Author Archives: Julia Sowells

Fundamentals Of Making A Hacker Out Of You

There is no academic background necessary to become a hacker, given that even the most popular hackers in our history, like Kevin Mitnick, were actually self-trained. However, anyone who wishes to be one needs to be familiar with everything related to computers and other computing devices such as smartphones, a good grasp of the English language is also an advantage, given that many programming languages were established with English as the base language used.

To become a hacker, it’s not enough to have knowledge on only one field. Enthusiasm is the key since self-training is a tough choice to teach oneself of the discipline as well as the relevant understanding of political and economic movements. To gain effective knowledge, you need to go to a university with an IT department, study in a specialized school to learn the basics of personal computers or sign-up for online tutorials to teach you the basics.

Are there qualifications necessary for hackers?
There is no qualification required to become a hacker, but we need to be clear here. Blackhat hacking is a crime in many jurisdictions, infiltrating a network or a remote computer without permission from the owners or administrators is no different from entering someone’s physical property without consent. The bottom line, like learning a sport or two, practice for becoming a hacker = try actually hacking. The other option is to become a white-hat hacker, which means you become part of a team that hacks systems “legally” as part of a penetration testing mission.

If you are starting from scratch, where should you start?
The best shortcut is to learn computers beyond the GUI. To use a more advanced operating system Linux, while also to improving your proficiency of XHTML and C. If you learn hacking on your own, you have to go through many difficult paths, it is rather difficult but fulfilling if used productively and lawfully. This is no different from learning to play a musical instrument on your own with some written references as your guides.

First, let’s talk about the GUI.

The screen you are staring at right now is an example of a Graphical User Interface (GUI). On the other hand, a screen with only text on a computer screen which often seen in sci-fi movies and dramas is called CLI (Command Line Interface).

Skills to handle Linux, which is an OS that is used frequently for programming, system administration and network administration are essential.

Also, there are many languages ​​required to become a hacker, from web page creation perspective to the language used for database management.

・ Python
・ C language

An example of a path to becoming a white-hat hacker:
White hackers are recruited by both general companies and government officials. Become a white hacker = become an IT professional with the task of keeping the network and computer systems secure by introducing simulated hacks against the very system of your employer. In the case of a typical size company, it is the job that holds responsibility for general-purpose cybersecurity.

It has a much broader scope of work than general-purpose white hackers but plays a very important role in society. If you are aiming for hackers from inexperience, you should first aim for employment at a general company, learning the ropes of their internal IT team. An interest with networking, network protocol management and decompiling a program are huge assets.

Making you a hacker in just one article is impossible to do, all we can say is continue reading our articles here at can give you more insights at the world of cybersecurity today. A real white hat hacker is always updated of every important change and update about our real world, as it intertwined with computing, networking, the Internet and its contents.

Related Resources:

Hackers Used Slack To Avoid Network and Endpoint Detection

A Hacker Dumps Over One Billion User Records

Hackers Steal Around $41 Million in Bitcoin from Binance

Hackers Inject Scripts in WordPress Live Chat Plugin

The post Fundamentals Of Making A Hacker Out Of You appeared first on .

Essential Cybersecurity Tools for Business Organizations

Businesses today have become the prime target of cyberattacks of all kinds. This is because cybercriminals understand that targeting a business could get them huge amounts of data, both corporate data and sensitive personal data of customers. In recent times, large enterprises all across the world have been targeted by cybercriminals. Such attacks have resulted in the theft of financial and personal information belonging to millions of customers.

The cost of dealing with cyberattacks too is rising and in today’s context, a cyberattack could prove devastating for smaller businesses. There are lots of business organizations, especially the smaller ones, that get so crippled by cyberattacks that they are forced to close down within a few months of the attack.

Another aspect of the damage inflicted by cyberattacks is the damage caused to the reputation of any business, big or small. The trust that customers bestow upon a company, the overall credibility in the market and brand reputation are factors that contribute towards the success of any business. Cyberattacks impact all these in a great way and hence, it’s important that businesses need to protect their networks and infrastructure from all kinds of cyberattacks. For this, they need different kinds of tools, which would help them boost their defenses and protect their business assets and reputation. Investing in acquiring and deploying such tools is always a wise decision. Given the fact that the costs of cyberattacks that companies have to bear today are increasing, it would only be wise to have what all cybersecurity tools that are needed and try to prevent cyberattacks as much as possible.

Here’s a look at some of the best cybersecurity tools that are available in the market today…

XpoLog for Log Analysis

Log analysis tools help businesses in analyzing the logs that computers and other digital devices connected to their networks record. Most systems and devices log almost all computing processes happening within them and hence analyzing logs to study the patterns and trends could help in identifying and preventing security breaches or malware infections. Manual analysis is often difficult as log files offer dumps of data stored in plain text format. This is where log analysis tools come in. XpoLog is a highly useful tool that many businesses use today for conducting log analysis. Log files from all sources- endpoints, applications, servers etc- are collected and analyzed using AI (Artificial Intelligence). If any alarming patterns are seen, alerts are sent to the administrators, who could immediately take action so as to prevent damages to the business network and the possibilities of cyberattacks.

Riskified for Fraud Detection

Whenever there is an online transaction taking place, there is a chance of online fraud as well. Hackers who have already laid hands on personal or financial data could use the same to manipulate banking networks or e-commerce channels and thus do online frauds, which could cause big losses to businesses. Security tools like Riskified help prevent such online frauds that happen during online transactions; this is done using machine learning to analyze transactions and allow processing of legitimate orders/transactions only. The dynamic checkout feature of this tool automatically adjusts the checking process based on an individual user’s risk profile, thereby providing the user with different options to verify their purchases.

HoxHunt for Protection from Phishing Scams

Most cyberattacks start with a phishing scam that would provide cybercriminals with an opportunity to breach networks and compromise business infrastructures. The hackers use phishing emails either to steal credentials or to install malware that could later help them breach data. The best defense against this is undoubtedly is to stay alert and informed on the individual level. At the same time, there are tools that give protection against phishing scams. One such tool is HoxHunt, which works by teaching users how to identify malicious or phishing emails or messages. The tool uses an AI-driven engine to personalize phishing attacks and thus copies how real-world attacks look like. Once the attacks are identified, users can report them using a special plugin; they also get feedback on their performance.

Imperva for Application and Data Protection

Key network resources like web applications and databases are often targeted by hackers. They try to access such resources and hence it’s important to protect them using WAFs (Web Application Firewalls) and data protection services. Imperva is one tool that has a WAF and aids in DDoS attack mitigation as well. In today’s context, when businesses depend on on-premise devices as well as on cloud components, a tool like Imperva could help greatly. Imperva’s WAF checks all traffic and transactions and prevents malicious traffic from entering the network or impacting the cloud components. All unauthorized access to applications or databases is blocked.

Metasploit for Penetration Testing

Penetration testing is integral to ensuring cybersecurity for any business organization. As we know penetration testing tools simulate cyberattacks and check for security vulnerabilities and issues. Metasploit is an open source tool that helps IT administrators perform penetration testing on business networks. Metasploit can be configured to scan networks for exploits and then go on with deploying a payload to systems that have security vulnerabilities in them. The penetration testing framework, which works on Windows, Linus and Mac OSs, comes with some evasion tools that could circumvent existing security protocols and then look for security issues, which could be fixed before a real cyberattack happens.

Also, Read:

Business Intelligence is the Key to Stronger Cybersecurity – Here’s Why

Artificial Intelligence’s Deep Learning, A New Cybersecurity Tool?

Cybersecurity Risk Readiness Of Financial Sector Measured

How Healthcare Organizations Can Solve Cybersecurity Issues

The post Essential Cybersecurity Tools for Business Organizations appeared first on .

Mobile Browsers’ Google Safe Browsing Flaw In 2018 Revealed

Google Safe Browsing system has been implemented by the Google search engine for more than a decade now, designed to block known websites harboring malware or phishing attempts against visitors. It is very efficient, given that Google has the most advanced web crawlers that index the web, marking as websites with harmful contents with a nag screen, stopping the user from ever visiting the malicious websites in the process.

Unfortunately, browser makers such as Mozilla, Apple and even Google failed to check browser’s iOS and Android variants for Safe Browsing compatibility, which was broken for mobile browsers at least a year from July 2017 to the last Quarter of 2018. The shocking revelation was the result of the research conducted by Paypal in partnership with Arizona State University’s academic researchers. This means that the Firefox, Safari and Chrome/Chromium browsers for Android/iOS for more than a year inadvertently exposed users to some malicious sites, as the Google Safe Browsing was broken under the mobile browser variants.

The research team from Arizona State University and Paypal used an internal project in prototype form from 2017-2018 timeframe to detect the effectiveness of automation with securing Internet users. The project was dubbed PhishFarm, under the project, a controlled environment where the research team deliberately established 2,380 genuine-looking PayPal website and allowed a certain number of “test victims” visit these websites for their “busy workloads”.

The normal behavior for a Google Safe Browsing-aware browser to check Google if the website has no known malicious elements, however, this only works on desktop-based browsers not with their mobile counterparts. That means that mobile users are exposed to malicious websites that are actually blocked by Google Safe Browsing system during the above mentioned time frame.

“We found that simple cloaking techniques representative of real-world attacks- including those based on geolocation, device type, or JavaScript- were effective in reducing the likelihood of blacklisting by over 55% on average,” explains the research team.

With the rapid growth of web browsing through mobile devices, the propensity of users to use the default web browsers installed in their mobile devices greatly increases the risks of users encountering malicious executables and phishing websites. Microsoft’s SmartScreen, a competing service works on all variants of Microsoft Edge browser, both for the desktop operating systems and with Android.

“Following disclosure of our findings, anti-phishing entities are now better able to detect and mitigate several cloaking techniques (including those that target mobile users), and blacklisting has also become more consistent between desktop and mobile platforms— but work remains to be done by anti-phishing entities to ensure users are adequately protected,” added the research team.

In 2019, new versions of mobile Firefox, Safari and Chrome/Chromium has a working Google Safe Browsing system. The browser vendors were able to make the necessary adjustments on how to implement the safe browsing system within their products on the mobile platform. Unfortunately, the statistics of how many mobile users were bitten by a phishing page or received malware due to non-working safe browsing system from last year was not disclosed by any of the browser vendors.

Also, Read:

Google to Block Sign-ins from Embedded Browser Frameworks

Migrate to Tor Browser 8.0, Version 7.x Has Zero-Day Exploit

Microsoft Releases First Preview Builds of Edge Browser

All Browser Vendors Unite: Goodbye to TLS 1.0 and 1.1 on 2020

The post Mobile Browsers’ Google Safe Browsing Flaw In 2018 Revealed appeared first on .

Android Users Spammed With Fake Missed Call Alerts

Scammers abuse the notifications and push APIs on Android devices to send spam alerts that are customized to look like a missed call.

Both APIs are used on mobile devices for push notifications – short messages intended to re-engage the user. Messages can be triggered by a local application or server.

“The Notifications API lets us display notifications to the user. It is incredibly powerful and simple to use. Where possible, it uses the same mechanisms a native app would use, giving a completely native look and feel,” reads the description for the Notifications API.

Chrome’s icon change by the scammer

The Lookout’s KI Phishing Service has intercepted a phishing campaign that is currently sending messages to mobile users with a custom icon for the app that triggers the alert. In this case, it’s Google Chrome.

To hide the origin, the fraudsters changed the browser icon to display “missed call” as if it were a missed call notification. The message indicates that the user has an iPhone XS waiting for them.

This is powerful social engineering because users often rely on visual indicators to identify the source of a warning.

Jeremy Richards, a security researcher at Lookout, in a statement to BleepingComputer said “Scammers are looking to take advantage of the fact that we’re primed to identify certain icons we normally associate with system messages (in this case the icon of the telephone),”.

It is important to note that the message will only be displayed if the victim accepts notifications from the spam domain. This means that sites that have gained the trust of the user can be used for this type of phishing campaign.

The following is a brief list of domains that send spam via mobile device push notifications:


Not all notification spam uses this trick to change the browser icon. However, they contain messages tempting enough to make a few victims.

Same approach for desktops

Richards saw this activity on Android phones. Indeed, push notifications for Safari on iOS are currently not fully supported. However, the same approach is also suitable for the desktop. Safari and Chrome support web notifications can be used to create a fake card. If you quickly read the text and look at the Slack icon, you can easily convince the user to click on the alert and go to a phishing site that collects user credentials.

On mobile devices, the same warning is even more believable because of the name of Chrome, the app that triggers the alert, and the domain that sends spam. If the Chrome icon is changed, there is little evidence of tampering with the message because only the browser name and domain indicate the attempted fraud.

Peter Beverloo – Google software engineer has created a notification generator to test how a push card that appears on desktops and mobile devices. The tool allows you to enter a custom title and text for the message and add a selection of images like; icon, badge, picture, and actions.

Related Resources:

Simple Mitigation Tips For Securing Android E-Readers

Top Five Antivirus Apps for Your Android Smartphone

4 Most Recognizable Android Antimalware Apps You Can Install Today

How To Open Exe Files On Android Phones

First 5 Things To Do After Activating A New Android Device

The post Android Users Spammed With Fake Missed Call Alerts appeared first on .

TalkTalk’s Databreach Made Secret, Exposed In A Google Search

Having the Google search engine is a blessing for many people who are searching for answers to whatever questions they may have. However, for the telecommunication conglomerate TalkTalk, having Google is a nightmare, as their data breach that they kept secret from their customers was inadvertently exposed by just a simple Google Search. An estimated 4,545 customer records were discovered by just a Google Search, which TalkTalk tried to hide from the public.

Styling itself as: “We do what’s right. We’re also passionate about keeping our teams engaged, happy and proud to work here. It’s all about empowering customers through great TalkTalk technology, and great TalkTalk people.” With leaving the customers in the dark, the company may be subjected to a penalty by the United Kingdom.

The data breach issue was not disclosed by the conglomerate, and it was also unreported to the ICO (UK”s Information Commissioner’s Office), which according to law should receive all reports of data breaches in accordance to the Data Protection Act of 1998. It was later found out through a Google search that the data leak includes personally identifiable information like customer full name, birthdate, address, account numbers, financial information, and contact information. Due to the news blackout fiasco, TalkTalk was forced to issue letters of apology to the affected customers of the 2015 data breach, the origin of the data came from the conglomerate’s own database.

“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud. A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologize. 99.9 percent of customers received the correct notification in 2015. On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss,” explained a TalkTalk representative.

Security experts expressed their concern of companies not being honest when it comes to the welfare of their customers. Even though bad for the reputation of the company at first, customers will appreciate if companies that encounter trouble can face the music by being honest with their customers.

Related Resources:

Ways to Prevent Healthcare Data Breaches

Human Error: The Reason behind 88% of all UK Data Breaches

The Top 10 Worst Data Breaches of all Time

Six Critical Mistakes That Could Lead to Data Security Breaches

The post TalkTalk’s Databreach Made Secret, Exposed In A Google Search appeared first on .

Points To Consider Before Selecting a Secure Web Gateway

Information technology has undergone a major transformation in recent years. Today, infrastructure, applications, and data – almost everything – are moving to the cloud. Whether it’s the public or private cloud infrastructure, cloud technology has revolutionized the IT ecosystem. Today, however, this raises global questions about how to protect the data stored in the cloud.

This rise in cloud technology has also changed the way employees used to work; it has made many people care less about the security of their data and that of the organization. When an employee works outside the corporate network, he does not even bother to turn on the VPN and work. And that’s where secure web gateways come into force.

What is a secure web gateway?

A secure web gateway (SWG) actually refers to content control software. When we talk about content control, it means that this specific software filters and manages the content on the Internet. This software essentially prevents malicious Internet traffic from running on the corporate network and ensures the security of the enterprise. In simple terms, it actually provides content relevant to the work or policy of the company and not to the user sitting outside the network.

In recent years, SWG has become a tool for organizations around the world. This is not very new – SWG has been there since the inception of the web. Today, however, it is more sophisticated than content filtering and is offered both in the on-prem forms and cloud. However, SWGs are capable of preventing or restricting malicious traffic, and that not all companies know to use SWG.

Things to Keep In Mind

You should have complete know-how about the web-related threats and vulnerabilities.

This is the first and foremost thing every organization should do. Companies need to understand the threats and vulnerabilities they are facing. They also need to make sure the path and source of the threat and what damage they are causing and could cause in the future.

What to consider when opting for secure web gateway?

You must have extensive knowledge of Web threats and vulnerabilities. This is the most important thing any organization should do. Businesses need to know the threats and vulnerabilities they are exposed to. They must also state the trajectory and source of the threat, as well as the damage they could cause in the future.

When you have strong knowledge about what you are going to deal with, you plan better. And when you plan better, you come up with strong solutions. So, before evaluating or opting for a specific secure web gateway, you should know what is happening.

If you know exactly what you are going to deal with, plan better. And if you plan better, you can offer solid solutions. So before you select a specific secure web gateway, you need to know what’s going on.

What measure to take?

When you’re done analyzing the threats and vulnerabilities, review the existing actions you’ve already taken or the tools you’ve configured to handle malicious traffic. Check each tool and see the results of these tools.

If you do not have the required resources and infrastructures, check to see if you can set this parameter and how much it will cost. If your budget is exceeded, you can see some of the cloud service providers. It is always a good idea to review our existing sources before using a brand new tool.

Do you have the bandwidth to deploy extra security tool?

You might feel a high level of need to deploy a secure web gateway product in order to make your web security infrastructure stronger, but one simply can’t buy an SWG product and get it fit in — you have to make sure that you have the required infrastructure and resources to make the most out of the tool.

Does your existing infrastructure align with cloud infrastructure?

The cloud approach can solve local problems but has its own requirements. So, if you choose a cloud infrastructure, make sure your existing processes and methods are working properly. Also, make sure you have the support you need for a cloud-centric deployment. This concerns the infrastructure.

Now, when you talk about tools and implementing a cloud-based security tool, you need to check whether it can integrate with existing local tools. If you can afford to meet those challenges, a cloud-based SWG is definitely a great way to eliminate cyber-attacks and malicious traffic from the corporate network.

What to expect from a secure web gateway product?

This is the penultimate but one of the most important things to keep in mind. You need to pick the issues you want to fix: the format of the threats you want to detect and fix, the type of traffic you want to block, and so on. If you have a vision or set of results that you expect, you can participate in the evaluation of the secure web gateway product and see if this product can deliver the results. It makes no sense to spend time and money on a product if it does not.

Related Resources:

Six Top Secure Web Gateway Vendors

Secure Web Gateway Mechanics Made Simple

What is the Difference between a Firewall, Router & Secure Web Gateway


The post Points To Consider Before Selecting a Secure Web Gateway appeared first on .

Fake Cryptocurrency Scammed 55,000 investors for over $200 million

The cryptocurrency crime cartel has been shut down after more than 55,000 investors were conned for more than $ 200 million. Brazilian police arrested 10 people suspected of operating an $ 850 million ($ 210 million) pyramid cryptocurrency scheme. This was reported by local media such as Correido Do Povo on May 21st.

As part of the Egyptian operation, to unveil unapproved financial schemes, the Brazilian tax authorities, together with the police, organized a crackdown against the figures on which the transaction was based and raised funds from 55,000 investors.

They attracted victims with the promise of a 15% payment the first month after investing in the crypto scheme.

In total, the investigation involved 13 individuals and five legal entities.

“The problem with this company is that it was acting without the authorization,” Correido Do Povo quotes Delegate Eduardo Dalmolin Boliis of the federal police’s Office of Corruption and Financial Crimes as saying.

On the basis of a traditional financial pyramid, seizures of the assets of those involved showed that the company could not honor all the withdrawals of its investors at the same time.

They also invested in luxury goods, including 30 cars and gems, which were subsequently confiscated.

The news comes in the same week when the United States is acting against a Ponzi scheme linked to a cryptocurrency allegedly backed by diamonds. In this case, the network operators would have persuaded domestic and foreign customers spend about $ 30 million over several years.

The use of cryptocurrency is not illegal in Brazil. Police are trying to repeat the impetus for the raid on the contracts, which is based on the lack of legality of the company.

Related Resources:

The Impact of Cryptocurrency Attacks on Cryptocurrency Exchange

4 Effective Ways on How to Prevent Cryptocurrency Mining Infection

Macos Malware Targets Cryptocurrency Exchanges

Cryptocurrency Mining Service Coinhive Set to Shut Down

The post Fake Cryptocurrency Scammed 55,000 investors for over $200 million appeared first on .

Automated Malware Analysis in the Cloud: An Introduction

Cybercriminals execute malware attacks using different attack vectors and using different methods. The number of malware strains is increasing in an unprecedented manner and hence malware analysis today is not an easy job. In the present context, automated malware analysis is a necessity. Let’s discuss today the different aspects of automated malware analysis in the cloud.

Though there are millions of malware samples being distributed around the world today, only a few are new ones. Majority of the malware that we find are simple derivations of existing known malware. New malware samples could prove too complex for analysis using cloud automated malware services. By detecting a sandbox, debugger or a virtual environment, any new, complex malware could detect automated malware analysis environment and then could execute wild programs.

Well, let’s come back to automated malware analysis in the cloud. There are many automated malware analysis services available on the internet, some of which are free. There are malware analysis tools provided by Comodo, Malwr, Anubis, Hybrid Analysis, Threat Expert, Threat Track etc. A notable thing is that despite such services automating malware analysis to a great extent, the analyst needs to have a deep understanding regarding what he is doing and what he is looking for. This would help him understand the output that’s provided by the malware analysis service.

Let’s now discuss the analysis process.

We should begin by attempting to determine if the binary sample is malicious. This can be done by using VirusTotal. To be noted is the fact that if the binary sample is quite new, there are chances that it might not get detected as malicious even if it is malicious, especially if antivirus companies haven’t updated their signatures yet. Well, if the sample is detected as malicious, we’ll get a list of the antivirus solutions that have detected it as malicious, plus the name of the malware and details regarding the time when the signature was updated last. We should next try to get more information about the analyzed malicious file, especially as too what it does.

Cloud automated malware analysis solutions can help gain information about the binary sample that has been detected as malicious. An analysis of the malware on the tool could yield a detailed report (mostly in HTML, PDF, XML etc); this report might have lots of details including details about the DLLs used by the malware sample, summary of files and directories accessed by the binary sample, list of all strings in a binary, details regarding whether it connects back to the C&C server to fetch and execute commands, data pertaining to whether the binary sample modifies certain registry keys to achieve persistence on the infected system etc.

Thus, by going for automated malware analysis, we can detect malware and gain sufficient information about malicious files, which would help us combat them in better and more effective ways.

At the same time, let’s remember that there are instances when the results yielded by such an analysis would turn out to be false positives. This lack of 100 percent accuracy thus makes manual analysis also inevitable. Anyhow, researchers are striving to develop better automated malware analysis tools with improved features that could help solve such issues, at least to a great extent.

Related Resources:

Static Malware Analysis Vs Dynamic Malware Analysis

The Fileless Malware Attacks Are Here To Stay

The post Automated Malware Analysis in the Cloud: An Introduction appeared first on .

Google Stored G Suite Customers Passwords in Plain Text

In a blog published yesterday, Google revealed that it had discovered a bug that allowed some G Suite users to have their passwords saved in text format.

The bug has been in circulation since 2005, although Google claims to find no evidence of incorrect access to someone’s password.

It’s resetting any passwords that might be affected and allow G Suite, administrators to know about the problem.

G Suite is the business version of Gmail and other Google apps. Apparently, the bug in this product was generated because of a feature specifically designed for businesses.

Initially, your G Suite application manager could set user passwords manually, before a new employee is on board. If this was the case, the administrator’s console would store the passwords in plain text instead of hashing them. Since then, Google has removed this option for administrators.

Google’s blog aims to explain how the cryptographic hashing works, probably to ensure that the nuances surrounding this violation are clear.

“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

Although passwords are stored in plain text, they are at least plain text on Google’s servers. It would be more difficult to reach them if they had just arrived on the open Internet.

Although Google did not say explicitly, it also seems to prevent people from placing this bug in the same category as other common password problems in which these passwords were leaked. Google has already led users to reset their passwords.

In turn, Google has identified not only the number of users likely to be affected by this bug, but also the fact that it affects “a subset of our G Suite business customers” – probably anyone who used G Suite in 2005.

And while Google has found no evidence that anyone has used this access for malicious purposes, it is unclear who has access to those files containing only text.

Anyway the issue is fixed now, and Google has conveyed in its post how it is appropriately sorry about the whole issue:

We take the security of our enterprise customers extremely seriously and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.

Related Resources:

Google Removes 85 Adware-Infected Android Apps

Google Helps Identify Crime Suspects Using Location History


The post Google Stored G Suite Customers Passwords in Plain Text appeared first on .

Sharp Rise in Phishing Attacks against SaaS, Webmail Services

Phishing attacks against businesses offering SaaS (Software-as-a-service) and web-based email services have increased considerably in the first quarter of the current year, as per a recent report.

According to the Phishing Activity Trends Report released by APWG (Anti-Phishing Working Group) and focusing on the period between January and March 2019, cybercrime groups have shifted their attention from payment services to businesses offering SaaS and web-based email services. At the same time, there has been a considerable decrease in the volume of attacks against cloud storage and file hosting sites; from 11.3 percent it has dropped to around 2 percent.

It’s only natural for cybercriminals to target SaaS platforms and webmail services since they are becoming more and more popular. The rising popularity is because of the fact that these services are easy to use by anyone who has internet access and also because they provide online business solutions. It’s mostly through phishing attacks that such services are targeted. Experts point out that though many businesses today are concerned about targeted hacking and DDoS attacks, most organizations seem to be worried about phishing attacks the most.

The APWG report points out that 36 percent of all phishing attacks that took place in Q1 targeted SaaS and webmail services. The report states, “Phishing that targeted Software-as-a-Service (SaaS) and webmail services became the biggest category of phishing. At 36 percent of all phishing attacks, it eclipsed phishing against the payment services category for the first time.”

The report also points out that the total number of phishing websites detected by APWG in Q1 was up notably over Q3 and Q4 of 2018. Similarly, the number of phishing attacks hosted on Websites having HTTPS and SSL certificates also reached a new high. The report states, “The total number of phishing sites detected by APWG in 1Q was 180,768. That was up notably from the 138,328 seen in 4Q 2018, and from the 151,014 seen in 3Q 2018…The number of unique phishing reports submitted to APWG during 1Q 2019 was 112,393. These were phishing emails submitted to APWG, and exclude phishing URLs reported by APWG members directly into APWG’s eCrime eXchange.”

Through such phishing attacks, cybercriminals seek to steal sensitive data like geolocation, email addresses, credit card data, payment details, personal preferences of users etc.

Now, let’s discuss the relevance of the findings revealed by the report in the current context. On the one hand, the rise in phishing attacks targeting businesses offering SaaS and webmail services is notable. At the same time, it’s to be noted that hackers are increasingly using SSL/HTTPS-hosted websites (that are usually thought to be secure) for executing phishing attacks. The report also explains that of all phishing attacks, while 36 percent targeted SaaS/webmail services, 27 percent targeted payment solutions, 16 percent targeted financial institutions, 15 percent targeted other organizations and only 3 percent targeted eCommerce / Retail and Telecom. In this context, there are two things that need to be noted. On the one hand, it’s highly important that organizations go for the most advanced of security solutions and digital forensics to protect themselves and to identify/detect threats, attacks and the bad actors. On the other hand, they must also go for adopting a well-planned and legitimate security policy and at the same time train their employees to stay wary of phishing scams since clients’ data policy should also be of utmost importance for them.

APWG is a not-for-profit industry association comprising of over 2,000 enterprises worldwide and focused on eliminating identity theft and frauds that are caused by phishing, crimeware, and email spoofing.

Related Resources:

On Phishing Attacks and the Companies That are Targeted the Most

Counter Phishing Attacks with These Five Tricks

HackerCombat Guide on How to Prevent Phishing Attacks

10 Ways How To Avoid Being A Phishing Scams Victim

The post Sharp Rise in Phishing Attacks against SaaS, Webmail Services appeared first on .

Instagram Influencer’s Account Information Exposed

The life of Instagram Influencers goes public. An exposed database seems to have been added to the information available about them.

According to a TechCrunch report, account details of 49 million Instagram users, including influential people and brand accounts, have been published online. The note contains public data that appears to have been extracted from Instagram user profiles, as well as personal data such as telephone numbers and e-mail addresses.

According to the report, the database belongs to Chtrbox, an Indian marketing company that connects influential people with brands who want to promote their products. Chtrbox has not responded to the matter yet.

“We’re looking into the issue to understand if the data described — including email and phone numbers — was from Instagram or from other sources,” an Instagram spokeswoman said in a statement. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

Instagram prohibits deleting accounts in its terms of service. The website of the Chtrbox claims to have more than 184,000 Instagram influencer’s as customers, far fewer than the millions of records reportedly found in the database.

This is not for the first time that Instagram accounts have published high profile user information. In 2017, hackers used a software error in the photo-sharing app to find phone numbers and contact information of celebrities.

According to TechCrunch, independent cyber security researcher Anurag Sen found the data and found that the database is no longer visible to the public. An under-protected cloud database is another problem – a problem that grows as more and more companies, place sensitive data on cloud servers without the necessary data security expertise. Researchers around the world are looking for exposed databases and are trying to get companies to secure them. This is, for example, a cache with demographic data for 80 million American households that were removed in April.

“Celebrity Instagram users might be at risk if hackers got their hands on their private email addresses. He recommended Gmail users check their security settings through the Google Security Checkup and also set up extra login protections, including prompts and the Advance Protection Program,” said Mark Risher, head of account security at Google,

“Given the high-profile nature of some of these accounts, attackers may try to break into the email accounts as a means to impersonate the legitimate account holder,” Risher said.

Related Resources:

Instagram Accidentally Exposed Some User Passwords

Instagram New Feature to Share Location Data with Facebook

Instagram Hit By Widespread Hack And Users Locked Out

New Instagram Attack After JB’s Nude Photos Deleted

The post Instagram Influencer’s Account Information Exposed appeared first on .

Six Best Password Managers for Online Protection in 2019

We at HackerCombat have always been emphasizing on the importance of passwords and password management in cybersecurity. At a time when even individual users have and manage many login ids and passwords, it’s undoubtedly a herculean task for organizations to manage the large number of passwords they have at their disposal. (Remember, it’s never ever advisable to have same passwords for different accounts/services, from the security point of view!) The best thing that organizations can do, as regards handling passwords, is to use a decent password manager.

We seek to put together a list of the six best password managers that can be used for online protection in 2019. Here we go-

Keeper, from Keeper Security Inc.

The password manager offered by Keeper Security Inc., which suits Windows, Linux and Mac is ideal for business enterprises and other organizations and can also be used by individuals or family groups. Keeper password manager used two-factor authentication plus secure file storage, which ensures comprehensive protection of your information. The other notable features include version history (ability to restore previous versions of users’ records), emergency access for five different contacts to access a subscriber’s passwords, custom fields to keep personal records (driving license numbers, passport data etc) in the app etc. Utmost flexibility is offered as regards data storage.

LastPass Password Manager

The LastPass password manager, which is for Windows, Linux, Mac and Chrome, offers some remarkable features including two-factor authentication, free credit monitoring, an auto-fill feature to streamline users’ shopping, multiple identities etc. Once the user sets up a master password, LastPass enables importing of all saved login credentials from Chrome, Firefox, Edge, Opera, and Safari. Once this is done, the user needs to remember only the master password and all the rest is taken care of. A notable advantage of using LastPass password manager is that it stores encrypted information on its cloud servers and hence users can access the passwords from computers other than their personal PCs as well. They can even share the data with others in their family group or organization, enabling them to access the credentials from the cloud. There’s also a password generator that helps create unique passwords. The premium version comes with additional authentication options, data syncing with mobile devices, excellent tech support etc. Use LastPass for its excellent interface and notable features.

Sticky Password, from the AVG Antivirus team

Sticky Password is a password manager that’s ideal for Windows, iOS, Android and Apple, and is created by the team behind the AVG antivirus. It supports lots of browsers, especially on the desktop and offers secure cloud-encrypted syncing options between devices and also offers, in addition to the conventional sign-in options, Face ID as well as fingerprint sign-ins. It’s easy and simple and has a free version plus a premium version with extra cloud features. It comes with AES-256 encryption and strong password generation capabilities.


1Password, which is a good password manager for Windows, macOS, Android, iOS and Chrome OS, has notable features like reliable username-password storage with secure sharing, strong password generator, digital wallet (for saving logins, card data, network passwords etc), intuitive and easy user interface etc. 1Password, which is developed by AgileBits Inc., has as its highlight a built-in “watchtower” service that notifies users of ongoing website breaches. The password manager allows, in addition to local syncing of data, the syncing of information between computers via iCloud, Dropbox etc. There is no free-version for 1Password, which can also be used as browser extensions, integrated with desktop web browsers like Chrome, Safari, Firefox, Edge, and Opera.

LogMeOnce Password Manager

One of the best password managers for Mac OS X, LogMeOnce also syncs passwords across Windows, iOS and Android. The notable features offered include two-factor authentication, securing passwords with military-grade AES-256 encryption and the very remarkable Mugshot feature, which takes a photograph of an intruder when there is a hack and also tracks locations in case the device is stolen.

Dashlane Password Manager

Dashlane password manager, which is ideal for Windows, iOS, Mac and Android, has some notable features. It is secured with two-factor authentication and offers users the ability to change multiple passwords for multiple websites with just a few clicks. The user can encrypt (with AES-256 encryption) and store passwords either locally or automatically sync them across different devices. Dashlane’s automatic password changer helps change accounts’ passwords without the user having to deal with it personally. Though there is a free version for individual users, businesses need to go for a paid one, which comes with an annual fee.

Related Resources:

10 Practical Computer Protection Tips

7 Data Protection Tips for Small Businesses

The post Six Best Password Managers for Online Protection in 2019 appeared first on .

Do You Know When The First Cyber Attack Took Place? Read On

WannaCry, a malicious computer virus that encrypts data and demands ransom, hit thousands of computers across the world, causing several organization to close down. Not a day goes by without a large company admits that its data has been breached. Cyber attacks are more known to be a thing of modern life, but their story goes farther than expected.

Do you know when the first cyber attack occurred? Many attribute this to Robert Morris, a 20-year-old Cornell undergraduate student, in 1988. He was also the first person to be charged under the Fraud and Cyber Abuse Act. Nevertheless, this was not the first cyber attack. The first cyber attack happened when optical telegraphy known as semaphore was used, long before our Internet and computers came into existence. This happened in the year 1834.

The semaphore system included a chain of towers with each tower having a mobile wooden arm in its upper part. Different configurations of these arms have been used to denote different symbols, letters, and numbers. The operators of each tower would use a telescope to verify the configuration of the adjacent tower and then reproduce them in their own tower. This made it possible to deliver messages much faster. The semaphore network was reserved exclusively for government use; however, in 1834, two brothers, François and Joseph Blanc came up with means of hacking into the system for their personal benefit.

François and Joseph Blanc were dealing with government bonds on the Bordeaux stock exchange that kept a close watch on the Paris stock exchange. The Paris stock exchange was the primary market, and the secondary markets always lagged due to the time it took for the information to travel through the post. So if traders could get to know the information in advance, they could make a lot of money by anticipating the market move.

The Blanc brothers’ bribed a telegraph operator who provided information on the stock market, and he had an accomplice in Paris who will help him get the details. The operator would then send the news of Tours to Bordeaux using the semaphore system. However, he breached the message by adding errors such as; codes to government messages that were later deciphered by another operator who was Blanc’s person stationed close to the Bordeaux line.

This lasted for approximately two years until one day the Tours operator became ill. So he shared this misdoing with one of his friends with a hope that he will continue the practice. The friend took a back seat and reported the operator to the authorities. The Blanc brothers were arrested for their cyber attack but were released due to the lack of an adequate law.

“The Blanc brothers’ story is also a reminder that with any new invention, people will always find a way to use it maliciously.” This is a timeless aspect of human nature, and it’s not something technology can or should be designed to solve, “said Tom Standage of The Economist writes. This is still so relevant.

Related Resources:

How to Protect Yourself from Online Cyber Attacks at Work

How A Website Security Scanner Helps Lessen Future Cyber Attacks

The 3 Sectors Most Prone to Cyber Attacks

Businesses Should Be Aware of Growing Cyber Attacks

Artificial Intelligence as the Next Host of Cyber Attacks

The post Do You Know When The First Cyber Attack Took Place? Read On appeared first on .

Fraudulently Acquired IPv4 Addresses Revoked by ARIN

The US Registry for Internet Numbers, Ltd. (ARIN) won a legal case, against multi-year program designed to deceive the Internet community by approximately 735,000 IPv4 addresses. John Curran, President, and CEO of ARIN announced that the fraud had been discovered through an internal due diligence process.

ARIN is a non-profit organization responsible for distributing Internet numbers in the United States, Canada and parts of the Caribbean. The emerging market of IPv4 address transmission and growing demand has led to new attempts to fraudulently recover IPv4 addresses.

This is the first arbitration under the ARIN Registration Service Contract and the related process in the US District Court for the Eastern District of Virginia. ARIN has been able to prove the existence of a complicated scheme to fraudulently acquire resources, including many legalized official attestations sent to ARIN. “A company in South Carolina obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.” (ARIN Press Release).

The fraudulent entity adopts an aggressive position after ARIN requests to produce certain documents and explain its behavior. The suspects filed a motion for provisional detention orders and initial orders for ARIN in the US District Court and requested a hearing the following morning just before Christmas. “The aggressive posture was taken after ARIN indicated its intent to revoke addresses, while permitting defrauding entity to renumber to allow existing bona fide customers not to have service interrupted,” ARIN’s General Counsel told CircleID. “The litigation was filed against ARIN to seek an injunction to stop ARIN from revoking and enter arbitration. Some addresses were transferred for money prior to that demand, others were pending transfer and were never transferred due to ARIN investigation.”

Some fraudulently obtained addresses were transferred to third parties; however ARIN made no effort to pursue the parties that received the completed transfer, ARIN’s General Counsel told CircleID. The reason being: “(a) addressed were in another RIR service region (e.g. RIPE NCC and APNIC) and (b) ARIN did not see any evidence they knew of or participated in the fraud. In other words, they appeared to be bona fide 3rd parties.”

On May 1, 2019, ARIN obtained an arbitration award, which included revoking all fraudulent resources and $ 350,000 to ARIN for its legal fees.

UPDATE May 15, 2019: “Charleston Man and Business Indicted in Federal Court in Over $9M Fraud” – United States Department of Justice issues a statement announcing Amir Golestan, 36, of Charleston, and Micfo, LLC, were charged in federal court in a twenty-count indictment. The indictment charges twenty counts of wire fraud, with each count punishable by up to 20 years imprisonment.

Related Resources:

Wireless Network Security Assessment Guide | 5 Step Assessment

Ten Best Network Scanning Tools for Network Security

The post Fraudulently Acquired IPv4 Addresses Revoked by ARIN appeared first on .

Simple Mitigation Tips For Securing Android E-Readers

Android e-readers are not taking any headlines when manufacturers are announcing their products. However, the e-ink based Android tablets are still selling like hotcakes, given it provides more flexibility than the similarly priced Amazon Kindle e-readers. Like the latter, no matter what type of book you open, the text is rendered against an old type of paper called sepia. There is an option under the setting menu, and you can add different gradation backgrounds such as wood, leather, solid color and so on. Reading on white background may be stressful for some, and Android e-readers provide the ability to change the background color of a book to the color that the user prefers. Not only can users change the background, but they can also change the color of text, hyperlinks, and so on.

If users like fonts, line spacing, alignment, and control of margins, they will love Android e-readers. There are many options to change all these features, Android always has the edge over kindle when it comes to customization. It’s good to customize the settings that they apply to whatever book the user opens next. Page turning speeds are fast, impressive, and users can read in both horizontal and vertical modes (ie, horizontal and vertical). The direction is locked by default but can be canceled immediately in the settings menu. The only thing that potentially may annoy users is the whole page turning experience, a strange line that turns the screen off every time users turn a page. It’s not just a screen refresh, but page feed takes a bit more time than the behavior of the Amazon Kindle. As users send pages, gestures, and swipe, these lines will follow and fill the page.

But unlike the Kindle e-readers, which provides basic e-ink reading capability, Android e-readers are full-time Android tablets but with an e-ink screen. That means all the vulnerabilities of a regular Android device affects the Android e-readers, in reciprocity, the feature that keeps Android secure such as the built-in antimalware, Google Play Protect is also installed in the Android e-reader device. The only weak part of Android e-readers is they are considered as legacy devices, that means it only comes with Android 4.0 Ice Cream Sandwich, with the latest version rocking Android 6.0 Marshmallow which was released three years ago.

Android e-readers are no longer occupying store shelves, and usually can only be bought from online stores. As Android 4.x and 6.x are considered old versions of Android, and no longer receives patches from Google, a heightened level of security awareness is required to continue the safe usage of the device.

Here are some of our recommendations:

Only associate your Google Account if you need to access the Google Play Store
That means the Google Account does not need to be saved on the device. Associate the Google account only if a new app needs to be downloaded from the Play Store. That will help preserve the security and privacy of the Google account in the event the e-reader captures malware. In an infected Android device, the associated Google Account is at risk of getting used for nefarious purposes. So better not have the account associated with the device if there are no new apps that need to be installed.

Turn-off Bluetooth component if not used
Keep the device isolated, without access to Bluetooth, means there is no chance from a 3rd party to send files to the e-reader.

Only use legitimate apps (never sideload)
Apps should only be downloaded from the official source, the Google Play Store. This way, the Google Play Protect will kick-in and scan the apps first before installation.

See if using a full Android tablet or phone will be a better experience
Evaluate if you really need to continue using the e-reader, it is using a very old Android version which is considered as not safe for typical daily usage when connected online. Replace the device with a regular tablet or phone, if not keep it offline instead of being visible in the public Internet.

Also, Read:

7 Android Security Features You Never Knew You Needed

Nexus and Pixel devices now has Google’s Android Security Patch

Fortnite’s Accidental Revelation of Android’s Security Weakness

Google Launches Play Protect for Android Device Security

The 6 Deadly Mobile Security Threats

The post Simple Mitigation Tips For Securing Android E-Readers appeared first on .

Our Long Collective Struggle To Secure Enterprise Email

Email is the oldest service on the Internet, launched in the 1970’s, it is older than the WWW or the World Wide Web itself for more than three decades. However, the fundamentals of sending and receiving email have not fundamentally changed, in fact, all the weaknesses of the email systems of the 70s are still hounding us today. In 1978, we witnessed the first spam email sent to thousands of corporate email users. The other threats such as malware and phishing through email followed soon after.

These threats take advantage of the basic foundation of email, which is accessibility and open-ended approach to transferring information. Security is never the foundation of email when it was first conceptualized by the fathers of the Internet. It is a direct product of the TCP/IP (Transmission Control Protocol/Internet Protocol), where scientists are able to communicate with one another the results of their experiments and research.

When email and the rest of the Internet became a “public sphere” as opposed to the initial “for military use only”, opportunity seekers look at it and found a new home when it comes to exploiting the weaknesses at the expense of unsuspecting users. The number of cyber attacks targeting countries and companies is increasing, and information security measures are now a matter of life and death for companies. At the same time, however, the combination of business and IT has progressed, and while numerous IT investments are required, the amount of investment in security is a reality. Similarly, many IT personnel are busy with various tasks, making it difficult to specialize in security measures.

Under such circumstances, effective use of security solutions is essential to obtain a safe and secure environment including business partners and customers. Above all, the most important point is how to secure the security of “mail” which is said to occupy 80 to 90% of the attack path. It goes without saying that even among the damage caused by cyber attacks, it is information leakage that brings fatal damage to companies. Targeted attack emails and emails such as phishing emails often use messages that spoof legitimate senders, such as business partners, financial institutions, and public organizations. And the reason why the damage globally has been increasing in the last two decades is that the methods for infecting the sentences and malware described in such malicious emails have been refined.

Is there a permanent solution?
As an attack method by email, attachment files of malware such as ransomware and URL spoofing (redirection) are often used. In the latter case, if you click on the URL link in the mail, you will be diverted to a falsified website, etc. and you will be forced to download malware, etc. And please be aware that in such email-based attacks, the pattern of spam emails, which was previously thought to cause no direct harm to the system, is rapidly increasing.

Spam email is an advertising email sent indiscriminately to an unspecified number of people, often referred to as “spam”. In the past, the damage caused by spam emails was such that sending many unnecessary emails interfered with business operations, and the effort for deletion would be unrelentingly costly. However, recently, in addition to these, as mentioned above, it has become a trigger for malware infection or is being used for phishing scams. Also, there are more cases where Botnet, which sends large-scale spam emails, is the source of ransomware.

There is no other defense but for users to develop a sense of doubt when receiving emails. A reasonable level of suspicion does not hurt, in fact, it is even safer to actually call the sender of the email to verify if that person actually sent an email. There is no system that can 100% prevent email risks, but there will always be a human standing in the way. The point of getting a network infected or a company falling for spear phishing is the human user of the system representing the company. All employees are the frontliners in all corporate IT security arrangement.

Also, Read:

Avoid These Mistakes, Ensure Better Enterprise Security

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Mimecast Quarterly Report: 25% Of Spam and Malicious Emails Bypass Security Systems

How Enterprises Can Combat Cybersecurity Challenges On The Cloud

Can Artificial Intelligence Boost Future Email Security?

The post Our Long Collective Struggle To Secure Enterprise Email appeared first on .

WhatsApp Will Never be Safe, Says Telegram Founder

In a direct attack on WhatsApp, Telegram founder Pavel Durov has stated that the Facebook-owned WhatsApp would never be safe.

In a statement that he had written on Telegraph Pavel Durov points out that hackers could access anything- photos, emails, texts etc- on any phone that had WhatsApp installed on it. He even discusses the security issue that WhatsApp recently faced- that of a high severity bug that could allow hackers to inject spyware remotely into a phone simply by making a WhatsApp call.

Durov writes, “Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors.”

He points out that unlike Telegram, WhatsApp is not an open source platform and hence it never allows security researchers to easily check if there are backdoors in its code. Instead of publishing its code, WhatsApp deliberately obfuscates their apps’ binaries so that no one is able to study them thoroughly, he adds.

Durov explains that back in 2012, when he was working to develop Telegram, WhatsApp was still transferring messages in plain-text in transit and not just governments or hackers, but mobile providers and even Wi-Fi admins had access to all WhatsApp texts.

WhatsApp later added some encryption, but the key to decrypt messages was available with several governments, who could thus decrypt conversations on WhatsApp very easily. Durov says, “Then, as Telegram started to gain popularity, WhatsApp founders sold their company to Facebook and declared that “Privacy was in their DNA”. If true, it must have been a dormant or a recessive gene.”

Discussing how the end-to-end encryption introduced in 2016 by WhatsApp works, Pavel Durov says, “3 years ago WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement. Brilliant marketing, and some naive people are serving their time in jail as a result.”

Durov also explains that those who don’t go for the backup thing could also be traced in many ways. He says that the metadata generated by WhatsApp users is leaked to different agencies in large volumes by WhatsApp’s mother company. Added to all this, there are critical vulnerabilities coming one after the other.

He writes, “WhatsApp has a consistent history – from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes. Looking back, there hasn’t been a single day in WhatsApp’s 10 year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone.”

In his statement, Durov explains why people can’t stop using WhatsApp all of a sudden. He says that a lot of people can’t do this because their friends and families still continue to use WhatsApp. He writes, “It means we at Telegram did a bad job of persuading people to switch over. While we did attract hundreds of millions of users in the last five years, this wasn’t enough. The majority of internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable.”

Durov says this about Telegram- “In almost 6 years of its existence, Telegram hasn’t had any major data leak or security flaw of the kind WhatsApp demonstrates every few months. In the same 6 years, we disclosed exactly zero bytes of data to third-parties, while Facebook/WhatsApp has been sharing pretty much everything with everybody who claimed they worked for a government.”

He explains that unlike Facebook, which has a huge marketing department, Telegram does zero marketing and wouldn’t want to pay journalists and researchers to write about it. It instead relies on its users.

Well, that’s the gist of what the Telegram founder has to say. Let’s wait for the other side of the story. Let’s wait and see if WhatsApp comes up with its own statements defending itself, in response to what all Pavel Durov had written.



Related Resources:

A Quick Glimpse On The WhatsApp “Spyware” Issue

The WhatsApp Gold Scam is Back, in a New Form!

WhatsApp Launches Service to Fight Fake News in India

SpyDealer Android Malware Steals Data from WhatsApp and Facebook

The post WhatsApp Will Never be Safe, Says Telegram Founder appeared first on .

Stack Overflow’s Production Systems Accessed by Hackers

In a brief announcement yesterday, Stack Overflow reports that it was the target of an attack that led hackers to access its production systems.

The website is currently online and the few public details provided in a short message indicate that a survey revealed that a “level of production access was obtained on May 11”.

User data are safe

It is not clear how the intruders were able to access the internal Stack Overflow network, but the actions taken as a result of the violation includes the patching all known vulnerabilities. The incident was discovered internally and the initial assessment is that no customer or user data has been affected.

“Our customers’ and users’ security is of the utmost importance to us. After we conclude our investigation cycle, we will provide more information,” says Mary Ferguson, VP of Engineering at Stack Overflow.

Stack Overflow was launched in 2008 as a website for questions and answers about programming themes. As part of the Stack Exchange Network, it is a community of more than 10 million as on January 2019.

Stack Overflow is available in several languages (English, Spanish, Russian, Portuguese and Japanese). According to the website, more than 50 million visitors access it every month, looking for ways to solve their problems, develop their skills or find work.

The platform is considered as a reliable source for an overview of accurate trends in the developer community, as well as pay package information based on experience, location, training, and technology.



Related Resources:

Hackers Steal Around $41 Million in Bitcoin from Binance

Yet Another WordPress Hack Exploiting Plugin Vulnerabilities

The post Stack Overflow’s Production Systems Accessed by Hackers appeared first on .

The Six Most Effective Email Spam Blocker Tips

Email, as we know, is always susceptible to spam. Anyone using email would have to face spam almost on a regular basis. Email clients today are equipped with anti-spam filters that filter and move spam to separate folders. But since such filters are not 100 percent effective, it’s always best for email users to know how to deal with spam in an effective manner. Here’s a look at some of the most effective of email spam blocker tips that could help combat spam in the best of manners

Begin by training your spam filter

As we’ve already stated, the email spam filter that your email client is equipped with by default is not 100 percent perfect in filtering emails and detecting spam. Thus, it becomes important for you to keep training your spam filter to be more perfect. This can be done in two ways. Firstly, whenever you come across spam that has sneaked past the spam filter and landed up in your inbox, you shouldn’t limit yourself to just deleting it. You should select it and tell your email client that it is spam by clicking on the button that’s given to report spam. Secondly, when mail that is not spam lands up in your spam folder, you should select it and tell the client that it made a mistake. You should click on the ‘Not Spam’ (or similar) button. This way, you can train your spam filter to perform better.

Secondly, train yourself not to respond to spam

Well, we’d say this is of utmost importance among all email spam blocker tips. Security always starts from the individual users. You must train yourself, in the very first place, to refrain from responding to spam. You’ll be coming across, almost on a daily basis, spam emails landing up in your inbox. Many of these might even look genuine. You need to train yourself to identify spam and also to refrain from responding to them. Even if an email seems a bit suspicious don’t click on the accompanying link or open the accompanying attachment. Confirm the genuineness of the email and then only open the link or the attachment. Similarly, whenever you realize that you’ve got spam that has been sent from a known email address, contact that person and pass on information regarding the same. That person might not be aware of this. This helps in effective prevention of the spreading of spam emails.

Learn to protect and, if needed, hide your email address

You must learn to protect your email address from spam. There are some very important things that you need to do for this. It’s best to have one or more alternative email addresses, which you could use for things like hotel booking, online shopping etc. This way, your primary email address would be saved from those unwanted spam emails that come following your online purchases or reservations or any such web activities that might enlist you to a spam despatch list.

Another thing that you could do to protect your email address is to hide it as much as possible. Never publish your primary email address on the web unless you absolutely have to do it. At places where you have to publish your email address, publish a secondary one if that’s OK. Publish your primary email address only when you have to do it.

Use third-party antispam filters

It’s always best to use third-party antispam filters or extensions that could help nab those spam emails that sneak past your default email spam filter. Such third-party filters work by identifying spam as messages travel between an email server and an email client. There are different options- free as well as paid- depending on the kind of device you are using and also depending on the extent of your filtering requirements.

Learn to unsubscribe things that you don’t need

There are certain things that come seeking you on a periodic level, like newsletters, which you might not actually need. It would be advisable if you can unsubscribe to such services if you don’t need them at all. Yes, make it a point to unsubscribe things that you don’t need in your inbox. There would be links that would allow you to unsubscribe to such services or to stop receiving emails from that source. This step could help curb spam emails, which might accompany such emails and newsletters, to a great extent.

Change email address, if needed

You must be ready to change your primary email address if needed. When you have accidentally responded to spam and your email address is infected beyond repair, when your email address has been revealed at too many places and stand chances of being suspected to spam attacks, and when your email address has loads of spam in it despite existing security measures being taken (because of security flaws or other such issues) it’s best to change your primary email address, at the earliest. This, we agree, is a drastic step, but if such a drastic step has to be taken, just go for it. Security, after all, is of utmost importance.


Related Resources: 

Best Anti-Spam Email Filters for Thunderbird

How To Avoid Being A Phishing Scams Victim

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Phishing Emails Are Here To Stay, Says Security Firm

The post The Six Most Effective Email Spam Blocker Tips appeared first on .

Fundamental Need For A Productive ITSM (IT Service Management)

It is true that many business departments have introduced various cloud services that realize advanced IT and those do not require the power of the information system department. But the information systems department itself has to change too. It is necessary to move away from the concept of managing IT systems as before and shift its mission to a business partner who provides useful IT services as customers to all users in the company. IT service management holds the key. It standardizes, visualizes and automates each business process that has been made based on personal judgment or occasional judgment from time to time, improves the quality of IT services, eliminates unnecessary work, and eliminates the unnecessary work. Streamline your work.

So how can we introduce and practice proper IT service management? If you do not have experience or knowledge in your company, you do not know where to start, what to do, and what to do. A useful tool in such a situation is to learn and reference best practices in the world’s leading companies. As a guideline, a framework called the Information Technology Infrastructure Library (ITIL) is well known. From a different point of view, applying the concept of IT service management based on ITIL to all business divisions will enable information systems division to regain its leadership again. This is a great opportunity.

In recent years, all companies are accelerating transformation, such as the manufacturing industry, which has been focused on making a limit on manufacturing, accelerating its conversion to a service model. In order to be competitive in the wave of this digital transformation, it is possible to quickly launch strategic IT services even if the future cannot be seen and to improve operation and correct the trajectory according to environmental changes. In some cases, it will be necessary to take flexible measures like never before, such as linking with other companies’ services and promoting co-creation without hesitation. As a support role for business departments and managers, the information systems department has had unprecedented expectations. The first step of ITIL introduction is from the service desk.

In the previous version of V2 , ITIL centered on two major guidelines:

  • Service support that describes daily operation methods
  • Service delivery that describes medium- and long-term service management methods.

In the latest V3 , while following these two ideas, the classification is a concept based on five core principles:

  1. Service strategy
  2. Service design
  3. Service transition
  4. Service operation
  5. Continuous service improvement.

Each indicates the ideal state of each process of IT service, but among these:

  • Service Desk
  • Incident Management
  • Problem Management
  • Change Management Release Management
  • Configuration Management
  • Service Level Management
  • IT Service Financial Management
  • Capacity Management
  • IT Service Continuity Management
  • Availability Management

The above-mentioned parts of ITSM are important concepts for a well-oiled IT organization for any size business. The starting point of these processes is the service desk. Among the Fortune 500 companies, ITIL began to spread in the early 2000s, but more than half of them started the service desk. The reason is that it is the fastest and most visible effect on improving the quality of IT services.

In fact, looking at the current state of the service desk, it’s not uncommon to find workflows that use email or phone interaction. Users can not even see what their request status is now. On the other hand, the manager or head of each department cannot grasp what is stumped by the person in charge at the business site, and the fact is that even if you prioritize the issues, the information to judge them is not gathered. Establishing a workflow for IT service management that is optimal for the entire company by introducing measures to improve the operational workflows of inefficient service desks first, while looking ahead of the system operation management corresponding to the latest technology, user satisfaction.

All providers of ITSM services boast their SLA levels and competitive price points for their potential customers. Companies need to do their homework of researching about the track records of firms that are competing, check reviews from current clients to determine the capability of the service provider. There are lots of things beyond the scope of this article, but there is one thing in common for all ITSM service providers, those are also “for-profit” businesses. These organizations are profit-seeking endeavors as well, which seeks to earn as much profit and do its best to reduce cost as much as possible. A clear understanding of the pros and cons of available competing service providers need to be done by a competent IT team within the organization.


Related Resources:

The 10 Best Managed Security Service Providers in 2019

Managed Service Providers in the Era of Ransomware


The post Fundamental Need For A Productive ITSM (IT Service Management) appeared first on .

Microsoft Warns WannaCry-like Windows Attack

Microsoft warns users of older versions of Windows of installing Windows Update immediately to protect against potential, widespread attacks. The software giant has fixed vulnerabilities in Remote Desktop Services running on Windows XP, Windows 7, and server versions such as Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. Microsoft is taking this unusual approach of releasing patches for Windows XP and Windows Server 2003, although both operating systems do not support it. Windows XP users must manually download updates from the Microsoft Update Catalog.

“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘virus’, meaning that any future malware that exploits this vulnerability could propagate from the vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

Microsoft said it had not observed the exploitation of this vulnerability. However, after the patch is released, it is only a matter of time before the attacker selects Microsoft patches and creates malware. Fortunately, Windows 8 and Windows 10 computers are not affected by this vulnerability. Although Windows 10 is now more popular than Windows 7, there are still millions of computers running Windows 7 that can make potential attacks very problematic.

Microsoft breaks the tradition of not patching, Windows operating systems that are not supported when thousands of computers in more than 100 countries are affected by the malware known as WannaCry. The malware uses a bug in the old version of Windows to encrypt the computer and asks for a $ 300 ransom before opening it. Microsoft is keen to avoid other WannaCry programs, even though it states that “the best way to resolve this vulnerability is to upgrade to the latest version of Windows.”


Related Resources:

Microsoft’s Windows 7, 8.1 To Have Defender Advanced Threat Protection

Windows-based Forensic Tools Available for Everyone

145 Windows-malware loaded Play Store Apps, deleted by Google

Latest Windows 10 Comes With Malware Protection



The post Microsoft Warns WannaCry-like Windows Attack appeared first on .

Vulnerability In Intel Processors Affected Millions of PCs

In early 2018, Intel and AMD processor researchers discovered two important security holes, Spectrum, and Meltdown. Although damage measures have since been released by Intel, AMD, Microsoft, and other major software and software vendors, the method of attack, based on a process called speculative execution, has led researchers to discover a series of four new attacks that affected Intel processors since 2008, reported by Wired.

Intel has flagged the “Microarchitect Data Sampling (MDS) attacks. And while all four attacks are similar to Meltdown and Specter, these new MDS attacks (ZombieLoad, Fallout, and RIDL) seem to be easier to execute.

In these new cases, researchers found that they could use speculative execution to trick Intel’s processors into grabbing sensitive data that’s moving from one component of a chip to another. Unlike Meltdown, which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand.

The researchers found that speculative execution can be used to trick Intel processors to capture sensitive data being transferred from one component of a chip to another. Unlike Meltdown, which uses speculative execution to capture sensitive data in memory, MDS attacks focus on buffers between chip components, such as processor and its cache. The small portion of the memory is assigned to the processor to ensure frequent access.

Each variant of the attack can be used as a gateway to display raw data that traverse a processor’s cache before being rejected via the speculative execution process. With fast and successive execution, a hacker could collect enough random data to capture everything from passwords to keys used to decrypt disks.

“In essence, [MDS] puts a glass to the wall that separates security domains, allowing attackers to listen to the babbling of CPU components,” VUSec, one of the firms that discovered the flaws, said in a paper set to be presented next week and seen by Wired.

Those who found the attack included researchers from Austrian universities TU Graz, Vrije Universiteit Amsterdam, University of Michigan, University of Adelaide, KU Leuven in Belgium, Polytechnic Institute, Worcester, Saarland University in Germany and Cyberus, BitDefender, Qihoo360 and Oracle.

Intel when speaking with Wired said their researchers discovered the vulnerability last year and now have fixes available at the hardware and software level. The company said that it fixed vulnerability in several processors that was sent last month.

Intel researchers, however, disagree on the severity of the vulnerability. While Intel described the attack as “low to moderate,” researchers at the institutions said, “If really dig through that raw output to find the valuable information they sought.”

Microsoft has sent patches for Windows PCs. In a statement to Wired, a Microsoft spokesperson said, “We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers.”

Although patches will become available, their applications on PCs and servers affected by four variables will take some time. This raises the concern that millions of computers worldwide is accessing sensitive data before it is repaired.


Related Resources:

Important Features of Vulnerability Scanners

7 Useful Android Vulnerability Scanners

Vulnerability Helps Researchers Expose Malware C&C Servers

TOP 10 PHP Vulnerability Scanners

The post Vulnerability In Intel Processors Affected Millions of PCs appeared first on .

10 Ways How To Avoid Being A Phishing Scams Victim

Nobody wants to be a victim of phishing. We have seen so many instances of phishing, and looks like the scams are continuing for a good reason: it allow cybercriminals to make huge profits. Phishing scams have been around since the inception of the Internet and will not disappear anytime sooner. Fortunately, there are ways you avoid being a victim yourself. Here are 10 basic guidelines to protect yourself:

1. Be updated about phishing techniques

New phishing methods are constantly being developed. Without you knowing these new phishing techniques, you could accidentally fall prey to one of them. Keep your eyes open for new phishing attacks. If you are not aware of minimum techniques your risk of getting caught is much higher. For IT administrators, ongoing phishing security and phishing awareness training are strongly recommended so that all users can monitor the security within the organization.

2. Never click on a suspicious link

You can click on links when you are on trusted sites. However, clicking on links that appear in random emails and instant messages is not a wise decision. Hover your mouse over the link and it will show you where the link really goes. Do they lead where they should lead? A phishing email can come from a reputable company. If you click on the link to the website, it may look like the real website. The e-mail may ask you to enter the information, but your e-mail address may not include your name. Most phishing emails begin with “Dear Customer,” so be careful when you see them. If in doubt, go directly to the source instead of clicking on a potentially dangerous link.

3. Install Phishing Toolbar

Most web browsers can be customized using phishing toolbars. Such toolbars quickly examine websites visited and compare them to lists of known phishing websites. If you encounter a malicious website, you will be notified via the toolbar. This is just another layer of protection against phishing scams and it is totally free.

4. Check for website security

Needless to say, you should be a little cautious when providing sensitive financial information online. But as long as you are on a secure website, you should not have any problems. Before submitting information, make sure that the site URL begins with “https” and that there is a lock icon next to the address bar. Also, check the site’s security certificate. If you receive a message that a particular website may contain malicious files, do not open the website. Never download suspicious email files or websites. Even search engines can display specific links that lead users to a phishing website offering low-cost products. When the user buys on such a website, cybercriminals extract the details of their credit card.

5. Login into your account regularly

If you do not visit your online account for a long time, it is possible for someone to spend a day working with them. Even if you do not need it technically, log in to each of your online accounts regularly. Also, make a habit of changing your passwords regularly. To avoid bank phishing and credit card phishing, you should regularly check your bank statements personally. Get monthly statements for your financial accounts and carefully review each entry to make sure no fraudulent transactions have been made without your knowledge.

6. Keep your browser up-to-date

Most of the popular browsers releases security patches. They do this in order to thwart security vulnerabilities, so that phishers and hackers discover and exploit it inevitably. If you usually do not know about updates to your browsers, stop it. Now, don’t wait for that moment, when an update is available, download and install it.

7. Use Firewalls

High-quality firewalls act as a shield between you and your computer, even hackers continue to spam you. So you must use two different types: a desktop firewall and a network firewall. The first option is a type of software and the second option is a type of hardware. When used together, they greatly reduce the risk of hackers and phishing attacks on your computer or network.

8. Beware of pop-ups

Pop-ups are masquerading as a legitimate part of a website. Too often, these are phishing attempts. Many popular browsers allow you to block pop-ups. You can authorize them on a case-by-case basis. If you manage to sneak in, do not click the “cancel” button; these buttons often lead to phishing sites. Instead, click on the small “x” in the upper corner of the window.

9. Closely guard your personal Information

In general, you should never share sensitive personal or financial information on the Internet. This rule dates back to the days of America Online, where users had to be constantly warned about the success of the first phishing scams. If in doubt, go to the main website of the company in question, get its number and call it. Most phishing emails will direct you to pages where personal or financial information is needed. An Internet user must never make confidential registrations using the links provided in emails. Never send an email with sensitive information to anyone Make it a habit to check the website address. A secure website always starts with “https”.

10. Use antivirus software

There are many reasons to use antivirus software. The special signatures included with the antivirus software protect against workarounds and known technological flaws. Just make sure you keep your software up to date. New definitions are added all the time because new scams are also constantly invented. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update programs regularly. Firewall protection prevents access to malicious files by blocking attacks. Antivirus software scans each file sent over the Internet to your computer. This helps to prevent damage to your system.


Related Resources: 

HackerCombat Guide on How to Prevent Phishing Attacks

Check Out The Most Disastrous New Phishing Scams of 2018

How to Stay Vigilant Against Phishing Scams

The post 10 Ways How To Avoid Being A Phishing Scams Victim appeared first on .

Twitter Bug Carelessly Shared Location Data of Some iOS Users

According to Twitter, a bug that revealed the user’s location information, and shared it with an unnamed Twitter partner has been fixed.

“We have discovered that we inadvertently collect and shared iOS location data with one of our trusted partners in certain circumstances,” the company said.

According to the blog posts, the bug only affects iOS users who are using the Twitter app who had a second account on their phone. If a user allows Twitter to access the accurate location information for an account, the settings will automatically be applied to other account, even if they do not share location data

Twitter also finds that the information collected is passed on to trusted partners to serve ads through a process known as real-time bidding. However, privacy issues have been resolved by stating that site data is “fuzzed” to reduce accuracy to the nearest zip code or city.

“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,” it stated on the help site.

Although Twitter did not announce when the data exchange took place, the social media company said it had notified affected users and asked users to review their privacy settings in the face of security incidents.

It should also be noted that this security issue is Twitter’s fourth mistake in the past year.

Last September, a bug in the Twitter API accidentally published a private message and protected tweets for developers who were not allowed to read.

In December, it was said that government-sponsored actors could have exploited the vulnerability in an online support form to retrieve the user’s country code and determine whether the Twitter account was suspended or not.

In January this year, Twitter found a security flaw in its Android app causing private tweets of an unspecified number of users to be publicly available since 2014.

In January of this year, Twitter experienced a vulnerability in its Android application that caused personal tweets to be publicly available to a number of unspecified users since 2014.


Related Resources:

Twitter Rolls Out Key Cybersecurity Improvement Vs. Hacking

Twitter to Stop Hackers from Spreading Secrets of 9/11 Attacks

Twitter’s Mobile Phone Integration Is Insecure

The post Twitter Bug Carelessly Shared Location Data of Some iOS Users appeared first on .

FBI Investigating Baltimore Ransomware Attack

Mayor Bernard C. “Jack” Young had assured the residents of Baltimore that the city’s emergency system will start functioning normally, even as they fight ransomware attacks on their computer networks.

FBI agents are investigating the cyber breach, which was first discovered Tuesday morning, and the city’s IT department is working to fix the problem with “some outside help,” Young said. Director of the IT department, Frank Johnson, confirmed that the city’s computers were infected with a “very aggressive” form of ransomware called “RobinHood,” which locks up or holds city files for ransom until the money is paid to the hackers responsible for the malware.

FBI agents are investigating the cybersecurity violations that was first discovered on Tuesday morning, and the city’s IT department is working to resolve the issue with “outside assistance,” Young said. IT Director Frank Johnson confirmed that the city’s computers were infected with a “very aggressive” form of ransomware called “RobinHood,” which locked city files for ransom until they paid money to the hackers who were responsible for this crisis.

Lester Davis, Young’s spokesman, confirmed that there were no personal data of the city residents stolen from the city’s computer system.

Technicians are currently working to find the cause of the problem and determine what is really involved. He and Young refused to comment on the scope of the attack. They said it is under investigation and could not give a time limit when the problem could be resolved.

Young said he would not pay a ransom to the hackers or anybody.

The residents who wanted to pay for water bills, parking tickets, and other expenses need to “return to the manual,” Young said, pay them in person. Late fees for these payments are also temporarily suspended.

“We can say with confidence that public safety systems are up and operational,” Johnson said. “For now, if anybody needs to contact the city the best way to do it is to pick up the plain old telephone and give us a call.”

All city employees work today, even though they are not able to access their emails or files, said Young. If the attack keeps the employees from doing their jobs, the mayor said he would ask them if they would “go out and help us cleanse the city.” Cybersecurity is the second threat to the city in more than a year.

In March 2018, the city delivery system 911 was violated and the call service had to be temporarily put into manual mode, which meant that information about incoming callers could not be forwarded electronically. The system has fully recovered within 24 hours.

Immediately after the 2018 attack, Johnson said the attack was a case of ransomware. An investigation revealed that systems were left vulnerable because of some internal change made to the system’s firewall by a technician who was troubleshooting an unrelated communication issue within the computer-aided dispatch system, Johnson noted.

Johnson said Wednesday that the city has “very, very good capability” for stopping cyber-attacks, and includes cybersecurity awareness in its training for city employees. He added that the city’s IT infrastructure has been assessed several times since he took control of the department in late 2017 and has gotten “multiple clean bills of health.”

He refused to say how often the computer and the city system were updated.

Similar ransomware attacks have occurred in recent years in airports, hospitals, private companies, and other cities, and city officials point out that hacking is not just in Baltimore.

“This could happen anywhere,” Young said. “I don’t care what kind of system you put in place, they always find a way to infect the system.”


Related Resources:

Baltimore Shuts Down Its Servers As the City Is Hit By Ransomware

How to Remove Pewcrypt Ransomware

Beware of 10 Past Ransomware Attacks

Community Efforts Against Ransomware

The post FBI Investigating Baltimore Ransomware Attack appeared first on .