Online shopping is now an established part of daily life: we get food, clothes and other goods delivered to our door in a couple of clicks. Online shopaholics, of which there are many, are may sometimes forget about a parcel or miss a call from the courier. Unsurprisingly, this is exploited by attackers who use fake show more ...
delivery notifications as bait. One example of this is cybercriminals pretending to be the international express courier service, DHL. However, instead of the usual phishing link, its a QR code thats contained in the e-mail received that kicks off this kind of swindle. How and why is the topic of this post. Your package is at the post office An attack begins with an e-mail, seemingly from DHL. Although the senders address is a random set of words bearing no resemblance to the courier services name, the message body is quite convincing: company logo, order number (albeit fake), and supposed date of receipt of a package. The message itself (in this case in Spanish) states that an order has arrived at a local post office, but the courier was unable to deliver it in person. Usually such bait is accompanied by a link to resolve the issue, but this time theres a QR code instead. E-mail with QR code supposedly from DHL. For safety, we replaced the QR code in the screenshot with a harmless one A QR code is quite a versatile thing. It can be used, for example, to connect to Wi-Fi, pay for a purchase, or confirm youve bought a ticket to a concert or movie. But perhaps their most common use is to distribute links offline: scanning a black-and-white square that can appear on product packaging, advertising posters, business cards, or elsewhere is a quick route to the relevant website. In this case, of course, the attackers were not thinking about user convenience. The idea seems to be that if the victim initially opens the e-mail on a computer, theyll still have to read the QR code with a smartphone, which means that the malicious site will open on the small screen of a mobile, where signs of phishing are harder to spot. Due to the space constraints in mobile browsers, URLs are not fully visible. And in Safari, the address bar was recently moved to the bottom of the screen, where many users dont even look. This plays straight into the hands of the cybercriminals because the URL of their fake site looks nothing like the official one: the word DHL doesnt even make an appearance. The website text is also small, which means that any design flaws are less noticeable. In any case, there arent that many of them: the page welcomes users with the trademark yellow and red colors, the company name is shown below, and the text is pretty much error-free save for a couple of lowercase letters at the beginning of sentences. The victim is informed that the package will arrive within 1–2 days; to receive it, theyre prompted to enter their first name, surname, and address with zip code. The delivery service does indeed request such kind of information, so no suspicions are aroused. Fake DHL site asks for personal information, plus bank card details But the data harvesting doesnt end there. On the next page, the victim is asked to share more sensitive information: bank card details, including the CVV code on the back — purportedly to pay for delivery. The attackers dont specify an amount, mentioning only that the cost depends on the region, and giving assurances that money wont be debited until the package arrives. In actual fact, the genuine DHL requires payment for delivery in advance, when the order is made. If a customer does indeed miss the courier, another delivery attempt is made for free. What do the criminals do with your payment data? Its unlikely the criminals will start charging the victims card immediately — so that the latter doesnt link the debits to the bogus DHL e-mail. Theyre more likely to sell the payment data on the dark web, and it will be the buyer there who later siphons the funds instead — when the victim may have already forgotten about the non-existent package. How to protect yourself All the usual rules for protecting against cyberfraud apply in this case: Upon receipt of an e-mail claiming to be from a well-known service, always check the senders e-mail address. The real name of the company doesnt appear after the @? Its most likely a scam. For other recognizable signs, see our separate post. If youre expecting a package, be sure to make a note of the tracking code and check its status on the official website yourself by opening it from Favorites or entering the URL in a search engine manually. To be on the safe side, when scanning QR codes, use our Kaspersky QR Scanner (available for both Android and iOS). The app will tell you if the code points to a dangerous site. Equip all devices with a reliable antivirus with anti-phishing and anti-fraud protection, which will warn you of any danger in good time.
Kaspersky recently announced investing in Motive NT, which is developing an in-house neuroprocessor Altai. Lets take a look at what neuroprocessors are, how they differ from conventional processors, and why this field looks to be a very promising one in terms of computer technology development. Computer brain Any show more ...
modern computer, tablet, smartphone, network device or digital player has a central processing unit (CPU) — a general-purpose electronic-circuitry device for executing computer code. The operating principles of the traditional processor were laid down way back in the 1940s, but, perhaps surprisingly, havent changed much since then: CPUs read commands and execute them sequentially. At the CPU level, any program is broken down into the simplest of tasks. These are commands like read from memory, write to memory, add two numbers, multiply, divide, etc. There are many nuances regarding CPU operation, but for todays discussion whats important is to remember that for a long time CPUs could perform only one operation per cycle. These cycles could be very numerous indeed: at first hundreds of thousands, then millions, and today billions per second. Nevertheless, until recently (the mid-2000s), a typical home computer or laptop had only one processor. Multitasking, or the ability to execute several programs simultaneously on one CPU, was achieved through resource allocation: several clock cycles are given to one program, then the resources are assigned to another, then to a third, and so on. When affordable multicore processors came on to the market, resources could be allocated more efficiently. Then it was possible not only to run different programs on different cores, but to execute one program on several cores simultaneously. At first, this was no easy task: many programs and games for some time were not optimized for multicore or multiprocessor systems. Todays CPUs that can be picked up by home users can have 16 or even 32 cores. This is an impressive figure, but far from the maximum possible — even for conventional consumer technology. For instance, the Nvidia GeForce 3080Ti video card has 10,240 cores! So why the huge difference? Because traditional CPUs are far more complicated than the processing cores found on video cards. Ordinary CPUs perform a limited set of simple functions, but specialized graphics processing units (GPUs) in video cards are even more primitive, capable of only very basic operations but which they do very quickly, which comes in handy when you need to perform billions of such operations per second. Like in computer games, for example, where, say, to calculate the lighting of a scene, a lot of relatively simple computations need to be carried out for each point in the image. Despite this nuances, the processing cores that go into conventional CPUs and video cards dont differ fundamentally from each other. However, neuromorphic processors are radically different from both CPUs and GPUs. They do not attempt to implement a set of elements for performing arithmetic operations — sequentially or in parallel. Instead, they aim to reproduce the structure of the human brain! In computing, the smallest building block is considered to be the lowly transistor: there are several billion such microscopic elements in a typical CPU in any computer or smartphone. In the human brain, the equivalent basic element is the neuron, or nerve cell. Neurons are connected to each other by synapses. Several tens of billions of neurons make up the human brain, which is a highly complex self-learning system. For decades, the discipline known as neuromorphic engineering has been focused on reproducing, at least partially, the structure of the human brain in the form of electronic circuits. The Altai processor, developed using this approach, is a hardware implementation of brain tissue — with all its neurons and synapses. Neuroprocessors and neural networks But lets not get ahead of ourselves. Although researchers have succeeded in reproducing certain elements of the brain structure using semiconductors, this doesnt mean well be seeing digital copies of humans any time soon. Such a task is way too complicated, though it does represent the holy grail of such research. In the meantime, neuroprocessors — semiconductor copies of our brain structure — have some rather practical applications. They are needed to implement machine-learning systems and the neural networks that underpin them. A neural network or, more precisely, an artificial neural network (as opposed to the natural one inside our head) consists of a set of cells capable of processing and storing information. The classic model of a neural network, the perceptron, was developed back in the 1960s. This set of cells can be compared to a camera matrix, but its also capable of learning, interpreting a resulting image, and finding patterns in it. Special connections between cells and different types of cells process information so as to distinguish, for example, between alphabet cards held in front of the lens. But that was 60 years ago. Since then, over the past decade especially, machine learning and neural networks have become commonplace in many mundane tasks. The problem of recognizing letters of the alphabet has long been solved; as motorists know only too well, speed cameras can recognize the license plate of their vehicle — from any angle, day or night, even if covered in mud. A typical task for a neural network is to take a photo (for example, of a stadium from above) and count the number of people. These tasks have something in common: the inputs are always slightly different. An ordinary, old-fashioned program would likely be able to recognize a license plate photographed from straight ahead, but not at an angle. In this case, to train a neural network, we feed in myriad photos of license plates (or something else), and it learns to distinguish the letters and numbers it consists of (or other features the input has). And sometimes it becomes so expert that, say, in the medical field it can make a diagnosis better — or earlier — than a doctor. But lets get back to the implementation of neural networks. The computations required to implement a neural network algorithm are rather simple, but there are many such operations. This job best suits not a traditional CPU, but a video card with thousands, or tens of thousands, of computation modules. Its possible also to make an even more specialized CPU that performs a set of computations needed only for a particular learning algorithm. This would be a little cheaper and a touch more effective. But all these devices still build the neural network (the set of cell nodes that perceive and process information, connected by multiple links to each other) at the software level, whereas a neuroprocessor implements the neural network scheme at the hardware level. This hardware implementation is significantly more efficient. Intels Loihi neuroprocessor consists of 131,072 artificial neurons, which are interconnected by a great many more synapses (over 130 million). An important advantage of this scheme is low power consumption when idle, while conventional GPUs are energy-hungry even when not in operation. This, plus the theoretically higher performance in neural network training tasks, delivers a much lower power consumption. The first generation of the Altai processor, for instance, consumes a thousand times less power than an analogous GPU implementation. Neural networks and security 130,000 neurons are far fewer than the tens of billions in the human brain. Research that will bring us closer to a fuller understanding of how the brain works — and create much more efficient self-learning systems — has only just begun. Importantly, neuroprocessors are in demand already, since theoretically they allow us to solve existing problems more effectively. ? pattern recognizer built into your smartphone that can distinguish, say, between different the kinds of berries youre out picking is just one example. Already, specialized CPUs for processing video and similar tasks are embedded in our smartphones and laptops en masse. Neuroprocessors take the idea of machine learning several steps further, providing a more effective solution. Why is this area of interest to Kaspersky? First, our products already make active use of neural networks, and of machine-learning technologies in general. These include, for example, technologies for processing vast quantities of information about the operation of a corporate network: for example, monitoring data shared by nodes with each other or with the outside world. Machine-learning technologies allow us to identify anomalies in this traffic flow and find unusual activity, which may be the result of an intrusion or the malicious actions of an insider. Second, Kaspersky is developing its own operating system — KasperskyOS — which guarantees safe execution of the tasks assigned to devices under its control. Integrating hardware neural networks into KasperskyOS-based devices looks very promising for the future. At the very end of all this progress will be the emergence of a true AI — a machine that not only solves tasks for us, but sets (and likewise solves) its own. This will be fraught with ethical issues, and it will surely be hard for folks to comprehend that a subservient machine has become smarter than its creator. Still, thats all a long way off. About five years ago, everyone was sure that self-driving cars were literally around the corner and they just needed fine-tuning. Such systems are also closely linked to machine learning, and in 2022 the opportunities in this field are still counterbalanced by the problems. Even the narrow task of driving a car — which humans have managed with reasonably well – cannot yet be fully entrusted to a robot. Thats why new developments in this area are of great importance — at both the software and ideas level, as well as at the hardware level. All this, combined, may not lead just yet to the emergence of smart robots like in sci-fi books and movies, but it will definitely make our lives a little bit easier and safer.
The blocking and tackling work of scan management is becoming a commodity, writes Lisa Xu, the CEO of NopSec in this Expert Insight. What organizations need now is complete visibility of their IT infrastructure and business applications. The post How Vulnerability Management Has Evolved And Where It’s Headed Next show more ...
appeared first on The Security...Read the whole entry... » Related StoriesIdentity Fraud: The New Corporate BattlegroundState of Modern Application Security: 6 Key Takeaways For 2022Understanding the Economic Impact of Credential Stuffing Attacks
Scalper bots have gone out of control in Israel by signing up for public service appointments for several government services and then selling them to dissatisfied citizens. The bot's operators attempted to sell appointments for multiple government agencies for over $100. In order to beat modern-day bots, show more ...
there is a need for advanced measures like device fingerprinting and behavioral analysis to detect trends, threats, and inconsistencies.
Two APT groups from China carried out cyberespionage to steal sensitive data from Western and Japanese firms but posed as financially-motivated groups by deploying ransomware. APT41 is focused on stealing intellectual property from Japanese firms while APT10 has been targeting global organizations.
According to Symantec’s Threat Hunter Team, the Bumblebee loader may have been used as a replacement for Trickbot and BazarLoader, due to the overlap in recent activity involving Bumblebee and older attacks linked to these loaders.
Researchers found a new malware tool - for sale on cybercrime forums - that helps cybercriminals in building malicious Windows shortcut (.LNK) files to infect victims. Quantum Builder supports multiple payloads per LNK file and has capabilities to create HTA and ISO payloads. The tool shares ties with the Lazarus Group based on source code-level overlaps in the tool.
While RansomHouse has previously been linked to ransomware operations, such as WhiteRabbit, they state that they do not encrypt devices, and ransomware was not used on AMD.
The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an authorized user to execute commands as another user.
Apart from MSMEs, Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network Service (VPN Service) providers are also provided with additional time till September 25.
The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated as of June 14, 2022, in Service Fabric 9.0 Cumulative Update 1.0.
Ransomware is the biggest cybersecurity threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the U.K National Cyber Security Centre (NCSC) has warned.
An RCE zero-day in unpatched versions of a Linux-based Mitel VoIP application is the new threat to tens of thousands of devices, with most in the U.S. and U.K. The flaw occurs due to insufficient data validation for a diagnostic script, which allows remote and unauthorized attackers to add commands with specially crafted requests. Experts suggest admins apply the mitigations quickly.
The Napa Valley College website and network systems were knocked offline as the result of a ransomware attack roughly two weeks ago, a spokesperson for the school confirmed.
The Netsec Goggle, which is available as open-source on GitHub, displays results from a list of sites generated by taking URLs with a score of 20 or higher from the /r/netsec community on Reddit.
The group claiming responsibility calls themselves the “Daixin Team.” Daixin claims to have exfiltrated 40 GB of data. Their onion site contained files allegedly stolen from Fitzgibbon that they uploaded for the public to grab.
Raccoon Stealer v2 is written in C/C++ using WinApi. The malware downloads legitimate third-party DLLs from its C2 servers. It is believed that the new version was available on Telegram for sale since May 17.
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary.
Cybersecurity workforce development organization CYBER.ORG on Monday announced the launch of Project Access, a national effort to provide cybersecurity education to blind and visually impaired students.
CISA encourages users and administrators to review the 2022 CWE Top 25 Most Dangerous Software Weaknesses and evaluate recommended mitigations to determine those most suitable to adopt.
Cyolo announced its Series B financing round led by National Grid Partners, with the participation of existing investors Glilot Capital Partners, Flint Capital, Differential Ventures, and Merlin Ventures.
The use of deepfakes or synthetic audio, image and video content created with AI or machine-learning technologies has been on the radar as a potential phishing threat for several years.
The San Francisco-based firm Normalyze said the funding round was co-led by Lightspeed Venture Partners and Battery Ventures and brings the total raised to $26.6 million.
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.
Alon Schindel and Amitai Cohen, two researchers at Wiz, on Tuesday launched a community-based website — cloudvulndb.org — to list all cloud vulnerabilities and security issues.
The number of cyberattacks continues to increase as well as their level of sophistication. For this reason, the behavior of each actor in the cyber arena is becoming a national security concern for every government.
Despite all of the disruption caused by Google’s legal and technical meddling, AWM is still around and nearly as healthy as ever, although the service has been rebranded with a new name and there are dubious claims of new owners.
Keona Clipper, a new malware threat is stealing cryptocurrencies from infected computers by replacing the user wallet address with its own. It leverages Telegram to stay hidden. Researchers identified over 90 different iterations of Keona since May, indicating wide deployment. Users should take utmost precaution while making payments in cryptocurrency.
With the latest update, Mozilla has patched CVE-2022-34470, a high-severity use-after-free issue in nsSHistory that was triggered when navigating between XML documents, and which could lead to a potentially exploitable crash.
Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in Australia, Canada, and the United States.
The targeting and the timing coincided with the Russian invasion of Ukraine, with key migration organizations receiving malicious emails containing macro-laden documents.
ReversingLabs recently discovered a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks.
The impacted arm of Apetito in the U.K delivers ready meals to hospitals, care homes, schools, childcare facilities, and the homes of vulnerable people across the west of England.
The PyPI repository containing malicious Python packages are steal sensitive data before sending it to publicly exposed endpoints. The sensitive data includes AWS credentials as well as environment variables. The stolen data is stored in TXT files and uploaded to a PyGrata[.]com domain. The endpoint though wasn't properly secured, leaving a loophole for the analysts to see what threat actors have stolen.
The LockBit RaaS launched LockBit 3.0, the first-ever ransomware bug bounty program for security experts to submit bug reports and get rewarded with up to $1 million. Various bug bounty categories include website bugs (such as XSS vulnerabilities, and MySQL injections), Locker bugs (bugs in the ransomware itself), TOX messenger vulnerabilities, and Tor network vulnerabilities.
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
Red Hat Security Advisory 2022-5232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5239-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5344-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private show more ...
cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-5234-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-5219-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-5216-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5220-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, memory leak, privilege escalation, and use-after-free vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.
Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated
Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other
The FBI has warned that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs.