Canadian Teen Arrested for SIM Swap That Looted $36 Million | efani SAFE?

Canadian police say the incident is ‘currently the biggest cryptocurrency theft reported from one person.

Police in Canada arrested a local teenager for stealing US$36 million in cryptocurrency from a single victim through a SIM-swapping attack.

On Tuesday, the Hamilton Police Service in Ontario reported it had arrested the unnamed “youth” following a joint investigation with the FBI and the US Secret Service.

“This is currently the biggest cryptocurrency theft reported from one person,” Hamilton police said. (Earlier this year, police in Europe arrested 10 suspects for collectively stealing $100 million in cryptocurrency through SIM-swapping attacks.)

The Canadian teen allegedly targeted a victim in the US. Details about the SIM swap attack were not revealed, but they often involve tricking a cellular provider into handing over access to the victim’s cell phone number. To pull this off, the attacker will first try to learn personal details about the victim’s background—such as ID numbers, address, and birthdate—and then try to impersonate them.

If the cellular provider falls for the trick, it’ll then duplicate a new SIM card registered to the victim’s phone number, which can be plugged into a smartphone. The attack can be particularly devastating because mobile phone numbers are often used to receive one-time passcodes to log in or reset the password for an online account.

In this case, the Canadian teen used the SIM-swap attack to do just that by intercepting the two-factor authentication codes used to log into the victim’s cryptocurrency accounts.

Hamilton Police said they began investigating the crime with US authorities in March 2020. Investigators then noticed some of the cryptocurrency stolen in the attack was used to buy “an online username that was considered to be rare in the gaming community,” which led them to identify the alleged culprit. As part of the arrest, Canadian police also seized US$5.5 million in cryptocurrency assets.

Unfortunately, traditional cell phone companies are not doing much to protect you. But it is not all bad news, there is a cellular phone company named efani that has stepped up and made it more difficult for hackers.

Replace your existing mobile service plan with a secure efani SAFE plan today, No Contract! efani is a secure mobile service with an encrypted SIM Card that secures your mobile account from potential SIM Swap vulnerabilities, your personal information, as well as $5M insurance coverage per individual in the event of loss as a result of a SIMSwap.

The SAFE plan comes with a 100% money-back guarantee for 60-days includes:

You’re protected up to $5 million for financial losses resulting from a SIM hack. (includes: Crypto, Banking, Brokerage & Other Losses)

Most Secure Mobile Phone Service Private Secure Phone Service Prevent Eavesdropping Remote Access & Location Tracking SAFE Encrypted Secure Your Identity & Phone NOW efani TheNFG.com

MNG Kargo Hacked: User Information Stolen | efani SAFE?

MNG Cargo, which has a wide transportation network in our country, announced that some of its corporate customers were attacked by cyber attacks as a result of their user names and passwords being seized. Notifying the Personal Data Protection Authority, the company announced that the names, surnames, addresses, and phone numbers of the cargo recipients were seized.

The company, which was able to detect the leak that started on August 15, on August 23, stated that the number of people affected by this situation is uncertain, and that there is no flaw in the system, and that the situation that caused the leak was due to the seizure of corporate customer accounts.

efani.net News | 500,000 Utahns’ sensitive information possibly hacked

More than 500,000 Utahns’ sensitive information was possibly hacked

More than 500,000 Utahns may have had their information hacked through a data breach reported to the federal government.

Utah Imaging Associates, Inc. (UIA), a Farmington-based radiology medical practice, learned that a hacker gained access to sensitive personal information of former and current patients. A hacker may have gained unauthorized access to the personal information of UIA’s patients.

Under privacy laws, the U.S. Department of Health and Human Services’ Office of Civil Rights must post any breach of health information affecting more than 500 people. According to their website, the Utah breach potentially affected 583,643 Utahns.

UIA first detected a network security incident on Sept. 4, 2021. They secured, remediated the network, and launched a forensic investigation. The investigation showed that some files with sensitive data were available to the hacker during the security breach.

Utahns possibly hacked, UIA responds

In a press release, UIA explained steps they have taken in response to the incident. UIA notified Utahns who may have been hacked via mail on Thursday, Nov. 18. In the notice to possible victims of the breach, UIA offered details about the incident, steps they are taking in response, and resources available to help protect against potential misuse of personal information.

According to the news release, UIA plans to offer anyone affected complimentary credit monitoring and identity theft restoration services through IDX.

UIA encourages anyone impacted to call (833) 525-2720 Monday through Friday, during the hours of 8 a.m. and 8 p.m. MST.

Twitter NASDAQ: (TWTR) CEO Jack Dorsey targeted by SIM swap | efani

How Twitter attacks probably happened

One day in 2019, Jack Dorsey started sending out a string of bizarre tweets. Jack’s followers knew his account had been compromised. What was less obvious to more than 4 million followers was how attackers took control of the Twitter CEO’s account for almost 20 minutes.

Twitter reported hackers had gained access to Dorsey’s profile by effectively stealing his mobile phone number. Jack’s number was compromised due to a “security oversight” by the carrier. While Twitter did not use the phrase “SIM swapping” in its statement, security experts attributed the attack to the popular tactic. Days later, the same thing happened to actress Chloe Moretz, who has over 3 million followers.

A scammer who knows your phone number and other personal information will call your wireless carrier pretending to be you. The scammer then requests that your number be transferred to a new SIM card they control. If successful with the impersonation the scammers gain control over your phone which then leads to your data and finances. Scammers use personal info like your birth date or your mother’s maiden name. With this vital info, the scammer can start logging into various services, like Twitter, & changing passwords.

Having taken control over your phone number, the attacker will receive messages with one-time passwords, negating the effectiveness of two-factor authentication.

Chuckling Squad claimed responsibility for the two attacks. Victims included Dorsey and Moretz along with other internet personalities like James Charles and Shane Dawson.

Twitter suffered the most high-profile attacks, Facebook, Snap, Microsoft’s LinkedIn, and Pinterest have also been attacked. These social media services rely on similar security measures, leaving their sites open to SIM hijackers. Scammers sometimes want to wreak havoc, other times they plan more nefarious intentions, such as accessing your banking credentials.

Jack Dorsey became a high-profile victim of SIM swappers in Sept 2019. Scammers are increasingly using SIM swapping to take over phones and going after online accounts. Internet companies are taking a lot of the blame, but the phone carriers are also at fault.

For Twitter, SMS hijacking is uniquely problematic because it has a feature that allows users to tweet by sending a text to the service.

efani.net | Twitter NASDAQ: (TWTR) CEO Jack Dorsey targeted by SIM swap

Unfortunately, traditional cell phone companies are not doing much to protect you. But it is not all bad news, there is a cellular phone company named efani that has stepped up and made it more difficult for hackers. efani offers the nation’s most secure mobile service and claims a 100% success rate.

Replace your existing mobile service plan with a secure efani SAFE plan today, No Contract! efani is a secure mobile service with an encrypted SIM Card that secures your mobile account from potential SIM Swap vulnerabilities, your personal information, as well as $5M insurance coverage per individual in the event of loss as a result of a SIMSwap.

The SAFE plan comes with a 100% money-back guarantee for 60-days includes:

$5 Million in insurance coverage
You’re protected up to $5 million for financial losses resulting from a SIM hack. (includes: Crypto, Banking, Brokerage & Other Losses)

As reported by CNBC in Sept 2019

 

Nvidia Inc. NASDAQ NVDA CEO Omniverse | efani SAFE?

Jensen Huang, Nvidia’s CEO, believes virtual 3-D worlds will be commonplace in the next phase of the internet and, as a result, drive major demand for the chipmaker’s new Omniverse software and its GPUs. ‘Hopefully one of these days — we’ll try to realize it as fast as we can — every transaction that goes into the internet touches a GPU,’ he said during Nvidia’s earnings call for the third quarter of its 2022 fiscal year.

Nvidia CEO Jensen Huang said the company’s Omniverse suite of software presents “one of the largest graphics opportunities” for the chipmaker yet as he expects virtual 3-D worlds will represent the next stage of the internet and drive greater demand for the company’s GPUs.

“Instead of just querying information, we would query and interact with people and avatars and things and places, and all of these things are in 3-D, so hopefully one of these days — we’ll try to realize it as fast as we can — every transaction that goes into the internet touches a GPU,” Huang said during the Wednesday earnings call for the third quarter of Nvidia’s 2022 fiscal year. “Today, that’s a very small percentage, but hopefully, one of these days will be a very, very high percentage.”

Bitcoin BTC Freefall to $56k down $1.2k off $68k high | efani SAFE?

There have been few investment assets as controversial as Bitcoin (and other cryptocurrencies). Few, if any, took them seriously when they came out in 2009. The early adopters used to trade it for free between them, and it was offered as “consolation prizes” in some early online competitions.

2021 has been great for this crypto leader so far. It has reached new heights twice in the year, and many are hoping that it crosses the US$100,000 threshold by the end of this year.

Should you sell or hold?

If you already have invested in Bitcoin, you might be wondering whether to keep holding on to the digital asset or sell it when it’s trading so near to its recent peak. The answer is not so straightforward and depends on multiple factors, including your risk appetite and what price you bought it for.

Should You buy?

The peak is not the best time to buy an investment asset, but the peak for Bitcoin hasn’t been identified yet.

efani.net News | Bitcoin BTC Freefall to $56k down $1.2k off $68k high

Story currently developing

efani Amazon NASDAQ: AMZN Dark Secret Failed to Protect Your Data

Amazon’s Dark Secret: It Has Failed to Protect Your Data

On September 26, 2018, a row of tech executives filed into a marble- and wood-paneled hearing room and sat down behind a row of tabletop microphones and tiny water bottles. They had all been called to testify before the US Senate Commerce Committee on a dry subject—the safekeeping and privacy of customer data—that had recently been making large numbers of people mad as hell.

Committee chair John Thune, of South Dakota, gaveled the hearing to order, then began listing events from the past year that had shown how an economy built on data can go luridly wrong. It had been 12 months since the news broke that an eminently preventable breach at the credit agency Equifax had claimed the names, social security numbers, and other sensitive credentials of more than 145 million Americans. And it had been six months since Facebook was engulfed in scandal over Cambridge Analytica, a political intelligence firm that had managed to harvest private information from up to 87 million Facebook users for a seemingly Bond-villainesque psychographic scheme to help put Donald Trump in the White House.

To prevent abuses like these, the European Union and the state of California had both passed sweeping new data privacy regulations. Now Congress, Thune said, was poised to write regulations of its own. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he declared. “The question is, what shape will that law take?” Sitting in front of the senator, ready to help answer that question, were representatives from two telecom firms, Apple, Google, Twitter, and Amazon.

Notably absent from the lineup was anyone from Facebook or Equifax, which had been grilled by Congress separately. So for the assembled execs, the hearing marked an opportunity to start lobbying for friendly regulations—and to assure Congress that, of course, their companies had the issue completely under control.

No executive at the hearing projected quite as much aloof confidence on this count as Andrew DeVore, the representative from Amazon, a company that rarely testifies before Congress. After the briefest of greetings, he began his opening remarks by quoting one of his company’s core maxims to the senators: “Amazon’s mission is to be Earth’s most customer-centric company.” It was a stock line, but it made the associate general counsel sound a bit like he was speaking as an emissary from a larger and more important planet.

DeVore, a former prosecutor with rugged features, made clear that what Amazon needed most from lawmakers was minimal interference. Consumer trust was already Amazon’s highest priority, and a commitment to privacy and data security was sewn into everything the company did. “We design our products and services so that it’s easy for customers to understand when their data is being collected and control when it’s shared,” he said. “Our customers trust us to handle their data carefully and sensibly.”

On this last point, DeVore was probably making a safe assumption. That year, a study by Georgetown University found Amazon to be the second-most-trusted institution in the United States, after the military. But as companies like Facebook have learned in recent years, public trust can be fragile. And in hindsight, what’s most interesting about Amazon’s 2018 testimony is what DeVore did not say.

At that very moment inside Amazon, the division charged with keeping customer data safe for the company’s retail operation was in a state of turmoil: understaffed, demoralized, worn down from frequent changes in leadership, and—by its own leaders’ accounts—severely handicapped in its ability to do its job. That year and the one before it, the team had been warning Amazon’s executives that the retailer’s information was at risk. And the company’s own practices were fanning the danger.

According to internal documents reviewed by Reveal from the Center for Investigative Reporting and WIRED, Amazon’s vast empire of customer data—its metastasizing record of what you search for, what you buy, what shows you watch, what pills you take, what you say to Alexa, and who’s at your front door—had become so sprawling, fragmented, and promiscuously shared within the company that the security division couldn’t even map all of it, much less adequately defend its borders.

Complete Article

Data Breach Notice Identity Theft Resource Center | efani SAFE?

Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates,” said Eva Velasquez, President, and CEO of the Identity Theft Resource Center.

Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, published research conducted by DIG.Works that explored several issues related to data and account compromises, as well as data breach notice.

The ITRC and DIG.Works surveyed 1,050 U.S. adult consumers about the issues and discovered that, overall, consumers reported a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between consumers’ level of awareness and actions that leave most people open to additional attacks and identity crimes.

  • A shockingly high number of respondents (16 percent) took no action after receiving a notice of data breach; less than half (48 percent) changed the password only on the breached account; only 22 percent changed all of their passwords.
  • Just three (3) percent of respondents said they placed a credit freeze to block new accounts from being created.
  • Only 15 percent of respondents say they use unique passwords for each of their accounts; the other 85 percent admit to reusing passwords on multiple accounts.
  • Thirty-three (33) percent of the respondents who do not follow suggested password practices answered that their practices are good enough; 13 percent say they don’t think strong and unique passphrases are important.

“Most people know what they should do, but choose not to in the areas of data protection and password practices,” said Eva Velasquez, President, and CEO of the Identity Theft Resource Center. “Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates. Also, businesses should recommend to consumers that they reset any passwords that are not unique and offer multi-factor authentication with an app.”

Other findings include:

  • Seventy-three (73) percent of respondents believe their personal information has been impacted by a data breach; 72 percent have received a notice of data breach letter.
  • Fifty-five (55) percent of social media accounts have been compromised, including 42 percent of Facebook users and 32 percent of Instagram users.
  • When asked why they didn’t act after receiving a breach notice, 26 percent said “my data is already out there;” 29 percent believed organizations responsible for protecting their data would address the issue; 17 percent did not know what to do; 14 percent thought the notice was a scam.

Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting idtheftcenter.org to live chat.

About this Survey

The ITRC thanks Jonathon Sasse and Anders Steele for their donation of this research project on behalf of the ITRC and identity crime victims. Please visit DIG.Works to learn more.

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, businesses, and governments to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

Media Contact

Identity Theft Resource Center
Alex Achten
Head of Earned & Owned Media Relations
888.400.5530 Ext. 3611
media@idtheftcenter.org

Do you know where your data sleeps at night? | efani SAFE?

The key steps to securing your data and giving it a new home on-premise.

Any business that has been around for more than a few years will have generated quite a lot of data. And as the business grows, so too does the number of different devices and applications that are storing data, including personal devices, cloud services, and on-premises hardware.

With each new device or service, the business’s data becomes spread across more and more locations and becomes increasingly fragmented.

This creates problems on two fronts.

Firstly, data that isn’t readily accessible can’t be put to good use. That means important information about customers’ actions and preferences can’t be used to boost sales.

Secondly, data that can’t be easily located and managed can’t be properly protected. And that could leave the business open to falling victim to the actions of cybercriminals.

The risks of poor data management

Cybercrime activity has increased dramatically in recent years. In September the Australian Cyber Security Centre (ACSC) found that total cyber incident reports had increased by approximately 13 percent during the 2021 financial year, to over 67,500, resulting in self-reported financial losses totaling more than $33 billion.

These losses come in many forms, including disruption to business operations, and from businesses having their data encrypted and held hostage by criminals who demand a ransom to return it. Then there is also the commercial damage from customers who no longer want to deal with an organization that has not protected their data.

Governments around the world are also raising their expectations for how businesses protect data, especially personally identifiable information (PII). One example is the Australian government’s Notifiable Data Breach scheme, which requires any business with an annual turnover of more than $3 million to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if it has experienced a data breach that is likely to seriously harm an individual.

The steps to securing data

It is hard for any business to know if it is protecting data and following regulations if it doesn’t know where its data is.

This makes finding and consolidating data an important first step in ensuring it is protected, by hunting down every data repository, be it in active use, archived on a storage device, or saved in a cloud service.

Once you know what data you have and where it is, you can then classify it based on its importance and sensitivity, and by the level of protection that it requires.

Consolidating your data also provides the opportunity to cut storage costs by eliminating older devices or expensive cloud-based services.

Giving your data a new home

For many businesses, the best solution is to store your data onsite using a secure and reliable data storage solution, such as IBM’s FlashSystem family.

These devices offer a range of price points to suit businesses of all sizes and combine the latest encryption and ransomware protection technologies with an easy-to-use interface that makes managing and securing data relatively simple.

This makes consolidating data a smart opportunity to reduce costs, improve security, and reduce the likelihood of a breach.

 

efani | Fortinet Hack Microsoft NASDAQ: MSFT Vulnerabilities

US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet

US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group.

The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).

“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware,” CISA said.