Tag Archive for: warning

Serious New Warning Issued for 1 Billion Google Chrome Users

/in


If you’re one of Chrome’s billion-plus desktop users, there’s a devious threat to your personal data and login credentials that’s now getting worse. Google has plans to fix it, but in the meantime you have just been warned to beware the risks…

Cookies get a bad press—these devilish little tracking files on your PC have a nasty habit of following you around the Internet, reporting back on your activity. Google’s long-delayed killing of such third-party trackers is now underway and long overdue.

But those tracking cookies have helpful little cousins, first-party cookies, that recognize your device as belonging to you, and log you back into accounts and websites as an accreditation shortcut—otherwise you’d spend your day logging in.

All very good—unless they’re stolen of course.

MORE FROM FORBESWhatsApp Deadline-10 Days To Accept New Terms Or Delete Your AccountBy Zak Doffman

“Many users across the web are victimized by cookie theft malware,” Google warns, “giving attackers access to their web accounts. Operators of Malware-as-a-Service (MaaS) frequently use social engineering to spread cookie theft malware.”

Google’s warning comes as part of a proposed update to its Chrome desktop browser to address this, acknowledging that while “fundamental to the modern web… due to their powerful utility, cookies are also a lucrative target for attackers.”

This is mainly a desktop challenge, and Google’s smart answer is to bind such cookies to the user’s device, rendering them useless if stolen absent access to that original device itself. “We’re prototyping a new web capability called Device Bound Session Credentials (DBSC) that will help keep users more secure against cookie theft… By binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value.”

Put Google’s new beta update to one side for now—take this as a warning to be aware of the risks and to keep those risks in mind—especially when logging into financial sites or enterprise systems belonging to the…

Source…

Cybersecurity agencies issue warning over Chinese hacking group

/in


Government cybersecurity authorities in the US and allied nations are sounding the alarm bell again over the Chinese hacking group known as Volt Typhoon.

In a joint advisory issued on Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, and eight international partners warned that the Beijing-backed Volt Typhoon gang may be gearing up for disruptive or destructive cyber strikes targeting critical infrastructure organisations.

“Volt Typhoon has been pre-positioning themselves on US critical infrastructure organisations’ networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies,” the advisory warns.

“This is a critical business risk for every organisation in the United States and allied countries.”

This latest alert comes just over a month after the same coalition of agencies revealed that Volt Typhoon had compromised the networks of multiple critical infrastructure victims in the US.

The alert recommends that organisations prioritise security efforts through tools like the Cybersecurity Performance Goals and engage with designated Sector Risk Management Agencies. It also urges implementing robust logging practices to detect stealthy “living off the land” techniques favoured by Volt Typhoon, which leverage legitimate software to blend into target environments.

Developing comprehensive incident response plans, conducting cybersecurity drills, and hardening supply chains are also highlighted as critical measures to thwart potential Volt Typhoon intrusions and attacks.

The repeated warnings underscore the grave concerns over Volt Typhoon’s capabilities and suspected destructive intentions against critical infrastructure providers in the US and allied nations amid heightened geopolitical tensions.

(Photo by Thomas Kelley)

See also: Nations demand tech firms tackle scammers

Unified Communications is a two-day event taking place in California, London, and Amsterdam that delves into the future of workplace collaboration in a digital world. The comprehensive event is co-located with Digital Transformation Week,…

Source…

Urgent warning to Facebook users over ‘I can’t believe he’s gone’ scam that tricks you into downloading malware

/in


  • Scammers use fake news articles to trick Facebook users into following links
  • Experts say pay close attention to the link URL to avoid downloading malware  



Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’. 

This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died. 

Clicking on the linked post will bring users to a compromised site designed to harvest their personal information.

Marijus Briedis, cybersecurity expert at NordVPN, said: ‘When you come across unexpected or alarming posts, especially those about personal emergencies, take a moment to verify their legitimacy before clicking any links.’ 

Here are the key signs to look out for to make sure you don’t fall victim to the scam. 

Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’
This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died (stock image)

READ MORE: Fresh warnings over latest ‘hi mum’ text scams where fraudsters ‘prey on our goodwill with emotive stories’ 

The ‘I can’t believe he’s gone scam’ was first highlighted by cybersecurity researcher Pieter Arntz from Malwarebytes.

As Mr Arntz explained in a blog post, the scam consists of a post containing some variation of ‘I can’t believe he’s gone. I’ll miss him so much’ and a link.

If you follow the link, you will be brought to another Facebook post showing what appears to be a BBC news article about a fatal road accident. 

This post will also contain slightly different text to the original, saying: ‘I can’t believe this, I’m going to miss him so much’.

But while this post might appear legitimate at first glance, this is actually a fake link to a malicious website.

Mr Arntz writes: ‘The BBC news logo in the picture and the BBCNEWS part of the URL are…

Source…