Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
WooCommerce
Cyber Security E-Commerce Skimming Attacks WooCommerce

E-commerce Threat: The WooCommerce Skimming Attacks

E-commerce Threat: The WooCommerce Skimming Attacks

The cybersecurity landscape advances daily and so do threats, e-commerce websites have become a main target for threat actors. In a recent incident, an advanced skimming attack on WooCommerce sites has shed light on the new methods hackers use to steal crucial data. 

The blog discusses the details of this attack, its impact, and the steps businesses can take to protect their e-commerce websites. 

Understanding the Attack

The attack, as explained by Sucuri, uses image extensions and style tags to deploy malicious code into WooCommerce websites. The technique is subtle due to its evasive nature, making it a challenge to detect it through traditional security measures:

1. Vector as Style Tags: Hackers used malicious Javascript within style tags. Style tags are generally used to explain the presentation of HTML elements, and their presence is sometimes overlooked by security scans that focus on script tags. By hiding the skimmer code in style tags, hackers successfully bypassed many security checks.

2. Image Extension Scam: The second layer of the attacks uses an image file extension to mimic a malicious script. The hackers used a fake payment overlay inside an image file, disguising as a favicon. When users interacted with the payment page, the skimmer stole their credit card info and sent it to the hackers’ server.

Impact on the e-commerce industry

This attack brings out various problems in the present state of cybersecurity threats in the e-commerce landscape:

1. Advanced Threats: Threat actors are improving their techniques, making it crucial for security measures to evolve accordingly. Using style tags and image extensions shows a new trend in the level of skimming attacks. 

2. Identifying Problems: Traditional security tools are not advanced enough to identify such sophisticated threats. This demands a more holistic approach to cybersecurity, employing advanced threat protection measures.

3. Gaining User Trust: The success of e-commerce sites depends on gaining user trust. Breaches that steal sensitive data can have long-term effects on an organization’s image and customer loyalty.

“Ultimately, this was a very well-thought-out and detailed skimming attack. There were no obviously malicious domains loading scripts on the checkout page, the footprint within the checkout page was overall quite minimal, and the main payload (in addition to the file location being concealed with some complicated character substitution) was cleverly hidden behind the website’s favicon image,” the Sucuri blog mentions.

Read more »
User Security
Chromebook Computer virus Cyber Security Data Privacy malware User Security

Here's How to Remove Malware From Your Chromebook

 

Imagine this: your Chromebook fails just before you click "Save" after spending hours working on your project. Let's imagine you want to watch a series, but it keeps crashing, making it impossible for you to get the most out of your favourite program. If these situations sound familiar to you, malware may have infected your Chromebook. 

Malware on your Chromebook can have detrimental effects, such as compromising your financial information, forcing you to lose work productivity, and compromising personal information. It is imperative that you take quick action if you think your Chromebook is infected. 

In this article, we'll walk you through the process of identifying whether your Chromebook is infected and give you the simplest method for virus removal: a reputable antivirus software. We'll also go over key precautions you should take to protect your Chromebook from future malware threats. 

Can malware infect Chromebooks ? 

As Chromebooks become more popular, fraudsters hunt for new ways to infect them and steal sensitive information for financial gain or identity theft. And, while Google's sophisticated ecosystem actively protects its users, no system is completely immune to cyber-attacks. 

Viruses, for example, are a popular sort of malware on the internet that adds malicious code to otherwise normal downloads. They are active when you download a malicious file, and they can also download and install automatically if you click on a link. Once the virus is installed on your system, it can cause damage and prevent you from using your device or network.

The positive news is that it is nearly impossible to become infected by an actual virus on Chrome OS. Because it does not enable the installation of any executable software, it is one of the most secure operating systems available today. 

The bad news is that Chromebooks are still vulnerable to some forms of malware, such as search hijackers (search redirection), malicious browser extensions, adware, spyware, phishing schemes, and downloads from unverified websites. 

Prevention tips

Chromebooks are vulnerable to several forms of malware, even though viruses rarely affect them, as mentioned above. Google recommends the following best practices to maintain a secure Chromebook experience: 

Stay updated: Keep your Chrome OS and applications up to date. Regular updates often have critical security patches. 

Use caution with extensions and apps: Read reviews and only use reliable browser extensions and apps from the Chrome Web Store or Google Play. 

Avoid phishing scams: Exercise caution while accessing suspicious websites or emails that ask for personal information. 

Consider security software: Although Chromebooks have built-in security safeguards, adding an extra layer of protection with reputable security software can provide additional peace of mind. 

As Chromebooks gain popularity as a low-cost and efficient alternative to traditional laptops, it is critical to understand their risks, particularly those related to malware. Chrome OS, with its web-based applications and regular updates, offers strong security, but it is still vulnerable to different types of malware such as search hijackers, adware, and spyware.
Read more »
NVIDIA
Big Tech Cyber Security CyberCrime Cyberhackers CyberThreat Facebook Meta NVIDIA

Big Tech Prioritizes Security with Zuckerberg at the Helm

 


Reports indicate that some of the largest tech firms are paying millions of dollars each year to safeguard the CEOs of their companies, with some companies paying more than others depending on the industry. There has been a significant increase in the costs relating to security for top executives, including the cost of monitoring at home, personal security, bodyguards, and consulting services, according to a Fortune report.

There was a lot of emphasis placed on securing high-profile CEOs, considering the risks they could incur, according to Bill Herzog, CEO of LionHeart Security Services. Even though it has been two months since Meta cut thousands of jobs on its technical teams, its employees are still feeling the consequences. 

The Facebook core app is supported by employees in many ways, from groups to messaging, and employees who have spent weeks redistributing responsibilities left behind by their departed colleagues, according to four current and former employees who were asked to remain anonymous to speak about internal issues. 

Many remaining employees are likely adjusting to new management, learning completely new roles, and - in some cases - just trying to get their heads around what is happening. The cost of security services offered by LionHeart Security Services is $60 per hour or more, which could represent an annual budget of over $1 million for two guards working full-time. 

In terms of personal security for Mark Zuckerberg, Meta has invested $23.4 million in 2023, breaking the lead among the competitors. The amount of $9.4 million is comprised of direct security costs, while a pre-tax allowance of $14 million is reserved for additional security-related expenses that may arise in the future. 

The investment by Alphabet Inc. in 2023 will amount to about $6.8 million, while Tesla Inc. has paid $2.4 million for the security services of its CEO Elon Musk, in 2023. Additionally, other technology giants, such as NVIDIA Corporation and Apple Inc. have also invested heavily to ensure the safety of their CEOs, with the two companies spending $2.2 million and $820,309, respectively, in 2023. 

In recent years, tech companies have become more aware of the importance of security for their top executives. Due to the increasing risks associated with high-profile clients, the costs of these services have increased as a result of the increase in demand. The fact that these organizations have invested significant amounts of money into security measures over the years makes it clear that they place a high level of importance on the safety of their leaders, which is reflected in their significant investments in these measures. 

The article also highlights the potential risks that are involved in leading a major tech company in today's world, due to technological advancements. Since Zuckerberg joined Meta's platforms over a decade ago, he has faced increasing scrutiny to prove he is doing what is necessary to ensure the safety of children on its platforms. Facebook's founder, Mark Zuckerberg, apologized directly to parents who have complained their children are suffering harm due to content on Meta's platforms, including Facebook and Instagram, during a recent hearing of the Senate Judiciary Committee. 

This apology came after intense questioning from lawmakers about Meta’s efforts to protect children from harmful content, including non-consensual explicit images. Despite Meta’s investments in safety measures, the company continues to face criticism for not doing enough to prevent these harms. Zuckerberg's apology reflected both an acknowledgement of these issues and his willingness to accept responsibility for them. 

However, it also highlighted the ongoing challenges Meta faces in addressing safety concerns in the future. In a multifaceted and complex answer to the question of whether Mark Zuckerberg should step down as Meta's CEO, there are many issues to consider. It is important to point out that there are high ethical concerns and controversy surrounding his conduct that have seriously compromised the public's trust in the leadership of the country. 

Meta has been well positioned for success due to his visionary approach and deep insight into the company which has greatly contributed to the success of the organization. What is important in the end is what will benefit the company's future, that is what matters in the end. However, if Zuckerberg can demonstrate that he is in fact trying to address ethical issues, as well as make the platform more transparent, and if he can prove it well and truly, then he might do well to keep the position at Meta, despite the fears that he may lose it. 

The business may require a change in leadership if these issues persist, which will lead to the restoration of trust, which will enable the business to maintain a more sustainable and ethical outlook.
Read more »
threat report
Business Security Chinese Hackers Cyber Security Mexico threat report

Here's How Criminals Are Targeting Users and Enterprises in Mexico

 

A recent Mandiant report highlighted the increasing cyber threats that Mexico is facing, including a sophisticated blend of domestic and global cybercrime that targets both individuals and businesses. 

Mexico's economy, ranked 12th largest in the world, makes it an appealing target for both financially driven hackers and cyber criminals from countries like North Korea, China, and Russia.

Since 2020, cyber espionage groups from over ten nations have been identified attempting to breach Mexican organisations. Among these, attackers affiliated with the People's Republic of China (PRC), North Korea, and Russia have been the most active, with China accounting for one-third of government-sponsored phishing activity.

Chinese actors are focussing specifically on news, education, and government organisations in Mexico; this is consistent with similar targeting strategies observed in regions where China has made large investments. 

Since the start of the war in Ukraine, North Korean outfits have focused on financial technology and cryptocurrency firms, while Russian cyber espionage activities have fallen substantially as resources have been diverted to other areas. The use of commercial spyware in Mexico is also highlighted in the report, with politicians, human rights advocates, and journalists being among the targets.

These tools are frequently sold to governments or attackers and are used to detect and exploit vulnerabilities in consumer devices. While spyware attacks only affect a few people at a time, they have significant implications for Mexico's press freedom and political integrity. 

Mandiant's report highlights a significant increase in ransomware and extortion operations in Mexico. From January 2023 to July 2024, Mexico ranked second in Latin America in terms of data leak site (DLS) listings following ransomware attacks, trailing only Brazil. LockBit, ALPHV, and 8BASE have been the most active in Mexico, concentrating on industries including manufacturing, technology, and financial services.

Threats from financial malware distribution efforts persist in Mexico, as attackers use lures related to taxes and finance to trick unsuspecting victims into downloading malicious software. UNC4984 and other groups have been seen distributing malware to Mexican banks via spoofed Mexican government websites, including the Mexican Tax Administration Service (SAT).
Read more »
US Port Security
Chinese Cranes Cyber Security Cyberattacks CyberCrime Cyberhackers CyberThreat Policy US Port Security

US Port Security Threatened by Chinese-Made Cranes, Says House Report

 


Despite its long-standing reliance on Chinese marine cranes, the U.S. is placing a national security risk over the cranes' ability to be operated remotely through built-in modems, according to a staff report released Friday by the House Select Committee on the Chinese Communist Party. 

"Hidden" and "unauthorized" modems have been found in U.S. ports, and the committee described the discovery as troubling, as U.S. ports have not requested the modems or specifically identified in legal agreements. Several cranes used at US ports may have been fitted with intelligence-gathering equipment installed by a Chinese company that could allow Beijing to spy on Americans and cripple critical infrastructure in the United States, according to a new report released by Congress. 

As a result of the Republican majority on both the House Select Committee on the Chinese Communist Party, as well as the House Homeland Security Committee, it was found that Shanghai-based ZPMC engineering company, a state-owned company, had pressured American port authorities to allow remote access to its cranes, “particularly on the West Coast” of the United States. 

Despite this, it is also possible that this access could be extended to other government entities within the People’s Republic of China, posing an additional risk because PRC national security laws mandate cooperation with state intelligence agencies, according to the report, resulting from a year-long investigation. As for the cranes in question, they are products of the Shanghai Zhenhua Heavy Industry Co., Ltd. (ZPMC), which is a Chinese state company that operates in overseas ports and is regarded as one of the leading crane manufacturers in the world. 

It is important to note that, when raising concerns about ZPMC and similar Chinese companies, the House Republicans also made the point that it was not contractually bound to prevent backdoors from being installed in their products. ZPMC and other Chinese state-owned companies are not contractually barred from installing backdoors into equipment or modifying technology in such a way that could allow unauthorized access or remote control to equipment. 

According to the report, this would enable them to compromise sensitive data or disrupt operations within the U.S. maritime sector in the future," In a statement released on Monday, lawmakers said that Chinese governments are collecting and analyzing shipping and logistics data under their country's "Going Out" strategy, which was first outlined by Chinese Premier Jiang Zemin during the 1990s. 

That strategy encompasses the construction of new ports in the Indian Ocean, as well as major infrastructure investments in Africa, and trade and commercial initiatives across the Asian continent. In their words, Congress described the policy as marking a pivotal shift in international economic dynamics, a noteworthy development. It is reported that the American Association of Port Authorities (AAPA) confirmed to The Hill on Friday that there have been no recorded security breaches of equipment at US ports because of his association. 

There has long been concern among U.S. officials about China-made products being used in critical infrastructure and other sensitive areas. There has only been an increase in tensions between the U.S. and China over Taiwan as it has become clear that the threat of a martial conflict is now very real. In an interview at the Center for Strategic and International Studies earlier this week, Rob Silvers, who oversees the Department of Homeland Security's policy division, explained that the Biden administration has made a recommendation to invest billions of dollars into cranes to counter Beijing's impact. 

Even though the U.S. and Chinese economies remain deeply intertwined, the U.S. still holds a huge amount of Chinese debt and the U.S. still holds a lot of Chinese debt. Even though Chinese products are sold in huge quantities, economic relations between the two countries have been under intense stress since the pandemic, as the supply and value chains were shut down, contributing eventually to a wave of global inflation as a result. In recent years, the U.S. policy on investment and manufacturing has shifted more towards domestic production, including in semiconductors, which has added some tailwind to the current volatility, even though many policy shops in Washington point out that the U.S. and China have a symbiotic relationship economically.
Read more »
Threat Landscape
Business Security Cyber Security Decryptor Ransomware Attackers Threat Landscape

Ransomware Actors Refused to Provide Decryptor Even After Recieving Ransom Payment

 

For C-suite executives and security leaders, learning that your organisation has been infiltrated by network attackers, critical systems have been locked down, and data has been compromised, followed by a ransom demand, could be the worst day of their professional life. 

But, as some executives recently discovered who had contracted the Hazard ransomware, things can go far worse. The decryptor that was provided in exchange for paying the ransom to unlock the encrypted files did not function. 

Security researchers did not talk to the victim organization in this case – its executives declined to be interviewed about their experience – hence the specifics remain unknown. 

Still, researchers believe that deciding that paying the criminals was the best way out of the scenario - for concerns regarding customer and employee data privacy, to bring business operations back online, to minimise reputational damage, or simply because there were no backups (oops) - was a painful decision in and of itself. But what if you pay the extortionists and still are unable to recover the files? That's excruciating. 

"Ransomware as a whole is extremely stressful for the victim," stated Mark Lance, ransomware negotiator with GuidePoint Security. "Now in this circumstance, specifically, where they've made the payment and the decryption tools don't work," the stress levels ratcheted up several notches. 

"In this, and in a lot of situations like this one, they're relying heavily on those decryption capabilities working on certain systems so that they can recover operations," Lance added. "So the stress substantially increases because they're like, 'Hey, we made this large ransom payment amount with established terms that said if we paid we're going to get access.'” 

Following their initial failure to decrypt their files, the compromised organisation acquired a new decryptor version from the hackers; however, this was also not functioning. Following a call from a third party participating in the ransomware discussions, GuidePoint attempted to contact the perpetrators' "technical support" desk but was informed that a new version of the decryptor was required on behalf of the victim. 

Whatever the reason, the organisation was unable to access the encrypted files, and the Hazard ransomware gang vanished. Eventually, GuidePoint was able to patch the decryptor binary and then brute-force 16,777,216 potential values until some critical missing bytes in the cryptographic process were discovered, resulting in a functional tool for decrypting the files. It's a good reminder, though, that paying a ransom does not ensure data recovery.
Read more »
two-factor authentication
2FA security account protection Cyber Security Malware Threats man-in-the-middle Phishing Attacks two-factor authentication

How to Protect Your Accounts from 2FA Vulnerabilities: Avoid Common Security Pitfalls

 

Securing an account with only a username and password is insufficient because these can be easily stolen, guessed, or cracked. Therefore, two-factor authentication (2FA) is recommended for securing important accounts and has been a mandatory requirement for online banking for years.

2FA requires two distinct factors to access an account, network, or application, which can be from the following categories:
  • Knowledge: Something you know, like a password or PIN.
  • Possession: Something you have, such as a smartphone or security token like a Fido2 stick.
  • Biometrics: Something you are, including fingerprints or facial recognition.
For effective security, the two factors used in 2FA should come from different categories. If more than two factors are involved, it's referred to as multi-factor authentication. While 2FA significantly enhances security, it isn't completely foolproof. Cybercriminals have developed methods to exploit vulnerabilities in 2FA systems.

1. Man-in-the-Middle Attacks: Phishing for 2FA Codes
Despite the secure connection provided by Transport Layer Security (TLS), attackers can use various techniques to intercept the communication between the user and their account, known as "man-in-the-middle" attacks. A common approach involves phishing pages, where attackers create fake websites that resemble legitimate services to trick users into revealing their login credentials. These phishing sites can capture not only usernames and passwords but also the 2FA codes, allowing attackers to access accounts in real time. This type of attack is highly time-sensitive, as the one-time passwords used in 2FA typically expire quickly. Despite the complexity, criminals often use this method to steal money directly.

2. Man-in-the-Browser Attacks: Malware as a Middleman
A variation of man-in-the-middle attacks involves malware that integrates itself into the victim’s web browser. This malicious code waits for the user to log in to services like online banking and then manipulates transactions in the background. Although the user sees the correct transfer details in their browser, the malware has altered the transaction to divert funds elsewhere. Notable examples of such malware include Carberp, Emotet, Spyeye, and Zeus.

Prevention Tip: When authorizing transactions, always verify the transfer details, such as the amount and the recipient's IBAN, which are typically sent by banks during the 2FA process.

3. Social Engineering: Tricking Users Out of Their 2FA Codes
Attackers may already have access to usernames and passwords, possibly obtained from data breaches or through malware on the victim's device. To gain the second factor needed for access, they may resort to direct contact. For instance, they may pose as bank employees, claiming to need 2FA codes to implement a new security feature. If the victim complies, they unknowingly authorize a fraudulent transaction.

Prevention Tip: Never share your 2FA codes or authorizations with anyone, even if they claim to be from your bank or another trusted service. Legitimate service representatives will never ask for such confidential information.

Understanding these threats and remaining vigilant can significantly reduce the risks associated with 2FA vulnerabilities.
Read more »
Hackers
Cyber Security CyberCrime Cyberhackers Cyberthreats Election Security Elections Hackers

Election Sabotage via Cyberattacks Increases

 


Several predictions have pointed out that 2024 will not only be an election year but also a year of civil rights. Security has identified an increasing trend of malicious cyber activity aimed at imperilling sovereign elections around the world as one of the most important elections of all time. In an election year that is set to take place in 2024, there will be more than ever malicious cyber activity that will attempt to undermine the elections. 

The occurrence of this trend is particularly concerning during a time of unprecedented geopolitical volatility, which is characterized by 64 countries (including the European Union) holding national elections in the coming year, according to Time Magazine. The number of eligible voters in this election amounts to approximately 2 billion, which represents almost 49 per cent of the world's population. 

The results of these elections will have lasting consequences for a significant number of these voters for years to come, according to Time Magazine, which reported the results earlier this week. In terms of geopolitical relations and military conflicts around the world, the U.S. presidential election has been by far the most important contest this year. 

Expectations are that the outcome of this election could cause a profound change in the future of global conflict. This rise in tension is occurring at a time when there is a deepening political divide in the US, as well as increasing tensions abroad over Gaza, Ukraine, and other issues. 

There is no doubt that the US is not the only country that is being surveyed, so what critical threats should people pay attention to - and in what ways might they potentially harm the democratic process as a whole? The mounting evidence in favour of cyber criminals having increased their arsenal of tools to disrupt and influence elections is increasingly clear as the escalating war on democracy gains momentum. 

There is a variety of methods they use, and they are becoming increasingly sophisticated over time. As a result, in some cases, the breach of personal data is directly related to the attack at critical infrastructure and the dangers associated with protecting the infrastructure. Throughout history, cybercriminals have developed their skills at stealing and releasing private information about political figureheads, which they use to manipulate public opinion and manipulate public policy. Also, they have managed to become experts at social engineering, where they often trick people into giving up their account or system passwords or downloading and running malware through the use of e-mails and text messages that appear legitimate but are fake and malicious.

It is possible for attackers also to exploit software vulnerabilities in applications, devices, computers, or servers, and these vulnerabilities can be purchased on black markets, which has led to an increase in cybercrime. These platforms were designed to amplify the hype of sensationalist headlines, frequently encouraging users to share sensationalist headlines even when there is some doubt as to their accuracy. Despite the bombardment of misinformation, public understanding has been muddied, dangerous conspiracy theories are being cultivated, and opinions and actions are being manipulated by deception and deceit. 

In manoeuvres such as the so-called "firehose of falsehood," citizens are bombarded with innumerous falsehoods that they cannot discern right from wrong, and their faith in the government and political institutions is undermined as a result. As an example, someone can impersonate the social media profiles of candidates, which will then be used to mislead voters either about their political views or about their candidates. 

As well as deep fakes, there are other new challenges to be faced, such as doctored videos and photos designed to give the appearance of truth but convey false information. In addition to the possibility of detecting and correcting such types of disinformation, the damage may already be done in the minds of the voters if they are exposed to them. In this election season, there is a rise in misinformation campaigns designed to discourage voters from going to the polls, as well as cyberbullying and threats targeting candidates and public figures in an attempt to subdue them. 

As trolls continue to sow discord and intimidation across social media and social media platforms, they are stifling meaningful participation among other marginalised groups. It is possible for foreign actors to marginalize legitimate citizen voices and undermine the democratic process in a wide range of ways by disrupting online discussions and deploying strategic ad campaigns, bots, and troll armies. Before the start of 2024, the Canadian Centre for Cyber Security (CCCS) published a report saying there had been an increase in cyberattacks targeted at elections, similar to our findings and conclusions. 

There has been a significant increase in the proportion of global elections in which cyber enemies are targeting the ballot box from 10 per cent in 2015 to 26 per cent in 2022. This report shows that approximately 25 per cent and 35 percent, respectively, of the countries targeted by these attacks throughout this reporting period were NATO countries, and more recently, OECD countries. It is worth noting, however, that Resecurity also observed a 100 per cent increase in activity between the previous analysis period and 2023 and early 2024, in addition to the continued targeting of the United States and its allies. 

As part of this assessment, a total of 15 incidents were observed by Resecurity and reported to the appropriate authorities worldwide in the following jurisdictions: Africa, the European Union, the United Kingdom, Ecuador, Bangladesh, Indonesia, Israel, Iraq, Lebanon, Turkey, and Mexico, as well as some incidents in other regions. Threat actors are not only engaged in cyber espionage, but they are also devising operations intending to disrupt and manipulate public opinion much like those that the Cold War conducted. 

These incidents, however, remain difficult from an investigation perspective, and it is often not obvious to the public that they are occurring. During historically volatile and uncertain geopolitical periods, marked by the escalation of conflicts throughout the Middle East and Eastern Europe, election security from hostile cyber-threats has become needed to sustain the global democratic order in this era of global instability. We intend that this report will focus on malign cyber-activity that targets elections in more than 17 countries across the globe in the coming several months. 

Using disruptive cyber techniques, which threaten the very fabric of democratic processes from within is a profound and far-reaching threat whose consequences are profound and far-reaching. A cyberattack that targets a political campaign isn't just an attempt to violate personal privacy - it's a calculated effort to manipulate democratic processes and sow discord among voters by compromising their privacy. These acts of digital sabotage have profound implications for the electoral system. If left unchecked, these acts will continue to erode public trust in an electoral system that is renowned for its transparency and legitimacy, further weakening what is already a deeply divided society.
Read more »
Subscribe to: Posts (Atom)