Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Software update
Critical Infrastructure critical infrastructure risk Cyber Security faulty software update software se Software update

Faulty Software Update Shuts Down Critical Infrastructure, Highlighting Major Risks

 

A recent incident involving a faulty software update has underscored the significant risks associated with system updates and the potential vulnerabilities in critical infrastructure. This incident, which caused a widespread shutdown of essential services, serves as a stark reminder of the importance of rigorous testing and robust cybersecurity protocols. The issue arose when a routine software update, intended to enhance performance and security, instead led to a catastrophic failure in several systems. 

The update, which was pushed out without adequate testing, contained a critical bug that disrupted the operation of numerous infrastructure services. As a result, vital operations were halted, causing widespread inconvenience and highlighting the fragility of digital infrastructure. One of the most affected sectors was the energy industry, where the software update caused several power plants to go offline. This led to significant disruptions in power supply, affecting both residential and commercial users. The outage also had a ripple effect on other critical services, including healthcare and transportation, further amplifying the impact of the incident. The problem was traced back to a flaw in the software update process. The update was not thoroughly vetted before being deployed, and the critical bug went unnoticed. Once the issue became apparent, emergency protocols were initiated to roll back the update and restore normal operations. 

However, the process was not straightforward, and it took several hours to bring all affected systems back online. This incident has raised serious concerns about the security and reliability of software updates, particularly for systems that underpin critical infrastructure. It has also highlighted the need for more stringent testing procedures and better contingency planning. Experts argue that while updates are necessary for maintaining security and performance, they must be handled with extreme caution to avoid such catastrophic failures. In response to the incident, several companies have announced plans to review and enhance their software update processes. This includes implementing more rigorous testing procedures, improving communication channels to quickly address any issues that arise, and developing more robust rollback mechanisms to quickly revert to previous versions in case of problems. 

Moreover, there is a growing call for industry-wide standards and best practices for software updates, particularly for critical infrastructure. These standards would ensure that updates are thoroughly tested and that there are adequate safeguards in place to prevent widespread disruptions. The incident serves as a sobering reminder of the delicate balance between maintaining security through updates and ensuring the stability of critical systems. As digital infrastructure becomes increasingly integral to everyday life, the stakes for getting this balance right have never been higher. 

Moving forward, it is imperative for companies and regulatory bodies to work together to strengthen the processes and protocols surrounding software updates, ensuring that they enhance security without compromising the reliability of essential services.
Read more »
Ransomware attack
Cyber Security Cyber Threats Los Angeles county Network Ransomware attack

LA County Superior Court Hit by Ransomware Attack

 


The Superior Court of Los Angeles County experienced a notable disruption early on July 19 when a ransomware attack forced the court to disable its network systems. This prompt action was taken to prevent any additional damage from occurring. Court officials have announced that the network shutdown will remain in place until at least Monday, allowing IT experts sufficient time to conduct a thorough investigation and resolve the issue comprehensively.

Based on preliminary investigations, officials have indicated that there is no evidence to suggest that the personal data of court users has been compromised. This initial assessment is crucial as it helps to reassure the public that their sensitive information remains secure despite the cyber attack. The court's proactive measures in disabling the network were aimed at safeguarding user data and preventing further infiltration by the ransomware, demonstrating a commitment to protecting the privacy and security of all individuals involved.

Support from Multiple Agencies

To aid in the investigation and mitigate the impact of the attack, the California Governor's Office of Emergency Services, alongside local, state, and federal law enforcement agencies, has provided substantial resources and support. The collective effort underscores the severity of the breach and highlights the importance of a swift and comprehensive response to such cyber threats. This coordinated approach ensures that all available expertise and resources are being utilised to address the situation effectively and limit any potential repercussions.

Cybersecurity Investments

In recent years, the LA County Superior Court has significantly invested in strengthening its cybersecurity infrastructure. These investments were aimed at protecting the court's digital assets from potential threats, reflecting a proactive stance towards cybersecurity. Despite these efforts, the attack highlights the ongoing risks that even well-prepared institutions face and the continuous need for robust cybersecurity measures. The court's experience serves as a reminder that cybersecurity is a changing field requiring constant vigilance and adaptation to new threats.

Global Context

Interestingly, the attack on the LA County Superior Court occurred concurrently with a worldwide issue related to CrowdStrike, a prominent cybersecurity company. However, court officials have clarified that the two events are not believed to be connected. This clarification is essential to avoid misinformation and ensure that efforts are focused on resolving the specific ransomware attack affecting the court. By distinguishing between the two incidents, officials can better direct their resources and attention to the immediate problem at hand.

The ransomware attack on the Superior Court of Los Angeles County is a stark reminder of the vulnerabilities that even the most fortified systems can face in today's digital infrastructure. While the court's immediate response and the lack of evidence of data compromise are positive signs, the incident underscores the need for continuous vigilance and improvement in cybersecurity practices. As the investigation unfolds, the support from various agencies will be crucial in restoring the court's systems and preventing future attacks. This incident serves as a wake-up call to all institutions, emphasizing the importance of preparedness and the need to stay ahead of evolving cyber threats.


Read more »
Microsoft
antivirus software Antivirus System CrowdStrike CrowdStrike outage Cyber Outage Cyber Security Microsoft

How an IT Team Used Windows 3.1 to Mitigate a Massive CrowdStrike Outage

 

In an unprecedented event, a single update from anti-virus company CrowdStrike caused global havoc, affecting millions of Windows computers. This incident, described as the largest outage ever, disrupted numerous services and companies worldwide. As reports of the “Blue Screen of Death” (BSOD) flooded in, Microsoft was quick to clarify that this was a “third-party issue,” placing the blame squarely on CrowdStrike’s update to its Falcon virus scanner. 

The repercussions of this update were immediate and far-reaching. Millions of computers running Windows software experienced critical failures, bringing operations to a halt. Apple and Linux users were unaffected, which only highlighted the extent of the disruption within the Windows ecosystem. CrowdStrike’s response included a fix for the issue, but this solution required manual reboots in safe mode for affected machines. This task was easier said than done, especially for organizations with numerous devices, many of which were not easily accessible. 

Interestingly, an IT team found an unconventional solution to the problem. By leveraging the long-outdated Windows 3.1 operating system, they managed to navigate the crisis effectively. The story of this team’s ingenuity quickly became a focal point amid the chaos. Their ability to use such an old operating system to circumvent the issues posed by the update provided a glimmer of hope and a unique narrative twist to the otherwise grim situation. The CrowdStrike incident underscores the vulnerability of our modern, interconnected systems. 

With so much reliance on digital infrastructure, a single flawed update can ripple outwards, causing substantial disruption. It also serves as a poignant reminder of the resilience and resourcefulness often required in IT management. While it might seem archaic, the use of Windows 3.1 in this scenario was a testament to the enduring utility of older technologies, particularly in crisis situations where conventional solutions fail.  
CrowdStrike’s official statement, which notably lacked an apology, fueled frustration among users. However, CEO George Kurtz later expressed deep regret for the impact caused, acknowledging the disruption to customers, travelers, and affected companies. This incident has inevitably led to questions about the robustness of update deployment processes, especially given the scale of this outage. The timing of the update also came under scrutiny. 

As one computer scientist noted, pushing an update on a Friday is risky. Fewer staff are typically available over the weekend to address potential issues, leading to prolonged resolution times. Many large firms, therefore, prefer to schedule updates mid-week to mitigate such risks. For those impacted, CrowdStrike provided detailed instructions on its support website for fixing the issue. 
Organizations with dedicated IT teams coordinated widespread responses to manage the situation effectively. Unlike typical outages that might resolve themselves quickly, this event required significant manual intervention, highlighting the critical importance of preparedness and robust contingency planning. In conclusion, the CrowdStrike update debacle not only disrupted global operations but also showcased the adaptability and ingenuity of IT professionals. It reinforced the critical need for careful planning and the sometimes surprising utility of legacy systems in modern IT environments. 

As the world recovers from this incident, it serves as a stark reminder of our dependence on digital tools and the importance of rigorous update management.
Read more »
Threat Landscape
CISOs Cyber Security Dark Web Healthcare Industry Threat Landscape

Dark Web Intel Underutilized by CISOs, Diminishing Healthcare Industry

 

The healthcare industry faces challenges in keeping up with the rapidly evolving healthcare cybersecurity landscape. This is due in part to CISOs failing to take use of dark web intelligence, which leaves the industry with a weaker cyber posture than other sectors. Only 57% of healthcare CISOs have included dark web intelligence in their plans, according to a Searchlight Cyber Report. 

Researchers highlighted that the dark web acts as a hub for cybercriminal activity, with marketplaces for buying and selling malware, exploits, and stolen data. It also provides a forum for threat actors to share skills and discuss strategies. Furthermore, criminals use the dark web to host ransomware leak sites, threatening to reveal stolen data unless a ransom is paid. 

Collecting threat intelligence, pre-attack intelligence, and data from the dark web can help many organisations enhance their cybersecurity posture. This method, known as the "pre-attack phase," allows businesses to detect and mitigate cybersecurity risks before they enter their network. 

A poll titled "Proactive Defence: How Enterprises Are Using Dark Web Intelligence," performed between November 18, 2022, and January 16, 2023, gathered responses from 1,008 CISOs representing large enterprises with revenue in excess of $200 million and more than 2,000 employees. 

While the financial sector leads in the adoption of dark web intelligence, with 85 percent of organisations acquiring it, the healthcare industry lags behind. According to survey results, healthcare CISOs are 20 percentage points behind other industries in gathering data from the dark web, which is harming their cybersecurity posture. Most CISOs in the United States are confident in their ability to comprehend their adversaries' profiles. 

Specifically, 85 percent of US CISOs expressed confidence, while 80 percent of US firms reported acquiring threat intelligence. While researchers see this high level of dark web data awareness and uptake as promising, significant sector differences persist. The healthcare sector has demonstrated a lack of confidence in knowing the profiles of potential adversaries.

Researchers identified that, compared to the industry average of 77 percent, just 60 percent of healthcare CISOs feel confident in understanding their adversaries’ characteristics. A lack of awareness of data intelligence can limit their ability to detect and neutralise legitimate threats before they enter the network. 

In contrast, industries such as manufacturing, financial services, and professional services report higher security postures. Because of increased use of threat intelligence and dark web monitoring, these industries are more confident in recognising and responding to possible threats. 

Every week, millions of dollars in ransoms and protected health information (PHI) are stolen from secure systems and made available on the dark web. This regrettable pattern reveals the tragic fate of many exfiltrated patient data records, emphasising the critical need for the healthcare industry to address its security vulnerabilities and knowledge gaps.
Read more »
targeting VMware ESXi systems
Cyber Security cybersecurity threat ESXi environments Linux Security New Linux ransomware Play ransomware variant ransomware attacks ransomware protection targeting VMware ESXi systems

New Linux Play Ransomware Variant Targets VMware ESXi Systems

 

Attacks with a new Play ransomware variant for Linux have been deployed against VMware ESXi systems, most of which have been aimed at the U.S. and at organizations in the manufacturing, professional services, and construction sectors, according to The Hacker News.

Such a novel Play ransomware version was hosted on an IP address that also contained the WinSCP, PsExec, WinRAR, and NetScan tools, as well as the Coroxy backdoor previously leveraged by the ransomware operation, indicating similar functionality, an analysis from Trend Micro revealed. However, additional examination of the payload showed its utilization of a registered domain generation algorithm to bypass detection, a tactic similarly used by the Prolific Puma threat operation. 

"ESXi environments are high-value targets for ransomware attacks due to their critical role in business operations. The efficiency of encrypting numerous VMs simultaneously and the valuable data they hold further elevate their lucrativeness for cybercriminals," said researchers. Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments.

"This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a report published Friday.

Play, which arrived on the scene in June 2022, is known for its double extortion tactics, encrypting systems after exfiltrating sensitive data and demanding payment in exchange for a decryption key. According to estimates released by Australia and the U.S., as many as 300 organizations have been victimized by the ransomware group as of October 2023.

Statistics shared by Trend Micro for the first seven months of 2024 show that the U.S. is the country with the highest number of victims, followed by Canada, Germany, the U.K., and the Netherlands. Manufacturing, professional services, construction, IT, retail, financial services, transportation, media, legal services, and real estate are some of the top industries affected by the Play ransomware during the time period.

The cybersecurity firm's analysis of a Linux variant of Play comes from a RAR archive file hosted on an IP address (108.61.142[.]190), which also contains other tools identified as utilized in previous attacks such as PsExec, NetScan, WinSCP, WinRAR, and the Coroxy backdoor.

"Though no actual infection has been observed, the command-and-control (C&C) server hosts the common tools that Play ransomware currently uses in its attacks," it said. "This could denote that the Linux variant might employ similar tactics, techniques, and procedures (TTPs)."

The ransomware sample, upon execution, ensures that it's running in an ESXi environment before proceeding to encrypt virtual machine (VM) files, including VM disk, configuration, and metadata files, and appending them with the extension ".PLAY." A ransom note is then dropped in the root directory.

Further analysis has determined that the Play ransomware group is likely using the services and infrastructure peddled by Prolific Puma, which offers an illicit link-shortening service to other cybercriminals to help them evade detection while distributing malware. Specifically, it employs what's called a registered domain generation algorithm (RDGA)
Read more »
Software
CrowdStrike Cyber Security Global Airlines IT system Microsoft 365 Software

Global IT Outage Disrupts Airlines, Hospitals, and Financial Institutions

 



A major IT outage has affected a wide array of global institutions, including hospitals, major banks, media outlets, and airlines. The disruption has hindered their ability to offer services, causing widespread inconvenience and operational challenges.

International airports across India, Hong Kong, the UK, and the US have reported significant issues, with numerous airlines grounding flights and experiencing delays. In the US, major airlines such as United, Delta, and American Airlines implemented a "global ground stop" on all flights, while Australian carriers Virgin and Jetstar faced delays and cancellations. According to aviation analytics firm Cirium, over 1,000 flights worldwide have been cancelled due to the outages.

At Indira Gandhi International Airport in Delhi, passengers experienced "absolute chaos," with manual processes replacing automated systems. Similar situations were reported in airports in Tokyo, Berlin, Prague, and Zurich, where operations were significantly hampered.

Emergency services and hospitals have also been severely impacted. In the US state of Alaska, officials warned that the 911 system might be unavailable, and some hospitals have had to cancel surgeries. In Australia, however, authorities confirmed that triple-0 call centres were unaffected.

Hospitals in Germany and Israel reported service disruptions, while GP services in the UK were also affected. These interruptions have raised concerns about the ability of medical facilities to provide timely care.

The media sector did not escape the impact, with many broadcast networks in Australia experiencing on-air difficulties. Sky News UK went off air for a period but has since resumed broadcasting. Retail operations were also disrupted, with supermarkets like Coles in Australia facing payment system failures, forcing the closure of self-checkout tills.

Cybersecurity firm CrowdStrike has confirmed that a defective software update for its Microsoft Windows hosts caused the outage. In a statement, CrowdStrike assured that the issue had been identified, isolated, and a fix deployed, emphasising that the incident was not a cyberattack. They advised organisations to communicate with CrowdStrike representatives through official channels to ensure proper coordination.

Earlier in the day, a Microsoft 365 service update had noted an issue impacting users' ability to access various Microsoft 365 apps and services. Microsoft later reported that most services were restored within a few hours.

The outage has highlighted the vulnerabilities of global IT systems and the widespread reliance on third-party software. A spokesperson for Australia's home affairs ministry attributed the issues to a technical problem with a third-party software platform used by the affected companies. The country's cybersecurity watchdog confirmed that there was no evidence of a malicious attack.

As companies scramble to resolve the issues, the incident serves as a stark reminder of the critical need for robust IT infrastructure and effective crisis management strategies. The global scale of the disruption underscores the interconnected nature of modern technology and the potential for widespread impact when systems fail.

This incident will likely prompt a reevaluation of cybersecurity measures and disaster recovery plans across various sectors, emphasising the importance of resilience and preparedness in the digital age.


Read more »
Windows reboot loop
Azure outage CrowdStrike CrowdStrike outage Cyber Security Cybersecurity Incident faulty software update global IT crisis Windows Windows reboot loop

Recent IT Meltdown: CrowdStrike Update Causes Global Chaos, Predicted Hours Earlier on Reddit

 

Only a few times in history has a single piece of code instantly wreaked havoc on computer systems globally. Examples include the Slammer worm of 2003, Russia’s NotPetya cyberattack targeting Ukraine, and North Korea’s WannaCry ransomware. However, the recent digital catastrophe over the past 12 hours wasn't caused by hackers, but by the software meant to protect against them.

Two major internet infrastructure issues converged on Friday, causing widespread disruptions across airports, train systems, banks, healthcare organizations, hotels, and television stations. The trouble began on Thursday night with a widespread outage on Microsoft's cloud platform, Azure. By Friday morning, things worsened when CrowdStrike released a flawed software update, causing Windows computers to reboot repeatedly. Microsoft stated that the two failures are unrelated.

The cause of one disaster was identified: a faulty update to CrowdStrike’s Falcon monitoring product. This antivirus platform, which requires deep system access, aims to detect malware and suspicious activity. However, the update inadvertently caused the system to crash. Mikko Hyppönen of WithSecure noted that this is unprecedented in its global impact, although similar issues were more common in the past due to worms or trojans.

CrowdStrike CEO George Kurtz explained that the problem was due to a defect in the code released for Windows, leaving Mac and Linux systems unaffected. A fix has been deployed, and Kurtz apologized for the disruption. CrowdStrike’s blog revealed that the crash was caused by a configuration file update aimed at improving Falcon’s malware detection capabilities, which triggered a logic error leading to system crashes.

Security analysts initially believed the issue was due to a kernel driver update, as the file causing the crash ended in .sys, the extension for kernel drivers. Despite CrowdStrike clarifying that it wasn’t a kernel driver, the file altered the driver’s functionality, causing the crash. Matthieu Suiche of Magnet Forensics compared the risk of running security software at the kernel level to “open-heart surgery.”

Microsoft requires approval for kernel driver updates but not for configuration files. CrowdStrike is not the first to cause such crashes; similar issues have occurred with updates from Kaspersky and Windows Defender. CrowdStrike’s global market share likely contributed to the widespread impact, potentially causing a chain reaction across web infrastructure.

The outages had severe consequences worldwide. In the UK, Israel, and Germany, healthcare services and hospitals faced disruptions, while emergency services in the US experienced issues with 911 lines. TV stations, including Sky News in the UK, had to stop live broadcasts. Air travel was significantly affected, with airports using handwritten boarding passes and airlines grounding flights temporarily.

The incident highlights the fragility and interconnectedness of global digital infrastructure. Security practitioners have long anticipated such vulnerabilities. Ciaran Martin of the University of Oxford noted the event’s powerful illustration of global digital vulnerabilities.

The update’s extensive impact puzzled experts. CrowdStrike’s significant market share suggests the update triggered crashes in various parts of the web infrastructure. Hyppönen speculated that human error might have played a role in the update process.

As system administrators work to fix the issue, the larger question of preventing similar crises looms. Jake Williams of Hunter Strategy suggested that CrowdStrike’s incident might prompt demands for changes in how updates are managed, emphasizing the unsustainability of pushing updates without IT intervention.

Redditor Predicted CrowdStrike Outage Hours Before Global IT Chaos

A Reddit user, u/King_Kunta_, predicted vulnerabilities in CrowdStrike's systems just hours before the company caused a massive global IT outage. The user called CrowdStrike a "threat vector," suggesting it was susceptible to exploits that could lead to widespread damage. Initially, users dismissed the claims, but their tune changed dramatically after the outage occurred.

One commenter noted, "He tells us that CrowdStrike is a threat vector. A few hours later, every computer in the world with the CrowdStrike client installed goes blue screen. The single biggest global PC system collapse in history. Just uncanny."

Amidst the chaos, CrowdStrike's CEO George Kurtz reassured the public via X (formerly Twitter), stating, "Today was not a security or cyber incident. Our customers remain fully protected," and confirming that the issue was due to an update error, not a cyberattack.

Despite reassurances, many were left suspicious and impressed by the timing and accuracy of the Reddit post. One user aptly summed up the sentiment: "There’s no way the timing of this crazy post aligns so perfectly."
Read more »
Virus Attack
Antivirus Crowdsource Security CrowdStrike Cyber Security data security Microsoft Virus Attack

Global Outage Caused by Anti-Virus Update from Crowdstrike

 

A recent update from the anti-virus firm Crowdstrike has led to a global outage affecting millions of Windows users. The incident is being termed one of the most extensive outages ever, impacting numerous services and companies worldwide. Crowdstrike, a company many may not have heard of before, inadvertently caused this disruption with a problematic update to its Falcon virus scanner. The update led to widespread reports of the infamous Blue Screen of Death (BSOD) on computers running Windows. 

Microsoft quickly clarified that the issue was due to a third-party problem, absolving itself of direct responsibility. Users of Apple and Linux systems were unaffected, which brought some relief to those communities. Crowdstrike has since released a fix for the issue, but the recovery process remains cumbersome. IT professionals have noted that each affected machine requires a manual reboot in safe mode to restore normal operations. This task is complicated by the physical accessibility of the devices, making the resolution process even more challenging. There is currently no indication that the issue was caused by malicious intent or that any data has been compromised. 

Nonetheless, this incident highlights the crucial importance of staying updated with software patches, albeit with a note of caution. The cybersecurity community continues to stress the necessity of regular updates while acknowledging the occasional risks involved. Crowdstrike’s initial response fell short of an apology, which drew significant criticism online. However, CEO George Kurtz later issued a public apology via NBC News, expressing deep regret for the disruption caused to customers, travelers, and affected companies. This gesture, while somewhat late, was an important step in addressing the public’s concerns. This episode serves as a stark reminder of our heavy reliance on remotely managed devices and the vulnerability that comes with it. 

Despite robust systems in place to catch most issues, some problems, like this one, slip through the cracks. The timing of the update, which was pushed out on a Friday, compounded the difficulties, as fewer staff are typically available over the weekend to address such crises. For Crowdstrike customers, detailed instructions for the fix are available on the company’s support website. Many companies with dedicated IT teams are likely coordinating their responses to ensure a swift resolution. 

Unlike many outages that resolve themselves quickly, this incident will take days, if not longer, to fully mend, illustrating the significant impact of a single flawed update in our interconnected digital world.
Read more »
Vulnerability management
Cyber Security Ethical Hacker Financial Data Threat Landscape Vulnerability management

The Vital Role of Ethical Hacking in Cyber Security

 

The possibility of cyber attacks is a major issue, with the global average cost of a data breach expected to reach $4.45 million in 2023, a 15% increase over the previous three years, according to an IBM analysis. This stark figure highlights the growing financial and reputational threats companies face, emphasising the importance of ethical hacking in an increasingly interconnected world. 

Ethical hackers are the first line of defence, utilising their knowledge to replicate cyber attacks under controlled conditions. These individuals play an important role in averting potentially disastrous data breaches, financial loss, and reputational harm caused by cyber attacks by proactively fixing security vulnerabilities before they are exploited. 

This article explores the importance of ethical hacking, the tactics used by ethical hackers, and how to pursue a career in this vital sector of cyber security. 

What is ethical hacking? 

Ethical hacking, commonly referred to as penetration testing or white-hat hacking, is a technique for testing computer systems, networks, or online applications for security flaws. Unlike criminal hackers, who attempt to make money from vulnerabilities, ethical hackers utilise their expertise to uncover and patch them before they are exploited. 

They utilise their expertise with authorization, hoping to improve security posture before a real hacker exploits vulnerabilities. This preemptive strike against possible breaches is an important part of modern cyber security tactics and a technique of protecting against the most dangerous cyber security threats. Ethical hacking adheres to a fixed code of ethics and legal restrictions. 

Ethical hackers must have clear permission to explore systems and ensure that their actions do not stray into illegal territory. Respect for privacy, data integrity, and the lawful exploitation of uncovered vulnerabilities is critical. 

Methodologies of Ethical Hacking 

Ethical hackers employ a variety of methodologies to assess the security of information systems. These include: 

Risk assessment: Scanning systems and networks to identify known vulnerabilities. 

Penetration testing: Simulating cyber attacks to evaluate the effectiveness of security measures. 

Social engineering: Testing the human element of security through phishing simulations and other tactics. 

Security auditing: Examining the adherence of systems and policies to security standards and best practices. 

Process of ethical hacking

Step 1: Reconnaissance - The ethical hacker collects as much information about the target system or network as possible utilising techniques such as WHOIS databases, search engines, and social media to obtain publically available information. 
 
Step 2: Scanning – They look for live hosts, open ports, services running on those hosts, and vulnerabilities connected with them. Nmap may be used to scan ports, while Nessus or OpenVAS can be used to check for vulnerabilities that can be exploited. 

Step 3: Gaining Access – They use the identified vulnerabilities to gain unauthorised access to the system or network. Metasploit is commonly used to exploit vulnerabilities. Other tools include SQL injection tools for database attacks, as well as password cracking programmes such as John the Ripper or Hydra. 

Step 4: Maintaining Access – Ensure continued access to the target for further exploration and analysis without being detected. Tools like backdoors and trojans are used to maintain access, while ensuring to operate stealthily to avoid detection by security systems.

Step 5: Covering Tracks – Delete evidence of the hacking process to avoid detection by system administrators or security software. Log tampering and the use of tools to clear or modify entries in system logs. Tools such as CCleaner can also be used to erase footprints.
Read more »
Password Hacking
Authentication Cyber Security Google security hardware vulnerabilities Passkey Security Passkeys Password Hacking

Why Passkeys Are the Future of Digital Authentication

 

Passwords have been a fundamental aspect of digital security for years, but they come with significant drawbacks. They are not only a hassle to remember but also vulnerable to various hacking techniques. Passkeys have emerged as a robust alternative, offering a more secure and user-friendly approach to account authentication. This new method utilizes your device, such as a smartphone or laptop, as an authenticator, employing either a PIN or biometric verification like fingerprint or facial recognition. 

The primary advantage of passkeys is that they eliminate the need for passwords entirely. This reduces the risk of phishing attacks, as there is no password for hackers to steal or guess. Additionally, passkeys are tied to the user’s device, making unauthorized access much more difficult. Without passwords to remember, users can enjoy a more streamlined and secure login experience. Major tech companies are already supporting the adoption of passkeys. For instance, setting up passkeys on a Google account involves visiting the Google Passkeys page and configuring the passkey with your device. Microsoft accounts can similarly be secured with Windows Hello or a PIN. Apple integrates passkeys with iCloud Keychain, making it easy for users to transition. These companies are not alone. Other platforms like Amazon, Adobe, Discord, eBay, GitHub, LinkedIn, Shopify, and WhatsApp have also embraced passkeys. 

This widespread support highlights the growing recognition of passkeys as the future of digital security. One concern with passkeys is the potential for losing access if the device is lost. Fortunately, most major tech companies allow passkeys to be synced across devices or securely stored in the cloud with end-to-end encryption. This means that users can restore their passkeys on a new device if their original one is lost. 

However, if a hardware security key is lost and not backed up, access to accounts could be permanently lost. Despite these concerns, device-based authentication is inherently secure. Modern devices are equipped with advanced security measures that make unauthorized access extremely difficult. Even if a device is stolen, the thief would need to bypass biometric or PIN verification to access sensitive information. Passkeys are stored in a Trusted Platform Module (TPM), ensuring that they are securely protected. In summary, passkeys represent a significant advancement in digital security. 

They offer a more secure, user-friendly alternative to traditional passwords, addressing many of the vulnerabilities associated with password-based authentication. As more services and devices adopt this technology, passkeys are poised to become the standard for secure online access. This shift not only enhances security but also simplifies the user experience, making it easier for individuals to protect their digital identities.
Read more »
ransomware operations
AvNeutralizer tool corporate network security Cyber Security cyber threat cybersecurity news endpoint protection evasion FIN7 hacking group malware tools Phishing Attacks ransomware operations

FIN7 Hacking Group Sells Custom Tool "AvNeutralizer" to Evade Endpoint Protectiono

 

The notorious FIN7 hacking group has been identified selling a custom tool called "AvNeutralizer," designed to bypass detection by disabling enterprise endpoint protection software on corporate networks.

Believed to be a Russian hacking group active since 2013, FIN7 initially focused on financial fraud, hacking organizations, and stealing debit and credit card information. 

Subsequently, the group ventured into the ransomware domain and became linked with the DarkSide and BlackMatter ransomware platforms. The same threat actors are also suspected of being associated with the BlackCat ransomware operation, which recently conducted an exit scam after pilfering a ransom payment from UnitedHealth.

FIN7 is notorious for its sophisticated phishing and social engineering attacks, which they use to gain initial access to corporate networks. Their methods have included impersonating BestBuy to distribute malicious USB drives and developing custom malware and tools.

The group also created a fake security company called Bastion Secure to recruit pentesters and developers for ransomware attacks without the applicants realizing the true nature of their work.

FIN7 is tracked under various aliases, including Sangria Tempest, Carbon Spider, and the Carbanak Group.

According to a new report by SentinelOne, one of the custom tools developed by FIN7 is "AvNeutralizer" (also known as AuKill), which was first seen in attacks by the BlackBasta ransomware operation in 2022. At that time, BlackBasta was the only ransomware operation using the tool, leading researchers to believe there was a connection between the groups.

However, SentinelOne's historical data showed that the tool had been used in attacks by five other ransomware operations, indicating widespread distribution.

"Since early 2023, our telemetry data reveals numerous intrusions involving various versions of AvNeutralizer," explains SentinelOne researcher Antonio Cocomazzi. "About 10 of these are attributed to human-operated ransomware intrusions deploying well-known RaaS payloads, including AvosLocker, MedusaLocker, BlackCat, Trigona, and LockBit."

Further investigation revealed that threat actors using the aliases "goodsoft," "lefroggy," "killerAV," and "Stupor" had been selling an "AV Killer" on Russian-speaking hacking forums since 2022, with prices ranging from $4,000 to $15,000. A 2023 report from Sophos detailed how AvNeutralizer/AuKill exploited the legitimate SysInternals Process Explorer driver to terminate antivirus processes on a device.

The threat actors claimed that this tool could disable any antivirus/EDR software, including Windows Defender and products from Sophos, SentinelOne, Panda, Elastic, and Symantec.

SentinelOne recently found that FIN7 had updated AvNeutralizer to use the Windows ProcLaunchMon.sys driver to hang processes, rendering them non-functional. "AvNeutralizer employs a combination of drivers and operations to create a failure in certain implementations of protected processes, ultimately causing a denial of service condition," explains SentinelOne.

"It uses the TTD monitor driver ProcLaunchMon.sys, available on default system installations, in conjunction with updated versions of the process explorer driver version 17.02 (17d9200843fe0eb224644a61f0d1982fac54d844), which has been fortified for cross-process operations abuse and is not currently blocked by Microsoft's WDAC list."

SentinelOne discovered additional custom tools and malware used by FIN7 that are not known to be sold to other threat actors, including Powertrash (a PowerShell backdoor), Diceloader (a lightweight C2-controlled backdoor), Core Impact (a penetration testing toolkit), and an SSH-based backdoor.

Researchers warn that FIN7's continuous evolution and innovation in tools and techniques, coupled with selling its software, make it a significant threat to enterprises worldwide. "FIN7's continuous innovation, particularly in its sophisticated techniques for evading security measures, showcases its technical expertise," concludes SentinelOne researcher Antonio Cocomazzi. "The group's use of multiple pseudonyms and collaboration with other cybercriminal entities makes attribution more challenging and demonstrates its advanced operational strategies."
Read more »
Play Store
Advertisement Cyber Security Fake Apps Fraudulent Play Store

HUMAN Team Shuts Down Major Mobile Ad Fraud Scheme

 


In a major development, the HUMAN Satori Threat Intelligence and Research Team has successfully dismantled a vast mobile advertising fraud operation known as "Konfety." This scheme, which generated billions of fake ad requests each day, was designed to deceive both users and advertisers on a large scale.

The Konfety scammers used a mobile advertising tool called CaramelAds to carry out their scheme. They created numerous fake apps, which appeared to be ordinary games on the Google Play Store. These apps were actually just a front for the fraud. The core of the scam involved "evil twin" apps—modified versions of CaramelAds that did not follow privacy regulations and were used to show fraudulent ads.

The fraudulent apps were designed to mimic genuine user activity. They displayed unwanted ads, opened websites without user consent, and used various tactics to create the illusion of legitimate traffic. This allowed the scammers to profit from fake ad views and clicks, deceiving both users and advertisers.

Upon discovering the fraud, the HUMAN team quickly implemented measures to block the fraudulent traffic. They flagged suspicious activity and worked with ad networks to stop the scam. In response, the fraudsters tried to shift their operations to other networks not protected by HUMAN, but their efforts were largely thwarted by HUMAN’s protective measures.

Google Play Protect was crucial in identifying and removing the fraudulent apps. Despite its efforts, the scale of the Konfety scheme highlighted the ongoing challenge of preventing such sophisticated scams. Google continues to monitor and protect users from these threats.

HUMAN’s team developed specific detection techniques for the Konfety scam and shared their findings with other security experts. This collaboration led to a significant reduction in fraudulent ad requests and enhanced overall security in digital advertising.

The successful shutdown of the Konfety fraud needs a heedful of vigilance and cooperation in the fight against online scams. HUMAN’s ongoing efforts to safeguard the integrity of digital advertising are essential as cybercriminals continue to evolve their tactics. This case highlights the need for constant vigilance and industry collaboration to maintain a secure online environment.




Read more »
Threat Management
Bypass Tool Cyber Security Data Privacy Hacker group Threat Management

New EDR Bypass Tool Advertised by FIN7 Hacking Group

 

SentinelOne researchers warn that the financially motivated group FIN7 is utilising various pseudonyms to promote a security evasion tool on several criminal underground forums. FIN7 created a tool called AvNeutralizer (also known as AuKill) that can circumvent safety measures. The researchers discovered that the tool was employed by multiple ransomware operations, including AvosLocker, MedusaLocker, BlackCat, Trigona, and LockBit. 

The researchers identified a new version of AvNeutralizer that uses a novel way to interfere with and bypass security mechanisms, exploiting the Windows driver ProcLaunchMon.sys. 

“New evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market,” the researchers explained . “FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications.” 

Last year in November, SentinelOne reported a potential link between FIN7 and the use of EDR evasion tools in ransomware attacks involving the Black Basta group. 

The cybersecurity firm's analysis revealed that the "AvNeutralizer" tool (also known as AuKill) targeted several endpoint security solutions and was utilised exclusively by one group for six months. This supported the hypothesis that the FIN7 group and the Black Basta gang had a close relationship.

Starting in January 2023, the experts detected the deployment of upgraded versions of AvNeutralizer by multiple ransomware gangs, implying that the programme was made available to multiple threat actors through underground forums. The researchers discovered numerous adverts on underground forums encouraging the sale of AvNeutralizer.

On May 19, 2022, a user named "goodsoft" advertised an AV killing tool for $4,000 on the exploit[.]in forum. Later, on June 14th, 2022, a person named "lefroggy" placed a similar ad on the xss[.]is forum for $15,000. A week later, on June 21st, a user known as "killerAV" advertised the tool on the RAMP forum for $8,000. 

SentinelOne researchers focused on the tool's innovative technique for disabling endpoint security solutions. The unpacked AvNeutralizer payload employs ten approaches to compromise system security systems. While multiple strategies have been reported, such as removing PPL protection using the RTCore64.sys driver and the Restart Manager API, a recently discovered technique includes utilising a Windows built-in driver capability that was previously unknown in the wild. 

“Our investigation into FIN7’s activities highlights its adaptability, persistence and ongoing evolution as a threat group. In its campaigns, FIN7 has adopted automated attack methods, targeting public-facing servers through automated SQL injection attacks,” the researchers concluded. “Additionally, its development and commercialization of specialized tools like AvNeutralizer within criminal underground forums significantly enhance the group’s impact.”
Read more »
Safety
Cyber Safety Cyber Security Data Online Security Safe Safety

How to Protect Your Online Accounts from Hackers

 

Hackers are increasingly targeting individuals to steal cryptocurrency, access bank accounts, or engage in stalking. Although these attacks are relatively rare, it's crucial to know how to protect yourself if you suspect someone has accessed your email or social media accounts.

A few years ago, I wrote a guide to help people secure their accounts. Many companies provide tools to enhance account security, which you can use even before contacting their support teams.

Here, we break down steps you can take across various online services.

First, it's important to note that these methods don't guarantee complete security. If you still feel compromised, consider consulting a professional, especially if you are a journalist, dissident, activist, or someone at higher risk.

Enable multi-factor authentication (MFA) on all your accounts, or at least the most critical ones like email, banking, and social media. This directory provides instructions for enabling MFA on over 1,000 websites. You don't have to use the recommended MFA app; many alternatives are available.

Some services also offer physical security keys or passkeys stored in password managers, providing high-level protection against password-stealing malware and phishing attacks.

Securing Your Gmail Account

If you suspect your Gmail account has been compromised, scroll to the bottom of your inbox and click on "Last account activity" in the bottom right corner. Then click on "Details" to see all the locations where your Google account is active. If you notice any unfamiliar activity, such as logins from different countries, click on "Security Checkup." Here, you can see which devices your account is active on and review recent security activity.

If you spot suspicious activity, click on "See unfamiliar activity?" and change your password. Changing your password will sign you out of all devices except those used for verification and third-party apps you've granted access to. To sign out from those devices, visit Google Support and click on the link to view apps and services with third-party access.

Consider enabling Google’s Advanced Protection for enhanced security. This feature makes phishing and hacking more difficult but requires purchasing security keys. It's highly recommended for individuals at higher risk.

Remember, your email account is likely linked to other important accounts, so securing it is crucial.

Checking Microsoft Outlook Security

To check if your Microsoft Outlook account has been accessed by hackers, go to your Microsoft Account, click on "Security" in the left-hand menu, and then under "Sign-in activity," click on "View my activity." You'll see recent logins, the platform and device used, browser type, and IP address. If anything looks suspicious, click on "Learn how to make your account more secure," where you can change your password and find instructions for recovering a hacked or compromised account.

Given that your email is often linked to other critical accounts, securing it is vital.

Securing Your Yahoo Account

Yahoo also provides tools to check your account and sign-in activity for unusual signs of compromise. Go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, then click on "Manage your account." Next, click on "Review recent activity." You can see recent activity on your account, including password changes, phone numbers added, and connected devices with their IP addresses.

Since your email is likely linked to sensitive sites like your bank, social media, and healthcare portals, it's essential to secure it diligently.

By following these steps and using the tools provided by these services, you can enhance the security of your online accounts and protect yourself from potential threats
Read more »
Software Vulnerability
Cyber Security Data DoS Internet of Things Networks Software Vulnerability

The Role of IoT in Modern Infrastructure


Imagine if someone told you in the early 2000s that entire industries would run almost by themselves, thanks to a network of connected devices. Today, this is no longer science fiction but our reality, thanks to the Internet of Things (IoT). By 2030, it’s expected that there will be over 29 billion IoT devices globally. These devices are transforming critical infrastructure like power grids, water systems, transportation networks, factories, military bases, and airports, making them more efficient and reliable.

How IoT is Changing Critical Infrastructure

IoT is revolutionising how we manage and operate our critical infrastructure. These devices allow for real-time data collection, remote monitoring, and automation. This means that systems can run more smoothly, costs can be reduced, and services can be more reliable. However, setting up these networks over large areas isn’t easy. It requires substantial investment and upgrades to existing infrastructure.

The Cybersecurity Challenge

With so many devices connected, the security risks increase. Many IoT devices don’t have strong security features, making them easy targets for hackers. Here are some specific concerns:

1. Unauthorised Access: Many devices come with default passwords that are easy to guess, making them vulnerable to attacks.

2. Data Breaches: If data isn’t encrypted, it can be intercepted and misused.

3. Denial of Service (DoS): Networks can be overwhelmed by excessive traffic, causing disruptions.

4. Software Vulnerabilities: Outdated software can have security gaps that hackers can exploit.

Because these devices are interconnected, a breach in one can potentially compromise the entire network, causing widespread issues.

To protect against these threats, a multi-layered security approach is essential. Actelis Networks, a company specialising in secure networking solutions, uses a strategy called "Triple Shield." This includes encrypting data, breaking it into fragments, and scrambling it, making it extremely difficult for hackers to access and exploit the information.

Actelis’ strong security measures have earned it a spot on the U.S. Department of Defense’s approved products list. Recently, they secured contracts to upgrade the networks at three U.S. military bases, reflecting the growing investment in cybersecurity amid increasing cyber threats.

While security is crucial, ensuring that IoT devices can communicate without interruptions is also important. Actelis' hybrid-fibre technology uses existing network infrastructure, combining fibre, coax, and legacy copper wiring. This allows for high-speed connectivity without the need for extensive new construction, reducing costs and deployment time.

Actelis’ technology uses Ethernet access switches and extenders to achieve gigabit speeds over various types of wiring. This not only enhances connectivity but also supports the efficient operation of sensors and cameras essential for real-time monitoring and control.

The Future of IoT in Critical Infrastructure

As IoT continues to evolve, innovative network designs will play a key role in addressing the challenges of speed, maintenance, and security. Actelis’ hybrid-fiber technology and multi-layered security approach show how we can achieve these goals, ensuring that technological advancements contribute to a safer and more efficient future.

The integration of IoT in critical infrastructure is a dynamic and evolving field. By addressing both connectivity and security challenges, companies like Actelis Networks are helping build a more resilient and advanced infrastructure that can withstand the complexities of the modern digital landscape.


Read more »
Ransomware
AI Black Basta Cyber Security Cyber Threats DDoS Ransomware

Are We Ready for the Next Wave of Cyber Threats?



In our increasingly digital world, cybersecurity is a growing concern for everyone— from businesses and governments to everyday individuals. As technology advances, it opens up exciting possibilities and creates new, sophisticated cyber threats. Recent high-profile attacks, like those on Ascension and the French government, show just how damaging these threats can be.

Cybercriminals are always finding new ways to exploit weaknesses. According to Cybersecurity Ventures, global cybercrime damages could hit $10.5 trillion a year by 2025. This huge number highlights why strong cybersecurity measures are so important.

One major evolution in cyber threats is seen in ransomware attacks. These attacks used to be about locking up data and demanding a ransom to unlock it. Cybercriminals also steal data and threaten to release it publicly, which can disrupt businesses and ruin reputations. For example, in May, the Black Basta group attacked Ascension, the largest non-profit Catholic health system in the U.S., disrupting operations in its 140 hospitals and affecting patient care.

Supply chain attacks are another big concern. These attacks target vulnerabilities in the network of suppliers and partners that businesses rely on. This makes securing the entire supply chain crucial.

Cybercriminals are also using artificial intelligence (AI) to make their attacks more powerful. Examples include DeepLocker, a type of AI-powered malware that stays hidden until it reaches its target, and deepfake scams, where AI creates fake videos or audio to trick people into transferring money. AI-driven malware can change its behaviour to avoid detection, making it even more dangerous.

Distributed denial-of-service (DDoS) attacks are another serious threat. These attacks flood a website or network with so much traffic that it can’t function. In March 2024, a massive DDoS attack targeted over 300 web domains and 177,000 IP addresses linked to the French government, causing major disruptions.

Building a Strong Cybersecurity Defense

To fight these evolving threats, businesses need to build strong cybersecurity defenses. One effective approach is the zero-trust model, which means every access request is verified, no matter where it comes from. Key parts of this model include multi-factor authentication (MFA), which requires more than one form of verification to access systems, and least privilege access, which ensures users only have access to what they need to do their job.

Advanced monitoring tools are also essential. Security information and event management (SIEM) systems, combined with AI-driven analytics, help detect and respond to threats in real time by providing a comprehensive view of network activities.

Human error is a major vulnerability in cybersecurity, so employee training and awareness are crucial. Regular training programs can help employees recognise and respond to threats like phishing attacks, creating a culture of security awareness.

The Role of AI in Cybersecurity

While AI helps cybercriminals, it also offers powerful tools for defending against cyber threats. AI can analyse vast amounts of data to spot patterns and anomalies that might indicate an attack. It can detect unusual behaviour in networks and help security analysts respond more quickly and efficiently to threats.

AI can also identify and mitigate insider threats by analysing user behaviour and spotting deviations from typical activity patterns. This helps strengthen overall security.

The future of cybersecurity will involve constant innovation and adaptation to new challenges. AI will play a central role in both defence and predictive analytics, helping foresee and prevent potential threats. Ethical considerations and developing frameworks for responsible AI use will be important.

Businesses need to stay ahead by adopting new technologies and continuously improving their cybersecurity practices. Collaboration between industries and with government agencies will be crucial in creating comprehensive strategies.

Looking to the future, we need to keep an eye on potential threats and innovations. Quantum computing promises new breakthroughs but also poses a threat to current encryption methods. Advances in cryptography will lead to more secure ways to protect data against emerging threats.

As cyber threats evolve, staying informed and adopting best practices are essential. Continuous innovation and strategic planning are key to staying ahead of cybercriminals and protecting critical assets.


Read more »
Websites
Customer Manipulation Cyber Security Cyberattacks CyberCrime Cyberthreats Dark Patterns ICPEN Websites

Subscription Services Accused of Using 'Dark Patterns' to Manipulate Customers

 


It is a widespread practice among subscription sites to manipulate customers' behaviour around subscriptions and personal data to influence their decisions, according to a new report by two international consumer protection organizations. It is defined as the practice of guiding, deceiving, coercing, or manipulating consumers in ways that often aren't in their best interests when using an online user interface. 

An international research effort was conducted by the International Consumer Protection and Enforcement Network, along with the Global Privacy Enforcement Network, both of whom are responsible for conducting consumer protection and enforcement investigations. As a result of a review of selected websites and apps, the Federal Trade Commission and two international consumer protection networks reported that a significant portion of the websites and applications examined may be manipulative of consumers into buying products or services or revealing personal information to third parties. 

These dark patterns, and digital design techniques, can be found in most of the websites and apps examined that use these techniques. These types of strategies may be able to persuade consumers to take actions that they would not generally take. In an internet survey carried out by the Internet Society, an analysis was carried out of the websites and mobile apps of 642 traders. The study found that 75,7% of them had at least one dark pattern on their websites, and 66,8% had at least two or more dark patterns on their websites. 

An online user interface's shadow patterns are defined as the subtle, deceptive, coercive, or manipulative strategies used to steer, deceive, coerce, or manipulate users into making decisions that are not necessarily in their best interest and are rather detrimental to them. As part of the annual International Consumer Protection and Enforcement Network (ICPEN) sweep, which took place from January 29 to February 2, 2024, the 2018 Sweep was hosted by ICPEN. 

To conduct the study, participants were asked to serve as sweepers, representing 27 consumer protection enforcement authorities from 26 different countries. There has been a coordinated sweep between the ICPEN and the Global Privacy Enforcement Network (GPEN) for the very first time. In a world that is becoming increasingly global in terms of standards, regulations, and technology, GPEN is a membership-based network of over 80 privacy enforcement authorities, whose mission is to foster cross-border cooperation among privacy regulators and effectively protect personal privacy. 

Consumer protection is increasingly becoming intertwined with other spheres of the regulatory system due to the growing intersections. The assessment of the deceptive design patterns by both privacy and consumer protection sweepers who were conducting a review of website and app content demonstrated that many of these sites and apps employ techniques that interfere with the ability of individuals to make educated decisions to protect their rights as consumers and privacy. 

As a result of the analysis, the scourges rated the sites and apps from a point of view of six indicators that are characteristic of dark business practices according to the Organisation for Economic Co-operation and Development (OECD). A study conducted by ICPEN found that there were several potential sneaky practices, for example, the inability to turn off auto-renewal of subscription services by consumers, or interference with the user interface. These practices, such as highlighting a subscription that is beneficial to the trader, were particularly frequent during the survey period. 

In a recent publication, ICPEN and GPEN, a pair of organizations that are helping improve consumer protection and privacy for individuals throughout the world, have both released reports that outline their findings. On the ICPEN's website, users will find the report, and on the GPEN's website, they will find the report. GPEN has released a companion report exploring black patterns that could encourage users to compromise their privacy as a result of them. The majority of the more than 1,00 websites and apps analyzed in this study used a deceptive design practice in the development of their websites. 

As many as 89 per cent of these organizations had privacy policies that contained complex and confusing language. In addition to interface interference, 57 per cent of the platforms made the option with the least amount of privacy protection the easiest one to pick, and 42 per cent used words that could influence users' opinions and emotions in the privacy choices. The subtle cues that influence even the most astute individuals can lead to suboptimal decisions. 

These decisions might be relatively harmless, such as forgetting to cancel an auto-renewing service, or they might pose significant risks by encouraging the disclosure of more personal information than necessary. The recent reports have not specified whether these dark patterns were employed illicitly or illegally, only confirming their presence. This dual release underscores the critical importance of digital literacy as an essential skill in the modern age. Today's announcement coincides with the Federal Trade Commission (FTC) officially assuming the 2024-2025 presidency of the International Consumer Protection and Enforcement Network (ICPEN).

ICPEN is a global network of consumer protection authorities from over 70 countries, dedicated to safeguarding consumers worldwide by sharing information and fostering global enforcement cooperation. The FTC has long been committed to identifying and combating businesses that utilize deceptive and unlawful dark patterns. In 2022, the FTC published a comprehensive staff report titled "Bringing Dark Patterns to Light," which detailed an extensive array of these deceptive practices. 

The Federal Trade Commission collaborates with counterpart agencies to promote robust antitrust, consumer protection, and data privacy enforcement and policy. The FTC emphasizes that it will never demand money, issue threats, instruct individuals to transfer funds, or promise prizes. For the latest news and resources, individuals are encouraged to follow the FTC on social media, subscribe to press releases, and subscribe to the FTC International Monthly.
Read more »
ToolKit
Cyber Security FishXProxy phishing Threat Management ToolKit

Phishing Kit FishXProxy Equips Online Criminals for Success

 

Phishing campaigns have always been a threat, but a new toolkit called FishXProxy is making it alarmingly easy for even inexperienced cybercriminals to carry out sophisticated scams. 

SlashNext Email Security researchers have disclosed exclusive details about FishXProxy, a new phishing kit that was found on the Dark Web, in their most recent report. With its advanced features like antibot setups, Cloudflare Turnstile integration, an integrated redirector, and page expiration settings, FishXProxy is an end-to-end solution that lowers the bar for cybercriminals. 

The kit is advertised as "The Ultimate Powerful Phishing Toolkit," since it can simply neutralise technical hurdles associated with phishing campaigns, allowing cybercriminals to launch attacks that bypass security defences and go undetected. FishXProxy is especially damaging because it makes phishing possible for individuals with limited technology expertise. It is a comprehensive solution for creating and managing phishing sites in order to avoid detection and increase the success rate of credential theft attempts. 

“FishXProxy equips cybercriminals with a formidable arsenal for multi-layered email phishing attacks…Even if one attack fails, cross-project tracking allows attackers to persistently target victims across multiple campaigns,” SlashNext’s researchers stated in their report. 

Using this kit, phishing emails with unique links and dynamic attachments can avoid security checks. Advanced anti-bot technology discards automated scanning and potential victims. Worse, FishXProxy includes traffic management features that mask the true destination of links and distribute traffic across multiple pages. Short-lived frauds can also be made to expire after a certain amount of time, putting pressure on victims to act fast. A cookie system enables attackers to identify and target users across many campaigns, personalising schemes and creating profiles of subsequent victims. 

Mr Mika Aalto, Co-Founder and CEO of Hoxhunt, a Helsinki-based Human Risk Management Platform, commented on the recent trend, stating that phishing kits make it easy for even less competent and resource-limited criminals to carry out advanced phishing attacks. 

“Phishing kits are lowering the barrier of entry to advanced cybercrime even for low-resourced and not clever criminals. As more phishing attacks consequently bypass filters, we need to make sure our people are equipped with the skills and tools to keep themselves and their colleagues safe,“ Aalto noted. 

To mitigate this threat, organisations require modern security solutions that can detect threats through numerous channels. Employees should also be trained on the most recent phishing techniques, and strong authentication protocols should be established.
Read more »
Virtual Private Network
Cyber Security Data Digital Security Quantum computing Virtual Private Network

Debunking Common Myths About VPNs






Virtual Private Networks (VPNs) are important tools for online privacy, but they’re often misunderstood. Here, we clear up the top five myths to help you understand what VPNs can and can’t do for your digital security.

Myth 1: All VPNs Steal Your Data

Many people worry that VPNs are just a cover for collecting data. While some free VPNs do sell user data to advertisers, many trustworthy VPNs don't. These reputable VPNs are regularly audited by independent firms like KPMG or Deloitte to prove they don’t keep logs of your activity. For example, Private Internet Access has defended its no-log policy in court. Always choose VPNs that have passed these audits to ensure your data is safe.

Myth 2: Government Surveillance Makes VPNs Useless

Some think that because the government monitors internet traffic, using a VPN is pointless. While governments do have surveillance capabilities, VPNs still add a strong layer of protection. They encrypt your data, making it much harder for anyone, including government agencies, to intercept or read it without a warrant. Despite efforts to crack encryption, modern protocols like OpenVPN, WireGuard, and IKEv2 are still secure. Therefore, VPNs are essential for maintaining privacy even in the face of government surveillance.

Myth 3: Quantum Computing Will Break VPNs Soon

There’s a fear that quantum computers will soon break all encryption, making VPNs useless. While quantum computing is a future threat, practical quantum computers are still many years away. Researchers are already working on new types of encryption that can resist quantum attacks. Even though there’s a risk that stored encrypted data could be decrypted in the future, the vast amount of data on the internet makes it impractical for anyone to capture everything. Using a VPN with future-proof protocols can help protect your data against these risks.

Myth 4: VPNs Make You Completely Anonymous Online

VPNs do a great job of hiding your IP address, but they don’t make you completely anonymous. If you share personal information on social media or allow tracking cookies, your identity can still be exposed. For full privacy, use VPNs along with other tools like script blockers, ad blockers, and services that delete your data from marketing databases. By combining these tools and being careful online, you can greatly reduce your digital footprint.

Myth 5: Tor Is Better Than a VPN

The Tor Browser offers high privacy by routing your traffic through multiple servers, but this also slows down your internet speed. Tor’s known exit nodes can be blocked by websites. In contrast, good VPNs invest in high-quality servers, providing faster speeds and reliable access to content that’s blocked in your region. While Tor is great for absolute privacy, VPNs are better for everyday use, where speed and reliability are important.

Misunderstandings about VPNs often come from unreliable services giving the whole industry a bad name. By choosing well-reviewed and audited VPNs, you can significantly boost your online privacy and security. VPNs protect you from hackers, marketers, and surveillance, making your internet experience safer and more private. Clearing up these myths helps you make better decisions about using digital privacy tools.

Read more »
Subscribe to: Posts (Atom)