Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Online Safety. Show all posts

Microsoft's Windows 11 Recall Feature Sparks Major Privacy Concerns

 

Microsoft's introduction of the AI-driven Windows 11 Recall feature has raised significant privacy concerns, with many fearing it could create new vulnerabilities for data theft.

Unveiled during a Monday AI event, the Recall feature is intended to help users easily access past information through a simple search. Currently, it's available on Copilot+ PCs with Snapdragon X ARM processors, but Microsoft is collaborating with Intel and AMD for broader compatibility. 

Recall works by capturing screenshots of the active window every few seconds, recording user activity for up to three months. These snapshots are analyzed by an on-device Neural Processing Unit (NPU) and AI models to extract and index data, which users can search through using natural language queries. Microsoft assures that this data is encrypted with BitLocker and stored locally, not shared with other users on the device.

Despite Microsoft's assurances, the Recall feature has sparked immediate concerns about privacy and data security. Critics worry about the extensive data collection, as the feature records everything on the screen, potentially including sensitive information like passwords and private documents. Although Microsoft claims all data remains on the user’s device and is encrypted, the possibility of misuse remains a significant concern.

Microsoft emphasizes user control over the Recall feature, allowing users to decide what apps can be screenshotted and to pause or delete snapshots as needed. The company also stated that the feature would not capture content from Microsoft Edge’s InPrivate windows or other DRM-protected content. However, it remains unclear if similar protections will apply to other browsers' private modes, such as Firefox.

Yusuf Mehdi, Corporate Vice President & Consumer Chief Marketing Officer at Microsoft, assured journalists that the Recall index remains private, local, and secure. He reiterated that the data would not be used to train AI models and that users have complete control over editing and deleting captured data. Furthermore, Microsoft confirmed that Recall data would not be stored in the cloud, addressing concerns about remote data access.

Despite these reassurances, cybersecurity experts and users remain skeptical. Past instances of data exploitation by large companies have eroded trust, making users wary of Microsoft’s claims. The UK’s Information Commissioner's Office (ICO) has also sought clarification from Microsoft to ensure user data protection.

Microsoft admits that Recall does not perform content moderation, raising significant security concerns. Anything visible on the screen, including sensitive information, could be recorded and indexed. If a device is compromised, this data could be accessible to threat actors, potentially leading to extortion or further breaches.

Cybersecurity expert Kevin Beaumont likened the feature to a keylogger integrated into Windows, expressing concerns about the expanded attack surface. Historically, infostealer malware targets databases stored locally, and the Recall feature's data could become a prime target for such malware.

Given Microsoft’s role in handling consumer data and computing security, introducing a feature that could increase risk seems irresponsible to some experts. While Microsoft claims to prioritize security, the introduction of Recall could complicate this commitment.

In a pledge to prioritize security, Microsoft CEO Satya Nadella stated, "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security." This statement underscores the importance of security over new features, emphasizing the need to protect customers' digital estates and build a safer digital world.

While the Recall feature aims to enhance user experience, its potential privacy risks and security implications necessitate careful consideration and robust safeguards to ensure user data protection.

Sharenting: What parents should consider before posting their children’s photos online

 

21st century parenting is firmly grounded in technology. From iPads keeping kids entertained on flights, to apps that allow parents to track their children’s feeds, development, and more, technology has changed what it means to be a parent. But social media has added another dimension. The average child now has a digital footprint that often begins when their parents post an ultrasound photo, inviting friends and family to share in a joyous event through regular “sharenting.” 

However, some parents—especially those that adopted social media at an early age—have fallen into the trap of posting about their children a little too frequently, a condition called ‘oversharenting’. Like anything to do with social media, this comes with several risks. For this reason, it is important for parents to understand how to safely post about their kids.

Sharenting refers to the practice of parents sharing photos of their children online. Usually, images are shared on social media platforms like Instagram and Facebook, and capture quotidian moments in children’s lives, such as first steps, trips to the zoo, school performances, and holidays, for example. But as much as parents may want to share their children’s achievements and lives with friends and family, sharing photos online can be problematic.

There are, of course, some positives about sharenting. For example, parents often build communities online through social media platforms. This can be a great resource for parenting and gives first-time parents a sense of camaraderie during a time when they may feel like they have no idea what they are doing. Similarly, for parents who live far away from other family members and friends, sharing photos of their kids online offers a way to involve these important people in their children’s lives. However, when parents share images that contain personal details about the child, or details that could be embarrassing for the children as they become older, ‘oversharenting’ can become a problem.

As social media platforms like Facebook and Instagram have become more pervasive in society, sharenting has become very normalized. In fact, statistics show that parents are more than willing to share images and videos of their children online. As such, more than 75% of parents have shared their children’s images on social media, and 33% have never asked their children for permission before sharing photos online.

Tips for safely sharing photos online with family and friends

In light of the sharenting dangers outlined here, parents may well be wondering whether any online photo sharing of their children is safe. Of course, this is a very personal choice. Some parents choose not to post any images of their children at all. But for those who wish to continue sharing photos online with family, there are numerous ways to improve the security of these photos and minimize the risks of ‘oversharenting’. Here are some things to remember:

Check privacy settings: Ensure that all posts can only be seen by family and close friends and remove resharing permissions. Allowing strangers and acquaintances to see children’s photos can be a sharenting danger.Have discussions about privacy with friends and family: Be vocal about protecting children’s privacy and set boundaries about how they can engage with posts.

Turn off metadata and geotagging: Not using these functions can minimize other people’s ability to track children through online photo sharing.

Do not include identifiable information: Whether it is in the photo itself or in the captions, be sure not to share details that would allow others to find and track children. This can include things like names, birthdates, schools, places they regularly go to, or even family homes.

Avoid using real names: Avoid giving people online access to children’s full names. Instead, use nicknames or descriptive phrases for kids.

Do not post potentially embarrassing images: Whether they are photos of the children in the bath or dressed in funny outfits, these images may cause problems for the child as they grow up.

Use secure platforms: Instead of sharing photos online, use more secure platforms to show pictures of children to friends and family. For example, WhatsApp protects photos with end-to-end encryption and gives users the option to send photos that can only be opened once.

Avoid showing the child’s face: To avoid ‘oversharenting’, some parents cover their children’s faces before posting their photos to social media. This can be done by using the “stickers” built into apps, like Instagram, to cover their faces or using editing tools to blur or block out their features.

Why Limiting Online Access Risks More Than Teen Safety



In the age of increasing online presence, especially amplified by the COVID-19 pandemic, the safety of young people on the internet has become a prominent concern. With a surge in screen time among youth, online spaces serve as crucial lifelines for community, education, and accessing information that may not be readily available elsewhere.

However, the lack of federal privacy protections exposes individuals, including children, to potential misuse of sensitive data. The widespread use of this data for targeted advertisements has raised concerns among young people and adults alike.

In response, teens are voicing their need for tools to navigate the web safely. They seek more control over their online experiences, including ephemeral content, algorithmic feed management, and the ability to delete collected data. Many emphasise the importance of reporting, blocking, and user filtering tools to minimise unwanted encounters while staying connected. 

Despite these calls, legislative discussions often seem disconnected from the concerns raised by teens. Some proposed bills aimed at protecting children online unintentionally risk limiting teens' access to constitutionally protected expression. Others, under the guise of child protection, may lead to censorship of essential discussions about race, gender, and other critical topics.

Recent legislative efforts at the federal and state levels raise concerns about potential misuse. Some proposals subject teens to constant parental supervision, age-gate them from essential information or even remove access to such information entirely. While the intention is often to enhance safety, these measures could infringe on young people's independence and hinder their development.

In an attempt to address harmful online outcomes, some bills, like the Kids Online Safety Act, could fuel censorship efforts. Fear of legal repercussions may prompt technology companies to restrict access to lawful content, impacting subjects such as LGBTQ+ history or reproductive care.

In some cases, laws directly invoke children's safety to justify blatant censorship. Florida's Stop WOKE Act, for instance, restricts sharing information related to race and gender under the pretext of protecting children's mental health. Despite being blocked by a federal judge, the law has had a chilling effect, with educational institutions refraining from providing resources on Black history and LGBTQ+ history.

Experts argue that restricting access to information doesn't benefit children. Youth need a diverse array of information for literacy, empathy, exposure to different ideas, and overall health. As lawmakers ban books and underfund extracurricular programs, empowering teenagers to access information freely becomes crucial for their development.

To bring it all together, while teens and their allies advocate for more control over their digital lives, some legislative proposals risk stripping away that control. Instead of relying on government judgment, the focus should be on empowering teens and parents to make informed decisions. 


 

GitHub Faces Rise in Malicious Use

 


GitHub, a widely used platform in the tech world, is facing a rising threat from cybercriminals. They're exploiting GitHub's popularity to host and spread harmful content, making it a hub for malicious activities like data theft and controlling compromised systems. This poses a challenge for cybersecurity, as the bad actors use GitHub's legitimacy to slip past traditional defences. 

 Known as ‘living-off-trusted-sites,’ this technique lets cybercriminals blend in with normal online traffic, making it harder to detect. Essentially, they're camouflaging their malicious activities within the usual flow of internet data. GitHub's involvement in delivering harmful code adds an extra layer of complexity. For instance, there have been cases of rogue Python packages (basically, software components) using secret GitHub channels for malicious commands on hacked systems. 

This situation highlights the need for increased awareness and updated cybersecurity strategies to tackle these growing threats. It's a reminder that even widely used platforms can become targets for cybercrime, and staying informed is crucial to staying secure. 

While it's not very common for bad actors to fully control and command systems through GitHub, they often use it as a way to share secret information. This is called a "dead drop resolver." It's like leaving a message in a hidden spot for someone else to pick up. Malware like Drokbk and ShellBox frequently use this technique. 

Another thing they sometimes do is use GitHub to sneakily take information out of a system. This doesn't happen a lot, and experts think it's because there are limits on how much data they can take and they want to avoid getting caught. 

Apart from these tricks, bad actors find other ways to misuse GitHub. For example, they might use a feature called GitHub Pages to trick people into giving away sensitive information. Sometimes, they even use GitHub as a backup communication channel for their secret operations. 

Understanding these tactics is important because it shows how people with bad intentions can use everyday platforms like GitHub for sneaky activities. By knowing about these things, we can be more careful and put in measures to protect ourselves from online threats. 

This trend of misusing popular online services extends beyond GitHub to other familiar platforms like Google Drive, Microsoft OneDrive, Dropbox, Notion, Firebase, Trello, and Discord. It's not just limited to GitHub; even source code and version control platforms like GitLab, BitBucket, and Codeberg face exploitation. 

GitHub acknowledges that there's no one-size-fits-all solution to detect abuse on their platform. They suggest using a combination of strategies influenced by specific factors like available logs, how organisations are structured, patterns of service usage, and the willingness to take risks. To know that this problem isn't unique to GitHub is crucial. Threat actors are using various everyday services to carry out their activities, making it important for users and organisations to be aware and adopt a mix of strategies to detect and prevent abuse. This includes being mindful of how different platforms may be misused and tailoring detection methods accordingly.


Understanding Cold Boot Attacks: Is Defense Possible?

 

Cold boot attacks represent a sophisticated form of cyber threat that specifically targets a computer's Random Access Memory (RAM), presenting a substantial risk to information security. It is imperative to comprehend the mechanics of cold boot attacks and the potential hazards they pose to take necessary precautions. However, if you become a target, mitigating the attack proves extremely challenging due to the requisite physical access to the computer.

Cold boot attacks, although less common, emerge as a potent cyber threat, particularly in their focus on a computer's RAM—a departure from the typical software-centric targets. These attacks have a physical dimension, with the primary objective being to induce a computer shutdown or reset, enabling the attacker to subsequently access the RAM.

When a computer is shut down, one anticipates that the data in RAM, including sensitive information like passwords and encryption keys, vanishes. However, the process is not instantaneous, allowing for the potential retrieval of data remaining in RAM, albeit for a brief period. A critical element of cold boot attacks is the necessity for physical access to the targeted device, elevating the risk in environments where attackers can physically approach machines, such as office spaces. Typically, attackers execute this attack using a specialized bootable USB designed to duplicate the RAM contents, enabling the device to reboot according to the attacker's intentions.

Despite the ominous nature of cold boot attacks, their execution requires a significant investment of skills and time, making it unlikely for the average person to encounter one. Nevertheless, safeguarding your computer from both cyber and physical threats remains a prudent practice.

The essence of a cold boot attack lies in exploiting a unique feature of RAM—the persistence of data even after the computer is powered off. Understanding this attack involves recognizing what happens to the data in RAM during a computer shutdown. The attacker gains physical access to the computer and utilizes a specialized USB to force a shutdown or restart. This USB facilitates the booting or dumping of RAM data for analysis and data extraction. Additionally, malware can be employed to transfer RAM contents to an external device.

The data collected in cold boot attacks encompasses a spectrum from personal information to encryption keys. Speed is paramount in this process, as prolonged power loss to RAM results in data corruption. These attacks pose a significant threat due to their ability to bypass conventional security software, rendering antivirus programs and encryption tools ineffective against them.

To counter cold boot attacks, a combination of physical and software strategies is necessary. Securing the physical space of the computer, employing encryption, and configuring BIOS or UEFI settings to prevent external device booting are recommended. Addressing data remanence is crucial, and techniques like memory scrubbing can be employed to clear RAM of sensitive data after shutdown or reset.

In conclusion, robust defenses against cold boot attacks involve a multi-faceted approach, including strong encryption, physical security measures, and regular updates. Understanding the intricacies of RAM and its data persistence underscores the need for dynamic and proactive cybersecurity measures. Adapting to evolving cyber threats and strengthening defenses is essential in building a resilient digital space that protects against not only cold boot attacks but a range of cyber threats.

Top Five Cybersecurity Challenges in the AI Era

 

The cybersecurity industry is fascinated by artificial intelligence (AI), which has the ability to completely change how security and IT teams respond to cyber crises, breaches, and ransomware assaults. 

However, it's important to have a realistic knowledge of the capabilities and limitations of AI, and there are a number of obstacles that prevent the technology from having an instant, profound influence on cybersecurity. In this article, we examine the limitations of AI in dealing with cybersecurity issues while emphasising the part played by organisations in empowering resilience and data-driven security practices. 

Inaccuracy 

The accuracy of its output is one of AI's main drawbacks in cybersecurity. Even though AI systems, like generative pre-trained transformers like ChatGPT, can generate content that is in line with the internet's zeitgeist, their answers are not necessarily precise or trustworthy. AI systems are excellent at coming up with answers that sound logical, but they struggle to offer accurate and trustworthy solutions. Given that not everything discovered online is factual, relying on unfiltered AI output can be risky. 

Recovery actions' complexity 

Recovery following a cyber attack often involves a complex series of procedures across multiple systems. IT professionals must perform a variety of actions in order to restore security and limit the harm. Entrusting the entire recovery process to an AI system would necessitate a high level of confidence in its dependability. However, existing AI technology is too fragile to manage the plethora of operations required for efficient cyberattack recovery. Directly linking general-purpose AI systems to vital cybersecurity processes is a huge problem that requires extensive research and testing.

General intelligence vs. General knowledge 

Another distinction to make is between general knowledge and general intelligence. While AI systems like ChatGPT excel at delivering general knowledge and generating text, they lack general intelligence. These systems can extrapolate solutions based on prior knowledge, but they lack the problem-solving abilities involving true general intelligence.

While dealing with AI systems via text may appear to humans to be effective, it is not consistent with how we have traditionally interacted with technology. As a result, current generative AI systems are limited in their ability to solve complex IT and security challenges.

Making ChatGPT act erratically 

There is another type of threat that we must be aware of: the nefarious exploitation of existing platforms. The possibility of AI being "jailbroken," which is rarely discussed in the media's coverage of the field, is quite real. 

This entails giving text commands to software like ChatGPT or Google's Bard in order to circumvent its ethical protections and set them free. By doing this, AI chatbots get transformed into powerful assistants for illegal activities. 

While it is critical to avoid the weaponization of general-purpose AI tools, it has proven extremely difficult to regulate. A recent study from Carnegie Mellon University presented a universal jailbreak for all AI models, which might create an almost limitless amount of prompts to circumvent AI safeguards. 

Furthermore, AI developers and users are always attempting to "hack" AI systems and succeeding. Indeed, no known universal solution for jailbreaking exists as of yet, and governments and corporations should be concerned as AI's mass adoption grows.

AI Experts Unearth Infinite ways to Bypass Bard and ChatGPT's Safety Measures

 

Researchers claim to have discovered potentially infinite ways to circumvent the safety measures on key AI-powered chatbots like OpenAI, Google, and Anthropic. 

Large language models, such as those used by ChatGPT, Bard, and Anthropic's Claude, are heavily controlled by tech firms. The devices are outfitted with a variety of safeguards to prevent them from being used for evil purposes, such as educating users on how to assemble a bomb or writing pages of hate speech.

Security analysts from Carnegie Mellon University in Pittsburgh and the Centre for A.I. Safety in San Francisco said last week that they have discovered ways to bypass these guardrails. 

The researchers identified that they might leverage jailbreaks built for open-source systems to attack mainstream and closed AI platforms. 

The report illustrated how automated adversarial attacks, primarily done by appending characters to the end of user inquiries, might be used to evade safety regulations and drive chatbots into creating harmful content, misinformation, or hate speech.

Unlike prior jailbreaks, the researchers' hacks were totally automated, allowing them to build a "virtually unlimited" number of similar attacks.

The researchers revealed their methodology to Google, Anthropic, and OpenAI. According to a Google spokesman, "while this is an issue across LLMs, we've built important guardrails into Bard - like the ones posited by this research - that we'll continue to improve over time." 

Anthropic representatives described jailbreaking measures as an active study area, with more work to be done. "We are experimenting with ways to enhance base model guardrails to make them more "harmless," said a spokesperson, "while also studying extra levels of defence." 

When Microsoft's AI-powered Bing and OpenAI's ChatGPT were made available, many users relished in finding ways to break the rules of the system. Early hacks were soon patched up by IT companies, including one where the chatbot was instructed to respond as if it had no content moderation.

The researchers did point out that it was "unclear" whether prominent model manufacturers would ever be able to entirely prevent such conduct. In addition to the safety of making potent open-source language models available to the public, this raises concerns about how AI systems are controlled.

Phishing and Ransomware Attacks Continues to Hurt Singapore Businesses

 

Phishing efforts and ransomware remained a significant threat to organisations and individuals in Singapore in 2022, despite indicators that cyber hygiene is improving in the city-state, according to a new report from the country's Cyber Security Agency (CSA).

In contrast to the 3,100 incidents handled in 2021, around 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, according to the Singapore Cyber Landscape (SCL) 2022. 

Given its low cost and lax usage constraints, top-level domains ending in ".xyz" are favoured by threat actors in more than half of the recorded cases. 

Banks and other financial institutions were the most frequently impersonated companies in phishing attacks. These businesses are frequent targets because they store sensitive and valuable data such as user names and login credentials. 

According to the CSA, the rise in reported phishing attempts followed global trends. Several cyber security providers noted that phishing activities had increased in 2022. In total, SingCert assisted in the removal of 2,918 harmful phishing websites last year. Organisations in Singapore have also been hit by the global ransomware threat, which shows no signs of decreasing.

In contrast to the 137 incidents reported in 2021, 132 ransomware cases were reported to the CSA last year. While the number of reported ransomware attacks has decreased slightly, it is still alarming that small and medium-sized businesses (SMEs) have been hit, particularly those in manufacturing and retail, which may have valuable data and intellectual property (IP) that cybercriminals are interested in stealing. 

There was also a reduction in infected infrastructure, which the CSA described as compromised systems used for harmful reasons such as executing distributed denial of service (DDoS) attacks or spreading malware and spam. In 2022, the CSA discovered 81,500 infected systems in Singapore, a 13% decrease from 94,000 in 2021. 

Despite a high increase in contaminated infrastructure worldwide, Singapore's global proportion of infected infrastructure declined from 0.84% in 2021 to 0.34% in 2022. Although the drop in infected infrastructure in Singapore indicates an increase in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, according to the CSA. 

Colbalt Strike, Emotet, and Guloader were the top three malware infections on locally hosted command and control servers, while Gamarue, Nymaim, and Mirai were the top three malware infections on locally hosted botnet drones, accounting for about 80% of Singapore IP addresses infected by malware in 2022. 

CSA also noted potential threats in its research, such as those related with the expanding deployment of artificial intelligence, which might be leveraged by both cyber attackers and defenders. While machine learning can provide real-time insights about cyber threats, it can also be utilised for malicious purposes, such as highly focused spear-phishing efforts. 

"2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease," noted David Koh, commissioner of cyber security and CEO of CSA.

"As with many new technology, emerging technologies such as chatbots have two sides. While we should be optimistic about the opportunities it presents, we must also manage the risks that come with it. "The government will continue to increase its efforts to protect our cyberspace, but businesses and individuals must also play a role," he added.

Here's Why Cybercriminals are Targeting Linux Operating Systems

 

Internal strife is common among ransomware gangs. They argue, they fight, and they establish allies only to rapidly break them. Take, for instance, the leak of malware code from Babuk, which was compromised in 2021 by hackers enraged at being duped by the infamous ransomware gang. 

The outcomes of this intramural warfare are frequently fruitful for cybersecurity experts. Ten other ransomware gangs used the code to attack VMware and ESXI servers after that, and a number of versions were produced that researchers have been busy updating ever since. 

However, what made this particular family of malware noteworthy was that it specifically targeted Linux, which has quickly become a favourite of developers working on creating virtual machines for cloud-based computer systems, hosting for live websites, or IoT devices. With an estimated 14 million internet-facing gadgets, 46.5% of the top million websites by traffic, and an astounding 71.8% of IoT devices using Linux on any one day, its use has increased significantly in recent years. 

That's excellent news for advocates of open-source software development, for whom Linux has always served as an illustration of what can be accomplished when coding communities work together without being constrained by anything as odious as a corporate culture or a profit motivation. 

It's also really alarming for some cybersecurity specialists. Not only is there a significant dearth of ongoing research into the security of Linux-based systems in comparison to those based on more mainstream operating systems, but there is also no official, overarching method for patching the vulnerabilities in this OS. Instead, as befits an open-source product, 'flavours' of Linux are patched on an ad hoc basis by developers with time and intellect to spare - a valuable resource in the face of a real tsunami of cybercrime. Attackers are taking note. AtlasVPN discovered over 1.9 million new malware threats last year, representing a 50% rise year on year.

Shifting trend 

It wasn't always like this. Bharat Mistry recalls a time when hackers were more interested in cracking open old Windows computers. "I believe cybercriminals stayed away because they believed the popularity wasn't there," says Trend Micro's technical director for the UK and Ireland. Linux had a reputation for being secure by design, with reduced default access levels and other characteristics designed to hinder the easy spread of malware. "But over the last six years, certainly with cloud usage, it's [usage has] exponentially grown," says Mistry, increasing the amount of possible vulnerabilities. 

According to Mistry, this is largely due to the fact that it offers a cheap and cheerful alternative to the dominant OS brands, with many different flavours of unlicensed Linux accessible. "When you look at things like web servers that are hosted in the cloud, [why] should I pay for a Windows licence?" Mistry asks, speaking from the perspective of a savvy, money-conscious company. A Linux alternative is "as cheap as chips and does exactly what I need it to do." I can install Apache on it... and have the performance I want without the extra cost." 

Unfortunately, if an operating system is designed and maintained according to open source principles, hackers looking to exploit it can simply source it on GitHub and other software forums. Ensar Seker, for one, is concerned about the consequences for the use of virtual machines (VMs) in the cloud. "Virtual machines often lack the same level of security monitoring as physical systems, making it easier for attackers to go undetected for a longer period of time," says the chief information security officer at digital risk protection platform SOCRadar. 

The fact that the vast majority of software on IoT devices is based on Linux should also be cause for concern, according to the researcher, especially considering the rate of development expected for the smart device market over the next decade. More concerningly, Mistry continues, "we're seeing Linux being used more and more in critical systems," owing to how easy it is to branch and customise variants of the OS to suit particular jobs compared to its mainstream counterparts.

Given hackers' access to the source code of the operating system, malware designed to break open-source versions of these systems is frequently created to a higher standard than its Windows-targeting counterparts. It's also popular among a wide range of cybercriminal gangs. Tilted Temple, a Chinese cyber group, has utilised Linux-based malware to infiltrate important national infrastructure on three continents. 

Major players in the cybercriminal underworld, such as Black Basta, Lockbit, and Hive, have all been identified as deploying targeted Linux-chomping malware to breach online infrastructure. Another such gang, RTM, has been found on dark web forums as trading in harmful, Linux-targeting software. 

It's unclear how prepared cybersecurity providers are for this new threat. After all, until recently, these companies spent far more time fixing vulnerabilities in more widespread operating systems. Far fewer have investigated how vulnerable Linux systems can be to hacking - a squandered opportunity, according to Mistry. "Everyone's been so focused on Windows over the last few years because it's been the predominant operating system that all enterprises use," he explains. "But, in the background, Linux has always been there." 

Future threats 

Mistry does not believe the current wave of Linux attacks will abate anytime soon. He feels it will be some time before consumers and developers become aware of the risks and alter their behaviours. "The vulnerabilities in Linux platforms are massive," Mistry adds. "No one is actively controlling the vulnerabilities and patching them on a daily basis." 

Does this imply that its open-source framework contributes directly to Linux's lack of security? Certainly less, says Mistry. "You've got the openness, you've got the mass flexibility - the problem is when it comes to support," explains Mistry. 

Organisations developing new software on Linux should educate themselves on the trade-offs involved in adopting the operating system. The communities of developers modifying and patching this or that variant of Linux have "got people who will do things, but there's no kind of set body to say, 'This is the kind of direction we're going [in.]," adds Mistry, let alone any built-in regime mandating security standards. As a result, firms would be advised, according to the TrendMicro researcher, to install their own regime or create a viable audit trail for products built on some of the more unusual varieties of Linux. 

So, are the days of Linux as a popular OS alternative numbered? Probably not in the short term, and many cybersecurity vendors are becoming aware of the threat posed by Linux-based systems, according to Mistry. Nonetheless, according to Seker, each new security event involving Linux-targeting malware only serves to erode its reputation as an economical, secure, and open-source alternative to the monolithic Windows and iOS. "Even a single high-profile incident can quickly change a perception if the security community does not respond to threats promptly and effectively," he says.

PoC Published for Windows Win32k Flaw Exploited in Assaults

 

For a Windows local privilege escalation vulnerability that was patched as part of the May 2023 Patch Tuesday, researchers have published a proof-of-concept (PoC) exploit. 

The Win32k subsystem (Win32k.sys kernel driver) controls the operating system's window manager and handles screen output, input, and graphics in addition to serving as an interface for various types of input hardware. Since they usually grant elevated rights or code execution, these kinds of vulnerabilities are often exploited. 

Avast, a company that specialises in cybersecurity, first identified the flaw, which is tracked as CVE-2023-29336. It was given a CVSS v3.1 severity rating of 7.8, as it enables low-privileged users to obtain Windows SYSTEM privileges, the highest user mode privileges in Windows. 

CISA also released a warning and listed it in its database of "Known Exploited Vulnerabilities" in order to inform people about the actively exploited vulnerability and the importance of installing Windows security upgrades. 

Security researchers at Web3 cybersecurity company Numen have now published comprehensive technical information on the CVE-2023-29336 bug and a Proof of Concept exploit for Windows Server 2016 exactly one month after the patch became accessible. 

Re-discovering the vulnerability 

Although the flaw is being actively used against previous versions of Windows, including Windows 8, Windows Server, and earlier versions of Windows 10, Microsoft claims that Windows 11 is unaffected. 

"While this vulnerability seems to be non-exploitable on the Win11 system version, it poses a significant risk to earlier systems," Numen explained in their report. "Exploitation of such vulnerabilities has a notorious track record, and in this in-depth analysis, we delve into the methods employed by threat actors to exploit this specific vulnerability, taking into account evolving mitigation measures."

Win32k only locks the window object but fails to lock the nested menu object, according to Numen's researchers who examined the vulnerability on Windows Server 2016. 

This oversight, which the researchers attribute to out-of-date code being transferred to more recent Win32k versions, makes menu objects susceptible to manipulation or hijacking if attackers change the precise address in the system memory.

Even if the initial step doesn't provide attackers admin-level rights, it serves as a useful stepping stone to enable them to obtain this via the following steps. Controlling the menu object means gaining the same-level access as the programme that launched it. Overall, it can be said that it's not extremely difficult to exploit CVE-2023-29336.

"Apart from diligently exploring different methods to gain control over the first write operation using the reoccupied data from freed memory, there is typically no need for novel exploitation techniques," the report further reads. "This type of vulnerability heavily relies on leaked desktop heap handle addresses […], and if this issue is not thoroughly addressed, it remains a security risk for older systems." 

System administrators, according to Numen, should watch out for unusual offset reads and writes in memory or connected to window objects, as these could point to active CVE-2023-29336 privilege escalation.

Applying the May 2023 patch is advised for all Windows users as it corrected two additional active zero-day vulnerabilities in addition to the specific issue.

How Blockchain Technology is Playing a Major Role in Combating Crypto Hacking Risk

 

The world of cryptocurrencies is not immune to the shadows that come with living in a time when digital currencies are having such a significant impact on the global financial landscape. 

Malicious actors are devising complex plans to take advantage of this expanding market while remaining unseen and hidden in the shadows of the internet. Even if the situation involving the most recent Euler Finance exploit and the Ronin Network hack last year was frightening, it is not an isolated incident. 

The finding of a potential link between these instances has caused concern among those in the cryptocurrency community regarding the security and traceability of digital assets. 

The Ronin Bridge exploiter, who is thought to be connected to the notorious North Korean hacker group Lazarus Group, received 100 Ether, or $170,515, via a wallet address connected to the Euler Finance exploit. These occurrences serve as a sharp reminder of the cyberthreats that exist within the crypto sector and may jeopardise its integrity and safety. 

However, this cloud does have a silver lining. The discovery of these links further demonstrates the effectiveness of blockchain technology in locating and perhaps even reducing these concerns. As we continue reading this article, we'll examine the intricacies of cryptocurrency hacking and talk about how to effectively counter such malicious threats. 

How does crypto hacking work?

Crypto hacking, in its most basic form, is the unauthoritative access to and theft of digital assets kept in cryptocurrency wallets and exchanges. It is a type of cybercrime that targets the blockchain ecosystem specifically and takes advantage of flaws in hardware, software, or user behaviour to gain cryptocurrencies in an unauthorised manner. 

Crypto hackers use a variety of strategies. One of the most typical is phishing, where a hacker impersonates a reliable entity to deceive people into disclosing sensitive information like private keys or login passwords. The use of malware or ransomware, which infiltrates networks and either directly steals cryptoassets or holds them for ransom, is a further popular tactic. However, these aren't the only techniques available for crypto cracking. Since hot wallets on crypto exchanges are more prone to attack than cold wallets, hackers target them. 

This includes the current scandals surrounding the Ronin Network and Euler Finance. They depict what are referred to be DeFi exploits. DeFi platforms, like Euler Finance, run on smart contracts, which are self-executing contracts with the conditions of the agreement put directly into code. These smart contracts have numerous benefits, such as transparency and a reduction in the need for middlemen, but they may also have flaws or other weaknesses that cunning hackers might take advantage of. 

Rise in crypto crimes

In 2022, Chainalysis recorded bitcoin thefts of $3.8 billion, a startling increase from the $0.5 billion taken in 2020 and a 15% increase over the $3.3 billion reported in 2021. The increase in online holdings brought about by the rise in public use of digital currencies has made them more desirable and reachable targets for cybercriminals.

De-Fi protocols, essential pieces of technology that support major cryptocurrency exchanges and organisations, were identified by Chainalysis as the key target of assaults in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking instances in 2022, an increase from 73% in the previous year. 

North Korea continues to lead the pack in terms of dedication to bitcoin hacking. Chainalysis estimates that NK-connected cybercrime groups, such the Lazarus Group, stole $1.7 billion in 2022, making up about half of the annual global total. In 2022, NK stole more digital currency than ever before, according to a recent United Nations report on cyberattacks, albeit the value of the stolen assets vary. 

According to The Conversation, North Korea uses the stolen cryptocurrency to fund its sanctioned nuclear programme, indicating that its hacking activities are unlikely to slow down anytime soon. Compared to prior years, 2022 will see a significant increase in hacking activity, according to Chainalysis' year-over-year research. 

Prevention tips 

The increase in crypto hacking events and the daring actions of organisations like the Lazarus Group highlight the pressing need for strong deterrents. A multifaceted strategy combining technological, legal, and instructional tactics is necessary to tackle these dangers.

Technology-based barriers: The first line of defence against advanced persistent threats is strong cybersecurity measures. This entails the deployment of firewalls, secure, up-to-date software, and robust encryption for all data transmissions. MFA, or multi-factor authentication, can offer an additional layer of security to prevent unauthorised access. 

Regular smart contract audits by outside security companies can aid in identifying and fixing vulnerabilities in the DeFi space before they are exploited. Additionally, the usage of bug bounty programmes, in which ethical hackers are compensated for identifying and disclosing software vulnerabilities, might be an efficient tactic to foreseeably discover possible security weaknesses.

Legal obstacles: Another important component of stopping crypto hacking is using legal disincentives. This entails the creation and application of stringent legislation and rules to deter online criminal activity. The decentralised and international character of cryptocurrencies, however, can make enforcing laws more difficult. Despite these difficulties, there have been cases where hackers have been caught and charged, including the notorious Silk Road case, illustrating the effectiveness of legal deterrents. Blockchain forensics and international cooperation between law enforcement organisations can be crucial in locating and prosecuting these fraudsters. 

Educational barriers: Education is also a potent deterrent. In cybersecurity, the human element is frequently the weakest link since people are readily duped into disclosing private information or acting riskily. Therefore, educating people on how to protect their digital assets, spreading awareness of safe online conduct, and encouraging these behaviours are essential steps in preventing crypto hacking. 

Cybercrime is still a significant concern as we negotiate the complicated world of cryptocurrency. Axie Infinity's Ronin Network and the hacker group Lazarus' suspected involvement in such breaches serve as a sobering warning of the vulnerability of digital assets. Although law enforcement authorities and cybersecurity companies are stepping up their efforts to prevent and track down these hackers, the reality is that due to the anonymity and decentralised nature of cryptocurrencies, these efforts are made more difficult. 

Though it is still in its infancy, insurance is beginning to show promise as a way to reduce the risk of loss from cybercrimes. Crypto insurance may provide some amount of defence against losses brought on by theft, hacking, and other cybersecurity breaches. However, it is a challenging task due to the volatile nature of crypto assets and the absence of comprehensive rules.

In the end, protecting digital assets depends on personal watchfulness, technological breakthroughs, legal frameworks, and international cooperation. The necessity for effective legal deterrents and strong cybersecurity safeguards will only become more pressing as we continue to learn more about cryptocurrency. In this fast-changing environment, the development of crypto insurance and other preventive measures will surely play a crucial role.

Hackers Target Apple macOS Systems with a Golang Version of Cobalt Strike

 

Threat actors intending to attack Apple macOS systems are likely to pay attention to Geacon, a Cobalt Strike implementation written in the Go programming language. 

The details were accumulated by SentinelOne, which noticed an increase in the quantity of Geacon payloads that have been showing up on VirusTotal lately. 

"While some of these are likely red-team operations, others bear the characteristics of genuine malicious attacks," security researchers Phil Stokes and Dinesh Devadoss explained in a report. 

Red teaming and adversary simulation tool Cobalt Strike was created by Fortra and is well recognised. Illegally cracked versions of the software have been abused by threat actors throughout the years due to its numerous post-exploitation features. While Cobalt Strike's post-exploitation activities mostly targeted Windows, assaults against macOS are rather uncommon. 

A malicious Python package called "pymafka" was created to install a Cobalt Strike Beacon on infected Windows, macOS, and Linux computers. Sonatype, a software supply chain company, revealed details of this package in May 2022. 

The discovery of Geacon artefacts in the wild, however, could alter that. Since February 2020, GitHub has hosted Geacon, a Go version of Cobalt Strike. Additional investigation into two fresh VirusTotal samples posted in April 2023 has linked them to two Geacon versions (geacon_plus and geacon_pro) created in late October by two unidentified Chinese developers, z3ratu1 and H4de5. The geacon_pro project is no longer available on GitHub, but a snapshot from the Internet Archive on March 6, 2023 shows that it can get past antivirus programmes including Microsoft Defender, Kaspersky, and Qihoo 360 360 Core Crystal. 

While geacon_plus supports CobaltStrike versions 4.0 and after, the tool's creator, H4de5, asserts that geacon_pro is primarily meant to handle CobaltStrike versions 4.1 and later. The software is currently at version 4.8. 

One of the artefacts found by SentinelOne, Resume_20230320.app by Xu Yiqing, uses a run-only AppleScript to connect to a remote server and download a Geacon payload. Both Apple silicon and Intel architectures are compatible with it. 

"The unsigned Geacon payload is retrieved from an IP address in China," the researchers explained. "Before it begins its beaconing activity, the user is presented with a two-page decoy document embedded in the Geacon binary. A PDF is opened displaying a resume for an individual named 'Xu Yiqing.'"

The Geacon binary, created by compiling the geacon_plus source code, includes a wide range of features that enable it to download next-stage payloads, exfiltrate data, and improve network connections. 

The second copy is reportedly included into a trojanized app that poses as the SecureLink remote assistance app (SecureLink.app) and primarily targets Intel devices, according to the cybersecurity firm. 

The basic, unsigned programme asks users for permission to access contacts, pictures, reminders, as well as the camera and microphone on the smartphone. The Geacon payload from the geacon_pro project, which connects to a known command-and-control (C2) server in Japan, is the core element of the attack.

Beware of "Quishing": Fraudsters Steal Data Using QR Codes

 

The vulnerability of protected health data may be increased by the usage of QR codes, which are intended to speed up processes like picture file transfers but actually expose organisations' weak points in mobile device security.

A fake QR code that links people to a website that seems identical to the real thing might be substituted by cunning cybercriminals in order to intercept user data and patients' personal information. In a practice called "quishing," they can even incorporate fake QR codes inside emails that appear to be from trusted sources. 

QR code scam 

With a projected increase of more than seven times in 2022, "scan scams" are now virtually regular occurrences.

Patient data breaches, malware infestations, and identity theft are all risks posed by QR code phishing in particular to healthcare organisations and patients. Cybercriminals deceive clients or staff into scanning a QR code that takes them to a website that seems authentic and asks for personal information or log-in credentials. 

To access patient portals, provider networks, and other digital services, hackers steal sensitive data, including medical histories, insurance details, social security numbers, and other personal identity data. 

Patient data is an extremely alluring target since it has a market on the dark web. In fact, depending on the level of data, a single patient record can fetch up to $1,000 on the underground market. That sum of money is over 50 times greater than what is typically recorded on credit cards. 

Role of organisations 

Organisations can increase provider, carer, and patient communication and openness with the aid of QR codes. Employing a QR code generator with integrated capabilities like single sign-on, multi-factor authentication, custom domain, and user management can help healthcare organisations safeguard this technology. 

The second crucial component is a platform for QR codes with incident management tools and security measures that are subject to recurring in-depth examinations. But education also contributes to preventing QR code fraud.

Healthcare organisations must educate their staff members and patients on how to use QR codes safely, including how to spot and stay away from malware, phishing scams, and other security risks. 

Mitigation tips 

Patients should be encouraged to check the legitimacy of the QR codes they scan before providing personal information. There are also security and privacy problems because a lot of individuals open a link right away after scanning a QR code without even checking it. To determine whether a destination is reliable, patients should check the website or app URL linked to the QR code or use a reliable QR code scanner app. 

Additionally, patients must only scan QR codes from reputable websites and applications, such as the printed materials, website, or app of their healthcare practitioner. Patients shouldn't scan a QR code if it seems sketchy or is from an unknown source. 

Finally, patients should exercise caution when sharing sensitive information via a QR code, such as their medical history or insurance details. They should only provide this information to reputable healthcare practitioners who can vouch for its secure and encrypted transmission.

Here's All You Know About Public Key Cryptography

 

Public key cryptography is one of the most efficient ways to ensure financial security, which is a crucial concern for organisations. This article will go into great detail about the advantages and disadvantages of this potent technology. We'll look at how public key cryptography can be utilised for link anchor text selection by bloggers, code signing, and other uses. You may decide whether to utilise this type of encryption for your company transactions more wisely by being aware of its benefits and drawbacks. 

Advantages 

Security: One of the safest techniques for data security is public key cryptography. It employs two distinct keys, so even if one of them is compromised, the other key will still be safe. This makes it incredibly challenging for hackers to obtain private data. 

In the digital age, public key cryptography is crucial because it is immune to contemporary cyberattacks. Additionally, it is adaptable and has uses other than financial security. 

Scalability: Public key cryptography may be scaled to fit the requirements of any business, from startups to global conglomerates. It is a flexible solution for enterprises of all sizes because of the variety of data types that it can encrypt. 

Additionally, a variety of financial operations, including Internet banking and credit card payments, can be carried out using public key cryptography. Because of this, it serves as the perfect choice for companies with a global presence. 

Accessibility: Public key cryptography is extensively used and straightforward to use. As a result, organisations of all sizes may take advantage of the advantages of this technology without having to spend a lot of money on installation. For instance, public key cryptography is supported by a large number of online browsers and software programmes. 

Cost-effective: For companies wishing to secure their data, public key cryptography is a viable option. Compared to other security measures like increasing staff or purchasing pricey technology, it is far more affordable. 

Drawbacks 

Complexity: Public key cryptography implementation can be challenging, particularly for small enterprises without an IT department. To use the technology properly, organisations might need to spend more money. 

Cost: Public key cryptography is extensively used, yet there are still expenses involved in putting it into practice. This can entail investing in software or hardware and instructing staff members on how to use the equipment. 

Compatibility: Some hardware and software platforms may not be compatible with public key cryptography. This may limit the options available to enterprises for data security systems. 

Speed and performance: Public key cryptography is slower than traditional cryptography methods and has scalability problems, making it unsuitable for high-performance transaction systems like mobile devices. 

Conclusion

Using public key cryptography to protect sensitive financial data is a good solution. It is a well-liked option for enterprises of all kinds due to its security, scalability, and accessibility. For some organisations, the complexity, expense, and compatibility difficulties, however, may be a disadvantage. Before selecting whether public key cryptography is the best option for their financial security needs, the blogger should carefully analyse their needs and available resources while choosing the anchor text for the link.

Deloitte Launches Blockchain Integration for Digital Credentials

 

One of the "Big Four" accounting firms, Deloitte, is in the forefront of the adoption of blockchain technology to transform the issue of digital credentials. 

KILT's blockchain technology will be used to create reusable digital credentials for Know Your Customer (KYC) and Know Your Business (KYB) processes, the firms stated in partnership with BOTLabs GmbH, creator of the KILT Protocol. Streamlining verification procedures and enhancing data privacy are the two goals of the creative solution. 

Reusable credentials for transforming verification 

Commonly requiring several data points and paper-based credentials, traditional KYC and KYB processes are repetitious and wasteful. 

Deloitte hopes to address these issues and give clients more control and flexibility over their digital credentials by utilising KILT's identity infrastructure. 

Customers can pick who they share their information with and which data points to divulge by storing their credentials in a wallet on their devices. 

With the help of a browser plugin that serves as a credential wallet created by Deloitte, consumers can easily set up and manage their credentials without any prior blockchain expertise.

Digital credentials anchored on the KILT blockchain, according to Micha Bitterli, Head of Deloitte Managed Services, have the potential to develop new digital marketplaces, ranging from e-commerce and decentralised finance (DeFi) to gaming. 

The credentials are digitally signed by the company, and if a customer's circumstances change after issue, it can revoke them using blockchain technology. 

Verifiable digital credentials built on KILT may be utilised across numerous applications while enabling users to maintain control over their personal information, according to Ingo RĂ¼be, CEO of BOTLabs GmbH and creator of the KILT Protocol.

Growing interest in crypto currency 

Late in April 2023, Deloitte started actively looking for people with bitcoin knowledge to join its team. Over 300 opportunities are open in the US, including titles like Tax Manager for Blockchain & Cryptocurrency and Blockchain & Digital Assets Manager, according to a LinkedIn search. 

Contrasting with its "Big Four" rivals Ernst & Young, KPMG, and PricewaterhouseCoopers, which currently display no results for crypto-related job postings, Deloitte's rising interest in the domain of cryptocurrencies. 

Deloitte's decision to increase the number of employees with a focus on cryptocurrencies shows that it continues to support Web3 and digital assets. In order to offer immersive experiences across diverse industries, Deloitte teamed up with Web3 platform Vatom in February. 

Another illustration of Deloitte's commitment to modernising established procedures and embracing the future of digital asset technology is the incorporation of KILT's blockchain technology for digital credentials.