Proofpoint: with “job fraud” cybercriminals target students looking for work

A new threat is exploding in the world of cybercrime: it is called “job fraud” and tends to affect higher education organizations almost exclusively, in the United States but also in Europe and Australia. These types of attacks saw a further surge during the pandemic, when cybercriminals exploited people’s willingness to work from home or remote working. Indeed, with the promise of easy money (for example, working from home to collect personal data), cybercriminals steal money or persuade victims to unwittingly participate in illegal activities, such as money laundering.
For the FBI’s Internet Crime Complaint Center, the average loss of a “job fraud” is $ 3,000.

Proofpoint has identified a number of job-related threats: nearly 95% target educational institutions, particularly colleges and universities. So far, the majority of attacks have been concentrated in the United States, although attackers have targeted European and Australian institutions and facilities (nearly 4,000 email threats were recorded daily).

Sherrod DeGrippo, Vice President, Threat Research and Detection at Proofpoint points out, “Threats like this can cause people to lose their life savings or involve them in criminal operations without their knowledge. They are very worrying, especially for universities, so much so that Proofpoint detects and blocks thousands of fraud threats every week that could harm their students and teachers. “

The US government places Kaspersky on the cybersecurity blacklist

In recent days, the Federal Communications Commission has decided to include the Russian security company Kaspersky within the same “entity list” that has hosted Huawei and ZTE since last year. According to the FCC, Kaspersky security products pose a national security risk and therefore will no longer be eligible for federal funds. In addition to Kaspersky, which has long since been banned from all US government networks, China Mobile and China Telecom have also been added to the list of unwelcome companies. “Kaspersky is disappointed with the Federal Communications Commission’s decision to ban the use of certain federal telecommunications subsidies for the purchase of Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products that the company continually supports. , but it is taken on a political basis, “said the Russian security company. “I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold needed to be added to our list. Their addition, as well as that of Kapsersky Labs, will help protect our networks from threats posed by state-backed Chinese and Russian entities seeking to engage in espionage and otherwise harm America’s interests, “FCC Commissioner Brendan Carr said. In this way, Kaspersky earns the double distinction of being the first Russian company and the first company specialized in cyber security to enter the US entity list. Recall that the companies on this list represent, according to the US, a threat to national security and therefore are excluded from the possibility of receiving funds among the 8 billion dollars available every year in the Universal Service Fund program of the Federal Communications Commission, which goes to support telecommunication services in rural areas or for the low-income population or even for institutions such as schools, libraries and hospitals. The move by the FCC comes within the context of the consequences triggered by the military invasion of Ukraine by the Russian Federation. Company founder Eugene Kaspersky has long been accused of having ties to the Russian military and intelligence, although he has repeatedly stated that his company is completely independent of the government. A couple of weeks ago the German Federal Office for Cybersecurity advised companies in the country not to use Kaspersky products as the company could be forced to put its products at the service of Russian intelligence.

Log4Shell is the new zeroday flaw: a bug present in most applications, and very easily exploitable

Log4Shell is a new zeroday vulnerability discovered last Thursday when it was exploited to remotely compromise Minecraft servers. The vulnerability was traced with the code CVE-2021-44228 and was assigned a severity level of 10 out of 10 as it can be exploited very easily and allows the execution of remote unauthenticated code.

The vulnerability concerns in particular Log4j, an open source event logging tool based on Java and available from Apache that is used by hundreds of thousands of apps, especially in the cloud and including those commonly used in almost all companies on the planet. .

Event logging is a process by which applications keep an up-to-date list of the activities performed and which can thus be analyzed later in the event of errors. Almost all network security systems run some kind of event log, which gives libraries such as Log4j nearly endless coverage.

The exploitation of the vulnerability occurs by managing to have a special sequence of characters recorded on the log, as Cloudflare illustrated in detail in its analysis. And, as mentioned, the vulnerability can be exploited with ease: in the case of Minecraft, for example, it was possible to record the sequence of characters on the log simply by sending a message in the chat within the game.

Since the compromise of the Minecraft servers occurred, the security company Greynoise has detected an active scan in progress on the Internet that attempted to identify vulnerable servers. The researchers point out that they have observed that the vulnerability is exploited for various purposes: from the installation of malware to cryptomining, to the hardening of Linux botnets, passing from the extraction of data and configurations.

DuckDuckGo introduces a new tool to its browser to prevent apps from leaving traces on the internet

Most people use google chrome or firefox to browse the internet.
Although firefox is one of the best browsers (for computers and smartphones) there is an even better one (but only for smartphones) from the point of view of privacy: duckduckgo.
Maybe not everyone knows it but duckduckgo is also an alternative search engine to google.
As a search engine I don’t think it is up to par as many search results are not as relevant as google (or bing) but as a search engine it is unsurpassed.

A new tool from DuckDuckGo tries to prevent Android apps from tracking and tracking user data. It’s called App Tracking Protection, and it’s meant to offer greater protection from third-party trackers even over Apple’s App Tracking Transparency feature, introduced starting with iOS 14.5, which allows users to disable app tracking.

The news was reported by the same development team, which explains that the tool was not released as an update, nor as a dedicated app. Those who request to try the new anti-tracking tool must download the DuckDuckGo Privacy Browser from the Play Store and enable the feature. The Tracking Protection App will then work at the system level, and not just on the browser, preventing the tracking of data by third-party apps among those installed on the device.

Chrome, emergency patch released: update your browser now!

Google’s emergency release with Chrome 95.0.4638.69, for Windows, Mac and Linux. The purpose is to protect users from two 0-day saves already exploited. The columns are marked CVE-2021-38000 and CVE-2021-38003, and have already been spotted within exploits used by malicious actors. The advice is to immediately update your browser.

The update has already been released in the Stable Desktop channel and is automatically downloaded and installed on all installations. From the Chrome menu, you need to go to the About Chrome page and the download is done automatically. Finally, by pressing the Restart button, the software will be updated to the latest version available.
Chrome, uncovered and two exploited sockets

At the moment, no information has been disclosed on the techniques used by the malicious actors in the exploits, with Google that could wait some time for all browsers to be updated and are permanently safe from the two new flaws. From the beginning they were discovered together of 2021 0-day exploited on Chrome.

Hard blow for Facebook: the former IT engineer of the social network speaks (confesses)

Facebook “understands that if they change the algorithm to be safer, people will spend less time on the site, click fewer ads and earn less” – Facebook has put “profits above safety” of the public. The words of mole Frances Haugen, the former employee who plunged Zuckerberg’s company into its deepest crisis since Cambridge Analytics, are potentially devastating. In an interview with ’60 Minutes’ on CBS, she tells that she too presented complaints to the Sec, the American Consob, in which she accuses the social network of having hidden her research and her studies from investors and the public. The 37-year-old, brave and very knowledgeable. she is also the key source for the Wall Street Journal’s Facebook Files project. She has worked for several social networks, but on Facebook she found the situation “worst”.
Who is Frances Haugen the mole

But what did Haugen say about so explosive?

“I have repeatedly seen conflicts of interest between what was good for the public and what was good for Facebook. And each time Facebook chose what was best for its own profits,” explains Frances Haugen, who explains why she decided to become a ‘mole’ and denounce the company. Haugen is the one who provided the Wall Street Journal in recent months with internal documents that showed a hitherto unknown insight into Facebook.

“There was a security plan” and controls on hate messages and disinformation that appeared on Facebook, but “after the 2020 presidential election something has changed,” revealed Haugen, a Harvard graduate, hired in 2019 as a data engineer. The algorithms would change and the system would become “less secure”. From that moment – again according to Haugen’s version – the social platform allegedly loosened the censorship of hate messages and the contents that misinformed about the electoral result, eventually favoring the dissemination of messages on alleged fraud.

Haugen came out, showing her face and drawing a disturbing picture. Today he will be in Congress for a deposition. “They thought that if they changed the algorithms to make the system more secure, people would spend less time on social media, they would click ads less,” and Facebook “would make less money,” he said. said the former employee. “They always preferred her – she added her – profit over security.”

Haugen said she decided to wage this battle because she lost a loved one to conspiracy theories circulating on social media. She was very clear in her former employer’s assessment of her. “There were conflicts of interest between what was good for the audience and what was good for Facebook,” she said. “Facebook has chosen over and over to optimize for their own interests, how to make more money.”
The impact of Instagram on teenagers

On Instagram, the engineer argued that it has a dramatic impact on the lives of teenagers: “A research carried out by Facebook – he said – says that the young women who follow content related to eating disorder, the more they follow these issues, the more they become depressed. . And this leads to using Instagram more. “

In a written note, Facebook defended itself by arguing that the company “continues to make significant improvements to counter the spread of misinformation and content that can harm people. Claiming that we encourage bad content and do nothing to stop it is not true.”

The Best plugin for Google Chrome Browser

google-chrome
Here are some of the best plugins with which to navigate in peace. Obviously every plugin is not 100% effective, so I suggest you install even more plugins with the same function, so you will be sure to surf with total protection.

 

Flash Video Downloader

flash-video-downloader_26955

It is one of the best plugins to download videos of any kind: flash, youtube etc …

https://chrome.google.com/webstore/detail/flash-video-downloader/aiimdkdngfcipjohbjenkahhlhccpdbc?utm_source=chrome-ntp-icon

 

 

360 Internet Protection

360-total-security_97369

Together with Avast it is one of the best tools for the protection and security of unwanted web pages: indispensable.

https://chrome.google.com/webstore/detail/360-internet-protection/glcimepnljoholdmjchkloafkggfoijh?utm_source=chrome-ntp-icon

 

 

AVAST Security Browser

avast-online-security_100993
It collects data on phising sites and warns you if you are visiting one.
Provides access to Avast’s website reputation system, supported by a community of over 220 million users.
Shows the rating of a site next to its link in the search results.
Warns if you visit a website with a bad reputation.
Blocks intrusive advertisements and analytics sites and prevents you from tracking your online activities.

https://chrome.google.com/webstore/detail/avast-online-security/gomekmidlodglbbmalcneegieacbdmki?utm_source=chrome-ntp-icon

 

 

ADBLOCK ORIGIN

ublock-origin_66152

uBlock₀ is an efficient ad-blocker: it takes up little memory and little CPU, but can use thousands of filters more than other similar software.

https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?utm_source=chrome-ntp-icon

 

 

ADBLOCKER PLUS

adblock-plus_67580

Browse the web without annoying and intrusive ads.

Adblock Plus for Google Chrome blocks video ads, banners, pop-ups and other forms of intrusive and annoying advertising, as well as blocking tracking and malware.

An easy-to-use, customizable ad-blocking browser extension, Adblock Plus gives you control over your Google Chrome browsing experience. Block annoying and intrusive ads for a cleaner

https://chrome.google.com/webstore/detail/ublock-plus-adblocker/oofnbdifeelbaidfgpikinijekkjcicg?utm_source=chrome-ntp-icon

 

 

DISCONNECT

disconnect_102021

Disconnect lets you visualize and block the invisible websites that track you. Load the pages you go to 44% faster. Stop tracking by 2,000+ third-party sites.

https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo?utm_source=chrome-ntp-icon

 

 

GHOSTERY

unnamed

Ghostery allows you to view and block trackers on websites you browse to control who collects your data. Advanced Anti Tracking anonymizes your data to further protect your privacy.

Ghostery’s Smart Blocking feature speeds up page loading and optimizes performance by blocking and unblocking trackers according to page quality criteria.

https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij?utm_source=chrome-ntp-icon

 

 

PRIVACY BADGER

privacy-badger_71626

Privacy Badger 1.0 blocks spying ads and invisible trackers. It’s there to ensure that companies can’t track your browsing without your consent.

The extension is designed to automatically protect your privacy from third party trackers that load invisibly when you browse the web.

https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp?utm_source=chrome-ntp-icon

 

 

ZENAMTE

zenmate_59309

Our Web Firewall is a security solution that blocks malware, trackers & security threats, plus free Ad Blocker against Malvertising!
Based on the high performance uBlock Origin Engine, the fastest engine on the market, ZenMate Web Firewall is a unique & advanced Internet security solution and the ONLY ad blocker to include proprietary 0-day threat intelligence security.

You’re protected from malware, phishing, spyware & other security threats.

https://chrome.google.com/webstore/detail/zenmate-vpn-best-cyber-se/fdcgdnkidjaadafnichfpabhfomcebme?utm_source=chrome-ntp-icon

 

 

The best web brower for PC [2019]

bestbrowserweb2019

 

 

MOZILLA FIREOX

mozillafirefoxbrowser

Mozilla Firefox (known simply as Firefox) is a free and open source web browser descended from the Mozilla Application Suite. Firefox is highly extensible, with thousands of third-party add-ons available.

Firefox version 60+ (Quantum) is presently faster than Google Chrome and use less memory than Chrome. Compare to previous versions of Firefox, the Quantum version is twice as fast, promote parallelism, and has more intuitive user interface.

https://www.mozilla.org/en/firefox/new/

 

GOOGLE CHROME

googlechromebrowser

A free web browser developed by Google from the open source Small Chromium iconChromium project with a focus on speed and minimalism. Chrome offers fast start-up and web page loading, supports a minimalist user interface, automatically updates in the background, and offers syncing of browser bookmarks, extensions, passwords, and history between multiple computers by your Google account.

https://www.google.com/intl/en/chrome/

 

CHROMIUM

chromiumbrowser

Chromium is a free and open-source web browser developed by Google. It is a fully functional browser on its own and supplies the vast majority of source code for the Google Chrome browser. The two browsers have always had some differences, as indicated by their names: chromium is the metal used to make chrome plating.

The Chromium source code is also widely used by other parties to create their own browsers, in a similar manner as Google, while others simply build it as-is and release browsers with the Chromium name.

https://www.chromium.org/getting-involved/download-chromium

 

OPERA

operabrowser

Opera is a browser with innovative features, speed and security. Opera’s vision is to deliver the best Internet experience on any device and the company is committed to support and contribute to open standards.

The browser delivers a highly customizable start page (Speed Dial) where you can set your top sites and bookmarks, Off-road mode for data saving and faster browsing in slow networks such as 3G/2G and public Wi-Fi, a “Discover” page for getting the best of the web’s content; and in the desktop version Stash, a tool for comparing pages and “read it later”.

https://www.opera.com/en/download

 

VIVALDI

vivaldibrowser

Vivaldi is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Opera Software co-founder

Although intended for general users, it is first and foremost targeted towards technically-inclined users as well as former Opera users disgruntled by its transition from the Presto layout engine to a Chromium-based browser that resulted in the loss of many of its iconic features.[8][10] Despite also being Chromium-based, Vivaldi aims to revive the features of the Presto-based Opera with its own proprietary modifications.

As of March 2019, Vivaldi has 1.2 million active monthly users.

https://vivaldi.com/download/

 

PALE MOON

palemoonbrowser

Pale Moon is an open-source web browser with an emphasis on customizability; its motto is “Your browser, Your way”. There are official releases for Microsoft Windows and Linux, an unofficial build for macOS, and contributed builds for various platforms.

Pale Moon is a fork of Firefox with substantial divergence. The main differences are the user interface, add-on support, and running in single-process mode. Pale Moon retains the highly customizable user interface of the Firefox version 4–28 era. It also continues to support some types of add-ons that are no longer supported by Firefox.

https://www.palemoon.org/download.shtml

 

MICROSOFT EDGE

microsoftedgebrowser
Who uses windows knows that this browser will find it native already in the operating system. Although it has improved a lot compared to its predecessor internet explorer, it still remains far from browsers like mozilla, which allow the installation of plug-ins and personalization of the entire browser.

 

APPLE SAFARI

applesafaribrowser

It’s the apple browser. For windows there is only an obsolete version but for mac there is a more updated version which, however, in my opinion, is still lower than a browser like mozilla.

https://support.apple.com/downloads/safari

 

TOR

torbrowserdeepweb

Tor Browser is the best browser for anonymous browsing. Guarantees 99% security and also allows you to browse the deep web by connecting to its server. It is not an alternative to classic browsers because this browser has characteristic functions that others do not have. It is therefore advisable to have it with other browsers.

https://www.torproject.org/it/download/

Security problem for facebook: 489 million mobile phone numbers online

facebook

A new security problem for Facebook has been revealed at this time. This time the mobile numbers of users of the social network were affected; they were put online due to a baffling and inexplicable lack of attention in the management of the database that contained them.

Furthermore, something even more serious was discovered: that the database was not protected by any password, leaving the information available to anyone who knew how to recover them.

The figures of the numbers are impressive: according to the report there is talk of as many as 419 million telephone numbers connected to Facebook user accounts and easily accessible to anyone. Of the more than 400 million data, 133 million were US users.

However mobile phone numbers were not directly associated with name and surname but only with an identification number, with which it is difficult to trace the user’s first and last name.