Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Making Origin safe a ...

 Tips

Millions of gamers use the Origin platform to get the latest releases from Electronic Arts and its partners, communicate with other users, and stream directly to Twitch. If you are one of them, competing for glory in Battlefield, FIFA, Need for Speed, or other games from these developers, take a few moments to sort   show more ...

out the security and privacy settings. Doing so will make your gameplay more user-friendly and secure, so you can focus on winning. Here, we spotlight some neat options on EA’s platform and how to use them. How to protect your Origin account How to change your Origin password How to change the security question on Origin How to set up two-factor authentication on Origin Why add a secondary mailbox on Origin? Why update the Origin client? How to hide personal data on Origin How to hide your profile from search on Origin How to block someone on Origin How to get rid of unwanted notifications on Origin How to find out what data Origin collects Important: You’ll find most of the security and privacy settings we cover here in your account on the EA website, not in the Origin client. To get there, hover over your user pic in the lower left corner of the main menu in the client or on the platform website and select EA Account and Billing from the pop-up menu to open your profile in the EA Customer Portal in a new browser tab. How to protect your Origin account from hijacking First, let’s take a look at how to protect your Origin account from getting hacked. All gaming accounts are prey to hackers, no matter how actively you play. So, as usual, it’s better to be safe than sorry. How to change your Origin password If your profile password is something like batman1998, it won’t be difficult for hackers to brute-force it. A good password is long and unpredictable. It should also be unique and not used anywhere else. To change your Origin password: In your account, click Security in the left-hand menu; Click Edit under Account Security; Click Send Security Code; In the window that opens, enter the code from the e-mail, and click Submit; Enter your old password and the new strong one (twice); Click Save. How to change the security question on Origin A security question can be a good safety net in case you forget your password, but keep a few things in mind before relying on yours. First, if you manage to forget both your password and the answer to the question, you risk losing access to your account. Second, if the answer is easy to find — for example, if the question is, “What is your pet’s name?” and said pet features heavily on your Instagram feed — don’t be surprised if someone gets in and resets your password. Choose a question and answer (the questions are usually standard) that you will remember but can’t be googled. To change your security question or answer on Origin: Click Security in the left-hand menu; Click Edit under Account Security; Click Send Security Code; In the window that opens, enter the code from the e-mail and click Submit; Select the Security Question tab; Select a question from the drop-down list, and enter your answer. Now, save that answer in a safe place — for example, in an encrypted note in Kaspersky Password Manager. Our application will also help you generate and securely store strong, reliable passwords. How to set up two-factor authentication on Origin Use two-factor authentication as an additional safeguard. That way, anyone trying to sign in from another computer — whether it’s you or a cybercriminal — will have to enter a one-time code that is sent to your e-mail or generated in an authentication app such as Google Authenticator. Here’s how to enable the option: Under Login Verification on the Security tab, click Turn On; Enter the one-time code sent to your e-mail; click Submit; Select the method for receiving one-time codes — Email or App Authenticator — and click Send Code; Enter the code you receive and click Turn On Login Verification; Make a note of or copy the Backup Codes, which will help you sign in to your account even without access to your e-mail or authentication app. You won’t need a one-time password when logging in from a trusted device — that is, one that you have logged in from before. So, just in case, check the list of such devices (located directly under the Login Verification settings), and remove any that you do not use. Why add a secondary mailbox on Origin? The last bastion of protection for your Origin account is a secondary e-mail address. If you lose access to your main mailbox, you can get a temporary password using your backup e-mail. To specify an additional e-mail address: Click Security in the left-hand menu; Click Add Secondary Email at the bottom of the screen; Enter the one-time code sent to the e-mail address you specified during registration and click Submit; Enter your additional e-mail address and click Continue; Enter the one-time code you receive in your secondary mailbox and click Verify. Why update the Origin client? Your account is now securely protected, but your defenses will crumble if someone breaks in to your computer through a bug in the Origin client or a game. Therefore, you need to update them regularly (not a bad idea anyway; new versions may contain extra features). Better still, configure the software to update itself. For Origin, you can adjust the setting in the client: Hover over your nickname in the lower left corner; In the pop-up menu, select Application Settings; Make sure that the Automatic game updates and Automatically update Origin options are selected in the Client update section. Note that other programs — and the operating system — on your device should also be updated whenever possible as soon as updates become available. How to hide personal data on Origin Now that your account is protected, let’s turn to your data. For example, not everyone needs to see your real name or list of achievements. You may not want outsiders to view anything at all in your profile or game library. To customize the visibility of your profile: Go to the EA Customer Portal; Click Privacy Settings in the left-hand menu; Under Profile Privacy, select who can view your profile: Everyone (Origin users), Friends, Friends of Friends, or No One. Save the settings. If you let other users view your profile but don’t want them to see your achievements or real name, under Profile Privacy again, uncheck the corresponding boxes. Note that if you let the service show your real name, it will be visible wherever your EA ID is displayed. How to hide your profile from search on Origin Origin lets anyone find you by your EA ID. Unfortunately, you cannot change that. However, you can prevent people from searching by other data, such as your e-mail address or PlayStation Network and Xbox Live IDs, to find you. To do so, on the settings screen, scroll to Allow users to search for me by and uncheck: Email Address, Xbox Live gamertag, PSN Online ID. To prevent people who know your real name from finding you, simply remove it from your profile. How to block someone on Origin If a particular user gets on your nerves, you can block them individually without having to change your settings. Blocked users will not be able to write to you or view your account details. You have two paths from which to blacklist haters, spammers, and other toxic individuals. In the Origin client: Open the profile of the user you want to block; Click the arrow to the right of the photo; Select Block User in the drop-down menu; Click Block user; Save the settings. On the website: Go to Privacy Settings; Enter the name of a user in the Block a User field; Click Block. If you block someone by mistake, you can always remove them from the list here by clicking Remove. How to get rid of unwanted notifications on Origin Pesky on-screen notifications can spoil gameplay or interfere with other activities. To resolve this issue, you can customize alerts in the Origin client: Click your nickname in the lower left corner of the screen; Select Application Settings from the pop-up menu; Click the Notifications tab. If you don’t see it, click Advanced and select Notifications from the drop-down menu; Select the events you want to be told about and turn off the ones you don’t. How to manage data collected by Origin Don’t be surprised that Origin collects all kinds of data about you, your activities, and your preferences. Platform developers can use the information to personalize ads in the client and in games. If you don’t like targeted advertising, block it: Go to the EA Customer Portal; Click Privacy Settings in the left-hand menu; Under Preferred Data Usage, uncheck EA In-Game Targeted Advertising and Targeted Advertising Provided by Third Parties. You will still see ads, but random ones (which tend to be easier to ignore). Still concerned about EA collecting information about you? You can ask the developers for an archive of it to learn exactly what they have on you. And if you live in Europe and are protected by the GDPR, you can request the deletion of specific data. To get the archive: In the EA Customer Portal, select Your EA Data in the left-hand menu; Click Request a Download. After approximately one hour, a link will appear on the same page. You can click it to download a file with your data. The link expires after 24 hours. Protect what matters Once you’ve configured Origin just the way you like it, use our settings guides for Twitch, Steam, and Battle.net to slam more doors on hackers, scammers and haters.

image for Ransomware Group Tur ...

 Ransomware

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov.   show more ...

9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group, which acknowledged on Nov. 3 that its computer systems had been sidelined by a malware attack. On Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some personal and business data has been taken.” “This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group. “We can confirm that confidential data was stolen and we talking about huge volume of data.” The ad went on to say Ragnar Locker Team had offloaded two terabytes of information and would give the Italian firm until 6 p.m. EST today (Nov. 10) to negotiate an extortion payment in exchange for a promise not to publish the stolen files. The Facebook ad blitz was paid for by Hodson Event Entertainment, an account tied to Chris Hodson, a deejay based in Chicago. Contacted by KrebsOnSecurity, Hodson said his Facebook account indeed was hacked, and that the attackers had budgeted $500 for the entire campaign. “I thought I had two-step verification turned on for all my accounts, but now it looks like the only one I didn’t have it set for was Facebook,” Hodson said. Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents. Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign. The results of the unauthorized Facebook ad campaign. Image: Chris Hodson. It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other hacked Facebook accounts. A spokesperson for Facebook said the company is still investigating the incident. A request for comment sent via email to Campari’s media relations team was returned as undeliverable. But it seems likely we will continue to see more of this and other mainstream advertising efforts by ransomware groups going forward, even if victims really have no expectation that paying an extortion demand will result in criminals actually deleting or not otherwise using stolen data. Fabian Wosar, chief technology officer at computer security firm Emsisoft, said some ransomware groups have become especially aggressive of late in pressuring their victims to pay up. “They have also started to call victims,” Wosar said. “They’re outsourcing to Indian call centers, who call victims asking when they are going to pay or have their data leaked.”

 Trends, Reports, Analysis

From fake coronavirus 'cures' to forged travel documents and scam calling services, COVID-19 continues to offer plenty of monetization opportunities for cybercriminals, say researchers from Trustwave.

 Trends, Reports, Analysis

APIs that connect enterprise applications and data to the Internet are subject to the same vulnerabilities as regular web applications and need to be addressed with at least the same rigor.

 Trends, Reports, Analysis

Hackers selling network access to 7500 educational establishments have reportedly dropped their asking price to BTC 10 (~$155,300) from BTC 25 (~$387,000) on November 4, researchers said.

 Trends, Reports, Analysis

TrickBot and Emotet topped the list of most prolific malware strains in October, helping in the process to drive a surge in ransomware infections, according to new analysis from Check Point Software.

 Malware and Vulnerabilities

The trojan has been infecting mobile devices of users based in Brazil, Peru, Portugal, Paraguay, Mozambique, Angola, and Germany, to target financial apps of exchanges, banks, and cryptocurrencies.

 Companies to Watch

ReSec Technologies, a NYC- and Caesarea, Israel-based cyber security company that protects organizations from file-based malware threats, completed its $4m Series A round of financing.

 Feed

The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

 Feed

Red Hat Security Advisory 2020-5056-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

 Feed

Red Hat Security Advisory 2020-5055-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

 Feed

Ubuntu Security Notice 4624-1 - It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code.

 Feed

Red Hat Security Advisory 2020-5010-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2020-5004-01 - The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability environment. Issues addressed include a crlf injection vulnerability.

 Feed

Red Hat Security Advisory 2020-5003-01 - The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Issues addressed include a crlf injection vulnerability.

 Feed

Red Hat Security Advisory 2020-5040-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a double free vulnerability.

 Feed

Red Hat Security Advisory 2020-5021-01 - The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Issues addressed include a buffer over-read vulnerability.

 Feed

Red Hat Security Advisory 2020-5011-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

 Feed

Red Hat Security Advisory 2020-5009-01 - Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.

 Feed

Red Hat Security Advisory 2020-4999-01 - The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2020-4992-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

 Feed

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team (GReAT), the Brazil-based threat group Guildma

 Business + Partners

Reading Time: ~ 4 min. A few years back, cryptojacking and cryptomining emerged as relatively low-effort ways to profit by hijacking another’s computing resources. Today, cloudjacking and cloud mining capitalize on similar principles, only by targeting the near infinite resources of the cloud to generate revenue for   show more ...

attackers. Knowing this growing threat is key to maintaining cyber resilience. Enterprise-level organizations make especially attractive cloudjacking targets for a few reasons. As mentioned, the computing power of cloud networks is effectively limitless for all but the most brazen cybercriminals. Additionally, excess electricity consumption, one of the most common tipoffs for smaller scale cryptojacking attacks, often goes unnoticed at the scale large corporations are used to operating. The same goes for CPU. Careful threat actors can also throttle back the amount of resources they’re ripping off—when attacking a smaller organization, for instance—to avoid detection. Essentially, the resources stolen at any one time in these attacks are a drop in the Pacific Ocean to their largest targets. Over time, though, and depending on particulars of a usage contract, the spend for CPU used can really add up. “Hackers have definitely transitioned away from launching ransomware attacks indiscriminately,” says Webroot threat analyst Tyler Moffitt. “It used to be, ‘everybody gets the same payload, everyone has the same flat-rate ransom.’ “That’s all changed. Now, ransomware actors want to go after businesses with large attack surfaces and more pocketbook money than, say, grandma’s computer to pay if they’re breached. Cloud is essentially a new market.” High-profile cloudjacking incidents Arguably the most famous example of cloudjacking, at least in terms of headlines generated, was a 2018 attack on the electric car manufacturers Tesla. In that incident, cybercriminals were discovered running malware to leech the company’s Amazon Web Service cloud computing power to mine cryptocurrency. Even with an organization of Tesla’s scale, the attackers reportedly used a throttling technique to ensure their operations weren’t uncovered. Ultimately, they were reported by a third-party that was compensated for their discovery.   More recently, the hacking group TeamTNT developed a worm capable of stealing AWS credentials and implanting cloudjacking malware on systems using the cloud service. It does this by searching for accounts using popular development tools, like Docker or Kubernets, that are both improperly configured and running AWS, then performing a few simple searches for the unencrypted credentials. TeamTNT’s total haul remains unclear, since it can spread it’s ‘earnings’ across multiple crypto wallets.  The fear though, now that a proven tactic for lifting AWS credentials is out in the wild, is that misconfigured cloud accounts will become prime targets for widespread illicit cloud mining. SMBs make attractive targets, too Hackers aren’t just launching cloudjacking attacks specifically against storage systems and development tools. As with other attack tactics, they often see MSPs and small and medium-sized businesses (SMBs) as attractive targets as well. “Several attacks in the first and second quarters of 2019 involved bad actors hijacking multiple managed service providers,” says Moffitt. “We saw that with Sodonakibi and GrandCrab. The same principles apply here. Hacking a central, cloud-based property allows attackers to hit dozens and potentially hundreds of victims all at once.” Because smaller businesses typically share their cloud infrastructure with other small businesses, compromising cloud infrastructure can provide cybercriminals with a trove of data belonging to several concerned owners. “The cloud offers an attractive aggregation point as it allows attackers access to a much larger concentration of victims. Gaining access to a single Amazon web server, for instance, could allow threat actors to steal and encrypt data belonging to dozens of companies renting space on that server hostage,” says Moffitt.  High-value targets include confidential information like mission-critical data, trade secrets, unencrypted tax information or customer information that, if released, would violate privacy laws like GDPR and CCPA. Some years ago, smaller businesses may have escaped these cloud compromises without too much disruption. Today, the data and services stored or run through the cloud are critical to the day-to-day even for SMBs. Many businesses would be simply crippled should they lost access to public or private cloud assets. The pressure to pay a ransom, therefore, is significantly higher than it was even three years ago. But ransoms aren’t the only way for malicious actors to monetize their efforts. With cloud mining, they can get right to work making cryptocurrency while evading notice for as long as possible. How to protect against cloudjacking and cloud mining Moffitt recommends using “versioning” to guard against cloudjacking attacks. Versioning is the practice of serializing unalterable backups to prevent them from being deleted or manipulated.  “That means not just having snapshot or history copies—that’s pretty standard—since with ransomware we’ve seen actors encrypt all of those copies. So, my suggestion is creating immutable backups. It’s called versioning, but these are essentially snapshot copies that can never be edited or encrypted.” Moffitt says many service providers have this capability, but it may not be the default and need to be switched on manually. Two more tactics to adopt to defend against cloud jacking involve monitoring your configurations and monitor your network traffic. As we’ve seen, capitalizing on misconfigured AWS infrastructure is one of the more common ways for cybercriminals to disrupt cloud services. Security oversight of devops teams setting up cloud applications is crucial. There are tools available that can automatically discover resources as soon as they’re created, determine the applications running on the resource and apply appropriate policies based on the resource type. By monitoring network traffic and correlating it with configuration data, companies are able to spot suspicious network traffic being generated as they send work or hashes to public mining pools that are public and could help identify where mining is being directed.  There tends to be a learning curve when defending against emerging attacks. But if businesses are aware of how cloud resources are manipulated by threat actors, they can be on guard against cloudjacking by taking a few simple steps, increasing their overall cyber resilience. The post Getting to Know Cloudjacking and Cloud Mining Could Save Your Business appeared first on Webroot Blog.

2020-11
Aggregator history
Tuesday, November 10
SUN
MON
TUE
WED
THU
FRI
SAT
NovemberDecemberJanuary