Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

malware
C2 Exploit Decoy Dog DNS attacks Infoblox malware

Uncovering the Decoy Dog C2 Exploit: Infoblox's Finds Dangerous Threat

Decoy Dog

Finding recent reports on Domain Name System (DNS) attacks may prove difficult as a report by IDC in 2021 highlighted that 87% of organizations encountered a DNS attack in 2020. 

Despite this, DNS is not typically considered a prominent target in attacks, likely due to complex security terminologies such as DNS over TLS or HTTP. According to a report by CloudFlare, DNS queries in plaintext can be encrypted with TLS and HTTP to ensure secure and private browsing. 

In spite of this, Akamai's DNS threat report for Q3 highlighted a rise of 40% in DNS attacks during the corresponding quarter of the previous year. Furthermore, during Q3 of the previous year, 14% of all safeguarded devices communicated with a malicious designation at least once.

A new malware toolkit called Decoy Dog

The Infoblox Threat Intelligence Group, which examines billions of DNS records and millions of domain-related records daily, has identified a new malware toolkit called Decoy Dog that employs the Pupy remote access trojan. 

Renée Burton, Senior Director of Threat Intelligence at Infoblox, revealed that Pupy is an open-source tool that is complex to utilize and inadequately documented. Infoblox's findings indicate that the Decoy Dog toolkit is being employed in less than 3% of all networks, and the threat actor who controls it is linked to only 18 domains. 

Through a sequence of anomaly detectors, the team discovered Decoy Dog's activities and learned that it had been running a data exfiltration command and control system since early April 2022 for over a year, which no one else had detected.

Russian links

Infoblox's researchers discovered that the Decoy Dog C2 was primarily originating from hosts located in Russia, according to an analysis of external global DNS data. 

The concern with this malware is that no one knows precisely what it controls, even though its signature is known. 

Burton explained that command and control allow an attacker to take over systems and issue orders, such as extracting all of an individual's emails or shutting down a firewall. She also stated that Pupy, which is linked to Decoy Dog, has previously been associated with nation-state activities, despite not being easy for the average cybercriminal to access due to its complexity and lack of instructions on establishing the DNS nameserver required for C2 communications.

The RAT effect

Similar to legitimate remote access tools that allow technicians to showcase new systems or make repairs, RATs are straightforward to install and do not affect the computer's processing speed. These malicious tools can be delivered via email, video games, software, advertisements, and web pages. Pupy is a RAT that has particular C2 functionalities.

As per Burton,
  • RATs allow access to a system and some use C2 infrastructure for remote control.
  • Pupy is a challenging-to-detect, cross-platform, open-source C2 tool primarily coded in Python.
  • Decoy Dog is a rare type of Pupy deployment that can be identified through its DNS signature. According to Infoblox, only 18 domains match this signature out of 370 million.

Some common uses of RAT malware involve an attacker acquiring remote access to a laptop, then leasing it out to other threat actors who install more malware through its network access. This can result in a laptop becoming part of a botnet.

Toolkits that are small and unusual can pose hidden dangers

Hidden RATs, or malware of unknown origin that remains undetected, can pose significant risks. For example, in 2018, Israeli cyber-arms firm NSO Group developed a C2 spyware called Pegasus that could infiltrate and control various mobile devices, giving remote hackers access to a phone's cameras, location, microphone, and other sensors for surveillance purposes.

Amnesty International became involved when the Saudi government allegedly used Pegasus to spy on the family of Jamal Khashoggi, who had been murdered by government operatives.

Amnesty International's Security Lab recently uncovered another commercial spyware that went unnoticed for two years and utilized zero-day attacks against Google's Android operating systems. However, Infoblox had already blocked 89% of those domains before Amnesty's report, providing protection to its customers and verifying Amnesty's findings, according to Burton.



Read more »
PrivacyAffairs
Coinbase cryptocurrency Cyber Crime Dark Web Hacking Identity Theft PrivacyAffairs

Hackers Sell Coinbase Accounts for as low as $610 on Dark Web


The emerging popularity of cryptocurrency and the convenience of online banking has resulted in an upsurge in cybercrime activities and identity fraud.

A recent research by PrivacyAffairs.com notes that hackers target social media logins, credit card numbers, and online banking logins to steal personal information worth $1,010 on the dark web.

According to an official press release released on May 1, 2023, the sale of hacked crypto accounts which is currently booming, has raised some serious concerns.

Coinbase, a cryptocurrency exchange has become a frequent target for threat actors, with stolen verified accounts worth $610 on the dark web. Users' accounts on Kraken, another well-known exchange, have also been compromised and sold online for as low as $810.

For hackers, selling compromised cryptocurrency accounts has been a profitable business, and since more people have started investing in digital assets recently, demand for these accounts has only increased. Cryptocurrencies are considered as an appealing target by hackers wanting to make a quick buck since they are mainly unregulated and decentralized.

As the value of cryptocurrencies continues to rise, it drives the hackers into stealing them. The anonymous attribute of cryptocurrencies make it challenging to locate and recover assets that have been stolen, leaving victims with limited resources.

How to Protect Oneself From Identity Theft and Hacking? 

PrivacyAffairs.com highlights the significance of raising public awareness as well as encouraging caution in order to reduce the possibility of identity theft and hacking. Online privacy should be carefully guarded by users, who should also use strong, unique passwords for each account. In addition to this, two-factor authentication is a vital tool for protecting online account.

Moreover, cryptocurrency users are advised to take extra precautions. Using cold wallets to store their virtual assets offline and avoiding sharing of their private keys or seed phrases with anyone are some of the ways that can protect you from falling prey to cybercrime activities.

The threat of cybercrime and identity fraud will only increase as the usage of digital assets and online banking grows more widespread. It is crucial that users take the required security measures to guard against hackers and other nefarious actors lurking on the dark web..

Read more »
United States Cyber Security
Data Breach GPS Hacks Malicious actor United States Cyber Security

Marshals' Computer System Still Down 10 Weeks After Hack


A computer system used by the U.S. Marshals Service to track and hunt fugitives remains down 10 weeks after a hack, raising concerns about the effectiveness of the agency’s surveillance efforts. The hack, which occurred in February, forced the Marshals to shut down their electronic surveillance system, which tracks fugitives and monitors their movements through GPS-enabled ankle bracelets.

According to a statement from the Marshals, the agency is still working to bring the system back online and has been forced to rely on manual surveillance techniques in the meantime. This includes the use of physical surveillance teams and other traditional methods of tracking fugitives.

The prolonged downtime of the electronic surveillance system has raised concerns about the ability of the Marshals to effectively track and apprehend fugitives, particularly in cases where they may pose a significant threat to public safety. The agency has not provided details on the scope or nature of the hack, nor has it disclosed whether any sensitive data or information was compromised as a result of the breach.

The hack of the Marshals’ electronic surveillance system underscores the growing threat posed by cyber-attacks on critical infrastructure and government agencies. These attacks can have far-reaching consequences, potentially compromising sensitive data, disrupting essential services, and undermining public safety and national security.

As cyber threats continue to evolve and become more sophisticated, it is essential that government agencies and organizations responsible for critical infrastructure invest in robust cybersecurity measures and stay ahead of the curve in detecting and responding to potential attacks. This includes implementing advanced security protocols and regular security assessments, as well as investing in staff training and education to ensure that all employees are aware of the risks and how to respond in the event of a breach.

The prolonged downtime of the Marshals' electronic surveillance system underscores the need for government agencies and critical infrastructure organizations to remain vigilant and proactive in protecting against cyber threats. As the threat of cyber attacks continues to evolve, investment in robust cybersecurity measures, protocols, and staff education is necessary to ensure the protection of sensitive data and essential services.

Read more »
Technologies
ChatGPT Cybersecurity LLMs Online OpenAI Privacy PrivateGPT Technologies

ChatGPT Privacy Concerns are Addressed by PrivateGPT

 


Specificity and clarity are the two key ingredients in creating a successful ChatGPT prompt. Your prompt needs to be specific and clear to ensure the most effective response from the other party. For creating effective and memorable prompts, here are some tips: 

An effective prompt must convey your message in a complete sentence that identifies what you want. If you want to avoid vague and ambiguous responses, avoid phrases or incomplete sentences. 

A more specific description of what you're looking for will increase your chances of getting a response according to what you're looking for, so the more specific you are, the better. The words "something" or "anything" should be avoided in your prompts as much as possible. The most efficient way to accomplish what you want is to be specific about it. 

ChatGPT must understand the nature of your request and convey it in such a way. This is so that ChatGPT can be viewed as the expert in the field you seek advice. As a result of this, ChatGPT will be able to understand your request much better and provide you with helpful and relevant responses.

In the AI chatbot industry and business in general as well, the ChatGPT model, released by OpenAI, appears to be a game-changer for the AI industry and business.

In the chat process, PrivateGPT sits at the center and removes all personally identifiable information from user prompts. This includes health information and credit card data, as well as contact information, dates of birth, and Social Security numbers. It is delivered to ChatGPT. To make the experience for users as seamless as possible, PrivateGPT works with ChatGPT to re-populate the PII within the answer, according to a statement released this week by Private AI, the creator of PrivateGPT.

It is worth remembering however that ChatGPT is the first of a new era for chatbots. Several questions and responses were answered, software code was generated, and programming prompts were fixed. It demonstrated the power of artificial intelligence technology.

Use cases and benefits will be numerous. The GDPR does bring with it many challenges and risks related to privacy and data security, particularly as it pertains to the EU. 

A data privacy company Private AI announced that PrivateGPT is a "privacy layer" used as a security layer for large language models (LLMs) like OpenAI's ChatGPT. The updated version automatically redacts sensitive information and personally identifiable information (PII) users give out while communicating with AI. 

By using its proprietary AI system PrivateAI is capable of deleting more than 50 types of PII from user prompts before submitting them to ChatGPT, which is administered by Atomic Inc. OpenAI is repopulated with placeholder data to allow users to query the LLM without revealing sensitive personal information to it.    
Read more »
Security
Data Data Breach Data Leak Data Safety Safety Security

Hackers Leak Photos to Mock Western Digital's Cyberattack Response

 


The ALPHV ransomware operation, also known as BlackCat, has shared screenshots of internal emails and video conferences seized from Western Digital, revealing that they likely continued to have access to the firm's systems even while the company responded to the incident. 

The release comes after the threat actor informed Western Digital on April 17th that if a ransom was not paid, they would harm them until they "could not stand anymore." Western Digital was the victim of a cyberattack on March 26th, in which threat actors infiltrated its internal network and stole company data. However, no ransomware was installed, and no files were encrypted.

In response, the company suspended its cloud services, including My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger, as well as related mobile, desktop, and online apps, for two weeks.

According to TechCrunch, an "unnamed" hacking group accessed Western Digital and claimed to have stolen ten terabytes of data. The threat actor allegedly shared examples of the stolen data with TechCrunch, including files signed with stolen Western Digital code-signing keys, unlisted corporate phone numbers, and images of other internal data.

In addition, the hackers claimed to have stolen data from the company's SAP Backoffice implementation. While the hacker claimed to be unrelated to the ALPHV ransomware operation, a message soon surfaced on the gang's data leak site, alerting that Western Digital's data would be spilled if a ransom was not paid.

Western Digital is mocked by ALPHV. Security researcher Dominic Alvieri informed BleepingComputer that the hackers revealed twenty-nine screenshots of emails, documents, and video conferences connected to Western Digital's response to the attack in an additional attempt to humiliate and disgrace the corporation.

When an organization is compromised, one of the first measures is to figure out how the threat actor obtained access to the network and block the path. However, there can be a delay between identification and response, enabling the adversary's access to continue even after an attack is detected. This access permits them to watch the company's response and steal additional data.

The threat actors appear to have sustained access to parts of Western Digital's systems in the screenshots supplied by ALPHV since they show video conferences and emails concerning the attack. The "media holding statement" is depicted in one image, and an email regarding staff leaking information about the attack to the press is depicted in another.

Another message from the threat actors is included with the exposed material, claiming to have customers' personal information as well as a comprehensive backup of WD's SAP Backoffice implementation.

While the data appears to be Western Digital's, BleepingComputer was unable to independently confirm its source or whether it was stolen during the attack. Western Digital is not currently negotiating a ransom to halt the publication of stolen data, which has prompted fresh threats from hackers.

"We know you have the link to our onion site. Approach with payment prepared, or [redacted] off. Brace yourselves for the gradual fallout," reads ALPHV's new warning to Western Digital.

Western Digital declined to comment on the stolen screenshots and threat actors' assertions.

Read more »
Vulnerabilities and Exploits
Cyber Bureau Cyberattacks CyberCrime FBI Agent Hackers Vulnerabilities and Exploits

50 Chinese Hackers for Each FBI Cyber Agent, Bureau Boss Says

 


According to the FBI's Christopher Wray, a senior official at the Federal Bureau of Investigation, Chinese hackers greatly outnumber American cyber intelligence agencies. A plea was made for more money to be given to the agency by him. 

It is evident from the disclosure that the U.S., in particular, faces several massive cyber threats. There has been a large attack on private and corporate information of the country, more than by any other major nation combined, and it has stolen more data than all of the nations regardless of size. According to Wray, the country has the largest hacking program on the planet. 

China is said to have a much larger hacking program than every other major nation combined. This is evidenced by the fact that more personal and corporate information has been stolen than in any other nation. The congress panel heard that the two countries had combined their efforts. 

However, Wray pointed out that countries like Russia, Iran, and North Korea also pose significant cybersecurity concerns, including criminals from countries other than the United States. In the current investigation, the FBI is looking into a total of over 100 "ransomware variants" which have affected "scores of victims" globally. 

There are 192 additional positions to be added to the agency's cyber staff as the agency seeks $63 million in funding. It is also intended to make it easier for the FBI to place more cyber staff in field offices, thereby being close to the actual victims of cyber crimes rather than being in a central office.

In addition to the former, Iran and North Korea are also included in the latter. Wray explained that these nations' efforts are causing a wide gap between the security threat posed by nation-states and the threat posed by cybercriminals, where it is becoming more difficult to distinguish between the two. 

In addition to attacks that these groups have carried out, they have also been targeting "critical infrastructure and services in metropolitan areas that ordinary Americans depend on every day for their everyday lives, such as hospitals, schools, 911 call centers. "

It has been estimated that at least 30,000 US organizations, including government agencies and commercial companies, were hacked by Chinese threat actors on the Exchange Server software in 2021 in an attempt to gain access to their networks to send malicious emails. 

Several vulnerabilities in the Microsoft Exchange Server email software were exploited by a Chinese espionage group, KrebsOnSecurity reports.

Despite Microsoft reporting that the China-based threat actors were being exposed, it did not reveal the scale at which tens of thousands of organizations were affected, which allowed hackers to gain access to email accounts and install malware as a result of the vulnerabilities. The vulnerabilities provided hackers with access to email accounts, as well as the ability to install malware.

In addition to that, the FBI will also be better able to defend itself with more cash. Over 15 million unauthorized connections are being blocked by the bureau each week, according to Commissioner Wray. 

In addition to Wray's remarks, he also added that the FBI has asked for more information-security resources to focus its efforts on online marketplaces for illegal drugs - another point of focus for the Bureau. 

There was also a question posed by a reporter about Section 702 of the Foreign Intelligence Surveillance Act, which allows the FBI to conduct warrantless surveillance without being required to get a warrant. It is vital for the FBI's efforts to combat Chinese cyberattacks. It has proven to be an effective tool during their efforts to counter ransomware attacks and counterattack Chinese cyberattacks
Read more »
Technology
Cyber Security Data protection Google Technology

Google Play Blocked 1.43 Million Malicious Apps in 2022

Google Play store is a very popular app downloader for Android devices because of the heavy presence of people on this store, for reasons alike it has often been targeted by cybercriminals who create malicious apps that are designed to harm users’ devices, steal their sensitive credentials and exploit vulnerabilities. And, because of this, customers of the play store often raise questions about cybersecurity measures however, Google has taken various major steps in the past to combat this problem. 

Under recent security features and app review processes the company successfully blocked 1.43 million fake malicious apps from being published to the Play Store in 2022. Furthermore, the company disclosed that it has also banned 173,000 malicious accounts and warded off over $2 billion in fraudulent and abusive transactions through developer-facing features like Obfuscated Account ID, Voided Purchases API, and Play Integrity API. 

Google also issued additional security requirements for developers who are looking to join the Play Store ecosystem including developers' email and phone verification. The addition of identity verification methods contributed to a reduction in accounts used to publish apps that go against its policies, Google pointed out. 

Google also tied up with California-based tech giant software development kit (SDK) providers to launch the Google Play SDK Index to assist developers assess an SDK’s reliability and safety. 

Along with this, the company updated its ad policy for developers to prevent fake ads on its Play Store and has been reaching out to developers to educate them about security practices. As per the data, over the past three years, the company prevented around 500,000 submitted apps from unnecessarily accessing sensitive permissions. 

In addition to this, Google has also introduced new license requirements for personal loan apps in some cities in Africa and South Asia such as Kenya, Nigeria, and the Philippines. It also implemented very strict requirements for loan app developers in India to combat fraud. 

The blog post of the company said that these measures have been taken under new and improved security features and policy enhancements, as well as company is continuously investing in machine learning systems and app review processes for further security and innovation.
Read more »
User Security
Cyber Security Data Safety Firm Security Unauthorized access User Privacy User Security

Top 5 Reasons Why Cybersecurity is Essential For Organisations

 

A company's information is its focal point, around which everything else revolves. Therefore, the significance of information security cannot be understated. By maintaining a strict cybersecurity policy, your organisation can prevent data breaches, unauthorised access, and other serious dangers that could endanger your digital assets. 

After the economies of China and the United States, cybercrime's economy would rank third in size. By 2025, it might grow to $17.65 trillion yearly. We must take action to prevent becoming a victim of cyberattacks given this startling statistic. 

The following are some salient justifications for why modern businesses should prioritise cyber security: 

An uptick in cybercrimes 

A cyber-attack can have a negative impact on your business, no matter how big or little it is. This is due to the fact that every business has numerous valuable assets that hackers might exploit. Occasionally, it relates to the private data of clients or clients of businesses. Other times, it is just money that is at issue. There were 270 cyberattacks last year (unauthorised access to data, applications, services, networks, or devices) per organisation, a 31% increase from 2021. Strong cybersecurity is the only answer because cybercrimes are only becoming worse every year.

Cryptocurrency and the deep web 

The deep web, commonly referred to as the dark web, is a collection of websites that are hidden from search engines by passwords or other security measures. Only specialised web browsers can access these websites or pages, keeping users' identities private.

The dark web is similar to a secret room where criminal activity can be carried out, including the distribution of software, the sale of personal information, the trafficking of people and drugs, the sale of illicit weapons, and many other unimaginable crimes.

The preferred currency of the attackers is now cryptocurrency. Attacks are escalating as threat actors seek profits as the price of Bitcoin reaches an all-time high. End users have long struggled with phishing scams, data thieves, and malware that switches wallet addresses in memory. Attacks on the core software of cryptocurrencies, smart contracts, are now more frequently launched. These new marketplaces present chances for sophisticated attacks (such as the flash loan attack), which might give attackers access to liquidity pools for cryptocurrencies worth millions of dollars. The significance of cyber security has grown as a result of these vulnerabilities. 

Excessive use of technology 

We all spend a lot of time using technology, so fraudsters have a wealth of opportunities. Serverless computing, edge computing, and API services are all booming, just like cloud services. Processes may be effectively automated and dynamically changed to diverse situations when used in conjunction with container orchestrations such as Kubernetes. Attackers are attempting to stop this hyper-automation by going against such APIs, which have a significant impact on a company's business processes. 

Increased use of IoT devices 

The development of Internet of Things (IoT) technology has made our duties easier, but it has also made us a target for hackers. IoT devices present greater surface areas for data breaches due to the variety of sensors they are fitted with and the innovative technology they employ for constant communication and data exchange. No matter how sophisticated your security measures are, if you don't properly manage these internet-connected gadgets, you'll find a way to get around them. 

Rise in ransomware

Currently, ransomware is one of the most lucrative cyberattacks. Due to the intense focus of law enforcement and the millions of dollars in profits at stake, ransomware tactics, in particular, are changing significantly. Cloud, virtual systems, and OT/IoT environments have all been impacted by ransomware. Anything that is part of a network that can be accessed could be a target. The new standard will soon be data theft for double extortion and the disabling of security mechanisms, but it will also become more intimate with insider threats and personal data. 

FEMA estimates that 25% of firms that experience a disaster never reopen. Therefore, it's critical that we take cybersecurity seriously if we want to protect our systems from viruses. 

Mitigation Tips 

Everyone is subject to major cyberthreat. You should take efforts to make yourself cyber secure if you are a business owner or any other type of online user in order to protect your information from hackers.

In order to stop bad actors from abusing your system, anti-malware and antivirus defences are essential. As previously indicated, cybercriminals target companies of all kinds, including small firms, in a variety of methods, and in exchange, they demand ransomware payments of $100,000 or more. You may get real-time protection from malware, viruses, and ransomware with advanced cybersecurity systems that use AI and machine learning. 

Additionally, you must have a backup and disaster recovery plan if you want to protect your company against unanticipated cybersecurity incidents. Acronis is a dependable backup programme that automatically backs up all of the photographs and files on your computer, not just a subset of them. It offers a strong backup and guarantees that your files are accessible when you require them. 

Cyberattacks have impacted businesses of all sizes in every sector of the global economy, including Uber and social media giant Facebook. Because of the ongoing advancement of technology, we are all now susceptible to cyber-attacks. The rate of cybercrime is constantly increasing and will never stop. Hackers can thus take our data, money, and reputation if there is no cybersecurity. You can defend your company from cyberattacks in a variety of ways; all you have to do is recognise its significance and take appropriate action. Contact our staff right now to protect your company.
Read more »
Salesforce severe
Brian Krebs Cyber Security Data Leak KrebsonSecurity Private Information Salesforce severe

Data Leak: Critical Data Being Exposed From Salesforce Servers


According to a post by KrebsOnSecurity published on Friday, servers running Salesforce software are leaking private data controlled by governmental bodies, financial institutions, and other businesses.

According to Brian Krebs, Vermont had at least five websites that gave anyone access to critical information. One of the programs impacted was the state's Pandemic Unemployment Assistance program. It revealed the applicants' full names, Social Security numbers, residences, contact information (phone, email, and address), and bank account details. Vermont adopted Salesforce Community, a cloud-based software solution created to make it simple for businesses to quickly construct websites, just like the other organizations giving the general public access to sensitive data.

Among the other victims was Columbus, an Ohio-based Huntington Bank. It recently bought TCF Bank, which processed commercial loans using Salesforce Community. Names, residences, Social Security numbers, titles, federal IDs, IP addresses, average monthly payrolls, and loan amounts were among the data components that were revealed.

Apparently, both Vermont and Huntington discovered the data leak after Krebs reached them for a comment on the matter. Following this, both the customers withdrew public access to the critical data.. Salesforce Community websites can be set up to require authentication, limiting access to internal resources and sensitive information to a select group of authorized users. The websites can also be configured to let anyone read public information without requiring authentication. In certain instances, administrators unintentionally permit unauthorized users to view website sections that are meant to be accessible only to authorized personnel.

Salesforce tells Krebs that it provides users with clear guidance on how to set up Salesforce Community so that only certain data is accessible to unauthorized guests, according to Krebs.

Doug Merret, who raised awareness in regards to the issue eight months ago, further elaborated his concerns on the ease of misconfiguring Salesforce in a post headlined ‘The Salesforce Communities Security Issue.’

“The issue was that you are able to ‘hack’ the URL to see standard Salesforce pages - Account, Contact, User, etc.[…]This would not really be an issue, except that the admin has not expected you to see the standard pages as they had not added the objects associated to the Aura community navigation and therefore had not created appropriate page layouts to hide fields that they did not want the user to see,” he wrote.

Krebs noted that it came to know about the leaks from security researcher Charan Akiri, who apparently identified hundreds of organizations with misconfigured Salesforce sites. He claimed only five of the many companies and governmental agencies that Akiri informed had the issues resolved, among which none were in the government sector.

Read more »
Data Theft
Andhra Pradesh Bluebugging Cyber Crime Cyber Security Data Theft

The Dangers of Bluebugging: Andhra Pradesh Police Caution Smartphone Users

Bluebugging attacks

The Andhra Pradesh police have issued a warning to smartphone users about a hacking technique called ‘blue bugging.’ "It is a form of hacking that lets attackers access a device through its discoverable Bluetooth connection," said Prakasam district SP Malika Garg, while addressing the media. 
 
The police have cautioned users to be vigilant and take necessary precautions to safeguard their devices. What is a Bluebugging attack?  
 
Bluebugging is a form of Bluetooth hacking that allows hackers to access a victim’s device without their knowledge.  
 
Hackers can exploit this vulnerability by sending a malicious Bluetooth signal to a target device, which allows them to take control of the phone remotely. Once the hacker has control of the device, they can make calls, send texts, and access personal information such as contacts, photos, and messages. 
 
To prevent blue bugging attacks, users are advised to keep their Bluetooth turned off when not in use. They should also avoid pairing with unknown or untrusted devices.  
 
Additionally, it is recommended to use a strong and unique passcode to lock their device, as this can prevent unauthorized access even if the device is compromised. 
 

Bluebugging attacks go beyond smartphones 

 
It is important to note that blue-bugging attacks are not limited to smartphones alone. Any device with Bluetooth connectivity, including laptops, smartwatches, and even some cars, can be vulnerable to these attacks. Therefore, users should be cautious and take necessary precautions to protect all their Bluetooth-enabled devices. 
 

How to be safe? 

 
To stay safe from Bluebugging attacks, here are some steps you can take: 
 
Turn off Bluetooth when not in use: This can prevent hackers from accessing your device through a Bluetooth connection. Avoid pairing with unknown or untrusted devices: Only pair your device with devices you trust. 
 
Use a strong passcode to lock your device: This can prevent unauthorized access even if your device is compromised. 
 
By taking these simple steps, you can help protect your device and personal information from blue-bugging attacks. "Chances of stealing photos, files, and data are very much there in such a situation," SP Garg cautioned, adding that the stolen data might be used for blackmailing. 
 
Any aggrieved persons could lodge their complaints by dialing 1930, or by visiting www.cybercrime.gov.in
Read more »
Vulnerability and Exploits.
DDOS Attacks Firewalls Malicious actor SMB Software Vulnerability and Exploits.

SLP Vulnerability Exposes Devices to Powerful DDoS Attacks

Security researchers have recently discovered a new vulnerability that has the potential to launch devastating Distributed Denial of Service (DDoS) attacks. The Server Message Block (SMB) protocol, which is widely used in various devices and systems, including Windows machines and some network-attached storage devices, contains the SLP vulnerability. Attackers can exploit this vulnerability to send specially crafted SMB packets that force the target device to allocate excessive memory or processing power to the request, ultimately causing a crash or downtime.

The SLP vulnerability is particularly dangerous because it enables attackers to amplify the impact of their DDoS attacks by up to 2200 times more than previous methods. This increased power can overwhelm the target’s defenses and cause lasting damage. Unfortunately, there is no straightforward solution for this vulnerability as it is deeply embedded in the SMB protocol and affects various devices and systems. However, organizations can take some steps to mitigate the risk of attack, such as implementing access controls, and firewalls, and monitoring their networks for any suspicious SMB activity.

The discovery of the SLP vulnerability highlights the need for robust cybersecurity measures and constant vigilance against evolving threats. As attackers develop new tactics and exploit new vulnerabilities, organizations must stay ahead of the curve and protect their networks and systems from harm.

The SLP vulnerability is a significant concern for organizations that use SMB protocol, as it exposes them to potential DDoS attacks. The impact of these attacks can be devastating and long-lasting, highlighting the need for constant vigilance and strong cybersecurity measures. Organizations must take proactive steps to monitor their networks, implement access controls, and limit the exposure of SMB services to the internet to mitigate the attack risk. The discovery of the SLP vulnerability underscores the critical importance of staying ahead of the curve in cybersecurity and constantly adapting to new threats.
Read more »
Subscribe to: Comments (Atom)