Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Norton. Show all posts
PayPal
API Cyber Crime DocuSign phishing scams Norton PayPal

Fake Invoices Spread Through DocuSign’s API in New Scam

 



Cyber thieves are making use of DocuSign's Envelopes API to send fake invoices in good faith, complete with names that are giveaways of well-known brands such as Norton and PayPal. Because these messages are sent from a verified domain - namely DocuSign's - they go past traditional email security methods and therefore sneak through undetected as malicious messages.

How It Works

DocuSign is an electronic signing service that the user often provides for sending, signing, and managing documents in a digital manner. Using the envelopes API within its eSignature system, document requests can be sent out, signed, and tracked entirely automatically. Conversely, attackers discovered how to take advantage of this API, where accounts set up for free by paying customers on DocuSign are available to them, giving them access to the templates and the branding feature. They now can create fake-looking invoices that are almost indistinguishable from official ones coming from established companies.

These scammers use the "Envelopes: create" function to send an enormous number of fake bills to a huge list of recipients. In most cases, the charges in the bill are very realistic and therefore appear more legitimate. In order to get a proper signature, attackers command the user to "sign" the documents. The attackers then use the signed document to ask for payment. In some other instances, attackers will forward the "signed" documents directly to the finance department to complete the scam.


Mass Abuse of the DocuSign Platform

According to the security research firm Wallarm, this type of abuse has been ongoing for some time. The company noted that this mass exploitation is exposed by DocuSign customers on online forums as users have marked complaints about constant spamming and phishing emails from the DocuSign domain. "I'm suddenly receiving multiple phishing emails per week from docusign.net, and there doesn't seem to be an obvious way to report it," complained one user.

All of these complaints imply that such abuse occurs on a really huge scale, which makes the attacker's spread of false invoices very probably done with some kind of automation tools and not done by hand.

Wallarm already has raised the attention of the abuse at DocuSign, but it is not clear what actions or steps, if any, are being taken by DocuSign in order to resolve this issue.


Challenges in Safeguarding APIs Against Abuse

Such widespread abuse of the DocuSign Envelopes API depicts how openness in access can really compromise the security of API endpoints. Although the DocuSign service is provided for verified businesses to utilise it, the attack teams will buy valid accounts and utilize these functions offered by the API for malicious purposes. It does not even resemble the case of the DocuSign company because several other companies have had the same abuses of their APIs as well. For instance, hackers used APIs to search millions of phone numbers associated with Authy accounts to validate them, scraping information about millions of Dell customers, matching millions of Trello accounts with emails, and much more.

The case of DocuSign does show how abuses of a platform justify stronger protections for digital services that enable access to sensitive tools. Because these API-based attacks have become so widespread, firms like DocuSign may be forced to consider further steps they are taking in being more watchful and tightening the locks on the misuses of their products with regards to paid accounts in which users have full access to the tools at their disposal.


Read more »
VPN
Antivirus Cyber Security Digital Privacy NordVPN Norton VPN

Are VPNs Undertaking To Oversee All Digital Security?

 




In the past decade, the services of Virtual Private Networks (VPNs) have drastically transformed. Once solely focused on providing secure internet connections, VPN companies are now expanding their offerings into comprehensive privacy and security suites. This shift reflects a growing trend towards convenience and a desire for centralised solutions in the realm of digital privacy.

All-in-One Security Suites

Traditionally, users selected separate software for various privacy needs, such as antivirus, email encryption, and cloud storage. However, VPN providers like ProtonVPN, NordVPN, and PureVPN are now consolidating these services into all-encompassing suites. For instance, Proton's suite includes Proton Drive, Calendar, Pass, and SimpleLogin, with recent acquisitions like Standard Notes further broadening its set of attributes.

The Appeal of Comprehensive Solutions

The allure of all-in-one suites lies in their simplicity and integration. For users seeking convenience, having a unified ecosystem of software provides a seamless experience across devices. Moreover, opting for a suite from a trusted VPN provider ensures a semblance of stability in data protection, reducing the need to entrust personal information to multiple companies.

Suite or Standalone?

While broad-gauged suites offer convenience, there are trade-offs to consider. For instance, bundled antivirus software may not match the quality of standalone solutions from established brands like Norton or Kaspersky. However, for casual users primarily interested in accessing geo-restricted content, the added privacy benefits of a suite may outweigh any performance drawbacks.

Do People Want Security Suites?

The increasing prevalence of all-in-one security suites suggests a demand among consumers for integrated privacy solutions. VPN providers, driven by market demand and profitability, continue to build up their course of offerings to cater to diverse user needs. The success of multi-billion dollar enterprises like NordVPN pinpoints the viability of this business model.


As VPN companies diversify and find their centre in becoming a go-to destination for online security, consumers are urged to trace their steps with caution and conduct thorough research before subscribing to a security suite. While the convenience of a cohesive ecosystem is undeniable, it's essential to prioritise individual needs and preferences. By making informed decisions, users can maximise the benefits of all-in-one security suites while minimising potential drawbacks.

Conclusion 

The transformation of VPNs into all-in-one security suites reflects a broader trend towards integrated privacy solutions. While these suites offer utility and unified protection, users should carefully evaluate their options to reach a choice that agrees with their privacy priorities. Then, if you decide to shake hands with a cohesive suite, you might just have all your security concerns moored to the other side, which pronounces a safe and sound experience. As technology continues to take breadth, staying educated and proactive remains the crucial step in establishing a secure digital presence. 


Read more »
Norton
antivirus software device protection malware McAfree Norton

Does Antivirus Detect and Remove All Malware?

Antivirus software has become an essential tool in safeguarding our system online and offline. However, the question often arises in our heads is whether these software programs provide us complete protection against all types of malware and viruses or not. 

It is worth investigating if antivirus software works 100% of the time and if it is capable of removing all malicious software from your devices or not. 

Antivirus software, also known as anti-malware software, is a computer program that is designed to prevent, detect, and eliminate malware from the system with the emergence of other types of cybersecurity threats such as worms, trojans, spyware, and adware, antivirus software has evolved to offer protection against a wide range of computer threats. 

Additionally, some antivirus software also provides features that guard against malicious URLs, spam, and phishing attempts to provide more comprehensive protection. Since we know cybercrimes do not have limits, there are thousands of hackers around the world looking to exploit victims, be it for their data or money, or both. 

Antivirus software scans your device regularly for potential threats in your devices and identifies potential threats coming from incoming files and apps such as malware and viruses. Either you can choose to conduct manual scans or have the program run scans automatically. 

The software uses a database of known dangerous code, files, and other content to better identify potential threats and keep your device safe. When an antivirus program identifies a malicious file or program, it isolates it to prevent further harm to the device. The program then checks the file or program for potential risks and removes it from the device if it is deemed harmful. 

However, how effective is this process; is it 100% risk-free? 

According to the data, no antivirus software can provide 100% protection in detecting, isolating, and removing all harmful files. Even top providers like Norton and McAfee may not be able to detect new malware that is not yet on their database. 

As we discussed, antivirus programs use a database of known malicious files and code to identify and delete them from your devices. However, if a kind of malware comes along that is not logged on the antivirus database, it will fail to work. 

Also, some malware and viruses are designed to avoid detection by antivirus programs, for instance, stealth viruses, which use code modification and encryption to bypass standard scans. These types of viruses may require more advanced software to be detected and deleted. 

However, not updating your antivirus programs will increase the chances of malware going undetected and leaving vulnerabilities for cyber actors to compromise. 

Nevertheless, Norton and McAfee have 99% success rates in protecting your system. Antivirus programs also offer additional security features like VPNs, firewalls, and, password managers.
Read more »
Subscribe to: Posts (Atom)