Tag Archive for: Asia

Troy Hunt at Black Hat Asia: ‘We’re making it very difficult for people to make good security decisions’

/in


Have I Been Pwned founder’s keynote offered a sobering counterpoint to the well-meaning ‘World Password Day’

Troy Hunt at Black Hat Asia: 'We're making it very difficult for people to make good security decisions'

Imagine a parent’s terror when the geolocation of their child’s smart watch suddenly switches from tennis practice to the middle of the ocean.

This was precisely the scenario simulated by Ken Munro of UK infosec firm Pen Test Partners via exploitation of an insecure direct object reference (IDOR) vulnerability in an IoT device, and with help from Troy Hunt, creator of data breach record index Have I Been Pwned, and his daughter.

This was one of many eye-opening tales of shoddy security behind the “endless flow of data” into Have I Been Pwned recounted today (May 6) during Hunt’s keynote address at the all-virtual Black Hat Asia 2021.

Another API flaw in the TicTocTrack kids watch meant Munro’s colleague, Vangelis Stykas, successfully initiated a voice call through the device with zero interaction required from the wearer.

Logged into his own account, Munro also compromised other ‘family’ accounts by simply changing an identifier parameter. A subsequent security patch created an even more egregious regression bug.

Hunt also cited a purely physical intrusion that nevertheless “perfectly illustrates” his digital insecurity theme.

Having notified the vendor that he had dismantled their $47.99 biometric lock, a popular YouTube lock-picker was told the contraption was “invincible to people who do not have a screwdriver”.

Phishy email marketing

During his keynote, Hunt noted that even supposedly security-conscious organizations are “making it very difficult for people to make good security decisions”.

The infosec pro cited a ‘phishy’ email he received from Australia’s ANZ Bank featuring a suspicious, HTTP URL that redirected to another suspicious URL: ‘c00.adobe.com’.

The email turned out to be a genuine ANZ communication.

“Over and over again”, lamented Hunt, we see “legitimate organizations sending legitimate communications that are indistinguishable from phishing attacks”.

rrrAustralian infosec pro Troy Hunt delivered the Black Hat Asia 2021 keynote

Publicly accessible databases

Founded in 2013, Have…

Source…

Syxsense Announces New Asia Expansion

/in


ALISO VIEJO, Calif., Dec. 2, 2020 /PRNewswire/ — Syxsense, a global leader in IT and security management solutions, announces support for two new Asian languages.

As Syxsense continues to expand internationally, supporting larger global customers, they’ve added additional language support for Japanese and Korean. Support for the new countries will be delivered from Syxsense’s US and Australian headquarters.

The additional languages supported by Syxsense expands its already global footprint. Syxsense currently has offices in the US, UK and Australia, supporting clients in Asia, Africa, Europe and the Americas.

Support for the new languages comes at a time when millions of workers are remote due to Coronavirus lockdowns, creating a cyber security risk. Several clients recently reviewed Syxsense on Gartner-owned Capterra, commenting on Syxsense’s ability to manage and secure remote workers:

  • “I’ve been able to address Windows patching for staff who no longer come into our network due to Covid-19, as well as software patching capabilities. Remote management has also been helpful as well as basic system review/maintenance in the background without the user’s input.” – Director of IT, Hospital & Health Care.
  • “Being able to monitor inventory, processes, patching and queries in real-time have really helped keep our environment secure and up to date. This has been very important as remote working has increased across the board.” – IT Desktop Administrator, Non-Profit Organization Management.
  • “We were starting to see issues keeping our devices up to date prior to Covid but when Covid hit and we were no longer seeing devices in the office. Syxsense was a life saver!  It has allowed us to keep eyes on our devices and ensure that they are fully patched against vulnerabilities. The remote-control feature has allowed us to get to devices that we can’t access via VPN.” – Systems Administrator, Utilities.
  • “Our company had a problem with management of users working from home. If they did not connect to VPN there was not a lot we could do to keep the machine patched and secure. Ever since we installed the Syxsense agent on all our machines we can keep them up to date and connect to them with…

Source…

Botnet Detection Market Growth Drivers and Investment Opportunity 2027 – Khabar South Asia

/in


 

Botnet Detection Overview

The Botnet Detection market report has numerous segments clarifying the significance of statistical surveying for the following forthcoming decade (2020-2027). This report is intended to oblige requests of those organizations that wish to move into new market section. This step is majorly done by those organizations who want to expand their business portfolio along with realizing profits. The test run using the report guidelines help in gauging the market that further leads to fortifying the plan. This can be considered a smart marketable strategy. This tactic not only saves time but also the capital of the companies.

Global Botnet Detection Market was valued at USD 193.04 Million in 2018 and is projected to reach USD 3 Billion by 2026, growing at a CAGR of 40.70% from 2019 to 2026.

Get a sample of the report @ https://www.verifiedmarketresearch.com/download-sample/?rid=8979

It is essential to follow the past trends as they give a detailed vision of the upcoming trends. With the idea about the latest trends, the Botnet Detection report underlines the market drivers, weaknesses, opportunities and threats present in the existing market. Due to ongoing COVID-19 pandemic, majority of the businesses have succumbed to the market dip.

It must be noted that the Botnet Detection market is one of the industries that were able to push past the market turbulence. This report gives background details of the market scenario along with suggesting steps to increase the ROI along with improving the probability of demand in the new market.

The study provides a comprehensive qualitative and quantitative analysis of the factors affecting the market with an aim to provide an in-depth analysis of growth trends in the market. The report aims to provide an accurate insight into the current and emerging trends of the market. Moreover, the report covers technological developments, market value analysis, volume, and micro- and macro-economic factors affecting the growth of the industry, along with the latest industry trends.

The report covers extensive analysis of the key market players in the market, along with their business overview, expansion plans, and strategies….

Source…

WAPDropper Android Malware Targets Southeast Asia Users, Experts Warn

/in


Security firm Check Point discovers a new malware called WAPDropper that spreads through malicious apps and targets users in Southeast Asia.

The malware victims are charged for expensive premium mobile services once they downloaded the apps. The attack is similar to the ones that became popular in the late 2000s.

WAPDropper Malware

(Photo : Jonah Pettrich/Unsplash)
WAPDropper Malware

How WAPDropper Malware works?

Check Point security researchers said the new Android malware are acquired using malicious apps from third-party app stores. Once the malware gets through, it signs up users for premium phone numbers, which charge huge fees for different services. Meanwhile, a CAPTCHA step is sometimes required to finalize the subscription.

This results to large phone bills every month until they contact their mobile provider to file a report about the issue or unsubscribe from the premium number.

This kind of attack became popular in the late 2000s, but vanished later as smartphones came out. However, it managed to return in the early 2010s after cyberattackers found that there are numerous telephone companies and modern phones that still used the older WAP standard.

WAPDropper Malware: Security Researchers Discovers Mobile Malware Targeting Southeast Asia Users

(Photo : Check Point)
WAPDropper Malware: Security Researchers Discovers Mobile Malware Targeting Southeast Asia Users

According to Check Point, the WAPDropper operated using two modules: the dropper and the component that implemented the actual WAP fraud.

The first module was packed inside the malicious apps, which reduces the fingerprint and size of malicious code. Once victims downloaded these apps and installed them on the device, the module would download the second component, which would begin swindling the users.

Read also: Cybercriminals Now Target Google Workspace Tools: 5 Phishing Campaigns Use Form, Docs, and Sites

WAPDropper Malware attackers from Southeast Asia

Check Point researchers claim that upon checking the premium phone numbers that were used in this malware scheme, the cybercriminals are likely to be from Malaysia or Thailand. It is also possible that they are working with people from these countries.

Researchers said the attack is a numbers game, in which more revenue is…

Source…