IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.

Read some the cybersecurity headlines and you'll notice a trend: They increasingly involve business applications.

For example, the email tool Mailchimp says intruders broke into its customer accounts via an "internal tool." Marketing automation software HubSpot got infiltrated. Corporate password wallet Okta was compromised. Project management tool Jira made an update that accidentally exposed the private information of clients like Google and NASA.

This is one of cybersecurity's newest fronts: your internal tools.

It's only logical that malicious actors would intrude here next, or that employees would accidentally leave doors open. The average organization now has 843 SaaS applications and increasingly relies on them to run its core operations. I was curious about what administrators can do to keep these apps secure, so I interviewed an old colleague, Misha Seltzer, a CTO and co-founder of Atmosec, who is working in this space.

**Why Business Applications Are Particularly Vulnerable**

The users of business applications tend not to think about security and compliance. Partly, because that's not their job, says Misha. They're already plenty busy. And partly, it's because these teams try to purchase their systems outside of IT's purview.

Meanwhile, the apps themselves are designed to be easy to launch and integrate. You can launch many of them without a credit card. And users can often integrate this software with some of their most vital systems of record like the CRM, ERP, support system, and human capital management (HCM) with as little as one click.

This is true of most apps offered within those major vendors' app stores. Misha points out that Salesforce users can "connect" an app from the Salesforce AppExchange _without actually installing it_. That means there's no scrutiny, it can access your customer data, and its activities are logged under the user profile, making it difficult to track.

So, that's the first issue. It's very easy to connect new, potentially insecure apps to your core apps. The second issue is that most of these systems haven't been designed for administrators to observe what goes on within them.

For example:

*   **Salesforce** offers many wonderful DevOps tools, but no native way to track integrated apps, extend API keys, or compare orgs to detect suspicious changes.
*   **NetSuite's** changelog doesn't provide detail on who changed what — only _that_ something changed, making it difficult to audit.
*   **Jira's** changelog is equally sparse, and Jira is often integrated with Zendesk, PagerDuty, and Slack, which contain sensitive data.

This makes it difficult to know what's configured, which applications have access to what data, and who has been in your systems.

**What You Can Do About It**

The best defense is an automatic defense, says Misha, so talk to your cybersecurity team about how they can roll monitoring your business applications into their existing plans. But for complete awareness and coverage, they, too, are going to need deeper insight into what's happening within and between these applications than what these tools natively provide. You'll need to build or buy tools that can help you:

*   **Identify your risks:** You'll need the ability to view everything that's configured in each application, to save snapshots in time, and to compare those snapshots. If a tool can tell you the difference between yesterday's configuration and today's, you can see who has done what — and detect intrusions or the potential for intrusions.
*   **Probe, monitor, and analyze for vulnerabilities:** You need a way to set alerts for changes to your most sensitive configurations. These will need to go beyond traditional SaaS security posture management (SSPM) tools, which tend to monitor only one application at a time, or to only provide routine recommendations. If something connects to Salesforce or Zendesk and alters an important workflow, you need to know.
*   **Develop a response plan:** Adopt a Git-like tool that allows you to "version" your business applications to store prior states which you can then revert to. It won't fix every intrusion, and may cause you to lose metadata, but it's an effective first line of remediation.
*   **Maintain your SaaS security hygiene:** Deputize someone on the team with keeping your orgs up to date, deactivating unnecessary users and integrations, and ensuring that security settings that were turned off are turned back on — e.g., if someone disables encryption or TLS to configure a webhook, check that it was re-enabled.

If you can put all that together, you can start to identify areas that malicious actors could get in — such as through Slack's webhooks, as Misha points out.

**Your Role in Business System Security**

It's not up to administrators alone to secure these systems, but you can play an important role in locking some of the obvious open doors. And the better you're able to see into these systems — a chore which they aren't always natively built to allow — the better you'll know if someone hacked a business application.

The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware.
"All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up.
While masquerading as innocuous

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware.

"All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up.

While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads.

To make it difficult for the victims to detect and uninstall the apps, the adware trojans hide their icons from the list of installed apps in the home screen or replace the icons with others that are likely to be less noticed (e.g., SIM Toolkit).

Some of these apps also offer the advertised features, as observed in the case of two apps: "Water Reminder- Tracker & Reminder" and "Yoga- For Beginner to Advanced." However, they also covertly load various websites in WebView, and simulate user actions to click on banners and ads.

Also uncovered are another set of apps distributing the Joker malware in the form of launcher, camera, and emoji stickers apps that, when installed, subscribe users to paid mobile services without their knowledge and consent.

The third category of rogue apps relates to those that pose as image editing software but, in reality, are designed to break into Facebook accounts.

"Upon launching, they asked potential victims to log in to their accounts and then loaded a genuine Facebook authorization page," Dr.Web researchers said. "Next, they hijacked the authentication data and sent it to malicious actors."

*   Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
*   Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
*   Photo Editor: Art Filters (gb.painnt.moonlightingnine)
*   Photo Editor - Design Maker (gb.twentynine.redaktoridea)
*   Photo Editor & Background Eraser (de.photoground.twentysixshot)
*   Photo & Exif Editor (de.xnano.photoexifeditornine)
*   Photo Editor - Filters Effects (de.hitopgop.sixtyeightgx)
*   Photo Filters & Effects (de.sixtyonecollice.cameraroll)
*   Photo Editor : Blur Image (de.instgang.fiftyggfife)
*   Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
*   Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
*   Neon Theme Keyboard (com.neonthemekeyboard.app)
*   Neon Theme - Android Keyboard (com.androidneonkeyboard.app)
*   Cashe Cleaner (com.cachecleanereasytool.app)
*   Fancy Charging (com.fancyanimatedbattery.app)
*   FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
*   Call Skins - Caller Themes (com.rockskinthemes.app)
*   Funny Caller (com.funnycallercustomtheme.app)
*   CallMe Phone Themes (com.callercallwallpaper.app)
*   InCall: Contact Background (com.mycallcustomcallscrean.app)
*   MyCall - Call Personalization (com.mycallcallpersonalization.app)
*   Caller Theme (com.caller.theme.slow)
*   Caller Theme (com.callertheme.firstref)
*   Funny Wallpapers - Live Screen (com.funnywallpapaerslive.app)
*   4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
*   NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
*   Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
*   Notes - reminders and lists (com.notesreminderslists.app)

Last but not least, also spotted on the app storefront was a rogue communications app known as "Chat Online," which tricks users into providing their mobile phone numbers under the pretext of signing up for online dating services.

In a different version of the same malware, a seemingly real conversation is initiated, only for the app to prompt users to pay for premium access to continue the chat, incurring fraudulent charges.

Although these apps have been purged, it's no surprise that mobile malware has been proven to be resilient, what with the criminal actors constantly finding new ways to bypass protections put in place by Google.

Users are recommended to exercise caution when it comes to downloading apps, Google Play or otherwise, and refrain from granting extensive permissions to apps. Turning on Google Play Protect and scrutinizing app reviews and ratings are other ways to secure devices from malware.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As the US reconfigures its rules on abortion after the overturning of Roe v Wade, our podcast guests explain how to keep your data private.
The post In post-Roe US, experts share how to keep your data private appeared first on Malwarebytes Labs.

In the weeks since the Supreme Court of the United States removed a nationwide right to choose to have an abortion, millions of Americans have been forced to relearn what is and isn’t safe to do online, as their actions, words, and choices—many of which are tracked digitally—could potentially be used as evidence of wrongdoing in the future.

Complicating the matter is that, immediately after the Court released its decision on June 24, cybersecurity experts and novices alike flooded social media with a brand-new set of rules for those seeking and supporting abortions: Delete your period-tracking app, use a “burner” phone when attending a protest, change how you search for abortion providers, download a new secure messenger app, maybe download entirely new online tools altogether.

Pretty much, change your life.

But according to Cooper Quintin, senior staff technologist with Electronic Frontier Foundation, some of the more common pieces of advice that were first spread online, while well-intentioned, are not entirely practical or useful.

“The advice to delete your period-tracking app or use a burner phone, I think just completely misses the mark,” Quintin said on the latest episode of the Lock and Code podcast from Malwarebytes. “It’s somehow both an oversimplification and an over-complication, and \[it\] completely fails to understand the threats that people seeking abortions are actually facing.”

On Lock and Code last week, we discussed those exact threats with Quintin and his colleague, staff attorney Saira Hussain. The full discussion, which can be heard below, reveals how the Supreme Court’s most recent decision could impact data privacy practices for millions of people in the United States.

Underpinning much of this potential shift in data privacy is, of course, the new, legal uncertainty sweeping across the country.  

Myriad, statewide legislative efforts to ban abortion outright or to place new restrictions around it have moved forward, with neighboring states sometimes implementing different rules just miles apart. In Alabama, South Dakota, Arkansas, and Missouri, abortion is now banned with no exceptions for rape or incest, and in North Dakota, Tennessee, and Wyoming, similarly broad abortion bans are expected this summer. But in Louisiana, Kentucky, and Utah, wide-ranging abortion bans been challenged in court, with judges in each state placing temporary holds on those laws before they may go into effect.

How these laws will overlap, or how individual states will enforce their own laws across state lines—if at all—is unknown, Hussain said.

“This is what legal experts and reproductive rights experts have been warning about for years—that our system is not equipped to handle issues like this,” Hussain said on the podcast, explaining that the federal right to choose to have an abortion at least provided somewhat a bulwark against decades of state interventions to restrict and limit access to abortions. “Now, all of that has been undone, and the entire question of whether somebody can seek an abortion or somebody can help provide abortion services has been left entirely to the states.”

Succinctly, Hussain warned: “It’s essentially legal chaos.”

With few answers on what will and won’t be explicitly illegal, both Hussain and Quintin shared the following, key pieces of advice on Lock and Code for those who are worried about how to secure their reproductive choices:

*   Above all else, limit any sensitive information that you share with others and that you store on your own devices.
*   Practice extra caution on social media and don’t post about seeking or providing abortion services.
*   Use a privacy-preserving search engine that won’t record your history when looking up abortion services.
*   Use a secure messenger app with disappearing messages when discussing abortion with friends or family.
*   Read the resources on abortion and reproductive health privacy provided by Digital Defense Fund and Electronic Frontier Foundation.

The next year in America could include not only a test of legal theories, but of data privacy, as law enforcement agencies will potentially rely on forms of data that are everywhere around them but that, at least until now, have not been used at an immense scale to prove whether or not someone obtained or performed an abortion.

For Hussain, the lack of clarity is worrying.

“We don’t know what the landscape will look like in this post-Roe world, but as a privacy attorney, I’m deeply concerned about the surveillance tools that law enforcement will use to investigate alleged abortions.”

****It’s about more than period-tracking apps****

The weekend after the Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization, users of period-tracking apps scrambled to either delete their data or find a way to lock it down. The companies that make period-tracking apps themselves also responded to the new landscape, with at least one company promising to provide an anonymous mode for users so that any legal requests for user data could not meaningfully be fulfilled.

On Lock and Code, Quintin said that, while the supposed catch-all advice for users to delete period-tracking apps lacks some nuance, the concern around these apps makes sense.

“The reason that people are worried about period-tracking apps, in specific, is that these apps are collecting a ton of data about you, which, could potentially be used to prove that you were at some point pregnant, and then, at some point, stopped being pregnant, without actually having a child,” Quintin said.

But, Quintin added, “period-tracking apps aren’t the only apps that are problematic.”

“The fact is that the majority of apps are harvesting data about you. Location data, data that you put into the apps, personal data. And that data is being fed to data brokers, to people who sell location data, to advertisers, to analytics companies, and we’re building these giant warehouses of data that could eventually be trawled through by law enforcement for dragnet searches.”

In recent years, this data has been used to not only reveal pregnancies and advertise around them, but to also target those who potentially considered receiving an abortion.

In 2012, the New York Times reported that a teenager’s pregnancy had been revealed to her father because of her shopping habits at Target. By analyzing the teenager’s recently purchased items, Target determined that she was likely pregnant and then, as a follow up, sent coupons to her home for things like cribs and baby clothes.

In 2015, the evangelical adoption agency Bethany Christian Services, which opposes abortion, found a way to send anti-abortion ads to the phones of women who physically visited Planned Parenthood locations.

In 2016, after a woman diligently tracked her pregnancy in a pregnancy-tracking app, she miscarried. But along the way, the app she used had been sharing her data with marketing groups. But her miscarriage, which she also reported, was not shared with those same groups, and so, weeks before what would have been her due date, she received a package of baby formula in the mail, under a likely assumption that all pregnancies end the same way, with a baby.

Though the stories could alarm people, Quintin and Hussain stressed that this type of algorithmic data matching is far from the norm for how most abortions are revealed. Instead of any behind-the-scenes technology, Hussain said that when law enforcement have investigated an allegedly illegal abortion, they have first been tipped off by an informant.

Quintin added:

“If you talk to the people on the front lines of the abortion fight, they’ll tell you that the way people are being prosecuted right now is first and foremost through informants. Friends, family, spouses, medical professionals—who disagree with their decision—deciding to notify law enforcement.”

Once an informant has shared information with law enforcement, then, Quintin said, will “secondary evidence come into play.” That includes things like Google search history, posts and direct messages on social media, text messages, and emails.

“Those pieces of information are what’s being used to build a case and convict somebody, typically after they’ve already been informed on,” Quintin said.

To limit that information, our guests offered several recommendations.

****Limit your circle of trust****

Both Hussain and Quintin emphasized that one of the most important things that people can do right now to secure their reproductive choices is to limit their circle of trust. That means that people should be careful with any online and digital interactions that could reveal whether or not they plan to get an abortion.

In practice, Quintin said that means not posting about getting an abortion or providing abortion services on social media. That also means not talking about the same topics over text messages.

But the information shared with other people isn’t the only type of information that should be locked down, said Quintin. People concerned with their digital privacy should also find ways to limit the data they have on their own devices that could be used as evidence by law enforcement.

For starters, people can look up abortion services using a search engine that does not record their search history, Quintin said, naming the service DuckDuckGo.

Second, people can also download a secure messenger app with disappearing messages, so that even if people are discussing abortion options with one another, the messages themselves will disappear. Here, Quintin named the end-to-end encrypted app Signal.

Quintin stressed that these are not necessarily easy changes to make, as many are based on changing a person’s behavior as much as they are about adopting new technologies. In a society that has trained the public to broadcast so many parts of their day-to-day lives, choosing silence can be unfamiliar, Quintin said, and that includes the many individuals who are merely trying to show support on social media even if they are not personally considering an abortion.

“I think part of the reason people are doing this, and part of what’s so hard right now, is that ever since social media has become ubiquitous in our culture, we’ve been incentivized into sort of shout about everything we do,” Quintin said. “The culture has shifted to be one of always saying what you’re doing.”

But Quintin stressed the importance of this moment to change habits and to opt for saying less online. Not only could these posts get people in trouble, Quintin said, but they could also make it harder for people to find help from the organizations that are already doing this work and have been doing it, quietly, for years.

“I think that shouting that you have a whisper network is not the way to go about this,” Quintin said.

This video cannot be displayed because your _Functional Cookies_ are currently disabled.

To enable them, please visit our _privacy policy_ and search for the Cookies section. Select _“Click Here”_ to open the Privacy Preference Center and select _“Functional Cookies”_ in the menu. You can switch the tab back to _“Active”_ or disable by moving the tab to _“Inactive.”_ Click _“Save Settings.”_

In post-Roe US, experts share how to keep your data private

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. 
"The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed **Ducktail** designed to seize control as part of a financially driven cybercriminal operation.

"The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure Business) said in a new report.

"The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to."

The attacks, attributed to a Vietnamese threat actor, are said to have begun in the latter half of 2021, with primary targets being individuals with managerial, digital marketing, digital media, and human resources roles in companies.

The idea is to target employees with high-level access to Facebook Business accounts associated with their organizations, tricking them into downloading supposed Facebook advertising information hosted on Dropbox, Apple iCloud, and MediaFire.

In some cases, the archive file containing the malicious payload is also delivered to victims through LinkedIn, ultimately allowing the attacker to take over any Facebook Business account.

An information-stealing malware written in .NET Core, the binary is engineered to use Telegram for command-and-control and data exfiltration. WithSecure said it identified eight Telegram channels that were used for this purpose.

It works by scanning for installed browsers such as Google Chrome, Microsoft Edge, Brave Browser, and Mozilla Firefox to extract all the stored cookies and access tokens, alongside stealing information from the victim's personal Facebook account such as name, email address, date of birth, and user ID.

Also plundered are data from businesses and ad accounts connected to the victim's personal account, allowing the adversary to hijack the accounts by adding an actor-controlled email address retrieved from the Telegram channel and grant themselves Admin and Finance editor access.

While users with Admin roles have full control over the Facebook Business account, users with Finance editor permissions can edit business credit card information and financial details like transactions, invoices, account spend, and payment methods.

Telemetry data gathered by WithSecure shows a global targeting pattern spanning a number of countries, including the Philippines, India, Saudi Arabia, Italy, Germany, Sweden, and Finland.

That said, the company noted it was "unable to determine the success, or lack thereof" of the Ducktail campaign, adding it couldn't determine how many users have potentially been affected.

Facebook Business administrators are advised to review their access permissions and remove any unknown users to secure the accounts.

The findings are yet another indicator of how bad actors are increasingly banking on legitimate messaging apps like Discord and Telegram, abusing their automation features to propagate malware or meet their operational goals.

"Primarily used in conjunction with information stealers, cybercriminals have found ways to use these platforms to host, distribute, and execute various functions that ultimately allow them to steal credentials or other information from unsuspecting users," Intel 471 said Tuesday.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

By Owais Sultan
The advent of the digital age is a source of blessing in a way that makes life easier…
This is a post from HackRead.com Read the original post: Ways Hackers Can Steal Information from Your Device

****The advent of the digital age is a source of blessing in a way that makes life easier yet, it comes with some challenges including malicious hackers and cyber attacks.****

The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.

According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web. 

Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.

Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.

After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.

A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.

Ho also used social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using personal details of Merrill.

**Keylogger**

Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.

It is worth noting that a keylogger can be software or a hardware device such as a malicious USB.

Software Keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.

**Public Wi-Fi Eavesdropping**

Wi-Fi eavesdropping can be defined as the act whereby your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Because some public Wi-Fi allow unsecured transmission of data, your vital information, and files that are unencrypted are at the risk of hackers.

One of the gimmicks used by hackers is that they would name their hotspot after the name of the business premises or shopping mall etc. The Wi-Fi will probably be free and without a password so you are tempted to go for freebies. 

Once you connect to the hacker’s Wi-Fi, the hacker can see everything you do and steal your personal information including passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device plus enabling your VPN at all times.

**SIM Swap Fraud**

A SIM swap attack is when a cybercriminal(s) calls your network provider and impersonates you. They claim that your SIM card is lost and they want to port your number to a new hacker-controlled SIM card.

Of course, your network provider will ask some questions to identify the person requesting the swap. These questions can be easily answered based on the Infomation you have provided about yourself on your social media accounts. (Don’t share your personal information on social media).

In this age of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) as the verification code is sent to your swapped phone number.

Equity and forex trading brokerages also offer online trading apps that use 2FA to verify and authenticate users. When your SIM has been swapped, this verification code goes straight to the hacker who now controls your phone number.

Once the attacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers thus enriching them and impoverishing you.

**Browser Hijacking**

An attacker can install malware right into your internet browser without you even knowing. This can happen when you click on an unknown link or download an app from a 3rd-party store. Most of the apps available in such stores are Trojans meaning they are not what they claim to be. By installing them, you could install a virus into your browser as well.

The virus in your browser then begins to redirect you to hacker-controlled sites that resemble legitimate sites. From there, your passwords are collected and used to access your accounts. 

**IP Spoofing**

This is the act whereby a hacker hijacks your browsing connection through the usage of a fake Internet Protocol (IP) address. A publication by Dell Technologies shows that there are over 30,000 spoofing attacks every day around the world.

IP spoofing scams mostly occur at a location where internal systems trust one another in a way that users can have access without any username or password, provided they are connected with the network.

It involves the act of masquerading as a fake computer IP address in a way that would look like a legitimate one. In the course of IP spoofing, attackers convey a message to a computer system with a fake IP address which shows that the message is coming from a different IP address. 

**Domain Name System (DNS) Spoofing/ Poisoning**

The term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer is impersonating a legitimate computer on a network. A domain name is simply a website name like ‘www.google.com’

DNS spoofing, let’s assume you want to visit Twitter and you type the domain name ‘www.twitter.com’ into your browser’s URL bar. This domain name is sent to a DNS server which converts the domain name of Twitter into an IP address example 172.28.213.15 which is supposed to be the IP address of Twitter’s official computer server.

The hacker spoofs it by deceiving the DNS server to convert Twitter’s domain name into a **different** hacker-controlled IP address which takes you to the hacker’s server instead of Twitter’s server.

The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you attempt to log in, they can steal your password and use it to access your account. 

The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts. 

**Domain Spoofing**

This online fraud, also known as a homograph attack occurs when a hacker makes use of a domain name that greatly resembles the website you are trying to visit.  Perpetrating this act, the hacker replaces the characters in the fake domain name with other non-ASCII characters that look much alike in appearance.

It will be designed in such a way that you may not notice the difference, as you would be assured about the secure connection of the browser. To begin the process of HTTP spoofing, the cyber attacker’s first step is to register a domain name that resembles yours.

The scammer would then proceed to send a link to you, and you may likely not notice that you are visiting a fake version of the site you planned to go to because the majority of browsers display puny code host names in their address bar. One such example is:

It’s Google.com not ɢoogle.com

This scamming system is designed to even prove to you that the website’s SSL certificate is real, thereby preventing you from detecting the fraud.

**Session Hijacking**

When you visit a website, you might notice a popup prompting you to allow cookies. Cookies refer to your personal information stored temporarily in your computer’s cache memory and are deleted after you leave the site. _(Here’s how to disable Cookies notice for good)_.

Cookies contain a unique ‘session ID’ number which if gotten by a hacker, will enable them to take over your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it will install malware for session hijacking.

The point here is, that once an attacker steals your cookie or gets your session ID, they can take over your browsing session and if you were visiting a bank website, they can steal your funds. You may notice the page freeze, or some technical difficulty while this is going on and when it’s over, your money is gone. 

**Don’t Be Caught Off Guard**

*   Never download files from suspicious emails, messages, or contacts. Also, never click a link shared by an unknown source, or enter your account details and password on websites that you don’t trust.
*   Ensure that your two-factor authentication is enabled. Or you can also use token-based logins.
*   Don’t send PINs, passwords, and your financial details via text or email.
*   To guard against IP Spoofing, ensure you use a Virtual Private Network (VPN). Or use anti-malware software with web protection, that blocks unknown websites.

Ways Hackers Can Steal Information from Your Device

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1481

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

**Chrome Releases**

Release updates from the Chrome team

CVE-2022-1477: Stable Channel Update for Desktop

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

CVE-2022-1487

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2022-1486

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

Tag

#google