Geek-Guy.com

Author: Josh Breaker-rolfe

In conversation with Jamie Akhtar, CEO and co-founder of CyberSmart

Jamie Akhtar, aside from being the CEO and co-founder of CyberSmart, is a veritable titan of the cybersecurity industry. From cutting his teeth in New York serving as CTO for investment firms and gaming companies, to turning his attention to the underdogs, Jamie has a refreshing and unique take on the industry at large.  Can […]

The post In conversation with Jamie Akhtar, CEO and co-founder of CyberSmart appeared first on IT Security Guru.

Salt Security Helps bpLaunchpad Reimagine energy by Enabling API Based Innovation

bp Launchpad, the in-house business accelerator for bp, has selected Salt Security as its technology solution for API security.  The business accelerator aims to strengthen energy resilience by aiding in the growth of global startup companies within the renewable energy sector. The companies involved are digitally-led and help deliver cleaner, more affordable, and reliable energy. […]

The post Salt Security Helps bpLaunchpad Reimagine energy by Enabling API Based Innovation appeared first on IT Security Guru.

Security pros believe cybersecurity strategies will soon be obsolete

Crossword Cybersecurity Plc has released a report highlighting anxieties surrounding security strategies soon growing outdated. Over 200 CISOS and senior cybersecurity professionals were surveyed. Key findings include: 40% of respondents expect their current cybersecurity strategy be outdated in the next two years. A further 37% expected their current cybersecurity strategy be outdated in the next […]

The post Security pros believe cybersecurity strategies will soon be obsolete appeared first on IT Security Guru.

Insider threats caused 68% of legal sector breaches

Insider threats were responsible for 68% of data breaches at UK law firms, according to new research from the Information Commissioner’s Office (ICO). ICO Data from Q3 2021 was analysed by NetDocuments found that only 32% of breaches in the legal sector were caused by outside threats. Other key findings include: 54% of data breaches […]

The post Insider threats caused 68% of legal sector breaches appeared first on IT Security Guru.

Privacy focused browser allows Microsoft trackers

DuckDuckGo, a privacy focused web browser, has come under fire for allowing Microsoft trackers on third-party sites as part of their syndicated search content contract with the company. The search engine takes pride in not tracking user searches or behaviour, and not building user profiles to display targeting advertising, instead using contextual advertisements from their […]

The post Privacy focused browser allows Microsoft trackers appeared first on IT Security Guru.

US government lacks ransomware data

A new report from the United States Senate Committee on Homeland Security & Governmental Affairs has revealed that the US government lacks comprehensive data on ransomware attacks. Notably, the report shows that authorities are largely in the dark as to how much is lost in ransom payments. The report is the culmination of a 10-month investigation into […]

The post US government lacks ransomware data appeared first on IT Security Guru.

Cyberattack on General Motors exposes customer data

US automobile behemoth General Motors (GM) has confirmed that it suffered a credential stuffing attack last month. GM said that it detected malicious login activity between April 11-29 2022, resulting in the exposure of customer information and allowing hackers to redeem gift card reward points. GM sent a data breach notification to affected customers, saying: […]

The post Cyberattack on General Motors exposes customer data appeared first on IT Security Guru.

Clearview AI fined £7.5m for harvesting data

Clearview AI has been fined by the UK’s Information Commissioner’s Office (ICO) for breaking UK data protection laws. The £7.5m fine is a huge reduction from the £17m the ICO initially planned to fine the web-based intelligence platform in November 2021. The initial fine was proposed following a joint investigation conducted in accordance with the […]

The post Clearview AI fined £7.5m for harvesting data appeared first on IT Security Guru.

Chinese hackers caught spying on Russian defence institutes

A minimum of two research institutes in Russia and third likely in Belarus have suffered an espionage attack carried out by a Chinese nation-state advanced persistent threat grout (APT).  Codenamed “Twisted Panda,” the attacks come in the wake of Russia’s military invasion of Ukraine, an event that has prompted many threat actors to switch tactics […]

The post Chinese hackers caught spying on Russian defence institutes appeared first on IT Security Guru.

Cryptocurrency scammers use Elon Musk deep fake

Deep fakes depicting videos of Elon Musk and other prominent figures in the cryptocurrency scene are promoting a BitVex trading platform scam that steals deposited currency. The spoof BitVex crypto trading platform claims to be owned by Tesla CEO Elon Musk, saying in the deep fake that he created the site to allow investors to […]

The post Cryptocurrency scammers use Elon Musk deep fake appeared first on IT Security Guru.

Conti ransomware group disbands

Conti ransomware gang has shut down their operation, taking infrastructure offline and informing team leaders that the brand ceases to exist. Yelisey Boguslavskiy, head of research at Advanced Intel, tweeted yesterday that the gang’s internal infrastructure had been switched off. Although public-facing ransom negotiation sites and the “Conti News” data leak are still online, Boguslavskiy […]

The post Conti ransomware group disbands appeared first on IT Security Guru.

Two million Texans have their details exposed

A programming issue at the Texas Department of Insurance (TDI) exposed the personal information of nearly two million Texans for nearly three years. The department revealed that information such as Social Security numbers, addresses, dates of birth and phone numbers was made publicly available from March 2019 to January 2022. The information belongs to 1.8 […]

The post Two million Texans have their details exposed appeared first on IT Security Guru.

North Korean devs go undercover to aid DPRK hackers

US authorities have warned that the Democratic People’s Republic of Korea (DPRK) is sending IT workers to get freelance jobs at companies worldwide, with the goal of obtaining privileged access that could be used to open the door for cyber intrusions. Thousands of “highly skilled IT workers” have been directed or forced to target freelance […]

The post North Korean devs go undercover to aid DPRK hackers appeared first on IT Security Guru.

Omnicell healthcare company hit by ransomware

Omnicell, a US based multinational healthcare company, has confirmed it suffered a data breach in the a wake of a suspected ransomware attack. The company disclosed the ransomware attack on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission (SEC). In the filing, Omnicell stated: “Our IT systems and third-party cloud […]

The post Omnicell healthcare company hit by ransomware appeared first on IT Security Guru.

Cyber attacks cause national emergency in Costa Rica

Rodrigo Chaves, President of Costa Rica, has declared a national emergency following a series of cyberattacks on government bodies. According to BleepingComputer, Conti has published the majority of the 672 GB of data appearing to belong to Costa Rican government agencies. Chaves signed the declaration into law on Sunday, May 8th, the same day that […]

The post Cyber attacks cause national emergency in Costa Rica appeared first on IT Security Guru.

1000s of phishing emails sent from NHS inboxes

New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period. The firm has claimed that the campaign, beginning October 2021, escalated “dramatically” in March of this year. After the findings were reported to the NHS on April 13, Inky reported that […]

The post 1000s of phishing emails sent from NHS inboxes appeared first on IT Security Guru.

NCSC updates build environment best practices

The National Cyber Security Centre (NCSC), working alongside the Institute of Engineering and Technology (IET) and the UK’s Centre for the Protection of National Infrastructure (CPNI), has developed new document providing best practices for those involved in the design, management, operation and security of building-related systems. The Code of Practice: Cyber Security in the Built […]

The post NCSC updates build environment best practices appeared first on IT Security Guru.

SEC bolsters cyber and crypto assets team

The Securities and Exchange Commission (SEC) has made serious improvements to its in-house cryptocurrency and cybersecurity skills. The move comes as an attempt to improve investor confidence and enhance the transparency of listed companies. 20 additional positions have been added to the regulator’s newly renamed Crypto Assets and Cyber Unit. Previously known as the Cyber […]

The post SEC bolsters cyber and crypto assets team appeared first on IT Security Guru.

Cyber-espionage group targets Asian telecomms

Researchers at Sentinel Labs have identified a new cluster of malicious cyber activity tracked as Moshen drago, with its efforts aimed at telecommunication service providers in Central Asia. The new threat group does have overlaps with “RedFoxtrot” and “Nomad Panda,” notably including the use of ShadowPad and PlugX malware variants, their activities’ differentiate enough to […]

The post Cyber-espionage group targets Asian telecomms appeared first on IT Security Guru.

Spyware discovered on Spanish PM’s phone

Spyware has been found on the mobile phones of Pedro Sánchez, prime minister of Spain, and Margarita Robles, the country’s minister of defence. The Spanish government revealed in a press conference given Monday morning that the phones had been infected withy Pegasus spyware, extracting data from both devices. Félix Bolaños, the minister for the presidency, […]

The post Spyware discovered on Spanish PM’s phone appeared first on IT Security Guru.

FBI sounds alarm on BlackCat ransomware

The US Federal Bureau of Investigation (FBI) has issued a warning regarding the BlackCat ransonware-as-a-service (RaaS). The ransomware is reported to have hit at least 60 entities globally since its emergence in November of last year to March 2022. Also known as ALPHV and Noberus, BlackCat is notable for being the first malware ever written […]

The post FBI sounds alarm on BlackCat ransomware appeared first on IT Security Guru.

Five-Eyes issues Russian cyberattack warning

The Five-Eyes joint advisory board has warned that Russia is considering cyber attacks on Western nations as part of its war in Ukraine. Five-Eyes agencies have said several Russian government and military organisations, including the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the General Staff Main Intelligence Directorate (GRU), have conducted malicious […]

The post Five-Eyes issues Russian cyberattack warning appeared first on IT Security Guru.

UK government staff hit with billions of malicious emails in 2021

New research from Comparitech has revealed that UK government employees received 2.4 billion malicious emails in 2021. This equates to around 2400 emails per employee, per year. The tech research firm acquired this information through Freedom of Information Requests. Perhaps more concerning, it’s estimated that employees across 260 organisations clicked 57,000 suspicious links over 2021. Assessed […]

The post UK government staff hit with billions of malicious emails in 2021 appeared first on IT Security Guru.

LinkedIn the most impersonated brand for phishing attacks

Research carried out by Check Point Research (CPR) has revealed that LinkedIn is the most impersonated brand for phishing attacks. In its 2022 Q1 Brand Phishing Report, CPR revealed that phishing attacks impersonating LinkedIn made up 52% of all attempts globally in the first quarter of 2022. This is a 44% increase when compared to […]

The post LinkedIn the most impersonated brand for phishing attacks appeared first on IT Security Guru.

Blockchain companies warned of North Korean hackers

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the Treasury Department have all warned of new, ongoing attacks targeting blockchain companies, carried out by the Lazarus Group. The activity cluster has been dubbed TraderTraitor, involving the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the […]

The post Blockchain companies warned of North Korean hackers appeared first on IT Security Guru.

Researchers say Pegasus spyware targeted UK PM

The UK Prime Minister’s Office has been targeted by Pegasus spyware over the past two years. Citizen Lab, a Canadian non-profit, has been tracking the use of the spyware, produced by Israel’s NSO group, in recent years. NSO Group is being sued by WhatsApp and Apple as their customers were targeted by the covert malware. It also […]

The post Researchers say Pegasus spyware targeted UK PM appeared first on IT Security Guru.

Microsoft disrupts ZLoader Cybercrime Botnet

A global consortium of cybersecurity companies have collaborated with Microsoft to disrupt the Zloader botnet. The operation succeeded in seizing control of 65 domains used to control and communicate with infected hosts. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based […]

The post Microsoft disrupts ZLoader Cybercrime Botnet appeared first on IT Security Guru.

Wind turbine giant hacked

Nordex Group, a major German wind turbine manufacturer, suffered a cyberattack on the 31 March 2022. According to Nordex, the attack was discovered early by IT security teams, who reacted quickly. The company has announced that IT systems across multiple locations and business units were shut down as part of their response protocols. The company […]

The post Wind turbine giant hacked appeared first on IT Security Guru.

600k worth of crypto stolen by ethical hacker

Authorities in Pinellas Park, Florida have arrested 27-year old Aaron Daniel Motta after he allegedly stole a client’s Trezor hardware wallet and its password while providing security assistance. Motta is a “certified ethical hacker”, and has been charged with grand theft and other computer offenses. The accused is currently self employed and owns Motta Management […]

The post 600k worth of crypto stolen by ethical hacker appeared first on IT Security Guru.

RaidForums hacker forum domain seized

RaidForums, one of the world’s largest hacking forums, has been raided and taken down by an international law enforcement operation. The forum was notorious for selling access to stolen personal information. The operation, dubbed “Tourniquet”, involved authorities from the US, UK, Sweden, Portugal and Romania. The investigation culminated in the arrest of the forum’s administrator […]

The post RaidForums hacker forum domain seized appeared first on IT Security Guru.

CISA warns of Russian state hackers exploiting WatchGuard bug

The Cybersecurity and Infrastructure Security Agency has warned of Russian state actors exploiting a bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, reportedly exploited the high severity privilege escalation flaw (CVE-2022-23176) to develop a new botnet, dubbed “Cyclops Blink”, […]

The post CISA warns of Russian state hackers exploiting WatchGuard bug appeared first on IT Security Guru.

Pegasus spyware targeted EU officials

Several senior European Union (EU) officials were reportedly targeted with Pegasus spyware last year. Among those targeted were European Justice Commissioner Didier Reynders and at least four other commission staff. Reuters has said that it was notified of the claims by two EU officials and documentation it had reviewed. The EU commission reportedly became aware […]

The post Pegasus spyware targeted EU officials appeared first on IT Security Guru.

Fox News leaks 13 million internal records

Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees’ personally identifiable information, belonging to Fox News. The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left […]

The post Fox News leaks 13 million internal records appeared first on IT Security Guru.

Zoom paid $1.8 million in bug bounty rewards in 2021

Zoom has awarded researchers $1.8 million in bug bounties over 2021, and $2.4 million since the programs launch. Bug bounties have emerged as a popular cybersecurity method recently, amidst the industry’s skill shortage. Estimates suggest that there will be roughly 3.5 million unfilled job openings by 2025 in the US alone. Zoom has experienced a […]

The post Zoom paid $1.8 million in bug bounty rewards in 2021 appeared first on IT Security Guru.

Electric vehicle chargers hacked to show pornography

Electric vehicle owners in the Isle of Wight, UK, were surprised yesterday when public charging points displayed pornography. Service screens at the council-owned car parks across Quay Road, Cross Street, Cowes and Moa Place, Freshwater were supposed to display the council website, but hackers changed several of them to show explicit images. The Isle of […]

The post Electric vehicle chargers hacked to show pornography appeared first on IT Security Guru.

Cash App notifies 8 million customers of data breach

Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing […]

The post Cash App notifies 8 million customers of data breach appeared first on IT Security Guru.

Germany closes Russian “Hydra” darknet marketplace

The Hydra Market, a Russian-language darknet marketplace formerly specialising in the sale of illicit drugs, forged documents, intercepted data and illegal digital service, has been shut down by German Federal police. Working in conjunction with the United States Justice Department, authorities closed German servers of the marketplace on Tuesday, seizing $25m in Bitcoin of alleged […]

The post Germany closes Russian “Hydra” darknet marketplace appeared first on IT Security Guru.

The Works closes stores after cyber attack

The Works has reported that five of its 526 shops were forced to close last week as hackers gained access to its computer systems and caused issues with its tills. While customers are experiencing longer delivery times for online orders, the company has said that no shoppers’ payment details had been compromised. The Works said […]

The post The Works closes stores after cyber attack appeared first on IT Security Guru.

New attack method could disrupt electric vehicle charging

Academics from the University of Oxford and Armasuisse S+T have identified a novel attack technique targeting the widely-used Combined Charging System (CCS). They say the method could potentially disrupt the ability to charge electric vehicles at scale. The “Brokenwire” attack method meddles with the control communications between the vehicle and charger, wirelessly aborting charging from […]

The post New attack method could disrupt electric vehicle charging appeared first on IT Security Guru.

Spanish energy giant hit by data breach

Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID […]

The post Spanish energy giant hit by data breach appeared first on IT Security Guru.