EDPB Creates Task Force to Investigate ChatGPT

andreasc
-
0
EDPB Creates Task Force to Investigate ChatGPT
[ad_1]
Task Force ChatGPT

On Thursday, the European Data Protection Board (EDPB)announced that it had established a task force on ChatGPT, a potentially significant first step towards a uniform policy on setting privacy regulations for artificial intelligence.

“The EDPB decided to launch a dedicated task force to foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities,” EDPB said.

The General Data Protection Regulation (GDPR) must be applied consistently. The EDPB, an autonomous agency inside the European Union, was created to foster collaboration among the region’s data protection agencies.

ChatGPT, an AI program that drew public attention for its ability to write quick responses to a variety of queries, has grown to be the fastest-growing consumer application in history, with more than 100 million monthly active users, while raising concerns about the risks it may pose to safety, privacy, and jobs.

EHA

Italy Blocks ChatGPT

Before March 31, ChatGPT’s operations in Italy were to be suspended due to concerns that the company did not adhere to the (GDPR). Until then, privacy had not been a major worry for the company.

Italian officials reported the parent firm of ChatGPT, OpenAI LP, as processing the personal data of Italian residents on a massive scale without foundation in law, which disturbed them.

The regulator raised concerns that citizens may be put at risk because ChatGPT was trained to use private information about them, like phone numbers and addresses.

The Italian regulator also expressed concerns about “hallucinations” in ChatGPT. The model is prone to making up fake but otherwise realistic-sounding stories about persons whose information was gathered from the internet without an actual answer.

Italy’s decision to lift the ban was conditional on OpenAI agreeing to apply regulations protecting users’ privacy by April 30.

The EDPB said in today’s statement that its members had “discussed the recent enforcement action undertaken by the Italian data protection authority against Open AI about the Chat GPT service” before deciding to launch a dedicated task force to “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities.”

According to a source at one national watchdog, member states hoped to unify their policy positions, but it would take time. Member states are said to be pursuing broad regulations that are “transparent” rather than punishing or making laws that will harm ChatGPT.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link

Massive malvertising campaign targets seniors via fake Weebly sites

andreasc
-
0
Massive malvertising campaign targets seniors via fake Weebly sites
[ad_1]

Scammers are buying ads on for the most common Google searches made by seniors and defrauding them with tech support scams.

Knowing their audience is something scammers excel at, and for very good reason. This is particularly true for tech support scammers whose prime targets are seniors.

By understanding what retirees are searching for and abusing various online platforms, crooks can precisely go after the demographic they are interested in and lure them onto sites that they control.

We have been observing a specific malvertising campaign via Google ads aimed at seniors. The threat actor is creating hundreds of fake websites via the Weebly platform to host decoy content to fool search engines and crawlers while redirecting victims to a fake computer alert.

Based on our analysis, this particular scheme started sometime in the summer of 2022 but has drastically increased in prevalence in the past month. While we have been sharing details with affected parties privately for a few weeks, we are now exposing what we know. 

Popular search terms

Malvertising, or the use of ads to deliver malicious content, is not something new. Yet, over the years various threat actors have used it for different purposes.

It is a cost effective and efficient way to reach targets and then monetize those with a certain payload that can be anything from malicious software or plain old scams. But we don’t tend to hear about the latter as much because the impact of scams may be harder to quantify.

In talking to victims, you will often hear them describe that they were just looking up for something and clicked somewhere when all the sudden this or that happened.

As we saw an increase in our telemetry for tech support scam pages, we decided to replicate some of those searches and came up with keywords we thought the senior/retired audience might use often. In order to maximize our chances of identifying the campaign we used a real machine and prepared with a specific profile.

By far, anything related to recipes and cooking is a popular search query. We had previously identified another malvertising campaign using this same theme.

We also tried to look for games such as Solitaire:

And of course, we couldn’t do without checking on the weather:

Decoy sites

While the links for the sponsored sites may look legitimate, they aren’t. The problem is that unless you are the intended victim, you will only see the clean content. It matters because crawlers and other ad quality check tools may validate the advertiser and allow the ad to be reached by a large audience.

Each site is very simple and contains content that was stolen from somewhere else and put together hastily.

The threat actor has been creating hundreds of those websites via the Weebly platform which they are abusing. Some days, we saw an average of 10 new Weebly hostnames used by the scammers.

Cloaking

As mentioned earlier, it is important for the scammers to stay under the radar and make it as though these webpages are legitimate. They can do this easily by using a technique known as cloaking.

Cloaking is simply showing different content based on a target audience and being able to hide the payload from some non desirable visitors (i.e. web crawlers, security researchers).

The scammers did this in various ways, some quite simple (user-agent and IP check) but they also paid for a professional cloaking service.

The cloaker API will return a response that contains two different links:

In this case the money page is a URL belonging to Digital Ocean and hosting a tech support scam page.

Tech support scam

Most scammers will use a template for the tech support scam page which is customized for the operating system and browser the victim is running. This scheme is adapted for both Windows and Mac, supporting the Chrome, Opera, Safari and Firefox browsers.

In this case they are also abusing a browser feature that remaps keystrokes when a page is in fullscreen by targeting the navigator.keyboard.lock API. What this means in practical terms is that the user will not be able to exit from the fullscreen page unless they press and hold the Escape key for several seconds. Many people will panic and call the phone number on the screen, only to fall in the hands of scammers and lose hundreds, sometimes even thousands of dollars.

Protection from malvertising attacks

Malvertising can come in different forms and ad formats, and the same can be said about the payloads that are distributed.

As we saw earlier this year, clicking on the top ad for a software download doesn’t always get you what you wanted, in fact it can infect your computer with malware. Threat actors are very good at impersonating legitimate brands and setting convincing websites.

We have reported and continue to report this malvertising campaign to Google and Block Inc. (Weebly).

We always recommend using a layered approach to security and for malvertising you will need web protection combined with anti-malware protection. Malwarebytes Premium for consumers and Endpoint Protection for businesses provide real-time protection against such threats.

TRY NOW


[ad_2]
Source link

Pixel 8 phones appear in new renders along with protective cases

andreasc
-
0
Pixel 8 phones appear in new renders along with protective cases
[ad_1]

The Google Pixel 8 may be a little smaller than the Pixel 7, but it would look a lot like its predecessor. Leaked renders have already revealed that, and we now have further confirmation via a fresh leak. TechGoing recently shared an image of the phone in a protective case, showing its front and rear design. We also have an image of the Pixel 8 Pro’s rear camera bump in a case.

The latest Pixel 8 leak shows the phone in a transparent case, giving us another look at its design. The upcoming handset bears striking similarities with last year’s Pixel 7. We have a horizontal camera stripe that runs across the phone’s width. The two rear-facing cameras are housed in a pill-shaped dark glass within that protruding stripe. The microphone hole, LED flash unit, and other sensors also sit in similar positions as the 2022 model. The front design doesn’t see any changes either. Google is sticking to a centered punch-hole cutout for the selfie camera.

While we don’t have fresh visuals of the Pixel 8 Pro’s front design today, it shouldn’t look any different from the Pixel 7 Pro either. However, the same isn’t true for its rear design. The horizontal camera stipe is still here but Google has slightly changed the camera housing. Last year, it kept the telephoto lens separate from the other two cameras. The new model has all three rear cameras housed in a long pill-shaped dark glass. The laser AF unit has also been moved to the right side, below the LED flash.

The Pixel 8 could be slightly more compact than Pixel 7

Google‘s next-gen Pixel flagships are still months away but leaks about them have been coming for a while now. Yesterday, we learned that the base Pixel 8 will be a little smaller than the Pixel 7. To be precise, the new device is said to feature a slightly smaller display (6.16-inch vs. 6.32-inch). We hope it isn’t the case of Google thickening the bezels and that the handset’s size will be shrunk a little for a more compact build. It would be so anti-climatic if the Pixel 8 arrives the same size as Pixel 7 but with thicker bezels and a smaller display.

There’s still plenty of time to go for the Pixel 8 launch. Google isn’t expected to unveil the new phones before October of this month. It should launch the Pixel 7a, the Pixel Fold foldable, and the Pixel Tablet before that. Stay tuned and we will keep you posted with the latest information about these upcoming Google products.


[ad_2]
Source link

Reign Spyware is being used to hack iPhones

andreasc
-
0
Reign Spyware is being used to hack iPhones
[ad_1]

It’s no secret that people and experts have always regarded iOS as the safer operating system, thanks in part due to Apple’s stringent control and safety measures. However, a new report from Citizen Labs suggests otherwise, as new spyware called Reign has been infecting iPhones using invisible iCloud calendar invitations and transmitting data without user knowledge.

Developed by an Israeli company called QuaDream, the Reign spyware exploits a vulnerability known as “Endofdays” to attack iPhones running iOS 14.4 and iOS 14.4.2.

Once infected, Reign can access various components of iOS and iPhone functions, similar to the notorious Pegasus spyware. It can record calls and microphone input, take pictures with the camera, extract or remove content from the keychain, generate iCloud 2FA passwords, search files and databases on the device, track the device’s location, and clean software traces to minimize detection possibilities. Therefore, essentially taking over the device and monitoring everything a user does.

How to stay protected?

While Citizen Labs reports that they did not detect any instances of individuals being targeted with the spyware outside the time frame of January 2021 to November 2021, which may suggest that Apple has fixed the vulnerability, users should still take necessary precautions to protect themselves from falling victim.

These include keeping devices updated with the latest security patches, avoiding downloading apps from unknown sources, and being cautious of suspicious emails, messages, or phone calls that may contain phishing links or malicious attachments. Additionally, using anti-virus software can provide an extra layer of protection against spyware attacks.

Moreover, it is also crucial to be aware of the signs of a spyware attack, such as high data usage for an app, slow device performance, and excessive battery drain. If any of the apps installed on your device show these signs, uninstall it immediately and run a malware scan.


[ad_2]
Source link

Cybercriminals Selling Python-based Hacking Tool via Telegram

andreasc
-
0
Cybercriminals Selling Python-based Hacking Tool via Telegram
[ad_1]
Python Hacking Tool

Recently, Cado Security Labs discovered and unveiled details of a new Python-based credential harvester called “Legion.”

Cybersecurity researchers have asserted that this hacking tool, “Legion” has already made its way to Telegram and is being actively marketed on Telegram by its operators. 

While this hacking tool has been specifically designed to target and exploit a wide range of email services, Legion is likely linked to the infamous AndroxGh0st malware family, which made headlines for the first time in December 2022.

Legion Offerings

There are several modules included in Legion that are used to enumerate:-

EHA
  • Vulnerable SMTP servers
  • Remote Code Execution (RCE)
  • Exploit vulnerable versions of Apache
  • Brute-force cPanel
  • Brute-force WebHost Manager (WHM) accounts
  • Interact with Shodan’s API
  • Hijack SMS messages
  • Compromise Amazon Web Services credentials

Besides this, AlienFox is a comprehensive toolset, and it has been identified that AndroxGh0st is part of this toolset. 

Since this toolset is vast in nature, so, it also provides threat actors with the ability to steal API keys and essential secrets from cloud services.

Legion Tool

The presence of Legion on multiple Telegram channels, coupled with its promotion through YouTube tutorial videos, strongly suggests that this is not a casual or isolated attempt at spreading malware but rather a widespread and coordinated effort.

What’s the Origin?

Although the exact source of the malware remains unverified, there are indications that the developer behind it may be Indonesian or located in Indonesia, based on comments and other linguistic evidence found in Bahasa Indonesia.

Cado Security researchers have issued a precautionary recommendation to all users of web server technologies and frameworks, such as Laravel, to review their security processes and procedures.

To ensure maximum protection of sensitive information such as credentials, experts recommend storing such information in a .env file outside web server directories.

This will help prevent unauthorized access to critical data by limiting the potential attack surface which threat actors could exploit.

Targeted Services

Here below, we have mentioned the complete list of the services that are targeted:-

  • Twilio
  • Nexmo
  • Stripe/Paypal (payment API function)
  • AWS console credentials
  • AWS SNS, S3 and SES-specific credentials
  • Mailgun
  • Plivo
  • Clicksend
  • Mandrill
  • Mailjet
  • MessageBird
  • Vonage
  • Nexmo
  • Exotel
  • Onesignal
  • Clickatel
  • Tokbox
  • SMTP credentials
  • Database Administration and CMS credentials (CPanel, WHM, PHPmyadmin)

Here below, we have mentioned the list of the carriers that are targeted:-

  • Alltel
  • Amp’d Mobile
  • AT&T
  • Boost Mobile
  • Cingular
  • Cricket
  • Einstein PCS
  • Sprint
  • SunCom
  • T-Mobile
  • VoiceStream
  • US Cellular
  • Verizon
  • Virgin

Moreover, a GitHub Gist link appears on the profile of a user named “Galeh Rizky” who resides in Indonesia, according to his profile.

Code

Although the exact relationship between Galeh Rizky and Legion remains unclear at this time, the most shocking thing is the presence of their code in the detected sample.

Galeh Rizky may be the developer behind Legion, or a coincidence that their code has been used without their knowledge or consent.

This malware mainly depends on misconfigurations in web server technologies and frameworks. That’s why it’s strongly advised to recheck all security mechanisms to prevent further exploitation.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Related Read:


[ad_2]
Source link

Is AI being used for virtual kidnapping scams?

andreasc
-
0
Is AI being used for virtual kidnapping scams?
[ad_1]

We take a look at claims that AI is now being used for a notorious form of kidnapping hoax.

You may have seen a worrying report of Artificial Intelligence (AI) being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident’s daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunately, with the daughter out of sight this just made the scam seem more believable. Was she actually on the trip, or kidnapped? With no way to know right away, all the parent could do was listen to a demand for $1m and the threat of terrible things happening to their daughter.

The scammers dropped the ransom down to $50k after being told that the money simply wasn’t available, and while all of this was going on, a friend of the family, and law enforcement, were able to confirm that the supposedly kidnapped daughter was in fact safe and well.

Virtual kidnapping scams have been around for many years, but this is a new spin on a well-worn technique.

The imitated child’s parent is convinced that some form of AI was used in this instance. To do this, scammers would have had to obtain some samples of the daughter’s voice. The samples would then have been fed into a machine learning algorithm which learned how she speaks, giving the scammers a computer program that can speak like the victim.

This technique certainly works, and can produce strartling results. To hear for yourself, take a listen to podcast.ai, a podcast entirely generated by AI, that features guests like the late Steve Jobs.

The case for AI

Can we be sure that what happened here was down to AI?

The victim claims that the voice was definitely that of her daughter. You would expect someone to recognise a fake or an imitation of their own child. Think how many celebrity impersonators you’ve heard on TV or elsewhere, and how many of them are actually good at it. More often than not, the slightest imperfections really stand out. Now apply this to a mother and her daughter. She’s going to have a very good idea what her offspring does and doesn’t sound like.

Subbarao Kambhampati, a computer science professor at Arizona State University, told the New York Post that it’s possible to spoof a voice in convincing fashion from just three seconds of audio.

According to the victim, her daughter has no social media presence to speak of, but has done a few short public interviews. In theory, this could be enough for the fraudsters to create a working facsimile of her voice.

None of this is proof that AI was used, but none of it rules out AI either.

The case against AI

Creating a replica voice from three seconds of audio sounds scary, but in practice things aren’t quite so cut and dry. We covered a great example of this a little while ago, involving a journalist logging into his telephone banking via use of AI voice replication. It’s definitely not an exact science, and getting the voice right can take many attempts, samples, and requires an AI tool that can stitch everything together to an acceptable standard.

In terms of the mother’s claim she recognised her daughter’s voice, that’s complicated. Understandably, she will have experienced a considerable level of panic when receiving the call, and that might have affected her ability to identify her daughter. CNBC wrote about the phenonmenon of virtual kidnappings in 2018, before the current AI boom. In every case listed in its article, the person stuck on the phone is convinced the voice on the other end of the line is who the fake kidnapper claims them to be. Teenage sons, younger daughters, men in their thirties…the horror of these calls has the victim pretty much ready to stand up in court and state that this was the real deal.

This effect of “Yes, it’s them” has been happening for years, long before AI came onto the scene. Is this what’s happened in the AI kidnap scam above? And why would virtual kidnappers bother to replicate someone’s voice if the victim is going to believe it’s all real anyway?

Protection from virtual kidnap scams

Steering clear of this kind of attack isn’t particularly affected by whether or not the person screaming down the phone is an impersonator or a slice of AI. The basics remain the same, and social engineering is where a lot of these attacks take shape. It’s not a coincidence that most of these stories involve the supposed kidnap victim being on holiday or away from the family home when the bogus call comes through. There are some things you can do to blunt the effect of virtual kidnap scams:

  • Be vacation smart. Avoid posting travel dates and locations that could add some fake legitimacy to a scammer’s call.

  • Make your data private. Revisit your online presence, and lock down or delete your data so scammers know less about you.

  • A plausible alert. Consider a password that family members can use to confirm they actually are in danger.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung to fix this Galaxy S23 camera issue next month

andreasc
-
0
Samsung to fix this Galaxy S23 camera issue next month
[ad_1]

Samsung recently pushed a massive camera update to the Galaxy S23 series, adding a few new features and fixing some bugs and performance issues. However, one major HDR-related issue remained unfixed. The new flagships still produce images with a weird halo effect around subjects. Thankfully, a fix for this problem isn’t too far off. According to renowned Samsung insider Ice Universe, the next update for the Galaxy S23 series will deal with this issue.

Galaxy S23 users have been reporting this abnormal halo effect since day one. As you can see in the image below, the plant and flowers have a light outline across the borders. The outlines are more visible in low-light images but regular daylight images have this HDR problem as well. This isn’t normal and shouldn’t be there, particularly in a phone that costs north of $1,000, even going beyond $1,500 if you want the maxed-out variant.

Samsung was expected to fix this issue with the recent update, but it didn’t. The update was huge and contained plenty of changes, including the fix for an occasional green line issue. Samsung also fixed color banding issues in high-resolution modes (50MP and 200MP) and improved the sharpness of photos and videos taken in low-light conditions. Last but not least, it improved the camera speed and autofocus and fixed a face recognition issue.

The latest Galaxy S23 update was initially released in Samsung’s homeland South Korea but has since expanded to other markets as well, including Europe and the US. Samsung pushed the April security patch to the new flagships with this camera update. The fix for the halo effect will probably arrive with the May security patch in a few weeks. We will let you know when the rollout begins.

Galaxy S23 and Galaxy S23+ may have a camera hardware issue

While this abnormal halo effect is getting a fix soon, Samsung may have a bigger problem regarding the Galaxy S23 camera. Particularly the one found on the base model and the Galaxy S23+. Many users have found that these two phones can’t keep the entire scene in focus and produce images with blurry patches. This appears to be a hardware problem. The issue doesn’t exist on the Galaxy S23 Ultra.

As of this writing, Samsung hasn’t acknowledged this problem and has maintained that there’s nothing wrong with the Galaxy S23 and Galaxy S23+ camera hardware. But with reports mounting, the company may soon be forced to come forward and explain what is happening.

Galaxy S23 camera sample halo effect


[ad_2]
Source link

Best iPad Accessories

andreasc
-
0
Best iPad Accessories
[ad_1]

The iPad is arguably the best tablet on the market, whether you’re an Android or iPhone user, it’s the best tablet. For Android users, it’s arguably the best since all of the Google apps are also available on it. And Android tablets kinda suck these days. Though Google is looking to change that.

But if you just bought a new iPad, you might be wondering what the best accessories are to buy for it. Luckily we have you covered there. We have rounded up the best accessories that you can buy. And most of these are available for all iPads. That includes the iPad, iPad Air, iPad Mini and iPad Pro.

Best iPad Accessories

Product nameCostWhere to buy
Logitech Combo Touch$190Amazon
AirPods Pro 2$249Best Buy
Native Union USB-C braided cable$35Amazon
Satechi Multi-Angle Tablet Stand$40Amazon
Apple Magic Keyboard Folio$249Best Buy
Apple Pencil (2nd Gen)$129Amazon
Twelve South HoverBar Duo (2nd Gen)$79Amazon

Logitech Combo Touch

71dmlPk0IyS AC SL1500

  • Price: $190
  • Where to buy: Amazon

The Logitech Combo Touch is one of my favorite keyboards available for the iPad. And that’s because it is detachable. So you can detach the keyboard from the case on your iPad, and still use your iPad with the kickstand. Making it very versatile. It is not cheap, but it is cheaper than Apple’s options. So there’s that.

This keyboard is available for the iPad Pro in both 11 and 12.9-inch models. As well as the iPad Air 4th and 5th Gen models. It does work with the regular iPad, but not the redesigned 10th generation model, unfortunately.

Logitech Combo Touch – Amazon

Apple AirPods Pro (2nd Generation)

4900964ld

If you don’t already own a pair of AirPods, you should buy a pair. They sound fantastic, and also work flawlessly (most of the time) with Apple products including the iPad.

These are the new second-generation AirPods Pro. Which offer up MagSafe charging among a few other things. MagSafe is really nice to have, as you can just put them down on a MagSafe charger and not worry about it sliding off. This mdoel also includes another pair of eartips, now offering XS, S, M and L.

AirPods Pro do offer up to 6 hours of continuous playback. And the case can charge them a few times. These also include personalized spatial audio with dynamic head tracking, as well as Dolby Atmos.

Apple AirPods Pro (2nd Gen) – Best Buy

Native Union USB-C Braided Cable

81Z3NCbBLiL AC SL1500

  • Price: $35
  • Where to buy: Amazon

I know, I know, $35 is a lot for a USB-C cable. Especially when one comes with your iPad. But this cable is still great to pick up and have with you. That’s because it’s a longer cable, coming in at 8-foot long. It’s also branded and has a strap that can keep it together. This makes it great for taking on trips with you. Just toss it in your bag and you’re good to go.

Native Union USB-C Braided Cable – Amazon

Satechi Multi-Angle Foldable Tablet Stand

71EV1HkZ L AC SL1500

  • Price: $39
  • Where to buy: Amazon

This is an accessory that everyone should have. It’s an adjustable metal stand for the iPad. And it does work with all iPads, in both landscape and portrait mode. Satechi does offer this in a number of different colors as well.

You can put this next to your computer and use SideCar on your iPad with ease. As well as using it as a computer with a wireless keyboard. The possibilities here are endless, and for $40, it’s worth having around.

Satechi Multi-Angle Foldable Tablet Stand – Amazon

Apple Magic Keyboard Folio

6340391ld

This is a new keyboard that Apple announced with the redesigned, iPad 10th generation in the fall of 2022. It, unfortunately, is only available for the 10th Gen iPad. But we think it will be made available to the other iPads, eventually.

This is basically the same as the Magic Keyboard for the iPad Air and iPad Pro, but with three main differences. It has a built-in kickstand. It also detaches from the keyboard. And the Keyboard also has a row of function keys, which is really useful on an iPad.

Apple Magic Keyboard Folio – Best Buy

Apple Pencil (2nd Gen)

31QVBbn69oL AC SL1000

  • Price: $129
  • Where to buy: Amazon

The Apple Pencil (2nd Generation) is a great accessory for your new iPad. It works with all iPads, except for the regular iPad. It connects to the side of the iPad to sync and charge. It doesn’t take long to charge, either, since it does have a pretty small battery inside.

Apple Pencil is great to use with a variety of drawing apps, as well as for taking notes and so much more. I use mine all the time on my iPad Air to take notes within the Notes app and the newer Freeform app that’s available on all of Apple’s products.

Apple Pencil (2nd Gen) – Amazon

Twelve South HoverBar Duo

6146abMLrYL AC SL1500

  • Price: $79
  • Where to buy: Amazon

If you’re looking for a stand, and are willing to spend a bit more, then the Twelve South HoverBar Duo is a really good option. This one allows you to mount it on a table, or shelf, as well as just stand it on your desk. The extra arm gives you more flexibility on how you want it to sit on your desk.

The weighted base keeps it from tipping over, which is a good look from Twelve South. This also allows you to get it up to a good height to use next to your Mac for SideCar. Which the iPad is great for SideCar. Finally, the Twelve South HoverBar Duo does come in two colors – black and white.

Twelve South HoverBar Duo – Amazon

[ad_2]
Source link

TikTok is one signature away from getting banned in a U.S. state

andreasc
-
0
TikTok is one signature away from getting banned in a U.S. state
[ad_1]

Montana is just a signature away from becoming the first state to ban TikTok. After the bill to ban the short-form video app passed Montana’s House by a 54-43 tally, the legislation heads to the desk of Governor Greg Gianforte. If Gianforte signs the bill, TikTok will not be allowed to operate within the state of Montana, and app stores in the state will be banned from offering to download it.

TikTok could be banned in Montana if the governor signs one piece of legislation

If the governor does affix his signature to SB419, as the bill is known, the ban on TikTok would begin in January. While TikTok is the target of the bill, as written it would be app stores in violation of the law that could start accumulating huge fines at the rate of $10,000 per day. Individuals in Montana who are TikTok users would not face any fines or incarceration for using the TikTok app.

The Montana House of Representatives passed a bill that bans TikTok in the state - TikTok is one signature away from getting banned in a U.S. state

The Montana House of Representatives passed a bill that bans TikTok in the state

Brooke Stroyke, a spokesperson for the governor, said, “The governor will carefully consider any bill the legislature sends to his desk.” Back in December, Gianforte banned TikTok from being used on devices owned by the state government, and a month later he convinced Montana University to do the same-which it did.

TikTok released a statement citing the First Amendment while hinting about a possible lawsuit. “The bill’s champions have admitted that they have no feasible plan for operationalizing this attempt to censor American voices and that the bill’s constitutionality will be decided by the courts,” said TikTok spokesperson Brooke Oberwetter. “We will continue to fight for TikTok users and creators in Montana whose livelihoods and First Amendment rights are threatened by this egregious government overreach.”
The bill also mentions TikTok’s “dangerous content” and “dangerous challenges.” Syracuse University associate professor and First Amendment scholar Lynn Greenky said that the legislation is so vague, it is “virtually unenforceable.”
Besides being worried about the content spread to Americans by some TikTok creators, the U.S. government is concerned about the company that owns TikTok, a Chinese firm called ByteDance. As with any Chinese tech company, ByteDance can be forced to turn over data it has collected from American TikTok users to the Chinese Communist Party (CCP). Last year it was discovered that the iOS version of TikTok had an in-app keyboard that collects keystrokes.

Both the Trump and Biden administrations have called on ByteDance to spin off the U.S. operations of TikTok to an American company. Interestingly, the version of TikTok available in China, Douyin, is also owned by ByteDance. But that is where the similarities end as Douyin is involved in e-commerce and stays clear of the controversial content found on TikTok through censorship by the Chinese government.

Over half of the 50 U.S. states are seeking to restrain the use of TikTok

TikTok has responded to U.S. requests for ByteDance to sell off TikTok’s U.S. operations by coming up with “Project Texas” which would create a firewall around U.S. data. But that will not be enough to satisfy lawmakers. More than half of the 50 states in the U.S. are seeking to restrain the use of TikTok. This worries Morgan Reed, president of The App Association which gets half of its funding from Apple.

Reed worries that “While it might begin with TikTok, it clearly won’t end there.” A a technology industry group called NetChoice that TikTok is a member of, said Friday that SB419 violates the US constitution. Carl Szabo, NetChoice’s vice president and general counsel, said, “This move from the Montana legislature sets a dangerous precedent that the government can try to ban any business it doesn’t like without clear evidence of wrongdoing.

Szabo added, “The US Constitution clearly forbids lawmakers from passing laws to criminalize a specific individual or business. Gov. Greg Gianforte should veto this clearly unconstitutional law.” And the ACLU also got into the act by writing a letter that said, “SB 419 is censorship — it would unjustly cut Montanans off from a platform where they speak out and exchange ideas everyday, and it would set an alarming precedent for excessive government control over how Montanans use the internet.”


[ad_2]
Source link

Protecting your business from RDP attacks and Mirai botnets

andreasc
-
0
Protecting your business from RDP attacks and Mirai botnets
[ad_1]

Prevent port scanning attacks with Malwarebytes for Business.

Compromised IP addresses and domains—otherwise legitimate sites that are exploited by hackers without the owner’s knowledge—are frequently utilized to conduct port scanning attacks.

Port scanning involves systematically scanning a computer network for open ports, which can then be exploited by threat actors to gain unauthorized access or gather information about the system’s vulnerabilities.

In this article, we will explain the two biggest threats utilizing port scanning attacks, RDP attacks and Mirai botnets, and how businesses can protect themselves using Malwarebytes for Business.

Compromised detections: RDP attacks and Mirai botnets

Cybercriminals typically conduct reconnaissance on the target port before using what are called dictionary attacks, entering and trying out known usernames and passwords to see if any of the combinations grant access.

The two most common detections of compromised IP addresses are systems scanning for open RDP (Remote Desktop Protocol) ports and IoT (Internet of Things) botnets, such as Mirai.

Remote Desktop Protocol is exactly what the name implies, a tool for remotely controlling a PC that gives you all the power and control you would have if you were actually sitting behind it—which is what makes it so dangerous in the wrong hands. In fact, one of the primary attack vectors for ransomware attacks has been the Remote Desktop Protocol (RDP).

RDP port scanners, often found in the form of compromised servers, scan the internet for open RDP ports by trying the default port for RDP, TCP 3389. The cybercriminals that control the compromised server then try to brute-force their way in, repeatedly entering common username and password combos to find RDP login credentials.

Other than RDP, cybercriminals often perform port scans for various other network protocols, including FTP (20/21), POP3 (110/995), IMAP (143/993), SMTP (25/465/587), and SQL (1433/1434/3306). Gaining access through RDP and other network protocols allows attackers to infiltrate systems and deploy various malware.

Mirai, on the other hand, is a botnet primarily composed of Internet of Things (IoT) devices such as IP cameras, routers, and other internet-connected devices. Mirai actively scans the internet for open telnet servers on ports 23 or 2323, and, upon discovering one, attempts authentication using known default credentials. Such credentials are easy to find in many IoT devices—they’re often the prepackaged combination of “admin” and “admin” for both username and password whenever customers first purchase a product to set it up. 

If successful in its malicious login attempts, Mirai compromises the device and integrates it into the existing botnet.

In addition to launching DDoS attacks, botnets like Mirai can aid hackers in weakening website security, stealing credit card information, and distributing spam.

Protecting your business with Malwarebytes for Business

Malwarebytes for Business offers a comprehensive solution to monitor and manage threats, including detections from compromised IP addresses scanning for and attacking open ports.

For example, Malwarebytes blocks the IP address 5.39.37.10 as it is associated with the Mirai botnet, and 81.198.240.73 because it has been found to be involved in RDP probes or attacks.

Brute Force Protection policies in Nebula, our cloud-hosted security platform, can be configured to specify which protocols to protect, the ports used (default or custom), and create trigger rules. If set to monitor and detect, the policy will not block the ports. However, if set to block, it will utilize the Windows Firewall to block communications based on the configured rules.

When a block is implemented, the offending IP address will be placed in a “jail” for a predetermined duration, such as 30 minutes as shown in the example screenshot above. Blocks last a max of 60 minutes because IP addresses might be reassigned to legitimate users, or an attacker may leverage a legitimate user’s IP address. 

There are two kinds of inbound connections that Malwarebytes can detect, Blocked Inbound Connections and Found Inbound Connections.

Blocked inbound connections

Detections with the following fields reported typically occur when a port is open and exposed to the internet:

  • Type: Inbound Connection

  • Action Taken: Blocked

These detections are prevented by the Web Protection real-time protection layer. When these detections occur, it means the IP address being blocked is scanning or attempting to force its way into the endpoint using different ports.

Malwarebytes blocks IP addresses that have a history of abuse and is correctly preventing malicious connections.

Found inbound connections

Detections with the following fields reported are typically a result of having open ports in the router or firewall:

These detections occur based on your Brute Force Protection trigger rule settings specified in the Nebula policy.

Configuring Brute Force Protection in Nebula

To configure Brute Force Protection in Nebula:

  1. On the left navigation menu, go to Configure > Policies.

  2. Select a policy, then select the Brute Force Protection tab.

  3. Select the following protocols for your workstations or servers:

  • Workstation and server protocols: Check mark the RDP protocol.

  • Server-only protocols: Check mark the FTP, IMAP, MSSQL, POP3, SMTP, or SSH protocols.

  1. Configure custom port settings based on your endpoint environment and protocol requirements.

  2. Create a Trigger rule based on the number of failed remote login attempts within a certain minute range across all enabled protocols. Choose to either block the IP address or monitor and detect the event when the trigger threshold is reached.

  3. Optionally, enable the option to Prevent private network connections from being blocked.

  4. When enabled, endpoints within private network address ranges will not trigger Brute Force Protection due to failed login attempts. This excludes the following network ranges:

  • 10.0.0.0/8 (10.0.0.0-10.255.255.255)

  • 172.16.0.0/12 (172.16.0.0-172.31.255.255)

  • 192.168.0.0/16 (192.168.0.0-192.168.255.255)

  • 127.0.0.0/8 (127.0.0.0-127.255.255.255)

  1. Click Save at the top-right of your policy.

Safeguarding your business from compromised threats

By leveraging Malwarebytes for Business’ advanced threat detection and protection capabilities, businesses can effectively protect themselves against attacks that result from compromised IP addresses and domains, including RDP attacks (and attacks against other network protocols) and IoT botnets. Configuring Brute Force Protection in Nebula allows companies to stay one step ahead of cybercriminals and ensure the safety of their networks and data.

Protection from port scanning attacks is only one aspect of Malwarebytes for Business’ multi-layered approached to defense, which includes an all-in-one endpoint security portfolio that combines 21 layers of protection.

Request Your Free Malwarebytes Business Trial 


[ad_2]
Source link
1...1,2911,2921,293...1,452Page 1,292 of 1,452