Category: Infosec

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Posted on by esimantiras

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

source: thehackernews.com  |  image: pexels.com

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

However, further analysis of Rorschach’s source code reveals similarities to Babuk ransomware, which suffered a leak in September 2021, and LockBit 2.0. On top of that, the ransom notes sent out to the victims appear to be inspired by that of Yanluowang and DarkSide.

Continue reading “Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies”

A Sneaky Ad Scam Tore Through 11 Million Phones

Posted on by esimantiras

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

Continue reading “A Sneaky Ad Scam Tore Through 11 Million Phones”

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

Posted on by esimantiras

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

source: infosecurity-magazine.com  |  image: pixabay.com

 

IoT devices from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout’s cybersecurity research arm, Vedere Labs.

The company identified recurring themes in their recent research, highlighting the growing attack surface due to more devices being connected to enterprise networks, and how threat actors are able to leverage these devices to achieve their goals.

“IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.

The attack surface now encompasses IT, IoT and OT in almost every organization, with the addition of IoMT in healthcare. Organizations must be aware of risky devices across all categories. Forescout recommends that automated controls are implement and that companies do not rely on siloed security in the IT network, OT network or for specific types of IoT devices.

This latest research provides an update to the company’s findings from 2020 in which networking equipment, VoIP, IP cameras and programmable logic controllers (PLCs) were listed and remain among the riskiest devices across IT, IoT, OT and IoMT in 2022.

However, new entries such as hypervisors and human machine interfaces (HMIs) are representative of trends including critical vulnerabilities and increased OT connectivity.

Vedere Labs analyzed device data between January 1 and April 30 in Forescout’s Device Cloud. The anonymized data comes from Forescout customer deployments and contains information about almost 19 million devices – a number that grows daily, according to the company.

The overall risk of a device was calculated based on three factors: configuration, function and behavior.

After measuring the risk of each individual device, Vedered Labs calculated averages per device type to understand which are the riskiest.

 

TikTok Engaging in Excessive Data Collection

Posted on by esimantiras

TikTok Engaging in Excessive Data Collection

source: infosecurity-magazine.com  |  image: pexels.com

 

TikTok has been engaging in excessive data collection and connecting to mainland China-based infrastructure, Internet 2.0 has claimed in a new white paper.

The latest report, overseen by Internet 2.0’s head security engineer Thomas Perkins, is an analysis of “the source code of TikTok mobile applications Android 25.1.3 as well as IOS 25.1.1”, with Internet 2.0 carrying out static and dynamic testing between 1 July to 12 July 2022 that focused on device and user data collection.

The report identified multiple instances of unwarranted data harvesting, including:

  • Device mapping
  • Hourly monitoring of device location
  • Persistent calendar access
  • Continuous requests for access to contacts
  • Device information

Continue reading “TikTok Engaging in Excessive Data Collection”

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

Posted on by esimantiras

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

source: infosecurity-magazine.com  |  image: pexels.com

 

Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries.

In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft Defender SmartScreen.

Also known by threat researchers as Callisto Group, ColdRiver, TA446 and other monikers, Seaborgium is a “highly persistent threat actor” that focuses most of its time on the US and UK, and occasionally the countries of the Baltics, Nordics and Eastern Europe.

“Once successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion,” said Microsoft.

Continue reading “Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium”

Smishing vs. Phishing: Understanding the Differences

Posted on by esimantiras

 

Smishing vs. Phishing: Understanding the Differences

 

source: proofpoint.com  |  image: pexels.com

 
What have smishing offenders learned from their phishing email counterparts?

Email-based credential theft remains by far the most common threat we encounter in our data. But SMS-based phishing (commonly known as smishing and including SMS, MMS, RCS, and other mobile messaging types) is a fast-growing counterpart to email phishing. In December 2021, we published an article exploring the ubiquity of email-based phish kits. These toolkits make it straightforward for anyone to set up a phishing operation with little more than a laptop and a credit card. Since then, we’ve tracked their evolution as they gain new functions, including the ability to bypass multifactor authentication.

In this blog post we’re going to look at smishing vs. phishing and what smishing offenders have learned from their email counterparts, as well as some significant differences that remain between the two threats.

Setting the (crime) scene

A modern email phishing setup can be as simple as one person with a computer and access to common cloud-hosted services. But for a smishing operation, the picture is somewhat different. While software smishing kits are available to buy on the dark web, accessing and abusing mobile networks requires a little more investment.

Continue reading “Smishing vs. Phishing: Understanding the Differences”

5 Ways to Make Your Passwords Instantly More Secure

Posted on by esimantiras

 

5 Ways to Make Your Passwords Instantly More Secure

 

source: cnet.com  |  image: pexels.com

 

If you think your passwords are uncrackable, think again.

Despite years of warnings, experts say most people are still using weak passwords to protect even their most sensitive information. Many people are reusing those insecure passwords to protect multiple accounts, putting more of their data at risk should any of the accounts be compromised.

“It’s the total account takeover scenario,” said John Buzzard, lead fraud and security analyst at Javelin Strategy & Research, referring to a cybercriminal cracking one password and then using it to access other accounts. “Consumers lose control over their entire digital lives.”

World Password Day, which takes place on Thursday, is a good time to review your digital security. Sure, it’s a totally made-up celebration that Intel created in 2013. But it’s still a good reminder to take a close look at your logins and make sure they check the required security boxes.

Continue reading “5 Ways to Make Your Passwords Instantly More Secure”

Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

Posted on by esimantiras

Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

source: wired.com  |  image: nsa.gov

 

 

The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.

The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. 

“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today’s computers can’t. But it’s also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked. 

Continue reading “Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption”

Anatomy of a Phishing Scam…

Posted on by esimantiras

Anatomy of a Phishing Scam As Told Through Scamming the Scammer

 

image - phishing

source: blog.avast.com. |  image:  pixabay.com

to view all images associated with this blog post, go to Avast.com

Here’s a “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you.

Sometimes it feels like scammers are coming at you from every direction these days. They’re on the phone. They’re on SMS. They’re on social media. Sorting the real from the nonsense can feel like a full time job but, for some people, that “job” turns into fun.

That’s what happened recently when a professional woman in New York City decided to play around a little bit with her “boss,” (spoiler: not her boss) who was making odd requests via text. And while “scam the scammer” situations like this one are often hilarious, they’re also a great way to learn about the methodology that scammers use to trick people into giving them money. 

So let’s take a look at the following “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you. 

1. They set up a situation where you can’t talk to them on the phone.

“Josh” makes it clear up front that he can’t talk on the phone. Obviously there are some situations where this is legitimate — like if he was actually Josh and was actually at a conference — but “Cris,” as an employee, would likely know if her boss was out of office. The scammer is hoping that Cris doesn’t know her boss’ schedule.

Continue reading “Anatomy of a Phishing Scam…”

DoD IAPM Guide

Posted on by esimantiras

DoD Identity Awareness, Protection, and Management (IAPM) Guide

 

Click the image above to view this amazing guide & resource

 

HOW TO USE THIS GUIDE The Identity Awareness, Protection, and Management (IAPM) Guide is a comprehensive resource to help you protect your privacy and secure your identity data online. The IAPM Guide is divided into chapters detailing key privacy considerations on popular online services, mobile apps, and consumer devices available in the market today. Each section provides you with tools, recommendations, and step-by-step guides to implement settings that maximize your security. The guide is updated periodically. While some of the chapters in the IAPM Guide deal with technical issues, they do not require a technical background to follow. The U.S. Department of Defense creates this guide to provide recommendations for readers to keep their identities private and secure online. Please note the information presented here is subject to change.