Furniture Master version 2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Furniture master v2 Sql injection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://www.kashipara.com/project/download/project2/user/2024/202404/kashipara.com_furniture-master-2-zip.zip      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /prodInfo.php?prodId=1 <===== inject here[+] http://127.0.0.1/furniture_master/prodInfo.php?prodId=1Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Furniture Master 2 SQL Injection

Food Ordering and Table Reservation System for Restaurants version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : food ordering and table reservation system for restaurants 1.0 Insecure Settings Vulnerability                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://www.kashipara.com/project/download/project2/user/2024/202404/kashipara.com_food-ordering-and-table-re.zip  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: murja      Password: 123[+] http://127.0.0.1/food-ordering-and-table-reservation-system-for-restaurants-master/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Food Ordering And Table Reservation System For Restaurants 1.0 Insecure Settings

Beauty Parlour and Saloon Management System version 1.1 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/bpmsp/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Beauty Parlour And Saloon Management System 1.1 Insecure Settings

Ultimately, the goal of businesses and cyber insurers alike is to build more resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them.

Source: Olekcii Mach via Alamy Stock Photo

COMMENTARY

The rising cost of cyberattacks, including downtime, investigations, lawsuits, ransoms, and more are prompting cyber insurers to re-examine underwriting and encourage greater cyber resiliency in their customer bases. With the influx of cyber-insurance claims stemming from the CrowdStrike IT outage and the exorbitant price of recovering from data breaches — $4.88 million, on average, according to IBM — the cyber-insurance industry will continue to self-correct and evolve to fit market needs while maintaining profitability.

Insurers will come away from July's widespread IT outage relatively unscathed, as the outages were caused by a vendor error, not a cyberattack, and because it was fixed fairly quickly. Still, insurer Parametrix estimates insured losses from US Fortune 500 companies will total $540 million to $1.08 billion, not even including Microsoft. Now, imagine this is a cyberattack that goes through a third-party software-as-a-service (SaaS) provider and takes down a similar swath of business, but recovery is slower, and companies must pay ransoms to recoup their data. How many billions of dollars will cyber insurers be out then? 

Because cybersecurity is still a relatively new corner of the insurance market, ambiguity remains around what should be covered, the role cyber insurance plays in potentially encouraging ransom payments, etc. There's no doubt that it's still finding its footing, figuring out in real-time and on a world stage how to insure companies against rapidly changing and advancing cybersecurity threats.

This evolution will be what finally causes businesses to face reality and prioritize cyber resiliency to ensure data is always recoverable in the event their primary network is taken offline or data is held for ransom. Companies may not take it upon themselves to invest in better data protection practices, and the cyber-insurance market ultimately will force their hand.

**Cyber Insurers Drag Us Into the Future**

Over the past five years, the rise of ransomware has shifted not only an organization's risk profile but also the estimated payouts. In many insurance policies, it's all about risk mitigation, but unless an underwriter can accurately assess the risk or implement requirements to mitigate the threat, it becomes a financial business risk for the insurance company. Therefore, cyber-insurance prices have significantly risen along with the bar to qualify for coverage.

Many of the new requirements focus on data storage and backups. Segmented, encrypted, and immutable backups are the industry standard, but because of limited resources, unawareness, or segmented cybersecurity teams, it hasn't always been a prioritized industry standard. Now, companies will have no choice but to up their game if they want coverage. Those who fail to adopt these requirements will be left without insurance or an effective recovery plan, unable to financially recover when the inevitable ransomware attack hits.

However, in June, businesses stood before the House Homeland Security Committee and told Congress that they are struggling to obtain cyber insurance, and even once insurance is secured, they struggle to understand the nuances of what's covered. Plus, ransom payments themselves are increasing as cybercriminals learn they can demand, and receive, large payouts. According to Chainalysis, the median ransom payment in 2024 was $1.5 million as of July, a huge increase from $200,000 in early 2023.

Because such a significant portion of companies are uncertain what is actually covered by their cyber insurance — around 40%, according to Sophos — they can't risk having to pay the whole ransom themselves or face never recovering their valuable data. Companies must do what they can to reduce their own risk.

**Recoverable Data Is Its Own Form of Cyber Insurance**

Companies can reduce the cost of attacks by ensuring data remains recoverable, mitigating operational downtime, and preventing the need to pay ransoms. Ransomware relies on the fact that production or backup data is made useless for organizations to recover following an attack, but with immutable backup in place, organizations ensure access to their data remains. This is especially true as ransomware is now targeting backups specifically.

Immutability is a must-have for any type of backup storage because it is time-based, not key-based like encryption. This means that there is truly no way (outside of destruction of the physical hardware) to alter or remove the backup data once it is written into a device that has object lock, i.e., immutability, enabled. You can truly maximize this strategy by encrypting backup data before writing it to immutable storage; that way, it's unreadable (unless you have the key) and unalterable. 

It's also important to ensure that a disaster recovery plan is in place that includes a multilevel backup solution and disaster recovery testing on a weekly and monthly basis to get ahead of any potential issues. Once these are implemented, keep copies of all the backup tests to prove to an insurance company that you have a lower risk factor. 

Ultimately, the goal of businesses and cyber insurers alike is to build more-resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them. Law enforcement will continue to fight cybercrime, but there's no indication it will let up. Changes in the cyber-insurance market have the potential to disrupt the threat landscape by prompting the ubiquitous adoption of backup best practices and cyber resiliency.

**About the Author**

CEO, Object First

Object First CEO, David Bennett is a tech veteran and a seasoned channel executive with more than 30 years of IT channel leadership. Before joining Object First, he was CEO of Axcient and chief revenue officer at Webroot. Bennett has also held international leadership roles within such companies as Lenovo, Sony, and Kingston. British-born, he now resides in Colorado with his wife and family.

How Shifts in Cyber Insurance Are Affecting the Security Landscape

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.
Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies.

Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft. If convicted, he faces a maximum sentence of a jail term of 20 years for each count of wire fraud and a two-year consecutive sentence in prison for aggravated identity theft.

He was employed as an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008 and headquartered in Beijing.

According to information listed on AVIC's website, it has "over 100 subsidiaries, nearly 24 listed companies, and more than 400,000 employees." In November 2020 and June 2021, the company and some of its subsidiaries became the subject of U.S. sanctions, barring Americans from investing in the company.

Song is said to have carried out a spear-phishing campaign that involved creating email accounts to mimic U.S.-based researchers and engineers, which were then utilized to obtain specialized restricted or proprietary software for aerospace engineering and computational fluid dynamics.

The software could also be used for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons.

These emails, the U.S. Department of Justice (DoJ) alleged, were sent to employees at NASA, the U.S. Air Force, Navy, and Army, and the Federal Aviation Administration, as well as individuals employed in major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio.

The social engineering attempts, which started around January 2017 and continued through December 2021, also targeted private sector companies that work in the aerospace field.

The fraudulent messages purported to be sent by a colleague, associate, friend, or other people in the research or engineering community, requesting prospective targets to send or make available source code or software that they had access to. The DoJ did not disclose the name of the software or the defendant's current whereabouts.

"Once again, the FBI and our partners have demonstrated that cyber criminals around the world who are seeking to steal our companies' most sensitive and valuable information can and will be exposed and held accountable," said Keri Farley, Special Agent in Charge of FBI Atlanta.

"As this indictment shows, the FBI is committed to pursuing the arrest and prosecution of anyone who engages in illegal and deceptive practices to steal protected information."

Coinciding with the indictment, the DoJ also unsealed a separate indictment against Chinese national Jia Wei, a member of the People's Liberation Army (PLA), for infiltrating an unnamed U.S.-based communications company in March 2017 to steal proprietary information relating to civilian and military communication devices, product development, and testing plans.

"During his unauthorized access, Wei and his co-conspirators attempted to install malicious software designed to provide persistent unauthorized access to the U.S. company's network," the DoJ said. "Wei's unauthorized access continued until approximately late May 2017."

The development comes weeks after the U.K. National Crime Agency (NCA) announced that three men, Callum Picari, 22; Vijayasidhurshan Vijayanathan, 21; and Aza Siddeeque, 19, pleaded guilty to running a website that enabled cybercriminals to bypass banks' anti-fraud checks and take control of bank accounts.

The service, named OTP.agency, allowed monthly subscribers to socially engineer bank account holders into disclosing genuine one-time-passcodes, or reveal their personal information.

The underground service is said to have targeted over 12,500 members of the public between September 2019 and March 2021, when it was taken offline after the trio were arrested. It's currently not known how much illegal revenue the operation generated during its lifespan.

"A basic package costing £30 a week allowed multi-factor authentication to be bypassed on platforms such as HSBC, Monzo, and Lloyds so that criminals could complete fraudulent online transactions," the NCA said. "An elite plan cost £380 a week and granted access to Visa and Mastercard verification sites."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.

Scammers are flooding **Facebook** with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

One of the many scam funeral group pages on Facebook. Clicking to view the “live stream” of the funeral takes one to a newly registered website that requests credit card information.

KrebsOnSecurity recently heard from a reader named George who said a friend had just passed away, and he noticed that a Facebook group had been created in that friend’s memory. The page listed the correct time and date of the funeral service, which it claimed could be streamed over the Internet by following a link that led to a page requesting credit card information.

“After I posted about the site, a buddy of mine indicated \[the same thing\] happened to her when her friend passed away two weeks ago,” George said.

Searching Facebook/Meta for a few simple keywords like “funeral” and “stream” reveals countless funeral group pages on Facebook, some of them for services in the past and others erected for an upcoming funeral.

All of these groups include images of the deceased as their profile photo, and seek to funnel users to a handful of newly-registered video streaming websites that require a credit card payment before one can continue. Even more galling, some of these pages request donations in the name of the deceased.

It’s not clear how many Facebook users fall for this scam, but it’s worth noting that many of these fake funeral groups attract subscribers from at least some of the deceased’s followers, suggesting those users have subscribed to the groups in anticipation of the service being streamed. It’s also unclear how many people end up missing a friend or loved one’s funeral because they mistakenly thought it was being streamed online.

One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups.

George said their friend’s funeral service page on Facebook included a link to the supposed live-streamed service at **livestreamnow\[.\]xyz**, a domain registered in November 2023.

According to DomainTools.com, the organization that registered this domain is called “**apkdownloadweb**,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called **webhostbd\[.\]net**.

A search on “apkdownloadweb” in DomainTools shows three domains registered to this entity, including **live24sports\[.\]xyz** and **onlinestreaming\[.\]xyz**. Both of those domains also used webhostbd\[.\]net for DNS. Apkdownloadweb has a Facebook page, which shows a number of “live video” teasers for sports events that have already happened, and says its domain is **apkdownloadweb\[.\]com**.

Livestreamnow\[.\]xyz is currently hosted at a Bangladeshi web hosting provider named **cloudswebserver\[.\]com**, but historical DNS records show this website also used DNS servers from webhostbd\[.\]net.

The Internet address of livestreamnow\[.\]xyz is **148.251.54.196**, at the hosting giant Hetzner in Germany. DomainTools shows this same Internet address is home to nearly 6,000 other domains (.CSV), including hundreds that reference video streaming terms, like **watchliveon24\[.\]com** and **foxsportsplus\[.\]com**.

There are thousands of domains at this IP address that include or end in the letters “**bd**,” the country code top-level domain for Bangladesh. Although many domains correspond to websites for electronics stores or blogs about IT topics, just as many contain a fair amount of placeholder content (think “lorem ipsum” text on the “contact” page). In other words, the sites appear legitimate at first glance, but upon closer inspection it is clear they are not currently used by active businesses.

The passive DNS records for 148.251.54.196 show a surprising number of results that are basically two domain names mushed together. For example, there is **watchliveon24\[.\]com.playehq4ks\[.\]com**, which displays links to multiple funeral service streaming groups on Facebook.

Another combined domain on the same Internet address — livestreaming24\[.\]xyz.allsportslivenow\[.\]com — lists dozens of links to Facebook groups for funerals, but also for virtually all types of events that are announced or posted about by Facebook users, including graduations, concerts, award ceremonies, weddings, and rodeos.

Even community events promoted by state and local police departments on Facebook are fair game for these scammers. A Facebook page maintained by the police force in Plympton, Mass. for a town social event this summer called Plympton Night Out was quickly made into two different Facebook groups that informed visitors they could stream the festivities at either **espnstreamlive\[.\]co** or **skysports\[.\]live**.

**WHO’S BEHIND THE FAKEBOOK FUNERALS?**

Recall that the registrant of livestreamnow\[.\]xyz — the bogus streaming site linked in the Facebook group for George’s late friend — was an organization called “Apkdownloadweb.” That entity’s domain — **apkdownloadweb\[.\]com** — is registered to a **Mazidul Islam** in Rajshahi, Bangladesh (this domain is also using Webhostbd\[.\]net DNS servers).

Mazidul Islam’s LinkedIn page says he is the organizer of a now defunct IT blog called gadgetsbiz\[.\]com, which DomainTools finds was registered to a **Mehedi Hasan** from Rajshahi, Bangladesh.

To bring this full circle, DomainTools finds the domain name for the DNS provider on all of the above-mentioned sites  — webhostbd\[.\]net — was originally registered to a **Md Mehedi**, and to the email address **webhostbd.net@gmail.com** (“MD” is a common abbreviation for Muhammad/Mohammod/Muhammed).

A search on that email address at Constella finds a breached record from the data broker Apollo.io saying its owner’s full name is **Mohammod Mehedi Hasan.** Unfortunately, this is not a particularly unique name in that region of the world.

But as luck would have it, sometime last year the administrator of apkdownloadweb\[.\]com managed to infect their Windows PC with password-stealing malware. We know this because the raw logs of data stolen from this administrator’s PC were indexed by the breach tracking service Constella Intelligence \[full disclosure: As of this month, Constella is an advertiser on this website\].

These so-called “stealer logs” are mostly generated by opportunistic infections from information-stealing trojans that are sold on cybercrime markets. A typical set of logs for a compromised PC will include any usernames and passwords stored in any browser on the system, as well as a list of recent URLs visited and files downloaded.

Malware purveyors will often deploy infostealer malware by bundling it with “cracked” or pirated software titles. Indeed, the stealer logs for the administrator of apkdownloadweb\[.\]com show this user’s PC became infected immediately after they downloaded a booby-trapped mobile application development toolkit.

Those stolen credentials indicate Apkdownloadweb\[.\]com is maintained by a 20-something native of Dhaka, Bangladesh named **Mohammod Abdullah Khondokar**.

The “browser history” folder from the admin of Apkdownloadweb shows Khondokar recently left a comment on the Facebook page of Mohammod Mehedi Hasan, and Khondokar’s Facebook profile says the two are friends.

Neither MD Hasan nor MD Abdullah Khondokar responded to requests for comment. KrebsOnSecurity also sought comment from Meta.

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Austin, TX, 18th September 2024, CyberNewsWire

**Austin, TX, September 18th, 2024, CyberNewsWire**

Research indicates that an infostealer malware infection is often a precursor to a ransomware attack

SpyCloud, the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, and session cookies from infected devices. SpyCloud’s latest findings reveal the staggering scale of identity exposure caused by infostealers, the influence this type of malware has had on the surge in ransomware incidents, and the profound implications for businesses worldwide.

****Massive scale of identity exposure creates new risks****

According to SpyCloud, 61% of all data breaches in the past year were malware-related, with infostealers responsible for the theft of 343.78 million credentials. These stolen credentials are then sold in criminal communities for use in further attacks.

The research also found that one in five individuals has been a victim of an infostealer infection. Each infection, on average, exposes 10-25 third-party business application credentials, creating fertile ground for further access and exploitation, particularly by ransomware operators.

> “Our latest findings reveal a critical shift in the cybersecurity landscape,” said Damon Fleury, chief product officer at SpyCloud. “Infostealers have become the go-to tool for cybercriminals, with their ability to exfiltrate valuable data in a matter of seconds, creating a runway for cyberattacks like ransomware off the vast amounts of stolen access to SSO, VPN, admin panels, and other critical applications.” 

****Infostealers: The precursor to ransomware attacks****

The link between infostealers and ransomware is becoming increasingly evident. Through deep analysis of recaptured infostealer logs, SpyCloud discovered a worrying trend: companies with employees and contractors who are infected with infostealer malware are significantly more likely to experience a ransomware attack. In fact, nearly one-third of companies that suffered a ransomware attack last year had previously experienced an infostealer infection. According to the report, this is based on publicly known incidents and confirmed ransomware events. The true exposure is potentially even higher as not all ransomware incidents are made publicly available. 

> “The correlation between infostealer infections and subsequent ransomware attacks is a wake-up call for businesses,” said Trevor Hilligoss, vice president of SpyCloud Labs, SpyCloud. “However, this field is incredibly complex and fast-moving. This year, we’re seeing new infostealers families that make use of expanded capabilities such as advanced encryption to stay stealthy or the ability to restore expired authentication cookies for more persistent access.” 

****The rise of Malware-as-a-Service and account takeover attacks****

The infostealer threat is further exacerbated by the rise of Malware-as-a-Service (MaaS). This off-the-shelf model allows even low-skilled cybercriminals to purchase and deploy sophisticated malware, including infostealers, with ease. Through MaaS, these criminals can acquire fresh and accurate identity data in bulk, fueling the cycle of cybercrime.

SpyCloud’s findings also shed light on the evolution of account takeover (ATO) attacks, powered by infostealers. Unlike traditional ATO, which relies on stolen credentials (username and password combinations), next-generation ATO leverages stolen session cookies to sidestep traditional authentication methods in what is known as session hijacking. By taking over these already-authenticated sessions, cybercriminals can mimic legitimate users and infiltrate networks undetected. This method significantly increases the success rate of attacks and poses a severe threat to organizational security.

> “The sheer volume of credentials and session cookies being siphoned by infostealers is staggering,” said Hilligoss. “In the last 90 days alone, SpyCloud has recaptured over 5.4 billion stolen cookie records – with an average of nearly 2,000 exposed records per infected device. This vast trove of data is increasingly used by ransomware operators and initial access brokers to facilitate their attacks, highlighting the need for advanced defense strategies.”

****Antivirus, MFA and traditional defenses are no longer enough****

At least 54% of devices infected with infostealers in the first half of 2024 had antivirus or endpoint detection and response (EDR) solutions installed, underscoring the limitations of traditional cybersecurity measures in combating the techniques used by modern cybercriminals. 

Furthermore, infostealers and session hijacking attacks render multi-factor authentication (MFA) and passwordless authentication methods like passkeys ineffective. By hijacking already-authenticated sessions, cybercriminals can impersonate legitimate users and side-step even the most robust authentication methods.

****The call for next-generation cybersecurity****

The findings from SpyCloud make it clear: traditional malware mitigation is no longer sufficient and ignoring the problem only exacerbates the impact on businesses. Organizations must move beyond merely removing infections and focus on remediating the long-term risks posed by exposed data. This includes resetting compromised application credentials and invalidating session cookies siphoned by infostealers.

By understanding the risks posed by infostealers and working to mitigate the data that has been exfiltrated, organizations are able to limit the likelihood of devastating cyberattacks such as ransomware that stem from this stolen data. SpyCloud remains committed to helping organizations navigate these challenges and safeguard their digital assets.

Readers can download the full 2024 Malware and Ransomware Defense Report.

To learn more about how SpyCloud helps organizations defend against ransomware, readers can visit https://spycloud.com/use-case/ransomware-prevention/. 

**About the SpyCloud 2024 Malware and Ransomware Defense Report**

For this fourth annual report, SpyCloud surveyed 510 individuals in active cybersecurity roles within organizations in the US and the UK with at least 500 employees. The report examines the top concerns and real-life impacts of ransomware, including popular entry points, ransom payments, and the cumulative costs of these attacks to the business. It also highlights key cyber threat prevention strategies and future security priorities identified by these experts.

**About SpyCloud**

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include more than half of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on their company’s exposed data, readers can visit spycloud.com

**Contact**

**EVP, Public Relations**  
**Katie Hanusik**  
**REQ on behalf of SpyCloud**  
**\[email protected\]**

SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures

Snapchat reserves the right to use your selfies to add a personal touch, as in your face, to its advertisements.

Snapchat is reserving the right to use your selfie images to power Cameos, Generative AI, and other experiences on Snapchat, including ads, according to our friends at 404 Media,

The Snapchat Support page about its My Selfie feature says:

> “You’ll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you. If you’re uploading images from the camera roll, only add images of yourself.”

A Snapchat spokesperson told 404 Media:

> “You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snapchatter can see themselves in a generated image delivered to them…“As explained in the onboarding modal, Snapchatters have full control over this, and can turn this on and off in My Selfie Settings at any time.”

However, according to 404 Media the “See My Selfie in Ads” feature is on by default, so you’d have to know about the feature in the first place in order to turn it off.

We also wonder how Snapchat plans to check whether the user is uploading real selfies and not pictures of someone else.

Once again, we see this assumption by a social media platform that it’s OK to use content posted on their platform for training Artificial Intelligence (AI). It isn’t!

It’s even worse to do it without explicit user consent. Hiding it somewhere deep down in a mountain of legalese called a privacy policy that nobody actually reads is not real consent. This lack of transparency and control over personal data is upsetting. The realization that some individuals may not want their likeness used for commercial purposes or to train systems they don’t support doesn’t seem to bother anyone at these social media giants.

**How to change your My Selfie settings**

You can change or clear your **My Selfie** in your **Settings**:

1.  Tap the gear icon ⚙️ in **My Profile** to open **Settings**
2.  Tap **My Selfie** under **My Account**
3.  Tap **Update My Selfie** or **Clear Selfie**

**Why AI training on your images is bad**

We have seen many cases where social media and other platforms have used the content of their users to train their AI. Some people have a tendency to shrug it off because they don’t see the dangers, but let us explain the possible problems.

*   Deepfakes: AI generated content, such as deepfakes, can be used to spread misinformation, damage your reputation or privacy, or defraud people you know.
*   Metadata: Users often forget that the images they upload to social media also contain metadata like, for example, where the photo was taken. This information could potentially be sold to third parties or used in ways the photographer didn’t intend.
*   Intellectual property. Never upload anything you didn’t create or own. Artists and photographers may feel their work is being exploited without proper compensation or attribution.
*   Bias: AI models trained on biased datasets can perpetuate and amplify societal biases.
*   Facial recognition: Although facial recognition is not the hot topic it once used to be, it still exists. And actions or statements done by your images (real or not) may be linked to your persona.
*   Memory: Once a picture is online, it is almost impossible to get it completely removed. It may continue to exist in caches, backups, and snapshots.

If you want to continue using social media platforms that is obviously your choice, but consider the above when uploading pictures of you, your loved ones, or even complete strangers.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Snapchat wants to put your AI-generated face in its ads 

Can cyber defenders use the presence of infostealers as a canary in the coal mine to preempt ransomware attacks?

Source: Jim West via Alamy Stock Photo

Nearly a third of companies that fell victim to ransomware last year had at least one infostealer infection in the months prior to their attack.

Cyberattacks, but particularly ransomware attacks, only work when they're a surprise. It's why ransom notes through history have almost always opened by simply stating the facts: "Your network has been penetrated," or "Oops, your files have been encrypted." Companies with any notion that an attack is about to come can easily rebuff it simply by backing up and encrypting their files. That's why it's so interesting that, as SpyCloud notes in its 2024 "Malware and Ransomware Defense Report," nearly a third of all ransomware events last year were foreshadowed by an infostealer infection in the 16 weeks prior.

Infostealers before ransomware is a useful combination for attackers. What's less clear is whether it could be useful for defenders, to help reduce attackers' surprise advantage.

**Ransomware's Canary?**

In a recent attack observed by Sophos, the Qilin ransomware gang breached its target via a VPN portal. It waited 18 days, then deployed a custom infostealer to grab credentials from Google Chrome. Only later did it drop any actual ransomware.

High-level groups like Qilin might have the capacity for turnkey jobs, but perhaps more common are cases where initial access brokers (IABs) partner with ransomware actors to split things up.

Stephen Robinson, senior threat intelligence analyst at WithSecure, was investigating such a case last year. The perpetrator was a Vietnamese malware-as-a-service (MaaS) operation, delivering payloads like the DarkGate remote access Trojan (RAT) against companies in digital marketing. "The thing with \[tools like\] DarkGate is that it's one of those pieces of malware that will do infostealing or credential stealing, but also a bunch of other functions like cryptocurrency theft, and delivering ransomware," Robinson explains. The Vietnamese threat actors didn't have to perform ransomware attacks themselves. Instead, IABs like them can plant DarkGate — or RedLine, Qakbot, or Raccoon — far and wide, then sell the access they afford to the next baddies down the line, allowing both sides of the exchange to specialize in what they do best.

In its 2024 "Crypto Crime Report," blockchain analysis firm Chainalysis discovered "a correlation between inflows to IAB wallets and an upsurge in ransomware payments." For example, the ransomware group depicted in the chart below spent thousands of dollars with multiple IABs in the course of its multimillion-dollar campaigns.

Source: Chainalysis

"It definitely seems, to me at least, that this is trending upward," says Trevor Hilligoss, vice president of SpyCloud Labs. "It makes sense if you think about it. Malware-as-a-service is easy, it's cheap. A couple hundred bucks a month gets you access to a pre-built package for attacks, and a lot of these stealers have been adding more functionality."

**Can Infostealers Be Used to Predict Ransomware?**

The literally million-dollar question is this: If 30% of ransomware attacks are preceded by infostealers, can the presence of an infostealer in one's network be used to predict oncoming ransomware, giving defenders a window of time to prepare?

"It really depends on who you are," Hilligoss says. When an infostealer pops up on your network, "If you are an admin of a large, multinational insurance group, I would be very concerned, and I would think that ransomware is probably not too far away. If you're \[an individual\] person or you're a small business, your alarm would go down proportionally." Chainalysis suggested the same, writing that "monitoring IABs could provide early warning signs and allow for potential intervention and mitigation of attacks."

Robinson takes the less optimistic view, arguing that the first steps in an attack chain tend to look quite similar, no matter the threat actor.

"The issue is that someone gets access, steals some credentials, or installs a remote monitoring management tool (RMM). From that first step, you can't now predict what's going to come next," he says. "We had one case where a network was compromised by five or six different groups. There was North Korea, some cryptocurrency miners, there was a ransomware group, there was an IAB. And you couldn't tell what the next step was going to be for each one of them until they took it, because those first steps were all the same. And that's the thing with infostealers."

Either way, Hilligoss advises, "If you see this happens, then rapidly remediate. Find the exposure, figure out all of the data that was stolen from your network, go through it, and reset those credentials — reset those authentication tokens, reissue those API keys — as quickly as possible. That's going to make it really hard for a ransomware actor that has access to that information to actually use it."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Infostealers: An Early Warning for Ransomware Attacks

Cary, North Carolina, 18th September 2024, CyberNewsWire

**Cary, North Carolina, September 18th, 2024, CyberNewsWire**

INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry.

The SC Awards, now in its 27th year, recognize the solutions, organizations, and individuals that have demonstrated outstanding achievement in advancing the security of information systems. This year’s awards were presented across 33 categories, celebrating both established industry leaders and emerging innovators.

INE Security stood out among a competitive field of entries, demonstrating its innovation in addressing the evolving cybersecurity landscape. The Best IT Security-Related Training Program award highlights INE Security’s efforts to deliver practical, effective solutions that safeguard against today’s complex threats.

> “We are thrilled to receive the 2024 SC Excellence Award for Best IT Security-Related Training Program. This recognition highlights our relentless pursuit of excellence and innovation in cybersecurity training,” said Dara Warn, CEO of INE Security. “At INE Security, we are committed to empowering professionals and organizations with the skills they need to defend against the ever-evolving cybersecurity threats. This accolade not only reflects our commitment to the highest standards of training but also motivates us to continue advancing the field of cybersecurity education.”

The SC Awards are presented by SC Media, a trusted cybersecurity resource, and evaluated by a panel of independent industry experts. Winners are selected based on their contributions to innovation, their ability to address the cybersecurity industry’s critical challenges, and their demonstrated impact on protecting organizations.

> “These award recipients represent the very best of what the cybersecurity community has to offer,” said Tom Spring, Editorial Director at SC Media. “Each winner has shown a commitment to advancing the industry with forward-thinking solutions and an ability to adapt to new challenges. Their contributions help drive progress in securing our digital environments.”

 INE Security has been recognized among the best cybersecurity training platform in 2024 by numerous organizations including:

*   G2 as an online course provider and technical training provider
*   G2’s 2024 Best Software Awards for Education Products 
*   Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications

The SC Awards were evaluated by a distinguished panel of judges, including cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance community from sectors such as healthcare, financial services, education, and technology.

The full list of 2024 SC Awards winners: https://www.scmagazine.com/sc-awards

**About INE Security:**

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

**About CyberRisk Alliance**

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through their trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Their brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret.

**Contact**

**Director of Global Strategic Communication and Events**  
**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

Latest News