now browsing by tag


Tinder, Hinge see spike in users during coronavirus, lockdowns | #tinder | #pof | romancescams | #scams

Match Group’s second quarter 2020 earnings report shows more people using online dating apps since COVID-19 hit. Match Group owns popular online dating apps including Tinder, OKCupid, Match, and Plenty […] View full post on National Cyber Security

#infosec | Sextortion Fallout Scam Tricks Users into Malware Download

Source: National Cyber Security – Produced By Gregory Evans

Security researchers are warning of a new sextortion-related campaign designed to trick the recipient into clicking on a nude image booby-trapped with malware.

The unsolicited email contains a message from ‘Red Skull’ hacking crew, who claim to have compromised the account of a contact of the recipient and found images of his naked girlfriend.

As this individual didn’t pay up, the hackers are now emailing the image to everyone in his contacts list, or so the scam goes.

To view the picture, the user is encouraged to “enable content” and in so doing execute macros on the machine. However, doing so will run a PowerShell command in the background to download and execute the Racoon information-stealing malware, according to IBM X-Force.

Fortunately, the associated domain has been taken down.

“This new take on sextortion is quite remarkable. It makes the victim believe that someone they know has been exploited in an attack that has nothing to do with them. If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually targeted,” the security vendor explained.

“Thanks to the quick removal of the domain, it is safe to say that the success of this single campaign should be less significant, despite the sophistication and creativity of its emails. Nevertheless, the threat actor distributing these emails has been very actively exploring new methods of social exploitation, so this will certainly not be the last time we write a collection about these types of emails.”

In fact, the same hackers are behind a new campaign in which malicious spam is sent to users posing as an “indictment message” sent by a court. The relevant information on the hearing is said to be included in the malicious attachment.

Other phishing emails use DocuSign as a lure to click through and unwittingly download Racoon.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Sextortion Fallout Scam Tricks Users into Malware Download appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Google Just Gave Millions Of Users A Reason To Quit Chrome

Source: National Cyber Security – Produced By Gregory Evans

Google Chrome’s seamless updates have long been a big part of its appeal. But perhaps not anymore. With the latest version of Chrome already installed on hundreds of millions of computers and smartphones around the world, a significant warning has been issued that you might not like what it has running inside. 

Picked up by The Register, Chrome 80 (check your version by going to Settings > About Chrome) contains a new browser capability called ScrollToTextFragment. This is deep linking technology tied to website text, but multiple sources have revealed it is a potentially invasive privacy nightmare. 

To understand why requires a brief guide to how ScrollToTextFragment works. The simple version is it allows Google to index websites and share links down to a single word of text and its position on the page. It does this by creating its own anchors to text (using the format: #:~:text=[prefix-,]textStart[,textEnd][,-suffix]) and it doesn’t require the permission of the web page author to do so. Google gives the harmless example: 

“[ islands, birds can contribute as much as 60% of a cat’s diet] This loads the page for Cat, highlights the specified text, and scrolls directly to it.”

The deep linking freedom of ScrollToTextFragment can be very useful for sharing very specific links to parts of webpages. The problem is it can also be exploited. Warning about the development of ScrollToTextFragment in December, Peter Snyder, a privacy researcher at Brave Browser explained: 

“Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with [the anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.” 

And it was Snyder who spotted that ScrollToTextFragment is now active inside Chrome 80 stating that “Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a ‘don’t break the web’, never-cross, redline. This spec does that.”

David Baron, a principal engineer at Mozilla, maker of Firefox, also warned against the development of ScrollToTextFragment, saying: “My high-level opinion here is that this a really valuable feature, but it might also be one where all of the possible solutions have major issues/problems.” 

Defending the decision, Google’s engineers have issued a document outlining the pros/cons of the deep linking technology in ScrollToTextFragment and Chromium engineer David Bokan wrote this week that “We discussed this and other issues with our security team and, to summarize, we understand the issue but disagree on the severity so we’re proceeding with allowing this without requiring opt-in.” 

Bokan says the company will work on an opt-out option, but how many will even know ScrollToTextFragment exists? And here lies the nub of it: Google has such power it can be judge and jury to decide what is or isn’t acceptable. So ScrollToTextFragment, with its unresolved privacy concerns and lack of support from other browser makers, is now out there, running in the background of hundreds of millions of Chrome installations. 

Whether you want to be part of that is up to you. 


Follow Gordon on Facebook

More On Forbes

Google Pixel 4, Pixel 4 XL Review: Smart Phones, Dumb Decisions

Google Pixel 3a Review: The Best Smartphone Under $500

Apple iPhone 12: Everything We Know So Far

Apple AirPods Pro Vs AirPods: What’s The Difference?

Source link

The post #deepweb | <p> Google Just Gave Millions Of Users A Reason To Quit Chrome <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Someone else may have your videos, Google tells users – Naked Security

Source: National Cyber Security – Produced By Gregory Evans As the well-worn internet saying goes – there is no cloud, it’s just someone else’s computer. This week, an unknown number of Google Photos users were alarmed to find that this can turn out to be true in surprisingly personal ways. According to an email sent […] View full post on

#cyberfraud | #cybercriminals | Ashley Madison users face extortion scam, five years on

Source: National Cyber Security – Produced By Gregory Evans Victims of the Ashley Madison data breach are again under attack, this time, via email. In 2015, ‘Impact Team’ dumped 32 million Ashley Madison users’ personal information, credit card and payment details, passwords, security question answers and ‘preferences’ on the dark web, after Avid Life Media […] View full post on

#hacking | Facebook reportedly derailed Europe terror probe by alerting users of phone hack

Source: National Cyber Security – Produced By Gregory Evans

Facebook in October reportedly derailed an investigation into an Islamic State terror suspect by European law enforcement and an Israeli intelligence firm by warning users that their phones had been hacked.

The company’s massively popular messaging platform, WhatsApp, notified some 1,400 users, including the suspect, that an “advanced cyber actor” had gained access to their devices. The suspect, who was believed to be planning a terror attack during the holiday season, disconnected shortly after.

The officials in the unnamed Western European country had hacked the suspect’s phone with software developed by Israel’s NSO group, which they secured with a government contract and the approval of a judge, according to a Wall Street Journal report.

The WhatsApp warning message to users said: “An advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted.”

The company was reportedly unaware of the security investigations.

A Western intelligence official told Channel 12 that the notification had been sent to both Islamic State and Al Qaeda suspects, calling the intelligence breach “a disturbing and dangerous fact,” according to a Sunday report.

The alert foiled investigations into some 20 cases, including into suspected terrorists and pedophiles, the official said.

Investigators breached suspects’ phones “surgically” using a loophole in the app, had been monitoring the suspects for a long time, and following the alert had to start the investigations anew, he said.

The investigation into the Islamic State suspect planning a holiday season attack had relied on the suspect’s phone for information on his activities and communications, and had only had access to the device for a few days — not enough time to complete the probe.

One European intelligence official said that the NSO technology had given his team information on a violent bank-robbing outfit and weapons dealers, which led to arrests. He said that officials in other countries in Western Europe had told him that over 10 investigations may have been thwarted by the WhatsApp message to users.

On October 29, the same day as the alert, WhatsApp sued NSO Group, accusing it of using the platform to conduct cyber-espionage on journalists, human rights activists and others.

The suit, filed in a California federal court, contended that NSO Group tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information from those using the messaging app.

WhatsApp said NSO Group’s hacking was illegal and that it was acting to protect its users.

NSO Group told The Wall Street Journal that its tools were “only licensed, as a lawful solution, to government intelligence and law-enforcement agencies for the sole purpose of preventing and investigating terror and serious crime.”

Most of its clients are Democracies in Europe that use its technology to fight crime and terror, NSO Group said.

NSO Group came to prominence in 2016 when researchers accused it of helping to spy on an activist in the United Arab Emirates.

Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target’s phone camera and microphone, and access data on it.

The firm has been adamant that it only licenses its software to governments for “fighting crime and terror,” and that it investigates credible allegations of misuse, but activists say the technology has been instead used for human rights abuses.

Source link

The post #hacking | Facebook reportedly derailed Europe terror probe by alerting users of phone hack appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | TikTok Tightens Rules on Video Content and Users

Source: National Cyber Security – Produced By Gregory Evans TikTok has overhauled its guidelines to clarify what kind of content is off-limits, from racial slurs to critical remarks about other users’ hygiene, at a time when the popular video app is facing increased scrutiny over its security. The more expansive rules released Wednesday cover 10 […] View full post on

#cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK

Source: National Cyber Security – Produced By Gregory Evans

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.

CNBC says that amongst the offending Android apps are the photo-editing tools Giant Square and Photofy. Presently there is no indication that iOS users are affected by the issue.

According to an advisory published by Twitter, data extracted from accounts via the use of the oneAudience SDK (which it describes as “malicious”) in a smartphone app could be used to take control of a Twitter account, although it has seen no evidence that this has occurred.

Twitter was keen to emphasise that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” and says it will be notifying users of the Twitter for Android app who may have been affected.

Furthermore, Twitter says it has “informed Google and Apple about the malicious SDK so they can take further action if needed.” I presume what they mean by that is that so Google and Apple can kick any offending apps out of their respective app stores.

In response, oneAudience has issued a statement claiming the “data was never intended to be collected, never added to [its] database and never used.”

According to the company, it “proactively” updated its SDK in mid-November so user data could not be collected, and asked developer partners to update to the new version. However, it has now announced it is shutting down the offending SDK.

Facebook meanwhile has issued a statement saying that it is taking action against not only the oneAudience SDK, but also an SDK from marketing company MobiBurn:

“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.”

“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

On its website, MobiBurn describes how it helps app developers generate revenue – not by placing more ads within an app, but through the “monetization of your applications’ valuable data in a safe and confidential way.”

However, in light of the revelations and action taken by Facebook and Twitter, MobiBurn says it has “stopped all its activities” until investigations are complete.

mobiburn statement

This is all very well and good, but what are users supposed to do to protect themselves?

When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.

All you can realistically do is exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK appeared first on National Cyber Security.

View full post on National Cyber Security

Google Cloud Update Gives Users Greater Data Control

Source: National Cyber Security – Produced By Gregory Evans

External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.

Google Cloud today debuted new capabilities, External Key Manager and Key Access Justifications, to give customers greater visibility into who requests access to their information and the reasoning behind these requests. They also have the ability to approve or deny them.

Google Cloud encrypts customer data-at-rest by default; users have several options to manage encryption keys. External Key Manager, coming soon in beta, is the next level of control. It works with Cloud KMS and lets users encrypt data in BigQuery and Compute Engine. Encryption keys are stored and managed in a third-party system outside Google. The idea is to let companies separate data and encryption keys while still using cloud compute and analytics.

Key Access Justifications is a new capability designed to work with External Key Manager. When an encryption key is requested to decrypt data, this tool provides visibility into the request and its justification, along with a mechanism to approve or deny the key in the context of that request, using an automated policy set by the administrator via third-party functionality.

This feature is coming soon to alpha for BigQuery and Compute Engine/Persistent Disk, and it covers the transition from data-at-rest to data-in-use, Google reports.

Read more details here and here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Source link

The post Google Cloud Update Gives Users Greater Data Control appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Woolworths issues coupon-scam alert for Facebook users looking for Christmas savings

Source: National Cyber Security – Produced By Gregory Evans

Woolworths yesterday issued an urgent scam alert over a branded coupon offering Facebook users $100 off their next transaction.

The post is heavily branded with convincing features such as disclaimers and a barcode. Users are asked to activate the coupon by sharing the link with their family and friends.

Woolworths has reported the scam to the Australian Competition and Consumer Commission (ACCC) and Scamwatch, and asks shoppers to be vigilant with guarding their personal and financial details.

“Scams are often specially designed to look genuine, and often copy features from legitimate communications such as our logo and branding,” the supermarket giant said in a statement.

“Woolworths will never email, message, or call you to ask for your personal or financial information including your password, credit card details or account information.”

Woolworths suggests users take particular care with links similar to its official web address with misspellings.

“For example, the link might take you to the website instead of,” the statement reads.

The Facebook scam follows a string of similar scams and subsequent warnings, such as emails posing as surveys or phishing text messages posing as package alerts from Australia Post.

According to the ACCC, more than 3,000 Aussie SMEs lost over $4.5 million due to scams in the last year.

Cyber security experts have spoken to SmartCompany about being on guard year-round as they push for policy reforms to combat the rising prevalence of sophisticated online scams.

“For a while, there were a lot of email security programs that did a good job of stopping spam, but we’ve become over-reliant on them,” Andrew Bycroft, chief executive of the international cyber resilience institute, said.

“Even if you get an email from someone you believe is a friend it could have come from anywhere.”

NOW READ: Telstra bill? Bin it. Australian inboxes targeted by sophisticated phishing scam

NOW READ: ‘Don’t trust email’: Half-a-billion lost to scams in 2018, ACCC says

Source link

The post #cyberfraud | #cybercriminals | Woolworths issues coupon-scam alert for Facebook users looking for Christmas savings appeared first on National Cyber Security.

View full post on National Cyber Security