Tag Archive for: Watch

Fans of third-party YouTube apps should watch out for Nexus banking malware

/in


It first appeared in June last year and is now being openly advertised by its creators on hacker forums to increase its reach. Nexus’ primary targets are 450 banking and cryptocurrency apps. 

It’s being distributed through phishing websites posing as legitimate websites of YouTube Vanced, a discontinued third-party YouTube app. It uses all the tricks in the books to gain your banking info and take over your financial accounts.

Nexus asks for 50 permissions and abuses at least 14 of them

It is capable of performing overlay attacks, i.e. replicating a legitimate interface to trick you into entering your credentials, and uses keylogging to record your keystrokes. It can even steal SMS messages to get access to two-factor authentication codes and can abuse Accessibility Services to steal information from crypto wallets, 2-Step Verification codes generated by Google Authenticator, and website cookies. The trojan can also delete messages received by you.

After it’s installed on a device, Nexus connects to its command-and-control (C2) server. C2s are used by cybercriminals to control malware, launch attacks, and receive stolen data.

Nexus is said to be in the beta stage but it’s already being used by many threat actors to carry out nefarious activities. Cybercriminals who do not know how to make their own malware can rent it for $3,000 a month.

It looks like the developer is from a CIS (Commonwealth of Independent States) country and has prohibited the trojan’s use in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

Nexus is capable of updating itself and Cleafy thinks it is a real threat and can infect hundreds of Android devices in the world.

To protect yourself from infections, try to only download apps from Google Play and enable Google Play Protect. Use strong passwords and enable biometric security features where possible and be very careful when granting permissions.

Source…

Watch: Zomato And Google Share Internet Safe-Tea Recipe To Deal With Cyber Threats

/in


Cybersecurity has become an issue of major concern during the recent years. With the increasing reliance on technology for personal, business and government activities, there is a growing threat from cyber-attacks such as hacking, phishing, malware, and ransomware. These attacks can result in a loss of data, which is why it is crucial to take necessary steps to deal with such cyber threats. Recently, Zomato and Google India took to Instagram to share a creative video highlighting the importance of cyber security and how one can protect themselves from such attacks.

Also read: Watch: Man Enacts How People Ask For Refund From Zomato; Internet Reacts

This video was shared jointly by Zomato and Google India on Instagram Reels. The video shows a person creating a strong password using a ‘safe-tea’ recipe. First, he places uppercase letters in a vessel marked as ‘password’. He then adds lowercase letters, special characters and numbers to complete the recipe. After finishing this process, he performs a two-step verification and serves the ‘safe-tea’. “Now serving: A hot cup of cyber safe-tea,” read the caption of the post. Take a look at the video below:

Also read: 2 Gulab Jamuns For Rs 400! Man Tweets On Zomato’s ‘Unbelievable’ Food Pricing

Since being uploaded, the video has garnered over 421K views, 27.1K likes and hundreds of comments. Many people thought that the video was creative and left several reactions in the comments section. Check out some of the reactions below:

“What’s the similarity between chai and password? Won’t share it with anyone.”

“Zomato’s marketing and advertising skills are next level.”

“Coffee lovers in the chat – password invalid.”

“So, people who drink green tea will have weak passwords.”

“Wow, a new way to set your password with safe-tea.”

“Kisne likha hai yeh script. Mujhe usse follow karna hai (Whoever wrote this script, I want to follow them.”)

What did you think of this video? Do share your thoughts with us in the comments below.
 

Featured Video Of The Day

Best Pakoda Recipes | Easy Recipes by NDTV Food

Source…

Trends To Watch Out For In The New Year

/in


Cyber security in 2023: From ransomware and phishing to supply chain attacks, cyber crime continued to create havoc in 2022. Experts suggest, however, that the magnitude and novelty of digital attacks coming in 2023 will only get more aggressive. Here are some of the trends to watch out for in 2023.

The number of cyber attacks in the country has witnessed three-fold increase over as many years. According to government data, in 2019, total number of cyber security incidents tracked by Indian Computer Emergency Response Team (CERT-In) was 3,94,499. The number spiked to 11,58,208 in the year 2020 and further increased to 14,02,809 in 2021. This year, as many as 6,74,021 cyber security incidents were reported till June.

Experts suggest, however, that the magnitude and novelty of digital attacks coming in 2023 will only get more aggressive as cybersecurity teams around the world are presented with a task unlike any other: securing access to the data of their individual organisations over hundreds of remote access points.

Here are some of the trends to watch out for in 2023:

Accelerated 5G adoption to deepen vulnerabilities

5G connections in India are expected to reach 88 million by 2025, according to a recent report by GSMA. While the spotlight is currently focused on delivering higher data speeds, latency improvements, and the overall functional redesign of mobile networks, the cloud will expose the 5G core to cloud security vulnerabilities, according to cyber security company Palo Alto networks. With only 114% of Indian organisations equipped with a plan to secure their 5G/4G environment, CISOs will need to be wary of large-scale attacks from any source, including the operator’s own network.

Securing connected medical devices will be critical

Digitisation has enabled new healthcare capabilities such as virtual healthcare and remote diagnosis. But the prevalence of legacy and sensitive data will make healthcare an attractive target for cyber threat actors. Ensuring the cybersecurity of medical IoT will be important as ever for patient safety as the closer a patient is to a device, the greater the likelihood for weaponization by bad actors, according to Palo Alto.

Multi-factor authentication…

Source…

Identity Attack Watch: November 2022

/in


Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights Ukraine ransomware attacks linked to the Russian Sandworm group, LockBit group attacks on Virginia county and German automotive group Continental, and Vice Society strikes on Cincinnati College, one in a string of the group’s attacks on educational institutions.

Ukraine ransomware attacks linked to Russian Sandworm group

Recent attacks on Ukraine have been linked to Russian cybercriminal group Sandworm, which uses RansomBoggs—.NET ransomware distributed from domain controllers—to encrypt files. The Sandworm group, which has been active since the 1990s, is suspected of developing the NotPetya ransomware that targeted Maersk shipping company, among other organizations, in 2017.

Read more

LockBit gang claims attacks on Virginia county and Continental automotive group

Ransomware group LockBit 3.0 claimed responsibility for cyberattacks on Southampton County, Virginia, that compromised personal data, including driver’s license numbers and Social Security numbers. LockBit also claimed an attack on German automotive group Continental.

Read more

Vice Society group claims Cincinnati College attack

Vice Society ransomware group claimed responsibility for a ransomware attack on Cincinnati College that took down the college’s on-campus networks, including email, internet access, and classroom computers. Vice Society, which has targeted educational institutions from K-12 to universities, uses ransomware including BlackCat to compromise Active Directory and gain control of the victim organization’s network environment.

Read more

Black Basta ransomware group targets Canadian food retailer Sobeys

Canadian food retail giant Sobeys suffered a ransomware attack claimed by the Black Basta ransomware group that caused company-wide IT problems. Although stores remained…

Source…