Categories
Noticias Seguridad

what it is and how it can affect us

Dark Web Monitoring

The hackers they are constantly looking for ways to steal personal data from users on the network. There are many strategies that can be followed. We speak, for example, of Phishing attacks, sneaking malware onto computers, exploiting vulnerabilities …

It is true that we can make use of multiple tools with which we can protect ourselves. This is very important to keep our equipment protected and that our personal information do not leak on the internet. Yet they are constantly looking for ways to bypass all these measures.

Something that cybercriminals usually take into account is what is known as dark web monitoring. It basically consists of constantly tracking this part of the network to detect possible leaks, personal data that they have stolen, etc. Hackers can get alerts whenever something new comes along that they can leverage to achieve their goals.

However, when we talk about active monitoring of the Dark Web, we are not only referring to the negative side. In other words, not only cybercriminals carry out this action. Keep in mind that there are also ethical hackers and even security tools that can crawl this hidden part of the Internet to detect potential problems and correct them as soon as possible. A way to alert users so they know that their passwords have been leaked or that there has been some data theft.

We already know that there are tools to know if our password has been leaked on the Internet or our personal data has been compromised. This is, in part, thanks to active monitoring of the Dark Web. There are also many ways to learn ethical hacking.

Tips to prevent data from ending up on the Dark Web

We have seen what active monitoring of the Dark web, something hackers and security researchers can do for our benefit. Now we are going to give a series of essential tips to avoid being victims and that our data and personal information ends here.

Something fundamental will always be protect equipment correctly. It is very important to have security programs that can prevent the entry of intruders, that allow blocking malicious software of all kinds. We have many alternatives in this regard, but something basic is to always have a good antivirus.

It will also be very important upgrade systems and whatever program we use. On many occasions, hackers take advantage of these flaws to steal personal data that ends up on the Dark Web. We must install all the patches and updates that may be.

But if there is something that can really help, it is not make mistakes. We must never show public information on the network, such as our email when writing a comment on a public article or making mistakes when registering on platforms and using passwords. This will be key to preventing data from ending up on the Dark Web.

Categories
Noticias Seguridad

How to see if the latest threats have stolen passwords

Check if passwords have been stolen in Windows

This time it is a leakage of personal data. A new threat has managed to steal browser cookies, millions of files, emails, and login credentials. These files also included personal passwords. There have even been techniques to take screenshots when the victim logs in.

Now, what happens to all that stolen data? Cybercriminals usually steal passwords to access social networks, streaming video platforms or email. This can end in the Dark web, available to anyone who wants to pay for it.

As we can see, it is one more way to profit. At the end of the day, our personal information has a great value in the network, but even more so the access codes. Hence, we must be prepared to maintain security and not make any mistakes.

Since NordLocker indicate that today anyone can access custom malware capable of attacking other users with the aim of stealing passwords. We are no longer talking only about a specific malware that affects Windows, but also Phishing attacks or any other tool capable of collecting personal information.

One thing we can do to find out if we are victims is to quickly check if passwords have been leaked. We have the possibility to use Have i been pwned, an online platform that allows us to know if our password or e-mail address have been compromised in a security breach.

It is very useful not only for this particular case, but for any other attack that may have occurred at some point. We will be able to know if our access codes have been leaked and thus take action as soon as possible.

Tips for protecting passwords

It is very important to always create keys that are strong and complex. We should not use any password that we can easily memorize or that we are even using elsewhere. It should contain letters (uppercase and lowercase), numbers, and any other special symbols that may offer good protection.

In addition, as an additional measure we can use the two-step authentication, something that is increasingly present. This adds an extra layer of security that is very useful to protect our accounts. Basically it is a second code that we must put when logging in.

Another issue to consider is to use password managers. They will help us to create strong keys, but also to remember them in a safe place. We have many options in this regard and without a doubt it is something that comes in handy. Of course, using key managers in the browser can be dangerous.

In short, it is as important to create strong passwords as it is to periodically check if they have been leaked. We have seen what to do to easily find out if we have been victims of any of the many threats that are present.

Categories
Seguridad Tutoriales

How to limit access to the USB ports on my Windows computer

Now we are going to briefly explain how we can get infected through a USB device, and some little tips to avoid it.

The danger of USB and tips to avoid risks

Use a USB memory or USB hard disk It is something very common, although it must be recognized that the former are used more. We can use them to transfer files from one computer to another, share information with other users, go to a copy shop to print documents or carry personal or work documents. However, even if we have our computer protected, simply by plugging in a USB memory it can happen that our computer can be infected with malware, a virus or a Trojan. In that sense, it must be taken into account that this type of device can pass through many computers.

The infection occurs when a file called Autorun.inf contains malicious code. This type of file is legitimate and many of you will have seen it on a CD or DVD so that it executes a menu upon insertion. The problem is that when it contains malicious software, the file runs automatically without user permission, and copies a malware-laden executable to a hidden directory on the system and runs in the background. Once executed, malware tends to create replicas of itself throughout the computer, making it very difficult to disinfect the computer once it is infected. In addition, they are configured to infect any USB stick that we introduce to the computer, in order to continue infecting new computers.

Therefore, one way to defend yourself against this malicious software is to use USB execution blockers to limit USB access to your computer. Thus, only the USB sticks that we want can be executed with our permission.

Some tips that can help us improve our security are:

  • Avoid using unsafe equipment, for example, public computers where many people spend daily.
  • Use multiple USB sticks, dedicate a pendrive for when, for example, we have to print a document in a store.
  • Encrypt memories and files, especially from confidential and personal files. This can also be useful to us in case of loss.

Next, we will see a series of tools to control the USB ports of our computers.

Removable Access tool

Removable Access Tool also known as Ratool is a free, portable and easy-to-use program that helps in controlling external storage devices such as:

  • USB sticks,
  • CD / DVD drives and floppy disks.
  • WPD tapes and devices.

Thanks to this program, we can limit USB access to the computer by disabling access to USB storage or enabling write protection to prevent our data from being modified. If you want to try Ratool you can do it from the Sordum team website using the following link. It supports from Windows 7 to Windows 10 and has versions for 32 bits and 64 bits. This is the main screen of the program:

With Removable Access Tool we can easily limit USB access to the computer. In this case, it has 3 operating options:

  • Default mode: allows USB reading and writing.
  • Read only mode: allows only reading from the USB memory, but the system cannot write anything to it. It is a good solution when we have an infected computer and we want to avoid the infection of our USB memory.
  • USB lock: Does not allow detection of USB memory on the computer.

It also allows blocking the USB connection of a smartphone. For this, we would go to Options, WPD Devices and we click on Block devices.

On the menu Settings, we can also set a password to prevent unauthorized changes.

Finally, it should be noted that you can change to different languages ​​including Spanish and in the menu Options we can choose to block or unblock removable drives allowing or denying access to them or disabling the automatic execution.

SysTools USB Blocker

SysTools USB Blocker It works on any version of Windows, such as Windows 10, 8, 8.1 and 7. It is a USB blocking tool that can limit USB access to the computer. Once launched it allows us to:

  • Block all USB ports on any computer.
  • Computer username and password are required to block or unblock ports.
  • Lost user password recovery via email address
  • Set a new password for locking and unlocking the USB ports.

This is the main screen of SysTools USB Blocker:

In this case, it should be noted that we have a 7-day demo version, and then, if we are interested, we will have to choose to buy the program. This tool can be downloaded from here.

NetSoftwares USB Block

With USB Block From NetSoftwares we can prevent data leaks by restricting USB drives, external devices, network computers and the ports of our PC. In addition, it allows you to whitelist your own portable drives and block the rest.

If you want to download USB Block you can do it from your official Web site. This program offers us:

  • Protect our confidential files against theft.
  • Authorize trusted USB devices and drives so that we can add them to a white list.
  • Monitoring of hacks and incorrect password attempts.

This is the main screen of the USB Block:

One thing to note is that if we want to use this software without trial reminders or limitations, we must buy the full version.

Netwrix Auditor

Netwrix Auditor, In addition to limiting USB access to the computer, it offers more functionalities. In that sense, it offers additional features for IT professionals who must balance legitimate business need with the use of USB storage devices while maintaining robust security.

In this case we have a version with a 20-day trial that you can download from this link. Some of its functions are:

  • Strengthen security by staying on top of critical user activity. An example is changes to access permissions or USB control settings in group policy.
  • Minimize the risk of data loss by detecting and remediating internal and external threats with alerts.
  • Detection of potentially harmful files in shared files.

USBDeview

USBDeview is a free little utility from NirSoft that lists all the USB devices that are currently connected to your computer and the USB devices that you previously used. This is the main screen of the program:

If you want to try the program you can do it from the following link. Also, for each USB device it shows extended information with name, description, device type, serial number and more. USBDeview will also allow us to uninstall the USB devices that we used previously, disconnect the USB devices that are currently connected to our computer and as well as disable and enable the USB devices.

As you have seen, to limit USB access to the computer we can use all this software for Windows computers.

Categories
Noticias Seguridad

TLS servers at risk from a new attack

ALPACA, a new attack against TLS servers

Man in the Middle or middle man attacks allow an attacker to interfere with a connection. It could read the information that is sent or received, strain data, or even modify it. For example, we can mention when a user connects to a public Wi-Fi network in a shopping center and sends information in plain text. There may be a hacker on that network collecting the data that is sent and received.

Now, there are different types of attacks. On this occasion, a group of German security researchers has discovered a new method called ALPACA. The objective is exploit TLS servers, which is the Internet standard in charge of ensuring communications between servers and clients.

What an attacker does using this method is redirect web traffic from one subdomain to another. This results in a valid TLS session, but redirects HTTPS requests from the browser.

The name ALPACA comes from Application Layer Protocol Confusion – Analyzing and mitigating Cracks in TLS Authentication. Researchers have shown that an attacker could redirect HTTPS requests from the victim’s web browser to SMTP, IMAP, POP3, and FTP servers. It could get to extract session cookies and private information, as can happen in attacks of this type. You could even arbitrarily execute JavaScript to bypass TLS and bypass web security.

Many web servers can be vulnerable

An important fact is that they found that 1.4 million web servers they could be vulnerable to these attacks between protocols. They could therefore carry out an ALPACA attack with the aim of confusing the data of the TLS application.

Although security researchers indicate that it is difficult to pinpoint exactly who could be vulnerable, they indicate that being a flaw that is within the TLS authentication of servers, anyone using this could be considerably vulnerable. However, they also ensure that for practical purposes this vulnerability can only be exploited in certain circumstances.

Something fundamental to carry out this threat is that they are going to need a Man in the Middle attacker who is active. It will be necessary to intercept and modify the data sent from the victim’s browser to the web server. This could especially happen on a local network.

To avoid this type of problem, as well as any other that may arise at any given time, it is essential that users have the latest versions of the browser and any program that connects to the network. Any vulnerability that may appear must always be corrected.

Categories
Noticias Seguridad

how it could help our privacy

Reasons to spoof or hide the IP

Among all the options we have to improve the Privacy & Security When using devices connected to the network, one that we can highlight is to hide the IP address. By falsifying it, we can prevent our data from being leaked and made available for hackers to use it to achieve their objective.

We are going to show some main reasons why it can be interesting at any given time to spoof the IP. We have already seen previously how to hide the IP. There are very simple methods that can help us in our day to day.

Browse with greater privacy

One of the main reasons is improve privacy when browsing the Internet. Simply by visiting a web page we can show our IP, as well as information from our system. This could also end up in the wrong hands, since if we navigate through an unsafe site or one that has been attacked, they could take advantage of the situation.

Therefore, we can falsify the IP to improve our privacy on the network. It is something that users value a lot and luckily we have a wide range of possibilities to achieve it in any type of device that we use.

Avoid geographic restrictions

Another very important question is that of avoid restrictions geographic. Let’s say that for example we want to enter an online service to watch a series or movie. That platform may not be available at our location, if for example we are traveling abroad. The best way to avoid this is by modifying the IP address.

It would also serve to avoid censorship that may exist in certain territories of the world. Sometimes it may be impossible to access certain social networks or messaging applications from certain countries. We can avoid it if we falsify the IP.

Avoid attacks

Of course we can also prevent cyber attacks. If our IP address is exposed on the network, it could be used by hackers to carry out multiple attacks. This would inevitably put our safety at risk.

Avoiding attacks on the network is very important and we can make use of multiple tools. One of the options we have is to hide the IP address. For this we can make use of VPN services or browse through a proxy.

Hide physical location

Through the IP address they could obtain a wide variety of information. One of the data would be to find out which is our actual physical location. At least roughly they could know exactly where we are, beyond knowing the country or region.

Therefore, by hiding the IP address we would also be protecting our physical location. It is another reason to spoof the IP. We can easily achieve this through different methods, as we have mentioned.

In short, spoofing or hiding the IP address can be interesting for many reasons. It is important to always maintain security and privacy when we surf the net and for this we can use different programs and methods.

Categories
Noticias Seguridad

How long can it take to use a stolen key on the Internet?

Hackers constantly test leaked keys

A group of security researchers from Agari have run a test to see how long it would take cybercriminals to test user passwords that have been leaked on the internet. They have used false passwords, which actually pretend to be original, to be real accounts.

To carry out the test strategically they exposed several thousands of passwords In the net. They pretended that they were real keys, accounts that they created for the occasion. This way they had enough to see what would happen.

They found that hackers act fast. They can quickly use a password that for some reason has leaked into the network and has been exposed to anyone. Specifically, according to the study carried out by Agari, they access on average within 12 hours of being filtered.

However, time can be much faster. In fact, they saw that they tried to access 20% of the keys that they leaked on the network in less than an hour and 40% in the first six hours. This undoubtedly shows how quickly cybercriminals scan the network for possible passwords that have been leaked, Phishing attacks or any security problem.

They tried to manually access almost all

Another result obtained by Agari’s security researchers is that intruders, in most cases at least, attempted to manually access the supposedly leaked accounts. They do this to check if the credentials really work and can be accessed.

Researchers indicate that it is a tedious process having to test the access codes manually, but in this way they also obtain benefit. This benefit basically consists of being able to analyze the account one by one and see what kind of information they can obtain and in what way they could exploit it economically.

Keep in mind that information has great value on the net. Not all accounts are going to work for hackers in the same way. A social network, where they could find the victim’s data, be able to contact third parties to send Phishing attacks on the victim’s name, is not the same as, for example, a bank account or a subscription on a payment platform.

Therefore, with this study, what security researchers have shown is that any leaked password on the network can quickly end up in the hands of cybercriminals. Hence the importance of always creating passwords that are strong, secure and changing them periodically. In addition, you have to be careful of certain aspects such as the risk of using key managers in the browser. Our advice is to properly protect any type of registry and, if we have that possibility, have two-step authentication to create an extra layer of security.

Categories
Noticias Seguridad

Two-step authentication might fail and not protect

Two-step authentication is not completely secure

We always say that it is essential to have a good key to protecting our equipment. We must use passwords that have different symbols, letters and numbers to create adequate protection. However, none of them is totally infallible, since there can always be a security breach, a leak or that they can find out through some type of malware.

That’s where two-factor authentication comes in. Basically we can say that it is an extra layer of security that can help protect our accounts. It is a second code that we receive and that complements the password. In this way, a possible intruder could not enter even knowing the password.

But of course, nothing is perfect. Two-Step Authentication, although highly recommended, is not foolproof and could have certain security issues. This means that we should take precautions and not think that our accounts are 100% protected.

Vulnerabilities in the system

One of the most common problems where two-step authentication may not be 100% effective is the vulnerabilities what’s in the system. There may be security problems that are exploited and allow an intruder to access the codes that come to us by SMS, for example.

Many IT security experts say that, while it is better than nothing, enabling two-step authentication via SMS is not the best idea. An example is what we have mentioned, that a possible attacker had access to these messages due to some malware or system failure that they can use.

Social engineering attacks

The social engineering It basically consists of finding a way to trick the victim into doing something. A clear example is Phishing. They send a message or email prompting you to open a link or log in. But the techniques they use can be very diverse and even compromise two-step authentication.

Let’s say that an attacker has achieved our password to enter a social network or bank account. Will you need that second code, which could be a series of digits that we receive by SMS. If you do not have access to our phone, it would be difficult for you to enter.

This is where social engineering comes in. You could call the victim posing as a bank employee stating that there has been a problem and that they need to verify that we are the legitimate users, for example. They tell us that we are going to receive a code by SMS and that we tell them to verify our identity. Logically, that message will contain the multi-factor authentication code.

Therefore, we can say that two-step authentication is very interesting to improve security, but nothing is completely effective. It is essential to keep this in mind, as in the end it will be the combination of many methods and strategies that can protect our records on the web.

Categories
Seguridad Tutoriales

IP blocking, banning and spam

I cannot enter a website: causes and reasons

We are sure that, on some occasions, you have tried to enter a web page and an error message appears, and even a message indicating that we are prohibited from access with the message “Forbidden”, or directly indicates that we do not have the necessary permissions to access said website. The administrators of a website can block different users to prevent them from accessing, the reasons are very varied, although they all have their own logic. However, we already anticipate that many of the locks that can be made on a website, we could skip them with different tools and tricks.

The main reasons why you cannot enter a website are varied, although they all have their logic, and it is completely normal that they have decided to block you based on a series of compelling reasons.

Public IP on a blacklist

Our public IP address provided to us by the internet operator may be on a blacklist, also known as a blacklist. Websites typically have tools with the aim of banning access from IP addresses that are in different databases of malicious IP addresses, spammers, malware distribution, and more. It is very likely that you are not a spammer nor do you dedicate yourself to the distribution of malware, but since your IP address is on this list, you will be blocked. Above all, in the main Internet forums, tools are incorporated to prevent unauthorized registration by blocking source IP addresses that are widely known as spammers.

The easiest solution to get out of this black list is to change your public IP address, restarting your WiFi router so that the operator provides you with another one that is not on this black list. If you have a fixed IP address, then changing the IP is more complicated, also, you could lose access to your servers. In this case, you could contact different blacklist databases, and wait until the database updates and removes your public IP address from the list. However, the easiest way to enter the websites that have detected you is by changing your IP using a VPN or Proxy service.

User blocked for different reasons

If you try to enter a website without logging in and you can enter without problems, but when you log in with your registered user is when it tells you that you cannot visit the website, it is very likely that the user has been banned (and it is also possible that your IP address has been banned). This happens because you have committed an infraction to the rules of the website or forum, and you have been banned temporarily or permanently, therefore, you should take it into account.

To avoid this, our recommendation is that you change the public IP, and re-register using a completely different nickname and another email account, because they will also have blocked the email address used in the previous registration.

Geo blocking

The main websites of streaming services and Internet TV, limit their services only to a certain country, not being able to access from another different country. For example, if we try to enter websites like Atresplayer from other countries, it will indicate that we are not allowed to see any type of content outside of Spain, because they have imposed a regional block on us, but this would happen to anyone who tries to access outside of Spain .

Geographical location by IP

If you are physically in Spain and you get this message, it is probably because the database of Spanish IP addresses they use is not up to date, and you have a public IP that in the past was hosted in countries like France (it can happen if you have Orange) , or in other countries where operators have bought IP addresses because they have already exhausted the previous ones. What you can do in this case is, either restart the router so that they provide you with another public IP that is cataloged as Spanish, or use a VPN service that is in Spain to bypass this geo-blocking.

Block for using ad blocker

When we use an ad blocker in our web browser, such as uBlock Origin or the popular AdBlock Plus, it is very likely that on certain websites you will not be able to enter. This is because they have ad blocker detectors, and they prevent you from entering unless you disable the ad blocker. To be able to enter you have two main options, or deactivate the ad blocker, or configure it in an advanced way so that it also blocks the ad blocker detector.

The latter is the most effective, we will be blocking all the ads and we will be able to access the web without limitations, but it is also the most complicated since you will have to inspect what is detecting you and how to do it, so the simplest thing is disable ad-blocking only on that specific website.

How do they block me when accessing a website

Websites normally block users via IP address, by banning an IP address the website will check the source IP address and block all requests that it is making, of course this can also be configured at the level of firewall, preventing any communication with a specific source IP. Blocking through the firewall can be done on the web server directly with the typical ModSecurity, or directly on the firewall that is placed in front of the web server to protect it from DoS and DDoS attacks.

In the event that the website has a registration, then they will block you based on the nick used in the registration, the IP address associated with said nick, and also the email you used in the registration, that is, all the data that you have provided to the website previously. If you want to re-enter and need registration, our recommendation is to first change the IP address so that you cannot be associated with the previous nick, use a new nick and also registration email.

Blacklist-based blocking occurs directly at the firewall in most cases, to prevent both spam attacks and denial of service (DoS) attacks, but it depends on how the site is configured web, because it could also be done at the web server level (L7 application layer firewall) instead of the L3 firewall.

As you have seen, there are many reasons why we will not be able to access a certain web page, and also many different methods to bypass the different blocks if they do so.

Categories
Noticias Seguridad

Windows containers at risk from a threat

A new threat puts Windows containers at risk

This new malware stands out for being able to exploit Windows containers. You can compromise clusters of Kubernetes, with the mission of allowing the entry of hackers and being able to carry out their cyber attacks.

Keep in mind that Kubernetes was initially developed by Google. It is an open source system that allows you to automate different tasks and control containerized applications. Lets you organize those containers into pods, nodes, or clusters.

These attacks deploy a malware known as Siloscape. It is known for being the first to target Windows containers and exploit different known vulnerabilities that may exist and that affect web servers or databases.

The main objective is to open a back door

We can say that its main objective is to open a back door in Kubernetes clusters that are badly configured and thus exploit them maliciously. When you compromise the servers you are able to execute malicious code on the Kubernetes nodes.

This way you can achieve the credentials for spread malware to other different nodes. Subsequently, the Siloscape malware establishes contact with the command and control server via the anonymous TOR network.

However, security researchers have indicated that this malware it is just a small part of a much larger network that has been attacking for over a year.

All of this can expose victims to a wide variety of attacks, such as the ransomware. Many of these attacks focus on secretly mining cryptocurrencies or launching DDoS attacks, but in the case of Siloscape it is different.

The main objective, as we have indicated, is to create a back door in the Kubernetes clusters. In this way, it gives the attackers free rein.

The advice from security researchers is for users to make sure they have clusters correctly configured and updated to avoid problems of this kind. They also offer the alternative of using other options, such as Hyper-V containers.

As we always say, it is very important to have the correctly updated equipment. There are many possibilities that exist of security problems, vulnerabilities and failures that can be exploited by third parties. Hence, we must always keep the devices with the latest versions and not make any kind of mistake. This is something that we must apply regardless of the operating system we are using, as well as the type of program.

In short, they have detected a new malware capable of exploiting Windows containers. Security researchers have recommended carrying out a series of acts as we have indicated to avoid being victims of this problem.

Categories
Noticias Seguridad

why is it not a good idea

Why not trust the browser’s key manager

The modern browsersThe main ones such as Chrome, Firefox or Edge, have many integrated functions. Among them we can mention the use of a password manager. It’s very useful for managing passwords, so you can quickly log in without having to remember them.

We can say that it is a comfortable solution and that it can also be integrate into different devices what do we use. We can use it on the computer or mobile, for example. It will allow us to enter social networks, payment platforms or any service that needs to enter the password to access. But of course, this also has its risks.

They do not have the highest safety standards

One of the reasons why it is not recommended to fully trust the browser key managers is that they do not have the safety standards maximums. When we use an independent program, an application to manage passwords on our computer or mobile, we can choose a wide range of possibilities and many of them will offer us advanced security standards.

In the case of administrators integrated into the browser, although this does not mean that they are weak, we will have less capacity in terms of security standards.

Passwords stored online

Another reason is that our keys they will be stored on the Internet, in the tool of that browser. Today it can be totally safe, you can not have any kind of problem and allow us to log in safely. However, in the future there may be a gap and that all that information ends up in the wrong hands. It is a question to take into account.

Malware in the browser

Undoubtedly one of the programs that we use in our day to day and that is more exposed to security problems is the browser. We can be victims of many attacks that take advantage of this software. There may be malware that arrives when downloading or installing an add-on and adds additional bars, adware and, ultimately, puts security at risk.

If we have the passwords stored there, we can be victims of data theft. For example, they could sneak in a Trojan capable of stealing those keys. It is an important problem that we must avoid at all times.

Has fewer features

It should also be mentioned that a key manager in the browser will have much less functions that if we install an independent program. We will only have the basics, but we will not be able to save other types of information or store files with a password. We will have a more limited range of possibilities.

Therefore, we can say that using a key manager in the browser is not a good idea. Better to have secure password managers. Our data has great value and must be protected.