Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cookies. Show all posts
Technology
Browser Chrome Cookies Google Technology

Google Disables 30 Million Chrome User Cookies


Eliminating Cookies: Google's Next Plan

Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be permanently removed from Chrome by the end of the year—sort of.

Cookies are the original sin of the internet, according to privacy campaigners. For the majority of the internet's existence, one of the main methods used by tech businesses to monitor your online activity was through cookies. Websites use cookies from third firms (like Google) for targeted adverts and many other forms of tracking.

These are referred to as "third-party cookies," and the internet's infrastructure includes them. They are dispersed throughout. We may have sent you cookies if you visited Gizmodo without using an ad blocker or another type of tracking protection. 
Years of negative press about privacy violations by Google, Facebook, and other internet corporations in 2019 were so widespread that Silicon Valley was forced to respond. 

Project: Removing third-party cookies from Chrome

Google declared that it was starting a project to remove third-party cookies from Chrome. Google gets the great bulk of its money from tracking you and displaying adverts online. Since Chrome is used by almost 60% of internet users, Google's decision to discontinue the technology will successfully eliminate cookies forever.

First of all, on January 4, 2023, Google will begin its massive campaign to eradicate cookies. Here's what you'll see if you're one of the 30 million people who get to enjoy a cookieless web.
How to determine whether Google disabled your cookies

The first thing that will appear in Chrome is a popup that will explain Google's new cookie-murdering strategy, which it terms "Tracking Protection." You might miss it if, like many of us, you react to pop-ups with considerable caution, frequently ignoring the contents of whatever messages your computer wants you to read.

You can check for more indicators to make sure you're not getting a ton of cookies dropped on you. In the URL bar, there will be a small eyeball emblem if tracking protection is enabled.

If you wish to enable a certain website to use cookies on you, you can click on that eyeball. In fact, you should click on it because this change in Chrome is very certain to break some websites. The good news is that Chrome has a ton of new capabilities that, should it sense a website is having issues, will turn off Tracking Protection.

Finally, you can go check your browser’s preferences. If you open up Chrome’s settings, you’ll find a bunch of nice toggles and controls about cookies under the “Privacy and security” section. If they’re all turned on and you don’t remember changing them, you might be one of the lucky 30 million winners in Google’s initial test phase.

Google is still tracking you, but it’s a little more private

Of course, Google isn’t about to destroy its own business. It doesn’t want to hurt every company that makes money with ads, either, because Google is fighting numerous lawsuits from regulators who accuse the company of running a big ol’ monopoly on the internet. 

You can now go check the options in your browser. The "Privacy and security" area of Chrome's settings contains a number of useful toggles and controls regarding cookies. If all of them are on and you don't recall turning them off, you could be among the fortunate 30 million individuals who won in Google's initial test phase.

You are still being tracked by Google, but it's a little more discreet

Naturally, Google has no intention of ruining its own company. It also doesn't want to harm other businesses that rely on advertising revenue, as Google is now defending itself against multiple cases from authorities who claim the corporation has a monopoly on the internet.






Read more »
malware
Browser Cookies Cyber Attacks Cybersecurity Google Account malware

Cookie Intrusion: Urgent Warning as Malware Targets Google Accounts

 


In a chilling development on the cybersecurity front, a potent new malware strain has emerged, employing an unconventional tactic to infiltrate Google accounts. This intricate risk leverages cookies, typically used for benign website functionality, as a gateway for unauthorised access. Cybersecurity professionals are alarmed by the ingenuity displayed by the perpetrators of this novel attack method. Exploring the digital world demands a heightened sense of vigilance. Whether you're an individual safeguarding personal data or an organisation securing critical information, staying alert is key to warding off these sneaky cyber threats. 

Browser cookies serve the practical purpose of remembering actions on websites, but they also pose security risks. While Google Chrome addresses third-party cookies, a recent vulnerability exposes Google accounts to potential compromise. Malicious groups are actively selling an exploit that enables unauthorised access, bypassing passwords and two-factor authentication. Discovered in October 2023, Google is diligently addressing the identified issue through reverse engineering methodologies. 

This zero-day exploit allows cybercriminals to retrieve session cookies, a critical element in Google's login authentication. Even after users change passwords, this vulnerability remains a threat. The exploit was initially disclosed by an entity known as PRISMA, leading to subsequent investigations. Google acknowledges the issue and advises affected users to sign out on compromised devices for added security. To counter such threats, users are also encouraged to enable Enhanced Safe Browsing in Chrome, offering protection against phishing and malware downloads. 

The discovery of a zero-day vulnerability in session cookies has given rise to a concerning scenario, as at least six malware developers actively exploit this weakness. Detecting compromise in such cases is not immediate, emphasising the need for heightened user awareness and proactive security measures. Here's a detailed guide to fortify your defences: 

 1. Clear Browser Cookies: 

 Begin by regularly clearing your browser cookies. This minimises the chances of unauthorised access through compromised session cookies. 

 2. Unlink Google Account from Unused Devices: 

 Take a moment to review and unlink your Google account from devices that are infrequently or no longer used. This severs potential access points for malicious actors. 

 3. Google Chrome Users, Stay Alert: 

 Google Chrome users should be particularly vigilant. If you notice any unusual activity on your Google account, consider it a potential red flag. Swiftly changing your password adds an extra layer of security. 

 4. Immediate Password Change: 

 In the event of abnormal account behaviour, do not hesitate to change your password promptly. This proactive step helps thwart unauthorised access and safeguards your account. 

 5. Regular Security Checks: 

 Incorporate regular security checks into your online routine. Be mindful of any notifications or alerts from Google regarding your account activity. 

 6. Stay Informed: 

Stay abreast of cybersecurity developments. Keep an eye on reputable sources for updates and insights into emerging threats, ensuring you remain informed and equipped to protect your digital assets. 

By implementing these proactive measures, users can significantly reduce the risk of falling victim to exploits targeting session cookies while bolstering the overall security of their Google accounts.



Read more »
SpyCloud
cookie theft Cookies Cyber Security CyberCrime Infostealer MFA session cookies SpyCloud

Stolen Session Cookies Turns Into the Next Cyber Threat


According to the recent Identity Exposure Report by SpyCloud, 87,000 credentials linked to Fortune 1000 C-level executives were recovered from the criminal underworld, in year 2022. Security leaders across organizations continue to live in constant terror of becoming a victim of a cyberattack and for good reason.

Cybercriminals can access networks and commit crimes including fraud, session hijacking, account takeover, and attacks with ransomware using exposed assets, such as usernames and passwords. Even though companies focus on enhancing their security tactics, like adding user authentication such as multifactor authentication and passkeys, criminals too put efforts into constantly being better in their crimes to bypass these high-end security barriers. One such method used commonly by threat actors includes using stolen active session cookies to commit session hijacking, which defeats the effectiveness of the conventionally employed safeguards.

In order to better their network defense and safeguard their customers, organizations and security experts must have a better understanding of the criminals’ methodologies to commit cybercrimes, like how they utilized stolen data for their profit.

Session Cookies 

Session cookies are present all over the online space, from websites to applications that assign a cookie or token to identify their users. The series of characters used in the process is further stored on the device, making re-access easier for the user. 

While this function provides personalized and smooth experience to users, this could be harmful if the data falls into the wrong hands. Using infostealer malware, cybercriminals can exfiltrate cookies and a variety of other data types from infected computers and implant them into browsers that cannot be easily detected, giving them the ability to pose as authentic users in a process known as session hijacking.

Impersonating as a legit user, a threat actor can thus freely navigate over the network committing fraud, helping a ransomware attack, stealing important company data, and more. No matter how the user signed in—using a username and password, a passkey, or by successfully completing the multifactor authentication (MFA) requirements—a session cookie will still confirm the user's identity.

Due to its difficult-to-detect nature, low cost of acquisition (normally available online for only a few dollars online/month), and regular success in stealing cookies and other recent, high-quality data has made infostealer quality soar. 

Protecting Businesses and Their Customers

According to SpyCloud data, cookie theft by cyber thieves is already fairly frequent, with over 22 billion device and session cookie records seized by criminals last year. This entry point will expand because fraudsters are having great success accessing accounts and businesses via these cookies. For organizations trying to preserve their bottom line, having a strategy to proactively disrupt criminal operations is a vital requirement.

The recently developed malwares are difficult to be detected, considering their well-crafted designs. Common infostealers frequently leave little to no evidence of infection on the victim's device and exfiltrate sensitive data in a matter of seconds.

However, there are certain measures organizations can adopt in order to evade any risk from this malware as listed below: 

  • Educating employees about these threats has become crucial. Employees can alone reduce total malware exposure by identifying phishing attempts, exercising caution while using unmanaged or poorly maintained devices to access corporate systems and networks, not sharing passwords, and being aware of potentially harmful email attachments, websites, and downloads.
  • The risk of session hijacking is decreased by removing "remember me" settings on platform login pages and regularly eliminating browser cookies, ensuring that thieves can't access active session cookies even in the event of malware infection. 
  • Security teams can obtain a comprehensive understanding of the compromised devices and data threatening their firms by using darknet data that has been ingested, vetted, and evaluated. Teams can invalidate open session cookies, reset the exposed application information, and patch any remaining vulnerabilities with this insight. By addressing the threat of stolen data before it escalates into a full-blown security issue, this strategy lessens the harm to enterprises.  

Read more »
Phishing Attack
Cookies Dark Web Data Breach FBI Malicious Software NCA Phishing Attack

Operation Cookie Monster Shuts Down a Global Dark Web Marketplace



A multinational coalition of 17 law enforcement agencies has cracked down on the largest illicit dark web market in the world in an extensive operation dubbed Operation Cookie Monster. Thousands of stolen identities and online login passwords that were being sold on the marketplace were found thanks to this international investigation. The FBI and Dutch National Police-led operation has significantly hindered global efforts to combat cybercrime.

The platform in question was Genesis Market, founded in 2018, which harvested data from malicious software deployed by hackers into computer networks. It advertised and sold stolen data such as usernames, passwords, bank account details, and device fingerprints like computer and mobile phone identifiers. According to law enforcement agencies, the site had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, including thousands of credentials stolen from over 460,000 devices that were advertised for sale when it was taken offline.

Rob Jones, Director General and Threat Leadership of Britain’s National Crime Agency (NCA) stated, "Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending. Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.” 

The operation seized not only stolen identities but also browser fingerprints which can be used for identity theft. Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber said that these browser fingerprints are harvested from computers infected with malicious software.

Europol’s Head of the European Cybercrime Centre Edvardas Å ileris said, "Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers.” 

The importance of this operation cannot be understated – it has set a valuable precedent for international cooperation in cybercrime-fighting initiatives. In addition to tracking down those responsible for malicious software deployment and identity theft activities on this platform, police have also taken measures to prevent future occurrences with preventative activity such as searches and arrests. 

While Operation Cookie Monster may have been successful in taking down one marketplace selling stolen identities, it is essential to remain vigilant against other forms of cybercrime that are still out there – such as hacking and phishing attacks – in order to ensure secure online transactions and prevent identity theft in the future.


Read more »
Vulnerable
Cookies Cyber Security Cyberattacks HIPAA Meta Pixel PHI PII Potential Threats Vulnerable

Consenting to Cookies is Not Sufficient

 


While most companies are spending a great deal of their time implementing cookie consent notices, it is becoming increasingly evident that the number and size of developments and lawsuits relating to privacy are on the rise. As a result, companies and their customers are rarely protected by these notices, which is not a surprise.  

It is undeniable that transparency is a worthwhile endeavor. But, the fact remains that companies can be vulnerable to several potential threats that are often beyond their direct control.   

For example, the recent lawsuits involving the Meta Pixel, which also affect many U.S. healthcare companies and are affecting many doctors, are an ideal example of this issue.    

The issue lies in the way websites are designed and built, which contributes to the problem. Except for a few of the biggest tech companies, all of the websites are built using third-party cloud services that are hosted on the web. Among the services offered here are CRM, analytics, form builders, and also trackers for advertisers that take advantage of these functions. Various third parties have a great deal of autonomy over these decisions. However, they are not regulated properly. 

Many kinds of pixels are available on the internet, and many of them serve some purpose. Usually, marketers use this type of data when they want to target advertisements to potential customers. In addition, they want to see how effective their ads are when it comes to reaching them. It is also imperative to note that, by using these trackers, highly specific and detailed personal data is also being collected. This data is being incorporated into existing data portfolios. 

Financial and Healthcare Data are Being Misused 

In most cases, the risks associated with visiting a healthcare website are much higher than when you are visiting any other website. Facebook is not a suitable place for you to share the medical conditions that you are researching with your friends who use that service. This data is not something that you want to be included in your social graph, and you do not want it added. Therefore, the crux of the issue in these lawsuits can be summarized this way: Protected Health Information (PHI) is protected by HIPAA (Health Insurance Portability and Accountability Act), which the actions described in the preceding sentence violate. Seeing digital advertising through the lens of healthcare can also shine a light on how troubling it can be when tracking is used. This is when viewed through the lens of advertising.   

As far as financial services are concerned, the same rules apply. A similar consequence may occur if an unauthorized party gains access to personally identifiable information (PII) or financial data, such as Social Security Numbers or credit card numbers, as well as other confidential data, and it is not handled correctly. This could have dire consequences. Privacy is crucial to safety. Details about your private life should be kept private for the right reasons. Modern advertising practices do not mesh well with these aspects of our lives, which are all significant.   

In addition to the Meta Pixel case, two other recent lawsuits provide us with a deeper understanding of how complex and broad the problem is, and how far it extends.  

Analyzing Sensitive Data From a Different Perspective 

In a recent lawsuit, Oracle was accused of trying to use the 4.5 billion records they currently hold as a proxy system for tracking sensitive consumer data. They have deliberately chosen not to share with any third parties. For comparison, the global population is 8 billion people. The concept of re-identification of de-identified data is far from an invention, but it serves as a clear example of why it matters so much to gather all these pieces of data, no matter how random they may seem. A person can infer most of the details of their life with almost astonishing accuracy. This is if they have access to enough data from Oracle, or whoever gets hold of the data. The data will end up being used in the same way in the end as this is a certainty. 

In a recent case, web testing tools were used to record the sessions of users on a website. This was so that they could see how well users navigated the site as they worked through the steps. As web developers and marketers, it is extremely common for them to use these tools to make their user interfaces more usable. 

In short, some companies are being accused of wiretapping under the Wiretap laws because they are using these tools to gather information. The reason for this is that these tools are capable of transmitting a considerable amount of information without the user's knowledge and the website owner's knowledge. It is inconceivable to believe that such a thing could happen. Even though this may seem like a minor issue, it is very clear once you look at it through the lens of sensitive data. 
Read more »
User Privacy
California Cookies Data Privacy Laws Employee Data Privacy User Privacy

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




Read more »
User Privacy
Chrome Extension Cookies data security Mobile Security User Privacy

Malicious Chrome Extensions Siphoning Data from 1.4 million Users

 

Threat analysts at McAfee unearthed five malicious Chrome extensions manufactured to track user's browsing activity and deploy code into e-commerce websites. 

With over 1.4 million installs, the malicious extensions can alter cookies on e-commerce platforms without the victim’s knowledge so that scammers can receive affiliate payments for the purchased products. The five malicious extensions that exploit affiliate marketing are as follows: 

• Netflix Party (800,000 downloads), 
• Netflix Party 2 (300,000), 
• Full Page Screenshot Capture (200,000), 
• FlipShope Price Tracker Extension (80,000), 
• AutoBuy Flash Sales (20,000). 

"The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole explained. "The latter borrows several phrases from another popular extension called GoFullPage."

All five extensions employ an identical methodology to target users. The web app manifest ("manifest.json" file), responsible for managing the extension behavior on the victim’s system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the hackers' control (“langhort[.]com”). 

The data is deployed via POST requests each time the victim visits a new URL. The stolen data includes the URL in base64 form, the user ID, device location (country, city, zip code), and an encoded referral URL. The researchers also disclosed that the user tracking and code injection behavior resides in a script named ‘b0.js’, which contains many other functions as well. 

Additionally, the security firm identified the evasive mechanism that delays the malicious activity by 15 days from the time of installation of the extension to help keep its activity concerted and avoid raising red flags. 

McAfee recommends users extensively check extensions before installing them, even if they already have a large install base, and to pay close attention to the permissions the extensions ask for, such as the permission to run on any website the user visits. 

Last month, security researchers at Kaspersky estimated that more than 1.3 million users have been impacted by malicious browser extensions in just the first six months of this year alone. In fact, from January 2020 to June 2022, researchers unearthed that more than 4.3 million users had adware concealed in their browser extensions. Although Google is working rigorously to eliminate malicious extensions, new ones continue to pop up at a rapid pace.
Read more »
MFA
Botnet Cobalt Strike Cookies Data Breach Encryption Google Chrome MFA

Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks

Hackers on the internet keep getting better. Stealing cookies from recently completed or ongoing web sessions is one new strategy they have been employing to avoid multi-factor authentication (MFA). 

Recently, Sophos researchers reported a new attack technique that is already becoming more prevalent. According to the researchers, the "cookie-stealing cybercrime spectrum" is vast, encompassing entry-level hackers as well as sophisticated rivals who employ a variety of strategies. 

On dark web forums, cybercriminals purchase stolen credentials in bulk or collect cookies. Because ransomware groups exploit genuine executables, both those that are already present and those that are added as tools, 'their operations may not be detected by simple anti-malware defenses.'

Cookie theft

Cookies are used by cloud infrastructures as well for user authentication. It's becoming simpler for entry-level attackers to engage in credential theft thanks to the malware-as-a-service sector. 

For instance, all they need to do is purchase a copy of an information-stealing Trojan like Raccoon Stealer to bulk collect information like cookies and passwords and then sell them on illicit markets like Genesis. Once this data is purchased, other criminals in the attack chain, such as ransomware developers, can search through it for anything they think would help their attacks. 

In contrast hand, in two of the most recent events that Sophos studied, the attackers adopted a more focused strategy. For one event, the hackers infiltrated a target's network for months in order to collect cookies from the Microsoft Edge browser. The attackers employed Cobalt Strike and Meterpreter activity to take advantage of a legal compiler tool in order to scrape access tokens after the initial penetration occurred via an exploit kit.

The attackers dropped a malicious payload that scraped cookie files for a week using a legal Microsoft Visual Studio component.

"Although mass cookie theft has been an issue, hackers are using a far more focused and efficient method to steal cookies. There is no limit to the kinds of nefarious activities attackers might engage in with stolen session cookies now that so much of the workplace is web-based. Hackers have the power to alter cloud infrastructures, corrupt corporate email, persuade other staff members to download malware, and even modify product code. Their own imagination is their only constraint," said Sean Gallagher, principal threat researcher at Sophos.

Cookies Access Systems Against Safety Protocols

According to Digital Trends, hackers are able to abuse different online tools and services as a result of cookie theft. This exploitation can occur in browsers, web-based programs, web services, malware-infected emails, and ZIP files. Since cookies are so popular, hacking with them is a sophisticated practice.

Sophos lists Emotet botnet as one cookie-stealing virus that preys on data in the Google Chrome browser. Acquiring data from credit cards and saved logins are the objectives. Even if the browser is encrypted and uses multifactor authentication, the Emotet botnet can still gather login information.

Ransomware organizations also gather cookies. As hackers exploit genuine executables that are both already present and ones that can bring with them tools, simple anti-malware defenses are unable to detect their actions, according to eSecurity Planet.

Read more »
Technology
Browser Cookies Google Privacy Technology

Google Delays Phasing Out Ad Cookies on Chrome Until 2024

 

Google announced on Wednesday that it is postponing its plans to disable third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. 

"The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, stated. 

Keeping this in mind, the internet and ad tech behemoth announced a "deliberate approach" to extending the testing window for its continuing Privacy Sandbox activities before phasing out third-party cookies. Cookies are packets of data that a web browser places on a user's computer or another device when they visit a website, with third-party cookies powering much of the digital advertising ecosystem and its capacity to follow users across other sites to serve tailored adverts. 

Google's Privacy Sandbox is an umbrella phrase for a collection of technologies aimed at improving consumers' privacy across the web and Android by limiting cross-site and cross-app tracking and offering improved, safer alternatives to serve interest-based ads. While Google had intended to launch the functionality in early 2022, it altered the timeframe in June 2021, proposing to phase away third-party cookies over a three-month period beginning in mid-2023 and concluding in late 2023. 

"It's become clear that more time is needed across the ecosystem to get this right," the company noted at the time. 

The second extension comes after Google introduced Topics API in January 2022 as a successor for FLoC (short for Federated Learning of Cohorts), followed by a developer preview of Privacy Sandbox for Android in May. 

In February 2022, the UK Competition and Markets Authority (CMA) formally accepted Google's commitments on how it develops the technology, emphasising the need to flesh out Privacy Sandbox so that it promotes competition and helps publishers increase ad revenue while also protecting consumer privacy. According to the revised plan, Privacy Sandbox trials will be opened to users worldwide next month, with the number of people participating in the testing increasing during the remainder of the year and into 2023. 

Google also stated that users will be prompted to control their participation and that the APIs will be broadly accessible by Q3 2023, with third-party cookie support expected to be phased off in H2 2024. For its part, the CMA confirmed that it is aware of "alternative approaches being created by third parties" and that it is "working with the [Information Commissioner's Office] to better assess their feasibility and possible implications.
Read more »
Threat actors
Cookies Credential stealing Crypto Wallets Cyber Security Threat actors

Vidar Stealer Abuses Mastodon to get C2 Configuration Without Raising Alarms

 

The Vidar stealer has reappeared in a new campaign that takes advantage of the Mastodon social media network to obtain C2 configuration without raising alerts. New campaigns of Vidar Stealer's more recent versions suggest a new venue where Vidar receives dynamic configurations and drop zone information for downloading and uploading files. Vidar Stealer previously used the Thumbler and Faceit gaming platforms to access dynamic configuration from threat actors.

Vidar, first spotted in October 2018, is a descendant of the former Arkei Stealer, which, due to its simplicity, dynamic configuration methods, and continued development, appears to be one of the most popular stealers at the present. Vidar developers refined and centralized the execution vector, making each stealer independent and eliminating the need for extra executables.

All popular browser information such as passwords, cookies, history, and credit card details, cryptocurrency wallets, files according to regex strings provided by the TA, Telegram credentials for Windows versions, file transfer application information (WINSCP, FTP, FileZilla), and mailing application information are among the data that Vidar attempts to steal from infected machines. 

Vidar's victimology is made up of private individuals, streamers, and social influencers from all over the world. Manufacturing enterprises and financial institutions are targeted in some situations, usually in spam campaigns.

Vidar's usage of Mastodon, a popular open-source social media network, to gain dynamic configuration and C2 connectivity is what makes this campaign unique. The threat actors create Mastodon accounts and then put the IP of the stealer's C2 to their profile's description section. 

The goal is to secure communications from the compromised machine to the configuration source, and because Mastodon is a trusted platform, security tools shouldn't red flag it. At the same time, Mastodon is a relatively unmoderated space, making it unlikely that these malicious profiles will be discovered, reported, and removed. According to Cyberint researchers that uncovered this campaign, each C2 they saw included between 500 and 1,500 separate campaign IDs, indicating Vidar's widespread deployment. 

In preparation for data exfiltration, Vidar Stealer stores all acquired data in a working directory with a random 25-character name, including credentials from a variety of chat, email, FTP, and web-browsing applications, as well as cryptocurrency wallets, a desktop screenshot, and details of the system configuration.
Read more »
malware
Bitcoin Cookies Crypto Wallets Cyrptocurrency Financial Credentials malware

Raccoon Stealer has been Upgraded to Steal Cryptocurrency Alongside Financial Information

 

With the rise of ransomware and as-a-service offers, malware has become an ever-growing concern in the cyber realm. The developers of the Raccoon Stealer which is an information stealer have shifted their target, according to ZeroFox Threat Research. 

Since the beginning of the quarter, there have been several upgrades, the most prominent of which is the installation of new "crypters." The goal of a crypter is to obfuscate a binary by adding junk code, breaking up the flow of code without affecting the original functionality, or encrypting parts of code so that static signatures cannot identify them. Support for stealing various new bitcoin wallets has also been added, as well as the addition of Discord to the list of targeted applications. 

The stealer is being bundled with malware such as malicious browser extensions, crypto miners, the Djvu/Stop consumer ransomware strain, and click-fraud bots targeting YouTube sessions, according to samples received by Sophos. 

Raccoon Stealer is a sort of information stealer malware that was originally advertised in April 2019 on several underground forums by an attacker using the handle "raccoonstealer." It can steal stored auto-fill data, cookies, credentials, credit card info, and history from Chromium-based browsers like Google Chrome and Microsoft Edge, just like most other stealers. Theft of many cryptocurrency wallets on a targeted basis is also possible. New cryptocurrencies are frequently added via updates, but it may also be customised to look for any wallet.dat file. 

A "clipper" for cryptocurrency theft is included in the upgraded stealer. The QuilClipper tool specifically targets wallets and associated passwords, as well as Steam-based transaction data. "QuilClipper steals cryptocurrency and Steam transactions by continuously monitoring the system clipboard of Windows devices it infects, watching for cryptocurrency wallet addresses and Steam trade offers by running clipboard contents through a matrix of regular expressions to identify them," the researchers noted. 

In the two years after its release, the team behind Raccoon Stealer has established itself as a capable team, frequently releasing new features and gaining a mostly positive reputation among the community. They've also showed a readiness to add functionality in response to customer requests, as demonstrated by the recently launched API for automatically creating encrypted builds.
Read more »
User Security
Cookies Privacy PWA User Security

Here's a Quick Look at Pros and Cons of 'Cookies' in Terms of Browsing Experience

 

Cookie – the term which most of you are familiar with. Every single time when you open a new website, they have their own cookie policy and they ask you to accept their term and conditions. So, what role does cookie plays? Does it help in enhancing your browsing experience or there are some risks involved too? Let’s find out the answers in the article given below.

What are cookies?

Cookies, also called HTTP cookies, are small bits of data stored as text files on a browser. Websites use those small bits of data to keep track of users and enable user-specific features. They enable core website functionality, such as e-commerce shopping carts, and are also used for more controversial purposes, such as tracking user activity. Cookies are a necessary part of the way the web works as well as a source of privacy concerns and security risks. For this reason, casual web users and web developers have good reason to better understand how these tiny bits of data work.

Why cookies are so important? 

Cookies remain a critical component of online world. And while companies are now obliged to be more transparent about cookie collection and consumption, another problem remains. If attackers can get their hands on post-MFA cookies, they may be able to bypass further attempts and gain full access to enterprise networks. This is the crux of cookie hijacking, also known as session hijacking.

In practice, cookie hijacking relies on the stateless nature of HTTP. This means it naturally separates each operational request — such as users looking for access to a corporate network, bank account, or e-commerce account — into separate processes. As a result, web-based apps can’t ‘remember’ users. Using only HTTP would be extremely frustrating, with login and password details required for every task.

What Are Progressive Web Apps? 

Progressive Web Apps (PWA) combine new technologies with established best practices for creating reliable, accessible, and engaging experiences. They give users a native-like experience with a user-friendly opt-in installation flow.

To keep cookies out of the hands of cyber-attackers, it’s now critical for companies to dish up defenses. These can include: 

HTTPS Cookies Only 

While many enterprises now use HTTPS on login pages to prevent potential eavesdropping attacks, this isn’t enough to prevent cookie hijacking. Using HTTPS across all websites, services and PWAs instead helps expand protection to session keys and reduce the risk of cookie-jacking attacks. Using the secure cookie flag on any application server, which tells the browser to only send cookie data over HTTPS, also helps prevent plaintext eavesdropping of session details.

Improved Storage Architecture 

To reduce the time between request and response and improve the performance of PWAs, the use of HTML web storage is common. The problem? HTML cookie storage streamlines the attack process for cookie stealers looking to copy session access, while web storage at scale remains vulnerable to cross-site scripting (XSS) attacks. To limit the chance of cookie compromise, we recommend skipping web storage in favor of secure, local solutions. 

Extensible IAM Services 

Comprehensive IAM services. Much like MFA, these tools aren’t enough in isolation to defend applications at scale. When layered with complementary solutions such as RASP and HTTPS, however, IAM solutions can help mitigate overall risk.
Read more »
Total Cookie Protection
Cookies Firefox 86 Mozilla Firefox Technology Total Cookie Protection

Total Cookie Protection Launched in The New Upgrade of Firefox

 

Mozilla's latest Firefox 86 has been rolled -out for desktop, Mac, Windows, and Linux platforms. The browser upgrade brings features like multiple image mode and video replay, backward and forward buttons. Total Cookie Protection has been integrated into the Strict Enhanced Tracking Protection (ETP) platform, which has been revealed on Tuesday with the launch of Firefox 86. Complete cookie protections were referred to as 'huge advance' in containing cookies that are placed into new 'cookie jars' by websites. 

Cookies are text files containing tiny pieces of information by which the computer can be detected. While intended to enhance the viewing experience on the website, it could also be used, despite any permission, to track online activities. Google now plans to destroy third-party cookies as part of its Sandbox privacy project on its Chrome web browser, an effort that aims to allow personal ads while restricting data detection. 

Mozilla uses the 'cookie jar' example to explain the current blocker, whereby each third-party that drops a cookie in the browser has all the collected knowledge limited to its own cookie jar. This stops trackers from monitoring the activities from site to site. In its battle to protect the privacy of people while accessing the internet, Mozilla's Total Cookie Protection is the most recent maneuver. Total cookie protection adds up to current Firefox attempts to prevent websites and online publicity providers from making a profile of one’s web history through using internet cookies as well as other computer scripts. 

“Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website,” Mozilla wrote in a blog post. 

The company wants to silo off each because the cookie data is exchanged on the pages. Online advertisers can then understand what websites users want to access so that they can try and send relevant ads. 

“In combining Total Cookie Protection with last month’s super cookie protections, Firefox is now armed with very strong, comprehensive protection against cookie tracking,” the company said. 

The Total Cookie Protection also provides an exception for non-tracking cookie-related scripts such as third-party login or password plugins.

The potential solution should therefore help avoid the breakdown of a website. Mozilla has taken a page in the "first party isolation" of Tor browser to develop total cookie protection, which also requires cookies to be segregated into the website domain.
Read more »
Technology
Cookies Facebook Identity Theft Technology

2 New Android Malwares on The Hunt to Gain Control of User’s Account



As per discoveries of competent security software two new Android malware is on the hunt to 'discreetly' access control of the victim's account so as to send different ill-intentioned content. The two malware together steal cookies collected by the browser as well as applications of famous social networking sites and accordingly making things easier for the thieves to do their job. 

While cookies are frequently perceived as quite harmless since they are characterized as small bits of data collected by websites to smoothly track user activity online with an end goal to create customized settings for them in the future however in a wring hands, they represent a serious security hazard. A grave security risk since, when websites store these cookies, they utilize a unique session ID that recognizes the user later on without having them to enter a password or login again. 

Once possessing a user's ID, swindlers can trick the websites into assuming that they are in fact the person in question and thusly take control of the latter's account. What's more, that is actually what these cookie thieves did, as described by computer security software major Kaspersky, creating Trojans with comparable coding constrained by a similar command and control (C&C) server. 

The primary Trojan obtains root rights on the victim's device, which permits the thieves to transfer Facebook's cookies to their own servers. Be that as it may, in many cases, just having the ID number isn't sufficient to assume control for another's account. A few sites have safety measures set up that forestalls suspicious log-in endeavors as well. 

Here is when the second Trojan comes in. This malignant application can run a proxy server on a victim's device to sidestep the security measures, obtaining access without raising any doubt. From that point onwards, the thieves can act as the 'person in question' and assume control for their social media accounts to circulate undesirable content. While a definitive aim of the cookie thieves remains rather obscure, a page revealed on the same C&C server could provide a clue: the page promotes services for distributing spam on social networks and messengers. 

In simpler words, the thieves might be looking for account access as an approach to dispatch widespread spam and phishing attacks. 

Malware analyst Igor Golovin says "By combining two attacks, the cookie thieves have discovered a way to gain control over their victims` account without arising suspicions. While this is a relatively new threat -- so far, only about 1,000 individuals have been targeted -- that number is growing and will most likely continue to do so, particularly since it`s so hard for websites to detect." 

He adds later "Even though we typically don`t pay attention to cookies when we`re surfing the web, they`re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention." 

According to Kaspersky experts all hope’s isn’t lost they made certain recommendations which might help a user to save themselves from becoming a victim of cookie theft : - 
  1. Block third-party cookie access on your phone`s web browser and only let your data be saved until you quit the browser
  2. Periodically clear your cookies
  3. Use a reliable security solution that includes a private browsing feature, which prevents websites from collecting information about your activity online.
Read more »
Trojan
Cookies Cyber Crime Facebook Facebook Ads Trojan

Facebook Files a Lawsuit Against a Company for Running Malicious Ads?



Reportedly, Facebook filed a lawsuit against a “Chinese Company” that allegedly put user accounts at large only to put up suspicious ads on the platform.

The running and distribution of advertisements which were about “counterfeit goods” and “dietary pills” was the only purpose of compromising the accounts in question.

The aforementioned company, per reports, goes by the name of “ILikeAD Media International Company Ltd.” It is, according to sources represented by the authors of the malware scheme, namely, "Huang Toa" and "Chen Xiao Cong".

Purportedly, the aforementioned authors apparently employed two basic ploys to mask their actual aim.

Using images of celebrities, aka “celeb bait” to lure people into clicking on them is one of them and the other happens to be something called “Cloaking”.

Cloaking refers to the act of hiding something from the Facebook systems so that the real destination of a link and advertisement is concealed.

The ad after getting clicked on would lead the users to the genuine “landing page” whereas Facebook would be tricked into seeing a version that’s legitimate according to the policies and terms of the advertising policies.

Per Facebook, in most cases, Cloaking is foolproof as it hardly ever leaves tracks behind, making it pretty tough to realize the identity of actors. This majorly happens to be the reason why there are no specific rules about this.


Reportedly, another attack along the same lines was observed when fake PDF file editor was being pushed only to steal Amazon and Facebook session cookies. The malware at work, per reports, goes by the name of “Socelars”.

Along with session cookies, other data like access tokens, email addresses, credit card information, account IDs et cetera have allegedly constituted a part of the compromised data.

The cookies are later on used to link with several Facebook URLs where one among them accesses the “account_billing” directory.

The information allowing users to call a Facebook Graph API and extract data from the users’ Ads Manager settings is the major part of what’s inside the directory.

The malware which was being distributed via numerous websites was in actuality a new “Trojan” which had almost nothing in common with the other types.

There’s no knowing if the above-mentioned malware has anything to do with the organization that Facebook sued but it surely suits the description.

All the users who had fallen prey to the schemes pulled off by the cyber-cons were handsomely compensated for, along with getting their accounts secured and free of any unauthorized access.

Facebook is very well aware of the jeopardy its users almost got into and is all-in for taking precautionary measures to erase any chances of repetition.

Read more »
Subscribe to: Posts (Atom)