The Fed shares insight on how to combat synthetic identity fraud

The Federal Reserve looks at ways to counter what is thought to be the fastest-growing type of financial crime in the country The United States’ Federal Reserve has published advice for financial institutions located in the US on how to mitigate risks of synthetic identity payments fraud. Citing an analysis by the Auriemma Group, the Fed noted that synthetic identity fraud cost US lenders around US$6 billion and was responsible for 20% of credit losses in 2016. Scammers usually create synthetic identities by piecing together bits and pieces of real and fake information, which includes Personally Identifiable Information (PII), such as names, Social Security Numbers (SSN), and addresses. They frequently target individuals, [...]

Hundreds arrested after police crack encrypted chat network

European police infiltrate EncroChat, go on to crack down on crime kingpins and seize guns, drugs, cars and millions in cash Law enforcement agencies in Europe recently cracked an instant messaging system used by organized crime before the ensuing police operation ultimately led to the arrests of more than 800 suspected criminals, mostly in the United Kingdom. The service, dubbed EncroChat, was used by 60,000 people worldwide to manage their criminal enterprises. EncroChat’s operating system operated on specially customized Android phones that could switch between both systems. The encrypted communication platform included features such as VoIP calls and self-destructing messages that would delete themselves from the user’s device after a certain time [...]

Thousands of MongoDB databases ransacked, held for ransom

The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators An unknown cybercriminal has infiltrated 22,900 unsecured MongoDB databases, wiping their contents and leaving behind a ransom note demanding bitcoin in return for the data. If the ransom isn’t paid within two days, they threatened to notify authorities in charge of enforcing the European Union’s General Data Protection Regulation (GDPR). According to ZDNet, which broke the story, the hacker is using automated scripts to scour the internet for MongoDB installations that face the internet with no password protection, deleting their contents, and asking for 0.015 bitcoins (some US$140) to return the data. The cybercriminal [...]

Microsoft releases emergency update to fix two serious Windows flaws

The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical Microsoft on Tuesday released emergency security patches to plug a pair of serious vulnerabilities in its Windows Codecs library that impact several Windows 10 and Windows Server versions. Indexed as CVE-2020-1425 and CVE-2020-1457, the two remote-code execution (RCE) flaws are rated as ‘critical’ and ‘important’ in severity, respectively. Both security loopholes have to do with how Microsoft Windows Codecs Library handles objects in memory. An attacker who can exploit CVE-2020-1425 “could obtain information to further compromise the user’s system”, said Microsoft. Successful exploitation of the second flaw, meanwhile, could enable attackers to execute [...]

COVID‑19 contact tracing – technology panacea or privacy nightmare?

Can a technological intervention stem the pandemic while avoiding the privacy pitfalls of location tracking? The UK Government recently announced that it was ceasing development of its current contact-tracing app; on the same day, the Canadian Government stated that it was developing one. All this in the same week that the Norwegian health authority had to delete all data gathered via its contact-tracing app and suspended further use due to a ruling by the Norwegian Data Protection Authority. And if these examples are not enough to demonstrate the utter confusion, the Australian app is reported to have a bug that stops iPhones from reporting possible close contacts. It’s clear that there is [...]

Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game

Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too The COVID-19 pandemic has radically changed the nature of everyday work, forcing employees to do large parts of their jobs via remote access. Cybercriminals – especially ransomware operators – are aware of the shift and attempt to exploit the new opportunities and increase their illicit earnings. ESET telemetry confirms this trend in an uptick in the number of unique clients who reported brute-force attack attempts blocked via ESET’s network attack detection technology. Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus [...]