28.000 printers hacked for security awareness

28.000 printers gehackt voor beveiligingsbewustzijn

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. How to secure a printer?

  1. Limit or disable network printing;
  2. Secure your printing ports;
  3. Use a firewall;
  4. Update your printer firmware to the latest version;
  5. Change the default password to a strong passphrase.

Read more about this: https://cybernews.com/security/we-hacked-28000-unsecured-printers-to-raise-awareness-of-printer-security-issues/

Data breach approximately costs €125 per leaked data record

According to researchers at the American Ponemon Institute, cyber attacks are the leading cause of data leaks, followed by technical defects, configuration errors in the cloud and human error.

The “Cost of a Data Breach Report 2020” study conducted by IBM among 3,200 people from 524 organizations shows that the average cost per leaked or stolen data record has increased.

According to the study, the average cost per lost or stolen data record was $ 146 (approx. $ 123). With malicious attacks the costs are even slightly higher, around $ 175 per leaked data record, according to Darkreading.

The study covered 17 different sectors. The costs of data breaches are the highest in the healthcare sector. In the healthcare sector, a major data breach can easily cost about 7 million dollars (6 million euros). The high costs are caused by, among other things, customers who no longer have confidence, system downtime, lost sales, legal costs and fines.

On average, it takes 329 days before the leakage of data is detected by organizations.

Want to read more about this: https://www.darkreading.com/vulnerabilities—threats/advanced-threats/average-cost-of-a-data-breach-in-2020-$386m/a/d-id/1338660

Ransomware gang with $42 million laundered caught by Ukraine

Details of the Ukraine Cyber Police in collaboration with cryptocurrency exchange Binance show insight into how the group operated. As per reports, they also offered money laundering services of cryptocurrencies through underground forums which are a hotspot for criminals. This led to a source of money from various illegal activities including but not limited to:

  • Spreading malware;
  • Money received by hacking international firms;
  • Stealing money from foreign individual & company bank accounts.

All of these crimes could lead to a penalty time of up to 8 years in prison if convicted.

Read more about this at:
https://www.hackread.com/ransomware-gang-laundering-caught-by-ukraine/

If you want to know more about protection against malware, please visit:
https://antivirusservice.eu/

Former Uber CISO charged for concealing hack

Former Uber CISO charged for concealing hack

Yesterday Uber’s former security chief Joe Sullivan was charged with attempting to conceal a hack from federal investigators. This hack exposed the email addresses and phone numbers of 57 million drivers and passengers.

As a result the former CISO could face up to eight years in prison for not promptly disclosing to the employee and consumer victims in that hack, which indicates bad corporate behaviour.

Read more about this at: https://www.nytimes.com/2020/08/20/technology/joe-sullivan-uber-charged-hack.html

How to improve cyber security within your organisation?

NCSC published the following Small Business Guide for Cyber Security with the following steps for which ID Control gives some free trials of cloud security services:


1. Backing up your data;
2. Protecting your organization from malware (f.e. https://antivirusservice.eu/ );
3. Keep your mobile devices safe (f.e. https://antivirusservice.eu/ );
4. Using password to keep your data safe (f.e. https://idcontrol.pw);
5. Avoid phishing attacks.


If you want to learn more how to manage these steps and improve cyber security, you can checkout the guide below and use the example trial cloud security services or call ID Control at +31 888 SECURE (732873)!
Guide: https://www.ncsc.gov.uk/collection/small-business-guide

Privacy activist files complaint against 101 European websites

One month after the cancellation of the data treaty “Privacy Shield” between the EU and the US, privacy activist Max Schrems is taking websites to court that still send data to the US.
There are also 8 Belgian and Dutch ones being sued: PostNL, Takeaway, Marktplaats and Lieferando. A month after that ruling, the Schrems organization has now taken stock of the situation, and has seen that 101 websites still use services such as Google Analytics and Facebook Connect, which now unlawfully send data to the US. “We performed a quick search of major websites in each EU country to see if they contain any code from Facebook and Google. These snippets of code send data about each visitor to Google or Facebook. Both companies admit that they have data on Europeans. pass it on to the US for processing, where they are legally required to make that data available to US agencies such as the NSA. Neither Google Analytics nor Facebook Connect are essential to keep the web pages up and running.

Read more at: https://noyb.eu/en/eu-us-transfers-complaint-overview

EU-US Privacy Shield declared invalid, what are the consequences?

What happens to data offered through a US cloud software vendor now that the EU-US Privacy Shield has been invalidated? Because the Foreign Intelligence Surveillance Act (FISA) is about electronic communication service providers, this ruling has an effect on a lot of cloud software within your organization. The main problem with US regulations is that US intelligence agencies have access to all personal data of non-Americans processed by a US electronic communications provider, even if stored in Europea. Electronic communication providers are, for example, the email services, cloud storage, and Internet Service Providers (ISPs) that your organization (or the processors your organization works with) use. Making the seperate agreements for this is often grey area.

Ask yourself the following questions:
1. In which countries does the supplier have data centres?
2. Who has physical access to these data centres?
3. Have any agreements been made with the supplier or are they to be made?

Spy on satellite broadband traffic using $300?

Spy on satellite broadband traffic using $300?

Transmitted information via satellite broadband connections – something that’s useful in areas where fixed internet connections might be slow or non-existent – could get their traffic sniffed, potentially putting usernames and passwords into the hands of attackers, as well as the ability to track sensitive but often not encrypted information about individuals or corporations.

You can read more about this here: https://www.zdnet.com/article/how-hackers-could-spy-on-satellite-internet-traffic-with-just-300-of-home-tv-equipment/

FBI: how to recognize malicious web stores?

Ecommerce

The FBI has provided Internet users with tips for recognizing malicious web stores. According to the U.S. Service, there is an increase in the number of victims being tracked down through fake online stores. The US regulator FTC also reports an increase in the number of shoppers who do not receive ordered goods. These include masks.

Tips to recognize these malicious web stores are:

  • check the top level domain;
  • check the public whois data of the domain owner and whether the contact details are correct and how long the domain exists;
  • if the price or discount is too good to be true then it probably is;
  • check their email address, private email addresses are suspicious;
  • don’t blindly trust advertised websites on social media;
  • check the reviews and complaints of the sites.

Read more about this at: https://www.ic3.gov/media/2020/200803.aspx