Make a blog

benedettireg

2 weeks ago

Online Security: Fraud detection firm outs $1b Russian ad-fraud gang and its robo-browsing Methbot

A $1 billion Russia-based criminal gang has been bilking online advertisers by impersonating high-profile Web sites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post and selling phony ad slots, but that’s about to end.

 

Online fraud-prevention firm White Ops is releasing data today that will enable online advertisers and ad marketplaces to block the efforts of the group, which is cashing in on its intimate knowledge of the automated infrastructure that controls the buying and selling of video ads.

 

The group has been ramping up its activities since October so that it now reaps roughly $3 million to $5 million per day from unsuspecting advertisers and gives them nothing in return, says White Ops, which discovered the first hints of the scam in September.

 

When someone clicks on a video that’s posted to a Web page, the video is often preceded by a short advertising video known as pre-roll. The pre-roll slot is sold realtime – within 100 milliseconds – via an automated auction. That click to request the video is what initiates the ad auction, and the browser directly receives the pre-roll from the advertiser that wins, says White Ops CEO Michael Tiffany.

 

The system relies on information provided by the browser to verify what site the browser user is visiting and that it actually receives the pre-roll ad. “The ecosystem believes what the browser says about what site you’re at,” he says.

 

Beware Methobot

 

The gang, which Tiffany calls AFT13, has created a robo-browser called Methbot that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions. So Methbot contacts an ad exchange and says it needs a pre-roll for a video on Vogue.com, for example. The system runs an instant auction, settles on an ad and sends it to Methbot, which verifies that it received it and played it.

 

Then the advertiser pays the entity the website that the browser claimed to be visiting, but that entity resolves ultimately to AFK13, not to Voguecom, in this example, he says.

 

Beyond this, AFK13 spoofs the geolocation of the IP addresses that the Methbot servers use so it seems they are all owned by U.S. internet service providers. The proxy IP addresses mask the fact that Methbot traffic is generated by servers as opposed to individual personal computers generating legitimate traffic. It also hides that the servers are located in data centers in Dallas and Amsterdam.

 

This helps Methbot duck detection mechanisms that look for a few IP addresses that generate enormous volumes of requests Tiffany says, enabling AFK13 to sell 200 million to 300 million false ad impressions per day for 1.3 cents per view on average, White Ops says. The fraud network does its work from an estimated 800 to 1,000 nodes in its data centers and operates 24 hours per day, with a sales cycle of 5 seconds per impression.

 

Methbot further avoids detection by selling the ads on more than 6,000 domains representing about 250,000 URLs.

 

To pull this all off, AFK13 has amassed an impressive infrastructure that includes:

 

•    The servers that generate all the Methbot browser activity.
•    A bank of 500,000 IPv4 addresses (worth about $4 million if sold on the open market).
•    A means of registering those IP addresses so they appear to be allocated to U.S. ISPs.
•    Methbot software.

 

The software has been upgraded over the period that White Ops became aware of it, Tiffany says. For example, White Ops first caught on to the scam when it noted a small error in an HTTP header used by the group. One value, known as Cache-Control, contained a colon, which violated the specification for that value. Since then the error has been corrected.

 

White Op has been blocking Methbot traffic for its customers, but the only way to stop it entirely is to release the list of URLs indicative of Methbot, the IP addresses used by AFK13 and the list of publisher domains it forges.

 

Tiffany says White Ops has also notified the FBI about the scam.

3 weeks ago

Tokyo Online Security: US Leads The World In Online Fraud

Global retailers can expect 12 per cent growth in online fraudulent activity in the upcoming holiday season, compared with the same period last year — and lower ticket prices on fraudster-targeted gifts and products.

 

That’s the analysis which falls out of new benchmark data from ACI Worldwide.

 

The data, based on hundreds of millions of transactions from retailers globally, provides advice that merchants can leverage to protect against fraudulent activity this holiday season.

 

•    Card Not Present (CNP) global online fraud attempt rates are expected to increase 12 per cent by volume over the same peak holiday period in 2015 — with sales to increase by nearly the same rate (13 per cent) in 2016.
o    Fraud and new business growth are rising at the same rate globally.
•    S. CNP fraud attempt rates are expected to increase by 43 per cent by volume.
o    Following the US adoption of EMV chip cards, which protects card data through encryption, fraud is shifting online as fraudsters are more effectively deterred from in-store fraud.
•    The 2015 trend of lower ticket prices will continue in 2016, due to alternative shipping methods (e.g. buy online/pick-up in-store), low-priced electronics and promotions.
o    In the US, attempted fraud average ticket value (ATV), or a retailer’s average size of individual sales by credit card, is expected to decline from $239 to $219, an 8 per cent decrease.
o    Fraudsters are expected to focus on cosmetics, cordless headphones, sneakers and other lower-priced items (including ‘Gift with Purchase’ products) that can be easily resold on the black market or via auction websites

 

According to Mike Braatz, chief product officer, ACI Worldwide, “Fraud is increasing at a rate nearly equal to general retail growth globally — and is exponentially increasing in the US, due to a seismic shift from in-store to online activity.”

 

He added, “Because fraudulent activity is now considered to be an everyday occurrence, consumers and merchants must take every precaution as we head into peak holiday shopping season.”

 

Fraud will peak on Christmas Eve with nearly 2.5 per cent fraud, due to the popularity of gift cards and last-minute shopping via buy online-pick up in-store

 

“Merchants need to understand their peak days and the sales that drive those high velocity times to ensure risk strategies are effective and efficient,” said Braatz. “It’s important to prioritize real-time fraud detection without alienating the consumer experience.”

4 weeks ago

Security and Risk Online: Experts predict 2017's biggest cybersecurity threats

From internal threats to creative ransomware to the industrial Internet of Things, security experts illuminate business cybersecurity threats likely to materialize in the next year.

 

If 2016 was the year hacking went mainstream, 2017 will be the year hackers innovate, said Adam Meyer, chief security strategist at SurfWatch Labs. Meyer analyzes large and diverse piles of data to help companies identify emerging cyber-threat trends. "2017 will be the year of increasingly creative [hacks]," he said. In the past, cybersecurity was considered the realm of IT departments, Meyer explained, but no longer. As smart companies systematically integrate security into their systems, the culture hackers too will evolve.

 

"Cybercriminals follow the money trail," Meyer said, and smart companies should adopt proactive policies. Ransomware attacks grew quickly, he said, because the attacks are "cheap to operate, and many organizations are not yet applying the proper analysis and decision-making to appropriately defend against this threat."

 

It's equally cheap to identify internal vulnerability to hacks and to apply preventative best practices, Meyer said. But for many companies it's not as easy to understand the cybersecurity threats most likely to impact business. To help, TechRepublic spoke with a number of prominent security experts about their predictions for near-future cybersecurity trends likely to impact enterprise and small business in 2017.

 

Cyber-offense and cyber-defense capacities will increase - Mark Testoni, CEO at SAP's national security arm, NS2

 

We will see an increased rate of sharing of cyber capabilities between the commercial and government spaces. Commercial threat intelligence capabilities will be adopted more broadly by organizations and corporations... High performance computing (HPC), in conjunction with adaptive machine learning (ML) capabilities, will be an essential part of network flow processing because forensic analysis can't stop an impending attack. HPC + adaptive ML capabilities will be required to implement real-time network event forecasting based on prior network behavior and current network operations... [Companies will] use HPC and adaptive ML to implement real-time behavior and pattern analysis to evaluate all network activity based on individual user roles and responsibilities to identify potential individuals within an organization that exhibit "out of the ordinary" tendencies with respect to their use of corporate data and application access.

 

Ransomware and extortion will increase - Stephen Gates, chief research intelligence analyst at NSFOCUS

 

The days of single-target ransomware will soon be a thing of the past. Next-generation ransomware paints a pretty dark picture as the self-propagating worms of the past, such as Conficker, Nimda, and Code Red, will return to prominence—but this time they will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short timespan. We have already seen this start to come to fruition with the recent attack on the San Francisco Municipal Transport Agency, where over 2,000 systems were completely locked with ransomware and likely spread on its own as a self-propagating worm. As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common.

 

As more devices become internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. Aside from the obvious risks for attacks on consumer IoT devices, there is a growing threat against industrial and municipal IoT as well. As leading manufacturers and grid power producers transition to Industry 4.0, sufficient safeguards are lacking. Not only do these IoT devices run the risk of being used to attack others, but their vulnerabilities leave them open to being used against the industrial organizations operating critical infrastructure themselves. This can lead to theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time, which can cause long-lasting, damaging results. This alone will become one of the greatest threats that countries and corporations need to brace themselves for in 2017 and beyond.

1 month ago

Tyre&Auto Southbourne Group Review: Why Car Exhausts Matter

At no time in the history of human civilization have we suffered more respiratory diseases than when we began using the combustion engine at the start of the Industrial Revolution. Today, the levels of pollution in major cities around the world have reached extreme levels. Think of such cities like LA, Mexico, Bangkok and Beijing and you can imagine the thousands of people who suffocate under the fumes expelled by millions of vehicles into the atmosphere.

 

With the introduction of alternative energy sources to operate vehicles, however, we are beginning to cope with this growing menace to human health. In the meantime, new techniques have been developed to minimize the effects of exhaust fumes from combustion engines.   

 

Here are some ways in which proper exhaust control can help:

 

1. Reduce noise level

 

A professional car servicing company can provide reduction of noise (which is a form of pollution) through proper design and installation of an exhaust pipe system. A broken exhaust pipe, a result of accidents or improper care, can increase noise levels. Immediate repair is required.

 

2. Direct exhaust away from passengers

 

The exhaust from a car is designed to be directed away passengers; hence, it is at the tail end of the car or raised high up to facilitate escape into the atmosphere. Any clogging or leaks will cause the exhaust to enter through windows or holes in the chassis. Determining this seemingly minor yet unhealthy fault can help owners experience a more comfortable ride.

 

3. Improve engine performance   

 

A defective exhaust pipe decreases the ability of the engine to maximize its burning capability, hence, diminishing its power and performance. In fact, a big percentage of an engine’s power is lost due to the inefficient disposal of the waste gases resulting from the combustion process. Think of a person’s sinusitis which prevents one from breathing out the carbon dioxide from the lungs. What we expel is as important as what we take in. So it is with a car.

 

4. Improves fuel consumption

 

With proper burning, fuel consumption becomes more efficient. It also means maximizing your money spent on petrol. A defective exhaust system reduces the mileage you get out of a liter of petrol you buy. 

 

In short, not only do we pollute the atmosphere with a faulty exhaust pipe system, we are practically burning money that virtually escapes from our pockets and enters ours lungs in the form of toxic gases and black soot. Controlling the quantity and the quality of exhaust fumes is every person’s responsibility to maintain a healthy environment.

7 months ago

41 Amazing Internet Security Blogs - Heimdal Security Company

Introduction

How do we stay up-to-date with the latest security news? Where do we find the best security solutions to fight malware? Who can we follow to learn about the latest threats and online attacks so that we can protect ourselves?

With security in our minds, no matter we are common people or a big company name, we need to understand technology if we want to prevent data loss and privacy breaches.

But with so many security blogs out there, which one should we follow?

We have put together a list of security blogs from independent individuals and big names in the IT industry, so that you can benefit from their knowledge and insight. Therefore, if you need best practices, how-to articles, online safety research or the latest security news, feel free to bookmark this article and access it whenever you feel necessary.

1. Krebs on Security

Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he takes a personal interest in online security and is one of the well-known names in today’s security landscape. He covers topics from latest threats, privacy breaches and cyber-criminals to major security news.

2. Schneier on Security

Bruce Schneider is probably the most well-known name that you can recognize in our list, and was even called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on security matters. At the same time, he is a known figure in the media environment which recognize him as an important voice for the online security, not only for his knowledge on the matter, but also because he knows how to express his opinions.

3. TaoSecurity

This security blog is run by Richard Bejtlich, Chief Security Officer at Mandiant and author of many books on security. With an extensive background on cyber-criminal world and malicious attacks on enterprise networks, he shares his experience on digital defense, network monitoring and detection on his security blog. Since a great number of network attacks come from China, he is specialized on Chinese online criminals.

4. US-CERT

This is the official website of the Department of Homeland Security, from USA.

Though it is not a classical security blog, its purpose is to improve Internet security by providing specialized and well detailed information on cyber-criminal activities, malware, phishing attempts and online threats. To use their own words: “US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cyber-security information with trusted partners around the world.”

5. Dark Reading

Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security.

Continue reading

 

9 months ago

Tips for a More Effective Social Media PR at Bacall Associates

These past few years, social media has been playing a vital role in the world of public relations. If you want to maintain good public relations for your company, then you should put a continuous effort to it. Social media shouldn't be only used as a one-time engagement strategy, but should be used in a continuous manner.

 

Read more:

 

http://benedettireg.soup.io/post/683114651/Tips-for-a-More-Effective-Social-Media

http://skopjecitytower.mk/mk?option=com_k2&view=itemlist&task=user&id=865804

http://chrisroberts2016.exteen.com/

https://medium.com/tag/bacall-associates-travel

 

10 months ago

Mossack Fonseca: Viene Andreina, hermana de la actriz Gaby Espino

Mossack Fonseca: Viene Andreina, hermana de la actriz Gaby Espino

Andreina junto a su hermana Gabriela Espino.

 

Este domingo arribará a Panamá Andreina Espino, hermana de la actriz venezolana Gaby Espino.

 

Es la primera vez que Espino visita la tierra istmeña y participará como embajadora de la compañía Mossack Fonseca en el evento Blogger & Influencer Week Panamá 2016′, que se realizará desde hoy, hasta el sábado 27 de febrero.

 

El evento reunirá a los mejores bloggers e influencers del mundo, cada uno contará su experiencia de crear contenidos de temas interesantes que impacten de forma positiva a la sociedad.

 

Andreina contará su experiencia como responsables de todo el diseño de sitios web, comercio electrónico, aplicaciones móviles de su hermana Gaby Espino.

 

Hace dos años estas hermanas impresionaron al público, con el gran parecido físico, cuando Gaby colgó una imagen en su cuenta de twitter.

 

Andreina es fundadora de Brainwave Advertising, una agencia de mercadeo digital, en Miami, Florida.

 

Visítenos en nuestra Facebook Page oficial