Cybersecurity is an issue with growing concern among all netizens. There is barely any privacy on the internet today, and not taking the right security measures only adds on to make us all the more unsafe on the web. Hence, there are rising numbers of instances of cyber-attacks and it is because of this that ensuring phishing prevention has become mandatory for individual users as well as the organizations. Here are the top headlines from the cyber world to help to plan your security better.
Adware Spread Through Android Apps
As many as 49 apps spreading malware are in circulation and use among Android users. These apps can be downloaded from Google Play and have titles similar to Cut Out Studio Pro, Tattoo Maker, Bubble Effect, Clown Mask, Magazine Cover Studio, Music Video Maker, etc. Users who downloaded the apps complain that full-screen pop-up ads frequently appear, and the advertisements also pop up when users click or unlock the screen.
What does the adware do?
- It registers itself like a foreground service and operates continuously even if the user isn’t using the app at the moment.
- It eats up a lot of memory on the phone and consumes the battery quickly because of its continual functioning.
- In addition to this, the adware adds several shortcuts resembling Chrome on the home screen, keeping the real icon of the adware concealed.
- When a user clicks on the fake Chrome shortcut, he gets redirected to a blank webpage where yet another full-screen ad pops up.
- Another demerit of the adware is that it can only be closed when you click “Back” or the “Home” key.
How to delete the app?
Merely deleting the fake shortcut does not remove the app from your device; one needs to go to the phone settings and uninstall the app there.
To ensure protection against phishing, users need to analyze the authenticity of an app before downloading it on their devices.
New Form Of Malware Detected
Fleeceware – a new extension to the types of malware has been detected and removed by Google from its Play Store. Fleeceware, however, is more of a Potentially Unwanted Program (PUP) or Potentially Unwanted Application (PUA) than a malware.
However, what most users miss out on noticing while going through the terms and conditions of Google Play is that they need to stop the trial before uninstalling an app as uninstalling and ending a subscription are two very different things. It is this very loophole that Fleeceware exploits. All users who assume that uninstalling the app has set them free from paying any subscription fee are getting overcharged by the application.
Fleeceware targets not only Android users but also iOS users and this has compelled Apple to prompt users about the same when they attempt to uninstall an app with an active subscription.
What needs to be done?
For protecting themselves from phishing and extra charges, all users are advised to read through the terms and conditions carefully. Also, going through the app reviews and developer reviews before installing an app and unsubscribing before uninstalling the app are essential measures.
Invoice Scam Makes Two Firms Lose €650,000
Invoice frauds have made two Irish firms lose €650,000 in recent times, and therefore Irish business owners are advised to remain cautious of this widespread email fraud. The two victim firms had received invoices requesting a release of payment from seemingly legitimate suppliers. They responded to these emails, and the result was catastrophic.
Primarily propagated through emails, these invoice scams also take place via phone calls and letters. These emails ask the victim firm to change the supplier’s bank details (to that of the attackers), and falling for this trick implies losing a huge sum of money.
Since it becomes challenging for small businesses to revive from such an attack, they are advised to speak to somebody from the invoicing company to confirm whether the received email is legitimate. To ensure email phishing protection, all businesses must scrutinize incoming emails for changes like swapping, addition or elimination of letters in a mail address. Furthermore, requests for change of bank account details must be viewed as an alarm.
Attacks On British Political Parties Prior To Elections
Hacker groups have launched multiple attacks since last Tuesday on the two main political parties of Britain. These attacks are targeted at bringing down the parties’ political websites offline through a flush of malicious traffic just when the nation nears its elections. Britain’s security agencies had foreseen these attacks and blamed it on Russia and other countries, but Moscow has denied all charges.
The Labour Party (opposition) underwent a severe cyberattack on their digital platforms, but fortunately for them, no loss of data was caused. And a few hours later, they withstood a second attack which was followed by a third attack on the governing Conservative Party’s website.
Some sources opine that the attack on the Conservative Party was a huge one and couldn’t possibly involve just one hacker group. Meanwhile, the Labour party is taking phishing protection measures and has asked the public to cooperate with the changes made.
Britain’s National Cyber Security Centre says that the attack on the Labour and Conservative Parties was a Distributed Denial-Of-Service (DDoS) attack, which makes it all the more difficult to pinpoint the attacker group. Although the Labour Party could protect itself from the first attack, they fear what the results of the election would be if such attacks persist.
Ransomware Attack Hits Mexico’s Pemex
In what seems like a failure of phishing prevention software, 565 bitcoins (which comes to about $5 million) were demanded from Mexico’s oil firm Pemex in a ransomware attack recently. As a result of the hack, the firm had to bring down its computers throughout Mexico, disrupting vital service areas such as payments. The ransom note that flashed on Pemex computers directed them to a darknet website affiliated with “DoppelPaymer” – a type of ransomware.
The attackers also gave Pemex a deadline of 48 hours to make the ransom payment to a provided email address. However, the firm took its time before responding to a request to comment on the ransom demand. Pemex already has several issues to deal with, including massive debts and reverse years of declining oil production. The ransomware attack adds to the firm’s burden.
Pemex claims that not all sectors of its firm have been affected by the attack and that its storage and distribution facilities continue to function normally. The firm adds that less than 5% of its computers were harmed in the cyber attack. A Pemex official informs that “Ryuk” was that ransomware targeting the company, but that seems unlikely because Ryuk typically targets firms with annual revenue exceeding $500 million, and Pemex isn’t one of them.
User’s Privacy At Risk With 5G
Researchers at Purdue University and the University of Iowa have recently found several vulnerabilities in 5G which is supposed to be faster and more secure than 4G. If used by hackers, these vulnerabilities can track a person’s real-time location, spoof emergency alerts that can also trigger panic and disconnect the phone from the 5G network. These newfound vulnerabilities are also applicable to the existing 4G networks.
A new tool called 5GReasoner was created by the researchers using which they could identify 11 new flaws in 5G. They found that an attacker can launch many attacks on a 5G user by creating a malicious radio base station. While in some cases, the vulnerability could be exploited to create a “prolonged” denial-of-service condition against a user’s device from the cellular network, in others, it can downgrade a cellular connection to a less-secure standard; this shall enable attackers to launch surveillance attacks on the 5G users via “stingray” equipment.
Any attacker with knowledge of 4G and 5G networks and a low-cost software-defined radio can exploit these vulnerabilities to their benefit. To uphold protection from phishing attacks, the researchers have refused to release their proof-of-concept exploitation code publicly but they have intimated the GSM Association (GSMA) about their findings.
The GSMA has, however, not released any date by when the vulnerabilities can be expected to be fixed. Several of these vulnerabilities can be fixed in the current design, but for the rest, a significant amount of protocol change is required.
Data Breach At Starling
The Connecticut-based healthcare group Starling was the victim of a phishing attack back in February 2019 because of which the details of some of the patients might have been affected. However, it is only now that the physicians at Starling have stepped up to warn its patients of an attack on them induced by the Starling data breach.
The group had taken immediate phishing attack prevention measures and secured the three affected email accounts by hiring a forensic security firm. But around September, they found that the affected email accounts contained the sensitive details of patients, including their names, addresses, dates of birth, passport numbers, Social Security numbers, medical information, and health insurance or billing information.
Starling continues to maintain its secrecy on the exact number of patients affected in the breach, but one of its spokespersons declared that less than .01 percent of active patients were affected in the attack. As per the claims of Starling, they had taken immediate actions to safeguard the interests of their affected customers, even going to the extent of offering free credit monitoring and identity theft protection services to all those patients whose social security numbers got compromised.
They have advised all patients to review their credit card, bank, and other financial statements and report any suspicious activity that they notice.
iPhone Users’ Safety At Risk Due To Facebook Bug
Owner of web design firm 95Visual – Joshua Maddux recently discovered a Facebook bug that uses a person’s iPhone camera as he scrolls through his News Feed. Maddux found this bug while using Facebook on his iPhone one day when the camera in his phone was running in the background while he was scrolling Facebook. He even shared a video on Twitter to prove this.
This bug, however, affects only iOS devices and Android devices seem to be unaffected by it. But there is no record showing where this camera recorded data goes to. It is not certain whether the recording reaches Facebook.
Facebook confirmed that indeed, there exists a bug that was “inadvertently introduced”, and they are working on fixing the same.
To prevent phishing attacks, iPhone users are advised to revoke camera access while using the Facebook app until a patch is released.
This discovery comes at a time when Facebook is making serious efforts to win back the trust of people after the many security scams it has been associated with in the recent past.
Apple Bug Shares Info Unauthorized
Indian iOS developer Tanmay Sonawane recently reported an Apple bug that syncs Keychain credentials of users with their family members if they have Family Sharing enabled. This sync is done without the permission of the user which makes them feel vulnerable. Sonawane went on to elaborate saying that he had all his passwords saved in Apple’s default password manager – Keychain. But his passwords were also available on his brother’s Apple devices making his brother capable of viewing the option in his Autofill drop-down menu on Safari. Sonawane goes on to clarify that though he is on a Family Sharing plan, he has disabled iCloud sharing.
Several other users also have reported this bug claiming that their bank details, cash app passwords, credit card information are accessible across all their devices and even on their family shared plan. And these actions aren’t authorized by them. Surprisingly, these issues aren’t recent. They have been present since last year, which only resonates the inaction of Apple in this regard.
Although it is unlikely that a family member would do something against us, it is advised to leave the Family Sharing account as an anti-phishing measure till the time Apple launches a patch.
Scammers Exploit Firefox Bug
Jérôme Segura of Malwarebytes recently discovered that tech support scammers were exploiting a Firefox bug to user’s browsers when they visit specially crafted websites. Segura further informed that two Firefox bugs presently exist that are being exploited by tech support scammers rampantly.
The scam only requires users to visit fake websites created by the attackers. These fraudulent websites then prompt the user to call “Windows support” at a specified number. A similar bug had been spotted in Chrome two years back, where the attacker could freeze the user’s browser by exploiting the download blob API. Upon revisiting the bug, Segura discovered that it is still unfixed.
The newly discovered bug repeatedly keeps asking users for the same authorization. This bug report of Segura was tagged ‘duplicate’ by the Mozilla developers, and no fix has been released so far. But a patch can be expected in the Firefox 71, which is supposed to be released on December 3, 2019.
To ensure protection against phishing, users are advised to forcefully close Firefox from the Task Manager on Windows or using the Force Quit option on macOS if they happen to reach any fake website.