Tag Archive for: Smuggling

Week in review: LastPass breach disaster, online tracking via UID smuggling, ransomware in 2023

/in


Cybersecurity week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

LastPass says attackers got users’ info and password vault data
The information couldn’t come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays.

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers.

Make sure your company is prepared for the holiday hacking season
We’re coming to that time of the year when employees are excited about the holidays and taking time off to be with their loved ones. But while employees are preparing for some rest and relaxation, hackers are gearing up for their busy season.

5 cybersecurity trends accelerating in 2023
Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023.

What happens once scammers receive funds from their victims
In this Help Net Security video, Ronnie Tokazowski, Principal Threat Advisor at Cofense, offers insight into the world’s most lucrative cybercrime – business email compromise (BEC).

APIs are placing your enterprise at risk
The recent push to focus on API security comes at a critical time where more enterprises are relying on enterprise mobility, meaning increasing a reliance on mobile app connectivity.

UID smuggling: A new technique for tracking users online
Advertisers and web trackers have been able to aggregate users’ information across all of the websites they visit for decades, primarily by placing third-party cookies in users’ browsers.

Ransomware predictions for 2023
In this Help Net Security video, Dave Trader, Field CISO at Presidio, talks about the evolution of ransomware attacks and outlines what we can expect in 2023.

Amplified security trends to watch out for in 2023
In 2023 and beyond, organizations can expect to continue dealing with many of the same threats they face today but with one key difference: expect criminals…

Source…

UID smuggling: A new technique for tracking users online

/in


Advertisers and web trackers have been able to aggregate users’ information across all of the websites they visit for decades, primarily by placing third-party cookies in users’ browsers. Two years ago, several browsers that prioritize user privacy began to block third-party cookies for all users by default. This presents a significant issue for businesses that place ads on the web on behalf of other companies and rely on cookies to track click-through rates to determine how much they need to get paid.

Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID (or UID) smuggling, which does not require third-party cookies. But no one knew exactly how often this method was used to track people on the Internet.

Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher. CrumbCruncher navigates the Web like an ordinary user, but along the way, it keeps track of how many times it has been tracked using UID smuggling. The researchers found that UID smuggling was present in about 8 percent of the navigations that CrumbCruncher made. The team is also releasing both their complete dataset and their measurement pipeline for use by browser developers.

The team’s main goal is to raise awareness of the issue with browser developers, said first author Audrey Randall, a computer science Ph.D. student at UC San Diego. “UID smuggling is more widely used than we anticipated,” she said. “But we don’t know how much of it is a threat to user privacy.”

UID smuggling

How user ID smuggling works

UID smuggling can have legitimate uses, the researchers say. For example, embedding user IDs in URLs can allow a website to realize a user is already logged in, which means they can skip the login page and navigate directly to content.

It’s also a tool that a company that owns websites with different domains can use to track user traffic. It’s also, of course, a tool for affiliate advertisers to track traffic and get paid. For example, a blogger who advertises a product using affiliate links might be paid a commission if anyone clicks…

Source…

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

/in


As Russia’s invasion of Ukraine drags on, navigation system monitors reported this week that they’ve detected a rise in GPS disruptions in Russian cities, ever since Ukraine began mounting long-range drone attacks. Elsewhere, a lawsuit against Meta alleges that a lack of adequate hate-speech moderation on Facebook led to violence that exacerbated Ethiopia’s civil war. 

New evidence suggests that attackers planted data to frame an Indian priest who died in police custody—and that the hackers may have collaborated with law enforcement as he was investigated. The Russia-based ransomware gang Cuba abused legitimate Microsoft certificates to sign some of their malware, a method of falsely legitimatizing hacking tools that cybercriminals have particularly been relying on lately. And with the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflected on the current state of open source supply-chain security, and what must be done to improve patch adoption.

We also explored the confluence of factors and circumstances leading to radicalization and extremism in the United States. And Meta gave WIRED some insight into the difficulty of enabling users to recover their accounts when they get locked out—without allowing attackers to exploit those same mechanisms for account takeovers.

But wait, there’s more! Each week, we highlight the security news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories.

Alexey Brayman, 35, was one of seven people named in a 16-count federal indictment this week in which they were accused of operating an international smuggling ring over the past five years, illegally exported restricted technology to Russia. Brayman was taken into custody on Tuesday and later released on a $150,000 bond, after being ordered to forfeit his passport and abide by a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two ran an online craft business out of their home. “They are the nicest family,” a delivery driver who regularly drops off packages at their home told The Boston Globe. “They’ll leave…

Source…

Convict caught smuggling mobile phone into central prison

/in


Security checks at the central prison of Parappana Agrahara has been stepped up ever since videos of the accused in Bajrang Dal activist Harsha’s murder case talking over mobile phones and making video calls while in prison went viral. The Chief Superintendent of Prison stepped up security measures and even filed a case against the accused for using mobile phone during Eid to talk to family and friends.

On Tuesday, Karnataka State Industrial Security Force staff deployed at the prison caught a convict trying to get into the prison with a mobile phone and memory card concealed in his pant. The accused, Kamanna K., was being escorted by Ponnampet police to central prison when constable Praveen H.G. of KSISF recovered the mobile phone and memory chip during frisking. The accused, along with the seized items, has been handed over to Chief Superintendent of Prison P.R. Ramesh, who filed a case with the jurisdictional police.

Earlier on Sunday, the Electronics City division police, along with the prison staff, conducted joint operations and searched the barracks and inmates, including the high-security section.

As many as nine inmates, including convicts and undertrials, were caught with ₹97,270 cash, four knives, five scissors, a SIM card, and a memory card.

The accused have been booked under various sections of Karnataka Prison Act and further investigations are on to ascertain the source of banned items inside the prison.

Source…