Google has recently pulled 36 fake security apps from Google Play, after they’ve been flagged by Trend Micro researchers.
Posing as legitimate security solutions, and occasionally misusing the name of well-known AV vendors like Avast, the apps seemed to be doing the job: they showed security notifications and other messages, warned users about malicious apps, and seemingly provided ways to fix security issues and vulnerabilities.
But, it was all an act: the notifications are bogus, and the apps used simple animations to trick users into believing the discovered issues were resolved.
The apps’ real goals was to bombard users with ads and entice them to click on them, as well as covertly collect information about the user, the device, the OS, the installed apps, and track the user’s location, and upload all this information to a remote server.
Source: 36 fake security apps removed from Google Play – Help Net Security
Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.
An attacker could easily compromise an entire enterprise fleet using a vulnerability like this. Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.
If you use a Symantec or Norton product, now would be a good time to update.
Source: High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica
Is the IRS Investigating You?
Lately I’ve been receiving a lot of phone calls warning me that the IRS is filing a lawsuit against me.
This would be scary, except that I know it isn’t true.
Fake IRS calls are a type of fraud that has become more common in the past few years. Fraudsters claim to be IRS agents, police officers, and other officials. They say that you owe back taxes and that if you do not pay immediately you will be subject to jail time, loss of your driver’s license, or other penalties.
Continue reading: For Better – Or What?: Is the IRS Investigating You?
Two-factor authentication is an extra layer of security for your Apple ID designed to ensure that you’re the only person who can access your account, even if someone knows your password.
With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on your trusted devices. By entering the code, you’re verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you’ll be prompted to enter your password and the verification code that’s automatically displayed on your iPhone.
Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.
Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.
Source: Two-factor authentication for Apple ID – Apple Support
People love to use the same password over and over again, or they invent some amazing scheme like the same single word followed by their birth year, or replacing a’s with 4’s. And no matter how many password database get hacked the idea that password security matters doesn’t seem to really sink in.
When I do get someone to listen I tell them to use diceware generated passwords and them write them down in a little book and guard the book jealously (actually, I tell them to use a password manager but most people seem to balk at using software I think for fear of losing their passwords).
But then they often ask the sensible question: “What if someone steals that book?” And so I suggest a ‘two factor’ solution.
Continue reading: Two factor paper passwords | John Graham-Cumming
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.
FBI offers tips to protect yourself and your organization from this growing threat.
Source: FBI — Incidents of Ransomware on the Rise
A man is held in prison for seven months after failing to decrypt two hard drives that investigators suspect contain indecent images of children.
A court order says the man will remain jailed “until such time that he fully complies” with an order to unlock the password-protected devices.
The US man, who has not been charged with possessing illegal images, is appealing against his detention.
Source: Man jailed for failing to decrypt hard drives – BBC News
At some point in your life, you will likely have assets and investments that you need to make arrangements for in the event of your passing. You may also have children, spouses or other loved ones who need to be looked after if something happens to you. And at some point, you may need to care for a spouse or close family member, or put their affairs in order after they pass on.
Nothing can spare us the heartache of these life events, but you can prevent unnecessary difficulties and stress by planning ahead. When preparing a will, many of us focus on our monetary and physical assets. But what about social media accounts? Or email addresses? Or the myriad of online accounts we use to manage our lives, every day?
Making a “digital will” that includes passwords and other important digital details will go a long way in helping those who need to settle your affairs, or in helping you if you need to settle the affairs of others.
Source: Preparing a Digital Will for Your Passwords | The LastPass Blog
By Ben Gruber San Francisco, CA (Reuters) – Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other’s computers. It turns out its pretty far – 180 meters – the length of a city block in San Francisco. The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack. Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers. “They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer.
Source: Wireless mice leave billions at risk of computer hack: cyber security firm
ESET researchers have discovered a new, ingenious, yet very simple Facebook phishing scheme: playable Android games that, before they are started, ask users to enter their Facebook credentials.
The researchers found two such games on Google Play. Cowboy Adventure, which has been downloaded and installed by half a million to a million Android users, and the less popular Jump Chess (1,000 – 5,000 installs). Both apps were offered for free.
Source: Popular Android games unmasked as phishing tools