Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label data threat. Show all posts

Campaign Oversight Results in Leak of Senior Tories' Private Info

 


Although local party anger has been expressed over the selection of Conservative Chairman Richard Holden as the party's candidate for Basildon and Billericay, he has been appointed at the very last minute as the party's candidate. The BBC contacted two local Tory officials and they said Mr Holden was the only candidate offered by the National Party to represent Essex. 

The former Tory official said the move was a "slap in the face" for local Conservatives. The cabinet minister told the BBC that the decision had 'gone down like a bucket of cold sick'. He did not respond to requests for comment. A Conservative Party spokesperson said he had been "unanimously chosen". A Conservative Party spokesperson stated that he had been elected unanimously. Despite serving North West Durham, nearly 300 miles further north, since 2019, the party chairman will be expelled from the seat for this year's election as part of a review of UK seat boundaries, which means that he will have to find another seat. 

A small number of senior association members attended Mr Holden's address on Wednesday evening in the constituency where he represented the senior political association. It was reported that the entire local executive committee was quite dissatisfied with the way the central party handled the issue, but Mr Holden ultimately did "align" with the views and values of locals. In the opinion of another activist - who was not present in the room - the choice of Mr Holden was a "very poor decision" since several cabinet ministers are fighting marginal seats and are aware that they will lose their seats. In addition to making himself a safe seat, Richard has also used a process that is completely insane. 

As the Conservative Party scrambles to put together a full slate of candidates before the registration deadline on Friday, the Conservative Party is putting together a full slate of candidates. The Tory MP for Basildon and Billericay has been in the House of Commons since 2001. Last October, he announced that he would be leaving the House of Commons. As a result of his last election victory, the seat was attractive to the Tories as it yielded a 20,412 majority, which made it an ideal location for candidates of the party to run this time around. 

Earlier this year, the local association chairman, Richard Moore, told the BBC that the group would be given the option to pick their candidate at a meeting scheduled for a choice of three candidates from the national party. He added that local members were "extremely put out" that the party had waited until two days before the close of nominations to put forward a candidate. "This could have all been done in March or April," he said, adding that the central party had "sat on this for seven months". Andrew Baggot, a local Conservative councillor, also criticised the process, calling it a "slap in the face to local councillors, volunteers and the membership". 

Basildon Conservative Association's executive council is expected to meet next week to discuss the next steps for fighting the decision. According to him, members of the association are exploring options to fight the decision. There have been numerous selection disputes in the Labour Party involving left-wing candidates, including Diane Abbott, a close ally of Jeremy Corbyn. In addition, the Conservatives have been triggering discontent within local party branches for a while, following the same process as the opposition. The Conservatives are expected to fill dozens of seats before Friday, but they have also been following a systematic approach. 

While the party is scrambling to fill places, several Tory advisers have been selected to run for relatively safe seats for the party during the selection process. As it turns out, Will Tanner, an adviser to Prime Minister Rishi Sunak, has been chosen to run for Bury St Edmunds & Stowmarket. He is reportedly one of three candidates on the list drawn up by the party's headquarters. In Wellingborough and Rushden, Mr Sunak's deputy political secretary, David Goss, has been selected, while in Great Yarmouth, James Clark, a former adviser to the Defence Secretary, has been chosen. 

The Conservative Party usually shortlists and approves candidates through local Conservative associations, along with national officials who approve selections. The Labour Party normally offers local branches the opportunity to select candidates based on the longlists that have been approved by the central party. In the closing days of the campaign, local members have been reduced to less than their usual role, as the national party is focusing on filling target seats or seats where MPs are stepping down or suspensions are taking place. As a result, Alex Harrison has been selected as the Labour candidate for Basildon and Billericay, while Stephen Conlay has been selected as the Reform UK candidate and Stewart Goshawk has been selected as the Green candidate.

Regenerate and Conquer: Wolverine's Real-Time Damage System to Dominate the Gaming Landscape

 


Marvel's Wolverine has leaked details which suggest that the game will use advanced features, even those that are not available on current PlayStation 5 hardware, to play the game. In the recent Insomniac data breach, a new rumour has been circulating suggesting that the upcoming Marvel film Wolverine may include real-time damage and regeneration, as Logan's powers in the comics were. 

It has been suggested that the recent data leak from Insomniac might have sparked speculation about Marvel's Wolverine, suggesting that it will include real-time damage and regeneration as if Logan's abilities in comic books were to be emulated.

In addition to the plot and characters in the game, this leak has also revealed footage of early Alpha builds of the game, which is one of the most intriguing revelations about the game. One of the most interesting revelations is that Logan's healing factor might be implemented as part of the game's plot. 

Insomniac documents have been leaked for several weeks now, but users are still finding interesting things about them despite it not being long since they were leaked. In response to the leaked gameplay from the vertical slice of Marvel's Wolverine, users had mixed reactions: many viewers of the initial version of the game criticized the combat system, pointing out that there was insufficient blood and damage to the enemies as well as Logan.

They also complained that there was no regeneration system as in X-Men Origins: Wolverine. Although it appears that the release version of the game will make this much better, it is still too early to tell. There was a lot of anticipation among Marvel gamers when Insomniac announced the development of Marvel's Wolverine in 2021, a series of games that were critically acclaimed for their Spider-Man titles. 

With the promise of a darker and more brutal take on the mutant hero, as well as an intense combat style, the anticipation surrounding the game has been growing rapidly. There were, however, many setbacks associated with the excitement, as Insomniac suffered a massive ransomware attack that compromised the company's sales and development records, resulting in the loss of significant sales and marketing information. 

Among the many details revealed by this breach was the fact that Marvel's Wolverine was a fully playable PC version, much to the dismay of both the developers and the fans involved in the game. According to the Insomniac Games document, there will be real-time damage to the characters in the game, according to leaks. 

Furthermore, the game has been leaking even more intriguing information. There is no doubt that Wolverine's healing factor is incredibly effective, helping him recover from damage like ripped skin, bulletshots, or even death. It is not clear from the leaked footage that the healing factor is a major goal of Marvel’s Wolverine, but Insomniac Games emphasized that it is an important part of the game, along with other targets. 

The regeneration system in X-Men Origins Wolverine, released in 2009, appears to be quite elaborate despite the low production value of the game. Though the game doesn't look that great in terms of production, it appears that it could serve as an inspiration for the upcoming game. An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. 

In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. 

Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

It may be that Insomniac will implement a costume damage system in Wolverine in addition to regeneration for a more immersive experience, which follows the implementation of the costume damage system in Spider-Man 2. In any case, Wolverine's release date is confirmed to be 2026 (according to hacked internal documents released after the attack on Sony), and a lot can change in those two years. 

While Insomniac is currently experimenting with real-time healing, one of the most impressive aspects of Origins is the ability to heal players in real-time, making it even better. Besides destruction and dynamic weather in Marvel's Wolverine, the film will also include supernatural elements. 

It's expected that the PS5 will be able to handle the game in a very impressive way with the combination of all of these systems. The leaks have also made it clear that the game will aim to achieve a visual level similar to the one that was seen in Hellblade 2 and that may be an interesting piece of information.

Guarding the Gate: How to Thwart Initial Access Brokers' Intrusions

 


The term "Access-as-a-service" (AaaS) refers to a new business model in the underground world of cybercrime in which threat actors sell one-time methods to gain access to networks to infiltrate networks for as little as one dollar. 

One group of criminals, which are known as access brokers, initial access brokers, and initial access traders (IABs), are stealing credentials of enterprise users and selling them to other groups of attackers. There are also encryption tools that can be used by these buyers to secretly exfiltrate your personal information from the target organization using malware-as-a-service (MaaS) or ransomware-as-a-service (RaaS). 

Cybercrime-as-a-service (CaaS) is a growing trend that is increasingly being used as a platform for committing crimes. A significant portion of the evolution of ransomware attacks over the last decade has taken place at both the technological level and organizational level as threat actors have attempted to expand the scope and profitability of their operations. 

A pivotal factor behind the widespread increase in the frequency and complexity of ransomware attacks can be attributed to the provision of ransomware as a service (RaaS). RaaS, which operates much like SaaS, and involves the creation of ransomware capabilities and selling or leasing them to buyers, has lowered the barrier to entry for the extortion business and provided a simpler and more accessible model. 

There are now a number of operators working together in unison to orchestrate the attacks in order to achieve the goal, including Users, Affiliates, and Initial Access Brokers, who act as a cohesive team. According to the recent report, "Rise of Initial Access Brokers", these intermediaries, which are the first to get access to cyberattack victims, are playing a key role at the top of the kill-chain funnel of cyberattacks. 

An independent analysis bureau (IAB) can be defined as a de facto intermediary whose business model is exactly what their name suggests: they breach the networks of as many companies as they are able to. Upon accessing victims, they then sell to the highest bidders at the highest prices. There is a tendency for ransomware groups to buy the ransomware from the buyers. 

A growing number of independent advisory boards have been formed recently mainly as a result of the pandemic and the ensuing migration to work from home. As a result of workers log in remotely and connecting to untrustworthy Wi-Fi networks, untrustworthy Wi-Fi networks can be exploited to allow attackers to gain access to systems.

There is a growing trend among cybercriminals of scanning at scale for vulnerabilities that will allow them to access remote systems, such as virtual private networks (VPNs) and selling this access to their victims. Once the details of a vulnerability are made public, the Information Assurance Business deploys info stealers to gather keystrokes, session cookies, credentials, screenshots and video recordings, local information, browser history, bookmarks, and clipboard material from the compromised device as soon as the details are made public. 

As soon as an information stealer is installed in an organization or system, a remote access Trojan (RAT) will begin to collect raw log files to log information. As a result, these logs are manually reviewed to identify usernames and passwords that may be used to sell or monetize identities on the Dark Web. This means that IABs are seeking login credentials to access virtual private networks (VPNs), remote desktop protocols (RDPs), Web applications, and email servers that will aid in the recruitment of spear phishing scammers and potential business email compromise schemes. Occasionally, some brokers have direct contact with system administrators or end users who may be willing to sell access to their systems directly through them. 

Threat groups have been advertising (on the Dark Web) in recent months for administrators and end users who are willing to share their credentials with them in exchange for large amounts of cryptocurrency in exchange for sharing credentials for a few minutes. 

Threat groups have contacted employees from specific organizations to obtain access to their systems in exchange for larger payments. It is safe to say that initial access brokers have taken the spotlight in the past year because they have demonstrated a significant ability to facilitate network intrusions by ransomware affiliates and operators, and they have been very successful at it. As the cybercrime underground ecosystem becomes more active and popular, these initial access brokers ("IABs") will continue to gain popularity as the cybercrime underground ecosystem grows. 

A Guide to Defending Against Access Brokers 


Users should identify their attack surface and develop a plan to address it, to close security gaps, security teams must gain an outside-in perspective on their entire enterprise attack surface. Empower user security teams to map their assets, visualize attack paths, and define plans to address them so that they can close the gaps.  

Identity protection should be considered a priority, today, plenty of malware-free attacks, social engineering, and similar attempts have been made to steal and use credentials, making it crucial that strong identity protection is implemented. Employees need to be taught about social media, not just how to use it. 

Avoid announcing department closures or IT service changes on social media, and remind them to refrain from sharing private information on social media. Users should train their staff not to share credentials over support calls, emails, or support tickets. 

Finally, users should avoid publishing executive or IT contact information on their company's website — it might facilitate impersonation attempts on their behalf. 

To protect the cloud, a strong cloud protection strategy is required. There have been increasing attacks on cloud infrastructure and attackers have been employing a variety of tactics, techniques, and procedures to compromise cloud-based data and applications that are critical to businesses. 

The role of IABs in the realm of RaaS (Ransomware-as-a-Service) is continuously evolving. By understanding and keeping up with their shifting tactics, methods, and trends, organizations can better prepare themselves to effectively mitigate the risk and impact of ransomware attacks. As IABs continually remodel and refine their strategies, it becomes increasingly crucial for organizations to adopt and implement robust security measures. 

Strengthening the security of the supply chain, implementing multi-factor authentication across all systems and platforms, deploying advanced threat-hunting solutions to proactively detect and prevent attacks, and conducting regular and comprehensive training sessions for employees are key steps that organizations should take to effectively mitigate the growing threat posed by IABs.

Uber's Costly Mistake: AUS$412,500 Fine for Spam Emails in Australia

 


There are many services offered by Uber Technologies, Inc., commonly known as Uber, which is a multinational company that offers a wide array of services, like ride-hailing, food delivery, and freight transportation, to its customers. 

Founded in California, the company is located in around 70 countries around the world, providing its services in over 10,500 cities around the globe, from its headquarters in San Francisco. On a global scale, Uber brings together more than 6 million active drivers and couriers daily, which gives the app an extremely high user base, with more than 131 million active users every month. 

The platform facilitates an estimated 25 million trips on a typical day, which is a record for the platform. The United States' largest ride-sharing company, Uber, has played a significant role in enabling a remarkable 42 billion trips since its establishment in 2010. Uber has also made a significant contribution to enabling a large share economy through opportunities such as the sharing economy. 

AFP reported that Uber was fined Aus$412,500 ($260,000) by Australian Communications and Media Authority (ACMA) for sending more than two million emails to customers in violation of anti-spam laws, as the company had violated anti-spam laws by sending over two million emails.  

There was a bulk email campaign distributed in January that marketed a new service that delivered alcohol to people at their homes. Furthermore, the company did not provide the option for customers to unsubscribe from the mailing list. Further, over 500,000 emails were sent to recipients who previously indicated that they did not want to receive marketing emails from us in the future. 

There are explicit laws in the Australian laws that prohibit companies from sending marketing emails without receiving the express consent of the recipient. Additionally, these laws require that the email recipients be provided with a clear option to unsubscribe from these mailings.

It has been noted that Nerida O'Loughlin, the chair of the ACMA, described Uber's actions as an 'avoidable error' and that the importance of respecting the preferences of customers cannot be overstated, given that customers are becoming increasingly frustrated when their requests are not met. 

As a response to these violations, Uber has apologized for sending these marketing emails, admitting that they had made an error in sending these emails. According to their apology, Uber acknowledged that they had made an error in this regard as well. 

According to ACMA reports, over the past 18 months, the total amount of penalties and fines paid by Australian businesses for violating spam and telemarketing laws has been over Aus$11 million. Accordingly, Uber has been fined an amount of Australian dollars 412,500 (equivalent to US dollars 260,000) in response to these violations. 

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.

Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

 


A fine of 1 million crowns ($98,500) will be imposed on the owner of Facebook, Meta Platforms, by the Norwegian Data Protection Authority (Datatilsynet) starting August 14 due to a privacy breach that occurred before that date. A significant penalty of this magnitude could have major implications for other countries in Europe as well since it may set a precedent.

In a court filing, Meta Platforms has requested that a court in Norway stay a fine imposed by the Nordic country's information regulator on the company that owns Facebook and Instagram. It argued that the company breached users' privacy via Facebook and Instagram. 

It appears that Meta Platforms has filed a court filing requesting a temporary injunction against the order to prevent execution. During a two-day hearing to be held on August 22, the petition will be presented by the company. Media inquiries should be directed to Meta company's Norwegian lawyer, according to company's Norwegian lawyer. An inquiry for comment was not responded to by Meta Platforms. 

According to Datatilsynet, Meta Platforms have been instructed not to collect any personal data related to users in Norway, including their physical locations as part of behavioral advertising, i.e. advertising that is targeted at specific user groups. 

Big Tech companies tend to do this type of thing a lot. Tobias Judin, Head of Datatilsynet's international section, said that the company will be fined 1 million crowns per day as of next Monday if the company does not comply with the court order. 

Meta Platforms have filed a court protest against the imposition of the fine, according to Norway's data regulator, Datatilsynet. Datatilsynet will be able to make the fine permanent by referring the decision to the European Data Protection Board, which also holds the authority to endorse the Norwegian regulator's decision, after which the fine will be effective until November 3 at which point it could be made permanent by the Norwegian regulator. 

Successful adoption of this decision would have an impact on the entire European region if it were to be approved. Currently, Datatilsynet has not taken any further steps in implementing these measures. In a recent announcement, Meta announced that it intends to seek consent from users in the European Union before allowing businesses to use targeted advertisements based on how they interact with Meta's services like Instagram and Facebook. 

Judin pointed out that Meta's proposed method of seeking consent from users was insufficient and that such a step would not be wise. As a result, he required Meta to immediately cease all data processing, and not to resume it until a fully functional consent mechanism had been established. There is a violation of people's rights with the implementation of Monday, even though many people are unaware of this violation. 

A Meta spokesperson explained that the decision to modify their approach was prompted by regulatory obligations in the European region, which came as a result of an order issued in January by the Irish Data Protection Commissioner regarding EU-wide data protection regulations. 

According to the Irish authority, which acts as Meta's primary regulator within the European Union, the company is now required to review the legal basis of the methods that it uses to target customers with advertisements. While Norway may not be a member of the European Union, it remains a member of the European Single Market, even though it is not a member of the EU.

Pakistan Election Commission Faces Cyber Attack

 

The Pakistan Election Commission recently encountered a significant cyber attack, jeopardizing the security and integrity of its electoral processes. This incident has raised concerns regarding the protection of sensitive data and the potential implications for the country's democratic system. The attack, believed to be a ransomware incident, targeted the Election Commission's computer systems and disrupted its operations. 
According to the latest reports from reliable sources, the Election Commission of Pakistan (ECP) confirmed the cyber attack and issued an advisory to its staff members. The advisory highlighted the need for increased vigilance and adherence to cybersecurity protocols to mitigate any further threats. The ECP, in collaboration with cybersecurity experts, is actively investigating the incident and working towards restoring the affected systems.

The ECP's response to this cyber attack is crucial in maintaining public trust and confidence in the electoral process. As a neutral body responsible for overseeing elections, the Election Commission plays a vital role in upholding democratic values and ensuring free and fair elections. A successful cyber attack on the ECP could potentially compromise voter data, electoral rolls, and other critical information, leading to serious implications for the democratic functioning of the country.

In light of the incident, cybersecurity experts emphasize the significance of robust security measures for electoral systems. Dr. Aftab Ahmed, a cybersecurity analyst, expressed the need for comprehensive cybersecurity frameworks to protect sensitive data. He stated, "Ensuring the security of electoral systems is paramount in safeguarding the democratic process. The Election Commission must invest in advanced security measures and regularly update their systems to counter evolving cyber threats."

The ECP must also prioritize staff training and awareness programs to enhance cybersecurity practices. Cybersecurity specialist Sarah Khan emphasized, "Human error is often the weakest link in the security chain. By promoting cybersecurity awareness and providing regular training to employees, the Election Commission can significantly reduce the risk of successful cyber attacks."

Collaboration between the ECP, cybersecurity specialists, and relevant government entities is essential to thwart future attacks and strengthen the Election Commission's defenses. The tragedy should act as a wake-up call for the government to spend enough funds and build a solid cybersecurity framework suited to the particular needs of the election system.

While investigations continue, the ECP must move right away to fortify its cyber defenses, restore compromised systems, and guarantee the validity of the next elections. The Election Commission can lessen the danger of future cyberattacks and protect the integrity of the voting process by adopting cutting-edge security measures and establishing a culture of cybersecurity.


JavaScript Registry npm at Risk

 

The JavaScript registry npm, a vital resource for developers worldwide, has recently come under scrutiny due to a significant vulnerability known as manifest confusion. This flaw allows attackers to exploit the npm ecosystem, potentially compromising the integrity and security of countless JavaScript packages. The repercussions of such abuse are far-reaching and could have severe consequences for the development community.

The exploit, first discovered by security researchers, highlights a fundamental flaw in the way npm handles package manifests. Package manifests contain essential information about dependencies, versions, and other metadata necessary for proper functioning. However, attackers can manipulate these manifests, tricking npm into installing malicious or unintended packages.

The severity of the issue is further exacerbated by the fact that the exploit affects not only a specific package or a handful of packages but has the potential to impact the entire npm ecosystem. With over one million packages available for public use, developers relying on npm must be vigilant in ensuring the integrity of their dependencies.

The vulnerability arises from a lack of strict validation and enforcement mechanisms in npm's package management process. By crafting specially designed manifests, attackers can exploit the confusion arising from naming similarities and version discrepancies, effectively bypassing security measures and injecting malicious code into legitimate packages.

The consequences of a successful manifest confusion attack are wide-ranging. Developers relying on npm could unwittingly introduce compromised packages into their applications, leading to a variety of security vulnerabilities and potential breaches. This could result in the theft of sensitive user data, unauthorized access to systems, or the disruption of critical services.

The npm development team has been made aware of the vulnerability and is actively working to address the issue. In response to the community's concerns, npm has implemented stricter validation checks and is exploring ways to enhance the package management process to prevent future attacks. However, mitigating the risk entirely will require the cooperation and diligence of package maintainers and developers.

Developers are recommended to manage their dependencies carefully in the interim. Before integration, it is critical to ensure that packages are authentic and intact, that they come from reliable sources, and that they have not been tampered with. Keeping packages updated to the most recent versions and signing up for vulnerability alerts can both reduce the chance of exploitation.

The npm ecosystem, which enables quick and effective software development, is a key tenet of the JavaScript development community. However, the integrity and security of this ecosystem are seriously threatened by the manifest confusion vulnerability. It is essential that npm and the larger development community solve this problem right away, working together to fortify the defenses against possible attacks and secure the future of JavaScript development.




Four Red Flags Warning You of a Hacked Wi-Fi Router

 

Wi-Fi has become a necessary component of our daily lives in today's hyperconnected society. Everything from watching movies online to doing our banking online depends on it. But this convenience also raises the possibility of cyberthreats, such as the hacking of our Wi-Fi routers. Numerous recent investigations have alerted billions of Wi-Fi customers to four warning signs that their routers may have been hijacked.
  1. Sluggish Performance: One of the first signs that your router may have been hacked is a noticeable decline in its performance. If your internet speed suddenly becomes slower than usual or if you experience frequent disconnections, it could be a red flag. Hackers often use compromised routers as a gateway to carry out their malicious activities, which can result in a significant drop in network performance.
  2. Unauthorized Access: If you have noticed any unfamiliar devices connected to your Wi-Fi network, it's a clear indication that your router's security may have been breached. Hackers gain unauthorized access to routers and connect their devices to snoop on your internet traffic, steal sensitive information, or launch further attacks on other connected devices.
  3. Unexpected Behavior: Another red flag of a hacked router is the occurrence of unusual or unexpected behavior. This could include your router's settings being changed without your knowledge or consent, strange error messages appearing, or unknown devices attempting to access your network. These abnormal activities should raise suspicion and prompt further investigation.
  4. Increased Data Usage: If you notice a sudden and significant increase in your monthly data usage, it could be a sign of a hacked router. Cybercriminals may use compromised routers to carry out activities such as distributing malware, participating in botnets, or mining cryptocurrencies, all of which can consume a substantial amount of data without your knowledge.

So, what can you do if you suspect your router has been hacked? Here are a few steps you can take to address the issue:
  • Change Router Passwords: Begin by changing the administrative password for your router. Use a strong, unique password that combines upper and lowercase letters, numbers, and special characters.
  • Update Firmware: Check if there are any available firmware updates for your router and install them promptly. Manufacturers often release updates to address security vulnerabilities and improve overall performance.
  • Enable Encryption: Ensure that your Wi-Fi network is encrypted with a strong security protocol, such as WPA2 or WPA3. This will help protect your network from unauthorized access.
  • Scan for Malware: Run a comprehensive antivirus and anti-malware scan on all devices connected to your network. This can help detect and remove any malware or malicious programs that may have been introduced through the hacked router.
  • Contact Your Internet Service Provider (ISP): If you suspect that your router has been compromised, reach out to your ISP for assistance. They can provide guidance and support in resolving the issue and may even replace the router if necessary.
Knowing the warning signs that suggest your router may have been compromised is essential. You can safeguard your private information, maintain a secure Wi-Fi network, and make sure that you and your family have a safer online experience by quickly recognizing and responding to these indicators. Take proactive measures to protect your router and the network's attached devices by being alert, educated, and cautious.

A Hospital Chain Cyberattack is Expected to Take Time to Investigate

 


It took security experts up to Friday to prepare for the coming challenge of determining what the full impact of a cyberattack may be on patients and hospitals at one of the largest health systems in the U.S. Security experts warned that it often takes time to assess the full impact of the attack on patients and hospitals.

Common Spirit Health confirmed earlier this week that they have experienced an information security breach. However, they are yet to respond in detail to questions about the incident. This includes how many of the company's 1,000 care sites serving 20 million Americans were affected by this issue. The health system giant, which is the second-largest nonprofit health system in America, has 140 hospitals in 21 states.

"Several things have to be considered when one is attempting to restore all their systems and finding out the scope of the attack," says Allan Liska, an analyst with the cybersecurity firm Recorded Future. In other words, you are trying to get patient care up and running so that patients can receive care; you are trying to get your doctors and nurses back to using the systems they need to continue their work.

In the healthcare industry, cyber attackers are increasingly considering targeting healthcare organizations - especially those who use malware to lock up a victim's files and manipulate the information to profit from their activities. According to the U.S. government, Ransomware has remained a persistent threat to the industry. This is among the 16 categories of critical infrastructure that the U.S. government identifies as critical.

"The actors behind ransomware will probably know that this will cause a lot of disruption," Liska explained.

As a result, the global healthcare system in 2021 has seen an unusually high number of attacks, with 285 publicly reported cases reported worldwide, according to Liska. Since the beginning of the year, Liska has tracked 155 attacks, an average of 20 attacks per month, suggesting a growing problem. Nevertheless, he estimated that only about 10% of ransomware attacks are publicized, and publicized attacks are highly rare.

Several cyber security experts have said that years of work have promoted a sense of trust among healthcare leaders in the FBI and other federal agencies that target cybercrime.

An FBI spokesperson declined to comment on whether they were investigating the cyberattack on CommonSpirit Health as part of their cybercrime investigation.

According to John Riggi, who serves as the American Hospital Association's national advisor for cybersecurity and risk, he was not qualified to discuss CommonSpirit in particular. Although, in general, he said, it can take days, weeks, or even months to figure out how an attacker gained access to the network, determine what damage has been done, as well as prevent any further damage from occurring.

As Riggi, a former FBI agent who worked for nearly 30 years in the field of cyber security, emphasized that a significant cyberattack on a hospital could pose a serious threat to patient safety and that it was taken seriously by the U.S. government. A major goal of their organization is to identify the attacker and disclose their identity and methodology.

"They don't want to show their hands, and they do not want to divulge what they know about the bad guys," the officer said. During the processing of a crime scene, you are working on the scene in real-time."

However, there is a risk that cyberattack victims who fail to communicate their response plan to attackers and their recovery strategies are at increased risk of being targeted by cybercriminals. This is predicted by Mike Hamilton, the chief information security officer at Critical Insights Cybersecurity in Washington state.


FBI Warns Election Officials of Credential Phishing Attacks

 

Recently, on Tuesday the Federal agency of United states FBI has released a warning report regarding the US election officials being targeted in an ongoing and widespread phishing campaign by unidentified malicious actors in an attempt to steal their credentials since at least October 2021. 

FBI revealed that the group of hackers has used various methods to redirect their targets to phishing pages and trick them into entering their login credentials. Reportedly, hackers used compromised email addresses of US government leaders to spoof US businesses. 

"If successful, this activity may provide cyber actors with sustained, undetected access to a victim's systems," the FBI said in a private industry notification.

"…As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials." 

According to the FBI intelligence, the threat actors have targeted the officials in the three separate "coordinated" phishing attacks and breached accounts of elected officials across at least nine states, Additionally, representatives of the National Association of Secretaries of State were also impacted in October. 

The first attack came to light on 5 October when unrecognized hackers used two email addresses, one from the compromised account of a government official, in an attempt to steal the login data of elected leaders. Less than two weeks later, two identical phishing attacks had been seen from the email addresses linked to US businesses. 

It has been noticed that in each phishing attack, the group of attackers sent an email recognized as "INVOICE INQUIRY.PDF,” which once opened, redirected users to a credential-harvesting website.

Following the incident, the FBI and the US federal law enforcement agency said that the threat “is still very real” and is heading into the 2022 election season. The group of hackers who are behind this phishing campaign will likely continue the attacks against US election officials with new phishing emails as the 2022 midterm elections are closing in. 

The threat intelligence asked network defectors to educate officials against these attacks on how to identify phishing, social engineering, and spoofing attempts and how to protect their systems against such common threats.

Private Proof-of-Vaccine App Portpass Continues to Expose Users Data After Relaunched

 

Private proof-of-vaccination app Portpass continues to expose the personal credentials of users despite the company’s earlier assurances regarding data security. According to the report, personal information belonging to more than 17,000 users has been leveraged including passports data, driver's licenses, and financial information, etc. The user's profile on the app's website could be easily accessed by anyone publicly.

In late September, the Calgary-based smartphone app was taken offline for a short period after CBC News disclosed that users' information was being leveraged and anyone could have accessed the user's personal data. 

After the incident, the app was relaunched in October and the Portpass website gave assurance to users that it will look after their private information and give full protection to their "health privacy and data security at the highest level" and that their "data and information is kept secure at all times." However, data security threats have still been constantly reported by software experts.

The Calgary-based app, asks its users to upload personal credentials on the app so it could be an aid in a proof-of-vaccination system for people who want to access restaurants, concerts, and other events that made it mandatory for attendees to be vaccinated against COVID-19. 

Before September, the Portpass was excessively used by people; alongside, Calgary promoted its app as the "preferred and fastest" method for fans attending games at the Saddledome to show their vaccination status, however, they removed that description after the security flaws were reported. 

In an interview, Portpass CEO Zak Hussein said, "I was unaware of that, that's crazy. At that point, I am considering pulling the plug on Portpass, especially considering Alberta and Ontario have since launched their own apps…” 

"…Maybe we need to just take down this app because there's just all this going on and it's not worth it, I mean, I haven't even made a dollar on this”. 

“I need to talk to the software developer about the next steps. I'm just going to tell them to turn off the app." He further added.

Reportedly, Hussein did not take the app down, instead updated the software on Wednesday with a note reading "Improved security of the app."

Balikbayan Foxes: Threat Group Impersonating The Philippine Entities

 

Proofpoint has discovered a new and “highly functional” cybercriminal group that is impersonating many departments of the Philippine government and businesses to spread Trojan malware. The group dubbed "Balikbayan Foxes" and tracked as TA2722, is mainly targeting Shipping/Logistics, Business Services, Manufacturing, Finance, Pharmaceutical, and Energy entities across the region. Alongside, the group is also targeting other countries including North America, Europe, and Southeast Asia. 

The threat actors have conducted a series of campaigns throughout 2021 in which the group impersonated various Philippine government bodies including the Philippine Overseas Employment Administration (POEA), the Department of Health, and the Bureau of Customs to send phishing emails. The other campaigns were personated by the group named the Manila embassy for the Kingdom of Saudi Arabia (KSA) and DHL Philippines. 

According to the research, seeing the continuous pattern of spoofing email addresses and delivering lures designed to impersonate government bodies, it's clear that the threat actors are targeting the organizations that are directly or indirectly connected to the Philippine government. Besides, threat actors used themes related to COVID-19 infection information, invoicing, billing, and industry advisories. Some of the targets are involved in a very large supply chain, so if it gets compromised, it could have a far-reaching impact. 

Research conducted at Proofpoint identified that in every campaign the threat actors distributed either Remcos or NanoCore remote access trojans (RATs). Remcos and NanoCore Trojans are mainly used for surveillance, information gathering, monitoring data theft operations, and control of compromised computers. 

It has been observed that in a series of campaigns, different mechanisms have been used in some cases, phishing emails were sent containing OneDrive URLs linking to RAR files with embedded UUE files, whereas in others, crafted.PDFs were attached containing embedded URLs leading to compressed executables (.iso files) that download and run malware. The group has also used another common malware payload deployment method that involved MS Excel documents containing macros which if activated will execute Trojan. 

The reports also showed that Balikbayan Foxes is expanding and advancing its tactics. The group is highly activated at present time, the research added. 

A Silicon Valley Venture Capital Firm Attacked by A Ransomware; Asked for Ransom


A Silicon Valley advanced technology venture capital organization was hit hard by a ransomware attack in July 2021. The firm with more than $1.8 billion possessions is going through a search operation and fixing its systems. 

According to the data, malicious actors got access into the system and stole important data including the personal information of the company’s private investors, and limited partners. 

After the findings, a letter was written to the Maine attorney general’s office, in which ATV expressed that the firm only got to know about the attack on July 09th when its servers storing financial information had been encrypted by ransomware. Along with this, on July 26th, the firm found that the data had been stolen from the servers before the files were encrypted. 

ATV mentioned that a common “double extortion” tactic was used by the group, and also, the ransomware group menaced to upload the data online if the ransom is not being paid. ATV believes that the group targets the personal data of individual investors including the names, email addresses, social security numbers, and phone numbers in the attack. 

According to a listing on the Maine attorney general’s data breach notification portal around 300 individuals were affected by the attack, including one from Maine. While ATV already informed the FBI about the attack, no further technical details have been reported. 

The venture capital organization founded in 1979, is based in Menlo Park, California with offices in Boston. The firm extensively invests in technology, software and services, communications, and healthcare technology. Venture capital is known for its secret investors. The firm does not publically disclose its investors. However, in certain circumstances, the firm discloses names of investors such as those who invest millions into a business venture. The firm always gives different reasons for this, but analysts say it is because of market competition.

Ransomware Attempt Volume Touching Over 300 Million, Sets Record




A new investigation report has been published by SonicWall network security organization in which it stated that ransomware attacks have been increased rampantly in the first half of 2021, with 304.7 million attempted attacks observed by the organization. 

SonicWall researchers' team has discovered several attempted ransomware attacks in both April and May, however, the record of these two months was knockdown by June, which recorded 78.4 million attempted ransomware attacks. 

According to the study, the total figure of ransomware attacks that has been observed by SonicWall in the first half of 2021 has broken the record of 2020's total attempts. 

"Even if we don't record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded," the report read.

According to the 2021 SonicWall Cyber Threat Report, some world's developed counties including the US, the UK, Germany, South Africa, and Brazil topped the list of countries most hard hit by ransomware in the first half of 2021. 

This report has also mentioned the names of some of the US districts that have been impacted more was Florida, which saw 111.1 million ransomware attempts, New York had 26.4 million, Idaho saw 20.5 million, and Rhode Island, as well as Louisiana, has to face nearly 9 million ransomware attacks attempts. 

Furthermore, the report touched upon what these ransomware attacks are doing with organizations' systems. The network collects malware and IP-sensitive credentials from tens of thousands of firewalls and email security devices from all over the world. 

As per the report, in 2021, the most common targets are important governmental organizations such as financial institutions, defense, and information broadcasting institutions; Governments face more attacks than any other industry each month. By the month of June, government customers saw 10 times as many ransomware attempts and an overall spike of 917%. 

Customers in the education field have been found to be largely targeted by ransomware attempts, with an increase of 615%. SonicWall Capture Labs threat researchers have found an increased risk of ransomware attacks across healthcare (594%), as well as retail (264%) organizations.

According to data from SonicWall's Capture Labs, the three ransomware groups including Ryuk, Cerber, and SamSam are alone responsible for 64% of all attempted ransomware attacks. Ryuk attempted 93.9 million attacks, however, a new hype has been seen in 2020, tripling Ryuk attempts. 

On the other hand, Cerber attempted 52.5 million ransomware attacks in 2021 while SamSam group has increased its attempts by 49.7 in 2021, from last year's 15.7 million attempts. 



Fake Oximeter Apps For Smart Devices, Here’s How To Check If It’s Safe Or Not

 

In recent days the demand for oximeters has gone up owing to the deadly second wave of Covid-19 in India. Earlier today, cybersecurity intelligence has reported that many fake oximeter apps are available on the Play Store. 

The researchers’ group from Quick Heal Security Labs has discovered that the threat actors were exploiting the official apps with a trojan to get access to users’ banking credentials.

“Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement. 

These days Oximeter device has become very crucial to fight the Coronavirus as this device helps in monitoring blood oxygen levels in the human body. Meanwhile, various Oximeter apps are available on Android mobile devices that can help you in measuring your blood oxygen levels without any charge. 

However, these fake apps can cost you more than you can expect. According to the Quick Heal report, fake oximeter apps can exploit your online financial data for PhonePe, Google Pay, Paytm, etc. The Indian government has also warned against these apps. 

According to the findings, threat actors target those app stores where they can find both free and paid apps. They use several different tools such as GitHub or firebase to employ fake apps and various types of app markets like QooApp, Huawei, etc. 

How you can protect your financial data from fake oximeter apps? 

Here are some things to remember before downloading an oximeter app on your device: 

•  Don’t open links shared through messages or on social media platforms. 

• Check for grammar errors in the app descriptions as attackers usually use the wrong English.

•  Reviews and ratings can also be fake, focus more on reviews with low ratings. 

"Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails, and WhatsApp. These avenues don`t invest in security and hence make space for any type of app, including the infected ones,” researchers further added. 

What is Email Spoofing? How Hackers Impersonate Legitimate Senders

 

Email spoofing is easily the most commonly employed way by threat actors for initiating phishing and spam attacks. Normally, hackers use this technique to trick users by making them believe that the email that is being sent to them is either coming from someone they know or a trustworthy source  

In Email spoofing attacks, the hacker creates an email header so that victims’ software unveils the illegal sender address. Unless they examine the header firmly, users see the fraud sender in the message. If the user acknowledges the given name, he will be more likely to trust it and click on malicious links or file attachments to send personal credentials and even financial information. 

Email spoofing attacks are achievable because the Simple Mail Transfer Protocol (SMTP) or the core email protocols do not facilitate any authentication mechanism for checking on such spam or phishing attacks that allow hackers to mislead or even prank the recipient about the origin of the message. 

However, email address authentication protocols and mechanisms have been developed to combat such spam attacks; adoption of those mechanisms has been slow. 
 

Besides the common  purposes behind ‘phishing or spam attacks, there are several others as mentioned below:

  • Hiding the sender’s true identity
  • Pretending to be someone 
  • Avoiding spam blocklists
  • Pretending to be from a business 
  • Sending messages in someone’s name 
  • Tarnishing the image of the assumed sender
 
Since the email protocol SMTP (Simple Mail Transfer Protocol) does not provide a strong authentication mechanism that made things easy for malicious actors, several frameworks have been developed to allow authentication of incoming messages including SPF (Sender Policy Framework), DKIM (Domain Key Identified Mail), and DMARC (Domain-Based Message Authentication, Reporting, and Conformance). 

To avoid becoming a victim of email spoofing attacks, it is imperative to have an updated anti-malware software. Additionally, when you feel unsure about the email, contact the sender directly