There is a new highly unusual and potentially embarrassing strain of malware that you need to be aware of.
It has been dubbed BIOPASS by the Trend Micro researchers who first discovered it. The new malware will live stream your computer activities all while allowing the whole world to tune in and watch whatever you happen to be doing.
The hackers responsible for BIOPASS recently compromised a number of online gambling sites and are using them to infect unsuspecting victims if they venture onto the online support chat page of a compromised gambling site.
At the root BIOPASS is a Remote Access Trojan. Despite its unusual live streaming feature it can do everything that most RATs can do. So once it has found its way onto your computer in addition to potentially embarrassing you the hackers controlling it can make off with a wide range of personal and sensitive data on your system.
Trend Micro had this to say bout the newly discovered threat:
"If the script confirms that the visitor has not yet been infected, it will then replace the original page content with the attackers' own content. The new page will show an error message with an accompanying instruction telling website visitors to download either a Flash installer or a Silverlight installer, both of which are malicious loaders."
This is a serious threat. According to Trend the malicious code is actively being refined and further developed. At this point there's no clear indication exactly who is behind the code. The researchers said that it was most likely the work of a well-heeled Chinese hacking group called Winnti also known as APT41.
If you or anyone you know frequents online gambling sites be especially vigilant or the whole world might get a first hand look at whatever you're doing on your computer.
Do you have a Ring Doorbell? They are offered by Amazon and they're a wildly popular smart device that allows you to keep tabs on who's coming to or walking by your door. The doorbell's camera records video and saves it to the cloud so you can review it at your leisure.
Unfortunately there's a problem. The videos on the cloud aren't secured and it's not difficult for hackers to gain access to them. It is easy for law enforcement to access them too for that matter. This is something that privacy advocates around the world have been complaining about since the Ring was first introduced. Now Amazon has done something about it.
Recently the company added E2EE (End to End Encryption) to the Ring but they've included it as an optional security feature. If you're concerned about privacy and you want to make use of the new feature you'll need to install the latest version of the Ring application on your phone then specifically opt in to using E2EE. If you opt in you'll be required to set a password and you'll need to remember it because AWS won't keep a copy or store it anywhere.
Unfortunately E2EE isn't fully integrated into the product line and specifically it won't work with the company's best-selling and lowest-priced unit. You should also be aware that although law enforcement won't automatically have access to your doorbell's videos they can still request access to the footage. If your town's police force has partnered with Ring you can expect to get email requests from local law enforcement officials any time a crime is committed in your immediate area.
Although the new encryption feature isn't perfect it is a powerful step in the right direction. Kudos to Amazon for taking steps to make the Ring doorbell and the video it takes more secure.
American fashion retailer Guess recently became the latest in a seemingly unending parade of big-name companies to suffer a data breach.
The company's breach notification letter was mailed to all customers whose data was compromised. The letter states that an unidentified party gained access to Guess' systems between February 2nd and February 23rd of this year (2021).
The company discovered evidence of the breach on May 26th and determined that the personal information of some Guess customers had been accessed. By the 3rd of June, the company, a third party security vendor, and law enforcement officials had finished a review of the data that was accessed. They then began contacting all individuals impacted by the breach as of June 9th.
The company is offering a year of free credit monitoring to all impacted individuals as is often the case in data breaches.
The letter being sent to impacted individuals reads in part as follows:
"On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor. The investigation determined that Social Security numbers, driver's license numbers, passport numbers and/or financial account numbers may have been accessed or acquired."
The breach notification letters give no indication as to the scope and scale of the breach. The information filed with Main's Attorney General indicates that just over 1300 people had their data compromised during the attack.
Guess' breach notification gave no indication of who may have been behind the attack. However security researchers have found circumstantial evidence on the Dark Web that points to the DarkSide ransomware group.
If that name sounds familiar to you it's because they're the group behind the recent Colonial Pipeline attack that brought fuel deliveries to a standstill in the southeastern United States for the better part of two weeks. Not long after the Colonial attack the FBI seized significant portions of the group's infrastructure and they ceased all operations in late May. Now they seem to be back with a vengeance.
There's good news for anyone who uses the Firefox web browser. Beginning with the release of Firefox 87 which was released in March of this year (2021) Mozilla has introduced a new SmartBlock feature.
The new feature helps ensure that when users enable 'Strict Mode' for their Tracking Protection that it will not break websites when blocking tracking scripts.
The company had this to say about the feature:
"SmartBlock 2.0 combines a great web browsing experience with robust privacy protection, by ensuring that you can still use third-party Facebook login buttons to sign in to websites, while providing strong defenses against cross-site tracking.
Third-party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website."
It may seem like a small change but it's incredibly significant. Legions of users rely on the easy access and convenience that Facebook, Google and other login buttons provide. Until now those users had to choose between convenience and greater protection. Now there's no need to choose. Users get the best of both worlds.
It gets better. Mozilla also announced that Total Cookie Protection will be enabled by default in private browsing windows beginning with Firefox 89. On top of that Mozilla will be rolling out an advanced Site Isolation security feature which is meant to provide greater protection against attacks launched from malicious websites.
In all Mozilla has been incredibly busy in recent months introducing nearly a hundred new features and changes to their Firefox browser.
If you find yourself increasingly dissatisfied with your current browser and are looking for a capable alternative with a number of attractive features Firefox is certainly worth giving a try. Download the latest version today.
Change is coming to Gmail. Recently as a courtesy of a new agreement between Google and the AuthIndicators Working Group you'll soon begin seeing BIMIs (Brand Indicators for Message Identification). The brains behind BIMI describe their product as an email specification that allows the use of brand-controlled logos within supported email clients.
AuthIndicators is steered by a committee of representatives from a variety of companies including Google, Fastmail, Proofpoint, Twillio, Mailchip, Verizon Media, Vaililmail, Validity, and SendGuard.
Valilmail's Chief Product Officer and chairman of the AuthIndicators Working Group had this to say about the new standard:
"We've been an avid supporter of BIMI since Valilmail's founding in 2015. With a goal to improve the ecosystem for everyone, BIMI enables brands to deliver their logos alongside email messages to billions of inboxes worldwide, increasing customer engagement with those messages and boosting brand trust.
For the brand's logo to be displayed, the email must pass DMARC authentication checks, ensuring that the organization's domain has not been impersonated. By displaying the sending company's logo next to an email, BIMI provides a visual cue to the recipient that the email has been authenticated and the sender is not spoofed."
Google's Wei Chuang and Neil Kumaran added:
"BIMMI provides email recipients and email security systems increased confidence in the source of emails, and enables senders to provide their audience with a more immersive experience.
This is just the start for BIMI. The standard expects to expand support across logo types and validators. For logo validation, BIMI is starting by supporting the validation of trademarked logos, since they are a common target of impersonation."
This is a superb change that is now or soon to be available to billions of inboxes worldwide with Gmail, AOL, Yahoo, and Fastmail fully onboard. If you're not seeing the branded logos yet you will soon.