One of the world’s premier tech events traditionally takes place every year in Las Vegas in early January. Sure, the Consumer Electronics Show (CES) pays attention to cybersecurity, but by no means is it top of the agenda. Looking for a giant monitor or AI washing machine? You’re in luck! Smart home protection against hackers? Might have to shop around a bit…

We’ve picked out the top trending announcements at CES 2025, with a focus on what new cyberthreats to expect as the latest innovations hit the shelves.

NVIDIA Project DIGITS: your own mini supercomputer for running AI locally

NVIDIA founder Jensen Huang unveiled the company’s Mac-Mini-sized supercomputer to CES visitors. Powered by the GB10 Grace Blackwell “superchip” with a minimum 128 GB of memory, the device is capable of running large language models (LLMs) with 200 billion parameters. Connect two such computers, and you can run even larger models with up to 400 billion parameters! However, the US$3000 price tag will limit the buyer audience.

Cybersecurity aspect: running LLMs locally stops confidential information from leaking to OpenAI, Google Cloud, and other such services. Until now, this wasn’t very practical: on offer were either greatly simplified models that struggled to run on gaming computers, or solutions deployed on powerful servers in private clouds. “NVIDIA Project DIGITS” now made it easier for both small companies and wealthy hobbyists to run powerful local LLMs.

Roborock Saros Z70: a “handy” vacuum cleaner

The inability of robot vacuum cleaners to cope with stairs and other obstacles, including things lying around, greatly limits their usefulness. Roborock’s new model solves the latter issue with an extensible arm that picks up small and light objects from the floor.

Cybersecurity aspect: the Saros Z70’s object-rearranging ability is very limited, and Roborock has not been involved in any major cybersecurity scandals. So we’re unlikely to see any game-changing risks compared to existing vacuum cleaners. But later models or competitors’ products can theoretically be used in cyberphysical attacks such as burglary. For instance, researchers recently showed how to hack Ecovacs robot vacuums.

But the Saros Z70 is notable for more than just its mechanical hand. Another of its officially announced features is video surveillance. The vendor claims that camera footage never leaves the device, but we’ll believe that when we see it. After all, you’ll probably at least need a separate device to view the footage. The StarSight 2.0 system, due with a later software update, will let you train the robot to recognize specific household objects (for example, favorite toys) so that it can show where it last saw them on a map of your home. As to whether this handy feature works entirely on the device — or data about things in your home gets fed to the cloud — press releases are maintaining a tactful silence.

Bosch Revol: preying on parental fear

How did a baby rocker manage to take home the “Least private” mock award for gadgets at CES 2025, as judged by Electronic Frontier Foundation and iFixIt? The Bosch Revol Smart Crib not only automatically rocks the crib, but continuously collects video and audio data, while simultaneously scanning the baby’s pulse and breathing rate using millimeter-wave radar. It also monitors temperature, humidity and fine-particle pollution levels. The camera is equipped with object recognition to detect toys, blankets and other potentially dangerous objects near the infant’s face. All data is instantly streamed to a parental smartphone and to the cloud, where it remains.

Cybersecurity aspect: other vendors’ video baby monitors have been dogged by scandals, and hacked to conduct nasty pranks and spy on parents. In the case of the Revol, not only video, but medical data could end up in cybercriminal hands. When it comes to child and health-related tech, a cloud-free setup as part of a well-protected smart home is the way to go.

TP-Link Tapo DL130: in the same vein?

Among the many smart locks unveiled at CES 2025, it was TP-Link’s model that stood out for a feature that’s still quite rare — biometrics based not only on face/fingerprint recognition, but also on palm veins matching. Simply wave your hand in front of the sensor, and the system will identify you as the owner with high accuracy. Unlike more common biometric factors, this method doesn’t depend on lighting conditions, and works well even with wet and dirty hands. Plus, it’s more difficult to fake.

Cybersecurity aspect: smart locks can be integrated into your home network and interact with your smart home (such as Alexa or Google Home), which creates a wide cyberattack surface. Given the numerous critical vulnerabilities in other TP-Link equipment, there’s a risk that flaws in smart locks will allow attackers to open them in unconventional ways.

Google Home + Matter: a cloud-free sky home

A major update to Google’s smart home hubs means they can now control curtains, sockets, light bulbs and other devices via the Matter protocol without connecting to a cloud server. At the heart of your smart home can be a Google Nest — an Android 14 smart TV or even a Chromecast device. Tell Google Assistant to “switch on the bedroom light”, and the command will be carried out even without an internet connection, and with minimal delay.

If a staunch advocate of a cloud-based future like Google has implemented such offline scenarios, the demand for such functionality must be huge.

Cybersecurity aspect: local control of your smart home reduces the risk of compromise and improves privacy — less data about what goes on in your home will leak to equipment vendors.

Halliday Glasses: improve your AI-sight

We chose Halliday AR glasses for the innovative image projection system that makes them lighter and more compact — though our takeaways also apply to dozens of other smart glasses presented at CES 2025. While some models address a simple and specific issue — such as combining glasses with a hearing aid or serving as a near-eye display for computer users on board a plane — quite a few of them come equipped with an AI assistant, camera, ChatGPT integration, and other features that potentially can be used to spy on you. They’re used for live translation, teleprompting and other productivity-boosting tasks.

Cybersecurity aspect: all AI features involve shifting large amounts of data to the makers’ servers for processing, so local AI in glasses is still a long way off. But unlike with computers and smartphones, the voices, photos and videos of all those around you will be included in the information flow generated by the glasses. From an ethical or legal standpoint, wearers of such glasses may have to continuously ask permission from everyone around to record them. And those who don’t want to pose for Sam Altman should look out for wearers of smart glasses among their peers.

Sony Honda AFEELA: I feel it’s going to be driving by subscription

This luxury electric car from two Japanese giants is available to preorder — but only to California residents and with rollout scheduled for 2026 or later. Nevertheless, the Japanese vision could become the envy even of Google: the price of the vehicle includes a “complimentary three-year subscription” to a variety of in-car features, including Level 2+ ADAS driver-assist and an AI-powered personal assistant, and a choice of interactive car design and entertainment features such as augmented reality and “virtual worlds”.

At the CES 2025 demonstration, the car was summoned onstage by the voice command “Come on out, Afeela” — but it remains unclear whether this handy feature will be available to drivers.

Cybersecurity aspect: we’ve spotlighted the risks and vulnerabilities of “connected” cars many times. Whether manufacturers will be able to keep the security bar high, not only for vehicles, but also for telematics systems (especially critical if smart driving becomes subscription-based), is a big question for the future. Those who don’t like the idea of their car suddenly turning into an iron pumpkin pending a software update or after a cyberattack are advised to refrain from splashing out… at least for another decade or so.

BenjiLock: a biometric padlock

Now you can lock up your bike (or barn or whatever) without memorizing a code or carrying around a key. As the name suggests, the BenjiLock Outdoor Fingerprint Padlock is a padlock that stores and recognizes fingerprints — up to ten of them. No smartphone or Wi-Fi required, all the magic happens inside the lock itself. The device is resistant to both moisture and dust, and (according to the manufacturer) works on one charge for up to a year.

Cybersecurity aspect: only real-world tests can prove resistance to old-school lock picking and inexpensive fingerprint faking. Smart locks are often vulnerable to both.

Kaspersky official blog – ​Read More

Right after Christmas, news broke of a multi-stage attack targeting developers of popular Chrome extensions. Ironically, the biggest-name target was a cybersecurity extension created by Cyberhaven — compromised just before the holidays (we’d previously warned about such risks). As the incident investigation unfolded, the list grew to include no fewer than 35 popular extensions, with a combined total of 2.5 million installations. The attackers’ goal was to steal data from the browsers of users who installed trojanized updates of these extensions. The focus of the campaign was on stealing credentials for Meta services to compromise business accounts and display ads at victims’ expense. However, that’s not the only data that malicious extensions can steal from browsers. We explain how the attack works, and what measures you can take to protect yourself against it at different stages.

Attacking developers: OAuth abuse

To inject trojan functionality into popular Chrome extensions, cybercriminals have developed an original phishing scheme. They send developers emails disguised as standard Google alerts claiming that their extension violates Chrome Web Store policies and needs a new description. The text and layout of the message mimic typical Google emails, so the victim is often convinced. Moreover, the email is often sent from a domain set up to attack a specific extension and containing the name of the extension in the actual domain name.

Clicking the link in the email takes the user to a legitimate Google authentication page. After that, the developer sees another standard Google screen prompting to sign in via OAuth to an app called “Privacy Policy Extension”, and to grant certain permissions to it as part of the authentication process. This standard procedure takes place on legitimate Google pages, except that the “Privacy Policy Extension” app requests permission to publish other extensions to the Chrome Web Store. If this permission is granted, the creators of “Privacy Policy Extension” are able to publish updates to the Chrome Web Store on behalf of the victim.

In this case, there’s no need for the attackers to steal the developer’s password or other credentials, or to bypass multi-factor authentication (MFA). They simply abuse Google’s system for granting permissions to trick developers into authorizing the publication of updates to their extensions. Judging by the long list of domains registered by the attackers, they attempted to attack far more than 35 extensions. In cases where the attack was successful, they released an updated version of the extension, adding two files for stealing Facebook cookies and other data (worker.js and content.js).

Attacking users

Chrome extensions typically receive updates automatically, so users who switched on their machines between December 25 and December 31, and opened Chrome, may have received an infected update of a previously installed extension.

In this event, a malicious script runs in the victim’s browser and sends data needed for compromising Facebook business accounts to the attackers’ server. In addition to Facebook identifiers and cookies, the malware steals information required to log in to the target’s advertising account, such as the user-agent data to identify the user’s browser. On facebook.com, even mouse-click data is intercepted to help the threat actors bypass CAPTCHA and two-factor authentication (2FA). If the victim manages ads for their company or private business on Meta, the cybercriminals get to spend their advertising budget on their own ads — typically promoting scams and malicious sites (malvertising). On top of the direct financial losses, the targeted organization faces legal and reputational risks, as the fake ads are published under its name.

The malware can conceivably steal data from other sites too, so it’s worth checking your browser even if you don’t manage Facebook ads for a company.

What to do if you installed an infected extension update

To stop the theft of information from your browser, the first thing you need to do is to uninstall the compromised extension or update it to a patched version. See here for a list of all known infected extensions with their current remediation status. Unfortunately, simply uninstalling or updating the infected extension is not enough. You should also reset any passwords and API keys that were stored in the browser or used during the incident period.

Then, check the available logs for signs of communication with the attackers’ servers. IoCs are available here and here. If communication with malicious servers was made, look for traces of unauthorized access in all services that were opened in the infected browser.

After that, if Meta or any other advertising accounts were accessed from the infected browser, manually check all running ads, and stop any unauthorized advertising activity you find. Lastly, deactivate any compromised Facebook account sessions on all devices (Log out all other devices), clear the browser cache and cookies, log in to Facebook again, and change the account password.

Incident takeaways

This incident is another example of supply-chain attacks. In the case of Chrome, it’s made worse by the fact that updates are installed automatically without notifying the user. While updates are usually a good thing, here the auto-update mechanism allowed malicious extensions to spread quickly. To mitigate the risks of this scenario, companies are advised to do the following:

• Use group policies or the Google Admin console to restrict the installation of browser extensions to a trusted list;
• Create a list of trusted extensions based on business needs and information security practices used by the developers of said extensions;
• Apply version pinning to disable automatic extension updates. At the same time, it’ll be necessary to put in place a procedure for update monitoring and centralized updating of approved extensions by administrators;
• Install an EDR solution on all devices in your organization to protect against malware and monitor suspicious events.

Companies that publish software, including web extensions, need to ensure that permission to publish is granted to the minimum number of employees necessary — ideally from a privileged workstation with additional layers of protection, including MFA and tightly configured application launch control and website access. Employees authorized to publish need to undergo regular information security training, and be familiar with the latest attacker tactics, including spear phishing.

Kaspersky official blog – ​Read More

Overview

Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE-2024-55591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them “super-admin” privileges.

The exploitation of this vulnerability has already been observed “in the wild,” stressing the urgency for affected organizations to act immediately.

Key Details

Vulnerability Summary

CVE-2024-55591 arises from a flaw in the Node.js websocket module, specifically within FortiOS and FortiProxy, where an alternate path or channel can bypass authentication mechanisms (CWE-288). This allows remote attackers to gain administrative access and compromise device configurations.

Affected Products

The vulnerability impacts specific versions of FortiOS and FortiProxy:

• FortiOS 7.0: Versions 7.0.0 through 7.0.16
• FortiProxy 7.0: Versions 7.0.0 through 7.0.19
• FortiProxy 7.2: Versions 7.2.0 through 7.2.12

Unpatched systems are vulnerable to unauthorized access and subsequent exploitation.

Indicators of Compromise (IoCs)

Organizations are advised to monitor for the following IoCs to detect potential compromise:

Log Entries

• Admin Login Events

• Log Message: Successful login from the “jsconsole” interface with “super-admin” privileges.
• Example: type=”event” subtype=”system” level=”information” vd=”root” logdesc=”Admin login successful” sn=”1733486785″ user=”admin” ui=”jsconsole” method=”jsconsole” srcip=1.1.1.1 dstip=1.1.1.1 action=”login” status=”success” reason=”none” profile=”super_admin” msg=”Administrator admin logged in successfully from jsconsole”
• Admin Account Creation

• Log Message: Creation of admin accounts with random usernames from suspicious IPs.
• Example: type=”event” subtype=”system” level=”information” vd=”root” logdesc=”Object attribute configured” user=”admin” ui=”jsconsole(127.0.0.1)” action=”Add” cfgtid=1411317760 cfgpath=”system.admin” cfgobj=”vOcep” cfgattr=”password[*]accprofile[super_admin]vdom[root]” msg=”Add system.admin vOcep”

Common IP Addresses Usernames Used by Threat Actors

• Frequent IPs:
  • 1.1.1.1
  • 2.2.2.2
  • 8.8.8.8
  • 45.55.158.47 [most used IP address]
  • 87.249.138.47

• Admin/Usernames Created by Threat Actors:
  Randomly generated usernames have been observed, such as:
  • Gujhmk
  • Ed8x4k
  • G0xgey
  • Pvnw81
  • Alg7c4
  • Ypda8a
  • Kmi8p4
  • 1a2n6t
  • 8ah1t6
  • M4ix9f

Threat Actor Activity

Post-exploitation, attackers typically perform the following actions:

1. Create admin accounts with elevated privileges.
2. Add local users to existing SSL VPN user groups.
3. Alter firewall policies to enable unauthorized network access.
4. Use compromised SSL VPN accounts to establish tunnels into internal networks.

These actions allow lateral movement within the network, further compromising critical assets.

Mitigation Recommendations

Patch Management

Upgrade to Secure Versions:

• FortiOS: Upgrade to 7.0.17 or higher.
• FortiProxy: Upgrade to 7.0.20 or higher.
  Use Fortinet’s Upgrade Tool for guidance.

Access Control

1. Disable HTTP/HTTPS Administrative Interfaces:
   Prevent unauthorized access by disabling external administrative interfaces.
2. Restrict Access with Local-In Policies:
   Limit administrative access to trusted IP addresses using local-in policies.
   • Configure firewall address and groups for allowed IPs.
   • Apply local-in policies to restrict management interface access.

Monitoring and Detection

1. Audit Logs:
   Continuously monitor system logs for anomalous login activities, suspicious IP addresses, and unauthorized account creations.
2. Threat Intelligence Integration:
   Leverage threat intelligence feeds to stay updated on IoCs and adversarial tactics.

Incident Response

1. Immediate Actions on Compromise:
   • Remove unauthorized accounts and reset passwords for all administrative and local users.
   • Revert unauthorized firewall and VPN configuration changes.
   • Isolate compromised devices from the network and conduct forensic analysis.

2. Strengthen VPN Security:
   • Change SSL VPN ports to non-default values.
   • Implement multi-factor authentication (MFA) for all VPN users.

Workarounds

If patching is not immediately feasible, the following steps can temporarily mitigate risks:

1. Restrict Administrative Access:
   Use local-in policies to limit management interface access to trusted IPs.
2. Modify SSL VPN Ports:
   Configure custom ports for SSL VPN and HTTPS interfaces to avoid default port exploitation.
3. Enable Trusthost Feature:
   Apply the trusthost feature to restrict access only to predefined IP ranges.

Conclusion

Organizations leveraging Fortinet solutions must act promptly to secure their infrastructure against CVE-2024-55591exploitation, leveraging patches, access restrictions, and continuous monitoring to detect and mitigate potential attacks. Proactively implementing these measures not only reduces the attack surface but also strengthens overall network security against advanced threat actors.

References:

https://www.fortiguard.com/psirt/FG-IR-24-535

https://docs.fortinet.com/upgrade-tool

The post Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security appeared first on Cyble.

Blog – Cyble – ​Read More

Overview

Foreign interference poses a persistent and evolving threat to Australia’s sovereignty, democracy, and national interests. Recognizing the critical importance of addressing these risks, the Australian Government has launched the “Countering Foreign Interference in Australia: Working Together Towards a More Secure Australia” initiative.

This comprehensive strategy outlines measures to identify, mitigate, and prevent foreign interference while empowering individuals and organizations to protect themselves.

Defining Foreign Interference

Foreign interference encompasses activities conducted on behalf of foreign powers that pose threats to individuals, infrastructure, or institutions. Unlike foreign influence, which operates transparently, foreign interference relies on clandestine, deceptive, and harmful methods to undermine Australia’s interests, the Australian Department of Home Affairs said.

Key Targets of Foreign Interference

• Individuals: Members of diaspora communities are often coerced, intimidated, or manipulated to serve foreign interests.
• Infrastructure and Institutions: Critical infrastructure, democratic processes, and national security systems are frequently targeted for control or disruption.
• Information: Foreign actors steal, manipulate, or fabricate data to influence public opinion or gain strategic advantages.

The Scale of the Threat

The Director-General of Security Mike Burgess had earlier warned that espionage and foreign interference represent Australia’s principal security concerns. “If we had a threat level for espionage and foreign interference it would be at CERTAIN – the highest level on the scale. The threat is now. And the threat is deeper and broader than you might think.”

The Director-General’s comments indicated that more Australians are being targeted than ever before. Failure to counteract these activities risks long-term consequences, including undermining democratic values, economic prosperity, and social cohesion.

Key Sectors at Risk

• Communities: Members of diaspora communities are particularly vulnerable to threats such as surveillance, harassment, and coercion. Foreign actors often exploit these individuals to advance their agendas.

Example: Protesters advocating against foreign regimes may face harassment or threats to their families abroad.

• Democratic Institutions: Electoral processes and political systems are primary targets. Foreign actors may attempt to sway election outcomes, corrupt officials, or spread disinformation to erode public confidence.

Example: Covertly influencing campaign donations to push policies favorable to foreign interests.

• Higher Education and Research: Universities and research institutions face risks such as intellectual property theft, academic coercion, and undue influence over curricula.

Example: Recruitment of academics by foreign entities to redirect research toward military or commercial objectives.

• Industry: Joint ventures, supply chain manipulation, and intellectual property theft threaten Australia’s economic resilience and defense capabilities.

Example: Hidden affiliations in joint ventures exposing Australian companies to espionage.

• Media and Communications: Foreign actors undermine independent media through disinformation, censorship, and recruitment of journalists, eroding trust and spreading propaganda.

Example: Influencing editorial decisions to align with foreign narratives, reducing transparency in public discourse.

Government Initiatives to Counter Foreign Interference

The Australian Government has adopted a multi-faceted approach to mitigate risks and strengthen resilience:

Legislative Framework

• Criminal Code Act 1995: Criminalizes foreign interference with penalties of up to 20 years imprisonment.
• Foreign Influence Transparency Scheme: Mandates registration of activities conducted on behalf of foreign principals.
• Foreign Investment Framework: Reviews foreign investments to ensure they align with national interests.
• Security of Critical Infrastructure Act 2018: Establishes legal obligations for safeguarding critical assets.

Additional Measures

• Counter Foreign Interference Taskforce (CFI Taskforce): Led by ASIO and AFP, this taskforce identifies, assesses, and disrupts acts of foreign interference.
• Counter Foreign Interference Coordination Centre (CFICC): Coordinates whole-of-government efforts and provides leadership on policy and outreach.
• University Foreign Interference Taskforce (UFIT): Protects academic institutions from coercion and intellectual property theft.
• Technology Foreign Interference Taskforce (TechFIT): Collaborates with the technology sector to address interference in critical technologies.
• Electoral Integrity Assurance Taskforce (EIAT): Ensures the integrity of federal electoral events against foreign threats.

What Individuals and Organizations Can Do

The Australian Government stressed on the shared responsibility in countering foreign interference. Individuals and organizations must take proactive steps to safeguard their interests:

For Individuals

• Report suspicious activities to the National Security Hotline (1800 123 400).
• Practice cyber hygiene, such as using strong passwords and verifying online information sources.
• Be vigilant about coercion or recruitment attempts, especially online or in professional settings.

For Organizations

• Strengthen cybersecurity measures and report incidents to the Australian Cyber Security Centre (ACSC).
• Conduct due diligence in partnerships, including verifying affiliations and reviewing intellectual property agreements.
• Monitor insider threats and implement workforce screening and ethics frameworks.

Practical Tools

• NITRO Portal: A secure reporting mechanism for businesses and research institutions to flag concerns about foreign interference.

Strengthening Partnerships

Australia’s coordinated response involves collaboration across government, industry, and international allies. By fostering partnerships and sharing intelligence, Australia aims to:

• Raise the costs of foreign interference for adversaries.
• Enhance the resilience of critical sectors.
• Build public awareness about the threats and protective measures.

Conclusion

Foreign interference poses a significant challenge to Australia’s democratic integrity, national security, and social fabric. The launch of “Countering Foreign Interference in Australia” demonstrates the government’s commitment to addressing these threats through robust legislation, strategic initiatives, and public engagement.

By working together, individuals, organizations, and the government can mitigate risks, ensure resilience, and safeguard Australia’s future. Reporting suspicious activities, adopting best practices, and fostering a culture of vigilance are critical components of this collective effort to counter foreign interference effectively.

References:

https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/countering-foreign-interference

https://www.homeaffairs.gov.au/nat-security/files/cfi-australia.pdf

The post Australia Launches ‘Countering Foreign Interference’ Initiative to Safeguard Sovereignty and Democracy appeared first on Cyble.

Blog – Cyble – ​Read More

Whenever you’re asked to log in to an online service, verify your identity, or download a document through a link, you’re usually required to enter your username and password. This is so common that most of us do it automatically without thinking twice. However, scammers can trick you into giving them passwords for your email, government service websites, banking services, or social networks by mimicking the service’s login form on their own (third-party) website. Don’t fall for it: only the email service itself can ask to verify your email password — no one else! The same applies to government services, banks, and social networks.

To avoid becoming a victim of fraud, every time you enter a password, take a moment to check where exactly you’re logging in, and what window is asking for your credentials. Three main scenarios are possible here — two are safe, one is fraudulent. Here they are.

Safe scenarios for entering passwords

1. Logging into your email, social network, or online service through the official website. This is the simplest scenario, but you need to make sure you are indeed on the legitimate site — with no errors in the URL. If you’re accessing the online service by clicking a link in an email or from search results, carefully check the browser’s address bar before entering your password. Make sure that both the service name and the site address are correct and match each other.

Why is it so important to take an extra second to check? Creating phishing copies of legitimate sites is a favorite trick of scammers. A phishing site’s address may be almost identical to the original, differing in just a letter or two (for example, the “i” letter might be replaced with an “I”), or use a different domain zone.

It’s also rather simple to create a link that appears to lead to a site but actually takes you somewhere else. Check it out for yourself: this link seems to lead to our blog kaspersky.com/blog but actually redirects you to our other blog — securelist.com.

The image below shows examples of legitimate login pages for various services where you can safely enter your username and password.

2. Logging in to a site using an auxiliary service. This is a convenient way to log in without creating additional passwords, commonly used for file storage services, collaboration tools, and so on. Auxiliary services are typically large email providers, social networks, or government service sites. The login button may say something like “Continue with Google”, “Continue with Facebook”, “Continue with Apple”, etc.

When you click the button, another window opens belonging to the auxiliary service (Google, Facebook, Apple, etc.). It works like this: the external service verifies your identity and confirms this to the site you’re logging in to. It’s crucial to check the addresses in both windows: make sure that the pop-up window asking for your password really belongs to the auxiliary service you expected (Google, Facebook, Apple, etc.), and the main window really belongs to the legitimate site you’re trying to log in to. In many cases, the pop-up window also indicates which site you’ll be logging in to. This auxiliary service mechanism allows you to enter the desired site without it ever seeing your password. Password verification takes place on the side of the auxiliary service (Google, Facebook, Apple, etc.). IT specialists call this login method single sign-on (SSO).

Fraudulent scenario: password theft

You receive an email or message with a login link, click it, and end up on a site that very closely resembles a legitimate email, social network, file-sharing, or e-signature service. The site asks you to log in to your account to prove your identity. To this end, you’re prompted to enter your email and password for your email, government services site, banking service, or social network directly on this site.

In this scenario, either there’s no pop-up window from a legitimate service (such as the one in the previous case), or the additional window also belongs to some third-party site. This is a scam designed to steal your

account password! Remember, a third-party site can’t verify your password — it simply doesn’t know it, and passwords are never shared between sites.

How to protect yourself from password theft

1. Carefully check the address of the site requesting your password.
2. Only enter a password for a service on the official website of that service — nowhere else.
3. Sometimes a separate window appears for entering a password. Make sure this window is a regular browser window where you can see the address bar and verify the address.
4. Scammers can create lookalike sites with addresses that are hard to distinguish from real ones. To avoid falling into such a trap, use reliable anti-phishing protection on all devices and platforms. We recommend Kaspersky Premium, the winner of an anti-phishing test in 2024.
5. An advanced protection method is to use a password manager for all your accounts. It verifies the actual page address, and will never enter your credentials on an unfamiliar site — no matter how convincing it looks.

Kaspersky official blog – ​Read More