By Deeba Ahmed
The vulnerability allowed attackers to take control of GitHub repositories and infect codes and apps with malware.
This is a post from HackRead.com Read the original post: GitHub fixes critical vulnerability that exposed repositories to attackers

Checkmarx Supply Chain Security team has shared its findings on a new flaw discovered in **GitHub** that allows attackers to take control of repositories and infect codes and apps with malware. Researchers dubbed it a high-severity flaw in GitHub.

**Findings Details**

According to researchers, the attacker can use a technique called RepoJacking and control a GitHub repository by exploiting a logical flaw in the architecture, making the renamed users vulnerable to the attack. In fact, all renamed usernames on the platform were vulnerable to this flaw. This includes 10,000 packages on the Swift, Go, and Packagist package managers.

“The practical meaning of this is that thousands of packages can immediately be hijacked and start serving malicious code to millions of users and many applications,” researchers noted.

The bug was fixed by GitHub in its famous “**repository namespace retirement**” feature. However, this tool is also vulnerable to being targeted by attackers, researchers noted. This tool was created by GitHub to prevent RepoJacking.

**What is the Issue?**

GitHub repositories provide unique URLs to their creator’s user account. If the user decides to rename their account, a new URL will be created. On the other hand, GitHub will redirect traffic from the original URL of the repository.

In RepoJacking, renamed repository URLs traffic is hijacked and routed to the attacker’s repository by exploiting a logical flaw. This flaw can breach the original redirect. A GitHub repository becomes vulnerable to RepoJacking when the creator decides to rename the username and the old username remains available for registration.

Hence, an attacker can create a new GitHub account with the same combination to match the old repository URL.

“We have identified over 10,000 packages in those package managers using renamed usernames and are at risk of being vulnerable to this technique in case a new bypass is found,” Checkmarx **blog post** read.

**RepoJacking Gaining Momentum**

Checkmarx’s security researcher and team leader, Aviad Gershon, revealed that earlier this year, his team observed an increase in the use of the RepoJacking technique. This indicates that malicious actors are trying to evolve their methodologies to leverage credible open-source packages in the simplest ways while ensuring maximum impact. The security fraternity must work together proactively to detect and remediate flaws before threat actors do.

https://checkmarx.com/wp-content/uploads/2022/10/Main-The-return-of-repojacking-24mbs.mp4

In conclusion, millions of users of thousands of projects rely on open-source libraries and code repositories. That’s what makes them an attractive target for attackers. If they can control a GitHub repository and inject malicious code into an otherwise trusted project, they can easily infect thousands of devices.

1.  **GitHub Will Now Support Security Keys for SSH Git Operations**
2.  **Thousands of GitHub Repositories Cloned in Supply Chain Attack**
3.  **Hackers use Github bot to steal $1,200 in ETH within 100 seconds**
4.  **Hackers spoof commit metadata to create false GitHub repositories**
5.  **GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms**

GitHub fixes critical vulnerability that exposed repositories to attackers

By Waqas
Among other capabilities, Dormant Colors malware can also inject ads into standard pages and append affiliate links to e-commerce websites to generate affiliate revenue.
This is a post from HackRead.com Read the original post: Chrome Extensions Harboring Dormant Colors Malware Infect Over a Million PCs

Guardio Labs security researchers identified **malicious Chrome extensions** that contained browser extension malware. The malicious extensions could hijack search results and **inject ads** into otherwise secure pages.

**Dormant Colors Adware Detected in Chrome Extensions**

Dormant Colors is a widespread browser extension malware, which according to a report from Guardio Labs, was discovered in the latest batch of Chrome extensions. This is basically adware spread across 30 different extensions in Microsoft’s Edge Add-ons repository and the Chrome Web Store.

These malicious extensions were also spotted on spammed video-downloading websites. Researchers suspect that the extensions can send users to **phishing sites** that steal login credentials.

**Analyzing Adware Capabilities**

Dormant Colors can inject ads into standard pages and append affiliate links to famous e-commerce websites to get the same affiliate revenue for the developer that legit sites get from linking those products.

As per the researchers, the **adware** is dubbed Dormant Colors because it focuses a lot on style and color themes from Super colors to Action colors, Power colors, etc. It comprises 30 different extensions boasting over one million downloads.

The infection chain starts when innocent-looking helps marketed as webpage modifiers allow users to alter font styles and background colors on the sites they visit. In the background, the **adware hijacks the user’s browsing or search histories**, inserts ads within accessed webpages, and side-loads malicious code while successfully evading detection. In total, 30 malicious extensions were discovered.

According to a **blog post** by Nati Tal from Guardio, the attackers can target domains and individual users through fake search results, website hijacking, or spear phishing after stealing the user’s browser data and transmitting it to a C2 server. This data is used to update the extension with more advanced attack vectors through silent code injection.

Both Microsoft and Google have taken down the malicious extensions. However, developers can still re-upload them. You must double-check the browser extension’s source before installing it. Moreover, always **use credible anti-virus software**.

**Protection from Malicious Chrome Extension**

A malicious Chrome extension is a type of malware that can infect your computer through the Chrome web browser. These extensions are often used to track your browsing activity and steal your personal information. There are a few things you can do to protect yourself from these extensions.

First, only install extensions from trusted sources. Google’s Chrome Web Store is a good place to start, but you should also check reviews before installing anything. If an extension seems too good to be true, it probably is.

Second, keep your browser and extensions up to date. Both Chrome and the extensions you have installed will receive updates regularly. These updates usually include security fixes that can help protect you from new threats.

Finally, be cautious about the permissions you grant to extensions. Many malicious extensions will ask for more permissions than they need.

1.  **70 malicious Chrome extensions found spying on 32 million+ users**
2.  **Malicious Chrome extensions can steal data by abusing Sync feature**
3.  **Chrome extensions with 80 million+ users found engaging in ad fraud**
4.  **Malicious Chrome extensions stealing data with cryptomining malware**
5.  **The Great Suspender Chrome extension used by millions was malware**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Chrome Extensions Harboring Dormant Colors Malware Infect Over a Million PCs

By Deeba Ahmed
See Tickets have warned customers to remain cautious of possible identity theft attacks and credit card fraud.
This is a post from HackRead.com Read the original post: See Tickets data breach went undetected for 2.5 years

See Tickets is one of the world’s leading ticketing service providers that has been making headlines for becoming the **victim of a data breach**. The company is owned by the France-based media giant Vivendi. It disclosed news of the breach in notification letters published by numerous US states. However, the company hasn’t yet released any official statement.

**Breach Overview**

See Tickets is notifying customers about the exposure of its customer’s personal and financial data. The breach lasted more than two and a half years. The company informed its customers that attackers may have accessed their sensitive payment card data **through a skimmer** injected on the See Tickets website.

For your information, **skimmers are brief JavaScript codes** injected into website checkout pages primarily to steal buyers’ payment card details. In See Ticket’s case, the credit card details of people who purchased tickets through this service to a live entertainment event were accessed.

**Leaked Data Details**

The Montana Attorney General’s office shared a **data breach notification**, according to which the breach was discovered in April 2021. The company started investigating the incident in collaboration with a forensics firm immediately, revealing that the breach happened on June 25, 2019.

The investigation continued until January 8, 2022, when the company shut down unauthorized activity completely. This took around nine months since the company was initially notified.

Following this, See Tickets took eight months to determine the leaked payment card data, including the following:

*   Full name
*   ZIP code
*   CVV number
*   Payment card number
*   Card expiration date
*   Physical address.

The company claims that Social Security Numbers, bank account info, and state identification numbers weren’t compromised because these details weren’t stored on its systems.

**See Tickets Notification**

See Tickets claimed that it was notified about a “potential unauthorized access by a third party to certain event checkout pages.” Its investigation spanned several phases and worked with MasterCard, Visa, Discover, and American Express to detect affected pages and transactions. Multiple forensics firms and law enforcement agencies participated in this “wide-ranging” investigation.

> “Affected information may include the data you provided when purchasing event tickets on the See Tickets website between June 25, 2019, and January 8, 2022.”
> 
> See Tickets

See Tickets have warned customers to remain cautious of possible identity theft attacks and credit card fraud.

The breach’s nature is yet unconfirmed, and there’s no clarity on whether its global site was infected or the other five domains. The number of impacted customers isn’t specified. Reportedly, 90,000 customers were impacted in Texas alone, which means tens of thousands of customers could be affected by the data breach.

This however is not the first time when a ticketing website as big as See Tickets was compromised. **In June 2018**, ticketing site TicketFly suffered a massive data breach after a hacker leaked customers’ data online.

1.  **Hackers target Newegg with credit card stealing data**
2.  **Magecart hackers launch attacks against Magento stores**
3.  **Hackers steal credit card data of 14,579 BevMo customers**
4.  **New credit card skimmers channel funds through Telegram**
5.  **Cloud video site abused in skimmer attack on real estate sites**

See Tickets data breach went undetected for 2.5 years

By Waqas
The campaign was discovered in April 2022, but researchers believe the campaign occurred between February 2021 and September 8, 2022.
This is a post from HackRead.com Read the original post: 167,000 stolen credit card numbers Exposed via PoS Malware

Cybercriminals are increasingly targeting credit card payment terminals to steal sensitive information, reveals new research from Group-IB Botnet Monitoring Team.

The team’s head Nikolay Shelekhov and the company’s analyst, Said Khamchiev, shared details of how cybercriminals used a PoS (point-of-sale) malware to steal over 167,000 payment records from 212 compromised devices. Almost all of the affected users were based in the USA.

The campaign was discovered in April 2022, but researchers believe the campaign occurred between February 2021 and September 8, 2022.

Researchers blamed a poorly configured C2 server for PoS malware MajikPOS. The configuration allowed them to assess the server. They discovered that the server hosted a separate C2 administrative panel for a unique POS malware variant identified as Treasure Hunter (first detected in 2014). This malware also collects compromised card data.

For your information, MajikPOS and Treasure Hunter malware infect Windows POS terminals. For infecting a store, MajikPOS (first detected in 2017) scans the network for open or poorly secured RDP and VNC remote-desktop services. It then brute forces into the network or purchases access to the systems’ credentials.

Both malware can scan the devices and look to exploit the card when the device is reading card data. The malware then stores the information in plain text in memory. Moreover, Treasure Hunter can perform RAM scraping, which pores over the memory of all running processes on the register to locate freshly swiped magnetic stripe data from a shopper’s bank card. Conversely, MajikPOS can scan infected PCs for card details. The information is then sent over to the attacker’s C2 server.

During their month-long investigation, Group-IB assessed around 77,400 card dumps from MajikPOS and 90,000 from Treasure Hunter panels. Around 75,455 or 97% of MajikPOS compromised cards were issued by US banks, and the rest were from banks worldwide. Regarding Treasure Hunter, 96% or 86,411 cards were issued in the USA. They also detected eleven victim firms in the USA.

Further probe revealed that cybercriminals used two POS malware strains to steal details of over 167,000 credit cards. All the data was stolen from payment terminals. Researchers noted that the backend C2 server operating the Treasure Hunter and MAjikPOS malware strains was still active, and the number of victims increased continuously.

Credit: Group-IB

After discovering the attack, Group-IB notified law enforcement agencies, and a US-based threat-sharing agency was also notified. In their **blog post**, Group-IB also revealed that:

> “The information about compromised cards, POS terminals, and the victims that Group-IB researchers were able to identify, was shared upon discovery with a US-based non-profit alliance that brings together private industry, academia, and law enforcement.”
> 
> Group-IB

It is unclear who stole the data of such a vast number of credit cards and whether the data was sold or used. However, researchers are confident that the stolen data could fetch over $3.3 million if **sold on underground marketplaces**.

1.  **4,000 ElasticSearch servers found hosting PoS malware**
2.  **22 people indicted on malware, credit card fraud charges**
3.  **Threat actor selling 158,000 Canadian, US credit card data**
4.  **Massive stolen credit card trading scam on dark web disrupted**
5.  **Prilex ATM Malware Modified to Clone Chip-and-Pin Payment Cards**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

167,000 stolen credit card numbers Exposed via PoS Malware

By Deeba Ahmed
The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting…
This is a post from HackRead.com Read the original post: New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting vulnerable **Docker** and Kubernetes infrastructure. The campaign has been dubbed the Kiss-a-dog campaign.

**What is Cryptojacking?**

**Cryptojacking** is a type of online attack where hackers use your computer’s processing power to mine for cryptocurrency without your permission. This can happen when you visit a malicious website, get infected by malware, or click on a malicious ad.

Cryptojacking can slow down your computer and use up your battery life. It can also lead to higher energy bills. In some cases, cryptojacking can even damage your computer.

**Campaign Analysis**

According to CrowdStrike’s Cloud Threat Research team, the attackers use an obscure domain from the payload, anonymized ‘dog mining’ pools, and container escape attempt to target Docker and **Kubernetes** network.

Researchers detected multiple campaigns targeting Docker from the same Command and Control Server (C2) previously used by **TeamTNT**. Moreover, the tactics, techniques, and procedures used in the attack are similar in all campaigns.

**Vulnerable Docker and Kubernetes Networks Targeted in Kiss-a-Dog**

In September 2022, CrowdStrike’s honeypots detected several campaigns seeking vulnerable container attack surfaces. The company’s monitors revealed Docker APIs and identified the compromised Docker container as an entry point to trigger the initial payload- a Python command responsible for downloading a malicious payload t.sh from a domain named kissa-dogtop.

That’s why the campaign was named Kiss-a-dog. This entry point verifies/installs cURL through a package manager. Furthermore, it adds a malicious payload as a cron job.

The campaign utilizes a host mount for escaping from the container. It is a common technique among cryptominers to break out of containers, and it is often successful because it is relatively easier to target the internet-exposed Docker surface. As per Shodan, there are approximately 10,000 internet-exposed Docker instances.

In Kiss-a-dog, attackers use the **Diamorphine** and **libprocesshide** rootkits to hide the process from users. These rootkits can hide processors from the user. Detection on the network is avoided by choosing to encode the C/C++ code files and embed them as Base64 strings into the script. When it is runtime, attackers decode the Base64 string as .tar document containing code for the Diamorphine rootkit and compile it using GCC to create the file diamorphin.ko. It is loaded as a kernel module via the insmod command.

To hide wallet addresses, attackers used lovea-dogtop and toucha-dogtop as pool servers and disguised XMRig as . They install a service to run the binary as cmake.service.

**Campaign Objectives**

The primary motive is to mine cryptocurrency and use kernel and user mode rootkits for evading detection. For this purpose, attackers rely on **XMRig mining software**. Another objective behind this campaign is to target as many vulnerable Docker and Redis instances as possible.

Attackers download/compile network scanners such as masscan, pnscan, and zgrab on the compromised container. These tools randomly scan the IP range on the internet to detect vulnerable Docker and Redis server instances.

> The campaigns by cryptojacking groups last from days to months depending on the success rate. As cryptocurrency prices have dropped, these campaigns have been muffled in the past couple of months until multiple campaigns were launched in October to take advantage of a low competitive environment.
> 
> CrowdStrike

1.  **10 Application Security Best Practices To Follow In 2022**
2.  **Thousands of GitHub Repositories Cloned in Supply Chain Attack**
3.  **Change your password: Docker suffers breach; 190k users affected**
4.  **Threat actors hijacking Bitbucket and Docker Hub for Monero mining**
5.  **LemonDuck Cryptomining Botnet Hunting for Misconfigured Docker APIs**

New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

By Owais Sultan
No matter how diligently you prepare an online presentation, you can realistically expect it to leave viewers with…
This is a post from HackRead.com Read the original post: 7 benefits of including a Q&A session as part of a webinar

No matter how diligently you prepare an online presentation, you can realistically expect it to leave viewers with questions you had insufficient time to address during the running time.

This situation helps to explain the appeal of holding a webinar, which Search Engine Journal succinctly defines as “an online seminar”. Listed below are several advantages you can gain from incorporating a Q&A session into a webinar.

**Increased audience engagement **

One problem with a presentation is that, as it is a one-way flow of information, people who are on the receiving end can too easily become bored with it.

You can, however, spark fresh excitement in these people by giving them an opportunity to speak through their device’s mic and consequently take a break from simply looking at a computer screen.

**The chance to elaborate on points made earlier **

It is possible that, during the Q&A, at least one person will ask you something that was already covered during the presentation.

However, this would give you the chance to not only reiterate the original point but also extend it — since time constraints could have reined you in the first time around.

**A more human touch **

A key part of the enjoyment of holding a webinar is that you can do so live. However, people who actually watch you speaking could forget that it is all happening live.

Through giving allowing people to interact with you in real time, you can help yourself to come across as less robotic, resulting in a more humanized event.

**Being able to demonstrate your expertise **

Anyone can simply memorize and then regurgitate lots of detailed information sourced from the internet, but what really distinguishes an expert is their ability to provide confident, in-depth answers to questions on the fly.

It’s great, then, that the spontaneous nature of a Q&A session would let you do exactly that.

**Opportunities for you to subtly promote yourself **

A LinkedIn article acknowledges: “You want to be careful about promoting during your webinar, but you can easily promote during your answers to questions.”

Nonetheless, you should tread carefully with how you go about this. If you get asked a question that a product or service of yours can answer, you could mention it, but should probably do so somewhat briefly.

**Improved prestige for your brand **

Think about it: if you hold the Q&A session in a way that shows impressive expertise and professionalism on your part, this can help in enhancing perceptions of your brand.

However, be warned that the quality of the session itself can be heavily influenced by the quality of the webinar software used for delivering it. Hence, you might want to source that software from a big-brand provider like ON24.

**Ideas for how to improve future presentations  **

If certain subjects come up unsurprisingly often during the Q&A, you could treat this as your cue to include more information on these subjects in future presentations for which you are responsible. After all, you want to create content that genuinely piques people’s interest.

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

7 benefits of including a Q&A session as part of a webinar

By Waqas
The group claims they launched this attack to demand the release of political prisoners arrested during the countrywide protests. 
This is a post from HackRead.com Read the original post: Black Reward Hackers Steal Trove of Emails from Iran’s Atomic Energy Agency

A group of anti-Iranian government hackers have allegedly targeted **Iran** Atomic Energy Organization’s subsidiary’s network and managed to access its email server.

The hacking group identified as Black Reward has claimed responsibility for the attack on the Iranian nuclear agency’s subsidiary, the Atomic Energy Production and Development Company located in Bushehr.

The group claims they launched this attack to demand the release of political prisoners arrested during the countrywide protests.

On the other hand, the agency has acknowledged that its email server was targeted by hackers and blamed a foreign country for this attack but didn’t name the country.

“These illegal efforts out of desperation are aimed at attracting public attention,” the agency stated.

Furthermore, the agency downplayed the severity of the incident, claiming that the stolen data included emails containing “normal and daily exchanges” and technical content.

However, hackers claim to have obtained 50GB of internal emails, construction plans, and contact details of the Iranian government’s Russian-backed nuclear power plant. The group also leaked some of the data on their Telegram channel. Yet, it is unclear whether the stolen data contained confidential data.

Screenshots leaked by hackers on their Telegram group

Additionally, Black Reward gave a 24-hour deadline to the government on their Twitter handle on Friday for exposing documents on the country’s nuclear program if all “political prisoners, prisoners of conscience and people arrested in the recent protests.” aren’t released.

“Unlike Westerners, we do not flirt with criminal mullahs,” Black Reward wrote.

On Saturday, the group released some data on social media, which included a brief clip from a nuclear site in Iran and documents containing payslips, agreements, and maps.

**Background Information**

According to the agency’s statement on Sunday, as **reported** by Reuters, in this “foreign-backed attack,” the attackers’ agenda seems to be an attempt to escalate tension amidst Mahsa Amini’s death and subsequent protests that have gripped Iran for weeks.

For your information, the Iranian government is dealing with public demonstrations after the suspicious death of a 22-year-old female, Mahsa Amini. The country’s moral police detained her for allegedly violating Iran’s dress code for women.

After her death, Iran has seen an unprecedented increase in large-scale cyber attacks on its critical government infrastructure. For instance, **Anonymous hackers have launched OpIran** in support of protestors, while hackers from different backgrounds are **using Telegram and dark web platforms** to teach Iranians how to evade government censorship, how to use VPN, and even carry out cyberattacks against the country’s sensitive targets.

1.  **Iran’s Top Tier Airline Mahan Air Hit by Cyberattack**
2.  **Iran’s Largest Steel Producer Hit By Crippling Cyberattack**
3.  **The US Charges 3 Iranian Hackers Over Ransomware Attacks**
4.  **Smartphones of Iran’s protest detainees targeted with spyware**
5.  **Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Black Reward Hackers Steal Trove of Emails from Iran’s Atomic Energy Agency

By Waqas
Fact: Medical devices are often designed with convenience and functionality in mind, rather than security. 
This is a post from HackRead.com Read the original post: Why IoT Security in Healthcare is Crucial

When it comes to health care, the stakes are high. That’s why IoT security for healthcare is crucial. IoT devices are becoming increasingly prevalent in healthcare. From wearable devices to medical implants, these devices have the potential to revolutionize patient care. However, they also introduce new security risks.

Medical devices are often designed with convenience and functionality in mind, rather than security. This can make them easy targets for attackers. If an attacker gains access to a device, they could potentially exploit it to steal sensitive data or disrupt critical operations.

The Internet of Things (IoT) has also become a powerful tool for individuals and businesses to leverage. By connecting devices to a network, they can be utilized to generate vast volumes of crucial information that aid in business models and effective process management.

In healthcare institutions, IoT devices are just like regular networked devices. It is crucial that these devices are kept safe as part of cyber security practices in the industry. Healthcare institutions have some powerful options available to them to secure their attack surface in this modern age, though. 

Sepio, for example, has developed a solution for healthcare IoT security. Their solution monitors IoT hardware devices, in real-time to give healthcare facilities full asset visibility.

**Healthcare industry Uses of IoT Technology**

Advancements in healthcare IoT devices are being made at a rapid pace with healthcare institutions taking full advantage of the improvements they bring. 

**Handheld Smart Devices**

These devices are typically utilized to give caregivers immediate access to accurate patient history and up-to-date diagnostic and personal information. This is possibly one of the healthcare industry’s most useful and widely utilized IoT devices.

Some institutions even pair these handheld devices with other technologies like smart pens. Apart from the ability to be used for writing, these pens can record pen strokes and transmit information to servers in real-time.

**Monitoring Tools**

A large part of any healthcare institution’s data collection comes from monitoring patient vitals in real-time. For this purpose, monitors can be utilized that are capable of remotely connecting to nurses’ or caregivers’ stations or even their own mobile devices. It provides greatly increased versatility since a patient can now be mobile throughout the ward or even the entire hospital. 

**Remotely Operated Medical Pumps**

These kinds of pumps make up the majority of IoT devices in use. From general-use infusion pumps to insulin pumps for diabetic patients, medical pumps ensure that patients receive closely regulated quantities of fluids such as blood, medicine, and insulin.

However, the bad news is that according to a recent study, 75% of tested smart Infusion Pumps were found vulnerable to remote attacks.

Medical IoT pumps allow caregivers to monitor patients recovering from home, providing quality of life to those who otherwise would have been confined to hospitals. Typically, these devices need to conform to security standards prescribed by the NIST.

These are just some of the many devices in use by the healthcare industry today.

**How has IoT Transformed the Healthcare Industry? **

From the list above it should be clear that not only have IoT devices in healthcare improved the mobility of patients, but it has also had a significant impact on the available medical staff.

IoT devices have improved the care given by healthcare institutions too. By providing timely and accurate diagnostic information to caregivers, medical decisions can be made in time to save lives, improving the quality of care for so many people.

**Healthcare IoT an Unmistakable Target**

Looking back at the devices we covered, we should also mention that these devices are amongst the most attacked by threat actors. Gaining access to personally identifiable patient information along with a good chance of seizing financial information too, can be a massive payload to threat actors.

Ransomware attacks are one of the most common cyber security attacks aimed at Medical IoT devices. Healthcare institutions would typically need to cooperate since the lives of their patients can be endangered by these threat actors. 

In some cases, IoT devices may even be used to launch attacks on other systems. For example, the WannaCry ransomware attack on England’s NHS exploited a flaw in Windows XP that had been previously identified by the NSA. The attack impacted hospitals around the world, causing appointment cancellations and disrupting patient care.

Although the trend is changing, most healthcare institutions don’t necessarily care whether devices are HIPAA compliant, or whether they are sufficiently encrypted. Threat actors easily target these healthcare IoT devices. 

**Why is IoT Security so Crucial in the Healthcare Industry?**

An inadequate cyber security system could mean the difference between life and death for a patient if it is not in place. By neglecting the remediation of vulnerabilities in healthcare IoT devices vast volumes of personal patient information could leak during a breach. Having devastating effects on both patients and the institutions they trusted with their information and care.

**Conclusion**

The unfortunate truth is that the healthcare industry will remain a high-level target for threat actors and that healthcare institutions need to ensure that they do everything in their power to keep IoT devices safe from breaches. Making IoT security crucial to this industry.

1.  Importance Of Medical Alert Devices In 2021
2.  Shared clinical workstation security and access
3.  Intel chip flaw left cars, medical and IoT devices vulnerable
4.  White hat hacker infects smart coffee machine with ransomware
5.  Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Why IoT Security in Healthcare is Crucial

By Owais Sultan
Proxy servers aren’t foolproof solutions for hiding your identity and facilitating anonymous connections. As human-made tools, they’re prone…
This is a post from HackRead.com Read the original post: Tools for Testing Your Proxy Servers

Proxy servers aren’t foolproof solutions for hiding your identity and facilitating anonymous connections. As human-made tools, they’re prone to fail, especially when connected to unstable internet or poorly configured.

Once you lose the link to your proxy server, your device will connect directly to websites with your ISP-generated IP address. That leaves every detail of your connection open, risking IP blocks and malware infection.

**How to Test Your Proxy Connections**

Testing proxy server connections is mandatory when scraping data and surfing the web anonymously. IP leaks during these serious activities have drastic consequences. The frenzied way bots work, whether they be for buying sneakers or gathering market intelligence, can raise suspicion, leading to the closure of one’s accounts.

When harvesting data from the internet, the leaking of IPs will cause the blocking of your scraping bots. Additionally, hackers can access your financial and private data when your connections are open. Use proxy testers to maintain stable proxy connections and keep your online activities secure and confidential. Here are some of the popular ones.

**IP Checkers**

IP checkers are robust tools for checking the connectivity and performance of your proxy servers. These tools provide an easy way to manage digital network connections through IP address filtration, allocation, and management. IP trackers operate differently, but their most basic function is providing a database of all connected IPs. They scan and provide accurate details of configured and active IPs.

Top-tier IP checkers include Advanced IP Scanner, Angry IP Scanner, and BlueCat. These IP checkers reveal your HTTP headers and location. Accurate details of your proxy connection location and IPs protect against connecting to insecure websites or getting blocked by streaming services or geo-censored websites.

**FOGLDN Proxy Tester**

FOGLDN Proxy Tester is the best tool for checking the speed of your rotating proxy connections. The tester generates real-time, direct ping times to all websites you’re connected to. It auto-generates connection speeds, giving accurate details of the time taken to authenticate and confirm a connection. For that reason, you can use FOGLDN to monitor your proxy server latency.

FOGLDN Proxy Tester is user-friendly and affordable. However, it doesn’t give clear reasons when tests fail. In addition, the tool won’t convey anonymity level, proxy location, and usage type.

**Hidemy.name**

Hidemy.name is the most sophisticated and efficient free proxy checker. The tool gives comprehensive details of proxies, including anonymity level, proxy type, connection speed, and precise location. It automatically detects proxies collected from different websites, often filtered per protocol type, including SOCKS5, HTTP, and HTTPS.

Hidemy.name offers robust AES 256-bit encryption and strong leak protection. It can tell exactly how secure and anonymous a proxy connection is while enabling you to know the probability of a proxy server connection leaking. It categorizes connections according to anonymity levels.

**IP Databases**

Other crucial tools to use with your proxy servers are IP databases. These IP revealing tools contain a dataset of IP addresses, enabling you to tell an IP’s location. Rotating proxies generate a collection of alternative IP addresses. If an IP gets blocked by certain websites, you won’t know unless you try to access the website to no avail. The best thing about IP databases is that they provide comprehensive details of all proxies, including the ones blocked from accessing certain websites.

Let’s say you use YourPrivateProxy as your proxy provider. You can check the proxies against IP databases to ensure they’re viable. This way, you can always be sure that your connection is secure.

IP databases also give signals of blocklisted IP addresses, protecting you from connecting to such IPs and risking getting blocked. IP databases provide varied kinds of data, including the location and type of IP address, the domain name, and the usage type.

1.  Proxy or VPN for Netflix – Which is Best?
2.  Can You Secure Your Smartphone with a Proxy?
3.  What is VPN and what does data logging by a VPN means?
4.  911 (911.re) Proxy Service Shuts Down After Security Breach
5.  Mirai Variant Turns IoT Devices into Proxy Servers for Cryptomining

**Conclusion**

Proxies aren’t inherently designed to function error-free, delivering 100% uptime, outstanding speeds, and high anonymity levels. High-quality and well-configured paid rotating proxies will provide near-perfect connections, but even that is not 100% guaranteed. Despite accurate configurations and full-time maintenance, you must expect proxy servers to fail in some instances.

Cut the risks of dealing with leaked IP addresses and insecure connections by using proxy testers to maximize the work of proxy servers. Remember to identify and use subscription-based proxies confirmed to match the highest standards of anonymity, security, uptime, and speed.

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Tools for Testing Your Proxy Servers

By Deeba Ahmed
This hybrid method can provide improved predictions from one week before the fire using finer scales (4kmx4km resolution). 
This is a post from HackRead.com Read the original post: AI-based Model to Predict Extreme Wildfire Danger

Researchers at Gwangju Institute of Science and Technology have developed an AI-based, hybrid system to predict wildfire danger. This brand-new, innovative forecast system combines deep learning algorithms with the currently available forecast models for accurately detecting wildfire conditions and enhanced coverage of existing models.

**Wildfire Danger- A Rising Threat to Survival**

No doubt, raging wildfires across the world are causing substantial economic damage. Also concerning is the ever-increasing number of fatalities caused by wildfires. If there’s a system that can predict this catastrophic event, it can substantially decrease damage since the available forecast systems aren’t as accurate or effective. Due to the limitations of these systems, it becomes impossible to predict an upcoming wildfire.  

**Details of the New AI-based Model**

According to researchers, an Artificial intelligence (AI)\-based model can help predict wildfires better than conventional methods because of the involvement of deep learning, which improves prediction accuracy.

Moreover, AI-based mode can determine where and when the fire will happen. This can also help in resource allocation and improving fire prevention. Applying a deep learning algorithm can enhance wildfire danger predictability in the Western US.

> “This study is a big step forward as it demonstrates the potential of such an effort for enhancing fire danger prediction without the need for extra computing power.”
> 
> Dr. Rackhun Son – Lead author

The research results from a joint effort between US and South Korean researchers. This hybrid method can provide improved predictions from one week before the fire using finer scales (4kmx4km resolution). This can significantly improve fire management and suppression.

**What Makes it Different from other AI-based Methods?**

AI methods involving the use of data can infer things considerably well, but it is still difficult to determine how it achieved the inference. Researchers combined AI’s deep learning algorithm with computer models that worked on physical principles. This combination helped them diagnose extreme levels of fire danger.

Hence, benefitting from the AI-based model’s computational edge. These predictions are made after considering geographic features and strong winds. Such as in the Western US, where high canyons and mountains are widespread, this method can help make accurate predictions, which coarser models can find difficult. This model can eliminate the reliance on regional downscaling, which is more expensive, computationally exhausting, and time-consuming.

High-resolution deep learning-assisted wildfire prediction

**An Ongoing Research….**

Co-author of the research, Prof. Kyo-Sun Lim from Kyungpook National University, Korea, stated that the newly developed AI-based model could make accurate high-resolution fire forecasts in much less time and is relatively more cost-effective than traditional systems. He further noted that in this study, they tested AI for fire danger prediction in the Western US but plan to apply it to weather extremities in other parts of the world.

1.  How to use AI in cybersecurity?
2.  Fields of application of artificial intelligence
3.  Website uses AI to create utterly realistic human faces
4.  Microsoft patent reveals chatbot to talk to dead people
5.  This AI Can Generate Unique and Free Bored Ape NFTs

Source

HackRead