The majority of malicious software apps are coming from the Internet, and unfortunately, Android users have one more reason to worry: spyware apps that steal data from the infected devices. Continue reading
A lot of users have downloaded over 500 various apps from official Google Play Store. The majority of these apps were infected with a tricky ad library that spreads spyware without being noticed and can do different hazardous procedures.
The main source of income for the app developers is advertising, because Google Play Store provides free downloads for 90% of Android apps. Toward this goal, they embed Android SDK Ads library in their apps that doesn’t influence app’s functionality. Continue reading
Security specialists revealed a dangerous adware botnet counting practically half a million victims, after attempts to remain in the background.
As ESET informed, Stantinko botnet targets mainly Russia and Ukraine. Its developers put it in circulation by installing hostile browser extensions that contain malicious ad and click fraud.
ESET also added that they were used for a fully featured backdoor sending, a bot for searches on Google, and a tool for performance of brute-force attacks on Joomla and WordPress administrator panels when trying to resell them. Continue reading
This banking Trojan can easily thieve sensitive data from the infected devices because of Accessibility Services.
Android devices with all updates and the latest Android version, and all security patches installed are also at risk, so these techniques aren’t as safe as many users think. Continue reading
The experiment involves Elon Musk’s OpenAI framework.
DEF CON Machine-learning tools improve their skills and have ability to create their own malware that overcomes antivirus software.
In a major presentation at the DEF CON hacking convention Hyrum Anderson, technical manager of data science at security shop Endgame, demonstrated the company research involving Elon Musk’s OpenAI framework adaptation to the aim of developing malware that cannot be revealed by security-protection modules. Continue reading
The survey reveals that a leak of data has increased to 20% because of failure to deprovision employees.
In spite of the fact that companies pay more attention to security sphere, a new investigation from the identity management provider OneLogin proved that still there is a lack of attention in many businesses to critical threats issues brought on by ex-employees – San Francisco, Calif., July 13, 2017. Continue reading
The investigation of Wakefield Research revealed that although online worry increases, password algorithms remain unimproved. For example, 81% of respondents use one password for many accounts. They are more or less digitally dodgy, but, nevertheless, 92% say they use one password for various accounts. Continue reading
Many ransomware attacks (76%) take roots in your PC performance through sending malicious messages to your email.
As Barracuda reported, phishing is a real moneymaking (particularly spear phishing). Most of the companies communicate through email, that is why it is the most commonly used tool for attackers’ tricks. Continue reading
Google created new security measures for Gmail users, including protection against phishing attacks, click-time warnings for fraudulent links and unintended external reply warnings.
The new machine learning technologies are based on a certain principle that spot-checks messages for phishing tricks. Andy Wen said that it helps to block spams and phishing messages from occurrence in the inbox folder within the accuracy of 99.9%.
The viral detection combines with Google Safe Browsing’s machine learning technologies for revealing and flagging “phishy” and malicious URLs. So, Gmail creates new URL click-time warnings for phishing and malware links.
Wen stressed that new technologies work faster and more efficiently than manual systems. Continue reading
There is no way to avoid the reality: cybercrime, or cyber espionage will hit. Attackers are employing methods to deliver malware and steal credentials, from old vectors like malvertising, to new ones like appliances connected to the Internet of Things.
Companies try to improve their security measures, but many of them are not aware of the biggest dangers.
The reality is that cybercrime will definitely hit. The attackers’ methods focus on credentials steal, using old vectors like malvertising, or new ones like connection to the Internet of Things.
Every specialist in security sphere decides on his own which threats are the most dangerous and which are of a least concern. Continue reading
The strategy is clear: a virus infects your PC and encrypts your data until you pay a ransom. The hackers create bit by bit instruction on how much to pay and even offer how to buy bitcoin if you are a new one in such issues. Usually, the sum comes to a few hundred dollars. Many users think that this is a better solution rather than giving up. Such systems are really profitable, none other but their designers know it.
Recently, WannaCry ransomware hit more than 150 countries. It has a rather particular origin: the basis of it is fragility of the National Security Agency, which one can use to disorder many versions of the Windows operating system. An unknown hacker knot called Shadow Brokers stole the NSA’s code (the security community considered these hackers to be the Russians) in 2014 and gave it to the world in April.
Microsoft fixed the weakness a month earlier after the NSA alert message that the information leak was inevitable. But older Windows versions were also infected, and unfortunately, there are a lot of users who do not care about their systems security. So, it is a great chance for WannaCry creators to infect computers and blackmail their users.
Good advice is to regularly update your system patches and REGULARLY backup your data.
Specialists, who have created fingerprints capable of fooling the sensors, said that smartphone fingerprint scanners are not as secure as we used to believe.
They could unlock mobiles with fingerprint security by using fake ones, so it is a great way to log in and to make different payments.
The investigation results of New York and Michigan State Universities revealed the researchers’ ability to develop “master prints that could fool a scanner up to 65 per cent of the time”. So, that means a rapid improvement of the artificial physical fingerprints.
To unlock smartphones, fingerprint scanners are considered to be more secure than passcodes. The Apple company stated that ID scanner used on iPhone has the slightest chance to be coincident with a fingerprint of another person. Continue reading
If you are fed to the teeth with people continuously asking about browsing safety, we are with you. Different warnings about internet security… But do not forget about antivirus program, little icon of which does its work.
Practically everyone believes he can light-heartedly click, specify and skim different type of information, and surf on the huge open space that is the internet.
Do not pay attention to those internet security fibs. The next perversions may be hard to perceive at first sight, but ultimately, it will be better for you to be aware of them. Continue reading
Almost 72% of employees are ready to share confidential information of a company and little take company’s data with them after working hours.
The Dell End-User Security Survey provides with such troublous statistics, which reveals that many employees are not only willing to share sensitive information, but they do it without using special security protocols.
Data shows that for today the working strategy of employees is based on two principles: to be efficient and hard-working on the job and to hold company information in confidence. Companies focusing on highly skilled employees and security measures are necessary to maintain data security questions. Nevertheless, they are failing on a work: 76% of employees think that company sacrifice their working efficiency for security precautions.
Petya ransomware creators attempt to accuse its predecessor of a crack into their system.
Investigators revealed one more Petya ransomware type last year. Besides, it contains improved crypto and ransomware patterns now.
The authentic Petya was hacked last April and the group behind PetrWrap developed a specific module that modifies the original ransomware version on-the-spot.
The on-the-spot change is intended to conceal the fact that Petya is containing the malicious element, and PetrWrap group uses its own crypto methods.
The encrypting uses OpenSSL library elements rather than the mbedtls library used by Petya. Continue reading
Last week investigators faced with a deleterious Word file that cannot distinguish between two different OS platforms. The goal of this malicious document is to infect other Microsoft systems.
If you open such a document, the malicious Visual Basic for Applications will affect your system immediately. The macro continues to read a base64-encoded character string in the file, which is reliant on the operating system, and then puts in force a certain script. Continue reading
Jeff Atwood, founder of the popular coding site Stack Overflow, has presented a provoking and rather interesting pompous speech about dire state of the password policy.
His post, entitled “Password rules are bullshit”, reveals that the present format of the password instructions, e.g. using particular combinations of characters, isn’t actually secure. What is more, he claimed that such instructions usually do have the reverse effect and do harm to those people who are using secure password generators.
The next high-priority issue is length of a password. Jeff underlined that majority of people should use over 10 characters’ password. In his opinion, developers failed to create really secure password strategy.
He insisted on the Unicode to increase passwords length in order to make the system more secure.
According to the data he has been analyzing, passwords of about 30 per cent of users would be in the list of top 10,000 passwords, which attackers by all means will use. As a result, there is a big number of consumers complaining about hackers’ attacks on their system.
As a partial solution, Heather Adkins, Google’s director of information security and privacy, recommends turning on two-factor authentication.
U.S. President Donald Trump worried about cybercrime defense and insisted on better state authorities’ protection of the networks. For this purpose, he adjourned sine die the government directions signing to give a stimulus for administration’s issue consideration.
Due to draft copy of the order, the Ministry of Defense and the Department of Homeland Security would have 60 days for the networks security improvement.
Trump had to sign this order on Tuesday but cancel a back order a short time before.
The cybersecurity must be focused on such infrastructures like Power station and power network, Trump announced. Power network security is a great problem that is in need of a speed solution.
During the briefing, the Democratic National Committee was taken into account in the first instance by Trump because of their hacker attack on the presidential election campaign.
“The Democratic National Committee Despite threw away a lot of money instead of attending to security measures,” Trump said. “The Republican National Committee was not hacked. Hackers failed to put in force their hacker attack that means that we have very strong protective safety system against it.”
Over recent years, Netgear had been trying to improve its routers derangement that increased to 30, among which 20 characterized by the embedded programme problems.
Trustwave security expert Simon Kenin identified the weak point that lies in the fact that Netgear routers firmware have some problems with the password reset mechanism.
The explorer practiced deceit with web based controller interface of Netgear WNR1000v3 routers in January 2014 for password disclosure. There were two scripts called unauth.cgi and passwordrecovered.cgi and none of them prompted for an identification action.
Nevertheless, Netgear is considered to be one of the best security producer that proved by the bug bounty program creation.
The intensification of the formidable DDoS botnets from deficient embedded targets like Mirai produced against routers problems. It is sad to say but software support of such devices are influenced by 90s-era assailabilities like command entry, buffer trashing and others. The main security functions of the software include auto refresh or sandboxing that used in very rare cases.
Dutch security expert Sijmen Ruwhof has scrutinized programme support of the Dutch election precinct and now makes a statement “the average iPad is more secure than the Dutch voting system.”
Taking into account SHA1 cryptography weakness of the Dutch voting system, local television station RTL wanted the expert to examine the inconsistency of its parts.
Since 2009, the Dutch election precinct does not use the electronic voting because of the ministers’ prohibition. As a result, the electronic voting systems during counting bulletins result are considered to be insecure. The voting electronic version is available for many devices such as Windows XP, non-current versions of web browser.
It is necessary to state that every computer mechanism should be as secure as an iPad to make ourselves safe from different adverse consequences.
