Tag Archive for: Popularity

Calendar app gaining popularity with students raises security concerns

/in


COLORADO SPRINGS — A popular app used by high schoolers is raising concerns from parents and cybersecurity experts. The Saturn app is promoted as a way for high school students to view their schedule, chat, and create a social calendar for meeting up, and planning for school events.

Just two weeks ago, concerns were raised by parents over the ability to link to a user’s TikTok, Snapchat, and other social media accounts.

Another big concern is anyone who downloads the app can make a profile, claiming to be a student. But after reaching out to Saturn myself, I’m told the app has created major changes in the past week to increase security.

Saturn Technologies released a statement saying it is now using a verification process to make sure that those who download the app are actual students at the school they claim to be a part of. The verification process makes sure users use a school email to view class details and students’ profiles.

But a local cybersecurity expert I spoke with tells me the app still holds several red flags when it comes to security. And he doesn’t believe the app is secure enough to shy away hackers.

“Some of the dangers that you might encounter from having too much information on there is stalking, there might be stalkers out there if your location is known, you open yourself up to burglary or more serious crimes. Identity theft, data breaches, so there’s a slew of things that kids face once they get on this particular app,” said Thomas Russell, a cyber education program manager at the National Cybersecurity Center.

“Right now, I can join and easily mock some type of school email because I know the patterns of the school emails locally, and I can easily go in there and get an account myself. And if I can do it, that means anyone can do it.”

Thomas tells me this is a concern because your child can never know exactly who they are talking to. It’s important that parents use parental controls and look at the app and continue to monitor their child’s chat room behavior on the app.

While the app has grown in popularity in our area, it is not something local high schools are asking their students to download. I spoke with several local school…

Source…

Caramel credit card stealing service is growing in popularity

/in


Credit card on a laptop

A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud.

Credit card skimmers are malicious scripts that are injected into hacked e-commerce websites that quietly wait for customers to make a purchase on the site.

Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors.

Threat actors then use these cards to make their own online purchases or sell the credit card details on dark web marketplaces to other threat actors for as little as a few dollars.

The Caramel skimmer-as-a-service 

The new service was discovered by Domain Tools, which states that the platform is operated by a Russian cybercrime organization named “CaramelCorp.” 

This service supplies subscribers with a skimmer script, deployment instructions, and a campaign management panel, which is everything a threat actor needs to launch their own credit card stealing campaign.

The Caramel service only sells to Russian-speaking threat actors, using an initial vetting process that excludes those using machine translation or are inexperienced in this field.

A lifetime subscription costs $2,000, which is not cheap for budding threat actors, but promises Russian-speaking hackers full customer support, code upgrades, and evolving anti-detection measures.

Caramel skimmer deployed on a Nigerian site
Caramel skimmer deployed on a Nigerian site (Domain Tools)

The sellers make unverified claims that Caramel can bypass protection services from Cloudflare, Akamai, Incapsula, and others.

The buyers are provided with a “quick start” guide on JavaScript methods that work particularly well in specific CMS (content management systems).

As the credit card skimming scripts are written in JavaScript, Caramel offers subscribers a variety of obfuscation techniques to prevent them from being easily detected.

The Caramel JS obfuscator tool
The Caramel JS obfuscator tool (Domain Tools)

The credit card data collection is done through the “setInterval()” method, which exfiltrates data between fixed periods. While this doesn’t seem like an effective method, it can help steal details of even abandoned…

Source…

‘Zero-Click’ hacks are growing in popularity. There’s practically no way to stop them

/in


As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.

Dridi’s phone got compromised anyway with what’s called a “zero-click” attack, which allows a hacker to break into a phone or computer even if its user doesn’t open a malicious link or attachment. Hackers instead exploit a series of security flaws in operating systems — such as Apple Inc.’s iOS or Google’s Android — to breach a device without having to dupe their victim into taking any action. Once inside, they can install spyware capable of stealing data, listening in on calls and tracking the user’s location.

With people more wary than ever about clicking on suspicious links in emails and text messages, zero-click hacks are being used more frequently by government agencies to spy on activists, journalists and others, according to more than a dozen surveillance company employees, security researchers and hackers interviewed by Bloomberg News.

Once the preserve of a few intelligence agencies, the technology needed for zero-click hacks is now being sold to governments by a small number of companies, the most prominent of which is Israel’s NSO Group. Bloomberg News has learned that at least three other Israeli companies — Paragon, Candiru and Cognyte Software Ltd. — have developed zero-click hacking tools or offered them to clients, according to former employees and partners of those companies, demonstrating that the technology is becoming more widespread in the surveillance industry.

There are certain steps that a potential victim can take that might reduce the chances of a successful zero-click attack, including keeping a device updated. But some of the more effective methods — including uninstalling certain messaging apps that hackers can use as gateways to breach a device — aren’t practical because people rely on them for communication, said Bill Marczak, a senior research fellow at Citizen Lab, a research group at the University of Toronto that focuses on abuses of surveillance…

Source…

Rising Popularity of IoT: Expanding Challenges for Security Leaders

/in



Read Article

By Argha Bose, Head Cyber Security and Risk Business, TATA Advanced Systems Limited- Cyber Security Practice

Security risks in the world of IoT or the Internet of Things are constantly on the rise with the growth in its popularity. Although IoT has provided businesses with opportunities to create more value and improve efficiencies, the continual connectivity (along with constant information sharing) has provided adversaries with options to compromise the integrity and confidentiality of sensitive data. Consequently, the risks have grown significantly.

There is a broad range of smart devices available nowadays, which are being widely used by individuals in every business vertical. These connected devices include Alexa-enabled digital assistants, smartwatches/fitness bands, smart bulbs, etc. While, if we talk about IoT technology on the industrial level, multiple organizations had already incorporated IIoT and are reaping its benefits. For instance, Magna Steyr, an Austrian automotive manufacturer, is using the concept of smart factories to offer production flexibility. Also, ABB, a power and robotics firm, is utilizing connected, low-cost sensors to observe the maintenance of its robots to timely repair parts before they go down.

I believe that the adoption of IoT & IIoT will keep increasing with time. It is expected that the total number of IoT devices globally will reach 30.9 billion by 2025 (Source: Statista), while the global IIoT market is projected to reach USD 1.1 trillion by 2028 (Source: Grand View Research). Hence, it becomes important for us to step up and understand the security challenges of IoT technology so that the defence can be strengthened.

IoT: Things of Benefit for Threat Actors
Cyber attacks are not new to IoT, the difference is that they are becoming complex than before along with the increasing IT threat landscape. Threats actors view connected devices as an extremely valuable asset because of several reasons, including:

• Interoperability Issue: Industrial IoT (IIoT) environments usually include numerous devices, software, hardware and legacy equipment, which were primarily not designed to work collaboratively. This engenders a…

Source…