GDPR is coming into play in May 2018, but a lot of companies remain unprepared, which could have implications on how they process data.
We’re all familiar with the massive data leaks that Yahoo suffered last year. But until recently, we had very little in the way of clues as to who was behind the attacks which started at the beginning of 2014. As more evidence comes to light, it’s becoming increasingly apparent that this is not your run-of-the-mill cybercrime. According to a recent indictment by the US Department of Justice, the folks behind that attack appear to be agents of the Russian Federal Security Service.
The theft of 500 million Yahoo accounts three years ago was allegedly used as a way for the Russian government to access information on a series of targets ranging from the White House itself to cloud computing companies. Military officials, executives of financial companies, and even an airline company were also among the targeted.
In the name of espionage, this attack gave hackers the means of stealing data such as names, email addresses, and credentials. According to information provided by Yahoo in their announcement of the breach, the culprits would not have been able to access data of a more confidential nature, such as sensitive financial information.
In a somewhat ironic turn of events, the information provided by the Justice Department indictment appears to indicate that the stolen data was also used to spy on Russian government officials.
While this would not be the first time that Russian cybercriminals have been accused of data theft, it is in fact the first time that charges have been filed against officials operating in the shadow of Vladimir Putin. Although the agency is supposed to help agencies of other countries track down Russian cybercriminals, in this case two of its own operatives allegedly collaborated to conceal the robbery from their superiors.
“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said acting assistant US Attorney General Mary B. McCord.
Although the Russian administration has not given an official response to the US indictment, the country’s press has called into question the US Department of Justice’s movement.
In any case, and regardless of who is responsible for these or other breaches, massive data leaks at services such as Yahoo highlight the need to use secure credentials and a protection that is suited to the needs of your company to prevent the theft of confidential information, or even considerable sums of money, in the event of a cyberattack.
The post Who’s Behind the Yahoo Attack? It might be Russian Agents appeared first on Panda Security Mediacenter.
No less than $75,000 in cryptocurrency (Bitcoin or Ether), or $100,000 in iTunes gift cards — this is the exorbitant ransom that cybercriminals have demanded from Apple. The group, calling themselves the Turkish Crime Family, claims to have stolen access to 300 million iCloud accounts, and have threatened to wipe them on April 7 (tomorrow) if the corporation doesn’t pay up.
The cybercriminals sent a series of screen shots to Motherboard that apparently show the exchange of emails between the hacker group and Apple’s security team. They also provided access to one of the email accounts that they allegedly used to communicate with the company and lay down their conditions for the deal.
According to the messages on the account, the cybercriminals uploaded videos to YouTube to show how they were able to log in to several stolen iCloud accounts and even showed how they were able to access an elderly woman’s photos and remotely delete them.
Allegedly, an Apple employee had asked the criminals to take down the video that they’d uploaded to YouTube. The company also declared, “We do not reward cyber criminals for breaking the law”.
There are a few holes in the attackers’ story. In the initial correspondence, they claimed to have accessed 300 million accounts on Apple’s iCloud, but on the Turkish Crime Family twitter account the claim was a more modest 200 million. In a later correspondence, the number jumped up to 559 million.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard. It seems clear that one of the strategies of this group is to blackmail Apple by making their actions public, alarming as many Apple clients as possible.
However, a spokesperson for Apple has stated that “there have not been any breaches in any of Apple’s systems including iCloud and Apple ID.” The supposed list of email addresses and passwords may therefore have been obtained through a third-party service that had been previously compromised.
The spokesperson also stated that they are “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.” We’ll have to wait until tomorrow to see if there is a real threat, or if the hackers are simply bluffing.
In any event, the company has taken the opportunity to remind users to use robust passwords, that they don’t use the same credentials over various websites, and that they activate two-step authentication to add an extra layer of security.
The post Millions of iCloud Accounts Could Be Wiped if Apple Refuses Ransom appeared first on Panda Security Mediacenter.
In the digital world, it just takes one click to get the keys to the kingdom.
Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history?
It’s true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company’s internal networks.
You may be familiar with phishing
The 2014 Yahoo hack disclosed late last year that compromised over 500 million Yahoo user accounts was believed to be carried out by a state-sponsored hacking group.
Now, two Russian intelligence officers and two criminal hackers have been charged by the US government in connection with the 2014 Yahoo hack that compromised about 500 million Yahoo user accounts, the Department of Justice
A database of 1.4 billion email addresses combined with real names, IP addresses, and often physical address has been exposed in what appears to be one the largest data breach of this year.
What’s worrisome? There are high chances that you, or at least someone you know, is affected by this latest data breach.
<!– adsense –>
Security researcher Chris Vickery of MacKeeper and Steve Ragan of
The news of the week is recapped, including the fallout around CloudBleed, the CloudPets breach, and a Slack token bug. The life of Howard Schmidt is also remembered.
Yahoo’s Marissa Mayer has missed out on $2m from her annual bonus due to her management of security breaches affecting billions of users.
The post Yahoo CEO forgoes annual bonus, worth millions, over security breaches appeared first on WeLiveSecurity
Has Yahoo rebuilt your trust again?
If yes, then you need to think once again, as the company is warning its users of another hack.
Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.
Well, it’s happened yet again.
<!– adsense –>
Yahoo sent out another