Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data. Show all posts
Windows security flaw
Command Injection Attacks Cyber Security Data Rust vulnerability Safety Windows security flaw

Windows Systems Vulnerable to Attacks Due to Critical 'BatBadBut' Rust Flaw

 

A significant security loophole within the Rust standard library has emerged, posing a threat specifically to Windows users by enabling potential command injection attacks. Designated as CVE-2024-24576 and carrying a maximum severity score of 10.0 according to the Common Vulnerability Scoring System (CVSS), this vulnerability is significant. However, it's worth noting that it solely affects situations where batch files are called upon in Windows environments with untrusted arguments.

The Rust Security Response working group, in an advisory issued on April 9, 2024, highlighted that the flaw arises from inadequacies in the Rust standard library's handling of arguments when initiating batch files (bearing the .bat and .cmd extensions) on Windows via the Command API. Essentially, the flaw permits attackers to execute arbitrary shell commands by circumventing the established escaping mechanisms.

This vulnerability affects all Rust versions preceding 1.77.2 and was initially discovered and reported by security researcher RyotaK to the CERT Coordination Center (CERT/CC). RyotaK, who named the vulnerability "BatBadBut," emphasized that it impacts multiple programming languages and stems from the manner in which these languages utilize the CreateProcess function in Windows while incorporating escape mechanisms for command arguments.

According to CERT/CC, the vulnerability underscores a broader issue wherein programming languages lack robust validation mechanisms for executing commands within the Windows environment. This oversight potentially allows attackers to execute disguised arbitrary code as command arguments.

The extent of the vulnerability's impact hinges on the implementation of vulnerable programming languages or modules. As not all programming languages have rectified the issue, developers are advised to exercise caution when executing commands on Windows platforms.

In order to mitigate the risk of inadvertent execution of batch files, RyotaK recommends relocating such files to a directory not included in the PATH environment variable. By doing so, batch files would only execute upon specification of their full path, thereby reducing the likelihood of unexpected execution.
Read more »
third-party provider
Cyber Security Data fast food chain Global Outage McDonald's Safety Security technical issues third-party provider

McDonald's Attributes Worldwide Outage to Third-Party Provider

McDonald's faced significant disruptions in its fast-food operations on Friday, attributing the widespread technical issues to a third-party provider rather than a cyber attack. The outage, which occurred during a "configuration change," affected stores in various countries including the UK, Australia, and Japan.

According to McDonald's, the problem led to the inability to process orders, prompting closures and service interruptions across affected regions. However, the company clarified that it swiftly identified and resolved the global technology system outage.

Brian Rice, McDonald's chief information officer, emphasized that the incident was an anomaly not directly linked to cybersecurity threats but rather stemmed from a third-party provider's actions during a system configuration change. He assured that efforts were underway to address the situation urgently.

Reports indicated that numerous McDonald's outlets, particularly in the UK and Australia, experienced disruptions, causing frustration among customers unable to place orders. The impact varied across regions, with some locations forced to close temporarily.

Despite the challenges, McDonald's reported progress in restoring operations across affected countries. Stores in Japan, initially hit by the outage, began resuming operations, albeit with temporary cash-only transactions and manual calculations.

While the disruption garnered attention on social media platforms, including complaints from customers unable to order through the McDonald's app, the company thanked customers and staff for their patience as services gradually resumed.

The outage affected McDonald's restaurants worldwide, highlighting the scale of the incident across its extensive network of approximately 40,000 outlets globally, with significant footprints in the UK, Ireland, the United States, Japan, and Australia.
Read more »
Tech Companies
Change Cyber Security Data Data Safety Digital Act Europe Tech Companies

Europe's Digital Markets Act Compels Tech Corporations to Adapt

 

Europeans now have the liberty to select their preferred online services, such as browsers, search engines, and iPhone apps, along with determining the usage of their personal online data. 

These changes stem from the implementation of the Digital Markets Act (DMA), a set of laws introduced by the European Union targeting major technology firms including Amazon, Apple, Microsoft, Google (under Alphabet), Meta (formerly Facebook), and ByteDance (owner of TikTok).

This legislation marks Europe's ongoing efforts to regulate large tech companies, requiring them to adapt their business practices. Notably, Apple has agreed to allow users to download smartphone apps from sources other than its App Store. The DMA applies to 22 services ranging from operating systems to messaging apps and social media platforms, affecting prominent offerings like Google Maps, YouTube, Amazon's Marketplace, Apple's Safari browser, Meta's Facebook, Instagram, WhatsApp, Microsoft Windows, and LinkedIn.

Companies found in violation of the DMA could face hefty fines, up to 20% of their global annual revenue, and even potential breakup for severe breaches. The impact of these rules is not limited to Europe, as other countries, including Japan, Britain, Mexico, South Korea, Australia, Brazil, and India, are considering similar legislation to curb tech giants' dominance in online markets.

One significant change resulting from the DMA is Apple's decision to allow European iPhone users to download apps from sources beyond its App Store, a move the company had previously resisted. However, Apple will introduce a 55-cent fee for each iOS app downloaded from external stores, raising concerns among critics about the viability of alternative app platforms.

Furthermore, the DMA grants users greater freedom to choose their preferred online services and restricts companies from favouring their own offerings in search results. 

For instance, Google search results will now include listings from competing services like Expedia for searches related to hotels. Additionally, users can opt out of targeted advertising based on their online data, while messaging systems are required to be interoperable, forcing Meta to propose solutions for seamless communication between its platforms, Facebook Messenger and WhatsApp.
Read more »
Security
Cyber Attacks Data Data Safety Hamilton Safety Security

Cyberattack on Hamilton City Hall Expands to Impact Additional Services

 

Hamilton is currently facing a ransomware attack, causing widespread disruptions to city services for more than a week. City manager Marnie Cluckie disclosed the nature of the cyber attack during a virtual press conference on Monday, marking the first public acknowledgment of the incident since it began on February 25. 

The attack has resulted in the shutdown of almost all city phone lines, hampering city council operations and affecting numerous services such as the bus schedule app, library WiFi, and permit applications.

Cluckie mentioned that the city has not provided a specific timeframe for resolving the situation, emphasizing that systems will only be restored once deemed safe and secure. While the city has not detected any unauthorized access to personal data, Hamilton police have been alerted and will conduct an investigation.

Regarding the attackers' demands, Cluckie remained cautious, refraining from disclosing details such as the requested amount of money or their location due to the sensitive nature of the situation. However, she mentioned that the city is covered by insurance for cybersecurity breaches and has enlisted the expertise of cybersecurity firm Cypfer to manage the incident response.

Ransomware attacks, characterized by denying access to systems or data until a ransom is paid, can have devastating consequences, as highlighted by the Canadian Centre for Cyber Security. Although paying the ransom does not guarantee system restoration, it is sometimes deemed necessary, as seen in previous cases involving other municipalities like St. Marys and Stratford.

Once the city's systems are restored, Cluckie will oversee a comprehensive review to understand the breach's cause and implement preventive measures. Council meetings have been postponed until at least March 15 due to operational constraints, with plans to resume once the situation stabilizes.

The impact of the attack on various city services is extensive. Phone lines for programs, councillors, and essential facilities like long-term care homes are down. Online systems for payments and services related to fire prevention, permits, and property are inaccessible. Engineering services, cemeteries, libraries, public health, property taxes, Ontario Works, vendor payments, waste management, child care, transit, Hamilton Water, city mapping, and recreation facilities are all affected to varying degrees, with disruptions in communication, payments, and service availability.

Efforts are underway to mitigate the effects of the attack, but until the situation is resolved, residents and city officials must navigate the challenges posed by the ransomware attack.
Read more »
Swipe sounds
biometric vulnerability Cyber Security Cybersecurity Data Devices Fingerprint Attack fingerprint recreation Phone Safety side-channel attack Swipe sounds

Researchers Unveil Sound-Based Attack: Swipe Sounds Used to Recreate Fingerprints

 

A group of researchers from China and the US has introduced an intriguing new method for compromising biometric security systems. Their study, titled "PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound," presents a novel side-channel attack aimed at the sophisticated Automatic Fingerprint Identification System (AFIS). 

This attack exploits the sound produced by a user's finger swiping across a touchscreen to extract fingerprint pattern details. Through testing, the researchers claim success rates of attacking "up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%." This research marks the first instance of utilizing swiping sounds to deduce fingerprint information.

Fingerprint biometric security measures are prevalent and widely trusted, with projections suggesting the fingerprint authentication market could reach nearly $100 billion by 2032. However, with growing awareness of potential fingerprint theft, individuals and organizations are becoming more cautious about exposing their fingerprints, even in photographs.

In the absence of direct access to fingerprints or detailed finger images, attackers have found a new avenue for obtaining fingerprint data to bolster dictionary attacks like MasterPrint and DeepMasterPrint. The PrintListener study reveals that "finger-swiping friction sounds can be captured by attackers online with a high possibility," using common communication apps such as Discord, Skype, WeChat, and FaceTime. By exploiting these sounds, the researchers developed PrintListener, a sophisticated attack method.

PrintListener overcomes significant challenges, including capturing faint friction sounds, separating fingerprint influences from other user characteristics, and advancing from primary to secondary fingerprint features. The researchers achieved this through the development of algorithms for sound localization, feature extraction, and statistical analysis.

Through extensive real-world experiments, PrintListener demonstrates remarkable success rates in compromising fingerprint security, surpassing unassisted dictionary attacks. This research underscores the importance of addressing emerging threats to biometric authentication systems and developing robust countermeasures to safeguard sensitive data.
Read more »
Security
blogger harassment case Cyber Safety Data Data Safety eBay fine settlement Security

eBay Settles Blogger Harassment Case with $3 Million Fine

 

eBay has agreed to pay a substantial fine of $3 million (£2.36 million) in order to settle charges related to the harassment of bloggers who were openly critical of the company. The disturbing details emerged in court documents, revealing that high-ranking eBay executives, including Jim Baugh, the former senior director of safety and security, orchestrated a targeted campaign against Ina and David Steiner, the couple behind the newsletter EcommerceBytes, which the company's leadership disapproved of.

The court papers outline a series of alarming incidents, including the dispatch of live spiders and cockroaches to the Steiners' residence in Natick, Massachusetts. This relentless campaign of intimidation left the couple, according to prosecutors, in a state of being "emotionally, psychologically, and physically" terrorized. Jim Baugh, alongside six associates, allegedly spearheaded this effort to silence the Steiners, going to extreme lengths.

The harassment tactics escalated to sending live insects, a foetal pig, and even a funeral wreath to the Steiners' home. Moreover, Baugh and his associates reportedly installed a GPS tracking device on the couple's car, infringing on their privacy. Additionally, the perpetrators created misleading posts on the popular website Craigslist, inviting strangers to engage in sexual encounters at the Steiners' residence.

The aftermath of these reprehensible actions saw the termination of the involved employees by eBay. In the legal proceedings, Philip Cooke, an eBay employee, received an 18-month prison sentence in 2021, while Jim Baugh was handed a nearly five-year sentence in the subsequent year.

Baugh's defense claimed that he faced pressure from eBay's former CEO, Devin Wenig, to rein in the Steiners and control their coverage of the company. However, Wenig, who resigned from his position in 2019, has not been charged in connection with the harassment campaign and vehemently denies any knowledge of it.

Acting Massachusetts US Attorney Josh Levy strongly condemned eBay's conduct, labeling it as "absolutely horrific, criminal conduct." Levy emphasized that the employees and contractors involved in this campaign created a petrifying environment for the victims, with the clear intention of stifling their reporting and safeguarding the eBay brand.
Read more »
Technology
AI Ai Data Artificial Intelligence Artificial intelligence Education Data data security Education Safety Security. Data Technology

Optimizing Education: Unleashing the Potential of Artificial Intelligence in the Classroom

 

The incorporation of Artificial Intelligence (AI) into educational settings holds the promise of transforming both the learning experience for students and the teaching methods employed by educators. AI algorithms, when integrated into the classroom, have the capability to offer personalized feedback and recommendations, enhancing the overall efficacy and engagement in learning. 

Despite these potential advantages, educators encounter various challenges in integrating AI into the curriculum. This article explores the benefits, challenges, and best practices associated with the inclusion of AI in education, emphasizing the ongoing need for research and development to fully harness its potential.

Artificial Intelligence is progressively becoming an integral part of our daily lives, with the potential to revolutionize work, communication, and learning. In the educational realm, AI stands to provide students with personalized and engaging learning experiences, aiding teachers in addressing individual student needs more effectively. 

However, along with these benefits, educators face challenges such as the requirement for technical expertise, limited resources, and ethical considerations.

Benefits of Incorporating AI into the Classroom

One significant advantage of integrating AI into classrooms is the ability to tailor learning experiences to individual students. AI algorithms analyze student data, adapting to their learning styles and offering feedback and recommendations customized to their needs. This personalized approach can enhance student engagement, motivation, and ultimately contribute to improved academic performance. 

Additionally, incorporating AI into the curriculum provides an opportunity to deepen students' understanding of this rapidly-evolving technology, fostering a critical perspective and preparing them for the challenges and opportunities of the digital age. Moreover, exposure to AI tools and applications helps students develop crucial 21st-century skills such as problem-solving, critical thinking, and collaboration.

Challenges of Incorporating AI into the Classroom

While the advantages of incorporating AI into education are evident, educators face significant challenges. The foremost obstacle is the need for technical expertise, as teachers unfamiliar with AI may struggle to seamlessly integrate it into their teaching practices. 

Addressing this challenge requires adequate support and training. Another hurdle is the cost associated with AI tools and applications, posing resource constraints for many educational institutions. Additionally, ethical concerns regarding privacy, security, and the impact on the job market require careful consideration to ensure responsible implementation.

To champion the cause of AI, one must adopt a critical stance and acknowledge the potential for misuse or mishandling. It is crucial to identify these potential pitfalls and initiate discussions on effective mitigation strategies.

Instances of students leveraging generative AI services, such as ChatGPT, for academic dishonesty have surfaced. Relying solely on algorithms and AI for the learning journey is not the objective.

The emphasis should be on enhancing, not overshadowing, the learning experience. While tools like ChatGPT can be potent aids, their effectiveness depends on how thoughtfully they are integrated. Educating both students and teachers on the strategic use of AI tools is essential. For instance, rather than allowing unrestricted use, schools can integrate ChatGPT into project-based learning, fostering a research-oriented mindset. Students can employ ChatGPT as a co-pilot, supplementing their own hypotheses and interpretations, thereby making classroom learning engaging and enriching.

To effectively integrate AI into teaching practices, several best practices are recommended:

1. Partner with a Reliable AI Provider:Collaborate with trustworthy AI partners, such as technology companies, local universities, or non-profit organizations specializing in AI education. These partners can offer support, training, and guidance for seamless integration.

2. Start Small:Begin by implementing AI in specific areas rather than attempting a comprehensive curriculum overhaul. This incremental approach allows teachers to gain experience, build confidence, and refine their teaching methods gradually.

3. Foster Ethical and Critical Thinking:Encourage students to think critically about the ethical implications of AI and its societal impact. This promotes responsible and informed digital citizenship, empowering students to navigate the challenges and opportunities presented by AI.

Overall, the integration of Artificial Intelligence into education presents a unique opportunity for both educators and students. 

While AI holds the potential to offer personalized learning experiences and develop essential 21st-century skills, its incorporation requires careful consideration of challenges and adherence to best practices. Ongoing research and development are essential to fully unlock the transformative potential of AI in education.
Read more »
Shadow IT
Cyber Attacks Cybersecurity Data Data Safety Employee Risk Indian Companies Security Shadow IT

Employee Use of 'Shadow IT' Elevates Cyber Attack Risks for Indian Firms

 

In India, a recent report indicates that approximately 89% of companies faced cyber incidents within the past two years. Alarmingly, 20% of these breaches were attributed to the utilization of shadow IT, as per findings from a study.

This surge in cyber threats is significantly linked to the adoption of shadow IT by employees, a trend catalyzed by the shift towards remote work setups, states a study conducted by Kaspersky, a cybersecurity firm.

Globally, over the last two years, 11% of companies experienced cyber incidents due to the unauthorized use of shadow IT by their workforce.

Shadow IT refers to the section of a company’s IT structure that operates outside the oversight of IT and Information Security departments. This includes applications, devices, and public cloud services used without compliance to information security protocols.

Alexey Vovk, Head of Information Security at Kaspersky, highlighted that employees using unapproved IT resources often assume that reputable providers guarantee safety. However, these third-party providers outline a 'shared responsibility model' in their terms, indicating that users must conduct regular software updates and take accountability for related incidents, including corporate data breaches.

Effectively managing shadow IT remains a critical need for businesses. Mishandling or operating outside IT protocols can lead to severe repercussions. The Kaspersky study noted that the IT industry bore the brunt, accounting for 16% of cyber incidents resulting from unauthorized shadow IT use between 2022 and 2023.

Additionally, critical infrastructure, transport, and logistics sectors were affected, with 13% of reported attacks attributed to this issue, as per the report's findings.
Read more »
Security
Attackes Cyber Security Data Data Safety Ransomware Security

Exploitation of Numerous Zero-Days in Windows CLFS Driver by Ransomware Attackers

 

Over the past 18 months, malevolent actors have taken advantage of a series of vulnerabilities, including four zero-day exploits, within a critical Windows kernel-level driver. Reports from Kaspersky's Securelist this week not only highlight specific flaws but underscore a broader, systemic issue within the current framework of the Windows Common Log File System (CLFS).

CLFS, designed as a high-performance logging system accessible for user- or kernel-mode software clients, possesses kernel-level access that proves enticing for hackers aiming to acquire low-level system privileges. Its performance-centric design, however, has resulted in multiple security vulnerabilities in recent years, with ransomware actors exploiting these weaknesses.

Boris Larin, principal security researcher at Kaspersky's Global Research and Analysis Team, emphasizes the need for caution in handling files within kernel drivers. He explains that the design choices in Windows CLFS have made it nearly impossible to securely parse CLFS files, leading to a surge in similar vulnerabilities.

Larin points out a noteworthy observation: while zero-days at the Win32k level are not uncommon, the prevalence of CLFS driver exploits in active attacks within a single year raises concerns. He questions whether there is an inherent flaw in the CLFS driver, suggesting that it might be excessively optimized for performance at the expense of security.

The crux of the issue, Larin notes, lies in the CLFS driver's heavy emphasis on performance optimization, resulting in a file format that prioritizes performance over a secure structure. The constant parsing of kernel structures using relative offsets creates vulnerabilities, especially if these offsets become corrupted in memory during execution. Furthermore, manipulation of offsets in the on-disk BLF file can lead to overlapping structures and unforeseen consequences.

Throughout 2023, several high-severity vulnerabilities—CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, and CVE-2023-28252—all with a 7.8 rating on the CVSS scale, were exploited as zero-days. Kaspersky identified malicious activity associated with these vulnerabilities, including the Nokoyawa ransomware group's exploitation of CVE-2023-28252.

Unless there is a redesign, CLFS remains susceptible to exploitation by hackers seeking escalation opportunities. Larin recommends organizations adopt best security practices, including timely installation of security updates, deploying security products on all endpoints, restricting server access, closely monitoring antivirus detections, and providing employee training to prevent falling victim to spear-phishing attacks.
Read more »
Technology
business growth Data No-code app building Platforms Security Tech platforms Technology

No Code Application Development Platforms Set to Propel Your Business in 2024

 

The ability to develop web applications without extensive coding knowledge is a significant advantage in today's AI-driven world. No-code web building platforms have become essential tools for entrepreneurs, businesses, and creative individuals seeking to swiftly launch web or mobile applications without the complexities of traditional coding.

Several top-tier no-code web building platforms have gained prominence in the industry. Webflow, for instance, is primarily a website builder with a visually appealing UI that can be extended into a web app builder when integrated with tools like Wist. It offers detailed design control and integrates with various apps, albeit with potential additional costs for advanced features. Webflow's no-code builder is particularly renowned for its strengths in design and aesthetics, providing users with precise control over their website's visual elements, including typography, color schemes, animations, and layout.

Another notable player is Backendless, functioning as a full-stack web app builder that supports native mobile apps. It emphasizes high performance, real-time databases, and a unique block-based approach to logic and APIs. Backendless excels in handling complex, real-time data, a crucial feature for applications requiring instantaneous updates, such as chat services, live streaming, or real-time analytics. Its support for native mobile app development enhances performance and user experience compared to web or hybrid apps.

Bubble, known as the industry standard for no-code web apps, features a drag-and-drop UI builder, workflow automation, API integration, and a robust community with templates and plugins. However, a limitation of Bubble is its inability to export source code, which can be a significant consideration for businesses or developers anticipating platform transitions or needing direct code access.

WeWeb stands out by specializing in front-end development with an intuitive builder and visual logic setup. While users must connect their own backend, the platform offers code exportability and a range of integrations. WeWeb's user-friendly front-end builder, combined with its flexibility in backend integration, makes it a unique and valuable tool for projects requiring a customized approach to both aspects of web development.

Additionally, each of these no-code web building platforms presents unique advantages, catering to different project requirements. Whether focusing on design, security, code control, or seamless integrations, choosing a platform aligned with your project's vision is crucial for a hassle-free web application development experience.
Read more »
data security
AI Artificial Intelligence Cyber Security Data Data Safety data security

The Effectiveness of AI is Limited in Cybersecurity, Yet Boundless in Cybercrime

 

Integrating artificial intelligence (AI) into the realm of cybersecurity has initiated a perpetual cycle. Cybersecurity professionals now leverage AI to bolster their tools and enhance detection and protection capabilities. Concurrently, cybercriminals exploit AI for orchestrating their attacks. In response, security teams escalate the use of AI to counter AI-driven threats, prompting threat actors to augment their AI strategies. This cyclical pattern persists.

While AI holds immense potential, its application in cybersecurity encounters substantial limitations. A prominent issue revolves around trust in AI security solutions, as the data models underpinning AI-powered security products are consistently vulnerable. Moreover, the implementation of AI often clashes with human intelligence.

The dual nature of AI complicates its handling, necessitating a deeper understanding and careful utilization by organizations. In contrast, threat actors exploit AI with minimal constraints.

A major hurdle in adopting AI-driven solutions in cybersecurity is the challenge of establishing trust. Many organizations harbor skepticism towards AI-powered products from security firms due to exaggerated claims and underwhelming performance. Products marketed as simplifying security tasks for non-security personnel often fail to meet expectations.

Despite AI being touted as a solution to the cybersecurity talent shortage, companies that overpromise and underdeliver undermine the credibility of AI-related claims. Achieving user-friendly tools in the face of evolving threats and factors like insider attacks remains challenging, as almost all AI systems require human direction and cannot override human decisions.

While some cybersecurity software vendors provide tools harnessing AI benefits, such as Extended Detection and Response (XDR) systems, skepticism persists. XDR systems, integrating AI, demonstrate efficacy in detecting and responding to complex attack sequences. These systems leverage machine learning to enhance security operations, offering tangible benefits.

An additional concern affecting the effectiveness of AI against AI-aided threats is the tendency to focus on limited or non-representative data. Ideally, AI systems should be fed real-world data to accurately depict diverse threats and attack scenarios. However, this is a resource-intensive endeavor, with cost implications and potential security risks.

To address concerns, organizations can leverage cost-efficient and free resources, including threat intelligence sources and cybersecurity frameworks. Training AI on user or entity behavior specific to an organization can enhance its ability to analyze threats beyond general intelligence data.

Despite the evolving landscape of AI, the age where AI can override human decisions remains distant. While this presents a positive aspect, it also allows human-targeted threats like social engineering attacks to persist. AI security systems, designed to yield to human decisions, face challenges in countering fully automated actions.

The present reliance on human intelligence poses challenges in countering AI-assisted cyber-attacks. Regular cybersecurity training can empower employees to adhere to security best practices and enhance their ability to detect threats and evaluate incidents.

Fighting cyber threats with AI presents challenges, including the need for trust, cautious data usage, and the importance of human decision-making. Solutions involve building trust through standards and regulations, securing data models, and addressing human reliance through robust cybersecurity education. While the vicious cycle persists, hope lies in the reciprocal evolution of AI threats and AI cyber defense.
Read more »
threats
Cyber Data Cyber Security cyber threat Data Data Safety Safety threats

Securing Wearable Devices: Potential Risks and Precautions

 

In the rapidly evolving landscape of digital security, individuals are increasingly vulnerable to cyber threats, not only on conventional computers and smartphones but also on wearable devices. The surge in smartwatches and advanced fitness trackers presents a new frontier for potential security breaches.

Just like traditional devices, wearables store and transmit valuable data, making them attractive targets for hackers. If successfully compromised, these devices could become conduits for unauthorized prescription orders or even allow the tracking of an individual's location through the embedded GPS feature. The threat extends beyond personal wearables, with concerns arising about vulnerabilities in medical offices and equipment. The FDA has issued warnings about potential loopholes that hackers could exploit to target critical medical devices such as pacemakers and insulin pumps.

The risk isn't confined to personal privacy; there's a growing concern about the impact a hacked wearable could have on corporate networks. With the proliferation of connected devices, a compromised smartwatch might provide an easier entry point for hackers seeking to infiltrate company systems, especially if the wearable syncs with multiple networks.

One notable vulnerability lies in the Bluetooth connection that wearables commonly share with smartphones. While any internet-connected device carries inherent risks, wearables often use smartphones as intermediaries rather than operating as standalone devices. Presently, security compromises have mainly originated from devices connected to wearables or compromised external databases, making wearables a theoretical but legitimate concern.

To mitigate these risks, users are advised to exercise caution when installing apps on their wearables. Verifying the legitimacy of sources, checking user reviews, and researching app safety are essential steps to ensure the security of wearable devices. This advice extends to smartphones, where users should scrutinize app permissions, restricting access to unnecessary information and promptly deleting suspicious apps.

In this era of pervasive connectivity, safeguarding personal and corporate data requires a proactive approach, extending beyond conventional devices to include the emerging frontier of wearable technology.
Read more »
Tracking
Android Apps Data Devices Google Information Location Mobile monitoring personalization Privacy Security Smartphone Tech Technology Tracking

Is Your Android Device Tracking You? Understanding its Monitoring Methods

 

In general discussions about how Android phones might collect location and personal data, the focus often falls on third-party apps rather than Google's built-in apps. This awareness has grown due to numerous apps gathering significant information about users, leading to concerns, especially when targeted ads start appearing. The worry persists about whether apps, despite OS permissions, eavesdrop on private in-person conversations, a concern even addressed by Instagram's head in a 2019 CBS News interview.

However, attention to third-party apps tends to overshadow the fact that Android and its integrated apps track users extensively. While much of this tracking aligns with user preferences, it results in a substantial accumulation of sensitive personal data on phones. Even for those trusting Google with their information, understanding the collected data and its usage remains crucial, especially considering the limited options available to opt out of this data collection.

For instance, a lesser-known feature involves Google Assistant's ability to identify a parked car and send a notification regarding its location. This functionality, primarily guesswork, varies in accuracy and isn't widely publicized by Google, reflecting how tech companies leverage personal data for results that might raise concerns about potential eavesdropping.

The ways Android phones track users were highlighted in an October 2021 Kaspersky blog post referencing a study by researchers from the University of Edinburgh and Trinity College. While seemingly innocuous, the compilation of installed apps, when coupled with other personal data, can reveal intimate details about users, such as their religion or mental health status. This fusion of app presence with location data exposes highly personal information through AI-based assumptions.

Another focal point was the extensive collection of unique identifiers by Google and OEMs, tying users to specific handsets. While standard data collection aids app troubleshooting, these unique identifiers, including Google Advertising IDs, device serial numbers, and SIM card details, can potentially associate users even after phone number changes, factory resets, or ROM installations.

The study also emphasized the potential invasiveness of data collection methods, such as Xiaomi uploading app window histories and Huawei's keyboard logging app usage. Details like call durations and keyboard activity could lead to inferences about users' activities and health, reflecting the extensive and often unnoticed data collection practices by smartphones, as highlighted by Trinity College's Prof. Doug Leith.
Read more »
Security
Cybersafety Data malware Ransomware Safety Security

Multiple Iterations of 'HeadCrab' Malware Seize Control of Numerous Servers

 

The HeadCrab malware, known for incorporating infected devices into a botnet for various cyber activities, has reappeared with a novel variant that grants root access to Redis open source servers.

According to findings by Aqua Security researchers, the second version of this cryptomining malware has impacted 1,100 servers, with the initial variant having already compromised a minimum of 1,200 servers.

Asaf Eitani, a security researcher from Team Nautilus, Aqua Security's research team, clarified that while HeadCrab doesn't conform to the typical rootkit, its creator has endowed it with the capability to manipulate a function and generate responses. In essence, this mirrors rootkit behavior as it gains control over responses, allowing it to modify and remain undetected.

Eitani explained, "The tradition of the term rootkit is malware that has root access and controls everything, but in this sense, you are able to control what the user sees."

The updated variant includes subtle adjustments enabling attackers to better conceal their activities. Custom commands have been removed, and encryption has been integrated into the command and control infrastructure, enhancing stealth.

A distinctive feature of HeadCrab is a "mini blog" within the malware, where the author, operating under the pseudonym Ice9, provides technical details about the malware and leaves a Proton Mail email address for anonymity. 

While Aqua Security researchers contacted Ice9, they were unable to ascertain his identity or location. Ice9 claimed they were the first to reach out and insisted that the malware doesn't impair server performance, asserting its ability to eliminate other malware infections. Ice9 praised the researchers in the mini blog after they discovered the second variant.

Notably, Ice9 is the sole user of HeadCrab and exclusively manages the command and control infrastructure.

HeadCrab infiltrates a Redis server when an attacker utilizes the SLAVEOF command, downloads a malicious module, and executes two new files—a cryptominer and a configuration file. Aqua Security researchers advise organizations to conduct scans for vulnerabilities and misconfigurations in their servers and implement protected mode in Redis to minimize the risk of HeadCrab infection.
Read more »
Security
Cyber Security Cybersecurity Data Data Safety DataBreaches Ransomware Safety Security

Record Surge in Data Breaches Fueled by Ransomware and Vendor Exploits

 

According to a recent report from Apple and a Massachusetts Institute of Technology researcher, the United States has witnessed a record-breaking surge in data breaches, fueled by increased attacks on third-party vendors and a rise in aggressive ransomware incidents. 

The study, authored by MIT professor Stuart Madnick and released on Thursday, reveals a distressing trend, with data breaches more than tripling from 2013 to 2022 and compromising a staggering 2.6 billion personal records in the past two years alone.

The situation has further escalated in 2023, with the first eight months seeing over 360 million individuals affected by corporate and institutional data breaches. Alarmingly, one in four Americans had their health data exposed in these breaches during this period. The report also highlights an increase in ransomware attacks, surpassing the total for the entire year of 2022. In the first three quarters of 2023, ransomware attacks rose by nearly 70% compared to the same period in the previous year.

A survey conducted in 2023 among 233 IT and cybersecurity professionals in the healthcare sector across 14 countries revealed that 60% of organizations in the sector faced ransomware attacks, almost double the reported rate in 2021. The largest health data breach this year involved an email hacking incident reported by HCA Healthcare, affecting 11 million individuals.

Data breaches have not been limited to the healthcare sector, as millions of individuals across various economic sectors have been impacted. Third-party vendor incidents have been particularly prominent, with exploits targeting vulnerabilities in Progress Software's MOVEit and Fortra's GoAnywhere file transfer applications.

The report emphasizes the widespread consequences of vendor exploitation attacks, where initial breaches provide hackers access not only to the vendor's system and data but also to the systems and data of the vendor's clients. The study notes that approximately 98% of organizations reported having a relationship with a vendor that experienced a data breach within the last two years.

In light of these findings, the report underscores the urgent need for organizations to prioritize the security of personal data, given the prevalence of data breaches and their tangible consequences for individuals.
Read more »
Security
attackers British Library Cyber Attacks Data Data Safety Hackers Safety Security

British Library Hit by Cyber Incident, Disrupting Services

 

The British Library in London, known for its serene study environment and vast collection of 170 million items, has been disrupted by a "cyber incident." This event has led to the shutdown of its website, impeding access to the online catalog, and the cessation of Wi-Fi services. 

Staff members are unable to use computers, creating a predigital atmosphere within the library. Ordering books now involves consulting hardback catalogs or external websites, writing down catalog numbers, and handing them to librarians for verification. The incident has affected various users, including authors and academics, who rely on the library for their work.

Despite the significance of the British Library, the institution has provided minimal information about the incident on social media. The library stated that it is facing a major technology outage due to the cyber incident, impacting both online and on-site services. 

The staff is collaborating with Britain's National Cyber Security Center to investigate the matter. Speculation about the cause of the shutdown abounds among users, with many having to adjust their work plans to accommodate the disruption.

While details remain scarce, other European libraries presume the British Library was deliberately targeted. The National Library of Scotland, for instance, has intensified its monitoring and protection in response to the attack. 

This incident underscores a shift in cybercriminals targeting libraries, which traditionally flew under the radar. Tasmina Islam, a cybersecurity education lecturer, suggests that financial motives may be driving such attacks, as libraries house valuable information, including personal data and intellectual property. She emphasizes the need for libraries and institutions to enhance their security measures.

Within the British Library, employees are puzzled by the event, describing it as a "nightmare." However, not all users are dismayed by the interruption. Eric Langley, a Shakespeare scholar, finds the blackout oddly liberating, allowing him to focus solely on the bard's work. Nevertheless, he acknowledges that an extended disruption would pose challenges.
Read more »
Security
Canada Cyber Attacks Data Data Safety data security Hackers Privacy Safety Security

Notorious Ransomware Gang Claims Responsibility for Cyberattack on Southwestern Ontario Hospitals

 

A notorious cybercrime gang known as Daixin Team has publicly admitted to pilfering millions of records from five hospitals in southern Ontario, subsequently leaking the data online when their ransom demands were not met. The targeted hospitals include those in Leamington, Windsor, Sarnia, and Chatham-Kent. The Windsor Star has obtained a purported link to the leaked information, which is hosted on the dark web, offering access to personal details of patients from these facilities.

While the hospitals confirmed the publication of the compromised data, they did not officially confirm Daixin Team's involvement. Windsor Regional Hospital CEO, David Musyj, emphasized that the attackers were part of a sophisticated and organized operation, rather than an isolated individual. 

The affected hospitals, including Sarnia’s Bluewater Health, Chatham-Kent Health Alliance, Windsor-Essex hospice, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, continue to grapple with system access issues following the cyberattack on October 23. In addition to disrupting digital and tech-based systems, the perpetrators made off with substantial amounts of personal information pertaining to both staff and patients. When the hospitals refused to yield to ransom demands, the criminals opted to disseminate the pilfered data.

A comprehensive investigation, involving local police departments, the Ontario Provincial Police, the FBI, and INTERPOL, is underway. Daixin Team has a track record of similar cyberattacks against various organizations, including a German water metering company, AirAsia, Fitzbiggon Hospital in Missouri, and OakBend Medical Centre in Texas.

Brett Callow, a threat analyst at the cybersecurity firm Emsisoft Ltd., emphasized that Daixin Team has been active since the middle of the previous year and has repeatedly targeted healthcare organizations. He cautioned that while this incident is unfortunate, it may not be the last, and underscored the urgency for robust cybersecurity measures in the healthcare sector. Following the breach, the hackers locked the hospitals out of their own systems by targeting TransForm Shared Service Organization, which oversees technology systems for all five facilities.

Musyj revealed that the extent of the stolen data is still unknown, but investigations are ongoing. He emphasized that the decision not to pay the ransom aligns with the joint statement from the 50 members of the International Counter Ransomware Initiative, which includes Canada. Callow, however, stressed that global governments need to take more effective measures to combat cybercriminals.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a warning about Daixin Team last year, specifying that the group targets businesses in the Healthcare and Public Health sector with ransomware and data extortion operations. They encrypt servers responsible for healthcare, exfiltrate personal information, and demand ransom payments.

Callow concluded by advising caution and preparation for potential misuse of the compromised information, given the hackers' track record. He recommended assuming that the information could be exploited and taking appropriate precautions.
Read more »
Technology
AI Data Data Safety data security Phone Scam Scammers Security Technology

Phone Scammers Evolve: AI-Powered Voice Mimicry Poses New Threat

 

In an ever-evolving battle against phone scammers and robocalls, a growing concern is the use of artificial intelligence (AI) to mimic victims' voices, making these scams even more convincing. While efforts have been made to curb scam calls, it's imperative for individuals to bolster their phone defenses and remain vigilant.

Phone scammers and robocalls have become an epidemic, with billions of spam calls plaguing people worldwide. Voice security company Hyia reported a staggering 6.5 billion instances of phone spam calls in a single quarter. In the United States, the problem is particularly acute, with an average of 12 scam calls per month per person, and one in four calls being unwanted, according to a Q2 report.

AI Voice Mimicry Adds a Dangerous Twist

The latest development in the world of phone scams involves the use of AI technology to record victims' voices and replicate them in vishing (voice phishing) attacks. This advanced generative AI text-to-speech technology allows scammers to pose as someone familiar to their victims, even incorporating personal details to enhance the believability of the scam. This puts individuals at risk of inadvertently sharing sensitive information with scammers.

As scammers become more sophisticated, individuals need to strengthen their defenses against phone scams. Cross-referencing multiple apps that offer call filtering and spam protection can enhance overall prevention. If a suspicious call does get through, it's essential to hang up without divulging personal information and report the number to relevant apps. Furthermore, caution in sharing personal phone numbers and considering the use of virtual numbers or secondary lines for public or one-time purposes can be a wise approach.

Setting Phone Defenses on Android and iPhone

For Android users, enabling "Caller ID and spam protection" on Samsung phones or using the Phone by Google app with built-in spam filtering can help screen and block unwanted calls. However, it's crucial to verify caller IDs, as scammers can manipulate them.

Apple iPhone users can benefit from the "Silence Unknown Callers" feature and explore third-party apps for call blocking and identification. While these features are effective, there may be occasional false positives, so individuals should monitor their call history.

AI voice mimickers have made scam calls more convincing than ever, with up to 70% accuracy in cloning voices. Scammers often exploit a sense of urgency and fear to elicit information from their targets. In response, individuals should avoid picking up calls from unknown numbers, refrain from saying "yes," and confirm the legitimacy of calls directly with relevant organizations.

The Role of Reporting and Data Protection

Reporting suspected scammers to tech companies is vital for identifying and flagging problematic numbers quickly. Most phone apps offer reporting features, allowing users to block or report spam calls. Additionally, data breaches have contributed to the surge in fraudulent calls, making it essential for individuals to safeguard their personal information.

Google has taken steps to combat spam calls with AI-powered screening. The latest Call Screen, which utilizes improved AI, helps users receive 50% fewer spam calls on average. Google encourages countries to adopt the STIR/SHAKEN protocol to reduce spam calls effectively.

In the ongoing battle against phone scammers, individuals must remain vigilant, employ available defense strategies, and report suspicious activity to protect themselves and others from falling victim to these evolving scams.
Read more »
Sep
Cyber Security Data Passwords Safety Safety passwords Sep

Unlocking Key Stretching: Safeguarding Your Passwords for Enhanced Security

 

To bolster the security of our digital accounts, it's imperative to fortify our passwords or passphrases. Much like how keys and locks can be vulnerable, not all passwords provide ample protection.

Security experts have devised various techniques to bolster password security, including hashing, salting, peppering, and notably, key stretching. Key stretching is a cryptographic method employed to amplify the security of passwords and passphrases. It is particularly crucial in cases where the original password lacks ample randomness or length to withstand different types of attacks, such as brute force or dictionary attacks. Key stretching fortifies a password or key by subjecting it to multiple hashing processes.

Also referred to as key strengthening, this process usually entails taking a relatively feeble and short password or cryptographic key and applying a cryptographic function or algorithm to generate a sturdier and lengthier key. This is repeated until the desired level of security is achieved. The objective is to make it computationally arduous and time-consuming for an attacker to retrieve the original key, even if they possess a hashed or encrypted version of it.

Key stretching plays a pivotal role in applications necessitating a high degree of security, like online accounts, financial transactions, and safeguarding data. It is instrumental in assuring the safety of stored passwords and cryptographic keys, ultimately leading to the protection of user data and the upholding of trust.

To understand how key stretching operates, consider a straightforward example: envision your password is something as common as "iloveyou." It's widely known that such a password is highly susceptible to attacks, as it frequently appears in brute-force wordlists and dictionaries. In fact, it would take an attacker less than 30 seconds to crack it and gain access to your account. This is where the concept of key stretching becomes invaluable.

Key stretching takes this vulnerable password and subjects it to a series of hashings, resulting in something longer and more intricate. For instance, "iloveyou" transforms into "e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae." However, the process doesn't end there.

After this new password is hashed again, it becomes "bc82943e9f3e2b6a195bebdd7f78e5f3ff9182ca3f35b5d415cf796ab0ce6e56." And once more, it is hashed to produce "46e95d6374c00c84e4970cfe1e0a2982b2b11b1de9343a30f42675a2154a28f5." This can be repeated as many times as desired.

Fortunately, there are libraries available for key stretching that can handle this process for you. Popular key stretching algorithms include PBKDF2, scrypt, Argon2, and bcrypt, with bcrypt and PBKDF2 being widely recognized.

Key stretching and salting are both crucial techniques in bolstering password security. They complement each other in fortifying the strength of passwords.

Key stretching involves subjecting passwords to multiple rounds of hashing, transforming a weak password into a more secure version. Salting, on the other hand, entails appending a unique string of characters to the password before hashing, adding an extra layer of complexity.

Remarkably, these two techniques can be employed together to further enhance password strength. The salt is integrated from the start, bolstering the weak password before it undergoes the hashing process. In essence, key stretching and salting work in tandem, fortifying and safeguarding sensitive information with an additional layer of protection.

Key stretching is pivotal in systems relying on password-based encryption and authentication. It mitigates the risk of weak or easily guessable passwords by making it computationally demanding for attackers to recover the original password or key, even if they possess hashed or encrypted versions. This makes it a vital component of security in various applications, such as safeguarding stored passwords and securing cryptographic keys.

In summary, key stretching significantly augments the security of passwords and cryptographic keys. It transforms feeble, easily guessable passwords into robust and intricate keys, greatly enhancing resistance against brute force and dictionary attacks. By implementing techniques like key stretching and salting, we fortify our defenses against potential threats, ensuring the security of our data and accounts.
Read more »
Threat actors
critical infrastructures Cyber Attacks Cyber Warfare Data Hacktivists Israel-Palestine tensions Safety Security Threat actors

Pro-Palestinian Hacktivists Reportedly Employ Crucio Ransomware

 

In a recent development, a newly emerged pro-Palestine hacking collective identifying itself as the 'Soldiers of Solomon' has claimed responsibility for infiltrating more than 50 servers, security cameras, and smart city management systems located within the Nevatim Military area.

According to the group's statement, they employed a ransomware strain dubbed 'Crucio,' hinting at a possible utilization of Ransomware-as-a-Service. Additionally, they assert to have gained access to an extensive cache of data amounting to a staggering 25 terabytes.

In an unconventional public relations move, the Soldiers of Solomon disseminated this information via email to multiple threat intelligence firms, including Falconfeeds, alongside other influential entities actively engaged on Twitter.

To substantiate their claims, the group supplied visual evidence obtained from the breached CCTV systems, as well as images showcasing altered desktop wallpapers bearing their statement, as per Falconfeeds.

The year 2023 has witnessed a resurgence of hostilities between Israel and Palestine, culminating in a full-scale armed conflict. The longstanding discord between the two nations, which traces back to the early 20th century, has witnessed significant escalations since 2008. 

Reports indicate that while the 2014 conflict was marked by unprecedented devastation, the 2023 altercation raises concerns about an even higher casualty count.

The conflict zone in Gaza has become a focal point for retaliatory strikes from both hacktivist groups and Threat Actors (TAs), a trend anticipated given similar patterns observed since 2012. 

Cyberattacks have increasingly become complementary strategies within the context of contemporary warfare, a phenomenon noted even prior to the onset of the Russia-Ukraine conflict in early 2022.

Additionally, Cyble Research & Intelligence Labs (CRIL) has been meticulously curating intelligence amidst the fog of cyber-attacks, monitoring the activities of hacktivists and various threat actors to discern noteworthy developments in the cyber theatre. They have observed a diverse array of malicious techniques being employed by hacktivists and threat actors to exploit vulnerabilities in critical infrastructures and disrupt their operations.
Read more »
Subscribe to: Posts (Atom)