Tag Archive for: promote

Spyware industry develops most zero-days and governments promote it

/in


Commercial spyware vendors appear to be the largest developers of zero-day vulnerabilities. Through these vulnerabilities, spyware such as Pegasus and Predator can be installed on devices worldwide. This was stated in a report by Google, in which the tech company is also calling for greater actions against the practices of the spyware industry. Governments should ban those actions, but that is hard because they themselves are buyers of the spyware.

Last year, the Threat Analysis Group (TAG) at Google closely monitored the activities of 40 commercial spyware vendors (CSVs). With the study, TAG determined that these vendors were responsible for 80 percent of the zero-day vulnerabilities found by TAG in 2023. It means that these vendors sought and exploited the vulnerability. The exploitation was aimed at spying on devices around the world.

Pegasus and Predator

In the report, TAG mentions several of these CSVs by name. They are said to include Cy4Gate, RCS Lab, Negg Group and Variston. Intellexa is also named as the developer of the Predator spyware. This spyware came into the spotlight late last year following an Amnesty International investigation. Predator was allegedly purchased by at least 25 countries and deployed to spy on U.S. and EU politicians.

Another vendor, perhaps even better known, is NSO Group. This company made plenty of headlines after the discovery of Pegasus spyware. This software came to light after Apple contacted top European officials on the possibility of spyware on their Apple devices.

Only a fraction of the reality

Commercial spyware vendors appear to have increasingly focused on zero-day vulnerabilities over the years. Over ten years, Google can attribute 35 of the 72 zero-day vulnerabilities found and exploited to these vendors.

So over a ten-year period, the percentage does not even reach 50 percent. Last year, however, it had already reached 80 percent. It seems like these commercial vendors have, mainly in recent years, scaled up their activities to find and exploit zero-day vulnerabilities.

Still, there is another possible conclusion. Namely, TAG’s study assumes the zero-day vulnerabilities found. Researchers have…

Source…

Hackers use Royal Family website to promote links to porn and casinos | UK News

/in



Caption: Exclusive: Hackers use Royal Family's website to promote thousands of links to porn and casinosCredit Getty / royal
Hackers are using the Royal Family’s website to promote thousands of links to pornography and online casinos (Picture: Getty/royal.uk)

The Royal Family’s website is being used by ‘Black Hat SEO’ hackers to promote thousands of links to pornography and other adult content.  

Google is investigating after the prestigious royal.uk address was hijacked by spammers posting blurbs in a mixture of Mandarin Chinese and English.

Searches on the engine show that the official URL has been ‘malformed’ to link to explicit and potentially harmful content elsewhere on the web.

The majority advertise casino and gambling sites while hundreds link to pornography in the attempt to boost search engine optimisation (SEO).

The royals are among the victims of a practice whereby hackers use the online presence of reputable organisations to promote grubby content and increase their rankings in valuable search engine listings.

Although there is no inappropriate material visible on the royal website itself, the rogue links show up in Google searches. The official title complete with the Royal Coat of Arms appears above each result. 


The royal.uk brand is being used to promote seedy content (Picture: Google)
The royal.uk brand is being used to promote seedy content (Picture: Google)

The spammers are thought to have tampered with the royal domain’s metadata — the embedded words and descriptive data which tell people what the content is about. Crucially, it helps search engines understand and index web pages accurately. 

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said: ‘By Royal Appointment is one of the most valuable endorsements that a company can receive, and these hackers have found a way to gain credit via the back door. It looks like they have managed to insert some malicious code in the metadata of the official Royal Family website and hidden rogue links to all sorts of unsavoury pages.

‘Hackers often use phishing attacks to grab passwords, which can let them log in and edit the website metadata. 

‘Visitors to the website shouldn’t stumble across these links, but scammers are benefiting from the association with one of the world’s most prestigious domain names.’ 

Other trusted domain names have been used to promote and…

Source…

Elon Musk deep fakes promote new cryptocurrency scam

/in


Elon Musk

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.

This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits.

This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.

These videos are legitimate interviews modified with deep fake technology to use the person’s voice in a script provided by the threat actors.

An example of one of the scam videos can be seen below, where Elon promotes the new scam site and says he invested $50 million into the platform.

However, if you look carefully, you will see that the deep fake synchronizes the person’s talking to the threat actor’s script, which is so silly as to be comical.

How do we know this is a scam?

While it is obvious that the interviews have been altered to simulate Elon Musk’s voice to promote the BitVex trading platform, numerous other clues show that this is a scam.

Many YouTube channels promoting this trading platform have been hacked to suddenly show YouTube videos or YouTube Shorts that promote the BitVex trading site.

For example, a YouTube channel that displayed gaming videos in Arabic suddenly began showing a series of YouTube Shorts that promoted the BitVex scam. In addition, BleepingComputer has found dozens of other YouTube channels hijacked similarly to promote this scam.

YouTube Shorts promoting BitVex on hacked YouTube channels
YouTube Shorts promoting BitVex on hacked YouTube channels
Source: BleepingComputer

Once you visit the BitVex trading site itself, it becomes more apparent that this is a scam.

For example, the site claims that Elon Musk is the CEO of the trading platform and contains endorsements from Ark Invest’s Cathie Wood and Binance CEO Changpeng Zhao.

Site claiming that Elon Musk is the CEO
Site claiming that Elon Musk is the CEO
Source: BleepingComputer

To use the BitVex platform, users must register an account at bitvex[.]org or bitvex[.]net to access the investment platform.

Once you log in, the…

Source…

Need to bridge digital divide, promote digital security awareness in estate sector

/in



From left: Uva Shakthi Foundation Chairman Suresh Nadesan receiving trilingual reports of the study that was carried out by journalists and researchers Kalavarshny Kanagaratnam and Sara Pathirana 


By Kalavarshny Kanagaratnam and 

Sara Pathirana

It is imperative, especially in this digital age, that everyone makes an effort to understand what it means to be safe online. From the moment we click a button and publish content and other information on the internet, it has already made its way to the worldwide web where the entire world can witness it and consume it. With the ascent of the recent pandemic and the way it has eased us all into a new normal where an even larger number of people around the world heavily began to rely on the internet and using it as a tool to get their work done without needing to worry about the challenges that arrived with the COVID-19 restrictions. Alongside this, the importance of digital security and our safety online too, has been heightened. 

With more people embracing the internet as technology advances, individuals look towards online activities such as hacking into social media and email accounts and stealing sensitive data from its owners. Data, people’s identities and personal images tend to be stolen and used for committing other malicious activities. Many people around the world have already faced and suffered from such problems. Women in particular are increasingly vulnerable to online threats such as cyberbullying. Therefore, it is very important to be aware of the concept of digital security.


Digital security in the estate sector


Digital Security is a collective term that describes the resources employed towards protecting one’s online identity, data, and other assets. These tools include web services, antivirus software, smartphone SIM cards, biometrics, and secured personal devices. In other words, digital security is the process used to protect one’s presence and identity online. Due to a lack of awareness about digital security, many cases of data theft and cyber violence are reported on a daily basis. 

When considering Sri Lanka’s context, the Western province in particular and other nearby provinces would usually…

Source…