Authentic8 Blog Category: Security

How to Prevent Browser “Cryptojacking”

Illustration: How to Prevent Browser “Cryptojacking” - Authentic8 Blog

If you thought your “secure” browser is blocking all these cryptojacking attempts (perhaps you even installed a cryptoblocker extension), think again. Cryptominers are using other people’s browsers to make bank while getting better at evading detection. What have they been up to recently?

*
For readers of this blog who don’t already know, cryptojacking is the process in which a machine’s resources are hijacked and used to mine cryptocurrency. This type of attack can take place in various ways, usually involving the local browser and JavaScript. For more details, check out our “Cryptojacking 101” here.

Lately, cryptojackers have found more ways to hog their victims’ computing resources. Chrome browser extensions offered through the Chrome Web Store were discovered to contain mining code. Ubuntu’s own Snap Store has been supplying software with “miners” built in.

One-two punch: ransomware+cryptojacking

Even garden-variety malware now usually comes equipped with miners. A new variant of the Rakhni ransomware now contains a cryptocurrency miner.

How the PageUp Hack is Highlighting HR's Data Protection Problems

Illustration: How the PageUp Hack is Highlighting HR's Data Protection Problems - Authentic8 Blog

The recent data breach at global Human Resources services provider PageUp may have impacted millions of job seekers, the firm announced last week. Following such incidents that affect HR records, it’s often IT that gets the blame. Are HR firms and departments generally too lax at handling confidential data?

*

HR professionals have been found to be especially vulnerable to cyberattacks or user error. HR data breaches have severe consequences for individual employees and the whole organization. In 2015, confidental information of more than 22 million current and former federal employees and contractors was stolen when state-sponsored hackers hit the Office of Personnel Management (OPM), the U.S. government’s HR department.

Since then, employees have started suing their employers over other incidents, as in the case of an HR data breach at Seagate, and more law firms are lining up to take their cases. Lamps Plus was slapped with a class action in California federal court, accusing it of failing to

DOD Looks to the Cloud for Browser Security

Illustration: DOD Looks to the Cloud for Browser Security - Authentic8 Blog

The US Department of Defense just published its cloud browser strategy. What's yours?

*

On June 5, 2018, the Defense Information Systems Agency released an unclassified request for information (RFI) outlining its intent to procure a cloud browser for 3.1 million Department of Defense (DOD) employees.

The operators of the most-targeted network in the world have concluded that they'd be more secure and efficient if they kept all public web code off the department's network.

This is significant for the entire cybersecurity market, not just the DOD. With this RFI, an arguably niche, disruptive security solution becomes mainstream. Cloud browsers are now something any organization concerned with online security must consider.

DOD personnel use the web for mission-related activities, support and logistics functions, and morale and well-being. With more than 4 million users worldwide, and with many people operating out of sensitive government facilities, the DOD is also a compelling target for cyberattack. The volume of attacks the department must deal with

Rogue WiFi Access Points: Would You Know the Difference?

Illustration: Rogue WiFi Access Points: Would You Know the Difference? - Authentic8 Blog

When traveling, at trade shows or when visiting a client or customer, a wireless access point (AP) can offer the most direct way to connect to the web. And the most dangerous, too.

*

Beware “rogue” access points (RAPs). They’re out there ready to get you when you expect it least.

Rogue access points pop up on your device’s network menu with labels that look like what you’d expect to see when trying to gain access to a system in a public or semi-public space.

They pop up in coffee shops, hotel lobbies and hallways, on trade show floors, commuter trains or at airports. The network label at Reagan National Airport in Washington DC, for example, reads FlyReagan. But someone may have set up a RAP labeled FlyReagan or FlyDCA for their own (read: dark) purposes.

RAPs vs. APs: Would you know the difference?

Have you ever been pwned by a rogue AP? Most victims wouldn’t be able to

Hoodwinked: Why Our Eyes Won't Protect Us Against Phishing and Fake Websites

Illustration: Hoodwinked: Why Our Eyes Won't Protect Us Against Phishing and Fake Websites - Authentic8 Blog

By Benjamin Dynkin & Barry Dynkin

Our eyes were the gatekeepers between fact and fiction, reality and myth - then the internet came along. The visual information we encounter and interact with on the web is digitally created and manipulated - and we’re not ready for it.

*
Web pages and individual visual elements can be easily replicated, and their impact on users tracked and measured. The problem with that is that scammers take advantage of it, while we still trust our eyes. This trust can now easily be turned against us.

In the domain of email-based fraud, perpetrators have evolved beyond broad, “Nigerian Prince”-esque campaigns. No longer are they limited to crude schemes that are easily detected.

Instead, they are using sophisticated, targeted campaigns that combine social engineering with visual deception and manipulation. The goal is to generate sensory overload and trick individuals into divulging critical information, such as usernames and passwords, or to overcome their resistance with psychological pressure