artifacts (“salsa”) to safeguard the integrity of software supply chains.
Apple will work with more than 9,000 of its suppliers to push for mass adoption of multi-factor authentications, vulnerability remediation, event logging, and security training.
IBM will train 150,000 people in cybersecurity skills over the next three years, and will partner with 20 Historically Black Colleges & Universities to establish a more diverse cyber workforce.
Amazon will make available to all Amazon Web Services account holders a multi-factor authentication device to protect against phishing and password theft at no extra cost.

And this ideas when created then all big companies like kesaya , colonial pipeline and JBS chicken companies being hacked by hackers ..

4 Biggest Cyber Security Threats for Indian Banking Sector

In COVID-19, Cyber-attacks persistently increases, and attackers are actively looking for their victims for the malicious cyber-attacks on sensitive data of banking and financial systems.

Why Is Cyber Security Important In Banking?

Data breaches are a serious problem in the banking sector. A weak cybersecurity system can cause their customer base to undergo cyber security threats.

Banks need to be on their guard 24/7; if not, your data with the bank can be breached.

When a bank’s data is breached, recovering from this data breach can be time-consuming and stressful. So enhancing the banking security system is a must..

Biggest Cyber Attacks in India

1. Cosmos Bank Cyber Attack in Pune

A recent cyberattack in India in 2018 took place in Cosmos bank when hackers siphoned off Rs. 94.42 crores. Below is the jist of cyberattacks represented by economic times.

2. ATM System Hacked

Canara Bank ATM servers were targeted in around mid-2018. According to sources, more than 300 user’s ATM details were hacked by attackers and wiped off 20 lakh rupees from various bank accounts.

3. UIDAI Aadhaar Software Hacked

1.1 billion Indian Aadhaar card details were leaked and this is one of the massive data breaches that happened in 2018.UIDAI released the official notification about this data breach and mentioned that around 210 Indian Government websites were hacked.
Aadhaar Software Hacked: This data breach included Aadhar, PAN, bank account IFSC codes, and other personal information of the users and anonymous sellers were selling Aadhaar information for Rs. 500 over Whatsapp. Also, one could get an Aadhaar card printout for just Rs.300.

4. SIM Swap Scam

Two hackers from Navi Mumbai fraudulently gained SIM card information and illegally transferred money from the bank accounts of rupees 4 crores in August 2018. They carried out transactions via online banking.

What should be done to reduce Cyber Security Threats in the Banking Sector?

Increasing awareness among employees: Banks need to adopt a comprehensive training module to prepare their staff to handle cyber attacks.

Encrypt Your Data: Cryptography is one of the methods to encrypt your data and ensures your most sensitive digital assets are always protected.

Chinese developers expose data belonging to Android gamers

The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server.

In a report, shared with ZDNet, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.

EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M.

On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.

In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.

The team says that the developers impose “aggressive and deeply troubling tracking, analytics, and permissions settings” when their software is downloaded and installed, and as a result, the variety of data collected was, perhaps, far more than you would expect mobile games to require.

The records included IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data

vpnMentor suspects that up to, or more than, one million users may have had their information exposed.

The unsecured server was discovered on July 5 and EskyFun was contacted two days later. However, after receiving no response, vpnMentor made a second attempt on July 27.

Continued silence required the team to also reach out to Hong Kong CERT and the server was secured on July 28.

“Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users,” the researchers commented. “Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”

ZDNet has reached out to EskyFun and we will update when we hear back.

How to protect yourself from cyber attacks :

Keep software and operating system updated

Keeping your software and operating system up to date ensures that you benefit from the latest security patches to protect your computer.

Use anti-virus software and keep it updated

Using anti-virus or a comprehensive internet security solution like Kasperky cyber security is a smart way to protect your system from attacks.

Anti-virus software allows you to scan, detect and remove threats before they become a problem. Having this protection in place helps to protect your computer and your data from cybercrime, giving you piece of mind.

If you use anti-virus software, make sure you keep it updated to get the best level of protection.

Use strong passwords

Be sure to use strong passwords that people will not guess and do not record them anywhere. Or use a reputable password manager to generate strong passwords randomly to make this easier.

Never open attachments in spam emails

A classic way that computers get infected by malware attacks and other forms of cybercrime is via email attachments in spam emails. Never open an attachment from a sender you do not know.

Do not click on links in spam emails or untrusted websites

Another way people become victims of cybercrime is by clicking on links in spam emails or other messages, or unfamiliar websites. Avoid doing this to stay safe online.

Do not give out personal information unless secure

Never give out personal data over the phone or via email unless you are completely sure the line or email is secure. Make certain that you are speaking to the person you think you are.

Contact companies directly about suspicious requests

If you get asked for data from a company who has called you, hang up. Call them back using the number on their official website to ensure you are speaking to them and not a cybercriminal.

73% of Indian firms expect customer data breach in next 1 year

Bengaluru, Nearly 73 per cent of organisations in India expect to experience a data breach that impacts customer data in the next 12 months, a new report showed on Tuesday.

The Indian organisations ranked the top three negative consequences of an attack as lost IP, critical infrastructure damage/disruption, and cost of outside consultants and experts, according to global cybersecurity leader Trend Micro.

Bengaluru, Nearly 73 per cent of organisations in India expect to experience a data breach that impacts customer data in the next 12 months, a new report showed on Tuesday.

Nearly 57 per cent Indian organisation among those surveyed said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months.

While 34 per cent suffered more than 7 cyber attacks that infiltrated networks/systems, 20 per cent had more than 7 breaches of information assets.

Thirty per cent of respondents said they’d suffered more than 7 breaches of customer data over the past year.

In India, the top cyber threats highlighted in the report were ransomeware watering hole attacks, botnets, malicious insiders and APT.

The top security risks to infrastructure include malicious insiders, cloud computing infrastructure and providers, organisational misalignment and complexity, as well as negligent insiders, the report noted.

“To lower cyber risk, organisations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms,” Katiyar said.

A new phishing attack lurking to scam banking customers: Advisory

“It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform.”

Scammers are targeting banking customers in India using a novel phishing attack to collect sensitive information such as internet banking credentials, mobile number and OTP to carry out fraudulent transactions, the country’s cyber security agency has warned in its latest advisory.

The malicious activity is being carried out using the the ngrok platform , a unique web application, it said.

“It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform.”

“The malicious actors have abused the ngrok platform to host phishing websites impersonating internet banking portals of Indian banks,” according to the advisory issued by CERT-In on Tuesday.

The CERT-In is the federal technology arm to combat cyber attacks and guarding the cyber space against phishing and hacking assaults and similar online attacks.

Phishing denotes to the fraud when an attacker, masquerading as a trusted entity, tricks a victim into clicking evil links to steal passwords, login credentials and one-time password (OTP).

Using these phishing websites, the advisory elaborated, “malicious actors” are collecting sensitive information of the customers such as internet banking credentials, mobile number and OTP to perform “fraudulent transactions.”

It said the phishing attacks have been seen to be triggered through SMSes containing links that end with ngrok.io/xxxbank.

The advisory explained this with a sample SMS.

"Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank".

Once a victim clicks on this URL (universal resource locator) and log in to the phishing website using internet banking credentials, the attacker generates OTP for 2FA or two factor authentication which is delivered to the victim's phone number.

"The victim then enters this OTP in the phishing site, which the attacker captures," it said.

Finally, the attacker gains access to the victim’s account using the OTP and performs fraudulent transactions, the advisory said.

The cyber security agency has suggested some “best practices” to nip these attacks in the bud, the most important being: “Look for suspicious numbers that don’t look like real mobile phone numbers as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.”

“Genuine SMSes received from banks usually contain sender id (consisting of bank’s short name) instead of a phone number in sender information field.”

It further suggested internet banking users to “only click on URLs that clearly indicate the website domain.”

“When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites they visited are legitimate,” it said.

A specific check against such attacks is “exercising caution towards shortened URLs, such as those involving bit.ly and tinyurl.”

“Users are advised to hover their cursors over the shortened URLs (if possible) to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL,” it said.

Users can also use the shortening service preview feature to see a preview of the full URL, the advisory stated.

It said bank customers should pay “particular attention to any mis-spelling and/or substitution of letters in the URLs of the websites they are browsing.”

Some other counter-measures stated in the advisory are the often-repeated principles that are advised for safe browsing and accessing the internet.

“Install and maintain updated anti-virus and anti-spyware software, filtering tools (anti-virus and content-based filtering), firewall, and filtering services.”

Update spam filters with latest spam mail contents, it said.

“Customers should report any unusual activity in their account immediately to the respective bank,” it said.

“Phishing websites and suspicious messages should be reported to the CERT-In at incident@cert-in.org.in and respective banks with the relevant details for taking further appropriate actions,” the advisory concluded.

खतरे की घंटी है WhatsApp पर आया यह मेसेज, हैकर्स की शातिर चाल

अगर आप WhatsApp यूज करते हैं, तो आपको बेहद सतर्क रहने की जरूरत है। हैकर्स वॉट्सऐप के जरिए बड़ी आसानी से किसी भी यूजर को अपना शिकार बना सकते हैं। चिंता की बात यह है कि साइबर क्रिमिनल्स ने वॉट्सऐप में मिलने वाले एक खास सिक्योरिटी फीचर को ही अपना नया हथियार बना लिया है। वॉट्सऐप के इस सिक्यॉरिटी फीचर का नाम two-factor authentication है।

अकाउंट की सेफ्टी के लिए लॉन्च हुआ था फीचर
वॉट्सऐप ने टू-स्टेप वेरिफिकेशन फीचर को यूजर्स के अकाउंट की सेफ्टी के लिए लॉन्च किया था। अब हैकर्स बड़े शातिर तरीके से इसका इस्तेमाल हैकिंग के लिए कर रहे हैं। इसे वेरिफिकेशन कोड स्कैम भी कहा जा सकता है। यह कोड दरअसल टू-फैक्टर ऑथेंटिकेशन का कोड होता है और यह फोन चेंज करने पर वॉट्सऐप अकाउंट को ऐक्टिवेट करने के लिए जरूरी होता है।

हैकर्स के बिछाए जाल में फंस जाते हैं यूजर
इस साइबर क्राइम में हैकर्स यूजर को लॉगइन कोड के साथ एक टेक्स्ट मेसेज भेजते हैं। इस टेक्स्ट मेसेज में हैकर यूजर्स को किसी फ्रेंड या फैमिली मेंबर के नंबर से मेसेज भेजते हैं। इस मेसेज में ‘Hey! I accidentally sent you my WhatsApp log-in code. Could you send it back to me please?’ लिखा होता है। यूजर हैकर्स के बिछाए इस जाल में आसानी से फंस जाते हैं और लॉगइन कोड को उनके साथ शेयर कर देते हैं।

फ्रेंड्स और फैमिली मेंबर्स के अकाउंट को भी खतरा
अगर आपने हैकर द्वारा भेजे गए इस मेसेज का रिप्लाइ कर दिया तो आपका अकाउंट हैक हो जाएगा। इस वेरिफिकेशन कोड की मदद से हैकर आपके अकाउंट में लॉगइन कर लेंगे और आप अकाउंट से लॉगआउट हो जाएंगे। चिंता की बात यह भी है कि अगर हैकर्स के हाथ आपका वॉट्सऐप अकाउंट लग गया, तो वे बड़ी आसानी से आपके फ्रेंड्स और फैमिली मेंबर्स को भी अपना शिकार बना लेंगे।

स्कैम से बचने का एक ही तरीका
अगर आपके पास कोई ऐसा मेसेज आता है , तो उसे तुरंत डिलीट करे दें। साथ ही उस फ्रेंड या फैमिली मेंबर को भी यह जानकारी दे दें कि उनके नंबर से आपको एक ऐसा मेसेज रिसीव हुआ है। अगर गलती से आपको लगता है कि आपका अकाउंट हैक हो गया है, तो तुरंत अपने अकाउंट में फिर से लॉगइन करें। लॉगइन करने के लिए आपके नंबर पर सही वेरिफिकेशन कोड आएगा और इसे एंटर करते ही हैकर आपके अकाउंट से लॉगआउट हो जाएगा।

Data breach at New York university potentially affects 47,000 citizens

A data breach at a New York university has potentially exposed the personal information of nearly 47,000 individuals.

The Research Foundation for the State University of New York (SUNY) announced it detected unauthorized access to its networks earlier this year.

The incident was discovered on July 14, and reportedly involved Social Security numbers.

A total of more than 46,700 individuals are areas said to be impacted by the data breach, although it’s not stated whether these people are employees, donors, or others who might be linked to the organizations.

A security advisory (PDF) hosted on the office of the Maine Attorney General’s website offers more details about the incident:

We recently discovered unusual network activity that caused certain systems in our network to become unavailable.
We immediately began an investigation, a cybersecurity firm was engaged, and measures were taken to address the incident and to restore the systems.
We also notified law enforcement and worked to support its investigation. Research Foundation learned that there was unauthorized activity in Research Foundation’s network between May 22, 2021, and July 9, 2021. During that time, an unauthorized party obtained files stored on Research Foundation’s file servers.

The organization has pledged to provide eligible individuals a complimentary, one-year credit monitoring and identity theft protection services.

Security overhaul

“To help prevent something like this from happening again, Research Foundation is taking and has taken steps to further enhance the security of its network,” the foundation said.

These steps include the implementation of multi-factor authentication and deploying an endpoint detection and response tool throughout its network

LIFE

WHAT IS LIFE ?? Life is a race where we run and struggles for our dreams , i think we have always two ways to live a life the first way is choose a simple way where all persons with you , and caring for you but they have some rules if you follow their […]
LIFE