Author: rescue@crimefire.in

Australian online retail marketplace MyDeal has confirmed that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, has confirmed that it will be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said in a statement that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber-attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.
There has been no risk of compromise of Woolworth Group platforms, as the MyDeal data network and CRM system is operated on a separate network to its parent company.
CEO of MyDeal, Sean Senvirtne, said: “We apologize for the considerable concern that this will cause our affected customers. We have acted quickly to identify and mitigate unauthorized access and have increased the monitoring of networks. We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”
Pietre van der Merwe, group chief security officer at Woolworths, added: “Woolworths Group’s cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response.”  
February 21 – 22, 2023
Free CS Hub Online Event
22 February, 2023
Online
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM SGT
2023-03-08
10:00 AM – 11:00 AM EST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

fabioberti.it – stock.adobe.com
While cyber leaders overwhelmingly believe their organisations have a strong security culture, new figures compiled by email security specialist Tessian have revealed that they may be deluding themselves, exposing an alarming disconnect between security pros and the rest of the business.
With three-quarters of UK and US organisations having experienced some kind of cyber incident in the past year, a significant proportion of employees seem to regard training exercises as something to be endured, rather than engaged with.
The report, How security cultures impact employee behaviour, found that while 85% of employees participate in security awareness or training programmes, 64% don’t pay full attention and 36% consider their organisation’s security training boring.
Overall, the report found a general consensus among security leaders over what goes into making up a strong security culture, but with incident volumes remaining stubbornly high, Tessian said it was clear that those at the top had a lot more work to do.
“Everyone in an organisation needs to understand how their work helps keep their co-workers and company secure,” said Kim Burton, head of trust and compliance at Tessian. “To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work.
“It is the security team’s responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows.
“Secure practices should be seen as part of productivity. When people can trust that security teams have their best interest at heart, they can create true partnerships that strengthen security culture.”
The report showed how training exercises – which in many firms comprise little more than “home-brewed” PowerPoint presentations cooked up by legal and compliance experts who have no real understanding of how people engage with educational materials – are failing to impact employees across the board.
For example, 30% of respondents said they didn’t think they had a personal role to play in keeping their company secure, while 45% did not know how to, or who to, report a security incident, and only one in three said they were satisfied with their IT or security team’s communications.
Meanwhile, over half of respondents said they saw nothing inherently risky in actions such as downloading apps to work devices, sending sensitive data to their own personal email accounts, sharing passwords internally, or connecting to open or public Wi-Fi networks on work devices.
And even when it came to clearly risky actions, such as clicking on links in emails from unknown sources or opening unsolicited attachments, leaving work devices unlocked and unattended and reusing passwords, well over 40% of respondents said they didn’t see a problem.
A big source of disconnection seemed to be a tendency among leadership to use security training to spread fear and uncertainty as a motivator.
For example, half of respondents to Tessian’s study claimed to have had a “negative experience” with a phishing simulation, as evidenced by the 2021 story of a phishing test at West Midlands Trains which went disastrously wrong.
The test appeared to be an email from company leadership detailing a thank-you bonus for employees who had worked through the pandemic, and many people clicked on the link, only to find themselves being ticked off for being insufficiently security-conscious. Union officials described the stunt as “crass and reprehensible”.
According to Karen Renaud, chancellor’s fellow at the University of Strathclyde, and Marc Dupuis, assistant professor at the University of Washington Bothell, such tactics can “cripple employee decision-making, creative thought processes, and the speed and agility that businesses need to operate in today’s demanding world”.
Tessian said there were several things security leaders should be doing to engage employees better with cyber security procedures.
For example, security leaders need to play more of an active role at key touchpoints during an employee’s “journey” with the organisation, such as onboarding, role or office changes, and offboarding. Tessian said onboarding new hires represents a great opportunity to capture people’s imagination before they become cynical and jaded, while more thoughtful and comprehensive offboarding processes can help prevent critical data going missing when someone leaves.
Another thing every security leader should be doing as a matter of course is to establish clear and regular lines of communication across the entire organisation, paying close attention to how much information they share, who it comes from, via what channels, and how frequently.
Tessian offered four key pointers on how to do this effectively:
Finally, it said, there are technological solutions which, sensibly deployed, can help establish cyber “self-efficacy” within the organisation.
Tessian’s report was compiled using data gathered by OnePoll, which surveyed 500 IT security leaders and 2,000 working professionals in the UK and the US.

The U.S. government has released a report outlining plans to build a National AI Research Resource democratizing access to AI …
For the first time in two years, tech employment didn’t grow in January, thanks to tech company layoffs. But the shift to digital…
Smart contracts, automated content creation, targeted advertising, community building and metaverse-like experiences are some of …
TechTarget’s Enterprise Strategy Group offers the main takeaways from the first vendor-neutral CloudNativeSecurityCon designed …
Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos’ new ‘Year in …
While the domain registrar said it was not breached directly, it did confirm its third-party email system was compromised Sunday …
Extreme Networks extends its SD-WAN network fabric to the edge to unify wired, wireless and WAN networking for simpler network …
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
API integration, machine learning and AIOps are vital to achieve the benefits of SD-WAN automation, which include better network …
Organizations stand to benefit from the compute power of quantum computing as it develops. The tech has potential uses in supply …
When organizations go green in their data center, they will have to measure the facility’s efficiency and environmental impact. …
AMD reported a rise in fourth-quarter revenue, along with expectations for a much-needed surge in demand for PCs in the second …
Enterprise Strategy Group research shows organizations are struggling with real-time data insights. A single source of truth can …
The vendor is the creator and lead sponsor of the open source InfluxDB database and plans to use the new funding to further …
Organizations are using cloud technologies and DataOps to access real-time data insights and decision-making in 2023, according …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

While government organisation and key Indian Institutions continue to be under constant threat and attack like the recent AIIMS episode, the Jamtara like model have now proliferated in the country.
Published: 17th January 2023 07:46 AM  |   Last Updated: 17th January 2023 07:46 AM   |  A+A A-
Image for representational purpose for cyber crimes. ( File Photo)
NEW DELHI:  The Union Home Ministry has instructed all state and UT police chiefs to encourage organising hackathons regularly to develop new innovative technologies for speedy disposal of cases and build capacity in the virtual segment to deal with increased instances of cyber attacks and OTT related crimes.

“Though the police of different states have been organising hackathons, the move assumes importance amid directives from the Prime Minister’s Office to proactively organise hackathons to promote young talents and use their capabilities to develop better software and platforms to crack complex cases and also deal with the increase instances of cyber security breaches,” source in the ministry said.
“Hackathons are very imaginative way where professional are invited not only to create new innovative software, but also try and breach the security of a system to try and find out about the vulnerabilities and then go ahead and fix those gaps and make the system more cyber secure,” says SC lawyer and cyber law expert Pavan Duggal.
While Karnataka state police is preparing to organise a two-day hackathon this month at IIT Bangalore, offering a Rs 50,000 reward for the winner, the TN police which organised a similar event in December 2022, using the coding skills of the participants in cracking cases.
“Hackathons primarily focus on subjects like crowd sourcing of records, fraud app detection, criminal spotting using facial recognition, fraud app detection among others,  using tools like artificial intelligence, machine learning data science etc.,” said an MHA official.
Hackathons are definitely a good way of capacity building especially in an age where cyber security is a big challenge with cybercrime, including hacking, ransomware attack, personal data breach and cyber fraud happening every 11 seconds, Duggal added.
While government organisation and key Indian Institutions continue to be under constant threat and attack like the recent AIIMS episode, the Jamtara like model have now proliferated in multiple pockets of the country, with Mathura, Mewat and Bharatpur being the new epicentres of cyber fraud.
O
P
E
N
Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.
The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.
Latest
‘Everything changed’: Ukrainians look back on a year of war
If nothing to hide, why is govt running away from JPC probe into Adani issue: Jairam Ramesh
Income Tax department conducts ‘survey’ operation at BBC’s Delhi, Mumbai offices: Officials 
Adani appoints Grant Thornton for audit to come clean on Hindenburg allegations
Bus and armoured truck crash kills 20 in South Africa
‘Nothing for BJP to hide and be afraid of”: Amit Shah on Hindenburg-Adani row
The Morning Standard | Dinamani | Kannada Prabha | Samakalika Malayalam | Cinema Express | Indulgexpress | Edex Live | Events Xpress
Contact Us | About Us | Privacy Policy | Terms of Use | Advertise With Us | Careers
Home | Nation | World | Cities | Business | Columns | Entertainment | Sport | Magazine | The Sunday Standard
Copyright – newindianexpress.com 2023. All rights reserved. Website Designed, Developed & Maintained by Express Network Private Ltd.

source

A clear sky. Low 11F. Winds WSW at 5 to 10 mph..
A clear sky. Low 11F. Winds WSW at 5 to 10 mph.
Updated: February 14, 2023 @ 5:57 pm

The Montana House of Representatives is considering legislation that would update definitions in state law to make it easier to police and prosecute online crimes.
Rep. Fiona Nave, R-Columbus, is sponsoring House Bill 161 on behalf of the Department of Justice.
Definitions of computer use date in current law back to 1981 and other definitions involved with a cybercrime haven’t been touched by Legislature since 2009.
“Cybercrime is a serious threat that’s on the rise, and as we share more and more business and personal information online, criminals find new ways to steal and use that data for illegal purposes and financial gain,” Fiona said at a hearing in the House Judiciary on Jan. 10.
Nave said experts claim cybercrime generates about $6 trillion in annual revenue, which would make it the third largest economy in the world behind only the United States and China. She said the number is expected to increase by 15% annually for the next five years until the total annual revenue reaches $10 trillion.
Anne Dormady, Crime Information Bureau chief at the Montana Division of Criminal Investigation at the DOJ, said the Internet Crime Complaint Center, which is the FBI’s online center where victims can report crimes, reported that in 2021, more than 680 Montana victims reported internet crimes totaling losses of $10 million.
Supporters of the HB 161 say as technology booms, definitions from 2009 make it difficult for law enforcement, and attorneys to defend Montana citizens from cybercrimes. In current Montana law, online crimes are charged under regular theft laws or as identity theft cases.
“We have to update the law. We have to keep pace with technology,” Broadwater County Attorney Cory Swanson said.
The bill would raise the punishments for crimes involving less than $1,500 to a maximum fine of $1,500 or six months in county jail. The penalty for crimes involving more than $1,500 would carry punishments of up to 10 years in state prison or two and half times the amount of damage done.
“Since I have been standing up here, each of your data has been sold over 152 times at an average of anywhere from 25 cents to $10,” said Steve Cape, of the Montana Coalition for Safety and Justice. “I could pay $1,500 all day when I’m making $10,000.”
• • •
Caven Wade is a reporter with the UM Legislative News Service, a partnership of the University of Montana School of Journalism, the Montana Broadcasters Association, the Montana Newspaper Association and the Greater Montana Foundation. He can be reached at caven.wade@umontana.edu.
Rex’s Market
Main Street Express
Choteau Drug
Dutton Mountain View Co-op
Fairfield Mountain View Co-op
Fairfield Drug
R&L Eagle Grocery

Mailing address:
P.O. Box 320,
Choteau, MT 59422
Street address: 216 First Ave. NW, Choteau MT 59422
Telephone: 406-466-2403
Business office hours: Monday-Friday, 8 a.m.-5 p.m.
News email: acantha@3rivers.net
Advertising email: tetonads@3rivers.net

source

These 10 companies across segments such as security analytics, cloud security and application security have been on our radar in a big way at CRN, thanks to their strong momentum and channel commitment.
Rising Names In Cyber
Among the many hundreds of cybersecurity companies with products in the market, some stand out because they are the juggernauts of the industry, the vendors that everyone’s trying to beat: CrowdStrike, Microsoft, Palo Alto Networks, Zscaler. Still others stand out because they’ve got massive momentum in a key area of the market, suggesting they’re on their way to joining the ranks of the biggest names. It’s the latter type of companies we want to focus on in our picks for 10 hot cybersecurity companies that are worth watching closely in 2023.
[Related: The 10 Hottest Cybersecurity Tools And Products Of 2022]
We chose these vendors because they’ve clearly got major traction, based upon recent funding rounds (raised in a very un-ideal funding environment); notable product launches; acquisitions of innovative startups; or other big moves. These cybersecurity product companies are also making significant investments into working with channel partners, and have made solution providers a pivotal or even dominant part of how they reach and service customers.
In short, these 10 cybersecurity companies have been on our radar in a big way at CRN, and we think they should be on yours, too. They span sectors of the security market from application security and cloud security, to security analytics and confidential computing, to offerings in the categories of MDR (managed detection and response) and XDR (extended detection and response).
What follows are our picks for 10 hot cybersecurity companies you should watch in 2023.
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.

source

Search

(January 17, 2023) – UCHealth was recently informed by Diligent Corporation, known as Diligent, a software company focused on providing  business operations tools for UCHealth, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files. Importantly, UCHealth’s systems, including its email and electronic medical record, were not impacted by this incident.
UCHealth values its patients, and protecting their data is a top priority. Though we have no reason to believe the data taken from Diligent’s system went beyond the cybercriminal or was misused in any way, we are sharing this information so patients, employees, and providers may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved in this incident are being notified per state and federal reporting requirements.
Information potentially affected varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers or other financial information may have been involved, as well.
We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’, and providers’ information.
Diligent says it has taken additional steps to protect data and prevent this type of attack from happening again.
If you have any questions or need additional information regarding this incident, please call (855) 624-6798, Monday through Friday, 7:00 a.m. to 4:30 p.m. MST (excluding major U.S. holidays). Individuals can get information on protecting themselves from identity theft from the notice potentially affected individuals receive in the mail, from the Federal Trade Commission by visiting the Colorado Attorney General’s Stop Fraud website or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:
Equifax
1.866.349.5191
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374
Experian
1.888.397.3742
www.experian.com
P.O. Box 2002
Allen, TX 75013
TransUnion
1.800.888.4213
www.transunion.com
P.O. Box 2000
Chester, PA 19016

Metro Denver
720.848.0000
Northern Colorado
970.495.7000
Southern Colorado
719.365.5000
Para información en español llame al
844.945.2500
Download the UCHealth App

Keep up the excellent work maintaining your blood sugars in range.
If at any time, you feel like your management of your diabetes is slipping, please reach out to us by calling
###-###-####

source

source

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.
“In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details.
It stressed that the incident did not affect users’ Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary.
The collected information is necessary to help the company deliver the best experience with its products and services, it added. It’s unclear how many customers were affected or who was behind the hack, and why it took almost a month for the company to divulge the breach.
Aside from notifying users about the security event, Samsung stated it has taken steps to secure the impacted systems and engaged an outside cybersecurity firm to lead the response efforts.
Furthermore, it’s urging users to be on guard against potential social engineering attempts, avoid clicking on links or opening attachments from unknown senders, and review their accounts for potentially suspicious activity.
The announcement comes less than six months after Samsung confirmed a similar incident. In March 2022, it revealed that internal data, including the source code related to its Galaxy smartphones, was leaked in the aftermath of an attack staged by the LAPSUS$ extortion gang.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.
The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.
“This broad based attack against our employee base succeeded in fooling some employees into providing their credentials,” it said in a notice. “The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”
The communications giant has 268,000 active customer accounts, and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter, Uber, VMware, Yelp, and Zendesk among its clients. It also owns the popular two-factor authentication (2FA) service Authy.
Twilio, which is still continuing its investigation into the hack, noted it’s working directly with customers who were impacted. It didn’t disclose the scale of the attack, the number of employee accounts that were compromised, or what types of data may have been accessed.
Phishing schemes, both leveraging email and SMS, are known to lean on aggressive scare tactics to coerce victims into handing over their sensitive information. This is no exception.
The SMS messages are said to have been sent to both current and former employees masquerading as coming from its IT department, luring them with password expiry notifications to click on malicious links.
The URLs included words such as “Twilio,” “Okta,” and “SSO” (short for single sign-on) to increase the chance of success and redirected the victims to a phony website that impersonated the company’s sign-in page. It’s not immediately clear if the breached accounts were secured by 2FA protections.
Twilio said the messages originated from U.S. carrier networks and that it worked with the telecom service and hosting providers to shut down the scheme and the attack infrastructure used in the campaign. The takedown efforts, however, have been offset by the attackers migrating to other carriers and hosting providers.
“Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” it noted.
The San Francisco-based firm has since revoked access to the compromised employee accounts to mitigate the attack, adding it’s examining additional technical safeguards as a preventive measure.
The disclosure arrives as spear-phishing continues to be a major threat faced by enterprises. Last month, it emerged that the $620 million Axie Infinity hack was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn.
Update: Twilio, in an update to its original disclosure on August 10, said it “identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time,” and that it has notified all of them.
“There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization,” it further added, stating it’s refraining from sharing more details about the incident due to the ongoing and sensitive nature of the investigation.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

A man in his 20s was arrested in Delhi on Saturday for allegedly being part of a group that trapped a city doctor through social media and blackmailed him with threats to circulate screenshots of his purported chats with a nude person. 
Police said the accused person, identified as Caran Rastogi, was part of a “sextortion” racket. 
“First, they had befriended the complainant through a fake Facebook profile and started chatting with him online. Once the phone numbers were exchanged, the complainant received video calls on his phone from a nude person,” said an officer. 
The doctor disconnected the calls but by then the fraudsters had taken screenshots of him and the nude caller sharing the screen. 
The doctor, a resident of Phoolbagan, lodged a police complaint in September last year. 
During the investigation, the police found the video calls came from numbers in Maharashtra and Delhi. 
“According to the complaint, the doctor had transferred Rs 11 lakh to the account of the fraudsters to prevent his photographs from being circulated,” said an officer in Lalbazar.
But extortion calls kept coming even after that. 
By tracing the beneficiary account where the money had been transferred, the cops said to have zeroed in on Rastogi. 
“Out of the Rs 11 lakh, Rs 5 lakh was transferred to Caran Rastogi’s account. He received only a part of the money that has been swindled out of Rastogi,” the officer said.
“Rastogi is one of the six persons named in the FIR registered in the case. We are searching for the remaining five,” the officer said. 
Rastogi was produced in a city court on Sunday and remanded in police custody till January 28. 
Many people fall prey to such online frauds, and are trapped and then blackmailed. The police said a large number of such cases are not reported to them because victims fear embarrassment. 
“We always advise people not to answer video calls from unknown numbers or from people whom you have never met in person,” said an officer in Lalbazar. 
How to remain cautious against “friends” you have met on social media:
■ Never share personal/ intimate photographs with them
■ Never share personal details like mother’s maiden name, date of birth or bank account details with them
■ Never receive video calls from unknown numbers
■ Never transfer money to virtual friends
■ If someone tries to blackmail you, contact police
They use 82°E’s products and launch the new Gotu Kola Dew
Cakes to cookies — the special day has a lot to offer
A perfect recipe for a cosy evening!
Food blogger from London shares creative idea to make your V-Day even more special
The actor unveiled ‘Naiyo Lagda’, the first song from his upcoming film, ‘Kisi Ka Bhai Kisi Ki Jaan’
Copyright © 2021 The Telegraph Online. All rights reserved.

source