Search This Blog

Latest News

What Cybercriminals Do with Your Personal Information? Here's How to Defend

  We all know that data breach is a major issue that can cause devastating damage to organizations and individuals, but have you ever wonder...

All the recent news you need to know

Trust Wallet & MetaMask Crypto Wallets: Targeted by New Support Scam

 

Users of Trust Wallet and MetaMask wallets are the targets of ongoing malicious Twitter phishing attacks aimed at stealing cryptocurrency funds. MetaMask and Trust Wallet are mobile apps that enable users to create wallets to store, buy, send, and receive cryptocurrency and NFTs. 

When users first open the MetaMask or Trust Wallet apps, they are prompted to create a new wallet. The app then displays a 12-word recovery phrase and encourages users to save it somewhere safe as part of this procedure. This recovery phrase is used by the apps to generate the private keys needed to enter the wallet. Anyone who knows the recovery phrase can import the wallet and access the cryptocurrency funds it contains. 

BleepingComputer has been monitoring a Twitter phishing scam that targets Trust Wallet and MetaMask users and steals cryptocurrency wallets by spreading fake technical support forms for the past two weeks. The phishing scam begins with authentic MetaMask or Trust Wallet users tweeting about a problem with their wallets. Theft of money, problems accessing their wallets, and problems using the apps are all examples of these problems. 

Scammers respond to these tweets by posing as members of the app's support team or users who claim that "Instant support" helped them with the same problem. Users are encouraged to fill out a support form by visiting the included docs.google.com or forms.app links. 

Users who click on these links will be taken to a page that looks like a help form for Trust Wallet or MetaMask. These forms ask for the visitor's email address, name, the problem they're having, and then the scam's crown jewel: the wallet's 12 recovery phrases. Threat actors may use a Trust Wallet or MetaMask user's recovery phrase to import the victim's wallet on their own devices and steal all of the deposited cryptocurrency funds.

Unfortunately, there is nothing that a user can do to recover funds after they have been stolen by a threat actor. Phishing scams involving cryptocurrency have previously been extremely popular, with one MetaMask user losing over $30,000 in cryptocurrency after sharing their recovery phrase. 

The Trust Wallet and MetMask users should never share their wallet's recovery phrase or type it into any app or website. Furthermore, for help requests, a legitimate organization would not use Google Docs or online form-building sites. Just seek assistance from the specific pages affiliated with the app or computer you're having trouble with. 

When it comes to cryptocurrencies and financial assets, the user should always type the URL they wish to visit into their browser rather than relying on links in emails, as it is simple to build lookalike domains that impersonate legitimate sites. This way, users can avoid mistakenly clicking on phishing sites that impersonate a legitimate service.

Information security exercises will be held at five cyber polygons in Russia

Russian President Vladimir Putin has set the task of digital transformation of key sectors of the economy. Therefore, to protect them, the country has created cyber polygons.

According to Russian Deputy Prime Minister Dmitry Chernyshenko, cyber polygons will hone protection against threats to information security in key sectors of the economy.

Mr. Chernyshenko noted that the work of industries, enterprises and even entire cities is being recreated at cyber polygons. They are needed to practice the activities of various bodies to overcome cyber attacks. 

"We need to be in good shape, and to do that we need to practice all the time. And such national training grounds just allow to organize interdepartmental exercises, without endangering the existing work of current industries or executive authorities," said he.

Mr. Chernyshenko added that the practice is mainly carried out to protect the energy, credit and financial sectors and the infrastructure of state bodies. A separate segment that simulates business processes and cyberattack scenarios specific to any sector of the economy is created for each industry. However, in the future, the number of such sectors will be expanded. 

By the end of 2024 sectoral and functional development of cyber polygon infrastructure is planned. In particular, segments of the oil and gas, telecommunications, transport and metallurgy industries will be created.

"The goal of the cyber polygon is to become an effective tool that ensures the country's readiness to respond to cyber threats. Today this task has already acquired strategic importance", said Mikhail Oseevskiy, President of Rostelecom.

It is worth noting that the project to create a national cyber polygon was launched at the end of 2019 to increase the readiness of the state and Russian organizations in key sectors of the economy to repel computer attacks and strengthen state security in the digital space. 

Ransomware Attacks Growing at a Fast Rate

 

Ransomware has become a burning concern to every office in the world which wasn't even existing 30 years before. Probably there was never a danger of this kind. The fact that the ransomware gets stronger day by day, is the most profound concern. 

Current revelations show how diabolical the threat of ransomware is. In 2020, attacks rose by 715%, as opponents rejected the Covid-19 epidemic disruption to trap victims down with their guard. In addition to being more offensive, threat actors were much more reluctant to threaten the following: A patient was killed by a ransomware attack in the equipment gear that kept him alive in a German hospital and a California university was paying over $1 million to get back the IT online. In contrast to the unnamed impact on the country's economy, the Colonial Pipeline attack showed various weaknesses in US energy infrastructure. 

The whole strategy seems to work since the ransomware payments increased by 100% in 2020. There are no signs of ransomware attacks being curbed, as an Apple supplier also became a victim of a $50 million ransom demand. If ransomware was known to be alarming, it now took on a genuinely frightening character. And none of the organizations can find themselves as immune against it. 

This does not imply, that everyone has the same chance of a successful intrusion with ransomware. Indeed, that is what makes businesses most vulnerable – one that sees ransomware as unavoidable and unstoppable, one believes that the situation is bleak, instead of upgrading their security plan to keep up with developments in ransomware. 

At least throughout their early phases, the surge of attacks in 2020 seemed to be more like the attacks in the past years. Attackers would then use a phishing attempt to access an IT network and exploit certain known/unknown vulnerabilities. 

Following this initial violation, the automatic propagation methods were introduced gradually. Currently, however, a single goal is no longer enough. Ultimately, a change to operative human ransomware will occur that does not take small networks into account. 

Today's ransomware attacks travel across organizations by seeking information with high privileges. It aims at hitting the largest number of machines – i.e. maximizing damage. The safety department needs to prioritize the prevention of these lateral movements - and not just to spot them. Any ransomware attack might otherwise be cut so thoroughly that it is difficult to reverse. 

Instead of being dependent on malware to push the attack, ransomware managed by humankind is equipped with an operator to guide it towards the most effective goal possible through resistance mechanisms and protection. These attacks are more persistent, much more powerful, and more damaging. 

Spear phishing attacks are now the preferred method for the distribution of ransomware. Opponents choose a target and then tailor the email to sound as credible as possible. This dramatically contrasts with daily phishing, which means that large-scale e-mails are sent to vast lists of native contacts. Disputed users instead click on a connection or download an accessory that causes the infection of malware. 

Spear phishing operations are also becoming advanced: cybercriminals are sending spear-phishing email addresses that look just like licensed senders with domain spoofing techniques. 

In the face of this challenge, AV and EDR are destined to fail a cybersecurity plan. It may already be too late whenever these defenses kick in. This is the best advice: evolve or die. The only protection that succeeds is prevention. This means that one must follow a proactive cyber safety approach that focuses on zero trusts, reduces the attack surface, and, of course, moves goal protection.

Google and Mozilla Develop an API for HTML Sanitization

 

Google, Mozilla, and Cure53 engineers have collaborated to create an application programming interface (API) that offers a comprehensive solution to HTML sanitization. The API will be used in upcoming versions of the Mozilla Firefox and Google Chrome web browsers. 

HTML sanitization is the process of reviewing an HTML document and creating a new HTML document that only contains the "secure" and desired tags. By sanitizing any HTML code submitted by a user, HTML sanitization can be used to defend against attacks like cross-site scripting (XSS).

Sanitation is usually carried out using either a whitelist or a blacklist strategy. Sanitization can be done further using rules that define which operations should be performed on the subject tags. 

When rendering user-generated content or working with templates, web applications are often expected to manage dynamic HTML content in the browser. Client-side HTML processing often introduces security flaws, which malicious actors exploit to stage XSS attacks, steal user data, or execute web commands on their behalf. 

“Historically, the web has been confronted with XSS issues ever since the inception of JavaScript,” Frederik Braun, security engineer at Mozilla, said. “The web has an increase in browser capabilities with new APIs and can thus be added to the attacker’s toolbox.” 

To protect against XSS attacks, many developers use open-source JavaScript libraries like DOMPurify. DOMPurify takes an HTML string as input and sanitizes it by deleting potentially vulnerable parts and escaping them. 

“The issue with parsing HTML is that it is a living standard and thus a quickly moving target,” Braun said. “To ensure that the HTML sanitizer works correctly on new input, it needs to keep up with this standard. The failure to do so can be catastrophic and lead to sanitizer bypasses.” 

The HTML Sanitizer API incorporates XSS security directly into the browser. The API's sanitizer class can be instantiated and used without the need to import external libraries. 

“This moves the responsibility for correct parsing into a piece of software that is already getting frequent security updates and has proven successful in doing it timely,” Braun said. According to Bentkowski, browsers already have built-in sanitizers for clipboard info, so repurposing the code to extend native sanitization capabilities makes perfect sense.