Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Mining
cryptocurrency Cyber Security cyber theft Hacking Mining

North Korean Hackers Set New Record with $1.8 Billion Crypto Heist

 


Hackers associated with North Korea have taken cyber theft to a record-breaking level in 2024, stealing $1.8 billion in cryptocurrency. According to a detailed report by blockchain analytics firm Chainalysis, this highlights the growing sophistication of these attackers and the risks they pose to international security, particularly in the United States. Here's a simpler, step-by-step explanation of the issue.

In 2024, more than half of the $3 billion taken from cryptocurrency platforms globally was attributed to North Korean hackers. The figures increased sharply from last year. In 2023, there were 20 incidents that collectively totaled $660.5 million. This year, it skyrocketed to $1.8 billion through 47 incidents.

These hackers are using increasingly advanced strategies to target and steal digital currencies, showcasing their ability to exploit vulnerabilities in cryptocurrency platforms.  


How Do Hackers Launder Stolen Cryptocurrency?  

After stealing funds, the hackers use complex methods to hide the origins of the money. Some common techniques include:

1. Financial Platforms: They give the user options to make anonymous transactions, making traceability difficult

2. Crypto Mixing Services: they mix a stolen amount of money with actual money, hiding the source from which it comes 

3. Mining Services: Hackers prefer mining because this is the procedure of changing their stolen funds to untraceable forms.

With these, authorities face challenges tracking and recovering such stolen funds.


Advanced Tools and Phony Jobs

Hackers use deception and advanced tactics in targeting their victims. For example:

  • Remote Work Exploitation: They pose as IT workers and enter companies by working remotely. Recently, 14 North Korean nationals were charged by US authorities for working as fake IT staff in American companies. They allegedly stole over $88 million by manipulating their roles.  
  • Fake Job Websites: These websites appear legitimate and attract people into sharing sensitive information.

To complete this, they use specialized tools to target the cryptocurrency platforms; therefore, hackers make their operations even more efficient.


Why Does North Korea Do This?

North Korea has been under heavy sanctions from the international community, eliminating many sources of revenue. Cyber theft has become a critical way for the country to generate funds. Although stolen funds declined in 2023 to $1 billion from $1.7 billion in 2022, the sharp increase in 2024 shows that they are not letting up on cybercrime.

This is not just a matter of money; it affects global security. The stolen funds are believed to help North Korea sustain its regime and avoid financial penalties imposed by the global community. US officials and cybersecurity experts warn that these activities are a growing threat to financial systems worldwide.

To remedy this, cryptocurrency sites should enhance their security level. People must also remain vigilant against these types of scams, including false employment advertisements. International cooperation will be needed to address these cybercrimes and safeguard digital financial systems.

In summary, the scale and sophistication of North Korean hackers are on the rise, which calls for stronger defenses and global efforts to curb cyber theft. This story is a wake-up call for governments, businesses, and individuals alike.



Read more »
South Korea
cryptocurrency cryptocurrency theft cyber espionage Cyber Security IT Industry North Korea North Korea Hackers South Korea

Sanctions Imposed on North Korean Cyber Activities Supporting Nuclear Ambitions

 

South Korea has announced sanctions against 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange Corporation for orchestrating schemes that finance North Korea’s nuclear weapons and missile programs. These measures target a global network involved in IT job fraud, cryptocurrency theft, and cyberattacks. 

The sanctioned individuals are linked to the 313th General Bureau, a division of North Korea’s Ministry of Munitions Industry. This bureau oversees the production and development of weapons and ballistic missiles. According to South Korea’s Peninsula Policy Bureau, these operatives are dispatched to countries such as China, Russia, Southeast Asia, and Africa. Using fake identities, they secure positions in international IT companies, generating revenue funneled back to the regime. 

Central to this operation is the Chosun Geumjeong Economic Information Technology Exchange Corporation. This organization plays a critical role by deploying IT professionals abroad and channeling significant financial resources to North Korea’s military projects. In recent years, North Korean operatives have increasingly infiltrated Western companies by posing as IT workers. This tactic not only generates revenue for the regime but also enables cyber espionage and theft. These workers have been found installing malware, stealing sensitive company data, and misappropriating funds. Some have even attempted to infiltrate secure software development environments. 

Despite the gravity of these actions, the stigma associated with hiring fraudulent workers has led many companies to keep such breaches private, leaving the true scope of the issue largely unknown. Additionally, South Korea accuses North Korea of being a major player in global cryptocurrency theft. A 2024 United Nations report found that North Korean hackers carried out 58 cyberattacks against cryptocurrency firms between 2017 and 2023, amassing approximately $3 billion in stolen funds. North Korean nationals have also reportedly violated international sanctions by earning income through employment in various industries, including construction and hospitality. 

These activities pose significant risks to the global cybersecurity landscape and international stability. South Korea asserts that the funds generated through these operations directly support North Korea’s nuclear and missile programs, emphasizing the need for a unified international response. By imposing these sanctions, South Korea aims to disrupt North Korea’s illicit financial networks and mitigate the broader risks posed by its cyber activities. 

This marks a crucial step in the global effort to counter the threats associated with Pyongyang’s nuclear ambitions and its exploitation of cyberspace for financial gain.
Read more »
NGate
AI Attacks Cyber Security Cyberscams data security Data stealing malware fake ads Internet Security Awareness NGate

Rising Cyber Threats in Q3 2024: AI’s Dual Role in Attacks and Defense

 

The Q3 2024 Threat Report from Gen unveils a concerning rise in the sophistication of cyber threats, shedding light on how artificial intelligence (AI) is both a tool for attackers and defenders. 

As cybercriminals evolve their tactics, the line between risk and resilience becomes increasingly defined by proactive measures and advanced technology. One significant trend is the surge in social engineering tactics, where cybercriminals manipulate victims into compromising their own security. A staggering 614% increase in “Scam-Yourself Attacks” highlights this evolution. 

Often, these attacks rely on fake tutorials, such as YouTube videos promising free access to paid software. Users who follow these instructions unknowingly install malware on their devices. Another emerging strategy is the “ClickFix Scam,” where attackers pose as technical support, guiding victims to copy and execute malicious code in their systems. Fake CAPTCHA prompts and bogus software updates further trick users into granting administrative access to malicious programs. 

Data-stealing malware has also seen a significant rise, with information stealers increasing by 39%. For instance, the activity of Lumma Stealer skyrocketed by 1154%. Ransomware attacks are also on the rise, with the Magniber ransomware exploiting outdated software like Windows 7. Gen has responded by collaborating with governments to release free decryption tools, such as the Avast Mallox Ransomware Decryptor, to help victims recover their data. Mobile devices are not spared either, with a 166% growth in data-stealing malware during Q3 2024. 

The emergence of NGate spyware, which clones bank card data for unauthorized transactions, underscores the growing vulnerabilities in mobile platforms. Banking malware, including new strains like TrickMo and Octo2, has surged by 60%, further amplifying risks. Malicious SMS messages, or “smishing,” remain the most common method for delivering these attacks. According to Norton Genie telemetry, smishing accounted for 16.5% of observed attacks, followed by lottery scams at 12% and phishing emails or texts at 9.6%. 

AI plays a dual role in these developments. On one hand, it powers increasingly realistic deepfakes and persuasive phishing campaigns, making attacks harder to detect. On the other hand, AI-driven tools are vital for cybersecurity defenses, identifying threats and mitigating risks in real time. 

As cyber threats grow more complex, the Q3 2024 report underscores the urgency of staying vigilant.
Proactive measures, such as regular software updates, using advanced AI-powered defenses, and fostering awareness, are essential to mitigate risks and safeguard sensitive information. The battle against cybercrime continues, with innovation on both sides defining the future of digital security.
Read more »
VoIP Servers
Cyber Security DDOS Attacks Proxy Server Threat Landscape VoIP Servers

Understanding VoIP DDoS Attacks: Prevention and Mitigation Strategies

 


A distributed denial-of-service (DDoS) attack targets a VoIP server by overwhelming it with phony user requests. This excessive traffic can exceed the network’s capacity, causing service disruptions and making genuine user requests unprocessable. Online criminals exploit these attacks to disrupt Voice Over Internet Protocol (VoIP) network services, the backbone of modern business phone systems and customer service software. VoIP services are particularly susceptible to DDoS attacks, as even a failed attempt can significantly degrade voice call quality and reliability. 
  
Modus Operandi of VoIP DDoS Attacks 
 
DDoS attacks aim to overwhelm a network with fake traffic, resulting in service denial for legitimate users. A typical VoIP server managing hundreds of calls per hour might struggle to respond to thousands of requests per second during an attack. Key attack methods include:
  • Botnets: Hackers deploy large networks of compromised devices, such as PCs, routers, mobile phones, and IoT devices, to generate attack traffic.
  • SIP Flood Attack: The attacker sends numerous Session Initiation Protocol (SIP) call requests, crashing the victim's VoIP server.
  • SIP Reflection Attack: Hackers spoof the victim's IP address and send queries to random servers, which flood the victim’s server with responses, overloading it.
Mitigation Tips to Defend Against VoIP DDoS Attacks 
 
Adopting robust defense mechanisms can help protect VoIP systems from DDoS attacks. Key strategies include: 
  
1. Use a Reverse Proxy A reverse proxy acts as an intermediary between clients and servers, handling and filtering requests to shield the server. Benefits include:
  • Regulating inbound traffic to ensure only legitimate requests pass through.
  • Disguising the origin server's IP address to prevent direct targeting by hackers.
  • Minimizing latency by offloading tasks such as encrypting and decrypting TLS/SSL communications.
2. Real-Time Network Monitoring Real-time monitoring tools establish a baseline of regular activity to detect anomalies. These tools:
  • Identify unusual network behavior, enabling rapid responses to DDoS-induced traffic spikes.
  • Protect endpoint protocols and IP blocks from malicious requests.
  • Help prevent VoIP fraud by detecting and mitigating suspicious activities.
3. Implement Rate Limiting Rate limiting reduces the impact of malicious bot traffic by controlling the volume of requests. It works by:
  • Delaying or blocking excessive requests from a single IP or multiple sources.
  • Setting thresholds to limit the frequency of actions within a specific time frame.
  • Ensuring only legitimate traffic reaches critical resources.
Rate limiting effectively curtails attackers' ability to sustain a successful DDoS attack. 

VoIP DDoS attacks pose significant risks to modern communication systems, but proactive measures can mitigate these threats. By using reverse proxies, adopting real-time monitoring tools, and implementing rate-limiting techniques, organizations can safeguard their VoIP infrastructure against malicious traffic and ensure uninterrupted services.
Read more »
SVG attachments
cyber fraud prevention Cyber Security Cybersecurity email security Microsoft visio Phishing Attacks Ransomware threats SVG attachments

Cybercriminals Exploit Two-Step Phishing Tactics and SVG Attachments in Sophisticated Cyber Attacks

 

Layered defense strategies are a cornerstone of cybersecurity, but attackers are employing similar methods to launch sophisticated attacks. Two-step phishing (2SP) tactics are becoming increasingly prevalent, leveraging trusted platforms to deliver malicious content in layers and evade detection, according to researchers at Perception Point.

These researchers have identified a new wave of 2SP attacks weaponising Microsoft Visio (.vsdx) files. Peleg Cabra, product marketing manager at Perception Point, shared that Ariel Davidpur, a security researcher at the firm, uncovered an alarming trend: attackers are embedding malicious URLs within Visio files to bypass security systems.

Visio, widely used in workplaces for data visualization, plays into the attackers' strategy of exploiting familiarity. The files are being used in phishing emails containing urgent business-related requests. Once the recipient engages with these emails and accesses the Visio file, they encounter another embedded URL disguised as a clickable button, like “view document.”

Perception Point’s analysis highlights how attackers ask victims to hold the Ctrl key while clicking the URL, bypassing automated detection tools. This redirects users to a fake Microsoft 365 login page designed to steal credentials. Robust two-factor authentication is recommended to mitigate the risks of such attacks.

Additionally, a report by Lawrence Abrams from Bleeping Computer reveals another alarming technique: attackers are leveraging scalable vector graphics (SVG) files. These files, capable of displaying HTML and executing JavaScript, are being used to deliver phishing forms and malware. Security researcher MalwareHunterTeam demonstrated how SVG attachments could mimic an Excel spreadsheet with an embedded login form to harvest credentials.

To counter these threats, cybersecurity experts recommend treating SVG attachments with suspicion and implementing stringent email security measures.

International Fraud Awareness Week, held from November 17 to 23, 2024, aims to raise awareness of evolving cyber fraud. Muhammad Yahya Patel, lead security engineer at Check Point Software, warns that technological advancements empower both legitimate industries and cyber criminals.

Patel categorizes the major fraud types businesses should watch out for:
  • Cyber Fraud: Using phishing, malware, and ransomware to steal sensitive data.
  • Internal Fraud: Involving employee-driven actions like embezzlement and theft.
  • Invoice Fraud: Sending fake invoices to businesses for payment.
  • CEO Fraud: Impersonating executives to extract sensitive information.
  • Return Fraud: Exploiting return policies in retail for financial gain.
  • Payroll Fraud: Manipulating payroll systems to benefit employees fraudulently.
Ransomware has also evolved from untargeted attacks to highly strategic campaigns, employing reconnaissance and double-extortion tactics. As cyber threats grow more sophisticated, businesses must remain vigilant, adopt robust security practices, and foster awareness to combat evolving fraud.
Read more »
Multi-Factor Authentication (MFA)
CISA Cyber Security Cybersecurity measures FBI FIDO Hackers MFA mobile phone Multi-Factor Authentication (MFA)

CISA's Enhanced Mobile Security Recommendations Following U.S. Telecom Breach

 



The Cybersecurity and Infrastructure Security Agency (CISA) issued updated recommendations in December 2024 aimed at enhancing mobile phone cybersecurity. Following a significant hack involving major U.S. telecom companies like AT&T, Verizon, and Lumen Technologies, these guidelines focus on adopting more secure multifactor authentication (MFA) methods. 
  
Understanding MFA and Its Vulnerabilities 
 
Multifactor authentication (MFA) is a popular cybersecurity measure requiring users to provide additional verification beyond a password. Common practices include:
  • Text Message Verification: Receiving a one-time code via SMS.
  • Device-Based Approvals: Confirming login attempts on associated devices.
However, CISA has raised concerns about the vulnerability of certain MFA techniques, particularly text-based verification. Text message-based MFA, while convenient, is susceptible to interception by hackers. 

The breach highlighted flaws in text messaging systems, particularly when messages were sent between incompatible platforms like Android and iPhone. Malicious actors exploited these weaknesses to intercept authentication codes and gain unauthorized access to user accounts. While CISA continues to advocate for MFA, it strongly urges users to shift away from text-based methods. 

  
Recommendations for Safer Alternatives 

 
CISA recommends adopting authenticator apps as a more secure MFA option. These apps generate time-sensitive codes that operate independently of messaging systems, making them less prone to interception. However, they remain vulnerable to phishing attacks, where users may be tricked into revealing sensitive information. 

For users seeking the most secure MFA solution, CISA suggests transitioning to phishing-resistant methods like the FIDO (Fast Identity Online) protocol. Developed by the FIDO Alliance, this technology eliminates traditional passwords and uses:
  • Digital Passkeys: Unique codes linked to user accounts.
  • Physical USB Devices: Hardware keys that connect to computers.
The FIDO protocol also supports PINs and biometric identifiers like fingerprints and facial recognition, providing a robust defense against phishing attempts. 

CISA’s latest recommendations highlight the growing need for stronger cybersecurity measures. By moving away from text-based MFA and adopting secure alternatives like authenticator apps and the FIDO protocol, users can better protect their personal information and maintain digital security in an increasingly interconnected world.
Read more »
weekend cybersecurity
Cyber Security healthcare sector security holiday cyber threats Jeff Wichman Semperis ransomware attacks weekend cybersecurity

75% of Ransomware Attacks Target Healthcare on Holidays: Expert Insights

 


Approximately 75% of ransomware attacks on the healthcare sector over the past year occurred during weekends or holidays, highlighting the urgency for organizations to strengthen their staffing and security measures during these high-risk periods. Jeff Wichman, director of incident response at security firm Semperis, emphasized the need for proactive preparation.

"In reality, we should be staffing up because if the attackers know for a fact that on weekends we, as citizens, take time off. Organizations should be staffing up into the holiday season. Not down," Wichman stated.

However, many healthcare organizations face significant staffing constraints, making it challenging to ensure adequate coverage on weekends and holidays. "In that case, then it's working with partners," he explained. "If the firm can afford to get a security operation center, a managed service provider that can provide that coverage on weekends and holidays. Perfect. But you've got to make sure that they're staffed completely during the holiday and weekend seasons, as well."

Wichman also stressed the importance of being prepared for worst-case scenarios by conducting regular recovery drills and testing system restoration processes. "That includes practicing recovery drills, bringing back your critical assets in a timely fashion, really understanding how long does it take to bring back operations, and not from a theoretical," he said. Organizations cannot assume they can "just push a button, and the backup will restore the domain controller. There are more steps involved," he warned.

"They really need to get that real-time, objective [process] nailed down," Wichman concluded.

In an interview with Information Security Media Group, Wichman also discussed critical topics such as:

  • The importance of testing and validating backups;
  • Common identity management mistakes that lead to security vulnerabilities;
  • The potential impact of upcoming cybersecurity regulations in the healthcare industry.

With over 20 years of experience in information security, Wichman has handled a wide range of incident response investigations, from minor business email breaches to significant ransomware attacks. As an expert in digital forensics and incident response, his insights highlight the critical steps healthcare organizations must take to fortify their defenses against cyber threats.

Read more »
Data Analytics
Automation cyber resilience Cyber Security Cyber Security Tool cybersecurity best practices Cybersecurity Experts Data Analytics

Integrating Human Expertise and Technology for Robust Cybersecurity

 

In today’s complex digital landscape, the role of human expertise in cybersecurity remains indispensable. Two pivotal approaches — human-led security testing and human-centric cybersecurity (HCC) — have gained prominence, each contributing distinct strengths. However, these strategies often function in silos, creating fragmented defenses. To achieve comprehensive cyber resilience, organizations must integrate these methods with advanced technologies like automation and data analytics.

Human-led security testing leverages the intuition and expertise of cybersecurity professionals. Ethical hackers and penetration testers bring invaluable insights, uncovering vulnerabilities that automated tools may overlook. Their ability to simulate real-world attack scenarios allows organizations to anticipate and neutralize sophisticated cyber threats dynamically. This approach ensures tailored defenses capable of adapting to specific challenges.

On the other hand, human-centric cybersecurity (HCC) focuses on empowering end users by designing security measures that align with their behaviours and limitations. Traditional tools often burden users with complexity, leading to risky workarounds. HCC addresses this by creating intuitive, accessible solutions that seamlessly integrate into daily workflows. When users perceive these measures as helpful rather than obstructive, compliance improves, enhancing overall security frameworks.

Technology acts as a vital bridge between these human-driven approaches. Automation and data analytics provide scalability and efficiency, handling repetitive tasks and processing vast data volumes. Real-time threat intelligence and continuous monitoring enable organizations to identify and respond to emerging risks quickly. This technological backbone allows human experts to focus on addressing complex, strategic challenges.

Integrating these elements fosters a proactive security culture where people, not just systems, are central to defense strategies. Educating employees, conducting regular threat simulations, and promoting secure behaviors through incentives help build shared responsibility for cybersecurity. Research forecasts that by 2027, half of large enterprises will adopt HCC strategies, prioritizing security behavior and culture programs (SBCPs). These initiatives utilize simulations, automation, and analytics to encourage informed decision-making and enhance incident reporting.

A holistic cybersecurity approach blends human intuition, user-friendly processes, and technology-driven efficiency. Human-led testing uncovers evolving threats, while HCC empowers employees to respond confidently to risks. Automation and analytics amplify these efforts, providing actionable insights and driving continuous improvements. Together, these elements create a robust, forward-thinking cybersecurity environment capable of meeting the challenges of an ever-evolving digital world.

Read more »
SQL injection attack
Amazon Redshift update Amazon Redshift vulnerabilities Cyber Security data security flaws patched Redshift drivers secure database SQL injection attack

Trio of SQL Injection Vulnerabilities Found in Amazon Redshift Drivers: Update Now

Three severe SQL injection vulnerabilities have been identified in specific Amazon Redshift drivers, posing a significant risk of privilege escalation and data compromise. The vulnerabilities, labeled as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, each hold a CVSS severity score of 8.0, emphasizing the need for immediate remediation.


These flaws impact particular versions of the Amazon Redshift JDBC Driver, Python Connector, and ODBC Driver, stemming from weaknesses in handling metadata API calls. Affected versions include:

  • Amazon Redshift JDBC Driver: Version 2.1.0.31
  • Amazon Redshift Python Connector: Version 2.1.4
  • Amazon Redshift ODBC Driver: Version 2.1.5.0 (Windows and Linux)
The vulnerabilities arise from improper handling of user-supplied input when interacting with Redshift’s metadata APIs. These APIs—designed to fetch database schema, table, and column information—were exploitable through specially crafted inputs, enabling attackers to insert malicious SQL code into server queries.

Attackers exploiting these flaws could gain elevated privileges, granting unauthorized access to sensitive data with the potential to modify or delete critical information.

Amazon Redshift has acted swiftly to mitigate these risks, releasing updated versions of the affected drivers:
  • Amazon Redshift JDBC Driver: Upgrade to version 2.1.0.32
  • Amazon Redshift Python Connector: Upgrade to version 2.1.5
  • Amazon Redshift ODBC Driver: Upgrade to version 2.1.6.0
The updated drivers include essential security enhancements that ensure metadata commands are transmitted as parameterized queries. This is achieved by using functions like QUOTE_IDENT(string) or QUOTE_LITERAL(string) to sanitize user input, effectively eliminating the SQL injection threat.

For users unable to update immediately, Amazon suggests temporarily reverting to the previous safe versions:

  • Amazon Redshift JDBC Driver: Version 2.1.0.30
  • Amazon Redshift Python Connector: Version 2.1.3
  • Amazon Redshift ODBC Driver: Version 2.1.4.0 (Windows and Linux)
Amazon emphasizes the importance of upgrading to the latest versions to ensure robust security against potential exploits.
Read more »
Synology NAS
Cyber Security Remote Code Execution Security Flaws Synology NAS

Update Your Synology Devices Now to Avoid Serious Security Risks




Synology, a leading provider of network-attached storage (NAS) devices, has resolved critical security flaws in its products. The company is urging users to update their devices immediately to prevent potential cyberattacks that could exploit these vulnerabilities, allowing hackers to take control without user intervention.  


What Were the Security Flaws?  

The issues were found in Synology’s Photos for DMS and BeePhotos for BeeStation applications. These vulnerabilities, revealed at the Pwn2Own Ireland 2024 cybersecurity competition, could have enabled attackers to execute harmful commands remotely.  

Such vulnerabilities, known as “remote code execution” flaws, are particularly dangerous because they require no action from the user. Hackers could exploit these flaws to gain unauthorized access to sensitive data, deploy ransomware, or seize full control of the affected device.    

In response, Synology quickly developed and released patches to address these security gaps. By applying these updates, users can secure their devices and reduce the risk of cyberattacks. This proactive approach ensures that sensitive information stored on NAS devices remains protected.  


Why This is Crucial  

NAS devices, often connected to the internet, store critical data such as documents, photos, and financial information. Without regular updates, these devices can become easy targets for cybercriminals. Synology’s timely patches are essential in reducing the likelihood of ransomware attacks, data breaches, and other malicious activities.  


How the Flaws Were Discovered  

The vulnerabilities were identified during the Pwn2Own Ireland 2024 competition, an event organized by Trend Micro's Zero Day Initiative (ZDI). This competition rewards ethical hackers for uncovering weaknesses in digital devices, including NAS systems, cameras, and smart home equipment.  

At the event, researchers received over $1 million in total rewards, with $260,000 awarded for finding flaws in Synology products. Thanks to these discoveries, Synology was able to act quickly to safeguard its users.  


Steps Users Should Take  

To protect their devices, Synology advises all users to install the latest updates as soon as possible. Enabling automatic updates and periodically checking for new patches can further strengthen security.  

By addressing these issues promptly, Synology has demonstrated its commitment to user safety. However, it is equally important for users to remain vigilant and prioritize updating their devices to defend against cyber threats.  

Read more »
phishing
Cyber Security Email Scams FBI Gmail Outlook phishing

How to Protect Yourself from Email Scams: FBI’s Top Tips for Staying Safe

 



While phishing scams are on the rise over the holiday period, the FBI has reminded Gmail, Outlook, Apple Mail, and other services users to be more alert. More phishing schemes are becoming common as criminals use the festive season rush as an opportunity to target more people. Here is how the FBI has warned its citizens against phishing attacks:.

It has generally entailed scamming emails that request the stealing of personal information or even money. Scammers try to deceive a victim with deals they will promise; discounted products, gift cards, or exclusive offers, amongst others. These appear quite legitimate, mimicking familiar brands with realistic logos and designs. With AI tools, it is now more possible for cybercriminals to generate messages that are shiny and polished yet professional-looking, targeting the most vigilant users in their deception.

Three Things to Check in Every Email

To counter these scams, the FBI points out three important checks:  

1. Check the Sender's Email Address: Look closely at the sender's email address. Scammers often use addresses that mimic real ones but with minor changes, like replacing a letter or adding extra characters.

2. Inspect Links Before Clicking: Hover over any link in the email to see where it leads. If the URL looks suspicious or doesn’t match the claimed source, avoid clicking it.  

3. Look for Errors: Scammers sometimes make spelling or grammatical mistakes in emails and URLs. These errors can signal that an email is fake.  

Additional Safety Tips  

The FBI also advises:

  • Avoid disclosing passwords and any form of financial information to any email. No business firm will ask for this type of information through email. 
  • Don't open attachments or click on links coming from unknown senders.  
  • Set up two-factor authentication (2FA) on your accounts for extra protection.
  • Share as little personal information on social media as possible, to make it harder for fraudsters to guess your passwords.

AI In the Wake Of Scams

The more advanced AI technology makes the scammers create the most realistic phishing schemes. This way, they can use artificial intelligence to design fake emails, replicate the look of an official email, or extract confidential information from documents or images. All this puts a bigger burden on users when trying to spot scams.

What Can You Do?

Tech companies, such as Google, have been increasing their efforts to secure users. For example, the majority of phishing attempts in Gmail are blocked, and the service provides direction to help users identify scams. Google instructs users to slow down before acting on an email by verifying its claims independently and reporting anything suspicious.

This has proven true for phishing attacks, and growing sophistication is only outpaced by awareness. Take some time and understand emails before rushing to execute a 

response to urgent messages. As a result, your sensitive information is safe and can therefore have a secure online experience. 




Read more »
Proxy Service
Cyber Security DDoS DDOS Attacks Free VPN IP Address Network Security Privacy Risks Proxy Service

Free VPN Big Mama Raises Security Concerns Amid Cybercrime Links

 

Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while also enabling users to sell access to their home internet connections. This service is marketed as a residential proxy, allowing buyers to use real IP addresses for activities ranging from ad verification to scraping pricing data. However, cybersecurity experts warn of significant risks tied to this dual functionality. 

Teenagers have recently gained attention for using Big Mama VPN to cheat in the virtual reality game Gorilla Tag. By side-loading the app onto Meta’s Oculus headsets, players exploit location delays to gain an unfair advantage. While this usage might seem relatively harmless, the real issue lies in how Big Mama’s residential proxy network operates. Researchers have linked the app to cybercrime forums where it is heavily promoted for use in activities such as distributed denial-of-service (DDoS) attacks, phishing campaigns, and botnets. Cybersecurity firm Trend Micro discovered that Meta VR headsets are among the most popular devices using Big Mama VPN, alongside Samsung and Xiaomi devices. 

They also identified a vulnerability in the VPN’s system, which could have allowed proxy users to access local networks. Big Mama reportedly addressed and fixed this flaw within a week of it being flagged. However, the larger problem persists: using Big Mama exposes users to significant privacy risks. When users download the VPN, they implicitly consent to having their internet connection routed for other users. This is outlined in the app’s terms and conditions, but many users fail to fully understand the implications. Through its proxy marketplace, Big Mama sells access to tens of thousands of IP addresses worldwide, accepting payments exclusively in cryptocurrency. 

Cybersecurity researchers at firms like Orange Cyberdefense and Kela have linked this marketplace to illicit activities, with over 1,000 posts about Big Mama appearing on cybercrime forums. Big Mama’s ambiguous ownership further complicates matters. While the company is registered in Romania, it previously listed an address in Wyoming. Its representative, using the alias Alex A, claims the company does not advertise on forums and logs user activity to cooperate with law enforcement. Despite these assurances, the app has been repeatedly flagged for its potential role in cyberattacks, including an incident reported by Cisco Talos. 

Free VPNs like Big Mama often come with hidden costs, sacrificing user privacy and security for financial viability. By selling access to residential proxies, Big Mama has opened doors for cybercriminals to exploit unsuspecting users’ internet connections. This serves as a cautionary tale about the dangers of free services in the digital age. Users are advised to exercise extreme caution when downloading apps, especially from unofficial sources, and to consider the potential trade-offs involved in using free VPN services.
Read more »
ransomware prevention
Cyber Security Cyber Threats Cybersecurity cybersecurity tips extortion scams fake hacking Phishing Scams ransomware prevention

Understanding the Threat of Fake Hacking: How to Stay Protected

  •  

In the dynamic and high-stakes field of cybersecurity, the word “hacking” often evokes thoughts of complex cyberattacks and data breaches. However, a lesser-known but equally concerning issue is the emergence of “fake hacking,” where individuals or groups falsely claim to have infiltrated computer systems.

Fake hacking occurs when attackers pretend to breach a network or device without actually doing so. While these actions may not always cause long-term technical damage, they can lead to serious consequences such as extortion and reputational harm. “Fake hacking is particularly insidious because it leverages people’s fear and uncertainty about cybersecurity,” explains William Petherbridge, Manager of Systems Engineering at the cybersecurity firm Fortinet. “Attackers are essentially tricking victims into believing their systems have been compromised in order to extract money or other concessions.”

A common tool used in fake hacking is the “hacker typer,” a website that mimics the look of a system being hacked, displaying lines of code scrolling rapidly across the screen. Other deceptive tactics include emails falsely claiming ransomware infections or pop-ups warning of non-existent malware.

“The goal of the fake hacker is to create a sense of panic and urgency in order to pressure the victim into paying a ‘ransom’ or purchasing some kind of ‘protection’ service,” says Petherbridge. “And unfortunately, if the target isn’t vigilant, they can fall for these tricks quite easily.”

To differentiate between legitimate and fake hacking threats, Petherbridge highlights key warning signs:
  • Money Demands: Requests for relatively small amounts of money, often in cryptocurrency, are a strong indication of fake hacking.
  • Unchanged Systems: Genuine breaches usually involve noticeable changes, such as altered files, new accounts, or unusual network activity. If everything appears normal, the hack is likely fabricated.
  • Disorganized Communication: Fake hackers often lack the sophistication of genuine attackers, with poorly structured emails, inconsistent demands, and an absence of technical details.
To combat fake hacking, Petherbridge advises verifying any claims before taking action and consulting cybersecurity professionals, including former hackers, who can identify fabricated threats. Employee training to recognize these red flags is also crucial.

“The most important step is to never panic or rush into a decision when faced with a purported hacking incident,” Petherbridge emphasizes. “Take the time to carefully assess the situation, double-check the facts, and respond accordingly. Falling for a fake hack can be just as damaging as a real one.”

The rise of fake hacking highlights the complexity and evolving nature of cybersecurity. While these attacks lack the technical sophistication of genuine breaches, they can cause significant harm through financial loss, reputational damage, and eroded trust.

By recognizing the signs of fake hacking and implementing strong security protocols, individuals and organizations can safeguard themselves from these deceptive threats. Vigilance, education, and a calm, calculated response remain the best defenses.
Read more »
Windows Hello biometrics
BitLocker encryption Cyber Security secure cryptoprocessor TPM 2.0 security Trusted Platform Module Windows 11 compatibility Windows Hello biometrics

Understanding TPM: The Key Security Feature Powering Windows 11 Compatibility

 

When Microsoft launched Windows 11 in 2021, it introduced a strict hardware compatibility requirement, including the necessity for a Trusted Platform Module (TPM) that adheres to the TPM 2.0 standard.

A TPM is a secure cryptoprocessor designed to manage encryption keys and perform security-related tasks while minimizing vulnerability to attacks. It powers key Windows features like Secure Boot, BitLocker encryption, and Windows Hello biometric authentication. This hardware ensures secure storage for encryption keys, digital certificates, and authentication data.

Defined by the ISO/IEC 11889 international standard created over 20 years ago, the TPM architecture emphasizes "integrity protection, isolation, and confidentiality." TPMs can be embedded as discrete chips, integrated into CPUs, or even implemented virtually. Companies like Intel, AMD, and Qualcomm have included firmware-based TPMs in their processors since 2016.

Microsoft's Pluton security processor also offers TPM functionality in collaboration with AMD and Qualcomm. A recent Microsoft IT Pro Blog post described TPM 2.0 as "a non-negotiable standard for the future of Windows." This shift is evident, as most modern PCs already include TPM 2.0, especially since Microsoft mandated its inclusion in 2016.

In Windows systems, the TPM works with Secure Boot to verify that only trusted code runs during startup, blocking unauthorized changes like rootkits. It supports Windows Hello for biometric authentication and holds BitLocker keys, making it highly secure against unauthorized access.

Most PCs built after 2016 come with TPM 2.0 enabled by default. Older models, dating back to 2014, may include TPMs but often follow the now unsupported TPM 1.2 standard. Some devices may have TPMs disabled in BIOS settings, particularly if configured with Legacy BIOS instead of UEFI. You can check your TPM configuration using the System Information tool (Msinfo32.exe).

While TPM is integral to Windows, it also supports Linux systems and IoT devices. Apple uses a similar design called the Secure Enclave, which handles cryptographic operations and secures sensitive data.

For systems without TPM, users can bypass compatibility checks using unofficial tools like the open-source utility Rufus. However, Microsoft strongly advocates for TPM 2.0 to ensure a higher level of security.

For detailed TPM information, check under the Security Devices section in your PC’s Device Manager. As the tech industry moves towards more robust security standards, TPM 2.0 remains a critical component for safeguarding modern computing environments.


Read more »
Session Smart Routers
Cryptominers Cyber Security DDOS Attacks Default Passwords Juniper Networks Mirai malware router security Session Smart Routers

Juniper Networks Warns of Mirai Malware Threat to Routers with Default Passwords

 

Juniper Networks has issued a warning about a vulnerability in its Session Smart Routers, emphasizing the risk of Mirai malware infection if factory-set passwords are not changed.

Starting December 11, the company began receiving reports from customers about "suspicious behavior" on their devices. Upon investigation, Juniper identified a common factor: users had not updated the default login credentials.

A specific variant of the Mirai malware has been scanning for these routers, exploiting the unchanged passwords to infiltrate systems. Once infected, the devices were reportedly "subsequently used as a DDoS attack source" to bombard websites with excessive traffic. However, Juniper did not disclose the number of devices affected or the locations of the attacks.

According to Juniper, Mirai is capable of executing "a wide range of malicious activities" beyond DDoS attacks. Past cases have revealed its involvement in spreading cryptominers and enabling "click fraud" schemes that manipulate online advertising metrics.

To safeguard their devices, Juniper advises Session Smart Router users to implement strong, unique passwords immediately and to stay vigilant for unusual network activity. Signs to monitor include unexpected port scans, increased login attempts, and surges in outbound traffic.

"If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device," the advisory states.

Juniper also notes that Mirai commonly targets connected devices like routers and cameras, often exploiting software vulnerabilities to spread. Using default credentials further simplifies the intrusion process, making it crucial to update them
Read more »
User Privacy
Cyber Security Data Brokers Data Sale Private Data User Privacy

Here's How to Safeguard Your Data From Data Brokers

 

Privacy concerns have grown as more of our private data is being gathered online. We share intimate details with just a few clicks. The majority of people, however, are ignorant of how extensively their data is shared. 

Behind the scenes, there is a whole data broker industry that makes money off of our digital traces. Businesses or individuals known as data brokers gather and resell personal data, such as phone numbers and online surfing behaviour. In this piece, we'll look at how data brokers work and some important steps we can take to safeguard our personal data. 

Data collection 

Data brokers collect data from a variety of public and commercial sources. They can simply gather data from websites and applications without your knowledge by paying app developers to embed SDKs (software development kits) in their apps. The data broker's SDKs can then record the various rights provided to apps, such as access to contacts and location. They can even pay app owners directly for the information rather than installing the software kits. 

Another source of data include public records, such as voter registration, birth certificates, marriage licenses, census data, and divorce records. The Internet is also a valuable source of information. The Internet is also a valuable source of information. Data brokers can acquire personal information from things like social media postings or interactions, online quizzes, virtual contests, or websites browsed. 

Data usage 

Customer data is utilised in a variety of ways, including targeting online adverts based on purchase history to make them more relevant. Data brokers may tell advertisers what brands a person has purchased and when they may require more, enabling timed adverts. Customer data is also used to detect fraud, such as cross-referencing loan applications with background information obtained from data brokers. 

This allows lenders to validate facts such as income and debts mentioned. Loan and insurance businesses purchase data to view a person's debts, loans, payments, income, employment history, and assets. People search sites also rely on data brokers to display names, addresses, ages, and other information when consumers search for someone. 

Privacy tips 

Numerous reputable firms can assist you in removing your information from data broker websites. They search the internet for your information on sites such as data brokers and search engines, and then make requests to have it removed. Make sure you select the correct service provider and read through user reviews. Reliable organisations, such as DeleteMe, are supported by real testimonials; you can read DeleteMe reviews here.

You should also limit what you post online. Share only the essential information, and avoid disclosing sensitive information such as your address and phone number. You can also use VPNs and encrypted browsers. A VPN conceals your IP address and encrypts your connection, avoiding internet tracking that brokers rely on. Secure browsers disable trackers and fingerprints, ensuring that your activity is not traced to you.

Additionally, consider deleting unused and online apps. Be aware of the privacy settings on your devices, apps, and social media profiles, and make sure they are set to maximum privacy. Avoid consenting to privacy policies or terms of service without thoroughly reading them, particularly the fine print.
Read more »
iPhones
AirDrop Apple Pay Cyber Security Financial Data iPhones

Debunking the Viral TikTok Myth: Apple Pay and AirDrop Security




Recent viral TikTok videos have raised unnecessary alarm among iPhone users by claiming that hackers can steal financial information from Apple Pay via AirDrop. According to these videos, simply having AirDrop enabled would allow a nearby stranger to gain access to sensitive credit card information. However, cybersecurity experts have thoroughly debunked these claims, confirming that they are baseless and entirely unfounded.

The central rumor suggests that if AirDrop is active on an iPhone, a hacker could exploit it to perform a so-called "walk-by hack," thereby gaining unauthorized access to financial data through Apple Pay. Viewers were urged to disable AirDrop to protect themselves from this imagined threat. Despite the buzz, experts, including reports by Apple Insider, have dismissed these claims as misinformation, emphasizing that AirDrop and Apple Pay function independently and cannot interact in the manner described.

AirDrop does not facilitate automatic data transfers, as it requires the recipient to manually accept incoming files. Additionally, the "Everyone" mode is only active for 10 minutes unless reactivated, with most users defaulting to "Contacts Only" or "Off" settings. Similarly, Apple Pay uses advanced encryption and secure technology that makes such a breach impossible. Each card added to Apple Pay generates a unique Device Account Number stored securely within the Secure Element—a tamper-proof chip designed to keep sensitive data isolated from the operating system. Transactions are further protected by biometric authentication like Face ID or Touch ID, along with dynamic security codes, ensuring card details are never reused or exposed.

The confusion surrounding this claim may stem from the introduction of Apple’s **NameDrop** feature in 2023. NameDrop allows users to exchange contact details by bringing two iPhones close together, but this feature only shares basic contact information—not financial data. While this new functionality may have caused some misunderstanding, there is no connection between NameDrop, AirDrop, or Apple Pay’s secure payment system.

Although the viral claims are false, users are encouraged to follow basic smartphone security practices to safeguard their devices. For instance, turning AirDrop off when not needed can reduce exposure to unwanted file sharing. It is also important to rely on trusted sources for information regarding potential security risks instead of viral social media posts. These steps, combined with Apple Pay’s robust security infrastructure, provide comprehensive protection for users’ financial information.

This incident underscores the importance of critically evaluating viral content before sharing it. Spreading unverified rumours can lead to unnecessary panic, despite the lack of credible evidence supporting such claims. Users can rest assured that Apple Pay remains one of the safest payment methods, supported by encryption, biometric authentication, and secure design principles.

Read more »
Smishing Scam
Cyber Security cybercriminals Data Theft Financial Theft Personal Data Shopping Scam Smishing Scam

Beware of Fake Delivery Text Scams During Holiday Shopping

 

As the holiday shopping season peaks, cybercriminals are taking advantage of the increased online activity through fake delivery text scams. Disguised as urgent notifications from couriers like USPS and FedEx, these scams aim to steal personal and financial information. USPS has issued a warning about these “smishing” attacks, highlighting their growing prevalence during this busy season.

How Fake Delivery Scams Work

A recent CNET survey shows that 66% of US adults are concerned about being scammed during the holidays, with fake delivery notifications ranking as a top threat. These fraudulent messages create urgency, urging recipients to act impulsively. According to Brian Cute of the Global Cyber Alliance, this sense of urgency is key to their success.

Victims typically receive texts claiming issues with their package and are directed to click a link to resolve them. These links lead to malicious websites designed to mimic legitimate courier services, tricking users into providing private information or downloading harmful software. The spike in online shopping makes both seasoned shoppers and those unfamiliar with these tactics potential targets.

Many scam messages stem from previous data breaches. Cybercriminals use personal information leaked on the dark web to craft convincing messages. Richard Bird of Traceable AI notes that breaches involving companies like National Public Data and Change Healthcare have exposed sensitive data of millions.

Additionally, advancements in artificial intelligence allow scammers to create highly realistic fake messages, making them harder to detect. Poor grammar, typos, and generic greetings are becoming less common in these scams, adding to their effectiveness.

How to Protect Yourself

Staying vigilant is essential to avoid falling victim to these scams. Here are some key tips:

  • Be cautious of texts or emails from unknown sources, especially those with urgent requests.
  • Verify suspicious links or messages directly on the courier’s official website.
  • Check for red flags like poor grammar, typos, or unexpected requests for payment.
  • Always confirm whether you’ve signed up for tracking notifications before clicking on links.

What to Do If You Suspect a Scam

If you believe you’ve encountered a scam, take immediate action:

  • Contact your financial institution to report potential fraud and secure your accounts.
  • Report the scam to relevant authorities such as the FCC, FTC, or FBI’s Internet Crime Complaint Center.
  • Use courier-specific contacts, like spam@uspis.gov for USPS or abuse@fedex.com for FedEx.

Consider freezing your credit to prevent unauthorized access to your financial data. Monitor your bank statements regularly for unusual activity. For added security, identity theft protection services bundled with cybersecurity tools can help detect and prevent misuse of your information.

Awareness and vigilance are your best defenses against fake delivery text scams. By following these tips and staying informed, you can shop with confidence and protect yourself from falling prey to cybercriminals this holiday season.

Read more »
zero Trust architecture
Cyber Security cybersecurity for startups enterprise cybersecurity identity access management ransomware prevention SMB security tips zero Trust architecture

Cybersecurity Essentials: Key to Success for All Businesses to Navigate Security

 

The journey of building a business is an exhilarating experience, whether it’s a startup taking its first steps, a small-to-medium business (SMB) scaling new heights, or an enterprise striving for sustained growth. However, regardless of the size or stage, one challenge remains universal: cybersecurity.

Every digital interaction introduces potential vulnerabilities. With cybercrime escalating by 600% since 2020, the stakes have never been higher. Modern attackers, motivated by minimal effort and maximum gain, target organizations of all sizes. What was once solely an IT concern has evolved into a matter of business survival. The question isn’t if a business will face a cyber threat but when.

Startups: Laying Strong Foundations for Security

Starting a business involves balancing tasks like securing funding, building teams, and attracting customers. Amid these priorities, security is often overlooked. Startups are prime targets for cybercriminals due to their smaller teams and limited resources. Alarmingly, 43% of cyberattacks target small businesses, yet only 14% are adequately prepared.

Startups, however, have an advantage — their size. A smaller team can more easily establish a culture of security from the outset. Training employees in cybersecurity best practices fosters awareness and vigilance against threats.

Robust measures like Multi-Factor Authentication (MFA), encrypted data, offline backups, and regular software updates are essential. Additionally, startups without dedicated security roles should implement a basic Incident Response Plan to prepare for potential threats.

As startups expand, the question of when to hire a Chief Information Security Officer (CISO) becomes critical. A CISO can bolster trust among customers and facilitate compliance with regulations. During this stage, managing endpoints and securing identities is crucial. Unified Endpoint Management (UEM) simplifies device security, while Identity and Access Management (IAM) protects sensitive access points.

Adopting a zero-trust architecture (ZTA) is increasingly necessary in hybrid work environments. ZTA ensures secure, verified interactions, making it an ideal strategy for modern workplaces.

For established enterprises, the battle against ransomware and data breaches is constant. Over the last decade, 27% of Fortune 500 companies have faced data breaches, with devastating consequences.

To address this, enterprises must embrace proactive security strategies. Tools like Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) provide comprehensive protection by identifying anomalies and correlating data across networks. A centralized Security Operations Center (SOC) offers a holistic view of potential threats, enabling swift and effective responses.

Cybersecurity isn’t just about preventing attacks — it’s about building resilience. By adopting a proactive security posture and leveraging modern tools and practices, businesses of all sizes can protect their assets, strengthen trust, and safeguard their future.
Read more »
Zero-day Flaw
Android Spyware cyber espionage Cyber Security Israeli Firm NoviSpy Spyware Zero-day Flaw

Novel Android NoviSpy Spyware Linked to Qualcomm Zero-Day Flaws

 

Amnesty International researchers discovered an Android zero-day bug that was exploited to silently disseminate custom surveillance spyware targeting Serbian journalists. The probe has traced the technology to Cellebrite, an Israeli forensics vendor.

In a technical report published earlier this week, the human rights group outlined how Serbia's Security Information Agency (BIA) and police employed Cellebrite's forensic extraction tools and a newly uncovered spyware dubbed 'NoviSpy' to infect journalists' and activists' devices. In one instance, a journalist's phone was allegedly hacked during a police traffic check, with the Cellebrite tool facilitating the infection. 

Amnesty International warned that Serbia's legal restrictions on the use of mobile forensic tools are inadequate and that "the ability to download, in effect, an individual's entire digital life using Cellebrite UFED and similar mobile forensic tools, poses enormous human rights risks, if such tools are not subject to strict control and oversight.” 

The report details the example of journalist Slaviša Milanov, whose Xiaomi Redmi Note 10S smartphone was hacked after a police confrontation in Serbia. Forensic investigation suggested the usage of a zero-day Android exploit to overcome encryption and unlock the device, allowing NoviSpy to be installed. 

According to the group, the privilege escalation zero-day, which was patched in the Qualcomm October security update, affected Android devices with popular Qualcomm chipsets and millions of Android smartphones globally. 

In another case, Amnesty International discovered an Android smartphone belonging to an environmental activist logging a series of missed calls including invalid, seemingly random numbers that are not acceptable in Serbia.

"After these calls, [the activist said] that the battery on his device drained quickly.” The researchers inspected the device and discovered no trace of manipulation, but they warned that there is a substantial "knowledge gap" regarding zero-click assaults on Android smartphones. 

Amnesty International acknowledged Cellebrite's claim that it has strict protocols to prevent product misuse, but cautioned that this revelation "provides clear evidence of a journalist's phone being targeted without any form of due process." 

Unfortunately, Amnesty International discovered signs of the previously undisclosed NoviSpy spyware, which allows for the capture of sensitive personal data from a target's phone after infection and the ability to remotely activate the phone's microphone or camera. 

“Forensic evidence indicates that the spyware was installed while the Serbian police were in possession of Slaviša’s device, and the infection was dependent on the use of Cellebrite to unlock the device. Two forms of highly invasive technologies were used in combination to target the device of an independent journalist, leaving almost his entire digital life open to the Serbian authorities,” the human rights group stated.
Read more »
Subscribe to: Posts (Atom)