Νέα Ασφάλειας

Here you can find some tips on how to secure your wireless home network.

Don’t leave the defaults!

When it’s fresh out of the box, your router will usually come preloaded with a default username and password used to access its configuration settings.

You might have only ever seen this once when setting up your router for the first time – or you might have simply “plugged in” and never needed it at all (lucky you)!

However, trouble can arise if you’ve never given your router’s details a second thought. With sites like RouterPasswords.com, you can easily look up defaults by brand, make and model.

Combined with the default network ID discussed below, this can be a ridiculously easy feat for a nosy neighbour or nefarious hacker to use your home network. Believe it or not, most hacking is simply cagey guesswork rather than genius feats!

Change the network name

The default name broadcast by your router can reveal key information to snoops: namely your router’s brand and model.

These details can be used in combination with the first security foible to look up your router’s default admin name and password. Sites like RouterPasswords.com make it almost trivially easy – test it out with your own router model and see for yourself!

Give your SSID (network name) a personal touch, and erase any mention of your device’s make and model. It’s a simple measure, yet it can eliminate the simplest attacks that target low-hanging fruit.

Ditch the guest networks

It might be nice to offer your guests free WiFi without needing to give them the password, however remember that you’re also offering the same courtesy to anyone else within range – even your neighbours!

They’re still using your Internet plan and monthly data allowance, so offering an easy way to bypass your password-protected network isn’t exactly the brightest idea. Turning off guest networks is a matter of delving into your particular router’s setup interface, so consult the documentation before poking around in the settings.

Keep the firmware current

It might seem pretty set-and-forget, but your router actually needs updating from time to time.
Firmware patches often address crucial security or performance flaws in your router, so failing to keep it up to date can undermine all your best efforts.

Updating your router’s firmware varies widely by manufacturer and model, so consult the documentation that came with your particular device to learn how to perform this step.

For a good starting point, take a look at the [Tom’s Guide roundup][rndup] for popular router manufacturers.

Try a VPN

A VPN, or Virtual Private Network, might seem like an overly complicated solution. However, if you want unparalleled privacy and anonymity while browsing, you can’t go past one.

In truth, there’s a variety of easy to use, fast and reliable VPNs on offer. Many are completely automatic, and are as simple to enable as clicking a button.

In summary, the way you’ve set up your home base station is fundamental to your Internet security. By ensuring you follow these tips as soon as you plug in your brand new router, you can stop Wifi thieves and other cybercriminals in their tracks.

 

The information contained in this website is for general information purposes only. The information is gathered from IT Security News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Just because it’s simple to use doesn’t mean the user is low-rent

The Poison Ivy Remote Access Tool (RAT) – often considered a tool for novice “script kiddies” – has become a ubiquitous feature of cyber-espionage campaigns, according to experts.

Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber-attacks, including the compromise of RSA SecurID data in 2011 and the “Nitro” assault against chemical makers, government offices, defence firms and human-rights groups last year.

A Peeping Tom webcam sextortionist has been jailed for six years in the US after targeting several young women in attacks that relied on a modified version of Poison Ivy, an incident which shows that the tool has malign uses beyond cyber-espionage.

Poison Ivy remains popular and effective eight years after its original release. FireEye has compiled a list of nation state-type attackers making use of the utility. These include a group called admin@338, which specialises in attacks targeting the financial services industry; th3bug, who have been hammering universities and healthcare facilities since 2009, and menuPass, a group that has run cyberespionage attacks against defence contractors over the last four years.

Poison Ivy is the preferred RAT of several threat actors located in China. Over recent months other attackers elsewhere in the world have begun adopting the same methodology.

A campaign by a Middle East hacking group called “Molerats” (AKA Gaza Hackers Team) switched during June and July to using Poison Ivy to attack Israeli government targets. The latest malware was signed with a fake Microsoft certificate, similar to earlier attacks using the XtremeRat trojan.

FireEye has also intercepted Egyptian- and Middle Eastern-themed attacks using decoy content in Arabic whose targets remain uncertain but may include targets in the Palestinian authority.

“The cyber-attacks against Israeli and Palestinian targets that were first documented last year are ongoing,” FireEye concludes. “The attackers, which we have called ‘MoleRats’, have also targeted government entities in the UK and in the US. In addition to using XtremeRAT, which is popular among Middle Eastern attackers, we have found that Molerats have adopted the use of Poison Ivy RAT, which is traditionally favoured by Chinese attackers.”

“We do not know if this is an intentional attempt by MoleRats to deflect attribution to China-based threat actors, or if they have simply added another, effective, publicly-available RAT to their arsenal. However, this development should raise a warning flag for those who attribute all Poison Ivy attacks to threat actors based in China. The ubiquity of off-the-shelf RATs makes determining positive attribution an increasing challenge,” it adds.

RATs such as Poison Ivy require little technical savvy while offering unfettered access to compromised machines, hence their use by even well-resourced professional cyber-ninja types. It can be considered as the easy to use front end of attacks that might be actually quite sophisticated when viewed as a whole.

 

The information contained in this website is for general information purposes only. The information is gathered from The Register while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The IT security researchers at Radware have discovered a sophisticated malware campaign targeting unsuspecting Facebook users in the name of a painting application called ‘Relieve Stress Paint.’ As a result, tens of thousands Facebook accounts have been compromised in the last couple of days.

The application is available on a website which takes advantage of Unicode representation to appear in search engines including Google as Aol.net, a web portal, and online service provider originally known as America Online – It is noteworthy that a couple of weeks ago AOL’s advertising platform was hacked to mine cryptocurrency.

Additionally, malicious hackers were found using Unicode to run malware and phishing scam on fake Apple, and Google domains.

According to the Radware researchers, the application is being spread via a phishing email and upon installing it launches a legitimate looking program allowing users to change colours, line size and other features like the default Microsoft Paint app. However, in reality, the app steals data from Chrome browser including saved Facebook login credentials and cookies.

Radware researchers were able to access the control panel of the command-and-control server used by cybercriminals and noted that there were more than 40,000 devices infected with the malware. This means tens of thousands Facebook accounts are currently being compromised due to the ongoing campaign.
A Facebook malware has taken over thousands of accounts
Stolen user data (Radware)

Furthermore, researchers noted that the server is based on a Chinese CMS called Layuicms 2.0 and contains a category for Amazon, meaning that based on the recent incidents including exposed Amazon S3 buckets the next target of malicious hackers could be Amazon.

But it does not end here, researchers also identified a variant of this malware. It is unclear what the cybercriminals will do with the data however researchers believe that it can be sold to cybercriminals, used for identity theft, cyber espionage, and ransom scams.

It is advised that users should refrain from installing third-party apps. It was just yesterday when Minecraft users came under malware attack due to the use of malicious third-party skins. Moreover, avoid clicking on links and downloading attachments in unknown emails.

 

The information contained in this website is for general information purposes only. The information is gathered from BRICA while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The Domain Name System (DNS) is the cornerstone of communication for the internet. Navigating to the sites, you access every day often starts with a DNS request. Cybercriminals recognise the value of DNS and may look for ways to abuse improperly secured DNS to compromise its uptime, integrity or overall response efficacy — which makes DNS an important area for enforcing security and protecting against threats.

 

When a DNS request is made, the query is routed to a recursive name server. If the domain name navigation information is cached, the recursive name server sends the response directly back to the user with the appropriate information so that they can go to the intended destination. If the information is not present in the cache, the recursive name server queries other DNS servers to find the information needed to answer the original query.

 

 

Cybercriminals understand how to manipulate DNS caching and may take advantage of unsecured servers through cache poisoning. Cache poisoning can occur when a cybercriminal sends fake (spoofed) DNS responses to a target recursive name server (resolver), pretending they came from an authoritative name server, a forwarder, or even a recursive name server to a client stub. When malicious information is cached on the recursive name server, the names on the server are considered “poisoned.”

Cybercriminals use cache poisoning to redirect traffic to fraudulent websites and other unintended destinations. Cache poisoning is considered dangerous because it does not require significant bandwidth, processing resources, or technical expertise to execute, and an attacker doesn’t need to be in the data path to launch cache poisoning attacks. Furthermore, a fraudulent address can reside on a recursive name server for hours, days or weeks before it is discovered.

When a poisoned cache connects an unsuspecting user or device to a fraudulent site, cybercriminals can do a variety of things. Few of them are, obtain sensitive data and other confidential information, steal user credentials and passwords, eavesdrop on communications, plant malicious software or display images and text that defame a legitimate brand or provide misleading information.

One solution to address cache poisoning is the implementation of DNS security extensions (DNSSEC). DNSSEC is the main security mechanism that protects the integrity of DNS records and helps safeguard the end-to-end integrity and authenticity of DNS responses.

As DNS attacks grow in frequency and impact, organisations can no longer afford to overlook DNS security as part of their overall defence-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. The key is to assess risks, identify security gaps and develop a plan to strengthen the security of both your inbound and outbound DNS.

 

The information contained in this website is for general information purposes only. The information is gathered from ITSecurity News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook.

The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data.

The abusive scripts were found on 434 of the top 1 million websites including cloud database provider MongoDB. That’s according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton’s Center For Information Technology Policy.

Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.

TechCrunch is still awaiting a formal statement from Facebook beyond “We will look into this and get back to you.” After TechCrunch brough the issue to MongoDB’s attention this morning, it investigated and just provided this statement “We were unaware that a third-party technology was using a tracking script that collects parts of Facebook user data. We have identified the source of the script and shut it down.”

BandsInTown tells me “Bandsintown does not disclose unauthorized data to third parties and upon receiving an email from a researcher presenting a potential vulnerability in a script running on our ad platform, we quickly took the appropriate actions to resolve the issue in full.” Fiverr did not respond before press time. [Correction: Two companies listed by the researchers have confirmed via fraud prevention service Forter that they did not host any exploitative trackers, or that their trackers did not have access to Facebook data. They’ve been removed from the research paper and subsequently from this article.]

The discovery of these data security flaws comes at a vulnerable time for Facebook. The company is trying to recover from the Cambridge Analytica scandal, CEO Mark Zuckerberg just testified before congress, and today it unveiled privacy updates to comply with Europe’s GDPR law. But Facebook’s recent API changes designed to safeguard user data didn’t prevent these exploits. And the situation shines more light on the little-understood ways Facebook users are tracked around the Internet, not just on its site.

“When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site” writes Englehardt. This chart shows that what some trackers are pulling from users. Freedom To Tinker warned OnAudience about another security issue recently, leading it to stop collecting user info.

Facebook could have identified these trackers and prevented these exploits with sufficient API auditing. It’s currently ramping up API auditing as it hunts down other developers that might have improperly shared, sold, or used data like how Dr. Aleksandr Kogan’s app’s user data ended up in the hands of Cambridge Analytica. Facebook could also change its systems to prevent developers from taking an app-specific user ID and employing it to discover that person’s permanent overarching Facebook user ID.

Revelations like this are likely to beckon a bigger data backlash. Over the years, the public had became complacent about the ways their data was exploited without consent around the web. While it’s Facebook in the hot seat, other tech giants like Google rely on user data and operate developer platforms that can be tough to police. And news publishers, desperate to earn enough from ads to survive, often fall in with sketchy ad networks and trackers.

Zuckerberg makes an easy target because the Facebook founder is still the CEO, allowing critics and regulators to blame him for the social network’s failings. But any company playing fast and loose with user data should be sweating.

 

The information contained in this website is for general information purposes only. The information is gathered from Techcrunch while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.