user

Tue
21
Jul
John Lister's picture

Android Hit By New Banking Malware

A new strain of Android malware targets both social media accounts and online banking. It's a reminder of the risks of installing software from outside of the official Google Play store. The malware is dubbed BlackRock and appears to ultimately ... derive from the code used in an attack called LokiBot. Now thought to be inactive, LokiBot attempted to gain access to financial accounts through banking and related apps. One technique involved using automated scripts to login to a PayPal account and transfer money to the scammers. (Source: threatfabric.com ) BlackRock looks to take the same tactics ... (view more)

Wed
01
Jul
John Lister's picture

25 Android Apps Steal Facebook Passwords

Google has removed 25 malicious Android apps which tried to steal user Facebook logins. As always, it's worth checking devices to see if these apps are installed, because they won't automatically uninstall from phones even being ousted from the Play ... Store. This particular batch of apps didn't have a common subject, but each promised to carry out a basic function, including: a flashlight, file cleaner, or card game. Hidden deep inside each app was malicious software that ran behind the scenes. The malware came alive each time an app was opened on the phone, specifically checking to see if the ... (view more)

Fri
05
Jun
John Lister's picture

'Sign in With Apple' Bug Allowed Unrestricted Access

Apple has paid $100,000 reward to a security researcher who discovered a simple but potentially damaging bug. Until it was fixed, the bug could have let hackers take over a user's account. The problem was with "Sign in with Apple" - a system that ... lets users sign up to websites via their Apple account rather than having to create specific login details for each site, or go through an email confirmation process it. As with similar systems from Facebook and Google, it only works on websites that support the "Sign in with Apple" feature. When the user visits the third-party site, it ... (view more)

Mon
25
May
John Lister's picture

Chrome to Encrypt DNS Lookups: What it Means

Google is increasing privacy on Chrome with a change to the way it connects users to websites. But businesses will be able to disable the move so they can keep tabs on staff. The change is to the way Chrome connects with Domain Name Servers (DNS), ... which act a little like a telephone directory for the Internet. A DNS takes a website address that a user types into their browser and finds the matching IP address, which identifies the specific connection to the device such as a server (or service) that physically stores the website's files. In the past, the connection between Chrome and a DNS was ... (view more)

Mon
13
Apr
John Lister's picture

56 Android Apps Hijack Devices, Drain Battery

Security researchers have warned of 56 infected Android apps that could compromise performance. They've been deleted from the Google Play Store, but could still be on users' phones and tablets. According to Check Point, the apps contain malware ... designed to hijack phones and simulate user actions to click on ads. That could run down batteries and eat into mobile data allowances. (Source: checkpoint.com ) The 56 apps include 24 supposedly aimed at children, and 32 which offer simple utilities. They all work as designed: the problem is what's happening in the background. (Source: express.co.uk ... (view more)

Mon
10
Feb
John Lister's picture

Banking Malware Relays Passwords to Cyber Criminals

Researchers have warned of a sneaky trick that uses malware to collect passwords for online banking. The "Metamorfo" malware disables autocomplete to force users to retype passwords that can then be hijacked. Metamorfo is familiar to security ... researchers, but has developed two new characteristics. The first is that it no longer targets only financial institutions in Brazil, but has expanded to other countries. The seconds is a new tactic to make it more effective. The malware works in a familiar fashion. It's distributed through a .ZIP file that's disguised as an invoice attached to ... (view more)

Thu
16
Jan
John Lister's picture

Chrome to Block Third-Party Cookies

Google says it will block third-party cookies, which can track Internet users in ways they don't expect. But it could be up to two years before the block is fully in place. A cookie is a small text file placed on a user's computer by a website. The ... idea is the site can check for the cookie later on and customize the users' web experience. Examples of 'legitimate' cookie use would be an online store that holds items in a virtual 'shopping basket', and a movie theater chain's site 'remembering' a user's location to automatically show them local listings. The more controversial variant is third- ... (view more)

Tue
24
Dec
John Lister's picture

Facebook Stops Using Phone Numbers for Advertisements

Facebook is to stop treating user's phone numbers as a way to target advertising and recommend friends. Critics said the practice undermined a key security measure. The company says it wasn't collecting the numbers directly from phones or the ... Facebook app. Instead, users provided the number when taking advantage of two factor authentication. With this set-up, it means that if a user tries to log in to Facebook on a new device or from a new location, Facebook sends a security code by text message to the number on file. The user then has to type the code in to Facebook before they can login ... (view more)

Fri
06
Dec
John Lister's picture

Mozilla Removes Security Extensions by Avast!, AVG

Mozilla has removed security tools from Avast and AVG from the Firefox extension store. It says the tools are collecting too much personal data about users. The extensions are third-party tools for the Firefox browser that add extra functionality to ... web browsing. In this case, the advertised purposes include highlighting and blocking malware that could be downloaded, and warning users when a page may be part of a phishing attack. That's where a user is tricked into typing in personal details into what they think is a legitimate site. Mozilla acted after online posts by Wladimir Palant, who ... (view more)

Thu
05
Dec
John Lister's picture

Android Malware Extracts Passwords from Any Legit App

Security researchers say a serious Android bug could let malware pose as a legitimate app and gain unwanted access to a phone's data and functions. The concept of the 'StrandHogg' bug has been known for several years, but now it's being actively ... exploited to target online banking. In simple terms, the bug has two unwanted effects: it can trick users into giving malware sensitive 'permissions' to access the phone, and it can hijack legitimate apps to trick users into handing over login details and sensitive information. Researchers at Promon explain the bug is with a security setting called ... (view more)

Pages

Subscribe to RSS - user