Nov 17 2021

Hackers Compromised Middle East Eye News Website to Hack Visitors, Researchers Say

Category: Cyber Spy,Information Security,SpywareDISC @ 12:11 am

Cybersecurity researchers tracked a hacking campaign spanning more than a year that hit around 20 websites – Israeli spyware vendor Candiru, recently blacklisted by the US, waged ā€œwatering holeā€ attacks on UK and Middle East websites critical of Saudi Arabia and othersĀ 

A group of hackers compromised a popular London-based news website that focuses on the Middle East with the goal of hacking its visitors, according to researchers.Ā 

IMAGE: JUSTIN SETTERFIELD/GETTY IMAGES

On Tuesday, cybersecurity firm ESET published a report detailing the hacking campaign, which spanned from March 2020 until August of this year. During this time, according to the report, hackers compromised around 20 websites, including Middle East Eye, a popular independent news site that covers the Middle East and Africa and is based in the UK. 

The hackers compromised these websites in what are technically known as watering hole attacks, a type of cyberattack where hackers use legitimate websites to target people who visit them. In this case, the hackers did not target all visitors of the websites, but only specific ones, according to ESET.

ā€œWe were never able to get the final payload. So it shows that attackers are very careful in the selection of the targets,ā€ Matthieu Faou, a researcher at ESET, told Motherboard in a phone call. 

Because the researchers could not retrieve the malware, ā€œwe don’t know who are the final targets,ā€ Faou said. 

ESET researchers explained in the report that the hackers also compromised several government websites in Iran, Syria, and Yemen, as well as the sites of an Italian aerospace company and a South African government owned defense conglomerateā€”all websites with links to the Middle East. The hackers, according to ESET, may have been customers of the Israeli spyware vendorĀ Candiru, a company that wasĀ recently put on a denylist by the US Government.Ā 

Candiru is one of the most mysterious spyware providers out there. The company has no website, and it has allegedly changed names several times. Candiru offers ā€œhigh-end cyber intelligence platform dedicated to infiltrate PC computers, networks, mobile handsets,”Ā according to a document seen by Haaretz. The Israeli newspaper was the first one to report Candiruā€™s existence in 2019. Since then, several cybersecurity companies and groups such asĀ Kaspersky Lab,Ā Microsoft,Ā Google, andĀ Citizen Lab, have tracked its malware. Ā 

7 Steps to Removing Spyware by Nick Laughter

Nov 12 2021

Implementing and auditing an Information Security Management System in small and medium-sized businesses

Category: Information Security,ISO 27kDISC @ 11:02 pm

ISO 27001 Handbook

If you want to understand ISO 27001, this handbook is all you need. It not only explains in a clear way what to do, but also the reasons why.

This book helps you to bring the information security of your organization to the right level by using the ISO/IEC 27001 standard.

An organization often provides services or products for years before the decision is taken to obtain an ISO/IEC 27001 certificate. Usually, a lot has already been done in the field of information security, but after reading the requirements of the standard, it seems that something more needs to be done: an ā€˜information security management system’ must be set up. A what?

This handbook is intended to help small and medium-sized businesses establish, implement, maintain and continually improve an information security management system in accordance with the requirements of the international standard ISO/IEC 27001. At the same time, this handbook is also intended to provide information to auditors who must investigate whether an information security management system meets all requirements and has been effectively implemented.

This handbook assumes that you ultimately want your information security management system to be certified by an accredited certification body. The moment you invite a certification body to perform a certification audit, you must be ready to demonstrate that your management system meets all the requirements of the Standard. In this book, you will find detailed explanations, more than a hundred examples, and sixty-one common pitfalls. It also contains information about the rules of the game and the course of a certification audit.

ISO 27001 Certification

ISO 27001 Gap Assessment

DISC InfoSec vCISO as a Service

Tags: iso 27001, ISO 27001 2013, ISO 27001 2013 Gap Assessment, iso 27001 certification

Nov 10 2021

vCISO as a service

Category: Information Security,vCISODISC @ 10:05 pm

Virtual CISO

Ransomware's Silver Bullet - The Virtual CISO Publication Series: Cybersecurity: Publication #1 Ransomware by [Virtual CISO]

Tags: vCISO as a service

Nov 08 2021

Pakistan government approves new cybersecurity policy, cybercrime agency

Category: cyber security,Information SecurityDISC @ 9:38 am

The Pakistan Ministry of Information Technology has announced that a new cybersecurity policy and accompanying cybersecurity agency has been approved for the South Asian nation.

The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.

It comes at a delicate time for Pakistan, which recently accused India of using the Israeli spyware Pegasus to spy on Prime Minister Imran Khan ā€“ and designates cyber-attacks on any Pakistani institution as an attack on national sovereignty.

ā€œThe IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity,ā€ said IT minister Syed Aminul Haq, as quoted inĀ localĀ press.

Tags: cybercrime agency, pakistan

Nov 02 2021

50% of internet-facing GitLab installations are still affected by a RCE flaw

Category: Information Security,Security Architecture,Security playbook,Security vulnerabilitiesDISC @ 9:00 am
50% of internet-facing GitLab installations are still affected by a RCE flaw

Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205, in GitLabā€™s web interface that has been actively exploited in the wild.

The vulnerability is an improper validation issue of user-provided images the can lead to arbitrary code execution. The vulnerability affects all versions starting from 11.9.

ā€œAn issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that is passed to a file parser which resulted in a remote command execution. This is a critical severity issue (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, 9.9). It is now mitigated in the latest release and is assignedĀ CVE-2021-22205.ā€ reads theĀ advisoryĀ published by GitLab.

GitLab addressed the vulnerability on April 14, 2021, with the release of 13.8.8, 13.9.6, and 13.10.3 versions.

The vulnerability was reported by the expertĀ vakzzĀ through the bug bounty program of the company operated through the HackerOne platform.

The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. Threat actors created two user accounts with admin privileges on a publicly-accessible GitLab server belonging to this organization. The attackers exploited the flaw to upload a malicious payload that leads to remote execution of arbitrary commands.

ā€œMeanwhile, we noticed that a recently released exploit forĀ CVE-2021-22205Ā abuses the upload functionality in order to remotely execute arbitrary OS commands. The vulnerability resides inĀ ExifTool, an open source tool used to remove metadata from images, which fails in parsing certain metadata embedded in the uploaded image, resulting in code execution as describedĀ here.ā€ reads theĀ analysisĀ published by HN Security.

The flaw was initially rated with a CVSS score of 9.9, but the score was later changed to 10.0 because the issue could be triggered by an unauthenticated attackers.

Researchers from Rapid7Ā reportedĀ that of the 60,000 internet-facing GitLab installations:

Git for Programmers

Tags: Gitlab, Gitlab vulnerability

Oct 29 2021

CVE + MITRE ATT&CKĀ® to Understand Vulnerability Impact

Category: Attack Matrix,Information SecurityDISC @ 8:56 am

Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together. Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities.

To bridge vulnerability management and threat management, the Center for Threat-Informed Defense, with support from participants including AttackIQ and JP Morgan Chase, developed a methodology to use the adversary behaviors described in MITRE ATT&CKĀ® to characterize the impact of vulnerabilities from CVEĀ®. Vulnerability reporters and researchers can use the methodology to describe the impact of vulnerabilities more clearly and consistently. When used in a vulnerability report, ATT&CKā€™s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them, helping defenders integrate vulnerability information into their risk models and identify appropriate compensating security controls.

This methodology aims to establish a critical connection between vulnerability management, threat modeling, and compensating controls. CVEs linked to ATT&CK techniques can empower defenders to better assess the true risk posed by specific vulnerabilities in their environment. We have applied the methodology and mapped several hundred CVEs to ATT&CK to validate the model and demonstrated its value. To fully realize our goal, we need community support to apply the methodology at scale.

Mapping CVE-2018ā€“17900

Mitre Att&ck Framework: Everything you need to know by Peter Buttler

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: MITRE ATT&CK

Oct 19 2021

WFH is here to stay: Five tactics to improve security for remote teams

Category: Information Privacy,Information SecurityDISC @ 9:02 am
WFH is here to stay: Five tactics to improve security for remote teams

Working from home comes with a slew of security concerns. Businesses planning to look at remote work as a long-term strategy should take the time to reassess any ā€œband-aidā€ security solutions that may have been applied at the beginning of the pandemic and look at ways that security can be prioritized permanently.

Here are the top tactics businesses should keep in mind as they transition to a fully remote workplace:

Making a Success of Managing and Working Remotely

Remote Working Policy Template Kit

Tags: Managing and Working Remotely, Remote work, Remote Working Policy Template, WFH

Oct 15 2021

U.S. Treasury Offers Crypto Guidance Amid Ransomware Surge

Category: Crypto,Information Security,RansomwareDISC @ 12:48 pm

US Treasury says there was $590M in suspicious ransomware activity in H1 2021, exceeding the entire amount in 2020, when $416M was reportedĀ  ā€”Ā  Suspicious activity reports related to ransomware jumped significantly in 2021, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network.

There was $590 million in suspicious activity related to ransomware in the first six months of 2021, exceeding the entire amount in 2020, when $416 million was reported, according to a report released Friday by the U.S. Treasury Departmentā€™s Financial Crimes Enforcement Network.

The average amount of reported ransomware transactions per month in 2021 was $102.3 million, according to the report. If the current trend continues, suspicious activity reports filed in 2021 ā€œare projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined,ā€ according to the report. SARs is shorthand for suspicious activity reports.

U.S. based cybersecurity companies filed most of the SARs related to ransomware while banks and cryptocurrency exchanges filed more than a third of the reports. The reports reflect just how quickly ransomware attacks have grown.

The report offers new insight into the scale of ransomware attacks devastating U.S. businesses and impacting critical infrastructure. A Treasury spokesperson said the SARs donā€™t represent all ransomware payments. 

Reporting ransomware payments to the Treasury via a suspicious activity report is often a requirement of cybersecurity insurance policies, according to a person familiar with the matter. 

The Treasury Department also identified 68 ransomware variants, noting that the most commonly reported types were REvil, Conti and DarkSide. Ransomware groups often sell their malware, or variant, to affiliates who then use it to plot attacks, in what is known as ransomware-as-a-service. REvil, Conti and DarkSide are suspected by cybersecurity firms of being tied to Russia in some way — because they use the Russian language or are suspected of being based there.  

The report was filed as the Treasury Department issued guidance to the virtual currency industry to prevent exploitation by entities sanctioned by the U.S. and ransomware groups. It is part of a broader effort by the Biden administration to attempt to curb ransomware attacks. In ransomware attacks, hackers encrypt a victimā€™s files and promise to unlock them if they are paid a fee.

Among the more notable attacks were those in May onĀ Colonial Pipeline Co.Ā in May that squeezed fuel supplies on the East Coast and on the meatpackerĀ JBS SA.Ā 

The Treasury report stated that ransomware actors are increasingly requesting payment in cryptocurrencies like Monero, which are designed to enhance anonymity.Ā 

More: BleepingComputer,Ā The Record,Ā CNET,Ā The Hill,Ā PYMNTS.com,Ā CyberScoop, andĀ CoinDesk

Tags: Ransomware Surge, U.S. Treasury

Oct 13 2021

How Coinbase Phishers Steal One-Time Passwords

Category: Information Security,PhishingDISC @ 2:40 pm

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Coinbase is the worldā€™s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue ā€” coinbase.com.password-reset[.]com ā€” was targeting Italian Coinbase users (the siteā€™s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

More details on: How Coinbase Phishers Steal One-Time Passwords

Tags: Phishers Steal One-Time Passwords

Oct 13 2021

Cybersecurity awareness month: Fight the phish!

Category: Information Security,PhishingDISC @ 8:44 am
Cybersecurity awareness month: Fight the phish!

Itā€™s the second week of Cybersecurity Awareness Month 2021, and this weekā€™s theme is an alliterative reminder: Fight the Phish!

Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think itā€™s what computer scientists or mathematical analysts call a solved game.

Tic-tac-toe (noughts and crosses outside North America), for example, is a solved game, because itā€™s easy to create a list of every possible play, and figure out the best possible move from every game position on the list. (If neither player makes a mistake then the game will always be a draw.)

Even games that are enormously more complex have been ā€œsolvedā€ in this way too, such as checkers (draughts)ā€¦

ā€¦and in comparison to playing checkers, spotting phishing scams feels like an easy contest that the recipient of the message should always win.

And if phishing is a ā€œsolved gameā€, surely itā€™s not worth worrying about any more?

How hard can it be?

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Don’t Get Caught

Tags: Cybersecurity Awareness Month 2021, Fight the phish, phishing, phishing countermeasures, Phishing Dark Waters

Oct 07 2021

PoC exploit for 2 flaws in Dahua cameras leaked online

Category: Information Security,Security vulnerabilitiesDISC @ 3:58 pm
PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates.

Experts warn of the availability ofĀ proof of concept (PoC)Ā exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked asĀ CVE-2021-33044Ā andĀ CVE-2021-33045.Ā 

A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras.

ā€œThe identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.ā€ reads theĀ advisoryĀ published by the vendor in early September.

dahua

The flaw received a CVSS v3 score of 8.1, the vendor recommended its customers to install security updates.

The list of affected models is very long, it includes IPC-X3XXX,HX5XXX, HUM7XX, VTO75X95X, VTO65XXX, VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, TPC-PT8X21B, NVR1XXX, NVR2XXX, NVR4XXX, NVR5XXX, NVR6XX.

It could be quite easy for threat actors in the wild to find exposedĀ DahuaĀ devices using a search engine likeĀ ShodanĀ and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version.

Tags: Dahua cameras leaked online

Oct 04 2021

Cybersecurity Awareness Month: #BeCyberSmart

Category: Information SecurityDISC @ 9:15 am
Cybersecurity Awareness Month: #BeCyberSmart

As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means itā€™s a great opportunity to do three things: Stop. Think. Connect.

Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness.

5 tips for you and your family on Safer Internet Day

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Cybersecurity Awareness Month 2021 Kick-off Week

Cybersecurity Awareness Month 2021 has officially begun! join CISA in spreading cybersecurity awareness and encourage everyone to own their role in protecting Internet-connected devices. ā€œDo Your Part. #BeCyberSmart.ā€

VisitĀ www.cisa.gov/cybersecurity-awareness-monthĀ for more information.

#BeCyberSmart #CyberMonth

Week 1

The focus of Cybersecurity Awareness Monthā€™s first week is ā€œDo Your Part. #BeCyberSmart.ā€

Cybersecurity starts with YOU and is everyoneā€™s responsibility. There are currently an estimated 5.2Ā billion Internet usersā€”over 65% of the world’s population![1]Ā This number will only grow, making the need to #BeCyberSmart more important than ever.

Join us and get involved by visitingĀ www.cisa.gov/cybersecurity-awareness-monthĀ for more information.

#BeCyberSmart #CyberMonth

Week 2

Cybersecurity Awareness Monthā€™s second week focuses on steps individuals and organizations can take to reduce their risks to phishing and ransomware.

This year has seen an increase in phishing incidents that often lead to ransomware attacks. These attacks disrupt the way we work, learn, and socialize. With our homes, schools, and business more connected than ever, itā€™s vital to #BeCyberSmart.

Learn how to #FightThePhish and report suspicious emails by visitingĀ www.cisa.gov/cybersecurity-awareness-monthĀ for more information.

 #BeCyberSmart #CyberMonth

Week 3

Cybersecurity Awareness Monthā€™s third week is Cybersecurity Career Awareness Week. This week, learn the vital role cybersecurity professionals play in global society and security. Also, learn how you can explore #Cybersecurity as your next career.

For professional development and educational resources visitĀ www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Week 4

The final week of Cybersecurity Awareness Month looks at how #Cybersecurity is a year-round effort and should be one of individuals and organizations first considerations when they create or buy new devices and connected services.

For ways on how organizations and individuals can incorporate cybersecurity best practices into their decision making processes, visitĀ www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Tags: BeCyberSmart, Cybersecurity Awareness Month, Cybersecurity Awareness Month 2021, Cybersecurity Awareness Month 2021 Toolkit

Oct 01 2021

New APT ChamelGang Targets Russian Energy, Aviation Orgs

Category: APT,Information SecurityDISC @ 9:23 am

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

A new APT group has emerged thatā€™s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Serverā€™s ProxyShell and leveraging both new and existing malware to compromise networks.

Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday.

To avoid detection, ChamelGang hides its malware and network infrastructure under legitimate services of established companies like Microsoft, TrendMicro, McAfee, IBM and Google in a couple of unique ways, researchers observed.

more detail analysis on: New APT ChamelGang Targets Russian Energy, Aviation Orgs

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: APT ChamelGang, ATT&CKā„¢ Framework, open source tools, Threat Hunting

Sep 30 2021

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Category: Information Security,Mobile SecurityDISC @ 9:08 am

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed.

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning.

The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.ā€™s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in ā€œExpress Transitā€ mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices.

ā€œAn attacker only needs a stolen, powered-on iPhone,ā€ according to a writeup (PDF) published this week. ā€œThe transactions could also be relayed from an iPhone inside someoneā€™s bag, without their knowledge. The attacker needs no assistance from the merchant.ā€

In a proof-of-concept video, the researchers showed a Ā£1,000 payment being sent from a locked iPhone to a standard, non-transit Europay, Mastercard and Visa (EMV) credit-card reader.

Exploiting Apple Pay Express Transit Mode

The attack is an active man-in-the-middle replay and relay attack, according to the paper. It requires an iPhone to have a Visa card (credit or debit) set up as a transit card in Apple Pay.

The attackers would need to set up a terminal that emulates a legitimate ticket barrier for transit. This can be done using a cheap, commercially available piece of radio equipment, researchers said. This tricks the iPhone into believing itā€™s connecting to a legitimate Express Transit option, and so, therefore, it doesnā€™t need to be unlocked.

ā€œIf a non-standard sequence of bytes (Magic Bytes) precedes the standard ISO 14443-A WakeUp command, Apple Pay will consider this [to be] a transaction with a transport EMV reader,ā€ the team explained.

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Tags: apple pay, unlocked iphones, visa hacked

Sep 27 2021

Proper password security falling short despite increase in online presence

Category: Information Security,Password SecurityDISC @ 9:32 am
Proper password security falling short despite increase in online presence

While 92 percent of people know that using the same password or a variation is a risk, 65 percent stillĀ re-use passwordsĀ across accounts, drastically increasing the risks to their sensitive information, a LastPass report revealed.

proper password security

While consumers have a solid understanding of proper password security and the actions necessary to minimize risk, they still pick and choose which information they apply that knowledge to, according to the report.

Spending more time online, yet lacking proper password security

Strong cybersecurity habits are more important than ever this year, given the sheer volume of time individuals have spent online in the last 18 months and the corresponding spike in cyber-attacks. Yet the survey revealed that despite 71 percent of people working wholly or partly remote and 70 percent spending more time online for personal entertainment during the pandemic, people were still exhibitingĀ poor password behavior.

Password Authentication for Web and Mobile Apps

Tags: password security

Sep 20 2021

ā€œBack to basicsā€ as courier scammers skip fake fees and missed deliveries

Category: Cyber Threats,Cybercrime,Information SecurityDISC @ 9:24 am
“Back to basics” as courier scammers skip fake fees and missed deliveries

These scams can take many different forms, including:

  • A fake gift sent by an online ā€œfriendā€ is delayed by customs charges. This is a common ruse used by romance scammers, who sucker you into an online friendship, for example by stealing other peopleā€™s profile data from online data sites, courting you online, and then ā€œsendingā€ you a ā€œgiftā€, often jewellery or something they know you would appreciate if it were real. The scammer then pretends to be the courier company handling the ā€œdeliveryā€, correctly identifying the item, its value and its made-up shipping code. Finally, thereā€™s a customs or tax payment to make before the item can be released in your country (something that often happens with genuine deliveries via geniune courier companies). Some unfortunate victims pay out this fee, in cash, in good faith. In this sort of scam, the crooks are directly after your money.
  • A fake order will be delivered once you have confirmed the purchase. These fake orders range from low-value subscriptions that have auto-renewed, all the way to expensive new mobile phones or gaming consoles that will ship imminently. Given that itā€™s easier to guess what you havenā€™t just bought than what you have, these crooks are banking that you will click the link or phone the ā€œcustomer supportā€ number theyā€™ve helpfully provided in order to cancel or dispute the charge. Once they have you on the hook, skilled social scammers in a call centre operated by the crooks offer to ā€œhelpā€ you to cancel the bogus order or subscription (something that can be annoyingly hard for legitimate goods and services). In this sort of scam, the crooks are after as much personal information as they can persuade you to hand over, notably including full credit card data, phone number and home address.
  • A fake delivery failed and the item was returned to the depot. These fake delivery notices typically offer to help you reschedule the missed delivery (something that is occasionally necessary for legitimate deliveries of geniune online orders), but before you can choose a new date you usually need to login to a fake ā€œcourier companyā€ website, hand over credit card data, or both. The credit card transactions are almost always for very small amounts, such as $1 or $2.99, and some crooks helpfully advise that your card ā€œwonā€™t be charged until the delivery is completeā€, as a way of making you feel more comfortable about committing to the payment. In this sort of scam, the crooks wonā€™t bill you $2.99 now, but they will almost certainly sell your credit card details on to someone else to rack up charges later on.

KISS ā€“ Keep It Simple and Straightforward

Tags: Cyber Scam, Scam Me If You Can, scammers

Sep 17 2021

PenTest as a Service

Category: Information Security,Pen TestDISC @ 3:34 pm

Download Modern Pentesting for security and development team

Find out how Cobalt service protect your Apps: Cobaltā€™s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.

Find out how Cobalt service protect your Apps: Cobaltā€™s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.

Please email with the subject “Beginnerā€™s Guide to Compliance-Driven Pentesting” if interested to read this guide: Info@deurainfosec.com

Tags: Pentest as a service, Pentesting as a service, PtaaS

Sep 14 2021

The Pegasus project: key takeaways for the corporate world

Category: Backdoor,Cyber surveillance,Cyberweapons,Information Security,MalwareDISC @ 10:02 pm
https://www.itsecurityguru.org/2021/09/09/the-pegasus-project-key-takeaways-for-the-corporate-world/

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak. 

The NSO Group has always maintained that the purpose of the Pegasus Project was for governments to monitor terrorist activity. However, this recent story, if true, could suggest that the solution has been abused for a long period of time and used for other nefarious purposes.

As reported by Forbidden Stories, the leaked data suggests the wide misuse of Pegasus Project and a range of surveillance targets that include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states. The NSO Group continues to contend these assertions are based on wrong assumptions and uncorroborated theories. Whether these statements are true or false, they raise interesting considerations for enterprises and government organisations that have a requirement to protect the smartphones of employees who have access to sensitive information.

Pegasus Project is reported to provide NSO Group customers full control of target devices, which makes it a threat of interest. However, it is not the first mobile threat that organisations should be concerned about. In another contested case, SNYK suggested that the Sour Mint threat, a Software Development Kit (SDK) developed by the Chinese mobile ad platform provider Mintegral and used by more than 1,200 apps in the Apple App Store, was responsible for spying on users by activity logging URL-based requests through the app. It was reported that user activity is logged to a third-party server that could potentially include personally identifiable information (PII).

Where things get interesting with Sour Mint is its ability to evade defences by slipping through the Quality Assurance (QA) process of the Apple App Store, which goes to show that even the thoroughness of Appleā€™s processes were not sufficient to detect malicious code in the case of this threat.

So, with the rise of mobile threats such as Pegasus Project and Sour Mint, how should organisations defend against such threats?

The Pegasus Project - YouTube

Ban on Use of Whatsapp / Likewise Means for Sharing of Official Letters /
Information (Advisory No. 2).

Mobile security solution review in light of the
WhatsApp Pegasus hack

Tags: Pegasus malware, The Pegasus project

Sep 13 2021

Designing Contact-Tracing Apps

Category: Information Privacy,Information SecurityDISC @ 9:45 pm
Designing Contact-Tracing Apps

Also see herĀ excellent bookĀ on the topic.

Tags: Contact-Tracing Apps

Sep 10 2021

Digital Driverā€™s Licenses: Unintended Consequences

Category: Information Privacy,Information SecurityDISC @ 10:15 pm
Digital Driver’s Licenses: Unintended Consequences

Maryland recently joined seven other U.S. states to permit users to carry ā€œdigital driverā€™s licenses.ā€ Under the programā€”which initially will work with Apple devices like iPhonesā€”users can download a digital credentialā€”a digital driverā€™s licenseā€”to their phones. The digital ID would be carried in the Apple digital wallet in much the same way as a regular ID is carried in a regular wallet. The digital driverā€™s license is based on the International Standards Organization (ISO) standard which is described more fully here.

Obviously, there are issues here related to the security of the credential, the degree of authentication necessary to obtain the credential, whether the credential can be simultaneously loaded into multiple devices and whether I can ā€œloanā€ my driverā€™s license to my identical twin brother (yes, I have an identical twin brother). Moreover, for the credential to be meaningful, it must permit both local and connected validationā€”that is, a police officer needs to be able to check to see if you have an apparently valid ID at the scene of a violation or accident without access to online verification and they must also be able to validate the ID against some online database. In addition, we need to decide who has access to the digital validation protocolsā€”police and other traffic enforcement officials? TSA or transportation security officials? The dude at the front desk of the office building? The bouncer at the bar? The server serving alcohol? The resident associate (RA) checking people in at the college dorm? Are there any controls on who can access these credential validation services and for what purpose? A digital credential is much easier to spoof (simply do a screenshot) if there is no ability to validate online. Moreover, the validation must be robust enough to work reasonably well offlineā€”things like a photo ID, a watermark, etc. You know, all the stuff we put on the ā€œreal IDā€ driverā€™s license.

digital ID driver's license personal data

Digital Driverā€™s Licenses: Unintended Consequences

Tags: Digital Driverā€™s Licenses

« Previous PageNext Page »