Νέα Ασφάλειας

If this mere sampling of 1,000 parents represents the sharing attitudes of even a fraction of the people who use Facebook (estimated to be one billion globally), then rethinking the way in which we share photos isn’t a bad idea.

We know that asking parents, grandparents, friends, and kids themselves to stop uploading photos altogether would be difficult.

But we can dilute the risks of photo sharing. Together, we can agree to post smarter, to pause a little longer. We can look out for one another’s privacy and share in ways that keep us all safe.

Can you relate?

  • 30% of parents post a photo of their child to social media daily.
  • 58% of parents do not ask for permission from their children before posting images of them on social media.
  • 22% think that their child is too young to provide permission; 19% claim that it’s their own choice, not their child’s choice.

The surprising part:

  • 71% of parents who share images of their kids online agree that the images could end up in the wrong hands.
  • Parents’ biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%).
  • Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

Ways to help minimize photo sharing risks:

  • Pause before uploading. That photo of your child is awesome but have you stopped to analyze it? Ask yourself: Is there anything in this photo that could be used as an identifier? Have I inadvertently given away personal information such as a birthdate, a visible home addresses, a school uniform, financial details, or potential passwords? Is the photo I’m about to upload something I’d be okay with a stranger seeing?
  • Review your privacy settings. It’s easy to forget that when we upload a photo, we lose complete control over who will see, modify, and share that photo again (anywhere they choose and in any way they choose). You can minimize the scope of your audience to only trusted friends and family by customizing your privacy settings within each social network. Platforms like Facebook and Instagram have privacy settings that allow you to share posts (and account access) with select people. Use the controls available to boost your family privacy.
  • Voice your sharing preferences with others. While it may be awkward, it’s okay (even admirable) to request friends and family to reign in or refrain from posting photos of your children online. This rule also applies to other people’s public comments about your vacation plans, new house, children’s names or birthdates, or any other content that gives away too much data. Don’t hesitate to promptly delete those comments by others and explain yourself in a private message if necessary.
  • Turn off geotagging on photos. Did you know that the photo you upload has metadata assigned to it that can tell others your exact location? That’s right. Many social networks will tag a user’s location when that user uploads a photo. To make sure this doesn’t happen, simply turn off geotagging abilities on your phone. This precaution is particularly important when posting photos away from home.
  • Be mindful of identity theft. Identity theft is no joke. Photos can reveal a lot about your lifestyle, your habits, and they can unintentionally give away your data. Consider using an identity theft protection solution that can help protect your identity and safeguard your personal information.
The information contained in this website is for general information purposes only. The information is gathered from McAFEE while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Researchers at Check Point have figured out the encryption method used by RansomWarrior. The Ransomware was developed in India.

The ransomware has targeted Windows users, the payload is delivered as an executable under file name “A Big Present.exe”  if the application is executed it will encrypt files with a .THBEC extension. The victims are given a link to the dark web website that takes payments in Bitcoin.

The Ransomware offers the victims to decrypt two files for free, however if the victims don’t pay the ransom they will not get the rest of their files back. The ransomware cheekily has a sentence saying that the police can’t help you.

How Did The Researchers Break the Encryption?

Researchers at Check Point found the malware was developed by some inexperienced hackers, the company was able to retrieve decryption keys from the malware. Check Point succeeded due to the weak encryption used by the ransomware. The Ransomware used only 1000 hard-coded keys within the RansomWarrior binary code.

The Key’s index is saved in the victim’s machine which is providing the means to unlock the files. The Researchers were able to create a decryption tool to retrieve the files of any user who might have been affected by the RansomWarrior. Most of the ransomware authors have been deploying mass spam messages to affect the entire networks.

Why Ransomware Became famous?

Some Ransomware products have made over $6 Million by just following a targeted campaign. However many have seen a move away from ransomware with a new focus on Cryptocurrency mining.

Hackers managed to siphon off over Rs 94 crore  (Around 12,000,000 Euro ) through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days.

The fraudulent transactions were carried out on August 11 and August 13 and the malware attack by the hackers originated in Canada, Cosmos Bank chairman Milind Kale said.

“In two days, hackers withdrew a total Rs 78 crore from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India, and another Rs 2.5 crore were taken out within India,” he said.

On August 13, hackers again transferred Rs 13.92 crore in a Hong Kong-based bank by using fraudulent transactions.

Kale, however, said the cooperative bank’s core banking system was not affected and it has already appointed a professional forensic agency to investigate the fraud.

“On Saturday afternoon, the bank came to know about malware attack on its debit card payment system and it was observed that unusual repeated transactions were taking place through Visa and Rupay cards used at various ATMs for nearly two hours,” he said.

While cloning the cards and using a “parallel” or proxy switch system, the hackers self-approved the transactions and withdrew over Rs 80.5 crore in about 15,000 transactions, he added.

Explaining further, Kale said the core banking system of the bank receives debit card payment requests via ‘switching system’, but during this malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by this proxy switching system.

He said that as per the payment settlement system, Visa and Rupay raised the payment demand for all these transactions and as per the agreement, bank had to pay this Rs 80.5 crore amount to them.

Talking about the Rs 13.92 crore fraudulent transaction in a Hong Kong-based bank, he claimed that though the money has been transferred to that account, it is still in the baking channel.

As a precautionary measure, the bank has closed ATMs operations and suspended net and mobile banking facilities, according to the official.

“We appeal customers to remain calm and not to get panic as savings, term deposits, recurring accounts of all the stakeholders are fully safe,” Kale said.

The bank has also registered an FIR at the Chatushringi police station in the city. A case was registered under sections 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of the Indian Penal Code.

When asked about the recovery of the amount, Kale said the malware attack was not against any bank but against the banking system and was done at international level in a very “coordinated way”.

“Since a lot of countries are involved, getting the money back will completely depend on coordinated efforts of all the agencies,” he said.

He said that the actual loss to the bank will be known only after reconciliation with Visa and Rupay.

The information contained in this website is for general information purposes only. The information is gathered from Economic Times while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

One in 13 UK cybersecurity professionals have admitted they also participate in black hat activities, according to new research from Malwarebytes.

The security vendor commissioned Osterman Research to poll 900 professionals in the US, UK Germany, Australia and Singapore to compile its latest study, White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime.

The UK stood out for three reasons. Its companies had the lowest average security budget of any globally, 97% of UK firms have fallen victim to a significant security threat over the past year, the highest of any country, and nearly 8% of respondents admitted to grey hat activity, versus a global average of 4.5%.

The study also revealed that 40% of UK security pros have known someone that has participated in black hat activity, 32% have been approached to take part and 21% have considered doing it.

The most popular reasons given for doing so were to earn more money (54%), the challenge that it offers (53%), retaliation against an employer (39%), philosophical reasons or some sort of cause (31%) and that it is not perceived as wrong (30%).

The financial challenge is likely to continue as the average security budget in the UK for a 2500-employee organization is set to grow by just 10% to £220,000 in 2018, according to the report. The largest chunk of this (17%) is apparently spent on remediation, with respondents claiming they’d spend on average more than £188,000 to remediate an incident.

“Companies need to assign more resources to their security budget, and that includes salaries for security researchers and other technicians. If an employee begins grumbling about pay, and if human resources are unresponsive to his or her requests, then organizations may be setting themselves up for a much larger financial loss down the line,” senior malware intelligence analyst, Jérôme Segura, told Infosecurity.

“Companies need to look for signs of individuals becoming unhappy or unfulfilled in their position and address them early on. Having regular dialogues between HR, managers and employees can help avoid more complicated situations at a later date.”

Segura added that tightening access controls can also help to mitigate the inside threat.

 

The information contained in this website is for general information purposes only. The information is gathered from InfoSecurity while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

NETSCOUT’s Arbor Active Threat Level Analysis System (ATLAS®) has actively monitored the global internet threat landscape since 2007. Today, it provides visibility into approximately one-third of the global internet.

As threats grow across the landscape, NETSCOUT’s unique position protecting enterprise networks and the internet through our service provider customers gives us wide visibility into this dynamic and ever-changing environment. By drawing on that comprehensive view with analysis driven by NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), they created a representative view of the threat landscape as they observed in the first six months of 2018 based on their data and driven by extensive research and analysis.

What did they find? The complexion of the threat landscape is moving more rapidly, expanding footprint and changing tactics. Methods that are commonplace in the DDoS threat tool kit have sprung to crimeware and espionage. This accelerating internet-scale threat paradigm changes the frontiers for where and how attacks can be launched, observed and interdicted.

1. DDoS attacks enter the terabit era.

Last winter’s Memcached-based attacks ushered in the terabit era of DDoS attacks. In fact, NETSCOUT Arbor mitigated the largest DDoS attack yet seen, a 1.7 Tbps DDoS attack in February of 2018.

2. Attack volume up, frequency down.

They saw about 2.8 billion attacks in the first half of 2018. While that’s a huge number of attacks, the big news lies in size rather than frequency.

From 2017 to 2018, they saw a slight drop in attack frequency accompanied by a dramatic increase in attack size and scale. However, that drop in frequency doesn’t mean that DDoS attacks are abating. The maximum size of DDoS attacks increased 174% in H1 2018 compared with the same timeframe in 2017. It is our assessment that as attack tools grow more sophisticated, attackers have found it easier and cheaper to launch larger, more effective attacks.

3. APT groups expand beyond traditional arena.

More nations are operating offensive cyber programs and we in the research community are observing a broader set of threat actors. Indeed, nation-state-sponsored activity has developed beyond the actors commonly associated with China and Russia, as their findings include campaigns attributed to Iran, North Korea and Vietnam.

4. Crimeware actors diversify attack methods.

While email campaigns remain the primary attack venue, they observed notable changes in methods designed to accelerate malware proliferation. Inspired by 2017 worm events such as WannaCry, major crimeware groups added worm modules to other malware with distinct objectives such as credential-theft or traditional loaders. They also saw an increased focus on cryptocurrency mining in malware. It seems that attackers see this method as a less risky and more profitable alternative to ransomware, since the latter has the unfortunate side effect of drawing attention from law enforcement agencies.

5. Countries can be highly targeted by DDoS campaigns.

While the trend of a large increase in size of attacks over a growth in frequency played out fairly consistently across regions, they saw some countries and regions disproportionately targeted. The Asia Pacific experienced a disproportionally large number of high-volume attacks in comparison with other regions. China emerged as highly targeted country, with 17 attacks greater than 500 Gbps in the first half of 2018 versus none during the same timeframe the year before.

6. Vertical industry targets expand.

Analysis of targeted verticals reveals some insights year over year. Telecommunications providers and hosting services continued to observe the overwhelming majority of attacks, but they also saw big shifts year over year in a number of vertical sectors. Attacks on system integrators and consultancies were up, and government agencies such as consulates, embassies, the International Monetary Fund, the State Department, and the United Nations experienced a sharp uptick in attacks. This aligns with the use of DDoS against targets by government as well as those ideologically opposed to the interests represented by these institutions.

7. New DDoS attack vectors are rapidly leveraged…

The Memcached attack campaign used vulnerabilities in misconfigured Memcached servers to launch enormous DDoS attacks, a process that took very little time from initial reporting to the first attack tool being made available and utilized to cause global impact. While there was considerable mobilization worldwide to fix vulnerable servers, the vector remains exploitable and will continue to be used. The reality is, once a DDoS type is invented, it never really goes away.

8. …While old ones get new life.

Simple Service Discovery Protocol (SSDP) has been used for reflection/amplification attacks for many years, and ASERT debunked reports this year that claimed this existing tool represented a new type of DDoS campaign with potentially millions of vulnerable devices. However, ASERT did uncover a new class of SSDP abuse where naive devices will respond to SSDP reflection/amplification attacks with a non-standard port. The resulting flood of UDP packets has ephemeral source and destination ports, making mitigation more difficult—an SSDP diffraction attack.

9. Targeted APT campaign can involve internet-scale footprints

As nation-state APT groups continue to develop globally, they were particularly interested in the observations of internet-scale activity in the strategic sphere, where campaigns such as NotPetya, CCleaner, VPNFilter, etc., involved broad proliferation across the internet, even as the ultimate targets in some instances were highly selective. These are distinct from the targeted attacks enterprises have become accustomed to dealing with over time, which often involve direct spear-phishing and limited scope to avoid detection and maintain presence. In this respect, targeted campaigns can now be backed by internet-scale intrusions

New crimeware platforms and targets emerge.

Not satisfied with adding new malware modules, crimeware actors also busily developed new platforms, such as such as the Kardon Loader beta observed by ASERT. At the same time, well-known malware platforms such as Panda Banker are being directed at new targets.

 

The information contained in this website is for general information purposes only. The information is gathered from ArborNetworks while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.