New research from Carnegie Mellon University reveals that more time spent on pirate sites increases the risk of running into malware.
This effect was only visible for pirate sites, and not for other categories such as banking, gambling, gaming, shopping, social networking, and even adult websites. While the results show an increased threat, it's doubtful that the absolute numbers will impress hardened pirates. Interestingly, one would expect that people who frequently visit pirate sites are more likely to have anti-virus software installed. However, this was not the case.
The latest bad news about smart home devices is that they're easy to hack, according to a team of researchers who did just that to prove these gadgets have serious security issues.
Off-the-shelf home security cameras, baby monitors, doorbells, and thermostats were among the devices hacked by cyber researchers at Ben-Gurion University (BGU) of the Negev in Beer-Sheva, Israel as part of ongoing research into detecting vulnerabilities in smart home technology. Once they broke in, researchers were able to play loud music through a baby monitor, turn on a camera remotely, and more. According to BGU researchers, you can protect yourself from being hacked by only buying from reputable manufacturers and vendors.
The newly discovered malware apps don’t actually contain Android malware—they have Windows malware.
Security researchers discovered more than 150 infected apps carrying the same malicious Windows payload discovered in Android apps last year. The developers were using machines infected by a now-defunct botnet called Ramnit. One feature of Ramnit was the way it burrowed into programming platforms. Apps built on these platforms would end up as a carrier of the infection, and that’s what we see appearing in the Play Store. The 150 apps were mostly low-effort web wrappers and image galleries, and only a handful of developers were represented.
In recent weeks, many Fortnite players have posted on places like Reddit and the Epic Games forums to complain about their accounts getting compromised.
In a statement, Epic said it is aware of Fortnite accounts getting hacked using "well-known hacking techniques." Epic is working with affected players and will presumably offer refunds to players who can show their accounts were compromised. They also recommend never sharing passwords, using anti-virus software, and keeping your PC up to date.
As the hype surrounding March Madness increases, consumers and employers should be prepared for the surge in cyber attacks.
Cyber criminals are prepped for the hype and the excitement building around the NCAA basketball games by infecting emails with malware, creating fake betting websites and increasing phishing attacks. As millions of Americans fill out tournament brackets as part of their office pool, more phishing attacks and financial scams will occur.
Can Android devices get ransomware and how does it get on my phone in the first place?
Android phones have become a popular and lucrative target for hackers as mobile device use continues to grow, and as we continue to store our most important personal information on our phones. Mobile ransomware sneaks onto your phone using social engineering tactics that trick you into downloading malicious content, such as fake apps from third party app stores, infected system or software updates, or even by clicking on a spam link sent by SMS.
Here's our complete guide to Android ransomware to give you all the facts, as well as advise you on how to protect your Android mobile or tablet ➤ https://goo.gl/gVcKPu
The unwanted, pre-installed software (or bloatware) that comes on most smartphones these days is bothersome enough. But it could be worse. Your new phone could have been infected with malware before you even turned it on for the first time.
Security researchers have discovered dozens of low-cost Android phones that were shipping with an extremely dangerous Trojan called Triada. It buries itself deep within the Android operating system's core and operates primarily in memory, which makes it very difficult to detect and remove. It's also highly modular, downloading additional components to perform whatever insidious actions its criminal controllers want it to. That could include stealing data from apps, spying on SMS messages or hijacking web browsing and searches.
VPN Myth 1: Get access to geo-locked games.
A lot of content out there is geo-locked, meaning it is restricted to particular countries or regions. Setting up a VPN lets you decide to which server you’re connecting, no matter where you are. True, but again in rare cases! Most multiplayer games can be played in the US, Europe and most parts of Asia. However, some countries pass restrictions on companies operating in one country, for example the US, from doing business in another country, such as Iran (Blizzard being a popular example). Other governments outright block certain games. This isn’t an issue for most popular games.
See the full list here ➤ https://goo.gl/11Dh1r
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
In this case, users are hit with the password stealer when they download and open the malicious document. When the document opens, a macro inside launches PowerShell, which acts in the background while the victim views the document. Password theft is increasing overall, a sign of attackers shifting their goals and strategies.
Read on ➤ https://goo.gl/ByLy1b via Dark Reading
#DidYouKnow Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing?
Phishing is an attempt to trick someone, usually via email, into clicking on tainted links to download malware or send you to fake websites. There are a number of different types of phishing attacks out there, from spear phishing to 419 scams. Because the objective of phishing emails are so varied, the “look” of each one is pretty different too.
Here are ways to spot a phishing scam ➤ https://goo.gl/fJah2n
Equifax revealed last week that it had identified another 2.4 million U.S. consumers whose names and driver's license information were stolen in a data breach last year that affected half the U.S. population.
The company said it was able confirm the identities of U.S. consumers whose driver's license information was taken by referencing other information in proprietary company records that the attackers did not steal. "Equifax will notify these newly identified U.S. consumers directly, and will offer identity theft protection and credit file monitoring services at no cost to them," the company said.
Security researchers have discovered a nasty new Android malware that's purpose-built for blackmail. It's called RedDrop, and it's a bit nastier than run-of-the-mill ransomware.
RedDrop wants your files, but not the way that most of today's malware does. It's not out to encrypt your files and force you to fork over a payment in order to unlock them. Instead, RedDrop wants to steal all the information it can from your phone... just in case, there's something juicy in there that its creators can use against you.
A new security threat report warns that cyber criminals are increasingly using automated attacks that make use of stolen credentials.
The report shows that more than 40% of login attempts in the quarter were malicious, and that the hospitality industry was the biggest target. “These attacks are taking advantage of the fact that people use the same login credentials across multiple applications, sites and services. Once they are in, they can take over that account and abuse it until the account owners become aware and change their passwords."
Apple is warning customers about a new phishing scam that aims to steal their information by duping them into believing they signed up for a subscription agreement.
The e-mail has the same design and uses the same font as a legitimate Apple e-mail and appears to list all the information you'd see in a legitimate message. It leads you to a page that asks you to input your Apple ID details, credit card information, and other data. If you do, you'll be handing over your information to the hackers.
A new report reveals that 43% of all online login attempts are malicious.
Credential theft is an online epidemic. Login information is stolen regularly and can readily be found for sale on the dark web. While it would be simple to tell website operators to enhance their security, that alone isn't enough when so many passwords are weak and easily compromised. Internet users need to take responsibility for the safety and security of their accounts just as much as site operators do: Use a password manager, auto-generate random passwords, and subscribe to services like Have I Been Pwned to be notified if your credentials have been part of a breach.
Smartphone Security Tip 1: Stay Patched!
You’ve probably heard this before, but you need to actually do it, so we’re going to say it again: Download software updates regularly. Update your apps, update your operating system, and even go for it with those seemingly random “update your carrier settings” notifications. Make sure you check what’s available for your device, and consider buying smartphones that run stock Android (Google's Pixel line, specifically, will always have the latest and greatest) so you can always get Google releases right away.