Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company show more ...
keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?” Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service). According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). “Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.” NortonLifeLock began offering the mining service in July 2021, and early news coverage of the program did not immediately receive widespread attention. That changed on Jan. 4, when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users. NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission. “If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users have reported difficulty removing the mining program. From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default. “How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads a Dec. 28 thread titled “Absolutely furious.” “Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.” It’s an open question whether Norton Crypto users can expect to see much profit from participating in this scheme, at least in the short run. Mining cryptocurrencies basically involves using your computer’s spare resources to help validate financial transactions of other crypto users. Crypto mining causes one’s computer to draw more power, which can increase one’s overall electricity costs. “Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.” Then there’s the matter of getting paid. Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as Norton Crypto’s FAQ rightly points out, there are coin mining fees as well as transaction costs to transfer Ethereum. “The coin mining fee is currently 15% of the crypto allocated to the miner,” the FAQ explains. “Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Norton.” Which might explain why so many Norton Crypto users have taken to the community’s online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can’t cover the transfer fees. Norton Crypto. Image: Bleeping Computer. I guess what bothers me most about Norton Crypto is that it will be introducing millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways. Several of my elder family members and closest friends are longtime Norton users who renew their subscription year after year (despite my reminding them that it’s way cheaper just to purchase it again each year as a new user). None of them are particularly interested in or experts at securing their computers and digital lives, and the thought of them opening CoinBase accounts and navigating that space is terrifying. Big Yellow is not the only brand that’s cashing in on investor fervor over cryptocurrencies and hoping to appeal to a broader (or maybe just older) audience: The venerable electronics retailer RadioShack, which relaunched in 2020 as an online-focused brand, now says it plans to chart a future as a cryptocurrency exchange. “RadioShack’s argument is basically that as a very old brand, it’s primed to sell old CEOs on cryptocurrency,” writes Adi Robertson for The Verge. “Too many [cryptocurrency companies] focused on speculation and not enough on making the ‘old-school’ customer feel comfortable,” the company’s website states, claiming that the average “decision-making” corporate CEO is 68 years old. “The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”
The campaign is said to have claimed 2,170 victims across 111 countries as of January 2, 2022, with most of the affected parties located in the U.S., Canada, India, Indonesia, and Australia.
Tarian’s global presence will help Corvus expand its international footprint, and Corvus will gain access to Lloyd’s cyber insurance capacity. Financial terms have not been disclosed.
Ransomware groups are constantly shifting, inheriting software from other groups while vanishing from view to avoid scrutiny from law enforcement only to resurface under other names, warns Darktrace.
New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.
The most severe is a use-after-free flaw in Storage that could enable code execution in the context of the browser. The 10 high-severity flaws include use-after-free and improper implementation bugs.
Where misinformation is meant to make people think twice about what they see or read, disinformation is designed to be deliberately wrong, sharing outright false information as truth.
Senators noted the alleged lack of security of Australia's COVID-19 digital certificates, criticizing the certificate for being easily forged through man-in-the-middle cyber attacks.
The ongoing ransomware attack and recovery efforts on HR and payroll vendor Kronos is affecting payroll services at some health systems, which includes reduced paychecks for some healthcare employees.
Human Security, a collective protection platform against bot attacks and fraud, raised $100M in growth funding led by WestCap, with participation from NightDragon and other current investors.
The expertise of 'Elephant Beetle' appears to be in targeting legacy Java applications on Linux systems, which is typically their entry point to victim corporate networks.
The cracked passwords for almost 7.5 million DatPiff members are being sold online. The stolen database contains 7,476,940 member records, including a user's email address, password, username, and security question.
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
The January 2022 Android Security Bulletin describes a total of 35 vulnerabilities addressed across two patch levels, the majority of which have been assessed with the severity level of high.
The FTC said it intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure due to Log4j,?or other known flaws in the future.
The New York State Office of Attorney General has warned 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks.
The latest charges – handed down in a superseding indictment returned by a federal grand jury – add to previous charges of obstruction of justice and ‘misprision of a felony’.
Arbix Finance, a yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency.
SlimPay, a payment services company, has been fined ~$203,000 by the French CNIL regulatory body after it was found holding sensitive customer data on a publicly accessible server for five years.
Deception techniques use misleading tactics to lure attackers, from fake network environments to honeypots, to catch them operating undetected while collecting information to help dissect any attack.
Several ICS companies have informed customers that their products are not impacted, including Inductive Automation, VTScada, and COPA-DATA, whereas others are still investigating the flaws.
The biggest worry is that quantum computing can break current RSA cryptography. Quantum computing's efficiency may enable it to solve certain algorithms -- including RSA -- faster.
The IT systems and public offices in the county are expected to remain closed throughout Thursday and the rest of the week as well, as officials deal with the cyberattack’s aftermath.
In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be from the financial institutions they spoofed on scam sites.
Experts claimed that state-backed North Korean hackers have stolen nearly $1.7 billion worth of cryptocurrency from various exchanges in the past five years. Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment. Crypto exchanges are suggested to use additional layers of security, such as 2FA, hardware wallets, and storing private keys offline.
In November 2021, QRS reported that an attacker breached a single patient portal server for three days in August, leading to the unauthorized access to and likely exfiltration of patient-related data.
The QR codes found by Austin police department directed unsuspecting users to a fraudulent website that would ask for payment details with a false promise that their parking session would be paid for.
Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers at Avanan have discovered.
According to the FBI, the fraudsters are targeting those who have posted their phone number as a form of contact when trying to sell various items on online marketplaces or social media apps.
Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 of its luxury real estate websites.
Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on tools developed by show more ...
researchers themselves. Vulnerable organizations can use a tool called PHOCA to identify a MitM attempt.
Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.
The company said it had detected an intrusion on some of its IT systems and it “promptly took action to contain it and implement business continuity and data recovery protocols.”
Ubuntu Security Notice 5213-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2021-5208-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.25.
Ubuntu Security Notice 5211-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.
Ubuntu Security Notice 5210-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the Linux kernel did not properly show more ...
enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the show more ...
KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.
Ubuntu Security Notice 5209-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service.
Red Hat Security Advisory 2022-0034-01 - Red Hat Single Sign-On 7.5 container images for IBM P/Z, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is a security update Red Hat Single Sign-On 7.5, and includes one security fix.
Ubuntu Security Notice 5208-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the overlay show more ...
file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5207-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux show more ...
kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps.
Ubuntu Security Notice 5212-1 - It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. It was discovered that the show more ...
Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5206-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.
VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary code. The company credited
Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Tracked as CVE-2022-0096, the flaw relates to a use-after-free bug in the Storage component, which could have devastating effects ranging from corruption of
Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed "NoReboot" — comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation,
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. NIST plays a key role as a US standard-setter, due to the organization's professionalism and the external experts
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks,"