Eliana Willis

Compromised passwords are a fast track to all sorts of online headaches. But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.And it’ll take you less than five minutes.Here’s how.Tap on Settings and go to Passwords. There, if you have compromised or reused passwords, you’ll see an entry called Security Recommendations. Security Recommendations in IOS 15Tap on that to see the accounts that have problems with the passwords, and you’ll get the chance to either change the password on the website or service, or delete the entry (only do this if you’ve already changed the password, ot it’s an old, obsolete account for a service you’ve deactivated).It’s quick.

It’s simple.For most people, they’re done in less than five minutes.But it can save you a whole heap of headaches.Note: The same trick will work for the iPad. On the Mac, fire up Safari, click on Safari in the menu bar and click Preferences… then go to Passwords, and if there are any security recommendations, you will see a notice at the bottom of the window.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More More

Twitch has come out with a new statement denying the severity of the breach that drew headlines earlier this month. The gaming platform reiterated that the incident was caused by a “server configuration change that allowed improper access by an unauthorized third party.”They claimed Twitch passwords were not exposed in the breach and said they are “confident” that the systems storing Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH/bank information. “The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” the company said. An unknown hacker leaked the entirety of Twitch’s source code among a 128 GB trove of data released on October 6.The data included creator payouts going back to 2019, proprietary SDKs and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools.While much of the press attention initially focused on the eye-popping revenues brought in by certain Twitch streamers, concern over the privacy and security of all Twitch streamers began to grow in the days following the attack. 

Experts warned that all Twitch streamers needed to take immediate actions to protect their bank accounts and themselves from a potential wave of attacks by opportunistic cybercriminals. Twitch eventually announced that it was resetting all stream keys, directing streamers to this website for new stream keys.The unknown hacker behind the attack claimed it was because of the platform’s lackluster response to complaints about racism, homophobia and abuse directed toward minority gamers in what are called “hate raids.”The hacker said Twitch’s community is “a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories.”The original note said the initial release was only the first section of the stolen data. More

More than $5 billion in bitcoin transactions has been tied to the top ten ransomware variants, according to a report released by the US Treasury on Friday. The department’s Financial Crimes Enforcement Network (FinCen) and Office of Foreign Assets Control (OFAC) released two reports illustrating just how lucrative cybercrime related to ransomware has become for the gangs behind them. Parts of the report are based on suspicious activity reports (SAR) financial services firms filed to the US government.FinCen said the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020.”FinCEN analysis of ransomware-related SARs filed during the first half of 2021 indicates that ransomware is an increasing threat to the US financial sector, businesses and the public. The number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021, up 30 percent from the total of 487 SARs filed for the entire 2020 calendar year,” the report said. Through analyzing 177 unique convertible virtual currency wallet addresses used for ransomware-related payments associated with the 10 most commonly-reported ransomware variants in SARs during the review period, the Treasury Department found about $5.2 billion in outgoing bitcoin transactions potentially tied to ransomware payments.”According to data generated from ransomware-related SARs, the mean average total monthly suspicious amount of ransomware transactions was $66.4 million and the median average was $45 million. FinCEN identified bitcoin as the most common ransomware-related payment method in reported transactions,” the report adds.FinCen noted that the US dollar figures are based on the value of bitcoin at the time of the transaction and added that the data set “consisted of 2,184 SARs reflecting $1.56 billion in suspicious activity filed between 1 January 2011 and 30 June 2021.”
FinCen

While the report does not say which ransomware variants made more than others, it does list the most commonly reported variants, which were REvil/Sodinokibi, Conti, DarkSide, Avaddon and Phobos. FinCen said it found a total of 68 different ransomware variants. Ransomware expert and Recorded Future computer emergency response team member Allan Liska told ZDNet that Phobos being in the top five is surprising. “Phobos tends to fall under the radar and doesn’t get a lot of attention, clearly more focus needs to be placed on it so organizations can better defend themselves against it,” Liska said.He added that it was interesting to see that FinCen has been tracking ransomware transactions since 2011, meaning they have a lot more experience tracking cryptocurrency transactions than ransomware groups realize.”I think we all suspected that ransomware attacks were on the rise this year, it is nice to see this confirmed,” he said. “Finally, in just the first 6 months of the year FinCEN identified 68 ransomware variants posted in SAR. Again, I don’t think most people realize just how diverse the ransomware ecosystem is.”The reports comes one day after the US officials and governments from more than 30 countries finished a two-day summit focused on ransomware and how it can be stopped. The countries pledged further cooperation and specifically mentioned the need to hold cryptocurrency platforms accountable. Coinciding with the release of the report, FinCen released further guidance effectively threatening the virtual currency industry with penalties if they allow sanctioned people or entities to continue to use their platforms.”OFAC sanctions compliance requirements apply to the virtual currency industry in the same manner as they do to traditional financial institutions, and there are civil and criminal penalties for failing to comply,” FinCen said on Friday. The FinCen report also noted that ransomware groups are increasingly using cryptocurrencies like Monero that are popular among those seeking anonymity and have avoided using wallets more than once.Mixing services are also widely used across the ransomware industry as a way to disrupt tracking experts and decentralized exchanges are being used to convert ransomware payments into other cryptocurrencies. The report also mentions “chain hopping,” a practice ransomware actors use to change one coin into another at least once before moving the funds to another service or platform. “This practice allows threat actors to convert illicit BTC proceeds into an AEC like XMR at CVC exchanges or services. Threat actors can then transfer the converted funds to large CVC services and MSBs with lax compliance programs,” FinCen said.  More

One of Brazil’s largest insurance groups, Porto Seguro has reported it suffered a cyberattack that resulted in instability to its service channels and some of its systems.The company reported the incident to the Securities and Exchange Commission (CVM) on Thursday (14), saying that it “promptly activated all security protocols” and that it has been gradually restoring its operating environment and working towards resuming normal business as soon as possible.Porto Seguro did not disclose any further details in relation to the type of attack it has suffered, but noted that so far, no data leakage had been identified in relation to the company, or its subsidiaries, customers or partners, including any personal data. Third largest insurance company in Brazil, Porto Seguro leads the car and residential insurance segments in Brazil and has around 10 million clients across its various business lines including credit provision. The company is headquartered in São Paulo, with subsidiaries in Brazil and Uruguay employing more than 13,000 staff.

The company is the latest of a list of major Brazilian organizations suffering major security incidents over recent weeks. Earlier this month, CVC, one of the country’s largest travel operators, was hit by a ransomware attack that brought its operations to a standstill. Since the attack, reported to CVM on October 2, the company has a banner on its website stating that it has been hit by a cyberattack and that it is “working diligently to mitigate the impact of the incident and ensure business continuity.” At the time of writing, the CVC’s investor relations page, where updates on the incident would have been published, was unavailable. Prior to CVC and Porto Seguro, other major companies in Brazil that were targeted by cybercriminals included retail chain Renner, victim of a ransomware attack that compromised its e-commerce platform for three days in August.

Security teams are in place in less than a third of Brazilian organizations, even though most businesses frequently suffer cyberattacks, according to research published by Datafolha Institute on behalf of Mastercard and published in June. Financial services, insurance, and technology and telecommunications are among the most prepared in terms of cybersecurity readiness, the study has found. Conversely, the education and healthcare sectors are the most vulnerable. According to a separate study, also carried out by Datafolha Institute and published in July, the fear of cyber attacks is high among Brazilian users. The research aimed at measuring the level of concern regarding the security of consumers within data and information exchange environments, and it found that only 13% of those polled consider their data to be very secure, while 21% consider their data to be insecure.In September, the banking sector started discussions with the Ministry of Justice around the creation of a strategy to address crime in digital environments. Goals under the strategy would include the expansion of the set-up around identifying and repressing actors responsible for cybercrimes, as well as the promotion of permanent cooperation between the public and private sectors on the matter and public awareness campaigns on cyber risks and fraud. More

The “abysmal” state of security for industrial control systems (ICSs) is putting critical services at serious risk, new research finds. 

You only need to look at the chaos caused by a ransomware attack launched against Colonial Pipeline this year — leading to panic buying and fuel shortages across part of the US — to see what real-world disruption cyber incidents can trigger, and their consequences can go far beyond the damage one company has to repair.   It was only last month that the Port of Houston fended off a cyberattack and there is no reason to believe cyberattacks on operational technology (OT) won’t continue — or, perhaps, become more common.  On Friday, CloudSEK published a new report exploring ICSs and their security posture in light of recent cyberattacks against industrial, utility, and manufacturing targets. The research focuses on ICSs available through the internet.”While nation-state actors have an abundance of tools, time, and resources, other threat actors primarily rely on the internet to select targets and identify their vulnerabilities,” the team notes. “While most ICSs have some level of cybersecurity measures in place, human error is one of the leading reasons due to which threat actors are still able to compromise them time and again.” Some of the most common issues allowing initial access cited in the report include weak or default credentials, outdated or unpatched software vulnerable to bug exploitation, credential leaks caused by third parties, shadow IT, and the leak of source code.  After conducting web scans for vulnerable ICSs, the team says that “hundreds” of vulnerable endpoints were found. 

CloudSEK highlighted four cases that the company says represents the current issues surrounding industrial and critical service cybersecurity today: An Indian water supply management company: Software accessible with default manufacturer credentials allowed the team to access the water supply management platform. Attackers could have tampered with water supply calibration, stop water treatments, and manipulate the chemical composition of water supplies. 
CloudSEK
The Indian government: Sets of mail server credentials belonging to the Indian government were found on GitHub.  A gas transport company: This critical service provider’s web server, responsible for managing and monitoring gas transport trucks, was vulnerable to an SQL injection attack and administrator credentials were available in plaintext.  Central view: The team also found hardcoded credentials belonging to the Indian government on a web server supporting monitors for CCTV footage across different services and states in the country.  The US Cybersecurity and Infrastructure Security Agency (CISA) was informed of CloudSEK’s findings, as well as associated international agencies.  “Owing to an increase in remote work and online businesses, most cybersecurity efforts have been focused on IT security,” says Sparsh Kulshrestha, Senior Security Analyst at CloudSEK. “However, the recent OT attacks have been a timely reminder of why traditional industries and critical infrastructure need renewed attention, given that they form the bedrock of our societies and our economies.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More