Huge Surge in Cyber Attacks Targeting Real Estate

0
[ad_1]

Cyber attacks are becoming increasingly sophisticated as threat actors continuously evolve their tools and tactics. 

They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.

The real estate and utilities industries have seen a noticeable increase in intrusions over the last three months, according to the recent study report shared with the Cyber Security News (CSN) team from CYFIRMA.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Past 90 Days in Numbers

Real estate and utilities appeared in 13 of the 59 observed campaigns, accounting for 22% of the total, lower than industries with greater appeal to nation-state threat actors.

Besides this, the Chinese cyber activity also surged with Barracuda ESG vulnerability use. However, no new real estate or utilities victims have been observed in these campaigns since then.

Attack count
Attack count (Source – Cyfirma)

Here below, we have mentioned all the involved threat actors:-

Threat actors
Threat actors (Source – Cyfirma)

Real estate and utilities draw both financially motivated and nation-state actors. Europe, potentially targeted by Russian-linked threat actors amid the Ukraine conflict, experiences the highest attack activity.

Geographical Distribution
Geographical Distribution (Source – Cyfirma)

Cyberattacks primarily target web applications and operating systems across industries, with instances of compromised VPN and application infrastructure.

Most attacked technologies
Most attacked technologies (Source – Cyfirma)

Phishing attacks

This report excludes internet service providers from the analysis, focusing instead on water and energy utilities. Phishing lures targeting utilities are highly localized, deterring threat actors seeking broader targets.

CYFIRMA’s telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.

Global Distribution of Phishing Themes per Sector
Global Distribution of Phishing Themes per Sector (Source – Cyfirma)

Impersonated brands

Here below, we have mentioned all the real estate and utilities industry brands that are impersonated:-

  • Pkn Orlen
  • Swiss Office of Energy
  • ENEL Energia S.P.A
  • Polska Grupa Energetyczna

ASN telemetry revealed PKN Orlen phishing linked to the USA, while the Swiss Office of Energy had Swiss roots, and Italian Enel Energia and Polska Grupa Energetyczna traced back to German ASN, indicating an international PKN Orlen campaign versus local cybercriminals.

Attack origins
Attack origins (Source – Cyfirma)

CYFIRMA found 117 ransomware victims in real estate and utilities in the last 90 days, 7.4% of 1,579 incidents, with a sharp rise in August.

Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain steady numbers. The top 5 gangs make up 59% of victims, but smaller groups still cause significant harm.

Major ransomware gangs
Major ransomware gangs (Source – Cyfirma)

Out of 45 active gangs, 29 targeted real estate and utilities, with Cl0p showing minimal interest in this sector.

Victims Targeted

The United States leads with 65 out of 112 victims, highlighting global ransomware threats that know no boundaries, as cyber attackers target vulnerable organizations worldwide.

Geographic Distribution Of Victims
Geographic Distribution Of Victims (Source – Cyfirma)

Nation-state APTs show limited interest in real estate and utilities, mainly focusing on energy, notably in Europe in the middle of the Ukraine-Russia conflict.

Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the top gang, while Cl0p has fewer victims in this industry. However, besides this, the real estate developers and construction businesses are the most affected sectors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Android 14 is already hitting these Xiaomi phones, but there’s a catch

0
[ad_1]

Google just launched Android 14 for Pixel devices yesterday. We all expected it to just be on Pixel phones for a little while before making it to other manufacturers. However, Chinese OEM Xiaomi is already rolling Android 14 out to some of its phones, according to Android Authority. While this is the case, there could be a bit of a catch.

When Google releases the latest version of Android, other companies follow suit over the subsequent months. Of the third-party companies to distribute the new update, Samsung is usually the earliest. We all expected the Korean tech giant to be the first, but better luck next year, Samsung.

Xiaomi is pushing Android 14 to its phones, but there’s a bit of a catch

Right now, the list of phones getting Android 14 is a bit short. Of course, it involves the company’s newer flagship handsets. The phones are the Xiaomi 12, Xiaomi 13 Pro, and Xiaomi 12T. We’re not sure if this list will expand to other phones in the near future.

The build numbers for the phones are as follows. For the Xiaomi 13, we have MIUI-V14.0.5.0.UMCMIXM and MIUI-V14.0.5.0.UMCEUXM.

Next, the Xiaomi 13 Pro has the numbers MIUI-V14.0.5.0.UMBMIXM and MIUI-V14.0.5.0.UMBEUXM.

Lastly, for the Xiaomi 12T, we have MIUI-V14.0.6.0.ULQMIXM and MIUI-V14.0.5.0.ULQEUXM.

When it comes to the changes, there aren’t many alterations to the software. We can expect some visual tweaks and upgraded functions. Other than that, you should expect a familiar experience.

So, what’s the catch?

This isn’t a major deal-breaker. However, it’s something to keep in mind if you plan on being an early adopter. Xiaomi says that this is the stable version of the software, but this might not be the most stable version of the software. The company said, “Xiaomi continues to work on the development and testing processes to ensure that this new version is experienced smoothly by users.”

This almost makes it seem like you’re getting a beta version of the software rather than the final stable release. So, if you plan on getting this software on day one, just beware that it might not be the most stable.


[ad_2]
Source link

Nokia expands 6G research with a new cutting-edge lab

0
[ad_1]

Nokia has opened a new 6G lab in India. Established within its Global R&D center in Bengaluru, known as the Silicon Valley of India, the lab will serve as the company’s research hub for accelerating the development of foundational 6G technologies. The country’s union telecom minister Ashwini Vaishnaw virtually inaugurated the lab earlier today.

Nokia opens a new lab to speed up 6G research

According to Nokia, its newly established “first-of-its-kind 6G Lab” in India will be home to research efforts in various 6G-related fields. The company says the new research hub will help accelerate the development of technologies like  Network as a Sensor, Network Exposure, and Automation. These technologies will “address the future needs of both industry and society.”

As the company explained in a press release, “Network as a Sensor” technology enables the network to sense the movement of people and objects without on-board sensors. It’s fundamental to bringing the digital and physical worlds together. Your phone’s wireless network will be able to sense movements around you and communicate the same to you.

In the real world, this enables you to see around corners and interact with far-away people and objects more closely. Nokia’s new 6G lab in Bengaluru will also provide “an experimental platform for researching algorithms, privacy, and sustainable system design.” The company is a founding member of the Next G Alliance. It also takes active participation in several regional and global 6G projects.

India’s pull as a global tech hub is growing

The new Nokia 6G lab is an outcome of the Narendra Modi-led Indian government’s ‘Bharat 6G Vision” initiative. Through this initiative, the country is aiming to play a key role in the development and implementation of 6G technologies. Nokia supporting the initiative shows that the world’s most populous country is strengthening its pull as a global tech hub.

Modi’s other tech initiatives have also received support from global companies. Google and HP recently pledged support for the $2 billion “Make in India” initiative. It encourages tech firms to increase local production. The two companies have started producing Chromebooks in Chennai, the capital city of the Indian state of Tamilnadu.

“Nokia is honored to contribute towards the realization of the Indian government’s ‘Bharat 6G vision.’ We look forward to collaborating with key stakeholders to help India become a major player in 6G technology development and adoption, and take its place in the global arena as a leading developer and supplier of advanced telecom technologies and solutions,” said Nishant Batra, Chief Strategy and Technology Officer of Nokia.


[ad_2]
Source link

US Police Recover $3M Stolen by Pakistani Crypto Scammers

0
[ad_1]

While no arrests have occurred in Pakistan, authorities in Westport, Connecticut successfully traced and recovered funds following a local resident’s complaint about being scammed.

In a rare success story, Westport Police have recovered $3 million worth of crypto that Pakistani scammers stole. The victim, a local resident, was convinced in January 2023 to move money from a retirement account into a “Kraken” cryptocurrency account.

After moving the funds into that account, between January 2023 and March 2023, the victim reported that more than $3 million worth of Bitcoin was withdrawn and transferred to cryptocurrency wallets they did not control.

It is worth noting that scammers were falsely claiming to represent the legitimate United States-based cryptocurrency exchange Kraken.

In a press release (PDF), Westport Police Department revealed that their detectives worked with the Connecticut State Police Organized Crime Task Force to track the transactions and freeze all accounts associated with the scam. The investigation eventually led to people living in Pakistan, but arrests are highly unlikely.

Despite the challenges, Westport police were able to recover the stolen crypto. This is a significant accomplishment, as cryptocurrencies can be difficult to track and recover.

US Police Recover $3M Stolen by Pakistani Crypto Scammers
Westport Police Department on Facebook (Screenshot: Hackread.com)

The Westport Police Department is urging residents to be cautious of cryptocurrency scams. Scammers often use sophisticated methods to trick people into investing in fake cryptocurrencies or sending their crypto to wallets that the scammers control.

If you are considering investing in cryptocurrencies, it is important to do your own research (DYOR) and only invest with reputable companies. You should also never send your crypto to wallets that you do not control.

Here are some tips to help you avoid cryptocurrency scams:

  • Watch out: Be wary of unsolicited investment offers, especially those that come via email or social media.
  • Do your own research: Do your own research before investing in any cryptocurrency. Make sure the company is legitimate and the cryptocurrency is real.
  • DO NOT: Never send your crypto to wallets that you do not control.
  • 2FA and Password: Enable 2FA and use a strong password and two-factor authentication for your cryptocurrency accounts.

If you believe you have been the victim of a cryptocurrency scam, report it to your local police department and the Federal Trade Commission.

  1. Hacker returns $17 million worth of stolen Ethereum
  2. Hacker Returns $200 Million Stolen from Euler Finance
  3. Hacker returns $25 million after their IP address is exposed
  4. FBI recovers millions in ransom from DarkSide ransomware gang
  5. Multichain hack: Hacker returns $1m, keeps $150k as bug bounty
  6. Hacker steals $24M, returns $2.5M to DeFi protocol Harvest Finance

[ad_2]
Source link

Hackers Hijacking Microsoft SQL Server to Compromise Cloud

0
[ad_1]
Hijacking Microsoft SQL Servers

Hackers frequently target Microsoft SQL servers because of their extensive use and possible weaknesses. 

These servers are a top target for hackers looking to make flat profits since these crooks exploit them to steal private information, start ransomware attacks, or obtain unauthorized access to systems.

Microsoft’s cybersecurity specialists recently discovered an unexpected lateral shift to a cloud environment via SQL Server. 

This approach was previously only observed in VMs and Kubernetes, not in Microsoft SQL Server.

Hijacking Microsoft SQL Servers

Exploiting a SQL injection flaw, attackers gained access and elevated permissions on an Azure VM’s SQL Server. They then tried to move laterally to other cloud resources using the server’s identity.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Cloud identities frequently have higher rights, including those in SQL Server. This attack highlights how crucial it is to secure them in order to safeguard SQL Server and cloud resources from unwanted access.

Several Microsoft Defenders first detected the reported attack path for SQL alerts, which allowed researchers to examine the cloud lateral movement approach and implement additional defenses without having access to the targeted application.

While no evidence of successful lateral movement to cloud resources was found, defenders must understand this SQL Server technique and take mitigation steps.

Attack chain
Attack chain (Source – Microsoft)

As organizations shift to the cloud, new cloud-based attack techniques emerge, notably in lateral movement from on-premises to the cloud.

Attackers use managed cloud identities, such as those in Azure, in cloud systems as a means of lateral mobility. These identities offer convenience, but security dangers are also present.

Known Technique

Although the attack used conventional SQL Server strategies, the lateral shift from SQL Server was new. Multiple queries were then used to collect host, database, and network information after the first SQL injection that granted access.

Here below, we have mentioned the information collected by the attackers:-

  • Databases
  • Table names and schema
  • Database version
  • Network configuration
  • Read permissions
  • Write permissions
  • Delete permissions

Researchers suggest the targeted application likely had elevated permissions, granting attackers similar access. They activated xp_cmdshell to run OS commands through SQL queries, which was initially disabled.

Attackers gained host access after activating xp_cmdshell and running OS commands. Through a scheduled job, they gathered information, downloaded encoded scripts, and preserved persistence. Additionally, they made an effort to get credentials by leaking registry keys.

Threat actors employed a unique data exfiltration method using ‘webhook.site,’ a publicly accessible service. This covert approach allowed them to transmit data discreetly. 

They also attempted to access the cloud identity of the SQL Server instance through IMDS to obtain the access key, leveraging a familiar technique in a distinct environment.

The request to IMDS identity’s endpoint retrieves the cloud identity’s security credentials. Though the attackers failed here, this technique can enable lateral movement. 

This method is an unknown use of cloud identities in SQL Server instances, highlighting the evolving landscape of cloud-based threats.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


[ad_2]
Source link

Here’s what’s new in Android 14

0
[ad_1]

After a year of waiting, the latest version of Android is finally out. Android 14 U is available to download for the general public, and people are digging into this software. So, what’s new with Android 14? Here’s a rundown of the new features and functions that Google added this year.

Before we hop into the new stuff, we’ll go through some of the things you need to know before trying to install the software. Those who aren’t quite the most tech-savvy might benefit from this information. So, without further ado, let’s jump right in.

Who can install Android 14?

Before we start, let’s go through the devices that can actually install Android 14. Since it just landed, Android 14 can only be installed on Google Pixel devices. Other companies are testing the new software on their phones like Samsung and OnePlus. However, Google gets first dibs on the Android upgrades.

As for which Pixel that can get Android 14, you can get the download if you’re using a phone no older than the Pixel 4a 5G. This is something that will confuse some folks, as the Pixel 4a can not get the update; only the Pixel 4a 5G can. Also, if you’re using the Pixel 4a 5G, this is the last Android upgrade that you can get.

So, if you’re using any devices released since then, including the Pixel Fold and the Pixel Tablet, you can get the Android 14 update. The Pixel 8 devices will come with the software pre-installed.

How to install the update

You’re most likely going to get the notification when your phone gets the update. However, there’s always that chance that you missed the notification or that you just don’t get it. If that happens, don’t worry, you can manually hunt down the update.

Go to your phone’s settings (swipe down on the home screen and tap on the gear icon in the notification shade) and scroll down to the System button. On that page, tap on the Update button. This will open up a page that will either say that there’s an update available or that your software is up to date.

If the page says the latter, then tap on the Search for update button on the bottom right of the screen. Your phone will then do a search for the update. After the search, you should see that there’s an update waiting for you. Tap on the Install button.

Make sure that your phone is charged above 30% and that you keep your phone on during the installation process. Google is going to download and install the update in the background while you use your phone. If your phone slows down or gets a bit warm, that’s natural. Just be sure to check back every now and then to keep an eye on the status.

What’s new with Android 14?

So, here’s a rundown of the new features that are coming with Android 14. Some features are more significant while others are minor updates. Either way, you should enjoy what Google has coming to you.

Ultra HDR

Nowadays, most flagship phones are coming out with HDR displays. While that’s the case, most of the photos that we see are displayed in SDR (standard dynamic range). Ultra HDR is a format supported on Android 14 that will preserve the HDR format no matter what device you’re viewing it on.

If you take a photo in HDR, Google will preserve the HDR data even after you edit the image. If you view that photo on an SDR screen, it will be displayed in SDR. However, if you view that same image on an HDR screen, it will then snap to HDR.

Monochromatic themes

Each year since Android 12, Google has brought new ways for you to customize your device’s theme. Material You lets you apply different color schemes to your device. As you know, you can use the colors present in your wallpaper and apply it to your theme.

However, what if you don’t want any color? Well, with Android 14, you now have monochromatic themes. These will give your phone a black-and-white look. As you can guess, the theme will be mostly white when your phone is on light theme and mostly black when on the dark theme.

Lock screen customizations

One thing about stock Android is the lack of customization options when it comes to the lock screen. However, Android 14 brings a robust suite of lock screen customizations. Google brought several tools you can use to personalize the experience.

You can choose between different clock styles with completely different fonts and sizes. Some clocks are thicker and more in your face while others are more out of the way. Also, you can choose between different lock screen shortcuts. These will launch different functions or apps right from the lock screen.

Generative AI wallpapers

Generative AI is here to stay, and Google has implemented the technology into your phones. With the AI wallpapers, you’ll be able to simply type in the type of wallpaper that you want, and the phone will use AI to generate it for you.

You will be able to choose from different styles that you want to be applied to the image. Also, when you generate a wallpaper, you’ll have different versions to choose from. Just scroll through the results to find your favorite version and apply it to your interface.

Phone as a webcam

You can use your Android phone as a webcam by downloading third-party software. However, Android 14 gives you the ability to use your phone as a webcam natively. You’ll just need to plug your phone into your computer to use the feature.

More data-sharing transparency

You want to know how your data is being used after you give an app permission to use it. Once you give it up to an app, it’s pretty much out of your hands. However, in Android 14, you’ll actually be notified if your data is shared with any third-party companies. This will help you make more informed decisions about what apps you’re giving your data to.

Longer PIN

This is one of those minor changes. In Android 14, you’ll be required to use a 6-digit PIN when unlocking your phone. Also, your phone will unlock the moment that you put in the code. You won’t need to press the Unlock button.

Health Connect

If you’re into health and fitness, then you’re most likely using different apps to track your health. Well, Health Connect is a central hub for you to access and manage your health data from different apps on your phone. You’re able to keep track of your stats all in one place, and you’re able to manage the permissions that you’re giving those apps.

The app lets you see your recent activity across the apps as well. It’s a great tool to use if you want all of your health data in one place.

Updates to Google Home

Why go to the Google Home app if you’re looking to quickly manage your settings? On the lock screen, you’ll have one-tap access to your devices. You’ll also be able to see your camera feeds on the lock screen. You’ll be able to manage your devices without needing to unlock your phone.

On the lock screen, you’ll be able to activate and deactivate different devices and even adjust the brightness of your lights. This is perfect for people who are constantly controlling their smart home devices.

Magnification tool

There are times when you’re trying to read tiny items on your screen. It can be frustrating, so Android 14 has a magnification tool that will zoom in on a certain part of your screen. However, this tool goes further than that.

When you summon the tool, you’ll see a rectangle pop up on the screen that will magnify what’s under it. You can resize that rectangle to cover a larger or smaller area.

The tool goes further than that. There are some preset magnifier sizes that you can choose from. Also, you can adjust the magnification of the area so you can get closer if you need to.

Non-linear font scaling

You’ve been able to adjust the size of the text’s font for years. However, the issue is that larger text and small text would scale up and down at the same rate. So, if you increased the size to the max so that smaller text would be clearer, the text that was already large would grow too large.

Android 14 will bring non-linear font scaling. This means that larger text won’t grow as fast as smaller text. So, the smaller text would be more legible, and the larger text wouldn’t be cut off. It will make the interface look nicer.

Font size Quick Setting

If you need to change the size of your text, you have to go to your settings and find your display settings. That can be tedious if you’re in a situation where you need to quickly change the size.

In Android 14, you’ll see a font size button in the Quick Settings. All you have to do is swipe down to access your Quick Settings, and it will be there.

Hear Aids improvements

This is a helpful accessibility tool for you guys who need a hearing device. There’s a hub in the accessibility section that will let you add new devices and adjust settings for them. It’s a one-stop shop to manage your hearing device.

Flash notifications

We all miss the notification LEDs. Well, with flash notifications, your flash LED will flash when there’s a notification that needs your attention. You’ll be able to choose which types of notifications you want to flash. This will give you an idea of what the notification is before having to pick up your phone.

And with that, you know what’s new with Android 14. Now go out there and enjoy your Android U experience!


[ad_2]
Source link

Samsung Galaxy SmartTag 2 is a feature-rich object tracker

0
[ad_1]

Samsung‘s second-gen smart object tracker is finally here. The Galaxy SmartTag 2 arrives almost three years after the original SmartTag that debuted debuted in January 2021. The new model gets a complete redesign and brings a host of new features and functional improvements.

Samsung launches Galaxy SmartTag 2 with a major redesign

Starting with the design, the Galaxy SmartTag 2 has an oblong shape with a bigger keyring hole for attaching your keys, lanyard, or anything else. Samsung has enforced the tracker’s attachment hole with a metal loop to protect against wear. The original model had a squarish shape and featured a tiny hole. The new tracker also upgrades from IP53 dust and water resistance to IP57. It won’t get damaged if you submerge it in water for a few minutes.

This redesign seems to have allowed Samsung to pack a bigger battery inside the Galaxy SmartTag 2. The company claims the tracker can stay on for up to 500 days before needing a battery replacement. The battery life can be extended by another 200 days with the new Power Saving Mode. If you recall, the original SmartTag (Bluetooth version) had a battery life of 300 days, while the SmartTag+ (with UWB) could last for just about five months.

Note that there’s no Plus version this time around. Samsung has equipped the Galaxy SmartTag 2 with both Bluetooth and UWB (Ultra-Wide Band) connectivity. This makes the rated battery life even more impressive. The company may have upgraded the rest of the internal components and functioning of the tracker to reduce power consumption. Those annoying battery replacements will now come less frequently, less than once a year.

Samsung Galaxy SmartTag 2 2

The object tracker from Samsung will help you find lost pets

Samsung’s new object tracker offers several advanced features. Its Compass View feature shows the direction and distance of a lost or misplaced tracker in relation to the user, helping them find things quickly. The feature requires the updated SmartThings Find app on a UWB-supported Galaxy smartphone, such as the Galaxy S23 Ultra.

The Lost Mode allows pet owners to embed a message into the Galaxy SmartTag 2, which can be read by anyone with an NFC-enabled phone, not necessarily a Samsung Galaxy device. Pet owners can provide their contact details and addresses so anyone who finds the pet can reach out to them. There’s also a pet walking mode and support for alerts when a tagged pet collar moves too far from the SmartThings Station.

Last but not least, the Galaxy SmartTag 2 supports automatic re-syncing with Galaxy smartphones whenever you switch devices. It will use your Samsung account to sync, so you must use the same account on the new phone. All of these features come in a package that costs just $29.99. The Korean firm will start selling the new tracker on Wednesday, October 11. It’s available in black and white color options.

Samsung Galaxy SmartTag 2 3


[ad_2]
Source link

Online Dating: Cybercrime Red Flags

0
[ad_1]

Online dating is not a new phenomenon; however, scammers have found ways to exploit it for various purposes, such as stealing victims’ money and data. Let’s explore the red flags associated with online dating scams and how to identify potential scammers.

Online dating is more popular than ever. It’s a great way to meet people, and potentially find the love of your life. Try this one and potentially find the love of your life. Despite what alarmists say it’s also a relatively low-risk activity. Chances are, the worst experience you’ll have is meeting somebody who is a crashing bore. 

But, low risk is not no risk. Unfortunately, there are people who target online dating sites to rip people off. This doesn’t mean you need to delete it. That doesn’t mean you should turn off your computer entirely. Instead, protect yourself by learning these cybercrime red flags for online dating.

They Request But Don’t Reciprocate Intimacy

You’ve met someone online, and things are progressing. Your conversations often turn sensual. It’s clear you are both deeply attracted to one another. Eventually, they ask you to turn on your webcam. Of course, you ask them to reciprocate, but they always have a viable excuse not to. Their camera is broken, or they are just too shy.

If you fall for this scam, you may appear on camera in various stages of undress. You might even engage in some intimate acts and talk as they encourage you. Then, the flattery stops. This is when the scam is revealed. They have been recording the whole time, and demand payment. If you refuse, they will distribute your images online, usually to people in your life. You comply, only to find that the demands for payment don’t stop.

They Really Want You to Check Their Website or Socials

It isn’t all that unusual for someone you’ve met on an online dating site to invite you to friend them on social media or take a look at their website. That’s part of the natural progression of dating people online. If they do that right from the start and are pushy about it, that is a red flag.

In this scam,  you are sent a link that looks legitimate. You click it and are redirected to a site that contains malware or bombards you with annoying spam. Sometimes, you will be sent to a social media account. However, it is often a fake page or scam. This is often to garner likes and follows. Sometimes, you’ll be used as a mark to sell phoney products or solicit money.

He’s in The Military But Things Just Don’t Add Up

You start communicating with someone you meet online. They tell you that they are in the military. As they talk about their life and service, they often include some of the following details:

  • At or near retirement
  • No kids or grown kids
  • Widowed or never married
  • Transferring to your area soon
  • Getting ready to start a lucrative civilian career
  • Looking to marry and have you relocate to their duty station

There may certainly be single military members who fit these descriptions. But, in this case, you will notice a lack of consistency and accuracy. Their rank may change, for example, or they will mention being stationed at a base that doesn’t align with their branch of the military.

Eventually, they will begin making requests for money. At the same time, the promises to you continue. Sure, they need money right now to cover a medical bill or catch up with a cash shortage. But, as soon as they retire or get settled in after their transfer, they will repay you and send for you to come visit them. This will go on until you refuse to send any more money. Then, your military lover will vaporize from your life.

You’re Offered Intimate Pictures in Exchange For Info

This is a simple scam that preys on the loneliness and excitement of the victim. Here, you will be contacted or friended by an exceptionally attractive person. In most cases, they will chat you up, and then share a couple of mildly erotic photos. Then, you’ll be told you can see much more. All you have to do is send some information

Then, you’ll be asked for personally identifying information like your name, email address, birth date, etc. You may even be asked to share a debit card number. Of course, you will be reassured that this is just for age verification. The person sending the photos may even point out that they are afraid that you will use the photos for blackmail.

Once they have your information, there is a very good chance that you won’t get those photos. Even if you do, it won’t be worth having your identity stolen or your information sold on the dark web.

  1. Do A Public Records Search: Conducting a public records search can be a valuable step in identifying a potential dating scammer. By searching for publicly available information about the person you’re communicating with, you can verify their claimed identity and background. This can include checking for criminal records, marriage/divorce records, or any history of fraudulent activities. If the person refuses to share basic information or their details don’t match what you find in public records, it could be a red flag.
  2. Perform a Background Check: Going beyond public records, performing a comprehensive background check can provide deeper insights into the individual’s history. Look for professional websites that offer background check services, and consider using them to verify their employment, education, and any potential aliases. Be wary if the person’s background seems inconsistent, contains unexplained gaps, or raises concerns about their credibility.
  3. Use Social Media: Social media platforms are powerful tools for uncovering information about someone. Search for the person’s profiles on various social media platforms to get a sense of their online presence and activity. Be cautious if their profiles seem suspiciously new, lack friends or connections, or display inconsistent information. Also, watch out for overly flattering or unrealistic photos that may indicate a fake online persona.
  4. A Simple Google Image Search: Conducting a Google Image search using the person’s profile picture can reveal if they have stolen images from the internet to create a false identity. If the same photo appears on multiple unrelated profiles or websites, it’s a clear sign of deception. Scammers often use attractive or stolen photos to lure unsuspecting victims, so this simple search can help you spot a potential catfish.

Common Sense and Knowledge is Power

It’s smart to be on alert when you are meeting people online, particularly with the goal of finding romance. That doesn’t mean you have to approach this with a sense of fear and dread. Instead, use this information to empower yourself. Now that you know some of the more popular red flags in online dating, you can put the brakes on before you become a victim.

Nevertheless, remember that online dating scams are unfortunately common, and scammers can be very convincing. Always approach online relationships with caution, and if something feels off or too good to be true, take the time to verify the person’s identity and intentions using these methods. Trust your instincts and prioritize your safety when navigating the world of online dating.

  1. How to Create a Dating App: A to Z Guide
  2. Iranian hackers leak trove of Israeli LGBTQ dating app data
  3. 5 dating apps caught leaking millions of user-sensitive data
  4. How to identify & protect yourself from online dating scams
  5. The Dangers of Online Dating: Watch Out for ‘Sweetheart Scammers’

[ad_2]
Source link

Top 7 REST API Security Strategies to Secure Your Endpoints

0
[ad_1]

In today’s REST API-driven landscape, most APIs are REST-based and widely utilized by web applications. These APIs are like versatile tools for sending and receiving information online. However, their widespread use exposes them to various security threats and challenges.

What strategies can be employed to protect the integrity and dependability of REST APIs, regardless of the client or the environment they operate in?

Table of Content

What is REST API?
7 Key Strategies to Strengthen REST API Security 
Limit HTTP Verb Operations
Use TLS (HTTPS)
Authenticate Every User 
Restrict Access to Resources
Use Rate Limiting 
Validate Input Parameters
Frequent API Security Testing

What is REST API?

REST, short for Representational State Transfer, is an architectural style defining constraints and principles for designing networked applications. REST APIs, in turn, are the practical embodiment of these principles regarding communication between clients and servers.

At the heart of REST lies simplicity. RESTful APIs utilize standard HTTP methods such as GET, POST, PUT, and DELETE to perform predefined sets of operations on resources. These resources can be data, services, or any information that can be represented digitally.

REST APIs are known for their flexibility in data format, accommodating JSON, XML, plaintext, and more. They enable developers to create dependable, user-friendly systems seamlessly interacting with various devices and platforms.

However, this flexibility and openness expose REST APIs to many security threats. As cyber threats evolve, it becomes increasingly crucial to implement robust API security strategies to protect these vital endpoints.

7 Key Strategies to Strengthen REST API Security 

1. Limit HTTP Verb Operations

REST APIs allow apps to execute different HTTP verb operations. Attackers can intercept and exploit your apps by using some HTTP verb operations. For instance – GET, PUT, DELETE, and POST, among others. It is a REST API security best practice to limit such insecure HTTP methods. 

Preventing the usage may not be possible in some cases. In such cases, you must develop and apply strict policies. Verb operations that are not on the allowed list should be rejected. You should assess these insecure verb operations with strict authorization policies. This way, only authorized users can delete, add, or modify resource collections. 

2. Use TLS (HTTPS)

REST APIs use HTTP requests to access and use data. Attackers may compromise keys, authentication parameters, and data in transit during client-server communications. You can prevent this by enabling secure HTTP or HTTPS connections.

Deploy the latest version of TLS/ SSL certificates to protect your data in transit. Also, purchase TLS from a trustworthy Certificate Authority (CA). 

3. Authenticate Every User 

You must validate every user to ensure you know who is calling your APIs. Attackers easily access your API resources and data when you don’t verify users. 

You can use any of the following to authenticate users:  

  • Username and password
  • API keys
  • JSON tokens 
  • Access tokens 

Make sure to implement strong password policies. Store passwords in a secure manner. Implement multifactor authentication to ensure robust REST API security. 

Consider using OAuth2 if you offer single sign-on (SSO). SSO enables users to verify themselves using third parties like Google, Microsoft, and Azure. Users don’t have to sign up from scratch. And you don’t have to maintain login/ logout or safe-keep passwords. 

OAuth2 is an authorization protocol that allows users to secure access to resources. It works using access tokens. Even though it doesn’t directly handle authentication, it helps the process. 

4. Restrict Access to Resources

This is one of the best ways to secure rest API endpoints. When users have just enough access to API resources, you can prevent various API attacks. 

Use pagination when APIs return large volumes of data. With pagination, you limit the data clients can access in a single request. Otherwise, attackers may cause crashes and downtimes, requesting all resources in a single request. 

Create Content Security Policies (CSP) to prevent unauthorized access. Define what content types are allowed in your REST API. The server should reject those requests outright if there are mismatches between the allowed and requested content types. Doing so can avert different lethal attacks, including XSS attacks. 

5. Use Rate Limiting 

Another important strategy is to use rate limiting. Without rate limiting, users can send voluminous requests within short time spans. These request floods make the API unresponsive. The API becomes unavailable to genuine users.

With rate limits, users cannot exceed the defined number of requests within a specific time frame. If they do, their access to the API will be temporarily blocked. Rate limiting helps prevent certain types of DDoS and DoS attacks, brute force attacks, etc.

6. Validate Input Parameters

REST APIs pass information from client to server using 

  • Path
  • Request body
  • Query 
  • Header parameters 

You must validate inputs from each parameter before reaching the application logic/ server. This is critical for REST API protection. Use strong input validation checks, rejecting all requests failing these tests. 

Consider these top three validation practices:

Implement Positive Security Models: This approach focuses on defining strict boundaries for API input using Swagger files (OpenAPI Specifications). It whitelists allowed input values or patterns, ensuring that only valid data is processed, effectively blocking non-conforming data.

In AppTrana WAAP, DevSecOps teams possess the ability to conduct vulnerability scans on APIs and request positive security policies for each individual API endpoint.

Validate Data Attributes: Ensure input data matches expected criteria by validating data type, format, range, and length. This safeguards against common security issues like injection attacks and maintains data integrity.

Use Validation Libraries: Leverage validation libraries and frameworks available in modern programming languages (e.g., Django validators for Python, Express-validator for Node.js). These simplify input validation, covering various scenarios and supporting custom validation rules.

7. Frequent API Security Testing

Consistently perform security evaluations for your APIs, involving activities such as penetration testing, vulnerability scanning, and code reviews, to detect and rectify potential security concerns.

By utilizing the Indusface Infinite API scanner, you can access unlimited scans, encompassing both manual penetration and revalidation tests, all under a single license.           


[ad_2]
Source link

There’s a Petition for Google to give Pixel 7 series 7 OS Updates

0
[ad_1]

Yesterday, at its Made by Google event, the company announced the new Pixel 8 and Pixel 8 Pro. And one of the more mind blowing announcements from the show was the fact that the new models are getting seven years of OS, Security and Feature Drop updates. That’s nearly double what the nearest competitor offers. And it means that your Pixel 8 which launched with Android 14, will get Android 21.

But, that is only for the Pixel 8 series. Understandably, that has left a lot of Pixel 7 and Pixel 7 Pro owners in a tough spot. Where there barely a year old phones will still only get three years of OS updates and five years of security updates. That is quite far behind the competition, since Samsung does four years of OS updates and five years of security updates, as well as a few other Android OEMs.

The move from three years to seven years is a big one for Google, and it likely has to do with the new Tensor G3 chipset in the Pixel 8 series. But if you do own a Pixel 7 or Pixel 7 Pro, it’s worth it to sign the petition. Get Google’s attention and tell them you want more support for your devices.

Why does this matter?

Why does seven years of updates matter? Well, it means you can keep your phone longer. It means that you won’t be ditching your phone after a year or two and causing e-waste. It also means that your phone won’t be outdated in just a couple of years. All good reasons for Google to add the seven year promise to the Pixel 7 and Pixel 7 Pro too.

However, the important thing to remember here is that, the update timeline usually has to do with the processor. SoC’s are only supported for so long. And that’s up to Qualcomm, Samsung, MediaTek and others to support them longer. Yes, the Tensor G2 and now G3 are Google processor, but they are really just a rebranded Exynos chipset at heart. There’s a lot of technical reasons why the Pixel 7 series might or might not get moved to the seven years of updates. But we are hoping for the former.


[ad_2]
Source link