Security

Link

Your Internet Activity May be Traceable Even Through a VPN

Andrew Orr ·

Netflow data refers to IP network traffic that can be collected as it enters or exits an interface. Using this aggregate data, it’s possible to trace network traffic even if a person uses a VPN. Internet service providers sell this information to third parties.

At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.

Link

Social Engineering Majority of Business Attacks in 2020

Andrew Orr ·

Speaking of social engineering, new data from Atlas VPN shows this kind of attack was responsible for the majority of business breaches in 2020.

According to the data presented by the Atlas VPN team, social engineering cyberattacks were the primary cause of company breaches in 2020 at 14%, followed by advanced persistent threats, unpatched systems and ransomware. As a result, learning to prevent social engineering attacks needs to be a top priority for businesses.

Link

Misconfigured Microsoft Power Apps Leaked 38 Million Database Records

Andrew Orr ·

Over a thousand web apps from Microsoft’s Power Apps platform have leaked 38 million records. This data includes COVID-19 contact tracing.

The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and COVID-19 vaccination status.

The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools.

Link

The Secret Security Features in macOS Big Sur

Andrew Orr ·

There are security features that Apple tells us about on stage at keynotes, and then there are hidden improvements it doesn’t mention.

macOS has gradually made the UNIX security model irrelevant. For example, even the superuser is only allowed to access the private documents of a regular user with the user’s permission—permission that is given on a per-application basis, through that protector of users and bane of developers known as the Transparency, Consent & Control (TCC) framework.

Link

Coinbase Announces Phone Support for Account Takeovers

Andrew Orr ·

On Thursday, crypto exchange Coinbase announced phone support in the event of an account takeover.

Today, we’re beginning to roll out phone support for ATOs, to provide customers with a live agent to kick off an investigation. If you believe you’re a victim of an ATO, please call +1 888 908–7930 or visit our support page to protect your account and get help.

Link

Since 2015 Cyber Attacks Have Cost Companies Over $25 Billion

Andrew Orr ·

A report on Wednesday shows that the damage from cyber attacks has reached over US$$25 billion since 2015.

The most costly attacks are credential attacks (the theft of an organization or individual’s passwords), which have accounted for $6.4 billion in company losses. Often, these credentials are stolen and then sold on the dark web, which happened in the recent T-Mobile breach. Backdoors, like what was used in the SolarWinds hack, have cost companies $5.6 billion.

Link

Smart Home Cameras, Baby Monitors Affected by Software Bug

Andrew Orr ·

A flaw in the ThroughTek “Kalay” network affects millions of IoT devices including smart baby monitors, DVRs, smart cameras, and other products.

this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.

Due to how the Kalay protocol is integrated by original equipment manufacturers (“OEMs”) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.

Link

GitHub No Longer Accepts Passwords, Use Security Keys Instead

Andrew Orr ·

GitHub will no longer accept passwords when authenticating Git operations and will require the use of strong authentication factors. Yubico also posted about the announcement here, and its 2FA hardware keys are an acceptable solution for GitHub users.

In December, we announced that beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations and will require the use of strong authentication factors, such as a personal access token, SSH keys (for developers), or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on GitHub.com. With the August 13 sunset date behind us, we no longer accept password authentication for Git operations.

Link

(Update) T-Mobile Customer Data for Sale Affecting Over 100 Million People

Andrew Orr ·

A person in an online forum is offering data for sale that they claim comes from T-Mobile servers. The carrier says it is investigating the accuracy of this alleged breach.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

Update: T-Mobile has issued a statement confirming the breach.

Link

Top 10 Services That Hackers Target the Most

Andrew Orr ·

Software system provider Intact collected data and analyzed it to see which brands hackers are searching for as their next potential hacking targets.

We analysed search intent by digging out the number of searches for terms including ‘how to hack [xyz]’. Although career cybercriminals are likely to use more nefarious means to research and test their hacking processes, Google search data provides an insight into global intent and changing trends.

Link

DeFi Platform ‘Poly Network’ Hacked, $600 Million in Crypto Stolen

Andrew Orr ·

Poly Network is a cross-chain decentralized finance platform and operates on the Binance Smart Chain, Ethereum and Polygon blockchains. It suffered a hack recently in which approximately US$600 million in crypto was stolen.

About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected. Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.

Link

Firefox 91 Update Lets You Fully Erase Your Browser History

Andrew Orr ·

Mozilla’s latest update to Firefox, version 91, offers enhanced cookie clearing when a user deletes their browser history.

When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s “cookie jar”. This “Enhanced Cookie Clearing” makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.