Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Security lesson for ...

 Special Projects

“Why would someone hack me, when there is nothing to gain from it?” Does that thought sound familiar? Now, picture this: You have become an Instagram star with thousands of followers and a degree of social capital, not to mention sponsors and advertisers bombarding you with direct messages. But old habits   show more ...

die hard, and your account security is still on the why-would-someone-hack-me level. That’s where presenter, DJ, and influencer Ashley James found herself, and she admits that she has one password for all of her accounts. In a recent live broadcast, Ashley together with security guru David Jacoby of our GReAT team looked into ways of protecting one’s personal digital space. Luckily, it is not that hard! How to make passwords If you have one password for everything, you are easy prey. Just one leak from a service that you have a long-forgotten account with is all it takes for hackers to get the key they actually want: your blog, e-mail, or online wallet. Passwords for the accounts you keep money in or otherwise treasure must be unique. Our Password Checker will help you make sure yours are both strong and not already compromised in a known password leak. How do you remember many unique passwords? Here are a few life hacks: Come up with a system for making passwords. The Jacoby method takes the first letters of the words from a favorite quote and append to that a punctuation mark and the first thing that comes to mind when you think of your account. For James, Instagram is a job, so her password could look something like ttmpomp!job (based on the quote “There’s too much pepper on my paprikash”). Oh, and do not use a password you have said on air (she won’t actually use this one). Do not try to remember passwords for each and every one of your accounts. If you only log on to a certain service once every couple of years, it would be easier simply to reset the password every time.  Use a password manager. Make sure to use a standalone application: Saving passwords in your browsers is not a good idea; many malicious programs are capable of stealing information from browser storage. Smart devices and whether they really need to access the Internet Smart speakers, smart TVs, video baby monitors, robot vacuums: The Internet of Things has long ceased to be an abstract concept, and many, if not all, are already using it. A smart device’s prime does not last long, though. Vendors typically stop pushing updates after a year or so, after which the smart thing becomes vulnerable. Keep an eye on the manufacturing date as you choose these devices, the same way you choose perishables in a grocery store — unless you do not mind potentially hearing other people’s voices coming out of your baby monitor or having strangers watch a reality show streamed from your home security camera. By the way, although it’s common to associate smart devices with the Internet of Things, not everything needs to be connected to the Internet. Before you connect a gadget to home Wi-Fi, pause to think whether it can do without the connection. For example, a robot vacuum cleaner is perfectly capable of zipping across your floors without being connected to the vendor’s servers. One Wi-Fi network is good, but two are even better If someone hacks into your home network, they will reach the devices connected to it, such as a computer and smartphone, smart speaker, and all the rest. Remember that your Wi-Fi network goes beyond the walls of your home. If outsiders can “see” it, then they can connect to it, especially if you are still using the easy-to-guess default password on your ISP-issue router. So, you need to change every default password, including those for your Wi-Fi and router administration interface. Make your new passwords long and complex, so they are hard to crack. If you are not sure whether your password is complex enough, run it through our Password Checker. A guest network is another handy option available in most modern routers. You can set up two networks with separate Internet access in your home at no extra charge. Devices connected to the main network will not communicate with those connected to the guest network. For example, you can connect all of your smart gadgets as guests, and they will not have access to the documents on your computer even if they get hacked. You can also use your guest network for its intended purpose of providing a connection to friends and other visitors. Fear of spies If you are afraid someone will spy on you through a camera or laptop microphone, you can cover both. You should not put duct tape over the camera lens; it may still capture blurred images during videoconferences. If you do not have a dedicated webcam cover, then a band-aid is a good option because its cotton pad both keeps the adhesive away from the camera lens and blocks the view from potential spies. If your phone cameras are what is making you nervous, just put your phone on the desk so one of the cameras sees the desk surface and the other shows only the ceiling. Plugging your gadgets’ “ears” is not hard, either. Just get the cheapest pair of headphones available (or grab a broken pair if you already have one), cut off the jack, and plug it into the headphone socket. Now the device is picking up audio from a nonexistent mike. If you have a newer iPhone or another fancy smartphone with no headphone jack, that’s no biggie. Use an adapter that lets you connect a headset to the charging port. With that plugged in, your smartphone will lose its ability to eavesdrop on you. More digital comfort Ashley James learned a lot from her conversation. Did you? We have lots of other useful life hacks that’ll help you make your digital life more secure and comfortable. For example, we can tell you how to make Wi-Fi work faster even in that last room down the hall, or what to do if you have been hacked. Click on the digital comfort zone tag for more exciting stuff.

image for Sendgrid Under Siege ...

 A Little Sunshine

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for   show more ...

all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia Many companies use Sendgrid to communicate with their customers via email, or else pay marketing firms to do that on their behalf using Sendgrid’s systems. Sendgrid takes steps to validate that new customers are legitimate businesses, and that emails sent through its platform carry the proper digital signatures that other companies can use to validate that the messages have been authorized by its customers. But this also means when a Sendgrid customer account gets hacked and used to send malware or phishing scams, the threat is particularly acute because a large number of organizations allow email from Sendgrid’s systems to sail through their spam-filtering systems. To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click. Dealing with compromised customer accounts is a constant challenge for any organization doing business online today, and certainly Sendgrid is not the only email marketing platform dealing with this problem. But according to multiple emails from readers, recent threads on several anti-spam discussion lists, and interviews with people in the anti-spam community, over the past few months there has been a marked increase in malicious, phishous and outright spammy email being blasted out via Sendgrid’s servers. Rob McEwen is CEO of Invaluement.com, an anti-spam firm whose data on junk email trends are used to improve the spam-blocking technologies deployed by several Fortune 100 companies. McEwen said no other email service provider has come close to generating the volume of spam that’s been emanating from Sendgrid accounts lately. “As far as the nasty criminal phishes and viruses, I think there’s not even a close second in terms of how bad it’s been with Sendgrid over the past few months,” he said. Trying to filter out bad emails coming from a major email provider that so many legitimate companies rely upon to reach their customers can be a dicey business. If you filter the emails too aggressively you end up with an unacceptable number of “false positives,” i.e., benign or even desirable emails that get flagged as spam and sent to the junk folder or blocked altogether. But McEwen said the incidence of malicious spam coming from Sendgrid has gotten so bad that he recently launched a new anti-spam block list specifically to filter out email from Sendgrid accounts that have been known to be blasting large volumes of junk or malicious email. “Before I implemented this in my own filtering system a week ago, I was getting three to four phone calls or stern emails a week from angry customers wondering why these malicious emails were getting through to their inboxes,” McEwen said. “And I just am not seeing anything this egregious in terms of viruses and spams from the other email service providers.” In an interview with KrebsOnSecurity, Sendgrid parent firm Twilio acknowledged the company had recently seen an increase in compromised customer accounts being abused for spam. While Sendgrid does allow customers to use multi-factor authentication (also known as two-factor authentication or 2FA), this protection is not mandatory. But Twilio Chief Security Officer Steve Pugh said the company is working on changes that would require customers to use some form of 2FA in addition to usernames and passwords. “Twilio believes that requiring 2FA for customer accounts is the right thing to do, and we’re working towards that end,” Pugh said. “2FA has proven to be a powerful tool in securing communications channels. This is part of the reason we acquired Authy and created a line of account security products and services. Twilio, like other platforms, is forming a plan on how to better secure our customers’ accounts through native technologies such as Authy and additional account level controls to mitigate known attack vectors.” Requiring customers to use some form of 2FA would go a long way toward neutralizing the underground market for compromised Sendgrid accounts, which are sold by a variety of cybercriminals who specialize in gaining access to accounts by targeting users who re-use the same passwords across multiple websites. One such individual, who goes by the handle “Kromatix” on several forums, is currently selling access to more than 400 compromised Sendgrid user accounts. The pricing attached to each account is based on volume of email it can send in a given month. Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400. “I have a large supply of cracked Sendgrid accounts that can be used to generate an API key which you can then plug into your mailer of choice and send massive amounts of emails with ensured delivery,” Kromatix wrote in an Aug. 23 sales thread. “Sendgrid servers maintain a very good reputation with [email service providers] so your content becomes much more likely to get into the inbox so long as your setup is correct.” Neil Schwartzman, executive director of the anti-spam group CAUCE, said Sendgrid’s 2FA plans are long overdue, noting that the company bought Authy back in 2015. “Single-factor authentication for a company like this in 2020 is just ludicrous given the potential damage and malicious content we’re seeing,” Schwartzman said. “I understand that it’s a task to invoke 2FA, and given the volume of customers Sendgrid has that’s something to consider because there’s going to be a lot of customer overhead involved,” he continued. “But it’s not like your bank, social media account, email and plenty of other places online don’t already insist on it.” Schwartzman said if Twilio doesn’t act quickly enough to fix the problem on its end, the major email providers of the world (think Google, Microsoft and Apple) — and their various machine-learning anti-spam algorithms — may do it for them. “There is a tipping point after which receiving firms start to lose patience and start to more aggressively filter this stuff,” he said. “If seeing a Sendgrid email according to machine learning becomes a sign of abuse, trust me the machines will make the decisions even if the people don’t.”

image for Spotlight Podcast: T ...

 APT

In this Spotlight Podcast, sponsored by RSA, we take on the question of securing the 2020 Presidential election. Given the magnitude of the problem, could taking a more risk-based approach to security pay off? We're joined by two information security professionals: Rob Carey is the Vice President and General   show more ...

Manager of Global Public Sector...Read the whole entry... » Related StoriesSpotlight Podcast: QOMPLX CISO Andy Jaquith on COVID, Ransomware and ResilienceSpotlight Podcast: RSA President Rohit Ghai warns Digital Transformation is magnifying Enterprise RiskAhead of Black Hat: Fear and Pessimism in Las Vegas

 Trends, Reports, Ana

Over 50,000 fake login pages were detected in the first half of 2020, with some able to be polymorphic and represent different brands, as per research from Ironscales.

 Trends, Reports, Ana

Out of 11,121 vulnerabilities aggregated during the first half of 2020, 818 were the result of the collision of Microsoft and Oracle vulnerability disclosure schedules.

 Geopolitical, Terror

China's aggressive approach to using cyber operations to achieve political and national aims has set its cyber strategy apart from the more cautious and considered approaches of most other nations.

 Trends, Reports, Ana

Nefilim, which is a relatively new ransomware, has been observed targeting organizations worldwide across sectors including manufacturing, IT, communications, transportation, and other.

 Threat Actors

Hieu Minh Ngo is a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal.

 Feed

Gentoo Linux Security Advisory 202008-18 - Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code. Versions less than 1.6.12 are affected.

 Feed

Ubuntu Security Notice 4477-1 - Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could   show more ...

possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development.   show more ...

Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.

 Feed

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "starting July 2020, we have identified a new TTP of the group,

 Industry Intel

Reading Time: ~ 2 min. Thousands of Android Users fall Victim to Giveaway Fraud Upwards of 65,000 Android users were potentially compromised after installing a malicious app promising free giveaways. Over the year the scam was in effect, roughly 5,000 apps were spoofed to lure victims into downloading in exchange for   show more ...

a phony giveaway. In reality, the infection pushes silent background ads which generate ad revenue for the scammers and decrease device performance. North American Real Estate Firm Hit by Ransomware A new ransomware variant known as DarkSide claimed its first victim, Brookfield Residential,  after operating for nearly two weeks. The North American real estate developer recently noticed unauthorized access to several systems and was left a ransom note stating that over 200GB of data had been stolen. The data has since been published to DarkSide’s leak site, which has prompted many to speculate the ransom was not paid by Brookfield Residential. Cryptominers Caught Using AI Researchers have been at work creating an AI algorithm to detect malicious cryptocurrency miners while avoiding legitimate ones. The detection method compares currently running miners to graphs of both legitimate and illegitimate miners and monitors changes between the processes being used and the scheduling of mining activity. This type of detection may be put to use to decrease the overall use of malicious code that can often tax the system’s CPU usage to max capacity. Los Angeles School District Suffers Cyber Attack Just weeks after the FBI issued a warning about the threat of cyberattacks against school districts, the Rialto School District in California has fallen victim to just such an attack. These setbacks have made the return to online schooling particularly difficult. The extent of the attack remains unclear and officials are still working to determine the effects on the 25,000 enrolled students. Maze Ransomware Cartel Adds New Variant Team The authors of the lesser-known ransomware variant SunCrypt have recently joined forces with the Maze ransomware cartel. It’s believed the new cartel members were brought in to assist with the high volume of attacks that the Maze Group is handling and are being paid with a portion of its profits. In addition to new revenue streams from its partnership with the organization, cartel members also benefit from access to the Maze Group’s resources including obfuscation techniques and posting cartel member’s stolen data to their dedicated leak site. The post Cyber News Rundown: Android Giveaway Fraud appeared first on Webroot Blog.

2020-08
Aggregator history
Friday, August 28
SAT
SUN
MON
TUE
WED
THU
FRI
AugustSeptemberOctober