Tag Archive for: Service

Appdome unveils advanced Anti-Malware protections against Android accessibility service threats

/in


Appdome, a leader in mobile application security, has announced its new anti-malware protections designed to detect Android Accessibility Service Malware. The protection targets threats such as Xenomorph, Brasdex, Octo, Sharkbot, Flubot, TeaBot, PixPirate, Sova, Spynote, and Joker. These are malicious software used in large scale attacks on mobile banking apps, crypto wallets, and other financial services apps.

Despite being created as an Android framework to aid disabled users with their mobile applications, Android’s Accessibility Service has quickly turned into a playground for fraudsters. Abusive individuals carry out cyberattacks by deploying malware that connects through Accessibility Service into sensitive applications, like banking and mCommerce platforms.

Appdome’s CEO Tom Tovar, shed light on the severity of the issue, saying, “Once the Accessibility Malware is on a user’s device, it can listen, collect, intercept and manipulate Android Accessibility Service events to perform harmful actions without the user’s knowledge.” Fraudsters often mimic human actions within the mobile app, such as harvesting login credentials and completing transactions. Advanced variants like BrasDex and Xenomorph even employ Automated Transfer Systems (ATS) malware, capable of executing end-to-end transactions without a user’s active involvement.

The overall threat this malware poses led to the development of the new defense, explained Tovar. “This is a difficult problem to solve. To support the community, we created a defence that allows legitimate use of Accessibility Service, while at the same time prevents ATS malware from using Accessibility Service for nefarious purposes.”

Appdome’s new Prevent Accessibility Malware feature includes numerous protective measures. These involve multiple detection methods for ATS Malware, detection of potential methods used by ATS Malware in the context of Accessibility Service, and setting Trusted Accessibility Services. This way, brands can recommend trustworthy Accessibility Service applications to users. To further bolster these measures, Appdome also included an Accessibility Service Consent feature that allows users to approve…

Source…

Russian hackers attack computer systems of law enforcement officers – State Special Communications Service

/in


Russian spies are using hackers to attack law enforcement computer systems in Ukraine to identify and obtain evidence related to alleged Russian war crimes.

Source: Yurii Shchyhol, head of the State Special Communications Service of Ukraine, in an interview with Reuters

Details: Hackers working with Russia’s foreign, domestic and military intelligence agencies have stepped up digital intrusion campaigns at Ukraine’s Prosecutor General’s Office and departments documenting war crimes

Quote: “There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often.

This shift towards the courts, prosecutors and law enforcement units, shows that hackers are gathering evidence about Russian war crimes in Ukraine

The groups we’ve identified as being engaged in this activity are part of Russia’s GRU and FSB intelligence agencies.”

Details: Espionage activities will be outlined in an upcoming State Department report due to be published on Monday.

The report, a copy of which was reviewed by Reuters, states that the hackers also tried to collect intelligence on Russian citizens arrested in Ukraine in order to “help these individuals avoid prosecution and move them back to Russia”.

Shchyhol declined to name which units were targeted by the hacking campaign, citing security concerns. The number of documented cybersecurity incidents, he said, rose 123% in the first six months of this year compared with the second half of 2022.

He also stated that Russian hackers targeted government agencies and tried to gain access to their email servers.

There is also evidence that Russian hackers gained access to private surveillance cameras in Ukraine to monitor the results of long-range missile and drone strikes.

Ukrainska Pravda is the place where you will find the most up-to-date information about everything related to the war in Ukraine. Follow us on Twitter, support us, or become our patron!

Source…

Encrypted email provider Proton has built its own CAPTCHA service

/in


Image Credits: Oleksandr Hruts / Getty Images

Proton, the Swiss company that develops privacy-focused online services such as email, has developed its very own CAPTCHA service to help discern between genuine login attempts and bots — and it touts the new system as the world’s first CAPTCHA that is “censorship resistant.”

The company said it has already been testing its CAPTCHA system for several months, and has now transitioned to its home-grown solution entirely.

“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post. “Our primary goal was to provide a system that doesn’t compromise on privacy, usability and accessibility, or security.”

CAPTCHAs, a contrived acronym that stands for the decidedly less-punchy “completely automated public Turing test to tell computers and humans apart,” have long been used on the web to prevent bots from creating multiple accounts with a specific service, or illicitly trying to access someone else’s account through credential stuffing. This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.

CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users. This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.

And then there is the elephant in the room that is data privacy, with some CAPTCHA services — notably Google’s ReCAPTCHA — collecting hardware and software data. And for a company such as Proton, which has built an entire business off the back of privacy-focused tools such as email, a VPNpassword manager, cloud storage, calendar, and password manager, it doesn’t make a whole heap of sense to compromise its reputation through relying on such third-party…

Source…

Canadian dental service pays ransom in 8base ransomware attack

/in


A Canadian provincial government body tasked with providing dental services has paid a ransomware demand after having data stolen in an 8base ransomware attack.

The Alberta Dental Service Corp. said Aug. 10 that it detected the ransomware attack on July 26, when the body discovered that certain data pertaining to public dental benefits programs it administers was implicated in a recent cybersecurity incident. ADSC took measures to prevent authorized access and hired a third-party forensic firm. The corporation was also able to recover affected systems and data from backups with minimal loss.

It’s believed that the data of approximately 1.47 million individuals were compromised, including, in a small number of cases, personal banking information, with those having banking information stolen being offered complimentary credit monitoring services.

So far, the story sounds like a standard ransomware attack where the victim was fortunate to have proper backups and was able to restore service promptly, but then it gets interesting, since ADSC paid the ransom demanded by 8base.

IT World Canada reported that corporate president Lyle Best said in an interview on Friday that a payment was made as part of negotiations between the organization’s cyber insurance provider and forensic investigator. The 8base gang then showed proof the data was deleted as part of the deal.

The amount of the ransom paid was not disclosed. 8base has been active since March 2022 and uses a combination of encryption and “name-and-shame” tactics to force victims to pay a ransom.

According to a report issued by researchers from VMware Inc. in June, the gang operations have similarities to previous ransomware campaigns, suggesting a level of sophistication and experience despite the group’s recent emergence on the ransomware and hacking scene. Typical of most leading ransomware groups in 2023, 8Base operates a leak site where it discloses information about its victims and uses intimidation tactics to pressure victims into paying a ransom.

“This breach underscores the critical need for robust security measures in the healthcare sector,” Erfan Shadabi, a cybersecurity expert with data…

Source…