Category: Infosec

Mysterious Hack Destroyed 600,000 Internet Routers

Posted on by esimantiras

Mysterious Hack Destroyed 600,000 Internet Routers

source: wired.com  |  image: pixabay.com

 

If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

Continue reading “Mysterious Hack Destroyed 600,000 Internet Routers”

NSA Warns iPhone And Android Users To Turn It Off And On Again

Posted on by esimantiras

NSA Warns iPhone And Android Users To Turn It Off And On Again

source: Forbes.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Updated Saturday, June 1: This article has been updated to include clarifcation around the safety of using public Wi-Fi networks and additional advice from the NCSC and FCC.

Although some people might worry about the National Security Agency itself spying on their phones, the NSA has some sage advice for iPhone and android users concerned about zero-click exploits and the like: turn it off and on again once per week.

How often do you turn off your iPhone or android device? Completely turn it off and then reboot it, rather than just going into standby mode, that is. I suspect that the answer for many people is only when a security or operating system update requires it. That, according to the NSA, could be a big mistake.

Users can mitigate the threat of spear-phishing, which can lead to the installation of yet more malware and spyware, by the same simple action. However, the NSA document does warn that the turn it off and on again advice will only sometimes prevent these attacks from being successful. Continue reading “NSA Warns iPhone And Android Users To Turn It Off And On Again”

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Posted on by esimantiras

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

source: technewsworld.com | image: pexels.com

 

Brute force cracking of passwords takes longer now than in the past, but the good news is not a cause for celebration, according to the latest annual audit of password cracking times released Tuesday by Hive Systems.

Depending on the length of the password and its composition — the mix of numbers, letters, and special characters — a password can be cracked instantly or take half a dozen eons to decipher.

For example, four-, five-, or six-number-only passwords can be cracked instantly with today’s computers, while an 18-character password consisting of numbers, upper- and lower-case letters, and symbols would take 19 quintillion years to break.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms — like bcrypt — for encrypting passwords in databases. Now, that same 11-character password takes 10 hours to crack.

Continue reading “Brute Force Password Cracking Takes Longer, But Celebration May Be Premature”

Apple Sued Over AirTags Privacy: Everything to Know

Posted on by esimantiras

Apple Sued Over AirTags Privacy: Everything to Know

source: cnet.com  |  image: pexels.com

AirTags digital trackers have raised privacy concerns since the beginning. But now, a lawsuit claims Apple didn’t implement sufficient safeguards.

A class-action lawsuit against Apple alleges the tech giant didn’t sufficiently resolve privacy issues raised by its AirTag digital tracking devices, leading to unwanted stalking and abuse.

The lawsuit, which was filed last year and given court approval to proceed earlier this month, says plaintiffs suffered “substantial” injuries from people who abused Apple’s $29 Bluetooth tracker in ways the company didn’t sufficiently work to address.

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

Cybersecurity Threats in Global Satellite Internet

Posted on by esimantiras

Cybersecurity Threats in Global Satellite Internet

 

 

source: cyberdefensemagazine.com  |  image:  pixabay.com

 

Internet via satellite was first used for military purposes in the 1960s and became available for wide-scale commercial use in the 1990s. Current satellite internet systems typically use low-orbit satellites and provide data transmission at low speeds due to limited bandwidth. Starlink, on the other hand, is a project developed by Elon Musk’s SpaceX company and aims to provide a faster, more reliable and more comprehensive internet experience with low latency and high bandwidth through a high number of low orbit satellites.

The surge in satellite internet usage has opened up a new frontier for cybersecurity threats, ranging from sophisticated hacking attempts to disruptive denial-of-service attacks.

Continue reading “Cybersecurity Threats in Global Satellite Internet”

NSA shares zero-trust guidance to limit adversaries on the network

Posted on by esimantiras

NSA shares zero-trust guidance to limit adversaries on the network

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: nsa.gov

 

The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles.

A zero-trust security architecture requires strict controls for accessing resources on the network, be they inside or outside the physical perimeter, to minimize the impact of a breach.

Compared to the traditional IT security model, which presumes that everything and everyone on the network is trusted, the zero-trust design assumes that a threat already exists and does not allow free rein inside the network. 

Continue reading “NSA shares zero-trust guidance to limit adversaries on the network”

How to Be More Anonymous Online

Posted on by esimantiras

How to Be More Anonymous Online

source: wired.com. |. image: pexels.com

 

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

 

On the internet, everyone wants to know who you are. Websites are constantly asking for your email address or trying to place tracking cookies on your devices. A murky slurry of advertisers and tech firms track which websites you visit, predicting what your interests are and what you may want to buy. Search engines, browsers, and apps can log each search or scroll you make.

At this stage of the internet, being totally anonymous across your entire online life is incredibly hard to achieve. Phones, SIM cards, browsers, Wi-Fi networks, and more use identifiers that can be linked to your activity. But there are steps you can take to obscure your identity for everyday browsing.

If you’re looking to be truly anonymous or to protect your identity for a specific purpose—such as whistleblowing or activism—you should consider your threat model and individual security situation. But many of the changes you can make, which are listed below, are straightforward switches that can stop you from being tracked as much and apply to most people.

Continue reading “How to Be More Anonymous Online”

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

Posted on by esimantiras

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

 

source: infosecurity-magazine.com  |  image: pexels.com

 

Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting them to complete meaningless tasks they believe will earn them money.

Dubbed “WebWyrm” by CloudSEK, the operation has already targeted more than 100,000 individuals across over 50 countries by impersonating over 1000 companies across 10 industries. It has already potentially netted the scammers over $100m.

The scammers approach victims primarily on WhatsApp, potentially using data from recruitment portals to target their schemes to those most likely to respond.

Promising a weekly salary of $1200-1500, they request the victim to complete 2-3 “packets” or “resets” per day, with each containing 40 tasks.

Continue reading “Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers”

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

Posted on by esimantiras

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

 

source: infosecurity-magazine.com  |  image: pixabay.com

 

Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, has been leaked on a hacking forum.

The compromised data, which includes real names, login names, email addresses and internal service-related details, was initially offered for sale on the now defunct Breached hacking forum in January 2023 for $1500. 

Despite Duolingo’s confirmation to The Record that the data was sourced from publicly available profiles, the leaked email addresses are particularly alarming as they are not public information and can facilitate targeted phishing attempts.

“We’re aware of this report. These records were obtained by data scraping public profile information. We have no indication that our systems were compromised. We take data privacy and security seriously and are continuing to investigate this matter to determine if any further action is needed to protect our learners,” a spokesperson from the company confirmed to Infosecurity in an email. 

Continue reading “Data of 2.6 Million Duolingo Users Leaked on Hacking Forum”