Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Websites. Show all posts
Websites
browser extensions Chrome Cyber Security Emoji keyboard Websites

Over 2 Million Users Affected: Browser Extensions Turned Into Silent Spying Tools


An alarming cyber threat has come to light involving common browser extensions used by millions across the world. According to a recent investigation by cybersecurity firm Koi Security, at least 18 browser add-ons, once considered safe were secretly turned into tools to track users without their knowledge. The attack, named “RedDirection,” affected more than 2.3 million people.

What makes this case especially alarming is that many of these extensions were originally trusted. They included tools like emoji keyboards, volume boosters, and weather forecasts popular utilities often downloaded from official platforms like the Chrome Web Store and Microsoft Edge Add-ons Store. With high ratings and verified badges, they seemed completely legitimate.

However, after gaining a large number of users, the attackers behind the campaign quietly pushed harmful updates. These updates gave the extensions the ability to access users’ online activity, including the websites they visited, cookies, and even login information. In some cases, users were redirected to fake websites designed to steal sensitive data like passwords.

Extensions such as “Emoji keyboard online,” “Free Weather Forecast,” and “Volume Max” on Chrome, as well as “Unlock TikTok” and “Volume Booster” on Edge, were found to be connected to the same background server. This suggests that all of them may have been controlled by a single group or organization.

One of the biggest concerns is how easily these harmful changes were delivered. Most browser extensions update automatically in the background, with no alerts or approval required from users. This allowed attackers to silently take control of millions of browsers without anyone noticing.

This isn’t the first case of browser extensions being misused. Past incidents like the 2019 “DataSpii” leak and 2021’s “CursedChrome” attack followed a similar pattern, trustworthy tools were hijacked over time and repurposed for spying or data collection.

If you use browser extensions, it’s important to take action now. Open your browser settings (by typing chrome://extensions or edge://extensions in the address bar), review all installed extensions, and remove anything suspicious or unused. You should also clear your browsing history and run a full antivirus scan on your device.

To stay safe in the future, treat browser extensions carefully. Only install what you truly need, and review the permissions each extension asks for. Think of your extensions like apps on your phone or medications in your home, regular cleanups can prevent major problems.

This recent discovery reminds us that even trusted tools can be misused over time. Staying alert and informed is the best defense.

Read more »
Websites
cyber threat CyberCrime Cybersecurity Digital Slavery Global Network Ingram Micro IT Infrastructure Ransomware Attach Websites

Ingram Micro Faces Major Outage Following Ransomware Incident


 

An assault on Ingram Micro's global network started on July 3, which crippled parts of the company's global network as well as disrupted its ordering portals and customer service channels. Ingram Micro is currently restoring critical systems. 

It became evident that the disruption was caused first when clients were suddenly unable to place orders or communicate with account teams via standard telephone lines, particularly resellers and managed service providers that rely heavily on the distributor's platforms. 

A wide array of regional websites became unavailable as a consequence of the outage, which forced them into maintenance mode landing pages that offered only minimal contact information for sales and technical support, emphasising the extent of the damage and how urgent it was to get them back online. 

A ransomware attack that began on July 3 triggered widespread disruptions across Ingram Micro's global infrastructure, severely affecting the ability of company to support its partners and customers. As a first sign of trouble, customers began experiencing difficulties placing orders and getting in touch with account representatives through standard communication channels, especially resellers and managed service providers, which comprise a substantial portion of the company's customer base. 

After a series of disruptions, the company decided to redirect traffic to temporary maintenance pages that contained only basic contact information for sales and support teams, as traffic to its regional websites had quickly escalated. While it was necessary to move, this move highlighted the extent of the problem and the limited availability of core services. As one of the world's largest IT distributors, Ingram Micro relied heavily on interconnected digital systems, and the impact was far-reaching, affecting partners throughout multiple countries. 

Since then, the company has worked tirelessly to restore its systems, focusing on service restoration as well as launching an investigation into the nature and extent of the breach. Ingram Micro is a global leader in business-to-business technology distribution and service providers, recognised as one of the most important and reliable technology service providers globally. 

As a leading provider of comprehensive IT solutions encompassing hardware, software, cloud computing, logistics, and professional training, Ingram Micro plays a crucial role in the IT supply chain. As a key enabler of digital infrastructure for organisations around the world, the company serves a vast network of resellers, system integrators, and managed service providers. 

It has been unresponsive since Thursday, including its official website, online ordering systems, and support systems, leading to a significant operational disruption for customers who use its digital platforms to access inventory in real-time, place orders, and receive support. Despite the fact that Ingram Micro did not publicly disclose the cause of the outage, the sustained downtime has raised concerns across the entire technology distribution ecosystem as the sustained outage has raised increasing concern. 

The incident has not only hampered the company's day-to-day operations but has also rippled across supply chains and service delivery for its clients and partners, due to the company's integral position in the global IT channel. When the cyberattack began on Thursday, it quickly took Ingram Micro's primary website, as well as significant parts of the global network infrastructure, offline and inoperable.

Late Saturday night, the company released a brief public statement acknowledging the incident, informing customers of its intent to restore systems as quickly as possible to resume order processing and core operations. Before the opening of the financial markets in the United States on Monday, Ingram Micro formally notified its shareholders regarding the breach, indicating that there may be a negative impact on the business continuity and the interest of investors. 

As a result of the timing of this outage, coincidental with the approaching long holiday weekend, it immediately triggered immediate concern, especially since ransomware attacks on high-profile organisations are becoming increasingly common during times of diminished staffing and increased vulnerability. 

With headquarters in California, Ingram Micro holds a prominent position as one of the largest distributors of hardware, software, and information technology solutions in the global technology supply chain, with several products on offer. As well as providing distribution services, the company is also a managed service provider (MSP), offering cloud management and outsourced IT services to a wide range of corporate clients, particularly small and mid-sized organisations. 

A significant portion of the outage has extended beyond logistical and e-commerce functions, with reports indicating that software licensing processes have also been disrupted as a result of the outage. Ingram Micro's backend systems have been compromised by this attack, which has made it more difficult for many customers to provision or access certain digital products which are dependent on them. It has also impacted the company's service ecosystem on multiple levels.

On Saturday evening, Ingram Micro released an official statement confirming that a ransomware attack caused the service outage that had gone on for almost 48 hours, validating the concerns expressed by the company's global customer base. In parallel with the public disclosure of the incident, the company also filed a Form 8-K with the Securities and Exchange Commission, which indicated that the incident was likely to have a significant impact on the company's operations and materiality. 

There is no doubt that this formal regulatory filing emphasises the seriousness of the attack and shows how the company is expected to maintain transparency with its stakeholders, investors, and regulators in the aftermath of a cybersecurity breach of this magnitude, as well as the seriousness of the incident. According to industry analysts, Ingram Micro's handling of the incident highlights just how critical it is to communicate rapidly, transparently, and coordinatedly during large-scale cyber crises of any scale. 

A cascading effect has been caused across the entire global IT supply chain as core systems have been severed from vendors and clients as a result of the attack, even though it is still unclear how much damage has been caused. It is not just apparent that interconnected ecosystems can be operationally vulnerable, but the incident also serves to underscore the importance of cybersecurity resilience in the digital age in terms of strategic importance. 

"Neil Shah, Vice President at Counterpoint Research, stated that the attack exposed vulnerabilities in a broader IT value chain, particularly due to the central role Ingram Micro plays in channel operations. As a consequence of this event, Ingram's IT infrastructure was disabled, preventing access to its partners as well as its clients from being able to work. 

Consequently, Shah explained to me that this caused significant delays in processing and fulfilment, as well as the potential exposure to sensitive customer information, such as pricing structures and data related to channel partnerships,” he explained. As well, Greyhound Research's Chief Analyst and CEO, Vir Gogia, echoed these concerns by stating that cyberattacks targeting IT distributors can directly hinder the agility of global supply chains. 

If fulfilment platforms fail, a ripple effect takes place: enterprise buyers are left with backlogs and shipment delays, OEMs lose insight into downstream demand, resellers are unable to meet customer service level agreements (SLAs), and enterprise procurement teams are forced to defer capital recognition. According to the author, the consequences of centralised procurement models are especially acute in industries and regions with large-scale retail, government, and telecommunications. 

A renewed interest has also been drawn to the systemic risks associated with cloud-based infrastructures as a result of the incident. As today's supply chains rely heavily on cloud-based logistics, vendor-client management systems, and real-time data visibility, the breach at Ingram Micro highlights one of the biggest vulnerabilities in today's cloud-centric IT ecosystems. 

Besides halting the company's global operations, Ingram Micro was also disrupted by the ransomware attack, disrupting the flow of billions of dollars worth of channel transactions, which forced resellers and enterprise customers to seek alternative sources for procurement. As a result of this sudden shift in purchase behaviour, business continuity across the supply chain was severely compromised, and Ingram Micro's reputation for operational reliability and efficiency for logistical reasons was temporarily eroded. 

Industry analysts have cautioned that the incident might result in revenue deferrals, contract fulfilment delays, and possible penalties due to breaches of service-level agreements (SLAs). Several experts, however, have also pointed out that the timely disclosure of the company's issues and the coordination of remediation efforts have played a crucial role in reducing the reputational and financial consequences for the company in the long run. 

In light of this incident, the entire industry has been jolted awake, reinforcing the urgency for robust cybersecurity preparedness and agile response frameworks. During Ingram Micro's experience with the SafePay ransomware variant, it was clear that maintaining a secure and modern IT infrastructure, including security patches updated to the latest version, optimised system configurations and constant threat monitoring protocols, was imperative. 

There has been a great deal of learning from this breach, such as the importance of clear, fast communication, both internally among operational teams as well as externally to partners, clients, and regulatory authorities. Through the company's response strategy, which involved a thorough investigation and a structured recovery process, actionable insights have been gained that can be applied to enhancing cybersecurity resilience. 

In the future, this event is expected to help shape future risk management practices by emphasising the importance of being proactive and preventative in defending against cyber threats that are evolving. In the wake of the Ingram Micro ransomware attack, the broader IT industry has to reexamine and strengthen its cyber preparedness posture as soon as possible in order to recover from the incident. 

The resilience of technology supply chains depends on more than just operational efficiency, as digital infrastructure increasingly intertwines with global commerce. They must also have a strong cyber foundation in place to protect them. Organisations, particularly large-scale distributors, service providers, and vendors, need to prioritise developing incident response frameworks that are both agile and deeply integrated into business continuity plans to stay on top of cyber threats. 

The organization must adopt zero-trust architectures, run regular threat simulations, ensure system visibility in real-time, and establish clear escalation protocols with technical, legal, and communications teams simultaneously, in order to ensure real-time system visibility. Enhanced vendor risk management, third-party audits, and contingency procurement strategies should no longer be optional safeguards, but rather become a standard part of operations. 

The Ingram Micro incident has highlighted the vulnerabilities inherent in today’s cloud-reliant ecosystems; moving forward, we need to focus on proactive cyber resilience not just as a precautionary measure, but as a vital part of ensuring trust, continuity, and competitive viability in a digital economy that is increasingly dependent on cloud technologies.
Read more »
Websites
Artificial Intelligence Fake AI SEO URL Websites

Cybercriminals Target AI Enthusiasts with Fake Websites to Spread Malware

 


Cyber attackers are now using people’s growing interest in artificial intelligence (AI) to distribute harmful software. A recent investigation has uncovered that cybercriminals are building fake websites designed to appear at the top of Google search results for popular AI tools. These deceptive sites are part of a strategy known as SEO poisoning, where attackers manipulate search engine algorithms to increase the visibility of malicious web pages.

Once users click on these links believing they’re accessing legitimate AI platforms they’re silently redirected to dangerous websites where malware is secretly downloaded onto their systems. The websites use layers of code and redirection to hide the true intent from users and security software.

According to researchers, the malware being delivered includes infostealers— a type of software that quietly gathers personal and system data from a user’s device. These can include saved passwords, browser activity, system information, and more. One type of malware even installs browser extensions designed to steal cryptocurrency.

What makes these attacks harder to detect is the attackers' use of trusted platforms. For example, the malicious code is sometimes hosted on widely used cloud services, making it seem like normal website content. This helps the attackers avoid detection by antivirus tools and security analysts.

The way these attacks work is fairly complex. When someone visits one of the fake AI websites, their browser is immediately triggered to run hidden JavaScript. This script gathers information about the visitor’s browser, encrypts it, and sends it to a server controlled by the attacker. Based on this information, the server then redirects the user to a second website. That second site checks details like the visitor’s IP address and location to decide whether to proceed with delivering the final malicious file.

This final step often results in the download of harmful software that invades the victim’s system and begins stealing data or installing other malicious tools.

These attacks are part of a growing trend where the popularity of new technologies, such as AI chatbots is being exploited by cybercriminals for fraudulent purposes. Similar tactics have been observed in the past, including misleading users with fake tools and promoting harmful applications through hijacked social media pages.

As AI tools become more common, users should remain alert while searching for or downloading anything related to them. Even websites that appear high in search engine results can be dangerous if not verified properly.

To stay safe, avoid clicking on unfamiliar links, especially when looking for AI services. Always download tools from official sources, and double-check website URLs. Staying cautious and informed is one of the best ways to avoid falling victim to these evolving online threats.

Read more »
Websites
address Privacy VPN Websites

Remove Your Home Address From the Internet - Here's How

 




This is not only an issue of personal privacy but also safety. Many organisations sell address data to brokers, who then distribute their contents to advertisers, identity thieves, or even burglars. Here's the step-by-step process of how to delete your home address off the web.


Share Your Address Only When Necessary 


Keep your address private by limiting how often you give out your home address. Share it only when you must, like when opening a bank account or registering to vote. You can use an alternate address elsewhere, for example, when signing up for a gym membership or getting deliveries. That little change makes a big difference to the privacy of your home address online.


Mask Your Address in Mapping Apps


Online maps usually have very clear street views of your home. Thankfully, apps such as Google Maps and Apple Maps can blur your home for privacy. For Google Maps, enter your address, go to Report a Problem, then the areas you'd like to blur. For Apple Maps, write to their team at mapsimagecollection@apple.com, with details of your home, and they will handle it.

Remove Your Address from Search Results


You have the right to request its removal, if it appears on a search engine. Google offers users the ability to track and control personal information online. One can visit their Google Account and navigate to the Results About You section to set alerts and even request removal of the address from certain search results. Remember that Google could retain content from government or business sites.


Know your Social Media Profiles


Review your social media profiles for those instances where you published your house address. Never post a photo with your street or house number. Periodically update your privacy setting to restrict access to your information.


Opt Out from Whitepages


Whitepages is the biggest collection of addresses online. To remove yourself from it, visit their Suppression Request page, search for your profile, and make a suppression request for removal of it. You can easily do this in a few minutes.


Cleaning Up Unused Accounts


Most websites and services save your address whenever you sign up. Accounts you don't use anymore—like old shopping sites or subscription services—and delete them or request that your data be erased. That's fewer chances of a leak or misuse. You could also use a Post Office Box as an alternative.

The use of a post office box can make certain that one private home address does not have to be revealed. You can apply through USPS to lease a box for as low as $15 monthly online. This address could be used for deliveries or other accounts; it conceals your place of residency.

 

Use a Virtual Mailbox


Added to that is the security factor - virtual mailboxes have a secure option. They scan and forward your mail and allow you to access it online. It's thus comfortable for a frequent traveller, thus anyone who wants to avoid physical mail at his doorstep.


Securing Your Address with a VPN


Finally, make use of a virtual private network (VPN) to encrypt your internet data. Also, keep the physical location private. It conceals where you are physically based as you go online. Many browsers also have this built-in VPN option for additional security as well.

Removing your home address from the internet may take some effort, but the peace of mind it brings is worth it. By following these steps, you can protect your privacy and stay safer in an increasingly connected world. 


Read more »
Websites
Customer Manipulation Cyber Security Cyberattacks CyberCrime Cyberthreats Dark Patterns ICPEN Websites

Subscription Services Accused of Using 'Dark Patterns' to Manipulate Customers

 


It is a widespread practice among subscription sites to manipulate customers' behaviour around subscriptions and personal data to influence their decisions, according to a new report by two international consumer protection organizations. It is defined as the practice of guiding, deceiving, coercing, or manipulating consumers in ways that often aren't in their best interests when using an online user interface. 

An international research effort was conducted by the International Consumer Protection and Enforcement Network, along with the Global Privacy Enforcement Network, both of whom are responsible for conducting consumer protection and enforcement investigations. As a result of a review of selected websites and apps, the Federal Trade Commission and two international consumer protection networks reported that a significant portion of the websites and applications examined may be manipulative of consumers into buying products or services or revealing personal information to third parties. 

These dark patterns, and digital design techniques, can be found in most of the websites and apps examined that use these techniques. These types of strategies may be able to persuade consumers to take actions that they would not generally take. In an internet survey carried out by the Internet Society, an analysis was carried out of the websites and mobile apps of 642 traders. The study found that 75,7% of them had at least one dark pattern on their websites, and 66,8% had at least two or more dark patterns on their websites. 

An online user interface's shadow patterns are defined as the subtle, deceptive, coercive, or manipulative strategies used to steer, deceive, coerce, or manipulate users into making decisions that are not necessarily in their best interest and are rather detrimental to them. As part of the annual International Consumer Protection and Enforcement Network (ICPEN) sweep, which took place from January 29 to February 2, 2024, the 2018 Sweep was hosted by ICPEN. 

To conduct the study, participants were asked to serve as sweepers, representing 27 consumer protection enforcement authorities from 26 different countries. There has been a coordinated sweep between the ICPEN and the Global Privacy Enforcement Network (GPEN) for the very first time. In a world that is becoming increasingly global in terms of standards, regulations, and technology, GPEN is a membership-based network of over 80 privacy enforcement authorities, whose mission is to foster cross-border cooperation among privacy regulators and effectively protect personal privacy. 

Consumer protection is increasingly becoming intertwined with other spheres of the regulatory system due to the growing intersections. The assessment of the deceptive design patterns by both privacy and consumer protection sweepers who were conducting a review of website and app content demonstrated that many of these sites and apps employ techniques that interfere with the ability of individuals to make educated decisions to protect their rights as consumers and privacy. 

As a result of the analysis, the scourges rated the sites and apps from a point of view of six indicators that are characteristic of dark business practices according to the Organisation for Economic Co-operation and Development (OECD). A study conducted by ICPEN found that there were several potential sneaky practices, for example, the inability to turn off auto-renewal of subscription services by consumers, or interference with the user interface. These practices, such as highlighting a subscription that is beneficial to the trader, were particularly frequent during the survey period. 

In a recent publication, ICPEN and GPEN, a pair of organizations that are helping improve consumer protection and privacy for individuals throughout the world, have both released reports that outline their findings. On the ICPEN's website, users will find the report, and on the GPEN's website, they will find the report. GPEN has released a companion report exploring black patterns that could encourage users to compromise their privacy as a result of them. The majority of the more than 1,00 websites and apps analyzed in this study used a deceptive design practice in the development of their websites. 

As many as 89 per cent of these organizations had privacy policies that contained complex and confusing language. In addition to interface interference, 57 per cent of the platforms made the option with the least amount of privacy protection the easiest one to pick, and 42 per cent used words that could influence users' opinions and emotions in the privacy choices. The subtle cues that influence even the most astute individuals can lead to suboptimal decisions. 

These decisions might be relatively harmless, such as forgetting to cancel an auto-renewing service, or they might pose significant risks by encouraging the disclosure of more personal information than necessary. The recent reports have not specified whether these dark patterns were employed illicitly or illegally, only confirming their presence. This dual release underscores the critical importance of digital literacy as an essential skill in the modern age. Today's announcement coincides with the Federal Trade Commission (FTC) officially assuming the 2024-2025 presidency of the International Consumer Protection and Enforcement Network (ICPEN).

ICPEN is a global network of consumer protection authorities from over 70 countries, dedicated to safeguarding consumers worldwide by sharing information and fostering global enforcement cooperation. The FTC has long been committed to identifying and combating businesses that utilize deceptive and unlawful dark patterns. In 2022, the FTC published a comprehensive staff report titled "Bringing Dark Patterns to Light," which detailed an extensive array of these deceptive practices. 

The Federal Trade Commission collaborates with counterpart agencies to promote robust antitrust, consumer protection, and data privacy enforcement and policy. The FTC emphasizes that it will never demand money, issue threats, instruct individuals to transfer funds, or promise prizes. For the latest news and resources, individuals are encouraged to follow the FTC on social media, subscribe to press releases, and subscribe to the FTC International Monthly.
Read more »
Websites
Black hat malware Online Security URL Websites

Cybercriminals Exploit Web Hosting Platforms to Spread Malware


 

Cybersecurity researchers at Zscaler ThreatLabz have uncovered a concerning trend in which cybercriminals are exploiting popular web hosting and blogging platforms to disseminate malware and steal sensitive data. This sophisticated tactic, known as SEO poisoning within the realm of Black Hat SEO techniques, has been employed to manipulate search engine results, pushing fraudulent websites to the forefront of users' search queries, thereby increasing the risk of unwittingly accessing malicious content.


How They Operate

The cybercriminals orchestrating these operations have devised intricate strategies to evade detection and entice unsuspecting users into downloading malware. They fabricate fraudulent websites spanning a wide array of topics, ranging from pirated software to culinary recipes, often hosted on well-established platforms such as Weebly. By adopting the guise of legitimate sites, complete with endorsements like "Powered by Weebly," they exploit users' trust in reputable services to perpetrate their malicious activities.


The process commences with cybercriminals setting up sham sites on web hosting services, adeptly avoiding detection by both hosting providers and users. When individuals search for relevant content and click on links from search results, they unknowingly find themselves on these malevolent sites. To circumvent scrutiny from security researchers, the perpetrators implement evasion techniques, including scrutinising referral URLs. Should a user access the site directly, indicating a potential analysis, the site tactfully sidesteps redirection to preserve its cloak of invisibility.


The Payload Delivery System

Malicious payloads are secretly delivered through multi-layered zipped files concealed within seemingly innocuous content. For instance, an individual seeking cracked software may inadvertently download malware instead of the anticipated content. Upon execution, the malware puts together a sequence of activities, encompassing process hollowing and DLL sideloading, aimed at downloading additional malware and establishing communication with command-and-control servers.


Tricks to Avoid Detection

To further complicate their activities, threat actors employ techniques, including string concatenation, mathematical manipulation, and the utilisation of password-protected ZIP archives. These tactics serve to confound security measures, rendering the malicious code arduous to decipher and bolstering the malware's ability to slightly pass over detection.


Data Theft and Deceptive Tactics

Once ensconced within a system, the malware embarks on an mission to harvest extensive troves of data, encompassing system information, browser data, credentials, and browsing history. Additionally, it sets its sights on emails pertaining to cryptocurrency exchanges, adeptly modifying email content and intercepting one-time authentication codes to facilitate unauthorised access.


How To Protect Yourself?

Keeping in mind such campaigns, users are advised to exercise utmost caution when procuring software from unfamiliar sources and to prioritise visiting reputable websites. Staying abreast of emerging cybersecurity threats and securing defences with robust protocols can substantially mitigate the risk of succumbing to potential infections.



Read more »
X
malware Netflix phishing URLs Websites X

X's URL Blunder Sparks Security Concerns

 



X, the social media platform formerly known as Twitter, recently grappled with a significant security flaw within its iOS app. The issue involved an automatic alteration of Twitter.com links to X.com links within Xeets, causing widespread concern among users. While the intention behind this change was to maintain brand consistency, the execution resulted in potential security vulnerabilities.

The flaw originated from a feature that indiscriminately replaced any instance of "Twitter" in a URL with "X," regardless of its context. This meant that legitimate URLs containing the word "Twitter" were also affected, leading to situations where users unknowingly promoted malicious websites. For example, a seemingly harmless link like netflitwitter[.]com would be displayed as Netflix.com but actually redirect users to a potentially harmful site.

The implications of this flaw were significant, as it could have facilitated phishing campaigns or distributed malware under the guise of reputable brands such as Netflix or Roblox. Despite the severity of the issue, X chose not to address it publicly, likely in an attempt to mitigate negative attention.

The glitch persisted for at least nine hours, possibly longer, before it was eventually rectified. Subsequent tests confirmed that URLs are now displaying correctly, indicating that the issue has been resolved. However, it's important to note that the auto-change policy does not apply when the domain is written in all caps.

This incident underscores the importance of thorough testing and quality assurance in software development, particularly for platforms with large user bases. It serves as a reminder for users to exercise caution when clicking on links, even if they appear to be from trusted sources.

To better understand how platforms like X operate and maintain user trust, it's essential to consider the broader context of content personalization. Profiles on X are utilised to tailor content presentation, potentially reordering material to better match individual interests. This customization considers users' activity across various platforms, reflecting their interests and characteristics. While content personalization enhances user experience, incidents like the recent security flaw highlight the importance of balancing personalization with user privacy and security concerns.


Read more »
Websites
Attack Blackcat hackers Change Healthcare critical infrastructure providers Data Breach digital decryption keys Extortion Hospitals International law enforcement seizure Websites

Notorious Hacker Group Strikes US Pharmacies

In December, international law enforcement targeted a gang, leading to the seizure of various websites and digital decryption keys, as reported by Reuters. In response to this crackdown, the Blackcat hackers threatened to extort critical infrastructure providers and hospitals.

A recent attack on Change Healthcare, resulting in its parent company UnitedHealth Group disconnecting its systems to prevent further impact, has caused disruptions in prescription insurance claims, according to the American Pharmacists Association. This outage, which has persisted through Tuesday, is attributed to a notorious hacker group, as per a new report.

The outage at Change Healthcare, which handles payment management for UnitedHealth Group, was caused by a ransomware attack by hackers associated with Blackcat, also known as ALPHV, according to Reuters, citing anonymous sources. Blackcat has been involved in several recent high-profile data breaches, including attacks on Reddit, Caesars Entertainment, and MGM Resorts.

As a result of the breach, pharmacies nationwide are facing significant delays in processing customer prescriptions. Change Healthcare stated they are actively working to restore the affected environment and ensure system security.

UnitedHealth Group mentioned that most pharmacies have implemented workarounds to mitigate the impact of the outage on claim processing. The company expressed confidence that other data systems in its healthcare portfolio were unaffected by the breach.

While last week's breach was suspected to be "nation-state-associated," according to an SEC filing by UnitedHealth, it's uncertain if the group responsible was sponsored by foreign actors. Cybersecurity firms Mandiant and Palo Alto Networks, appointed by UnitedHealth, will lead the investigation into the breach.
Read more »
Websites
Cyberattacks CyberCrime Cybersecurity IBM JavaScript malware Software Web Injections Websites

Sophisticated Web Injection Campaign Targets 50,000 Individuals, Pilfering Banking Data


Web injections, a favoured technique employed by various banking Trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cybercriminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. 

In a new finding, it has been revealed that the malware campaign that first came to light in March 2023 has used JavScript web injections in an attempt to steal data from over 50 banks, belonging to around 50,000 used in North America, South America, Europe, and Japan.  

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. As IBM’s researchers explained, it all starts with a malware infection on the victim’s endpoint. 

After that, when the victim visits a malicious site, the malware will inject a new script tag which is then loaded into the browser and modifies the website’s content. That allows the attackers to grab passwords and intercept multi-factor authentication codes and one-time passwords.

IBM says this extra step is unusual, as most malware performs web injections directly on the web page. This new approach makes the attacks more stealthy, as static analysis checks are unlikely to flag the simpler loader script as malicious while still permitting dynamic content delivery, allowing attackers to switch to new second-stage payloads if needed. 

It's also worth noting that the malicious script resembles legitimate JavaScript content delivery networks (CDN), using domains like cdnjs[.]com and unpkg[.]com, to evade detection. Furthermore, the script performs checks for specific security products before execution. Judging by the evidence to hand, it appears the Windows malware DanaBot, or something related or connected to it, infects victims' PCs – typically from spam emails and other means – and then waits for the user to visit their bank website. 

At that point, the malware kicks in and injects JavaScript into the login page. This injected code executes on the page in the browser and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts. The script is fairly smart: it communicates with a remote command-and-control (C2) server, and removes itself from the DOM tree – deletes itself from the login page, basically – once it's done its thing, which makes it tricky to detect and analyze. 

The malware can perform a series of nefarious actions, and these are based on a "mlink" flag the C2 sends. In total, there are nine different actions that the malware can perform depending on the "mlink" value. These include injecting a prompt for the user's phone number or two-factor authentication token, which the miscreants can use with the intercepted username and password to access the victim's bank account and steal their cash. 

The script can also inject an error message on the login page that says the banking services are unavailable for 12 hours. "This tactic aims to discourage the victim from attempting to access their account, providing the threat actor with an opportunity to perform uninterrupted actions," Langus said. Other actions include injecting a page loading overlay as well as scrubbing any injected content from the page.  

"This sophisticated threat showcases advanced capabilities, particularly in executing man-in-the-browser attacks with its dynamic communication, web injection methods and the ability to adapt based on server instructions and current page state," Langus warned. "The malware represents a significant danger to the security of financial institutions and their customers." Cybercriminals are exploiting sophisticated web injection techniques to compromise over 50,000 banks throughout the world as a threat escalating. 

DanaBot or similar malware entails the manipulation of user data through JavaScript injections, which allows them to steal login credentials with ease. In this dynamic attack detected by IBM Security, malicious scripts are injected directly into banking pages, evading conventional detection methods, and resulting in a dynamic attack. 

As a way to prevent malware infections, users are recommended to keep their software up-to-date, enable multi-factor authentication, and exercise caution when opening emails to prevent malware infections. To ensure that we are protected from the evolving and adaptive nature of advanced cyber threats, we must maintain enhanced vigilance in identifying and reporting suspicious activities.
Read more »
Wi-Fie
Android Cyber Attacks Cybersecurity Google Account iOS Location Sharing Websites Wi-Fie

Avoid Accidentally Sharing Your Location

 


There is no doubt that the devices and apps on your phone want to know where you are-whether to give you the latest weather updates, make suggestions for restaurants that you might enjoy, or allow you to better target advertisements. To keep track of what you share with others and what you do not share with others, and when, it can become very confusing very quickly.  

There is also a possibility that there are inconsistencies in the different location histories logged by your devices: There are some times when you think that you have blocked or turned off Location Sharing on your phone but that you are still tracked, and vice versa. 

Location Tracking: How it Becomes Confusing 

There is nothing more frustrating than being able to keep finding yourself on a map, even though you distinctly recall turning your location tracking off on a device. You might also have thought that you had left the location history feature on, but you are seeing gaps even though you thought you had? In terms of a few explanations, it is essential to keep in mind all the different ways in which your location can be logged by different devices, apps, and websites that you use during the day: your apps, your devices, and your websites. 

A tablet, for instance, might be equipped with a location-tracking feature whereas a phone might have its location-tracking turned off. Another possibility is that your laptop is tracking your location in the background. This is even though you thought you had disabled such a feature in the apps you use. You thought you had disabled it on your laptop. To determine whether or not to enable or turn off location tracking completely, you have to consider all of these different methods of keeping track of your location as well. 

Here is an example of how to use your Google account if you have one. On the web, simply go to your account settings, where you will be able to select Data and Privacy, along with Location History. This will reveal some desktop computers, laptops, and tablets whose movement is being saved to your Google account for future reference. Select Devices on This Account to see which phones, tablets, and laptops have been marked with a checkmark. 

When you click Turn Off, you will be able to disable this feature, but you should be aware of the caveats that appear onscreen once you have clicked the 'Turn Off' button: Your location will still be logged by your mobile device, by the Find My Device service when you are trying to locate a lost device, and by Google Maps when you are trying to navigate or search around the area in which you are. There is a facility in the Location History settings menu that allows you to toggle between different aspects of your location history. This includes the Google Timeline and the ability to search for places you regularly visit in a matter of seconds. 

It is worth noting that there are several other areas where your location is logged and shared from your main Google account screen. A list of specific contacts who can see your location through Google services can be found under Data and Privacy under Web & App Activity, and under People and Sharing under Manage Location Sharing. This allows you to manage location data saved by Google Maps and other applications and websites. 

Mobile Location Tracking and Management 

Depending on the manufacturer of your Android phone, the steps involved in managing your location will differ slightly. However, the menus and instructions involved will generally be similar regardless of the manufacturer of your phone. In Google Pixel phones, you can open up your Settings app, then select Location: Then you will see a switch that allows you to turn off the use of location, which will prevent any of the apps on your device from knowing your location, as well as Google. 

It is also possible to customize location access for individual apps on the same screen if you leave the Use Location toggle switch turned on. If you want to control when apps have access to your location, you can choose to set it to always or only when the app is running in the foreground. The app in the list you choose can be changed by tapping on its name. 

To eliminate the location data that has been collected on you, you need to check the history of all the apps that have had access to your location and check the settings of each and every one of them. You can either choose to delete Location History from your Google account on the web or Web & App Activity under Data and Privacy. This is if you want to completely remove such data from your Google account and Google's apps. Moreover, you will also have the option to automatically delete this information after a period of three, eighteen, or thirty-six months. 

Apple does not seem to log your movements in quite the same way as Google does, but it does build up a list of places you visit frequently (like your home and maybe your workplace) so you can quickly get back there if necessary. Open the Settings app on your iPhone, and then select Privacy & Security, Location Services, System Services, and Significant Locations to remove any items from this list. If you want to stop the list from populating in the future, you can opt to remove this entry from the list. 

On-Desktop Location Tracking 

Since your laptop or desktop computer will not be equipped with GPS capabilities, it will not be able to track your location the way your smartphone can, but you can still log into the internet on your computer through the network connections you use to sign in (via your home Wi-Fi, for example). However, the apps, websites, and operating systems will still have a sense of where you are.

Whenever you open up the Settings app on your Windows computer, you can click on Privacy & Security and then choose Location. As with Android and iOS, you will find that you can turn off location tracking for individual applications (via a toggle switch located on the right of the screen) or turn it off for the entire computer (by selecting the top option). By clicking on Clear next to Location History, you will be able to wipe the log of your travels. In this case, you may view which apps have been using your location, as well as see what apps are currently using your location. 

There will be settings within every browser that will allow you to control the way your location is accessed by websites. Chrome has a setting called Privacy and Security, Site Settings, and Location which can all be accessed from the settings pane; Edge requires opening the settings pane and choosing Cookies and Site Permissions, then Location; on Safari on MacOS, the setting dialog box must be opened before selecting Websites and Location. No guarantee changing these settings will affect any information that the sites have collected in the past. You will have to find out if this is the case by visiting the settings for individual websites.   
Read more »
Websites
Cyber Frauds Holiday Shopping Online Shopping Websites

Warning for Shoppers: Be Aware of Ransomware

 


With time, cyber attackers are getting updated and using more advanced technologies to steal data and blackmail the victims to get the ransom. One such case happened last year with Austin business Tiny Pies’ Instagram.

The co-founder of Tiny Pies in Austin, Amanda Wadsworth, commented on this incident and explained that they received a mail from an unknown source, and though it looked unauthorized, they clicked on it. After opening the mail, the cyber attackers hacked their system and locked their data. They coerced them to give ransom or else they will delete the account. 

Many cases showed that attackers threaten the victims for a ransom, or else they will leak confidential information on the dark web, where a large amount of such important information is already uploaded, as a consequence of cyber-attacks. 

Bobby Stempfley, the vice president and business unit security officer for Dell Technologies, commented on the rise in cyber-attacks. Dell also has to face many cyber-attacks on Dell. 

She stated that the organizations hold an “astronomical amount of data.” The organizations are managing data that is ten times more than the data that was there five years ago. 

She mentioned, “It is an environment where, when you put in better protections, the threat actors work to find better ways to go, work around those protections.” 

Considering the passion of cyber attackers to continuously find new ways to invade into target’s system and steal data, Stempfley started training employees of Dell to educate them about this ransomware and make them able to identify phishing and other attacks by ransomware. 

Alert for holiday shoppers 

The security company Tanium said that the cases of cyber-attacks are maximum during the holiday shopping season. Tanium added that hackers target when there is higher traffic on websites, such as on holidays, when people surf online more to find good deals. 

Melissa Bischoping, the endpoint security research director at Tanium, said that "security is not just the responsibility of the company storing your data, but it is also an equal responsibility of the shoppers to be alert and aware of such attacks." 

She explained, Shoppers should be cautious when they receive an email and first confirm whether it is legitimate or not. Prefer the trusted official app or the website instead of clicking on the links in emails with “a holiday sale” text. 

She talked about other holiday scams that are carried out using botnets. Cyber attackers collect items that are popularly in demand and add them to sell. Melissa said that the updated technology is working as a helping tool for cyber attackers to target the victims. 

To use the technology as a productive tool for your purpose instead of making it a weapon for hackers, you should follow some tips while shopping for sales online, such as: 

1. In case you receive an email for a shopping sale, do not click on it directly. Search for its authentication on websites or apps. 

2. Do not leave your credit card unchecked. Keep checking your credit card to know if there are any fraudulent charges. 

3. Create different passwords for different websites and apps where you shop from.
Read more »
Websites
Black Friday Cyber Fraud Data Fraud Safety Scam Security Websites

Hackers Construct Fraudulent Websites & Steal Data During 'Black Friday' Sales

 

In accordance with a new report, threat actors are hosting websites for malicious campaigns centered on the Black Friday theme, with e-commerce, cryptocurrency, and travel being the top targets. 

Researchers discovered that cybercrime forums in various languages are buzzing with talk about Black Friday. According to CloudSEK researchers, who also discovered an Ethereum giveaway scam website, while some actors promote their malicious services/campaigns, others seek to use them.

“Compromised personal identifiable information (PII) and banking credentials can be used to perform unauthorized transactions and social engineering attacks,” they warned.

CloudSEK's contextual AI digital risk platform 'XVigil' discovered hundreds of registered and operational Black Friday-themed domains. The impersonation of legitimate websites, services for Google/Facebook ads, and the spread of malicious applications were all common types of attacks.

The discovery revealed that website cloning is a common technique used by hackers of all levels of sophistication to host bogus copies of legitimate websites.

"The iconic Black Friday sale has now become a global theme, with cybercriminals of all levels and expertise attempting to launch malicious campaigns." "The majority of these campaigns misrepresent or impersonate popular brands and companies offering sales and services in order to defraud the public," Desai added.

The researchers cautioned against accepting freebies, attractive deals, or third-party solutions that appear suspicious.
Read more »
Websites
Cyber Attacks Data Hackers Safety Security Websites

Hackers Use These Five Common Ways to Hack Websites

 

Cybercriminals frequently target all websites. Data theft, remote access, and malware distribution can all occur through social media platforms, online retailers, file-sharing services, and other types of online services. Hackers employ a variety of techniques to infiltrate websites, the top 5 types of attacks are discussed in this article. 

1. Brute force attacks 

Brute force attacks employ a trial-and-error method of cryptography to allow hackers to force their way into a website. Cryptography allows data to be stored safely, but it also involves the process of code-solving, which is what cybercriminals are interested in. A hacker can use cryptography to guess passwords, login credentials, and decryption keys. This technique can even be used to locate hidden web pages.

2. Keyloggers and Spyware

An attacker can use a keylogger to record all keystrokes made on an infected device or server. It is a type of monitoring software program that is widely used in data theft. For example, if someone enters their payment card information while a keylogger is active, the malicious operator will be able to spend money without the card owner's knowledge. In the case of websites, the attacker may be able to conceal the credentials required to log in and gain access by monitoring a website administrator with a keylogger. Keyloggers are a type of spyware, and spyware can take many forms, such as adware and Trojans.

3.Man-in-the-Middle Attacks

A malicious actor eavesdrops on private sessions in a Man-in-the-Middle (MitM) attack. The attacker will place themselves between a user and an application in order to gain access to valuable data that they can exploit. Instead of simply eavesdropping, the attacker could pretend to be a legitimate party.


Because much of the intercepted data may be encrypted via an SSL or TLS connection, the attacker must find a way to break this connection in order for the data to be interpreted. If the malicious actor is successful in making this data readable, such as through SSL stripping, they can use it to hack websites, accounts, and applications, among other things.

4. Remote Code Execution 

Remote Code Execution (RCE) is a fairly self-explanatory term. It entails the execution of malicious computer code from a remote location through a security flaw. Remote code execution can take place over a local network or the internet. This enables the attacker to gain physical access to the targeted device and infiltrate it.

An attacker can steal sensitive data and perform unauthorized functions on a victim's computer by exploiting an RCE vulnerability. Because this type of attack can have serious consequences, RCE vulnerabilities are (or should be) taken very seriously.

5. Third-Party Exploits

Thousands of businesses around the world rely on third-party vendors, particularly in the digital realm. Many applications act as third-party service providers for online businesses, whether they process payments, authenticate logins, or provide security tools. However, third-party vendors can be used to gain access to their client's websites.

Attackers can take advantage of a security vulnerability, such as a bug, in a third-party vendor. Some third-party applications and services have lax security measures, making them vulnerable to hackers. This exposes sensitive data from a website to the attacker for retrieval. Even if the website has advanced security features, the use of third-party vendors can be a weakness.

Unfortunately, even when we use the proper security measures, websites and accounts are still vulnerable to attacks. As cybercriminals improve their methods, it becomes more difficult to detect red flags and stop an attack in its tracks. However, it is critical to be aware of the tactics used by cybercriminals and to employ the proper security practices to protect yourself as much as possible.


Read more »
Websites
Android Google Chrome Location Mobile Security Mobile Security News Mobile Security Threats Websites

Change These Settings to Prevent Your Android From Tracking You

 


You are being watched at every turn in today's connected world. You can have different kinds of apps and websites to track and collect your data for a wide range of purposes, both for personal and commercial use. A prominent example of this can be seen when Apple utilizes your data to process your transactions. Twitter can serve you with relevant advertisements, and Life360 can help it improve its location services based on your information.

There are, however, some apps and websites that utilize your personal information for the greater good, but not all of them. The same applies to your privacy, so it is always a wise idea to protect it as much as possible. 

The steps below are designed to help you stop your Android device from tracking you if you are using one. This includes deleting your web and app activity history, turning off your apps' location access, and disabling unnecessary location settings. 

By taking advantage of your location history 

The GPS feature of your Android phone is probably the most powerful way to track your location when using the phone. By signing into your Google account and allowing Location History to be enabled, Google can keep track of every place you visit when you are signed in. Several benefits can be gained from it, such as personalized maps, traffic reports, and the ability to find your phone when it is lost. These can enhance your experience in many ways. 

On the other hand, if you do not want Google following you everywhere, you can turn off location history. Here are the steps you need to follow to do so: 

  • Open the Settings app on your mobile device.
  • Open the Google search engine.
  • On the Google Account page, tap on "Manage your Google Account."
  • Click on the tab labeled "Date & privacy."
  • Next, below the History settings, select Location History. 
  • After that tap the "Turn off" button. 
  • Eventually, a dialog box will pop up, tap on "Pause". 
Regardless of whether you wish to delete your Location History or not, you can do so. As a result, you can remove data from the last 3, 18, or 36 months. 

You can set up Google to automatically delete your account by following these steps: 

  • Open Google Maps. 
  • Click on your profile icon. 
  • Select the timeline you wish to delete. 
  • Towards the top-right corner, click on the More icon (three vertical dots). 
  • Select "Settings and privacy" from the menu.
  • Under "Location settings," choose "Automatically delete Location History." 
  • Select "Auto-delete activity older than." 
  • From the drop-down menu, choose either three, 18, or 36. 
  • Tap Next. 
  • Select Confirm. 
  • Tap on the "Got it" button to exit. 

Your data will be automatically deleted from your account within the next few days if it has been older than the specified months. 

Tracing web and app activity 

Several settings on your phone can save your location, including Location History. The Web & App Activity gives you the same information as well as a lot more. Whenever you decide to enable Web & App Activity in your Google Account (via Google), you will be able to see the information you have entered and the location, IP address, ads you clicked, and even the things you have purchased (by Google). The following steps will guide you through the process of turning off this setting: 
  • Launch your Settings app. 
  • Scroll down and tap on Google. 
  • Select "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under "History settings," select "Web & App Activity." 
  • Click the "Turn off" button to disable Web & App Activity. 
  • Tap on Pause.
  • Click "Got it" to exit. 
  • Back on the "Web & App Activity" page, tap on the "Choose an auto-delete option" to automatically delete saved data. 
  • Select "Auto-delete activity older than."
  • From the drop-down menu, choose whether to delete saved data older than three, 18, or 36 months.
  • Click on Next. 
  • Select Confirm. 
  • Tap on "Got it" to exit. 

Update your location settings 


Additionally, you should also make sure that settings for your phone's location are changed, as well as blocking Google from saving your location. The settings you can turn off include the following:

Location

Scanners that help you locate nearby Wi-Fi and Bluetooth devices: The phone can detect nearby Wi-Fi and Bluetooth devices so it can get better location information based on their locations.

Location Services for Emergency Responses: Provides emergency responders with the ability to pinpoint your location when an emergency occurs.

Using the sensors on your phone, Wi-Fi, and the network of your mobile device, Google Location Accuracy improves the location information provided by your phone.

The steps listed below will guide you through the process of managing these settings (via Google): 

  • Launch the Settings app. 
  • Select Location. 
  • Toggle the slider off for "Use location" on top of the screen. 
  • Select "Wi-Fi and Bluetooth sharing." 
  • Turn off the sliders for both "Wi-Fi scanning" and "Bluetooth scanning." 
  • Return to the Location screen by clicking the Back button.
  • Select Advanced.
  • Tap on Emergency Location Service. 
  • Toggle the slider off if you prefer to do so. 
  • Return to the Location screen. 
  • Tap on Google Location Accuracy. 
  • Toggle the slider off next to "Improve Location Accuracy." 

Edit your device's permissions 

Location access is required by the majority of apps, if not all, so that you can get the best possible experience. If you live in a place where Facebook uses your location as an algorithm, you will be able to automatically include it when you post about it, find nearby places, and receive relevant ads.

By navigating to settings > Location > App access to location (via Google), you will be able to see which apps have access to your location and how they do it. The apps here fall under three categories: permitted all the time, permitted only while in use, and not permitted at all. If you have apps under "allowed all the time" and "available only while in use" that you want to remove location access to, simply tap the app. Then, select "Don't allow." 

The app will perform closer to your actual location if you enable the "Use precise location" toggle button for Android 12. This is only available when the app is running on Android 12, and when it does it uses your exact location. By switching this off, you will be able to see your approximate location instead of your exact location when you turn this off. Your location will appear to be somewhere within a radius of three kilometers of the actual location of the device. 

Check your Google Chrome settings 

It is common for you to come across websites when you are browsing the internet that will wish to know where you are located. A certain amount of help can be obtained from this method in some cases. Using a hardware retailer's website, for example, will allow it to display the closest hardware store near you, based on the information you provided on the company's website. 

You can check what websites currently have access to your location from your Google Chrome (via Google).

  • Launch the app. 
  • Tap on the More icon (three vertical dots) in the top-right corner of the screen. 
  • Select Settings. 
  • Scroll down to the "Advanced" section. 
  • Tap on Site settings. 
  • Select Location. 
  • Expand the "Allowed" section to check all the apps that can see your location. 
It is very simple to remove a site's location access by simply tapping on the site you wish to remove it from. Next, select the Block option from the drop-down menu. In addition, you can also turn off the location-sharing feature of Google Chrome to prevent it from tracking your location at all. By disabling this feature, you do not have to share your location with any sites you visit. Alternatively, if you are particularly concerned about the security of your data, you can consider switching to Tor or Firefox as alternative Android browsers. 

The advertising ID should be turned off

In today's world, ads are becoming more and more sophisticated. After researching plaid skirts one day, the next day you will be bombarded with advertisements for plaid skirts that you have never seen before. The ads online act as if they are watching every move you make and know exactly what you like before they ever reach your computer. Here, you will find instructions on how to disable this feature on your Android device (via Google). 

  • Launch your Settings app. 
  • Open Google.
  • Tap on "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under Ad settings, tap on "Ad personalization." 
  • Toggle off the slider next to "Ad personalization is ON." 
  • Select Turn off in the pop-up box. 
  • Tap on "Got it" to exit. 

However, disabling ad personalization does not mean you will stop seeing ads moving forward. They will still be there, but the upside is that they will only be general ads, not creepy personalized ones. 

If you disable ad personalization from your device, you may still see ads in the future despite disabling them.
Read more »
Subscribe to: Posts (Atom)