Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IP Address. Show all posts
Proxy Service
Cyber Security DDoS DDOS Attacks Free VPN IP Address Network Security Privacy Risks Proxy Service

Free VPN Big Mama Raises Security Concerns Amid Cybercrime Links

 

Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while also enabling users to sell access to their home internet connections. This service is marketed as a residential proxy, allowing buyers to use real IP addresses for activities ranging from ad verification to scraping pricing data. However, cybersecurity experts warn of significant risks tied to this dual functionality. 

Teenagers have recently gained attention for using Big Mama VPN to cheat in the virtual reality game Gorilla Tag. By side-loading the app onto Meta’s Oculus headsets, players exploit location delays to gain an unfair advantage. While this usage might seem relatively harmless, the real issue lies in how Big Mama’s residential proxy network operates. Researchers have linked the app to cybercrime forums where it is heavily promoted for use in activities such as distributed denial-of-service (DDoS) attacks, phishing campaigns, and botnets. Cybersecurity firm Trend Micro discovered that Meta VR headsets are among the most popular devices using Big Mama VPN, alongside Samsung and Xiaomi devices. 

They also identified a vulnerability in the VPN’s system, which could have allowed proxy users to access local networks. Big Mama reportedly addressed and fixed this flaw within a week of it being flagged. However, the larger problem persists: using Big Mama exposes users to significant privacy risks. When users download the VPN, they implicitly consent to having their internet connection routed for other users. This is outlined in the app’s terms and conditions, but many users fail to fully understand the implications. Through its proxy marketplace, Big Mama sells access to tens of thousands of IP addresses worldwide, accepting payments exclusively in cryptocurrency. 

Cybersecurity researchers at firms like Orange Cyberdefense and Kela have linked this marketplace to illicit activities, with over 1,000 posts about Big Mama appearing on cybercrime forums. Big Mama’s ambiguous ownership further complicates matters. While the company is registered in Romania, it previously listed an address in Wyoming. Its representative, using the alias Alex A, claims the company does not advertise on forums and logs user activity to cooperate with law enforcement. Despite these assurances, the app has been repeatedly flagged for its potential role in cyberattacks, including an incident reported by Cisco Talos. 

Free VPNs like Big Mama often come with hidden costs, sacrificing user privacy and security for financial viability. By selling access to residential proxies, Big Mama has opened doors for cybercriminals to exploit unsuspecting users’ internet connections. This serves as a cautionary tale about the dangers of free services in the digital age. Users are advised to exercise extreme caution when downloading apps, especially from unofficial sources, and to consider the potential trade-offs involved in using free VPN services.
Read more »
servers
Browsing Cybersecurity encrypted VPN server Internet Speed IP Address Privacy server security servers

VPN Server Switching: Benefits and Best Practices for Privacy and Speed

 

A VPN enhances online privacy by encrypting internet traffic and masking IP addresses. However, how often should you switch servers? The answer depends on your goals and usage patterns, as server hopping offers benefits but is not always necessary.

How VPN Servers Work

A VPN server acts as an intermediary between your device and the internet, creating an encrypted tunnel for your data. This ensures that your online activity remains private and your information is protected from hackers, ISPs, and other snoopers. The VPN server assigns a new IP address to mask your location and identity.

When to Switch VPN Servers

Switching servers can sometimes boost privacy in specific situations, such as for users facing surveillance or censorship. For most users, however, keeping the VPN connected to a single server is sufficient to maintain privacy. Regularly switching servers can disrupt your browsing experience without significantly enhancing security.

1. Bypassing Geographic Restrictions

One of the primary reasons for server switching is to bypass geographic restrictions. Many streaming platforms and websites restrict content based on location, but connecting to a server in a different country can help access otherwise unavailable material. This is particularly useful for travelers or those in regions with heavy internet censorship.

2. Specialized Servers for Specific Tasks

Some VPNs offer specialized servers for tasks like streaming, torrenting, or gaming. While these servers are optimized for specific activities, switching back to a general server after completing the task can provide a better overall experience for everyday browsing.

3. Improving Connection Speed and Stability

Server performance can vary based on factors like server load and proximity to your physical location. If a server is overcrowded or located far away, switching to a closer or less busy one can improve connection speed and stability. This is especially helpful for users seeking faster downloads or uninterrupted streaming.

4. Saving Money While Shopping

Server hopping can also help save money when shopping online. Many websites adjust prices based on the user’s location. By connecting to servers in different regions, you may find lower prices on flights, hotels, or products. Experimenting with various locations can help uncover better deals.

5. Resolving Access Issues

Access issues can arise when certain VPN IP addresses are flagged or blacklisted due to misuse by other users. In such cases, switching to a different server can resolve the problem. Some VPNs also offer dedicated IP addresses for an additional fee, reducing the risk of being blocked.

When Not to Switch Servers

Despite these advantages, most users don’t need to switch servers frequently. A consistent connection to a single server already provides privacy and security benefits. Unless you’re trying to bypass geo-restrictions, troubleshoot access issues, or improve connection speed, sticking to one server is generally sufficient.

Conclusion

Ultimately, server hopping is a useful feature for those with specific needs but isn’t essential for everyday VPN use. By understanding how and when to switch servers, you can make the most of your VPN experience while maintaining privacy and performance.

Read more »
Windows PC
Cyber Vulnerabilities CyberCrime Cybersecurity IP Address Kaspersky malware STeelFox Windows Windows PC

Windows PCs at Risk as SteelFox Malware Targets Driver Vulnerabilities

 


Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of infected endpoints. Cybercriminals have obtained fake cracks and activators for several commercial software products, such as Foxit PDF Editor, JetBrains, or AutoCAD, which they are selling to users. 

There is a vulnerability in a driver called WinRing0.sys that is associated with some fake cracks. The victim of this attack has reintroduced the CVE-2020-14979 and the CVE-2021-41285 vulnerabilities back onto the system by adding this driver at the same time, two three-year-old vulnerabilities that extended the privileges of the attacker to the maximum possible. 

SteelFox is a malware package that has been designed to mine cryptocurrency and steal credit card details via SYSTEM privileges by taking advantage of the "bring your own vulnerable driver" attack method. In forums and torrent trackers, malware bundle droppers appear as crack tools. These tools act as crack tools that activate legitimate versions of various software, such as Foxit PDF Editor, JetBrains, and AutoCAD. 

To evade detection and evade detection, state-sponsored threat actors and ransomware groups are known to exploit vulnerable drivers to escalate privileges. As of late, however, this method seems to be extended to attack against information-stealing malware as well. According to Kaspersky researchers, the SteelFox campaign was discovered in August of this year, but they add that the malware has been active since February 2023 and has been distributed through various channels (such as torrents, blogs and forum posts) in the past few weeks. 

The Rhadamanthys data theft malware has been available for download for some time, but since July 2024 the virus' version has been updated with copyright-related themes in an ongoing phishing campaign. There is a large-scale cybercrime campaign being tracked by the checkpoint group under the name CopyRightAdamantys. In addition to targeting the U.S., Europe, East Asia, and South America, the organization targets other regions as well. 

The campaign tries to impersonate dozens of companies, while each email is sent from a different Gmail account, providing a tailored impersonation of the target company as well as a tailored language based on the targeted entity, according to a technical analysis provided by the company. In the case of impersonated companies, there is almost 70% of them from the entertainment/media/technology/software sector." 

There is an element that stands out about the attacks: the deployment of the Rhadamanthys stealer version 0.7, which, as described by Insikt Group, Recorded Future's security division, early last month, is utilized to carry out optical character recognition. Cisco Talos, an Israeli company that specializes in cyber security, disclosed last week that it had been targeting users of Facebook business and advertising accounts in Taiwan by delivering malware known as Lumma or Rhadamanthys, which is designed to steal information.

There are three components inside the RAR archive. A legitimate executable vulnerable to DLL side-loading, a malicious DLL containing the stealer payload, and a decoy document containing the stealer payload. After the binary has been executed, it will sideload the DLL file that will create the environment that will allow Rhadamanthys to be deployed. It is likely that the threat actors were using artificial intelligence tools to spread the malware, based on both the scale of the campaign and the variety of lures that were included in the campaign and the emails sent by the sender, which Check Point attributed to a possible cybercrime group. 

It seems likely that this campaign was orchestrated by a financially motivated cybercrime group and not a nation-state actor, particularly given the large number of organizations across multiple regions targeted in this campaign," he continued. In addition to its global reach, the use of automated phishing tactics, and the use of a variety of lures, this campaign demonstrates how attackers continue to enhance their success rates." 

As part of these findings, Kaspersky also revealed a full-featured crimeware bundle dubbed SteelFox, which has been spreading via forums posts, torrent trackers, and blogs, passing itself off as legitimate utilities like Foxit PDF Editor, JetBrains, and AutoCAD in order to steal personal information. In the last two years, the campaign of terrorism has claimed victims in nearly 50 countries. The majority of the victims were in Brazil, China, Russia, Mexico, the United Arab Emirates, Egypt, Algeria, Vietnam, India, and Sri Lanka, with many more in Brazil, China, Russia, and Mexico. 

At this point in time, there is no known threat actor or group associated with this attack. A security researcher, Kirill Korchemny, said: "Delivered via sophisticated execution chains, notably shellcode, this type of malware abuses both Windows services and drivers in an attempt to accomplish its objectives." As a result of it, he said that he used stealer malware to obtain details about the victim's device as well as his credit card information. 

A dropper program is the starting point of this setup, in the sense that it mimics cracked versions of popular software, so when it is run, the dropper application will request administrator permissions and drop a next-stage loader which, in turn, will establish persistence and launch the SteelFox module. It is Kaspersky's opinion that although SteelFox's C2 domain is hardcoded, it has managed to conceal its presence through the use of multiple IP addresses and using DNS over HTTPS to resolve its IP addresses in order to hide its presence. Although SteelFox attacks don't have specific targets, they seem to focus on users of AutoCAD, JetBrains, and Foxit's Adobe PDF Editor app. 

In accordance with Kaspersky's visibility information, Kaspersky indicates that the malware is compromising systems in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka among others. Researchers have identified a new and potent cyber threat: the SteelFox malware, a sophisticated crimeware bundle targeting Windows PCs through vulnerable drivers. This malware, still relatively new to the landscape, demonstrates advanced functionality and appears to be the product of a skilled C++ developer who has integrated multiple external libraries to enhance its capabilities. 

In a related development, analysts from FortiGuard Labs have reported the discovery of another malicious software framework named Winos4.0. This advanced framework, embedded in game-related applications, is engineered specifically to target Windows users. Originating as an evolved version of the Gh0strat malware, Winos4.0 enables attackers to remotely execute various actions, providing them with substantial control over compromised systems. The infection process for Winos4.0 is particularly deceptive. 

It spreads through game-related applications, such as installation utilities and performance enhancement tools, designed to appeal to gamers and other Windows users. Once an individual downloads and installs one of these compromised applications, a seemingly harmless BMP file is retrieved from a remote server. This file subsequently extracts and activates the Winos4.0 DLL file, initiating the malware’s operations. 

In its initial phase, Winos4.0 sets up an environment for deploying further modules and establishes persistence on the infected machine by modifying system registry keys or creating scheduled tasks. Through this multi-stage infection process, Winos4.0 builds a durable foothold on affected devices, opening avenues for continuous exploitation and control.
Read more »
phishing
DDOS Attack Hackers IP Address Personal Data phishing

Shocking Ways Hackers Can Exploit Your IP Address – You’re Not as Safe as You Think




Your IP address may look like a long number row, but to a hacker, it can be an instrument of evil activity. While your exposure to an IP doesn't pose an immediate danger per se, it is thus important to understand what a hacker can do with it. Let's break down how cybercriminals can exploit an IP and how you can keep it safe.

Determining Your Broad Area of Location

The very first thing a hacker will easily know once he has obtained your IP address is your general area of location. He can find out your city or region using even simple online tools such as IP tracking websites. Of course, he won't pinpoint the street number but can already pinpoint your general area or location which may trigger other related hacking attempts such as phishing attacks. Hackers would use your address and ISP to dupe you through social engineering.

IP Spoofing: Identity Mimicry Online

The hacker can manipulate the IP addresses and make it seem like the actions they are performing are coming from your device. In this method, which is known as IP spoofing, hackers perpetrate various illegal activities while concealing identities. Many people employ IP spoofing in DDoS attacks whereby hackers inject tremendous amounts of traffic into a network to actually shut it down. Using your IP address during this attack may keep them undetected while they wreck the damage.

Selling Your IP Address

One seems minute, but hackers sell bundles of thousands of IP addresses in bulk across the dark web, and those addresses can be used in large-scale social engineering projects that lead to data theft. Used with other personal data, your IP address can be a wonderful commodity in some hacker's arsenal, allowing them to crack into almost any online account.

Scanning for Further Information

Using this method, and with the use of such tools as Nmap, hackers can not only obtain your IP but also uncover which OS your machine is running, applications that are installed, and open ports. If vulnerabilities exist in your system, they can launch specific attacks on those particular weaknesses, which will then allow them to get into your network, and even control your devices.

A DDoS attack

Although it is seldom that DDoS attacks any user, hackers can use your IP to attack you using DDoS, which will turn your device into a traffic flooder and take it offline. Such attacks are usually employed in larger organisations, although those engaging in activities such as online gaming and other competitive activities are also at risk. For instance, some players have used DDoS attacks to cut off their opponents' internet.

How to Hide Your IP Address

The likelihood that someone actually targeted you may be low, but this is equally as important to adhere to these safety precaution guidelines. With a virtual private network or a proxy server, your public IP address remains hidden, which makes it extremely hard for hackers to find and take advantage of it. It can also protect your devices by updating them as regularly as possible and using firewalls.

It is important to note that knowing an IP address doesn't give hackers total control over your system. However, it can be part of a scheme that encourages them to come closer to extracting more personal information or conducting attacks. However, usually there's little chance that someone would go out of his way to harm you using just your IP address; still, you can never be too safe. Securing the network and masking the IP simply reduces these risks from IP-based attacks.

Care needs to be taken, and preventative measures need to be in place so that nobody would use those malpractices against you.


Read more »
Spam
Doxing Email address IP Address Privacy Sensitive data Spam

Doxing: Is Your Personal Information at Risk?


 

Doxing is the online slang for "dropping documents," which means revealing private information about a person or his identity to the public without his permission. It may be as simple as a person's name, e-mail, or phone number, but it can also include confidential data like financial information, home addresses, and even personal photos. Typically, hackers or cybercrooks do this with the aim of causing harm to that person, either through identity theft, fraud, or embarrassment.

The methods are varied, from hackers involving social media platforms or public databases in obtaining personal information to others using phishing techniques to get sensitive information from unsuspecting individuals. Once out of a computer within, it is no longer within one's control, and the impacts may be dire, touching on every point in an individual's life.


Impact of Doxing on Victims

With private information made public, victims of such situations can easily become victimised with harassment, identity theft, and other kinds of exploitative activities. In many cases, it just feels like a privacy violation; this can evoke feelings of vulnerability and betrayal. Even if the individual responsible is unknown to the victim, they may feel as if they are always in danger.

The extent of damage would also depend on the type of information that is leaked. For instance, if one accesses financial information, then the victims would lose their money when financially victimised to fraud and theft. It is in sensitive photos or private details where reputations get adversely tainted, relationships get harmed in society, or even employment loss. Sensitive data like online search histories can, in extreme cases, lead to even worse consequences: public humiliation.


Why You Shouldn't Leak Your Email Address

You might think that nothing substantial can be generated from your email address, but believe me, it has a fair amount of valuable information attached to it. I mean, sure, you share it with your friends, family, or maybe some business that's running loyalty programs or will mail you receipts. But would you like everyone in the world to have access to it? I didn't think so. Once you send out your email, cyber thieves have an open opportunity to flood your inbox with spam, phishing attempts, or risky malware disguised as legitimate messages. In case you click on any of these links and accidentally let a cyber thief steal your device, it may be compromised.

Beyond spam, hackers can use your email to forge accounts in your name, damaging your reputation online. How dangerous the simple act of gaining access and maliciously using your email address is becomes clear when considering that even the smallest piece of personal information can be dangerous.


Examples of Real Doxing Impact in Life

The outcomes of doxing, at least in some well-publicised instances, can be catastrophic. For Claira Janover, a satirical video that she shot actually found its way onto the internet and led to death threats, including even publicising her home address. She was forced to change her address. Even Deloitte-the firm that had already hired her-now rescinded their job offer, given some online activity that was associated with her professional profile.

The same instance comes in the form of the 2013 Boston Marathon bombing investigation. Here, internet communities like Reddit and 4Chan branded innocent people with incorrect accusations. The anguish of misidentified families had to be bearable while their loved ones' names streamed online as wrongly linked to the attack. These prove that doxing does not only hack privacy but could also have life-altering results.


How to protect yourself from Doxing

Being doxed is inevitable for everyone, but there are many things you can do to avoid falling victim. The number one and perhaps most relevant is practising good cyber safety: lock up the doors, so to speak. Keep your social media accounts private and be very selective of who follows or is connected to you online. Regularly check on your privacy settings and ensure that no one can access sensitive information about you in public media.

This can be enhanced by masking your IP address with a VPN (Virtual Private Network) while making a separate email account for communication, shopping, and all the professional work you do online. Clicking on any suspicious link at any time can harm you: never do it, not even if it looks legit.

Doxing is a serious form of cybercrime, which has deep and far-reaching effects on a victim's personal and professional life. The important thing for an individual to know is that being aware of the danger and taking proactive steps to protect your information is enough to lower the bar for such an attack. Digital privacy protection is the need of today.


Read more »
third party
Cyber Security Cyber Threats Risk Digital Infrastructure DNS DOH Domain Name System domains IP Address third party

Understanding the Domain Name System (DNS): How It Works and Why It Matters


The Domain Name System (DNS) serves as a critical element of the internet’s infrastructure, acting like a phone book that translates human-friendly domain names into the numerical IP addresses that computers use to communicate. Without DNS, accessing websites would be far more complicated, requiring users to remember lengthy strings of numbers instead of simple names like “google.com.” When you enter a website URL into your browser, the DNS process begins. This request, known as a “DNS query,” first goes to a DNS resolver—typically provided by your Internet Service Provider (ISP) or a third-party DNS service like Google Public DNS or Cloudflare. 

The resolver acts as an intermediary, starting the process to find the corresponding IP address of the domain name you’ve entered. The DNS resolver contacts one of the 13 root servers that make up the top level of the DNS hierarchy. These servers don’t hold the IP address themselves but provide information about which “Top-Level Domain” (TLD) server to query next. The TLD server is specific to the domain extension you’ve entered (e.g., “.com,” “.net,” “.org”) and points the resolver to the authoritative name server responsible for the particular website. The authoritative name server then provides the IP address back to the resolver, which, in turn, sends it to your browser. 

The browser then connects to the web server using this IP address, loading the website you want to visit. This process, though complex, happens in milliseconds. Security is a vital aspect of DNS because it is a frequent target for cyberattacks. One common threat is DNS spoofing, where attackers redirect traffic to fraudulent websites to steal data or spread malware. DNS hijacking is another risk, where hackers manipulate DNS records to divert users to malicious sites. These threats emphasize the importance of DNS security protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT), which encrypt DNS requests to prevent interception by malicious entities, thus protecting users’ data and privacy. 

Switching to a third-party DNS service can enhance your internet experience in terms of speed, reliability, and security. Services like Google Public DNS, OpenDNS, or Cloudflare’s 1.1.1.1 offer faster query response times, better privacy protection, and can help circumvent geographical restrictions imposed by ISPs. These alternatives often provide built-in security features, such as blocking malicious sites, to offer an extra layer of protection. 

DNS is the backbone of internet browsing, seamlessly converting domain names into IP addresses. By understanding its role and the importance of security measures, users can better appreciate how DNS keeps the internet functional and secure. Whether ensuring that websites load correctly or protecting against cyber threats, DNS plays an indispensable role in our everyday online activities.
Read more »
SOHO
Chinese Botnet Cyber Attacks CyberCrime Cybersecurity CyberThreat IP Address IP Camera Raptor Train SOHO

Massive Chinese Botnet Infects SOHO Routers and IP Cameras

 


Raptor Train, the name of the botnet that has been used by hackers for decades, has infected hundreds of thousands of small offices/home offices (SOHOs) and IoT devices in the United States and Taiwan, including government agencies, higher education institutions, and telecommunications, as well as the defence industrial base (DIB). 

The botnet contains hundreds of thousands of small office/home office devices. It was announced today by the Justice Department that a court-authorized law enforcement operation was conducted to disrupt a botnet of more than 200,000 consumer devices across the U.S. and beyond. Several court documents unveiled in the Western District of Pennsylvania reveal that the botnet devices were infected by state-sponsored hackers from the People's Republic of China (PRC) who worked for Integrity Technology Group, a Beijing-based company called "Flax Typhoon" and dubbed "Flax Typhoon" by the private sector. 

As Raptor Train has grown over the past four years, it has become a highly complex, multi-tiered network able to handle tens of servers, as well as a huge number of infected SOHO and consumer devices, including routers, modems, NVRs, and DVRs, IP cameras, and NAS servers with enterprise-level control systems. 

According to Black Lotus Labs, a research division of Lumen Technologies that specializes in hacking activities, the botnet was constructed by the Chinese cyberespionage team Flax Typhoon, a team with a reputation for hacking Taiwanese organizations heavily. With very little malware, Flax Typhoon maintains stealthy persistence by abusing legitimate software tools and avoiding the use of attack tools such as W32.Flax. 

Black Lotus Labs has gathered information about the APT that has been building the new IoT botnet which, at the height of its activity in June of 2023, contained more than 60,000 active compromised devices, found to contain threats.  During the past four years, Black Lotus Labs reports that it has affected more than 200,000 routers, network-attached storage (NAS) servers, and IP cameras, in addition to the security software that protects these devices. Since its formation, the botnet has continued to grow. 

As of this writing, hundreds of thousands of devices have been infected as a result of this network. A paper published by Black Lotus Labs notes that nodes affiliated with this botnet have reportedly been seen attempting to exploit Atlassian Confluence servers as well as Ivanti Connect Secure appliances in an attempt to take advantage of this threat.  

The Raptor Train was announced in May 2020 and appears to have skipped under the radar until recently when some researchers at Black Lotus Labs, a threat research and operations arm of Lumen Technologies, stumbled upon it while looking into compromised routers as part of their investigation. There has been some evidence that the Nosedive botnet is used to launch DDoS attacks using a variant of the Mirai malware called Nosedive that was developed specifically for attacks against distributed denial-of-service (DDoS) systems. 

According to the researchers today, Raptor Train has three tiers of activity, each of which is responsible for running specific types of tasks, such as sending out tasks, administrating servers that exploit the payload or server that manages payloads, and controlling the system. 

It was noted by Microsoft Threat Intelligence in an August 24, 2023 blog post that while Microsoft does not have complete visibility into Flax Typhoon's activity, the group's relatively limited use of malware and reliance on tools built into target operating systems, along with benign software, has reduced the risk of detection for the group.  

According to U.S. officials, this strategy, which is also known as "living off the land", is among the key features of what U.S. officials have called an aggressive and intense cyber campaign sponsored by the Chinese. Additionally, to more typical forms of espionage and intellectual property theft, officials say similar Chinese operations are increasingly burrowing their way into sensitive U.S. critical infrastructure networks for reasons other than their potential security value.  

As it stands, the U.S. alleges that the Chinese are more likely preparing for a military confrontation with the United States if they are threatened with disruption to key U.S., Taiwanese, and other targets - civilian and government - if a military confrontation occurs. The top U.S. intelligence and cybersecurity officials have warned of the activity occurring under the Volt Typhoon since the beginning of 2023.  In a phone call that the White House conducted, one of the administration officials noted that Flax Typhoon was a private-sector organization working on behalf of Beijing, whereas Volt Typhoon was a government organization. 

According to Lisa Monaco, deputy attorney general of the U.S. Department of Justice, that agency's traditional prosecution programs, along with the initiative to prioritize disruption, have been brought together in a new way. A lot of indicators that have been collected during the investigation have led Black Lotus Labs to conclude that the operators of Raptor Train are likely state-sponsored Chinese hackers linked with the Flax Typhoon group, based on the indicators that were found during the investigation. 

Many factors support this theory, including not only the fact that the targets are aligned with Chinese interests, but also the codebase language and infrastructure, as well as the fact that different tactics, techniques, and procedures overlap. According to the researchers, Tier 3 management node connections to Tier 2 systems over SSH occurred almost exclusively during Chinese workweek hours, when the researchers observed the country's normal working hours. 

As well as that, the codebase includes Chinese descriptions and comments describing the functions, menus, comments, and reference references in the codebase itself. Raptor Train, however sophisticated it may be, is still a very dangerous botnet that can be prevented from spreading the infection by users and network defenders. 

A network administrator may need to pay attention to large outbound data transfers, even if the destination IP address is within the same region as the source IP address. To ensure that routers stay up-to-date, it is recommended that consumers restart their routers regularly and install the latest updates. The company should also replace systems that are no longer supported and are no longer receiving updates (end-of-life systems) with new ones.
Read more »
IP Address
Cyber exposes Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Flightaware IP Address

Major Data Breach at FlightAware Exposes Pilots and Users' Information

 


A popular flight tracking website accidentally exposed names, addresses, aircraft owned, pilot status, and tracked flights, as well as user data. There was a surprise in the inbox of many users of FlightAware, a popular flight tracking application, on August 17, when the company sent a notice to its customers as a result of a "data security incident" that occurred. 

The email has been sent by Matt Davis, FlightAware's general manager, warning its recipients that a vast number of their details may have been exposed as a result of the internal incident and that they will need to reset their passwords when they log on again. There is a possibility that the incident may have had a detrimental effect on thousands of Australians. 

According to Davis, on the 25th of July, 2024, it was discovered that there was an error with the configuration of users' FlightAware accounts that may have caused users' data to be exposed inadvertently. User ID, login password, and email address may have been exposed inadvertently. If the user provides any additional information about themselves, it may include such information as their full name, billing address, shipping address, IP address, social media accounts, telephone number, date of birth, the last four digits of their credit card number, and their account activity, depending on the information they provide. 

The company will also include information regarding ownership and industry of aircraft, title and registration of aircraft, pilot status (yes/no), and their account activity in its report. As an addition to Davis' comments, the State Police have also stated that the configuration error has been corrected and that the notification was not delayed as a result of an investigation by the police, as had been initially stated. Neither FlightAware nor any of its representatives have said that a malicious actor accessed the data, nor have they revealed the precise period over which the data was exposed. 

To the best of our knowledge, no threat actor has claimed to have accessed any of the FlightAware data at this time. The FlightAware website claims that the application is employed by over 10,000 aircraft operators and providers of aviation services across the world, as well as more than 13,000,000 passengers, to supply them with flight tracking services, predictive analytics, and decision-making tools around the world. The sister publication of Australian Aviation, Cyber Daily, has contacted FlightAware in order to find out more information.
Read more »
Subscribe to: Posts (Atom)