Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for How scammers lure Di ...

 Threats

Discord was originally created for gamers, but thanks to its handy system of “servers” (communities), channels, and private messages, it’s brought in all kinds of people, from study groups to common-interest clubs — including fans of cryptocurrency. On their servers, traders discuss the latest on   show more ...

altcoins, investors share predictions, and scammers ponder how to cash in on both. We unpack the latest scheme and explain how not to fall for it. Beware of exchanges bearing gifts The scammers seek out victims on Discord cryptocurrency servers and send out private messages that appear to come from an up-and-coming trading platform giving away cryptocurrency. The reasons for such alleged generosity vary from message to message, but whether the exchange is supporting traders in difficult times or trying to attract new users, the thrust is always the same: The lucky addressee has been randomly chosen to receive an impressive payout in Bitcoin or Ethereum. The scam message promising free Ethereum looks something like this The message, replete with emoji, contains detailed instructions (and a code) for accepting the gift, as well as a link for registering on the cryptocurrency exchange. The link opens a site that looks like a cryptocurrency exchange, with an adaptive layout, savvy design, and the exchange rate info, charts, order books, and trading history that cryptocurrency traders would expect to see on a trading platform. Visitors will also find technical support and several language options. Someone clearly went to a lot of trouble to make the site look legit. The homepage of a fake cryptocurrency exchange where Discord users have been promised Bitcoin and Ethereum The attention to detail even extends to offering victims two-factor authentication to secure their accounts, plus antiphishing protection. Here, of course, the purpose is purely to add plausibility; the site’s true purpose is to transfer money from victim to criminal. The fake website prompts the victim to enable two-factor authentication and phishing protection To finish registration, the victim has to either make a small cryptocurrency deposit (now or later) or go through a Know Your Customer (KYC) identity check. The procedure is just like one you might find on a legitimate exchange, requiring contact details, a photo of an identity document, and a selfie taken with both a piece of ID and a sheet of paper with the address of the exchange, registration date, and signature. The scammers appear to be collecting a database to sell; many legitimate services, including financial ones, use such personal data sets to confirm users’ identities, so they fetch a nice price on the dark web. Also supporting our conjecture is the scammers’ insistence that photo IDs must not be marked in any way. The identity verification page asks for personal information, a photo ID, and a confirmation selfie After registration, it’s time to activate that prize key from the message in Discord and receive the payout. For victims who are still playing along, the system accepts the code, and the promised Bitcoin or Ethereum coins appear in their account. When the victim tries to move the coins from the exchange to their own wallet, however, they find only roadblocks. The scammers claim to need a top-up — in our case, 0.02 BTC or an equivalent amount in Ethereum or US dollars. (Any money sent to the scammers is gone for good, of course, and the prize was never real.) The fake exchange asks for a balance top-up in exchange for access to the prize The Internet is home to several such fake cryptocurrency exchanges, and forums and review sites already list warnings about them. How to guard against scammers Here are some simple rules: Never trust strangers, especially ones offering free money; Never share personal information with websites that you don’t trust 100%; Take particular care with official documents, and never send photos of them to anyone; Configure Discord’s privacy settings to avoid such offers; Use a reliable security solution. For example, Kaspersky Internet Security not only warns users about scam and phishing sites, but also protects their computers from malware.

image for Facebook, Instagram, ...

 Ne'er-Do-Well News

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of   show more ...

compromised, highly sought-after usernames. At the center of the account ban wave are some of the most active members of OGUsers, a forum that caters to thousands of people selling access to hijacked social media and other online accounts. Particularly prized by this community are short usernames, which can often be resold for thousands of dollars to those looking to claim a choice vanity name. Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. Like most cybercrime forums, OGUsers is overrun with shady characters who are there mainly to rip off other members. As a result, some of the most popular denizens of the community are those who’ve earned a reputation as trusted “middlemen.” These core members offer escrow services that – in exchange for a cut of the total transaction cost (usually five percent) — will hold the buyer’s funds until he is satisfied that the seller has delivered the credentials and any email account access needed to control the hijacked social media account. For example, one of the most active accounts targeted in this week’s social network crackdown is the Instagram profile “Trusted,” self-described as “top-tier professional middleman/escrow since 2014.” Trusted’s profile included several screenshots of his OGUsers persona, “Beam,” who warns members about an uptick in the number of new OGUsers profiles impersonating him and other middlemen on the forum. Beam currently has more reputation points or “vouches” than almost anyone on the forum, save for perhaps the current and former site administrators. The now-banned Instagram account for the middleman @trusted/beam. Helpfully, OGUsers has been hacked multiple times over the years, and its database of user details and private messages posted on competing crime forums. Those databases show Beam was just the 12th user account created on OGUsers back in 2014. In his posts, Beam says he has brokered well north of 10,000 transactions. Indeed, the leaked OGUsers databases — which include private messages on the forum prior to June 2020 — offer a small window into the overall value of the hijacked social media account industry. In each of Beam’s direct messages to other members who hired him as a middleman he would include the address of the bitcoin wallet to which the buyer was to send the funds. Just two of the bitcoin wallets Beam used for middlemanning over the past of couple of years recorded in excess of 6,700 transactions totaling more than 243 bitcoins — or roughly $8.5 million by today’s valuation (~$35,000 per coin). Beam would have earned roughly $425,000 in commissions on those sales. Beam, a Canadian whose real name is Noah Hawkins, declined to be interviewed when contacted earlier this week. But his “Trusted” account on Instagram was taken down by Facebook today, as were “@Killer,” — a personal Instagram account he used under the nickname “noah/beam.” Beam’s Twitter account — @NH — has been deactivated by Twitter; it was hacked and stolen from its original owner back in 2014. Reached for comment, Twitter confirmed that it worked in tandem with Facebook to seize accounts tied to top members of OGUsers, citing its platform manipulation and spam policy. Twitter said its investigation into the people behind these accounts is ongoing. TikTok confirmed it also took action to target accounts tied to top OGUusers members, although it declined to say how many accounts were reclaimed. “As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok usernames that were being used for account squatting,” TikTok said in a written statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.” ‘SOCIAL MEDIA SPECIALISTS’ Other key middlemen who’ve brokered thousands more social media account transactions via OGUsers that were part of this week’s ban wave included Farzad (OGUser #81), who used the Instagram accounts @middleman and @frzd; and @rl, a.k.a. “Amp,” a major middleman and account seller on OGUusers. Naturally, the top middlemen in the OGUsers community get much of their business from sellers of compromised social media and online gaming accounts, and these two groups tend to cross-promote one another. Among the top seller accounts targeted in the ban wave was the Instagram account belonging to Ryan Zanelli (@zanelli), a 22-year-old self-described “social media marketing specialist” from Melbourne, Australia. The leaked OGusers databases suggest Zanelli is better known to the OGusers community as “Verdict,” the fifth profile created on the forum and a longtime administrator of the site. Reached via Telegram, Zanelli acknowledged he was an administrator of OGUsers, but denied being involved in anything illegal. “I’m an early adaptor to the forum yes just like other countless members, and no social media property I sell is hacked or has been obtained through illegitimate means,” he said. “If you want the truth, I don’t even own any of the stock, I just resell off of people who do.” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic, some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes. “This is my full-time income, so it’s very detrimental to my livelihood,” Zanelli told The Atlantic, which identified him only by his first name. “I was trying to eat dinner and socialize with my family, but knowing behind the scenes everything I’ve built, my entire net worth, was just gone before my eyes.” Another top seller account targeted in the ban wave was the Instagram account @h4ck, whose Telegram sales channel also advertises various services to get certain accounts banned and unbanned from differed platforms, including Snapchat and Instagram. Snippets from the Telegram sales channel for @h4ck, one of the Instagram handles seized by Facebook today. Facebook said while this is hardly the first time it has reclaimed accounts associated with hijackers, it is the first time it has done so publicly. The company says it has no illusions that this latest enforcement action is going to put a stop to the rampant problem of account hijacking for resale, but views the effort as part of an ongoing strategy to drive up costs for account traffickers, and to educate potential account buyers about the damage inflicted on people whose accounts are hijacked. In recognition of the scale of the problem, Instagram today rolled out a new feature called “Recently Deleted,” which seeks to help victims undo the damage wrought by an account takeover. “We know hackers sometimes delete content when they gain access to an account, and until now people had no way of easily getting their photos and videos back,” Instagram explained in a blog post. “Starting today, we will ask people to first verify that they are the rightful account holders when permanently deleting or restoring content from Recently Deleted.” Facebook wasn’t exaggerating about the hijacking community’s use of extortion and other serious threats to gain control over highly prized usernames. I wish I could get back the many hours spent reading private messages from the OGUsers community, but it is certainly not uncommon for targets to be threatened with swatting attacks, or to have their deeply personal and/or financial information posted publicly online unless they relinquish control over a desired account. WHAT YOU CAN DO Any accounts that you value should be secured with a unique and strong password, as well the most robust form of multi-factor authentication available. Usually, this is a mobile app that generates a one-time code, but some sites like Twitter and Facebook now support even more robust options — such as physical security keys. Whenever possible, avoid opting to receive the second factor via text message or automated phone calls, as these methods are prone to compromise via SIM swapping — a crime that is prevalent among people engaged in stealing social media accounts. SIM swapping involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control. These precautions are even more important for any email accounts you may have. Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts –merely by requesting a password reset email. Unfortunately, many email providers still let users reset their account passwords by having a link sent via text to the phone number on file for the account. Most online services require users to supply a mobile phone number when setting up the account, but do not require the number to remain associated with the account after it is established. I advise readers to remove their phone numbers from accounts wherever possible, and to take advantage of a mobile app to generate any one-time codes for multifactor authentication.

 Trends, Reports, Analysis

Account takeover incidents as a share of fraudulent activity in the financial services industry rose by 19 percentage points in 2020 compared with 2019, according to new figures from Kaspersky.

 Govt., Critical Infrastructure

Alejandro Mayorkas, the new DHS secretary, says his priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing government's cybersecurity programs.

 Malware and Vulnerabilities

A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

 Expert Blogs and Opinion

As security practitioners, we need to consider a wider variety of possibilities for misuse of data and systems in our care, not just those that affect the majority of people.

 Trends, Reports, Analysis

In a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities, a BT Security survey of over 7000 professionals from across the world reveals.

 Feed

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals   show more ...

to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

 Feed

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

 Feed

Red Hat Security Advisory 2021-0417-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.1 serves as a replacement for Red   show more ...

Hat AMQ Broker 7.8.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an information leakage vulnerability.

 Feed

Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.

 Feed

Ubuntu Security Notice 4722-1 - It was discovered that ReadyMedia allowed subscription requests with a delivery URL on a different network segment than the fully qualified event-subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. It was discovered that ReadyMedia   show more ...

allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service.

 Feed

Red Hat Security Advisory 2021-0421-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, denial of service, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0420-01 - Quay 3.4.0 release. Issues addressed include HTTP request smuggling, buffer overflow, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.

 Feed

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare

 Feed

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting

 Feed

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used

 Feed

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire

 Data loss

Mensa - the social club for people with high IQs - is accused of not being so smart about security, an Indian TV journalist gets an unbelievable job offer from Harvard, and we take a look at what's being going on with GameStop short selling. All this and much more is discussed in the latest edition of the   show more ...

award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! Public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform keep their platforms secure, but customers are still responsible for securing the   show more ...

workloads, data, and processes they … Continue reading "Orca’s “State of Public Cloud Security” report reveals how most cloud security breaches happen"

2021-02
Aggregator history
Thursday, February 04
MON
TUE
WED
THU
FRI
SAT
SUN
FebruaryMarchApril