Tag Archive for: expert

I’m a cyber-security expert – this is how I live to avoid getting hacked

/in


Jake Moore could hack into your WhatsApp account in just a few clicks. He isn’t a scammer, but he knows how they operate. He has been a cybercrime expert for 13 years and, as the former Police Head of Digital Forensics, he has seen most of the tricks. These days though, the tricks are becoming increasingly advanced.

According to data from the accounting firm BDO, the amount of online fraud committed in the UK more than doubled in 2023, costing £2.3 billion. UK Finance reported that romance scams and ID theft are among the fastest-growing categories with a total of 1.4m cases recorded.

William Wragg, a senior Conservative MP, recently fell victim to a targeted online scam. He admitted to handing over the personal phone numbers of colleagues, after being blackmailed by someone on the dating app Grindr.

Moore advises companies on how to avoid these sorts of ever-changing security risks. It starts with simple, daily habits. “I find it interesting that the more I talk to people about basic cybersecurity, the more I realise that people either don’t know about it, or they just put it off,” says Moore. “It’s like doing your insurance. It is a bit boring.”

But by putting off these easy, everyday steps, phone users are at increasing risk of alarmingly complex scams, from fake calls by AI voice software to webcam hacking. The secret to safety is consistency: “It’s all about that balance between security and convenience.”

Here, Moore shares what he does regularly to make sure his personal life is safe from fraud, and online blackmail.

I never send texts

Moore would never send an SMS text; not even an iMessage. These are too vulnerable to hacking, as they can be intercepted by third-party software. “WhatsApp offers end-to-end encryption, which is an absolute must. It means that the communication cannot be intercepted by anyone, even Meta, which owns WhatsApp,” he says.

Read Next

I tried the Danish art of doing nothing and realised how much of life passes me by

If a hacker can type into your texts, they can steal personal information needed to commit fraud.

“Going one step further. You can use platforms such as Signal. Everyone that I speak to in cybersecurity will use Signal for messaging as it is extremely privacy-focused,” says Moore. Both…

Source…

What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure

/in


Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.

The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.

Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, and possibly much longer.

Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.

In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.

Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.

Why Volt Typhoon matters

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.

FBI Director…

Source…

Why Hacker Tactics Are Shifting To Cookie Theft: Expert

/in


As more organizations adopt multifactor authentication, theft of browser cookies is becoming a go-to method for attackers to bypass the security measure, says Sophos Global Field CTO Chester Wisniewski.


As more organizations adopt multifactor authentication (MFA), the theft of web browser cookies is turning into a go-to method for attackers seeking to subvert the security measure, according to a top security researcher.

To combat the massive risk posed by stolen or compromised passwords, MFA—which requires a second form of authentication beyond username and password—has long been considered harder to defeat than password-only logins and is an essential part of cyberdefense.

[Related: 10 Major Cyberattacks And Data Breaches In 2023]

Organizations have gotten the message, and MFA is now increasingly commonplace even among small and midsize businesses. But because browser cookies are sometimes configured to allow logging in without triggering an MFA challenge, theft of the web session data is proving to be an ideal workaround for attackers, said Sophos Global Field CTO Chester Wisniewski.

“More and more small businesses are adopting good security practices, like multifactor [authentication],” Wisniewski told CRN. “But if I can get onto one computer and steal those cookies, I don’t need to worry about multifactor anymore. I can just bypass the authentication entirely.”

Ultimately, “the cookie is the universal key that unlocks everything,” he said.

The growth of this tactic among threat actors is underscored by findings from the recently released 2024 Sophos Threat Report, including the discovery that nearly all attacks tracked in the report—90 percent—included the use of infostealer malware. The percentage of attacks involving infostealers had not been tracked in previous years since it was seen as a significantly smaller concern, Wisniewski said.

And while the tools can be used to steal passwords, attackers are frequently using the malware to obtain browser cookies, he said. “I think…

Source…

I’m a tech expert still in shock at these ways hackers steal your password

/in


Join Fox News for access to this content

Plus special access to select articles and other premium content with your account – free of charge.

Please enter a valid email address.

You’ve probably heard it a million times, right? Keep your passwords strong, unique and under wraps. Don’t go clicking on shady links, and change your passwords like you change your socks. Oh, and let’s not forget about tucking them away in a cozy, encrypted password manager. The advice list is never-ending.

But here’s a kicker. What if you tick all those boxes and your password still ends up in the wrong hands? I know it sounds like we’re going overboard, but it’s a legitimate worry. How can you keep yourself safe from all the password-stealing scams out there and the damage that can potentially come with that?

The truth is, you can never keep yourself 100% safe from anything. But you can try your best. It starts by taking a step back and understanding the ways that your password, emails and usernames could be potentially compromised.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

passwords 1

Illustration of locking up your devices (Kurt “CyberGuy” Knutsson)

The many ways hackers try to steal your password

Theoretically, there are many ways that hackers can go about stealing your password and other login information, especially when it comes to tricking you into giving it to them. But, all the methods go back to the basics. Here are some of the methods hackers employ to steal passwords from innocent people like you and me.

Password spraying: This isn’t always successful, but attackers may attempt to log in to your accounts by trying random common passwords and seeing if anything hits.

Credential stuffing: Hackers test databases or lists of stolen credentials against multiple accounts to see if there’s a match. If you use the same password across different sites,…

Source…