Author: rescue@crimefire.in

While earning a master’s degree or another advanced degree can be a great way to make a career switch or earn a higher salary, these programs often require a significant investment of both time and money. For example, a master’s degree in cybersecurity from the University of California—Berkeley, which Fortune ranks as having the No. 1 program in the U.S., costs about $75,000 to complete.
However, these programs can help graduates achieve robust career outcomes. Some cybersecurity grads from UC Berkeley’s program manage to double their salaries post grad, to $200,000. Cybersecurity workers are also in high demand with more than 700,000 open positions in the U.S. alone. Worldwide, the number of unfilled cybersecurity jobs grew by 350%, from 1 million positions in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures.
“Today’s labor market is all about skills,” Jeff Kellum, senior content manager of tech content at LinkedIn Learning, tells Fortune. “With an estimated 3.5 million unfulfilled cybersecurity roles by 2025, the ability to learn and showcase in-demand skills is critical for anyone hoping to get their foot in the door in the space.”
One way to start on your journey to becoming a cybersecurity professional is to start with the basics. LinkedIn Learning offers a variety of courses focused on cybersecurity from a foundational level all the way to preparation for advanced certifications. 
“In the face of an uncertain macroeconomic climate, the ability to learn and showcase in-demand skills is critical to helping people get a foot in the door with a new company or finding a new role within their organization,” Hari Srinivasan, vice of product at LinkedIn, wrote in a late August blog post. “For many professions, certifications have emerged as key to this, with the number of people on LinkedIn who’ve added certifications to their profile increasing 44% over the last two years.”
Fortune has compiled a few cybersecurity courses to check out on LinkedIn Learning for people interested in learning more about the field. We’ve also included a list of the 19 learning paths and courses LinkedIn offers to prepare cybersecurity workers for the most in-demand certifications. LinkedIn Learning is available to LinkedIn users with a premium account, which can cost about $30 to $60 per month, depending on the package you purchase. 
This course helps learners understand the basics of cybersecurity including explainers on cyber threats, cyber criminals, managing cyber risk, and responding to cybersecurity incidents. Cybersecurity Foundations is taught by Malcom Shore, who served as director of New Zealand’s Government Communications Security Bureau (GCSB). The course takes roughly two hours total to complete, and includes instructional videos, chapter quizzes, and a final exam. 
This course is tailor-made for professionals looking to make a career switch to cybersecurity. Transitioning to a Career in Cybersecurity helps learners to leverage their current skills, whether it’s in IT or a related field, in cybersecurity. The course also includes resume tips, interview strategies, and resources for finding a job in cybersecurity. The course, which takes a little over an hour to complete, is taught by Marc Menninger, who’s worked in cybersecurity for more than 20 years.
LinkedIn also offers a complete learning path for professionals who are interested in pursuing a career in cybersecurity. The learning path, Become a Cybersecurity Professional, takes about six-and-a-half hours to complete, and includes five courses: Cybersecurity Foundations, The Cybersecurity Threat Landscape, Learning the OWASP Top 10, IT Security Careers and Certifications: First Steps, and Land Your First Cybersecurity Job. If you complete the entire learning path, you receive a certificate of completion for your work.
LinkedIn Learning also offers 19 prep courses for the top cybersecurity-related certifications. Among the top 15 highest-paying IT certifications in 2022, three of them were cybersecurity-related, according to Skillsoft, which offers online training and courses on tech subjects. These certifications also helped professionals land paychecks of $150,000-plus.
“Security has always been well-paying and it really comes down to scarcity—both in the number of professionals and in the required skills,” Mike Hendrickson, Skillsoft’s vice president of tech and development, previously told Fortune. “With today’s limited pool of security professionals, organizations need to make their offers quite attractive, both in compensation and opportunities for professional development. Skills expectations are also high for these professionals.”
Here’s a list of the cybersecurity certification prep courses that LinkedIn offers:
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

Last week, Australian telecommunications giant Optus revealed about 10 million customers – about 40% of the population – had personal data stolen in what it calls a cyber-attack.
Some experts say it may be the worst data breach in Australia's history.
But this week has seen more dramatic and messy developments – including ransom threats, tense public exchanges and scrutiny over whether this constituted a "hack" at all.
It's also ignited critical questions about how Australia handles data and privacy.
Optus – a subsidiary of Singapore Telecommunications Ltd – went public with the breach about 24 hours after it noticed suspicious activity on its network.
Australia's second-largest telecoms provider said current and former customers' data was stolen – including names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers. It stressed that payment details and account passwords were not compromised.
Those whose passport or licence numbers were taken – roughly 2.8 million people – are at a "quite significant" risk of identity theft and fraud, the government has since said.
Optus said it was investigating the breach and had notified police, financial institutions, and government regulators. The breach appears to have originated overseas, local media reported.
In an emotional apology, Optus chief executive Kelly Bayer Rosmarin called it a "sophisticated attack", saying the company has very strong cybersecurity.
"Obviously, I am angry that there are people out there that want to do this to our customers, and I'm disappointed that we couldn't have prevented it," she said on Friday.
Early on Saturday, an internet user published data samples on an online forum and demanded a ransom of $1m (A$1.5m; £938,000) in cryptocurrency from Optus.
The company had a week to pay or the other stolen data would be sold off in batches, the person said.
Investigators are yet to verify the user's claims, but some experts quickly said the sample data – which contained about 100 records – appeared legitimate.
Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data.
The user contradicted Optus's claims the breach was "sophisticated", saying they pulled the data from a freely accessible software interface.
"No authenticate needed… All open to internet for any one to use," they said in a message, according to Kirk.
In another escalation on Tuesday, the person claiming to be the hacker released 10,000 customer records and reiterated the ransom deadline.
But just hours later, the user apologised – saying it had been a "mistake" – and deleted the previously posted data sets.
"Too many eyes. We will not sale [sic] data to anyone," they posted. "Deepest apology to Optus for this. Hope all goes well from this."
That sparked speculation about whether Optus had paid the ransom – which the company denies – or whether the user had been spooked by the police investigation.
Adding to the problem, others on the forum had copied the now-deleted data sets, and continued to distribute them.
It also emerged some customers' Medicare details – government identification numbers that could provide access to medical records – had also been stolen, something Optus did not previously disclose.
Late on Wednesday, the company said this had affected almost 37,000 Medicare cards.
Optus has been inundated with messages from angry customers since last week.
People have been warned to watch out for signs of identity theft and for opportunistic scammers, who are said to be already cashing in on the confusion.
A class-action lawsuit could soon be filed against the company. "This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed," said Ben Zocco from Slater and Gordon Lawyers.
The government has called the breach "unprecedented" and blamed Optus, saying it "effectively left the window open" for sensitive data to be stolen.
In an ABC television interview on Monday, Cyber Security Minister Clare O'Neil was asked: "You certainly don't seem to be buying the line from Optus that this was a sophisticated attack?"
"Well, it wasn't. So no," Ms O'Neil replied. The moment drew lots of attention online.
What happened at Optus wasn't a sophisticated attack.

We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.#abc730 pic.twitter.com/KamkiapcZl
Ms Bayer Rosmarin told News Corp Australia on Tuesday: "We have multiple layers of protection. So it is not the case of having some sort of completely exposed APIs [software interfaces] sitting out there.
"I think most customers understand that we are not the villains," she said, adding Optus could not say more while the investigation was ongoing.
The company has faced calls to cover the costs of replacement passport and driving licences, as people scramble to protect themselves.
The breach highlights how much Australia lags behind other parts of the world on privacy and cyber issues, Ms O'Neil says.
"We are probably a decade behind… where we ought to be," she told the ABC.
Both sides of politics have traded blame on the issue. Opposition MPs have said the Labor government is "asleep at the wheel", but the government points out it was only elected in May after a decade of conservative rule.
Ms O'Neil pointed to two areas needing urgent reform.
She argues the government should be able to better penalise companies like Optus. In some countries, the company would have faced hundreds of millions of dollars in penalties but Australia's fine is capped at about $2m, she said.
She also wants to expand cyber-security laws that were introduced last year to include telecommunications companies.
"At the time, the telecommunications sector said: "Don't worry about us – we're really good at cybersecurity. We'll do it without being regulated. I would say that this incident really calls that assertion into question."
Security experts have also suggested reforming data retention laws so telecommunication companies don't have to keep sensitive information for so long. Ex-customers should also have the right to request companies delete their data, experts say.
Optus says it is required to keep identity data for six years under the current rules.
Other industry figures have argued consumers should be able to take companies that lose control of their information to court, instead of the industry regulator.
Could my BeReal get me sacked?
How your data is being scraped from social media
Don’t underestimate Russian cyber-threat, warns US
The three Russian cyber-attacks the West most fears
Bitter divisions over Ukraine dominate G20 talks
Lab leak divisions toxify Covid origins search
Professional hockey player died in Italy shipwreck
Lab leak divisions toxify Covid origins search
Where do Harry and Meghan get their money?
'Why did you torture me?'
How 10% of Nigerian registered voters delivered victory
Sake brewers toast big rise in global sales
The Indian-American CEO who wants to be US president
The problem confronting women of colour
Blackpink lead top stars back on the road in Asia
Why Covid lab-leak theory is so disputed
The iconic outfits that cause outrage
Why Gen Z are feeling stressed at work
NZ's battle with a ruthless predator
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.

source

HONOLULU (HawaiiNewsNow) – This week on “Muthaship,” we’re talking with a man who was once America’s most wanted cyber criminal.
Brett Johnson was caught, spent time in jail and is now working to protect large corporations and everyday people from being a victim of cyber crime.
He breaks down the most common scams and simple steps to protect your personal and financial information.
Remember to subscribe to the “Muthaship” podcast on any of the following platforms:
For more episodes with Steph, Noli and Brooke, click here to visit the ‘Muthaship’ archives.
Copyright 2021 Hawaii News Now. All rights reserved.

source

ACCUSED CHEATED HUNDREDS OF UN-EMPLOYED YOUTHS IN THE NAME OF PROVIDING A LUCRATIVE CAREER IN INDIAN AIR FORCE DUPED  CRORES OF RUPEES., ACCUSED WAS POSING HIMSELF AS FLIGHT LIEUTENANT IN INDIAN AIR FORCE AND DRESS WITH RANK, BADGE AND AN AIR PISTOL WITH COMPLETE HOLSTER AND 05 CARTRIDGES RECOVERED FROM HIM., SO FAR, HIS 03 INVOLVEMENTS HAVE BEEN NOTICED IN OFFENCES OF SIMILAR MODUS OPERANDI. IN ONE OF THE CASE OF UP NBW ARE ISSUED AGAINST HIS NAME.,A JOINT INTERROGATION WITH AIR FORCE INTELLIGENCE HAS BEEN CARRIED OUT AND AN ENQUIRY IS IN PROGRESS IN THIS REGARD AT THEIR END.  THE IMPOSTER WAS CONDUCTING MEETINGS AT VARIOUS PLACES IN THE GARB OF HIS NGO AND PEOPLE GOT INFLUENCED BY HIS UNIFORM AND FELL PREY OF HIS SCAM WHICH PORTRAYED A GLOSSY PICTURE OF CAREER IN INDIAN AIR FORCE. 

  Face2News/New Delhi
A grievance was reported on Cyber Crime Reporting Portal vide Acknowledgement ID No 20812220081437 from female complainant R/o Libaspur Delhi. The complainant stated that she had come across a person namely Kamal Sharma through online mode who used to run an NGO namely “We Eliminate poverty Now”. After some time, he introduced himself as an Air Force gazetted Officer (Flying Lieutenant) and defraud her 12 Lakhs in the name of Job in INDIAN AIR FORCE).
Kamal Sharma sent a letter for medical examination and letter of appointment to the complainant via WhatsApp and mail. After a long time when she had lost her hope to have a job in Air Force, she started requesting her money back from the accused but in vain. Thereafter she got above complaint lodged. After a preliminary enquiry an FIR has been registered in the matter and investigation was taken up.

Sensing the gravity of offence, a team headed by SHO/PS Cyber Crime/Outer North District Insp. Raman Kumar Singh comprising Insp Devendra Kumar, Sub Inspector Jagdeep Nara, HC Sandeep, HC Vinod, HC Manoj & Ct Vikash was constituted under overall supervision of ACP/Operation Sh. Yashpal Singh by undersigned.

Mr. Ravi Kumar Singh, IPS, DCP, said, during investigation the complainant provided the WhatsApp chat history screenshots, mail id details, bank & UPI transactions history. The alleged person Kamal Sharma used to communicate to complainant only via WhatsApp calls and chats. The details were sought from WhatsApp, Banks and Wallets. On the technical leads the alleged Kamal Sharma S/o Sh Prithvi Sharma R/o-Vikas Vihar, West Delhi. Age 39 Years was traced out at Bangalore in a hotel with fake Identity Card of Flying Lieutenant and three smart phones.
Mr. Ravi Kumar Singh, IPS, DCP, said, during investigation the complainant provided the WhatsApp chat history screenshots, mail id details, bank & UPI transactions history. The alleged person Kamal Sharma used to communicate to complainant only via WhatsApp calls and chats. The details were sought from WhatsApp, Banks and Wallets. On the technical leads the alleged Kamal Sharma S/o Sh Prithvi Sharma R/o-Vikas Vihar, West Delhi. Age 39 Years was traced out at Bangalore in a hotel with fake Identity Card of Flying Lieutenant and three smart phones.
As per investigation carried out so far three case FIRs (703/2016 U/S- 420/406IPC P.S- Bindapur Delhi,76/2021 U/S 419/420 IPC PS Adarsh Mandi Shamli UP & 178/2018 U/S 420/467/468/471/120B IPC PS Garhipuktha Shamli UP) were found registered against him and he remained in jail for 11 months in Adarsh Mandi Police Station Case and a non bailable warrant has been issued from the Hon’ble ACJM Shamli Court in case of Garhipuktha case.
After that he got arrested and his transit remand was taken & he was brought to Delhi. Sensing the gravity of case further raids were conducted at accused rented accommodations at Chhatarpur New Delhi and recovered INDIAN AIR FORCE uniform (with name plate, Ranks, Badges, Caps), Air pistol gun with 5 cartage, different stamps, IAF letter heads, call letters, IAF family dependent card, Laptop, printer, finger print scanner, Dongle, Pen Drive, SIM Card, Stethoscope, other incriminating documents.
The accused is a habitual offender (Three FIRs registered against him one at Delhi & two at UP) and impersonates himself as Flying Lieutenant in IAF.
He was well versed with the internal information of Indian Airforce and using it for defrauding people in the name of a lucrative career in IAF. He has many people in the name of providing job in IAF. In order to unearth the whole scam 07 days PC remand of accused taken and a joint interrogation by Army intelligence and Delhi Police was carried out.
Modus Operandi: – In the investigation done so far it has been revealed that accused Kamal Sharma portray himself as Fight Lieutenant in Indian Air Force and used to cheat the unemployed youth in the name of providing them with job opportunity in Indian Air Force. He used to run an NGO “We Eliminate Poverty Now” since 2016 and organised camps at UP, Haryana and Rajasthan in order to induce, influence youth. He used to take candidates at different cities like Bangalore, Chennai, Hyderabad, Ahmadabad, Jodhpur, Jaipur, Jaisalmer, Goa, Kochi, Bidar, Patna, Jammu and Belgaum. He used to meet people in IAF uniform in order to influence, induce them.
KNOW THE ACCUSED: He has passed his 12th exam from a school in Uttam Nagar and done Diploma in Electronics from an Institute in Janakpuri. He can speak English proficiently and living an imposter Flight lieutenant’s life since 2016.
RECOVERY:   INDIAN AIR FORCE Uniform (with name plate, Ranks, Badges, Caps), Fake Identity Card of Flying Lieutenant, 4 smart mobile phones, Air pistol with 5 cartridges,, 5 stamps of Air Force offices,  IAF letter heads, call letters,, IAF family dependent card, Laptop, printer, finger print scanner, Dongle, Pen Drive, SIM Card, Stethoscope, other incriminating documents used in recruitment.
Investigation of the case is in progress.

source

Africa’s financial sector must take five vital steps to shore up governance and maintain stakeholder trust as financial institutions have become prime targets for cyber criminals, according to AFIS.
By Franck Kie, Clement Combary, Ali El Azzouzi & Nvalaye Kourouma
A report by cyber security firm DataProtect highlights that at least 85% of financial institutions have already fallen victim to cyber-attacks. The 2022 African Financial Industry Barometer by consultancy firm Deloitte has shown that cybercrime is the number one fear of bankers. 
Exposed to the risk of financial loss, credibility with their stakeholders and sanctions from the regulatory authorities, financial institutions now have no choice but to arm themselves against cybercrime. 
Cybersecurity must be at the heart of the strategic agenda. Following a work done by AFIS, the leading platform for African Financial Industry Leaders, we have identified five priorities to achieve a secure African financial services sector.

Given the scale of cyber threats, African financial institutions need to invest heavily in protecting their sensitive data to ensure stakeholder confidence. To do this, they should create dedicated cyber security departments structured into specialised sections. 
It is also important that FIs recruit Information Systems Security Managers (ISSMs) responsible for IT security and Information Systems Directors (ISDs) who will actively work on incident prevention, detection and response.
  
Raising staff awareness of how to identify and anticipate cyber threats is an obligation for African financial institutions. Cyber security issues are still unclear to many employees and there is a lack of local expertise in the field. Therefore, financial institutions should encourage continuous training in this area by partnering with leading companies in the field and regularly assess the maturity of their staff on cyber issues.

Governments should encourage the cybersecurity efforts of African financial institutions by building a regulatory framework that specifically addresses the cybersecurity issues of African financial institutions. They could develop policies that support annual penetration testing and procedures for vulnerability management to assess that cybersecurity risks are appropriately managed.

It is essential to invest in human capital in cybersecurity. People today need to take ownership of digital tools without fear of threats. Financial institutions and governments must act together to create cybersecurity education spaces because the risks are global. Stakeholders should develop and constantly reassess best practices in the face of cyber risks.

Finally, despite all the prevention and detection measures, it is imperative never to minimise cyber risks. Technologies are rapidly evolving, becoming more complex and multiplying and our current processes may fail tomorrow. In the future, financial institutions will have to be even more digital than they are today. It is therefore crucial to anticipate risks and institutions must constantly monitor the sector to learn about new types of threats. The financial industry must be prepared to innovate constantly. 
Free
Check your email for your report
Check your email for your report

source

Media Release
Mangaluru, Feb 23: A traffic and safety and cyber crime awareness programme was held at government higher primary school Mannagudda on February 20 in association with Lions and Lei club Netravati Mangaluru, Lion Asha Nagaraj president, Lion Vidya Shetty Secretary, Lion Mandakini Quest coordinator, Lion Vinaya Leo coordinator, Lion Gayathri Hegde Dc for childhood cancer, Ganesh H M Mohan Shetty president, social worker, Mangalore city Traffic police, and CyberSapiens Mangaluru.
Geetha Kulakarni, ACP (Traffic) Mangaluru city, Vijay Kanchan, ASI (CEN Police Station), and Shashidhar Patgar, operation manager CyberSapiens were present.









The session covered topics on how to make the best use of social media and how to use the internet safely. Shashidhar highlighted the Do’s and Don’ts on the internet, A few important sections of the IT ACT 2000, and tips to be safe and secure from the cyber crimes with case studies, guidance on never to share OPT and banking related frauds too were spoken about. Information about a few common cyber-attacks such as phishing, were also discussed which would help the students understand the need and value of cyber education.
In addition to this ACP, Geetha Kulakarni spoke about the importance of traffic rules and regulations.
CyberSapiens could be contacted for such awareness sessions or workshops, audits, forensics analysis, etc, and seek their support on these areas. www.cybersapiens.in / +91 6364011010
 
 
 
Mangaluru: Traffic, safety, cyber crime awareness programme held – what an ape show..we have pick-up vehicles with oversized loads, trucks with no tread on the tyres, buses that are over-speeding, and auto drivers that think they are Steven Seagal…the police do nothing and they are holding a traffice awarness programme. Wake up to reality and do your job instead of this crap.
Disclaimer:
Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.
Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.
Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.
Daijiworld Residency,
Airport Road, Bondel Post,
Mangalore – 575 008 Karnataka India
Telephone : +91-824-2982023.
General Enquiry: office@daijiworld.com,
News & Info : news@daijiworld.com
Kishoo Enterprises,
3rd Floor, Mandavi Trade Centre, Kadiyali, Udupi – 576 102
Telephone : 0091-820-4295571
E-mail : udupi@daijiworld.com
Daijiworld Middle East FZE,
P.O.Box: 84772, Dubai, UAE
Tel: 971-50-6597629
Fax: 971-4-2639207
Email: dubai@daijiworld.com
Copyright &copy 2001 – 2023. All Rights Reserved.
Published by Daijiworld Media Pvt Ltd., Mangalore.
Powered by ATC Online LLP

source

The Home of the Security Bloggers Network
Home » Security Bloggers Network » Top Russian Cybercrime Forums in 2023
Cybercrime forums provide an outlet for threat actors to coordinate, exchange information, and conduct illicit trades. Often hosted on the dark web (but sometimes accessible via the clear web), these forums are hubs of malicious activity. The typical structure of a cybercrime forum sees a dedicated marketplace section that facilitates the sale of stolen credentials, ransomware-as-a-service, and malware while a separate section is reserved for general cybercrime discussions. 
It’s no secret that Russia is a veritable capital of cybercrime activity. Recent analysis suggests 74 percent of ransomware revenue goes to Russia-linked threat actors. Beyond for-profit cybercrime, Russia also has a well-documented history of conducting state-sponsored cyber warfare. 
From a threat intelligence standpoint, it’s beneficial to monitor cybercrime forums for mentions of your organization. Monitoring these forums can provide indications of an impending attack on your company or reveal user credentials for sale, whose accounts you can then preemptively reset before they get infiltrated. This article takes a look at the top Russian cybercrime forums worth keeping an eye on in 2023.
Exploit is one of the longest-running underground hacking forums, having been launched way back in 2005. As the name suggests, the site’s initial purpose was to provide a place for malicious actors to discuss working exploits for various vulnerabilities. Exploit naturally evolved to encompass discussions about other types of cybercrime activity, from social engineering techniques to tutorials on breaking cryptographic algorithms. 
This forum is a predominantly Russian language forum with a marketplace section where cybercriminals trade in stolen credit card details, malware, and even zero-day exploits. Explicit also functions as a cybercrime news site. Interestingly, this forum is accessible via both standard Internet browsers on the clear web and via the dark web using the Tor browser. 
To get access to and participate in forum discussions, threat actors either pay a $100 fee for automatic access or they can attempt to get free access on the condition that they’ve established a reputation on other ”friendly” forums. While these conditions technically make Exploit a closed forum, a $100 fee is unlikely to deter companies from registering fake accounts to monitor for threat intel purposes. 
Exploit admins had to deal with a breach in 2021 that saw an intruder gaining Secure Socket Shell (SSH) access to a proxy server that protected the site from DDoS attacks. This breach of the forum formed part of a wider cluster of four breaches hitting various underground cybercrime forums within a short time span. 
XSS is another closed Russian language forum that’s accessible on the clear web and dark web. Admins promise various security and anonymity features to protect registered users, including disabling IP address logs for all users and user actions and implementing encrypted private messages. There aren’t many barriers to registration on XSS—new users simply select credentials, input a valid email, answer a basic cybersecurity question, and await approval from the site’s admin.
Content on XSS relates to discussions and trades in credential access, exploits, and valuable zero-day vulnerabilities for which no security patches exist. Additional exclusive private sections on XSS require payment to access. Previously, XSS was extensively used to recruit affiliates for ransomware-as-a-service gangs, but forum admins banned ransomware topics in 2021. 
This Russian cybercrime forum’s name stems from a type of web application vulnerability known as cross-site scripting. The site used to be known as DaMaGeLaB from 2013 until the arrest of an administrator in 2018, at which point it was rebranded as XSS.
The formation of the RAMP 2.0 (Russian Anonymous Market Place) forum in 2021 has an interesting backstory, having been launched on a domain previously used by the notorious ransomware gang Babuk. 
The Babuk ransomware operation carried out ransomware attacks on Washington DC Metropolitan Police Department and The Houston Rockets basketball team. Babuk’s threat actors previously used this dark web onion domain for publishing stolen data when victims refused to cave into their ransomware demands. 
A previous version of RAMP existed from 2012 to 2018 on a different domain, but it was more centered around buying and selling illegal products. Russian law enforcement closed the first iteration of RAMP down, but a new version emerged with a focus on cybercrime. Popular forum sections include a partner program for ransomware groups, a malware section, and another section dedicated to selling access to corporate accounts. 
Registration for RAMP 2.0 requires being an active member of Exploit and XSS for at least two months. A good reputation on both forums is also essential to gain entry to RAMP. The forum’s language options have evolved from solely Russian to now include Mandarin and English.  
Verified is a popular Russian language cybercrime forum that’s been around for over a decade while Maza is an elite Russian cybercrime forum on the scene since 2003. These forums are worth discussing together because of what happened to them in early 2021.
As part of a spate of attacks on a number of Russian cybercrime forums, both Verified and Maza suffered serious breaches. In the case of Maza, forum members logging in were greeted with a message about their data being leaked and the forum being compromised. Verified suffered a similar fate, with unnamed operators hijacking the forum, and it has remained offline since. 
Breaches and takedowns of cybercrime forums don’t necessarily mean they’ll permanently shut down. These forums often reemerge after a period of time, so it’s worth watching out for any news about Verified and Maza. It is worth speculating whether the incidents that hit both forums drove the surge in recent adoption of Telegram groups as an alternative to traditional forums and marketplaces for cybercrime. Perhaps cybercriminals got spooked about members of those forums who had their usernames and email addresses made public. 
Russian cybercrime forums and other dark web domains are useful resources worth monitoring for leaked credentials and indicators of targeted attacks. However, manually monitoring the top forums is a recipe for slow remediation and noisy threat data. And, most organizations lack the resources for cybersecurity analysts to track the ever-evolving forum landscape. 
Flare’s dark web monitoring solution automates the monitoring of illicit forums and marketplaces. You also get real-time alerts if your company or assets are mentioned on the dark & clear web or if there is a high risk of account takeover detected. 
Get your free Flare trial here. 
The post Top Russian Cybercrime Forums in 2023 appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.
*** This is a Security Bloggers Network syndicated blog from Flare | Cyber Threat Intel | Digital Risk Protection authored by Yuzuka. Read the original post at: https://flare.systems/learn/resources/blog/top-russian-cybercrime-forums/
More Webinars

source

Approximately a 1-minute read
Cybercriminals are at it again – but you can take some important steps to help your personal data and the organization stay safe!
Criminals have been observed using multi-layered tactics to lure victims into believing their contact is legitimate. It’s a type of online attack known as call-back phishing. 
Here’s how it works: 
Initial contact is typically made through email. However, without any malicious attachments or links embedded in the message, the email rarely gets flagged by a company’s IT security system.
The email usually indicates some kind of immediate or urgent problem has occurred, such as a fake notification that your computer has been infected when it actually has not. The key to this type of phishing scam is that the criminal provides a call-back number, directing panicked victims to call immediately.
Once on the phone, cybercriminals employ a variety of social engineering tactics to gain a victim’s trust – and possibly compromise the person’s IT systems and devices by gathering sensitive information and/or remotely installing harmful software.
Please be diligent and play your role in helping keep the organization – and yourself – as safe as possible.
Keep current about current cybersecurity scams and fraud by visiting Safe Computing.
© Copyright 2020 Regents of the University of Michigan. Contact Michigan Medicine | Complete Disclaimer | Privacy Statement
Michigan Medicine, 1500 E. Medical Center Drive Ann Arbor, MI 48109, 734-936-4000
The Michigan Medicine Web site does not provide specific medical advice and does not endorse any medical or professional service obtained through information provided on this site or any links to this site.
You must be logged in to post a comment.

source

Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
In 2022, firms spent more than $700 billion on outsourcing. Global outsourcing spending might reach $731 billion in 2023, with IT services contributing up to 72% of total global outsourced valuations. Cost savings, greater quality, and the freedom to focus on core capabilities can all benefit the buyer of outsourced services. However, there are inherent hazards to outsourcing, one of which is that the buyer loses control over the vendor's staff, increasing the possibility of fraud. Due to India's low labor cost, highly skilled and trained personnel advantage, outsourcing of different domains and sectors will continue to rise over time in India, making it an appealing arena for fraudsters and white-collar criminals which can adversely affect a variety of business departments, including IT, HR, marketing and operations.
Cyber and Data Challenges in an IT Outsourced Environment
IT outsourcing fraud is one of the most important and prominent areas of focus for enterprises due to concerns about data protection, cybersecurity moonlighting, and so on. Large IT outsourcing service providers frequently subcontract work to small organizations in order to manage manpower and labor costs more efficiently; however, this increases the risks associated with data leakage and confidentiality.
When several IT service providers and subcontractors are engaged, organizations frequently confront siphoning off IT equipment for personal advantage and use. Although many firms keep proper inventory of their IT assets, peripheral inventory of devices such as keyboards, mice, and so on is frequently neglected.
IT outsourcing compounds the matters further because there is insufficient verification data to maintain hardware inventory and even the data available is sourced from the IT service provider involved in the siphoning off the equipment. Furthermore, even outsourced IT employees have access to critical information such as network maps and architecture, data backups, and in some cases administrative privileges on specific systems, making them an appealing target for cyber-criminals. Several large threat actor groups are known to employ IT employees (both in-house and outsourced) as potential attack vectors for reconnaissance and privileged access.
These issues are exacerbated when businesses outsource their IT infrastructure to shared cloud service providers. The level of risk faced by a company that uses a cloud service provider is a combination of internal risks and risks faced by the cloud service provider. Because of the cloud's pay-as-you-go model, even minor configuration changes knowingly or unknowingly by an organization's outsourced employees can result in significant costs.
Outsourcing Frauds in Marketing
In addition to IT, many Indian businesses have outsourced their marketing responsibilities in order to increase sales and boost their social media presence. There are numerous companies that claim to boost social media followers. While this may appear to be enticing, the only followers you will obtain are fake. Some digital marketing firms even claim to boost your presence on Google search results pages within weeks. They will almost definitely use illegal and unscrupulous ways to accomplish this, as significant improvements in your search rankings might take months, if not years.
Outsourcing content advertising is also a major concern for large organizations, owing to the political and religious ties of certain ad agencies, which frequently leave a bitter taste or unwelcome controversies for firms to deal with.
Data Risks Related to HR and Payroll Outsourcing
The human resources department is a vital part of any company and a veritable treasure mine of personal information. Some companies turn to HR outsourcing as a long-term fix to handle all of their HR requirements or to augment their current HR workforce. But when outsourcing is involved, there is a chance that private data, including employee information or internal corporate data, could be exposed to the risk of being secretly shared with HR providers. Organizations must also be wary of recruitment frauds, as well as phony employee or payroll scams.
Payroll fraud is a prevalent type of fraud that occurs when large multinational corporations outsource their payroll and reimbursement processes to third-party service providers. These service providers collect payroll, reimbursement, and expense information from employees and forward it to the parent/ headquarters for processing. Many service providers are known to add fraudulent personnel, irrelevant expenses, fake reimbursements, and other items to inflate the amount that is subsequently siphoned off the company's accounts without verification and a proper maker-checker procedure.
How Is Moonlighting Driven by Outsourcing?
Following the COVID-19 outbreak, organizations are grappling with the issue of moonlighting. Moonlighting involves doing a second job in addition to one's existing full-time job. Because the overwhelming majority of outsourcing service providers employ teams on a contractual basis, outsourcing various job tasks just aids individuals who moonlight. While moonlighting is a legally murky area due to present legislation, it is a severe danger to an organization's cybersecurity and data privacy. Outsourced staff working for competitors can have serious consequences for business revenue, financials, and data security.
How to Reduce Cyber and Data Risks in an Outsourced Environment?
Vendor Due Diligence: Before onboarding a vendor, it is important to perform thorough due diligence on the vendor in terms of their background checks and IT controls.
Oversight and Accountability: Large corporates sometimes outsource entire teams and departments to third-party entities, leaving little or no room for monitoring and oversight. Instead, organizations must have comprehensive oversight and accountability for all outsourced work by outsourced service providers. Access to sensitive data must be either discouraged or should be accompanied by sufficient security measures
Vendor Audits: Outsourced service providers must undergo quarterly or biannual cyber audits to detect data leaks and vulnerabilities in outsourced employee systems. Playbooks must be created to address eventualities such as moonlighting, distributing credentials on the dark web, fraudulent transactions, and so on depending on the department and services outsourced.
Service Provider Rotation: Another strategy to avoid such scans is to rotate your outsourced service providers every few years or quarters, depending on the criticality of your business functions.
Insurance: Having insurance coverage around any financial loss caused by the vendor helps in case of such occurrences.
The Indian outsourcing business handles customer support and other back-office activities for western and global corporations across job functions and sectors. The industry is creating jobs at an unprecedented rate, and its revenue is increasing year after year; yet, it is also one of the industries receiving increased scrutiny due to cyber and insider threats, and it is particularly susceptible to fraud. With India enacting its own version of the Personal Data Protection Bill, it will be critical for the outsourcing business to adhere to high data and security requirements, thereby averting some of the aforementioned scams.
This article was first written for ETCIO.com from The Economic Times. 
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
© Copyright 2006 – 2023 Law Business Research

source

Scotland’s business resilience organisation has changed its name to reflect a rising national threat from cyber crime and fraud.
The Scottish Business Resilience Centre, the not-for-profit dedicated to helping educate and support Scottish organisations to avoid the fallout from cyber crime, will from today be known as Cyber and Fraud Centre – Scotland, as it extends its focus to also include financial fraud.
The new brand comes as cyber attacks and fraud are on the rise: latest figures from Police Scotland show the number of cyber crimes in 2021-22 was nearly double that of 2019-20, and fraud has increased 86 per cent this decade.
Paul Atkinson, chair of Cyber and Fraud Centre – Scotland, said: “Over half of reported crime is related to fraud or cyber, but they’re both hugely underreported – so it’s likely they pose an even greater threat than the numbers indicate. As a nation, we are handling support for cyber crime victims well, but victim support around financial fraud is severely lacking. We need to examine how to collectively prevent and protect from this type of fraud, and the Cyber and Fraud Centre – Scotland team is well equipped to lead the conversation around this.”
Jude McCorry, CEO, said: “Financial fraud – including cyber crime – is set to be reclassified as a threat to national security, which will see it treated as seriously as terrorism and civil emergencies. We’ve seen a huge increase in this type of crime over the past year, and a lot of victims don’t get the support they need, which is why we’ve added fraud to our organisation’s purpose.
“Cyber crime such as cyber attacks and financial fraud often cause businesses to pause operations; ransomware attacks prevent them from accessing their systems and financial fraud could render them unable to pay wages and suppliers. This can be devastating for small businesses and charities in particular, who may end up ceasing operations entirely.
“We’ve renamed ourselves Cyber and Fraud Centre – Scotland in recognition of our enhanced focus on empowering and educating organisations across the country on the risks caused by cyber crime and fraud. The name also clarifies what we do and means we are holding ourselves accountable and committed to tackling cyber crime and fraud to make Scotland a safer place to do business.”
Scottish Legal News is your daily service for the latest news, jobs and events, delivered directly to your email inbox.

source