Login
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamer's pc, learn the steps to protect your new PC from cyberthreats.
The post Start as you mean to go on: the top 10 steps to securing your new computer appeared first on WeLiveSecurity
Forsage, an alleged crypto Ponzi scheme purporting to be a decentralized smart contract platform, bilked millions of investors worldwide out of more than $300 million, according to America's securities watchdog.β¦
Webinar It's just any old Monday, already you are mentally ticking off the to do list, and then, as you reach for your morning coffee and switch on your screen. Devastation. You've been hacked.β¦
Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.β¦
Asia In Brief Australia's federal police (AFP) on Friday charged a man with creating and profiting from spyware that allowed total remote control of victims' computers.β¦
I didn't intend for a bunch of this week's vid to be COVID related, but between the breach of an anti-vaxxer website and the (unrelated) social comments directed at our state premier following some pretty simple advice, well, it just kinda turned out that way. But there's more on other breaches too, in particular the alleged Paytm one and the actual Customer.io one.
I'm really looking forward to next week's update, here's a little teaser of what you can expect to hear about then π€£
In brief Canadian fast food chain Tim Hortons is settling multiple data privacy class-action lawsuits against it by offering something it knows it's good for: a donut and coffee.β¦
A Russian-language miscreant claims to have hacked their way into a managed service provider, and has asked for help monetizing what's said to be access to the networks and computers of that MSP's 50-plus US customers.β¦
The Feds have put up a $10 million reward for information about foreign interference in US elections in general, and more specifically a Russian oligarch and close friend of President Vladimir Putin accused of funding an organization that meddled in the 2016 presidential elections.β¦
The 911 service as it existed until July 28, 2022.
911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911βs proxy software with other titles, including βfreeβ utilities and pirated software.
911[.]re is was one of the original βresidential proxyβ networks, which allow someone to rent a residential IP address to use as a relay for his/her Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web.
Residential proxy services are often marketed to people seeking the ability to evade country-specific blocking by the major movie and media streaming providers. But some of them β like 911 β build their networks in part by offering βfree VPNβ or βfree proxyβ services that are powered by software which turns the userβs PC into a traffic relay for other users. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online.
From a websiteβs perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer. These services can be used in a legitimate manner for several business purposes β such as price comparisons or sales intelligence β but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.
As noted in KrebsOnSecurityβs July 19 story on 911, the proxy service operated multiple pay-per-install schemes that paid affiliates to surreptitiously bundle the proxy software with other software, continuously generating a steady stream of new proxies for the service.
A cached copy of flashupdate[.]net circa 2016, which shows it was the homepage of a pay-per-install affiliate program that incentivized the silent installation of 911βs proxy software.
Within hours of that story, 911 posted a notice at the top of its site, saying, βWe are reviewing our network and adding a series of security measures to prevent misuse of our services. Proxy balance top-up and new user registration are closed. We are reviewing every existing user, to ensure their usage is legit and [in] compliance with our Terms of Service.β
At this announcement, all hell broke loose on various cybercrime forums, where many longtime 911 customers reported they were unable to use the service. Others affected by the outage said it seemed 911 was trying to implement some sort of βknow your customerβ rules β that maybe 911 was just trying to weed out those customers using the service for high volumes of cybercriminal activity.
Then on July 28, the 911 website began redirecting to a notice saying, βWe regret to inform you that we permanently shut down 911 and all its services on July 28th.β
According to 911, the service was hacked in early July, and it was discovered that someone manipulated the balances of a large number of user accounts. 911 said the intruders abused an application programming interface (API) that handles the topping up of accounts when users make financial deposits with the service.
βNot sure how did the hacker get in,β the 911 message reads. βTherefore, we urgently shut down the recharge system, new user registration, and an investigation started.β
The parting message from 911 to its users, posted to the homepage July 28, 2022.
However the intruders got in, 911 said, they managed to also overwrite critical 911[.]re servers, data and backups of that data.
βOn July 28th, a large number of users reported that they could not log in the system,β the statement continues. βWe found that the data on the server was maliciously damaged by the hacker, resulting in the loss of data and backups. Its [sic] confirmed that the recharge system was also hacked the same way. We were forced to make this difficult decision due to the loss of important data that made the service unrecoverable.β
Operated largely out of China, 911 was an enormously popular service across many cybercrime forums, and it became something akin to critical infrastructure for this community after two of 911βs longtime competitors β malware-based proxy services VIP72 and LuxSocks β closed their doors in the past year.
Now, many on the crime forums who relied on 911 for their operations are wondering aloud whether there are any alternatives that match the scale and utility that 911 offered. The consensus seems to be a resounding βno.β
Iβm guessing we may soon learn more about the security incidents that caused 911 to implode. And perhaps other proxy services will spring up to meet what appears to be a burgeoning demand for such services at the moment, with comparatively little supply.
In the meantime, 911βs absence may coincide with a measurable (if only short-lived) reprieve in unwanted traffic to top Internet destinations, including banks, retailers and cryptocurrency platforms, as many former customers of the proxy service scramble to make alternative arrangements.
Riley Kilmer, co-founder of the proxy-tracking service Spur.us, said 911βs network will be difficult to replicate in the short run.
βMy speculation is [911βs remaining competitors] are going to get a major boost in the short term, but a new player will eventually come along,β Kilmer said. βNone of those are good replacements for LuxSocks or 911. However, they will all allow anyone to use them. For fraud rates, the attempts will continue but through these replacement services which should be easier to monitor and stop. 911 had some very clean IP addresses.β
911 wasnβt the only major proxy provider disclosing a breach this week tied to unauthenticated APIs: On July 28, KrebsOnSecurity reported that internal APIs exposed to the web had leaked the customer database for Microleaves, a proxy service that rotates its customersβ IP addresses every five to ten minutes. That investigation showed Microleaves β like 911 β had a long history of using pay-per-install schemes to spread its proxy software.
Threat groups are increasingly turning to InterPlanetary File System (IPFS) peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide.β¦
Cybercriminals steal the equivalent of $18M from the NFT music streaming platform Audius, while other cyberthreats related to crypto made the news.
The post Music streaming platform victim of a crypto theft β Week in security with Tony Anscombe appeared first on WeLiveSecurity
FreshRSS 