Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Be Very Sparing in A ...

 A Little Sunshine

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification   show more ...

scripts and then selling that communications pathway to scammers and online hucksters. Notification prompts in Firefox (left) and Google Chrome. When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers. But many users may not fully grasp what they are consenting to when they approve notifications, or how to tell the difference between a notification sent by a website and one made to appear like an alert from the operating system or another program that’s already installed on the device. This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome, which advertises the ability for site owners to monetize traffic from their visitors. The company’s site currently is ranked by Alexa.com as among the top 2,000 sites in terms of Internet traffic globally. Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests designed to distinguish automated bot traffic from real visitors. An ad from PushWelcome touting the money that websites can make for embedding their dodgy push notifications scripts. Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities. That’s according to a deep analysis of the PushWelcome network compiled by Indelible LLC, a cybersecurity firm based in Portland, Ore. Frank Angiolelli, vice president of security at Indelible, said rogue notifications can be abused for credential phishing, as well as foisting malware and other unwanted applications on users. “This method is currently being used to deliver something akin to adware or click fraud type activity,” Angiolelli said. “The concerning aspect of this is that it is so very undetected by endpoint security programs, and there is a real risk this activity can be used for much more nefarious purposes.” Sites affiliated with PushWelcome often use misleading messaging to trick people into approving notifications. Angiolelli said the external Internet addresses, browser user agents and other telemetry tied to people who’ve accepted notifications is known to PushWelcome, which could give them the ability to target individual organizations and users with any number of fake system prompts. Indelible also found browser modifications enabled by PushWelcome are poorly detected by antivirus and security products, although he noted Malwarebytes reliably flags as dangerous publisher sites that are associated with the notifications. Indeed, Malwarebytes’ Pieter Arntz warned about malicious browser push notifications in a January 2019 blog post. That post includes detailed instructions on how to tell which sites you’ve allowed to send notifications, and how to remove them. KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com. Clicking on the PushWelcome notification in the bottom right corner of the screen opened a Web site claiming my brand new test system was infected with 5 viruses. It seems likely that PushWelcome and/or some of its advertisers are trying to generate commissions for referring customers to purchase antivirus products at these companies. McAfee has not yet responded to requests for comment. Norton issued the following statement: “We do not believe this actor to be an affiliate of NortonLifeLock. We are continuing to investigate this matter. NortonLifeLock takes affiliate fraud and abuse seriously and monitors ongoing compliance. When an affiliate partner abuses its responsibilities and violates our agreements, we take necessary action to remove these affiliate partners from the program and swiftly terminate our relationships. Additionally, any potential commissions earned as a result of abuse are not paid. Furthermore, NortonLifeLock sends notification to all of our affiliate partner networks about the affiliate’s abuse to ensure the affiliate is not eligible to participate in any NortonLifeLock programs in the future.” Requests for comment sent to PushWelcome via email were returned as undeliverable. Requests submitted through the contact form on the company’s website also failed to send. While scammy notifications may not be the most urgent threat facing Internet users today, most people are probably unaware of how this communications pathway can be abused. What’s more, dodgy notification networks could be used for less conspicuous and sneakier purposes, including spreading fake news and malware masquerading as update notices from the user’s operating system. I hope it’s clear that regardless of which browser, device or operating system you use, it’s a good idea to be judicious about which sites you allow to serve notifications. If you’d like to prevent sites from ever presenting notification requests, check out this guide, which has instructions for disabling notification prompts in Chrome, Firefox and Safari. Doing this for any devices you manage on behalf of friends, colleagues or family members might end up saving everyone a lot of headache down the road.

image for Episode 194: What Ha ...

 APT

Cyber attacks meant to disrupt the 2020 presidential election in the US were a foregone conclusion. But two weeks and more than 140 million votes later, predictions of cyber attacks on the U.S. presidential election have fallen flat. What happened? The post Episode 194: What Happened To All The Election Hacks?   show more ...

appeared first on The Security Ledger. Related StoriesSpotlight Podcast: Taking a Risk-Based Approach to Election SecurityEpisode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks?Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked

 Malware and Vulnerabilities

The actively exploited flaws were reported to Apple by Google Project Zero and they can lead to information disclosure and arbitrary code execution. These security holes also impact iOS and tvOS.

 Companies to Watch

Under increased threat of regulation and plagued by serious breaches, Twitter is appointing one of the world's best-regarded hackers to tackle everything from engineering missteps to misinformation.

 Malware and Vulnerabilities

Researchers at the University of California, Riverside have discovered a new way to revitalize old Domain Name System servers cache poisoning attacks called Sad DNS.

 Trends, Reports, Analysis

As per research by ZScaler, this year witnessed a 260% rise in the use of encrypted traffic to hide malware. Among the encrypted attacks, ransomware saw an increase of 500%.

 Threat Actors

BlackBerry stumbled across a new hacker-for-hire group laying traps in over a dozen countries to steal target credentials through spearphishing or by purchasing them on the dark web.

 Feed

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant   show more ...

to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

 Feed

Ubuntu Security Notice 4633-1 - Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. Etienne Stalmans discovered that PostgreSQL incorrectly handled the security   show more ...

restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4634-1 - It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service.

 Feed

Red Hat Security Advisory 2020-5102-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include man-in-the-middle and traversal vulnerabilities.

 Feed

AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do   show more ...

not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.

 Feed

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the

 Feed

Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with

 Home + Mobile

Reading Time: ~ 4 min. It’s common for savvy online shoppers to check third-party reviews before making an online purchasing decision. That’s smart, but testing the efficacy of security software can be a bit more difficult than determining if a restaurant had decent service or if clothing brand’s products are   show more ...

true to size. So, with the arguably more significant consequences of antimalware testing, how can shoppers be sure that the product they choose is up to the task of protecting their family from malware? Which reviews are worthy of trust and which are just fluff? Red flags in antimalware testing Grayson Milbourne is the security intelligence director at Webroot and actively involved in improving the fairness and reliability of antimalware testing. While acknowledging that determining the trustworthiness of any single test is difficult, some factors should sound alarm bells when looking to honestly evaluate antimalware products. These include: The pay-to-perform model In any test, the humans behind the product being evaluated have a vested interest in the performance. How far they go to influence those results, however, varies. One extreme way to positively influence results is to fund a test designed for your product to succeed. Often, the platform on which a test appears can be a sign of whether this is the case. “YouTube tests are almost always commissioned,” warns Milbourne. “So, if you see things on YouTube, know that there is almost always someone paying for the test who’s working the way the test comes out. I try to avoid those.” If only one product aces a test, that’s another sign that it may have been designed unfairly, maybe with the undisputed winner’s strengths in mind. Every vendor acing a test Tests in which all participants receive high scores can be useless in evaluating product efficacy. Because we know catching malware is difficult, and no single product is capable of doing it effectively 100 percent of the time, tests where every product excels are cause for concern. “If every product aces the test, maybe that test is a little too easy,” says Milbourne. No product is perfect, so be wary of results that suggest so. Failing to test in “the big picture” No one piece of software can stop all the threats a user may face all of the time. But many vendors layer their preventative technologies—like network, endpoint and user-level protection—to most effectively protect against cyberthreats. “Testers are still very worried about what happens when you encounter a specific piece of malware,” says Milbourne. “But there’s a lot of technology focused on preventing that encounter, and reactive technology that can limit what malware can do, if it’s still unknown, to prevent a compromise.” In addition to how well a product protects an endpoint from malware, it’s also important to test preventative layers of protection which is lacking in 3rd party testing today. The problem with the antimalware testing ecosystem For Milbourne, the fact that so few organizations dedicated to efficacy testing exist, while the number of vendors continues to grow, is problematic. “There are about five well-established third-party testers and another five emerging players,” he says. But there are well over a hundred endpoint security players and that number is growing.” These lopsided numbers can mean that innovation in testing is unable to keep up with both innovation in security products as well as the everchanging tactics used by hackers and malware authors to distribute their threats. Testing organizations are simply unable to match the realities of actual conditions “out in the wild.”  “When security testing was first being developed in the early 2000s, many of the security products were almost identical to one another,” says Milbourne. “So, testers were able to create and define a methodology that fit almost every product. But today, products are very different from each other in terms of the strategies they take to protect endpoints, so it’s more difficult to create a single methodology for testing every endpoint product.” Maintaining relationships in such a small circle was also problematic. Personal relationships could easily be endangered by a bad test score, and a shortage of talent meant that vendors and testers could bounce between these different “sides of the aisle” with some frequency. Recognizing this problem in 2008, antimalware vendors and testing companies came together to create an organization dedicated to standardizing testing criteria, so no vendor is taken off guard by the performance metrics tested. The Anti-Malware Testing Standards Organization (AMTSO) describes itself as “an international non-profit association that focuses on addressing the global need for improvement in the objectivity, quality and relevance of anti-malware testing methodologies.” Today, its members include a number of antivirus and endpoint security vendors and testers, normally in competition against one another, but here collaborating in the interest of developing more transparent and reliable testing standards to further the fair evaluation of security products. “Basically, the organization was founded to answer questions about how you test a product fairly,” says Milbourne. Cutting through the antimalware testing hype Reputation within the industry may be the single most important determinant of a performance test’s trustworthiness. The AMTSO, which has been working towards its mission for more than a decade now, is a prime example. Its members include some of the most trusted names in internet security and its board of directors and advisory board are made up of seasoned industry professionals who have spent entire careers building their reputations. While none of this is to say there can’t be new and innovative testing organizations hitting the scene, there’s simply no substitute for paying dues. “There are definitely some new and emerging testers which I’ve been engaging with and am happy to see new methodologies and creativity come into play, says Milbourne, “but it does take some time to build up a reputation within the industry.” For vendors, testing criteria should be clearly communicated, and performance expectations plainly laid out in advance. Being asked to hit an invisible target is neither reasonable nor fair. “Every organization should have the chance to look at and provide feedback on a tests’ methodology because malware is not a trivial thing to test and no two security products are exactly alike. Careful review of how a test is meant to take place is crucial for understanding the results.” Ultimately, the most accurate evaluation of any antimalware product will be informed by multiple sources. Like reviews are considered in aggregate for almost any other product, customers should take a mental average of all the trustworthy reviews they’re able to find when making a purchasing decision. “Any one test is just one test,” reminds Milbourne. “We know testing is far from perfect and we also know products are far from perfect. So, my advice would be not to put too much stock into any one test, but to look at a couple of different opinions and determine which solution or set of solutions will strengthen your overall cyber resilience.” The post What’s the deal with security product testing anyway? appeared first on Webroot Blog.

2020-11
Aggregator history
Tuesday, November 17
SUN
MON
TUE
WED
THU
FRI
SAT
NovemberDecemberJanuary