Category: Security

What is browser fingerprint?

You may think you are on the internet anonymously. Yet every click you make from your gadgets gives impact on your person.

Whenever you go online, your device provides specific data to the pages you visit. For example, it can be used to have information about your operating system and settings. Even your hardware can draw conclusions.

If someone uses this data to identify your identity, they are talking about browser fingerprinting. Websites do this for example to recognize your browser, plugins, language, screen resolution, time zone and other settings.
So that they can identify unique visitors and follow their online activities.

Fingerprinting

The name doesn’t come from anywhere: If a digital fingerprint has been created first, your identity can be precisely identified. According to Mozilla, “the procedure is able to correctly identify users in 99% of the cases.” ”
Even if you block cookies, surf with VPN, or adhere to other security measures that are so often recommended online, your digital fingerprint can betray you.

Finding browser fingerprint

On websites such as AmIUnique, you can find out how unique your digital fingerprint is. Test your browser and find out if you’re easily identified – and need to act. we also has a tool on offer – with our browser Privacy Check, see what traces you’ve left while surfing.

Protect my browser fingerprint

Where personal data is collected, there is always a risk of abuse. Unlike other factors of identification like your IP address, your digital fingerprint is invisible and therefore harder to protect. So a lot of users don’t even know that they are passing their data on.

Maybe companies are selling this data to third parties to make profit from it. Malware attacks can also become more effective with personalized data.
How can I effectively protect myself from browser fingerprint?

The bad news first: It’s almost impossible to fully protect yourself from fingerprinting. Still, you can weaken your fingerprint with a number of methods.

Use your browser in incognito mode

The easiest way to reduce your fingerprint is by surfing in incognito mode. Almost every browser offers this feature.

If you visit websites in private mode, they will not be saved in the browser history. Your browser profile is set to a certain standard that is the same for all users in incognito mode. That’s why this user’s digital fingerprints look similar – and their uniqueness is diminishing.

However, this method is not particularly effective because in browser fingerprinting there are still many other data that the Incognito mode has no effect on.

Surf with the goal browser

If you are serious, you should not just change the mode, but the whole browser right away. The gate browser is so pre-confirmed that the digital fingerprint of all users is identical. In addition, the browser blocks JavaScript very effectively.

Depending on which features in the gate browser are individually activated, however, you can draw conclusions on your digital identity. In addition, the goal browser is less service-friendly for Layen right now.

Disable JavaScript

Through JavaScript, web pages can gather plugins and other information that will sharpen the profile of your digital fingerprint. You can either manually disable JavaScript via your browser, or use tools like NoScript or AdBlock Plus.

Because many websites are dependent on JavaScript, however, the deactivation could greatly affect your surf taste.

Hide your ip address with a VPN

With a VPN (Virtual Private Network) you can access a closed, secure network through a secured tunnel, thus concealing your IP. We explain here how exactly this works, and which providers there are.
As an intermediary of your data, VPN makes sure web servers don’t come in contact with your IP address.

However, the IP address is just a factor in your identity, and browser settings on the other hand are not blurred by a VPN. That is why a VPN alone is not an effective protection, and only in connection with other methods – for example, deactivating JavaScript – is an advantage.

Data protection software and extensions

Data protection is also a constant topic for software developers, and numerous providers and expands promise effective help. Privacy Badger, for example, blocks certain domains that use fingerprinting technologies. Disconnect works in a similar way. Together with a strong adblocker, these extensions help protect your network identity from harmful domains.
Browser fingerprinting: There is no perfect protection

As you can see, there is no absolute waterproof protection against browser fingerprinting. Each of the proposed measures has pros and cons.
For better protection, you can combine the different options, but for normal internet users, the effort could be too big.

Nevertheless, you should try to keep your digital fingerprint as small as possible. Software that everyone should use anyway – adblocker or anti-malware – can have a lot of impact.

Take the actions that seem most reasonable to you – and see how much your browser fingerprint has shrunk in a before-after comparison on Cover Your Tracks or Am I Unique.

Detection and Response for LockFile and ProxyShell Activity

Earlier this week, the Cybersecurity and cloud Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207CVE-2021-34473CVE-2021-34523).  By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks.

Adversaries exploit the above-mentioned vulnerabilities and attempt to install webshells – web content, served on-demand, that functions similarly to backdoors. Using these web shells, adversaries inherit the privilege level of the Exchange IIS web server to perform reconnaissance, harvest credentials and pursue post-exploitation behavior such as installing ransomware.

Vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying ransomware to victim environments. Here are some of those findings and key takeaways to help you in your Detection and Response efforts:

Kevin Beaumont

Researcher Kevin Beaumont first spotted that ProxyShell was being exploited from 209.14.0[.]234 on August 13. In this post, Kevin shares that these vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March — they are more exploitable, and organizations largely haven’t patched. This post also shows how you can identify systems and defend your organization.

The ProxyShell and LockFile link was also mentioned in this Twitter thread.

Image

 

Symantec
The Broadcom/Symantec threat hunter team indicates that the attackers gain access to victims’ networks via Microsoft Exchange Servers, and then use the incompletely patched PetitPotam vulnerability to gain access to the domain controller, and then spread across the network. It is not clear how the attackers gain initial access to the Microsoft Exchange Servers.

The attackers behind this ransomware use a ransom note with a similar design to that used by the LockBit ransomware gang (Figure 1) and reference the Conti gang in the email address they use – contact@contipauper[.]com.

Figure 1_0cy

 

Elastic Security
The Elastic Security team identified indicators of compromise (IoCs) indicating similar activity as reported by the industry. The details of this activity can be found in their Discuss forum.

Elastic observed unusual descendant processes (cmd.exe and poweshell.exe) of the Exchange IIS webserver process (w3wp.exe) that involved notable remote network indicators to high-numbered ports:

py

Process ancestry of Exchange server exploitation

If you use Elastic SIEM, you can use the below detection logic to aid in the detection of adversary activity within your hosting environment. Additionally, the provided defensive recommendations may be used to harden and defend vulnerable systems from the successful exploitation of this campaign.

Use the following detection in Elastic to identify this cluster of activity (ProxyShell):

Thank you for your time!

What is security incident and event management (SIEM)?

A SIEM system is a tool that an organization uses to collect, analyze, and perform security operations on its computer systems. Those systems can be hardware appliances, applications, or both.

In its simplest form, a SIEM system enables you to:

  • Collect and query logs.
  • Do some form of correlation or anomaly detection.
  • Create alerts and incidents based on your findings.

A SIEM system might offer functionality such as:

  • Log management: The ability to collect, store, and query the log data from resources within your environment.
  • Alerting: A proactive look inside the log data for potential security incidents and anomalies.
  • Visualization: Graphs and dashboards that provide visual insights into your log data.
  • Incident management: The ability to create, update, assign, and investigate incidents that have been identified.
  • Querying data: A rich query language, similar to that for log management, that you can use to query and understand your data.