The desire to remain anonymous online is as old as the internet itself. In the past, users believed hiding behind a nickname meant they could badmouth their neighbors on local forums with impunity. Now, such trolls can be identified in seconds. Since those early days, technology has taken a quantum leap: distributed networks, anonymous browsers, and other privacy tools have emerged. One of these tools, which was heavily promoted a decade ago by former NSA contractor Edward Snowden, is the Tor Browser, where “TOR” is an acronym for “The Onion Router”.

But in today’s world, can Tor truly provide complete anonymity? And if it doesn’t, should we just forget all about anonymity and rely on a regular browser like Google Chrome?

How Tor users are deanonymized

If Tor is new to you, check out our vintage article from way back when. There, we answered some common questions: how the browser ensures anonymity, who needs it, and what people usually do on the dark web. In brief, Tor anonymizes user traffic through a distributed network of servers, called nodes. All network traffic is repeatedly encrypted as it passes through a number of nodes between two communicating computers. No single node knows both the origin and destination addresses of a data packet, nor can it access the packet’s content. OK, short digression over — now let’s turn to the real security threats facing anonymity enthusiasts.

In September, German intelligence services identified a Tor user. How did they do it? The key to their success was data obtained through what’s called “timing analysis”.

How does this analysis work? Law enforcement agencies monitor Tor exit nodes (the final nodes in the chains that send traffic to its destination). The more Tor nodes the authorities monitor, the greater the chance a user hiding their connection will use one of those monitored nodes. Then, by timing individual data packets and correlating this information with ISP data, law enforcement can trace anonymous connections back to the end Tor user — even though all Tor traffic is encrypted multiple times.

The operation described above, which led to the arrest of the administrator of a child sexual abuse platform, was possible partly because Germany hosts the highest number of Tor exit nodes — around 700. The Netherlands ranks second with about 400, and the US comes in third with around 350. Other countries have anywhere from a few to a few dozen. International cooperation among these top exit-node countries played a significant role in deanonymizing the child sexual abuse offender. Logically, the more nodes a country has, the more of them can be state-monitored, increasing the likelihood of catching criminals.

The Tor Project responded with a blog post discussing the safety of their browser. It concludes that it’s still safe: the de-anonymized individual was a criminal (why else would authorities be interested?), using an outdated version of Tor and the Ricochet messaging app. However, Tor noted it wasn’t given access to the case files, so their interpretation regarding the security of their own browser might not be definitive.

This kind of story isn’t new; the problem of timing attacks has long been known to the Tor Project, intelligence agencies, and researchers. So although the attack method is well-known, it remains possible, and most likely, more criminals will be identified through timing analysis in the future. However, this method isn’t the only one: in 2015, our experts conducted extensive research detailing other ways to attack Tor users. Even if some of these methods have become outdated in the forms presented in that study, the principles of these attacks remain unchanged.

“Generally it is impossible to have perfect anonymity, even with Tor”.

This phrase opens the “Am I totally anonymous if I use Tor?” section of the Tor Browser support page. Here, the developers provide tips, but these tips can at best only increase the chances of remaining anonymous:

• Control what information you provide through web forms. Users are advised against logging in to personal accounts on social networks, as well as posting their real names, email addresses, phone numbers, and other similar information on forums.
• Don’t torrent over Tor. Torrent programs often bypass proxy settings and prefer direct connections, which can de-anonymize all traffic — including Tor.
• Don’t enable or install browser plugins. This advice also applies to regular browsers, as there are many dangerous extensions out there.
• Use HTTPS versions of websites. This recommendation, incidentally, applies to all internet users.
• Don’t open documents downloaded through Tor while online. Such documents, the Tor Project warns, may contain malicious exploits.

With all these recommendations, the Tor Project is essentially issuing a disclaimer: “Our browser is anonymous, but if you misuse it, you may still be exposed”. And this actually makes sense — your level of anonymity online depends primarily on your actions as a user — not solely on the technical capabilities of the browser or any other tool.

There is another interesting section on the Tor support page: “What attacks remain against onion routing?” It specifically mentions possible attacks using timing analysis with the note that “Tor does not defend against such a threat model”. However, in a post about the German user’s de-anonymization, the developers claim that an add-on called Vanguard, designed to protect against timing attacks, has been included in Tor Browser since 2018, and in Ricochet-Refresh since June 2022. This discrepancy suggests one of two things: either the Tor Project hasn’t updated its documentation, or it’s being somewhat disingenuous. Both are problematic because they can mislead users.

So what about anonymity?

It’s important to remember that Tor Browser can’t guarantee 100% anonymity. At the same time, switching to other tools built on a similar distributed node network structure is pointless, as they are equally vulnerable to timing attacks.

If you’re a law-abiding individual using anonymous browsing simply to avoid intrusive contextual ads, secretly shop for gifts for loved ones, and for other similarly harmless purposes, the private browsing mode in any regular browser will probably suffice. This mode, of course, doesn’t offer the same level of anonymity as Tor and its counterparts, but it can make surfing the net a bit more… well, private. Just make sure you fully understand how this mode works in different browsers, and what it can and can’t protect you from.

In addition, all of our home security solutions include Private Browsing. By default, this feature detects attempts to collect data and logs them in a report but doesn’t block them. To block data collection, you need to either enable Block data collection in the Kaspersky app or activate the Kaspersky Protection plugin directly in the browser.

Besides this, our protection can also block ads, prevent the hidden installation of unwanted apps, detect and remove stalkerware and adware, and remove traces of your activity in the operating system. Meanwhile, the special component Safe Money provides maximum protection for all financial operations by conducting them in a protected browser in an isolated environment and preventing other apps from gaining unauthorized access to the clipboard or taking screenshots.

Double VPN

You can also stay anonymous on the internet using Kaspersky VPN Secure Connection that support Double VPN (also known as multi-hop). As the name suggests, this technology allows you to create a chain of two VPN servers in different parts of the world: your traffic first passes through an intermediary server, and then through another. Double VPN in Kaspersky VPN Secure Connection uses nested encryption — the encrypted tunnel between the client and the destination server runs inside a second encrypted tunnel between the client and the intermediary server. Encryption in both cases is only performed on the client side, and data is not decrypted on the intermediary server. This provides an additional layer of security and anonymity.

Double VPN is available to users of Windows and Mac versions of Kaspersky VPN Secure Connection. Before enabling Double VPN, make sure that the Catapult Hydra protocol is selected in the application settings: Main → Settings (gear icon) → Protocol → Select automatically, or Catapult Hydra.

After that, you can enable Double VPN:

1. Open the main application window.
2. Click the Location drop-down to open the list of locations of VPN servers.
3. Click the Double VPN
4. Select two locations and click Connect.

You can add your Double VPN server pair to Favorites by clicking the Add to Favorites button.

Congratulations! Now your traffic is encrypted more securely than usual — but remember that these traffic encryption methods are not intended for illegal activities. Double VPN will help you conceal personal information from data-gathering sites, avoid undesirable ads, and access resources unavailable in your current location.

Kaspersky official blog – ​Read More

The requirements set by online services for user verification — whether it’s password length, a mandatory phone number, or biometric checks with blinking — are often governed by industry standards. One of the most important documents in this field are the NIST SP 800-63 Digital Identity Guidelines, developed by the US National Institute of Standards and Technology (NIST). This standard is mandatory for all US government agencies and their contractors; in practice, this means that all the world’s largest IT companies adhere to this standard, with consequences reaching far beyond the borders of the United States.

Even organizations that aren’t strictly required to comply with NIST SP 800-63 would still benefit from familiarizing themselves with these updated guidelines, as they often serve as a blueprint for regulators in other countries and industries. The recent update, developed through four rounds of public revisions with industry experts, reflects the latest understanding of digital identification and authentication. It covers security and privacy requirements, and considers a possible distributed (federated) approach. The standard is practical, and factors in human considerations — how users respond to various authentication requirements.

This new edition formalizes concepts, and outlines requirements for:

• passkeys (referred to in the standard as “syncable authenticators”);
• phishing-resistant authentication;
• user storage of passwords and accesses (“attribute bundles”);
• regular re-authentication;
• session tokens.

So — how to authenticate users in 2024?

Password authentication

The standard defines three Authentication Assurance Levels (AALs). AAL1 allows the least restrictions and minimal confidence that the user is indeed who they claim to be, while AAL3 offers the strongest guarantees and requires more stringent authentication. Only AAL1 permits single-factor authentication — such as just a single password.

The requirements for passwords are as follows:

• Only centrally verified secrets sent by the user to the server over a secure channel qualify as passwords. Passwords that are stored and verified locally are termed “activation secrets” and have different requirements.
• Passwords shorter than eight characters are prohibited, with a minimum of 15 characters recommended.
• Scheduled, mandatory password rotation is considered an outdated practice and therefore prohibited.
• It’s also prohibited to impose requirements on password composition (such as “your password must contain a letter, a number, and a symbol”).
• It’s recommended to allow using any visible ASCII characters, spaces, and most Unicode symbols (such as emojis).
• Maximum password length, if enforced, must be at least 64 characters.
• Truncating passwords during verification is prohibited, but trimming leading/trailing whitespace is allowed if it interferes with authentication.
• Using and storing password hints or security questions (such as “your mother’s maiden name”) is prohibited.
• Commonly used passwords must be eliminated through the use of a stop-list of popular or leaked passwords.
• Compromised passwords (for example, appearing in data breaches) must be reset immediately.
• Login attempts must be limited in both rate and number of unsuccessful attempts.

Activation secrets

These are PINs and local passwords that restrict access to the on-device key storage. They can be numeric, with a recommended minimum length of six digits— though four digits are permissible. For AAL3, the primary cryptographic secret (for example, a passkey) must be stored in a tamper-resistant chip, and decrypted using the activation secret. For AAL1 and AAL2, it’s enough that the key restricts access from outsiders, with a limit on input attempts — no more than 10 tries. After exceeding the limit, the storage is locked, requiring an alternative authentication method.

Multi-factor authentication (MFA)

It’s recommended to implement MFA at all AAL levels, but while this is only a suggestion for AAL1, it’s mandatory for AAL2, and only phishing-resistant MFA methods are acceptable for AAL3.

Only cryptographic authentication methods are considered phishing-resistant: USB tokens, passkeys, and cryptographic keys stored in digital wallets conforming to SP 800-63C (distributed identification and authentication services). All cryptographic secrets must be stored in tamper-resistant systems (such as TPM or Secure Enclave). Synchronizing keys across devices and storing them in the cloud is permitted, provided each device meets the standard’s requirements. These provisions enable the use of passkeys across Android and iOS ecosystems.

To ensure resistance to phishing, authentication must be tied to the communication channel (channel binding) or verifier service name (verifier name binding). Examples of these approaches include client-authenticated TLS connections and the WebAuthn protocol from the FIDO2 specification. In simple terms, the client uses cryptography to confirm they’re connecting with the legitimate server rather than a fake one set up for AitM attacks.

Time-based one-time passwords (TOTP) from authenticator apps, SMS codes, and one-time codes from scratch cards or envelopes are not phishing-resistant but are permitted for AAL1 and AAL2 services. The standard specifies which methods for handling one-time codes don’t qualify as MFA and must be avoided. One-time codes should not be sent through email or VoIP — they must be delivered over a communication channel that’s separate from the primary authentication process. OTPs sent through SMS and traditional telephone lines are acceptable — even if both connections (for example, internet and SMS) are on the same device.

Use of biometrics

The standard restricts the use of biometrics — they may serve as an authentication factor, but are prohibited for identification. Biometric checks must be used only as a supplemental factor combined with proof of possession (for example, a smartphone or token — something you physically possess).

Biometric equipment and algorithms must ensure a false match rate (FMR) no greater than 1 in 10,000, and a false non-match rate (FNMR) no greater than 5%. These accuracy rates must be consistent across all demographics. The verification algorithm must also be resistant to presentation attacks in which the sensor is shown a photo or video instead of a live person.

After generating and verifying a cryptographic “fingerprint” from biometric data, the standard mandates immediate deletion (zeroing out) of collected biometric data.

Like other authentication methods, biometric checks must include limits on input rate and the number of unsuccessful attempts.

Kaspersky official blog – ​Read More

Key Takeaways

• Cyble Research and Intelligence Labs (CRIL) has identified a new variant of the GodFather malware, now targeting 500 banking and cryptocurrency apps.
• Initially focused on regions like the UK, US, Turkey, Spain, and Italy, GodFather has expanded its reach to include Japan, Singapore, Greece, and Azerbaijan.
• The GodFather malware has transitioned the Java code implementation to the Native code for its malicious activities.
• In its latest version, the GodFather malware uses limited permissions, relying heavily on Accessibility services to capture credentials from targeted applications.
• This updated variant also includes new commands that enable the malware to automate gestures on infected devices, mimicking user actions.
• The Threat Actor(TA) behind GodFather malware uses a phishing site to deliver the suspicious app and tracks visitor counts to plan further activity.

Overview

Cyble Research and Intelligence Labs (CRIL) recently identified a phishing site, “mygov-au[.]app,” masquerading as the official MyGov website of the Australian Government. Upon further analysis, this site was found to be distributing a suspicious APK file linked to the GodFather Malware, known for its ability to steal banking application credentials.

The downloaded application, “MyGov.apk”, communicates with the URL “hxxps://az-inatv[.]com/.” This app is programmed to track the number of devices it is installed on, retrieve the device’s IP address, and store this information on the server in a text file. Figures 3 and 4 show the code of index.php and count.php responsible for getting the count and IP address.

Figure 2 – Malware loading URL, which maintains the counter

Figure 3 – Getting counts and IP addresses

Figure 4 – Getting the IP address of an infected device

The URL “hxxps://az-inatv[.]com/” hosted an open directory containing a file named counters.zip, which included the total count of infected devices and a list of IP addresses. Additionally, the directory featured a page labeled “down” that hosted another APK file called “lnat Tv Pro 2024.apk.” Upon analyzing this APK, it was identified as the GodFather Malware.

Figure 5 – Open directory hosting counters.zip and GodFather malware

Upon examining the counters.zip file, we found 151 counts in hit.txt and 59 unique IP addresses, reflecting the targeted device count. While the MyGov application collected this data, we suspect the TA may leverage this visitor information to identify potential victim counts and later use the same website to distribute the GodFather malware.

Figure 6 – Counters.zip content

Notably, we observed that the latest variant of the GodFather malware has moved from Java code to native code implementation. It is now targeting 500 banking and cryptocurrency applications and expanding its reach to Japan, Singapore, Azerbaijan, and Greece. Further details on this new variant of GodFather are provided in the following section.

Technical Details

In the latest version, the GodFather malware operates with minimal permissions, relying heavily on the Accessibility service to carry out its malicious activities.

Figure 7 – Manifest with limited permissions

Native Code Implementation

Starting our analysis with the classes specified in the manifest file, we observed that the malware calls numerous native methods, which were previously implemented in Java code.

Figure 8 – Calls to native methods

These native functions implement various malicious capabilities, including loading an injection URL into the WebView, executing automated gestures, establishing connections with the Command and Control (C&C) server, and keylogging.

Figure 9 – Native code implementation

C&C Server

Similar to the previous variant, the latest samples also connect to the Telegram URL “hxxps://t.me/gafaramotamer,” where the TA has embedded a Base64-encoded C&C URL. The malware retrieves and decodes this URL to “hxxps://akozamora[.]top/z.php.”

Figure 10 – Malware fetches C&C server URL from Telegram Profile

Targeting 500 Crypto and Banking Applications

After decoding the URL, the malware begins communication by sending data such as the list of installed application package names, the device’s default language, model name, and SIM name. In return, it receives a list of 500 targeted application package names associated with banking and cryptocurrency apps. In addition to previous targets in the UK, US, Turkey, Spain, and Italy, GodFather has expanded its reach, now including Japan, Singapore, Greece, and Azerbaijan.

Figure 11 – Receives the list of target application package names

When the user tries to interact with the target application, the malware closes the genuine application. Instead, it loads a fake banking or crypto login URL into the WebView or displays a blank screen. It constructs the injection URL using the C&C server “hxxps://akozamora[.]top/” and appends the endpoint “rx/f.php?f=” along with the device name, package name, and default language, then loads the assembled URL in the WebView.

Figure 12 – Loading fake login pages

The GodFather malware has successfully replaced the traditional overlay attack with this technique. Rather than launching the legitimate application, the malware activates itself and loads a phishing page to steal banking credentials.

Commands Added In New Version

The previous version included commands for USSD and SMS operations, which have been removed in the latest version. Additionally, this malware version lacks permission to collect or send SMS messages from the infected device. Instead, the newly added commands focus primarily on automating actions on the infected device. Below is a list of commands observed in the latest version of the GodFather malware.

Command	Description
clickposition	Malware clicks on the position X and Y received from the server
backed	Take the user to the previous screen
home	Take the user to the home screen
recents	Take the user to the recent screen
scrollforward	Malware scrolls the page forward using the given parameter
scrollback	It scrolls the page backward till using the provided parameter
opencontrol	Perform gestures on the target app
setpattern	Receives some value from the server and saves it to a shared preference variable “pc”
screenlight	Manages the brightness of the screen
sl2	Setting up a wake lock to keep the device awake
sl3	Similar to sl2
autopattern	The value received using “setpattern” command is used to insert on the device screen using the accessibility service.
csn	Set the timer to initiate the WebSocket connection
swpfull	Perform swipe operation
upswp	Perform swipe up
downswp	Perform swipe down
leftswp	Perform left swipe
rightswp	Perform right swipe
vncreset	Not Implemented
opnap	Open the application whose package name is received from the server
gif	Loads Gif from link “hxxps://s6.gifyu.com/images/S8uz3.gif”
opnsttings	Opens setting app
opnsound	Opens sound setting
opnmsc	Opens notification setting
opnpckg	Not Implemented
notifyopen	Opens notification using Accessibility service

Conclusion

The latest version of the GodFather malware shows how dangerous and adaptable mobile threats have become. By moving to native code and using fewer permissions, the attackers have made GodFather harder to analyze and better at stealing sensitive information from banking and cryptocurrency apps. With its new automated actions and broader targeting of apps in more countries, this malware poses a growing risk to users worldwide. Staying alert and using strong security practices on mobile devices is essential to avoid falling victim to threats like GodFather.

Our Recommendations

We have listed some essential cybersecurity best practices that create the first line of control against attackers. We recommend that our readers follow the best practices given below:

• Download and install software only from official app stores like Google Play Store or the iOS App Store.
• Use a reputed anti-virus and internet security software package on your connected devices, such as PCs, laptops, and mobile devices.
• Use strong passwords and enforce multi-factor authentication wherever possible.
• Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device where possible.
• Be wary of opening any links received via SMS or emails delivered to your phone.
• Ensure that Google Play Protect is enabled on Android devices.
• Be careful while enabling any permissions.
• Keep your devices, operating systems, and applications updated.

MITRE ATT&CK® Techniques

Tactic	Technique ID	Procedure
Initial Access (TA0027)	Phishing (T1660)	Malware distributing via phishing site
Execution (TA0041)	Native API (T1575)	Malware using native code to drop final payload
Persistence (TA0028)	Scheduled Task/Job (T1603)	Uses timer to initiate WebSocket connection
Defense Evasion (TA0030)	Masquerading: Match Legitimate Name or Location (T1655.001)	Malware pretending to be a genuine Music application
Defense Evasion (TA0030)	Application Discovery (T1418)	Collects installed application package name list to identify target
Defense Evasion (TA0030)	Input Injection (T1516)	Malware can mimic user interaction, perform clicks and various gestures, and input data
Collection (TA0035)	Input Capture: Keylogging (T1417.001)	Malware can capture keystrokes
Discovery (TA0032)	System Information Discovery (T1426)	The malware collects basic device information.
Command and Control (TA0037)	Web Service: Dead Drop Resolver (T1481.001)	Malware communicates with Telegram to fetch C&C server
Exfiltration (TA0036)	Exfiltration Over C2 Channel (T1646)	Sending exfiltrated data over C&C server

Indicators of Compromise (IOCs)

Indicators	Indicator Type	Description
d8165712329fa120b5cc696514b5dd0d7043fbf7d6b6ef5f767348e0ba31aa6e e789b03b60ad99727ea65b52ce931482fb70814e 87ccf62e07cf69c25a204bffdbc89630	SHA256 SHA1 MD5	Analyzed GodFather malware
hxxps://akozamora[.]top/	URL	C&C server
hxxps://t.me/gafaramotamer	URL	Malware fetching C&C from Telegram URL
hxxps://az-inatv[.]com	URL	URL hosting new GodFather variant
mygov-au[.]app	Domain	Phishing domain distributing counter app
8ae2fcc8bef4d9a0ae3d1ac5356dbd85a4f332ad497375cd217bd1e945e64692 d57ef894b53f804c97d40c3e365faf729ce2ea7386b280f9909ebc8432008eee d508078368d8775fcfff5a7886392da57fcf757c89687f22c0504c3df9075b00 b3d3019ed0a4602fb7e502e54ac12a59da1a0ed7b6736feb98ce7c417091b2e6 3aa7e2353c2de16734f612eba7b43a2538d96f73702a6c25283d6ef0c9300a4c 1ce2a392dd2c1df22dfeb080c7ad290d63e3afe983729927b2f15c6705861070 d8165712329fa120b5cc696514b5dd0d7043fbf7d6b6ef5f767348e0ba31aa6e d8165712329fa120b5cc696514b5dd0d7043fbf7d6b6ef5f767348e0ba31aa6e 0c9e2ae9c699374f06a6d38cf2ea41232fc8a712e110be8069b08659fdf50514 19ed4f67710d455da42017de28688f5e55ed36809cc70252d825ac81713e95d1 7b4543cc4df1fc57af2cd9a892b2fab3647bdceb027d576217724a8c012a2065 2b1b527b87929a13f0c33391c641b3013da099fd7de10695d762da097bc13ffc 2b1b527b87929a13f0c33391c641b3013da099fd7de10695d762da097bc13ffc 72d40ff8ad114724b8d4e0350f81f797866c0f271844aeddc3b92f33faa6fbc0	SHA256	New GodFather variant hashes

The post GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide appeared first on Cyble.

Blog – Cyble – ​Read More

Overview

As the United States nears another election cycle, the nation faces an increased risk of influence operations targeting the democratic process. In a joint statement, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted growing concerns about foreign interference—particularly from Russia and Iran—in efforts to undermine public trust in the integrity of the U.S. election system.

According to the intelligence community (IC), foreign adversaries, especially Russia, are intensifying their influence campaigns to sow distrust and division among American voters. These activities are expected to escalate as election day draws closer, with Russia’s influence actors primarily focusing on critical swing states, where their efforts could have the most significant impact.

The IC’s assessment reveals that Russian influence actors are engaging in the creation and dissemination of fake media content designed to manipulate public opinion. “Since our statement on Friday, we have observed additional influence operations that seek to stoke divisions and question the legitimacy of the election process,” stated the joint statement. The fabricated videos and articles are part of a broader strategy aimed at generating fear and confusion, particularly around voting procedures.

One recent example includes a video circulating online that falsely portrays an interview with an individual alleging election fraud in Arizona, involving bogus overseas ballots and tampering with voter rolls to favor Vice President Kamala Harris. The Arizona Secretary of State has already debunked this claim as entirely false.

In addition to spreading misinformation, CISA says that the Russian operatives are amplifying the false narrative that U.S. officials across several swing states are orchestrating widespread election fraud, such as ballot stuffing and cyberattacks. These fabricated stories have the potential to incite violence, particularly against election officials. As these false claims continue to spread, Russian influence actors are expected to release more of such content throughout election day and in the aftermath of the vote, exacerbating tensions across the nation.

Iran’s Role in Election Cybersecurity Threats

Iran, while less active than Russia, continues to pose a significant cybersecurity threat to the upcoming elections. As highlighted in previous reports, Iran has been involved in cyber activities targeting U.S. political figures, including former President Donald Trump’s campaign.

The U.S. intelligence community also notes that Iran’s influence operations are likely to include the creation of fake media content designed to suppress voter turnout or incite political violence. Additionally, Iran has maintained a desire for retribution against specific U.S. officials tied to the death of Iranian General Qassem Soleimani in 2020, and this could influence its approach to future election-related activities.

Iranian operatives, like their Russian counterparts, have long sought to manipulate public perception through false narratives, amplifying divisiveness and spreading misinformation. While the Iranian government’s influence operations may not be as widespread or sophisticated as Russia’s, they remain a persistent threat to election integrity.

FBI and CISA’s Call to Action for Election Security

Considering these growing threats, both the FBI and CISA are urging election stakeholders to remain vigilant and proactive in securing election infrastructure and preventing the spread of disinformation. “Voters should seek out information from trusted, official sources, particularly from state and local election officials,” the agencies recommended.

 CISA further emphasized the importance of reporting any suspicious or criminal activity related to election security. Election infrastructure stakeholders, as well as the public, can report cyber incidents or suspicious activity to CISA via its dedicated reporting channels, such as calling 1-844-Say-CISA or emailing report@cisa.dhs.gov.

The FBI and CISA also continue to encourage campaigns, election officials, and other stakeholders to remain in close contact with local Election Crime Coordinators to report potential security threats. These collaborative efforts are essential to counter the growing wave of influence operations and to ensure that the U.S. election process remains free from foreign manipulation.

CISA and EAC’s Support for State and Local Election Officials

In a related statement, CISA, along with the U.S. Election Assistance Commission (EAC), reiterated its support for state and local election officials as they prepare for the election. These officials, often working behind the scenes, play a critical role in ensuring that the election process runs smoothly and securely. “We are proud to support the hard work and dedication of election officials across the country,” CISA Director Jen Easterly said. “They are the heroes of our democracy, and we stand with them as they continue their tireless efforts to safeguard the integrity of our elections.”

The EAC also issued a joint statement, acknowledging the extensive preparation that has gone into ensuring the security of the 2024 election. “Planning for tomorrow’s election began four years ago,” said the EAC, emphasizing the comprehensive efforts made at both the state and local levels to address potential challenges. While operational issues may arise—such as delays at polling locations or power outages—election officials are prepared to handle such contingencies and ensure that every eligible vote is counted accurately.

The statement also addressed the importance of understanding that election night results are unofficial, as media outlets call the races based on preliminary results. “Accurately counting millions of ballots takes time, and we ask Americans to be patient during this process,” the EAC urged. It further emphasized that recounts and audits are standard procedures to ensure election accuracy, which will be conducted in accordance with state and territorial laws.

Fighting Disinformation: A Collective Effort

The growing sophistication of influence operations—especially those linked to Russia—has prompted the U.S. government to take proactive steps in combating foreign disinformation campaigns. The FBI, CISA, and other agencies are working around the clock to track and disrupt foreign interference in U.S. elections. In addition to technical defenses, these agencies are actively engaged in educating the public about the dangers of inauthentic content and misinformation.

The impact of influence operations, particularly in swing states, cannot be overstated. As foreign actors continue to amplify divisive rhetoric and fabricate stories about election fraud, it is essential that Americans rely on trusted sources for accurate information. State and local election officials, supported by CISA and the EAC, will continue to be the primary resources for election integrity.

Voters are encouraged to stay informed by consulting official channels, and to report any suspicious activity or potential cyber threats they encounter. “We are all in this together,” said Easterly. “It is up to every American to help protect the democracy that we all value.”

Conclusion

The U.S. elections are expected to be a critical test of the nation’s resilience against foreign influence operations and cyber threats. With Russia and Iran poised to continue their interference campaigns, it is important that the American public, election officials, and cybersecurity agencies work together to protect the electoral process. As foreign influence actors ramp up their activities, vigilance, awareness, and collaboration will be key to ensuring that the 2024 elections remain secure and free from foreign manipulation.

Sources: https://www.cisa.gov/news-events/news/joint-statement-cisa-and-eac-support-state-and-local-election-officials

https://www.cisa.gov/news-events/news/joint-odni-fbi-and-cisa-statement-1

The post Cybersecurity and Influence Operations Threaten Integrity of U.S. Elections, Warns FBI, CISA, and ODNI appeared first on Cyble.

Blog – Cyble – ​Read More

We’ve already discussed how most tracking apps provide minimal protection for your personal data by default. Routes and workout times, your fitness data and photos from your runs are usually publicly available online unless you explicitly block them. The consequences, as we’ve written, can be disastrous — ranging from leaks of secret facility locations to stalking and even attempted murder.

To avoid this, you need to configure both your smartphone in general and running apps in particular. You can find our instructions for the most popular running trackers via these links: Strava, Nike Run Club, MapMyRun, adidas Running.

Today, wrapping up our review of training-app privacy settings, we’ll explain how to properly configure ASICS Runkeeper (for both Android and iOS).

Like other major sportswear brands like Nike and adidas, the Japanese company ASICS, well-known for its running shoes, didn’t try to reinvent the wheel. Instead, it just acquired the popular running tracking app Runkeeper, and didn’t even rename it — simply adding its brand name to give us ASICS Runkeeper.

The privacy settings in ASICS Runkeeper — like in the other running apps — are not so easy to find. If you click on the gear icon in the upper left corner of the main screen, you won’t find them there — those are activity settings. Instead, click Me in the lower left corner, then click the gear icon in the upper right corner, and on the next page, select Privacy Settings.

These settings are basic — there are only three items on the page. The key thing to do here is to make sure the switch next to Public Account is turned off. I also recommend going into the Maps and Activities sections and changing the visibility from Followers to Only Me (in Runkeeper, the Everyone option appears only for public accounts).

It’s also a good idea to adjust the types of notifications ASICS Runkeeper can send you (there are many in the settings) by going back to Settings and choosing Push Notifications. Next to that option, there’s an Email Notifications section where you can turn off email notifications from the app.

Finally, if you decide to stop using Runkeeper, don’t forget to delete your data from the app. You can do this by going to Settings → Account Settings → Delete Account. You can also download your data before deleting it.

If you use other tracking apps for your workouts, you can configure their privacy settings using our guides:

• Strava
• Nike Run Club
• MapMyRun
• adidas Running

To learn how to configure privacy in other apps — from social networks to browsers — visit our website Privacy Checker.

And Kaspersky Premium will maximize your privacy protection and prevent digital identity theft across all your devices.

Don’t forget to subscribe to our blog to get more instructions and useful articles so that scammers will always… eat your dust.

Kaspersky official blog – ​Read More