For Cybersecurity, the Tricks Come More Than Once a Year

Anyone who pays attention on April Fool’s Day has learned to think twice about the information they read, the links they receive and the people who try impersonating others. The irony, though, is that while we’re hypervigilant against these harmless pranks, malicious actors are trying to play the same types of tricks on us day in and day out. 

 

Phishing attacks, malicious links and social engineering are just a few of the tricks used by cybercriminals to obtain credentials and other valuable information. The data they steal can then be leveraged to do real harm to victims  or used as part of a larger cyberattack. As technology progresses, so are these cyber scammers who have learned to utilise AI chatbots and deep fake technology to make their attacks even more sophisticated.

 

Phishing attacks are the one of the most common attack vectors used by cybercriminals. This technique involves sending unsolicited emails or messages that appear to be from a reputable source, such as a bank, social media platform or online retailer, saying you need to take some sort of action. The messages typically contain a link that downloads malware onto your device or directs you to a fake website that looks like the real one. Once you enter your credentials or other sensitive information, the bad actors can use it to access your accounts or steal your identity.

 

When encountering a suspicious message, you should always check the sender’s email address, hover over any links to verify the URL and avoid providing sensitive information until you have confirmed the sender’s identity independently from the original message.

 

AI chatbots are another tool used by cybercriminals to trick people into revealing their sensitive information that are rapidly growing in popularity. These chatbots are programmed to mimic human conversation and are often used on social media platforms and messaging apps. Along with using AI to write their initial email or message, scammers can also use chatbots to continue a conversation. They may pose as a chatbot themselves or as customer support or other assistance. Meanwhile, they can ask the chatbot to write something that persuades you to give up your credentials or other sensitive information.

 

When dealing with an AI chatbot or other virtual messaging service, you should always think twice about what information you’re sharing and why the sender claims they need it. If a suspicious message is telling you to click a link or call a number, it may be directing you to the scammer. It’s best practice to navigate to a website or look up a phone number yourself.

 

Deep fakes are a relatively new tool used by cybercriminals to deceive people. Deep fakes are videos or images that have been manipulated to appear real but are actually fake. They may be used to impersonate celebrities, athletes or manipulate photos of people you know. Cybercriminals can use deep fake technology to impersonate someone you may know or trust to make a social engineering scam even more believable.

 

Social engineering is perhaps the most insidious method used by cybercriminals to obtain your sensitive information. This technique involves convincing people into revealing their credentials or other sensitive information through psychological manipulation. For example, a cybercriminal may impersonate a trusted individual or organisation and use fear or urgency to convince you to give up your personal and sensitive information.

 

To avoid falling victim to social engineering, you should always be cautious when dealing with anyone who asks for your information. Anytime a request seems suspicious, you should verify the identity of the person or organisation, even if it takes a little more time to do so.

 

Cybercriminals are constantly coming up with new and innovative ways to trick people into revealing their sensitive information. For example, some criminals may use fake job postings or online surveys to collect your information. Others may use fake websites or apps that appear legitimate but are actually designed to steal your credentials.

 

To protect yourself from cyberthreats, stay vigilant about the information you share online and take steps to secure your accounts. This includes using strong and unique passwords, enabling two-factor authentication whenever possible and avoiding clicking on links or downloading attachments from any unknown or suspicious source. 

The post For Cybersecurity, the Tricks Come More Than Once a Year appeared first on IT Security Guru.

Fixing Mount Point Does Not Exist Error in Linux

Fixing Mount Point Does Not Exist Error in Linux

While trying to mount your device, you may encounter an error saying “mount point does not exist”:

Fixing Mount Point Does Not Exist Error in Linux

And if you’re curious about the reason why it happened, it is all because of the mount point whether you want to mount the drive does not exist!

So the solution is to create a mounting point and mount the drive again.

And that’s what I’m going to walk you through in this tutorial.

How to solve Mount point does not exist error in Linux

The first step is to verify whether the mounting point exists or not.

To do so, you can use the mount command combined with the grep command to filter the mounting point from the huge list:

mount | grep -w 'Name-of-mounting-point'

As I’m looking for a mounting point named drive, I will be using the following:

mount | grep -w 'drive'
Fixing Mount Point Does Not Exist Error in Linux

And if you get empty output, the mounting point does not exist on your system which means you will have to make one manually!

So let’s create a mounting point.

To create a mounting point, all you have to do is execute the following command syntax:

sudo mkdir /mnt/mount_point 

Make sure to change the name of your desired mounting point with mount_point in the above command.

As I wanted to create a mounting point named drive, I will be using the following:

sudo mkdir /mnt/drive

Once you are done creating the mounting point, now, you can mount the drive without any issues:

Fixing Mount Point Does Not Exist Error in Linux

And if you want to verify whether the drive was mounted successfully or not by listing the mounted drives in Linux.

But here, I will be using the grep command to have appropriate output only:

mount -l | grep '/path/to/drive'
Fixing Mount Point Does Not Exist Error in Linux

And as you can see, the drive is mounted as expected!

But there is a better way to find mounted drives!

While most Linux users won’t require to check mounted drives frequently, if you are dealing with numerous amount of drives at once, there is a better alternative to check mounted drives.

You can use the findmnt utility which displays output way better than the usual mount command but also has tonnes of other features.

And the good news is we have a detailed guide for that purpose:

Findmnt – Better Way of Finding Mounted Filesystems on Linux
Learn to use findmnt instead of mount for a more robust and customizable listing of mounted file systems.
Fixing Mount Point Does Not Exist Error in Linux

I hope using this guide, you won’t face the same error anymore.

And if you have any queries or suggestions, feel free to ask me in the comments.

Blender 3.5 Released! How to Install it in Ubuntu 20.04

Blender 3.5, the popular 3D creation software, was released few days ago. Here are the new features and how to install guide for Ubuntu users.

The new release features 26 built-in hair assets, allows to drag and drop to use onto your setups. As well, it allows to do many actions on hair curves, such as generate, duplicate, deform, trim, rotate, roll up, and more.

It also added support for Vector Displacement Maps (VDM) brushes, new GPU-based 3D viewport compositor, many lights sampling for Cycles.

Other changes in Blender 3.5 include:

  • Use native Metal in macOS for 3D viewport.
  • New options and shortcuts for Pose Library.
  • New Ease operator in the Graph Editor
  • New Natural Drawing Speed timing mode in the Build modifier
  • Support for Importing and exporting USDZ files.

How to Install Blender 3.5 in Ubuntu

Option 1: Install Blender as Snap

For Ubuntu 20.04 and higher, it’s super easy to install the latest Blender package through the official Snap package.

Simply open Ubuntu Software, search for ‘Blender’ and click install it.

I’m not sure if Ubuntu software in 18.04 has added support for Snap, but user can just press Ctrl+Alt+T on keyboard to open terminal and run command to install the daemon & Blender as snap:

sudo apt install snapd && sudo snap install blender --classic

Option 2: Install Blender via the Linux tarball

Some users do not like the snap package that runs in sandbox. For choice, Blender website offers the portable Linux tarball:

And here’s a step by step guide shows how to create app shortcut for the portable package.

Blender is also available to install as Flatpak package. For those prefer the classic .deb package, there’s a third-party PPA, though not updated at the moment of writing.

Only 10% of workers remember all their cyber security training

New research by CybSafe found only 10% of workers remember all their cybersecurity training. This is exposing companies to cyber risk.

1000 US and UK office workers told CybSafe about their cybersecurity training. Half of employees get regular security training courses. A quarter of respondents get none.

Cybersecurity training does not include new technologies

The survey looked at the use of technologies implemented in the last few years.

The way we collaborate and communicate has changed. Cybersecurity training has not kept up with applications like Slack and Teams. Most security training is still delivered by web-based learning management systems.

Oftentimes, important security information is getting lost in the noise. Only half of the workers interviewed paid attention to emailed content (53%). Furthermore, 20% of employees said they cannot remember or find relevant cybersecurity information.

Missed opportunities for engagement

80% say they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable.

New technologies, new risk

Slack and Teams are an afterthought. 47% have received no training for employee communication applications. Workers are more likely to share login details in tools like Slack (14%), rather than email (12%).

Dr Jason Nurse, Director of Science and research, said: “Cybersecurity training needs to centre on people. It needs an understanding of new and emerging habits. It needs to centre on how people work. And it needs to use behavioural and data science to engage. Interventions made in a timely, convenient way have a real impact.”

“The way we communicate is changing. Cybercriminals are one step ahead,” said Oz Alashe MBE, CEO Of CybSafe.

“People want to be part of the solution for their organisations. Ineffective tick-box training does not work. Cybersecurity training needs a facelift. It needs to focus on people, their habits and behaviours. The right message, at the right time, on the right platform.  Data and behavioural science can help companies stay ahead of new threats.

“For too long cyber security has focused on employees working around their organisation. It’s time organisations adapt and centre around their people.”

The post Only 10% of workers remember all their cyber security training appeared first on IT Security Guru.

How to Fast Find Someone’s Current Location

Have you ever needed to find someone’s current location but had no idea how to do it? Whether you’re trying to track down a friend, a family member, or someone you’re dating, there are many ways to do it quickly and easily. In this article, we’ll go over some of the most effective methods for finding someone’s current location, so you can always stay in the loop. More similar articles can be found Appticles.

Understanding the Basics of Locating Someone

Before we dive into specific methods for finding someone’s current location, it’s important to understand the basics of how location tracking works. Most smartphones and mobile devices have a built-in GPS chip that can provide location data to apps and services. This location data can be used to track a phone’s movements in real-time, which is how many location tracking apps work.

Using Find My Friends

One of the easiest ways to find someone’s current location is to use the Find My Friends app on an iPhone or iPad. This app allows you to share your location with specific people, and also allows you to see the locations of people who have shared their location with you. To use Find My Friends, simply open the app and add the person you want to track. If they’ve shared their location with you, you should be able to see their current location on a map.

Tracking a Phone’s Location

If you need to track the location of someone’s phone, there are several apps and services that can help. For example, apps like Life360 and FamiSafe allow you to track a phone’s location in real-time, and can also provide alerts when the phone enters or leaves a specific location. To use these apps, you’ll need to install them on the phone you want to track and set up an account.

Using Social Media

Another way to find someone’s current location is to check their social media profiles. Many social media platforms, such as Facebook and Instagram, allow users to share their location with friends and followers. If the person you’re trying to find has shared their location on social media, you may be able to see it by checking their profile.

Using Google Maps

Google Maps is another useful tool for finding someone’s current location. If you have access to the person’s Google account, you can use Google Maps to see their location history, which will show you where they’ve been over a specific period of time. To view someone’s location history in Google Maps, simply open the app and go to the menu, then select “Your Timeline.”

Using a Private Investigator

If you’ve tried all of the above methods and still can’t find someone’s current location, you may want to consider hiring a private investigator. A private investigator can use a variety of methods to track down someone’s location, including surveillance, background checks, and other investigative techniques.

Conclusion

As you can see, there are many ways to find someone’s current location quickly and easily. Whether you’re using an app, checking social media, or using Google Maps, there are plenty of tools at your disposal. Just remember to always respect people’s privacy and use these methods responsibly.

New API Report Shows 400% Increase in Attackers

Today Salt Security have released the findings from their latest Salt Labs State of API Security Report, Q1 2023, which found that there has been a 400% increase in unique attackers (over 4800) in the last six months. The report makes it clear that attackers are getting wise to exploiting APIs – and they’re persistent. Attackers will try time and time again until something works. Last year’s report found that API attacks increased 681% in the last 12 months.

The report also found that 80% of attacks happened over authenticated APIs, making it a widespread problem for all. Given that it is one of the easiest types of attack to execute, it is no surprise that attackers are increasingly targeting this route into an organisation.

The State of API Security Report pulls data from a combination of nearly 400 survey responses and empirical data from Salt customers across a range of industries, company sizes, and job responsibilities. This year’s report, the company’s fifth, provides the deepest insights yet, including “in the wild” API vulnerability research from Salt Labs that demonstrates how respondents’ top concerns in API security manifest in real-world scenarios.

Key findings from the report include:

  • API security has emerged as a significant business issue, not just a security problem, with 48% of survey respondents saying that API security has become a C-level discussion over the past year.
  • The top two most valued API security capabilities are to stop attacks (44%) and identify PII exposure (44%). The ability to implement shift-left practices rated the lowest (22%).
  • Vulnerabilities discovered in the wild represent a critical concern for small and large businesses alike.
  • “Zombie” APIs followed by ATO top the list of API worries. In fact, 54% of respondents said outdated or “zombie” APIs are a high concern, up from 42% in the last quarter.

Data from the report shows that reliance on APIs is continuing to grow as they become ever more imperative to their organisation’s success. Simultaneously, APIs are becoming harder to protect as attacks increase exponentially and traditional tools and processes cannot stop them.  The findings from Salt Labs highlight why 2023 has been dubbed the “Year of API Security”.

 

The post New API Report Shows 400% Increase in Attackers appeared first on IT Security Guru.

Ubuntu Cinnamon Remix Is Now Official Ubuntu Flavor

Last Updated on March 29, 2023 by itsubuntu

Ubuntu Cinnamon Remix Is Now Official Ubuntu Flavor

Canonical has now accepted the application of Ubuntu Cinnamon Remix for the approval of Official Ubuntu Flavor. If you are an Ubuntu Cinnamon Remix user then this might be good news for you as the Ubuntu Cinnamon Remix distribution has officially become an official Ubuntu flavor. The Ubuntu Cinnamon Remix project was started in 2019 by the Ubuntu community members, who were interested in bringing the Cinnamon desktop environment to Ubuntu. The project is now an official Ubuntu flavor and is maintained by the Ubuntu community. It will be available as an official flavor from the upcoming Ubuntu 23.04 (Lunar Lobster) release.

List of Official Ubuntu Flavor

  • Kubuntu
  • Lubuntu
  • Ubuntu Budgie
  • Ubuntu Kylin
  • Ubuntu MATE
  • Ubuntu Studio
  • Ubuntu Unity
  • Xubuntu
  • Ubuntu Cinnamon Remix

The first stable release of Ubuntu Cinnamon Remix was based on Ubuntu 19.10 Eoan Ermine. You can find the full announcement regarding Ubuntu official flavor acceptance here.

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

As important as it is, cybersecurity awareness training might not seem like the most exciting thing in the world, but when it involves plots to rival your favourite network crime dramas, expertly crafted cinematography, and characters to root for? Naturally, it all feels a little bit different.  

Of course, we’re talking about the long-awaited return of KnowBe4’s network-quality video series The Inside Man. Back for its fifth season, the show, created and produced by Twist & Shout Communications (a KnowBe4 company) is now available to all diamond-level KnowBe4 subscribers.  

The Gurus were lucky enough to walk the red carpet alongside the show’s cast and crew last week at the Odeon Luxe Cinema, Leicester Square. A packed-out venue fit for an ambitious and industry-leading series that reunited some of our favourite characters. 

 

What To Expect This Season 

Season 5 of The Inside Man has big ambitions that echo, as always, real-world scenarios, genuine real-world threats, and plausible scenarios. If season 4 was a nod to 2021’s Colonial Pipeline ransomware attack, season 5 takes a stab at the more political side of cybercrime.  

The season’s antagonist, Cyrus, sums the season – and his intentions – up perfectly: ‘Money? You think this is about money? It’s about power… The power to know how people are going to react before they know themselves, to mould their thoughts, to shape their behaviour… The power to choose who wins an election, wins a war.’ 

Of course, this echoes similar themes that we see in the news frequently, with cyber influence operations becoming all the more common. In fact, just last year US military and intelligence officials announced that they were stepping up efforts to defend the electoral process from foreign influence.  

Whilst the show doesn’t go that far, it does dabble in using cyber influence to show the increasingly complex nature of highly personalised attacks. This season we find Mark, AJ, Fiona, Violent and Maurice approached by the security services to help fight against a remorseless adversary deploying vast resources of hacking powers to gain influence and power. From global corporation acquisition to insider threats within hospitals and healthcare, this is definitely the most eager (and high stakes) series of The Inside Man yet. 

Jim Shields, Creative Director of Twist & Shout Communications said: “In this season, we see many of these exciting plotlines finally come home to roost. Storylines for which we’ve spent two or three seasons laying the foundations. It’s powerful stuff, and the production team have excelled themselves as usual in bringing it to life. I’m unbelievably proud to be a part of this series.”   

 

Revolutionising Cyber Awareness Training 

For many years, KnowBe4 have been reshaping cybersecurity awareness. Perhaps the most obvious example of this is their willingness to invest in something truly different and, perhaps, revolutionary within its field. It’s clear that The Inside Man is an investment, with stunning sets, large productive value and 12-episode story arc. However, it pays off; the show has real, dedicated fans. In fact, three lucky superfans were invited to the premiere, with one having written a full-blown analysis of it. There’s nothing quite like it! 

“Security awareness training doesn’t have to be boring, nor should it,” says Stu Sjouwerman, CEO of KnowBe4. “‘The Inside Man’ is the most utilised training that KnowBe4 offers in the optional training category because it is highly captivating, and the production quality is more like a network-quality series than training.” 

What The Inside Man does so captivatingly is foreground the human element of cybercrime, with the adversaries not the stereotypical hooded hackers of yesteryear and our victims harrowingly human and relatable. From social engineering to passwords, to social media and deep fakes, this season of The Inside Man covers a lot of ground. Importantly, it reveals how easy it can be for an outsider to penetrate an organisation’s security controls and network. It’s awareness training that doesn’t feel like awareness training – and it’s not preachy either. 

 

The Verdict  

Season 5 of The Inside Man is well worth a watch. Whether or not you typically ‘enjoy’ cybersecurity awareness training, you can’t help but feel drawn to the show. It’s both educational and entertaining, and that’s pretty impressive.  

Education and awareness are at the heart of everything KnowBe4 does – and The Inside Man is no different, clearly. The Inside Man forces audiences to face safe (or otherwise) cybersecurity practises in an unusual (and rather fun) way. Ultimately, this passion project, beloved within its community, is something vendors should take notice of.  

You can watch the full series on The Inside Man microsite on the KnowBe4 platform if you are a diamond member. 

 

The post Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries appeared first on IT Security Guru.

UK Sets Up Fake Booter Sites To Muddy DDoS Market

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

The warning displayed to users on one of the NCA’s fake booter sites. Image: NCA.

The NCA says all of its fake so-called “booter” or “stresser” sites — which have so far been accessed by several thousand people — have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators,” reads an NCA advisory on the program. “Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.”

The NCA declined to say how many phony booter sites it had set up, or for how long they have been running. The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990.

“Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?” the NCA announcement continues.

The NCA campaign comes closely on the heels of an international law enforcement takedown involving four-dozen websites that made powerful DDoS attacks a point-and-click operation.

In mid-December 2022, the U.S. Department of Justice (DOJ) announced “Operation Power Off,” which seized four-dozen booter business domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services. In connection with that operation, the NCA also arrested an 18-year-old man suspected of running one of the sites.

According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison sentences and a penalty or fine.

The United Kingdom, which has been battling its fair share of domestic booter bosses, started running online ads in 2020 aimed at young people who search the Web for booter services.

As part of last year’s mass booter site takedown, the FBI and the Netherlands Police joined the NCA in announcing they are running targeted placement ads to steer those searching for booter services toward a website detailing the potential legal risks of hiring an online attack.

New Research Examines Traffers and the Business of Stolen Credentials

Today, Outpost24 released a new report revealing the underground operation of Traffers, cybercriminal organisations reshaping the business of stolen credentials.

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organisations to evaluate their security measures against these evolving threats.

Stolen credentials are a major problem for organisations, causing nearly 50% of all data breaches. While businesses are still trying to figure out how to fix the password problem, cyber criminals are organising, and innovating. The increased professionalization of cyber criminal groups, specifically the rise of Traffers, is the latest threat against businesses.

Traffers are highly organized cybercriminal groups. They spread different types of malware families with the goal of exfiltrating credentials or profit. To spread the malware as far and wide as possible, they have formed an industry-like structure of product and service providers, as well as dedicated market places, in the form of Telegram channels, to facilitate the sale of those credentials.

To increase their success rate, Traffers target their would-be victims by driving their internet traffic with Google and Facebook Ads to fraudulent content. Traffers have developed a business model that involve specific recruitment, training, and compensation, all of which distinguish them from other cybercriminals.

The price spike of information-stealing malware, the subscription models for accessing stolen credentials, and even the earnings of the Traffers themselves, are just some of the highlights in the report that demonstrate the increased activity and demand in the cybercriminal ecosystem.

Victor Acin, Head of the KrankenLabs at Outpost24, “credentials, and the tools used to steal them, are a commodity. With the growing trend of Initial Access Brokers (IABs) we know that criminal groups are willing to pay for services, which means they expect a bigger profit in return – that’s bad news for businesses.”

As the underground economy circulates, current security measures may fall behind. Organisations need to consider the Traffers attack chain to stay protected against the latest threats. The Rising Threat of Traffers report provides practical advice that can protect credentials, and help businesses avoid malware infections, in the way it is done by Traffers teams.

Outpost24’s KrakenLabs will continue to monitor these groups as part of their cyber threat intelligence solution, helping organizations improve their cyber security posture with real-time threat detection and faster remediation.

To read more about the report, please visit here. Last year, we reported that in the first half of the year, stolen credentials were involved in nearly half of data breaches.

The post New Research Examines Traffers and the Business of Stolen Credentials appeared first on IT Security Guru.