Tag Archive for: websites

Cyber security audit of websites

/in


Niraj Dubey
India is one of the fastest-growing digital markets in the world with close to 881.25 million internet users. It is home to the third-largest number of Internet users in the world, after the US and China. Eyeing the huge consumer base that India presented, Internet-based services flooded in India. Around 346 million Indians are engaged in online transactions including e-commerce, and digital payments. Even the orthodoxical industries which functioned largely on manpower earlier joined the digital bandwagon in order to stay relevant in the changing times. The ballooning Indian digital market also caught the eyes of cybercriminals. And as India moves further ahead on the path to digital transformation, threats to its different economic sectors rise simultaneously. Further, a presentation by the NITI Aayog underlines the biggest victims of these data breaches as financial organizations, healthcare, universities, higher education and public sector etc. In order to meet such alarming situation and emerging cyber security challenges, security audit of respective websites is need of the hour. A cyber-security audit involves a comprehensive analysis and review of the IT infrastructure of your business. Security audits will help protect critical data, identify security loopholes, create new security policies and track the effectiveness of security strategies. Regular audits can help ensure employees stick to security practices and can catch new vulnerabilities. It is a primary method for examining compliance. It is designed to evaluate something (a company, system, product, etc.). The Indian Government and stakeholders who were exploring ways to fight off the rising threat landscape, zeroed in on regulatory norms and guidelines for all services operating in India, putting a more stringent focus on BFSI (Banking, Financial Sector & Insurance) and Government sectors. These stringent regulations forced organizations to take due cybersecurity steps to combat cyber attacks. It is estimated that the security testing services market in India would increase from USD 201 million in 2019 to USD 4.70 billion by 2024. In order to check menace of ransomware,…

Source…

FIU study: Ransomware can hide in the websites you upload files to

/in


FIU cybersecurity researchers warn websites that request access to your files might be able to bypass antivirus software and carry out major ransomware attacks.

Free photo editors, tax document assistants and other online apps that ask for permission to access your media can encrypt files and effectively take control of them, an FIU College of Engineering and Computing study shows. These attackers could then demand ransom in exchange for the files’ safe return.

The researchers say that the hack works on all three major PC operating systems: Windows, Linux and Mac OS. Some cloud services such as Apple Cloud, Box, Google Drive, OneDrive and Dropbox are also susceptible, as well as external drives.

Just two things are needed for a malicious website to conduct the attack.

  1. A person needs to say, ‘yes’ to a pop-up that asks them to share their files, such as ‘Allow this website to access your photos?’
  2. Someone must click, ‘yes,’ on a second pop-up, which is the attack. The pop-up will be disguised as a benign message, such as an advertisement or a request like, ‘May we close the rest of your tabs for you?’

Clicking ‘yes’ on these two pop-ups is all too easy, says Selcuk Uluagac, principal investigator of the research and Knight Foundation School of Computing and Information Sciences professor.

“Antivirus software systems allow these attacks because it is normal for them to give browsers access to files,” Uluagac said. “They don’t detect that anything is wrong.”

The research was conducted in collaboration with Google senior research scientist Güliz Seray Tuncay and published in the proceedings of the 32nd USENIX Security Symposium, which is a top-tier cybersecurity conference according to Google Scholar.

“Everybody knows not to download a suspicious file. Now we are finding that it can be just as dangerous to upload a file,” said Harun Oz, a Ph.D. student on the research team.

These hacks are possible due to the increasing power of web browsers, researchers say.

“Browsers have become much more powerful over time,” said Abbas Acar, a postdoctoral researcher on the…

Source…

Salt Security uncovers security flaws within ChatGPT extensions that allowed access to third-party websites and sensitive data

/in


PALO ALTO, Calif.March 13, 2024 /PRNewswire/ — Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and permissions to perform tasks on behalf of users within third-party websites. For example, committing code to GitHub repositories or retrieving data from an organization’s Google Drives. These security flaws introduce a new attack vector and could enable bad actors to:

  • Gain control of an organization’s account on third-party websites
  • Allow access to Personal Identifiable Information (PII) and other sensitive user data stored within third-party applications

ChatGPT plugins extend the model’s abilities, allowing the chatbot to interact with external services. The integration of these third-party plugins significantly enhances ChatGPT’s applicability across various domains, from software development and data management to educational and business environments. When organizations leverage such plugins, it subsequently gives ChatGPT permission to send an organization’s sensitive data to a third-party website and allow access to private external accounts. Notably, in November 2023, ChatGPT introduced a new feature, GPTs, a similar concept to plugins. GPTs are custom versions of ChatGPT that any developer can publish, and contain an option called “Action” which connects it with the outside world. GPTs pose similar security risks as plugins.

The Salt Labs team uncovered three different types of vulnerabilities within ChatGPT plugins.

The first of which was noted within ChatGPT itself when users install new plugins. During this process, ChatGPT redirects a user to the plugin website to receive a code to be approved by that individual. When ChatGPT receives the approved code from a user, it automatically installs the plugin and can interact with that plugin on behalf of the user. Salt Labs researchers discovered that an attacker could exploit this function, to deliver users instead a code approval with a new malicious plugin, enabling an attacker to install their credentials on a…

Source…

Hackers Hijack Websites to Inject Malware that Steals Credentials

/in


Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.

This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.

Web3 Crypto Malware: Angel Drainer Overview

Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.

It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.

The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.

As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.

The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.

In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.

fake browser update + crypto drainer

Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.

The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.

The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.

Injection Methods and Strategies

The injection methods used by these attackers are sophisticated and varied. They can…

Source…