Encrypted code – Canttot http://canttot.com/ Wed, 23 Nov 2022 14:10:05 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://canttot.com/wp-content/uploads/2021/07/cropped-icon-32x32.png Encrypted code – Canttot http://canttot.com/ 32 32 Black Basta uses QBot malware to target US-based companies https://canttot.com/black-basta-uses-qbot-malware-to-target-us-based-companies/ Wed, 23 Nov 2022 09:10:26 +0000 https://canttot.com/black-basta-uses-qbot-malware-to-target-us-based-companies/ Cybercrime , Cybercrime as a service , Fraud and cybercrime management QBot Backdoor Opens Systems to Load Cobalt Strike, Ransomware and Other Malware Prajeet Nair (@prajeetspeaks) • November 23, 2022 QBot installs a backdoor to drop malware. (Source: ISMG) Researchers claim that Black Basta is dropping the QBot malware – also known as QakBot – […]]]>

Cybercrime , Cybercrime as a service , Fraud and cybercrime management

QBot Backdoor Opens Systems to Load Cobalt Strike, Ransomware and Other Malware

Prajeet Nair (@prajeetspeaks) •
November 23, 2022

QBot installs a backdoor to drop malware. (Source: ISMG)

Researchers claim that Black Basta is dropping the QBot malware – also known as QakBot – as part of a large ransomware campaign primarily targeting US-based companies.

See also: Live Webinar | How to Achieve Your Zero Trust Goals with Advanced Endpoint Strategies

In the group’s latest campaign, attackers again use QBot to install a backdoor and then drop encryption malware and other malicious code, according to Cybereason.

The Black Basta ransomware gang surfaced in April 2022 and was observed using QBot malware to create an initial entry point and move laterally within the targeted organization’s network.

QBot malware is a banking Trojan, primarily designed to steal banking data including browser information, keystrokes and credentials. Its previous targets include JPMorgan Chase, Citibank, Bank of America, Citizens, Capital One and Wells Fargo.

The latest campaign, tracked by Cybereason’s global SOC, revealed that Black Basta was specifically targeting organizations in the US, Canada, UK, Australia and New Zealand.

“The group is known to use double extortion tactics. They steal files and sensitive information from victims and later use them to extort victims by threatening to release the data unless the ransom is paid,” explain the researchers.

In one example, researchers describe how a QBot infection caused several key machines to load Cobalt Strike, which triggered the deployment of Black Basta ransomware. Additionally, the hackers locked the victim out of the network by disabling DNS services, which makes recovery more difficult.

“With threat actors attempting to deploy ransomware within approximately 12 hours of the initial breach, I would classify this campaign as a real risk to businesses,” Loïc Castel, incident response investigator at Cybereason, told Information Security Media Group.

According to Castel, the short time between this QBot campaign and the deployment of Black Basta shows a connection between QBot operators and the Black Basta ransomware-as-a-service group.

“It was previously understood that BlackBasta operatives used to buy access to networks and then deploy their ransomware, and that is not the case in this campaign due to the timeline of events,” said Castel told ISMG.

Multiple infections of Black Basta using QBot were seen in early November. They started with a spam/phishing email containing malicious URL links. QBot was Black Basta’s primary means of maintaining a presence on victims’ networks and disabling their security mechanisms, such as EDR and antivirus programs.

Deployment of Black Basta

The attack usually starts with a phishing email that infects targeted machines and extends control to the network to gather information and credentials to further deploy Black Basta ransomware in as many systems as possible.

The threat actor also searches for the EDR installed on the machine, through the wmic.exe executable. The hacker manually generates a cmd.exe process on a server and then tries to uninstall the EDR/antivirus.

“It is likely that the threat actor was looking for sensorless machines to deploy additional malicious tools without being detected,” the researchers say.

Once the ransomware is deployed, it generates a ransom note file, named readme.txt, in every encrypted folder on every infected machine. Once created, the actual file encryption process runs, files on each machine are encrypted, and a random extension is added to each file.

]]>
Why businesses can no longer hide their keys under the doormat https://canttot.com/why-businesses-can-no-longer-hide-their-keys-under-the-doormat/ Thu, 17 Nov 2022 06:00:27 +0000 https://canttot.com/why-businesses-can-no-longer-hide-their-keys-under-the-doormat/ For good reason, enterprises rely on encryption, blockchain, zero-trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies effectively hide the keys that could undermine all these protections under a (figurative) doormat. Strong encryption is of little use when an insider or attacker can take control of the private keys […]]]>

For good reason, enterprises rely on encryption, blockchain, zero-trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies effectively hide the keys that could undermine all these protections under a (figurative) doormat.

Strong encryption is of little use when an insider or attacker can take control of the private keys protecting them. This vulnerability exists when keys must be executed on servers to be processed. Encryption can protect bits and bytes in storage or in transit, but when they need to be executed on a processor, they are “in the clear” to perform the necessary computation. Therefore, they are accessible to dishonest insiders, attackers and third parties, such as consultants, partners or even suppliers of software or hardware components used in data center infrastructure.

This is the nature of encryption. It provides strong security for storage and transit, but when execution is ultimately required – and it is always required at some point for data, code or digital assets to be useful or to enable a transaction – the process faces its Achilles heel.

Private keys require execution, using a processor, for their initial creation, the encryption or decryption required for the exchange of keys, the process of digital signatures and certain aspects of key management, such as handling expired public keys. This same principle – the need for plaintext execution on a processor – applies to certain blockchain and multi-party computing (MPC) tasks. Even more generally, simply executing application code or encrypted data exposes them since processors require data and code to be in the clear.

CIOs need to ask questions of their teams to assess this potential exposure and understand the risk, as well as put plans in place to address it.

Fortunately, recent breakthroughs have eliminated this encryption gap and maintained full private key protection. Major processor vendors have added security hardware in their advanced microprocessors that prevents unauthorized access to code or data during execution or afterwards in what remains in memory caches. The chips are now found in most servers, especially those used by public cloud providers, involving a technology commonly known as confidential computing.

This “secure enclave” technology bridges the encryption gap and protects the private keys, but it required changes to code and IT processes that can involve a significant amount of technical work. It is specific to a particular cloud provider (meaning it needs to be modified for use in other clouds) and complicates future changes to code or business processes. Fortunately, the new “middle-of-the-road” technology eliminates the need for such modifications and potentially offers multi-cloud portability with unlimited scale. In other words, technical drawbacks have been virtually eliminated.

CIOs should ask their managers or management teams how private keys are protected and what exposure gap they might face during processing. The same goes for the execution of data and code that is otherwise encrypted at rest and in motion. What gap or exposure does the data or code potentially face?

Companies using proprietary application code with a secret key should consider how the secret key is protected and what kind of risk it might face. If the applications involve the use of AI or machine learning, the algorithms she has developed are likely extremely valuable and sensitive.

How are they secured during runtime? Even algorithm testing, often done using MPC to use real data (perhaps from customers or partners), can involve exposing data, code, or both. What safeguards are now in place to secure them? Blockchain also involves this runtime exposure – how is this handled?

The execution gap is not limited to the public cloud. Private cloud and on-premises data centers face the same issues. CIOs need to ask themselves if and how the gap is being mitigated. It may be counterintuitive, but the public cloud, with the use of confidential computing, may be the safest place to run code, algorithms, and data. If an organization is not currently using the public cloud (for fear of potential exposure of regulated or proprietary data), it may be time to reconsider its use.

Public cloud abandonment is often due to control and access issues. With private clouds and on-premises data centers, organizations typically know and can control who has access to what through the use of combinations of physical, network, and application security, logging or monitoring, and various forms of zero-trust access. The concern with the public cloud has been how to prevent access to unauthorized insiders, third parties, various third party hardware or software components, and even potential attackers. Now, with confidential computing, these concerns could be totally eliminated.

CIOs need to challenge popular notions that encryption is entirely secure, and even the guarantee of blockchain and MPC. With so much that depends on private keys, leaders need to ensure that these are protected using the best practices and technology available.

]]> The Myth of Online Privacy: Risks, Dangers and Solutions https://canttot.com/the-myth-of-online-privacy-risks-dangers-and-solutions/ Mon, 14 Nov 2022 14:45:00 +0000 https://canttot.com/the-myth-of-online-privacy-risks-dangers-and-solutions/ Privacy means something completely different these days than it did just ten years ago. And the only things we have to blame for that are the internet and ourselves. In the age of the Internet, we are only as “private” as the tools we use allow us to be, which is not much. While you’ll […]]]>

Privacy means something completely different these days than it did just ten years ago. And the only things we have to blame for that are the internet and ourselves.


In the age of the Internet, we are only as “private” as the tools we use allow us to be, which is not much. While you’ll be happy to use many free tools, know that you’re actually paying with data.


The case of missing privacy

Data Aggregation 03

Data is now the new currency and we all “give it away” by blindly agreeing to all of these terms and conditions on a ton of services we use day in and day out. If you dive into the privacy policies of these companies, you will immediately notice that your data is being sold to various third parties.

Of course, none of your data is sold with your name on it. You are just a number to them. This is for “anonymity” purposes, on some level, but it also makes it easier because they sell your data to marketers so that you are targeted with relevant ads.

The biggest culprits are all the businesses you interact with all day. Sure, Google has a ton of apps you love, but at the end of the day, they get most of their revenue from advertising.

Meta’s Facebook and Instagram are great when you’re bored, aren’t they? But they collect a ton of information about your browsing habits, likes, dislikes, stops watching, scrolls, etc.

Any site you visit sets a cookie on your browser and every click you make is logged somewhere.

How your data is used and misused

Impersonation 02

Let’s say you know what you’re signing up for when you use one of these companies, which allows them to put all that data together so you can have a better experience. This information is used to provide you with advertisements that you will find interesting. It’s good for businesses, but it’s also good for you on some level because you can discover things that interest you rather than random products that you would never look twice at.

The problem is that scammers can use the same data.

Scammers will find out who you are, what you like, what you’re most likely to click on, and send you a phishing email, for example. Once you click on it, they have access to even more of your data. They can steal your identity, siphon money from your bank account, and more.

But how do scammers get your data? Well, some data brokers willingly and knowingly sell them to them. Of course, this is not the case for everyone, but there have been lawsuits regarding this particular issue in the United States.

Working with data is a lucrative business, so there are tons of these data brokers out there. Some of these companies are massive, like Google, while others are much smaller. They all gather information from various sources, process it, clean it and analyze it before reselling it.

The consequences of losing our privacy

Control your data 5

One of the biggest problems is that not all companies use the same security protocols to secure your information. In the event of a data breach, all of your information can be stolen.

The cybersecurity incidents you hear about most often affect various services and you know exactly that hackers can have your name, email address and password encrypted, for example.

When data brokers are hacked, things get even more complicated because of all that information they have about you. Even though all of this may be anonymous, without being attached to your name, there is evidence that all of this may be used to re-identify you.

This is when you can be a victim of identity theft, scammed, or harassed online.

There is also the issue of where and how your data is used. We have read of many cases where the information gathered has been used by insurance companies to raise rates. There are also concerns that health insurance companies could use information from data brokers to raise fees, deny coverage, and more.

How to solve the problem

Collecting 5 data points

One of the best ways to maintain your privacy in this situation is to ask data brokers to remove your information from their servers. As you can imagine, this can take forever if you do it yourself, and it’s almost certain that you’ll miss at least a few of them.

If you use Incogni, however, they can do the work for you, contact all data brokers and remove your information. They leverage GDPR, CCPA, and other privacy laws on your behalf.

They will update you weekly on their progress and then, once the goal is reached, will continue to ask these companies to delete any new information they acquire about you. Usually it takes 30-45 days for data brokers to comply with the requirements as they try to process your information for as long as possible.

If you want to subscribe to Incogni, we have a discount code for you as part of the company’s Black Friday campaign. Use INCOGNI60 before December 4, 2022, and you will get 60% off the one-year subscription plan. This is a fabulous deal!

Take back your privacy

Online privacy is something we all desire. Although we can control what we share ourselves, there is little we can do to limit the metadata collected about you. Subscribing to Incogni is a step in the right direction to recover this data and demand the return of your privacy.

]]>
Rise of Banking Trojan Dropper in Google Play https://canttot.com/rise-of-banking-trojan-dropper-in-google-play/ Thu, 10 Nov 2022 18:01:21 +0000 https://canttot.com/rise-of-banking-trojan-dropper-in-google-play/ The Zscaler ThreatLabz team recently discovered the Xenomorph banking Trojan embedded in a Google Play Store Lifestyle app. The app is called “Todo: Day manager” and has over 1,000 downloads. This is the latest in a disturbing series of malware lurking in the Google Play Store: in the past 3 months, ThreatLabz has reported over […]]]>

The Zscaler ThreatLabz team recently discovered the Xenomorph banking Trojan embedded in a Google Play Store Lifestyle app. The app is called “Todo: Day manager” and has over 1,000 downloads. This is the latest in a disturbing series of malware lurking in the Google Play Store: in the past 3 months, ThreatLabz has reported over 50 apps resulting in over 500,000 downloads, incorporating malware families such as Joker, Harly, Coper and Adfraud.

Fig no 1.Malware Install from Play Store

Xenomorph is a Trojan that steals credentials from banking apps on users’ devices. It is also capable of intercepting SMS messages and user notifications, allowing it to steal one-time passwords and multi-factor authentication requests.

Our analysis revealed that Xenomorph banking malware is removed from GitHub as a fake Google service application upon app installation. It starts by asking users to enable access permission. Once provided, it adds itself as a Device Admin and prevents users from disabling Device Admin, making it uninstallable from the phone. Xenomorph creates an overlay on legitimate banking apps to trick users into entering their credentials.

A similar infection cycle was observed three months ago with the Coper banking Trojan. This Trojan was also embedded in Google Play store apps and pulled its malware payload from the Github repository.

Technical details

Below is the Xenomorph infection cycle once a user downloads an app and opens it.

Fig no 2. Flow of infection

When the app is first opened, it contacts a Firebase server to get the scene/banking malware payload URL. It then downloads the malicious Xenomorph Banking Trojan samples from Github. This banking malware then reaches the decoded command and control (C2) servers either through the content of the Telegram page or from a static code routine to request further commands, extending the infection.

The malware downloader parent app (Google Play Store) gets its configuration from Firebase for its database.

Fig no 3. Malware activates downloader.

Fig no 4. The downloader is not activated.

As shown in the screenshot above, the malware will only download other banking payloads if the “Enabled” setting is set to true.

The following screenshot shows how the Firebase Database malware uses Github links to download Xenomorph payloads:

Fig no 5. Malware writes dropper urls to local firebase database

The screenshots in Figures 6 and 7 below show C2 recovery from a Telegram page. Here, the banking payload has the Telegram page link encoded with RC4 encryption. Upon execution, the banking payload will reach the Telegram page and download the content hosted on that page.

Fig no 6. Use Telegram link response to create C2 in addition to the static encrypted C2 present in the app

Fig no 7. Preview of Telegram channel where string between emoji hearts is used to create C2

According to the following screenshot, the payload will decrypt the C2 server address from the downloaded content:

Fig no 8. Decode C2 of Telegram

ThreatLabz also observed RC4-encoded C2 domains stored in the code. The following screenshot shows the C2 request in which the payload sends all installed applications to C2 in order to receive further instructions. In one case, it will present the fake login page of a targeted banking app if the legitimate app is installed on the infected device.

Fig no 9. Malicious software downloading all package information to receive commands

ThreatLabz has also observed another application, named “経費キーパー” (Expense Keeper), exhibiting similar behavior. When executing this application, it is observed that the “Enabled parameter” is set to false, similar to the execution previously shown in Figure 4. Because of this, it was not possible to retrieve the URL Dropper for bank payload. ThreatLabz is working with Google’s security team for the same.

Fig no 10. Suspicious installer exhibiting the same behavior

IoC

com.todo.daymanager

d81f9c03c412b11df357f0878c9c5cad9319c7eea11b5c46d0c624995bc09563

com.setprice.expenses

58d634230951ee7699a4b4740e12be8e93a28bd183f61447832bd1d5d98160d8

Xenomorph Banking Trojan

package name

MD5

njuknf.cpvmqe.degjia

b8b8706807a97c40940109a93058c3d0

ylyove.pkmcsy.upvpta

98ea3fe61fde0c053dfac61977a11488

ylykau.jhfxjd.hlhhwl

df57895cfc79ee8812aac5756ab4bcc8

lkvrny.bbslie.mrgsdy

73511ef7bb9d59b3d91dbeef5f93eec0

gkapsv.nlitfn.fzteaf

f0b001dbe36f45cedcb15e3f9fc02fd7

binono.bgcwvl.iupqtk

8437e226e55ba6dea9a168bee5787b0d

cfbyzn.zhxxjj.sziece

8f66412e945ca9a75797d5f5eba9765c

gfgnfe.rcsjkm.abwxdj

6a117cafa32a680dc94f455745291f0f

usyjui.monkab.acacpn

cb9500f910bd655df444f7d43d0298f9

gnvbgm.ipblyp.bpnyrg

d95c03247a58d3fabb476a7f3241f3a1

xsgrsn.nicojr.uaqxws

cd63afae858fdf75f34aae05e36b8a34

xhlkae.ligagt.dmihjy

c5d510251a34f52427d133a6f9248cbf

qlvsvm.oqsncp.otgbxc

781bbaee614697beecfcbe9a2f9dd820

rxreyj.obxmlg.rjluib

49c4801abb6c92d17c8021c2f656c644

brpdxm.orolnd.jsxhrp

1829589d95bdd2c30f0bef154decd426

wwzaqw.eejyqr.czrldy

e834676cdbd63ce4eb613499605dc365

ogbfbt.rhrnua.kccuoh

9e498ba660bdcb279149e6a5986c2793

lnckvn.vlmjxx.uwcpub

4b2e849543b0ecaec1885170a5ef5243

vjqfyn.ygmzrs.trlvch

7e4f1deb5b21d47a7c41ef1a5f43a2f2

blglyu.rjqwgg.vveize

7f574986dc8a03e6a4cba60d1ac4f7d1

C2

hxxps[://]github[.]com/blsmcamp/updt
gogoanalytics[.]Click on
gogoanalytics[.]digital

Conclusion

At Zscaler, we proactively detect and monitor these applications to secure our customers. These banking phishing installers mostly rely on deceptive users to install malicious applications. Users are advised to keep an eye on the app being installed. A Play Store app is not meant to sideload or ask users to install from unknown sources. We believe that hostile phishing downloaders will further increase in prevalence in the future. User vigilance is of the utmost importance in defeating these phishing campaigns.

*** This is a Security Bloggers Network syndicated blog from Blog Category Feed written by Himanshu Sharma. Read the original post at: https://www.zscaler.com/blogs/security-research/rise-banking-trojan-dropper-google-play-0

]]>
Consumer trust and online retail. Australian student data potentially exposed. Cop27 as a monitoring tool. Medibank Violation Update. https://canttot.com/consumer-trust-and-online-retail-australian-student-data-potentially-exposed-cop27-as-a-monitoring-tool-medibank-violation-update/ Mon, 07 Nov 2022 20:38:06 +0000 https://canttot.com/consumer-trust-and-online-retail-australian-student-data-potentially-exposed-cop27-as-a-monitoring-tool-medibank-violation-update/ In one look. The decline in online shopping could be linked to a lack of customer confidence. Australian student data potentially exposed in data breach. The Cop27 summit app could be used as a monitoring tool. The latest on the Medibank data breach. The decline in online shopping could be linked to a lack of […]]]>

In one look.

  • The decline in online shopping could be linked to a lack of customer confidence.
  • Australian student data potentially exposed in data breach.
  • The Cop27 summit app could be used as a monitoring tool.
  • The latest on the Medibank data breach.

The decline in online shopping could be linked to a lack of customer confidence.

With online shopping showing a recent decline, cybersecurity networking and content delivery company Akamai has partnered with YouGov to conduct a survey of consumer sentiment towards web shopping. After surveying around two thousand online shoppers in the UK, they found that 59% would stop shopping at a retailer if it were the victim of a cyberattack, and around half of respondents said they would not. trust online retailers to protect their personal information. The distrust is not surprising given that 64% of online shoppers said they had experienced an attempted cyberattack in the past year, and the “Web Application and API Threat Report” from Akamai revealed that web application and API attacks increased by 301% between July 2021 and July 2022. Richard Meeus, Akamai Director of Technology and Security Strategy for EMEA at Akamai, said told the Fintech Times: “With cyberattacks on the rise, it is more important than ever for retailers to ensure their customers feel secure when shopping online. . In this time of economic uncertainty, many retailers will be tempted to cut their budgets. This research shows that cybersecurity is an area where they cannot afford to cut corners. »

Australian student data potentially exposed in data breach.

The breach by Australian tech company PNORS Technology Group may have resulted in the exposure of data belonging to students located in the state of Victoria, reports the Sunday Age. PNORS works with six state departments, including education and training, and it appears that information from the Victorian school entrance health questionnaire was included in the breached data. The questionnaire collects sensitive information such as demographics, developmental and behavioral issues, and family alcohol or drug problems. The Department of Education has neither confirmed nor denied that the data has been compromised, and the Prime Minister and Cabinet Department would only disclose that the government is aware of the incident and is working with PNORS to determine the extent of the breach. “If it is determined that Victorian government data has been exposed as a result of this breach, departments will notify those affected and provide advice on steps they can take to minimize any risk,” the gatekeeper said. -word. PNORS chief executive Paul Gallo said the company initially thought only encrypted systems had been compromised. “However, overnight, the criminals behind the cyberattack provided the company in a private communication with a sample of what is believed to be stolen data,” Gallo said. Meanwhile, the independent Ormond Kilvington Grammar School has already notified families that the school’s data has been hacked and some personal information has been released.

The Cop27 summit app could be used as a monitoring tool.

As more than 25,000 government officials, journalists and activists from around the world gathered at the COP27 climate talks being held in Sharm el-Sheikh, Egypt, over the weekend, some fear the Egyptian government can use the official summit app to monitor and censor attendees. The Cop27 app requires users to agree to a host of permissions, including allowing the Egyptian Ministry of Communications and Information Technology to view emails and photos and track user locations. In the days leading up to the UN summit, Egypt’s authoritarian government carried out mass arrests of people accused of being dissidents, and there are fears the app could be used by Abdel Fatah al’s regime. -Sisi to eliminate opposition to the talks. Gennie Gebhart, advocacy director at the Electronic Frontier Foundation, told the Guardian: “This is a super-villain cartoon of an app. The biggest red flag is the number of permissions required, which is unnecessary for the operation of the app and suggests that they are trying to monitor participants. Hussein Baoumi of Amnesty International said the organization’s technical experts analyzed the app and found it was able to access a device’s camera, microphone, Bluetooth and location data. user and even to couple two different applications. Baoumi added: “It collects data and sends it to two servers, one of which is in Egypt.” Partly because of the Egyptian government’s fears over digital communications after the 2011 popular uprising, officials set up a very sophisticated surveillance system to monitor citizens’ communications, and with the large number of high-level participants in the summit, it would be an attractive target for officials looking to keep tabs on attendees. The Cop Presidency and the Egyptian Foreign Ministry have been approached for comment but have yet to respond.

The latest on the Medibank data breach.

In continuing coverage of Australian insurance company Medibank’s recent data breach, the total number of people affected by the incident has risen to around 9.7 million former and current customers. As ABC Australia details, that number includes 5.1 million Medibank customers, 2.8 million ahm customers and 1.9 million international customers. Depending on the category to which the victim belongs, the exposed data includes names, dates of birth, addresses, contact details, health claims data, passport details and visa information. The company says it will contact customers individually to explain what data was accessed and provide guidance on how to respond. Bloomberg Law notes that the hackers contacted Medibank to demand a ransom for returning the data, but the company refused to relent. Medibank CEO David Koczkar told ABC Australia why the company decided not to respond to cybercriminals’ demands. “You just can’t trust a criminal,” Koczkar said, adding that the company has heeded the advice of cybercrime experts who have found that giving in to such demands does not guarantee that data will be safe and secure. often leads to additional exposure.

]]>
Top 5 Gadgets Crypto Enthusiasts Must Own https://canttot.com/top-5-gadgets-crypto-enthusiasts-must-own/ Sat, 05 Nov 2022 06:00:01 +0000 https://canttot.com/top-5-gadgets-crypto-enthusiasts-must-own/ The market is currently experiencing an increase in the number of crypto gadgets and accessories. A wide range of cryptocurrency wallets are available, as well as gadgets that make buying and storing NFTs easier. These are the ones you should consider. Nano X Register Nano X registerPrice: 570 DhsThe Ledger Nano X wallet lets you […]]]>

The market is currently experiencing an increase in the number of crypto gadgets and accessories. A wide range of cryptocurrency wallets are available, as well as gadgets that make buying and storing NFTs easier. These are the ones you should consider.

Nano X Register

Nano X register
Price: 570 Dhs
The Ledger Nano X wallet lets you manage your cryptocurrency and non-fungible tokens on the go, with storage for up to 100 crypto assets. Whether you’re checking in between business meetings or at the airport lounge, the wallet allows remote access using its Ledger Live app, allowing you to easily manage and grow your assets. Your assets are safe in a cold and encrypted wallet, which is essential in today’s economic challenges. The wallet is available in three colors.

D’Cent Biometric Wallet

D’Cent Biometric Wallet
Price: 510 Dhs
Allowing you to track multiple cryptocurrencies, such as Bitcoin, Cash, XRP, Litecoin and others, makes D’CENT Biometric a leader in the crowded crypto wallet market. The main selling point of this device is the built-in biometric fingerprint reader providing additional security, so you don’t have to manage your digital assets. Once configured, it offers stress-free transaction signing. A large 128×128 pixel OLED display allows for a clear and simplified view of transaction and account details.

21.5 inch Tokenframe NFT display

21.5 inch Tokenframe NFT display
Price: MAD 2,860

Bring your NFTs to life by projecting them directly onto the Tokenframe, creating a state-of-the-art digital display of your treasured collection. Available in wooden frames with custom anti-glare screens specially designed to display digital art. 2k resolution is designed to impress with built-in stereo speakers, allowing fans to become fully immersed in the NFT collection. Additionally, you can connect multiple Tokenframes throughout your home to create your own personal gallery. Lightning-fast setup is easy with the unique app, which allows access to the QR code to project NFTs via a Metamask.

Asus ZenBook Pro Duo 15 OLED Laptop
Price: 8000 Dhs

Asus ZenBook Pro Duo 15 OLED Laptop

If you are an NFT creator or collector, read on. Enter the ASUS Zenbook Pro Duo 15 OLED laptop. The device has a dual touch screen and a stylus designed to make it easy to create NFTs. It has a 4k screen and 1TB of memory. OLED displays an organic electroluminescent compound that can reduce harmful blue light by up to 70%, which is easier on the eyes than traditional LCDs. If all that wasn’t enough, the laptop is the perfect crypto and business companion.

Opolo hardware wallet

Opolo hardware wallet
Price: 728 Dhs
The Opolo hardware wallet features a sleek design and is packaged in a high security certified chip with an EAL6+ rating. It can also be used offline. The wallet features a large, stylish 3.2-inch touchscreen and is compatible with over 120 coins and 200,000 tokens, making it easy to send and receive. The sleek gadget also acts as a password manager, making it reliable technology.

Read: Hands-on review: Huawei Watch Fit 2

]]>
Researchers urge FTC to adopt encrypted whistleblower channel for antitrust violations https://canttot.com/researchers-urge-ftc-to-adopt-encrypted-whistleblower-channel-for-antitrust-violations/ Tue, 01 Nov 2022 21:29:09 +0000 https://canttot.com/researchers-urge-ftc-to-adopt-encrypted-whistleblower-channel-for-antitrust-violations/ Written by Nihal Krishan November 1, 2022 | FEDSCOOP A new cryptographic, open-source tool created by policy specialists at the Aspen Institute could significantly streamline and improve the Federal Trade Commission’s whistleblower antitrust complaint process. Currently, the FTC uses a simpler and less secure email process for antitrust whistleblower complaints, which four Aspen Institute technology […]]]>

Written by Nihal Krishan

A new cryptographic, open-source tool created by policy specialists at the Aspen Institute could significantly streamline and improve the Federal Trade Commission’s whistleblower antitrust complaint process.

Currently, the FTC uses a simpler and less secure email process for antitrust whistleblower complaints, which four Aspen Institute technology scholars want to revolutionize with a proposed new user interface. The researchers say the tool could improve the collection of whistleblower reports of companies’ anti-competitive behavior.

Gathering evidence of antitrust violations from employees is a key part of the FTC’s enforcement action. This evidence is crucial because the increasingly complex algorithms and code of commercial products make anti-competitive behavior harder to detect.

The Aspen researchers – Arjun Hassard, Justino Mora, Julia Uhr and Ritvik Vasudevan – are pushing the FTC to roll out their “intelligent and secure reporting channel”, according to their guidance note, to allow for better communication between staff of the FTC and whistleblowers using an open source platform.

“When we showed them, the FTC was very impressed with what we built,” said Arjun Hassard, lead author of Aspen’s guidance note and creator of the proposed whistleblower tool. FTC.

“They said the prototype made a lot of sense, so hopefully it will be used in FTC business in the future, especially since the FTC is underfunded and this tool is quite cheap to maintain. given that it’s built on open-source software that can easily be run in-house instead of a multi-million dollar contract,” Hassard said.

The FTC endorsed the creation of the tool by the four Aspen researchers, and offered general guidance on what the agency would need from such a tool before the tech researchers create the prototype. The Aspen researchers are optimistic that the Trade Commission will consider using the prototype as a guiding design and proof of concept for future whistleblower channels.

The prototype tool is built on top of GlobaLeaks, a well-known and trusted free open source software intended to enable secure and anonymous whistleblower initiatives that was launched in 2011.

According to Hassard, the purpose of the whistleblower tool is to educate and reduce the risk for civil participants, primarily workers and technology employees, to voluntarily report anti-competitive behavior.

“Since it’s open source, we’ll be taking feedback from hackers, privacy groups, and others to create stronger security and a much better sense of trust, which to our opinion, is innovative in the government space,” Hassard said. “It would be one of the first major informant fundamental frameworks that is open source.”

Whistleblowers and evidence from long, multi-year investigations play a key role in the FTC’s ability to successfully prosecute and regulate technology companies for anticompetitive practices and force behavioral change.

The Commerce Committee has spoken out over the past two years under Chairman Lina Khan to get creative with tackling the monopolistic practices of Big Tech companies by filing more antitrust lawsuits, blocking more mergers, revisiting previous agreements and being open to more complaints from whistleblowers.

Antitrust violations or anticompetitive behavior are harder to realize, detect and communicate when hidden in large amounts of software code or complicated algorithms, Hassard said, and it’s increasingly a problem. that the FTC wants to address and be more aggressive.

“There aren’t many examples of open source, incentive-based design like this working well in government right now and we want the good ideas in this space to not just be kept unnaturally in private space for personal enrichment, but rather for societal public good as well,” Hassard said.

]]>
Michael Gove defends Suella Braverman for breach of security as Liz Truss’ phone was hacked by Russia https://canttot.com/michael-gove-defends-suella-braverman-for-breach-of-security-as-liz-truss-phone-was-hacked-by-russia/ Sun, 30 Oct 2022 18:33:15 +0000 https://canttot.com/michael-gove-defends-suella-braverman-for-breach-of-security-as-liz-truss-phone-was-hacked-by-russia/ Labor will try to force the government to publish its assessments of the Suella Braverman security breach. The Home Secretary was sacked by Liz Truss over the breach, which she claimed she “promptly reported” after learning about it. However, it has now emerged that Ms Braverman emailed a member of staff telling her to ‘delete […]]]>
Labor will try to force the government to publish its assessments of the Suella Braverman security breach.

The Home Secretary was sacked by Liz Truss over the breach, which she claimed she “promptly reported” after learning about it.

However, it has now emerged that Ms Braverman emailed a member of staff telling her to ‘delete and ignore’ the sensitive message which forced her to quit.

After sending the original email to the wrong person at 7:52 a.m., the recipient told him it had been sent to him in error 38 minutes later.

The reply from Ms Braverman’s account was then sent at 10.02am and said: ‘Please can you delete the post and ignore it.’

Now Mr Gove has rejected calls for the Government to release detailed documents about the breach, insisting he is “more than happy” with his reappointment as Home Secretary.

Labor is calling on the government to publish its assessments of the incident, which the leveling secretary has rejected.

He told the BBC’s Sunday With Laura Kuenssberg: “When we release everything, we also potentially release information that can compromise the effective functioning, not just of government, but of national security itself.

“I also want to critically make sure that what we don’t do, based on the imperfect information that’s in the public domain, rushes us into judgment in a way that I think is inappropriate.”

When asked if Ms Braverman was a politician of integrity, Mr Gove replied: “Absolutely.

“I am satisfied, more than satisfied, that by stepping down, accepting responsibility, apologizing and then being assured by the Cabinet Secretary and the Prime Minister that Suella’s return to power was the right thing, that Suella is now able to do the work she is dedicated to doing.

Confronted with the email, Mr Gove insisted his request was ‘standard practice’.

He suggested Ms Braverman faces opposition because she is ‘brave’ and ‘making change’.

“You only get flaked if you go over the target,” the senior curator said.

The former reporter also appeared to blame the media for the furor around the case, saying, “It becomes a distraction if people ask these questions.”

Mr Sunak is now coming under increasing pressure over his nomination, with the SNP claiming he has ‘engulfed’ the party in a scandal.

SNP Shadow Home Secretary MP Stuart McDonald said: “Rishi Sunak undermined his credibility and broke his promise of integrity by entering into a dodgy deal with Suella Braverman to shore up his own position.

“The Conservative Home Secretary’s appalling record of breaking cabinet code and repeatedly leaking sensitive government information makes her singularly unfit for office.

“The Prime Minister engulfed the Conservative government in sordidness and scandal days after entering Downing Street. He is distracting the UK government from the essential task of solving the Tory economic crisis by keeping Ms Braverman in her role.

“The UK Government must now ensure maximum transparency and publish all relevant information regarding the Home Secretary’s leaks and breaches, including the full advice given to Mr Sunak on his appointment.

“And the Home Secretary is due to come to Parliament to answer questions from MPs. Not just about her leaks – but also about the shocking reports that she ignored advice to move people out of Manston, which resulted in overcrowding, a diphtheria epidemic and illegal detentions.”

Yvette Cooper, the shadow Home Secretary, has warned the Government it cannot ‘play fast and right’ with national security, as she repeated Labour’s calls for Rishi Sunak to he fires Mrs. Braverman.

She said: ‘You can’t have a home secretary who the security service doesn’t trust, who important government information doesn’t trust.

“We believe that the documents and warnings that have been provided by the Cabinet Office and by the Secretary to the Prime Minister’s Office should be sent to the Intelligence and Security Committee.

“So far we have repeatedly asked if the Home Secretary has used her personal phone to send other government documents.

“There are also questions about whether she has been investigated for other security leaks, including around a matter involving the security department, and around a matter involving sensitive legal advice around Northern Ireland.”

Ms Braverman – nicknamed ‘Leaky Sue’ – is believed to have already been investigated by government officials after an article implicating the security services was leaked.

The Daily Mail reported that MI5 played a role in the investigation after the leak when Ms Braverman was attorney general sparked “concern” within the security service.

It comes with the Home Secretary also under fire over allegations that she ignored advice that migrants were being held illegally for long periods at Manston asylum processing center in Kent, claims that the Home Office was dismissed as “completely baseless”.

The Liberal Democrats have called on the government to publish the advice allegedly ignored by Ms Braverman.

Downing Street insists Ms Braverman has the ‘full confidence’ of Mr Sunak.

It came on a day when Mr Gove did not deny an incendiary report that Ms Truss’ home phone had been hacked by Russian spies/

Asked about the allegations, Mr Gove told Sky News’ Sophy Ridge program on Sunday: ‘I don’t know the full details of the security breach, if any, that took place.

“What I do know is that the government has very robust protocols in place to ensure that individuals are protected, but also that government security and national security are also protected.”

He said he couldn’t discuss national security issues because “loose lips can sink ships when it comes to these issues.”

The former British Army chief said Ms Truss’ use of a personal phone indicated ‘poor discipline’.

Lord Dannatt told Times Radio: “Our leaders must be disciplined enough to communicate only by authorized means, which themselves are encrypted and secure.

“We’ve seen it with Suella Braverman, apparently sending messages she shouldn’t have done on personal email, and now we’re getting it with Liz Truss.

“That, frankly, is not good enough.”

]]>
2022 Cyber ​​Threat Report Details Growing Trends https://canttot.com/2022-cyber-threat-report-details-growing-trends/ Thu, 27 Oct 2022 17:46:00 +0000 https://canttot.com/2022-cyber-threat-report-details-growing-trends/ Image: Askhat/Adobe Stock The cyber threat landscape is constantly evolving, with new attacks developing every day. In its new report, SonicWall explores some of the most dangerous trends security professionals need to have on their radar. SEE: How to Develop Skills in Cyber ​​Threat Intelligence Capabilities (TechRepublic) Ever-changing global malware activity SonicWall Capture Labs threat […]]]>
Image: Askhat/Adobe Stock

The cyber threat landscape is constantly evolving, with new attacks developing every day. In its new report, SonicWall explores some of the most dangerous trends security professionals need to have on their radar.

SEE: How to Develop Skills in Cyber ​​Threat Intelligence Capabilities (TechRepublic)

Ever-changing global malware activity

SonicWall Capture Labs threat researchers recorded 2.8 billion malware attacks in the first half of 2022. With the exception of June, global malware detection was higher in 2022 than in 2021 (Figure A).

Figure A

Global malware detection in 2021 and 2022.
Image: SonicWall. Global malware detection in 2021 and 2022.

The malware categories that grew the most were cryptojacking malware (30% increase) and IoT-related malware (77% increase).

Some changes in regional data were also reported. Attacks against North America increased by 2%, which is well below the global average. Yet Europe saw a 29% increase in cyberattacks and attacks in Asia increased by 32%.

Regarding the American states affected, Florida remains the most affected state, followed by California and New York (Figure B).

Figure B

Volume of malware in 2022 in US states.
Image: SonicWall. Volume of malware in 2022 in US states.

Another indicator to consider is the percentage of malware spread, which takes into account not only the volume of malware detected, but also the number of sensors detecting this activity for a region.

When calculated, the spread of malware indicates that South Dakota is the riskiest area for business, followed by Kansas and Hawaii (Figure C). Texas, on the other hand, is the safest state. Although it detected 99.3 million pieces of malware, it only represents 15.5% of organizations that see attempted malware attacks.

Figure C

Top 10 riskiest US states according to the Malware Spread Indicator.
Image: SonicWall. Top 10 riskiest US states according to the Malware Spread Indicator.

Looking at the various industries impacted by malware, education is the most targeted with a 21.4% increase per month, followed by government at 19.3%. Financial institutions were less targeted with only 15.2% of financial organizations affected by malware.

On the other hand, SonicWall, although it does not have enough sensors in Ukraine to meet statistical relevance, has been interested in verifying malware attacks in this country and has seen an extraordinary increase in malware from from March 2022 (Figure D).

Figure D

2022 Malware detections in Ukraine.
Image: SonicWall. 2022 Malware detections in Ukraine.

The ransomware situation

Ransomware attacks decreased by 23%, with 236.1 million ransomware attempts reported in the first half of 2022 (Figure E). The three most used ransomware families are Cerber, Ryuk and Gandcrab. The latter was shut down in 2019, but since it was provided as a service, these numbers likely reflect older campaigns.

Figure E

Global volumes of ransomware detected in 2021 and 2022.
Image: SonicWall. Global volumes of ransomware detected in 2021 and 2022.

After two years of increases, the global number of ransomware detections began to steadily decline from the third quarter of 2021. Although this is good news, the number seen in the first half of 2022 is still higher than the annual totals for each of the months 2017, 2018 and 2019, according to the researchers.

The United States remains the most impacted country in 2022 (Figure F).

Figure F

Top 10 countries affected by ransomware attacks.
Image: SonicWall. Top 10 countries affected by ransomware attacks.

European countries appear more and more in the top 11, with seven countries compared to only five in 2021.

Several factors may explain the decline in ransomware attacks. According to the researchers, increased hardening of organizations, continued volatility in cryptocurrency prices, tighter regulations from cybersecurity insurers could all be factors.

Still, the NSA says the most important factor is probably the political conflicts and the fact that the Russians are focusing more on Ukraine-related activities. These cybercriminals are also finding it more difficult to use credit cards and other means of purchasing infrastructure in Western countries and are suffering from increasing difficulties in moving money.

IoT malware is increasing

IoT malware has increased by 77% since the start of the year, even surpassing no less than 12 million detections between January and June 2022 (G-figure).

G-figure

Global IoT malware volumes in 2021 and 2022.
Image: SonicWall. Global IoT malware volumes in 2021 and 2022.

North America recorded more than 5 million detections for the first time in January 2022, reaching 6.7 million. In June, it even reached 8.1 million. Detections in Asia increased by 74%, reaching 2 million in January, while in Europe they were down by 19%.

When it comes to targeted industries, every industry has shown triple-digit increases in attack volume. Finance grew by 151%, healthcare by 123%, retail by 122%, government by 114% and education by 110%.

Cryptojacking Trends

Global cryptojacking reached 66.7 million visits in the first half of 2022, representing a 30% increase from the first half of 2021. The three most targeted industries – government, healthcare and education – fell by 78%, 87% and 96% respectively, while retail is up 63% year-to-date and finance is up 269%.

Although cryptocurrency is unstable and Bitcoin has fallen a lot since 2021, it’s still easier for cybercriminals to dig harder than to find a new way to make money, which explains the increase in cyber attacks. cryptojacking.

According to the researchers, some ransomware operators are also changing their activity to cryptojacking. Although it makes less money than ransomware, it is much quieter in terms of detection, and some cryptojacking victims are never aware of it, reducing the risks that attract some cybercriminals.

More threats

Malicious PDFs and Microsoft Office files are on the rise, with Excel still being the most exploited Microsoft Office application. Attackers mainly abuse XLM (Excel Macro 4.0) macro code, whereas before they exploited Visual Basic Analysis macros. More recently, attackers have started using a combination of XML and VBA to perform malicious activities.

Exploitation of the Log4j vulnerability is still high, averaging 2.8 million exploit attempts per day.

Encrypted attacks, meaning attacks using encrypted communications, saw a 132% increase from January to July 2022, primarily targeting government, finance, and education.

Intrusion attempts increased by 18% in the first half of 2022, while malicious intrusions (i.e. medium to high severity attempts) fell by 19% for the same period in 2021.

Disclosure: I work for Trend Micro, but the opinions expressed in this article are my own.

]]>
SANS Institute to Enhance Cybersecurity Skills Through SANS Gulf Region 2022 in Dubai https://canttot.com/sans-institute-to-enhance-cybersecurity-skills-through-sans-gulf-region-2022-in-dubai/ Mon, 24 Oct 2022 06:26:14 +0000 https://canttot.com/sans-institute-to-enhance-cybersecurity-skills-through-sans-gulf-region-2022-in-dubai/ Dubai, United Arab Emirates – SANS Institute, the global leader in cybersecurity training and certifications, announced SANS Gulf Region 2022, an interactive training program that aims to teach participants how to prevent cyberattacks and detect adversaries with actionable techniques taught by top practitioners. global cybersecurity. The event will take place from November 5-24, 2022 at […]]]>

Dubai, United Arab Emirates – SANS Institute, the global leader in cybersecurity training and certifications, announced SANS Gulf Region 2022, an interactive training program that aims to teach participants how to prevent cyberattacks and detect adversaries with actionable techniques taught by top practitioners. global cybersecurity. The event will take place from November 5-24, 2022 at the Hilton Dubai Jumeirah and will offer a wide range of in-person and virtual cybersecurity trainings to develop critical skills and impart techniques that attendees can leverage in the real world. .

SANS Gulf Region 2022 features 15 in-depth sessions including: Mobile Device Security and Ethical Hacking; ICS Cybersecurity in depth; Security Vulnerability Management: Enterprise and Cloud; Reverse engineering malware: advanced code analysis; Implementing and auditing security and other frameworks and controls.

Following the pandemic and the rise of remote working around the world, the global threat landscape continues to evolve at a rapid pace. In the 2022 SonicWall Cyber ​​Threat Report, the security vendor reported that cyberattacks have increased due to a seismic shift in the geopolitical landscape. Its mid-year update revealed that 2.8 billion malware attacks were recorded in the first half of 2022 (11% more than in 2021), while ransomware volume fell by 23. % in the world. Europe also saw a 63% increase and even in decline, year-to-date ransomware volume surpassed 2017, 2018, and 2019 year-to-date totals. had a significant 77% increase in IoT (Internet of Things) Malware and a 132% increase in encrypted threats sent over HTTPS.

“SANS is committed to giving cybersecurity professionals the skills and tools they need to protect their organizations against threats, while attracting new talent to the world of cybersecurity,” says Ned Baltagi, Managing Director – Middle East and Africa at SANS Institute. “SANS Gulf Region 2022, our largest event in the region, provides a tremendous opportunity for candidates to learn about the most effective measures to prevent cyberattacks and detect threat actors by leveraging proven techniques relied upon by the most leading cybersecurity practitioners in the world.”

He continues, “The threat landscape in the GCC continues to evolve following the onset of the pandemic, the rise of hybrid work environments, and the increasing use of technology to boost productivity and business performance. Therefore, it is essential that businesses, whether government entities or corporations, take steps to protect their personnel, data and infrastructure by continuously training their cybersecurity professionals, so that they can detect threats and prevent cyberattacks.

Of the 15 courses, only FOR710: Reverse Malware Engineering: Advanced Code Analysis and ICS612: ICS Cybersecurity In-Depth are in-person sessions only in Dubai; attendees can attend the other 13 sessions in person (after registration) at the Hilton Dubai Jumeirah or virtually. The latter includes live streaming instructions with real-time assistance from GIAC-certified teaching assistants, as well as an archive of lectures that will be uploaded daily to participants’ accounts during the event, and provides four months of access to recordings of lectures. Participants also have the opportunity to earn CPEs to demonstrate their continued skill development.

In-person sessions will generally run from 9:00 a.m. to 5:00 p.m. Gulf Standard Time, including breaks.

SANS Gulf Region 2022 attendees can enjoy a discounted rate at the Hilton Dubai Jumeirah hotel. The special room rate will be available until October 7, 2022 or until the hotel group is full, whichever comes first.

Baltagi concludes, “Whether attending SANS Gulf Regions 2022 in person or virtually, all attendees will benefit from a comprehensive training experience delivered by leading professionals, enhanced by GIAC certifications-aligned materials that they can implement immediately to secure their environment. and advance their careers. We also make sure that there are active opportunities for attendees after the event that will keep them engaged and allow them to leverage their new knowledge and skills.

]]>