Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The danger of proxyw ...

 Business

Imagine getting paid for access to just a tiny portion of your Internet bandwidth at work. Sounds pretty sweet, doesn’t it? The computer is on all the time anyway, and you have unlimited Internet access, so why not? It’s not even your own resources, just corporate equipment and bandwidth. That all sounds   show more ...

simple, but you don’t have to look too closely to see that when you agree to install a proxyware client on a work computer, it’s not harmless at all. Install proxyware and you’re exposing your corporate network to risks that far outweigh any income you might earn from the deal. To put it bluntly, no other questionable Internet money-making scheme comes with such a variety of undesirable consequences. Today we explain why proxyware is dangerous. What is proxyware? Researchers at Cisco Talos coined the term proxyware and have reported on the phenomenon in depth. Essentially, a proxyware service acts as a proxy server. Installed on a desktop computer or smartphone, it makes the device’s Internet connection accessible to an outside party. Depending on how long the program remains enabled and how much bandwidth it is permitted to use, the client accumulates points that can eventually be converted into currency and transferred to a bank account. Of course, these kinds of services do not have to be used for illegal purposes, and they do have some legitimate applications. For example, some appeal to the marketing departments of large companies, which need as many Web entry points as possible in different geographic regions. Why proxyware on a company computer is a bad idea Although proxyware services claim “tenants” are harmless, problems sometimes still occur, including IP address reputation damage and software reliability. Pessimization of the IP address The most common problem with proxyware for the users of the computers on which it runs — or even for the entire network if it has a single IP address — is that the services often encounter CAPTCHAs, whose entire point is to ensure only real humans can get access to an online resource. A computer with proxyware raises suspicions, and rightly so. One way bandwidth tenants can use proxyware-laden computers is to scan the Web or measure the speed of website access by regularly deploying a flood of requests. Automatic DDoS protection systems do not like that. It can also be a sign of something even more shady, such as spam mailings. Keep in mind that the consequences can be much more dire for the company, with automated requests landing the organization’s IP address on a list of unsafe addresses. So, for example, if the e-mail server operates on the same address, at some point the employees’ messages may stop reaching external recipients. Other e-mail servers will simply start blocking the organization’s IP address and domain. Fake proxyware clients Another risk employees take in installing proxyware is that they may download something they didn’t mean to. Try this little experiment: Go to Google and search for “honeygain download.” You’ll get a couple of links to the developer’s official website and hundreds to unscrupulous file-sharing sites, half of which include “bonus content” with their downloads. What kinds of bonus content? Well, researchers describe one such trojanized installer as deploying a cryptocurrency-mining program (which devour a PC’s resources and electricity) and a tool to connect to the cybercriminals’ command server, from which anything else can be downloaded at any time. That kind of proxyware can take down an organization’s entire IT infrastructure. It could also lead to ransomware encrypting data, ransom demands, and more. In sum, proxyware is a grab bag of dangers for a business. Covert installation of proxyware Most scenarios resemble the above: unintended consequences of purposeful (if sometimes unauthorized) installations. The converse sometimes happens as well, with an employee catching actual malware on a shady site, and that malware installing a modified proxyware client on the computer. That’s nothing but trouble: slowed computers, less network bandwidth, and, potentially, data theft. Recommendations for businesses Your best way to combat criminal exploitation through proxyware is to install a reliable antivirus solution on every computer that has Internet access. Not only will that protect your company from the harmful effects of proxyware, but if said proxyware includes, or is included with, other malware, you’ll still be covered. To be clear, even “clean” proxyware is not much better. A sound security policy should not allow anyone to install proxyware or any other questionable software on employees’ computers, regardless of whether the computers are in the office or employees are connecting to the organization’s VPN. As a rule, most employees do not need, and should not be allowed, to install software on their computers independently.

image for The ‘Zelle Fraud ...

 A Little Sunshine

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing   show more ...

schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Here’s what one of those scam messages looks like: Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank. To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the 2-step authentication passcode delivered to the member. Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?” “In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.'” The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others. An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password. Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way. “The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.” [Curious if your financial institution uses Zelle? Check out their partner list here]. Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments. “The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said. To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text. Unfortunately, Otsuka said, the scammers are defeating this layered security control as well. “The fraudsters follow the same tactics except they may keep the members on the phone after getting their username and 2-step authentication passcode to login to the accounts,” he said. “The fraudster tells the member they will receive a text containing details of a Zelle transfer and the member must authorize the transaction under the guise that it is for reversing the fraudulent debit card transaction(s).” In this scenario, the fraudster actually enters a Zelle transfer that triggers the following text to the member, which the member is asked to authorize: For example: “Send $200 Zelle payment to Boris Badenov? Reply YES to send, NO to cancel. ABC Credit Union . STOP to end all messages.” “My team has consulted with several credit unions that rolled Zelle out or our planning to introduce Zelle,” Otsuka said. “We found that several credit unions were hit with the scam the same month they rolled it out.” The upshot of all this is that many financial institutions will claim they’re not required to reimburse the customer for financial losses related to these voice phishing schemes. Bob Sullivan, a veteran journalist who writes about fraud and consumer issues, says in many cases banks are giving customers incorrect and self-serving opinions after the thefts. “Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin,” Sullivan wrote in a recent Substack post. “Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution.” “If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds,” Sullivan said. “If a consumer initiates the transfer under false pretenses, the case for redress is more weak.” Sullivan notes that the Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments. “Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in its Oct. 21 notice. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under law.” Anyone interested in letting the CFPB know about a fraud scam that abused a P2P payment platform like Zelle, Cashapp, or Venmo, for example, should send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message. In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.

 Trends, Reports, Analysis

According to a report from NordPass, people haven’t yet stopped relying on done-to-death passwords such as ”123456,” ”12345,” ”password,” and ”qwerty,” which are the three weakest passwords.

 Social Media Threats

It is relatively easy to prove one’s identity in the real world but with Metaverse, the main challenge lies in verifying voice, facial features and video footage with the use of avatars.

 Trends, Reports, Analysis

Analysts at SOS Intelligence found several underground forums offering fake exploits for SS7 vulnerabilities. During the investigation, the researchers uncovered 84 unique onion domains claiming to offer the fake exploit tool. 

 Malware and Vulnerabilities

Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target’s inbox despite its being secured by an SEG.

 Feed

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the   show more ...

vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.

 Feed

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network   show more ...

devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

 Feed

Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.

 Feed

Red Hat Security Advisory 2021-4743-03 - LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.

 Feed

The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their

 Feed

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers

 Feed

The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had

 Feed

Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months,

 Feed

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible

 Feed

The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi, 24, and

 Uncategorized

I received a text message from my online bank. Well, it wasn't my online bank but it *really* looked like my online bank. Would you have fallen for it?

2021-11
Aggregator history
Friday, November 19
MON
TUE
WED
THU
FRI
SAT
SUN
NovemberDecemberJanuary