Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Security. Show all posts
Threat Intelligence
Online Security Quantum Computers Security Breach Technology Threat Intelligence

Quantum Computers Threaten to Breach Online Security in Minutes

 

A perfect quantum computer could decrypt RSA-2048, our current strongest encryption, in 10 seconds. Quantum computing employs the principle of quantum physics to process information using quantum bits (qubits) rather than standard computer bits. Qubits can represent both states at the same time, unlike traditional computers, which employ bits that are either 0 or 1. This capacity makes quantum computers extremely effective in solving complicated problems, particularly in cryptography, artificial intelligence, and materials research. 

While this computational leap opens up incredible opportunities across businesses, it also raises serious security concerns. When quantum computers achieve their full capacity, they will be able to break through standard encryption methods used to safeguard our most sensitive data. While the timescale for commercial availability of fully working quantum computers is still uncertain, projections vary widely.

The Boston Consulting Group predicts a significant quantum advantage between 2030 and 2040, although Gartner believes that developments in quantum computing could begin to undermine present encryption approaches as early as 2029, with complete vulnerability by 2034. Regardless of the precise timetable, the conclusion is unanimous: the era of quantum computing is quickly approaching. 

Building quantum resilience 

To address this impending threat, organisations must: 

  • Adopt new cryptographic algorithms that are resistant against impending quantum attacks, such as post-quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) recently published its first set of PQC algorithm standards (FIPS 203, FIPS 204, and FIPS 205) to assist organisations in safeguarding their data from quantum attacks. 
  • Upgrades will be required across the infrastructure. Develop crypto agility to adapt to new cryptographic methods without requiring massive system overhauls as threats continue to evolve. 

This requires four essential steps: 

Discover and assess: Map out where your organisation utilises cryptography and evaluate the quantum threats to its assets. Identify the crown jewels and potential business consequences. 

Strategise: Determine the current cryptography inventory, asset lives against quantum threat timelines, quantum risk levels for essential business assets, and create an extensive PQC migration path. 

Modernise: Implement quantum-resilient algorithms while remaining consistent with overall company strategy.

Enhance: Maintain crypto agility by providing regular updates, asset assessments, modular procedures, continual education, and compliance monitoring. 

The urgency to act 

In the past, cryptographic migrations often took more than ten years to finish. Quantum-resistant encryption early adopters have noticed wide-ranging effects, such as interoperability issues, infrastructure rewrites, and other upgrading challenges, which have resulted in multi-year modernisation program delays. 

The lengthy implementation period makes getting started immediately crucial, even though the shift to PQC may be a practical challenge given its extensive and dispersed distribution throughout the digital infrastructure. Prioritising crypto agility will help organisations safeguard critical details before quantum threats materialise.
Read more »
Payment Scams
AI Scams Cyber Fraud deepfake scams Financial Fraud Identity Theft Online Safety Online Security Payment Scams

Protect Yourself from AI Scams and Deepfake Fraud

 

In today’s tech-driven world, scams have become increasingly sophisticated, fueled by advancements in artificial intelligence (AI) and deepfake technology. Falling victim to these scams can result in severe financial, social, and emotional consequences. Over the past year alone, cybercrime victims have reported average losses of $30,700 per incident. 

As the holiday season approaches, millennials and Gen Z shoppers are particularly vulnerable to scams, including deepfake celebrity endorsements. Research shows that one in five Americans has unknowingly purchased a product promoted through deepfake content, with the number rising to one in three among individuals aged 18-34. 

Sharif Abuadbba, a deepfake expert at CSIRO’s Data61 team, explains how scammers leverage AI to create realistic imitations of influencers. “Deepfakes can manipulate voices, expressions, and even gestures, making it incredibly convincing. Social media platforms amplify the impact as viewers share fake content widely,” Abuadbba states. 

Cybercriminals often target individuals as entry points to larger networks, exploiting relationships with family, friends, or employers. Identity theft can also harm professional reputations and financial credibility. To counter these threats, experts suggest practical steps to protect yourself and your loved ones. Scammers are increasingly impersonating loved ones through texts, calls, or video to request money. 

With AI voice cloning making such impersonations more believable, a pre-agreed safe word can serve as a verification tool. Jamie Rossato, CSIRO’s Chief Information Security Officer, advises, “Never transfer funds unless the person uses your special safe word.” If you receive suspicious calls, particularly from someone claiming to be a bank or official institution, verify their identity. 

Lauren Ferro, a cybersecurity expert, recommends calling the organization directly using its official number. “It’s better to be cautious upfront than to deal with stolen money or reputational damage later,” Ferro adds. Identity theft is the most reported cybercrime, making MFA essential. This adds an extra layer of protection by requiring both a password and a one-time verification code. Experts suggest using app-based authenticators like Microsoft Authenticator for enhanced security. 

Real-time alerts from your banking app can help detect unauthorized transactions. While banks monitor unusual activities, personal notifications allow you to respond immediately to potential scams. The personal information and media you share online can be exploited to create deepfakes. Liming Zhu, a research director at CSIRO, emphasizes the need for caution, particularly with content involving children. 

Awareness remains the most effective defense against scams. Staying informed about emerging threats and adopting proactive security measures can significantly reduce your risk of falling victim to cybercrime. As technology continues to evolve, safeguarding your digital presence is more important than ever. By adopting these expert tips, you can navigate the online world with greater confidence and security.
Read more »
VPN providers
Cyber Security encrypted VPN server free VPNs internet privacy Online Security paid VPNs privacy protection VPN providers

Understanding the Limitations of VPNs and Privacy Protection

 

VPNs, or Virtual Private Networks, are now a ubiquitous part of our digital lives. From being featured in editorials and advertisements to appearing in TV commercials, on billboards, and even within influencer marketing campaigns, VPNs are everywhere. They promise to protect your privacy by hiding your browsing activity and keeping your internet traffic anonymous. 

The claim that VPNs ensure your online privacy by masking your browsing history is an alluring promise, but the truth is more complicated. Many people use VPNs hoping to shield themselves from internet service providers selling their browsing data, government surveillance, or tech companies collecting information about them. However, while VPNs aim to solve these privacy concerns, they can also expose users to new risks.

Originally, VPNs were designed to allow employees to connect to their corporate networks remotely. However, in recent years, VPNs have gained popularity for more personal uses, such as hiding your online activity and tricking streaming services into thinking you're accessing content from a different country. VPNs have also been used by activists and dissidents to circumvent censorship in restrictive environments.

The way VPNs work is fairly simple: They route your internet traffic through a secure tunnel to a remote server, making it more difficult for anyone to monitor which websites you visit or what apps you're using. This setup helps protect your browsing activity from your internet service provider, which is why many people believe VPNs offer true anonymity.

But there’s a catch: VPNs don’t inherently protect your privacy. While they may divert your traffic away from your internet provider, they direct it to the VPN provider instead. That means the VPN provider has the same access to your data as your ISP. This raises a critical question: Why trust a VPN to protect your privacy when they have access to your data, potentially even more than your ISP does?

The Dark Side of Free VPNs

One of the biggest privacy risks with VPNs comes from free VPN services. These providers often claim to offer privacy protection at no cost, but in reality, their business model involves monetizing your data. Free VPN providers typically sell your browsing information to advertisers and third parties, who then use it to target you with ads. This completely undermines the concept of privacy.

Even paid VPN services aren’t immune to these issues. While they may not sell your data for ads, they still route all your traffic through their own servers, which means your data could be exposed to potential risks. Moreover, some of the biggest tech companies offering VPN services profit from advertising, which could create a conflict of interest when it comes to protecting your data.

Many VPN providers claim that they don’t keep logs or track your online activity. This sounds reassuring, but it's hard to verify. Even if a VPN provider promises not to store your data, there’s no way to be certain without independent verification. Some VPN services have been caught lying about their logging practices, and there have been incidents where large amounts of user data were exposed through data breaches. In some cases, VPN providers were forced to hand over user information to law enforcement, proving that their “no logs” policies were not reliable. 

While not all VPN providers are unscrupulous, the real issue lies in the fact that you have no way of knowing what’s happening with your data once it’s out of your hands. If you want to truly safeguard your privacy, the best option is to set up your own encrypted VPN server. This way, you retain full control over your data and can ensure that it stays protected.

Setting up your own VPN server is easier than you might think. You can use open-source software that has been audited by security researchers, and host it on a cloud service like Amazon Web Services, DigitalOcean, Google Cloud, or Microsoft Azure. With this setup, your internet traffic is encrypted using a private key that only you have access to. This means that even if the cloud provider hosting your VPN server is compromised, your data remains protected.

This DIY approach ensures that no one – not even your cloud service provider – can access your private data. In fact, if authorities were to seize your server, the data would still be encrypted and inaccessible without your private key. Only you can unlock the data, providing the highest level of security and privacy.

While VPNs can be useful for specific tasks, like accessing region-locked content or enhancing security on public Wi-Fi networks, they should not be relied upon to protect your privacy or anonymity. If you’re serious about safeguarding your online activity, a self-managed encrypted VPN server is the most secure option.

In conclusion, VPNs can be beneficial in some contexts, but they come with inherent risks and limitations. Don't count on VPN providers to keep your data private. Take control of your privacy by setting up your own encrypted server, ensuring that your online activities stay protected from prying eyes.
Read more »
Online Security
CAPTCHA Lumma Stealer Malicious Campaign malware Online Security

Malware Campaign Expands Its Use of Fraudulent CAPTCHAs

 

Attackers are increasingly spreading malware using a unique method: a fake CAPTCHA as the initial infection vector. Researchers from multiple companies reported on this campaign in August and September. The attackers, who mainly targeted gamers, first transmitted the Lumma stealer to victims via websites hosting cracked games.

The recent adware research shows that this malicious CAPTCHA is spreading through a wide range of online resources unrelated to gaming, including adult sites, file-sharing services, betting platforms, anime resources, and web apps that monetise traffic. This shows that the distribution network is being expanded to reach a larger pool of victims. Furthermore, we discovered that the CAPTCHA distributes both Lumma and the Amadey Trojan. 

Malicious CAPTCHA

It's critical to comprehend how the attackers and their distribution network function in order to prevent falling for their tricks. Legitimate, non-malicious offers are also included in the ad network that pushes pages with the malicious CAPTCHA. 

It works as follows: the user is redirected to additional resources when they click anywhere on a page that uses the ad module. As is common with adware, the majority of redirects take users to websites that advertise security software, ad blockers, and similar products. Sometimes, though, the victim is directed to a page that contains the malicious CAPTCHA. 

Unlike genuine CAPTCHAs, which are intended to safeguard websites from bots, this copycat promotes illicit resources. As with the previous stage, the victim does not always come across malware. For example, the CAPTCHA on one of the sites invites the visitor to scan a QR code, which leads to a betting site. 

The Trojans are distributed using CAPTCHAs that provide instructions. By clicking the "I'm not a robot" button, you can copy the powershell line.exe -eC bQBzAGgAdABhA <...>MAIgA= to the clipboard and displays the following "verification steps": 

  • To open the Run dialogue box, use Win + R. 
  • Subsequently, paste the clipboard line into the text field using CTRL + V. 
  • Finally, press Enter to execute the code. 

Payload: Amadey trojan

Researchers have discovered that the same effort is also propagating the Amadey Trojan. Since 2018, Amadey has been the subject of multiple security reports. In short, the Trojan downloads multiple modules that steal credentials from major browsers and Virtual Network Computing (VNC) systems. 

It also detects cryptocurrency wallet addresses in the clipboard and replaces them with those owned by the attackers. One of the modules can also capture screenshots. In some cases, Amadey downloads the Remcos remote access tool to the victim's device, allowing the attackers complete control over it. 

From September 22 to October 14, 2024, over 140,000 users encountered ad scripts. According to Kaspersky's telemetry data, more than 20,000 of these 140,000 users were routed to infected sites, where some encountered a phoney update notification or a fake CAPTCHA. Users from Brazil, Spain, Italy, and Russia were the most commonly affected.
Read more »
Sextortion Scam
Cyber Attacks Cyber Awareness Email Fraud Email Phishing Email Spoofing Online Security Personal Data Phishing Scams Sextortion Scam

How to Protect Yourself Against Phishing Extortion Scams Involving Personal Data

 

Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims into paying money, often in cryptocurrency like Bitcoin. One victim, Jamie Beckland, chief product officer at APIContext, received a message claiming to have embarrassing video footage of him, demanding payment to keep it private. 

While such emails appear terrifying, there are ways to verify and protect yourself. Many images in these scams, such as photos of homes, are copied from Google Maps or other online sources, so confirming this can quickly expose the scam. To check if an image is pulled from the internet, compare it to Google Maps street views. Additionally, always scrutinize email addresses for legitimacy. Cybersecurity expert Al Iverson from Valimail advises checking for any small variations in the sender’s email domain and examining SPF, DKIM, and DMARC authentication results to determine if the email domain is real. 

Be cautious if a message appears to come from your own email address, as it’s often just a spoofed sender. Links in phishing emails can lead to dangerous sites. Founder of Loop8, Zarik Megerdichian, recommends extreme caution and encourages reporting such scams to the Federal Trade Commission (FTC). Monitoring your financial accounts, disputing unauthorized charges, and updating or canceling compromised payment methods are other essential steps. To reduce vulnerability, it’s wise to change your passwords, set up a VPN, and isolate your network. Yashin Manraj, CEO of Pvotal Technologies, suggests transferring critical accounts to a new email, informing your family about the scam, and reporting it to law enforcement, such as the FBI, if necessary. 

One of the best defenses against these types of scams is to control your data proactively. Only share essential information with businesses, and avoid giving excessive details to online services. Megerdichian emphasizes the importance of asking whether every piece of data is truly necessary, as oversharing can open the door to future scams. 

With these strategies, individuals can better protect themselves from extortion phishing scams. It’s crucial to stay vigilant and avoid interacting with suspicious emails, as this will help shield you from falling victim to increasingly sophisticated cyber threats.
Read more »
ProPublica
Cyber Attacks Facebook Ads Facebook Hackers fake ads Hackers Internet scammers Meta Online Security ProPublica

Meta Struggles to Curb Misleading Ads on Hacked Facebook Pages

 

Meta, the parent company of Facebook, has come under fire for its failure to adequately prevent misleading political ads from being run on hacked Facebook pages. A recent investigation by ProPublica and the Tow Center for Digital Journalism uncovered that these ads, which exploited deepfake audio of prominent figures like Donald Trump and Joe Biden, falsely promised financial rewards. Users who clicked on these ads were redirected to forms requesting personal information, which was subsequently sold to telemarketers or used in fraudulent schemes. 

One of the key networks involved, operating under the name Patriot Democracy, hijacked more than 340 Facebook pages, including verified accounts like that of Fox News meteorologist Adam Klotz. The network used these pages to push over 160,000 deceptive ads related to elections and social issues, with a combined reach of nearly 900 million views across Facebook and Instagram. The investigation highlighted significant loopholes in Meta’s ad review and enforcement processes. While Meta did remove some of the ads, it failed to catch thousands of others, many with identical or similar content. Even after taking down problematic ads, the platform allowed the associated pages to remain active, enabling the perpetrators to continue their operations by spawning new pages and running more ads. 

Meta’s policies require ads related to elections or social issues to carry “paid for by” disclaimers, identifying the entities behind them. However, the investigation revealed that many of these disclaimers were misleading, listing nonexistent entities. This loophole allowed deceptive networks to continue exploiting users with minimal oversight. The company defended its actions, stating that it invests heavily in trust and safety, utilizing both human and automated systems to review and enforce policies. A Meta spokesperson acknowledged the investigation’s findings and emphasized ongoing efforts to combat scams, impersonation, and spam on the platform. 

However, critics argue that these measures are insufficient and inconsistent, allowing scammers to exploit systemic vulnerabilities repeatedly. The investigation also revealed that some users were duped into fraudulent schemes, such as signing up for unauthorized monthly credit card charges or being manipulated into changing their health insurance plans under false pretences. These scams not only caused financial losses but also left victims vulnerable to further exploitation. Experts have called for more stringent oversight and enforcement from Meta, urging the company to take a proactive stance in combating misinformation and fraud. 

The incident underscores the broader challenges social media platforms face in balancing open access with the need for rigorous content moderation, particularly in the context of politically sensitive content. In conclusion, Meta’s struggle to prevent deceptive ads highlights the complexities of managing a vast digital ecosystem where bad actors continually adapt their tactics. While Meta has made some strides, the persistence of such scams raises serious questions about the platform’s ability to protect its users effectively and maintain the integrity of its advertising systems.
Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
WiFi
Cyber Threats Encryption Online Security Privacy WiFi

How Ignoring These Wi-Fi Settings Can Leave You Vulnerable to Hackers

 

In today's plugged-in world, most of us rely on the Internet for nearly everything from shopping and banking to communicating with family members. Whereas increasing reliance on the internet has exposed opportunities for doing just about anything remotely, it also increases the chances that cyber thieves will target your home Wi-Fi network looking for a weak point to pry into. Thus, securing your home network is critical to your own privacy.

The Importance of Router Settings

But for privacy lawyer Alysa Hutnik, the most common mistake isn't what people do but rather what they don't: namely, change the default settings on their Wi-Fi routers. The default settings on every router are public knowledge, and that's how hackers get in. "You wouldn't leave your front door open," she points out-a failure to alter these default settings is a little different from that.

The very first thing in securing your Wi-Fi network is changing the default password to something strong and unique. This would reduce the chances of unauthorised access significantly. You may also want to take a look at all the other configurations you can make on your router to optimise security features.

Encryption: Protecting Your Data

Another thing you should do to secure your home network is to enable encryption. Most of the current routers do offer some form of encryption options, like WPA (Wi-Fi Protected Access). This encrypts information in such a way that while travelling over your network, it makes hacking even more inconvenient to intercept. If you have not enabled the encryption on your router then it's pretty much the same as leaving personal information lying around open for everyone to grab. A check on your settings and enabling the WPA encryption adds the much-needed layer of defence.

Check Security Settings on All Devices

Securing your home network doesn't stop at the router. Any device that connects to your Wi-Fi should have its privacy and security settings properly enabled as well. Hutnik says that whenever you bring home a new device, a new phone, smart speaker, or laptop, it takes a few minutes to read through the options for privacy and security settings. Many devices have configurations not optimised for security by default. Usually, those configurations can be customised in a minute or two.

Quick Easy-to-Follow Steps to Mitigate Risk

Beyond the configuration of your network and devices, Hutnik calls you to take a few extra precautionary actions regarding your privacy. One such action is sticking tape on your webcam when you are not using it. There is always the prospect of hackers taking control of your camera through malware, so spying on you. As simple as placing a sticker or a Post-it note on your webcam might give you relief over it.

Sure enough, these measures won't protect you from cyber-attacks right and left, but they certainly reduce the risk. The more of our lives we put online, the more important it becomes that we take time to harden our home networks and equipment.

Stay Vigilant and Stay Protected

This will help protect you more from hackers and other online threats: understanding home network vulnerabilities and taking preventive actions about routers, using encryption, and checking your devices' settings. It involves the little things like covering your webcam and thereby trying to ensure that these little habits make you a safer human being on the internet.


Take small steps in securing your home network to avoid many future headaches and ensure that your personal info does not end up in cyber-criminals' pockets.


Read more »
Subscribe to: Posts (Atom)