Category: Uncategorized

A clear sky. Low 11F. Winds WSW at 5 to 10 mph..
A clear sky. Low 11F. Winds WSW at 5 to 10 mph.
Updated: February 14, 2023 @ 5:57 pm

The Montana House of Representatives is considering legislation that would update definitions in state law to make it easier to police and prosecute online crimes.
Rep. Fiona Nave, R-Columbus, is sponsoring House Bill 161 on behalf of the Department of Justice.
Definitions of computer use date in current law back to 1981 and other definitions involved with a cybercrime haven’t been touched by Legislature since 2009.
“Cybercrime is a serious threat that’s on the rise, and as we share more and more business and personal information online, criminals find new ways to steal and use that data for illegal purposes and financial gain,” Fiona said at a hearing in the House Judiciary on Jan. 10.
Nave said experts claim cybercrime generates about $6 trillion in annual revenue, which would make it the third largest economy in the world behind only the United States and China. She said the number is expected to increase by 15% annually for the next five years until the total annual revenue reaches $10 trillion.
Anne Dormady, Crime Information Bureau chief at the Montana Division of Criminal Investigation at the DOJ, said the Internet Crime Complaint Center, which is the FBI’s online center where victims can report crimes, reported that in 2021, more than 680 Montana victims reported internet crimes totaling losses of $10 million.
Supporters of the HB 161 say as technology booms, definitions from 2009 make it difficult for law enforcement, and attorneys to defend Montana citizens from cybercrimes. In current Montana law, online crimes are charged under regular theft laws or as identity theft cases.
“We have to update the law. We have to keep pace with technology,” Broadwater County Attorney Cory Swanson said.
The bill would raise the punishments for crimes involving less than $1,500 to a maximum fine of $1,500 or six months in county jail. The penalty for crimes involving more than $1,500 would carry punishments of up to 10 years in state prison or two and half times the amount of damage done.
“Since I have been standing up here, each of your data has been sold over 152 times at an average of anywhere from 25 cents to $10,” said Steve Cape, of the Montana Coalition for Safety and Justice. “I could pay $1,500 all day when I’m making $10,000.”
• • •
Caven Wade is a reporter with the UM Legislative News Service, a partnership of the University of Montana School of Journalism, the Montana Broadcasters Association, the Montana Newspaper Association and the Greater Montana Foundation. He can be reached at caven.wade@umontana.edu.
Rex’s Market
Main Street Express
Choteau Drug
Dutton Mountain View Co-op
Fairfield Mountain View Co-op
Fairfield Drug
R&L Eagle Grocery

Mailing address:
P.O. Box 320,
Choteau, MT 59422
Street address: 216 First Ave. NW, Choteau MT 59422
Telephone: 406-466-2403
Business office hours: Monday-Friday, 8 a.m.-5 p.m.
News email: acantha@3rivers.net
Advertising email: tetonads@3rivers.net

source

These 10 companies across segments such as security analytics, cloud security and application security have been on our radar in a big way at CRN, thanks to their strong momentum and channel commitment.
Rising Names In Cyber
Among the many hundreds of cybersecurity companies with products in the market, some stand out because they are the juggernauts of the industry, the vendors that everyone’s trying to beat: CrowdStrike, Microsoft, Palo Alto Networks, Zscaler. Still others stand out because they’ve got massive momentum in a key area of the market, suggesting they’re on their way to joining the ranks of the biggest names. It’s the latter type of companies we want to focus on in our picks for 10 hot cybersecurity companies that are worth watching closely in 2023.
[Related: The 10 Hottest Cybersecurity Tools And Products Of 2022]
We chose these vendors because they’ve clearly got major traction, based upon recent funding rounds (raised in a very un-ideal funding environment); notable product launches; acquisitions of innovative startups; or other big moves. These cybersecurity product companies are also making significant investments into working with channel partners, and have made solution providers a pivotal or even dominant part of how they reach and service customers.
In short, these 10 cybersecurity companies have been on our radar in a big way at CRN, and we think they should be on yours, too. They span sectors of the security market from application security and cloud security, to security analytics and confidential computing, to offerings in the categories of MDR (managed detection and response) and XDR (extended detection and response).
What follows are our picks for 10 hot cybersecurity companies you should watch in 2023.
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.

source

Search

(January 17, 2023) – UCHealth was recently informed by Diligent Corporation, known as Diligent, a software company focused on providing  business operations tools for UCHealth, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files. Importantly, UCHealth’s systems, including its email and electronic medical record, were not impacted by this incident.
UCHealth values its patients, and protecting their data is a top priority. Though we have no reason to believe the data taken from Diligent’s system went beyond the cybercriminal or was misused in any way, we are sharing this information so patients, employees, and providers may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved in this incident are being notified per state and federal reporting requirements.
Information potentially affected varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers or other financial information may have been involved, as well.
We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’, and providers’ information.
Diligent says it has taken additional steps to protect data and prevent this type of attack from happening again.
If you have any questions or need additional information regarding this incident, please call (855) 624-6798, Monday through Friday, 7:00 a.m. to 4:30 p.m. MST (excluding major U.S. holidays). Individuals can get information on protecting themselves from identity theft from the notice potentially affected individuals receive in the mail, from the Federal Trade Commission by visiting the Colorado Attorney General’s Stop Fraud website or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:
Equifax
1.866.349.5191
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374
Experian
1.888.397.3742
www.experian.com
P.O. Box 2002
Allen, TX 75013
TransUnion
1.800.888.4213
www.transunion.com
P.O. Box 2000
Chester, PA 19016

Metro Denver
720.848.0000
Northern Colorado
970.495.7000
Southern Colorado
719.365.5000
Para información en español llame al
844.945.2500
Download the UCHealth App

Keep up the excellent work maintaining your blood sugars in range.
If at any time, you feel like your management of your diabetes is slipping, please reach out to us by calling
###-###-####

source

source

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.
“In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details.
It stressed that the incident did not affect users’ Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary.
The collected information is necessary to help the company deliver the best experience with its products and services, it added. It’s unclear how many customers were affected or who was behind the hack, and why it took almost a month for the company to divulge the breach.
Aside from notifying users about the security event, Samsung stated it has taken steps to secure the impacted systems and engaged an outside cybersecurity firm to lead the response efforts.
Furthermore, it’s urging users to be on guard against potential social engineering attempts, avoid clicking on links or opening attachments from unknown senders, and review their accounts for potentially suspicious activity.
The announcement comes less than six months after Samsung confirmed a similar incident. In March 2022, it revealed that internal data, including the source code related to its Galaxy smartphones, was leaked in the aftermath of an attack staged by the LAPSUS$ extortion gang.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.
The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.
“This broad based attack against our employee base succeeded in fooling some employees into providing their credentials,” it said in a notice. “The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”
The communications giant has 268,000 active customer accounts, and counts companies like Airbnb, Box, Dell, DoorDash, eBay, Glassdoor, Lyft, Salesforce, Stripe, Twitter, Uber, VMware, Yelp, and Zendesk among its clients. It also owns the popular two-factor authentication (2FA) service Authy.
Twilio, which is still continuing its investigation into the hack, noted it’s working directly with customers who were impacted. It didn’t disclose the scale of the attack, the number of employee accounts that were compromised, or what types of data may have been accessed.
Phishing schemes, both leveraging email and SMS, are known to lean on aggressive scare tactics to coerce victims into handing over their sensitive information. This is no exception.
The SMS messages are said to have been sent to both current and former employees masquerading as coming from its IT department, luring them with password expiry notifications to click on malicious links.
The URLs included words such as “Twilio,” “Okta,” and “SSO” (short for single sign-on) to increase the chance of success and redirected the victims to a phony website that impersonated the company’s sign-in page. It’s not immediately clear if the breached accounts were secured by 2FA protections.
Twilio said the messages originated from U.S. carrier networks and that it worked with the telecom service and hosting providers to shut down the scheme and the attack infrastructure used in the campaign. The takedown efforts, however, have been offset by the attackers migrating to other carriers and hosting providers.
“Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers,” it noted.
The San Francisco-based firm has since revoked access to the compromised employee accounts to mitigate the attack, adding it’s examining additional technical safeguards as a preventive measure.
The disclosure arrives as spear-phishing continues to be a major threat faced by enterprises. Last month, it emerged that the $620 million Axie Infinity hack was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn.
Update: Twilio, in an update to its original disclosure on August 10, said it “identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time,” and that it has notified all of them.
“There is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization,” it further added, stating it’s refraining from sharing more details about the incident due to the ongoing and sensitive nature of the investigation.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

A man in his 20s was arrested in Delhi on Saturday for allegedly being part of a group that trapped a city doctor through social media and blackmailed him with threats to circulate screenshots of his purported chats with a nude person. 
Police said the accused person, identified as Caran Rastogi, was part of a “sextortion” racket. 
“First, they had befriended the complainant through a fake Facebook profile and started chatting with him online. Once the phone numbers were exchanged, the complainant received video calls on his phone from a nude person,” said an officer. 
The doctor disconnected the calls but by then the fraudsters had taken screenshots of him and the nude caller sharing the screen. 
The doctor, a resident of Phoolbagan, lodged a police complaint in September last year. 
During the investigation, the police found the video calls came from numbers in Maharashtra and Delhi. 
“According to the complaint, the doctor had transferred Rs 11 lakh to the account of the fraudsters to prevent his photographs from being circulated,” said an officer in Lalbazar.
But extortion calls kept coming even after that. 
By tracing the beneficiary account where the money had been transferred, the cops said to have zeroed in on Rastogi. 
“Out of the Rs 11 lakh, Rs 5 lakh was transferred to Caran Rastogi’s account. He received only a part of the money that has been swindled out of Rastogi,” the officer said.
“Rastogi is one of the six persons named in the FIR registered in the case. We are searching for the remaining five,” the officer said. 
Rastogi was produced in a city court on Sunday and remanded in police custody till January 28. 
Many people fall prey to such online frauds, and are trapped and then blackmailed. The police said a large number of such cases are not reported to them because victims fear embarrassment. 
“We always advise people not to answer video calls from unknown numbers or from people whom you have never met in person,” said an officer in Lalbazar. 
How to remain cautious against “friends” you have met on social media:
■ Never share personal/ intimate photographs with them
■ Never share personal details like mother’s maiden name, date of birth or bank account details with them
■ Never receive video calls from unknown numbers
■ Never transfer money to virtual friends
■ If someone tries to blackmail you, contact police
They use 82°E’s products and launch the new Gotu Kola Dew
Cakes to cookies — the special day has a lot to offer
A perfect recipe for a cosy evening!
Food blogger from London shares creative idea to make your V-Day even more special
The actor unveiled ‘Naiyo Lagda’, the first song from his upcoming film, ‘Kisi Ka Bhai Kisi Ki Jaan’
Copyright © 2021 The Telegraph Online. All rights reserved.

source

Deputy Communications and Digital Minister Teo Nie Ching has announced that almost RM600 million has been lost throughout the year of 2022, as a result of cyber crime in Malaysia. She said that the data showed that cyber crime in the country was “quite serious”.
Teo Nie Ching added that the Communications and Digital Ministry (KKD) will be focusing on educating the public to become more digitally literate and not become victims. One of the steps that will be implemented is working with platforms like TikTok to promote a programme called “Stop For Three Seconds” which aims to be launched in February and March.
“The ‘three seconds’ here is to help the community to think first whether any information received is authentic or not,” she explained.
In October 2022, regulators brought up a Stop, Think, Block mantra for the public to remember whenever they get suspicious calls or messages asking for any personal and banking details. It also came with the tagline “Ingat 3 Saat Ok” (Think for Three Seconds) and the hashtag #JanganKenaScam. The government’s upcoming campaign might mirror last year’s mantra.
Late last year, the Malaysian government even reminded the public to dial 997 if they’ve been scammed. Teo even brought it up, saying that the 997 hotline was still little known by the community.
“Thus far, the 997 hotline operates 12 hours daily and it is a one-stop centre comprising representatives from Bank Negara Malaysia, private banks, MCMC, and the police, who will do their best to immediately stop the flow of victims’ money… The ministry wants to help the victims because we know if we don’t act quick enough, even though the person may eventually be caught, the victims won’t be able to get their money back,” she continued.
[ SOURCE, IMAGE SOURCE ]

source

President Biden’s new cybersecurity policy allows U.S. agencies to …  Slate
source

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server.
“TikTok prioritizes the privacy and security of our users’ data,” the ByteDance-owned company told The Hacker News. “Our security team investigated these claims and found no evidence of a security breach.”
The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database.
“Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?,” the hacking group known as BlueHornet (aka AgainstTheWest) tweeted over the weekend.
Bob Diachenko, threat intelligence researcher at Security Discovery, said the breach is “real” and that the data is likely to have originated from “Hangzhou Julun Network Technology Co., Ltd rather than TikTok.”
That said, it’s far from clear at the moment where exactly the data has come from and whether third-parties have access to this kind of information.
“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” security researcher Troy Hunt said in a tweet. “Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”
The development comes at an inopportune time, as the company continues to face mounting scrutiny for its data security practices owing to its links to China.
Update: In a follow-up statement shared with The Hacker News, the social media company reiterated its security team found no evidence of a security breach.
“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” a spokesperson for the company said.
“The samples also appear to contain data from one or more third-party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
Additionally, the Twitter account of AgainstTheWest has since been suspended and allegations of the break-in have since been modified on Breach Forums to mention that “the breach is not from TikTok, and that he most likely was lying or didn’t even investigate it before making such outrageous claims.”
“AgainstTheWest has had a long history of lying about breaches or other things (saying he’s a state-sponsored hacking group… LOL) and this was just the tipping point,” pompompurin, the actor who launched Breach Forums earlier this March, said.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source