by Sead Fadilpašić | May 28, 2022 | Cybersecurity
DuckDuckGo may face a user backlash after security researchers discovered a hidden tracking agreement with Microsoft.
The privacy-focused company offers a search engine that claims not to track people’s searches, or behavior, and also doesn’t build user profiles that can be used to display personalized advertising.
Search engine aside, DuckDuckGo also offers a mobile browser (opens in new tab) of the same name, but this has raised concerns, as although this promises to block hidden third-party trackers, some from a certain tech giant are allowed to continue operating.
Search syndication agreement
Namely, while Google’s and Facebook’s trackers are being blocked, those of Microsoft are allowed to continue running. Zach Edwards, the security researcher who first discovered the issue, later also found that trackers related to the bing.com and linkedin.com domains were also being allowed through the blocks.
The news quickly drew in crowds of dissatisfied users, with DuckDuckGo founder and CEO Gabriel Weinberg, soon chiming in to confirm the authenticity of the findings.
Apparently, DuckDuckGo has a search syndication agreement with the software giant from Redmond, with Weinberg adding that the restrictions are only found in the browser, and are not related to the search engine.
What remains unknown is why the company who is known for its transparency decided to keep this agreement a secret for as long as it could.
In a statement sent to BleepingComputer (opens in new tab), Weinberg said that DuckDuckGo offers “above-and-beyond protection” other browsers don’t even think of doing, but that the company “never promised” full anonymity (opens in new tab) when browsing.
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer,” he added.
“When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft. What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites.”
“Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using other browsers.”
by Sead Fadilpašić | Apr 10, 2022 | Cybersecurity
Cybercriminals are tricking victims into downloading malware (opens in new tab) by telling them their browsers are outdated and need to be updated in order to view the contents of the page.
Avast cybersecurity researchers Jan Rubin and Pavel Novak uncovered a phishing campaign in which an unknown threat actor compromised more than 16,000 WordPress and Joomla hosted (opens in new tab)websites with weak login credentials.
These are usually adult content websites, personal websites, university sites, and local government pages
Parrot TDS
After gaining access to these sites, the attackers would tpically set up a Traffic Direction System (TDS), Parrot TDS. A TDS is a web-based gate that redirects users to various content, depending on certain parameters. That allows the attackers to deploy malware only on the endpoints (opens in new tab) that are deemed a good target (poor cybersecurity measures, for example, or specific geographic locations).
Those that get the message to “update” their browser, will actually be served a Remote Access Trojan (RAT) called NetSupport Manager. It provides the attacker with a full access to the target endpoint.
“Traffic Direction Systems serve as a gateway for the delivery of various malicious campaigns via the infected sites,” said Jan Rubin, malware researcher at Avast. “At the moment, a malicious campaign called ‘FakeUpdate’ (also known as SocGholish) is being distributed via Parrot TDS, but other malicious activity could be performed in the future via the TDS.”
Besides being powered by either WordPress or Joomla, these websites have very little in common, which is why the researchers believe they were chosen for their weak passwords.
“The only thing the sites have in common is that they are WordPress and in some cases Joomla sites. We therefore suspect weak login credentials were taken advantage of to infect the sites with malicious code,” said Pavel Novak, ThreatOps Analyst at Avast. “The robustness of Parrot TDS and its huge reach make it unique.”
by Sead Fadilpašić | Feb 19, 2022 | Cybersecurity
Security researchers have recently found “multiple vulnerabilities” on Ubuntu systems, some of which would allow a threat actor to gain root privileges on the target endpoint.
In a blog post, Bharat Jogi, Director of Vulnerability and Threat Research at Qualys, said the team found the flaws in the snap-confine function on Linux operating systems. Approximately 40 million users are at risk.
Jogi describes Snap as a “software packaging and deployment system” that was built by Canonical for operating systems on the Linux kernel. These packages, or “snaps”, as well as the tool that uses them, “snapd”, work on a wide range of Linux distributions, allowing developers to ship applications directly to users.
Gaining root access
Snaps, Jogi further explains, are “self-contained applications running in a sandbox with mediated access to the host system. Snap-confine in s a program used internally by snapd to construct the execution environment for snap applications.”
By abusing the flaw, tracked as CVE-2021-44731, the attacker can elevate the privileges of a basic account all the way to root access. Researchers from Qualys claim to have independently verified the vulnerability, developed an exploit, and obtained full root privileges on default installations of Ubuntu.
The team did not explain if the exploit comes in the form of malware, or if it took a different approach.
As usual, by the time the news hits the press, a patch had already been issued, so Ubuntu users are advised to patch up to the latest version, immediately. Qualys’ customers can search the vulnerability knowledgebase for CVE-2021-44731 to identify all the QIDs and vulnerable assets, the company said.
“In a Log4Shell, SolarWinds, MSFT Exchange (and on and on) era, it is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately,” the research team warns. “ This disclosure continues to showcase that security is not a one and done – this code had been reviewed several times and Snap has very defensive technologies.”
by Sead Fadilpašić | Dec 5, 2021 | Cybersecurity
Zero-trust architecture is set to increase the efficiency of cybersecurity solutions to stop data breaches by 144%, a new report has claimed.
Surveying 125 IT and security decision-makers from both midsize and large organizations, on their plans surrounding zero-trust architecture, Symmetry Systems found the majority of organizations are well acquainted with the advantages of zero-trust and are rushing to deploy.
For the majority (53%), the main motivator for the deployment of zero-trust architecture is ransomware attacks. However, they are also keen on securing customer data, as well as protecting themselves, and their employees, in these new remote-first and hybrid working-first environments.
Legacy system limitations
How many will be left behind? Not too many, but still a significant portion, the report suggests. Allegedly, more than 90% of respondents confirmed their organization was planning an enterprise-wide deployment of zero-trust architecture.
Zero-trust allows for the elimination of one point of failure, during a data breach. Even if malicious actors get their hands on login credentials, database locations or IPs, with zero-trust integration that information is useless, as they’re barred from accessing information given to application roles, cloud-network perimeters, or Identity and Access Management (IAM). Speaking of IAM, almost three-quarters (73%) of respondents are focused on IAM for employees, as the key design modification for zero trust.
Elsewhere in the report, the two companies listed different challenges businesses are facing when deploying zero-trust architecture, with the majority (55%) saying legacy system limitations were their number one barrier.
“Today’s threat environment is drastically different from what we have experienced even in recent years – with relentless cyberattacks, the adoption of cloud services and mass remote or hybrid work,” said Michael Sampson, Senior Analyst at Osterman Research, which helped with the report. “Many organizations have begun the transition to a zero-trust architecture and those who have not are behind the curve.”
