Government spyware is another reason to use an ad blockerAd blockers might seem like an unlikely defense in the fight against spyware, but new reporting casts fresh light on how spyware makers are weaponizing online ads to allow governments to conduct surveillance.
Spyware makers are reportedly capable of locating and stealthily infecting specific targets with spyware using banner ads.
One of the startups that worked on an ad-based spyware infection system is Intellexa, a European company that develops the Predator spyware.
Ad blockers don’t just hide the ads, but rather block the underlying website from loading the ads to begin with.
In 2022, the FBI said in a public service announcement to use an ad blocker as an online safety precaution.
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.
In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts.
By prompting a user to enter a time-sensitive code along with their username and password, malicious hackers cannot break into a user’s account with just a stolen password.
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit “I can’t sugarcoat it — this shit is bad," said Huntress' CEOSecurity experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw.
The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and technicians to provide real-time remote technical support on customer systems.
Cybersecurity company Huntress on Wednesday published an analysis of the actively exploited ConnectWise vulnerability.
ConnectWise also released a fix for a separate vulnerability affecting its remote desktop software.
The U.S. agencies also observed hackers abusing remote access software from AnyDesk, which was earlier this month forced to reset passwords and revoke certificates after finding evidence of compromised production systems.
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber directorNation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official.
“We already see criminal and nation state elements utilizing AI.
“We’re seeing intelligence operators [and] criminals on those platforms,” said Joyce.
“On the flip side, though, AI, machine learning [and] deep learning is absolutely making us better at finding malicious activity,” he said.
“Machine learning, AI, and big data helps us surface those activities [and] brings them to the fore because those accounts don’t behave like the normal business operators on their critical infrastructure, so that gives us an advantage,” Joyce said.
Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday.
The company says it has sold six million units of its hardware wallet, and Ledger Live, its software equivalent, is used by 1.5 million users.
That would allow the hackers to drain the crypto inside users’ wallets — so long as the users accepted the push to connect their wallets to the malicious Ledger version.
ZachXBT, a well-known independent crypto researcher, wrote on X that one victim had more than $600,000 in crypto drained from their account.
Several blockchain security researchers, as well as people who work in the web3 industry, warned users on social media of the supply chain hack against Ledger.
