Blog - bitdefendercentralhub

Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog

Oleh bambang raharjoDiposting pada September 20, 2023

Authored by Neil Tyagi

On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. It is related to an RCE vulnerability in WinRAR before version 6.23. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the harmless file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file.

Our intelligence shows that this vulnerability is being exploited as early as April 2023. Let’s look at a sample exploiting this vulnerability (Hash: bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa)

The image below shows that the archive is named trading_system, which hints that it is used to target traders

We can also see that the threat actor can craft the archive so that folder and file names are the same.
This is interesting as Windows doesn’t allow files and folders to have the same name in the same path.
This shows that it was weaponized after creating a regular zip by changing the bytes to make the file and folder name the same.
Also, note there is a trailing space at the end of the file and folder name (in yellow).
When we look inside the folder, we see many files, but the most important file is highlighted, which is a bat file containing a malicious script.
The bat file also has the same name as the benign file outside the folder.

When we check the script, we see it launches cmd in the minimized state, then goes to the temp folder where WinRAR will extract the files, then tries to find the weakicons.com file, which is present inside the folder and executes it using wmic and then exits.
Checking weakicons.com we find that it is a CAB SFX file.
We extract it to check what is inside.
We found a PE file, some ActiveX control objects, and two text files.
AMD.exe is a visual basic compiled file whose main job is to extract the dll hidden in a blob of data inside pc.txt and execute the ActiveX controls.
Inside add.txt, we find the registry keys it will try to manipulate
The first control is responsible for registering a COM object in Windows. During registration, registry keys are imported from the “add.txt” file. As a result, a specific COM object with a unique CLSID is registered in the infected system. The default value of the InprocServer32 key is populated with the path to a malicious DLL named “Core.ocx”.

Wmic process executes weakicons.com

AMD.exe extracts the encrypted dll file inside pc.txt and writes it in the romaing\nvidia folder.

Here, we observe AMD.exe calls reg.exe on registry keys inside add.txt
Timeout is also called to slow down the activities of the infection chain.
AMD.exe Calls rundll32 on the clsid that is registered in the registry

We can see successful tcp connection to threat actors C2.( ip 37[.]120[.]158[.]229)

Global Heatmap where this vulnerability is being seen in the wild(based on McAfee telemetry data)

Infection chain

How does the vulnerability work?

Here, we will analyze the issue causing WinRAR to execute the script instead of opening the image.
We will compare how WinRAR behaves when we execute an image file from a weaponized zip vs. a normal zip. So we fire up ProcMon First.

Normal.zip

Weaponized.zip

The above image shows that the first logical bug is how WinRAR is extracting files in the temp folder before executing them. In the case of a regular zip, only the clean image file is extracted to the temp folder, whereas in the case of a weaponized zip, even the files present inside the folder are extracted to the temp folder along with the clean image file. This is due to the same file names we have given, which makes WinRAR extract those in temp.
Verifying the same in the temp folder

Normal Zip

Weaponized Zip

In Logs, when we dig deep, we can see Winrar searches for our filename with an *, which causes it to iterate over our bat file as it has the same name, which in turn gets executed.

To see what’s happening under the hood, we hook a debugger and launch WinRAR by manipulating the “image file Execution options” registry key.
When we execute the rar file, we see the debugger getting attached to the winrar process so that we can do just-in-time debugging.
We put a breakpoint on the ShellExecuteExW function to see what parameters are passed to it just after clicking the jpeg file.
When we double-click on the image file, we can see the debugger is opened, and after a few clicks, we hit our breakpoint.

Normal zip

In this case, the correct parameter is passed to the ShellExecuteExW function as the file exists at this exact path.

Weaponized zip

In this case, an incorrect parameter is passed to the ShellExecuteExW function as the parameter contains a trailing space, and such a file does not exist on the disk.
When we dig deep, we find that later, it calls PathUnquoteSpacesA API call, as per MSDN. It “Removes quotes from the beginning and end of a path.”
As quotes are removed from the end of the path, ShellExecuteExW executes “simple_image.jpg .cmd” instead of “simple_image.jpg.”

IOC’s

Sha256

Detection

bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa

Trojan:Archive/2023_38831.NEAA

.( ip 37[.]120[.]158[.]229)
REG keys

%APPDATA%\Nvidia\Core.ocx

Recommendations

WinRAR users should immediately update to the latest version. WinRAR archiver, a powerful tool to process RAR and ZIP files (rarlab.com)
Use a licensed and updated McAfee+ subscription to stay protected.
Stay informed about common cyber threats and tactics used by cybercriminals. This knowledge can help you recognize potential risks and avoid scams.
Be very cautious when dealing with attachments from unknown sources. Only run attachments that come from trusted sources.
Protect your accounts by using multi-factor authentication.

Introducing McAfee+

Identity theft protection and privacy for your digital life

#Exploring #Winrar #Vulnerability #CVE202338831 #McAfee #Blog

HR phishing: self-evaluation questionnaire | Kaspersky official blog

Oleh bambang raharjoDiposting pada September 19, 2023

In large companies, as a rule the average employee isn’t often asked for an opinion on their career aspirations, areas of interest, or accomplishments outside their job description. It tends to happen once a year — for the performance review. However, many would like to share their thoughts with management much more often. So, when an invitation to take a self-evaluation lands in the inbox, they jump at the chance without hesitation. And this is what cybercriminals exploit in the latest spear-phishing campaign.

Phishing email with invitation

Seemingly from HR, an email arrives containing an elaborate description of the employee self-evaluation procedure, which “promotes candid dialogue between staff members and their managers/supervisors”. It goes on to say that “you can learn a lot about your strengths and shortcomings … to reflect on your successes, areas for development, and career objectives”. All in all, quite a convincing piece of corporate spiel.

Email to employees inviting them to undergo a self-evaluation

Convincing it may be, but all the same the email does contain a few identifiable red flags regarding phishing. For starters, take a look at the domain name in the sender’s address. That’s right, it doesn’t match the name of the company. Of course, it’s possible that your HR department might be using a contractor unknown to you — but why would “Family Eldercare” be providing such services? Even if you don’t know that this is a non-profit organization that helps families care for elderly relatives, the name should ring an alarm bell.

What’s more, the email says that the survey is “COMPULSORY for EVERYONE”, and must be completed “by End Of Day”. Even if we leave aside the crude and faulty capitalization, the focus on urgency is always a reason to stop and think — and check with the real HR department whether they sent it.

Fake self-evaluation form

Those who miss the flags and click through to the form are faced with a set of questions that may actually have something to do with assessing their performance. But the crux of the phishing operation lies in the last three of those questions — which ask the victim to provide their email address, and enter their password for authentication and then re-enter it for confirmation.

Last three questions of the fake questionnaire

This is actually a smart move on the phishers’ part. Typically, phishing of this type leads straight from the email to a form for entering corporate credentials on a third-party site, which puts many on their guard straight away. Here, however, the request for a password and email address (which commonly doubles up as a username) is disguised as part of the form — and at the very end. By this stage the victim’s vigilance is well and truly lulled.

Also note how the word “password” is written: two letters are replaced with asterisks. This is to bypass automatic filters set to search for “password” as a keyword.

How to stay safe

To stop company employees falling for phishing, keep them informed of all the latest tricks (for example, by forwarding our posts about phishing ploys). If you prefer a more systematic approach, carry out regular trainings and checks, for example with our Kaspersky Automated Security Awareness Platform.

Ideally, employees should never even see most phishing thanks to technical means: install security solutions with anti-phishing technology both at the corporate mail gateway level and on all work devices used for internet access.

#phishing #selfevaluation #questionnaire #Kaspersky #official #blog

AI dina Leungeun Cybercriminals: Kumaha Ngenalkeun Seni Palsu sareng Deepfakes

How Typosquatting Scams Work | McAfee Blog

Oleh bambang raharjoDiposting pada September 8, 2023

Your teacher was right. Spelling counts, particularly to scammers.

Enter the world of typosquatting scams. Also known as URL hijacking, typosquatting scams target internet users who incorrectly type a website address into their web browser.

Scammers have long used typosquatting techniques to capture traffic from those butterfingers moments we all have when typing on our keyboards. And the butterthumbs moments on our phones.

For example, say you type “websiteaddresss dot-com” instead of “websiteaddress dot-com.” More than just a mistake, a mistyped address might land you on a malicious site designed to steal personal information, make money, or spread malware.

The scam sites you might land on vary. Some serve up a screenload of spammy ads. Others host malicious download links, and yet more lead to stores full of cheap, knockoff goods. In other cases, scammers take it up a notch. We’ve seen typosquatting sites evolve into clever copycats of legitimate sites. Some look like real banking and e-commerce sites that they steal traffic from, complete with stolen logos and familiar login screens. With this, scammers hope to trick you into entering your passwords and other sensitive information.

Companies are well aware of this practice. Many purchase URLs with those common misspellings and redirect them to their proper sites. Further, many brands put up anti-fraud pages on their sites that list the legitimate addresses they use to contact customers. Here at McAfee, we have an anti-fraud center of our own.

The fact remains, people make mistakes. And that can lead to risky scam sites. However, you can still avoid typosquatting attacks quite easily.

The big business of typosquatting

For starters, it helps to know that typosquatting is often big business. In many cases, larger cybercrime organizations set up entire flights of malicious sites that can number into the dozens to the hundreds.

Let’s check out a few examples and see just how sophisticated typosquatting scams can be:

“dot.cm” scams

In 2018, researchers found a host of addresses that were registered in the names of well-known sites, but ending in “.cm”, instead of “.com”. These copycat addresses included financial websites, such as “Chase dot-cm” and “Citicards dot-cm,” as well as social and streaming sites.

Scammers used the .cm sites to advertise promotions and surveys used to collect users’ personal information. What’s more, more than 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

“dot.om” scams

Similarly, 2016 saw the advent of malicious dot-om sites, that mimicked big names like “linkedin dot-om” and “walgreens dot-om.” Even the interesting typo found in “youtubec dot-om” cropped up. Of note, single entities registered these sites in batches. Researchers found that individuals or companies registered anywhere from 18 to 96 of them. Again, signs of serious business.

Big brand and voice assistant typosquatting scams

Recently, security researchers further found an increase in the number of typosquatting sites. An increase of 10% from 2021 to 2022. These sites mimic popular app stores, Microsoft addresses, services like TikTok, Snapchat, PayPal, and on and on.

Further, scammers have gotten wise to the increased use of personal assistants to look up web addresses on phones and in homes. Typosquatting now includes soundalike names in addition to lookalike names. With that, they can capitalize when an assistant doesn’t quite hear a command properly.

How to protect yourself from typosquatting

No doubt, slip-ups happen when browsing. Yet you can minimize how often with a few steps—and give yourself an extra line of defense if a mistake still slips through.

Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar. This indicates that the site uses encryption to secure the data that you share.
Be suspicious of websites with low-quality graphics or misspellings. These are telltale signs of fake websites.
Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
Don’t click on links in emails, text messages, and popup messages unless you know and trust the sender.
Consider using a safe browsing tool such as McAfee Web Protection, which can help you avoid dangerous links, bad downloads, malicious websites, and more.
Always use comprehensive online protection software like ours on your computers and devices to protect you from malware and other online threats.

Introducing McAfee+

Identity theft protection and privacy for your digital life

#Typosquatting #Scams #Work #McAfee #Blog

Are QR codes dangerous? | Kaspersky official blog

Oleh bambang raharjoDiposting pada Agustus 29, 2023

QR codes are all around us. They offer a quick way to take part in surveys, download useful stuff, and visit websites of interest. After all, pointing your phone at a picture is far easier than typing in an annoyingly long URL.

But their very convenience hides a significant drawback. With regular links, it’s possible to spot a trap with the naked eye. The red flags are well-known: typos or extra characters in the site address, a disguised redirect, strange domain zones, and so on. But as for QR codes, where that jumble of black squares might take you is anyone’s guess.

With a compelling example, in this post we explain how those harmless-looking squares can pose a threat, and how not to fall victim to scammers. The example in question is the story of a woman who lost US$20,000 by scanning a QR code when buying bubble tea.

20,000-dollar bubble tea

Many have encountered coffee-shop promos when visitors are invited to take a short survey in exchange for a free drink or a discount on a purchase. This often requires you to scan a QR code at the counter — a familiar, almost routine action. What could possibly go wrong?

That’s what a 60-year-old Singaporean must have thought, too. To get a free cup of bubble tea, she scanned the QR code sticker on the glass of the coffee shop door. As it turned out later, the sticker had been pasted on by cybercriminals. The scam code contained a link to download a third-party Android app in order, she believed, to take a survey. However, the app was malicious.

Once installed, the program requested access to the camera and microphone, and to enable Android Accessibility services. This built-in Android service allows criminals to view and control the victim’s screen, as well as to disable facial and fingerprint recognition — this way attackers can force the victim to type their banking app password manually, if needed. The scammers had only to wait for her to log in, intercept the credentials, and later use them to transfer all the money to their own accounts.

How not to fall victim

Since it’s impractical (and not really necessary) to avoid scanning QR codes altogether, we recommend the following:

Check the addresses of sites that are linked inside QR codes carefully, and look for typical red flags.
Make sure that the expected and actual content match up. For example, if the code was supposed to lead to a survey, logically there should be some kind of form with answer options. If not, close the site immediately. But even if the page arouses no suspicion, you should still be careful — it may be a high-quality fake (see the first point, and read our post about how to spot a bogus site).
Don’t download apps via QR codes. As a rule, bona fide apps can always be found on Google Play, the App Store, or any other official platform. Apps from third-party sources shouldn’t be installed in any case.
Protect your devices with a reliable security solution. A built-in QR scanner lets you check the link buried in the maze of squares. Also, our solution blocks attempts to visit malicious sites and protects you from the profusion of other threats out there in cyberspace.

#codes #dangerous #Kaspersky #official #blog

Are browser-stored passwords secure? | Kaspersky official blog

Oleh bambang raharjoDiposting pada Agustus 15, 2023

Browser-stored passwords save you from having to re-enter them each time, which is a real time-saver. But how safe is it? This post explores three reasons you shouldn’t store passwords in your browser, and why you should use a much more secure storage method: a password manager.

1. Password stealers

The core problem with storing passwords in browsers is that they sacrifice security for usability. This holds true for at least the three most popular browsers: Google Chrome, Mozilla Firefox, and Microsoft Edge, all of which store user passwords in a highly insecure way.

The reason is that all browsers store passwords in a very predictable place, in a folder whose path is no secret to anyone. And although the passwords themselves are encrypted, the encryption key is stored close by and readily accessible. Armed with this key, an attacker can decrypt and steal passwords. A farcical situation: the door appears to be securely locked, but the key is under the doormat, and the whole world knows it.

In fact, browsers use this state of affairs to compete with each other: to make it easier for users to switch, they often offer to import all saved data from the old browser, including stored passwords.

Any guesses who else is using this feature? That’s right. There is an entire class of malware (appropriately called password stealers) dedicated to credential theft. This malware sifts through folders known to contain browser-stored passwords, finds the key under the doormat, then decrypts the passwords and uploads the loot to the cybercriminals’ server. Later, these passwords are usually databased and sold in bulk on the dark web to other crooks who use them to hijack accounts (narrow specialization has long been the norm in the cybercriminal world).

To understand how easy it is to steal passwords stored in a browser, we recommend watching a demo video that clearly shows how to quickly extract passwords from Chrome, Firefox, and Edge using nothing more than a Python script.

Extracting passwords from Google Chrome, Mozilla Firefox, and Microsoft Edge

Demonstration of how to extract passwords stored in Google Chrome, Mozilla Firefox, and Microsoft Edge. (Source)

2. Physical access to the computer

It’s not just specially trained malware that can get up to this sort of mischief, but anyone with physical access to your computer. And no sophisticated hacking skills are required – scripts for exfiltrating browser-stored passwords are readily available online. All that is required is to run them.

Even an overly curious relative or work colleague could do this if you leave your computer unlocked. Or a hacker visiting your office on a scouting mission. Basically, anyone. The important point is that all your passwords stored in the browser will end up in potentially hostile hands.

And even if the intruder doesn’t have the right script to extract passwords from the browser-saved file, they can scour the settings for the list of sites for which passwords are stored, and then log in to one of them to read your correspondence, for example, or find out other secrets about you.

The world’s most popular browser (Google Chrome, in case you didn’t know) doesn’t even have a basic mechanism to prevent such actions. And while the Firefox developers were good enough to let users protect saved passwords with a primary password, they left this option disabled by default. The primary password must be explicitly enabled and configured, and it is unlikely that many Firefox users even know about it.

3. Browser account hijacking

The following problem is common to all browsers that allow users, for their convenience, to create an account to synchronize browsers on different devices. This means that bookmarks, browser sessions, extensions, settings, as well as saved passwords are all synchronized and stored in the cloud. And if a hacker gets inside your browser account, all they have to do is log in on another computer using the same account. Then all your accounts whose passwords are stored in the browser – from social networks to online banks – are there for the taking.

Why a password manager beats a browser

Like browsers, Kaspersky Password Manager remembers your credentials and lets you auto-populate them when logging in to websites. But unlike browser developers, we don’t compromise on security. In our password manager, the primary password is used by default and cannot be disabled – all your saved passwords are protected at all times. So even if someone gains physical access to your computer, they will not be able to simply log in to sites using the credentials stored in the manager. To do that, they would need the primary password, which no one but you knows (unless you stuck it to your screen on a sticky note).

Another advantage of Kaspersky Password Manager is, of course, that all passwords are stored only in encrypted form. And, crucially, we don’t keep the decryption key “under a doormat”. The encryption key is generated on the fly using the AES-256 algorithm on the basis of the primary password, which allows us not to store it at all. Anywhere. Ever. So even if a stealer manages to get onto your computer, it won’t be able to steal anything – all your passwords are securely encrypted. Incidentally, if you use Kaspersky Password Manager as part of Kaspersky Premium, we won’t even let the malware in.

One last thing. Naturally, we use the cloud to synchronize passwords between devices – all your passwords are linked to your My Kaspersky account. But even if an intruder were to somehow gain access to this account, your passwords stored in Kaspersky Password Manager would still be perfectly safe. That’s because in the cloud they are stored exclusively in encrypted form, and the decryption key is generated on the basis of the primary password, which only you know and without which attackers are toothless.

We’ve also recently updated Kaspersky Password Manager to support the Opera and Opera GX browsers, which continue to win over new users. That means we now support all the most popular browsers: Chrome (and Chromium-based browsers), Safari, Firefox, Edge, and Opera.

#browserstored #passwords #secure #Kaspersky #official #blog

Scam websites offering jobs | Kaspersky official blog

Oleh bambang raharjoDiposting pada Agustus 7, 2023

There are lots of websites with tempting offers of quick and easy money working from home. But in reality, they’re likely to be from scammers looking to get gullible users to work for them for free and advertise their “business.” This post demonstrates the operation principle of several such schemes and gives tips on how to avoid falling victim to them.

Many scams in one

Who wouldn’t want to earn money for doing regular online stuff: taking surveys, watching videos, playing games and other simple tasks? That’s how scammers lure victims to one of the sites.

Home page of a scam website offering part-time work doing regular online activities

The home page of the “platform” is overflowing with offers of easy-earning jobs. Scammers promise new recruits a whopping US$200 a day. Plus a US$25 signing-up bonus!

Of course, there are numerous reviews from grateful “users” who have already become rich. But if you bother to read them, you’ll spot a lot of grammatical mistakes.

Reviews from “users” who supposedly struck gold

To earn money on the “platform”, you are asked to complete various tasks, such as testing apps, playing games, sharing a link to the site with friends, and the like.

Tasks you get paid for

In fact, all these “tasks” are just links to other scam resources. By visiting them, users create traffic to cybercriminals’ sites. This improves their position in search results. And also, cybercriminals may have their own footfall KPIs (key performance indicators).

When the victim tries to get their “money” (the home page promises that this can be done through popular services like Cash App, Venmo, PayPal and others), they discover that they must first earn at least US$200.

Message saying you need to earn US$200 to withdraw funds

Sure, you won’t see any payout even if you do “earn” 200 bucks.

Nor can it be ruled out that the scammers’ domain won’t simply be blocked before user even try — such sites have very short lifespan. After getting blocked, the scammers will get another domain and launch the whole scheme again with new victims.

The scam itself is quite international. Besides English, the cybercriminals’ website is available in nine other languages. Although these versions look less professional.

Share it with the whole world

Now let’s talk about a similar site with a more primitive design, but with a different mechanism for making money from naive users.

The victims are offered two ways to earn. The first is to share the link and invite “referrals” to the website: you get US$1 for every 100 people. What’s more, the site supposedly lets you withdraw funds after accumulating just US$20. To earn this amount through inviting referrals, you need to attract 1500 users to the site (you get US$5 for signing-up).

Home page of a site that pays you to share its link

Sounds hard, but things aren’t all that bad, you have a chance to earn US$50 right away. But for this you’ll have to play the scammers’ game — by endlessly refreshing the page so that the two images match. They won’t of course.

Scammers’ game

When the victim goes to the site, they are immediately asked for permission to display browser notifications. Through these, the cybercriminals distribute ads for various other scams or relatively legit adult sites. That’s the main objective: to lure as many victims as possible who will give this permission.

And the image-matching game helps the scammers boost traffic to their own site and improve its search visibility.

How to avoid falling victim?

To avoid falling for online job scams:

Don’t believe promises of easy money.
Don’t enter payment information on dubious websites.
Read our post on how to spot scammers.
Use a robust security solution that will warn you before visiting suspicious sites and keep your money and data out of cybercriminals’ hands.

#Scam #websites #offering #jobs #Kaspersky #official #blog

Airbnb security tips | Kaspersky official blog

Oleh bambang raharjoDiposting pada Agustus 4, 2023

Airbnb is a very handy service that makes life easier for millions of travelers worldwide. But popular doesn’t mean problem-free. On the contrary, its universality makes it more of a target for scammers looking to maximize the number of their potential victims. This post walks you through the main dangers you might face when renting on Airbnb, and gives tips on how to stay safe.

Airbnb account security: protect your phone number

The first thing to remember is that your Airbnb account is tied to your phone number. During sign-up, Airbnb also asks for an email, but that’s a secondary detail. The problem here is that a phone number, unlike an email address, is quite easy to mislay — without the possibility of recovery. Most often, this happens if you linked your account to a burner SIM card or eSIM that you bought in the host country to save money. Alternatively, after your trip you might put the travel SIM in a desk drawer and forget to top it up, or change your phone number and forget to untie your account from the old one.

Some time after the prepaid period expires, the inactive phone number will be recycled and sold to a new user. And if they try to sign up to Airbnb using that number, the service will simply let them into your account by sending a one-time code in a text message.

Many other services and messengers that tie accounts to phone numbers offer additional protection against such things happening in the form of a good old password. Unfortunately, Airbnb does not provide this option. Which means you have to take care of security yourself:

Keep a close eye on the “expiry date” of phone numbers linked to any accounts, including Airbnb, and top up in good time.
If you change number, make a complete list of the accounts you tied it to, then carefully go through it, relinking them all to the new number.
Avoid abandoning accounts: if you’re not planning to use one for a long time, best delete it.
And remember to unlink your payment method from Airbnb when the reservation period is over (not possible if your booking is still active).
If paying by card, try to use a virtual rather than a physical one. And use a credit not a debit card if your country’s laws give more protections for credit card transactions.

Airbnb fakes: free cheese that will cost you dear

Another danger to Airbnb users due to the site’s immense popularity is online scams. Not long ago, we posted a fresh roundup of online threats that travelers could face this holiday season. Naturally, it covered scam Airbnb clones.

A tempting short-term rental on a fake Airbnb site

Scammers have gotten pretty adept at copying the real Airbnb website. Scam clones are often very convincing, so if you don’t look very closely at the URL, you might not realize you’re on a fraudulent site. It’s this URL that most often gives them away. Therefore:

Scam ads on the real Airbnb: anyone can be affected

Also bear in mind that Airbnb is largely based on trust and common decency. So, inevitably, there are those who try to exploit this. Even if we assume that Airbnb takes care to sift out unwanted listings, it’s still physically impossible to go through all the millions of accommodation options with a fine-tooth comb. Which means you might occasionally bump into scammers on the platform.

This happened to me a little over six months ago. I’d already used Airbnb dozens of times and everything had been hunky-dory, until one day an ad turned out to be fake. I arrived at the apartment block where I was meant to be staying, and phoned the owner. The guy who answered the phone explained, in broken English, that he didn’t know anything about my booking, the apartment was in disrepair, and there was no way I could enter the property and stay there.

Then we had a game of message tennis, the aim of which, it seemed, was to get me to go to a hotel at my own additional expense. To be honest, I no longer had the patience or energy to see it through to the end and find out how exactly they wanted to scam me. By this point I’d already contacted Airbnb support to cancel the booking due to the fault of the host, and was looking for an alternative: Airbnb agreed to return the money paid for the non-rental, but did not offer free replacement accommodation.

Incidentally, I should say that the photos of the apartment block were genuine and matched the view you’d expect from the window. And the price was quite realistic — not too good to be true: just a regular Airbnb offer. Yet despite the lack of obvious red flags, it still turned out to be fraudulent. Here are some tips I can give based on my experience:

Make sure to read reviews about the host or owner before booking. If there are none or very few, think carefully about whether you want to run the risk of banging on a locked door.
Contact the host or owner as early as possible to discuss the check-in details. If something doesn’t feel right, try to arrange a fallback, or contact support immediately and tell them about your suspicions.
If you do encounter scammers, call Airbnb support asap. Get ready for a lengthy process: Airbnb will first contact the “host”, then phone you back, all of which can take a long time.
Most likely you won’t be offered alternative accommodation, so I advise taking care of this yourself without waiting for a resolution to the problem.

Hidden cameras: more common than you think

Another nuisance you may encounter as an Airbnb user is covert video surveillance. Today, miniature cameras can be bought for just a few dollars, and you don’t need to be a spy or hacker to install them.

As a consequence, secret video surveillance in rented accommodation is far more common than you might think. Such stories even get into the press once in a while — so one can only guess how many remain off the radar of journalists.

For example, a survey of North American Airbnb users several years ago revealed that 11% had found hidden cameras in apartments they had rented. And that’s only those who found cameras: just imagine how many didn’t notice they were being filmed?

There are several ways to spot a spy camera. Not one of them is 100% reliable, and all are time-consuming, but you could try them in situations where privacy is paramount.
Airbnb’s rules for hosts explicitly prohibit the use of covert video surveillance. So if you find a camera, be sure to report it to Airbnb support — some guests who did so were able to get a refund or change accommodation.

#Airbnb #security #tips #Kaspersky #official #blog

Maling identitas dina 1915 | Blog resmi Kaspersky

Oleh bambang raharjoDiposting pada Juli 17, 2023

Panaliti Cyberthreat nembé nyéépkeun alarem ngeunaan paningkatan bahaya deepfakes. Khususna, aranjeunna mamatahan henteu percanten kana ceuli anjeun: dina jaman digital intelijen buatan, sora dina tungtung jalur sanés sanés milik anu anjeun pikir éta. Ku jalan kitu, nebak naon anu sieun jalma leuwih ti saratus taun ka tukang? Dina éta umur mékanis pamanggihan ilmiah, aranjeunna waspada, enya – percanten Ceuli maranéhanana. Barina ogé, sora di tungtung séjén-éta bener jalma maranéhanana mikir? Teu percaya? Teras tingali dina kasus maling identitas nganggo téknologi canggih jaman ayeuna pikeun maok artos tina rekening bank anu digambarkeun dina film anu ditémbak taun 1915! Wilujeng sumping di dunya séri pilem jempé Perancis Les Vampires.

Vampir Palajaran

Spoiler gancang: saha waé anu milarian monster nyusu getih gaib bakal kuciwa. Tokoh utama, wartawan Philippe Guérande, nyanghareupan geng kriminal anu wani anu nyebut dirina Vampir. Sanajan umur terhormat na, pilem ieu boga loba tawaran lamun datang ka kaamanan informasi. Ngan nyandak adegan kahiji, nu illustrates naha aksés luar kana dokumén gawé téh no-go.

Vampires sorangan digambar ngagunakeun naon dipaké pikeun jadi métode high-tech. Kalolobaan episode tilu (The Red Codebook) dikintunkeun ka cryptanalysis: Guérande milarian pola dina rékaman énkripsi penjahat. Jeung episode 7 (Iblis) diwangun sabudeureun usaha nyalin identitas batur. Tapi kumaha batur ngalakukeun maling identitas kalayan ngan hiji gun dina 20s mimiti maranéhanana^th– Téknologi abad?

Maling identitas dina 1915

Pondokna, skéma kriminal nyaéta kieu. Vampir éta diajar yén hartawan AS George Baldwin nuju ka Paris, dimana aranjeunna mutuskeun pikeun ngabebaskeun anjeunna tina artos. Jang ngalampahkeun kitu, aranjeunna nyetél serangan cascading. Kahiji, aranjeunna ngatur pikeun millionaire diwawancara ku salah sahiji sorangan, Lily Kembang, posing salaku wartawan. Awéwé Modern majalah. Anjeunna ngawartoskeun Baldwin yén majalah na diterbitkeun kutipan selebritis unggal bulan, sarta ménta anjeunna nulis sababaraha kecap dina notebook a, lajeng tanggal jeung asup aranjeunna.

Salajengna, hiji saleswoman ngaku ti Universal Phonograph Company ngadatangan millionaire jeung marvel téhnologis anyar: phonograph sabenerna – alat munggaran pikeun ngarekam jeung baranahan sora. Anjeunna ngajelaskeun ka Baldwin yén éta mangrupikeun kabijakan perusahaanna pikeun ngarékam sora jalma-jalma anu kasohor di Paris. Ditipu, anjeunna didikte hiji-hijina frasa anu anjeunna tiasa nyarios dina basa Perancis: “Awéwé Paris anu paling menawan anu kuring kantos ningali,” nambahan “Muhun!” dina basa Inggris tungtungna.

Sifat pinuh tina tipu daya ieu lajeng wangsit ka pemirsa. Tujuan tina tahap kahiji nyaéta, tangtosna, pikeun maok tanda tangan taipan. Handapeun lambaran dimana Baldwin ditinggalkeun tanda tangan na aya sababaraha jenis kertas karbon, bearing tanda tangan jeung tanggal. Di luhureun ieu, crooks nulis pesen palsu obliging New American Bank mayar Lily (wartawan) AS $ 100.000 (jumlah tinggi kiwari; bayangkeun yén abad ka tukang!).

Salajengna, aranjeunna nyulik operator telepon hotél Baldwin, sarta ngirimkeun antek sejen pikeun ngaganti anjeunna kalawan catetan: “Kuring gering, kirimkeun misan kuring salaku diganti a.” manajemén hotél swallowed trik primitif ieu sarta nempatkeun hiji muhrim lengkep jawab telepon.

Samentara éta, Lily indit ka bank jeung pesenan pembayaran palsu. Kasir mutuskeun pikeun pariksa legitimasi urus jeung nelepon hotél dimana Baldwin ieu tetep. Di dinya, operator telepon gaya sorangan muterkeun hiji kaset tina jutawan ngucapkeun catchphrase na, nu convinces kasir mayar.

Kumaha meujeuhna skéma ieu?

Kalolobaan éta omong kosong, tangtu. Kumaha kasir Parisian di bank AS di 1915 terang tanda tangan, sumawona sora, sababaraha jutawan Amérika? Henteu nyebatkeun kanyataan yén jalur telepon harita sigana bakal ngaganggu sora anu teu dikenal. Kitu cenah, skéma éta sorangan nyaéta palaksanaan klasik tina serangan man-in-the-middle (MitM) – kasir percaya yén sora éta milik Baldwin, anu dina gilirannana nyangka yén anjeunna, sateuacana, dipasihkeun ka “perusahaan fonograf. ”.

Naon deui, pilem na nunjukkeun jalan pintas 2FA: maling tandatangan sareng konfirmasi sora palsu. Pasti, sadayana ieu ayeuna dilakukeun nganggo téknologi digital, tapi skenario serangan inti tetep sami. Ku kituna, countermeasures utama bisa dirumuskeun leuwih ti abad ka tukang:

Entong masihan aksés ka luar kana saluran komunikasi (operator telepon palsu).
Entong bagikeun data pribadi rahasia ka saha waé — kantos (biometrik sora sareng tanda tangan).
Upami aya ragu, pariksa deui legitimasi parentah (frasa “Awéwé Paris anu paling menawan anu kuring kantos ningali” sanés verifikasi anu paling kuat).

Kiwari, anjeun tiasa ningali sorangan séri pilem anu luar biasa ieu dina Wikipedia. Nanging, upami karyawan anjeun henteu siap nampi tip kaamanan maya ti bioskop jempé, kami nyarankeun ngagunakeun Platform Kasadaran Kaamanan Otomatis Kaspersky interaktif kami.

#Maling #identitas #dina #Blog #resmi #Kaspersky

New attack method that bitflips memory cells.

RowPress RAM Serangan | Blog resmi Kaspersky

Oleh bambang raharjoDiposting pada Juli 13, 2023

Pos dinten ieu ngeunaan serangan anyar dina chip DRAM, anu tiasa mangaruhan PC, server sareng smartphone. Anu rada pas, sabab ulikan anyar parantos diterbitkeun anu nalungtik metode serangan DRAM énggal anu disebat RowPress. Ieu ngakibatkeun hammering baris DRAM sababaraha kali, ngabalukarkeun bitflips dina (fisik) baris pangdeukeutna. Gagasan éta sanés énggal – hal anu sami disayogikeun ampir dasawarsa ka tukang dina nami RowHammer. Nanging, RowPress mangrupikeun téknik anu langkung efektif. Tapi ke heula, hayu urang terang naon hartosna “hammering”.

Kumaha RAM jalan

chip RAM pernah bisa relied kana. Pondokna, unggal sél memori, dimana hiji bit informasi disimpen, mangrupakeun batré mini. Nalika urang ngecas, urang nyerat “hiji” kana sél. Upami teu aya biaya, éta “nol”. Sareng éta kajadian… jutaan kali per detik! Dina microchip modern, sél ieu dipak pageuh kana gelar fenomenal: sadayana milyaran aranjeunna dikandung dina kristal ukuran kuku jari. Kalawan laju update tinggi na miniaturization ekstrim komponén éléktronik, sooner atanapi engké kagagalan téh bisa dilawan – mini “batré” bakal leungit muatan maranéhanana, sarta salah sahijina bakal enol. Kadang gagalna disababkeun ku faktor éksternal, contona, lamun chip memori kakeunaan panas atawa malah sinar kosmik.

Gagal sapertos kitu tiasa nyababkeun kasalahan kritis. Bayangkeun program anu nyimpen alamat dina RAM anu kedah diaksés nalika kaayaan anu dicumponan. Lamun sababaraha bit dina alamat ieu spontaneously flip ti hiji nepi ka enol, tinimbang kode anjeun, euweuh nétélakeun naon anu bakal dieksekusi. Seueur téknologi anu dianggo pikeun ngahindarkeun kagagalan; contona, update kapaksa eusi sél memori: bacaan / nulis informasi sequentially – sanajan teu CPU atawa program butuh eta langsung. Prosés maca data téh destructive, jadi sanggeus diakses, informasi kudu overwriting. Aya ogé mékanisme koréksi kasalahan: mémori nyimpen data sareng inpormasi sacara misah pikeun mariksa kabeneran data. Kadé ngartos yen kapadetan luhur sél memori dina komputer modern mangrupa fitur fundamental; aranjeunna moal jalan sagala cara séjén.

serangan RowHammer

Tapi deui ka laporan RowHammer 2014. Peneliti ti Carnegie Mellon Universitas sarta Intel nunjukkeun kumaha mangpaatkeun fitur ditétélakeun di luhur RAM dinamis diropéa pikeun megatkeun. Upami maca data rusak sareng dituturkeun ku nimpa, kumaha upami urang nyerat program anu maca puluhan atanapi ratusan rébu kali per detik? prosés ieu téh naon peneliti nelepon “hammering”.

Répréséntasi skéma tina struktur sél RAM. Sumber

Sél mémori dikelompokeun salaku matriks, sareng unggal operasi dina sél tinangtu ngalibatkeun aksés kana sakabéh array na. Tétéla yén aksés berurutan sareng terus-terusan kana jajar sél mangaruhan barisan tatangga. Lamun operasi ieu dipigawé seueur teuing, nu hiji jeung nol dina sél jajar tatangga bisa dibalikkeun. Panaliti taun 2014 nunjukkeun yén serangan sapertos kitu mungkin dina modul memori DDR3 standar.

Naha éta bahaya? Bayangkeun hacker tiasa ngaéksekusi sababaraha kode sawenang dina sistem anu dituju, tapi tanpa hak husus. Dina kasus anu ekstrim, éta tiasa janten kode halaman wéb, kalayan tautan anu dikirim ka korban. Upami kode ieu diidinan “pencét” daérah RAM anu tangtu, éta tiasa nyababkeun gangguan maca dina sél tatangga, dimana, sebutkeun, data sistem operasi tiasa disimpen.

Dina 2015, panalungtik Google nunjukkeun kumaha RowHammer tiasa dianggo pikeun kéngingkeun aksés anu teu terbatas kana RAM komputer. Ieu mangrupikeun serangan anu kompleks sareng seueur anu teu dipikanyaho: éta tetep kedah asup kana mémori anu leres sareng nyababkeun korupsi data anu “leres” supados komputer henteu ngadat sareng program henteu ngadat. Tapi, kamungkinan téoritis serangan sapertos kitu parantos dikonfirmasi.

BlackSmith: bypass panyalindungan RowHammer

Kumaha ngajaga data tina serangan RowHammer? Cara pangbasajanna nyaéta maksakeun apdet inpormasi dina baris tatangga saatos pamundut maca data tina séri sél mémori. Ieu sacara signifikan ngirangan kamungkinan korupsi data. Sapertos dina kasus kerentanan hardware dina CPU, engké atanapi engké masalah kapanggih dina unggal metode panyalindungan.

Dina taun 2021, panaliti nunjukkeun serangan BlackSmith, anu nunjukkeun yén dina kaayaan anu tangtu, kagagalan tiasa kajantenan sanajan ku panyalindungan RowHammer. Kumaha kahayang maranéhna ngalakukeun ieu? Kumaha lamun, tinimbang “smashing” jajar sél memori gigireun udagan, batur nyobian kombinasi béda: interogasi garis luhur jeung handap target ratusan rébu kali, atawa narajang opat garis sakaligus dina urutan nu tangtu? Éta digawé. Naha? Kusabab masalah dasarna (dénsitas sél mémori anu luhur) henteu kamana waé!

RowPress: ningkatkeun efektivitas serangan

Serangan RowPress anyar malah langkung efektif, sanaos ngagunakeun prinsip dasar anu sami – kalayan hiji perobahan anu alit tapi penting: panyerang nyobian ngantepkeun barisan sél kabuka pikeun dibaca salami mungkin. Panaliti junun mendakan fitur standar anu sanés ngeunaan kumaha chip mémori sareng pengontrol beroperasi anu nyababkeun langkung seueur gangguan anu mangaruhan jajar sél mémori anu padeukeut. Dina watesan efektivitas (diukur ku jumlah “hammers” diperlukeun – nu kirang, nu hadé), RowPress sapuluh atawa malah ratusan kali leuwih kuat batan RowHammer. Dina sababaraha kasus marginal, bitflip nu dipikahoyong kahontal sanggeus hiji operasi maca dina data tatangga.

Bagan aliran tés pikeun nalungtik operasi modul RAM. Sumber

Kumaha serius masalah ieu? Kasempetan serangan RowHammer, Blacksmith atanapi RowPress ka pangguna bumi pisan langsing. Résiko nyaéta perusahaan. Dina tiori, serangan ieu bisa nargétkeun server memori ngajalankeun on awan umum. Barina ogé, panyadia masihan aksés ka serverna, nyayogikeun jinis mesin virtual pikeun pangguna pikeun ngajalankeun kode naon waé anu dipikahoyong. Aranjeunna kedah mastikeun yén mesin-mesin ieu teu aya jalan kabur ti lingkungan virtualna sareng kéngingkeun aksés kana data palanggan anu sanés. Sacara kasar, sistem virtual sapertos kitu mangrupikeun program anu tiasa maca sareng nyerat data kana RAM server; dina basa sejen – platform siap dijieun pikeun raiding memori server fisik.

Kumaha téoritis serangan sapertos kitu tiasa ditingali tina poto pangaturan tés anu dianggo pikeun diajar RowPress. modul memori geus dipindahkeun ka dewan misah. Dihubungkeun sareng éta mangrupikeun jinis alat debug pikeun nyéépkeun operasi RAM. Sababaraha sistem panyalindungan geus ditumpurkeun. Paling importantly, pamanas dipasang dina modul jeung chip memori, naekeun hawa ku 50 atawa malah 80 darajat Celsius, nu sorangan ngaronjatkeun likelihood tina korupsi data kahaja atawa ngahaja.

spésifikasi serangan hardware

Ngabandingkeun RowPress ka RowHammer sateuacanna, kami dasarna ningali modifikasi sakedik kana metode aksés mémori anu ngamungkinkeun panyerang jalan-jalan (kalebet sistem nyata, tanpa pemanasan atanapi “curang”) panyalindungan anu dilaksanakeun ku produsén modul. Para panalungtik ngusulkeun solusi sorangan pikeun masalah ieu, anu untungna ngagaduhan sakedik pangaruh kana kinerja. Nanging, sapertos sabagéan ageung kerentanan hardware, ngaleungitkeunana lengkep henteu realistis. Ngurangan dénsitas chip memori ayeuna sanés pilihan. Gantina, kapasitas maranéhanana ngan tumuwuh sarta expands.

Ngalaksanakeun koreksi kasalahan “dipercaya” moal ngabéréskeun masalah ogé, sabab éta bakal nyandak sapertilu tina RAM. Métode tradisional dumasar kana kode koréksi kasalahan (ECC) ngajantenkeun serangan kirang efektif, tapi henteu ngaleungitkeunana. Saatos nyarios kitu, éta aman pikeun nyarios yén RowPress moal janten serangan “palu” anu terakhir anu urang tingali.

Di sisi tambah, studi sapertos, pikeun ayeuna, tetep sakitu legana latihan téoritis. Panaliti mendakan vektor serangan énggal, sareng produsén alat ngadamel pertahanan énggal. Tangtosna, kamungkinan yén aranjeunna tiasa ngahaja mendakan kerentanan anu berpotensi pikeun eksploitasi massal. Sanajan kitu, ditilik ku sajarah studi misalna dina dékade panungtungan, ieu sigana saperti teu mirip.

Tapi panalungtikan sapertos kitu henteu kedah dianggap murni téoritis sareng abstrak: naon anu tiasa dilakukeun ku para ahli dumasar laboratorium ayeuna, penjahat cyber nyata tiasa ngalakukeun énjing – atanapi dina lima atanapi sapuluh taun. Sedengkeun pikeun panyadia ladenan awan, maranéhanana kudu up to date jeung kamajuan panganyarna kiwari, sarta emphatically ngasupkeun kana model kaamanan maranéhanana.

#RowPress #RAM #Serangan #Blog #resmi #Kaspersky

Kaspersky NEXT: Wawasan konci | Blog resmi Kaspersky

Oleh bambang raharjoDiposting pada Juli 5, 2023

Caangkeun Zurich sareng NEXT Kaspersky

Dina 27 Juni, NEXT balik deui dina kakuatan pinuh, waktos ieu di Zurich kalayan acara fisik pasca-pandémik anu munggaran. Wartawan sareng ahli ti sakumna dunya ngumpul pikeun ngajalajah wawasan kritis ngeunaan masa depan cybersecurity, kalebet bot AI, pamanggihan Darknet, Grup Lazarus, sareng nganjang ka Pusat Data sareng Transparansi Éropa unggulan.

Zurich Kota Héjo Data Center, Kaspersky MORE

Lima Taun tina Inisiatif Transparansi Global

Taun ieu, urang ngagungkeun ulang taun kalima tina inisiatif Transparansi Global groundbreaking urang, GTI dibayangkeun pikeun ngamajukeun transparansi cybersecurity. Tujuan utama GTI nyaéta: migrasi data ka pusat data Swiss, muka langkung seueur Pusat Transparansi di sakuliah dunya, audit rutin sareng manajemén kerentanan. Diréktur Urusan Umum, Yuliya Shlychkova, ngadawuh: “Komitmen kami pikeun transparansi aya hubunganana sareng organisasi di sakumna dunya, nyorot [our] pendekatan visioner”.

Salaku tambahan, Yuliya nyarios yén mimitian Juli 2023, kami parantos mutuskeun pikeun ngabagikeun sadaya kode sumber solusi di premis sareng para nasabah sareng mitra perusahaan di pusat, ngajantenkeun transparansi langkung ti ngan saukur kecap konci.

Pusat Transparansi Komputer, Kaspersky NEXT

Pananjung Korban: Napigasi dina Darknet Labyrinth

Pindah ti prakarsa transparansi kami, proyék munggaran anu diluncurkeun di NEXT nyaéta inisiatif ‘Penemuan Korban’. Hal ieu dipingpin ku Yuliya Novikova, kapala Tim Digital Footprint Intelligence urang.

Gagasanna saderhana: sapanjang taun 2022, inisiatif ngalacak postingan wéb poék anu nunjukkeun kagiatan jahat, sapertos aksés ilegal kana pangkalan data perusahaan atanapi kompromi infrastruktur. Hasilna, tim junun bandéra 258 pausahaan global héran, alerting aranjeunna kana insiden serius. Tapi anu héran nyaéta réaksi ti perusahaan anu waspada. Langkung ti sapertilu teu gaduh kontak pikeun kajadian sapertos kitu, sareng 28 persén anu pikahariwangeun katingalina teu acuh atanapi nampik. Sanajan kitu, sababaraha direspon proactively – 22 persén éta dina resiko, sarta 5 persén éta sadar breach nu.

💁‍♀️ Ngaganggu, 28% teu malire atanapi nampik kajadian éta. Éta sami sareng aya dina badai sareng keukeuh yén éta ngan angin ngahiliwir. Ngajadikeun anjeun heran, teu eta? Tapi antosan, aya deui… 🌪️#KasperskyNEXT pic.twitter.com/YbTXVOKciR

– Kaspersky (@kaspersky) 27 Juni 2023

Kitu ceuk Yuliya “Sanaos réaksi kana béwara kami dicampur, ngan ukur sapertilu anu ngaréspon cekap, kami yakin ngawaskeun Darkweb parantos kabuktosan janten alat anu penting pikeun profésional cybersecurity. Hal ieu ngamungkinkeun urang pikeun ngaréspon gancang sareng nyegah poténsi ngalanggar data.

Yuliya Novikova, Kepala Digital Footprint Intelligence, Kaspersky NEXT – Poto: Mattias Nutt

Unraveling the Dark Thread: Carita Andariel sareng EarlyRat

Saatos Yuliya, Jornt van der Wiel ti Tim Tanggapan & Analisis Global urang (GReAT) narékahan énggal: tim éta ngungkabkeun panemuan énggal ngeunaan Andariel, subgrup Lazarus anu kondang, sareng mendakan ancaman malware anu teu dipikanyaho sateuacana disebut EarlyRat. .

Dina usaha pikeun ngabongkar Andariel, subgrup Lazarus anu kasohor, tim Kaspersky sumping sareng kulawarga malware énggal. Lebetkeun EarlyRat. 🐀 Rupa anyar ieu dina jajaran cybercrime tiasa ngabantosan urang ngadeteksi serangan langkung awal. Tapi, naon carita di balik eta? 👀#KasperskyNEXT pic.twitter.com/NKGOmCVO6m

– Kaspersky (@kaspersky) 27 Juni 2023

Andariel geus wreaking malapetaka pikeun leuwih dasawarsa, ngagunakeun Log4j mangpaatkeun pikeun initiate inféksi, nu lajeng ngundeur malware tambahan. Narikna, kapanggih yén paréntah dieksekusi sacara manual ku operator manusa – anu katingalina teu ngalaman, tinangtu jumlah typo sareng kasalahan anu dilakukeun. Pindahkeun, tPanalungtikan tim urang uncovers EarlyRat. Sapertos Trojans Remote Access anu sanés, éta ngumpulkeun inpormasi sistem sareng ngirimkeunana ka server paréntah-sareng-kontrol na. Sanaos kesederhanaan, éta mirip pisan sareng MagicRat, malware anu sanés dianggo ku Lazarus.

Jornt Van der Wiel ngagambarkeun papanggihan maranéhanana, nyebutkeun, “Dina dunya cybercrime anu lega sareng kompleks, grup sering ngadopsi kode ti batur, ngagentos antara jinis malware anu béda. Usaha konsentrasi kami pikeun mendakan taktik sareng téknik parantos ngirangan waktos atribusi sareng ngamungkinkeun urang ngadeteksi poténsi serangan dina tahap awalna.

Jornt van der Wiel, Peneliti Kaamanan Principal, Kaspersky NEXT - Poto: Mattias Nutt

Jornt van der Wiel, Panaliti Kaamanan Utama, Kaspersky NEXT – Poto: Mattias Nutt

Kebangkitan AI Bots: Boon atanapi Kutukan pikeun Cybersecurity?

Dina panutupanana, Maher Yamout, panalungtik kaamanan anu kasohor ti Global Response & Analytics Team, ningali kana industri Artificial Intelligence sareng cybersecurity, kalebet diskusi ngeunaan deteksi ancaman, bug, sareng padamelan.

Maher Yamout, Panaliti Kaamanan Senior, Kaspersky NEXT – Poto: Mattias Nutt

Bot AI, kalayan kamampuan ngolah data anu gancang, nyiptakeun gelombang cybersecurity, tapi naha urang hoyong aranjeunna ngajagaan kahirupan digital urang? Yamout lebet kana ieu sacara rinci, sareng ningali sababaraha kauntungan anu dibawa AI, sapertos deteksi kerentanan sareng pangurangan kasalahan, sareng ngabandingkeunana sareng sababaraha hal anu teu tiasa dilakukeun ku AI (ayeuna), sapertos pertimbangan manusa. A

Diskusi anu teu bisa dihindari ngeunaan leungitna padamelan mangrupikeun perhatian, sanaos ngagentos panyusun kaputusan sareng pamecah masalah dina cybersecurity tetep janten titik anu moot, sabab ayeuna teu mungkin AI bakal ngagentos manusa pikeun seueur peran kaamanan.

💼 Naha bot AI bakal nyandak padamelan? Naon anu nyababkeun sababaraha organisasi sareng nagara ngalarang éta? Kumaha cybercriminals diadaptasi kana ngagunakeun AI? Patarosan teuas, katuhu? Maher masihan jawaban anu pikaresepeun.#KasperskyNEXT pic.twitter.com/aeiVfeIbf5

– Kaspersky (@kaspersky) 27 Juni 2023

Pamustunganana, pesen Yamout jelas: bari peran AI dina cybersecurity naék, penting pisan pikeun napigasi jalur ieu sacara saksama, nyaimbangkeun kauntungan poténsial sareng kamungkinan résiko.

Pikiran Akhir: Ningali Ka hareup ka Masa Depan

Nalika urang nutup tirai dina édisi NEXT ieu, waktosna pikeun ngeunteung deui acara anu luar biasa ieu. Ieu mangrupikeun hajatan anu ageung, khususna anu nandaan ulang taun kalima Global Transparency Initiative (GTI).

Tina misteri Darknet dugi ka padamelan jero grup Lasarus, dugi ka poténsi bot AI, konperénsi ieu ngahijikeun sababaraha pikiran anu paling terang dina kaamanan, industri sareng téknologi, nyayogikeun platform pikeun wacana wawasan ngeunaan panalungtikan panganyarna sareng anu bakal datang. . kamungkinan sarta ngajajah rupa-rupa jejer metot.

Éta ngajangjikeun masa depan dimana kaamanan digital mangrupikeun norma, transparansi mangrupikeun standar, sareng ukuran kaamanan anu kuat dilaksanakeun.

Tetep aman tur tetep katala!

#Kaspersky #Wawasan #konci #Blog #resmi #Kaspersky

Tag: Blog

Introducing McAfee+

Phishing email with invitation

Fake self-evaluation form

How to stay safe

The big business of typosquatting

“dot.cm” scams

“dot.om” scams

Big brand and voice assistant typosquatting scams

How to protect yourself from typosquatting

Introducing McAfee+

20,000-dollar bubble tea

How not to fall victim

1. Password stealers

2. Physical access to the computer

3. Browser account hijacking

Why a password manager beats a browser

Many scams in one

Share it with the whole world

How to avoid falling victim?

Airbnb account security: protect your phone number

Airbnb fakes: free cheese that will cost you dear

Scam ads on the real Airbnb: anyone can be affected

Hidden cameras: more common than you think

Vampir Palajaran

Maling identitas dina 1915

Kumaha meujeuhna skéma ieu?

Kumaha RAM jalan

serangan RowHammer

BlackSmith: bypass panyalindungan RowHammer

RowPress: ningkatkeun efektivitas serangan

spésifikasi serangan hardware

Caangkeun Zurich sareng NEXT Kaspersky

Lima Taun tina Inisiatif Transparansi Global

Pananjung Korban: Napigasi dina Darknet Labyrinth

Unraveling the Dark Thread: Carita Andariel sareng EarlyRat

Kebangkitan AI Bots: Boon atanapi Kutukan pikeun Cybersecurity?

Pikiran Akhir: Ningali Ka hareup ka Masa Depan