Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Saturday, March 7, 2020

Αυτά είναι τα πρώτα passwords που δοκιμάζουν οι hackers για την παραβίαση συσκευών


Αυτά είναι τα πρώτα passwords που δοκιμάζουν οι hackers για την παραβίαση συσκευών


7 Μαρτίου, 2020, 9:00 πμbyAbsenta Mia Leave a Comment


Όταν μιλάμε για hacking επιθέσεις και παραβιάσεις συσκευών, ένα από τα πρώτα πράγματα που μας έρχονται στο μυαλό είναι τα passwords. Οι εδικοί ασφαλείας λένε συνέχεια ότι δεν πρέπει να χρησιμοποιούμε μικρούς, εύκολους και προβλέψιμους (ή και προεπιλεγμένους) κωδικούς. Το σπάσιμο των passwords είναι το πρώτο πράγμα που δοκιμάζουν οι hackers, όταν προσπαθούν να αποκτήσουν πρόσβαση σε μια συσκευή ή σύστημα.

Η εταιρεία ασφαλείας F-Secure διαθέτει ένα σύνολο «honeypot» servers, που έχουν εγκατασταθεί σε χώρες σε όλο τον κόσμο για να ανιχνεύουν κυβερνοεπιθέσεις. Οι ερευνητές παρατήρησαν μέσω των honeypots ότι μια από τις βασικές δραστηριότητες των hackers είναι οι σαρώσεις του διαδικτύου για την αναζήτηση ευάλωτων συσκευών.

Η εταιρεία δήλωσε ότι κατά το δεύτερο εξάμηνο του περασμένου έτους, υπήρχε σημαντική αύξηση αυτής της δραστηριότητας.

Από τη στιγμή που θα εντοπιστεί μια δυνητικά ευάλωτη συσκευή, οι hackers προσπαθούν να αποκτήσουν πρόσβαση σε αυτή.


Σύμφωνα με την F-Secure, η πρώτη επιλογή των hackers όσον αφορά τα passwords, είναι η λέξη «admin». Ο κωδικός αυτός δεν πρέπει να χρησιμοποιείται σε καμία συσκευή πόσο μάλλον αν αυτή η συσκευή συνδέεται στο διαδίκτυο. Άλλα passwords που δοκιμάζουν οι hackers είναι τα εξής: ‘12345‘, ‘default‘, ‘password‘ και ‘root‘. Πέρυσι, το Εθνικό Κέντρο Κυβερνοασφάλειας (NCSC) του Ηνωμένου Βασιλείου είπε ότι ο κωδικός «123456» βρέθηκε 23 εκατομμύρια φορές σε παραβιάσεις.

Τα passwords που δοκιμάζουν οι κυβερνοεγκληματίες αντανακλούν και τα είδη των συσκευών που στοχεύουν, δήλωσε η F-Secure. Για παράδειγμα, βρέθηκε ότι δοκιμάζουν προεπιλεγμένα passwords, που βρίσκονται κυρίως σε συσκευές εγγραφής βίντεο και σε routers.



“Το Brute forcing προεπιλεγμένων usernames και passwords των IoT συσκευών εξακολουθεί να είναι μια αποτελεσματική μέθοδος για τη χρήση αυτών των συσκευών σε botnets, που μπορούν να χρησιμοποιηθούν σε επιθέσεις DDoS“, προειδοποίησε η F-Secure.

Οι ειδικοί ασφαλείας τονίζουν ότι τα passwords των συσκευών που συνδέονται στο διαδίκτυο πρέπει να είναι μοναδικά και αρκετά μεγάλα. Οι «φράσεις πρόσβασης» είναι πιο αποτελεσματικές, σύμφωνα με το FBI.

Work from home: 64 expert tips for staying healthy, happy, and productive


 By Jason Cipriani | March 6, 2020 -- 13:00 GMT (13:00 GMT) | Topic: Coronavirus: Business and technology in a pandemic



Whether you've been working from home for years, or are just getting started, it's not as easy and fun as you one might think. There are mental hurdles to overcome, including the feeling of isolation, especially if the only voice you've heard all day long is yours as you talk to your dog or cat.

Sure, the idea of rolling out of bed and going to work in your pajamas sounds like a dream come true. But in reality, it does more harm than good to your mental health. We asked ZDNet's team of remote workers from all over the world for their best advice when it comes to working from home. From setting a daily routine to desk setups and ensuring you take care of yourself, here's what they had to say.

Daily routine

How and when you start each workday is a crucial piece of the puzzle to ensuring you're productive and comfortable when working from home. It's important to treat each workday like a day in the office, but there's more to it than that.

1. Organize your days with recurring tasks. Example: On Mondays, do X, Tuesdays do Y, Wednesdays do Z, etc.

2. Get dressed in the morning as though you are going to an actual office. Working in your bathrobe for "just an hour or two" is a slippery slope.

3. Don't schedule conference calls back-to-back. At some point, you'll forget who you're talking to and say something unusually silly.

4. Do schedule breaks.


5. Make a task list and be prepared to change your priorities at the drop of a hat. Because you're at home, you're in a fluid environment. You may need to move to another room, change the hours you're working because the fridge decided to flood, or other events. Having a list allows you to switch up and remain productive, regardless of events.

6. Find a hybrid arrangement where you're in the office (or a co-working space) for actual face time if possible.

7. Having different work spots for different parts of the day, for specific tasks or based on your mood.

8. Put your phone on airplane mode when working on a project or a deadline. This allows you to stay focused on the task at hand and not get distracted.

9. Create a healthy routine that involves a proper breakfast, lunch, and dinner.

10. Turn off email and social media at a set time and avoid taking your smartphone to bed.

11. Get a reasonable number of hours of sleep each night.

12. Coffee. Lots of it.

13. Don't bring food to your desk; just drinks. Once you bring food to your desk, it's a slippery slope to the bag of Reese's miniatures.
Equipment and work environment

Using the right equipment -- be it a chair, desk, keyboard or monitor -- can help have a big impact on how your back feels at the end of the day. And, as you'll quickly see, working at the kitchen table is a big no-no.

14. Use an ergonomic (Kinesis) keyboard, a big 4K screen, and a proper office chair.

15. Flexible monitor arms, touchscreens, wireless keyboards & mouse are your friends.

16. Adjustable chairs and stand up desks help with comfort and ergonomics.

17. Don't use a laptop on the kitchen table -- or any table or desk, for that matter.

18. If you find the classic desk arrangement quite limiting, know you don't have to stick to it. Keep ergonomics in mind, and switch between positions often. It helps your mind and body.

19. If you have a laptop, connect it to a keyboard, mouse, and monitor for a more formal desktop experience. But do your research before making any purchases.

20. When possible, having a dedicated office space with a door that can be closed is essential.

21. Set boundaries. Be it kids, your partner, or your roommate. Just because you work from home doesn't mean you're always available to run errands, watch a sick kid, or wait for the electrician.

22. Think outside the box if you have a baby or a puppy to take care of. Adjust your work environment so you are comfortable and can focus, while still being able to take care of a sick kid, or yourself.

23. Connect your computer to the big screen TV when needed. It serves as a great conferencing tool, even if you're just working out details on a home project with the family. Plus YouTube is much nicer at 65 inches.

24. Don't work in the kitchen.

25. Run Ethernet everywhere you can. When on a deadline or a push or moving big videos, you don't want to rely solely on Wi-Fi.

26. Get as much bandwidth as you can afford, both up and down.

27. Set up a local NAS for shared files and backups. But also be sure to back up to the cloud. Make sure you back up.

28. If you're going to do videos, make sure you have space where light doesn't cause issues, where you can have quiet, where the sound doesn't reverb, and where you don't have confidential stuff on the whiteboard behind your head.

29. Continually optimize and re-think your work environment.

30. Don't be afraid to invest in a good chair and a large monitor. Both will more than pay for themselves in reduced pain and increased productivity.

Also: Best office chairs for 2020: Herman Miller, Secretlab, La-Z-Boy, Steelcase, and others

31. Know what local coffee shops and restaurants have good Wi-Fi. Have a VPN for those days. If you need to escape the chaos at home, you'll have a known bolt-location (this is also important if your local network connection goes out).

32. Also, know coffee shops a half hour or more away with Wi-Fi. If your local ISP is down and you're on a deadline, you'll want to know where to drive that has Wi-Fi and bandwidth at a more remote location.

33. Invest in sound-blocking earplugs or earmuffs. They'll save your butt on days where the chaos is too insane and you need quiet to concentrate.
Best wireless noise-canceling headsets for business in 2020: Plantronics, Jabra, Logitech, and more

Work from home: Essential gadgets and gear for productivity and good health
Apps and services

Use apps that allow you to efficiently communicate, but don't get carried away by interacting with coworkers or clients at all hours of the day. That said, you can use apps like video conferencing tools or Slack and Discord to interact with people outside of work.

34. Zoom, the video conferencing service, is your friend.

35. Consistently using video conferencing tools will ensure you get up and get dressed each day.

Also: Best video conferencing software for business in 2020: Zoom, WebEx, AnyMeeting, Slack, and more

36. Use apps like Evernote to manage your workload, organize ideas and just keep on top of things.

37. Avoid constantly checking email and social media, and turn off all the unnecessary notifications on your phone to avoid interruptions.

38. If you move between computers throughout the workday, keep things in sync with services like Dropbox, iCloud, OneDrive, and other cloud storage services. That way whatever you're working on is available everywhere.

39. Use apps in full-screen mode as much as possible to limit distractions.

40. Join Slack channels or Discord servers with friends or groups with similar interests so you can interact with other people.
Mental health

Maintaining your mental health is the most important aspect of working from home. You miss out on the impromptu encounters and conversations, which, at first glance, feel superficial, but after you've been working in your home office for a few weeks, you'll be longing for any human interaction.

41. Getting out of the home/office during the workday is essential for sanity.

42. Shovel snow, walk down the street, connect with nature or go talk to your cat.

43. Adopt a dog and take it for walks a couple of times a day. Cats may traditionally be a writer's best friend, but for getting up and moving you can't beat a pup.

44. Build time in your schedule to go to the gym when it's less crowded. It improves your well-being while placing you around people. And while you're at the gym, get on a bike, sweat and read fiction. There's nothing like getting into another world to improve your sanity.

45. Again, set boundaries. One of the biggest challenges, especially for those with a family, is family members thinking that working from home means you are always available for a phone call or errand. Communicate your schedule, and if needed, create "do not disturb days and hours."

46. Work outside. It's astonishing how a little fresh air can improve the mind's functioning.

47. Avoid guilt. Taking a break at home is way harder than walking out of the office and going around the block.

48. Have a designated workspace and office (preferably away from the kitchen).

49. Get out of the house after work or you get a little salty, bonkers, or feel isolated.

50. Get creative and experiment to build your perfect workplace.

51. Use headspace apps, white noise machines, or audiobooks to help you sleep.

52. Leave your smartphone charging in the living room at night, and if you use it to listen to music or podcasts, connect it to a Bluetooth speaker in your bedroom.

53. Do things you enjoy -- start a new hobby, join a club, etc. Something to get you out of the house regularly.

Taking care of your eyes, back, and overall physical health is just as important as mental health. A lot of these tips overlap with the equipment and work environment section above.

54. For five to 10 minutes every hour: Get up, move around and take your eyes off the screen.

55. Eat healthily! Don't rely on microwave meals and delivery orders.

56. Don't work on a laptop. In the long run, it will probably cripple you, and the cost of physiotherapy soon adds up to more than the cost of ergonomic equipment.

57. You can do some work on a laptop, but using a laptop on a kitchen table for sustained periods is a bad idea. You might get by if you take regular screen breaks, but if you're under deadline pressure, wh does?
Tips for managers

Not only do employees have to learn how to work from home and remain efficient, but managers also have to learn how to effectively lead and manage remote workers. Below are suggestions from ZDNet's editor-in-chief, Larry Dignan:

58. Hire well.

59. Remote work works best when there are deliverables and deadlines.

60. Communicate well.

61. Don't micromanage.

62. Use the flexibility remote work gives you to your competitive advantage.

63. Utilize chat and video platforms.

64. Video conferencing office hours may be interesting. Try out open office hours via Zoom so people could just drop in.

The biggest takeaway here is that there isn't a one-size-fits-all solution. There are some core ideas, such as taking breaks, getting out of the house, and ensuring your office is conducive to allowing you to be productive. But outside of that, keep an open mind and experiment with different approaches. Perhaps most importantly -- don't be afraid to switch things up!

A Chrome extension named Ledger Live was exposed today as malicious





 By Catalin Cimpanu for Zero Day | March 5, 2020 -- 02:26 GMT (02:26 GMT) | Topic: Security


A malicious Chrome extension is targeting owners of Ledger cryptocurrency wallets, Harry Denley, Director of Security at the MyCrypto platform, discovered today.

Ledger wallets are small hardware devices that can be used to store the private keys (passwords) needed to access cryptocurrency accounts. These wallets support multiple cryptocurrency formats and provide a way for users to store the private keys for all their cryptocurrency in one place, in an offline format, safe from web-based attacks and phishing attempts.

In theory, using a Ledger wallet should mean users are not at any risk, but it turned out not to be the case.

Today, Denley discovered a Chrome extension named Ledger Live that tries to pass as the real Ledger Live, a mobile and desktop app that allows Ledger wallet users to query their funds and approve transactions by syncing their hardware wallet with a trusted device.

The malicious extension tries to trick users into thinking this is the Chrome version of the original Ledger Live app, which would allow them to do the same thing (check balances, approve transactions) through the Chrome browser.

Users are told to install the extension and connect (sync) their Ledger wallet to it by entering the wallet's "seed phrase."

This seed phrase is a string of 24 words that is used to move wallet data between devices -- as a wallet recovery system in case users lose or want to change devices.

Image: ZDNet


But Denley says the extension is a fraud and does nothing except to show a popup that, in reality, collects and sends the user's Ledger seed phrase to a Google Form.

Image: ZDNet

In an interview, Denley told ZDNet that the person behind this malicious extension can use the stolen seed phrases with their own Ledger wallet and "recover" other users' Ledger wallets -- most likely to gain access to their accounts and steal funds.

"When you set up a Ledger wallet device, you are given the mnemonic [seed] phrase for recovery. They [Ledger] have good instructions on keeping this private information offline, not shared, and in a secure place," Denley told ZDNet.

"The extension makes no sense to install and use because it defeats the purpose of having a hardware wallet with your secrets offline," he added.

"But I would not be surprised if it has got people to input their secrets," Denley said. "It's a big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline."
PROMOTED THROUGH GOOGLE ADS

Currently, the extension is still available through the official Chrome Web Store, where it lists more than 120 installs.

Since Ledger hardware wallets are used to manage more than 20 types of cryptocurrency accounts, a hacker who manages to steal a Ledger seed phrase could gain access to large amounts of cryptocurrency.

Furthermore, according to Denley, the extension is also heavily advertised via Google ads for the keywords "Ledger Live," the Ledger service it's trying to impersonate.



harrydenley.eth ◊@sniko_

Replying to @sniko_


This is being delivered by @GoogleAds under search phrase "Ledger Live"

cc: @Ledger @Ledger_Support


7
1:45 AM - Mar 5, 2020
Twitter Ads info and privacy
See harrydenley.eth ◊'s other Tweets




Earlier this year, Denley caught another malicious Chrome extension, similarly engaged in stealing private keys to access cryptocurrency wallets and accounts.

Friday, March 6, 2020

Phishing and Malware via SMS Text Message

Posted on March 6, 2020by Krasimir Konov



We’ve recently noticed an increase in reports of phishing and malware being distributed via SMS text messages.

During one investigation, we identified fake messages sent from a random number pretending to be Amazon. The message contents ask the victim to click on the link to confirm their shipping address.



The URL bears no resemblance to Amazon and clearly doesn’t employ Amazon’s URL shortener (amzn.com). Unfortunately, we were unable to confirm exactly what the attackers were directing users to since hxxp://k8esv[.]info now returns a 404 (Not Found) response, but it's clear that it’s being used for phishing or malware.

In most phishing cases seen distributed via SMS, victims are taken to a fake page ― for example, one that looks like Amazon’s signup page ― and asked to login to access important order information or confirm a purchase.

To the untrained eye, these SMS phishing pages might appear to belong to the real Amazon website, but submitting login credentials typically results in a successful phish ― and an account compromise.

The suspicious domain is hosted on 47.240.4.254 which also appears to be hosting other similar domains:



The IP address belongs to Alibaba Cloud:Alibaba.com LLC AL-3 (NET-47-235-0-0-1) 47.235.0.0 - 47.246.255.255 ALICLOUD-HK ALICLOUD-HK (NET-47-240-0-0-1) 47.240.0.0 - 47.240.255.255


The domain was registered through namecheap.com and has WHOIS protection, so we can’t see who was responsible for registering hxxp://k8esv[.]info. What we can tell is that these other suspicious domains were also registered there, suggesting the same person was involved.

We’re finding many variations of SMS phishing campaigns, and not every text looks the same. Users should always exercise caution when receiving SMS from unknown numbers.

To mitigate risk, avoid clicking on any links inside text messages ― especially if they are coming from an unknown number and lead to suspicious URLs. If you receive an SMS message similar to this one, login directly to your Amazon account via the Amazon website and check if there are any issues or status updates that require your attention from the account dashboard.

We will continue investigating this campaign to see if we can get more details about the attack.

Wednesday, March 4, 2020

Beware of the secret admirer – the attached document is ransomware that will lock you out of access to your files

by Julie Splinters - - 2020-02-28Beware of the secret admirer – the attached document is ransomware that will lock you out of access to your files



On Wednesday, security researchers from Malwarebytes and X-Force IRIS have uncovered a new malspam campaign that installs Nemty ransomware[1] payload. Malicious actors once again rely on social engineering in order to make users open the malicious attachments clipped to the mail – they try to make it seem like the message is coming from a secret admirer.

While the body text usually consists of emotes like “;),” the subject always hints at the intimate nature of the email with titles like” “I love you,” “Can't forget you,” “Letter for you,” “Don't tell anyone, “or “Will be our secret. The attachment is usually a typical booby-trapped .zip package that executes and installs Nemty ransomware once executed.

Nemty ransomware made its grand entry in August 2019, when its developers announced the affiliate program – ransomware-as-a-service, allowing multiple different parties to take care of malware distribution. Initially, it was delivered via weakly protected Remote desktop connections that use the default TCP/UDP port, while later was noticed being spread via RIG and Radio exploit kits,fake PayPal websites, as well as the Trik Botnet.[2] Now, malicious actors returned to the primitive, yet effective method – malspam.
Behind the .zip attachment – obfuscated LOVE_YOU.js file

Some spam emails are compiled in a way that makes just a few users question their legitimacy. This time, threat actors did not go for the regular use of fake invoices, messages from delivery services, or bank statements, and left the body text rather blank, although the wink emoji leaves a lot of room for interpretation. Due to this, Malwarebytes researchers dubbed the campaign “secret lover.”[3]

The attached zip file usually follows the following pattern when it comes to its name, and the only variable is the digits:


LOVE_YOU_######_2020.zip

Inside this archive, lies a highly obfuscated JavaScript file named LOVE_YOU.js, which initially had a very low detection rate on Virus Total. Nevertheless, the definitions of the AV software is constantly updated, and, at the time of the writing, 23 engines already detect the .JS file as malicious.[4]

As soon as victims double-click on the LOVE_YOU.js file, i will contact a remote server and download the Nemty ransomware payload, as explained by X-Force IRIS team:


The downloaded executable was identified to be the Nemty ransomware and performs encryption of system files upon execution, leaving behind a ransom note demanding payment in exchange for the decryption key.
Nemty is one of the bigger projects in the underground cybercriminal scene

Love You spam has been used previously numerous times – just a year before a similar campaign targeted Japanese users and included GandCrab ransomware as its main payload.[5] These love-themed phishing emails are typically observed to show up before and during Valentine's day period – it seems like Nemty ransomware is a little bit late this year. Nevertheless, the malicious actors expect the campaign to work regardless.

During its existence, Nemty ransomware was upgraded several times, and new versions were released. To ensure a comprehensive data encryption process, malware can also stop Windows processes and services that are related to files that are being currently used, maximizing damage caused for the victims.

In October last year, Tesorion security experts managed to create a decryption tool that worked for versions 1.4 and 1.6,[6] although Nemty 2.0 was released soon after, which is no longer decryptable.

Recently, threat actors behind Nemty announced that they would release a public website that will be used to publish files and information about victims who refuse to pay the ransom (this tactic was already adopted by other big names like DoppelPaymer and Maze).