Tag Archives: Internet security

Facebook, Messenger, WhatsApp + Instagram Are DOWN!

Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Find out why they all went down at the same time, and for so long!

 

Facebook, Messenger, WhatsApp, Instagram + More DOWN!

The entire slew of messaging and social media platforms owned by Facebook was inaccessible for about six hours, including :

  • Facebook
  • Facebook Messenger
  • WhatsApp
  • Instagram
  • Oculus
  • Workplace

The failure also extended to Facebook authentication, which you may be using to log into third-party apps and games, with Pokemon Go and Match Master gamers have reported problems logging in.

This left Twitter as the only major social media network still up and running, which is ironic since it became the only way for Facebook to reach out to the world…

This massive outage couldn’t come at a worse time for Facebook, whose stock slumped about 5.5% after former employee and whistleblower, Frances Haugen, leaked internal documents to the Wall Street Journal.

She also accused her former firm of repeatedly and knowingly allowing the proliferation of hate speech and misinformation for profit. Really tough times for Team Zuckerberg indeed…

Even Edward Snowden chimed in, saying that the world has become a healthier place for one shining day…

 

Why Did Facebook, Messenger, WhatsApp, Instagram, etc. Go DOWN?

This massive, unprecedented GLOBAL outage appears to be caused by a DNS (Domain Name Server) failure.

The DNS service “translates” the plaintext link we use (www.facebook.com for example) into its actual numerical IP address (123.123.123.123 for example), allowing your app or browser to connect to the right server.

Without a working DNS service, no one is able to connect to any Facebook-owned service because the Internet no longer knows how to locate the right server.

CloudFlare senior vice-president Dane Knecht shared that the Facebook BGP (Border Gateway Protocol) routes have been “withdrawn from the Internet”, causing failure to connect through CloudFlare’s DNS service.

This was likely due to a configuration error on Facebook’s side, but coming one day after the story broke on Frances Haugen? It would be folly to rule out internal sabotage or a rush to remove some controversial features before she testified to the US Congress.

The conspiracy theory that it was a DDOS (Distributed Denial-of-Service) attack by Anonymous or some vigilante group is really farfetched. It would require an incredible amount of resources and coordination to not only bring down Facebook, but all the other services as well… at the same time!

Read more : Did 13 Year Old Sun Jisu Hack Facebook, WhatsApp, Instagram?

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, later confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

While he blamed “the underlying cause” for impacting their ability. to “quickly diagnose and resolve the problem”, it is notable that it took Facebook engineering teams more than 6 hours to resolve a DNS failure.

It is now believed that the changes were made to Facebook’s Border Gateway Protocol, a mechanism that exchanges routing information to help figure out the fastest route for any request.

Apparently, the changes “withdrew” Facebook services from the DNS system, making it impossible for anyone to connect to them.

Even worse, Facebook ran their own systems through the same servers, so everything from engineering tool, messaging services and even security systems that controlled the key fob locks were no longer accessible.

So their engineering team had to rush to their data centres to manually reset the servers there.

Needless to say, this will be a big wake-up call for their engineering teams, and in the words of Russell Peters – “Somebody’s gonna get a hurt real bad!

It is also a big wake-up call for everyone using Facebook services. This massive outage is a reminder that we should NOT put all our eggs in one basket.

I believe it will at least temporarily spur the adoption of alternative messaging services like Telegram and Signal. Even Twitter should see a nice boost in Tweets and maybe new users.

Now, I’m not into conspiracy theories… but what are the odds of this failure happening just one day after Frances Haugen came out publicly against Facebook, and a day before she was set to testify before the US Congress?

Could these “configuration changes” be designed to remove some controversial features before Haugen’s testimony to the US Congress?

Could Facebook’s own engineering team have accidentally triggered the failure in their rush to remove those controversial features before she testified?

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Jaya Grocer 20th Anniversary Scam Alert!

Please watch out for the Jaya Grocer 20th Anniversary survey scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Jaya Grocer 20th Anniversary Survey Scam Alert!

People are now sharing these Jaya Grocer 20th Anniversary messages on WhatsApp :

Jaya Grocer 20th Anniversary!

Click to enter to participate in the survey, have a chance to win $1000!

Jaya Grocer 20th Anniversary!

Through the questionnaire, you will have a chance to get 2000 Ringgit .

 

Jaya Grocer 20th Anniversary Survey : Why This Is A Scam

Unfortunately, this is yet another survey scam, like the FamilyMart 70th Anniversary scam!

For one thing – Jaya Grocer was established in 2007, with its first outlet in Jaya 33 in Petaling Jaya 2007.

So they would only be celebrating their 20th anniversary in 2027!

Jaya Grocer also confirmed that this survey is a scam.

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Jaya Grocer will have a PR or marketing person who will vet the text before allowing it to be posted.

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Jaya Grocer isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Jaya Grocer campaign would use their real domain – www.jayagrocer.com.

Or they would run it off the official Jaya Grocer page on Facebook – www.facebook.com/jayagrocer/.

If you see nonsensical domains like uglyarticle.club, ldxqw.bar, etc. that’s a sign of a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

That is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityBusiness | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : COVID-19 Relief Fund By Federal Government!

Please watch out for the COVID-19 Relief Fund by Federal Government scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Scam Alert : COVID-19 Relief Fund By Federal Government!

People are now sharing this COVID-19 RELIEF FUND message on WhatsApp :

Apply For The Covid-19 Relief Fund Provided By The Federal Government. Hurry Up, It takes few seconds to apply. Dont [sic] miss this opportunity.

Apply Here

Note : I added the Scam Alert overlay to prevent it from being further abused.

 

COVID-19 Relief Fund : Why This Is A Scam

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones. Unfortunately, scammers are counting on our desperation to prey on us.

I will now show you why this COVID-19 Relief Fund message is just another scam. Please warn your family and friends!

Fact #1 : No Global Relief Fund By Any Federal Government

When a scam tells you that “the federal government” is giving away money, you should always ask yourself – WHICH federal government???

No government in the world is giving away money to anyone across the world. Not even the three richest economies in the world – US, China and the EU – have a COVID-19 relief fund to give money away like that.

Fact #2 : The Three Questions Are A Red Herring

Most of these scams employ simple but useless questions to trick you into thinking that this is genuine. Look at the three questions this scam is asking :

  • What’s your age range?
  • How much money do you want to receive?
  • What’s your employment status?

In a real government relief programme, your eligibility status will be based on some official document – your identity card, driver’s licence, passport, etc.

No one is going to give you money simply because you answer a few questions. And NO ONE is ever going to ask you how much you want to receive!

Fact #3 : No Government Will Ask You To Invite Friends / Groups

A real government relief programme will NEVER ask you to invite friends and groups on WhatsApp, much less insist that you invite 15 friends or 5 groups before they give you money.

That’s a dead giveaway that this is a scam, and the scammers want you to help them scam other people. So NEVER invite your friends to join the scam.

Fact #4 : SNF Global Relief Initiative Is Not By Any Federal Government

To make the scam look legit, the scammers used the SNF Global Relief Initiative for the COVID-19 Pandemic graphics.

That initiative is not by any government, but by the Stavros Niarchos Foundation (SNF).

And just in case you are wondering, no, the SNF does not give away money to individuals. They only make grants to non-profit organisations and collaborative funds.

Fact #5 : The Domain Is New + Protected

If you check the domain “relief-fund.live“, you will see that it was only created on 24 March 2021.

Even more suspiciously, all contact and ownership details have been REDACTED FOR PRIVACY. That’s often a sign that the owners are worried about being sued or prosecuted.

Name: relief-fund.live
Registry Domain ID: ac787c4c5c19460696fa1bf46d133faa-DONUTS

Nameservers:
dns1.registrar-servers.com
dns2.registrar-servers.com

Registry Expiration: 2022-03-24 11:41:35 UTC
Updated: 2021-03-29 11:42:31 UTC
Created: 2021-03-24 11:41:35 UTC

Name: REDACTED FOR PRIVACY
Organization: Privacy service provided by Withheld for Privacy ehf
Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tel: REDACTED FOR PRIVACY
Fax: REDACTED FOR PRIVACY
Mailing Address: REDACTED FOR PRIVACY Capital Region REDACTED FOR PRIVACY IS

Fact #6 : The Comments Are Completely Faked

You may notice a bunch of comments at the bottom of the scam website. They are only there to trick you into thinking that other people received the money.

Try refreshing them. They will never change, unlike a real live comment stream. The time codes will not change either.

Try clicking on the Like option. Nothing will happen. Your Like will not register.

That’s because this is a fake comment stream. It’s all hardcoded and fixed.

Now that you know that this is just another scam, please warn your family and friends.

And please remember – no one gives away money like that. Don’t fall for these scams!

 

Help Support My Work!

If you would like to support my work, you can do so via bank transfer /  PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! 

 

Recommended Reading

Go Back To > Fact Checks | Tech ARP

 

Support Tech ARP!

If you like our work, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Thank you!

Was US Soldier Caught Spreading COVID-19 In Wuhan?

Was a US soldier caught spreading COVID-19 in Wuhan by smearing his saliva in a train?

Take a look at the viral video, and find out what the FACTS really are!

 

Was US Soldier Caught Spreading COVID-19 In Wuhan?

A video of an American soldier smearing his saliva on a train pole is circulating on social media, accompanied by this message :

Just to share this clip and its comments from China:

The surveillance cameras in Wuhan have a road map of the US soldiers and a video record of the time.

The American soldier had put on a mask during the military games. Began to spread the epidemic virus by subway. 

If you look at the movement of that hand carefully, from the mouth to the armrest, you will know the evil and evil heart of Americans.

Poor Wuhan citizens are infected with the ruthless epidemic virus. 

The viral message implies that the Chinese have determined that Patient Zero is an American soldier who attended the 2019 Military World Games that was held in Wuhan, China from 18 to 27 October 2019.

It also implies that the Americans brought COVID-19 to Wuhan, and used one of their soldiers to spread it to the Chinese. And the video is the evidence.

Even the Chinese Foreign Ministry’s spokesperson Zhao Lijian pushed the same fake claim, saying, “When did patient zero begin in the US? It might be the US army who brought the epidemic to Wuhan!

Well, all that is HOGWASH. Let us show you why…

 

US Soldier Spreading COVID-19 In Wuhan Hoax Debunked!

The truth is the video was recorded on 9 March 2020 in a Belgian subway, not October 2019 in Wuhan.

The man in the video was not a US soldier, but an intoxicated Belgian who licked his finger and rubbed it on the subway pole.

He was later arrested for doing that, and the train removed and disinfected.

This is just another piece of Chinese propaganda trying to shift the blame for the COVID-19 pandemic to the United States.

Please be wary of such fake news. China has been actively creating and sharing these fake videos and stories on social media.

Share this with your family and friends, so they won’t get fooled!

 

Why Is China Pushing This Fake US Soldier COVID-19 Story?

With China’s aggressive foreign policy moves in recent years, it is not uncommon to see fake pro-China, anti-America stories being created and shared.

Many believe it’s part of a concerted attempt to burnish China’s image overseas, and drown out negative coverage of China’s controversial Belt and Road Initiative, and their aggressive moves in the South China Sea..

China has also been blamed for not handling the initial COVID-19 epidemic better, and unfairly – for being the origin of this new virus.

Hence, they have been trying their best to deflect blame by casting aspersions unto others, using aggressive Wolf Warrior diplomacy tactics, propaganda outlets like GlobalTimes and CTGN, and their 50 Cent Army.

 

Help Support My Work!

If you would like to support my work, you can do so via bank transfer /  PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! 

 

Recommended Reading

Go Back To > Fact CheckHealth | Tech ARP

 

Support Tech ARP!

If you like our work, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Thank you!

Facebook Rolls Out Click To WhatsApp Ads!

You may not have noticed this, but Facebook has started rolling out Click to WhatsApp ads!

Find out what this means for business and customers on Facebook, Instagram and WhatsApp!

 

Facebook Rolls Out Click To WhatsApp Ads!

WhatsApp founders may have promised not to monetise their platform by selling ads, but that was nine years ago, and before they sold out to Facebook in 2014.

At that time, Jan Koum promised that WhatsApp wouldn’t collect and share data of its users. That changed in 2016 and 2021.

So it seems inevitable that Facebook will eventually introduce ads in WhatsApp. They even accidentally let it slip (see below).

But for now, you can rest easy. They are only introducing Click to WhatsApp ads on Facebook and Instagram at the moment…

Originally kicking off in 2017, Facebook has started pushing Click to WhatsApp ads in Asia. Page owners may be surprised by reminders to connect their pages to WhatsApp.

Ignoring this reminder will invite the warning that you cannot run WhatsApp ads, or add a WhatsApp button to your Page.

We are not sure if that’s a Freudian slip, but Facebook actually mentioned WhatsApp ads. LOL!

 

Click To WhatsApp Ads : What Are They?

These are regular Facebook and Instagram ads, with the additional Send Message button.

Clicking on that button will open a conversation thread in WhatsApp with the Facebook / Instagram business owners (using the WhatsApp Business app).

This allows you to interact directly with the business, like you would using Facebook Messenger.

This makes it easier for businesses to reach the 1.5 billion WhatsApp users around the world, who will like how much easier it is to directly message them using WhatsApp.

On the other hand, it is likely to make it easier for scammers who are already leveraging Facebook ads to cheat people.

 

Recommended Reading

Go Back To > Business | Software | Tech ARP

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Scammers continue to target CIMB customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

And please warn your family and friends!

 

Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Whether you are a CIMB Bank customer or not, you may receive one of these alarming SMS messages :

RM 0.00 CIMB: Confidential!

Dear CIMB users, your account will TERMINATED on 24/12/20. Verify via http://www.cimbclickikm.cc to keep on using CIMB Clicks services.

Please make verification within 24hours to avoid service interruption.

RM0 CIMB: Instant Transfer RM4998.78 to CHAY LEE FEN/HONG LEONG on 23-Dec-2020, 13:06:35. Call the no. at the back of your card for queries.

If you receive any of these SMS messages, please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

RM0.00 CIMB: MYR 2968.00 was charged on your card num 4204 at Shopee.MY. If this is not your txn, call 1800-9767 now.

Cimb Your account is judged as high risk by the system, PLS re-verify your account. cimbclicksecurity.com

Note : These scams do not just affect CIMB Bank. In fact, all banks are affected :

 

Why These CIMB SMS Messages Are Fake

Let us show you how to identify these fake CIMB SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

If you carefully read the first SMS messages above, you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

However, they may copy the real SMS message from CIMB to trick you into thinking that this is a real transaction. Such fake SMS messages will have proper grammar.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Unlike the Public Bank SMS scam, they used a copy of the real SMS message to trick you into clicking the URL in the first message.

Warning Sign #3 : Wrong Links

And always check the link – www.cimbclickikm.cc and cimbclicksecurity.com are not the correct addresses for the CIMB Bank websites (www.cimbclicks.com.my or www.cimb.com.my).

The best policy is to manually key in the bank website address. NEVER click on any link in an SMS, even if it looks legit.

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos (Keeling) Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

 

CIMB Advice To Protect Against Fake SMS / Email Scams

Here is a list of DOs and DON’Ts to protect yourself against fake SMS / email scams.

Please DO follow these good practices

  1. Pay attention to your transaction alerts and check your account activities regularly. In case of any unusual activity, please contact us immediately.
  2. If you wish to contact us, ONLY call the number on the back of your card or refer to CIMB website “Contact Us” page.
  3. Always check the URL of the website that you are making purchases from. Ensure  the “lock” icon or “https” appears on the website’s address bar.
  4. Always find a reputable seller on online marketplaces by searching for reviews from other customers to know their experience.
  5. To access CIMB Clicks, type the entire URL as follows: www.cimbclicks.com.my
  6. Always remember to log out once you have completed your banking transactions.

Please DO NOT follow these bad practices

  1. Don’t panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.
  2. Never apply for personal financing through unverified links or individuals promising a lower rate. CIMB does not impose any application charges for personal financing applications.
  3. Never take instructions from anyone to change the mobile number in CIMB records to any number other than your own mobile number.
  4. When transacting online, never continue with a purchase if you have any doubts if the seller is not genuine.
  5. Never share details such as your card number / User ID / PIN / password / TAC  with anyone or key them in in any website other than CIMB Clicks.
    (Note: CIMB will never ask for  your ‘User ID’, ‘Password’ or ‘TAC’ under any circumstances outside of CIMB Clicks).
  6. Do not click on links or open email attachments from unknown / unreliable senders / sources.
    (Note: Emails from CIMB will always end with @cimb.com such as cimb.marketing@cimb.com

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Scam Warning : Public Bank Customers Hit By Fake SMS!

Scammers continue to target Public Bank customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

 

Public Bank : Fake SMS Scam Warning! Do NOT Click / Call!

Whether you are a Public Bank customer or not, you may receive one of these alarming SMS messages.

Please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

The safest thing to do is NEVER CLICK ON A LINK in any SMS. If you need to log into your bank account, key in the website address manually.

RM0 PBB/PIBB: Your PBB account will TERMINATED on 02Dec20 01:30:00 AM. Please make verification via http://www.mypbebank.cc to avoid service interruption. Verify now keep on using PBB services.

RM0 Credit Cash out RM3,000 form card ending no 7102 successful on 01 DEC. Information system sending. Call PBB 1800-81-9566 for any query

Warning: Your account is marked as insecure, please click Return PAC immediately to confirm that it is safe to use. (https://pbevip.vip/)

PBe Your account is in a high-risk state PLS log in immediately and return the PAC to protect your account security https://www.pbebanks.top

PBe Warning: Phishing URLs are frequent recently, PLS log in immediately to strengthen account security. 2Mar21 13:14 https://se1.pbevip.top/

PB e Your account is in a high-risk by the system, PLS re-verify your account https://pbbanks.red/ <security reminder is normal>

RM0 PIBB: Thank you for using your card ending 1098@senQ MYR 2899, Pls call 03-56260232 now, if you didn’t use it

RM0 PBB/PIBB: Trx amt MYR2699.00  @LAZADA for card ending 5738. Call PB 1-800-81-2337 now if didn t perform.

PBB: Your account is judged as high risk by the system. PLS re-verify your account https://www.pbebanks.asia/ <security reminder is normal>

PB e Alarm Your banking Suit now is marked as insecure, PLS re-verify your account https://online-pbebank.com <security reminder is normal>

 

Public Bank Fake SMS Scam : What Happens If You Click?

Clicking on the links will often lead you to a phishing website, a fake website designed to look like a Public Bank website.

You will be asked to key in your personal information, including your Public Bank user name and password. DO NOT KEY IN YOUR INFORMATION!

But if you are free and want to help screw these scammers, key in fake information as many times as possible.

Note : These scams do not just affect Public Bank. In fact, all banks are affected :

 

Public Bank : How To Identify Fake SMS Messages

With a little help from Public Bank, let’s show you how to identify fake SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

Read the two SMS messages above, and you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Warning Sign #3 : Wrong Links

And always check the link – www.mypbebank.cc is not the correct address for the Public Bank website (www.pbebank.com)

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

The same goes for generic, top level domains like .TOP, .VIP, .TOP, .RED.ASIA, etc.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

Apple just rushed out macOS Big Sur 11.2.3, iOS 14.4.1, iPadOS 14.4.1 and Safari 14.0.3 to patch a critical security bug.

Find out what they fix, and why you need to update your MacBook, iPhone and iPad right away!

 

Apple Rushes Out macOS, iOS, iPadOS, Safari Critical Bug Fixes!

Released on 8 March 2021, macOS Big Sur 11.2.3 patches only one bug, which may mislead users into thinking that it’s not very important.

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

On the same day, Apple also released iOS 14.4.1 and iPadOS 14.4.1 – both patching the same CVE-2021-1844 vulnerability.

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Apple also released Safari 14.0.3, which patches the same vulnerability for macOS Catalina and macOS Mojave :

WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

 

Why Install These macOS, iOS, iPadOS, Safari Bug Fixes ASAP?

While they appear to only patch WebKit in macOS Big Sur, iOS, iPadOS and Safari, they are CRITICAL bug fixes that you need to install right away.

They patch the new CVE-2021-1844 vulnerability, which was discovered by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

This vulnerability allows a remote attacker to trigger a buffer overflow when the victim opens a specially-crafted web page, allowing the attacker to execute arbitrary code on the target system.

It is not known if this vulnerability has been exploited yet, but it is critical to install the new updates to prevent that from happening.

 

Recommended Reading

Go Back To > Software | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ministry of Education Website Uses Plain Text CAPTCHA!

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

 

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

 

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

  • child : name, date of birth, telephone number, home address
  • school : location, class name, teacher’s name,
  • parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why You Should NOT Move WhatsApp Chats To Telegram!

Telegram just highlighted the ability to migrate WhatsApp chats to their app, but you really should NOT do that.

Find out why this is a BIG security and privacy risk than just leaving your chats in WhatsApp!

 

Telegram : Moving Chat History From WhatsApp, Line + KakaoTalk

In a recent version 7.4 update for their iOS app, Telegram announced a new feature – the ability to move your chat messages from other apps like WhatsApp, Line and Kakaotalk to their app.

Curiously, that ability has actually been part of WhatsApp since 2018, when they introduced the ability to export chats to email and other apps.

And while this feature is purportedly available only with the iOS version of Telegram Messenger, you can already do that with existing versions of WhatsApp and Telegram.

 

Why You Should NOT Move WhatsApp Chats To Telegram!

You should note that the privacy risks with WhatsApp have been grossly exaggerated by the media and many Internet “experts”.

For one thing – WhatsApp users have been sharing metadata with Facebook since September 2016, a fact initially lost on many media outlets and “experts”.

But we understand the fear – Facebook is a real snoop. Even so, it would be a mistake to migrate from WhatsApp to Telegram.

Let us share with you why you should NOT migrate from WhatsApp to Telegram, and why it is a BIG mistake to migrate your WhatsApp data to Telegram.

Fact #1 : Telegram Is LESS Secure Than WhatsApp

WhatsApp fully implemented end-to-end encryption across all of their apps and network since 5 April 2016.

End-to-end encryption prevents WhatsApp or Facebook from reading your messages. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Telegram, on the other hand, has STILL NOT implemented end-to-end encryption for all messages by default.

Instead, they still insist on offering end-to-end encryption only when you create a Secret Chat.

This leaves the bulk of your messages completely readable by Telegram and anyone who intercepts those messages as they travel from your device through the Internet to the recipient.

The very presence of Secret Chats between certain people is itself metadata that can help oppressive regimes identify their enemies or whistleblowers.

Fact #2 : Your Data Is Stored In Telegram Cloud Servers

All WhatsApp data is stored only in your registered device. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

It’s the opposite with Telegram – all of your data – messages, photos, videos, documents – is stored in their cloud servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

This ability has its advantages like convenient access across multiple devices, but it also makes Telegram less secure.

Telegram has access to your encrypted files, including the ability to decrypt them for authorities that legally compels them to do so.

Fact #3 : Moving Your Messages + Media To Telegram Exposes Them

While your chats and media remain within your WhatsApp app, they are encrypted and not available to anyone but yourself (and the recipients).

Migrating your chat messages and media to Telegram would involve sending them unencrypted to Telegram’s servers.

This exposes your hitherto secure chats and media to a man-in-the-middle attack – allowing a third party to snoop or grab a copy of the data as it travels unencrypted to the Telegram servers.

Fact #4 : Facebook Already Has Your Metadata

As we pointed out earlier, WhatsApp has been sharing our metadata with Facebook since September 2016.

So moving your existing chats out of WhatsApp won’t limit or reduce your exposure. That horse has long bolted from the stable.

Moving your chat history and files to Telegram will just offer a new attack surface for cybercriminals and oppressive regimes.

Fact #5 : Facebook Will Still Have Your Data If You Still Use Facebook!

Here is the other thing that people don’t realise – migrating from WhatsApp to another messaging app is pointless if you do not also stop using Facebook.

As long as you still use Facebook, they will still have access to a consideration amount of metadata. Losing your WhatsApp metadata just gives them less metadata.

After all, Facebook can track your movements and activity even if you are NOT on Facebook! This is what they call Off-Facebook Activity.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Hello? WhatsApp Is Already Sharing Data With Facebook!

People are worried that a new WhatsApp privacy policy update will force them to share data with Facebook.

Well, here’s the real surprise – don’t you know that WhatsApp is already doing that?

Find out what’s going on, and what WhatsApp is really changing…

 

New WhatsApp Privacy Policy : Share Data With Facebook?

Many of you may have woken up to this pop-up on WhatsApp, alerting you to a change in its terms and privacy policy, which takes effect on 8 February 2021.

While you can delay the decision by clicking NOT NOW, you have to accept the new terms and privacy policy, to continue using WhatsApp.

Otherwise, the alert subtly suggests, you should “delete your account”.

 

Hello? WhatsApp Is Already Sharing Data With Facebook!

Many WhatsApp users are shocked by this new development, and pondering about whether they should jump to Telegram or some other instant messenger.

What’s more egregious though is that many websites are “warning” their readers about this new, shocking development.

The fact of the matter is – WhatsApp has been sharing data with Facebook for years!

In The Beginning : Private Communication Assured

After Facebook bought WhatsApp for a cool US$19 billion, Jan Koum set the record straight on 17 March 2014 :

Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.

2016 : WhatsApp Starts Sharing Data With Facebook

In August 2016, WhatsApp announced that they would start sharing data with Facebook, after rolling out end-to-end encryption.

[B]y coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of.

At that time, WhatsApp offered existing users a special one-time only option to opt-out of the data sharing, but only if they did it within 30 days.

If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences. Existing users who accept our updated Terms and Privacy Policy will have an additional 30 days to make this choice by going to Settings > Account.

If you did not opt-out within 30 days back in August 2016, your data would be shared with Facebook.

This opt-out option was NOT provided to new WhatsApp users who registered on or after 25 August 2016.

After 24 September 2016 : WhatsApp Has Been Sharing Data With Facebook

With the singular exception of existing users who managed to opt-out by 24 September 2016, the data of every other WhatsApp user has been shared with Facebook.

8 February 2021 Onwards : More Information Is Shared

What will really change from 8 February 2021 onwards is the additional information that WhatsApp will share with Facebook :

  • Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
  • Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
  • Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
  • User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
  • Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

 

Opted Out In 2016? It Is Still Honoured!

WhatsApp will apparently continue to honour the decision of those who opted-out of data sharing in August 2016.

For those who opted out, you can agree to the new policy, and your data will still NOT be shared with Facebook.

To check if you opted-out in August 2016, you will need to check in your WhatsApp account – Settings > Account > Request Account Info.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Lazada RedMart Data Breach : What You Need To Know!

Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!

Find out what happened, and what it could mean for Lazada and RedMart customers!

 

Lazada RedMart : What Is It?

RedMart is an online grocery platform in Singapore that was founded in August 2011.

Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.

This March 2019 date is important, because that was when the RedMart database was last updated.

 

Lazada RedMart Data Breach : What Happened?

The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.

In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :

  • Email address
  • Password
  • Mailing address
  • Name
  • Phone number
  • Partial credit card information

Picture Credit : CNA

In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.

They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.

Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.

The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.

Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.

We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.

They also set their platform to log out all Lazada users, and require them to register a new password.

They are also warning their users to be on the alert for spam mails requesting personal information.

 

Lazada RedMart Data Breach : What’s The Implication?

A Data Breach Is A Data Breach Is A Data Breach

Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.

They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.

Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.

Closing The Barn Door After The Horses Have Bolted

Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.

Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.

Lazada Migrated RedMart Users In March 2016

It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.

They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.

Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.

The Data Isn’t Necessarily Outdated

Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.

So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.

This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.

Only Ex-RedMart Users Affected

The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.

That means Lazada users who never registered or used the RedMart app or website are not affected.

 

Lazada RedMart Data Breach : What Can You Do?

If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :

  • change your Lazada password
  • change the password of accounts that use the same password as your Lazada / RedMart account
  • do NOT click on links in emails warning you about this data breach and asking you to change your password
  • do NOT respond to calls or messages warning you about this data breach
  • do NOT respond to requests for personal information

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How Hackers Attack Healthcare During COVID-19 Pandemic!

Even during the COVID-19 pandemic, hackers have been attacking the healthcare system already buckling under pressure.

Take a look at the first part of a newly-released documentary on how hackers are attacking the healthcare system, and what it means for us and the world!

 

How Hackers Attack Healthcare During COVID-19 Pandemic!

Cybercriminals and state-sponsored hackers do not care that almost a million people have died from COVID-19. In fact, they see the pandemic as an opportunity.

Over the last few months, the creators of this documentary spoke to hospitals, law enforcement agencies, health organisations and research centres across the world, to understand how they are coping with increased cyberattacks and malware.

This particular feature was directed by Didi Mae Hand, and produced by Max Peltz.

 

Hackers Increased Attacks On Healthcare During COVID-19 Pandemic

The documentary reveals a shocking surge in cyberattacks on healthcare systems during the COVID-19 pandemic. The World Health Organisation (WHO), for example, reported a 5X increase in cyberattacks on its systems since March 2020.

State-sponsored hackers are mainly looking for biodata, including research on COVID-19 vaccines. Meanwhile, cybercriminals are capitalising on the fact that hospitals may be more willing than usual to pay a ransom.

For example, the Brno University Hospital, which was responsible for running a big share of COVID-19 testing in the Czech Republic, was held to ransom and forced to shut down its IT network at a critical time.

Fortunately, the surge in cyberattacks was met with an incredible response by the cybersecurity community. Some 3000 cybersecurity volunteers created the CV19 group to provide hospitals and healthcare institutions with free support to protect their systems.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Fact Check : Meng Wanzhou Released By Canadian Court?

A photo of HUAWEI CFO Meng Wanzhou being freed by the Canadian court is going viral on social media.

Check out the viral photo for yourself, and find out what the FACTS really are!

 

Claim : Meng Wanzhou Released By Canadian Court!

This photo and accompanying English translation of the Chinese message is going viral on social media.

Just received…

“Canadian court have thrown out all detention charges against Meng Wanzhou.”

In the pic, the tracing device on her angle is being removed.

“The princess of Huawei free to return home in 4 days latest” it said.
_ _ _

 

Meng Wanzhou Released By Canadian Court? Here Are The Facts!

The picture is genuine, but the entire premise and claim are FALSE. Here are the facts…

Fact #1 : Meng Wanzhou Is Still Under House Arrest In Canada

As of 10 September 2020, Meng Wanzhou is still under house arrest in Canada, awaiting the reopening of her extradition case in late September 2020.

Just four days ago, Global Times – a Chinese state-run media outlet – reiterated the demand by Chinese ambassador to Canada that they release Meng Wanzhou to repair relations between their two countries.

Fact #2 : That Was A Staged Photo Op From May 2020

The photo being shared on social media is genuine, but it was from her staged photo op on 23 May 2020. As reported by CBC :

With a momentous court ruling that could deliver her freedom days away, Meng Wanzhou appeared to take a premature victory lap on the weekend, posing for pictures and flashing a thumbs-up on the steps of B.C. Supreme Court.

The Huawei executive took part in a staged downtown Vancouver photo shoot as security guards stood watch Saturday evening. She jumped out of a black SUV to take centre stage once a group of family and friends had arranged themselves in front of a photographer.

Photo Credit : Ben Nelms CBC

She took part in that staged photo op just before B.C. Supreme Court Associate Chief Justice Heather Holmes planned to announce her decision on double criminality, which could have ended the extradition process.

Days later, on 27 May 2020, Associate Chief Justice Heather Holmes ruled that the extradition case against Meng Wanzhou should proceed.

Fact #3 : They Were Not Removing Her Ankle Monitor

The photo that people were sharing as evidence that her ankle monitor was being removed was taken by Ben Nelms of CBC.

This was his description of the photo – Friends assist Meng with her GPS ankle monitoring bracelet as she prepares for photographs in front of the B.C. Supreme Court building.

NO, her ankle monitor was not being removed. Her friends was just helping her cover it up for the photo op.

She continues to wear a GPS ankle monitor, as part of the requirement for her house arrest while awaiting trial.

Photo Credit : Ben Nelms CBC

Fact #4 : She Is NOT Free To Return To China

The viral post claims that Meng Wanzhou is free to return to China in just 4 days at the latest. Sadly for her, that’s not true.

She remains under house arrest, and is unlikely to return to China soon as her extradition case will only take place in late September 2020.

 

Why Would Someone Create This Fake Story?

With China’s aggressive foreign stance in recent years, it is not uncommon to see such fake stories being created and shared.

Some believe it’s part of a concerted attempt to burnish China’s image overseas.

Others believe the many fake stories are being created to drown out the negative coverage of China’s controversial Belt and Road Initiative, and their aggressive moves in the South China Sea.

Whatever the reasons may be, it is our duty as global citizens to stop the proliferation of such fake stories.

Please share this debunking with your friends, so they know the truth!

 

Recommended Reading

Go Back To > Fact Checks | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kashi Mining Company : Fake Procurement Scam Alert!

The Kashi Mining Company has come under scrutiny for falsely using the photos of Malaysia’s Director-General of Health, as well as other notable Malaysians.

Find out what they did, and why it is a fake company website being used to scam people of their money!

 

Kashi Mining Company : Fake Company

Malaysia’s Director-General of Health, Tan Sri Dr Noor Hisham Abdullah, publicly announced that Kashi Mining Company has falsely used his picture, listing him as their COO.

It cast a spotlight on Kashi Mining Company, that claims to be an award-winning company based in Labuan, and yet owns 5 gem mines around the world.

Their management team appears to be comprised of respectable-looking Malaysians. However, a closer look will reveal that Kashi Mining Company misappropriated photos of notable Malaysians :

  • Mohamed Lew (CEO) : That is really Mohamad Abdullah, the Senior Deputy Registrar of Universiti Sains Malaysia’s Student Affairs and Alumni Department.
  • Aidan Razif (COO) : That is really Tan Sri Dr Noor Hisham Abdullah, the Malaysia Director-General of Health.
  • Imran Sin (Managing Director) : That is really Alex Ng, Goodyear Malaysia’s Managing Director.
  • Umar Yow (Company Secretary) : That is really KM Liew, Director and Head of IT & Mobile, Samsung Malaysia.

A quick check of their company address and Google location – both slightly different locations in Labuan, showed that the company does not exist, at least at those locations.

 

Kashi Mining Company : Fake Website

The Kashi Mining Company website is not only full of bad grammar and spelling mistakes, the pictures used have also been misappropriated.

The pictures of the mining vehicles and mining operations have all been taken from companies like MEDATECH Engineering Services, MacLean Engineering, and Epiroc.

We added the scam alert overlay to avoid that screenshot from being abused. Needless to say, Kashi Mining Company does not have 250 staff manning 5 gem mines across the world.

A quick WHOIS check of their domain also reveals that this is a relatively new website, with the domain registered only in October 2019 :

Registrar : NAMECHEAP INC
Whois Server: whois.namecheap.com
Status : clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registered On : 2019-10-18
Expires On : 2020-10-18

Registrant Name : WhoisGuard Protected

IP Address : 104.194.10.93
Hosting Company : HostNowNow.com

Obviously, a genuine award-winning gem mining company would not have such a new website and domain.

In addition, they would not hide their contact details using a protection service like WhoisGuard.

 

Kashi Mining Company : Fake Procurement Scam!

The truth is the Kashi Mining Company does not exist, and their website is part of a fake procurement scam.

Popular in West African countries like Benin, Cameroon, and Nigeria, these scammers offer you a chance to bid on a contract for a large quantity of their products. Gems in this case.

They will offer you extremely good prices on their products, and use fake companies with websites like Kashi Mining Company to trick you into believing that they are genuine.

A different version of the scam flips the narrative – the scammers will offer to purchase large quantities of your products, like machinery.

Whether they offer to sell or purchase, you will be asked to pay some kind of processing fee or legal fees, by government authorities or their lawyers or even transportation companies.

All you need to know is that these are SCAMMERS out to cheat you of your money.

Don’t fall for their tricks. Make sure you WARN your family and friends!

 

Recommended Reading

Go Back To > Internet Fact Checks | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


HUAWEI 5G Aces GSMA NESAS Security Audit : The Impact?

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA NESAS cybersecurity audit!

While that is great news for them, what exactly is the impact on the deployment of HUAWEI 5G equipment globally?

 

HUAWEI 5G Passes GSMA Network Security Assurance Audit!

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA Network Equipment Security Assurance Scheme (NESAS) audit!

  • 5G RAN gNodeB
  • 5G Core UDG, UDM, UNC, UPCF
  • LTE eNodeB

Here is a summary of the twenty NESAS assessment categories and the compliance levels of the HUAWEI 5G equipment that were tested :

Prior to passing the GSMA NESAS audit, these HUAWEI 5G equipment also passed the 5G cybersecurity test by China’s IMT-2020 (5G) Promotion Group, using test specifications based on 3GPP International standards for 5G security assurance.

 

HUAWEI 5G Faces Political, Not Technical, Pressures

Passing the GSMA NESAS audit will help assuage the cybersecurity concerns of nations planning, or already implementing HUAWEI 5G network equipment.

However, HUAWEI faces political, not technical, pressures with their 5G network equipment.

The 100% compliance score in the NESAS audit will not change minds in the US, and their Five Eyes partners are unlikely to consider HUAWEI 5G equipment.

That said, passing this audit will nevertheless strengthen HUAWEI’s shield against claims that their 5G equipment pose much greater cybersecurity risks than competing platforms.

It will help them win additional contracts in smaller countries whose concerns are far less about cybersecurity and privacy, and more with costs.

 

GSMA Network Security Assurance Scheme (NESAS)

The GSMA Network Equipment Security Assurance Scheme (NESAS) audit is a standardised cybersecurity assessment mechanism, jointly defined by GSMA (GSM Association) and 3GPP, together with regulators, industry partners, major global operators, and vendors.

This is a voluntary program which network equipment vendors can subject their product development and lifecycle processes to a comprehensive and independent security audit.

The GSMA NESAS covers 20 assessment categories, defining security requirements with an assessment framework for 5G product development and product lifecycle processes. It also uses security test cases by 3GPP to assess the security of network equipment.

 

Recommended Reading

Go Back To > Business | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Mac Camera Cover Guide : Why Apple Is Wrong!

Apple recently advised everyone not to cover the camera of their Mac laptops, and rely instead on the camera indicator light.

Find out why Apple is WRONG, and why you need to physically cover your Mac computer’s camera!

 

Mac Camera Cover : What Is It For?

Cybersecurity specialists have long advocated covering the built-in camera of your computers, not just MacBook laptops or Mac desktops, with a camera cover of some sort.

This prevents hackers from taking over that camera, and secretly recording you. This has implications beyond just recording your embarrassing moments for blackmail.

With access to your laptop camera, hackers can determine when you are away from home, who lives at your home, who you are working with, and even where you currently are.

 

Apple : Don’t Use A Camera Cover For Your Mac

In their recent HT211148 tech advisory, they asked Mac laptop (MacBook, MacBook Air, MacBook Pro) users not to use any camera cover.

Recommended : Warning : Using A Camera Cover Can Damage Your MacBook!

Instead, they recommended that you use these two built-in features for your privacy :

A. The Green Camera Indicator Light

Apple points out that your Mac computer has a camera indicator light that glows green whenever the camera is active.

They also claimed that the camera is designed not to activate unless its indicator light is also turned on.

B. The Camera Access Control

As an additional measure built into macOS Mojave or later, you must give an app permission before it can use your Mac computer’s camera.

To view which apps has access to your Mac computer’s camera, and to revoke any app’s access :

  1. On your Mac, choose Apple menu  > System Preferences, click Security & Privacy, then click Privacy.
  2. Select Camera.
  3. Select the tickbox next to an app to allow it to access your camera.Deselect the tickbox to turn off access for that app.If you turn off access for an app, you’re asked to turn it on again the next time that app tries to use your camera.

 

Why Apple Is Wrong, And You Need To Cover Your Mac Camera!

Apple fans may hate us for this, but they are wrong. You must physically cover your Mac computer’s camera to protect yourself.

Hackers Always Disable The Indicator Light

Mac computers are not the only ones to feature an indicator light for their built-in cameras. Most computers with a built-in webcam have such an indicator light.

It is, therefore, SOP for hackers to disable the indicator light after gaining control of the camera. Camfecting attacks won’t work if you are aware that the camera is turned on…

Apple asserts that the camera and its indicator light on Mac computers are wired in series, so the camera won’t work if the indicator light is turned off.

However, a 2013 Johns Hopkins University paper showed how it was possible to disable the indicator light of a Mac computer’s webcam, even though the camera module had a “hardware interlock”.

This isn’t just an obscure research subject. The FBI has the capability to covertly activate a computer’s camera without triggering the indicator light, according to Marcus Thomas, the former assistant director of FBI’s Operational Technology Division.

The only ways to prevent such attacks would be to either turn off your computer, or physically cover the camera.

Hackers Won’t Ask You For Permission

Security researcher Ryan Pickren showed in April 2020 how seven flaws in Apple Safari can let malicious websites hijack your camera and microphone to spy on you.

All you have to do is click on a link, and it lets the malicious website gain access to your webcam without asking for permission.

So much for the Mac Camera Access Control feature…

You May Not Notice The Light

Even if the camera indicator light is not disabled, it doesn’t mean you will immediately realise when the light turns on.

By the time you realise the green light is actually glowing, it may already be too late.

This is partly because it emits a steady glow, and doesn’t blink. Of course, a blinking light is bloody irritating, but we are more likely to notice it than a static green glow.

The only way to prevent that is to physically cover the camera.

Hackers Can Turn On Sleeping Or Hibernating Computers

Don’t assume that just because your Mac computer is sleeping or hibernating, hackers cannot access its camera.

They can potentially wake your computer, turn on the camera and record from it, with the indicator light turned off.

Security researcher Pedro Vilaça showed in 2015 how it was possible to remotely “root” and take over a Mac computer after it wakes up from sleep mode of 30 seconds or longer.

Irrespective of the method used, once hackers gain control of your computer, they can turn on its Wake On LAN (WOL) feature to remotely wake up your computer, like what the Ryuk ransomware does.

The only way to prevent that is to turn off your computer, or physically cover the camera.

Cybercriminals Can Trick You With A Fake Blackmail

Even if cybercriminals are unable to access your camera, they can still trick you into believing they somehow took compromising photos or videos from it.

They send out thousands of spam emails every day to trick people into believing they have been caught on camera.

People who don’t use a camera cover can be convinced into believing that their webcams were somehow compromised, and tricked into paying up to avoid exposure.

The only way to prevent that is to physically cover the camera.

 

The Best Way To Cover Your Mac Computer Camera

While we strongly advise you to cover your Mac computer camera, that does not mean you should risk damaging your display.

Laptop Computers (MacBook, MacBook Air, MacBook Pro)

According to Apple, we should not use any camera cover that is more than 0.1 mm thick. That basically rules out any camera cover, because it is impossible to make one that thin.

They also advise again using anything that leaves an adhesive residue. So that means cellophane tape (Scotch tape) and packaging tape should be avoided.

So here are the best options for you to consider, based on your requirements :

  1. If you don’t intend to use the camera at all
    a) Use your laptop in clamshell mode, with a separate monitor, keyboard and mouse
    b) Cover the camera with masking tape, which is gentle and leaves no residue
  2. If you plan to use the camera
    – Cut a small piece of sticky note, so that there is an adhesive part and a non-adhesive part.
    – Alternatively, cut a piece of masking tape, and fold part of it to create a non-adhesive portion.
    – Cover the camera with the adhesive part
    – You can then use the non-adhesive portion to pull it off whenever you need to use the camera

Desktop Computers (iMac, iMac Pro)

Desktop computers like the iMac or iMac Pro don’t have to worry about damaging their displays with camera covers of any thickness.

We therefore recommend using a proper camera cover that slides to let you use the camera whenever you want to, and physically cover it whenever you don’t.

Just make sure the camera cover does not use excessively strong adhesive, or leaves a residue that will require using solvent to remove, which could damage the display coating!

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Warning : Using A Camera Cover Can Damage Your MacBook!

After years of letting third-party companies sell camera covers, Apple just issued a warning that using a camera cover can damage your MacBook laptop!

Find out what’s going on, and why using a camera cover may be critical for your privacy, but can damage your MacBook!

 

Warning : Using A Camera Cover Can Damage Your MacBook!

In a new technical advisory, Apple warns that closing your MacBook laptop with a camera cover attached could physically damage the display, due to the limited clearance between the display and the chassis.

In addition, installing a camera cover can block the ambient light sensor located next to the camera. This will prevent features like automatic brightness and True Tone from working properly.

If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances.

Covering the built-in camera might also interfere with the ambient light sensor and prevent features like automatic brightness and technical advisory from working.

Instead of using a camera cover, Apple recommends relying on the camera indicator light to tell you when it is actively recording you.

This is a VERY BAD idea, which we will elaborate in this article : Apple Is Wrong. You Need To Cover Your Mac Camera!

 

What If You MUST Use A Camera Cover?

If your organisation or work requires you to use a camera cover, Apple issued these recommendations :

  • Make sure the camera cover is not thicker than 0.1 mm.
  • Avoid using a camera cover that leaves adhesive residue.
  • If you install a camera cover that is thicker than 0.1 mm, remove the camera cover before closing your computer.

For Americans and anyone else still stuck with Imperial measurements, 0.1 mm = 0.00393 inch.

This example of an ultra-thin camera cover designed for the MacBook is 8X too thick, according to Apple.

It is physically impossible to create a camera cover that thin. In other words, Apple is telling you yet again NOT to use an actual camera cover!

Instead, try using a tiny piece of sticky note. It is not only thin, it is also soft. Just make sure it covers only the camera, and not the ambient light sensor.

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


TikTok Caught Spying What We Type In Other Apps… TWICE!

TikTok was caught spying on what we type in other apps, not once, but TWICE… so far.

Find out what’s going on, and what you should do about it!

 

TikTok : What Is It?

TikTok is a Chinese social networking service built around short video clips. Developed and owned by ByteDance which is based in Beijing, it is very popular amongst young people and even children.

This has led to numerous controversies as TikTok proved slow or reluctant to remove dangerous or racist videos :

 

TikTok Caught Spying What We Type In Other Apps… TWICE!

Beyond their obvious desire to grow their service at the expense of the danger to real people, there have been cybersecurity and privacy concerns about TikTok.

In a space of just four months, TikTok has been caught spying on what we type in OTHER APPS… not once, but TWICE. Take a look at this video expose…

TikTok Caught Spying On What We Type : First Time

Let’s start in March 2020, when Talal Has Bakry and Tommy Mysk exposed how they found that TikTok was spying on what we typed in other apps through the pasteboard / clipboard.

In the video above, you can see how TikTok immediately asked to read all text stored in the pasteboard, whenever it is launched.

The pasteboard contains everything you copied earlier – messages from other people, quotes from an article, or far more sensitive stuff like your password or account number.

And because of Apple’s universal clipboard feature, this means everything you copy on your Mac or iPad will be available on your iPhone, and therefore TikTok.

To be clear, TikTok was just one of the many apps that they found to be spying on what we type. Here were the apps they confirmed were spying on the pasteboard / clipboard.

News Games Social Other
ABC News
Al Jazeera English
CBS News
CNBC
Fox News
News Break
New York Times
NPR
itv Nachrichten
Reuters
Russia Today
Stern Nachrichten
The Economist
The Huffington Post
The Wall Street Journal
VICE News
8 Ball Pool
AMAZE!!!
Bejeweled
Block Puzzle
Classic Bejeweled
Classic Bejeweled HD
Flip The Gun
Fruit Ninja
Golfmasters
Letter Soup
Love Nikki
My Emma
Plants vs. Zombies Heroes
Pooking – Billiards City
PUBG Mobile
Tomb of the Mask
Tomb of the Mask: Color
Total Party Kill
Watermarbling
TikTok
ToTalk
Tok
Truecaller
Viber
Weibo
Zoosk
10% Happier: Meditation
5-0 Radio Police Scanner
Accuweather
AliExpress Shopping
Bed Bath & Beyond
Dazn
Hotels.com
Hotel Tonight
Overstock
Pigment – Adult Coloring Book
Recolor Coloring Book to Color
Sky Ticket
The Weather Network

At that time, TikTok told Zak Doffman that it was Google Ads that was snooping into the pasteboard / clipboard.

The clipboard access issues showed up due to third-party SDKs, in our case an older version Google Ads SDK. We are in the processes of updating so that the third-party SDK will no longer have access.

They claimed it was because TikTok was using an older Google Ads SDK, which they have since replaced with a newer version.

TikTok Caught Spying On What We Type : Second Time

BFast forward to June, and the release of iOS 14 beta. The new clipboard warning feature in iOS 14 appears to have caught TikTok spying on the pasteboard / clipboard once again.

In the dramatic video shared by Jeremy Burge – the 1:35 point in our video above – he shows TikTok grabbing the contents of his iPhone’s clipboard every 1-3 keystrokes, as he typed in Instagram!

This is even more egregious than the first time they spied on the pasteboard / clipboard! Instead of just looking at what you copied into the clipboard earlier, TikTok is literally reading what you are typing in a different app!

TikTok now claims that this issue was “triggered by a feature designed to identify repetitive, spammy behaviour“, and that they have already submitted an updated app without this “anti-spam feature“.

 

TikTok Caught Spying : What Should YOU Do?

If you are not a frequent TikTok user, the answer is simple – UNINSTALL TikTok.

If you really like TikTok, you should immediately update to the latest version, which ByteDance claims will no longer read your clipboard because it has both an updated Google Ads SDK, as well as their anti-spam feature removed.

Either way, if you are concerned about privacy issues with TikTok, you should write to privacy@tiktok.com and express your deep concerns about not letting them read what you are typing, whether it is in their app or other apps.

 

Recommended Reading

Go Back To > Cybersecurity | Software | MobileHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Malware Alert : How Shopper Takes Over Android Phones!

An Android malware called Shopper is actively taking over smartphones, to post fake reviews on Google Play.. and worse!

Find out what’s going on, and how to prevent your smartphone from being hijacked by Shopper!

 

Shopper : What Does It Do?

Shopper (Trojan-Dropper.AndroidOS.Shopper.a) is an Android trojan that uses the Google Accessibility Service to take over your smartphone.

It is not yet known how users are being infected, but researchers suspect that it may be downloaded through fraudulent ads, or third-party app stores when they try to download legitimate apps.

The malware masks itself as a system application, and uses a system icon called ConfigAPKs to hide itself from the user.

After the user unlocks the screen, the Shopper trojan launches and gathers information about the device, which is then sent to the attacker’s servers.

The attacker’s servers will then send commands to the Shopper trojan to execute one or more of these actions :

  • Check the rights to use the Accessibility Service. If permission is not granted, it will send a phishing request until it gets it
  • Turn off Google Play Protect, a safety check on Google Play Store apps before they’re downloaded
  • Post fake positive app reviews in Google Play, for those apps

  • Open links received from the remote server in an invisible window
  • Download and install advertised apps from Google Play Store
  • Download and install apps from the Apkpure third-party app store
  • Show ads when the smartphone screen is unlocked
  • Create labels to advertised ads in the app menu
  • Replace the labels of your installed apps with labels of advertised websites
  • Use your Google or Facebook account to register on popular shopping and entertainment apps, like AliExpress, Lazada, Zamora, Shein, Joom, Likee and Alibaba

 

Shopper : Who’s Getting Infected?

Right now, Kaspersky researchers say that it is most widespread in Russia (28.46%), following by Brazil (18.70%) and India (14.23%) :

 

Shopper : How To Block It?

To reduce the risk of being infected by Trojan-Dropper.AndroidOS.Shopper.a, take these actions :

  • Do NOT install apps from untrusted sources
  • Block the installation of apps from unknown sources in your smartphone settings
  • Be wary of apps that require the use of the Google Accessibility Service, especially if the app is not meant to offer accessibility features to the disabled
  • Always check application permissions to see what your installed apps are allowed to do
  • Use a reliable mobile security solution

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Operation Goldfish Alpha : INTERPOL Tackles Cryptojacking!

INTERPOL just announced that their Operation Goldfish Alpha has greatly reduced cryptojacking in Southeast Asia.

Find out how INTERPOL and their partner countries cracked down on cryptojacking through Operation Goldfish Alpha!

 

Cryptojacking : What Is It?

Cryptojacking is a new way for cybercriminals to hijack our computer’s processing power to mine cryptocurrency.

Cryptojackers snare their victims by getting them to unwittingly install a malware in their computers. This can happen by tricking the victim into clicking on malicious links, or visiting infected websites.

Once installed, the malware gives them access to the computer or other Internet-connected devices. They can then install programmes called “coin miners” to hijack the processing power of infected devices to mine cryptocurrency.

 

Operation Goldfish Alpha : How INTERPOL Tackled Cryptojacking

Earlier last year, INTERPOL identified a global cryptojacking operation based on a vulnerability in MikroTik routers. The intelligence was disseminated to the affected countries.

INTERPOL’s ASEAN Cyber Capability Desk took it one step further, launching Operation Goldfish Alpha in June 2019.

They identified more than 20,000 hacked routers in the ASEAN region, which accounted for 18% of the infected global total.

Over five months, cybercrime investigators and experts from Computer Emergency Response Teams (CERTs) from across 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) worked together to :

  • locate the infected routers and alert the victims,
  • patch the infected devices, so they are no longer under the cryptojacker’s control

When Operation Goldfish Alpha concluded in late November 2019, they successfully reduced the number of infected devices by 78%. But while the operation has come to an end, efforts to clean the remaining infected devices continue.

Operation Goldfish Alpha also served to increase awareness of cryptojacking, how to identify it and how to mitigate the threat.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


NX Technology from The Tech ARP BIOS Guide!

NX Technology

Common Options : Enabled, Disabled

 

NX Technology : A Quick Review

The NX Technology BIOS feature is actually a toggle for the processor’s No Execute feature.

In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

NX Technology : The Full Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

The NX technology BIOS feature is actually a toggle for the processor’s No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Recommended Reading

Go Back To > Tech ARP BIOS GuideComputer | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Why Cybersecurity Is Critical For Industry 4.0 Success

Yeo Siang Tiong, the General Manager of Kaspersky Southeast Asia, recently shared with us why cybersecurity is critical for Industry 4.0 initiatives to succeed.

While he uses Malaysia’s drive to implement Industry 4.0 as an example, the lessons are universal and apply across the world.

Let’s hear it from Mr. Yeo Siang Tiong!

 

Why Cybersecurity Is Critical For Industry 4.0 Success

The term Industry 4.0 was first used at the Hanover Fair, as a reference to the latest industrial strategy which has been termed the fourth industrial revolution.

According to the explanation by Ministry of International Trade and Industry Malaysia [1] I have read months ago, Industry 4.0 is referred to as production of manufacturing based industries digitalization transformation, driven by connected technologies.

Together with autonomous robots, big data analytics, cloud computing, Internet of Things, additive manufacturing, system integration, augmented reality and simulation, in my opinion, cybersecurity is among the main pillars of Industry 4.0.

Why? Because while the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks.

Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security because the Fourth Industrial Revolution is a double-edged sword which countries and companies should use wisely.

It is great to note that Malaysia is currently ranked third globally among 193 International Telecom Union members, in terms of the level of national commitment to addressing cybersecurity risks.

In 2018, Ministry of International Trade and Industry Malaysia launched INDUSTRY 4WRD, a national policy on Industry 4.0, to place policies and guidelines in place to ensure Malaysian manufacturing industry and its related services would be ready, to be smart, systematic and resilient.

The policy has the overarching philosophy – A-C-T, Attract, Create and Transform.

The government’s efforts are indeed being commended worldwide. Proof is the Readiness for the Future of Production Report 2018 [2] which put Malaysia in the “Leader” quadrant, positioned well for the future. Malaysia and China are the only two non-high-income countries in this coveted quadrant.

One important area for improvement that I know if will be the human force. Malaysia has shortage of required talents, skills and knowledge for Industry 4.0, particularly in the areas of IoT, robotics and AI.  The lack of talents in the fields of IoT is hypocritical for Malaysia Industry 4.0 especially in the areas of exposure to cyber threats.

However, let us not miss the commitment uttered by the Ministry of Education Malaysia [3] saying that cybersecurity must be introduced at the grassroot level, especially among the schoolchildren. The department of Polytechnic and Community College Education and Politeknik Mersing in Johor is also off to set up the Cyber Range Academy, which provides the students with an authentic learning environment in the threat landscape.

For our part, Kaspersky understands the cyber security needs in ensuring the success of Industry 4.0 and have solutions in place – Industrial CyberSecurity (ICS), with the aim to protect companies from three main risks [4].

Firstly, unintentional infection of an industrial network.  In theory, industrial information networks should not be connected to office networks, and should also not have direct access to the internet.  However, sometimes without intending to cause any harm, staff will connect infected removable drives to industrial computers or access the internet to update software on the server, resulted malware manages to penetrate the network.

Secondly, it is not unusual for people who are professionally versed in industrial systems to try and use that knowledge to trick their employer, which cause serious harm to the business.

Thirdly, cyberwar, targeted actions that are intended to cause damage. Two years ago, a massive data breach saw more than 46 million mobile subscribers in Malaysia leaked on to the dark web.

For companies to reach their Industry 4.0 goals, all components have to be protected.

Remember ShadowHammer [5] which Kaspersky team highlighted in the research back in March?  Executable files, found in reputable and trusted large manufacturer, contained malware features, which upon careful analysis confirmed been tampered by malicious attackers.

To avoid being victims and ensuring a clearer path to achieving Industry 4.0 [6], we suggest to:

    • Regularly update operating systems, application software, and security solutions
    • Apply necessary security fixes andaudit access control for ICS components in the enterprise’s industrial network and at its boundaries
    • Provide dedicated training and support for employees as well as partners and suppliers with access to your network
    • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks
    • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
    • Deploy dedicated securitysolutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
    • Form a dedicated security team for both IT and OT sectors
    • Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports

[1] FAQs on Industry 4.0

[2] National Policy on Industry 4.0

[3] Bridging the talent gap in cybersecurity

[4] Securing Industrial Revolution 4.0

[5] Operation ShadowHammer: a high-profile supply chain attack

[6] Almost every second industrial computer was subjected to malicious cyber activity in 2018

 

What Is Industrial Revolution 4.0?

Industrial Revolution 4.0, also known as the Fourth Industrial Revolution or Industry 4.0, is a term that is applied towards the current trend of intelligent automation that is enabled by information technology, interconnectivity and data analytics.

 

Industry 4.0 employs a wide range of technologies to achieve those aims, such as mobile devices, Internet of Things, smart sensors, big data analytics, augmented reality, cloud computing, and more.

Countries and corporations that successfully make use of these technologies will greatly improve their productivity. Hence, there is great interest by governments and companies to develop and accelerate their IR 4.0 capabilities.

 

Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!

In his first prediction for Earth 2050, Eugene Kaspersky believes that AI digital intuition will deliver cyberimmunity by 2050. Do YOU agree?

 

What Is Earth 2050

Earth 2050 is a Kaspersky social media project – an open crowdsourced platform, where everyone can share their visions of the future.

So far, there are nearly 400 predictions from 70+ visionaries, from futurologist Ian Pearson, astrophysicist Martin Rees, venture capitalist Steven Hoffman, architect-engineer Carlo Ratti, writer James Kunstler and sci-fi writer David Brin.

Eugene himself dabbles in cyberdivination, and shares with us, a future of cyberimmunity created by AI digital intuition!

 

Eugene Kaspersky : From Digital Intuition To Cyberimmunity!

In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilization — the very framework keeping the world functioning properly in 2050.

This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.

The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.

 

However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better.

This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.

One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.

But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding.

An “intuitive solution” results from the superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.

So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Incident Response – Five Key Factors CISOs Should Consider!

Maxim Frolov, Vice President of Global Sales, Kaspersky Lab, speaks about Incident Response, a critical tool of every cybersecurity team to respond to, and manage cyberattacks.

Here are five key factors he believes every CISO (Chief Information Security Officer) should consider while formulating their companies’ Incident Response process.

 

Cyberattacks Are Inevitable

As cyberattacks become more sophisticated and frequent, many CISOs agree that a cyberattack on their companies are inevitable.

They also believe that the speed and quality of their incident response are the most important factors in measuring their performance.

Hence, IT security departments are now focused, not just on preventing attacks, but also on identifying the issues in time to minimise damage.

 

What Is Incident Response?

Incident Response (IR) is the methodology a cybersecurity team uses to respond to, and manage cyberattacks. It aims to reduce damage and recover from an attack as quickly as possible.

A good incident response plan also includes a thorough investigation to learn from an attack, in order to prepare for and prevent a repeat attack in the future.

 

The Five Key Factors CISOs Should Consider About Incident Response

While CISOs understand that a well-developed, repeatable incident response plan is critical, they face five major issues in developing a good plan.

Factor #1 : Shortage Of Qualified Professionals

Incident response does not mean jumping into the remediation phase when an incident happens. It actually starts before an attack has occurred, and does not stop after the attack ends. In general, it consists of four stages :

  • Stage 1 : All responsible employees are prepared, so they know how to act when an attack happens
  • Stage 2 : Detection of an ongoing cybersecurity incident
  • Stage 3 : The incident response team eliminates the threat and recover affected systems
  • Stage 4 : The incident response strategy is reviewed based on this experience, to mitigate against a future attack

Such diversified activities require different types of professionals, who are in short supply. According to a Kaspersky Lab survey, CISOs find it quite impossible to find malware analysts (43%), specialists that can respond to an attack (20%) and threat hunters (13%).

The other issue is employee retention. Specialists know that they are in great demand, and easily switch to a rival organisation for a higher salary. It is, therefore, increasingly hard for companies to employ and retain a team to conduct the entire incident response process.

Factor #2 : Choosing Suitable Outsourcers

Because of the difficulties in forming an internal Incident Response team, many companies opt to outsource the job. However, it is no trivial task to choose a suitable third-party IR team.

A good outsourced Incident Response team should be proficient in the important IR competencies, namely threat research, malware analysis and digital forensics.

Their capabilities should be ascertained through vendor-neutral certification, and past experience. The diversity of their client base is also important – working in a variety of industries will allow them to find similarities in seemingly disparate cybersecurity cases.

Companies in strictly-regulated industries will have additional restrictions when they are considering outsourcing candidates. They can only choose from IR teams that meet specific compliance requirements.

Factor #3 : Cost Of Incident Response

Establishing and maintaining an in-house Incident Response team is costly. Not only are full-time specialists expensive, companies also need to purchase solutions and threat intelligence services their IR team will need for threat hunting, data analysis and attack remediation.

Yet they cannot afford not to have an IR strategy in place. The average cost of a data breach is on the increase, now amounting to US$1.23 million on average. This is an increase of 24% from US$992,000 in 2017.

Some organisations may find the outsourced model to be more cost-effective and flexible. However, enterprises that deal with numerous incidents will find it necessary to have an in-house IR team.

To save costs, organisations can employ a hybrid approach – forming an internal team of first-level responders, with external experts on retainer.

Factor #4 : Synergy With IT Department

Both the Incident Response team and the IT department must understand their respective roles and work together. After all, they have conflicting objectives when a cybersecurity incident occurs.

The IT team will want to shut down infected machines to reduce or prevent data loss, and stop the malware from spreading. On the other hand, the IR team will want to collect evidence, which would mean leaving the “crime scene” untouched even after the incident is over.

If the IT team disconnects the machines, and/or stores the logs for only three months; that would make the IR team’s work a great deal more difficult.

To avoid such issues, the internal IR team should provide tailored guidance or training for their IT colleagues. This would ensure that both teams are on the same page when an attack happens.

Factor #5 : Delays In Responding

Organisations that rely on outsourced IR teams can quickly get their incident response processes in place, because the external IR team is always at hand to step in and help resolve an incident.

However, this can only happen after contracts are signed, and agreements ratified; leading to a delay in incident response.

In Maxim’s experience, an organisation often comes back to work on Monday to discover that they were breached during the weekend. They will try to handle the incident for several days, before turning to external experts.

However, it’s usually Friday by the time they start seeking help. Even if they have a pre-vetted contractor to turn to, and rush the approval of an agreement; it will take several more days before the external IR team can get to work.

Hence, it is a good idea for organisations to have an internal Incident Response team (even if they are just first-level responders) that can quickly evaluate the incident and delegate responsibility.

 

The Most Effective Incident Response Strategy

For most large organisations, the hybrid approach to Incident Response is perhaps the most effective.

Combining a small in-house team with third-party responders will help them maintain an effective IR strategy, without the problems associated with maintaining a dedicated internal team or outsourcing the job completely.

Even though outsourcing incident response is attractive financially, it doesn’t mean the organisation can hand over the reins and absolve all responsibility for incident response. Having a suitable IR plan for their particular organisation is still important, as well as the need for the external IR team to liaise with the organisation’s IT team.

There should be a proper process for when employees should ask for external assistance, and what it will address. An employee should also be tasked with prioritising actions and coordinating between the external IR team and internal departments.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


MegaCortex Ransomware Analysis + Prevention by Sophos!

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!

 

What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.

 

What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.

 

How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How To Deal With The Momo Challenge + Hype!

The Momo challenge and hype continue to create panic and hysteria over the Internet for more than a year now. Here is a short guide on what Momo is all about, and how to deal with the Momo challenge and hype!

 

What Is Momo?

Momo is actually a photo of a sculpture of the Ubume ghost by a Japanese artist Keisuke Aizawa that some pranksters use to create the Momo hype.

Using WhatsApp, these pranksters use the Momo picture to scare people, and spread hysteria, by sending victims horror pictures, claims of knowing everything about their contacts, and so on.

 

The Momo Challenge

The same Momo accounts are also said to also challenge people to harm themselves or others. They are said to be presented as a series of challenges or initially benign tasks, that culminates in demands of violent acts or suicide.

Although no actual cases have been confirmed, the Momo challenge created a hysteria, thanks to the media and Internet trolls.

The media failed to verify facts before presenting the Momo challenge as a genuine threat, while Internet trolls take opportunity of the public’s fear and ignorance to spread more false stories about the Momo challenge or hype.

 

Momo Is NOT A Virus, But It Is Dangerous

Although it has been claimed that Momo can add itself to contact lists using a virus, this is not true. There is no virus that spreads Momo, or a Momo virus.

Momo is not a cybersecurity threat – it cannot steal or damage your data. Yet it is still a threat to both parents and children.

Children don’t know better that Momo is not real, and may be enticed by pranksters using the Momo avatar to trick them into doing something wrong or unsavoury.

Parents, on the other hand, can be overwhelmed by the media onslaught about Momo, and over-react because they don’t know what to do.

 

How To Deal With The Momo Challenge

David Emm, Principal Security Researcher at Kaspersky Lab, shared with us some ways to deal with the Momo challenge.

  •  Have regular conversations with your child(ren) – make them aware of how to be safe online. Agree which sites are appropriate for them and ensure they understand the reasoning behind this. They also need to know that they can – and should – confide in a trusted adult if they experience something upsetting whilst online.
  • Make sure your child understands they should not ‘friend’ anyone online they don’t know in real life, or add unknown numbers to their contacts – people online are not always honest about who they are and what they want
  • Activate safety settings – settings such as auto-play should be disabled and parental controls can be installed to help prevent children from viewing inappropriate content.
  • Make use of the mute, block and report features – This will protect them from a lot of harmful content.
  • Never share personal information such as phone numbers, address, etc with people you don’t know.

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos Mobile Security Now Integrates With Microsoft Intune!

Sophos just announced the integration of Sophos Mobile Security with Microsoft Intune. Here are the full details!

 

Sophos Mobile Security Now Integrates With Microsoft Intune!

With this integration, Microsoft Intune customers running Sophos Mobile Security 9.0, will be able to configure access controls fed by the latest mobile device threat information.

This would enable their employees to work and access data securely from any device or location, while remaining compliant with corporate data security rules.

Running on Microsoft Azure, the Sophos Mobile Security integration will provide IT administrators with the ability to configure individual device usage policies within Microsoft Intune. If an individual endpoint is compromised, IT administrators will have detailed insights from Sophos Mobile Security, which would allow them to better decide whether they should lockdown that endpoint and deny access to corporate data.

“As we move towards zero trust networking, enhanced conditional access is crucial. With remote working on the increase and the knock-on effect that has on corporate data access across a variety of mobile devices, there is a growing requirement to enable user productivity without compromising data security,” commented Dan Schiappa, chief product officer at Sophos. “Understanding and managing security threats is central to this operating environment and our integration with Microsoft delivers on this requirement. By offering detailed threat insights relating to individual mobile endpoints, IT administrators can make more informed choices on whether to block a device from network access. By giving administrators that extra context, access denial can be more effectively restricted to ensure productivity is only impacted where necessary.”

“In today’s increasingly mobile environment, more granular context is becoming essential to ensure networks are less easily compromised by malware or potentially unwanted content,” said Ryan McGee, Director, Microsoft Security Marketing at Microsoft Corp. “Integrations with security solution providers like Sophos are important to us. We are excited to extend the capabilities of the Microsoft Intune solution to deliver improved security posture to our customers.” 

Sophos Mobile Security runs on both Android and iOS devices and can share threat details with Microsoft to provide that extra bit of context. Conditional Access policies can now take threat detections from Sophos into consideration when deciding whether to allow access to requested resources.

Sophos Mobile Security can be purchased from registered Sophos partners, or these online options :

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

2019 Symantec Internet Security Threat Report Highlights!

Symantec held an exclusive briefing on the newly-released 2019 Symantec Internet Security Threat Report. In this article, we will share with you the full briefing video, as well as highlights from that Symantec cybersecurity report!

 

The 2019 Symantec Internet Security Threat Report

The 2019 Symantec Internet Security Threat Report is the 24th volume published so far. Based on data from Symantec’s Global Intelligence Network, the ISTR is designed to give businesses and the public an overview of the cybersecurity threat landscape.

The Symantec Global Intelligence Network, incidentally is the world’s largest civilian cybersecurity threat intelligence network. It records events from 12 million attack sensors across more than 157 countries worldwide, blocking 142 million threats every day.

 

The 2019 Symantec ISTR Briefing Highlights

Briefing us on the 2019 Symantec ISTR was Sherif El-Nabawi, Vice-President of Sales Engineering, Symantec APJ; and David Rajoo, Chief Cybersecurity Architect, Symantec ASEAN.

Diminishing Returns Of Ransomware + Cryptojacking

Ransomware, which encrypts and holds data hostage in return for payment in the form of cryptocurrency, has been hit by declining cryptocurrency values as well as increasing adoption of cloud and mobile computing. This led to a 20% drop in infections.

Cryptojacking, in which malware is used to steal computing power from consumers and enterprises to mine cryptocurrency is similarly hit by the drop in cryptocurrency value. Symantec noted that cryptojacking activity declined by 52% in 2018. Even so, it is still a major problem – they blocked 3.5 million attempts in December 2018 alone!

Formjacking Overtakes Ransomware + Cryptojacking

With diminishing returns from ransomware and cryptojacking, cybercriminals now prefer formjacking.

Formjacking is basically a form of virtual ATM skimming. They basically inject malicious code into an online shopping site to steal shoppers’ payment card details.

According to Symantec, more than 4,800 websites are compromised with formjacking code every month, and they blocked more than 3.7 million formjacking attacks on endpoints in 2018.

Generally, small and medium retailers are most widely compromised, and a third of the attacks happened during the business online shopping period of the year – from November through December.

Cloud Is The New Weak Point

With the greater adoption of cloud computing, the same security mistakes are happening in the cloud… with exponentially greater consequences. In 2018, more than 70 million records were stolen from poorly-configured AWS S3 buckets.

Hardware vulnerabilities like Meltdown, Spectre and Foreshadow also put cloud services at risk of being exploited to gain access to every protected memory space in the compromised server. In a single server, data from hundreds of companies could be stolen by a single exploit.

Living off the Land Attacks On Supply Chain

Supply chain attacks using Living off the Land (LotL) tools have increased by 78% in 2018. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year, with Symantec blocking 115,000 of them each month – less than 1%.

These attacks are hard to defend against, because they use the same tools users and organisations need to function. Identifying and blocking them will require the use of advanced detection methods like analytics and machine learning.

Internet of Things (IoT) Attacks Are Changing

While the volume of attacks of IoT devices remains high and consistent with 2017 levels, their profiles are changing. In addition to routers and wireless cameras, attacks now have access to smart light bulbs and virtual voice assistants.

Smartphones Are The Greatest Spying Devices

According to Symantec, smartphones are the greatest spying devices ever created. Their research show that :

  • 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking,
  • 46% of popular Android apps and 24% of popular iOS apps request permission to access the smartphone camera, and
  • email addresses are shared with 44% of top Android apps and 48% of top iOS apps!

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!