 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Abo-Malware: Googles und Apples Stores von teuren ChatGPT-Fakes geflutet
Sophos warnt vor ChatGPT-Nachahmer-Apps in Apples und Googles App-Stores, die arglose Nutzer mit verschleierten Gebühren abzocken.
|
|
Scooped by
Gust MEES
|
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.
The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.
Digital passports
Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus
|
|
Scooped by
Gust MEES
|
Clubhouse CEO Paul Davison said Sunday that a report claiming personal user data had been leaked was “false.” Cyber News reported a SQL database with users’ IDs, names, usernames, Twitter and Instagram handles and follower counts were posted to an online hacker forum. According to Cyber News, it did not appear that sensitive user information such as credit card numbers were among the leaked info.
Clubhouse did not immediately reply to a request for more information from The Verge on Sunday. But Davison said in response to a question during a town hall that the platform had not suffered a data breach. “No, This is misleading and false, it is a clickbait article, we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’” Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Clubhouse https://www.scoop.it/topic/social-media-and-its-influence https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives: Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).
False negatives: This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth https://www.scoop.it/topic/securite-pc-et-internet/?&tag=SweynTooth https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Contact+tracing
|
|
Scooped by
Gust MEES
|
Over the past six months, a new Android malware strain has made a name for itself after popping up on the radar of several antivirus companies, and annoying users thanks to a self-reinstall mechanism that has made it near impossible to remove.
Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec).
The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month. Most of these infections have been spotted in India, the US, and Russia.
INSTALLED VIA THIRD-PARTY APPS
According to Malwarebytes, the source of these infections is "web redirects" that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Die 100 beliebtesten Fintech-Apps weisen allesamt Schwachstellen auf. Die älteste, nicht abgedichtete Sicherheitslücke stammt aus dem Jahr 2012. Außerdem sind 64 Prozent der getesteten Apps nicht DSGVO-konform.
Lediglich 36 Prozent der getesteten Anwendungen sind mit ihrer Hauptseite DSGVO-Konform
(Quelle: ImmuniWeb )Die 100 beliebtesten und erfolgreichsten Fintech-Anwendungen weisen ausnahmslos alle Sicherheitslücken auf. Das ergab nun eine Studie von ImmuniWeb.
Eines der Kernergebnisse ist, dass acht Hauptwebseiten und 64 Subdomains der überprüften Anwendungen mindestens eine Schwachstelle mit mittlerem oder sogar hohem Risiko aufweisen. Außerdem fanden die Experten in vergessenen Web Apps, APIs und Subdomains in den Bereichen Sicherheit und Datenschutz weitere Fehler. Betroffen sind hierbei ausnahmslos alle getesteten Apps. Besonders prekär ist, dass diese Lücken alle öffentlich gemeldet wurden und entsprechend auch potenziellen Angreifern bekannt sein dürften. Nur die beiden Hauptwebseiten von Brex Inc und N26 GmbH beinhalten laut der Studie keine Schwachstellen für SSL-Verschlüsselungen. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up adverts, cybersecurity researchers warned Wednesday.
Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google's operating system a priority, Israeli security company Check Point said.
Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google's operating system in recent memory. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ http://www.scoop.it/t/securite-pc-et-internet/?&tag=WhatsApp...
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Sicherheitsexperten haben zwei groß angelegte Malware-Kampagnen im Google Play Store entdeckt. Die schadhaften Anwendungen wurden insgesamt rund 250 Millionen Mal heruntergeladen.
Die Sicherheitsexperten von Check Point haben im Google Play Store zwei große Malware-Kampagnen entdeckt. Insgesamt sind davon 222 Apps betroffen, die weltweit rund 250 Millionen Mal heruntergeladen wurden.
Der erste Schädling wurde mithilfe von 206 verseuchten Apps verteilt und 147 Millionen Mal heruntergeladen. Die meisten der Betroffenen Anwendungen sind sogenannte Simulatorspiele. Die Malware war in der Lage, auch nach Beenden der eigentlichen App Werbung auf den Geräten auszuspielen. Diese erschienen etwa dann, wenn der Nutzer sein Smartphone entsperrt hat.$
Neben der ungefragt angezeigten Produktbewerbung öffnete sich zudem permanent der Google Play Store oder der 9App Store. Damit sollten die Nutzer dazu verleitet werden, eine weitere App herunterzuladen. Außerdem habe sich immer wieder der Browser mit Links der Malware-Urheber geöffnet. Im Hintergrund lud der Schadcode mehrere APK-Dateien herunter und forderte dann den Nutzer dazu auf, dies auch zu installieren. Damit die Malware nicht so einfach entfernt werden konnte, wurde dessen Icon vor den Android-Launchern verborgen.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
Eine Sicherheitslücke in WhatsApp ermöglicht es, ein Smartphone mit einem einzigen Video-Call zu kapern. Potentiell betroffen sind Milliarden WhatsApp-Nutzer.
Mit einem einzigen Videoanruf könnte ein Angreifer eine Sicherheitslücke ausnutzen, die im Code des Messengers WhatsApp schlummerte. Googles Project Zero, ein Team von Elite-Hackern hat diesen Fehler entdeckt und jetzt veröffentlicht – eine Woche nachdem WhatsApp eine fehlerbereinigte iOS-Version bereit gestellt hatte. Das fällige Android-Update gibt es bereits seit 28. September.
Der Fehler steckt in der Speicherverwaltung des Video-Conferencings. Ein speziell präpariertes RTP-Paket kann die so durcheinanderbringen, dass der Absender eigenen Code einschleusen und damit das Smartphone kapern kann. Natali Silvanovich vom Project Zero hat den Fehler entdeckt und dokumentiert ihn mit einem Beispiel-Exploit, der WhatsApp kontrolliert zum Absturz bringen kann. Das ist die gängige Methode, Fehler der allerobersten Kategorie zu demonstrieren. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=WhatsApp..
|
|
Scooped by
Gust MEES
|
Android Google Playstore Trickbetrüger versuchen mit gefälschten Installationszahlen unwissende Smartphone User dazu zu animieren, fragwürdige Apps zu installieren. Wir zeigen, wie man den Schwindel aufdeckt. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
Google says that it is getting better than ever at protecting Android users against bad apps and malicious developers.
In fact, in a recent post on the Android Developers blog, the company boasts that it removed a record number of malicious apps from the official Google Play store during 2017.
How many apps did Google remove from its app marketplace after finding they violated Google Play store policies? More than 700,000. That’s an impressive 2000 or so every day, and 70% more than the number of apps removed in 2016.
Furthermore, Google says it is getting better at proactively protecting Android users from the growing menace of mobile malware:
“Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them. This was possible through significant improvements in our ability to detect abuse – such as impersonation, inappropriate content, or malware – through new machine learning models and techniques.”
Furthermore, Google claims it banned more than 100,000 developer accounts controlled by “bad actors” who had attempted to create new accounts and publish yet more malicious apps. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Mit Selfie-Apps lassen sich die Größe von Mund, Nase oder Augen verändern und Make-up auftragen. Doch die Apps erheben teilweise nicht nur biometrische Daten, sondern verkaufen sie auch an Dritte, wie das Verbraucherschutzportal Mobilsicher.de herausgefunden hat.
Das Portal hat die sechs beliebtesten Selfie-Bearbeitungs-Apps aus Googles Play Store auf Datenschutzprobleme hin überprüft. Zusammen wurden die Apps bisher über 500 Millionen Mal heruntergeladen.
Insbesondere die Datenschutzerklärung der App Perfect365 hat es demnach in sich. Laut Mobilsicher.de gibt der Anbieter dort an, dass in den vergangenen zwölf Monaten umfangreiche Datensätze über die Nutzer an Dritte verkauft wurden. Enthalten waren demnach die vollen Namen, biometrische Daten, Standortdaten sowie alle weiteren Angaben, die in der App gemacht wurden. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
|
The malicious app spreads the BlackRock malware, which steals credentials from 458 services – including Twitter, WhatsApp, Facebook and Amazon.
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.
Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. However, as of now the app is only available on Apple’s App Store mobile application marketplace – there’s no Android version yet (though plans are in the works to develop one).
Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app. To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website – which “looks like the real deal,” said Lukas Stefanko, researcher with ESET. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Cybercriminals are trying every trick up their sleeve to benefit from the Coronavirus pandemic and the subsequent chaos that it has generated. The latest trap that they have laid to trick users is by releasing malicious spying apps disguised as COVID-19 updates and information applications.
Trend Micro’s cybersecurity researchers discovered an ongoing cyberespionage campaign at the end of March, 2020, which they named Project Spy. According to their assessment, through Project Spy, the attackers are infecting Android and iOS devices with spyware distributed through apps titled Coronavirus Updates, Wabi Music, Concipit 1248 and Concipit Shop.
See: Over half a million Zoom accounts being sold on hacker forum
These apps can perform a variety of functions including transferring data from Telegram, WhatsApp, Threema, and Facebook messages. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.
The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.
WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.
The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.
While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ http://www.scoop.it/t/securite-pc-et-internet/?&tag=WhatsApp...
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Whatsapp ist mit mehr als 1,5 Milliarden Nutzern einer der populärsten Messenger auf der Welt. Das macht die App zur Zielscheibe für Cyberkriminelle. Nun warnen Sicherheitsforscher der israelischen Firma Check Point vor einer neuen Android-Schadsoftware namens "Agent Smith", die sich in rasender Geschwindigkeit verbreitet.
Whatsapp wird durch Fake ersetzt
Den Experten zufolge tarnt sich die Schadsoftware häufig als harmlose App oder als kostenloses Spiel. Sobald sie heruntergeladen wurde, durchsucht sie das Gerät nach populären Apps wie Whatsapp oder MXPlayer und ersetzt diese heimlich durch Fake-Versionen. Dazu werden mehrere bereits bekannte Android-Schwachstellen ausgenutzt. In den manipulierten Apps bekommen die Nutzer dann betrügerische Anzeigen zu sehen.
Check Point zufolge ist der Virus auch in der Lage, die Nutzer zu belauschen und sich Zugriff auf deren Bankdaten zu verschaffen. Da die Software auf dem Gerät versteckt sei und sich als vertraute App tarnt, biete sie "unendlich viele Möglichkeiten", das Gerät des Nutzers zu beschädigen. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ http://www.scoop.it/t/securite-pc-et-internet/?&tag=WhatsApp...
|
|
Scooped by
Gust MEES
|
Three quarters of mobile applications have vulnerabilities relating to insecure data storage, leaving both Android and Apple iOS users open to cyber attacks which could allow hackers to steal sensitive information.
Insecure data storage is just one of a number of vulnerabilities which a security company's researchers said they have found after conducting security assessments of a number of mobile applications for both iPhones and and Google Android devices.
The findings have been outlined in the Vulnerabilities and Threats in Mobile Applications 2019 report from Positive Technologies.
Insecure data storage is by far the most common vulnerability identified in the tested applications, with 76 percent of those examined found to demonstrate this as a security risk, potentially putting the privacy and security of users at risk.
Just over a third of applications (35 percent) have been found to exhibit vulnerabilities relating to insecure transmission of sensitive data, while researchers found that the same percentage demonstrated issues around incorrect implementation of session expiration. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/ https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
A New York Times investigation has found that apps such as GasBuddy and The Weather Channel are among at least 75 companies getting purportedly “anonymous” but pinpoint-precise location data from about 200 million smartphones across the US.
They’re often sharing it or selling it to advertisers, retailers or even hedge funds that are seeking valuable insights into consumer behavior. One example: Tell All Digital, a Long Island advertising firm, buys location data, then uses it to run ad campaigns for personal injury lawyers that it markets to people who wind up in emergency rooms.
The Times reviewed a database holding location data gathered in 2017 and held by one company, finding that it held “startling detail” about people’s travels, accurate to within a few yards and in some cases updated more than 14,000 times a day. Several of the businesses whose practices were analyzed by the Times claim to track up to 200 million mobile devices in the US.
The data being sold is supposedly anonymous, as in, not tied to a phone number. The Times could still easily figure out who mobile device owners were through their daily routines, including where they live, where they work, or what businesses they frequent. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/ https://www.scoop.it/t/securite-pc-et-internet/?&tag=tracking https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy https://www.scoop.it/t/securite-pc-et-internet/?&tag=Big+Data
|
|
Scooped by
Gust MEES
|
Forscher der Sicherheitsfirma Appthority haben 2,7 Millionen Apps für Android und iOS untersucht, berichtet The Hacker News. Bei mehr als 3.000 Anwendungen stellten die Experten fest, dass die verwendeten Firebase-Datenbanken nicht geschützt waren. Über 80 Prozent der Apps gibt es für die Android-Plattform. Die Forscher spürten Tausende von Datenbanken mit mehr als 100 Millionen Datensätzen auf, darunter viele geheime Informationen wie Kennwörter, Standorte und sogar Gesundheitsdaten. COMPUTER BILD fasst die Fakten für Sie zusammen. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Apps
|
|
Scooped by
Gust MEES
|
Millions of apps leak personal identifiable information such as name, age, income and possibly even phone numbers and email addresses. At fault are app developers who do not protect ad-targeting data transmitted to third-party advertisers. “The scale of what we first thought was just specific cases of careless application design is overwhelming,” said Roman Unuchek, security researcher, Kaspersky Lab, who introduced his research here at the RSA Conference on Tuesday. “Millions of applications include third party SDKs, exposing private data that can be easily intercepted and modified – leading to malware infections, blackmail and other highly effective attack vectors on your devices.” Data sent unencrypted over HTTP can be collected by cybercriminals that share the same Wi-Fi network, or by an ISP or even by malware installed on a target’s home router, researchers said. Not only can unprotected data be collected, but it can also be intercepted by a cybercriminal who can modify it to show malicious ads, enticing users to download a trojan application, which turn out to be malware, according to Unuchek. Learn more / En savoir plus / Mehr erfahren: https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/
|
Abo-Malware: Googles und Apples Stores von teuren ChatGPT-Fakes geflutet
Sophos warnt vor ChatGPT-Nachahmer-Apps in Apples und Googles App-Stores, die arglose Nutzer mit verschleierten Gebühren abzocken.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=ChatGPT
https://www.scoop.it/t/21st-century-innovative-technologies-and-developments/?&tag=AI
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=Ethics