How to Keep Your Devices and Personal Data Safe on Summer Vacation

The ongoing vaccination campaigns and easing of travel restrictions have encouraged millions of people to prepare for a relaxing vacation after months of lockdown and social distancing.

Don’t cut your vacation short by neglecting to secure your devices and personal data, and save yourself the headache of losing access to your accounts or finances.

Before departure

If your travel plans and itinerary have already been set, dedicate time to prepare the devices you’ve decided to take with you on holiday.

Update passwords for all online accounts to protect against any potential credential stuffing attacks. Choose unique and robust passwords, and enable multi-factor (MFA) or two-factor authentication (2FA) where available

Enable passcodes and PINs on all of your mobile devices to safeguard your data in case the device is left unattended or lost

Install pending security updates on your smartphone, tablet or laptop

Install a local security solution with anti-malware protection to protect against malicious attacks while surfing the web on holiday

Back-up data in case of theft or device compromise

Install a VPN on all of your devices to ensure your data is safe if you connect to a public Wi-Fi, make online purchases or access your bank account

Disable automatic Bluetooth connectivity on your device to prevent strangers from connecting to your device in public

While at your destination

Avoid connecting to free public Wi-Fis in restaurants, airports, cafes or hotels. If you do, chose password-protected networks and use a VPN to prevent eavesdropping on online activity

Resist the urge to post on social media platforms about your activity and location. You prevent anyone from breaking into your home or using the information to scam your friends and family

Leave smart devices such as external hard drives, laptops and USBs in a safe at your hotel to avoid data loss and device compromise while exploring the surroundings

Check your accounts for suspicious activity

Bitdefender Total Security is compatible with Windows, Mac, Android and iOS devices. It offers complete real-time data protection alongside web-filtering technologies to ensure you don’t land on suspicious or malicious websites while browsing. The dedicated browser and VPN will protect your online presence, providing safe online banking and shopping by encrypting traffic on your smart devices.

Adding our Digital Identity Protection tool allows you to check for data breaches and adjust all of your accounts in minutes if needed. You can also check for social media impersonators and learn more about your digital presence for more privacy-focused decisions – only e-mail address and phone number required.

from HOTforSecurity https://ift.tt/3d2TkxD

Don’t name your Wi-Fi hotspot this, unless you want to crash your iPhone

A bizarre bug has been discovered in iOS that can cause an iPhone to crash when it attempts to join a Wi-Fi network with a particular name.

What’s the offending name? Well, I don’t want to put it in the text of this article in case some readers are curious enough to try it out for themselves.

So, here it is as an image:

Security researcher Carl Schou stumbled across the problem, and tweeted a vido of his iPhone getting in a mighty muddle when trying to connect to a Wi-Fi hotspot with that name.

“Neither rebooting nor changing SSID fixes it,” reported Schou in a tweet.

In all likelihood this is a simple goof caused by the way in which the iOS code is parsing the Wi-Fi hotspot’s name, causing a crash. But sometimes silly errors like this can turn into nasty attacks that can be exploited by malicious hackers – so we should always treat bugs like this with the respect they deserve, and fix them at the earliest opportunity.

I wouldn’t be at all surprised if there is a a minor software update released by Apple for iPhones and iPads in the coming days which fixes the problem, but in the meantime here is a way that you can fix afflicted iPhones today:

Open the Settings app

Choose General > Reset

Select Reset Network Settings, and then – when promoted – confirm that you do wish to reset your network settings.

from HOTforSecurity https://ift.tt/3gVklnt

Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

According to a report by Catalin Cimpanu at The Record, authorities in South Korea have filed charges against employees at a computer repair store.

What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.)

The report says that South Korean police claim the extortion scam began last year, after companies contacted the repair firm hoping to receive assistance in dealing with ransomware infections that had encrypted their systems.

The repair firm reportedly initially assisted victims, helping them negotiate and pay ransoms to retrieve data garbled by the attacks. However, according to The Record, “in at least 17 incidents, the employees modified ransom notes to inflate the original ransom demands in order to obtain larger funds from the victimized companies.”

In some cases the ransoms are said to have been increased ten-fold, allowing corrupt technicians to make large profits when victims agreed that a ransom demand should be paid.

That would be bad enough, but it is further claimed that technicians at the repair store installed a remote access backdoor on customers’ computers they helped recover from attacks, and would use it to launch their own ransomware attacks.

Ultimately, according to reports, the rogue staff would plant ransomware onto the computers of any customers – even those who didn’t bring their computers in due to a ransomware problem.

If there’s one thing that I thought ransomware gangs had learnt in recent years it was not to target organisations on your doorstep.

Just look at the amount of ransomware believed to originate from certain parts of Eastern Europe, but which notably goes out of its way to avoid infecting computers if it detects a Cyrillic keyboard is being used.

The theory goes that law enforcement agencies in Russia might be turning a blind eye to ransomware gangs based in the country, just so long as they don’t cause problems for companies close to home.

For instance, according to an analyis by security experts at Cybereason, the DarkSide ransomware deliberately strives to avoid infecting computers it identifies as being based in the following countries:

Armenia

Azerbaijan

Belarus

Georgia

Kazakhstan

Kyrgyzstan

Moldova

Romania

Russia

Syria

Tajikstan

Tatarstan

Turkmenistan

Ukraine

Uzbekistan

If South Korean police really have successfully identified members of an active ransomware gang, it sounds like the suspects may have made the elementary mistake of targeting companies far too close to home.

In the past we’ve described how stores offering repair services have tricked customers into believing their PCs are infected with malware. It’s something else to take a PC to a repair shop for fixing, only to find that you’re dealing with a potentially bigger criminal than the ones who have caused your computer to seize up in the first place.

from HOTforSecurity https://ift.tt/3vBDjoD

Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration

A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT).

The malicious campaign, spotted by the Bitdefender Antispam Lab, tries to deliver the malicious payload under the guise of a COVID-19 vaccination schedule that comes as an attachment. 

Most of the attacks seem to have originated from IP addresses in Vietnam. Although telemetry shows a global dispersion of the malspam campaign, 50% of the malicious emails were directed to South Korea.

The messages are designed to look like a business email asking the recipients to go over some technical issues presented in the attachment and register for the vaccine.

 “Attached herewith is the revised circular,” the malicious email reads. “There are some technical issues in the registration link provided in the circular yesterday. Kindly refer to the attached link. For those who had successful register earlier, kindly ignore this email.”

Active for over seven years, Agent Tesla has been used frequently in phishing campaigns seeking to steal user credentials, passwords and sensitive information.

The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable.

Agent Tesla’s popularity surged during the second half of 2020, with more than 46% of all global Agent Tesla reports occurring in Q4.

The malicious attachment (AC 2021 09 V1.doc) is in fact a RTF document exploiting a known Microsoft Office vulnerability. Once accessed, the document downloads Agent Tesla malware.

After the malware has collected all the information from the victim’s system, it exfiltrates the credentials and other sensitive data via the SMTP protocol (email) back to an email account registered in advance by the attackers.

According to a joint CISA and FBI advisory, CVE-2017-11882 was among the most exploited software vulnerabilities between 2016 and 2019. So it seems that bad actors are still hunting for outdated and unpatched software that can easily be compromised.

Indicators of compromise

MD5Name5e7a8b39eff3dfe0374c975fe75a5304dc64b85da4788153796a9bb1f6d44c3cTrojan.GenericKD.46463520675e2470a3c7fe645fe445c95ae152a2dd2d2ccedb366e3cc1e070bb31c59ec4Trojan.GenericKD.46464231

Bitdefender detects the AC 2021 09 V1.doc as Trojan.GenericKD.46463520, while Agent Tesla malware is detected as Trojan.GenericKD.46464231.

To avoid device and data compromise, always verify the validity of messages before accessing any attachments, patch any used software and install a security solution on your device. With Bitdefender Total Security, you get the best anti-malware protection against e-threats across all major operating systems. The real-time protection feature included in our security software offers continuous protection against all e-threats, including viruses, worms, Trojans, ransomware, zero-day exploits, rootkits and spyware to keep you and your data safe.

Note: This article is based on technical information provided courtesy of Bitdefender Labs

from HOTforSecurity https://ift.tt/3gFwaOJ

Make the Internet a Better, Safer Place on Stop Cyberbullying Day

Stop Cyberbullying Day has been promoting good digital citizenship practices for more than a decade to make the digital world a better and more welcoming place for everyone.

This year, we’re reminded of the challenges and risks children and teens face when using digital technologies. Stuck at home during the pandemic, kids have turned to social media, gaming platforms, and instant messaging apps where safe digital encounters are not a given.

According to The Cybersmile Foundation, 60% of internet users have been exposed to bullying, abuse or some form of harassment online.

“Stop Cyberbullying Day is a reminder that although the Internet is one of the most powerful and effective tools on earth for making the world a better place – unfortunately, it also highlights the reality that there are still lives being destroyed on a daily basis when this power is abused or used for the wrong reasons,” said Iain Alexander, Head of Engagement at The Cybersmile Foundation.

Cyberbullying can take place over a cell phone, computer or tablet — devices found in most any home. It involves sending, posting or sharing damaging or false information about individuals online, including personal and private information that may cause negative long-term psychological effects for victims.

While cyberbullying may take place on any digital platform, social media platforms such as Facebook, Instagram, Snapchat and TikTok are prone to negative behavior and mean comments due to the visibility of messages and posts to others outside a trusted circle of friends and family.

Online harassment and bullying can also extend via text messaging and online chat rooms, email and gaming communities, allowing for persistent and continuous embarrassment for victims.

Parents and caretakers may not always be aware that cyberbullying is taking place, as victims may feel ashamed and unwilling to communicate with others. However, unlike face-to-face bullying, cyberbullying leaves a trace on the Internet, so it can be easier for parents and victims to gather evidence and put a stop to the harassment.

The Bitdefender Parental Control feature enables parents to check if their children engage in conversations with unknown individuals and monitor access to damaging websites.

Based on a child’s age, the Parental Advisor will automatically choose the best privacy features that can be fine-tuned for the parent’s and child’s needs by managing screen time and blocking incoming calls that have no Caller ID, among others.

from HOTforSecurity https://ift.tt/3vAeBF1

Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans

In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach.

At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials.

What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.

As Bleeping Computer reports, some Ledger customers have received fake replacement Ledger devices via the post, alongside a letter that claims it is a replacement hardware wallet that should be used in the wake of the earlier data breach.

In a Reddit post, a Ledger customer shares photographs of the package he received as well as the contents of the letter which purports to come from Ledger’s CEO:

Dear Ledger client, As you know, Ledger was targeted by a cyberattack that led to a data breach in July 2020. We were informed about the dump of the content of a Ledger customer database on Raidforum. We believe this to be the contents of our e-commerce database from June 2020. At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (name, surname, phone number and customer wallet information) that we were able to specifically identify. For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again. We deeply apologize for the inconvenience caused to you due to our faulty security systems. Note: This new device doesn’t work for new setups. You need to follow 6 step installation guide which is inside your box. Once you successfully installed you can start to use your new device.

Accompanying the letter was a shrinkwrapped Ledger box, containing a modified device.

Credit: u/jjrand @ Reddit

Of course, it’s easy to take the packaging for a Ledger Nano X, replace its contents with a fake hardware wallet, and then shrinkwrap it again.

Ledger has confirmed that the device purporting to be a Ledger Nano X inside the box is fake: “A flash drive implant has been connected to the printed circuit board. It contains a file with a fake Ledger Live app. There are enclosed instructions in the Nano box which ask the user to connect the device to their computer, open a drive and run the fake Ledger Live app. To initialize the device, the user is asked to enter his 24 words in the fake Ledger Live app. This is a scam. A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page. Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase.”

In short, if you make the mistake of plugging the device into your computer and running the program contained on the device, you are putting the security of your PC in peril and might be one step away from handing over the keys to any cryptocurrency you might have stashed away.

As attempts to break into cryptocurrency wallets go, it’s certainly more of a parlarver than the typical phishing attack or optimistic malware-laced email, and must take much more time for the attacker. But then, if you’re vying to break into somebody else’s cryptocurrency fortune that may well be time you believe well spent.

The best advice for owners of hardware wallets would seem to be to remain suspicious of all communications related to their devices – whether they be via email, phone, or parcel.

from HOTforSecurity https://ift.tt/3gwD4XI

Microsoft to Pull the Plug on Windows 10 in 2025

Microsoft will retire the Windows 10 operating system on October 10, 2025. It’s the first time the company puts an expiration date on its current operating system, paving the way for its successor, Windows 11.

It’s a big deal when an operating system reaches end-of-life because it essentially means that its maker no longer issues updates, leaving it vulnerable and eventually buggy. When that operating system is Windows, the reach of the OS into the modern world complicates the situation further.

Microsoft made a few changes to the Windows lifecycle policy, putting a firm date on Windows 10’s end-of-life strategy — October 14, 2025. The company said that the new policy will apply to Home, Pro, Pro Education, Pro for Workstations and that Microsoft will continue to support at least one Windows 10 Semi-Annual Channel until then.

The end-of-life for the other Windows 10 products is a little more complicated, as Microsoft will likely continue to provide support for companies who choose to continue to use their products, at least for a while. The same happened with Windows XP and Windows 7, and the same policy will likely continue with Windows 10.

To be clear, only support for Windows 10 will end; the operating system will continue to work just as before but will become increasingly unsafe for users. Users who continue running unsupported OSes will have to use a dedicated security solution to get malware protection.

For example, even if Microsoft announced the end of support for Windows 7 as of January 14, 2020. Bitdefender continued to provide support for its software on that platform for two more years.

from HOTforSecurity https://ift.tt/3wA21a8

Participating in This UPS Survey Will Not Earn You a Brand New Sony PlayStation 5

Online scammers use the name of international shipping company UPS to dupe consumers into participating in a survey giveaway scam.

The scam, recently spotted by Bitdefender Antispam Lab, guarantees recipients a Sony PlayStation 5 gaming console in return for completing the online survey on behalf of UPS.

Fraudsters use traditional clickbait tactics such as “Participate before it’s too late” to entice users into reading the email. The message makes it look like recipients were among the lucky winners, as they’ve been chosen to participate in the Loyalty Program, free of charge. “It will take you online a minute and you will receive a fantastic prize: A Brand New Sony PlayStation 5,” the email reads.

The scammers also say the giveaway only applies to US residents, and there can only be 10 lucky winners.

Online survey scams are used to scrape personally identifiable and financial information that can be used to commit identity theft. The data can also be sold to third parties and monetized by other cyber crooks.

Survey scams that guarantee a large prize such as an iPhone, or in this case, a PlayStation 5 gaming console, usually ask victims to provide their credit card information to cover “shipping costs” for the product they’ve won.

Tips to protect your information

Unfortunately, UPS is not participating in the giveaway business. The next time you receive a text message, email or phone call asking you to participate in a survey to win some goodies, hang up or delete the message immediately.

Additional warning signs can be noticed while filling out the so-called survey and you’re asked to provide a username, Social Security number, credit card details or other sensitive data – information a legitimate survey will never ask for.

Unless you can confirm that the survey is legit, stay away from survey and giveaway promotions you receive via email.

If the body of the message has no obvious red flags, check the URL of the survey. Fraudsters may use domain spoofing to make it look like the URL you are accessing is valid, so remember to check the spelling.

There are no bulletproof methods to prevent scammers from impersonating well-known brands and businesses. Even if companies constantly monitor fraudulent activity, the adoption of preventive methods often falls on consumers.

The advanced anti-phishing protection integrated with Bitdefender solutions is designed to safeguard your device and private information, blocking suspicious websites impersonating trustworthy entities. Additionally, an anti-fraud filtering system will warn you whenever a website tries to scam you, keeping your sensitive information safe.

from HOTforSecurity https://ift.tt/3cL3lPL

7 Mobile Security Tips to Help Safeguard Your Device and Personal Information

Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts.

Mobile security is often overlooked by many technology users, who dismiss the reality of security risks brought by careless interactions with the digital world.

Given the portability and myriad of functionalities, mobile devices are highly susceptible to cyber threats, including malware, spyware and phishing attempts that may compromise that precious piece of tech we keep in our pocket and any information stored on it.

Threat actors know that users often behave recklessly with their smart devices. If they play their cards right, the compromise of a user’s devices can be financially rewarding, offering insight into the private and sensitive information of its owner.

Here are some essential preventive measures to help protect and keep your devices safe from the most frequent mobile security threats out there.

Keep your devices and apps up to date

An up-to-date system can protect your smartphone or tablet from vulnerabilities or loopholes that can be exploited. If you don’t like the automatic updates functionality on mobile devices, watch for software update notifications and reminders that may pop up on your screen and install the patches manually as soon as you have the time. 

Delete unused apps from your device

Old and unused apps that have not been kept up to date may conceal severe security flaws that endanger the security of your device.

Consider reviewing the app library for any applications you no longer need. A cleanup will make it easier for you to find your apps and help make your device more secure.

Back up data

Today, memory cards for mobile devices offer a large storage capacity for your contacts, messages, files, videos and photos. However, making regular backups for your data is essential in case of theft or malicious compromise such as a ransomware attack.

Avoid smishing and phishing attacks

Like phishing, SMS-based attacks, also known as smishing, seek to trick recipients into accessing a malicious link via text. Smishing attacks rely on social engineering tactics to fool recipients into handing over personal information or downloading malicious software onto the device.

Treat any unsolicited SMS with caution, especially those that purport to come from your bank and ask you for personal or financial information.

If you’re always checking your emails, be wary of any unsolicited messages that seek to create a sense of urgency or induce a state of panic. Remember, if it seems too good to be true, it probably is.

Delete any unexpected messages received via text or email and do not reply to the sender.

Hang up or don’t respond to suspicious phone calls

Fraudsters and scammers may also call you on the phone. Like any good actor, the scammer will attempt to convince you that the call’s offer or purpose is legitimate. If you’re asked for personally identifiable information, bank account numbers, PINs or credit card numbers, hang up immediately. Bullying or threats are another major red flag.

Dodge unsecured public WiFi networks

Public WiFi networks are rarely secured, serving up additional ways to compromise your device. Thus, despite reduced travel and vacationing during the pandemic, the risks of malicious interference have not vanished.

Users handling sensitive information while connected to a public WiFi can face many threats, including theft of personal information such as login and financial data.  Additionally, cybercriminals may mimic a legitimate public WiFi, known as man-in-the-middle-attacks. Users who connect to these malicious networks are exposed to data theft, malware infections and financial compromise.

Security at home or on the go

Protecting against mobile security threats doesn’t need to be a painstaking process involving comprehensive security know-how.

A cybersecurity solution on your smartphone or tablet protects your device from internet-enabled threats and guards your personal information from cyber thieves.

Bitdefender’s web attack prevention uses web-filtering technology to ensure you don’t land on malicious websites when browsing. Paired with anti-phishing protection and anti-fraud filtering systems integrated into our security solution, you won’t have to worry about suspicious websites or scams.

Compatible with both iPhone and Android smart devices, Bitdefender Mobile Security will help secure your data by offering full protection against mobile-specific threats whether you’re at home, at your favorite coffee shop, or on vacation.

An extra layer of privacy and security is brought by the integrated VPN that secures all your traffic on public networks and protects your online activity, such as banking or shopping, from prying eyes.

from HOTforSecurity https://ift.tt/2S2Rp4Q

Mobile security threats: reality or myth?

Consumers are sometimes skeptical about warnings that smartphones face just as many security threats as regular computers. While some security experts might seem over-zealous shouting about the dangers, the vast majority of warnings about mobile security threats are indeed justified. Just because our phones are not tethered physically to a network doesn’t mean they’re safe from cyber threats. In fact, they are more vulnerable than most of us like to think.

Platform-agnostic threats

Most security threats faced by regular users arrive via the Internet, whether it’s a malicious app or a rigged website, a scam delivered through the user’s social media channels, or a phishing scheme carried out via email or SMS. Even ransomware can make its way onto your phone if you jump through enough hoops set up by a threat actor.

Stalkerware is another big issue on mobile platforms. Whether delivered by exploiting a software vulnerability in the phone or installed deliberately by, say, a jealous spouse, this type of malware is especially prolific on phones – since they contain troves of personal data and private communication channels.

Mobile threats are in no way a myth. And most threats today are platform-agnostic, meaning they don’t discriminate based on OS or device type as long as the hardware can connect to the web. Furthermore, most consumer-oriented threats focus on stealing data (passwords, credit card information, etc). In many cases, no malware is needed to compromise this data. A well-timed phishing attack is all it takes to steal a user’s personal or financial information.

iPhones are not immune to hacks

Security researchers, commonly referred to as ‘white hat hackers,’ specialize in finding and exploiting device-specific vulnerabilities so bad guys don’t get to them first. But that doesn’t stop ‘black hats’ from doing the same. And when the bad guys do succeed, they sell their mobile exploits for millions on the dark market.

A vulnerability in WhatsApp allegedly allows threat actors to install spyware onto iPhones. It’s clear that the myth that Apple devices are immune to hacker attacks is just that – a myth.

Weaponizing hype

As shown in our 2020 Consumer Threat Landscape Report, the surge in popularity of video conferencing solutions during the pandemic opened an unlikely door for opportunistic threat actors. We detected a relatively large number of users installing Zoom apps from unofficial app stores, exposing mobile devices to malware posing as Zoom installers.

This especially applies to Android phones. As noted in a recent Bitdefender Labs entry, one of Android’s greatest strengths, the ability to sideload apps from unofficial sources, is also its Achilles’ heel.

Our researchers wrote:

“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading. If mobile devices have no security solution installed, malicious apps roam free.”

Teabot, also known as ‘Anatsa,’ is an Android malware that can carry out overlay attacks via the Accessibility Services. It can intercept messages, perform keylogging activities, steal Google Authentication codes, and it even enables its authors to take full remote control of a user’s phone.

The Teabot payload is hidden in fake apps copying popular counterparts from the official Google Play store – some with as many as 50 million downloads. One popular distribution method uses a tainted Ad Blocker that people deliberately seek and install from unofficial sources. Other attack avenues include so-called free antivirus apps.

Stay protected with Bitdefender Mobile Security

Bitdefender has long gauged the dangers posed to mobile platforms, as well as the privacy hurdles we face each day in the digital era.

Bitdefender Mobile Security gives your iPhone or Android device full protection against mobile-specific threats, plus a secure VPN for a fast, anonymous and safe experience while surfing the web. We help users secure their passwords, private data and financial information, and we offer instant alerts whenever an incident is detected and prevented.

And with our new Digital Identity Protection, you can check your online accounts against data breaches, find your private information online in legal and illegal collections of data, detect your social media impersonators and more. You can count on us to always be there to help you secure your online accounts, regardless of platform.

from HOTforSecurity https://ift.tt/3izXgJI

Android devices under attack: fake apps and SMS messages lead to data-stealing malware

Bitdefender researchers warn about a new wave of attacks that infect Android devices and steal personal details. 

Several popular apps have been impersonated and packed with malware named Teabot, the latest Bitdefender Lab report shows. Cybercriminals trick users into installing these apps outside of the official store. If the mobile device on which it’s downloaded has no security solution installed, the malware roams free.

TeaBot can intercept messages, steal Google Authentication codes, and even remotely control Android devices. 

Bitdefender researchers have also identified a strange distribution method, with attackers using a fake Ad Blocker app that acts as a dropper for the malware. They suspect several other fake apps are used, but they remain unknown for the time being. The most reliable way to stay safe from these threats is to install a security solution on your Android devices. Consider getting Bitdefender Mobile Security to protect yourself from any suspicious apps and block any potentially dangerous links you might receive.

Another threat to watch out for is the text message scam. It is currently spreading at full speed across Germany, Spain, Italy and the UK. 

The message, which pretends to be from a delivery firm, contains a link that is actually a malicious piece of malware called Flubot. 

FluBot imitates the following apps, among others:

Once downloaded, it can take over devices and spy on phones to gather sensitive data, including online banking details. It also has the ability to send more infected text messages to the user’s contacts.

You can read more about TeaBot and Flubot in the Bitdefender Lab full report. 

If you feel you’ve had enough bad news and want to jump to a solution, here it is: Bitdefender Mobile Security. It will protect you from any suspicious app and any potentially dangerous link you might receive. 

from HOTforSecurity https://ift.tt/3grRvv3

RockYou2021: The Mother Lode of Password Collections Leaks 8.4 Billion Passwords Online

The most extensive data leak collection to date, dubbed ‘RockYou2021’, was dumped on popular hacking forums earlier this month.

According to a CyberNews report, a forum user posted a 100GB text file with 8.4 billion password entries, presumably obtained from previous data leaks and breaches.

Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.”

In a description provided by the post’s creator, it was revealed that the passwords are between 6 and 20 characters in length, with non-ASCII characters and white spaces removed.

The researchers also emphasized that the RockYou2021 data leak is comparable to the leak of the giant database known as Compilation of Many Breaches, or COMB, dumped earlier this year.

“Its 3.2 billion leaked passwords, along with passwords from multiple other leaked databases, are included in the RockYou2021 compilation that has been amassed by the person behind this collection over several years,” said CyberNews investigators in the report.

What are the risks?

Cybercriminals can use the database to conduct password-spraying or brute force attacks. In this form of attack, malicious actors try a list of common passwords on many online accounts to gain access and compromise the user.

Moreover, user exposure to account compromise increases seven-fold due to bad cyber habits such as password reuse and recycling, potentially leading to account takeover on numerous apps, websites and platforms.

What should users do?

The extent of this data leak leaves little room for debate on whether one of your account passwords has been exposed. As such, users should consider resetting passwords wherever possible.

Remember to use a complex and hard-to-guess password and enable two-factor authentication (2FA) on all compatible online accounts. If you’re having trouble remembering or keeping track of your passwords, look up a trustworthy password manager.

The data breach pandemic is here to stay, affecting millions of internet users each year. The more you know and control, the easier it is to manage your online data and persona and reduce your risks.

Start by checking if your personal information has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool, only with your e-mail address and phone number.

from HOTforSecurity https://ift.tt/3gk2ZjT

GitHub Improves Policies to Better Distinguish Malware or Vulnerability Research from the Rest

Following a public debate, GitHub changed its policies regarding exploits, malware and vulnerability research so that the company’s position is much clearer when it comes to action and its responsibilities.

There’s no denying that GitHub’s usefulness far outweighs that of the potential harm that it can generate. The platform’s often been used in various malware campaigns, but GitHub is trying to change some policies to allow users, researchers and the platform itself to manage the content better.

After the community weighed in on GitHub’s proposal, new policies have come into effect, one of which stands out:

“We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,” state the new policies. “We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem. This change modifies previously broad language that could be misinterpreted as hostile toward projects with dual-use, clarifying that such projects are welcome.”

The second point is almost as crucial, as GitHub states it will not allow its platform to be used in “unlawful attacks that cause technical harm, which we’ve further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss.” The precise definition of what constitutes an attack no longer leaves room for interpretation.

GitHub also made it a lot clearer that an appeals and reinstatement process is available for users who have had their projects suspended. The company also has a system in place to let parties resolve disputes before the incident is elevated to be arbitrated by GitHub.

These policies should make it easier to distinguish real security projects from malicious ones, making it more difficult for threat actors to hide behind a veil of research.

from HOTforSecurity https://ift.tt/3gh3rPV

Criminal networks smashed after using “secure” chat app secretly run by cops

The Australian Federal Police (AFP) has revealed that it was able to decrypt and snoop on the private messages sent via a supposedly secure messaging app used by criminals… because the app was actually the brainchild of the FBI.

At a press conference, AFP commissioner Reece Kershaw described how the idea of “AN0M” – a backdoored messaging app – was dreamt up by members of the FBI and AFP over a few beers after the shutdown in 2018 of “Phantom Secure,” an encrypted phone network used by criminals and drug cartels.

Keen to fill the vacuum left by the dismantlement of “Phantom Secure,” the FBI secretly ran the “AN0M” service, sharing criminals’ supposedly secret communications in real-time with AFP officers, and other law enforcement agencies around the world.

224 people have been arrested in Australia in what has been dubbed “Operation Ironside,” and 3.7 tonnes of drugs, 104 weapons, AU $44.9 million (US $34.75 million) in cash, as well as millions of dollars of other assets such as luxury cars have been seized.

In addition, Australian police say that they have acted on 20 threats to kill.

Many more arrests are expected domestically and internationally – and all because the criminals were using a communications service that they believed was secure, but was in fact run by the cops.

AN0M ran on modified smartphones sold on the black market, stripped of normal functions like email or the ability to even make a phone call, and which required owners to pay a subscription.

Ironically, those subscription fees were actually destined to go into the coffers of the police force that would ultimately arrest those using the devices.

Sneakily, police encouraged informants to seed the app into the criminal underworld, before it was adopted by drug lords who unwittingly acted as “influencers,” giving the app legitimacy and encouraging other criminals to adopt it for communications.

Rather than promoting its secretly-backdoored app, the AN0M website now declares that it has been seized by the authorities and invites users to enter their contact details if they think their account might be linked to an ongoing investigation (!):

This domain has been seized Law enforcement has been monitoring messages and attachments from the ANØM platform. A number of investigations have been initiated and are ongoing. To determine if your account is associated with an ongoing investigation, please enter any device details below:

I wonder how many people will be keen to do that…

According to AFP commissioner Reece Kershaw, “We were able to see every handset that was handed out and attribute it to individuals… The use of encrypted apps represents significant challenges. AN0M gave us insights we never had before.”

Of course, AN0M is just one of many apps claiming to offer secure end-to-end encrypted messaging. There are other more widely-used and more mainstream apps that provide a similar service for anyone – criminal or otherwise – to communicate securely.

The arrests undertaken by the Australian police, which is likely to be replicated by other agencies around the world, will no doubt give some pause to consider whether the secure messaging app they are using really is secure as they think it is.

from HOTforSecurity https://ift.tt/3g0gFBF

DOJ Accessed Darkside’s Crypto Wallet and Seized $2.27 Million from Pipeline Hackers

The US Department of Justice (DOJ) has seized more than half of Colonial Pipeline’s $4.4 million ransom payment towards the infamous cybercriminal group known as Darkside.

According to a press release posted on June 7, the FBI recovered $2.27 million from a cryptocurrency account used by the hackers.

Federal investigators managed to track down the payment of 63.7 bitcoin as it moved through the cryptocurrency ecosystem in multiple anonymous transfers.

“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”

FBI agents used a blockchain explorer to track down the address that received numerous payments on May 27. Fortunately, they also had the password or private key needed to access the wallet address, according to the supporting affidavit.

“The proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ’private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address,” the DOJ explained.“This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.”

The seizure of funds involved coordinated efforts of multiple law enforcement departments, including the Ransomware and Digital Extortion Task Force, a division created by the DOJ to fight the growing number of ransomware attacks targeting United States infrastructure.

The Task Force specializes in ransomware criminal ecosystems, prioritizing the disruption, investigation and prosecution of malicious digital acts and extortion.

from HOTforSecurity https://ift.tt/34XqF8q

HMRC Issues Nationwide Warning on Tax Credit Renewal Scams

The HM Revenue and Customs (HMRC) has warned the British public to be vigilant against scams and fraud attempts, as the remaining annual renewal packs are due to arrive via post this week.

The alert was issued in response to more than 1 million referrals and suspicious contacts received by the public from April 2020 to April 2021, with more than half offering fake tax rebates.

The department has also removed more than 3,000 suspicious phone numbers and 15,700 malicious web pages with the help of telecom companies and the nations’ communications regular (Ofcom).

In total, HMRC’s Cyber Security Operations has responded to nearly 450,000 phone scam reports, up 135% from last year.

“We’re urging all of our customers to be really careful if they are contacted out of the blue by someone asking for money or bank details,” said Myrtle Lloyd, HMRC’s Director General for Customer Services.

“There are a lot of scams out there where fraudsters are calling, texting or emailing customers claiming to be from HMRC. If you have any doubts, we suggest you don’t reply directly, and contact us yourself straight away. Search GOV.UK for our ‘scams checklist’ and to find out ‘how to report tax scams’.”

Despite the agency’s successes in impeding spoofing of helpline numbers, fraudsters using social engineering skills may still fool citizens into providing personally identifiable information (PII) and financial data.

As such, customers who can’t verify the identity of a caller should end contact with the individual and hang up the phone.

The alert underlines that renewing online by logging into the government website is “quick and easy,” and customers can also check on the progress of their renewal.

To make sure customers don’t fall victim to fraudulent schemes, HMRC advises the following:

Don’t provide personal information, reply to text messages, download attachments or reply to unsolicited emails claiming to be from the HRMC

Don’t trust caller IDs on smartphones, as the numbers can be spoofed

Reject, refuse and ignore requests that rush or panic you into providing your personal and financial information

Research similar scams and brush up on the latest phishing and smishing fraud attempts

Forward suspicious emails claiming to be from HMRC via  [email protected]

Contact your bank if you suspect any fraudulent attempts or have fallen victim to a scam

Report scams and fraud via Action Fraud

from HOTforSecurity https://ift.tt/3ghiOIa

Latvian National Indicted for Helping Develop and Spread Trickbot Malware

US authorities charged Alla Witte for helping build TrickBot, a type of malware that was active for many years in a worldwide campaign, defrauding numerous people.

Taking down much of TrickBot was a group effort involving multiple countries and coordination that doesn’t usually happen with similar threats. While all of Trickbot’s infrastructure was eventually primarily dismantled, a few servers are still active in various countries where the law enforcement agencies had no jurisdiction.

“The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad,” said Acting US Attorney Bridget M. Brennan of the Northern District of Ohio.

According to a CyberScoop report, 55-year old Latvian citizen Alla Witte was arrested in Miami on February 6, 2021. She was just arraigned and charged with 19 counts, including conspiracy to commit computer fraud, aggravated identity theft, conspiracy to commit wire and bank fraud, bank fraud and conspiracy to commit money laundering, among others.

“Defendant ALLA WITTE, aka MAX, was a national of Russia,” says the Department of Defence in the indictment. “During the timeframe of this indictment, WITTE resided in Suriname. WITTE was a Malware Developer for the Trickbot Group, overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot.”

Another 18 people are mentioned in the DOJ report and named co-conspirators or defendants, most of whom are from Russia, although the Trickbot group operated from Russia, Belarus, Ukraine and Suriname.

For now, it’s unclear what role Witte played in the Trickbot structure, but US law enforcement agencies will have to settle with just one arrest in this case, as the other defendants haven’t set foot in the US.

from HOTforSecurity https://ift.tt/34UcTDB