Tag Archive for: today

Boost Your Online Security: Here’s Why You Should Install an Ad Blocker Today : Tech : Tech Times

/in


By Quincy Jon, Tech Times

New research reveals ad blockers’ unexpected importance in malicious software prevention. 

Recent findings show how spyware makers employ banner advertisements for government surveillance. Innovators in ad-based spyware distribution include European firm Intellexa, which created Predator. 

Documents showing Intellexa’s 2022 Aladdin proof-of-concept system was received by Haaretz. The papers indicate that Aladdin used internet job advertising to install phone spyware on graphic designers and campaigners, according to a TechCrunch report.

Malvertising: How Does It Work?

Aladdin’s growth and clients are unknown, but Insanet, an Israeli company, has created an ad-based infection system that can identify persons in advertising networks.

Ad exchanges are crucial to websites’ income, but unscrupulous actors use them to spread destructive malware to consumers’ devices. Malvertising, which uses user input to execute its payload, threatens online security and privacy.

Government surveillance can target dissenters with surreptitious spyware due to pervasive web advertising. Ad blockers prevent web browser advertising from loading, protecting against malvertising and ad-based malware.

In Feburary, FBI Director Christopher Wray has stressed the agency’s attention on Chinese attempts to enter computer networks with harmful malware, increasing fears about disrupting crucial US infrastructure, per the Financial Times.

After the Munich Security Conference, Wray worried about malware “pre-positioning” after the dismantling of the Volt Typhoon, a Chinese hacking network that targeted American infrastructure like the electricity grid and water supply and other global targets.

Read Also: Security Engineer Faces 3-Year Prison Sentence After $12 Million Crypto Heist

“We’re laser-focused on this as a real threat and working with a lot of partners to identify, anticipate, and disrupt it,” Wray said, emphasizing the need for caution.

Volt Typhoon is a notable instance, but Wray warned that it is simply one of several Chinese…

Source…

Cyber Security Today, Feb. 16, 2024 – US takes down Russian botnet of routers

/in


U.S. takes down Russian botnet of routers.

Welcome to Cyber Security Today. It’s Friday, February 16th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

American authorities have neutralized a botnet of hundreds of compromised small and home office routers that Russia’s military cyber unit used for attacks. This threat actor is called different names by cybersecurity researchers such as APT28, Fancy Bear and Forrest Blizzard. The compromised devices were Ubiquiti Edge routers whose owners didn’t change the default administrator passwords. The Justice Department said it got court permission to command the malware controlling the devices to delete stolen and malicious files on the routers. Remote management access was also disabled to give the router owners time to mitigate the compromise and reassert full control. However, if owners and administrators don’t change the default password on their Ubiquiti Edge routers they’ll be open to compromise even after a factory reset of the devices. That, of course, is true for any internet-connected device.

This was the second time in two months the U.S. has disrupted state-sponsored hackers launching cyber attacks from compromised American routers.

Also on Thursday the U.S. offered a US$10 million reward for information leading to the identification or location of leaders of the AlphV/BlackCat ransomware operation. Up to US$5 million is also available for information leading to the arrest or conviction of anyone participating in a ransomware attack using this variant. In December the U.S. and several countries said they are going after this gang. As part of that operation a decryptor for this strain of ransomware was released for victims to use. This week the AlphV gang listed Canada’s Trans-Northern Pipleline as one of its victims. The company said the attack happened last November.

ESET has issued patches for several of its server, business and consumer security products for Windows. These include ESET File Security for Microsoft Azure, ESET Security for SharePoint Server, Mail Security for IBM Domino and for Exchange Server and consumer products such…

Source…

Cyber Security Today, Jan. 10, 2024 – Vulnerabilities found in internet-connected factory torque wrenches

/in


Vulnerabilities found in internet-connected factory torque wrenches.

Welcome to Cyber Security Today. It’s Wednesday January 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Anything that connects to an IT network can have software vulnerabilities. The latest example: WiFi connected pneumatic torque wrenches used by car manufacturers. According to researchers at Nozomi Networks, the vulnerabilities they found in a Bosch Rexroth wrench could let a hacker plant ransomware that would spread across a network. Or the holes could let an attacker alter a wrench’s tightening controls and affect the safety of products. A manufacturer using compromised devices could be extorted by a hacker, and sued by customers. The vulnerabilities are in the device’s Linux-based operating system. The wrench connects to a wireless network so it can be remotely programmed. The lesson: Makers of any internet-connected device have to continuously scrutinize their code for vulnerabilities.

Microsoft SQL database servers in the U.S., Europe and Latin America are being targeted by a threat actor. According to researchers at Securonix, the gang either sells access to compromised servers or plugs them with a strain of ransomware called Mimic. This particular gang has been ramming their way into servers through brute force attacks, which are preventable. Then they leverage a command to create a Windows shell, a command that is supposed to be disabled by default. Among the lessons from this attack: Don’t expose critical servers to the internet — and if you have to, protect them with security like a virtual private network. And IT should always be watching for the creation of new local users on servers and other endpoints.

An American judge has sentenced a Nigerian man to 10 years and one month in prison and ordered him to pay almost US$1.5 million in restitution for conspiring to launder money pulled from internet fraud schemes. The 33-year-old man worked directly with the Nigeria-based leader of an international criminal organization to defraud individuals and businesses across the U.S. He was convicted last August by a…

Source…

Cyber Security Today, Dec. 27, 2023 – A record year for ransomware

/in


A record year for ransomware.

Welcome to Cyber Security Today. It’s Wednesday, December 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 

 

The year isn’t quite over but it’s clear that 2023 hit a record for ransomware attacks. Researchers at NCC Group say that as of the end of November the total number of attacks around the world hit 4,276 — slightly more than twice as many as last year. And December’s numbers haven’t been added.

More year-end numbers to consider: More than 26,000 vulnerabilities were discovered this year, according to researchers at Qualys. However, less one per cent of them were high risk — about 7,000. And of them, only 206 had weaponized code available. These are the ones information security professionals have to pay attention to, because they are the most likely to be exploited. By the way, of those 206 vulnerabilities, just over 32 per cent were involved network infrastructure or web applications. High-risk holes need to be patched or mitigated fast. According to the research, the mean time to exploit vulnerabilities this year was 44 days. However, many times threat actors were able to create an exploit the same day a vulnerability was publicized.

Speaking of the need for fast patching of critical applications, here’s something to ponder: On a podcast earlier this month I reported that a vulnerability in JetBrains’ TeamCity application development platform was being exploited by a Russian-based group. According to a new report from ReversingLabs, a patch for that hole was released in September. But by this month only two per cent of TeamCity administrators had installed it.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Source…