Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users’ visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called “Private Window with Tor” that integrates the Tor anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs),…

Read More

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point Research today in a joint analysis in partnership with industrial cybersecurity firm Otorio. Although phishing campaigns engineered for credential theft are among the most prevalent reasons for data breaches, what makes this operation…

Read More

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of information that will be shared under the incoming terms. The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user…

Read More

Authorities Take Down World’s Largest Illegal Dark Web Marketplace

Europol on Tuesday said it shut down DarkMarket, the world’s largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.’s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, with over 320,000 transactions resulting in the transfer of more than 4,650 bitcoin and 12,800 monero — a sum total of €140 million ($170 million). The illegal internet market specialized…

Read More

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents claimed to be a curriculum vitae and…

Read More

Experts Uncover Malware Attacks Against Colombian Government and Companies

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities to an APT group targeting the country since at least April 2018, but also different in other ways. The overlaps come in the form of phishing emails, which have similar topics and pretend to come…

Read More

Competitive Intelligence Gathering

Competitive Intelligence Gathering – Competitive Intelligence gathering is the process of identifying, gathering, analyzing, verifying and using information about your competitores from resources such as the Internet. Competitive Intelligence is non-interfering and subtle in nature. Competitive Intelligence Gathering It is non-interfering and subtle in nature compared to the direct intellectual property theft carried out through hacking or industrial espionage. It cocentrates on the external business enviorment. In this method, professionals gather information ethically and legally instead of gathering it secretly. Competitive intelligence helps in determining: What the competitors are doing.…

Read More

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email. The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal calls” to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller’s Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike. Although there was an attempt by unidentified…

Read More

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let’s take a look at a few best practices that have changed in regards to password aging. What controls can you enforce in regards to password aging using the default Active Directory Password Policy? Are there better tools that organizations can use…

Read More

DoS Attack Classification

DoS Attack Classification – There are two main kinds of attacks: denial-of-service attacks and distributed denial-of-service attacks. In distributed denial-of-service attacks, multiple compromised systems are coordinated in an attack against one target. DoS Attack Classification There are different ways to carry out denial-of-service attacks. Although there are many exploits used by attackers, the basic objectives remain the same: bandwidth consumption, network connectivity, or the destruction of configuration information. The following are representative types of denial-of-service attacks: • Smurf• Buffer overflow attack• Ping of death• Teardrop• SYN flood DoS Attack Classification…

Read More