Authentic8 Blog Category: News

How to Prevent Browser “Cryptojacking”

Illustration: How to Prevent Browser “Cryptojacking” - Authentic8 Blog

If you thought your “secure” browser is blocking all these cryptojacking attempts (perhaps you even installed a cryptoblocker extension), think again. Cryptominers are using other people’s browsers to make bank while getting better at evading detection. What have they been up to recently?

*
For readers of this blog who don’t already know, cryptojacking is the process in which a machine’s resources are hijacked and used to mine cryptocurrency. This type of attack can take place in various ways, usually involving the local browser and JavaScript. For more details, check out our “Cryptojacking 101” here.

Lately, cryptojackers have found more ways to hog their victims’ computing resources. Chrome browser extensions offered through the Chrome Web Store were discovered to contain mining code. Ubuntu’s own Snap Store has been supplying software with “miners” built in.

One-two punch: ransomware+cryptojacking

Even garden-variety malware now usually comes equipped with miners. A new variant of the Rakhni ransomware now contains a cryptocurrency miner.

How the PageUp Hack is Highlighting HR's Data Protection Problems

Illustration: How the PageUp Hack is Highlighting HR's Data Protection Problems - Authentic8 Blog

The recent data breach at global Human Resources services provider PageUp may have impacted millions of job seekers, the firm announced last week. Following such incidents that affect HR records, it’s often IT that gets the blame. Are HR firms and departments generally too lax at handling confidential data?

*

HR professionals have been found to be especially vulnerable to cyberattacks or user error. HR data breaches have severe consequences for individual employees and the whole organization. In 2015, confidental information of more than 22 million current and former federal employees and contractors was stolen when state-sponsored hackers hit the Office of Personnel Management (OPM), the U.S. government’s HR department.

Since then, employees have started suing their employers over other incidents, as in the case of an HR data breach at Seagate, and more law firms are lining up to take their cases. Lamps Plus was slapped with a class action in California federal court, accusing it of failing to

DOD Looks to the Cloud for Browser Security

Illustration: DOD Looks to the Cloud for Browser Security - Authentic8 Blog

The US Department of Defense just published its cloud browser strategy. What's yours?

*

On June 5, 2018, the Defense Information Systems Agency released an unclassified request for information (RFI) outlining its intent to procure a cloud browser for 3.1 million Department of Defense (DOD) employees.

The operators of the most-targeted network in the world have concluded that they'd be more secure and efficient if they kept all public web code off the department's network.

This is significant for the entire cybersecurity market, not just the DOD. With this RFI, an arguably niche, disruptive security solution becomes mainstream. Cloud browsers are now something any organization concerned with online security must consider.

DOD personnel use the web for mission-related activities, support and logistics functions, and morale and well-being. With more than 4 million users worldwide, and with many people operating out of sensitive government facilities, the DOD is also a compelling target for cyberattack. The volume of attacks the department must deal with

SSL Certificates Boost Security? Many Don’t.

Illustration: SSL Certificates Boost Security? Many Don’t. - Authentic8 Blog

Massive disruption is coming to websites that use digital certificates issued by Symantec or the brands that it has owned - Verisign, Thawte GeoTrust, and RapidSSL. One third or more of the net’s SSL certificates could be affected.

*

Effective this week, both the Chrome and Firefox browsers will not accept any SSL certificates issued by Symantec that were issued before June 2016. Symantec certificates that were issued after that date will not be accepted by both browsers starting in September 2018.

These drastic measures have been in the making for about a year. In March 2017 Google announced that it had lost all confidence in certificates issued by Symantec.

What had gone wrong? In short, the way how Symantec was issuing the certificates. Its issuance methods could allow untrusted third parties to issue certificates on Symantec’s behalf - without oversight. The rules that Symantec ignored had been decided by the industry standards group, the CA/B Forum, for certificates used

Fed Up? Fire Up This Cloud Browser.

Illustration: Fed Up? Fire Up This Cloud Browser. - Authentic8 Blog

The Facebook/Cambridge Analytica fiasco did not happen overnight or by “mistake”, as Facebook wants users to believe. The price of “free” services and apps online means the loss of data protection, privacy and transparency.

This isn’t a new phenomenon, it’s not limited to Facebook, and it should not be a surprise to anyone. Venture investment in companies building businesses around “eyeballs” and “clicks” had to convert to hard cash at some point, and that point is the monetization of user data.

In contrast, Authentic8’s cloud browser Silo was built on the trust of its users. How do we honor that trust? We think you have a right to know what we do with your data. But first, some background.

*

So Mark has admitted “mistakes” on behalf of Facebook. As did Marissa before him, for Yahoo. And don’t forget Richard (who?), who apologized - kinda, sorta - for Equifax. And so on…

Did it change anything that these