BU-CERT – Page 4 – Bournemouth University Computer Emergency Response Team

How MFA Failures are Fueling a 500% Surge in Ransomware Losses

Posted on 2 July 2024

From thehackernews.com

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual “State of Ransomware 2024” report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from $400,000 in 2023. Separately, RISK & INSURANCE, a leading media source for the insurance industry reported recently that in 2023 the median ransom demand soared to $20 million in 2023 from $1.4 million in 2022, and payment skyrocketed to $6.5 million in 2023 from $335,000 in 2022, much more than 500%.

CapraRAT Mimics As Popular Android Apps Attacking Android Users

Posted on 2 July 2024

From gbhackers.com

Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel.

The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized Android apps posing as YouTube, mostly in dating scenarios.

Cybersecurity researchers at SentinelLabs recently discovered that the CapraRAT has been mimicking popular Android apps by attacking Android users.

These latest actions imply complex but relatively increased spyware conformity with older and modern versions of Android, revealing the group’s adaptability and continuous drive to widen its attack surface against Indian targets.

From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst

Posted on 2 July 2024

From securityweek.com

Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. In this piece, I’d like to take the opposite approach. I’d like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers (SOCs) and apply them to life. My reason for this is simple. I believe that as security professionals, the healthier and happier we are, the better able we are to protect our respective organizations.

In particular, I’d like to focus on the strong data-driven approach adopted by the teams I was fortunate enough to be a part of. I think that the timing is particularly good. Why? Unfortunately, it seems that we as a society are slowly losing our respect for truth and facts, and at the same time, we seem to be becoming aware of an epidemic of narcissism that is well underway. That lies and opinions are so readily accepted as truth is extremely dangerous. More troubling still are the behaviors and actions that are justified based upon them.

US Supreme Court Sidesteps Decision On Social Media Laws

Posted on 2 July 2024

From silicon.co.uk

US Supreme Court throws out lower court decisions on Florida, Texas laws imposing social media regulation, demands more research

The US Supreme Court has thrown out two separate decisions by lower courts involving social media censorship laws in Florida and Texas and told the lower courts to conduct further analysis.

In the decision on Monday, the last day of the top court’s session that began in October, judges said lower courts had not adequately addressed the First Amendment speech implications of the 2021 laws.

Passwordless Authentication

Posted on 2 July 2024

From cpl.thalesgroup.com

What is passwordless authentication?

Passwordless authentication offers users a way to verify themselves while not having to remember or manually type passwords. This provides stronger security and fewer breaches.

How does passwordless authentication work?

Passwordless Authentication and SSO (Single Sign On) Solutions with SafeNet Trusted Access and Authentication as a Service:

Quickly remove passwords from authentication and SSO flows via easy-to-use conditional access policies
Using a combination of Push OTP and Biometric PIN or Push OTP and PIN
- Support Windows 10, iOS & Android platforms with SafeNet MobilePASS+
- Use Biometric verification with facial recognition or fingerprint authentication to access a token on an iOS, Android or Windows 10 device
Support FIDO2 standard with FIDO2 certified devices on any SSO platform
Address digital signature and email encryption, physical access use cases with Certificate based PKI authenticators, USB or Smart Cards
Support Voice authentication where a 3rd Party SMS provider translates SMS OTP to voice audio

TeamViewer: Hackers copied employee directory and encrypted passwords

Posted on 2 July 2024

From therecord.media

Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government.

In an update on Sunday evening, TeamViwer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company’s internal IT environment.

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

Posted on 2 July 2024

From thehackernews.com

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

The unnamed 42-year-old “allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them,” the Australian Federal Police (AFP) said in a press release last week.

The agency said the suspect was charged in May 2024 after it launched an investigation a month earlier following a report from an airline about a suspicious Wi-Fi network identified by its employees during a domestic flight.