Tag Archive for: ‘red

Red flags – which platforms/services do internet users have most privacy concerns about?

/in


Kaspersky analyzed anonymized data, voluntarily provided by Privacy Checker, a website that contains helpful advice on privacy settings for various internet services and platforms. The results reflect which services and platforms’ internet users have the most privacy concerns about. The data show, most customers are worried about the security of popular mobile operating systems (21.2%) and Google’s privacy level (18.3%). 

Internet users leave digital footprints when they use various online services. This footprint may include visited websites, uploaded photos, and interactions on social media (such as comments, posts and reactions). The correct privacy settings in digital services can help reduce the number of traces online, and help you take control of your information. Our research explored which services and platforms users are most concerned about regarding privacy and security of personal data. 

The data was obtained based on anonymous data on visits to the Kaspersky Privacy Checker website between December 2019 and August 2021. Kaspersky analyzed for which services and platforms users most opened the security setting instructions. 

Among the most popular requests for privacy were Google settings on Android (11.1%), security rules for Android OS (7.3%), and WhatsApp settings on Android (5.9%). 

When it comes to social networks, users most frequently viewed the Facebook security pages on various platforms (15.7%). Instagram was the second most reviewed social network in terms of the number of requests for settings privacy – its total share of appeals was 9.9%. TikTok took third place with an 8.1% share of requests for security settings. Considering its monthly active audience is four times smaller than Facebook’s (689 million versus 2.9 billion), the numbers show that the privacy offered by TikTok is also of great concern to users.

Among messenger services, users are most concerned with the WhatsApp security level – the share of requests about its security policy was 13.9%.

Meanwhile, the Russian social network VK also made it into the top global queries, at 7.7%. VK is Russia’s most popular social network, and the share of security instructions…

Source…

Sydney Trains and Transport for NSW cyber security flaws exposed in ‘red team’ hacker attack

/in


Anti-hacking defences put up by Sydney Trains and Transport for NSW were no match for a simulated cyber attack orchestrated by a government watchdog, a new report reveals.

The “red team” hacking exercise conducted by the NSW Auditor-General revealed “significant weaknesses” in the agencies’ cyber security schemes, the watchdog wrote in the report released on Tuesday.

“Transport for NSW and Sydney Trains are not effectively managing their cyber security risks,” Auditor-General Margaret Crawford wrote in the report.

“Significant weaknesses exist in their cyber security controls, and both agencies have assessed that their cyber risks are unacceptably high.”

The report also notes that few staff members at the agencies have received basic cyber security training and that executives do not receive regular detailed cyber risk briefings.

“As a result, neither agency is fostering a culture where cyber security risk management is an important and valued aspect of executive decision-making,” Ms Crawford wrote.

The test was conducted by allowing “authorised attackers” to try to penetrate the computer systems.

The “red team” also tested the security of some of the train systems’ physical sites that were relevant to cyber security, the report said.

Transport for NSW and Sydney Trains were made aware in advance that the test would occur.

The exercise revealed security holes that the agencies weren’t previously aware of, it was revealed.

The agencies fought to suppress exactly what those weaknesses were because they feared revealing the vulnerabilities could expose them to further attacks.

“TfNSW and Sydney Trains have advised that in the six months from December 2020 and at the time of tabling this audit report, they have not yet remediated all the vulnerabilities identified,” Ms Crawford wrote in a foreword.

“As a result, they, along with Cyber Security NSW, have requested that we not disclose all information contained in this audit report to reduce the likelihood of an attack on their systems and resulting harm to the community.

“I have conceded to this request because the vulnerabilities identified have not yet been remediated and leave the agencies exposed to…

Source…

Windows 11 Upgrade Row Reveals Microsoft Ransomware Red Herring

/in


Remember back in 2015 when Microsoft ‘developer evangelist’ Jerry Nixon now famously stated that “Windows 10 is the last version of Windows” at the Microsoft Ignite conference that year? If not, maybe you recall how the company called it “the most secure Windows ever” just before it launched that same year? Guess what? The first statement hasn’t aged well, with Windows 11 now looking likely for release in October.

Microsoft is also beating the Windows 11 security drum and beating it hard by talking up how it features the strongest protection against malware yet. However, it’s the claim that Windows 11 will “raise the security baseline” to protect against ransomware that has got many infosecurity professionals scratching their collective heads.

The great Windows 11 TPM kerfuffle

Before we get to the Windows 11 ransomware red herring, let’s deal with the security stink that been wafting around social media and tech forums since the hardware requirements for running the next-generation Windows operating system were revealed, shall we?

Yes, I’m talking about the great TPM kerfuffle. The Trusted Platform Module (TPM) is a hardware requirement for running Windows 11, specifically TPM 2.0, which replaced the previous TPM 1.2 standard in 2019, hence the online anger over needing to upgrade your computer to upgrade the OS.

MORE FROM FORBESRansomware Reality Shock: 92% Who Pay Don’t Get Their Data BackBy Davey Winder

An uproar which isn’t totally justified as Chester Wisniewski, a principal research scientist at Sophos, says, “TPM 2.0 is available to almost all hardware at no real cost these days as it has built into nearly all Intel and AMD processors for many years now.”

What’s more, if you have a TPM 1.2 chip, this can likely be upgraded to TPM 2.0 by way of a firmware update from the computer vendor at no cost, rather than requiring a new hardware module to be purchased and installed.

Although Microsoft has withdrawn the somewhat controversial, because of the lack of detailed information it provided to users, Windows 11 compatibility checker at the moment, it’s easy enough to find out if you have the TPM 2.0 component required to run Windows 11. Open device…

Source…

Adversa AI Red Team Introduces Technology for Ethical Hacking of Facial Recognition Systems

/in


The Adversa AI Red Team has performed a proof-of-concept attack on PimEyes, the most popular and advanced public picture face search engine.

FREMONT, CA: Adversa AI, a trusted AI research leader, has presented a novel attack method for AI facial recognition applications. It causes an AI-driven facial recognition algorithm to misidentify people by introducing subtle alterations in human faces. Compared to previous similar approaches, this method is portable across all AI models while also being far more precise, stealthy, and resilient.

The Adversa AI Red Team has performed a proof-of-concept attack on PimEyes, the most popular and advanced public picture face search engine. Clearview, a commercial facial recognition database sold to law enforcement and governments, is likewise similar. Unfortunately, PimEyes duped, and the CEO of Adversa was mistaken for Elon Musk in the photo.

The attack is unique because it is a black-box assault created without a thorough knowledge of the search engine’s algorithms. As a result, the vulnerability may get utilized with a variety of facial recognition engines. Because the attack allows malefactors to disguise themselves in various ways, we’ve given it the name Adversarial Octopus, a reference to the animal’s stealth, precision, and adaptability.

The existence of such flaws in AI systems, particularly facial recognition engines, could have disastrous implications and be utilized in poisoning and evasion scenarios like the ones below:

  • Hacktivists could cause havoc in AI-powered internet platforms that employ facial attributes as input for any judgments or further training. In addition, by changing their profile images, attackers can poison or bypass the algorithms of large Internet corporations.

  • In banks, trading platforms, and other services that provide verified remote help, cybercriminals can steal human identities and evade AI-driven biometric authentication or identity verification systems. In every case where classic deepfakes can be helpful, this attack can be even more subtle.

  • Dissidents use it to conceal their online activities in social media from police enforcement. The virtual world we now live in resembles a mask or a…

Source…