Kategorie

LinuxSecurity.com: After Russia's misinformation campaign rattled the 2016 United States election season, scrutiny over this year's midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks.

LinuxSecurity.com: In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints.

A buffer overflow bug could silence online stations.

Concerns over midterm election tampering reach a boiling point in the days leading up to actual voting.

An exploit was released for a flaw existing in a process in CPUs called Simultaneous Multithreading (SMT).

"Password-killing" authentication efforts may be on a road to nowhere.

Stolen data from the 81,000 accounts that appeared to be genuine included intimate exchanges between Facebook users.

Football shockers started to flow on Friday, after journalists analyzed more than 70m exfiltrated documents, totaling 3.4 terabytes of data.

Na ústupu jsou útoky typu DDoS, které se ještě před pár lety těšily nebývalé popularitě. Kyberzločinci ale v posledních měsících volí stále častěji úplně jinou strategii, soustředí se na lukrativnější typy útoků – zpravidla na kryptoměny. Vyplývá to z analýzy antivirové společnosti Kaspersky Lab.

A proposed bill calls for executives to be jailed for not protecting consumers' data, or at least for lying about it.

Researchers have developed an exploit that uses a feature in Intel chips to steal secret cryptographic keys.

Passcodes are protected by the Fifth Amendment, browsers are being made to cough up browsing history, and an exploit in Microsoft Word. Catch up with this and everything we wrote in the last seven days - it's weekly roundup time!

Have you ever stopped to think just how much your life is worth? I mean really think about it. For instance, let’s say you wanted to sell everything you have – your house, your car, your job, your private life, photos and home movies from your childhood, your accounts on various social media, your medical history and so on – how much would you ask for it all?

I thought about this myself and just the thought that someone else would be able to, for example, read the personal things I’ve written to friends, family and lovers on Facebook made me realize that those things are priceless. The same goes for someone getting access to my email and basically having the power to reset all my passwords for all the accounts I’ve registered using that email.

In the real non-digital world there are lots of insurance policies that cover things if they get damaged or stolen. If someone steals my car or I break my TV, I can replace them if they were insured. We don’t really have that option in the digital world, and our digital life contains some very personal and sentimental information. The big difference is that our digital lives can never be erased – what we’ve said or written, pictures we’ve sent, or orders we’ve made are basically stored forever in the hands of the service providers.

I decided to investigate the black market and see what kind of information is being sold there. We all know that you can buy drugs, weapons and stolen goods there, but you can also buy online identities. How much do you think your online identity is worth?

Hacked accounts

When investigating hacked accounts from popular services it’s almost impossible to compile valid data because there are so many black-market vendors selling this stuff. It is also difficult to verify the uniqueness of the data being sold. But one thing is certain – this is the most popular type of data being sold on the black market. When talking about data from popular services, I’m referring to things like stolen social media accounts, banking details, remote access to servers or desktops and even data from popular services like Uber, Netflix, Spotify and tons of gaming websites (Steam, PlayStation Network, etc.), dating apps, porn websites.

The most common way to steal this data is via phishing campaigns or by exploiting a web-related vulnerability such as an SQL injection vulnerability. The password dumps contain an email and password combination for the hacked services, but as we know most people reuse their passwords. So, even if a simple website has been hacked, the attackers might get access to accounts on other platforms by using the same email and password combination.

These kinds of attacks are not very sophisticated, but they are very effective. It also shows that cybercriminals are making money from hackers and hacktivists; the people selling these accounts are most likely not the people who hacked and distributed the password dump.

The price for these hacked accounts is very cheap, with most selling for about $1 per account, and if you buy in bulk, you’ll get them even cheaper.

Some vendors even give a lifetime warranty, so if one account stops working, you receive a new account for free. For example, below is a screenshot that shows a vendor selling Netflix accounts.

100 000 email and password combinations

250 000 email and password combinations

Passports and identity papers

When lurking around underground marketplaces I saw a lot of other information being traded, such as fake passports, driving licenses and ID cards/scans. This is where things get a bit more serious – most of the identity papers are not stolen, but they can be used to cause problems in the non-digital world.

People can use your identity with a fake ID card to acquire, for example, phone subscriptions, open bank accounts and so on.

Below is a screenshot of a person selling a registered Swedish passport, and the price is $4000. The same vendor was offering passports from almost all European countries.

Scammers’ toolbox

Most of the items being sold in the underground marketplaces are not new to me; they are all things the industry has been talking about for a very long time. What was interesting was the fact that stolen or fake invoices and other papers/scans such as utility bills were being sold.

People actually steal other people’s mail and collect invoices, for example, which are then used to scam other people. They will collect and organize these invoices by industry and country. The vendors then sell these scans as part of a scammer toolbox.

A scammer can use these scans to target victims in specific countries and even narrow their attacks down to gender, age and industry.

During the research I got to thinking about a friend’s (Inbar Raz) research on Tinder bots and, through my research, I managed to find links between stolen accounts and Tinder bots. These bots are used to earn even more money from stolen accounts. So, the accounts are not just sold on the black market, they are also used in other cybercriminal activities.

What’s interesting about the fake Tinder profiles is that they have the following characteristics in common that make them easy to identify:

• Lots of matches all at once.
• Most of the women look like super models.
• No job title or education info.
• Stolen Instagram pictures/images but with info stolen from Facebook accounts.
• Scripted chat messages.

Most of the bots that I’ve researched are related to traffic redirection, clickbait, spam and things like that. So far, I haven’t seen any malware – most of the bots will try to involve you in other crime or to steal your data. Here’s an example of what it might look like.

The first step is that you’re matched with the bot. The bot doesn’t always contact you directly, but waits for you to interact with it before it replies. In some cases the introduction is scripted with some text about how it wants to show you nude photos or something similar and then it posts a link.

When you click on the link you go through several websites redirecting you in a chain. This chain does a lot of things, such as place cookies in your browser, enumerate your settings such as location, browser version and type and probably a lot more. This is done so that when you end up at the landing page they know which page to serve you. In my case, I came from a Swedish IP and the website I was offered was obviously in Swedish, which indicates that they are targeting victims globally.

These websites always have statements and quotes from other users. Most of the information used, including profile photos, name and age, is also taken from stolen accounts. The quote itself is obviously fake, but this approach looks very professional.

This particular website was asking for your email to sign up to a website which basically offered you a job. The actual campaign is called the ‘Profit Formula Scam’ and is a binary option auto-trading scam. It’s been covered in the media before, so I won’t go into any detail here.

Summary

People are generally very naive when it comes to their online identity, especially when it comes to services that don’t appear to affect their privacy in any way. I often hear people say that they don’t care if someone gets access to their account, for example, because they assume that the worst thing that can happen is that their account will be shared with someone they don’t know. But we need to understand that even if it all looks very innocent, we don’t know what the criminals do with the money they earn.

What if they are spending it on drugs or guns, which are then sold to teenagers? What if they finance platforms and servers to spread child porn? We need to understand that criminals often work together with other criminals, which means that maybe drugs are bought from the money they make from selling stolen Netflix accounts on the black market.

One of the most alarming things I noticed was how cheap everything was. Just think about the information someone could gather about you if they got access to your Facebook account – there is surely no way you would be okay with someone selling access to parts of your private life for one dollar.

But people use more than just Facebook. I would assume that most people aged between 15 and 35 have registered for over 20 different services and maybe use about 10 of them frequently. The services that you hardly ever use are a problem because you often forget that you even have an account there.

The most frequently used accounts probably include the likes of Facebook, Instagram, Skype, Snapchat, Tinder (or other dating services) email, and entertainment services such as Spotify, Netflix, HBO and YouTube. Besides this, you may have an account on a governmental or financial website such as your bank, insurance company, etc. We also need to remember that some of these services use Google or Facebook as authentication, which means you don’t use an email and password combination – you simply login with your Facebook or Google account.

SERVICE DESCRIPTION PRICE Gaming Any type of gaming account, Steam, PSN, Xbox etc. $1 per account Email Email and Password combination from various leaks. Most likely sold in bulk Various Facebook Direct access to Facebook account $1 per account Spotify Spotify premium account $2 per account Netflix Netflix account $1-5 per account Desktop Username and password for RDP services, including VNC $5-50 per account Server Username and password for telnet/ssh $5-50 per account Ecommerce Access to various ecommerce sites, including Airbnb and similar services $10 per account

When looking at the data it’s quite mind-blowing that you can basically sell someone’s complete digital life for less than $50 dollars. We’re not talking about getting access to bank accounts, but you do get access to services where a credit card might be included such as Spotify, Netflix, Facebook and others.

Besides just taking full control of someone’s digital life, access to these services is used by other criminals, for example, to spread malware or conduct phishing attacks.

The level of availability of these hacked or stolen accounts is very impressive; basically anyone with a computer can get access – you don’t have to be an advanced cybercriminal to know where to find them.

** Firma Vayyar Imaging představila svůj nový produkt Walabot Home ** Cílí na seniory, kterým v případě pádu automaticky zavolá pomoc ** Opadá tak nutnost nosit jakékoli „nouzové tlačítko“

Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other

** Spící děti probudí lépe než zvuk detektoru kouře hlas jejich matky ** Rozdíl je přitom velmi markantní: 52 % proti 91 % ** Aplikace výsledků do výroby čidel může zachránit dětské životy

On this episode of the CyberSpeak with InfoSec Institute podcast, Todd Weller, chief strategy officer at Bandura Systems, discusses cybercrime in the financial sector and how to build a security awareness program on a budget. In the podcast, Weller and host Chris Sienko discuss: How has cybersecurity in the financial sector changed over time? (1:15) […]

The post How is Cybercrime Impacting the Financial Sector? — CyberSpeak Podcast appeared first on InfoSec Resources.

How is Cybercrime Impacting the Financial Sector? — CyberSpeak Podcast was first posted on November 2, 2018 at 8:09 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Investigators posed as buyers and were offered the messages at 10 cents per Facebook account.

Posted by Jonathan Skelker, Product Manager

It’s Halloween ???? and the last day of Cybersecurity Awareness Month ????, so we’re celebrating these occasions with security improvements across your account journey: before you sign in, as soon as you’ve entered your account, when you share information with other apps and sites, and the rare event in which your account is compromised.

We’re constantly protecting your information from attackers’ tricks, and with these new protections and tools, we hope you can spend your Halloween worrying about zombies, witches, and your candy loot—not the security of your account.

Protecting you before you even sign in
Everyone does their best to keep their username and password safe, but sometimes bad actors may still get them through phishing or other tricks. Even when this happens, we will still protect you with safeguards that kick-in before you are signed into your account.

When your username and password are entered on Google’s sign-in page, we’ll run a risk assessment and only allow the sign-in if nothing looks suspicious. We’re always working to improve this analysis, and we’ll now require that JavaScript is enabled on the Google sign-in page, without which we can’t run this assessment.

Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off. This might make sense if you are reading static content, but we recommend that you keep Javascript on while signing into your Google Account so we can better protect you. You can read more about how to enable JavaScript here.
Keeping your Google Account secure while you’re signed in
Last year, we launched a major update to the Security Checkup that upgraded it from the same checklist for everyone, to a smarter tool that automatically provides personalized guidance for improving the security of your Google Account.
We’re adding to this advice all the time. Most recently, we introduced better protection against harmful apps based on recommendations from Google Play Protect, as well as the ability to remove your account from any devices you no longer use.More notifications when you share your account data with apps and sites
It’s really important that you understand the information that has been shared with apps or sites so that we can keep you safe. We already notify you when you’ve granted access to sensitive information — like Gmail data or your Google Contacts — to third-party sites or apps, and in the next few weeks, we’ll expand this to notify you whenever you share any data from your Google Account. You can always see which apps have access to your data in the Security Checkup.
Helping you get back to the beginning if you run into trouble
In the rare event that your account is compromised, our priority is to help get you back to safety as quickly as possible. We’ve introduced a new, step-by-step process within your Google Account that we will automatically trigger if we detect potential unauthorized activity.
We'll help you:

• Verify critical security settings to help ensure your account isn’t vulnerable to additional attacks and that someone can’t access it via other means, like a recovery phone number or email address.
• Secure your other accounts because your Google Account might be a gateway to accounts on other services and a hijacking can leave those vulnerable as well.
• Check financial activity to see if any payment methods connected to your account, like a credit card or Google Pay, were abused.
• Review content and files to see if any of your Gmail or Drive data was accessed or mis-used.

Online security can sometimes feel like walking through a haunted house—scary, and you aren't quite sure what may pop up. We are constantly working to strengthen our automatic protections to stop attackers and keep you safe you from the many tricks you may encounter. During Cybersecurity Month, and beyond, we've got your back.