In the latest campaign, we have seen several apps impersonated by the malware: the ad blockers AdShield and Netshield, as well as the Opendns service. This article analyzes only fake AdShield app, but all the other cases follow the same scenario.
Statistics
According to data from kasperskysecuritynetwork, at the time of preparing this article, since the beginning of February 2021, there have been attempts to install fake apps on the devices of more than 7 thousand users. At the peak of the current campaign, more than 2,500 unique users per day were attacked, with most of the victims located in russia and CIS countries.
Deepfake is taking space from our daily life. Recently South Korea has replaced a new anchor with deep fake person (i.e look like real person). You might have seen recent Tom Cruise videos and those are deep fake. We are at the stage where it is becoming hard to distinguish between fake vs real videos & audio’s.
Despite the negative connotations surrounding the colloquial term deepfakes (people don’t usually want to be associated with the word “fake”), the technology is increasingly being used commercially.
More politely called AI-generated videos, or synthetic media, usage is growing rapidly in sectors including news, entertainment and education, with the technology becoming increasingly sophisticated.
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments.
The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware.
Security researcher Laxman Muthiyah has found a critical bug in Microsoft identity manager and he has been rewarded $50,000 prize money. Here is his snippet of hack.
After my Instagram account takeover vulnerability, I was searching for similar loopholes in other services. I found Microsoft is also using the similar technique to reset user’s password so I decided to test them for any rate limiting vulnerability.
To reset a Microsoft account’s password, we need to enter our email address or phone number in their forgot password page, after that we will be asked to select the email or mobile number that can be used to receive security code.
Coordinated Universal Time, or U.T.C., the global reference for timekeeping, is beamed down to us from extremely precise atomic clocks aboard Global Positioning System (GPS) satellites. The time it takes for GPS signals to reach receivers is also used to calculate location for air, land and sea navigation……
The problem is that GPS signals are incredibly weak, due to the distance they have to travel from space, making them subject to interference and vulnerable to jamming and what is known as spoofing, in which another signal is passed off as the original. And the satellites themselves could easily be taken out by hurtling space junk or the sun coughing up a fireball. As intentional and unintentional GPS disruptions are on the rise, experts warn that our overreliance on the technology is courting disaster, but they are divided on what to do about it.
Impact of GPS Security
More than 10,000 incidents of GPS interference have been linked to China and Russia in the past five years. Ship captains have reported GPS errors showing them 20-120 miles inland when they were actually sailing off the coast of Russia in the Black Sea. well documented are ships suddenly disappearing from navigation screens while maneuvering in the Port of Shanghai.
Alternative of GPS
“China, Russia, Iran, South Korea and Saudi Arabia all have eLoran systems because they don’t want to be as vulnerable as we are to disruptions of signals from space,” said Dana Goward, the president of the Resilient Navigation and Timing Foundation, a nonprofit that advocates for the implementation of an eLoran backup for GPS.
Cyber Security: Awareness is the key 