Monthly Archives: January 2018

Identity data

Identity data turning toxic for big companies. Wait but how?

Category : Blog

Identity data turning toxic for big companies. Wait but how? Google might be in trouble for collecting the personal data of its users, but many companies have a growing incentive to rid their hands of the data that users entrust them with. This is because of growing costs of holding onto it.

Identity data

A major cause is the rising number of cyber-attacks where hackers steal the identity data held by companies, often to sell them on to various black markets. Take the recent example of US giant Equifax, one of the top three companies in the consumer credit reporting industry. It chalked up other 2.5m identity-theft casualties to its existing toll of 143m in October 2017. The firm has suffered a steady stream of identity data

loss following a cyber-attack that took place in May this year, where hackers capitalized on weaknesses in its software.

The security breach – as a primary cause – resulted in around US$4.8 billion being wiped off Equifax’s market value from May to September 2017. It also tarnished its image and cost the firm’s longstanding CEO his job.

The Equifax data breach is just the tip of the iceberg. The latest Breach Level Index (BLI) published by digital security company Gemalto shows a mounting figure of around 9.2 billion data-record losses since 2013. The BLI also reports that only a meager 368m out of the 9.2 billion stolen records were concealed from potential hackers through the use of data-encoding technology.

The rate at which valuable identity data is flying out of the control of firms is alarming – more than 3,500 records per minute. Around 23% of the top data-breaches over the past five years contained consumers’ identity data – like names, dates-of-birth, addresses and account passwords. Corporate victims include big names such as Yahoo, eBay, and JP Morgan Chase.

The volume and sophistication of these cyber-assaults will make top-level executives of firms that hold sensitive identity data anxious about its safe-keeping.

Growing cost of regulation

As well as cyber-attacks, companies are having to contend with growing levels of regulation. As well as the regulations of the jurisdiction they are based in, when firms are spread across nations, they must also abide by international standards.

The costs of this compliance in the banking sector are increasing at an alarming rate. One report has found that banks spent nearly US$100 billion on compliance in 2016 and the global spending on meeting the regulatory requirements increased from 15% to 25% over the previous four years. This skyrocketing spend on compliance leaves little room for product development.

It has now become imperative for companies holding information on EU citizens to implement control mechanisms to protect personal data in accordance with the EU’s strict General Data Protection Regulation (GDPR) guidelines. GDPR, in essence, is about enhancing existing privacy protection. It will be enforced from May 25, 2018.

Non-compliance with GDPR may lead to fines to the tune of €20m or 4% of a firm’s global annual sales figure – whichever is greater. Already, implementing the necessary steps to adhere to the new regulation is proving to be expensive for organizations – especially firms with diverse and intertwined business portfolios.

Some estimates predict that purchasing the technology to adhere to the GDPR standards and avoid paying the exorbitant fines will cost Fortune 500 companies on average US$1m each. Add to this the costs of permanent staffing and legal advice for this compliance, you get the picture of overall spending required for one set of regulatory standards. Clearly, the price of such compliance will compel large organizations to explore the burgeoning market of cost-effective and innovative regulatory technology.

A logical solution?

At the point where the cost of protecting identity assets outweighs the benefit of storing it, it becomes toxic to the organization. As with any risk, companies must act to mitigate or remove it – in this case, breach of identity data. When similar risks emerged around the processes for securing payment card processing, solutions focused on tokenization of card information within an organization to minimize handling of clear text credit card numbers. It is hard to see how a similar approach could be applied to a multifaceted entity such as identity.

However, there is a potential in the application of decentralized technologies that have emerged from the development of cryptocurrencies such as Bitcoin. In these model’s people could choose whether a centralized entity – such as a bank, for example – would manage their identity or whether they could manage it themselves. Models for a decentralized identity are emerging with parallel developments in the creation of a decentralized web.

There are a number of challenges for both private individuals and the traditional identity provider to overcome for this move to become a reality – including wider adoption of peer-to-peer trust models. But it seems increasingly possible that the cost of cyber-attacks, together with regulatory compliance, could be the nudge that drives organizations to surrender their control over vast pools of identity data.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Communication is key

Communication is key when responding to a cyber security incident

Category : Blog

Communication is key when responding to a cybersecurity incident. There’s an old joke that goes something like this: “To err is human, but to really screw things up you’ll need a computer.”

Communication is key

Of course, it’s funny, but as we all know computers just do what they’re told (or programmed) to do.  They’ll do it to the letter, time and time again, without thinking.

And if someone hasn’t had the foresight to predict every situation that a computer program may encounter (unexpected end of a file, divide by zero, too much data to fit into the space allotted for it) then things might go wrong.

In short, it’s probably fairer to say:

“To err is human, but to really screw up you’ll need a human to program a computer.”

which is when an effective communication takes place. The point is that even the most carefully thought through systems and processes might contain bugs and unexpected wrinkles which only come to light when something disastrous happens.

Earlier this month something bad happened in Hawaii.  A mistake by a human operator saw a computer system send a terrifying message to residents of Hawaii, warning that a missile was about to strike:

“Ballistic missile threat inbounds to Hawaii.  Seek immediate shelter. This is not a drill.”

Thankfully, the message turned out to be a false alarm.  But it took a full 38 minutes for the follow-up “Don’t panic” message to be sent to citizens who had been scurrying to find shelter or reach loved ones.

There has been much said about how it was possible for an incorrect missile warning message to be sent, but I’m actually more interested in why it took so long to communicate the truth to a petrified public. which is why Communication is key when responding to a cybersecurity incident.

One issue seems to have been that although there were processes in place for sending out missile warnings, there weren’t such smoothly-run systems for releasing corrections rapidly.

Furthermore, the office of Hawaii’s governor David Ige knew that it was a false alarm just two minutes after the alert had been sent state-wide to mobile phones.  And yet it took Ige 17 minutes to send a tweet saying there was no missile threat.

The reason? The Governor of Hawaii had a simple explanation. He forgot how to log into Twitter:

“I have to confess that I don’t know my Twitter account log-on and the passwords, so certainly that’s one of the changes that I’ve made. I’ve been putting that on my phone so that we can access the social media directly.”

Clearly, he wasn’t following the example set by some of the staff at Hawaii’s missile alert agency, who were keeping their passwords on Post-it notes.

On reflection, it’s clear that human error, compounded by poor user interface design, caused the bogus missile alert to be sent out.  Such things shouldn’t happen, but – unfortunately – sometimes they do happen.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Healthcare Industry

Healthcare industry getting affected by cyber

Category : Blog

Healthcare industry getting affected by cyber. The Healthcare industry has featured in the top 5 industries attacked by cyber criminals for a number of years now. The WannaCry ransomware attack earlier this year that affected many health trusts across England and Scotland brought the health impact of the cyber threat to the forefront of media and political debate in the run up to the 2017 General Election. So why would anyone want to attack healthcare and what are the threats?

Healthcare Industry

2016 was a very difficult year for healthcare industry when it came to cyber-attacks and developing cyber threats.  According to the TrapX Security 2016 Healthcare Cyber Breach Research report, “the nature of the threat continues to diversify into a greater variety of complex attacks promoted by sophisticated and persistent human attackers. These attacks against hospitals and medical organisations are still driven by the lucrative economic rewards for organised crime. Medical records are among the most complete set of records available and, hence, are in demand for a variety of reasons.”

In October 2016, Ben Gummer, Minister for the Cabinet Office and Paymaster General warned that the NHS was at risk of cyber-attacks, saying that “hacking is “no longer the stuff of spy thrillers and action movies” but a clear and present threat and large quantities of sensitive data held by the NHS and the Government is being targeted by hackers.”

In January 2017 Barts Health Trust warn its staff that the trust’s four hospitals in East London: The Royal London, St Bartholomew’s, Whipps Cross and Newham were experiencing a “ransomware virus attack.”  This came after similar attacks on Northern Lincolnshire and Goole Foundation trust in the previous October.

A report on the Deep Web black market for electronic health records (EHRs) by researchers affiliated with the Institute for Critical Infrastructure Technology pointed out that “healthcare systems are relentlessly and incessantly attacked by different types of attackers.”

One of the reasons that healthcare industry remain vulnerable is that many legacy systems and devices lack the ability to be updated and patched, yet are connected to networks.  Or the updating of systems, often via patches provided free from operating system vendors, is not seen as a priority by senior managers and something “IT are responsible for”. It therefore doesn’t matter if the newer devices are completely up to date as the organisation’s “Internet of Medical Things (IoMT)” becomes vulnerable to its weakest link.

Medical records, especially but not exclusively in the USA, by dint of their comprehensive nature, sell for hundreds of dollars on the Dark Web and there is no shortage of them.  According to the IB Times last year, a hacker claimed to have broken into multiple healthcare databases across America and listed a fresh trove of 9.2m records on a Dark Web based marketplace for 750 bitcoins (£368,000). The vendor, using the pseudonym ‘The Dark Overlord’, claims the plaintext 2GB database includes names, addresses, emails, phone numbers, date of births and Social Security Numbers (SSNs) belonging to 9,278,352 Americans.

However, for those compromised, many don’t realise that their records can be sold repeatedly by the criminal networks operating in the Dark Web and that this could cause long term problems.  Information that is contained in medical records can be used for many different types of identity fraud and phishing attacks and because of its comprehensive nature, the threat from these can persist for many years.

In the UK, the attack vector seems to be different to the USA and attacks are mainly via ransomware. Trying to extort money from vulnerable hospital trusts rather than individuals.   NHS hospital trusts in England reported 55 cyber-attacks in 2016, according to data obtained by the BBC from NHS Digital, who oversees cyber security.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Skygofree

Skygofree android spyware discovered

Category : Blog

Skygofree (one of the most powerful strains of Android spyware) has been discovered. Security researchers from Kaspersky have found one of the most powerful strains of Android spyware that enable attackers to take full control over the infected devices remotely.

Skygofree

The new spyware has been called Skygofree, it has been created for targeted surveillance. The researchers traced down indication of Skygofree’s activity back to 2014, but they said the spyware was most active in 2016. They also said that the spyware’s source code included many strings and comments written in the Italian language, which suggests the spyware was intentionally created to target Italian users only.

The malware could record audio through the microphone when an infected device was in a specified location and could make the device to connect to Wi-Fi networks managed by the hacker.

According to researchers: “Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam.”

Skygofree has been spread through fake web pages that are simulating leading mobile network operators, most of which have been registered by the cybercriminals since 2015.

Once installed, it shows a fake welcome notification to the victim:
“Dear Customer, we’re updating your configuration and it will be ready as soon as possible.”

At the same moment, it hides an icon and starts background services to hide further operations from the victim.

Users are recommended to download apps only from the official stores.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Blackberry hacked

Blackberry hacked to mine cryptocurrency

Category : Blog

Blackberry hacked to mine cryptocurrency. As cryptocurrency spread its roots globally, the ways of illegally earning or ‘mining’ it is also becoming advanced and much more sophisticated.

Blackberry hacked

Blackberry mobile’s website recently became a victim when hackers used it to illegally mine cryptocurrency.

With Bitcoin and other cryptocurrencies gaining popularity, hackers are finding newer ways to mine. They have now started to hack websites and use servers to mine digital currency.

How the Mining Works

The processing powers of computers are utilized by cryptocurrency miners to solve compound and complex mathematical problems and calculations.

Bitcoins or other cryptocurrencies are provided as payment to the miners for ‘their’ calculations.

Mining requires CPU memory, which is limited, so hackers find victims and hack into their computers to use their memory to mine.

This time the Blackberry website was being used to mine Monero, a digital currency that is quickly growing.

The hacker hacked into visitor’s computers to mine Monero by using CoinHive codes, the Monero mining script service that was found embedded in the code of the website.

This Blackberry hack issue was discovered by a Reddit user Rundvleeskroket.

CoinHive later apologetically explained on Reddit that a vulnerability in the Magneto webshop software was used to hack the Blackberry website by one of their users, whose account, after the discovery, was terminated for violating the terms of service.

Blackberry hacked to mine cryptocurrency. According to CoinHive, a number of different websites were also hacked due to the vulnerability in the Magneto webshop software.

Later in the same month, the technique spread to Android apps, and it seems that the list of victims is constantly growing.

A cybersecurity researcher discovered 291 Android apps that included the mining codes.

While Blackberry has removed the code and the site is now safe to use, it is unclear how many visitors had to face the burn due to this Blackberry hack incident.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


DuckDuckGo, Brave

DuckDuckGo, Brave Improving online privacy

Category : Blog

DuckDuckGo Brave Improving online privacy. The feature is accessible today via the new Brave browser desktop release 0.19.116 and will be combined in Brave Android and iOS apps in the first quarter of 2018.

DuckDuckGo Brave

Here’s how DuckDuckGo Brave are increasing online privacy together. Users that open a new private tab in Brave will be offered with an option to select DuckDuckGo as their default search engine. Other search engines track users even when they are employed inside of private browsing modes. DuckDuckGo does not ever accumulate or share users’ personal information. With over 16 billion cumulative anonymous searches as of 2017, DuckDuckGo is growing to be the world’s most trusted search engine.

Many popular sites can host as many as 70 trackers, following users around the web and compile information about their site visits. Brave, by default, stops ads and trackers that violate users’ privacy. Users get an even higher level of privacy by opening a private tab, available from the browser File menu. These tabs are not logged in History or in browsing data and are not included in Brave Payments calculations. Both Brave private tabs and their cookies disappear when the browser is closed.

In a recent study, DuckDuckGo found that isolation is now a mainstream concern in the U.S. with 24% of adults caring enough about their online privacy to take meaningful action to protect it. 65% of people would be excited to switch search engines if they knew a new search engine did not collect personal data about searches. In a January 2017 report, 84% of Americans said they would consider trying another primary web browser if it offered more features to help protect their privacy.

“A lot of people think their searches aren’t tracked in private browsing mode. Sadly, that’s not true unless you’re using a private search engine like DuckDuckGo. We are excited to partner with Brave to give people the search privacy they expect and deserve,” said Gabriel Weinberg, Founder & CEO, DuckDuckGo.

“With Brave and DuckDuckGo, users can rest ensured that we don’t see the sites they browse, that personal data is not stored, and that they are protected from trackers,” said Brendan Eich, CEO, and co-founder of Brave Software. “Users have submitted long enough from the current broken online ecosystem, and with the right tools, they can improve their privacy and take a stand against the agents that exploit their personal data.”

DuckDuckGo Brave together will prove to be a very effective team to provide its end user a seamless and smooth experience.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Wi-Fi Alliance WPA3

Wi-Fi Alliance WPA3 with new security features

Category : Blog

Wi-Fi Alliance WPA3 with new security features. The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3).

Wi-Fi Alliance WPA3

Wi-Fi Alliance WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices every day, including smartphones, laptops, and the Internet of things.

However, WPA2 has long been considered to be insecure due to its common security issue that is “unencrypted” open Wi-Fi networks, which allows anyone on the same WiFi network to intercept connections on other devices.

Most importantly, WPA2 has also recently been found vulnerable to KRACK (Key Reinstallation Attack) that makes it possible for attackers to intercept and decrypt Wi-Fi traffic passing between computers and access points.

The new standard of Wi-Fi security, which will be available for both personal and enterprise wireless devices later this year, offers improved security and privacy.

  • WPA3 protocol strengthens user privacy in open networks through individualized data encryption.
  • WPA3 protocol will also protect against brute-force dictionary attacks, preventing hackers from making multiple login attempts by using commonly used passwords.
  • WPA3 protocol also offers simplified security for devices that often have no display for configuring security settings, i.e. IoT devices.
  • Finally, there will be a 192-bit security suite for protecting WiFi users’ networks with higher security requirements, such as government, defense, and industrial organizations.

“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain it’s high-level of security as industry demands increase.”

Since hardware must get certified by the Wi-Fi Alliance to use WPA3 security protocol, the new security standard won’t arrive overnight.

It could take months for device manufacturers to support the new wireless security standard, but the first WPA3-certified devices are expected to ship later this year. More details about WPA3 have yet to be released.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Apple update

Apple update Meltdown and Specter flaws resolved

Category : Blog

Apple update Meltdown and Spectre flaws resolved. 2018 kicked off with a bang security-wise due to the announcement of the serious Meltdown and Spectre flaws found in processors widely used by a wide range of computing devices and smartphones.

Apple update

2018 kicked off with a bang security-wise due to the announcement of the serious Meltdown and Spectre flaws found in processors widely used by a wide range of computing devices and smartphones.

The story quickly developed from being a design flaw in Intel CPUs, that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory, to be also an issue for the ARM and AMD chips.

To Apple’s credit, they had already started to tackle the problems before the security issues were made public. MacOS 10.13.2, released last month, mitigated against the effects of Meltdown (which only affects only Intel processors), and iOS 11.2 tackled Spectre for iPad and iPhone users.

But the newly released macOS High Sierra 10.13.2 and iOS 11.2.2 updates take things an important step further – closing the door on the possibility of the Spectre vulnerability being exploited via a Javascript attack via the Safari browser.

 

ios-11-2-2

It really is important to keep browsers patched – as they are an obvious route through which an attacker could successfully execute code on your computer. That’s one of the reasons why I am also a strong advocate of users never venturing out onto the web without the added protection of an ad blocker.

It’s your computer, it’s your sensitive information, your passwords. Opening yourself up to some of the wildness that can lurk on websites and – in particular – poisoned ads, and allow them to run code willy-nilly is a very dangerous game to play.

Apple update, Even if Meltdown and Spectre have not been actively exploited as far as we know in malicious attacks, it still makes sense to protect against the problems as well as we can.

Apple update Meltdown & Spectre flaw resolved. So, iPhone and iPad users can rest a little more easily today (provided they’ve applied the update, of course!).

Which leaves me wondering about those hundreds of millions of Android users, many of whom have been neglected for years without seeing hide nor hair of a security update.

My guess is that the latest and most expensive Android devices from leading vendors will receive an update in due course, but many others will be left in the lurch.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Location tracking services vulnerabilities

Location tracking services vulnerabilities allow to access unauthorized GPS location data

Category : Blog

Location tracking services vulnerabilities allow accessing unauthorized GPS location data. Security scholars have published a testimony on a series of errors that they termed “Trackmageddon” that distress many GPS and location tracking services. These security defects could permit cybercriminals to divulge delicate information on millions of online location tracking devices controlled by vulnerable GPS services.

Location tracking services vulnerabilities

Cybercriminals can use the Trackmageddon defects to uncover statistics such as GPS coordinates, location history, device model and type, serial number, mobile number and maybe private data —depending on the tracking service and device configuration.

They can attain entrance to information by using the default credentials (like “123456”), and uncertain uninterrupted object reference vulnerabilities, which enable an authenticated attacker to access other users’ accounts simply by modifying the value of a parameter in the URL.

The researchers tried to contact the hawkers behind the affected tracking services to informing them of the severity of these security flaws. They have published a list of services who patched or may have patched the vulnerabilities, a list of services still exposing data, and a list of vulnerable devices.

What’s more? On some online services, an unauthorized third party can also access photos and audio recordings uploaded by location tracking devices.

According to the researchers, one of the largest global vendors for GPS tracking devices, ThinkRace, may have been the original developer of the flawed location tracking online service software and seller of licenses to the software.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Opera browser update

Opera browser update to combat cryptocurrency mining

Category : Blog

Opera browser update to combat cryptocurrency mining. The last year has seen a rise in the number of websites hogging visitor’s CPU and browser resources by surreptitiously mining for cryptocurrencies while you surf.

Opera browser update to combat cryptocurrency mining

Due to Opera browser update, Sites like Pirate Bay have found themselves in hot water after visitors discovered it had added CoinHive’s crypto-mining tool which, according to the company’s marketing materials, allows you to “monetize your business with your users’ CPU power.”
Well, crypto-mining may be a way for websites to generate income if they’ve found alternative methods (such as advertising, subscriptions, or sponsorship) don’t work for them but the impact on visiting computers is typically too much for many users to bear – and is particularly unforgivable if the CPU-intensive calculations are being done without consent.
Some sites have even used the dirty trick of continuing to crypto-mine even after the user has left their site, after opening a “pop-under” window hidden beneath the browser.
Opera recently announced that its upcoming Opera 50 release (currently in beta) contains an anti-cryptocurrency mining feature that will surely be well-received by the majority of users.
“Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for the cryptocurrency,” said Opera’s Kornelia Mielczarczyk.
As Opera explains, the new “NoCoin” cryptocurrency-mining protection is provided via the browser’s integrated ad blocker and can be enabled by simply selecting it under the recommended list of ad filters.comparisonOpera claims that having the feature enabled dramatically reduces the CPU usage when visiting sites containing crypto-mining code.

It’s worth bearing in mind that even if you don’t use the Opera browser it’s possible to block crypto-mining through third-party ad blockers that subscribe to the NoCoin filtering list.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Show Buttons
Hide Buttons