This posting is here to collect cyber security news in November 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in November 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
373 Comments
Tomi Engdahl says:
Roblox is back online after three days of Halloween outage
https://techcrunch.com/2021/10/31/roblox-back-after-three-days-halloween-outage/
The recovery came after an outage that lasted three days, a somewhat rare streak of blackout for a tech firm of Roblox’s colossal size. The company said earlier that the cause was an “internal system issue.”
“A core system in our infrastructure became overwhelmed, prompted by a subtle bug in our backend service communications while under heavy load,” David Baszucki, Roblox’s founder and CEO explained in a post after operations were restored.
Tomi Engdahl says:
Trojan Source’ Bug Threatens the Security of All Code https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
Virtually all compilers programs that transform human-readable source code into computer-executable machine code are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Report:
https://trojansource.codes/trojan-source.pdf
Tomi Engdahl says:
Canadian province health care system disrupted by cyberattack
https://www.bleepingcomputer.com/news/security/canadian-province-health-care-system-disrupted-by-cyberattack/
The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.
Tomi Engdahl says:
Ransomware attack disrupts Toronto’s public transportation system https://therecord.media/ransomware-attack-disrupts-torontos-public-transportation-system/
A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity.”
Tomi Engdahl says:
Cring ransomware continues assault on industrial organizations with aging applications, VPNs
https://www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/
A Sophos report attributed a recent Cring attack to hackers in Belarus and Ukraine. The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year.
Tomi Engdahl says:
Tens of Thousands Download “AbstractEmu” Android Rooting Malware
https://www.securityweek.com/tens-thousands-download-abstractemu-android-rooting-malware
Malware hunters at Lookout Security have discovered a new Android rooting malware that managed to score tens of thousands of downloads through Google Play and third-party application stores.
Dubbed AbstractEmu, the malware attempts to gain root access by exploiting several vulnerabilities identified in 2019 and 2020, as well as two from 2015. The adversary even modified publicly available exploits for two 2019 and 2020 CVEs, to ensure that they can target a larger number of devices.
Tomi Engdahl says:
‘Trojan Source’ Attack Abuses Unicode to Inject Vulnerabilities Into Code
https://www.securityweek.com/trojan-source-attack-abuses-unicode-inject-vulnerabilities-code
Researchers from the University of Cambridge have identified a new attack method that abuses Unicode to stealthily inject vulnerabilities into code.
Dubbed Trojan Source, the attack impacts many of the compilers, interpreters, code editors, and code repository frontend services used by software developers.
The Cambridge researchers discovered that Bidi can be abused to create code that would be displayed one way in code editors, but be interpreted differently by the compiler. Threat actors could leverage this method to submit malicious code to widely used open source software — the individual reviewing the code might see what appears to be harmless code that in reality introduces a vulnerability.
https://www.trojansource.codes/
Trojan Source’ Bug Threatens the Security of All Code https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
Virtually all compilers programs that transform human-readable source code into computer-executable machine code are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Report:
https://trojansource.codes/trojan-source.pdf
Tomi Engdahl says:
Hackers Threaten to Out Israeli LGBTQ Dating Site Users
https://www.securityweek.com/hackers-threaten-out-israeli-lgbtq-dating-site-users
A hacking group calling itself Black Shadow threatened Sunday to reveal personal details of users of Israeli’s leading LGBTQ dating site, in an attack some cyber experts linked to Iran.
“If we have 1 Millions $ in our wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody,” Black Shadow wrote on Telegram.
- ‘Not about ransom’ -
“From the moment we got warning on the issue from the National Cyber Directorate, even before the incident, we cooperated fully and fulfilled all the directorate’s guidelines,” it said.
Cyber intelligence researcher Ohad Zaidenberg said the breach appeared to be linked to a hack of Israeli insurance firm Shirbit last year, also claimed by Black Shadow, as well as an attack in March on Israeli insurance company KLS Capital Ltd.
“Now they are doing something relatively similar,” Zaidenberg said.
“We know that attack on Shirbit was Iranian, and therefore we can say, if it’s the same attacker and that attack was Iranian, this attack is Iranian.”
Keren Elazari, a cybersecurity expert and researcher at Tel Aviv University, agreed that the attack appeared to be Iranian.
“A big part of the hacks we’ve seen is not about ransom,” she said. “It’s about embarrassing Israeli companies, embarrassing Israeli citizens.”
She said the pandemic had opened new vulnerabilities for Israeli firms, as working from home offered less cybersecurity and has “multiplied the opportunity for attacks”.
Tomi Engdahl says:
Iran Suspects Israel and US Behind Fuel Cyber Attack
https://www.securityweek.com/iran-suspects-israel-and-us-behind-fuel-cyber-attack
An Iranian general has said Israel and the United States were likely to have been behind a cyber attack that interrupted the distribution of fuel at service stations.
Tuesday’s attack “technically” resembles two previous incidents whose perpetrators “were unquestionably our enemies, namely the United States and the Zionist regime”, the Revolutionary Guards’ Gholamreza Jalali said.
“We have analysed two incidents, the railway accident and the Shahid Rajaei port accident, and we found that they were similar,” Jalali, who heads a civil defence unit responsible for cyber activity, told state television late Saturday.
In July, Iran’s transportation ministry said a “cyber disruption” had affected its computer systems and website, according to Fars news agency.
And in May last year, the Washington Post reported that Israel carried out a cyber attack on the Iranian port of Shahid Rajaei in the Strait of Hormuz, a strategic route for global oil shipments.
Tuesday’s cyber attack caused traffic jams on major arteries in Tehran, where long queues at petrol stations disrupted the flow of traffic.
The oil ministry later took service stations offline so that petrol could be distributed manually, according to the authorities.
river Joans says:
Stampa Solutions is a renowned company that follows a data-driven approach to web design, development, site maintenance, and search engine operation. Our expert team curtails UX, designers, developers, and eCommerce specialists that ensure to establish your digital presence and help you discover your market potential.
Tomi Engdahl says:
Facebook to Shut Down Face-Recognition System, Delete Data
https://www.securityweek.com/facebook-shut-down-face-recognition-system-delete-data
Facebook said it will shut down its face-recognition system and delete the faceprints of more than 1 billion people amid growing concerns about the technology and its misuse by governments, police and others.
“This change will represent one of the largest shifts in facial recognition usage in the technology’s history,” Jerome Pesenti, vice president of artificial intelligence for Facebook’s new parent company, Meta, wrote in a blog post on Tuesday. “Its removal will result in the deletion of more than a billion people’s individual facial recognition templates.”
He said the company was trying to weigh the positive use cases for the technology “against growing societal concerns, especially as regulators have yet to provide clear rules.”
An Update On Our Use of Face Recognition
https://about.fb.com/news/2021/11/update-on-use-of-face-recognition/
We’re shutting down the Face Recognition system on Facebook. People who’ve opted in will no longer be automatically recognized in photos and videos and we will delete more than a billion people’s individual facial recognition templates.
This change will also impact Automatic Alt Text (AAT), which creates image descriptions for blind and visually-impaired people. After this change, AAT descriptions will no longer include the names of people recognized in photos but will function normally otherwise.
We need to weigh the positive use cases for facial recognition against growing societal concerns, especially as regulators have yet to provide clear rules.
Tomi Engdahl says:
FBI says ransomware gangs are using future merger and acquisition info to pressure victims https://therecord.media/fbi-says-ransomware-gangs-are-using-future-merger-and-acquisition-info-to-pressure-victims/
The US Federal Bureau of Investigation says that several ransomware gangs have used financial information, such as stock valuations and upcoming mergers and acquisitions, to put pressure on victims and force them into paying large ransom demands. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands, ” the FBI said in a Private Industry Notification (PIN) it sent out on Monday.
Tomi Engdahl says:
Google patches zero-day vulnerability, and others, in Android
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/google-patches-zero-day-vulnerability-and-others-in-android/
Google has issued security patches for the Android Operating System.
In total, the patches address 39 vulnerabilities. There are indications that one of the patched vulnerabilities may be under limited, targeted exploitation.
Tomi Engdahl says:
Facebook deletes 1 billion faceprints in Face Recognition shutdown https://www.bleepingcomputer.com/news/technology/facebook-deletes-1-billion-faceprints-in-face-recognition-shutdown/
Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people’s facial recognition profiles.
Tomi Engdahl says:
EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices
https://therecord.media/eu-to-adopt-new-cybersecurity-rules-for-smartphones-wireless-iot-devices/
The European Commission has ordered an update to the Radio Equipment Directive in order to introduce new cybersecurity guidelines for radio and wireless equipment sold on the EU market, such as mobile phones, tablets, fitness trackers, and other smart IoT devices.
Tomi Engdahl says:
Kaspersky Patches Vulnerability That Can Lead to Unbootable System
https://www.securityweek.com/kaspersky-patches-vulnerability-can-lead-unbootable-system
Microsoft Phishing Messages Come From Kaspersky Email Address
Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.
The vulnerability, reported to the cybersecurity firm by researcher Abdelhamid Naceri through Trend Micro’s Zero Day Initiative (ZDI), affects the Windows versions of Kaspersky Anti-Virus, Internet Security, Total Security, Small Office Security, Security Cloud, and Endpoint Security products.
The issue, tracked as CVE-2021-35053, is related to Firefox and it can be exploited for denial-of-service (DoS) attacks.
Kaspersky has fixed the following security problem in solutions for Windows:
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable (CVE-2021-35053).
Tomi Engdahl says:
FBI Publishes IOCs for Hello Kitty Ransomware
https://www.securityweek.com/fbi-publishes-iocs-hello-kitty-ransomware
The Federal Bureau of Investigation (FBI) has published a flash alert to share details on the tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with the Hello Kitty ransomware, which is also known as FiveHands.
First observed in January 2021, the malware was previously dissected by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which revealed a series of similarities with the DeathRansom ransomware, suggesting that Hello Kitty/FiveHands might be its successor.
The ransomware is believed to be operated by a threat actor referred to as UNC2447, which has been engaged in various attacks on organizations in Europe and North America.
https://www.securityweek.com/cisa-analyzes-fivehands-ransomware
Tomi Engdahl says:
IBM Security to Acquire ReaQta for xDR Push
https://www.securityweek.com/ibm-security-acquire-reaqta-xdr-push
IBM Security on Tuesday announced plans to acquire ReaQta, an early-stage European startup in the red-hot autonomous threat detection and response business.
Financial terms of the transaction were not released. ReaQta, based in the Netherlands, raised an undisclosed Series A funding round earlier this year.
IBM Security, based in Armonk, New York, said the acquisition expands its push in the extended detection and response (XDR) market. The deal is expected to close later this year.
Tomi Engdahl says:
Signal Working on Improving Anti-Spam Capabilities
https://www.securityweek.com/signal-working-improving-anti-spam-capabilities
Privacy-focused communication platforms Signal is sharing information on the improvements it has made to its spam-prevention capabilities.
The task of keeping spam out of user’s inboxes, Signal says, is more difficult compared to other messaging services, because the company does not have access to the contents of messages, and has to fight spam without social graphs.
Unlike Signal’s underlying code, which is open-source, the code for fighting spam is kept secret, to prevent bad actors from finding bypasses.
Tomi Engdahl says:
Facebook to Shut Down Face-Recognition System, Delete Data
https://www.securityweek.com/facebook-shut-down-face-recognition-system-delete-data
Facebook said it will shut down its face-recognition system and delete the faceprints of more than 1 billion people amid growing concerns about the technology and its misuse by governments, police and others.
“This change will represent one of the largest shifts in facial recognition usage in the technology’s history,” Jerome Pesenti, vice president of artificial intelligence for Facebook’s new parent company, Meta, wrote in a blog post on Tuesday. “Its removal will result in the deletion of more than a billion people’s individual facial recognition templates.”
Tomi Engdahl says:
Hackers Release Israeli LGBTQ Dating Site Details
https://www.securityweek.com/hackers-release-israeli-lgbtq-dating-site-details
Israel’s justice ministry said Tuesday Google had blocked sites of a hacking group that leaked user details of an Israeli LGBTQ dating site, an attack some security experts blamed on Iran.
“The Google search engine blocked access to the sites of the group Black Shadow,” the justice said ministry said, a move it said was taken at the request of the government’s Cyber Unit.
Messaging application Telegram had also suppressed Black Shadow groups, it added.
The announcement came hours after Black Shadow dumped a large file online, that was said to contain as many as a million users of the Atraf dating site.
Tomi Engdahl says:
Catalin Cimpanu / The Record:
US sanctions four companies, including NSO Group, that sell spyware or hacking tools, adding them to a list of entities engaging in “malicious cyber activities” — The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today.
US sanctions four companies selling hacking tools, including NSO Group & Candiru
https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/
The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today.
The four companies include Israel’s NSO Group and Candiru, Russian security firm Positive Technologies, and Singapore-based Computer Security Initiative Consultancy.
US officials said the four companies engaged in “activities that are contrary to the national security or foreign policy interests of the United States.”
Tomi Engdahl says:
US sanctions four companies selling hacking tools, including NSO Group & Candiru
https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/
The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today. The four companies include Israel’s NSO Group and Candiru, Russian security firm Positive Technologies, and Singapore-based Computer Security Initiative Consultancy.
Tomi Engdahl says:
Too early to tell’ if Russia has cracked down on ransomware gangs, Nakasone says
https://therecord.media/too-early-to-tell-if-russia-has-cracked-down-on-ransomware-gangs-nakasone-says/
The country’s top military cyber official on Wednesday said that is too soon to know if the Kremlin has taken action against ransomware gangs operating on Russian soil.
Tomi Engdahl says:
BlackMatter ransomware says its shutting down due to pressure from local authorities https://therecord.media/blackmatter-ransomware-says-its-shutting-down-due-to-pressure-from-local-authorities/
The criminal group behind the BlackMatter ransomware have announced plans today to shut down their operation, citing pressure from local authorities.
Tomi Engdahl says:
Cybercrime underground flush with shipping companies’ credentials
https://intel471.com/blog/shipping-companies-ransomware-credentials
The actors responsible for selling these credentials range from newcomers to the most prolific network access brokers that Intel 471 tracks.
Tomi Engdahl says:
Clearview AI slammed for breaching Australians’ privacy on numerous fronts
https://www.zdnet.com/article/clearview-ai-slammed-for-breaching-australians-privacy-on-numerous-fronts/
Despite uncovering Clearview AI’s intrusive practices, Australia’s Information Commissioner conceded that the number of Australians who have had their biometric information scraped by the company was unknown.
Tomi Engdahl says:
Coinbase notification scam steals US$11 million in bitcoin from a crypto account in 10 minutes
https://www.notebookcheck.net/Coinbase-notification-scam-steals-US-11-million-from-a-bitcoin-account-in-10-minutes.576725.0.html
In a warning to Coinbase users not to fall for fake customer service representatives, a subscriber got their Bitcoin account plundered with their own helping hand.
Tomi Engdahl says:
Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
https://threatpost.com/tortilla-exchange-servers-proxyshell/175967/
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla”
threat actor.
Tomi Engdahl says:
UK Labour Party discloses data breach after ransomware attack
https://www.bleepingcomputer.com/news/security/uk-labour-party-discloses-data-breach-after-ransomware-attack/
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party’s data.
Tomi Engdahl says:
Credit card skimmer evades Virtual Machines
https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
There are many techniques threat actors use to slow down analysis or, even better, evade detection. Perhaps the most popular method is to detect virtual machines commonly used by security researchers and sandboxing solutions.
Tomi Engdahl says:
CISA creates catalog of known exploited vulnerabilities, orders agencies to patch https://therecord.media/cisa-creates-catalog-of-known-exploited-vulnerabilities-orders-agencies-to-patch/
The US Cybersecurity and Infrastructure Security Agency has established today a public catalog of vulnerabilities known to be exploited in the wild and has issued a binding operational directive ordering US federal agencies to patch affected systems within specific timeframes and deadlines. CISA Director Jen Easterly said that while the binding operational directive is can only force US federal agencies to take action, all organizations should take action and patch the listed vulnerabilities, as the same exploits are also used to attack private entities as well. Seel also:
https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited
Tomi Engdahl says:
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021 https://www.bleepingcomputer.com/news/security/sonos-hp-and-canon-devices-hacked-at-pwn2own-austin-2021/
During the first day of Pwn2Own Austin 2021, contestants won $362, 500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR.
Tomi Engdahl says:
Google warns Android users of zero-day vulnerability being actively attacked https://www.bitdefender.com/blog/hotforsecurity/google-warns-android-users-of-zero-day-vulnerability-being-actively-attacked/
Google’s latest monthly security patches for the Android operating system contains fixes for 39 flaws, including one security vulnerability that the tech giant says is being actively exploited in the wild.
Tomi Engdahl says:
https://www.securityweek.com/printers-hacked-first-time-pwn2own
Tomi Engdahl says:
https://www.securityweek.com/iran-says-fuel-system-running-again-after-cyber-attack
Tomi Engdahl says:
https://www.securityweek.com/many-gitlab-servers-affected-actively-exploited-flaw-patched-six-months-ago
Tracked as CVE-2021-22205, the vulnerability was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions starting from 11.9. The issue was addressed in GitLab releases 13.10.3, 13.9.6, and 13.8.8.
Tomi Engdahl says:
https://www.securityweek.com/us-puts-new-controls-israeli-spyware-company-nso-group
Tomi Engdahl says:
BlackMatter Ransomware Gang Announces Shutdown
https://www.securityweek.com/blackmatter-ransomware-gang-announces-shutdown
The cybercriminals behind the BlackMatter Ransomware-as-a-Service (RaaS) operation this week announced plans to close shop.
Active since July 2021, BlackMatter is the product of the Coreid cybercrime group, which also operated the DarkSide ransomware. BlackMatter’s use in assaults on critical infrastructure entities in the United States has resulted in the U.S. government recently issuing an alert on the RaaS operation.
On Monday, the BlackMatter operators posted on their RaaS website a message announcing that the entire operation would be shutting down within 48 hours.
In their message, the miscreants mention increased pressure from the authorities and say that part of the team is no longer available “after the latest news,” most likely a reference to last week’s wave of arrests in Europe.
https://twitter.com/vxunderground/status/1455750066560544769
BlackMatter ransomware group has announced they’re shutting down operations following pressure from local authorities – they state key members are no longer ‘available’.
Tomi Engdahl says:
Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html
Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems.
Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.
“An attacker could exploit this vulnerability by connecting to an affected device through SSH,” the networking major explained in an advisory, adding “A successful exploit could allow the attacker to log in to an affected system as the root user.” Cisco said the bug was discovered during internal security testing.
https://tools.cisco.com/security/center/publicationListing.x
Tomi Engdahl says:
Remote code execution flaw patched in Linux Kernel TIPC module
The bug was spotted within a year of introduction to the codebase.
https://www.zdnet.com/article/remote-code-execution-flaw-patched-in-linux-kernel-tipc-module/
Tomi Engdahl says:
https://source.android.com/security/bulletin/2021-11-01
Tomi Engdahl says:
International Police Operation Busts Threat Actors Suspected of Over 1,800 Ransomware Attacks
https://www.bitdefender.com/blog/hotforsecurity/international-police-operation-busts-threat-actors-suspected-of-over-1-800-ransomware-attacks/
Tomi Engdahl says:
Interestingly, password managers, electronic file and hard format are used most frequently for work devices and least frequently for personal devices.
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
https://www.bitdefender.com/blog/hotforsecurity/bitdefender-study-reveals-how-consumers-like-and-dislike-managing-passwords/
In support of #CyberSecurityAwarenessMonth, Bitdefender is rolling out the results of a global survey of online behaviors across 11 countries. When analyzing all respondent behaviors, from password reuse to sharing of account details and lack of security solutions installed, almost 60% of consumers were deemed “exposed” or “rather exposed.” Just 11% could be described as “secure” in terms of their cybersecurity practices. Poor password management stands out as a major vulnerability among consumers.
According to the results, consumers use an average of 8 online platforms. The most popular are Facebook, WhatsApp, YouTube, Instagram, Gmail, TikTok and Snapchat. However, most consumers have both social media and online shopping accounts. 63% percent of respondents reported having a social media account and 54% an online shopping account. Other top services include video streaming, at 40%, telecommunication and health platforms, at 29%, and utility services, at 28%.
Tomi Engdahl says:
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?
https://www.bitdefender.com/blog/hotforsecurity/what-is-a-vpn-how-does-it-protect-me-and-what-cool-perks-does-it-offer/
A WiFi network is considered unsafe when:
· the network doesn’t require a password to join
· the network belongs to a public place (hotel, airport, restaurant, coffee shop, mall, lounge, etc )
· the network uses obsolete / weak security or encryption protocols
Networks in places like airports, lounges, hotels, restaurants and shopping malls are easy targets for those trying to capture and exploit your traffic. A VPN helps you secure your traffic with military-grade encryption, making it impossible for anyone to access it.
Tomi Engdahl says:
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
https://www.bitdefender.com/blog/hotforsecurity/six-in-10-consumers-faced-a-cyber-threat-in-2021-new-bitdefender-study-reveals/
In support of Cybersecurity Awareness Month, Bitdefender released a new study that revealed six in 10 internet users faced at least one cyber threat in the past year, yet many shun security solutions on devices they use most often. This is just one of several interesting findings in the report.
From June to August 2021, Bitdefender worked with iSense Solutions (an independent market research company) to explore attitudes and behaviors towards cybersecurity threats and vulnerabilities, as well as to gauge online activities across gender and various age groups.
We polled more than 10,000 consumers aged 18 to 65 in 11 countries, including Australia, Denmark, France, Germany, Italy, Netherlands, Romania, Spain, Sweden, U.K. and U.S. across various socio-demographics. We summarize what was uncovered below.
Online trends
Most consumers say they have one or more online accounts for social media (63%), online shopping (54%) and video streaming (40%), followed by telecommunications providers, health services, utilities, hotels and airlines, and car rentals/services.
In general, males have more online accounts for services in the second half of the list, while females dominate categories like social media and online shopping. For health and utilities, both genders rank similarly. Age-wise, the proportion of those with an account falls after 45, while young adults (18-24) also report a low average number of accounts.
Unsurprisingly, Facebook, WhatsApp, Gmail and YouTube are the most-used online platforms, with some rather predictable discrepancies among various age groups, as we show in the report.
Password management and account sharing
Password management of online accounts takes a variety of forms. Fifty-two percent of respondents say they simply memorize passwords. A third use the Autofill option. However, 28% also admit writing them down in a physical format and 24% use a password manager.
Unsurprisingly, 26% of users say they hate coming up with different passwords for new accounts, and one-fifth say they’d rather share their email address with a vendor than pay (for an app or service).
Males and young adults (up to 44 years of age) are more likely to share their account details, with those 55+ more unwilling to do so. The most shared types of accounts are for car rental (albeit used only by a few), video streaming, airline companies and software utilities.
Tomi Engdahl says:
Hackers are stealing data today so quantum computers can crack it in a decade
https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/
The US government is starting a generation-long battle against the threat next-generation computers pose to encryption.
While they wrestle with the immediate danger posed by hackers today, US government officials are preparing for another, longer-term threat: attackers who are collecting sensitive, encrypted data now in the hope that they’ll be able to unlock it at some point in the future.
The threat comes from quantum computers, which work very differently from the classical computers we use today. Instead of the traditional bits made of 1s and 0s, they use quantum bits that can represent different values at the same time. The complexity of quantum computers could make them much faster at certain tasks, allowing them to solve problems that remain practically impossible for modern machines—including breaking many of the encryption algorithms currently used to protect sensitive data such as personal, trade, and state secrets.
While quantum computers are still in their infancy, incredibly expensive and fraught with problems, officials say efforts to protect the country from this long-term danger need to begin right now.
Tomi Engdahl says:
US sanctions four companies selling hacking tools, including NSO Group & Candiru
https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/
The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today.
The four companies include Israel’s NSO Group and Candiru, Russian security firm Positive Technologies, and Singapore-based Computer Security Initiative Consultancy.
US officials said the four companies engaged in “activities that are contrary to the national security or foreign policy interests of the United States.”
Commerce officials said NSO Group and Candiru “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
The US said these tools were abused by foreign governments to conduct trans-national repression of dissidents, journalists, and activists outside of those governments’ sovereign borders.
Similarly, Positive Technologies and CSIC were accused of creating and selling “cyber tools” that were later used to hack individuals and organizations worldwide.
Tomi Engdahl says:
https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html
Tomi Engdahl says:
Malware found in coa and rc, two npm packages with 23M weekly downloads https://therecord.media/malware-found-in-coa-and-rc-two-npm-packages-with-23m-weekly-downloads/
The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware. Both packages were compromised around the same time and were the result of attackers gaining access to a package developer’s account. “The compromised [developer] account has been temporarily disabled and we are actively investigating the incident and monitoring for similar activity, ” the npm team said on Thursday, shortly after detecting the coa compromise following a wave of reports about failed builds. Since then, the npm security team has removed all the compromised coa and rc versions to prevent developers from accidentally infecting themselves.