Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for What is Scam and How ...

 What is

Have you ever felt unsure about an email, text, and phone call asking for personal details or money? Scams are all around us these days - from fraudulent emails trying to steal login credentials and bank details to sophisticated phone calls pretending to be from tech support or government agencies. In 2020 alone,   show more ...

American consumers lost over $3.3 billion to internet fraud as reported by the FBI Internet Crime Complaint Center. The disturbing reality is that anyone can fall prey to a cyber scam if we are not cautious. We work, shop, socialize and manage our finances virtually each day without giving it much thought. However, this hyper-connectivity comes with risks - one of the major dangers lurking in cyberspace are online scams. We will discuss what scam is and everything you must know here! What is Scam? A scam refers to any deceptive activity aimed at obtaining money or valuable assets from individuals through fraudulent means. Spam, on the other hand, involves the mass distribution of unsolicited messages via email, instant messaging, or other digital platforms, often favored by advertisers due to its low operating costs. Scammers, the individuals behind scams, employ various tactics such as unwanted phone calls and misleading pop-up ads to deceive unsuspecting individuals. They may impersonate officials from reputable computer or software companies and employ techniques like requesting remote access to victims' computers to steal sensitive information or sell unnecessary products or services. While some scammers are easily identifiable, others may be more sophisticated and harder to detect. The primary objectives of scammers include: Obtaining personal information. Persuading individuals to accept dubious offers without seeking advice. Convincing them to send money based on false promises. Enticing them to make purchases without proper inspection. Common Types of Scams Fraud and scams come in various forms and can target individuals through different means. Being aware of the common types of fraud and scams can aid you recognize warning signs and take necessary precautions to protect yourself, your loved ones, and your finances. Here's a detailed overview of some prevalent scams and fraud schemes: 1) Charity Scams: Charity scams involve thieves posing as legitimate charitable organizations or creating fake charities to solicit money from unsuspecting individuals. These scams often increase during holidays or natural disasters, where scammers exploit people's generosity. To avoid falling victim to charity scams, always verify the legality of a charity by researching its details, such as address and phone number, and confirming its authenticity through trusted sources. 2) Debt Collection Scams: Scammers posing as debt collectors may attempt to coerce individuals into paying nonexistent debts or debts that have already been settled. It's crucial not to provide any personal or financial details until you can verify the legitimacy of the debt. Requesting more information or using sample letters to seek validation can help prevent falling victim to such scams. 3) Debt Settlement and Relief Scams: Debt settlement or relief companies may promise to renegotiate or settle debts but often engage in deceptive practices that can leave individuals in further financial distress. Beware of companies that guarantee debt settlement and charge upfront fees. Instead, seek assistance from nonprofit credit counseling programs for reliable debt management options. 4) FDIC Logo Misuse: Scammers may misuse the FDIC logo or falsely claim FDIC insurance to gain individuals' trust and falsely assure the safety of their money. Always verify the authenticity of FDIC-insured banks through official channels to ensure the safety of your deposits. 5) Foreclosure Relief or Mortgage Loan Modification Scams: Fraudulent schemes promising foreclosure relief or mortgage loan modifications may exploit homeowners' vulnerabilities by making false promises to save them from foreclosure. Seek assistance from HUD-approved housing counseling agencies to explore legitimate options and avoid becoming a victim of foreclosure relief scams. 6) Grandparent Scams: Grandparent scams involve scammers impersonating relatives in distress, such as grandchildren, and requesting money or gift cards to help them out of supposed trouble. Be cautious of unsolicited requests for financial assistance and cross check the identity of the caller before giving any funds. 7) Imposter Scams: Imposter scams involve scammers posing as trusted individuals or organizations, such as government officials or charities, to deceive victims into sending money. Always verify the authenticity of the caller or organization independently to avoid falling for imposter scams. 8) Mail Fraud: Mail fraud schemes lure individuals with false promises of valuable rewards or prizes in exchange for upfront payments or personal information. Recognize warning signs, such as requests for immediate payments or personal information, and report suspected mail fraud to the appropriate authorities. 9) Money Mule Scams: Money mule scams involve individuals unwittingly assisting fraudsters by receiving and transferring funds obtained through fraudulent means. Avoid involvement in suspicious financial transactions and be cautious of offers promising easy money or employment opportunities. 10) Money Transfer or Mobile Payment Services Fraud: Con artists exploit money transfers and mobile payment services to defraud individuals by tricking them into sending money or merchandise without receiving the promised benefits. Only use trusted payment methods and avoid sending money to unfamiliar individuals or businesses to prevent falling victim to fraudulent schemes. 11) Mortgage Closing Scams: Scammers target homebuyers nearing mortgage closing dates by posing as real estate or settlement agents to steal their closing funds. Take precautions, such as verifying payment instructions directly with trusted individuals, to safeguard against mortgage closing scams. 12) Lottery or Prize Scams: Lottery or prize scams involve scammers falsely claiming that individuals have won prizes or lottery winnings, requiring upfront payments or personal information. Exercise caution when contacted about unexpected winnings and avoid providing sensitive information or making payments to unknown parties. 13) Romance Scams: Romance scams exploit individuals' emotions by deceiving them into forming romantic connections online, ultimately seeking financial gains. Stay vigilant and avoid sharing personal or financial information with unfamiliar online acquaintances to protect against romance scams. By familiarizing yourself with these common types of fraud and scams, you can enhance your awareness and resilience against deceptive practices, ultimately safeguarding yourself and your finances from potential harm. How to Identify a Scam? Here is how you can spot scams: Insistence on Full Payment and No Negotiation: Scammers often push for full payment without allowing any negotiation and may even demand that you cover shipping costs upfront. Refusal to Allow Property Inspection: When dealing with rental properties, if the landlord refuses to let you inspect the property, it could be a red flag for a scam. Excuses and Pressure Tactics: Scammers may use various excuses and pressure tactics to coerce you into making quick payments, such as claiming that the deal is off unless immediate payment is made, citing personal emergencies like a family member's death, or threatening legal consequences if payment isn't sent promptly. Request for Payment in Gift Cards: Beware of requests to make payments using gift cards, as scammers often prefer this method to avoid traceability. Claim of Unavailability: Scammers may claim to be out of town or unavailable to meet in person, making excuses to delay face-to-face interactions. Lack of Company Information: If the seller or service provider doesn't have a visible online presence, lacks company details, or uses a name similar to well-known brands, it could indicate a scam. Solicitation of Banking ID Details: Be cautious if asked to provide sensitive banking information for payment, especially if the transaction does not involve secure online payment methods. Inaccessible Contact Information: Scammers may avoid answering phone calls or providing consistent contact information, making it challenging to reach them. Overly Friendly Behavior: Scammers may feign affection or respect to build trust, but it's often a tactic to manipulate victims emotionally. Elusiveness and Changing Contact Details: Be wary if the scammer constantly changes phone numbers or online profiles, making it difficult to track them down. How to Keep Yourself Safe from Scams Using Cybersecurity Here are tips to keep yourself safe from scams: Keep Software Updated: Please ensure that the operating system, antivirus softwares, web browsers, and other applications are updated with the latest security patches. This helps protect against known vulnerabilities exploited by scammers. Use Strong Passwords: Develop complex passwords for your online accounts, comprising a mix of letters, numbers, and special characters. Avoid using easily guessable passwords and refrain from sharing them with others. Enable Two-Factor Authentication (2FA): Enable 2FA whenever possible to involve an extra layer of security to your accounts. This requires a second form of verification, like as a code sent to your mobile or email, to access your account. Be Cautious Suspicious Emails: Be cautious when clicking on emails from unknown senders or clicking on links and attachments. Look out for spelling errors, grammatical mistakes, and suspicious requests for personal or financial information. Verify Website Security: Before entering the sensitive information on a website, please ensure that it is secure by checking for "https://" and a padlock symbol in the address bar. Avoid entering personal details on unsecured websites. Educate Yourself: Stay informed regarding common types of scams and cyber threats prevalent online. Educate yourself about phishing, malware, ransomware, and other tactics used by scammers to deceive individuals. Use Secure Wi-Fi Networks: Avoid connecting to public Wi-Fi networks for sensitive activities like online banking or shopping. Instead, use a secure, password-protected network or a virtual private network (VPN) for added security. Protect Personal Information: Be cautious regarding sharing personal information online, especially on social media platforms. Avoid oversharing details that could be used by scammers to impersonate you or steal your identity. Install Security Software: Install trusted antivirus and anti-malware software on your devices to identify and remove malicious threats. Regularly scan your system for viruses & malware to ensure it remains protected. Internet Rules To be Followed Here are internet rules you need to be followed: 1) Practice Respect: Respect Diversity: Acknowledge and appreciate the diverse backgrounds, experiences, and cultures of individuals you interact with online. Respect Privacy: Safeguard the privacy of others by refraining from sharing personal information, images, or files without their explicit consent. 2) Uphold Ethical Standards: Avoid Copyright Infringement: Refrain from using copyrighted content without proper authorization, respecting the intellectual property rights of creators and owners. Share Knowledge Responsibly: Share information and knowledge online, ensuring accuracy and clarity. Avoid duplicating existing content and contribute positively to the digital community. 3) Exercise Responsibility: Combat Cyber Bullying: Take a stand against cyberbullying, recognizing its harmful impact on victims. Refrain from engaging in or promoting online harassment, and be mindful of the consequences of digital actions. Ignore Trolls: Resist the urge to engage with internet trolls seeking to provoke or disrupt. Disengage from troll behavior by refusing to respond, thereby denying them the attention they seek. Wrapping Up! Scam is a malicious act that targets individuals and organizations by using fraudulent means to obtain personal information or money.  With the extensive use of technology in our day to day life, scams have become more prevalent and sophisticated, making it even more important for us to stay vigilant and save ourselves from potential threats. This is where cybersecurity plays a crucial role in safeguarding our personal and sensitive information. By understanding the common types of scams and following good cybersecurity practices such as regularly updating your software, creating strong passwords, and being cautious of suspicious emails or websites, you can greatly lessen your risk of being victim to a scam. It is also important to be aware of any red flags or warning indications that may indicate a potential scam and to always trust your gut feelings when sharing the personal information or making financial transactions. Key Highlights Scams encompass fraudulent activities aimed at deceiving individuals to obtain money, sensitive information, or valuables through deceitful means. Common scams include phishing, fake charity appeals, lottery scams, and romance scams, among others. Utilize cybersecurity tools such as antivirus software, firewalls, and secure browsing practices to safeguard your devices and personal information. Stay informed about common scam tactics and practice vigilance while interacting online to mitigate the risk of falling victim to scams. FAQ's What is a scam? A scam is any fraudulent activity or deceptive technique aimed at obtaining money, sensitive information, or other valuable assets from individuals through deceitful means. How can I identify a scam? Look out for unsolicited requests for personal information or payments. Be cautious of offers that seem too good to be true. Verify the legitimacy of organizations or individuals before providing any sensitive information or making transactions. What are common types of scams? Common scams include phishing emails, fake charity appeals, lottery or prize scams, and romance scams, among others. Scammers often use various tactics to manipulate individuals into providing money or personal details. How can cybersecurity help protect against scams? Cybersecurity measures, like antivirus software, firewalls, and secure browsing practices, can help safeguard your devices and personal information from online threats. Additionally, staying informed about common scam tactics and practicing vigilance while interacting online are essential for staying safe from scams.

image for What Is Lateral Move ...

 What is

Imagine a thief dancing through your house, undetected, searching for your valuables. That's exactly what happens in a cyberattack when hackers gain a foothold and begin "lateral movement." In Fact, 25% of data breaches involve lateral movement! Hackers can spend weeks or months silently hopping from   show more ...

system to system, stealing your data, installing ransomware, or wreaking havoc on your network. It's a scary thought, but don't panic! In this article, we'll talk about what is lateral movement in cyber security, how it happens, what the stages are, and how to prevent it! What Is Lateral Movement in Cyber Security? Imagine a thief breaking into your house. They don't just grab the first thing they see and flee. They creep around, searching for valuables in different rooms. This is precisely analogous to what happens in cyber security with lateral movement. In the digital world, lateral movement refers to a cyberattacker's strategy after gaining initial access to a network. Their objective isn't to stay put; it's to spread their reach and navigate the network undetected. Think of it as the attacker moving laterally across the network map, seeking out more critical systems and sensitive data. This ability to move freely within a network allows attackers to achieve their ultimate goals, which can include: Data Exfiltration: Stealing sensitive information like financial records, intellectual property, or personal data. Disruption: Taking control of critical systems and causing operational downtime or outages. Deployment of Ransomware: Encrypting important data and demanding a ransom for its decryption. Lateral movement is a crucial tactic employed by Advanced Persistent Threats (APTs). Unlike basic cyberattacks that aim for quick gains, APTs are sophisticated and methodical. They establish persistence within a network, allowing them to move laterally and achieve their objectives over a longer period. How Does Lateral Movement Work? The success of lateral movement hinges on the attacker's ability to blend in with legitimate network traffic. Here's a breakdown of the typical workflow: Initial Foothold: The attacker exploits a vulnerability in a system (through phishing, malware, etc.) to gain a foothold within the network. Reconnaissance: Once inside, the attacker gathers information about the network layout, user accounts, and system permissions. This reconnaissance helps them identify potential targets and choose their next move. Credential Theft: Attackers often target privileged accounts with higher access levels. They might use various techniques like social engineering or brute-force attacks to steal usernames and passwords. Exploiting Vulnerabilities: Attackers may exploit unpatched vulnerabilities in operating systems or applications to elevate their privileges on compromised systems. Moving Laterally: Armed with stolen credentials or elevated privileges, the attacker can move laterally to other devices and servers within the network. This process continues until they reach their target or are detected. What Are the Stages of Lateral Movement? Lateral movement is a multi-step process attackers undertake to expand their foothold within a compromised network. Here's a detailed breakdown of the stages involved: Maintaining Access (Establishing Persistence): The initial compromise might be through a phishing email, a malware download, or an exploited vulnerability. However, the attacker's primary concern becomes ensuring they can maintain access even if the compromised system is rebooted or security measures are implemented. Common techniques used at this stage include: Installing Backdoors: Backdoors are malicious programs that provide the attacker with a persistent remote access channel to the compromised system. These backdoors can be hidden within legitimate files or processes, making them difficult to detect. Modifying System Configuration: Attackers might modify system configurations (startup scripts, registry entries) to ensure their backdoor or malicious code automatically launches whenever the system restarts. Gaining Foothold in Active Directory: In a Windows domain environment, attackers might target Active Directory, the directory service that manages user accounts and permissions. By compromising user accounts or gaining control over domain controllers, they can gain widespread access throughout the network. Lateral Movement Techniques: Once the attacker has established persistence, they can leverage various techniques to move laterally across the network. Here are some common methods: Remote Access Tools: Legitimate remote access tools like RDP (Remote Desktop Protocol) or SSH (Secure Shell) can be misused by attackers to access other systems remotely. By exploiting weak passwords or misconfigurations, they can pivot from the initially compromised system to other devices. Pass-the-Hash (PtH) Attacks: Attackers can steal password hashes (scrambled versions of passwords) from the compromised system. These hashes can then be used to authenticate to other systems if they share the same password hashing algorithm. Exploiting Network Shares: Network shares are folders or drives on a network that are accessible to other users or groups. Attackers might exploit misconfigurations in network share permissions to gain access to sensitive data on other systems. Lateral Phishing: Attackers may use information gleaned from the compromised system (email addresses, contact lists) to launch targeted phishing attacks against other users within the network. These phishing emails might trick users into revealing their credentials or clicking on malicious links that further compromise other systems. Escalating Privileges: Gaining access to a standard user account might not be enough for the attacker to achieve their objectives. They often seek to escalate their privileges to gain access to more sensitive systems and data. Techniques used for privilege escalation include: Exploiting Local Vulnerabilities: Attackers may exploit unpatched vulnerabilities in the operating system or applications running on the compromised system to elevate their privileges. Lateral Privilege Escalation: Techniques like PtH attacks or exploiting misconfigured service accounts can be used to gain access to privileged accounts on other systems within the network. Zero-Day Exploits: In some cases, attackers might leverage zero-day exploits – vulnerabilities unknown to software vendors – to escalate privileges. Command and Control (C&C) Communication: Attackers establish communication channels with their C&C servers to receive instructions, upload stolen data, and maintain control over compromised systems. These C&C servers can be located anywhere in the world, making it challenging to track and disrupt them. Techniques used for C&C communication include: DNS Tunneling: Attackers can hide their communication within seemingly legitimate DNS requests, making it difficult to detect by traditional security measures. Steganography: Data can be hidden within images, videos, or other seemingly harmless files, allowing attackers to exfiltrate stolen information under the radar. Peer-to-Peer (P2P) Networks: Attackers might leverage P2P networks to establish a decentralized C&C infrastructure, making it more resilient to takedowns. Actions on Objectives: Once attackers have reached their target systems or elevated their privileges to the desired level, they can initiate actions aligned with their overall goals. These actions may include: Data Exfiltration: Stealing sensitive information like financial records, intellectual property, or personal data. Attackers might exfiltrate data through various channels, including the C&C server, cloud storage services, or removable media. Disruption and Denial-of-Service (DoS) Attacks: Taking control of critical systems and causing operational disruptions or complete outages. This can cripple essential services and cause significant financial losses. Ransomware Deployment: Encrypting important data and demanding a ransom for its decryption. Ransomware attacks have become a major threat in recent years, causing havoc for businesses and organizations. How to Detect Lateral Movement in Cyber Security? Early detection of lateral movement is crucial to minimize the damage caused by cyberattacks. Here are some methods to identify lateral movement within your network: Security Information and Event Management (SIEM) Systems: These systems collect and analyze logs from various network devices and security tools, allowing you to identify suspicious activity patterns indicative of lateral movement. User and Entity Behavior Analytics (UEBA): UEBA solutions monitor user and device activity within the network to detect anomalies that might suggest unauthorized access or lateral movement attempts. Network Traffic Analysis: By closely monitoring network traffic flow and identifying unusual connections or access attempts to unauthorized resources, you can potentially detect lateral movement. Endpoint Detection and Response (EDR) Tools: EDR solutions provide visibility into what's happening on individual devices within the network. They can detect suspicious activities like unauthorized login attempts or privilege escalation, which could be signs of lateral movement. Examples of Lateral Movement in Cyberattacks Here are a couple of real-world examples to illustrate how lateral movement works in cyberattacks: The NotPetya Attack (2017): This devastating ransomware attack exploited a vulnerability in Ukrainian tax accounting software. Attackers gained initial access through phishing emails and then used stolen credentials to move laterally across the network, ultimately deploying ransomware that crippled critical infrastructure. The SolarWinds Supply Chain Attack (2020): Attackers compromised the SolarWinds Orion platform, a network monitoring software used by many organizations. This allowed them to insert malicious code into software updates that, when installed, provided them with a foothold within victim networks. Once inside, they could move laterally to access sensitive data and systems. How to Prevent Lateral Movement in Cyber Security? Lateral movement thrives on weak network security practices. Here are some key strategies you can implement to fortify your defenses: Principle of Least Privilege (POLP): Grant users only the minimum level of access required to perform their jobs. This minimizes the potential damage if an attacker compromises a user account. Multi-Factor Authentication (MFA): Implement MFA for all user accounts, adding an extra layer of security beyond usernames and passwords. MFA requires a secondary verification factor, like a code from a mobile app, to access sensitive systems. Application Whitelisting: Restrict access to only authorized applications on user devices. This prevents attackers from executing malicious software that could facilitate lateral movement. Network Segmentation: Divide your network into smaller segments with restricted access between them. This limits the attacker's ability to move freely across the entire network if they gain access to a single device. Vulnerability Management: Regularly patch vulnerabilities in operating systems, applications, and network devices. Unpatched vulnerabilities are easy targets for attackers to exploit and gain a foothold within the network. Endpoint Security Solutions: Deploy endpoint security solutions that monitor devices for suspicious activity and provide real-time protection against malware and other threats. Regular Security Awareness Training: Train employees on cybersecurity best practices, including how to identify phishing attempts and avoid social engineering tactics. This can significantly reduce the risk of attackers gaining initial access through social engineering techniques. Continuous Monitoring: Continuously monitor your network activity for suspicious behavior using security tools like SIEM and UEBA. This allows you to detect potential lateral movement attempts and take swift action. What Do You Do If You Find Lateral Movement in Your Network? Discovering lateral movement within your network can be a stressful situation. However, by following a structured approach, you can effectively contain the threat, minimize damage, and prevent future occurrences. Here's a detailed breakdown of the steps to take: Isolate the Compromised System: Immediate Action: Your top priority is to prevent the attacker from spreading laterally and compromising more systems. Isolate the infected system from the network as quickly as possible. This could involve: Disabling the network adapter on the infected device. Moving the device to a separate, isolated network segment. Shutting down the system entirely if necessary (consider the criticality of the system and potential data loss). Identify Additional Compromised Systems: While isolating the initial entry point, conduct a quick investigation to identify other potentially compromised systems. Utilize security tools like SIEM or EDR to look for signs of suspicious activity across the network. Contain the Threat: Stop Further Attacks: Once you've isolated the compromised system, take steps to prevent further lateral movement and potential data exfiltration. This may involve: Disabling user accounts suspected of being compromised. Changing passwords for all potentially affected accounts, enforcing strong password complexity requirements. Blocking access to command-and-control servers used by the attacker to communicate and receive instructions. Investigate the Incident: Gather Evidence: Collect forensic evidence from the compromised system(s) for further analysis. This may include logs, memory dumps, and suspicious files. Utilize forensics tools to reconstruct the attacker's actions and identify the attack vectors used. Determine Scope of Breach: Investigate the extent of the attacker's movement within the network. Identify what data may have been accessed, modified, or exfiltrated. Tools like network traffic analysis can be helpful in this stage. Remediate the Issues: Patch Vulnerabilities: Identify and patch vulnerabilities exploited by the attackers. This applies not just to the compromised system, but to all systems within the network to prevent similar attacks in the future. Review Security Policies: Analyze your existing security policies and identify any weaknesses that might have facilitated lateral movement. Consider implementing stricter access controls, network segmentation, or multi-factor authentication (MFA) where appropriate. Recover from the Attack: System Restoration: If feasible, restore compromised systems from backups created before the attack. Ensure backups are secure and not accessible from compromised systems. Data Recovery: If data was exfiltrated during the attack, attempt to recover it from backups. Consider involving data recovery specialists if necessary. Improve Security Posture: This is an ongoing process. Leverage the findings from the investigation to enhance your overall security posture. Update security tools, conduct vulnerability assessments regularly, and continuously monitor network activity for suspicious behavior. Report the Incident: Internal Reporting: Inform relevant internal stakeholders about the incident, including the extent of the breach and potential impact. This helps ensure everyone is aware of the situation and can take appropriate precautions. External Reporting: Depending on the severity of the attack, regulations in your industry, or the type of data compromised, you might be required to report the incident to relevant authorities like law enforcement or data protection agencies. Key Takeaways Lateral movement allows attackers to roam freely within your network after gaining initial access, increasing the risk of data breaches and system disruptions. Early detection is critical; utilize security tools like SIEM, UEBA, and EDR to identify suspicious activity indicative of lateral movement. Implement robust security practices like the principle of least privilege, multi-factor authentication, and network segmentation to make it difficult for attackers to move laterally. If you suspect lateral movement, isolate compromised systems, contain the threat, investigate the incident, remediate vulnerabilities, and recover your network. FAQs What is lateral movement vs vertical movement in cyber security? Lateral movement involves the horizontal spread across a network once an initial breach is achieved, while vertical movement refers to escalating privileges within the network to gain deeper access. What is the lateral movement path? The lateral movement path is the route taken by an attacker within a network to move from one compromised system to another, often using legitimate credentials or exploiting vulnerabilities. What is lateral movement in threat hunting? Lateral movement in threat hunting refers to identifying and tracking an attacker's movement within a network to understand the extent of a compromise and mitigate further damage. What are lateral movement use cases? Attackers commonly use lateral movement to gain access to sensitive data, escalate privileges, or spread malware within a network, highlighting the importance of detecting and preventing such movements. What is lateral movement in Mitre ATT&CK? In the Mitre ATT&CK framework, lateral movement is a tactic attackers use to move through a network after initial access, aiming to achieve their objectives.

image for What Is Tor Browser: ...

 What is

Have you ever felt like the internet is following you around? Ever Googled something random, only to be bombarded with eerily relevant ads for days on end? It's not paranoia – it's the reality of online tracking in the 21st century. According to research, 72% of Americans believe that most of what they do   show more ...

online is being tracked by companies. But what if there was a way to browse the web anonymously, like a digital ghost slipping through the internet's back alleys? Well, that’s what the Tor browser is for. It is a free and powerful tool that can help you reclaim your online privacy. In this article, we’ll talk about what is Tor browser, what it is used for, how it works, and much more! What is Tor Browser? Tor, standing for The Onion Router, is a free and open-source software that anonymizes your internet traffic. Developed by The Tor Project, it utilizes a vast network of volunteer-run servers called relays to encrypt and reroute your data packets before reaching their destination. This process, akin to peeling an onion, makes it extremely difficult to trace your online activity back to its source. The Tor browser is a customized version of Firefox specifically designed to function seamlessly with the Tor network. It comes pre-configured with security features to further protect your privacy, such as blocking malicious scripts and preventing browser fingerprinting. How Does a Tor Browser Work? Imagine yourself sending a secret message across enemy territory. Instead of a single route, you break the message down into pieces and send them through a series of trusted couriers, each unaware of the message's origin or final destination. This layered approach, with each courier removing a piece of the wrapper to reveal the next recipient, forms the core principle behind the Tor network and how the Tor browser leverages it. Here's a more detailed breakdown of the process: Entry Node: When you access a website using the Tor browser, your internet traffic first enters the Tor network through an entry node. This relay acts as your initial point of contact, stripping away the first layer of information from your data packet. This layer typically contains the destination address of the website you're trying to reach. The entry node doesn't know the ultimate destination or the contents of your data, only the address of the next relay in the chain. Circuit Selection: The Tor browser employs a process called circuit selection to choose the path your data will take through the network. This selection prioritizes factors like uptime, bandwidth availability, and exit node location to optimize speed and avoid overloaded relays. Middle Relays: Once the entry node removes the first layer, it encrypts the remaining data packet and sends it to a randomly chosen middle relay within the Tor network. Similar to the entry node, this middle relay only sees the address of the previous relay and the next one in the sequence. It removes another layer of encryption, revealing instructions for the next hop, and forwards the data packet on its encrypted journey. This process of relaying and decrypting a single layer at each middle node continues through a predetermined number of relays (typically two or three) chosen during the circuit selection phase. The number of middle relays helps to further anonymize your traffic by adding more layers of obfuscation. Exit Node: The final stop in the journey is the exit node. This relay receives the final layer of encrypted data, decrypts it completely, and forwards the unencrypted information to the website you're trying to access. The website perceives the connection as originating from the IP address of the exit node, not yours. Return Path: The response from the website travels back through the established circuit in reverse order. Each relay re-encrypts the data packet with a layer specific to it before passing it on. Finally, the fully encrypted response reaches your device through the entry node, completing the anonymized communication cycle. What is the Tor Browser Used For? The Tor browser offers a range of benefits for users seeking enhanced online privacy and anonymity. Here are some common use cases: Protecting yourself from online surveillance: Journalists and activists: Individuals working in oppressive regimes or covering sensitive topics can leverage Tor to communicate securely with sources and access censored information. Whistleblowers: Those exposing wrongdoing within organizations can utilize Tor to anonymously report misconduct without fear of retaliation. Privacy-conscious individuals: Anyone concerned about online monitoring by governments, corporations, or other entities can use Tor to browse the web with greater anonymity. Bypassing censorship: Users in censored countries: Tor allows individuals living under regimes that restrict internet access to bypass censorship and access information that might be blocked in their location. This can include news websites, social media platforms, or educational resources. Research and education: Academics and researchers can access information that might be restricted in their region for research purposes. Students can also utilize Tor to access educational materials that might be blocked by their schools or institutions. Increased privacy: Minimizing online tracking: By masking your IP address and location, Tor makes it difficult for advertisers and trackers to follow you across the web. This can help you avoid targeted advertising and create a more private browsing experience. Protecting sensitive information: When accessing financial information, making online purchases, or using public Wi-Fi networks, Tor can provide an extra layer of security and help prevent unauthorized access to your data. Other legitimate uses: Accessing blocked services: Tor can be used to access geo-restricted services that might not be available in your region, such as streaming platforms or online games. Legal research: Lawyers and legal professionals can use Tor to access legal databases or resources that might be restricted for public access. Benefits of Tor Browser Using the Tor browser provides several advantages for privacy-conscious individuals. Here's a more detailed breakdown of the key benefits: Enhanced anonymity: The multi-layered encryption and relay system make it highly challenging for anyone to track your online activity. This anonymity can be beneficial for: Journalists and activists: They can communicate securely with sources and access censored information without fear of retaliation. Individuals in restricted regions: Users living under oppressive regimes can bypass censorship and access information that their governments might restrict. Anyone seeking privacy: Tor allows you to browse the internet without being tracked by advertisers, data brokers, or even your internet service provider (ISP). This can be particularly useful if you're concerned about targeted advertising or online profiling. Bypassing censorship: Tor allows you to access information and websites that might be blocked in your geographical location. This can be helpful for: Accessing educational resources: Students and researchers can access information that might be restricted in their region due to political or educational limitations. Staying informed: Users living in countries with strict internet censorship can access news and information from around the world. Exploring diverse content: Tor allows you to access websites and services that might be geographically restricted, such as streaming platforms or social media sites unavailable in your region. Reduced online tracking: By hiding your IP address, Tor makes it difficult for advertisers and trackers to follow you across the web. This can benefit users who are concerned about: Targeted advertising: Tor helps you avoid being bombarded with ads based on your browsing history. Data collection: Limiting online tracking helps reduce the amount of data third-party companies can collect about you and your browsing habits. Building a digital profile: By masking your IP address and online activity, Tor makes it more challenging for companies and websites to build a comprehensive profile about you. Increased security: Tor can add an extra layer of security when accessing sensitive information on public Wi-Fi networks. Public Wi-Fi connections are often unsecured, making your data vulnerable to interception. Using Tor encrypts your traffic, making it more difficult for hackers or snoopers to steal your information. What is the Difference Between Tor, VPNs, and Proxy Servers? While all three tools aim to enhance online privacy, they function in distinct ways, offering varying levels of anonymity, security, and speed. Here's a detailed breakdown of their key differences: Anonymity: Tor Browser: Provides the highest level of anonymity by routing your traffic through a decentralized network of relays. Each relay only knows the previous and next hop in the chain, making it extremely difficult to trace your activity back to its source. However, it's important to remember that advanced techniques by determined adversaries could potentially de-anonymize users. Proxy Server: Offers a moderate level of anonymity. It acts as an intermediary between your device and the internet, masking your IP address from the website you're trying to access. However, the proxy server itself can see your activity and might log it. Additionally, some websites can still detect that you're using a proxy. VPN (Virtual Private Network): Provides moderate anonymity by masking your IP address and encrypting your traffic within a secure tunnel to a VPN server. This makes it difficult for your ISP or other third parties to track your online activity. However, the anonymity relies on the trustworthiness of the VPN provider, as they can potentially see your real IP address and browsing activity. Security: Tor Browser: Offers good security by encrypting your traffic multiple times as it travels through the Tor network. However, it's important to be aware that malicious exit nodes are a possibility, and Tor itself doesn't protect against malware or other online threats. Proxy Server: Offers limited security. While it can hide your IP address, it doesn't encrypt your traffic. This means your data is still vulnerable to interception on unsecured networks. VPN: Provides good security by encrypting your entire internet traffic, making it unreadable to anyone snooping on your connection. This adds a layer of protection, especially on public Wi-Fi networks. However, the security ultimately depends on the encryption strength used by the VPN provider. Speed: Tor Browser: The multi-layered routing process in Tor can significantly slow down your internet connection. This is because your data takes a longer path compared to a direct connection. Proxy Server: Speed can vary depending on the proxy server's location and load. Generally, using a proxy server has a minimal impact on your internet speed compared to Tor. VPN: Offers moderate speed depending on the VPN server location and your internet connection plan. While there is some encryption overhead, reputable VPN providers typically offer good speeds for browsing and streaming. Cost: Tor Browser: Completely free and open-source software. Proxy Server: There are both free and paid proxy servers available. Free proxy servers often come with limitations like slower speeds or intrusive advertising. Paid proxy servers might offer better performance and features. VPN: Typically requires a subscription fee, although there are also free VPN options available. Free VPNs often have limitations such as data caps, slower speeds, or intrusive advertising. Paid VPNs generally offer better performance, security features, and server locations. Ease of Use: Tor Browser: Relatively easy to use, with a familiar interface based on Firefox. However, configuring advanced settings might require some technical knowledge. Proxy Server: Setting up a proxy server can be more technical, requiring configuration changes in your web browser or device settings. VPN: Generally the easiest to use. Most VPN providers offer user-friendly apps for various devices with a simple one-click connection process. Is the Tor Browser Safe to Use? Tor offers significant privacy benefits, but it's not without limitations and potential risks. Here's what you need to understand: Slower Speeds: Due to the multi-layered routing process, Tor can significantly slow down your internet connection. Not Foolproof Anonymity: While tracing your activity back to you is difficult, it's not impossible. Law enforcement agencies with advanced resources may be able to de-anonymize users under certain circumstances. Malicious Exit Nodes: There's a small chance of encountering a malicious exit node that could potentially monitor your traffic. Deep Web vs. Dark Web: It's important to understand the difference. Tor is often associated with the dark web, which can harbor illegal activity. However, Tor itself is simply a privacy tool and can be used to access the regular web (surface web) anonymously as well. How to Stay Safe While Using the Tor Browser? The Tor browser offers a powerful shield for online privacy, but it's not an impenetrable fortress. Here are some crucial steps to maximize your safety while navigating the Tor network: 1. Keep Your Software Updated Just like any other software, the Tor browser receives regular updates that patch vulnerabilities and enhance security features. Make sure you're always using the latest version to benefit from these improvements. The Tor Project usually announces updates on their official website https://www.torproject.org/. 2. Practice Safe Browsing Habits Common sense applies in the realm of Tor just as much as on the regular web. Be wary of clicking on suspicious links, downloading unknown files, or entering personal information on unverified websites. Remember, anonymity can be a double-edged sword, and malicious actors might try to exploit unsuspecting users. 3. Beware of Malicious Exit Nodes As mentioned earlier, there's a slight chance of encountering a compromised exit node within the Tor network. While this is uncommon, it's still a possibility to consider. Here are some ways to mitigate this risk: Use Bridges: Bridges are additional entry points into the Tor network that are not publicly listed. You can obtain bridge information from the Tor Project website but be cautious as some bridges might also be compromised. Consider a VPN: Pairing Tor with a trusted VPN service adds an extra layer of encryption before your data enters the Tor network. This can offer some additional protection against malicious exit nodes. 4. Use Privacy-Focused Search Engines When using Tor, avoid search engines like Google or Bing that might track your searches and build a profile on you. Instead, opt for privacy-focused search engines like DuckDuckGo https://duckduckgo.com/ that prioritize user anonymity. 5. Be Mindful of What You Access The dark web, a subset of the deep web accessible only through Tor, can be a breeding ground for illegal activity and malware. It's best to steer clear of these areas unless you have a specific and legitimate reason to access them. Even then, proceed with extreme caution and only visit trusted dark web resources. 6. Don't Use Tor for Illegal Activities Tor is a legitimate tool for protecting privacy, but using it for illegal purposes can have serious consequences. Law enforcement agencies have methods to track down users involved in criminal activity, even on the Tor network. 7. Use Antivirus and Anti-Malware Software While Tor protects your online traffic, it doesn't safeguard your device from malware that might be lurking on websites you visit. Having a robust antivirus and anti-malware program running alongside Tor is an essential safety measure. 8. Disable Unnecessary Plugins The Tor browser comes with security features pre-enabled, including blocking plugins like Flash and Java. These plugins can be vulnerabilities, so avoid enabling them unless absolutely necessary. Key Takeaways The Tor browser anonymizes your internet traffic by routing it through a network of relays, making it difficult to track your online activity. While Tor offers strong anonymity and helps bypass censorship, it can be slower than a traditional connection and requires following safety practices. Tor is a free tool ideal for journalists, activists, or anyone seeking enhanced online privacy, but it's not a foolproof solution and should not be used for illegal activities. To maximize your online privacy with Tor, consider combining it with a VPN, keeping the software updated, and practicing safe browsing habits. FAQs Who owns Tor? Tor is owned and maintained by The Tor Project, a non-profit organization dedicated to privacy and anonymity online. Why do hackers use Tor? Hackers use Tor to hide their identity and online activities, making it harder for authorities to trace their actions. Where is Tor illegal? Tor is illegal or heavily restricted in countries like China, Russia, and Iran, where governments seek to control and monitor internet usage. Can Tor give me a virus? Tor itself doesn't give you a virus, but using it doesn't guarantee protection from malicious sites or downloads. Users should still exercise caution. Is Google safer than Tor? Google and Tor serve different purposes; Google focuses on search and services, while Tor emphasizes privacy and anonymity. The safety of each depends on your needs and usage.

image for Classes Resume at Un ...

 Firewall Daily

The University of Winnipeg reacted to a 'cyber incident' affecting its infrastructure, prompting the cancellation of Monday's classes. The University of Winnipeg Cyber Incident occurred on Sunday, causing widespread outages across the university's operations. After implementing an immediate action   show more ...

plan, which involved shutting down several student and faculty services to secure its infrastructure and prevent further damage, the university resumed classes on Tuesday. The announcement regarding the cybersecurity incident, along with details of the action plan and responses to inquiries from students and staff, was posted on the university's website. University of Winnipeg Cyber Incident Update Although classes resumed on Tuesday for University of Winnipeg, PACE, and Collegiate students, online courses managed through NEXUS remained suspended initially. The university clarified that the incident wasn't classified as a cyberattack but rather labeled as a 'cyber incident. [caption id="attachment_60392" align="alignnone" width="1300"] Source: University of Winnipeg[/caption] Mitigation strategies were promptly implemented, including the temporary suspension of several operational services to facilitate a investigation into the incident. Despite the challenges posed by the disruption, the university remained committed to restoring interrupted services and minimizing the impact on academic activities. The disruption also affected the U of W Collegiate, a high school on campus serving students in grades 9-12, highlighting the repercussions of the University of Winnipeg cybersecurity incident. Students, faculty, and staff were advised to exercise caution and utilize alternative resources while the situation was being addressed. "We thank all students, faculty, and staff for their patience as we work to make all services available, and we look forward to having our community back on campus to finish the winter term. Although regular campus internet/Wi-Fi is not yet available, anyone on campus can able to access the internet using a temporary network titled TEMPWIFI", reads the notification letter. The university also notified students and faculty members to stay logged into their devices to avoid authentication issues. "Do not log out of your trusted device. If you have logged out of your trusted device and have no access to your institutional email, provide your instructor with an alternative email (e.g., your Gmail address)", added the university. The Response to the University of Winnipeg Cybersecurity Incident In response to the disruption, staff members were encouraged to work remotely if feasible, given the ongoing Wi-Fi and internet connectivity issues. Faculty members, including Scott Forbes, expressed concerns about the disruption's implications, particularly with impending exams and academic deadlines. The incident, which affected over 9,000 enrolled students, necessitated the cancellation of classes on Monday as a precautionary measure. Students were instructed to refrain from attending classes due to disabled campus Wi-Fi and the unavailability of critical academic services and resources. Efforts to restore interrupted services were underway, with updates on the progress provided to the university community through official channels. External partners were enlisted to assist in resolving the situation, and relevant authorities were duly notified about the incident. While awaiting further updates, students, faculty, and staff were directed to consult the university's FAQs for information and support regarding the ongoing situation. The Cyber Express reached out to the university for additional information regarding the University of Winnipeg cyber incident. However, at the time of writing this, no official statement or response has been received regarding any cyberattacks or involvement of a ransomware group. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NHS Scotland Faces D ...

 Dark Web News

The National Health System (NHS) of Scotland allegedly fell victim to a cyberattack, purportedly orchestrated by INC Ransom. The message about the NHS Scotland cyberattack was posted by the threat actor and forewarned the release of 3 terabytes of sensitive data. With approximately 140,000 staff spread across 14   show more ...

territorial NHS Boards, seven Special NHS Boards, and a public health body, the potential ramifications of this cyberattack on NHS Scotland are deeply unsettling. [caption id="attachment_60442" align="aligncenter" width="1024"] Source: NHS[/caption] Decoding the Alleged NHS Scotland Cyberattack The Cyber Express promptly reached out to the organization for clarification and insight into the NHS Scotland cyberattack. However, at the time of writing this, no official statement or response have been received, leaving the claims surrounding the cyberattack on NHS Scotland unverified. Coinciding with this cyberattack on the National Health System, INC Ransom also claimed responsibility for an alleged cyberattack on Barrie and Community Family Health Team. Moreover, this assault on NHS Scotland follows a disconcerting trend of cyber intrusions targeting healthcare organizations within the same timeframe. Adding to the apprehension, NHS Dumfries and Galloway, a vital component of Scotland's healthcare infrastructure, announced being under attack by a "focused and ongoing cyber attack."  Although specifics regarding the nature of the breach remain undisclosed, the health board warned of potential disruptions to services as a consequence of the situation. Moreover, there are concerns that patient data stored within its systems may have been compromised. The NHS Dumfries and Galloway Cyberattack In response to these threats, NHS Dumfries and Galloway has initiated collaborative efforts with law enforcement, including Police Scotland, as well as cyber security authorities such as the National Cyber Security Centre, and the Scottish government, to ascertain the full extent of the breach and mitigate its impact. This recent spate of cyberattacks bears close resemblance to past incidents, notably the widespread intrusion in 2020 that targeted more than 60 trusts within the United Kingdom's National Health Service (NHS), extending its reach to over 200,000 computer systems across 150 countries, including Canada.  The infamous "WannaCry" ransomware attacked the NHS in 2020, disrupting operations, compromising patient records, and necessitating the cancellation of appointments and surgeries in numerous NHS facilities. Despite assertions by UK Health Secretary Jeremy Hunt that there hasn't been a subsequent wave of attacks, the vulnerabilities exposed by such incidents remain a cause for concern. Critics have pointed fingers at the NHS, highlighting gaps in technology investment and outdated systems that rendered it susceptible to attacks like WannaCry. Although the NHS wasn't singled out as a primary target for WannaCry, its reliance on obsolete Windows operating systems, some over 15 years old and no longer supported by Microsoft, left it susceptible to exploitation.  The WannaCry Ransomware Spree The modus operandi of ransomware attacks, like WannaCry, often involves exploiting vulnerabilities in outdated systems, coupled with social engineering tactics to dupe unsuspecting users into inadvertently downloading malicious software.  The WannaCry ransomware attack of May 12, 2017, hit over 200,000 computers globally, leveraging an unpatched vulnerability to spread rapidly. Victims included major organizations like FedEx and the UK's NHS.  A "kill switch" was discovered, temporarily halting the attack, but many systems remained encrypted until ransom was paid or encryption was reversed. The attack used the EternalBlue exploit leaked by the Shadow Brokers, attributed to North Korea but disputed by some. Although the original version is defunct, variants still exploit EternalBlue, emphasizing the importance of updating systems.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Eavesdropping on key ...

 Business

U.S. researchers recently published a paper demonstrating that useful information can be extracted from the sounds of keystrokes. This is certainly not the first study of its kind; moreover, the results cant even be considered more accurate than the conclusions of its predecessors. However, what makes this one   show more ...

interesting is that the researchers werent aiming for perfect, lab-controlled conditions. Instead, they wanted to see how it works in fairly realistic conditions: a somewhat noisy room, a not-so-great microphone, and so on. Attack model We often get eavesdropped on without even realizing it. And Im not referring to spy movie clichés with bugs planted in offices and hotel rooms. Imagine youre stuck in a boring conference call at work and, at the same time, youre discreetly catching up on work emails or personal messages without muting your microphone. Guess what? Your colleagues can hear your keystrokes. Streamers — those who love broadcasting their gaming sessions (and other stuff) — are also at risk. They might get distracted mid-stream and, for example, type a password on the keyboard. While the keyboard itself may not be visible, someone could record the sound of the keystrokes, analyze the recording, and try to figure out what was typed. The first scientific study examining such an attack in detail was published in 2004. Back then, IBM researchers merely proposed a method and demonstrated the basic possibility of distinguishing one keystroke from another, but nothing more. Five years later in 2009, the same researchers attempted to solve the problem using a neural network: a special algorithm was trained on a 10-minute recording of keyboard input, with the text known in advance. This made it possible to associate specific keystroke sounds with typed letters. As a result, the neural network recognized up to 96% of the characters typed. However, this result was obtained in a lab-controlled environment. The room was completely silent, a high-quality microphone was used, and the text was typed more or less consistently (with roughly the same typing speed and keystroke force). Moreover, a loud mechanical keyboard was used. This study demonstrated the theoretical possibility of an attack, but its results were difficult to apply in practice: if you change the typing style slightly, change the keyboard, or add natural ambient noise to the room, recognition becomes impossible. Real-life eavesdropping Everyone has their own unique way of typing. The researchers found patterns in these individual styles, which helped them analyze the sounds of keystrokes. For instance, they discovered that people tend to type common letter pairs at a consistent speed. They also found that its fairly easy to distinguish individual words, since the sounds of the spacebar and Enter key are usually distinct from other keys. During the experiments, the researchers assumed that the potential eavesdropping victim would be typing in an office with a normal level of background noise. Other than that, there were no special restrictions on the participants. They could use any keyboard and type however they wanted. The recording was done on a low-quality, built-in laptop microphone. For a successful attack, however, a potential spy needs to record a sufficiently long sequence of keystrokes — otherwise, it wont be possible to train the neural network. The recording looks something like this: Shape of the audio signal corresponding to certain keystrokes. Source Each peak in amplitude corresponds to a specific keystroke. The pause between keystrokes may vary depending on the users typing skill and the sequence of letters being typed. In this study, the neural network was trained to recognize these pauses specifically, and as it turns out, they also carry a lot of information — no less than the differences in keystroke sounds themselves! An important breakthrough in this new study was the use of the neural network to predict whole words. For example, if the neural network identifies the word goritla from the keystrokes, then we can confidently assert that the user actually typed gorilla, and there was just an error in recognition. The more letters in a word, the more accurately it can be guessed. This rule applies to up to six-letter words — beyond which the accuracy doesnt increase. A total of 20 volunteers participated in the experiment. First, they typed an already-known text, which was then correlated with the keystroke sounds and used to train the recognition algorithm. Next, the subjects typed a secret text, which the neural network tried to decipher based on the typing patterns and how well it matched real words. The accuracy varied from person to person, but on average the AI correctly guessed 43% of the text just from the keystroke sounds. Side channels all around us This is yet another example of a side-channel attack — when information is leaked indirectly. Weve written a lot about such attacks. For example, here is a method of espionage using a light sensor. Here we talked about extracting sound from video data by analyzing tiny vibrations in the image. Phone conversations can be eavesdropped on using an accelerometer – the sensor built into every smartphone. The indirect channels of information leakage are indeed many. But out of all these attacks, extracting text by analyzing keystroke sounds is the most viable in practice. When we enter a credit card number or password, we can hide the keyboard from prying eyes, but protecting yourself from eavesdropping isnt so easy. Of course, a 43% accuracy rate in guessing the text might not sound that impressive — especially considering its guessing whole words, not random characters like youd expect in a password. Still, this new research is a significant step toward making this type of attack practical. Its not quite there yet, but imagine someone in a café or on the train potentially stealing your password, credit card number, or even your private messages just by listening to you typing. Perhaps future research will bring us closer to this dangerous scenario. But even now we can outline methods of protecting against such attacks and start applying them to particularly sensitive data right away. For starters, avoid typing passwords or other secret information during conference calls — especially during public online events. For many reasons, we recommend using two-factor authentication — it protects well against various password compromise scenarios. Finally, theres a way to counteract this specific side-channel attack. Its based on the fact that you have a certain consistent pattern of typing on the keyboard. Want to make it harder for those sneaky hackers? Break the pattern: mix up your typing style. Both super-slow and super-fast typing can work wonders.

image for Transatlantic Cable ...

 News

Episode 340 of the Transatlantic Cable podcast kicks off with news that the EU is investigating Meta, Apple and Google for uncompetitive practices. Additionally, the US government has gone ahead and levelled a lawsuit against Apple, for what they see as monopoly behaviour with their hardware. To wrap up, the team   show more ...

discuss two stories, the first around China and UK government hacking concerns and how age-verification for adult sites could actually be a bad thing in the long run. If you liked what you heard, please consider subscribing. Apple, Meta and Google to be investigated by the EU US sues Apple for illegal monopoly over smartphones Beijing behind cyberattacks on UK MPs and peers, deputy PM to warn The Dangers of Age Verification

 Threat Actors

Chinese hacking contractor iSoon supported three separate cyberespionage operations on behalf of Beijing, said security researchers who analyzed a leaked data trove belonging to the firm.

 Trends, Reports, Analysis

Just 5% of businesses have a cyber expert on the board, despite stronger cybersecurity correlating with significantly higher financial performance, according to a new report by Diligent and Bitsight.

 Trends, Reports, Analysis

Phishing is a classic that never goes out of style. Threat actors used phishing links or attacks in 71% of all security incidents in 2023, according to ReliaQuest’s Annual Cyber-Threat Report released Tuesday.

 Malware and Vulnerabilities

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to researchers at Colorado State University.

 Malware and Vulnerabilities

Cybercriminals now repurpose devices like Raspberry Pi into ‘plug-and-play’ weapons for digital fraud. GEOBOX's capabilities are even more sophisticated, enabling manipulation of GPS, network simulation, Wi-Fi mimicry, and anti-fraud filter evasion.

 Incident Response, Learnings

The Portuguese National Data Protection Commission (Comissão Nacional de Proteção de Dados, or CNPD) announced on March 26 that it ordered Worldcoin to suspend its ‘orb’ device from collecting data in the country.

 Trends, Reports, Analysis

About 25% of Americans have lost money to online tax scams, according to a McAfee study. Of the people who clicked on fraudulent links from supposed tax services, 68% lost money.

 Malware and Vulnerabilities

Recently, Morphisec Labs identified a significant increase in activity linked to the Mispadu banking trojan. Initially concentrated on LATAM countries and Spanish-speaking individuals, Mispadu has broadened its scope in the latest campaign.

 Breaches and Incidents

Over the past 90 days, Unit 42 researchers identified two Chinese APT groups conducting cyberespionage activities against entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN).

 Govt., Critical Infrastructure

The Department of Health and Human Services' recently released budget proposal for fiscal 2025 includes $1.3 billion in financial help, such as grants, for hospitals to invest in cybersecurity over the next several years.

 Feed

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the   show more ...

Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.

 Feed

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within   show more ...

the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

 Feed

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

 Feed

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting   show more ...

the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

 Feed

Red Hat Security Advisory 2024-1512-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar as well as

 Feed

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with

 Feed

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions.  "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user's knowledge," Guardio

 Feed

As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (

 Feed

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to take over the companies' computing power and leak sensitive data," Oligo Security researchers Avi

 Feed

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter

 Data loss

The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable. Spost on Qilin's dark web leak site claimed the gang has stolen 550 GB of confidential data from the periodical's parent company. Read more in my article on the Hot for Security blog.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. This monthly optional cumulative update allows Windows users and admins to test OS   show more ...

improvements and fixes that will be made generally available with […] La entrada Windows 11 KB5035942 update enables Moment 5 features for everyone – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Government , Industry Specific Accountability Needed to Unleah Full Potential of AI, Says NTIA Administrator Chris Riotta (@chrisriotta) • March 27, 2024     The Biden administration says accountability is a   show more ...

prerequisite for unlocking artificial intelligence benefits. (Image: Shutterstock) The Biden administration is calling […] La entrada NTIA Pushes for Independent Audits of AI Systems – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: thehackernews.com – Author: . Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat   show more ...

actor known as Mustang Panda, which has been recently linked […] La entrada Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.tripwire.com – Author: Graham Cluley Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany’s Federal Criminal Police (known as the BKA) has announced that it has   show more ...

seized the infrastructure of Nemesis and taken down its […] La entrada Notorious Nemesis Market zapped by video game-loving German police – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The US has clearly had enough of software vendors shipping products with “unforgivable” vulnerabilities, and is now urging them to launch formal code reviews to stamp out SQL injection flaws. The Federal Bureau of Investigation (FBI) and   show more ...

Cybersecurity and Infrastructure Security Agency (CISA) issued a Secure by Design Alert […] La entrada Uncle Sam’s had it up to here with ‘unforgivable’ SQL injection flaws – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

Effectively apply threat information The document provides insights into Indicators of Compromise (IoCs) and their significance in detecting threats within networks. It emphasizes the importance of contextual information in IoCs to enhance threat detection capabilities. IoCs can encompass various attributes such as   show more ...

IP addresses, domains, URLs, email subjects, vulnerabilities, file hashes, and URL patterns. It […] La entrada Indicators of Compromise se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 27, 2024NewsroomCyber Espionage / Data Breach Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate   show more ...

sensitive information in some cases by using Slack as command-and-control (C2). “The […] La entrada Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 27, 2024NewsroomThreat Intelligence / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of   show more ...

active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is […] La entrada CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Could

Source: thehackernews.com – Author: . Mar 27, 2024NewsroomVulnerability / API Security A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users’ systems and carry out malicious actions. “This flaw could have allowed an   show more ...

attacker to exploit a private API, initially intended for marketing purposes, to […] La entrada Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 27, 2024The Hacker NewsData Protection / Browser Security As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers   show more ...

cloud-based network protection while enhancing network infrastructure performance. However, a new report: […] La entrada SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . Mar 27, 2024NewsroomVulnerability / Data Security Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to   show more ...

hijack computing power for illicit cryptocurrency mining. “This vulnerability allows attackers to take over the companies’ computing power […] La entrada Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Alert

Source: thehackernews.com – Author: . Mar 27, 2024NewsroomVulnerability / Cybercrime A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack   show more ...

chain on March 8, 2024. The message masquerades as a bank payment […] La entrada Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Wednesday, March 27
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay