Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for How gamers get duped ...

 Threats

People learn more from their mistakes than from cautionary tales of scam and fraud, so, for today’s security postmortem, we collected edifying tales from real-life gamers. Here are four from victims and one from a perpetrator. Gift fraud Mikhail Mad_Bucket, 23, translator: “About seven years ago, something   show more ...

pretty interesting happened to me on Steam — technically a scam, but not really. In Team Fortress 2, there were these weapons that counted kills, and I wanted to sell a dropped crossbow that had this gizmo. Then a stranger on Steam offered to trade it for the game Eets. ‘Wow, a game for a weapon!’ I thought. We exchanged, I installed Eets, and everything seemed OK. But then I went to this guy’s profile, and there in caps it said: ‘GUYS, FREE EETS FOR WHOEVER WANTS IT.’ It turned out that some site was handing out keys for the game just like that, as many copies as you liked.” Moral: If you are offered a free or very cheap game, go to the developer’s or publisher’s official website and see if it mentions the promotion. If it does, buy or download the game there — no need to take unnecessary risks. Our hero was very lucky that, in exchange for the weapon, he got a real copy of the (free) game, and not an army of Trojans or a fake key. If your goal is to avoid paying for computer games, check out our guide to no-risk free gaming. Malicious apps and account hijacking Anonymous, 17: “I’ve had two run-ins with scammers. The first time, I found a program supposedly for boosting items in CS:GO, which imitated the Steam login screen. I was 10, I didn’t really know what I was doing. I entered my details, they leaked, my account was almost stolen. Back then, accounts with items got hijacked really quickly. Then, in a different account, I started crafting stuff in CS:GO. I got an AWP Redline and a M4A4 Asiimov in about two hours, as I recall. Just 20 minutes later the account was stolen, and the items got gifted away. I don’t know how it happened — maybe they hijacked a database somewhere. Btw, tech support still hasn’t returned that account. To be honest, I remember those times with horror — login without 2FA and poor-to-average Steam support.” Moral 1: It’s not safe to enter credentials in third-party services, especially if they promise mountains of gold or illegal benefits such as a rating boost — you risk having your account hijacked. Avoid installing dubious apps as well; what looks like cheats and bots may really be malware. Better still, use a security solution that stops malicious apps in their tracks, blocks fake sites, and wards off other evils. Moral 2: Creating a strong and unique password for each service you use is critical. Make each one strong, so it can’t be brute-forced, and make it unique so that in case of a leak, your other accounts won’t be lost. If coming up with and remembering key phrases is problematic for you, use a password manager to securely store your passwords and automatically enter them for account login as needed. For more protection, enable two-factor authentication. That way, to log in to your account, you (or anyone else) will need not only the password, but also a one-time code, making it harder to hijack. See our posts on how to activate this and other security features in Steam, Origin, Battle.net and Twitch. Social engineering: A cybercriminal’s tale Alexander, 28, SAP programmer: “Back in the early days of Lineage II, some friends of a gullible classmate of mine decided to initiate him in the ways of this MMORPG. They created an account for him and poured in a lot of money (at least by high-school standards). They bought him D-grade gear [better than standard — ed. ] and secretly completed first class transfer quest. As a guy always looking to profit at someone else’s expense, I offered to help him with the second transfer. He was clueless about the game but itching to get hooked. After class, I went to his house and, pretending to do a class transfer quest, killed a couple of skeletons and chatted with a guard. In an important-sounding voice, I told him that the job was done and asked for his ‘outdated gear’ as token payment. He happily handed it over. We bought him a wooden sword in return, and I left with a feeling of accomplishment.” Moral: If someone offers to do something for you, make sure you fully understand what it is and whether you really need it. Find out the price right away — it may not be worth it. And never let gaming pros into your computer or account — even if they are “friends.” Although the narrator of this tale showed some restraint, you can’t count on a real scammer to spare victims. Account hijacking with TeamViewer Anonymous, 20, student: “Back when I was a kid playing Counter-Strike: Source, I found this 35hp server where there was this dude in an Iron Man skin. His ragdoll made these cool metallic sounds upon dying. You could say I was impressed. I asked in the general chat how to get this type of skin, and the server admin said the model was only for admins, but just this once I could have it free. He activated the skin for me on the server, and everything seemed fine, but then he wrote that the model had to be activated on Steam so it wouldn’t disappear. At his suggestion, I installed TeamViewer and gave him access to my computer. He connected, opened Notepad right on my desktop and wrote what to do there. To cut a short story even shorter: I gave him my account details, he logged in supposedly to activate the skin, and that’s how I lost my first Steam account.” Moral: Installing third-party software, let alone handing over control of your computer to a stranger, is a big risk. As for giving out your account username and password, don’t do it, even if you’re promised a cool feature or a fix for a serious issue, as tech-support scammers do. If you need help from a tech-savvy friend, let them explain verbally how to solve the problem. The world’s shortest tragedy Hermit Purple, 18, professional commenter in VKontakte communities: “I was playing Digger Online, logged in to the server. The admins said: item or ban. I bought them an item, but they banned me anyway.” Moral: No moral here; we can only sympathize. Midori Kuma commiserates with gamer victims How to guard against gaming scams Gamers who want to keep their money, gear, and accounts need to: Protect game accounts with strong and unique passwords, and don’t forget to enable two-factor authentication. Here’s how to set up accounts in Steam, Origin, Battle.net and Twitch. Double-check deals and offers, looking at seller (or buyer) profiles, reading reviews, and studying vendor websites. It’s better to lose half an hour than all your money. Take your time entering account credentials. First, make sure you are using the official site or app. Type in the address manually if possible, and make sure there are no typos in the name of the site you are visiting. Don’t rely on familiar page layouts for quick visual confirmation; they are easily copied. Reject additional programs. If a friend or acquaintance (or an online stranger!) asks you to install anything — especially a remote access tool such as TeamViewer — forget about it. If they’re helping you with a problem, have them explain the solution so you can do it for yourself. Never disable your antivirus when playing. Many modern security solutions, such as Kaspersky Security Cloud, include a gaming mode that goes light on resources and does not interfere with game play.

 Trends, Reports, Analysis

Cybercrime cases increased by an alarming 31% in Odisha in 2020 as compared to 2019. As per statistics of Odisha police, 1931 cybercrime cases were registered last year as against 1475 cases in 2019.

 Identity Theft, Fraud, Scams

Fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.

 Companies to Watch

Guardforce AI, an integrated security solutions provider in Asia, acquired a majority stake in Handshake Networking Ltd, a Hong Kong-based company specializing in penetration testing.

 Feed

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

 Feed

Red Hat Security Advisory 2021-0308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.16. Issues addressed include memory leak and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.16.

 Feed

Ubuntu Security Notice 4724-1 - It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote   show more ...

attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4723-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

 Feed

Ubuntu Security Notice 4725-1 - It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Alexander Bulekov discovered that   show more ...

QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-0433-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.1.1 serves as a replacement for Red Hat Data Grid 8.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and memory leak vulnerabilities.

 Feed

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international

 Feed

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives. Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (

 Feed only

Graham Cluley Security News is sponsored this week by the folks at HYPR. Thanks to the great team there for their support! Below, George Avetisov, Cofounder & CEO of HYPR, describes some of the findings of their recent State of Passwordless Security report. 2020 put Digital Identity challenges front and center.   show more ...

Our rapid shift to … Continue reading "Report: Adoption of passwordless security takes off amid COVID-19"

2021-02
Aggregator history
Monday, February 08
MON
TUE
WED
THU
FRI
SAT
SUN
FebruaryMarchApril