Sniper Watch’s Post

https://lnkd.in/gvaAJqpy US Health Dept warns #hospitals of hackers targeting #IT help desks 🚨ALERT: Healthcare and Public Health sector, be aware of #hackers using #socialengineering tactics to target IT #helpdesk!🚨 The U.S. Department of Health and Human Services (#HHS) has issued a warning that hackers are now using local area codes to call organizations pretending to be employees in the financial department and providing stolen ID verification details, including #corporate ID and social security numbers. These tactics have allowed attackers to enroll their own multi-factor authentication (#MFA) devices and gain access to targeted organizations' systems. Be cautious when enrolling new devices in MFA, especially if the caller is claiming their #smartphone is broken. Stay vigilant and keep your sensitive information secure. #endpoint #cloudsecurity #smallbusiness #infosec #endcyberrisk #business #bankingindustry #cyber #riskmanagement #endpointsecurity #iotsecurity #internetofthings #informationsecurity #cyberawareness #IoT #asis #threatintelligence #technology #datasecurity #websitesecurity #darkweb #cloud #google #microsoft #securityawareness #cybersecurity #risk #linkedin #linkedintips #smartphones #financialservices #Twitter #facebook #socialmedia #X #cybercrime #media #hospitalsecurity #publichealth #hospitalindustry #healthcaresecurity #healthcareindustry

One more Cyber Security alert 🔴⚠️ 𝐁𝐒𝐍𝐋 , 𝐎𝐧𝐜𝐞 𝐚𝐠𝐚𝐢𝐧 𝐡𝐢𝐭 𝐛𝐲 𝐦𝐚𝐣𝐨𝐫 𝐝𝐚𝐭𝐚 𝐛𝐫𝐞𝐚𝐜𝐡 Its important to BSNL take strong step regarding this. BSNL LTD the state-owned telecommunication provider has suffered a significant data breach, according to TIR the cyberattack has been done by “Kiberphantom” and he putting millions of users at risk. 𝐓𝐡𝐞 𝐛𝐫𝐞𝐚𝐜𝐡 𝐢𝐧𝐯𝐨𝐥𝐯𝐞; 🔻Critical data including International Mobile Subscriber Identity(IMSI) 🔻Sim Card Information 🔻Home location Register(HLR) details 🔻DP card data(8GB) & DP security key data (130 GB) 🔻snapshots of BSNL’s SOLARIS servers(140GB) In overall basis total 27GB of sensitive information has been compromised because this. 👉𝐖𝐡𝐚𝐭 𝐜𝐚𝐮𝐬𝐞𝐬 𝐨𝐜𝐜𝐮𝐫𝐫𝐞𝐝: 🚫Sim cloning and identity theft 🚫Financial data & information and identity theft. 🚫Privacy violation 🚫Targeted attacks and scams, which exploiting users trust on BSNL.🤷♀️ 🚫impact on Log in Incredential. 🚫Goodwill lost 🚫Market lost by the BSNL and needs more security 🔐 🚫Infrastructure stability lost 𝐈𝐭'𝐬 𝐧𝐨𝐭 𝐨𝐧𝐥𝐲 𝐥𝐢𝐦𝐢𝐭𝐞𝐝 𝐭𝐨 𝐁𝐒𝐍𝐋 𝐮𝐬𝐞𝐫𝐬 𝐛𝐮𝐭 𝐢𝐭 𝐜𝐚𝐧 𝐚𝐥𝐬𝐨 𝐚𝐭𝐭𝐚𝐜𝐤 𝐨𝐧 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐭𝐡𝐞 𝐜𝐨𝐦𝐩𝐚𝐧𝐲 𝐚𝐧𝐝 𝐧𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲. Its affect many things. 👉𝐖𝐡𝐚𝐭 𝐬𝐡𝐨𝐮𝐥𝐝 𝐁𝐒𝐍𝐋 𝐮𝐬𝐞𝐫𝐬 𝐝𝐨; ✅the user should monitor unusual activity on their phones and bank accounts. ✅be aware of unusual messages and calls. ✅Enable Two-Factor Authentication (2FA) for an additional layer of security 🔐 ✅If anything looking 👀 negative or something is wrong and not understand by you then immediately go to bank and ask and customer care, email them. The Athenian Tech cybersecurity experts believe that BSNL should take immediate action to contain the breach. 𝐖𝐡𝐨 𝐚𝐫𝐞 𝐡𝐞𝐫𝐞 𝐁𝐒𝐍𝐋 𝐮𝐬𝐞𝐫𝐬? 𝐀𝐧𝐝 𝐢𝐬 𝐚𝐧𝐲𝐭𝐡𝐢𝐧𝐠 𝐡𝐚𝐫𝐦 𝐚𝐧𝐝 𝐢𝐦𝐩𝐚𝐜𝐭 𝐲𝐨𝐮? 𝙏𝙝𝙚𝙣 𝙥𝙡𝙚𝙖𝙨𝙚 𝙗𝙚 𝙖𝙬𝙖𝙧𝙚!! Connect with me CA Shaifali Ranka (Jain) #bsnl #cybersecurity #fraud #hacker #hacking #telecommunication #market #nationalsecurity #users #forensic #audit #alert #update #news #published #protect #protection #mobile #thursday #technology #it #hackers

Cyber Byte of the day: The Health Sector Cybersecurity Coordination Center (HC3) warns that threat actors are using advanced social engineering tactics to target IT help desks in health sector to access organizations’ network and divert payments.  They target employees in financial roles by making phone calls with the target organization’s area code and claiming to be an employee. They pass the verification process with stolen information from other breaches, such as last four digits of social security number, corporate ID number and other demographic details. The scammers claim that their phone is broken, so they cannot login and receive MFA. They convince the IT help desk to enroll a new device.  Once the threat actors gain access to the employees’ email account, they send instructions to payment processors to divert payments to the attackers U.S. bank account which is then transferred to overseas accounts. It has been observed that during this business email compromise attack, threat actors register a domain with a single letter variation of the target’s organization and impersonate the organization’s CFO or someone of authority in the finance department.  The spear-phishing technique may also involve AI voice cloning for impersonation to make the request look more legitimate. To mitigate against Tactics, Techniques and Procedures used in unauthorized access to privileged accounts in Microsoft cloud environment, it is recommended to use Microsoft Authenticator with number matching instead of SMS verification for MFA, require users to authenticate from a trusted network location and block external access to Microsoft Azure and Microsoft 365 administration features by allowing access only if users are authenticated from a trusted network location and their device is in compliance. In addition, monitor for suspicious ACH changes and train employees on social engineering techniques.   #cybersecurity #cyberbyte #cyber #veteranowned #veteran #smallbusiness

Another month, another data breach...are we ready to learn from it? Last week, the French telecom giant Free suffered a major data breach, compromising information for over 19 million clients. The data, now being sold in an online auction, includes: names ; addresses ; phone numbers ; emails along with more than 5 million IBANs 😬 What it means : 80% of the company’s clients are now risking phishing attempts or identity fraud. While Free did not disclose the cause of the leak, we know that 83% of breaches come from internal access—often through IT, developers, and partners—not hackers from the outside. Every new user with data access is a potential risk. This attack could have been avoided with better data security practices. For instance, by using synthetic data: as it is artificial and realistic, it can be shared without the risks associated with sensitive data. Thanks to synthetic data, companies can continue to collaborate securely with their teams and partners without exposing their customers' or users' actual data. With synthetic data, Free’s clients might still be safe today. Isn’t it time to rethink our approach to data security? 🤔 #databreach #free #dataleak #cybersecurity

🚨 Breaking News: Chinese Hackers Elevate Cyber Warfare with Deepfake Technology! 🕵️♂️🌐 In a startling revelation, cybersecurity experts have uncovered a new and sophisticated wave of cyber attacks orchestrated by Chinese hackers, marking a significant escalation in the world of cyber warfare. According to a recent report on The Hacker News, these cyber adversaries are now leveraging cutting-edge deepfake technology to infiltrate networks and sow chaos. 🌐 The Deepfake Revolution Unleashed: The hackers have shifted their tactics to employ deepfake technology, allowing them to create highly convincing and deceptive content. By manipulating audio and video, they can fabricate realistic scenarios and impersonate legitimate entities, making it even more challenging to discern between reality and manipulation. 🤖 Mimicking Legitimate Entities: Unlike conventional phishing techniques, these deepfake-powered attacks go beyond typical email scams. Hackers are now capable of imitating high-profile figures, corporate executives, or even government officials, deceiving unsuspecting individuals into divulging sensitive information or falling victim to malicious actions. 🛡️ The Implications for Cybersecurity: This new breed of attacks poses a grave threat to cybersecurity measures worldwide. Traditional defense mechanisms may struggle to detect these highly sophisticated deepfakes, necessitating an urgent need for enhanced cybersecurity protocols and innovative solutions to safeguard against such evolving threats. 🔍 Staying Vigilant and Informed: As users of digital platforms, it is crucial to remain vigilant and exercise caution when interacting with online content. Verifying the authenticity of communication and adopting multi-factor authentication are integral steps in fortifying defenses against these technologically advanced cyber threats. 🌍 Global Collaboration is Key: In the face of this escalating threat landscape, international collaboration among cybersecurity experts, governments, and organizations becomes paramount. Sharing intelligence and adopting a united front against cyber threats will be essential to mitigate the impact of these deepfake-driven attacks. 🛑 Conclusion: The emergence of deepfake technology in the hands of cyber adversaries demands a collective and proactive response from the global community. By staying informed, implementing robust cybersecurity measures, and fostering collaboration, we can collectively build a resilient defense against this new frontier of cyber threats. https://lnkd.in/gGmJwKts #CyberSecurity #DeepfakeThreat #TechNews #StayInformed 🌐🔒

AU10TIX, a company providing identity verification services to major firms such as TikTok, Uber, and X, faced a significant security lapse by exposing administrative credentials online for over a year. This vulnerability potentially allowed hackers to access sensitive user data processed by AU10TIX, which includes photos of faces and driver’s licenses used for identity verification. AU10TIX collaborates with various prominent companies, where users are required to submit selfies and government-issued IDs to verify their accounts. The data collected during this process is stored for up to 30 days. The security breach is particularly concerning because the credentials of an AU10TIX employee were stolen by malware in September 2022 and subsequently shared on a Telegram channel in March 2023. These credentials provided access to a logging platform that contained extensive user data, such as names, birth dates, nationalities, ID numbers, and types of documents uploaded. Moreover, there were links to images of these documents, meaning a hacker could view numerous driver’s licenses. Following an investigation, AU10TIX stated that the compromised credentials were no longer usable to access user data and announced plans to decommission the affected system, replace it with a new one, and enhance their security measures.

👇 🚨#ITSupport #Consumer & #Security Alert 🚨 https://lnkd.in/g6hzZKz5 AutoCanada says ransomware attack "may" impact employee data #AutoCanada warns of potential employee data exposure following a cyberattack by the Hunters International #ransomware gang in August. The firm is proactively notifying affected individuals of potential #risks, despite detecting no fraud campaigns. Operational disruptions occurred as specific internal #IT systems were taken offline to contain the attack, affecting some customer service operations at its 66 dealerships. While no further updates were provided, Hunters International claimed responsibility for the attack on September 17, disclosing terabytes of allegedly stolen #data including #databases, NAS storage images, executives' information, #financial documents, and #HR data. It's imperative for users to stay informed and cautious about their online activities to ensure their #digital privacy and security. #bankingindustry #cyber #endpointsecurity #iotsecurity #IoT #Canada #UK #SouthAmerica #cyberawareness #technology #datasecurity #cloud #google #microsoft #windowssecurity #vulnerability #securityawareness #riskmanagement #infrastructure #globalsecurity #threatintelligence #EU #socialmedia #news #defensivemeasures #knowledgebase #linkedin #networksecurity #vulnerability #internetofthings #smartphones #UnitedKingdom #mobilephones #AsiaPacific #EuropeanUnion #DataSecurity #privacy #NewZealand #Cybersecurity #DataProtection #DataPrivacy #PersonalData #BusinessTravel #Website

#PESBootstrap2024 Cybercrime refers to criminal activities committed using computers and the internet. With the increasing reliance on digital technology, the landscape of crime has drastically evolved. Cybercriminals exploit vulnerabilities in computer systems, networks, and software to steal sensitive information, disrupt operations, and cause financial loss Types of Cybercrimes Phishing: Deceiving users into revealing personal information through fraudulent emails or websites. Identity Theft: Stealing personal information to impersonate someone and commit financial fraud. Cyberbullying: Harassing or threatening others online. Malware Attacks: Spreading malicious software to damage systems, steal data, or hold it for ransom (ransomware). Data Breach: Unauthorized access to sensitive information. Online Fraud: Scams involving fake online stores, auction sites, or investment opportunities. Cyber Espionage: Unauthorized access to government or corporate networks for intelligence gathering. Impact of Cybercrime Financial loss for individuals and businesses Damage to reputation Disruption of critical services Theft of intellectual property Loss of privacy Prevention and Mitigation Strong passwords and multi-factor authentication Keeping software and operating systems updated Being cautious of suspicious emails and links Backing up important data regularly Using antivirus and firewall protection Educating users about cyber threats #cybercrime #cybersafety

Here are some of the common types of data breaches: 1. Accidental Disclosure: This occurs when sensitive personal data is unintentionally exposed or sent to the wrong recipients, such as email blunders, misconfigured systems/databases, or improper data handling procedures. This can lead to unauthorized access and potential misuse of the exposed data. 2. Lost or Stolen Devices: The loss or theft of laptops, mobile devices, external hard drives, or other storage media containing unencrypted sensitive personal data can result in a serious data breach if the device falls into the wrong hands. 3. Social Engineering & Identity Theft: Cybercriminals may use tactics like phishing, pretexting, or baiting to trick individuals into revealing login credentials or personal information. This stolen data can then be used for identity theft, financial fraud, or gaining unauthorized access to systems/accounts. 4. Ransomware: Ransomware is a type of malware that encrypts an individual's or organization's data, holding it hostage until a ransom payment is made. If the ransom is not paid, the data may be permanently lost or sold/leaked on the dark web, resulting in a major data breach. Preventing these breaches requires measures like data encryption, strict access controls, employee cybersecurity training (especially on identifying social engineering tactics), device management policies, regular backups, and having an incident response plan for ransomware attacks. Monitoring for potential vulnerabilities and data loss prevention tools can also help mitigate these risks. #CarolineGichina #dataprivacy #dataprotection #gdpr #gdprcompliance #datasecurity #privacy

Navigating Cybersecurity Risks for Law Firms and Legal Tech Companies: What to Watch for in 2024-2025   As we approach the end of 2024, it's crucial for law firms and legal tech companies to be aware of emerging cybersecurity threats that could jeopardise sensitive information and client trust. Here are some key risks to monitor: Multi-Factor Faking: Cybercriminals are spoofing MFA pages, tricking users into providing access codes. QR Code Phishing: Instead of traditional phishing emails, attackers are sending QR codes that redirect to malicious sites without users being able to verify the link. Advanced Ransomware: With more businesses succumbing to ransom demands, these attacks are becoming increasingly sophisticated. Supply Chain Vulnerabilities: Attackers can inject malicious code into websites, potentially compromising client data. AI System Attacks: As firms leverage machine learning for defense, criminals are devising strategies to exploit these systems. DNS Spoofing: Cybercriminals can misdirect users to fraudulent sites, risking data theft. Deepfakes: CEO fraud is evolving, with criminals using faked audio and video recordings to manipulate employees into making unauthorised payments. Smartphone Surveillance: Malware can track smartphone activity, compromising user privacy. As we consider these threats I would recommend proactive measures and robust cybersecurity strategies are more critical than ever. Is your firm prepared to tackle these challenges? Contact me to discuss finding the right candidate to strengthen your cybersecurity. Click on the link below or email david.harrold@identifiglobal.com https://lnkd.in/eabebvKt #Cybersecurity #LawTech #LegalRecruitment #DataProtection #CyberAwareness #LegalIndustry #RiskManagement