Hackers Are Using Google Analytics to Steal Your Credit Card Information

Search Engine Journal | June 29, 2020

Hackers Are Using Google Analytics to Steal Your Credit Card Information
Hackers are using Google Analytics to steal credit cards, passwords, IP addresses... basically everything shared with a hacked site. An investigation by Kaspersky Lab has uncovered a new hacking technique that uses Google Analytics to steal credit card numbers, user agents, IP addresses, passwords… basically everything. This isn’t an exploit in Google Analytics itself. Hackers are exploiting the trusted status given to Google Analytics by all browsers in order to steal information from hacked sites by using Google Analytics as a way to transfer that data. Kaspersky’s report noted that the exploit is stealing everything that is shared with the affected website, including credit card information but presumably that means password information as well. The exploit apparently steals “everything” from passwords, name and address, credit cards and even the personal information of the person sharing their information.

Spotlight

Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantra a reality. More and more employees use their own mobile device in the workplace, a phenomenon known as “Bring Your Own Device” (BYOD), resulting in employees using the same device for personal and business purposes.This document is designed for security architects, line-of-business managers, and Information Technology (IT) staff. To avoid disrupting the reading flow, we provide an appendix at the end of the document briefly describing the main technologies leveraged by Oracle Mobile Security.

Spotlight

Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantra a reality. More and more employees use their own mobile device in the workplace, a phenomenon known as “Bring Your Own Device” (BYOD), resulting in employees using the same device for personal and business purposes.This document is designed for security architects, line-of-business managers, and Information Technology (IT) staff. To avoid disrupting the reading flow, we provide an appendix at the end of the document briefly describing the main technologies leveraged by Oracle Mobile Security.

Related News

DATA SECURITY

Celerium announces a partnership to bring cybersecurity and CMMC awareness to the Danish defense industry with CenSec

prnewswire | February 10, 2021

Celerium Inc. reported today another association with CenSec, the superb Danish bunch association for organizations work in innovative enterprises like safeguard, country security, space, aviation, and online protection. CenSec overcomes any issues between regular citizen organizations, the Armed Forces and other Governmental specialists with the target to build up a solid safeguard and security industry and to fortify those little and medium-sized Danish undertakings which are - or need to become - part of the business. CenSec is the world's just guard , space-, and security-group that holds the elite Gold Label affirmation, which is the most elevated positioning of bunch associations. CenSec will be an individual from Celerium's CMMC Academy International Alliance program with an end goal to carry CMMC attention to the Danish guard industry. The CMMC program, which represents Cybersecurity Maturity Model Certification, was created by the U.S. Branch of Defense related to Carnegie Mellon University with an end goal to improve network protection across the safeguard inventory network. It is intended to give versatile network safety prerequisites dependent on five unique degrees of consistence. Appropriately, prime project workers and their subcontractors might be needed to conform to CMMC to be qualified to be granted DoD contracts – and organizations inside different enterprises and worldwide nations might be affected.

Read More

DATA SECURITY

Online Gaming is according to Nexusguard Research, a hotbed for DDoS attacks

businesswire | December 15, 2020

The expansion in web based gaming stood out from assailants, coming about in almost 77% of digital assaults focusing on internet gaming and betting enterprises in Q3 2020, as per the Nexusguard Q3 2020 Threat Report. In excess of 33% of these amusement assaults zeroed in on internet gaming targets. Nexusguard experts likewise revealed a 287% expansion altogether DDoS assaults in the second from last quarter contrasted with a similar period a year ago. Web based gaming stages' affectability to idleness and accessibility issues makes them ideal DDoS assault targets, and the internet gaming climate is target-rich for culprits to underwrite during the pandemic. The lockdown and social separating measures upheld during the pandemic caused commitment in home diversion—internet gaming, specifically—to take off while films, bars and other regular amusement scenes stayed shut. Gamers have become a powerful objective for aggressors, especially in light of the fact that they are genuinely connected with, socially dynamic, and regularly spend discretionary cashflow on their gaming accounts. Albeit web based gaming is profoundly touchy to idleness and bundle misfortune, Nexusguard scientists caution delicate discovery and high-limit alleviation alone are inadequate to defeat enormous DDoS assaults. Gaming ventures and specialist organizations should team up to battle assault strategies through a blend of innovation, information sharing and best security rehearses. “Online gaming is snowballing in part due to the growth of cloud computing as well as the limited options for home entertainment during the pandemic, providing cyber attackers with a wide population of targets to exploit,” said Juniman Kasman, chief technology officer for Nexusguard. “Game service providers, CSPs and other organizations should take steps to safeguard service, including segregating applications to minimize collateral damage or rehearsing incident response drills to reduce service disruption during attacks.” Concerning internet gaming, 99.5% of digital assaults were volumetric in nature, with 99.4% of assaults comprising of single vector assaults. Culprits expect to devour all transmission capacity so gamers endure the symptoms of idleness and afterward change to game worker has with quicker and more steady network. Nexusguard's DDoS danger research provides details regarding assault information from botnet examining, honeypots, CSPs and traffic moving among aggressors and their objectives to assist organizations with distinguishing weaknesses and remain educated about worldwide network protection patterns. Peruse the full Nexusguard Q3 2020 Threat Report for additional subtleties. About Nexusguard Founded in 2008, Nexusguard is a leading cloud-based distributed denial of service (DDoS) security solution provider fighting malicious internet attacks. Nexusguard ensures uninterrupted internet service, visibility, optimization and performance. Nexusguard is focused on developing and providing the best cybersecurity solution for every client across a range of industries with specific business and technical requirements. Nexusguard also enables communications service providers to deliver DDoS protection solution as a service. Nexusguard delivers on its promise to provide you with peace of mind by countering threats and ensuring maximum uptime. Visit www.nexusguard.com for more information.

Read More

HPE Announces the Inclusion of BrickStor SP to Combat Ransomware Attacks

HPE | May 29, 2020

Hewlett Packard Enterprise (HPE) has announced the inclusion of RackTop Systems' BrickStor SP in its Complete program. BrickStor SP is a data security software platform that boldly claims to eliminate the threat of ransomware attacks and data breaches. Together with HPE and their world class secure and versatile hardware, for the first time, customers can achieve end-to-end infrastructure security. Hewlett Packard Enterprise (HPE) has announced the inclusion of RackTop Systems' BrickStor SP in its Complete program. BrickStor SP is a data security software platform that boldly claims to eliminate the threat of ransomware attacks and data breaches. The platform was built by Department of Defense intelligence community veterans charged with protecting the United States’ data while meeting the nation's data security compliance regulatory requirements. HPE plans to resell RackTop BrickStor SP software with its own ProLiant and Apollo Servers to meet the high-security file-storage needs of ]the federal government. RackTop Systems CEO Eric Bednash said a prevailing failure to update their cybersecurity tools is making organizations in the United States vulnerable to cyber-attacks. “Enterprises and government entities are losing the cyber-war because they are using old tools and 90’s design standards which are largely focused on stopping network infiltration, rather than protecting data," said Bednash. "Based on our experience, most of the bad guys are already inside the network today." Explaining how RackTop's platform works to block ransomware attacks, Bednash said: “BrickStor attacks the problem properly by securing unstructured data at its source so that it can’t be seized, maliciously encrypted, or exploited. Read more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES “Enterprises and government entities are losing the cyber-war because they are using old tools and 90’s design standards which are largely focused on stopping network infiltration, rather than protecting data," ~ Eric Bednash CEO RackTop Systems Together with HPE and their world class secure and versatile hardware, for the first time, customers can achieve end-to-end infrastructure security from a single vendor without gaps or loosely coupled bolt-ons.” Rapid and unstructured data growth can result in information's not being stored securely, making an organization vulnerable to cyber-attackers. Chris Powers, VP, Collaborative Platform Development, HPE Storage and Big Data, said RackTop tackles this issue by embedding its security and compliance software within a scalable data-storage system for unstructured files, protecting it at the source. "Together with HPE and their world class secure and versatile hardware, for the first time, customers can achieve end-to-end infrastructure security from a single vendor without gaps or loosely coupled bolt-ons.” BrickStor SP fills a high data security need in the storage market. We are entering a new era in IT infrastructure where security and compliance are a necessity,” said Powers.“RackTop’s storage software and security platform is a natural fit with our ProLiant and Apollo Servers which feature silicon-anchored, cradle-to-grave security. Together we bring our Federal Government customers a complete Zero Trust data security solution. This data availability best practice is designed to ensure that all businesses effectively prepare for and avoid potential data loss and downtime from ransomware attacks. By following industry best practices, IT managers can avoid paying ransom and create a rock-solid data availability solution for day-to-day operations by leveraging both HPE and Veeam software. Ransomware is a particularly malicious and scary form of malware. Just about anyone can understand it well enough to be terrified of it. Without warning, you will have a choice: come up with a lot of cash quickly or see your business disappear. What is ransomware? After gaining access to your computers, the attacker runs software on it that encrypts all the data and deletes unencrypted copies. You get a ransom note that tells you to pay a certain amount in a cryptocurrency, after which you will receive a key and software to use to unencrypt the data. The criminal gangs behind many of these attacks have adopted advanced technology, including artificial intelligence. This improves the sophistication of their attacks, greatly increasing the chances of their success in getting a foothold in the victim’s network. From a purely technical standpoint, ransomware is just another kind of malware, a malicious program that has been allowed to run on your systems with privileges sufficient to cause damage. Read more: MICROSOFT: MASSIVE COVID-19 THEMED PHISHING CAMPAIGN UNDERWAY TO GAIN REMOTE ACCESS

Read More