Tag: Bots | Page 3

Bots Buy Up Raspberry Pi Products | Avast

March 25, 2022/in Internet Security

Adafruit, a distributor of Raspberry Pi single board computers, has mandated that certain new purchases can only be completed with the use of two-factor authentication. The new requirement is due to reselling schemes that use bots to buy up the last of the products. Raspberry Pi chief Eben Upton told ZDNet that this kind of automated purchasing is typical when supplies are short, as opportunists try to profit from the situation by clearing the market, then reselling the products at a marked-up cost. Users intending to purchase “certain high-demand items” from Adafruit will now need to have a verified Adafruit account with two-factor authentication enabled.

“This is an interesting use of 2FA – not to protect users from ID Theft, but to make sure it’s a real user behind the purchase,” commented Avast Security Evangelist Luis Corrons. “This is not the first time we’ve seen bots being used this way, either. When PlayStation 5 and Xbox Series were launched, the demand was much higher than the supply, and some groups used bots to acquire any and all units in order to resell them later at a higher price.” Currently, 1GB, 2GB, 4GB, and 8GB Raspberry Pi variants are all sold out at Adafruit.

Apple services experience massive outage

On Monday, many Apple services went down for several hours, including Apple Music, iCloud, iMessage, Apple Maps, Apple Card, Apple TV+, the App Store, FaceTime, Siri, and more. The outage was both consumer-facing and internal, as Apple’s own infrastructure was affected, causing Apple Store employees to resort to pen and paper to keep the stores running. Apple suffered a smaller outage last month, but it was nowhere near the scale of Monday’s issues, which affected over 29 Apple services. Apple’s System Status page now reports all outages and issues resolved. For more, see Ars Technica.

Lapsus$ hacking group steals Microsoft source code

Microsoft confirmed on its blog this week that the Lapsus$ hacking group had exfiltrated portions of Microsoft source code. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our…

Source…

Safeguarding the user experience starts with tackling bots

March 4, 2022/in Mobile Security

Safeguarding the user experience starts with tackling bots | Security Magazine

Source…

Catawiki Tackles E-commerce Security Threats, Malicious Bots

February 10, 2022/in Mobile Security

More than half of cyberattacks on e-commerce websites in 2021 were carried out by bots, according to a report by security firm Imperva. Many of the bots displayed a high level of sophistication, effectively mimicking human behavior to evade detection methods.

While e-commerce security threats are a problem for a wide variety of online retailers, the most vulnerable among them are online auction sites — especially those that deal in high-end goods and services. Auction sites must continually evolve their security capabilities or else potentially fall victim to credential stuffing, data scraping, shill bidding and account takeovers.

Catawiki, a curated marketplace in Europe for luxury goods and specialty items, considers itself an attractive target for attackers because of its growth. The site has more than 10 million unique monthly visitors and more than 12,000 objects submitted to the site daily.

“We often have threat actors looking to take over valid user accounts so they can use them to buy things with the card on file or with a stolen card,” said Paul Moreno, CTO at Catawiki. “It’s something everybody in our business has to deal with.”

E-commerce security threats had previously overwhelmed Catawiki’s capabilities. The company’s security posture had declined over time due to a combination of technical debt and lack of vision. The result was an increase in brute force attacks and stolen credentials.

Moreno joined Catawiki in February 2020 to shore up the company’s security program. The impact of the cyber attacks was unacceptable, Moreno said. Breaches could result in fines for regulatory violations, potential lawsuits from consumers who experienced financial damage, and financial harm to Catawiki as a company. For example, an attack on Catawiki’s mobile app could lead to a spike in SMS verifications, each of which costs the company money, he said.

And then there was the potential damage to customer and employee confidence, which is priceless. “We want to maintain the image of a trusted platform, so it was extremely important to us to stop these attacks from happening,” Moreno said.