Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Security. Show all posts
Read Receipts
Email Confidentiality Email Privacy Online Security Privacy Read Receipts

Preserving Email Privacy: How to Block Hidden Read Receipts and Enhance Security


Disabling Read Receipts: Taking Control of Your Email Privacy

In today's fast-paced tech-dominated world, the pressure to respond to emails and messages immediately can be overwhelming. But what if you want to reclaim your time and manage it on your terms? One way to do that is by ensuring your emails are more private, and a key step in achieving this is to disable read receipts.

Tech expert Jon Morgan, CEO of Ventures Smarter, explains that blocking hidden read receipts can be a crucial step in preserving your email activity's privacy and preventing others from knowing whether you've read their messages or not. He provides a simple guide to help you achieve this:

The first step is to disable read receipts in your email client or service. While the process may vary depending on the email platform you use, you can usually find this option in the settings or preferences section. Look for a setting related to read receipts or message tracking, and disable it. By doing so, your email client won't send read receipts to the sender, allowing you to maintain your privacy and respond at your own pace.

Reviewing Privacy Settings: Enhancing Email Security and Anonymity

Disabling read receipts is just the beginning. To bolster your email privacy, it's important to review the privacy settings of your email account. Many email services offer various privacy options that can further protect your communication from prying eyes. Jon Morgan advises paying attention to features such as blocking external images or preventing remote content from loading automatically.

By enabling these settings, you can prevent senders from receiving notifications when you open their emails or download images. This step adds an extra layer of confidentiality to your communication and reduces the risk of unintentionally revealing your activity to the sender. Take the time to explore your email service's privacy options and customize them according to your needs.

Using Email Clients with Advanced Privacy Features: Safeguarding Your Communication

In your quest for enhanced email privacy, it's worth considering using an email client or application that prioritizes privacy and security. Certain email clients offer advanced features like encrypted messaging, blocking read receipts, and additional privacy controls. Making the switch to such a client can significantly enhance your email security and provide you with more control over your personal information.

Before choosing an email client, Jon Morgan recommends conducting thorough research to find one that aligns with your specific privacy requirements and preferences. Look for a client that not only offers robust privacy features but also aligns with your desired user experience. By selecting a privacy-focused email client, you can take another step towards safeguarding your communication.

Offline Reading and Other Privacy Measures: Ensuring Complete Email Confidentiality

If you truly want to ensure complete privacy in your email communication, Jon Morgan suggests reading your emails offline, without an internet connection. By disconnecting from the internet while reading your messages, you eliminate the risk of triggering read receipts or tracking requests that could be sent back to the sender. This step guarantees that your email activity remains entirely private and allows you to read and respond to messages on your terms.

Disabling remote content loading in your email client's settings adds an extra layer of protection. By default, many email clients automatically load remote content, such as images, when you open an email. However, this feature can be exploited to track whether you've read the message. To counter this, disable remote content loading in your email client. This ensures that the sender won't receive any notifications when you open their email or load external images, further preserving your privacy.

For an added level of security, Jon Morgan suggests considering the use of a virtual private network (VPN). A VPN encrypts your internet connection, making it difficult for anyone to track your online activities, including your email interactions. By utilizing a VPN, you can protect your privacy and prevent tracking attempts, thus safeguarding your email communication.

Implementing these privacy measures gives you back control over your time and allows you to manage your emails without feeling overwhelmed or rushed. By disabling read receipts, adjusting privacy settings, using email clients with advanced features, and considering offline reading and VPN usage, you can enjoy a heightened level of email security and privacy while navigating the digital landscape.

Read more »
Threat Landscape
Amateur Hackers Cyber Security Internet Users Online Security Script Kiddies Threat Landscape

Here's How Script Kiddies are Targeting Internet Users Worldwide

 

Most people have an image of hackers in their minds. In our minds, imagery from motion pictures depicting skilled cybercriminals breaking into guarded networks practically instantly while typing at breakneck speeds come to mind. These are not Script kids, even though many real-life versions of these hackers are capable of some amazing and terrifying things. 

Script kids, often known as skiddies or skids, are amateur hackers and programmers who target networks and internet users with scripts and other programmes created by more experienced hackers and programmers. They may not be as adept as genuine hackers, but they have a lot of power and may cause a lot of harm. Find out here how to avoid script kids and how to be safe online. 

The script kiddies: Who are they?

The name speaks for itself. Script kiddies are persons who don't know how to programme and launch cyber attacks using other people's software. They are frequently kids or young adults. They frequently even utilise these programmes without realising their purpose or how they operate.

Children getting their first computer are an example of typical situations. They decide to become hackers after seeing a movie or television show about hacking. To learn how to turn the programme into a weapon, they might explore forums and perhaps look through a few tutorials. Once they have it on their targets, they will find a method to unleash it. 

Software exploitation against users

In order to target specific websites and users, script kids use the free and open-source software available on the internet. To launch DDoS attacks, for instance, they could utilise software meant for forensics or security. The damages and missed earnings might total thousands of dollars. 

Through the use of pen-testing apps or the planting of malware, script kids can also gain access to private networks. They are also keen on developing social engineering frauds. The extent of their capabilities truly doesn't extend beyond this. 

Do script kiddies pose a greater threat than real hackers? 

Yes and no. However, script kids are erratic, but real hackers can certainly cause far more damage if they so choose. Businesses, governments, or even hospitals are common targets for hackers that have specific goals in mind. The only thing script kids may have against you is a personal grudge. And to make matters worse, they can specifically target you based on information they have about you, such as your residence and place of employment.

You need to take digital security seriously, whether you're a hacker or a script kiddie. Only these two categories of cybercriminals exist. Other dangers like botnets, cyber terrorists, and simple con artists haven't even been mentioned yet.

Prevention tips

The online world can be a terrifying place because of thieves, script kiddies, hackers, and other bad actors. But a few straightforward, low-cost cybersecurity techniques and tools can make a significant difference in enhancing safety. 

You must first get a VPN. Your IP address is hidden, and your internet connection is encrypted when you use a VPN, or virtual private network. Your security and privacy have been increased as a result. Both hackers and script kids, who frequently utilise IP addresses to monitor user activities, are effectively stopped by it. 

Enabling a VPN whenever you connect to the internet is the best method to use one. Additionally, VPNs can help you get around content limitations and hide your browsing information from ISPs and network administrators. 

It's also a good idea to increase the security of your network, account, and devices. Make sure that all devices have secure passwords and PINs that are immediately required whenever you restart, shut down, or are inactive for more than two minutes or close the screen.

Use complex passwords to increase the security of your accounts. Consider using a password manager to store those complicated passwords in a secure digital vault. Not to mention fingerprint or facial recognition locks, two-factor authentication, and other security measures. 

Finally, you must strengthen the security of your network, especially your company network. Start with WEP encryption and a strong password. A variety of network security and monitoring tools should be researched and used. For instance, firewalls are excellent and successful at controlling network traffic. Programmes that track and obstruct attempts at authorised access are also available.
Read more »
Technology
AI Platform AI Tool ChatGPT Machine learning Online Security Technology

ClearML Launches First Generative AI Platform to Surpasses Enterprise ChatGPT Challenges

 

Earlier this week, ClearGPT, the first secure, industry-grade generative AI platform in the world, was released by ClearML, the leading open source, end-to-end solution for unleashing AI in the enterprise. Modern LLMs may be implemented and used in organisations safely and at scale thanks to ClearGPT. 

This innovative platform is designed to fit the specific needs of an organisation, including its internal data, special use cases, and business processes. It operates securely on its own network and offers full IP, compliance, and knowledge protection. 

With ClearGPT, businesses can use AI to drive innovation, productivity, and efficiency at a massive scale, as well as to develop new internal and external products faster, outsmart the competition, and generate new revenue streams. This allows them to capitalise on the creativity of ChatGPT-like LLMs. 

Many companies recognise ChatGPT's potential but are unable to utilise it within their own enterprise security boundaries due to its inherent limitations, including security, performance, cost, and data governance difficulties.

By solving the following corporate issues, ClearGPT eliminates these obstacles and dangers of utilising LLMs to spur business innovation. 

Security & compliance: Businesses rely on open APIs to access generative AI models and xGPT solutions, which exposes them to privacy risks and data leaks, jeopardising their ownership of intellectual property (IP) and highly sensitive data exchanged with third parties. You can maintain data security within your network using ClearGPT while having complete control and no data leakage. 

Performance and cost: ClearGPT offers enterprise customers unmatched model performance with live feedback and customisation at lower running costs than rival xGPT solutions, where GPT performance is a static black box. 

Governance: Other solutions can't be used to limit access to sensitive information within an organisation. Using role-based access, data governance across business units, and ClearGPT, you can uphold privacy and access control within the company while still adhering to legal requirements. 

Data: Avoid letting xGPT solutions possess or divulge your company's data to rivals. With ClearGPT's comprehensive corporate IP protection, you can preserve company knowledge, produce AI models, and keep your competitive edge. 

Customization and flexibility: These two features are lacking in other xGPT solutions. Gain unrivalled capabilities with human reinforcement feedback loops and constant fresh data, giving AI that entirely ignores model and multimodal bias while learning and adapting to each enterprise's unique DNA. Businesses may quickly adapt and employ any open-source LLM with the help of ClearGPT. 

Enterprises can now explore, generate, analyse, search, correlate, and act upon predictive business information (internal and external data, benchmarks, and market KPIs) in a way that is safer, more legal, more efficient, more natural, and more effective than ever before with the help of ClearGPT. Enjoy an out-of-the-box platform for enterprise-grade LLMs that is independent of the type of model being used, without the danger of costly, time-consuming maintenance. 

“ClearGPT is designed for the most demanding, secure, and compliance-driven enterprise environments to transform their AI business performance, products, and innovation out of the box,” stated Moses Guttmann, Co-founder and CEO of ClearML. “ClearGPT empowers your existing enterprise data engineering and data science teams to fully utilize state-of-the-art LLM models agnostically, removing vendor lock-ins; eliminating corporate knowledge, data, and IP leakage; and giving your business a competitive advantage that fits your organization’s custom AI transformation needs while using your internal enterprise data and business insights.”
Read more »
Ransomware Gang
Cyber Crime Data Backup Data Recovery Online Security Ransom Ransomware Gang

Backups can be Quicker and Less Expensive than Paying the Ransom

 

Ransomware operators want to spend as little time as possible within your systems, which means the encryption they use is shoddy and frequently corrupts your data. 

As a result, paying ransoms is typically a more expensive chore than simply refusing to pay and working from our own backups. That is the perspective of Richard Addiscott, a senior director analyst at Gartner. 

"They encrypt at an extremely fast rate," he said on Monday at the firm's IT Infrastructure, Operations, and Cloud Strategies Conference 2023 in Sydney. "They encrypt faster than you can run a directory listing."

Therefore, ransomware creators use poor encryption techniques and end up losing some of the data they later try to sell you. If ransomware operators deliver all the data they claim, Addiscott said, it is not simple to restore from corrupt data dumps delivered by criminals. Many people don't; instead, they start a new round of discussions regarding the cost of more releases by demanding a ransom. 

According to him, just 4% of ransomware victims actually manage to get all of their data back. Only 61 percent actually retrieve any data. Additionally, the average disruption to a victim's business is 25 days. 

Addiscott proposed that organisations design and practise ransomware recovery playbooks to shorten the period. Securing funding to prepare for a speedy post-ransomware recovery requires couching the risk in business terms rather than IT terms. 

According to Addiscott, the themes that are likely to release the purse strings are revenue protection, risk reduction, and cost control. Although he shook his head as he recalled instances when business leaders authorised enormous and speedy ransom payments that dwarfed the denied investments that may have rendered them unnecessary. 

He advised good preparation because ransomware crooks have figured out one technique to speed up stalled payment negotiations: whacking their victims with a DDoS attack, so they're battling two fires at once, and are thus willing to pay to make at least one problem go away. 

Ransomware operators also like to double-dip by demanding payment from the organisations whose data they have stolen, then mining the data to locate new targets. Addiscott mentioned an attack on a healthcare provider in which clients were confronted with a payment demand or their medical records will be revealed. 

Customers identified in a stolen data heist may be targeted with the suggestion that they notify suppliers that they want payments made in order to reduce the risk of their data being disclosed. Immutable backups and an isolated recovery environment, according to Addiscott, are a good combination of defences. 

However, he also stated that the people behind ransomware are brilliant, vicious, inventive, and relentless, so they will find new and even more nefarious ways to strike. 

The analyst did have one piece of good news: there would be a 21% decrease in ransomware attacks in 2022 compared to 2021. He hypothesised that the decline was caused by sanctions making it more difficult for Russian-based ransomware groups to operate.
Read more »
User Privacy
Data Breach Data Privacy Data Theft Online Security Third Party Vendors User Privacy

Here's How Global Firms are Capturing First- & Zero-Party Data of Consumers

 

Changes in consumer privacy in the digital marketing environment are forcing firms to fundamentally rethink their data-driven marketing tactics.

Consumers are becoming more conscious of the importance of their personal information. Simultaneously, tech titans and authorities worldwide are cracking down on the gathering, storage, and sale of consumer data. In addition to Apple's well-publicized privacy-focused software updates, Google intends to phase out third-party cookies on both Chrome and Android next year in an effort to prevent consumer tracking. 

The loss of access to large amounts of third-party data has complicated everything from ad targeting to attribution for advertisers, who have long relied on user-level tracking techniques. 

A rising number of businesses are responding by using novel strategies to get consumers to provide their personal information. This can take the shape of first-party data, or information a business obtains directly from its clients, or even zero-party data, or details a client voluntarily provides to a business. Consumers are receiving innovative new rewards from brands in return for their important data. 

The leading consumer packaged goods (CPG) and restaurant businesses are profiled here, along with some creative first- and zero-party data collecting methodologies they have employed. We discuss how these strategies may have helped these companies survive the post-cookie era. 

For the win, use game-based incentive programmes 

Brands are coming up with strategies to engage consumers in order to obtain first- and zero-party data. For a membership sign-up, email address, or phone number, you might receive a range of incentives, such as discounts or entry into sweepstakes.

Some companies, on the other hand, are thinking outside the box and developing fresh strategies, including ones that combine gamification, loyalty rewards, personalised marketing, and unique product offerings. 

For instance, in January, the sandwich company Jimmy John's started distributing its first "Achievement badges" to its "Freaky Fast Rewards Members." Even though the company has offered rewards since 2019, the addition of badges makes using the Jimmy John's app more enjoyable and encourages members to return. 

One badge, dubbed "The Gauntlet," which was introduced earlier this year, gave a special, limited-edition beanbag chair to the first 100 members who ordered every sandwich on the menu. 

Low-cal workouts drive conversions 

Halo Top, a brand of low-calorie ice cream owned by Wells, has another gamified strategy. 

And CPG firms like Halo Top that frequently market and sell largely via retail channels as opposed to direct-to-consumer are especially well-served by acquiring first- and zero-party data. As stated by Adam Fish, director of omnichannel strategy at Wells, "Gaining first-party data scale for CPG brands is challenging because we don't own the transaction; however, first-party data helps brands best understand their consumer and build long-term data durability." 

The 'No Work Workouts' campaign, launched by Halo Top last month, encourages people to take pauses from their usual workout routines to partake in enjoyable, low-effort calorie-burning hobbies, such playing air guitar or watching scary movies

"For those consumers who give consent, we can ingest first-party data into our audience segments," says Fish. He continues by saying that the company has witnessed a notable increase in conversions since switching from using third-party data collection to a variety of data sources a few years ago.
Read more »
Phishing Attacks
Cyber Attacks Cybersecurity Decentralized File Storage IPFS Online Security Phishing Attacks

IPFS Phishing Attacks: How Cybercriminals Exploit Decentralized File Storage


IPFS Phishing Attacks are becoming increasingly common as more users adopt the InterPlanetary File System (IPFS) technology to store and share files. This decentralized file storage system is designed to provide users with more control over their data and protect them from censorship, but it can also be exploited by cybercriminals to conduct phishing attacks.

How do IPFS Phishing Attacks Work?

Phishing attacks involve tricking users into providing sensitive information such as login credentials or financial data by posing as a trustworthy entity. IPFS phishing attacks work in a similar way, with cybercriminals creating fake IPFS gateways to steal user data.

Here’s how it works: when users want to access files stored on the IPFS network, they typically use a gateway to retrieve them. These gateways act as intermediaries between the user and the IPFS network, serving as a proxy for the user's requests. Unfortunately, cybercriminals can create fake gateways that look just like the real ones, tricking users into sending their requests to the malicious gateway.

Once a user sends a request to a fake gateway, the attacker can intercept the request and replace the legitimate file with a fake one that contains malicious code. The user is then prompted to enter their login credentials or other sensitive information, which the attacker can steal.

How to be safe from IPFS Phishing Attacks?

To avoid falling victim to IPFS phishing attacks, there are several best practices to follow:

1. Always check the URL of the IPFS gateway before entering any sensitive information. Be wary of URLs that look suspicious or slightly different from the real gateway.

2. Use a trusted IPFS gateway. Check the list of recommended gateways from IPFS or use a gateway recommended by a reputable source.

3. Be cautious when accessing files from unknown sources. Verify the source of the files and check if they are known to be safe.

4. Enable two-factor authentication whenever possible. This adds an extra layer of security to your login process.

5. Keep your software and security tools up-to-date to prevent known vulnerabilities from being exploited.

IPFS phishing attacks are a growing threat that can be mitigated by following best practices for online security. By being vigilant and cautious when accessing files on the IPFS network, users can protect themselves from cybercriminals.


Read more »
User Security
Cyber Attacks Data Safety Indian Organizations Online Security Ransomware attack Royal Ransomware User Security

CERT-In Warns Of 'Royal Ransomware' Virus Attacking India's Critical Sectors

 

Indian citizens and organisations have been alerted about the Royal Ransomware virus by the Indian Computer Emergency Response Team (CERT-In). 

This malicious malware targets key infrastructure industries, such as manufacturing, communications, healthcare, and education, as well as individuals, encrypting their files and requesting payment in Bitcoin to prevent the release of private information to the public. 

The CERT-In advisory claims that the RDP (remote desktop protocol) abuse, phishing emails, malicious downloads, and other forms of social engineering are all ways the Royal Ransomware infection spreads. This virus was discovered for the first time in January 2022, and it started to spread around September of last year, at which point the US government began to issue advisories against its expansion.

The report also disclosed that the threat actors employ a number of strategies to trick victims into installing remote access malware as part of callback phishing. In order to prevent recovery, the virus encrypts the data and deletes shadow copies once it has infected the system. 

The Royal Ransomware virus contacts the victim directly via a.onion URL route (dark web browser), thus it doesn't reveal information like the ransom amount or any instructions. Additionally, the malware gains access to the domain controller exfiltrates a sizable amount of data before encryption, and disables antivirus protocols.

Prevention Tips

CERT-In has suggested a set of countermeasures and internet hygiene guidelines protect against this and similar ransomware attacks. These precautions include keeping backup data offline, frequently maintaining backup and restore, enabling protected files in Windows, blocking remote desktop connections, utilising least-privileged accounts, and restricting the number of users who can access resources via remote desktop. 

Other best practices include keeping anti-virus software up to current on computer systems, avoiding clicking on links in unwanted emails, and encrypting all backup data such that it is immutable (cannot be changed or removed) and covers the entire organization's data architecture. 

People and organisations should exercise caution and take the appropriate safety measures to protect themselves from this deadly virus. Following the suggested rules can help prevent data loss and lower your chances of suffering financial and reputational harm.
Read more »
User Safety
AI Tool Cyber Security Online Security Password Cracker User Privacy User Safety

This AI Tool Can Crack Your Password in Sixty Seconds; Here's How to Protect Yourself

 

Even though ChatGPT may be the AI that everyone is thinking about right now, chatbots aren't the only AI tool that has emerged in recent times. DALL•E 2 and Runway Gen 2 are just two examples of AI picture and video creators. Sadly, some AI password crackers exist as well, such as PassGAN. 

PassGAN is actually not that new, at least not in the grand scheme of things. The most recent GitHub update was six years ago, and it made its debut back in 2017. In other words, this isn't a brand-new hacking tool developed in response to the ChatGPT revolution. But when it was recently put to the test by cybersecurity research company Home Security Heroes, the results were startling. PassGAN can break any — yes, any — seven-character password in six minutes or less, according to the Home Security Heroes study. It can quickly crack passwords of seven characters or fewer, regardless of whether they contain symbols, capital letters, or numbers. 

Modus operandi 

PassGAN combines Password with the Generative Adversarial Network (GAN), much like ChatGPT combines Chat with the Generative Pre-trained Transformer (GPT). In essence, the deep learning model that the AI is trained on is GAN, similar to GPT.

In this case, the model's objective is to provide password guesses based on real-world passwords that it has been given as input. In order to train PassGAN, a popular tool for studies like these, Home Security Heroes used the RockYou dataset that resulted from the 2009 RockYou data breach. PassGAN was given the data set by the organisation, and it then generated passwords in an effort to properly guess sample passwords. 

In the end, it was possible to quickly break a wide range of passwords. Home Security Heroes then had an AI tool trained on actual passwords that could instantly crack passwords after using PassGAN to train on the RockYou dataset. 

Should I be alarmed about PassGAN?

The good news is that, for the time being at least, you don't really need to panic about PassGAN. Security Editor for Ars Technica Dan Goodin claimed in an opinion piece that PassGAN was "mostly hype." This is because while the AI tool can fairly easily crack passwords, it doesn't do it any more quickly than other non-AI password crackers. 

In example, Goodin quotes Yahoo Senior Principal Engineer Jeremi Gosney, who claimed that using standard password-cracking methods, they could quickly accomplish similar results and decrypt 80% of passwords used in the RockYou breach. For his part, Gosney characterised the study's findings as "neither impressive nor exciting." And after taking a closer look at the results, you might not be as impressed as you were when you first heard that "50% of common passwords can be cracked in less than a minute." These passwords rarely include capital letters, lowercase letters, digits, and symbols and are primarily made up of numbers with a character count of seven or less. 

This means that all it takes to fool PassGAN is a password of at least 11 characters, made up of a mixture of uppercase and lowercase letters, numbers, and symbols. If you can do that, you can make a password that PassGAN will need 365 years to figure out. If you make that number 11 characters long, it becomes 30,000 years. And the finest password managers make it simple to create these kinds of passwords. 

But let's say you don't want to use a password manager because you don't trust that they won't be vulnerable to data breaches, like the LastPass compromise in August 2022. It's a legitimate concern. Fortunately, using a passphrase—a password created by combining several words—will likely still be enough to fool PassGAN. Home Security Heroes estimates that it would still take PassGAN on average 890 years to crack a 15-character password made up entirely of lowercase letters. That timeline could jump to a staggering 47 million years if only one capital letter were added, long after our AI overloads have already dominated the world. 

However, always keep it in mind that no password is ever completely secure. Despite your best efforts, data breaches might still leave you exposed, and by pure dumb luck, a password cracker might guess your password earlier than planned. But as long as you follow the best practises for password security, you have nothing to worry about with PassGAN or any other rogue actor.
Read more »
Tech Gadgets
Malicious Payload Mobile Security Online Security Ransomware attack Tech Gadgets

LockBit Operators Target Apple MacOS Devices

 

In order to encrypt files on devices running Apple's macOS operating system, the actors behind the LockBit ransomware campaign have created new artifacts. 

It appears that the development marks the first time a large-scale ransomware group has produced a macOS-based payload, as was noted over the weekend by the MalwareHunterTeam. 

Additional samples found by vx-underground demonstrate that the macOS variant has been accessible since November 11, 2022, and has so far managed to avoid being discovered by anti-malware engines. 

The threat actors behind LockBit, a well-known cybercrime gang with ties to Russia, released two significant modifications to the locker in 2021 and 2022. They have been active since late 2019. 

LockBit overtook Cl0p as the second most popular ransomware in March 2023, according to figures made public by Malwarebytes last week, and it was responsible for 93 successful assaults.

The new macOS version ("locker_Apple_M1_64") is still under development and uses an incorrect signature to sign the executable, according to an analysis of the software. As a result, even if it is downloaded and launched on a device, Apple's Gatekeeper security measures will block it from being used. 

Security researcher Patrick Wardle claims that the payload contains files like autorun.inf and ntuser.dat.log, indicating that the ransomware sample was initially intended to attack Windows. 

"While yes it can indeed run on Apple Silicon, that is basically the extent of its impact," Wardle explained. "Thus macOS users have nothing to worry about ...for now!" 

Wardle also drew attention to other security measures put in place by Apple, such as System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC), which stop the execution of unauthorised code and mandate that programmes ask users' permission before accessing protected files and data. 

"This means that without an exploit or explicit user-approval users files will remain protected," Wardle explained. "Still an additional layer or detection/protection may be warranted." 

According to SentinelOne researcher Phil Stokes, the macOS version of LockBit is also a "direct descendant" of the Linux variant and does not "implement any functionality for exfiltrating the data it locks, nor does it have any method of persistence." Stokes described the threat's current state of development. 

In describing the threat's current state of development, SentinelOne researcher Phil Stokes noted that the macOS version of LockBit is also a "direct descendant" of the Linux variant and lacks "any functionality for exfiltrating the data it locks, nor does it have any method of persistence."

It is clear from the results that threat actors are progressively focusing their attention on macOS systems, despite the fact that the artefacts are generally buggy. Since then, a LockBit spokesperson has verified to Bleeping Computer that the macOS encryptor is "actively being developed," indicating that the malware is likely to pose a severe threat to the platform. 
Read more »
User Privacy
Browser Modifiers Browser Vulnerability Data Safety Mobile Security Online Security User Privacy

You Should Be Concerned Regarding Browser Modifiers; Here's Why

 

Have you recently noticed anything strange about your browser? Possibly Google used to be the default homepage; but, these days, when you click the home button, a strange page, a white screen, or an error page is loaded instead. And to make matters worse, you are currently experiencing an annoying increase in pop-up advertisements. You may be dealing with a browser modifier if the annoyances you've been experiencing primarily occur in the browser. 

Exactly what are browser modifiers

A less well-known but nevertheless annoying category of spyware called a "browser modifier" messes with how you access the internet. They are made to alter browser preferences, notably those for turning off pop-up advertising, the homepage, default search engines, and file download defaults. Additionally, browser modifiers might add add-ons without your knowledge and create a backdoor for more sophisticated malware to attack your system. 

This kind of malware is distributed by attackers who use social engineering strategies to deceive potential victims into installing it. When people attempt to close pop-up advertisements, browsers frequently become infected. You know those advertisements with the tiny "x" button that, when you click on them, transport you to a page for sports betting or accomplish something completely different. This technique is used by shady websites to engage in click fraud. On file-sharing websites, clicking bogus download buttons can also result in infections. 

Modus operandi

A browser modification can have impacts on your device that are either so audible that you quickly detect anything is wrong with it or subtle enough that you don't notice anything until much later. In any case, there are a few warning signs that your phone or computer browser may be compromised by this software. 

Installing extensions without authorization 

Your browser is similar to receiving a naked cake from the bakery: it has no dressing or decorations and is available for you to consume as is or customised to your preferences. Add-ons, often known as browser extensions, are tools you install on browsers to enhance your usage and carry out particular functions. Installing an extension will allow you to manage tabs, proofread your texts, summarise YouTube videos, and automatically apply coupons when you shop online. Typically, based on your demands, you install extensions yourself. However, browser modifers secretly set up harmful extensions that can secretly record your keystrokes, gather the data you submit on specific websites, or gather your data for marketing purposes. Any add-ons you see that you didn't install are a solid clue that something harmful is going on in the background. 

Modifying your default search engine 

If a browser modifier has been installed on your device, you can discover that your default search engine has been modified and that the search results now come from an unknown website. The outcomes might even be passable, but it does not guarantee everything is in order. The modifications made to your search engine provider may direct you to fraudulent websites where thieves are waiting to take your information, identity, or money. 

Most browsers' default search engines are typically connected to major tech firms. On Chrome and Safari, Google Search is the default search engine, Bing is the default search engine on Microsoft Edge, and Brave created Brave Search for its users. 

Of course, if you prefer another option, you may switch to DuckDuckGo, Wikipedia, Amazon, or even Stack Overflow. There are thousands of lesser-known search engines created by businesses and individual developers in addition to those prominent ones. Small search engines lack the same robust experience that users receive from well-known competitors, which is why they are less well-known. 

The use of search engines is crucial in the digital economy. They can increase website traffic, compensate business owners for their advertising expenditures, and bring in money for the search engine provider. Shadowy technocrats also want a piece of that cake, just like respectable businesses do. However, they are willing to employ any strategy, including viruses like browser modifiers. 

Your pop-up ad blocker must be disabled

One moment you're browsing wholesome internet content, and the next an ad encouraging you to install an app appears out of nowhere, taking up your entire screen. Or a persistent advertisement banner follows you online. 

Pop-up advertisements and persistent banners are common on some websites, after all. Most browsers offer settings you can change to disable them or at the very least lessen their frequency. You might have a problem with your browser modification if you experience persistent pop-ups and sticky advertisements. Additionally, you might notice that right after you save changes, the malware modifies your ad settings. 

Prevention tips 

Modifiers in browsers are annoying. In contrast to more sophisticated malware variants, these are more manageable. The majority of browser modification infections may be treated by either returning your browser to its original settings or by utilising anti-malware software to locate and get rid of the annoying programme. 

Browser reset: After installing a browser, we like to fiddle with its settings: switch between bright and dark modes, alter the font, enable tracking protection, and add extensions. Your browser will be restored to its factory settings after being reset. If you're dealing with a straightforward browser modifier, this measure ought to be perfectly adequate. Advanced browser modifications, however, can necessitate a complete removal of the browser, a clean sweep of the Programme Files and AppData folders on your hard drive, and a subsequent reinstallation of the browser. 

Malware scan: In addition to cleaning up, you should think about doing a malware scan on your files. Due to the possibility that the browser modification downloaded additional malware or set up potentially undesirable programmes on your device, doing this is very crucial. On your Windows computer, you may use Microsoft Defender to check for malware. It comes with Windows and is free. Malwarebytes and Norton are simply two alternatives that are equally effective. 

Security update: The best way to prevent a browser modifier infection is to update your browser to the most recent version that is available. Furthermore, installing security updates fixes holes that malware can exploit in your operating system and apps. That does not, however, mean you are safe. 

Malware has the ability to wait patiently for the right time to activate itself. Decide to automatically download and install updates for your apps and hardware. Delete files that are unnecessary or strange, too. Also, configure your anti-malware programme to regularly scan your drive for dangers. 

Should you be concerned about browser modifiers? 

Not much. The harm posed by browser modifiers is not as serious as that posed by viruses, Trojans, and worms. Additionally, if your system and browser are current, the likelihood that you will encounter this threat is limited. 

Nevertheless, browser modifiers are frequently disregarded as inconsequential annoyances. Given their capacity to do significant damage, you shouldn't. By enabling automatic updates, you may free up your time to concentrate on preventing worse risks.
Read more »
User Security
Crypto Phishing Crypto Scam Cyber Fraud Online Security Phishing scam User Privacy User Security

Cryptocurrency Scams: How to Detect and Avoid Them

 

Due to the prevalence of fraudulent activity since its inception, the bitcoin market has become well-known. Scammers employ a number of techniques to trick bitcoin consumers and take their hard-earned money. 

How do crypto phishing scams work?

The well-known cyberattack known as phishing has been around for a while. The FBI Internet Crime Report for 2022 states that phishing was the most prevalent technique, with 300,497 victims losing $52 million as a result. This fraudulent activity has now spread to the world of cryptocurrencies. 

A crypto phishing scam is a strategy used by scammers to steal sensitive information, such as the private key to your wallet. They accomplish this by posing as a trustworthy organisation or individual and requesting personal information from you. The information you supply is then used to steal your digital assets. 

Crypto phishing scams have become more frequent in recent years. A well-known cryptocurrency hardware wallet maker, Trezor, issued a warning regarding a large crypto phishing attack in February 2023. Users of Trezor were the target of scammers who sent them fictitious security breach alerts in an effort to get them to divulge their recovery seed phrase, which the attackers could then use to steal their cryptocurrency. 

Identifying crypto phishing scams

Following are five warning signals to watch out for to prevent becoming a victim: 

The majority of the time, cybercriminals send mass emails or messages without checking the language, spelling, or sentence structure. As a result, grammatical errors are the clearest indication of a phishing letter. Clear communication with their clients is important to reputable businesses. 

Scammers frequently copy the logos, colour schemes, typefaces, and messaging tones of respectable businesses. The branding of the crypto businesses you utilise should therefore be familiar to you. 

The URLs in the message should always be double-checked because phishers often utilise links that look real but actually take you to dangerous websites. 

Prevention tips 

Don't disclose your private keys: Your private keys are what allow you to access your cryptocurrency wallet. Keep them confidential and never give them out. 

Educate yourself: Stay up to date on the latest cyber risks and best practises for keeping your cryptocurrency secure. The more you know about self-defense, the better prepared you'll be to defend against cyber-attacks.

In-depth research: Before investing in any cryptocurrency, properly investigate the concept and the team behind it. Examine the project's website, white paper, and social media outlets to establish its legitimacy.
Read more »
User Safety
CISO Cyber Security Online Security Threat Intelligence Threat Landscape User Safety

Role of the Modern CISO in the Rapidly Evolving Cybersecurity Landscape

 

The Chief Information Security Officer (CISO) position is currently undergoing transition, especially as risks alter and as more rules and compliance mandates are implemented. The assumptions around this formerly specialist position need to be reevaluated because it is now essential for contemporary businesses. 

CISO's evolving position 

In a recently published report, the executive search and leadership consultancy firm Marlin Hawk noted changes in the fundamental requirements for CISOs, increased internal hiring for cyber security positions, and declining CISO turnover rates. 

"Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the CIO, which is to act as the primary gateway from the tech department into the wider business and the outside marketplace," stated managing partner at Marlin Hawk, James Larkin.

As a result, CISOs need to be proficient communicators with people at all levels of the organisation. They must be able to communicate with the board as well as the marketplace of investors and clients. The growing focus on CISO soft skills will raise standards for this position.

Role of "CISO+" 

Security experts claim that the CISO role has genuinely evolved into a "CISO+" role during the past 8–10 years as a result of the large number of CISOs who have taken on engineering-related tasks, physical security-related projects, operational resiliency initiatives, brand trust building projects, and/or supply chain resilience building initiatives.

The chances for CISOs to become business enablers and higher-level transformational technology leaders have increased as a result of this. From this new vantage point, CISOs are better able to gain the respect of their executive-level peers as well as the support of the legal departments, other business departments, and other organisational divisions.

CISOs must understand that as recently appointed members of the C-suite, they are accountable for and have a stake in innovation, revenue, and growth.

Manager to leader transition 

For everyone involved in an organisation's cyber security, the promotion of the CISO position to the C-suite is generally good news. CISOs must, nevertheless, show that they are eager to tackle new difficulties.

In order to generate corporate value, CISOs must now act as creative thought leaders, accomplished storytellers, and transformation architects. Across the whole corporate value chain, the CISO must now work as a strategist, tactical master, influencer, and inspiration. Being a change agent is one of the most crucial and challenging practises in lean management transformations. It calls for a person with a distinct vision, patience, persistence, the capability to set a good example, the ability to ask probing questions, and reliability. 

CISOs may be required to spearhead highly focused, precisely targeted initiatives to comprehend risk, identify threats, and emphasise overall cyber security preparation in order to enable more business agility.
Read more »
User Privacy
Banking Trojan Data Safety malware Malware Family Online Security User Privacy

Qbot: The Ever Expanding Malware Family

 

Given how widespread malware has become, new "families" of each type are being developed. Qbot, a family of malware that is used to steal data, falls under this category. 

Qbot's history 

As is sometimes the case with malware, Qbot (also referred to as Qakbot, Quakbot, or Pinkslipbot) wasn't identified until it was actually spotted in the wild. In the context of cybersecurity, the phrase "in the wild" describes a situation in which malware spreads unintentionally among targeted devices. As a kind of malware, Qbot is suspected to have existed at least as far back as 2007, making it much older than many of the more well-known varieties now in use. 

Simply because they are ineffective against new technology, several types of malware from the 2000s are no longer in use. But Qbot stands out in this case. Qbot has been running for at least 16 years as of the time of writing, an astonishing longevity for malware. 

Although this has also been interrupted by stretches of inactivity, Qbot has been routinely seen in use in the wild since 2007. In any event, cybercriminals continue to favour it as a choice. 

Qbot has changed throughout time and has been utilised by different hackers for a variety of purposes. Qbot started out as a Trojan, a virus that hides itself inside of software that seems to be safe. Data theft and remote access are only two of the many destructive uses for trojans. More precisely, Qbot targets banking credentials. It is regarded as a banking Trojan as a result. Is this still the case, though? How does Qbot function right now?

Modus operandi

The most notable type of the Qbot that is currently being spotted is an infostealer Trojan. Infostealer Trojans are intended to steal valuable data, including financial information, login passwords, and contact information, as their name implies. This particular strain of Qbot malware is mostly used to steal credentials. Variants of Qbot have also been seen engaging in keylogging, process hooking, and even system attacks using backdoors.

Qbot has been altered to have backdoor capabilities since it was first developed in the 2000s, making it an even greater threat. A backdoor is essentially an unauthorised method of accessing a network or system. Backdoors are frequently used by hackers to conduct their assaults because they provide a simpler entry point. This Qbot variation is referred to as "Backdoor.Qbot." 

Initially, the Trojan-like Emotet virus was used to propagate Qbot. Nowadays, malicious email campaigns using attachments are the main way that Qbot is disseminated. Large quantities of spam are sent during such campaigns to hundreds or even thousands of recipients in the hopes that some of the users who are being targeted would respond. 

Qbot has frequently been seen as a.zip file with an XLS dropper that contains macros inside malicious email attachments. Malware can be installed on a recipient's device if they open a malicious attachment, frequently without their awareness. Exploit kits can also be used to propagate Qbot. These are instruments that help cybercriminals spread malware. 

Exploit kits can identify security flaws in a device's construction and then take advantage of such flaws to get unauthorised access. 

However, things continue even after backdoors and password theft. Operators of Qbots have been crucial Initial Access Brokers. These are cybercriminals who offer other hostile actors system access for sale. Access has been allowed to some very large organizations, including the ransomware-as-a-service provider REvil, in the instance of the Qbot perpetrators. In fact, a number of ransomware partners have been seen employing Qbot to get initial access to systems, giving the malware yet another alarming use.

Qbot is used to target a variety of industries and has surfaced in numerous harmful activities. Qbot has targeted manufacturing enterprises, government agencies, banking websites, healthcare organizations, and more. 2020 data from TrendMicro indicated that 28.1% of Qbot's targets are in the healthcare industry. 

In the same analysis, TrendMicro also noted that the US, China, and Thailand had the greatest rates of Qbot detection in 2020. Qbot is obviously a worldwide danger because it was also frequently detected in Australia, Germany, and Japan. 

Mitigation tips

It's crucial that you are aware of the signs of malicious mail because Qbot is frequently disseminated through spam campaigns. 

Starting with the contents, there are many warning signs that an email may be malicious. It's advisable to avoid clicking any links or attachments from new email addresses until you are certain they can be trusted. You may check a URL's validity on a number of link-checking websites to see whether it is safe to click or not. 

The file extensions.pdf,.exe,.doc,.xls, and.scr are among those that are frequently used to propagate malware. Although not the only file extensions used to spread malware, these are among the most popular kinds, so be on the lookout for them when you receive emails with attached files. 

Additionally, you should exercise caution if an email from a new sender carries a sense of urgency. In order to persuade victims to comply, cybercriminals frequently utilise persuasive language in their emails.
Read more »
System Hack
Cyber Attacks Data Leak Online Security Ransomware attack System Hack

MSI Acknowledges Security Breach Following Ransomware Attack Allegations

 

MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack. 

The Money Message ransomware group earlier this week claimed to have infiltrated part of MSI's systems and taken files that will be released online the following week if the business declines to pay a $4 million ransom. 

MSI disclosed that particular sections of its information service systems had been impacted by a cyberattack that had been notified to the appropriate authorities in a Friday filing with Taiwan's Stock Exchange (TWSE), which was first noticed by PCMag. 

"After detecting some information systems being attacked by hackers, MSI's IT department has initiated information security defense mechanisms and recovery procedures. The Company also has reported [sic] the anomaly to the relevant government authorities," MSI stated.

No information was provided by the company regarding the attack's time frame, if any of the compromised systems were encrypted, or whether the attackers stole any client or corporate data as a result of the event. 

Nevertheless, MSI did claim that the cyberattack had no "significant" operational or monetary effects and that security upgrades had been put in place to guarantee the protection of data held on the compromised systems.

"No significant impact on our business in terms of financial and operational currently. The Company is also enhancing the information security control measures of its network and infrastructure to ensure data security," the company added. 

On Friday, MSI also released a statement cautioning users to make sure they only download BIOS and firmware upgrades from legitimate websites. 

"MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website," the company concluded. 

After learning that the organisation may have been involved in the hack of a well-known computer hardware provider, BleepingComputer published the first report on the Money Message ransomware operation's activities last weekend.

In conversations between the ransomware gang and an MSI representative that BleepingComputer was able to observe, the threat actors wanted a $4,000,000 ransom in exchange for access to what they claimed to have stolen from MSI's network, amounting to about 1.5 TB of data.

If MSI doesn't pay the demanded ransom, Money Message now threatens to release the purportedly stolen files sometime next week. The threat actors have added MSI to their list of companies whose data they are leaking, although they have only so far shared screenshots of what they claim are the PC manufacturer's Enterprise Resource Planning (ERP) databases and files with software source code, secret keys, and BIOS firmware.
Read more »
User Safety
Cyber Security Malicious Sites Online Security User Privacy User Safety

How to Shield Yourself From Malicious Websites

 

The sense of wondering if you've just infected your phone or computer with a virus is familiar if you've ever clicked on a link someone sent you, say in an email or a direct message, only to be sent to a website that seemed really suspect. Hackers are getting more and more creative in their attempts to trick you into visiting dangerous websites by disguising them as benign ones.

Furthermore, the practice has spread so widely that it isn't restricted to a small number of sites or site types. It is no longer sufficient to simply be informed that a particular site is off-limits. Therefore, while viewing a website, it's critical to approach it with the mindset of a tech expert and to conduct some research before you decide to keep browsing. 

In this post, we'll look at some easy measures you can take to check the website you land on to see if it's safe and secure and see if there's any chance of data loss or malware installation.

Beware of unclear characters and misspelled URLs

In order to lure visitors into visiting their malicious websites, fraudsters frequently utilise homoglyphs, also known as homographs, assaults, and misspelled or other misleading URLs. Although it might sound like you're going to get whacked over the head with a dictionary, a homoglyph attack actually happens when threat actors register domains with names that are highly similar to others yet contain visually confusing letters or have an imperceptible addition. 

Scan malicious website

There are several online tools you may use to determine whether a website is harmful if you have a bad feeling about it or, even better, if you are considering going but haven't yet. 

One such service is Google's Safe Browsing site status tool, which allows you to paste the URL of a website and receive information on its security. VirusTotal's URL checker is another comparable tool you can use. It analyses a website's address, verifies it with a number of top-tier antivirus engines, and then provides you with a prediction of whether a specific URL might be malicious. The SANS teacher Lenny Zeltser has put together a list of tools that may be useful even if the scan comes back "clean."

To learn who owns the domain you're visiting, you can also run a "whois" search as an alternative. 'Whois' is a record that lists details about the domain you're looking for, including who owns it, when and where it was registered, and how to contact the owner. The address of the website you're looking for must be entered on a special website before you can conduct a whois inquiry. 

Whether the domain is newly registered, which could be a sign that it could be malicious, is one of the details you should be keeping an eye out for. For instance, Facebook won't be a domain that was initially registered in February 2021. If you click "display more data," and it is incomplete or full of errors, that is another indication that the domain may be malicious; although, in some cases, that could be the result of someone being negligent while entering the registration information.

Check for a privacy statement 

If you're browsing a website and unsure if it's trustworthy or not, one thing to check is whether there is a privacy policy. As they are required by data protection legislation to describe how the website handles and protects user data, every reputable website needs to have one. 

Companies that violate data protection laws, particularly the General Data Protection Regulation (GDPR) of the European Union, may suffer substantial repercussions for privacy and security failings. Thus, if a website doesn't have a privacy policy or has one that seems deficient, that should be a pretty good indication that something is amiss and that the website doesn't care about the severe data protection rules that are enforced globally. 

Get contact details

Any trustworthy business that values establishing long-lasting relationships with its clients will have contact information readily available on its website. Typically, it includes a phone number, email address, physical mailing address, or contact form. While attempting to determine whether you're dealing with a genuine or reputable organisation, there are a number of warning indicators that you should be on the watch for. 

For instance, you will most likely be dealing with a scam if you attempt to call the provided phone number and it is disconnected or the person who answers the phone doesn't sound professional. If it passes that evaluation, then confirm by conducting a fast Google search for the business's official contact information and giving that number a call just to be safe. 

Now that you know what you should do to stay secure, you might feel like it's a tall order. In fact, there are other factors you should pay attention to as well, such as whether a website has strange advertising that keeps appearing everywhere or whether it is rife with typos and poor grammar, which may suggest that you have found a shady website. 

To summarise, you should check the website's security certificate, watch for misspellings in the URL, and preferably manually type the address if possible or only click on reliable links.
Read more »
Subscribe to: Posts (Atom)