Tag Archive for: stealing

This Cryptomining Tool Is Stealing Secrets

/in


As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

The US federal foreign intelligence collection tool—a frequently abused surveillance authority—known as Section 702 is facing its demise at the end of the year despite being viewed as the “crown jewel” of US surveillance powers. So far, no members of Congress have introduced a bill to prevent its January 1 sunset. And the identity-management platform Okta suffered a breach that had implications for nearly 200 of its corporate clients and brought up memories of a similar hack the company suffered last year that also had knock-on effects for customers.

An EU government body has been pushing a controversial proposal with far-reaching privacy implications in an attempt to combat child sexual abuse material, but its most outspoken advocates recently added to the drama significantly by essentially launching an influence campaign to support its passage. The long-foreseen nightmare of using generative AI to create digital child abuse materials has arrived with a flood of images, some of which are completely fabricated while others depict real victims generated from old datasets.

We also went deep this week on a…

Source…

I’m a hacking expert – never tap or click four common bank-draining words or risk strangers stealing your credit card

/in


GADGET users are being warned over a dangerous type of pop-up message that could leave your bank empty.

Cybercriminals can use pop-ups to hijack your computer or smartphone, experts have warned.

Be careful what you click

1

Be careful what you clickCredit: Unsplash

Crooks will often use a type of software called spyware to watch what you’re doing online.

Once they’ve tricked you into downloading spyware, there’s almost no limit to what a hacker can do.

“The impact of spyware on identity theft cannot be understated,” said a cybersecurity expert from McAfee.

“By stealthily recording sensitive personal and financial information, like usernames, passwords, and credit card numbers, it presents a significant risk to a user’s identity.”

A crook could install spyware on your device if they had physical access to it.

But it’s more more likely that you’ll end up being a victim of spyware due to a mistake online.

Criminals often attempt to trick you into installing spyware by making you think you’re downloading something else.

“Preventing spyware from infecting your system starts with practicing good online habits,” the McAfee expert explained in an official security memo.

“Avoid downloading files from untrusted sources, especially torrents and software cracks notorious for being riddled with spyware.”

But you might also find yourself downloading spyware after interacting with a pop-up message.

If you end up on a suspicious website, you might find a notification appearing on the screen.

These may seem harmless, but if you see the following four words, you might be in trouble.

“Never click ‘Agree,’ ‘OK,’ ‘No,’ or ‘Yes’ in a pop-up, as these actions can trigger an automatic spyware download,” McAfee warned.

“Instead, close the pop-up by hitting the red X or shutting down your browser altogether.”

Don’t forget!

Of course avoiding rogue pop-ups isn’t the only way to stave off spyware.

You should also regularly update the operating system on your device – whether that’s iOS, Android, Windows or macOS.

Read more on the Irish Sun

“These patches often contain fixes to known vulnerabilities that spyware and other malicious programs exploit,” the McAfee cyber-expert explained.

“Also, ensure to download and use your web…

Source…

Ransomware criminals dump personal information of students online after stealing files from MN school

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. Not until February did district officials disclose the breach’s full dimensions.

The lasting legacy of school ransomware attacks, it turns out, is not in school closures,…

Source…

Preventing hackers from stealing your identity

/in


By now, you’ve probably seen a deepfake video or two come across your social media feed (hey, that deepfake Tom Cruise is pretty convincing). Did you know that deepfake audio is even easier to mimic? 

To show how flawed voice authentication can be, computer scientists figured out a way to fool the technology in just six tries. Keep reading to learn more about how they did it and how to safeguard yourself.

Voice authentication 101

Voice authentication technology is primarily used by companies that must verify their customers’ identities. Verification with a customer’s unique “voiceprint” is standard practice in banking, call centers, and other institutions where keeping your info private is a major concern.

When you first enroll in voice authentication, you’re typically asked to repeat a specific phrase in your own voice. The company’s system then generates a custom vocal signature, or voiceprint, from whichever phrase you provided. Your voiceprint is then stored on a secure server. 

Once your voiceprint is saved, it’s used in the future when you contact the company. You’re usually asked to repeat a different phrase than the one you initially gave, which is then digitally compared to your saved voiceprint in the system. If everything matches up, you’ll pass the test and gain access to your information.

Of course, hackers weren’t born yesterday. They got to work as soon as companies began implementing voiceprint technology on a large scale. Through AI machine-learning “deepfake” software, the bad guys figured out a way to copy voiceprints and skate through security measures.

To stop the deepfakes, voice authentication developers put “spoofing countermeasures” in place. Although they’re designed to tell a human voice from a robot one, the protection often falls short.

Who’s voice is it anyway?

Researchers at the University of Waterloo decided to play hacker for a day and attempted to crack their code. First, they pinpointed the characteristics of deepfake audio that…

Source…