Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Platforms. Show all posts

Global Taskforce Dismantles Encrypted Criminal Platform ‘Ghost,’ Leading to 51 Arrests

 

In a major breakthrough, Ireland’s police service, An Garda Síochána, collaborated with Europol and law enforcement from eight other countries to dismantle a sophisticated criminal platform known as ‘Ghost.’ This encrypted platform was widely used for large-scale drug trafficking, money laundering, and other serious criminal activities. So far, the coordinated operation has led to the arrest of 51 individuals, including 38 in Australia and 11 in Ireland, and is seen as a critical step toward disrupting international organized crime. 

Ghost’s advanced encryption capabilities allowed criminals to communicate without fear of detection, handling approximately 1,000 messages daily. It even featured self-destruct options to erase messages, offering a high level of secrecy for criminal enterprises. During the investigation, Irish authorities seized 42 encrypted devices and over €15 million worth of drugs, such as cocaine, cannabis, and heroin, linking the platform to at least four criminal gangs operating within Ireland. The platform’s dismantling is part of a more extensive, ongoing investigation into organized crime that relies on encrypted communication networks to conduct illegal operations. 

Europol’s executive director, Catherine De Bolle, emphasized the importance of international collaboration in this operation, noting that the joint effort from various countries was crucial in dismantling a system that many criminals considered impenetrable. She stated that such coordinated action demonstrates that law enforcement can penetrate even the most secure networks when they work together. This operation marks a significant achievement in disrupting illegal activities facilitated by encrypted platforms, proving that even the most advanced criminal networks cannot hide from justice. 

Despite this victory, authorities remain cautious, acknowledging that shutting down criminal platforms like Ghost is just one step in the fight against organized crime. Similar cases, such as the resurgence of the LockBit ransomware gang, serve as reminders that criminals often adapt quickly, finding new ways to operate. This operation, however, is a testament to the effectiveness of global cooperation and advanced investigative techniques, sending a strong message to criminal networks that no platform, regardless of its sophistication, is beyond the reach of law enforcement. 

As investigations continue, Europol anticipates more arrests and the unearthing of additional criminal activities associated with Ghost. This case highlights the ongoing need for international collaboration, technological expertise, and persistent efforts to dismantle organized crime networks.

No Code Application Development Platforms Set to Propel Your Business in 2024

 

The ability to develop web applications without extensive coding knowledge is a significant advantage in today's AI-driven world. No-code web building platforms have become essential tools for entrepreneurs, businesses, and creative individuals seeking to swiftly launch web or mobile applications without the complexities of traditional coding.

Several top-tier no-code web building platforms have gained prominence in the industry. Webflow, for instance, is primarily a website builder with a visually appealing UI that can be extended into a web app builder when integrated with tools like Wist. It offers detailed design control and integrates with various apps, albeit with potential additional costs for advanced features. Webflow's no-code builder is particularly renowned for its strengths in design and aesthetics, providing users with precise control over their website's visual elements, including typography, color schemes, animations, and layout.

Another notable player is Backendless, functioning as a full-stack web app builder that supports native mobile apps. It emphasizes high performance, real-time databases, and a unique block-based approach to logic and APIs. Backendless excels in handling complex, real-time data, a crucial feature for applications requiring instantaneous updates, such as chat services, live streaming, or real-time analytics. Its support for native mobile app development enhances performance and user experience compared to web or hybrid apps.

Bubble, known as the industry standard for no-code web apps, features a drag-and-drop UI builder, workflow automation, API integration, and a robust community with templates and plugins. However, a limitation of Bubble is its inability to export source code, which can be a significant consideration for businesses or developers anticipating platform transitions or needing direct code access.

WeWeb stands out by specializing in front-end development with an intuitive builder and visual logic setup. While users must connect their own backend, the platform offers code exportability and a range of integrations. WeWeb's user-friendly front-end builder, combined with its flexibility in backend integration, makes it a unique and valuable tool for projects requiring a customized approach to both aspects of web development.

Additionally, each of these no-code web building platforms presents unique advantages, catering to different project requirements. Whether focusing on design, security, code control, or seamless integrations, choosing a platform aligned with your project's vision is crucial for a hassle-free web application development experience.

Revolutionizing Security: Passkeys by Google and Apple

Online security has grown to be of utmost importance in a digital environment that is always changing. Passkeys, a cutting-edge authentication system that is poised to transform how we protect our accounts, are being pushed for by Google and Apple, who are leading the effort.

Passkeys, also known as cryptographic keys, are a form of authentication that rely on public-key cryptography. Unlike traditional passwords, which can be vulnerable to hacking and phishing attacks, passkeys offer a more robust and secure method of verifying user identity. By generating a unique pair of keys – one public and one private – passkeys establish a highly secure connection between the user and the platform.

One of the key advantages of passkeys is that they eliminate the need for users to remember complex passwords or go through the hassle of resetting them. Instead, users can rely on their devices to generate and manage these cryptographic keys. This not only simplifies the login process but also reduces the risk of human error, a common factor in security breaches.

Google and Apple have been at the forefront of this innovation, integrating passkey technology into their platforms. Apple, for instance, has introduced the Passkeys API in iOS, making it easier for developers to implement this secure authentication method in their apps. This move signifies a significant shift towards a more secure and user-friendly digital landscape.

Moreover, passkeys can play a pivotal role in thwarting phishing attacks, which remain a prevalent threat in the online realm. Since passkeys are tied to specific devices, even if a user inadvertently falls victim to a phishing scam, the attacker would be unable to gain access without the physical device.

While passkeys offer a promising solution to enhance online security, it's important to acknowledge potential challenges. For instance, the technology may face initial resistance due to a learning curve associated with its implementation. Additionally, ensuring compatibility across various platforms and devices will be crucial to its widespread adoption.

Passkeys are a major advancement in digital authentication. Google and Apple are leading a push toward a more secure and frictionless internet experience by utilizing the power of public-key cryptography. Users might anticipate a time in the future when the laborious practice of managing passwords is a thing of the past as this technology continues to advance. Adopting passkeys is a step toward improved security as well as a step toward a more user-focused digital environment.

The Urlscan.io API Unintentionally Exposes Sensitive URLs and Data

 

Researchers have issued a warning about enterprise software misconfigurations that result in the leak of sensitive records on urlscan.io. 
Urlscan.io is a website scanning and analysis platform. The system accepts URLs and generates a wealth of data, including domains, IP addresses, DOM information, and cookies, as well as screenshots. According to the developers, the engine's goal is to enable "anyone to easily and confidently analyze unknown and potentially malicious websites."

Many enterprise customers and open-source projects are supported by Urlscan.io, and an API is provided to integrate these checks into third-party products. GitHub alert Positive Security stated in a blog post published today (November 2) that the urlscan API came to its attention as a result of an email sent by GitHub in February warning customers that GitHub Pages URLs had been accidentally leaked via a third-party during metadata analysis.

“With the type of integration of this API (for example via a security tool that scans every incoming email and performs a urlscan on all links), and the amount of data in the database, there is a wide variety of sensitive data that can be searched for and retrieved by an anonymous user,” the researchers say.

Positive Security discovered that this could include urlscan.io dorks, password reset links, setup pages, Telegram bots, DocuSign signing requests, meeting invitations, package tracking links, and PayPal invoices after further investigation.

Pingbacks to leaked email addresses appeared to indicate that the culprits were misconfigured security tools that submitted links received via email as public scans to urlscan.io. Many API integrations, for example, used generic python-requests/2.X.Y user agents that ignored account visibility settings, allowing scans to be incorrectly submitted as public.

Misconfiguration of SOAR

Positive Security contacted a number of leaked email addresses and received only one response: from a company that sent an employee a DocuSign link to their work contract and then launched an investigation. The employer discovered that the problem was caused by a misconfiguration of their Security Orchestration, Automation, and Response (SOAR) playbook, which was integrated with urlscan.io.

Positive Security investigated historical urlscan.io data and discovered misconfigured clients that could be abused by scraping the system for email addresses and sending them unique links to see if they appeared on urlscan. Password resets for many web services can be triggered for users of such misconfigured clients, and the leaked link can be used to set a new password and take over the accounts.

Speaking to The Daily Swig, Fabian Bräunlein, co-founder of Positive Security said that this attack vector could be triggered “for personal services like banking or social media or company services such as for popular SaaS or custom applications.

“For many SaaS providers, access to an email address with a certain domain is already sufficient to gain access to internal company data (e.g. chats or code repositories),” Bräunlein added. “In such a case, an attacker does not even need to take over existing accounts but can just create new accounts at interesting services.”

Urlscan  Overhaul

Positive Security reported its findings to urlscan.io once the impact of the issue assessment was completed in July. As a result, the cybersecurity firm and urlscan.io developers collaborated to resolve the issues discovered, resulting in the release of a new engine version later this month.

The updated software features an improved scan visibility interface as well as team-wide visibility settings. Urlscan.io later published Scan Visibility Best Practices, which explain the security benefits and risks posed by the three visibility settings users select when submitting a URL: 'Public,' 'Unlisted,' and 'Private.'

Urlscan.io has also contacted customers who have submitted a large number of public scans and has started reviewing third-party SOAR tool integrations. Finally, the developers added deletion rules, highlighted visibility settings in the user interface, and included a report button to disable problematic search results.

“Security teams that run a SOAR platform must make sure that no sensitive data is leaked to the public via integrations of third-party services,” Bräunlein commented.

Urlscan GmbH CEO Johannes Gilger told The Daily Swig: “We welcome the research performed by Positive Security and appreciate their professional conduct while working with us to identify the scope and source of these inadvertent information leaks.

“We have improved the visibility of the relevant settings on our platform, we have educated our users about the issue through a dedicated blog post and we continue to work with third-party automation providers to ensure adherence to safe default behaviors. A platform like urlscan will always carry the risk of unintended information disclosure due to the nature of its operation, so we take every available measure to minimize the likelihood of these things happening.”