Main News

Trackology is the science of tracking people information over the internet.

The information tracked can be (gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion)

Once the information is tracked, they will be collected, analyzed, processed, aggregated and sold to a third party or used for other interests.

Most of the websites use the cookies to track data from the websites but we can also use other technologies such as account tracking, fingerprint, web beacons to achieve this goal.

Many companies do track the data over the internet for marketing reason or advertisement, but others such as media and government might tracked for other reasons like political reasons. Many Medias nowadays collect data over different social medias that will be analyzed later. One example that we can give is the actual situation between Ukraine and Russia. The medias by using their pages over different social medias, can post something related to the topic and people will comment, based on the comments from different platforms such as Facebook, Twitter, LinkedIn, we can determine what people think about the Russia invasion.

 

How to test people to determine their opinion.

Let’s use a technic calls profiling which consists of collection information such as gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion about a person or group of persons that will be used later to make a decision about the person or the group of persons.

As an example, we want to know what people think about LGBT in the world. We will create a group on Facebook and posts different messages and analyze it.

Let’s create a group on Facebook and call it “We love LGBT”. Post something on the page and wait for the comments and people reaction.

Once you analyzed the data collected, you can guess people opinion about such topic in general.

This technic is used by many entities such as medias, E-commerce, Sports to sell their products or to make a decision.

Risks related to data tracking

If the data are not tracked following the regulations, many issues may be arised.

With the example we gave above about “LGBT”, imagine that you apply for a job, and you should have an interview with the company. Before the interview the company tracked you from different social media and reveal your negative comment about “LGBT”, if the manager is a gay or Lesbian or one the people who received the feedback after the data collection, then it could impact negatively the interview. In order to avoid such issue, the regulations should protect people privacy over the internet.

 

As we see, the data tracked could lead to prejudice, as the simple comment made cost the person to lose the job.

 Advantages of data tracking

Like we said before, many businesses do track data for marketing or advertisement reasons, which help those businesses to improve the way to sell their products. 

Data tracking can also help to find terrorist. As today the world is facing with many terrorists attack so the data tracking could be very important for entities such as police departments, militaries, Threat investigation and so on.

Data tracking could be used also for background checking to determine if the person is suitable for the position. 

As you see, everything can have a good side and bad side. The best way to be on the good side will be to follow the regulations and best practices and monitor them as well.

Solution against data tracking without the consent of people

They are many solutions to avoid being tracked by the websites you visit.                 

• Enable cookies (check the cookies preference before accepting it)
• Enable DO NOT TRACK
• Do not give a permission to share your data to a third party (Social medias like Facebook, Google, Twitter do it, you need to edit the setting option to not allow it)
• Implement a data privacy regulation if not in place (this should be done by each country) and if the companies comply with it.
• You can use a tool like Trackography - Who tracks you online?   To verify where your data are going when you connect to some medias.
• Use VPN or a browser like TOR, TRAILS to stay anonymous online.
• Use proxy to hide your activities over the internet.
• Use incognito mode (it does not provide complete privacy)

They are many other solutions to stay protected online. But the best way to be protected is to not stay online which is not possible. Therefore, follow the best practices always is the key to stay safe online.

 

The role of the router is to send the packets from one network to another network over the internet.

In order to access   the router, the password is required. Most of the routers have a default password that can be used to access and configure it. The problem is that most of the clients do not change the default password. The default password for the router is available online and the password is unique, so it does not change. You need to know the name of the router and search on the browser to get the password. Which makes the password easy to guess. Another problem here is that most people do not change the default password and leave it as a blind password. Imagine that you gave the access to your local network to someone with bad intention, the person will have just to use the cmd command “ipconfig” to find the gateway IP address which is your router IP address and use the default password to connect and change the settings from the router. The person could have the whole control of your network and redirect the traffic to another place.

As we said, the default passwords are available over the internet, let’s show you how you can get the default password and connect to it.

Example:

1. First you need to know the router on which you want to access (check the router name on the router you have or want to access)
2. Click on the link and find the router name and click on find password

Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router

Router name listed

      3. Open cmd, type ipconfig

Check if you are connected by cable or cableless, in our case, we are connected via cableless

4. Now you have the IP address from the gateway or the route, open any browser from your choice, type the "http:/ /IP address" of the gateway, you get the dashboard with the username and password. Type the username name and password to get the access.

NB: Note that from the link Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router, you might not find the router name or the password. You can type the name from your search browser (google search, Microsoft bring or others) to find the relevant information.

In order to prevent someone without your consent to get access to your router and change the settings, you need to follow some best practices.

Best practices:

• Change the default password and username
• Use MAC access control
• In case you have a doubt that someone accessed to your network, contact your service provider immediately
• In case you do not remember your new password or username, you can reset the router (reset factory) to go back to the main configuration and change it again.
• Reduce the WIFI signal so it does not go out of your real.

All follow the best practices to protect your network.

A security researcher has detected a vulnerability in Glitch, a fork of Mastodon. An attackers could steal the credentials from Mastodon.

Mastodon is free and open-source software for running self-hosted social networking services (check Wikipedia for more details).

The security researcher was able to steal the credentials on Infosec Mastodon with a HTML injection vulnerability, without the need to bypass CSP.

Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research

The vulnerability was reported to Mastodon. The flaw is specific to the Glitch fork used by InfoSec. Exchange. Mastodon has released the version 4.0.1, 3.5.5, and 3.4.10 to mitigate the issue. The 2FA authentication could prevent someone with the password to not access to your environment.

 

 Three Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC.

The vulnerabilities are the following:

• CVE-2022-27510 Unauthorized access to Gateway user capabilities
• CVE-2022-27513 Remote desktop takeover via phishing
• CVE-2022-27516 User login brute force protection functionality bypass

Be aware that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue.

The affected versions are the following:

• Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
• Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
• Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
• Citrix ADC 12.1-FIPS before 12.1-55.289
• Citrix ADC 12.1-NDcPP before 12.1-55.289

The released applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services do not need to take any action.

Recommendation:

Install the relevant updated versions of Citrix ADC or Citrix Gateway.

NB: Only Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions.

OpenSSL has released two high severity vulnerabilities within the open source OpenSSL library.

The both vulnerabilities CVE-2022-3602 and CVE-2022-3786 require a malicious X.509 certificate that has been signed by a valid certificate authority.

The first vulnerability CVE-2022-3602 - could cause a denial of service by allowing the bytes containing the character “.” (decimal 46) to be entered on the stack.

The second one CVE-2022-3786 - could cause a denial of service by allowing the attacker to craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the “.” character (decimal 46) on the stack.

Affected version: OpenSSL versions 3.0.0 to 3.0.6.

Mitigation: OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7.

Le monde braque sur le process du 28 Septembre 2009 en Guinee, les hackers le sont aussi.

Notre equipe a pu detecter des utilisateurs malvaillants sur des chaines Youtube   des televisions Guineenes  telles que  Djoma TV, Espace FM, FIM FM qui sont devenues des vecteurs dattaques pour les hackers.

Des liens ou domains malvaillants sont distribues sur ces chaines pour attirer lattention des utilisateurs en vue d’y cliquer .

Exemple 1

Sur la chaine Youtube de Djoma Media, des liens malvaillants partages aux utlisateurs pour voler leur mot de passe.

Sur la photo au dessus, le domain GIRLS18[.]XZY (NE PAS CLIQUER SUR LE LIEN) apres examination par notre equipe de  Cyber Threat Intelligence.

Les resultast suivants ont ete obtenus:

Le domain  a ete cree il ya 8 jours heberge sur GO DADDY.

Apres soumission du domain, VirusTotal na pas detecte le domain comme malvaillant.

Le meme domain sur URLSCAN.IO nous redirige vers un notre domain que nous pouvons apercevoir sur l’image .

Apres une analyse faite sur ce domain, nous avions obtenu plus d’information sur les techniques utilisees par les attaqueurs .

Nous pouvons voir maintenant que ce domain a ete classifie par des anti-virus comme Fortinet, Sophos et dautres  comme Phishing .

URLSCAN montre le meme resultat.

Le domain a ete classifie comme malvaillant.

 

Exemple 2 

Le second exemple  vient de la chaine Youtube de la chaine TV Espace FM.

Comme vous le voyez,  le lien  mavaillant girls69[.]xyz  (ne pas cliquer sur le lien) a ete partage (Jespere que les utilisateurs nont pas clique 😊).

 

Les meme techniques et meme indicators ont ete trouves.

Le domain a ete cree il ya 6 jours.

Virustotal  resultat  RAS

Notre grand ami URLSCAN nous revele que le domain est redirige vers le meme domain que le cas precedant.

Le Meme domain produit le meme resultat.

Nous voyons que les meme bandits causent les meme effets 😊.

A ce effet nous pouvons conclure que les auteurs ont pour objectif de voler les information personels des utilisateurs et sy possible aussi installer un fichier malvaillant pour dautres objectifs.

Soyez virgillants mes chers auditeurs.

 

Recommendations:

Ne jamais cliquer sur un lien que vous ne connaissez pas.

Verifiez le lien sur Virustotal comme on vous a montre dans nos exemples.

Utilisez 2FA sur vos comptes Youtube, Facebook, Instagram et autres.

Ne jamais utilizer les meme mots de passes sur different comptes.

Ne jamais partager vos information personnelles le mot de passe, email addresse, date de naissance publiquement.

 

Nowadays, the threat actors are using different technics to steal users PII (personal identifiable information).

One of the easiest ways of doing that is to create a fake web page that looks like a well-known webpage such as Facebook, Twitter, YouTube, Instagram, LinkedIn, Netflix and others services (Banks, gaming platforms etc.)

Let’s give some example:

URLscan URL and website scanner - urlscan.io

Is a well-known URL and website scanner used by most of security professional

The examples below, will teach us about how to find the website mimicking our brands.

1 – Netflix brand mimicking by threat actors to steal users credentials

The first to do is to connect to type the domain “netflix.com”  - www.netflix.com - urlscan.io

Next, go to “HTPPtransaction”, click on the “image” button

Now, you need to expand the image view and  click on “Show image”

Once clicked, you will see the image

As we can see the image now, if you want to find other webpages with the same image, follow the next steps.

Click right on the “Hash” Of the image and “choose open on the new tab “

You will get the following page

Scroll down the page, you will find some domains different from the one we submitted which is the legitimate one

Open in the new tab the domain that are different from the legitimate one (Netflix.com)

Now as you can see, we found some domains malicious domains mimicking Netflix.com.

You can use the same technic for your brand or organization.

Recommendation

Check the URL or the domain before connecting to a domain

Use 2FA for your login

Use different password for different account

Use a platform like Virus Total to check the domain if you are not sure before connection