Page 44 of 44 FirstFirst ... 34363738394041424344
Results 1,076 to 1,081 of 1081
  1. #1076
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    I love the euphemism: "Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store"

    which translates to "Caught the chinky spying bastards at it and watched to make sure they removed the identified apps from their store".



    A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps.

    The trojan is detected by Dr.Web as 'Android.Cynos.7.origin' and is a modified version of the Cynos malware designed to collect sensitive user data.

    The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.


    However, those who installed the apps on their devices will still have to remove them from their Android devices manually.


    Trojan disguised as game apps


    The threat actors hid their malware in Android apps pretending to be simulators, platformers, arcades, RTS strategy, and shooting games for Russian-speaking, Chinese, or international (English) users.

    As they all offered the advertised functionality, users were unlikely to remove them if they enjoyed the game.


    Over nine million Android devices infected by info-stealing trojan

  2. #1077
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    Convicts being a bit nosey ....

    A man who was forced to hand over his phone and passcode to Australian Border Force after returning to Sydney from holiday has labelled the tactic “an absolute gross violation of privacy”, as tech advocates call for transparency and stronger privacy protections for people’s devices as they enter the country.

    Software developer James and his partner returned from a 10-day holiday in Fiji earlier this month and were stopped by border force officials at Sydney airport. They were taken aside, and after emptying their suitcases, an official asked them to write their phone passcodes on a piece of paper, before taking their phones into another room.


    It was half an hour before their phones were returned, and they were allowed to leave. James initially posted about his ordeal
    on Reddit.

    “We weren’t informed why they wanted to look at the phones. We were told nothing,” he told Guardian Australia.
    “Who knows what they’re taking out of it? With your phone and your passcode they have everything, access to your entire email history, saved passwords, banking, Medicare, myGov. There’s just so much scope.”

    James said he has no idea what officials looked at, whether a copy of any of the data was made, where it would be stored and who would have access to it.


    “It’s an absolute gross violation of privacy.”


    Under the Customs Act, ABF officers can force people to hand over their passcodes to allow a phone search, as part of their powers to examine people’s belongings at the border, including documents and photos on mobile phones.


    A spokesperson for ABF did not respond to specific questions about James’ case, nor questions on how often the power is used or where the data is stored.


    The spokesperson said people can be questioned and their phone searched “if they suspect the person may be of interest for immigration, customs, biosecurity, health, law-enforcement or national security reasons”.


    “The ABF exercises these powers in order to protect the Australian community from harm and deliver upon its mission to protect Australia’s border and enable legitimate travel and trade. Information seized from passengers phones has contributed to the success of many domestic law enforcement operations targeting illegal activities,” the spokesperson said.

    “If an individual refuses to comply with a request for an examination of their electronic device, they may be referred for further law enforcement action.”

    Within Australia’s borders, there are more hurdles for law enforcement to access devices,
    including needing a warrant before people can be compelled to unlock their phones.


    In 2016,
    Nine newspapers reported a man sued ABF after text messages were sent and then deleted from his phone by an official while they had possession of his phone at the border in 2014.


    A
    freedom of information request in 2016 revealed the department had apologised to the man in 2015, and had determined the counter-terrorism unit officer breached ABF’s code of conduct.


    Electronic Frontiers Australia chair Justin Warren said it is impossible to determine how common such searches of phones are because the department doesn’t release any data on it – unlike data on warrants obtained under other domestic surveillance laws.


    “There is no transparency, and the authorities prefer it that way. Anecdotally, it seems to happen quite a lot,” Warren said, adding it showed the need for stronger privacy rights in Australia.


    “This is just another example of how few rights Australians actually have. We need a Bill of Rights in Australia to prevent abuses like this, and real consequences for abuse when it happens.”


    Samantha Floreani, program lead at Digital Rights Watch, agreed.


    “This is a prime example of the kind of privacy violations that can occur when you don’t have fundamental human rights,” she said. “A federal charter of human rights is long overdue in Australia.


    “It is completely unreasonable that people should be subject to such an invasion of privacy without so much as an explanation.”

    Warren advised people flying into Australia not to have anything on their device that they don’t want authorities accessing, and to ensure their device is encrypted with a strong passcode.

    “Once they take your device out of your sight, you should assume it’s completely compromised and they have a copy of everything that was on it, and act accordingly,” he said.


    Warren stressed that people in such a situation should also seek legal advice.


    James said the incident made him rethink what he would do next time he travels out of Australia.


    “I think what I’ll just do next time is as we fly into Sydney, I’ll just press the factory reset button on the phone and when they pull me up again, I’ll be handing them a fresh clean factory reset.”

    Returning travellers made to hand over phones and passcodes to Australian Border Force | Privacy | The Guardian

  3. #1078
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    If you own one of these pitiful devices, best to get on this straight away.

    Apple has announced the discovery of a serious security vulnerability for iPhones, iPads and Macs which could potentially allow attackers to take complete control of a victim's devices.

    Fortunately the announcement came as Apple released a security update that would prevent the attack from taking place.

    To install this security update, you can go to the Settings App, then General, then Software Updates.
    The latest version of iOS and iPadOS is 15.6.1, while macOS is on 12.5.1.

    According to Apple the vulnerability could have been exploited by "processing web content", meaning accessing a web page which contained malicious code.

    Any attackers that knew about the vulnerability - and how to exploit it - could, by directing a victim to such a web page, be able to execute any code they wanted on the victim's device.

    Usually devices restrict the kinds of code that can be run on them to users with particular levels of privileges - but this vulnerability allowed the code to be executed with kernel privilege.

    What is the new serious Apple vulnerability and how do you protect yourself from it? | Science & Tech News | Sky News

  4. #1079
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    If you're using Chrome, and are stupid enough not have updates turned on, then check for updates - and turn on automatic updates.

    Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin

  5. #1080
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    Netgear warns users to patch recently fixed WiFi router bug
    Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the latest available firmware as soon as possible.
    The flaw impacts multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC router models.
    Although Netgear did not disclose any information about the component affected by this bug or its impact, it did say that it is a pre-authentication buffer overflow vulnerability.
    The impact of a successful bufferoverflow exploitation can range from crashes following denial of service to arbitrary code execution, if code execution is achieved during the attack.
    Attackers can exploit this flaw in low-complexity attacks without requiring permissions or user interaction.
    In a security advisory published on Wednesday, Netgear said it "strongly recommends that you download the latest firmware as soon as possible."
    The list of vulnerable routers and the patched firmware versions can be found in the table below.


    Vulnerable Netgear router Patched firmware version
    RAX40 Firmware version 1.0.2.60
    RAX35 Firmware version 1.0.2.60
    R6400v2 Firmware version 1.0.4.122
    R6700v3 Firmware version 1.0.4.122
    R6900P Firmware version 1.3.3.152
    R7000P Firmware version 1.3.3.152
    R7000P Firmware version 1.0.11.136
    R7960P Firmware version 1.4.4.94
    R8000P Firmware version 1.4.4.94



    https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/
    The next post may be brought to you by my little bitch Spamdreth

  6. #1081
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552

    NSA shares guidance on how to secure your home network

    The U.S. National Security Agency (NSA) has issued guidance to help remote workers secure their home networks and defend their devices from attacks.

    The guide published by the Defense Department's intelligence agency on Wednesday includes a long list of recommendations, including a short list of highlights urging teleworkers to ensure their devices and software are up to date.

    Remote workers are also advised to back up their data regularly to prevent data loss and to disconnect equipment they're not using if it doesn't require an active Internet connection at all times.


    To remove non-persistent malware if one of your devices gets infected, you should also reboot them frequently or schedule a restart to further minimize this risk.


    "At a minimum, you should schedule weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security," the NSA said.


    Other best practices include using a non-privileged user account on your computer, enabling automatic updates whenever possible, and covering webcams and disabling microphones when not using them to block eavesdropping attempts via compromised devices or malware.


    *** The Security News Thread  ***-untitled-jpg


    Use your own router and keep it updated

    The NSA also recommends using a personal router that should be kept up-to-date over the standard ISP-provided modem or router, which might not receive regular security updates.

    "Your router is the gateway into your home network. Without proper security and patching, it is more likely to be compromised, which can lead to the compromise of other devices on the network as well," the NSA said.


    "To minimize vulnerabilities and improve security, the routing devices on your home network should be updated to the latest patches, preferably through automatic updates."


    Routers should also be replaced as soon as or before they reach their end-of-life date to ensure they keep receiving security patches to address recently discovered vulnerabilities that attackers could exploit in network breach attempts.

    Previously, the NSA also provided tips on securing wireless devices, voice or video communications, and IPsec Virtual Private Networks, as well as reducing location tracking risks.

    "In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information. We can minimize this risk by securing our devices and networks, and through safe online behavior," NSA Cybersecurity Technical Director Neal Ziring said today.

    https://www.bleepingcomputer.com/new...-home-network/

Page 44 of 44 FirstFirst ... 34363738394041424344

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •