Subterms
Cliff Joseph/ZDNETWhether you’re an engineer working with sensitive design data or want to keep your data from falling into the wrong hands, you must invest in an encrypted hard drive. And right now at Amazon, you can save $80 on the 2TB Kingston IronKey Vault Privacy 80 More
Elyse Betters Picaro / ZDNETDo you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is “a well-resourced and highly capable adversary.”Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and moreTo gain initial access, the attackers used brute-force login techniques and two different methods to bypass the built-in authentication. They’ve also been able to exploit certain vulnerabilities not yet assigned official CVE numbers. Once they’d accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw identified as CVE-2023-39780.Though no malware was actually installed, the attackers certainly left their mark. More than 9,000 Asus routers affectedBy using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device. They also installed a backdoor to return easily to the router’s firmware without worrying about authentication. The backdoor was stored in non-volatile memory (NVRAM), which meant it couldn’t be removed by rebooting the router or updating its firmware. To avoid being caught, the criminals even disabled logging, which would otherwise record their access. Also: Why no small business is too small for hackers – and 8 security best practices for SMBsBased on data from internet scanner Censys, more than 9,000 Asus routers are affected, and that number is growing. However, GreyNoise said that over the past three months, it witnessed only 30 related requests to access the affected routers. That seems to be a sign that the campaign is moving along slowly and quietly. If no malware is installed, what’s the goal behind the attack? “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” GreyNoise said in its post.And who’s behind it?”The tactics used in this campaign — stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection — are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.” Also: Your old router could be a security threat – here’s why and what to doThe language used by GreyNoise, particularly the reference to APTs, suggests a nation-state or attackers working on behalf of a hostile government. Though GreyNoise didn’t cite any particular adversary, such attacks have been attributed to different countries, including China, Russia, North Korea, and Iran.Using its AI-powered payload analysis tool Sift and its observation grid, GreyNoise discovered the attack on March 18. But the firm said it waited until now to disclose it publicly so it could have time to consult with its government and industry partners. More
Just_Super/Getty Images I try out a lot of extensions in Firefox, Chrome, and Edge, both personally and professionally. But when I’m faced with an unfamiliar extension, how do I know it’s safe and secure? A new website aims to warn you about suspicious and malicious extensions before you even try to install them. Also: 5 browser […] More
Cliff Joseph/ZDNETWhether you’re an engineer working with sensitive design data or want to keep your data from falling into the wrong hands, you must invest in an encrypted hard drive. And right now at B&H Photo, you can save $80 on the 2TB Kingston IronKey Vault Privacy 80 More
Andrew Brookes/Getty Images Like many people today, you may turn to AI to answer questions, generate content, and gather information. But as they say, there’s always a price to pay. In the case of AI, that means user data. In a new report, VPN and security service Surfshark analyzed what types of data various AIs […] More
JuSun/Getty Images Yet another data breach has exposed passwords and other sensitive information – but this one is a whopper. Cybersecurity researcher Jeremiah Fowler revealed his discovery of a massive online database containing more than 184 million unique account credentials, in a report published Thursday. Usernames, passwords, emails, and URLs for a host of applications […] More
Sabrina Ortiz/ZDNETA thief who steals your smartphone can try to crack it themselves, sell it locally, or use it to commit fraud. But your stolen phone could also travel as far away as China. A recent investigation by The Financial Times (paywall) found that a particular building in Shenzhen’s Huaqiangbei district is home to a treasure trove of second-hand iPhones, including stolen devices.Though several locations in and around the Huaqiangbei district are hot spots for trading used phones, FT’s investigation focused mostly on the Feiyang Times building. Much of the buying and selling here is for phones that were legitimately traded in by their owners, according to the reporter who covered the action. But at least some of the activity involves stolen phones, leading the Feiyang Times to be known as China’s “stolen iPhone building.” Also: 5 warning signs that your phone’s been hacked – and how to fight backThe Times relates one unfortunate individual whose iPhone 15 Pro was stolen by thieves in London. Using tracking technology, the victim followed the phone to its final destination in the Huaqiangbei district. After sharing his experience on LinkedIn, he discovered that many other people had encountered similar situations. A woman in North Carolina whose phone was stolen tracked it on its journey from Charlotte to Miami and then finally to Shenzhen, according to WRAL News. In this case, the thieves compounded the crime with a spin on the usual ransomware ploy. In texts sent to the woman, they told her that unless she deactivated the stolen phone, they would sell her private information on the black market, meaning the dark web. Phone theft is on the rise, especially in major cities like London, Paris, and New York. In February, the UK’s Metropolitan Police said that phone theft in London is a business that generates £50 million ($67 million) per year. In one week, UK police officials captured 1,000 stolen devices and made 230 arrests, FT reported. More
Jack Wallen / Elyse Betters Picaro / ZDNETHow safe is your browser? You’re probably using Chrome, right? Or maybe you’ve migrated to Opera, Firefox, Edge, Brave, or some other browser that you believe has your back. It probably doesn’t. At least not as well as you might think.That’s why the EFF created Cover Your Tracks. Also: I found the most private and secure way to browse the web – and it isn’t incognito modeThis site tests your browser to see how trackers view your browser. It’s a brilliant tool that gives you enough insight into the browser you use that you might want to think about switching or adding some plugins to strengthen the default offerings. How does Cover Your Tracks work?The site is simple to use: Open your browser.Point your browser to coveryourtracks.eff.org.Click Test Your Browser.Wait for the results.As the site runs, it loads fake trackers. If your browser blocks a tracker, it passes that test and moves on to the next. The tests are: A fake ad.A tracker.A domain that respects the EFF’s Do Not Track policy.It only collects anonymous data, so you don’t have to worry, and the EFF can be fully trusted. Also: I’ve tried nearly every browser out there, and these are my top 6 (none are Chrome)The results give you basic and detailed information, but the important thing is that it’s going to say something like: “Our tests indicate that you have some protection against Web tracking, but it has some gaps.” Or maybe: “Our tests indicate that you have strong protection against Web tracking.”My results with Cover Your TracksI’m not gonna lie, the results caused me to switch browsers. Here’s the deal: My default has been Zen Browser for some time. I love the UI and the ability to really customize it. However, Zen Browser fell under the “some protection” category. On the other hand, Opera fell under the “strong protection” category.Needless to say, I went back to Opera. Surprise, surpriseFor me, the big surprise was Chrome. For the longest time, I’ve railed on Chrome for being one of the most insecure browsers available. Guess what? Cover Your Tracks flagged Chrome as having “strong protection” against trackers. Also: 5 Firefox-based, privacy-first web browsers that improve on the originalThat, of course, doesn’t mean Chrome is 100% safe to use, but if blocking trackers is your primary need, Chrome passed the test with flying colors. How other browsers faredHere’s the list of browsers I have installed: Tor – strong protectionFireDragon – some protectionFirefox – some protectionEdge – no protectionBrave – strong protectionYandex Browser – some protectionSafari – strong protectionArc Browser – no protectionFloorp – some protectionLibreWolf – strong protectionThe results are a mixed bag. You’d think that all Chrome-based browsers would have strong protection, but not Arc. You would also think that all Firefox-based browsers would have some protection, but LibreWolf proves that wrong. More
