Expert(s):
Senior Sales Engineer feature_status*/ ?>
Synopsys

Comments Dotted : 49
January 21, 2021

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum
Cybercriminals will try to abuse every piece of information they have on you for their own personal gain.

In the wake of this breach, users should change their password on the platform and on any other site where it may have been reused, as hackers can sometimes successfully revert hashed passwords. Users should also be prepared for possible phishing attacks. They should not blindly click on links sent via email. These links may lead you to a malicious site where you will be encouraged to 'change' your password. The same goes for documents - do not download anything without first verifying the

.....Read More

In the wake of this breach, users should change their password on the platform and on any other site where it may have been reused, as hackers can sometimes successfully revert hashed passwords. Users should also be prepared for possible phishing attacks. They should not blindly click on links sent via email. These links may lead you to a malicious site where you will be encouraged to 'change' your password. The same goes for documents - do not download anything without first verifying the authenticity of the sender. Cybercriminals will try to abuse every piece of information they have on you for their own personal gain; therefore, think twice before actioning any emails.

  Read Less
December 09, 2020

Expert Insight On Amnesia:33 Vulnerabilities Impact Millions Of Smart And Industrial Devices
The difficulty is in ensuring that devices are patched, particularly for any low cost/high volume product.
One thing that IoT users need to be aware of is that many of the devices on the market and used in their homes will or have already passed the maintenance guarantee period offered by the manufacturer. In other words, the difficulty is in ensuring that devices are patched, particularly for any low cost/high volume product. This same concern also applies to license conflict issues that may surface in the software. Therefore, manufacturers of such products have to put extra energy into “getting.....Read More
One thing that IoT users need to be aware of is that many of the devices on the market and used in their homes will or have already passed the maintenance guarantee period offered by the manufacturer. In other words, the difficulty is in ensuring that devices are patched, particularly for any low cost/high volume product. This same concern also applies to license conflict issues that may surface in the software. Therefore, manufacturers of such products have to put extra energy into “getting it right” along all dimensions before release. It also means that, in many cases, users or organisations will have to proactively adopt preventative measures themselves. Deploying mitigation techniques, such as treating devices as untrustworthy, monitoring their behaviour, creating subnets in which they work and abiding by the principle of least privilege are just a few steps one can take to protect their assets.  Read Less
November 25, 2020

Experts Insight On User Data Of Event Management App Peatix Hacked
It is also critical that users are vigilant as their data may be used in phishing campaigns.
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should,.....Read More
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should, however, also change their passwords on other services where they have been reused. It is also critical that users are vigilant as their data may be used in phishing campaigns in an attempt to gather additional data or even gain access to their computer. As such, be wary of emails with attachments or links.  Read Less
November 19, 2020

Expert Advice In Reference Of Chaes Malware Strikes MercadoLivre
Attackers put in a lot of effort to make phishing emails look trustworthy, so you have to put even more effort into spotting them.
Long gone are the days when malware writers did so simply for the fame and credit. We need to understand that, in today's world, malware is focused on monetary gain. Therefore, we can expect that attackers will treat their attacks as a revenue-generating business. As such, it is natural that they will look to determine where previous phishing attacks may have failed and apply the necessary changes. For instance, applying visual and textual corrections to make phishing emails look legitimate......Read More
Long gone are the days when malware writers did so simply for the fame and credit. We need to understand that, in today's world, malware is focused on monetary gain. Therefore, we can expect that attackers will treat their attacks as a revenue-generating business. As such, it is natural that they will look to determine where previous phishing attacks may have failed and apply the necessary changes. For instance, applying visual and textual corrections to make phishing emails look legitimate. Also, the timing of these phishing campaigns was not done haphazardly. It was planned to coincide at a time that many will be going online to shop for presents. As always, people should refrain from opening attached documents that are sent to them over email. Likewise, they should not click on links in emails that lead to surveys, login pages, and so on. Individuals need to be careful, taking the time to check who had sent the email and where the links lead to. Attackers put in a lot of effort to make phishing emails look trustworthy, so you have to put even more effort into spotting them.  Read Less
November 18, 2020

Privacy Experts On API Bug On Dating Site Bumble Exposed Personal Information Of 100M Users
APIs are an integral part of almost every application today.
APIs are an integral part of almost every application today. They enable integration with other systems, communication with databases and provide an interface for configuration of the application. As such, they should be frequently tested in detail. As we see here, the API provides access to the data the application uses. The security researcher managed to bypass Bumble’s protections and accessed premium features, granting her access to Bumble’s users and personal user data. This security.....Read More
APIs are an integral part of almost every application today. They enable integration with other systems, communication with databases and provide an interface for configuration of the application. As such, they should be frequently tested in detail. As we see here, the API provides access to the data the application uses. The security researcher managed to bypass Bumble’s protections and accessed premium features, granting her access to Bumble’s users and personal user data. This security defect could not only have a negative impact on Bumble’s business, but could also affect its reputation and the confidence its users have in trusting the service with their personal data if it were leveraged by a malicious hacker. Thankfully an ethical hacker identified the issue and disclosed it responsibly to Bumble.  Read Less
November 17, 2020

Experts Reacted On Lazarus Malware Strikes South Korean Supply Chains
All that hackers had to do was find the websites that were easiest to breach.
For many services in South Korea, visitors must first download special security software in order to verify their identity, security status and enable secure downloads prior to gaining access. While the Wizvera software does exhibit security maturity and offers a safeguard to cyber threats, it only does what the configuration file instructs. In other words, the file informs Wizvera on which software it should install. All that hackers had to do was find the websites that were easiest to breach. .....Read More
For many services in South Korea, visitors must first download special security software in order to verify their identity, security status and enable secure downloads prior to gaining access. While the Wizvera software does exhibit security maturity and offers a safeguard to cyber threats, it only does what the configuration file instructs. In other words, the file informs Wizvera on which software it should install. All that hackers had to do was find the websites that were easiest to breach. Once breached, the attacker could then replace legitimate binaries with malicious ones. This enables Wizvera to install malicious software on visitors' devices. This is yet another case of cybercriminals finding loopholes in security procedures. Based on feedback from ESET researchers, the easiest prevention of such an attack would be to provide hashes on the binaries in the configuration files. That way, the binary cannot be installed if the hashes do not match. Unfortunately, skipping this extra security step has allowed attackers to abuse the otherwise robust system. We see this often, where misconfiguration can lead to significant consequences. While typically we hear about instances of misconfigured S3 buckets, in this case, it was a misconfigured instruction file.  Read Less
November 17, 2020

Experts Insight On Jupyter Trojan – Newly Discovered Malware Stealthily Steals Usernames And Passwords
The malware is an information-stealing trojan, taking data from your Chromium, Firefox or Chrome browsers.
Once more, individuals are being tested on their attention to detail. This time, users are having to spot malware disguised as documents. Using the file icon and a name that suggests urgency (e.g a pay raise, travel details, etc.), the user might be compelled to open the document just to read what is written. Even though the malware has a file icon, it is still executable with the file type exe. However, if you are hiding file extensions you might not even see this little scam. The malware is.....Read More
Once more, individuals are being tested on their attention to detail. This time, users are having to spot malware disguised as documents. Using the file icon and a name that suggests urgency (e.g a pay raise, travel details, etc.), the user might be compelled to open the document just to read what is written. Even though the malware has a file icon, it is still executable with the file type exe. However, if you are hiding file extensions you might not even see this little scam. The malware is an information-stealing trojan, taking data from your Chromium, Firefox or Chrome browsers. In addition, it is a C2 client that can execute PowerShell scripts and install further malware. Therefore, be careful when opening any documents. A word of advice: it is better to stop and think twice before you act.  Read Less
November 13, 2020

Animal Jam Kids’ Virtual World Hit By Data Breach, Impacting 46m Accounts: Expert Commentary
One way the cybercriminals may abuse this data is to carry out a phishing attack.
The gaming industry is a common target for attacks, be it data theft or ransomware attacks. An interesting observation within the gaming industry is that player accounts are often high-value assets due to in-app purchases, or rewards from leveling up. In other words, gaming accounts are often items for sale - at least accounts owned my adults spending money. However, we now have proof that even educational games for children are no longer safe, but valuable resources for bad actors. In this.....Read More
The gaming industry is a common target for attacks, be it data theft or ransomware attacks. An interesting observation within the gaming industry is that player accounts are often high-value assets due to in-app purchases, or rewards from leveling up. In other words, gaming accounts are often items for sale - at least accounts owned my adults spending money. However, we now have proof that even educational games for children are no longer safe, but valuable resources for bad actors. In this breach, the attacker was able to access and steal account information from 46 million users. One way the cybercriminals may abuse this data is to carry out a phishing attack. Therefore, users, or their parents, need to watch out for any emails asking for personal information. It is important that the account password is changed immediately as well to avoid an account takeover. Passwords should also be changed across any other service where it might have been reused. The attackers might cross-reference your account information on other services in order to find other exploitable services. Fortunately, it does seem that the company is doing all they can to support their users. They issued a warning and a FAQ (https://www.animaljam.com/en/2020databreach) to help users with any issues connected to the data breach.  Read Less
November 10, 2020

Experts Insight On Hotel Booking Firm Leaks Info From Millions Of Guests
Cloud technology is helping organisations in many ways to be better, faster, and more advanced in their operations.
This is not the first, nor the last time, that we will see an organisation unintentionally leak data on its users. As can be expected, there will likely be legal consequences that will cost the organisation a substantial sum. Nevertheless, it will be the users who will face the most damaging repercussions. They will no doubt see attackers attempt to infiltrate other accounts where passwords may have been reused, as well as phishing attacks sent to exposed email addresses. Financial data such.....Read More
This is not the first, nor the last time, that we will see an organisation unintentionally leak data on its users. As can be expected, there will likely be legal consequences that will cost the organisation a substantial sum. Nevertheless, it will be the users who will face the most damaging repercussions. They will no doubt see attackers attempt to infiltrate other accounts where passwords may have been reused, as well as phishing attacks sent to exposed email addresses. Financial data such as credit card numbers may be employed to conduct unauthorised purchases or for other authorisations. Identity theft is another scenario in which such exposed data may abused as well. We can't be certain that bad actors have not already gained access to this data, but there are a few things that potentially affected users can do to proactively lower their risk and in turn, improve their security moving forward. First, users should change their password on the site as well as on any other online service where it may have been reused. It is worth employing a password manager if you are overwhelmed with the number of services used and the regulatory demands for strong passwords. Second, be wary of any email requesting personal data such as passwords, usernames, social security numbers or financial data. Service providers would never request such data over email or even on the phone. If ever in doubt, call your service provider or visit their web page directly and login through the site. It is critical that you do not open attachments or click on links in emails. Finally, talk with your bank proactively - let them know that you have used a service that has leaked your data and check your bank statements regularly for suspicious activity. As for the issue of S3 buckets, I would say the following. Cloud technology is helping organisations in many ways to be better, faster, and more advanced in their operations. However, processes to maintain this technology need to also be regarded as a priority. Introducing technologies in production needs to be paired with thorough checks to ensure that the data is properly safeguarded. While these checks may initially be time-consuming, they are necessary to prevent issues later down the line.  Read Less
November 09, 2020

Expert On Italian Beverage Vendor Campari Knocked Offline After Ransomware Attack
Individual targets are only lucrative at scale.
This recent ransomware attack on Campari shows that cybercriminals are not just interested in targeting technology companies. In fact, any and every individual who owns a laptop or a mobile phone is a possible target. However, individual targets are only lucrative at scale. As such, bad actors tend to go for large organisations such as Campari where they can get "more bang for their buck". Indeed, they could demand a ransom worth millions, if they succeed in infiltrating a device with.....Read More
This recent ransomware attack on Campari shows that cybercriminals are not just interested in targeting technology companies. In fact, any and every individual who owns a laptop or a mobile phone is a possible target. However, individual targets are only lucrative at scale. As such, bad actors tend to go for large organisations such as Campari where they can get "more bang for their buck". Indeed, they could demand a ransom worth millions, if they succeed in infiltrating a device with high-value data. A ransomware attack could see this data encrypted and result in a complete halt on business operations until the organisation pays for a decryption key or they find a way out of the attacker's clutch (this is why backups are of critical importance). Unfortunately, very few have succeeded with the latter strategy. Organisations must be on guard to prevent attacks, but they must also have a plan in place in the event of an attack. Organisations need to also think about the resilience of their network and the devices within it, particularly in today's remote working environment where the network extends into home networks.  Read Less