Tag Archive for: internet

A complete guide to internet security

/in


It doesn’t matter if you browse the internet for pleasure or rely on it heavily for business-related purposes, one thing will never change: there’s nothing more important than security and your computer’s health.

Introduction to internet security

There’s no simple answer to this question, but here’s a basic definition. Internet security refers to the measures and protocols implemented to protect online data and transactions from cyber threats, unauthorized access, and other forms of online exploitation. Internet security is a must for protecting sensitive information from cyberattacks, including personal data, financial records, and confidential communications. By implementing effective security measures, you can safeguard against identity theft, financial fraud, and data breaches, ensuring the integrity and confidentiality of online activities.

Fundamentals of online threats

Understanding common threats is the foundation of internet security and remaining safe online. Malware, phishing, and social engineering attacks are the most common online threats. Each of these is unique in the way that it impacts internet security:

  • Malware: Short for malicious software, malware includes viruses and spyware that damage your computer or steal sensitive information.

  • Phishing: Phishing scams trick you into giving away personal details, typically through deceptive emails resembling legitimate sources.

  • Social engineering attacks: These attacks manipulate you into breaking security protocols by relying on human interaction rather than technical methods.

Beyond these, identity theft and data breaches pose significant risks.

  • Identity theft: This occurs when someone unlawfully acquires your personal information to commit fraud.

  • Data breaches: Data breaches involve unauthorized access to secure databases to steal and/or expose confidential information.

All of these online threats underscore the importance of implementing security measures and remaining vigilant.

Navigating safely: Web browsing best practices

Safely navigating the web calls for a set of best practices to protect you at all times. To start, when browsing the internet, recognizing secure (and unsecured) connections is important. Look for…

Source…

Critical Backdoor Internet Security Breach Accidentally Found Before Implementation – MishTalk

/in


I am fascinated by a story of how a Microsoft engineer discovered a major, heavily disguised, backdoor security breach that was years in the making, and nearly implemented.

Background

Hidden in a widely use compression utility was a software backdoor that would allow someone remote access to entire systems.

This was a multi-year endeavor by user named Jia Tan, @JiaT75 who gained trust over many years. His account is now suspended everywhere.

HackerNews has this interesting snip.

Microsoft security researcher Andres Freund has been credited with discovering and reporting the issue on Friday.

The heavily obfuscated malicious code is said to have been introduced over a series of four commits to the Tukaani Project on GitHub by a user named JiaT75.

The Long Game

These opensource projects are volunteer work. They pay nothing.

The person normally responsible for the code, Lasse Collin (Larhzu), maintained the utility since 2009 but was suffering burnout.

Jia Tan started contributing in the last 2-2.5 years and gained commit access, and then release manager rights, about 1.5 years ago.

Backdoor Uncovered in Years-Long Hacking Plot

Much of this story is extremely geekish and difficult to understand. An article on Unicorn Riot is generally readable.

Please consider Backdoor Uncovered in Years-Long Hacking Plot

A fascinating but ominous software story dropped on Friday: a widely used file compression software package called “xz utils” has a cleverly embedded system for backdooring shell login connections, and it’s unclear how far this dangerous package got into countless internet-enabled devices. It appears the persona that injected this played a long game, gaining the confidence of the legitimate main developer, and thus empowered to release new versions themselves.

Andreas Freund reported this Friday morning on an industry security mailing list, leading many experts to spend the day poking under rocks and peering into the abyss of modern digital insecurity: “The upstream xz repository and the xz tarballs have been backdoored,” Freund wrote. It cleverly pokes a hole in the SSH daemon (sshd), which is essential to modern-day computing at the most fundamental level.

The…

Source…

Internet Computer blockchain has raised $80M | Dfinity Foundation

/in


The Internet Computer Protocol is an ambitious blockchain project aimed at creating a world computer, and according to a new report from the shepherding nonprofit Dfinity Foundation, it has raised more than $80 million to date.

The Internet Computer Protocol (ICP) realizes the vision of a World Computer – an open and secure blockchain-based network that can host programs and data in the form of smart contracts, perform computations on smart contracts in a secure and trustworthy way, and scale infinitely.

Competing and coexisting with other blockchains like Bitcoin, Ethereum and Solana, the ICP has evolved into one of the first Bitcoin Layer-2s, with over $67 million in ckBTC (chain-key Bitcoin) transactions and 300-plus developers crafting Bitcoin-enabled decentralized apps (dApps).

“The ICP community has made tremendous strides this past year, from expanding the ICP Hubs Network globally to integrating Bitcoin at the protocol level directly on-chain to allow cryptocurrency to be used in everyday applications.” said Lomesh Dutta, vice president of growth at Dfinity Foundation. “The success of the SNS framework has been a big win for decentralized governance worldwide, and through its innovative tech stack and multiple network integrations, the ICP is unlocking access to a seamless, trustless multichain future for Web3.”

GB Event

GamesBeat Summit Call for Speakers

We’re thrilled to open our call for speakers to our flagship event, GamesBeat Summit 2024 hosted in Los Angeles, where we will explore the theme of “Resilience and Adaption”.


Apply to speak here

Dfinity Foundation role

Activity on the ICP blockchain.

I spoke with Dutta about the significance of the report.

As vice president of growth at the Dfinity Foundation, Dutta’s team is the one responsible to essentially help all the teams that are building on…

Source…

Global malware surge revealed in WatchGuard’s latest Internet Security Report

/in


A recent Internet Security Report revealed a significant surge in evasive malware, amplifying the total volume of malware globally. Global cybersecurity leader WatchGuard Technologies compiled the report, which also outlined crucial trends among top malware and both network and endpoint security threats, exploring data collected and analysed by their Threat Lab researchers.

Key findings showed threat actors increasingly exploiting on-premises email servers and a continuing decline in ransomware detections, potentially due to law enforcement’s concerted international efforts to dismantle ransomware extortion groups.

Corey Nachreiner, WatchGuard’s Chief Security Officer, stated that their latest research shows threat actors using various techniques to target vulnerabilities, especially in older software and systems. He emphasised, “Organisations must adopt a defence-in-depth approach to protect against such threats. Updating the systems and software on which organisations rely is a vital step toward addressing these vulnerabilities.”

Among the report’s key findings was a parallel increase in evasive, basic, and encrypted malware in Q4 2023, contributing to an overall rise in malware. The average malware detection per Firebox grew by 80% compared to the previous quarter, evidencing a significant volume of malware threats arriving at the network perimeter. Geographically, the Americas and the Asia-Pacific region experienced the most significant increase in malware instances.

TLS and zero-day malware instances were also noted to rise. Approximately 55% of malware arrived over encrypted connections, a 7% increase from Q3. Meanwhile, zero-day malware detections jumped to 60% of all malware detections, up from 22% the previous quarter. However, zero-day malware detections with TLS fell to 61%, exhibiting a 10% decrease from Q3, shedding light on the unpredictability of malware in the wild.

Two of the top five malware variants led users to the DarkGate network. JS.Agent.USF and Trojan.GenericKD.67408266, both in the top five, redirected users to malicious links. Both of these malware loaders also attempted to load DarkGate malware onto the victim’s computer.

A resurgence of…

Source…