Tag Archive for: Upload

FIU study: Ransomware can hide in the websites you upload files to

/in


FIU cybersecurity researchers warn websites that request access to your files might be able to bypass antivirus software and carry out major ransomware attacks.

Free photo editors, tax document assistants and other online apps that ask for permission to access your media can encrypt files and effectively take control of them, an FIU College of Engineering and Computing study shows. These attackers could then demand ransom in exchange for the files’ safe return.

The researchers say that the hack works on all three major PC operating systems: Windows, Linux and Mac OS. Some cloud services such as Apple Cloud, Box, Google Drive, OneDrive and Dropbox are also susceptible, as well as external drives.

Just two things are needed for a malicious website to conduct the attack.

  1. A person needs to say, ‘yes’ to a pop-up that asks them to share their files, such as ‘Allow this website to access your photos?’
  2. Someone must click, ‘yes,’ on a second pop-up, which is the attack. The pop-up will be disguised as a benign message, such as an advertisement or a request like, ‘May we close the rest of your tabs for you?’

Clicking ‘yes’ on these two pop-ups is all too easy, says Selcuk Uluagac, principal investigator of the research and Knight Foundation School of Computing and Information Sciences professor.

“Antivirus software systems allow these attacks because it is normal for them to give browsers access to files,” Uluagac said. “They don’t detect that anything is wrong.”

The research was conducted in collaboration with Google senior research scientist Güliz Seray Tuncay and published in the proceedings of the 32nd USENIX Security Symposium, which is a top-tier cybersecurity conference according to Google Scholar.

“Everybody knows not to download a suspicious file. Now we are finding that it can be just as dangerous to upload a file,” said Harun Oz, a Ph.D. student on the research team.

These hacks are possible due to the increasing power of web browsers, researchers say.

“Browsers have become much more powerful over time,” said Abbas Acar, a postdoctoral researcher on the…

Source…

The Upload: Your tech news briefing for Monday, Aug. 3

/in

Attacked then abandoned in Philadelphia, Hitchbot’s attempt to thumb a lift across the U.S. ends in disaster

A robot that counted on the kindness of strangers to help it travel around the world has met a cruel fate in Philadelphia, barely three weeks into an attempt to hitch-hike across the U.S. Hitchbot, developed by robotics researchers at McMaster University in Hamilton, Ontario, had already hitch-hiked successfully across Canada and Germany, but U.S. residents turned out to be less welcoming, AP reports.

To read this article in full or to leave a comment, please click here

Network World Security

The Upload: Your tech news briefing for Monday, July 6

/in

Surveillance firm Hacking Team gets hacked

Who watches the watchmen? Italian online surveillance company Hacking Team appears to have been hacked, with attackers releasing what purports to be a trove of internal documents showing how the company helps governments around the world spy on their citizens. CSO has the details.

Microsoft’s $ 2.5B marketing budget: Minecraft on Windows 10

Is Microsoft counting on pester power to push Windows 10 sales? The company will release a special version of Minecraft for its new operating system when it goes on sale at the end of this month, PC World reports. Minecraft’s author Markus “Notch” Persson famously said he would rather not see the game on PCs at all than have it distributed through the Windows store—but since Microsoft paid $ 2.5 billion for his company Mojang last year, it calls the shots.

To read this article in full or to leave a comment, please click here

Network World Security

The Upload: Your tech news briefing for Friday, June 19

/in

Google’s data centers grow so fast it has to build its own networks

Google has been building its own software-defined data-center networks for 10 years because traditional gear can’t handle the scale of what are essentially warehouse-sized computers. The company hasn’t said much before about that homegrown infrastructure, but one of its networking chiefs provided some details this week about the current network design that powers all of Google’s data centers and has a maximum capacity of a whopping 1.13 petabits per second.

To read this article in full or to leave a comment, please click here

Network World Security