The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse.

When a website’s user database gets compromised, that information invariably turns up on hacker forums. There, denizens with computer rigs that are built primarily for mining virtual currencies can set to work using those systems to crack passwords.

How successful this password cracking is depends a great deal on the length of one’s password and the type of password hashing algorithm the victim website uses to obfuscate user passwords. But a decent crypto-mining rig can quickly crack a majority of password hashes generated with MD5 (one of the weaker and more commonly-used password hashing algorithms).

“You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar, chief technology officer at security firm Emsisoft.

From there, the list of email addresses and corresponding cracked passwords will be run through various automated tools that can check how many email address and password pairs in a given leaked data set also work at other popular websites (and heaven help those who’ve re-used their email password elsewhere).

This sifting of databases for low-hanging fruit and password re-use most often yields less than a one percent success rate — and usually far less than one percent.

But even a hit rate below one percent can be a profitable haul for fraudsters, particularly when they’re password testing databases with millions of users. From there, the credentials are eventually used for fraud and resold in bulk to legally murky online services that index and resell access to breached data.

Much like WeLeakInfo and others operated before being shut down by law enforcement agencies, these services sell access to anyone who wants to search through billions of stolen credentials by email address, username, password, Internet address, and a variety of other typical database fields.

TARGETED PHISHING

So hopefully by this point it should be clear why re-using passwords is generally a bad idea. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database.

Earlier this month, customers of the soccer jersey retailer classicfootballshirts.co.uk started receiving emails with a “cash back” offer. The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. The emails encouraged recipients to click a link to accept the cash back offer, and the link went to a look-alike domain that requested bank information.

The targeted phishing message that went out to classicfootballshirts.co.uk customers this month.

“It soon became clear that customer data relating to historic orders had been compromised to conduct this attack,” Classicfootballshirts said in a statement about the incident.

Allison Nixon, chief research officer with New York City-based cyber intelligence firm Unit221B, recalled what happened in the weeks leading up to Dec. 22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers.

Nixon said she and her colleagues noticed in the preceding months a huge uptick in SIM-swapping attacks, a scheme in which fraudsters trick or bribe employees at wireless phone companies into redirecting the target’s text messages and phone calls to a device they control. From there, the attackers can reset the password for any online account that allows password resets via SMS.

“A week or two prior to that we were seeing a whole lot of SIM swapping activity,” Nixon said. “We knew the information was coming from some database but we couldn’t figure out what service they all had in common. After the Ledger database got leaked publicly, we started looking at the [SIM swapping] victims and found 100 percent of them were present in the Ledger database.”

In a statement about the breach, Ledger said the data was likely stolen in June 2020, meaning hackers had roughly six months to launch targeted attacks using extremely detailed information about customers.

“If you were to look [on cybercrime forums] at the past history of people posting about that Ledger database, you’d see people were selling it privately for months prior to that,” Nixon said. “It seems like this database was slowly percolating out wider and wider, until someone decided to remove a lot of its value by posting the whole thing publicly.”

Here are some tips to help avoid falling prey to incessant data breaches and increasingly sophisticated phishing schemes:

Avoid clicking on links and attachments in email, even in messages that appear to be sent from someone you have heard from previously. And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing.

Urgency should be a giant red flag. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly. Take a deep breath. If you’re unsure whether the message is legitimate, visit the site or service in question manually (ideally, using a browser bookmark so as to avoid potential typosquatting sites).

Don’t re-use passwords. If you’re the kind of person who likes to use the same password across multiple sites, then you definitely need to be using a password manager. That’s because password managers handle the tedious task of creating and remembering unique, complex passwords on your behalf; all you need to do is remember a single, strong master password or passphrase. In essence, you effectively get to use the same password across all Web sites. Some of the more popular password managers include DashlaneKeepassLastPass and Roboform.

–Phone-based phishing uses hacked databases, too: A great many scams are perpetrated over the phone, leveraging personal and financial information gleaned from past data breaches to make them sound more believable. If you think you’d never fall for someone trying to scam you over the phone, check out this story about how a tech-savvy professional got taken for thousands of dollars by a fraudster masquerading as his credit union. Remember, When in Doubt: Hang Up, Look Up, & Call Back.

from Krebs on Security https://ift.tt/3lalSKo
via IFTTT

Motorola Edge 20 Lite: Motorola apuesta por la fotografía en un teléfono 5G de gama media

Motorola Edge 20 Lite: Motorola apuesta por la fotografía en un teléfono 5G de gama media

Tras una larga espera, la nueva familia Edge de Motorola ya es una realidad. Tres han sido los modelos que ha presentado la compañía, entre los que nos podemos encontrar los Motorola Edge 20 Pro, Motorola Edge 20 y, del que en este post os vamos a hablar, el Motorola Edge 20 Lite. Este último se presenta como la alternativa mas económica de ellas, manteniendo algunas características de sus hermanos mayores que lo harán competir de lleno en la tan complicada gama media Android.

{“videoId”:”x812fik”,”autoplay”:true,”title”:”MOTOROLA MOTO G100 ANÁLISIS – ¡Los MAS EXIGENTES lo notarán!”}

Ficha técnica del Motorola Edge 20 Lite

Motorola Edge 20 Lite

DIMENSIONES Y PESO

165,9 x 76,95 x 8,23 mm
185 g

PANTALLA

OLED 6,7 pulgadas FullHD+ a 90 Hz
20:9, HDR10+, DCI-P3

PROCESADOR

MediaTek Dimensity 720 5G

RAM

8 GB

ALMACENAMIENTO

128 GB (hasta 512 GB con microSD)

CÁMARAS TRASERAS

108 MP (1/1,52″, 0,7μm), f/1.9
2 MP profundidad
UGA-macro 16 MP (119º), f/2.2

CÁMARA FRONTAL

32 MP, f/2.25

BATERÍA

5.000 mAh
Carga rápida 30 W

SISTEMA OPERATIVO

Android 11

CONECTIVIDAD

Wi-Fi 802.11 a/b/g/n/ac
2.4/5 GHz
Bluetooth 5.0, NFC, radio
GPS, AGPS, LTEPP, SUPL, Glonass, Galileo

OTROS

IP52, 2 micrófonos, dual SIM

PRECIO

Desde 349 euros

Un diseño en consonancia con toda la gama

A nivel estético, el nuevo Motorola Edge 20 Lite muestra unas líneas que para nada sorprenden dentro de la familia de productos de Motorola. Seguimos mantenido el logo de la marca en su parte central, y nos encontramos con un módulo de cámaras de generosas dimensiones que gana protagonismo en el diseño manteniendo el mismo color de la parte trasera del dispositivo.

Motorola Edge 20 Lite 3

Y, hablando del color, la firma americana ha decidido dotar a su modelo Lite de dos acabados entre los que podemos ver un color Electric Graphite y Lagoon Green, es decir, negro y verde.

Otros detalles que nos llaman la atención es la inclusión de un jack de 3,5mm en su parte inferior junto a la conexión USB-C, lector de huellas en el botón de desbloqueo e incluso una resistencia al agua y al polvo que alcanza la certificación IP52.

Motorola Edge 20 Lite 5

Echando un vistazo al panel elegido para montar en este modelo Lite, nos encontramos con una pantalla con tecnología OLED, algo no demasiado habitual en estos rangos de precio, acompañada de una resolución Full HD+, tasa de refresco de hasta 90 Hz e incluso compatibilidad con HDR10+. Ésta muestra un buen aprovechamiento de sus marcos laterales gracias a la utilización del agujero en pantalla para su cámara frontal.

Procesador Mediatek al mando de las operaciones

Una de las grandes diferencias que vamos a encontrar con respecto a sus hermanos mayores va a ser la elección del procesador. En este caso, contamos con un chipset firmado por Mediatek, concretamente el Dimensity 720 5G, el cual llega acompañado de una única variante de 8 GB de RAM junto a 128 GB de almacenamiento interno ampliables con tarjetas micro SD de hasta 512 GB.

Motorola Edge 20 Lite 6

Otro aspecto interesante es que contamos con conectividad 5G, algo importante teniendo en cuenta el precio del producto, además de una generosa batería con 5.000 mAh de capacidad que es compatible con una carga rápida que alcanza los 30 W de potencia.

Combinado con este hardware, tendremos disponible la última versión más reciente del sistema operativo, Android 11, el cual, tal y como nos tiene acostumbrados Motorola, llegará con algunas funcionalidades extra manteniendo la estética stock de este software.

Motorola no se olvida de los 108 megapíxeles en el modelo Lite

Una de las grandes sorpresas que nos encontramos en el teléfono más económico de la familia Motorola Edge 20 es la elección del mismo sensor de 108 megapíxeles que nos encontramos en sus hermanos. Parece ser que Motorola no quiere dejar de lado el apartado fotográfico en este dispositivo, por lo que, al menos sobre el papel, nos encontraremos con un resultado idéntico con respecto a los modelos estándar y pro. Para completar este apartado, la compañía ha dotado al Edge 20 Lite de los siguientes sensores:

Motorola Edge 20 Lite 1

  • Sensor principal de 108 megapíxeles con una lente de apertura f/1.9
  • Gran angular con sensor de 16 megapíxeles y lente con apertura f/2.2
  • Sensor de profundidad de 2 megapíxeles
  • Cámara frontal de 32 megapíxeles con apertura f/2.25

Precio y disponibilidad del Motorola Edge 20 Lite

Motorola Edge 20 Lite 2

El nuevo Motorola Edge 20 Lite estará disponible a lo largo de las próximas semanas a un precio oficial de 349 euros. Se pondrá a la venta en una única versión de 8 GB de memoria RAM y 128 GB de almacenamiento, pudiendo seleccionarlo hasta en dos acabados diferentes: Electric Graphite y Lagoon Green.


La noticia

Motorola Edge 20 Lite: Motorola apuesta por la fotografía en un teléfono 5G de gama media

fue publicada originalmente en

Xataka Android

por
Daniel Vega

.

from Xataka Android https://ift.tt/2WDqQ8l
via IFTTT

Motorola Edge 20 y 20 Pro: un acercamiento a la gama más alta con pantallas de 144 Hz y cámaras de 108 MP

Motorola Edge 20 y 20 Pro: un acercamiento a la gama más alta con pantallas de 144 Hz y cámaras de 108 MP

Aunque su paso por TENAA ya nos adelantó gran parte de sus especificaciones, ha sido hoy cuando hemos conocido oficialmente la nueva serie Motorola Edge 20, que llega para suceder al Motorola Edge y al Motorola Edge+ del año pasado. En esta ocasión, la compañía ha presentado de golpe tres dispositivos: el Motorola Edge 20, el Motorola Edge 20 Pro y el Motorola Edge 20 Lite.

A continuación, nos vamos a detener en los dos modelos más avanzados, que además de un diseño elegante, superan a la generación anterior con procesadores más potentes, cámaras mejoradas, mayor frecuencia de refresco y velocidad de carga más rápida. Vamos a verlos en detalle.


Continue reading