News – Page 495

Captcha-bros.com pop-up (fake) – Free Instructions

Posted on 9 August 2021

From 2-spyware.com

Push notifications are a great way for advertisers to reach potential customers quickly and effectively. But sometimes, this feature can be abused by fraudsters for their gain. Captcha-bros.com shows ads that are deceptive and untrustworthy. It is dangerous to click on these ads because they can link to websites designed to get people’s private information or get them to download malicious programs and potentially unwanted applications.

Furthermore, these advertisements delivered by a push notification browser feature are intrusive and annoying, to say the least. They can appear even when the browser is closed, which can cause great pain when trying to use the device. Clicking the “x” button to close the pop-up window will not eliminate the problem. You have to go into your browser settings and completely remove the website that is causing these symptoms. For a more detailed explanation on how to do this, scroll down.

Most organizations are at an elevated risk of attack

Posted on 9 August 2021

From helpnetsecurity.com

The risk of cyberattacks has increased in the last year. According to a Trend Micro survey, 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months.

Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain

Posted on 9 August 2021

From wiz.io

Today at Black Hat, Wiz CTO Ami Luttwak and I are presenting on a new class of vulnerabilities we discovered that exposes valuable dynamic DNS data from millions of endpoints worldwide. DNS (Domain Name Service) is one of the foundations of the Internet, an immensely complex and decentralized system that, at its core, translates readable domain names (like nytimes.com) to numerical IP addresses.

There’s a proud tradition of DNS research at Black Hat, most famously in 2008 when the late great Dan Kaminsky prevented Internet Armageddon by exposing some of its fundamental flaws. Generally speaking, DNS has become a lot safer since then. Still, DNS vulnerabilities are usually critical because they put billions of devices around the world at risk.

Risks of automatically remediating cloud access

Posted on 8 August 2021

From venturebeat.com

Whenever there is a report of a compromised cloud server or exposed data, it’s highly likely the incident is a result of mistakes made while provisioning or configuring that cloud system. If IT teams don’t consider the context that allowed those actions to occur in the first place, their remediation efforts will not be as effective.

Misconfigured or over-provisioned cloud access is “inevitable,” wrote Lori Robinson, the vice president of SailPoint, a cloud-based identity security provider. Even with the “most carefully crafted governance framework” in place, the sprawling nature of the cloud environment and the variety of changes constantly taking place means specific procedures are bypassed at times. Immediately revoking access once the problem has been uncovered is a “knee-jerk reaction,” according to Robinson. IT teams should first figure out what the impact would be on existing applications and processes in order to determine the appropriate course of action.

Go-Shellcode – A Repository Of Windows Shellcode Runners And Supporting Utilities

Posted on 8 August 2021

From kitploit.com

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.

Apple fixes AWDL bug that could be used to escape air-gapped networks

Posted on 8 August 2021

From malware.news

Apple fixes AWDL bug that could be used to escape air-gapped networks

Apple has fixed a vulnerability in its Apple Wireless Direct Link (AWDL) technology that could have been abused by threat actors to escape and steal data from air-gapped networks.

Silently patched earlier this spring, in April — with the release of iOS 14.5, iPadOS 14.5, watchOS 7.4, and Big Sur 11.3 — the vulnerability was publicly disclosed for the first time earlier this week in a blog post by Mikko Kenttälä, a Finish security researcher and the founder and CEO of SensorFu.

How a fake network pushes pro-China propaganda

Posted on 8 August 2021

From bbc.co.uk

Graphic of anonymous people at computers with a Chinese character on all their screens

A sprawling network of more than 350 fake social media profiles is pushing pro-China narratives and attempting to discredit those seen as opponents of China’s government, according to a new study.

The aim is to delegitimise the West and boost China’s influence and image overseas, the report by the Centre for Information Resilience (CIR) suggests.

The study, shared with the BBC, found that the network of fake profiles circulated garish cartoons depicting, among others, exiled Chinese tycoon Guo Wengui, an outspoken critic of China.