The first Thursday in May is a special day. For over a decade, this day has been celebrated as World Password Day. For us at Kaspersky, it’s an important occasion; we don’t throw a party, but rather take the opportunity to once again remind you of one of the important things in life. That’s right — passwords! So let’s discuss how to create them, where to store them securely, and why “qwerty12345” is a no-no. This conversation is crucial because many people still rely on weak and reused passwords that are too easy to guess and have repeatedly fallen into the hands of hackers. Why this happens a ..read more

Evidence-based approach toward IT product security assessment is a powerful tool that allows to evaluate the trustworthiness of solutions. That is why since year 2018 we continue to expand our Global Transparency Initiative all over the world. Just at the end of April we opened our twelfth Transparency Center in Istanbul, Turkey, where our partners and customers, as well as cybersecurity regulators can learn more about our solutions, review the source code of our on-premise products, software updates, and threat detection rules. Additionally, visitors can check the results of independent audit ..read more

You’ve probably received more than a few spam or phishing emails from addresses belonging to seemingly reputable organizations. This may have left you wondering how attackers manage this feat, and perhaps even concerned if anyone out there sends malicious emails under your own company’s name. The good news is that several technologies exist to combat emails sent on someone else’s behalf: Sender Policy Framework (SPF); DomainKeys Identified Mail (DKIM); and Domain-based Message Authentication, Reporting, and Conformance (DMARC). The not-so-good news is that attackers occasionally discover ways ..read more

Episode 344 of the Transatlantic Cable podcast kicks off with news that Grindr is being sued or sharing sensitive user data with third-parties. From there the team talk about news from the U.K, which shows that a third of 5-7 year old children already have their own mobile phones. To wrap up, the team talk about news that Meta AI is now inserting itself into Facebook group chats, but it doesn’t always go to plan. If you like what you heard please consider subscribing. Grindr sued for allegedly revealing users’ HIV status Ofcom: Almost a quarter of kids aged 5-7 have smartphones Meta’s AI tell ..read more

Israeli researchers from Offensive AI Lab have published a paper describing a method for restoring the text of intercepted AI chatbot messages. Today we take a look at how this attack works, and how dangerous it is in reality. What information can be extracted from intercepted AI chatbot messages? Naturally, chatbots send messages in encrypted form. All the same, the implementation of large language models (LLMs) and the chatbots built on them harbors a number of features that seriously weaken the encryption. Combined, these features make it possible to carry out a side-channel attack when the ..read more

When it comes to spam, we usually think of a bunch of absolutely irrelevant advertising letters, which antispam engines filter out with no trouble at all. However, this is far from the most unpleasant thing that can fall into your mailbox. Sometimes spam is used to carry out a DDoS attack on corporate email addresses, and the victim gets bombarded with completely legitimate emails that don’t raise any suspicion of a standard antispam engine. Registration confirmations attack In order to perform a mail bomb attack, attackers can exploit the registration mechanisms on the web resources of totall ..read more

The EU’s Digital Markets Act (DMA) requires major tech companies to make their products more open and interoperable in order to increase competition. Thanks to the DMA, iOS will soon permit third-party app stores to be installed on it, and major messaging platforms will need to allow communication with other similar apps — creating cross-platform compatibility. Meta (Facebook) engineers recently detailed how this compatibility will be implemented in its WhatsApp and Messenger. The benefits of interoperability are clear to anyone who’s ever texted or emailed. You’ll be able to send or receive m ..read more

Episode 343 of the Transatlantic Cable podcast begins with news that Instagram is testing a tool to help tackle ‘sextortion’, or intimate image abuse. Following that, the team discuss how criminals are increasingly using A.I to defraud consumers out of their money. The last two stories look at X and ransomware. The first story focuses on how X is automatically removing “twitter” from URLs, providing scammers with a real opportunity – finally, the last story looks at how some ransomware gangs are trying their luck at calling the front desk of businesses, to try to leverage payment out of them ..read more

The industrial scale of surveillance of internet users is a topic we keep returning to. Every click on a website, every scroll in a mobile app, and every word you type into a search bar is tracked by dozens of tech companies and advertising firms. And it affects not only phones and computers, but also smart watches, smart TVs and speakers — even cars. As it turns out, these motherlodes of information are used not only by advertisers offering vacuum cleaners or travel insurance. Through various intermediary companies, this data is snapped up by security agencies of all stripes: police, intellig ..read more

Scientific research of hardware vulnerabilities often paints captivating espionage scenarios, and a recent study by researchers from universities in the United States and China is no exception. They found a way to steal data from surveillance cameras by analyzing their stray electromagnetic emissions — aptly naming the attack EM Eye. Reconstructing information from stray emissions Let’s imagine a scenario: a secret room in a hotel with restricted access is hosting confidential negotiations, with the identities of the folks in attendance in this room also deemed sensitive information. There’s a ..read more