Tag Archive for: attention

Attention Android users: A malware posing as McAfee security app can steal your sensitive data

/in


New Delhi,UPDATED: Apr 4, 2024 19:00 IST

Security researchers have found that a trojan malware has been posing as the McAfee security app. The malware only affects Android users, and aims to steal personal data like passwords, credit card details, photos, videos, and other sensitive information. This was first reported by Bleeping Computer.

The trojan malware is reportedly a more powerful version of the Vultur malware. Vultur was among the earliest Android banking malware to incorporate screen recording abilities and include functions like keylogging and interacting with a victim’s device screen. Its primary focus was to target banking apps for keylogging and remote control. The discovery of Vultur was initially made by ThreatFabric in late March 2021.

The malware is being circulated via Google Play Store. Apparently, the malware was first distributed on the Android app store in 2022 and has since been active on the platform.

How does the malware work?

The malware pretty much looks like a promotion message for the MacAfee security app, and it is quite easy to fall for. Usually, an Android user will receive an SMS that will claim to have found an unauthorised transaction in your bank account, urging them to call a provided number for assistance.

When you call that number, users will get connected to the scammers, who will send a follow-up SMS with a link to download a malicious version of the McAfee Security app containing the Brunhilda malware dropper.

By installing this fake app, it will gain access to your device’s ‘Accessibility Services’, which will eventually connect it to the malware’s main server. And once that happens, the attackers can access any information on your device remotely.

How to stay safe from such malware?

To ensure you are safe from such malware, never download any app from random links sent to you. Don’t even download apps off browsers. Only download official apps through the Google Play Store. It is also good to always check reviews and ratings of an app before you download it, which can give you a good sense of the authenticity of the app. Also, always pay attention to the developer details of every app before you download it.

Published By:

Nandini…

Source…

Edge computing security issues attract attention amid AI application development boom

/in


ChatGPT has taken the world by storm, bringing unprecedented AI experiences to numerous consumers. This highlights the continuous development of AI technology and its rapid proliferation in people’s daily lives. Meanwhile, with the vigorous development of technologies such as 5G, IoT, and cloud native computing, the concept of edge computing has also emerged to provide the best online experience for Internet users.

Traditional AI applications involve using the Internet to upload raw data to large cloud servers for analysis. However, with the increasing number of IoT devices, this often leads to issues such as raw data leakage, insufficient network bandwidth, and communication delays. Therefore, when cloud AI is deployed in smart manufacturing, smart transportation, and other scenarios, there may be a significant degradation in service quality as devices may not work together properly, potentially causing traffic accidents, industrial safety hazards, and other problems. For this reason, using edge computing servers to analyze data locally to mitigate such problems is a popular option in the market today. However, with the rapid proliferation of AI services, the issue of potential information security risks has also come to the fore. Hacker groups have begun launching attacks on AI applications such as ChatGPT to steal large amounts of sensitive data. Edge computing security has therefore become a major challenge that needs to be addressed in the development of AI services.

Dr. John K. Zao, the founder and chairman of FiduciaEdge Technologies, pointed out that existing information security solutions can be roughly divided into three categories. The first category includes the use of virtual private networks (VPNs), firewalls, and other mechanisms to protect data in transit. The second category deals with security mechanisms for websites and databases to ensure the security of data in storage. The third category aims to implement appropriate information isolation in the trusted edge computing environments to protect those data in use. Trusted edge computing is becoming increasingly important as more manufacturers are now running AI applications on their sites to…

Source…

Are companies paying enough attention to cybersecurity culture among employees?

/in


The advent of new technologies such as cloud computing, big data, artificial intelligence, and the Internet of Things have made today’s IT world a lot different than what it was a decade ago. As the technology has been evolving substantially, so have the cyber criminals, with attacks getting increasingly sophisticated. 

The pandemic’s role in pushing companies of all sizes and sectors toward adopting an always-online mode and cloud and other cyber technologies is accompanied by a whirlwind of scams and fraudulent activity hitting companies in 2020 and 2021 with cybercriminals targeting employees’ access to the organization’s systems. 

In this time of digital disruption and increased cyber threats, many companies are focusing their cybersecurity efforts on the technology component—to the detriment of the human factor. When data is compromised, often it’s tied to negligence or failure in the cybersecurity system within the company or from a third-party working with the company.

First line of defense: Employees 

It is imperative that companies focus on building and sustaining a culture of cybersecurity and cultivate it in the workplace for effective cyber risk management. This would entail moving beyond the typical strategy used in which most businesses simply allocate a certain portion of their IT budgets or revenue to security without considering their actual needs. The approach must include helping employees realize that the risk is real and that their actions can have an impact on increasing or reducing that risk. Companies’ cybersecurity blanket must also include third-parties and others on their IT architecture.

Effective cybersecurity necessitates a persistent effort that covers employee behavior, third-party risks, and numerous other potential vulnerabilities in addition to application security, penetration testing, and incident management.

Enterprises spend millions of dollars on hardware and software but may neglect the simple act of properly training their employees on security practices. Teaching employees to recognize threats, curb poor cyber behavior, and follow basic security habits can provide the best return on…

Source…

Cyber Security Authority calls on business to pay attention to cyber risks

/in


The Cyber Security Authority has called on businesses to pay attention to cyber risks which pose a threat to all businesses.

Speaking on Joy Business Social, Isaac Mensah, an officer at the Cyber Security Authority, noted that cyber security just like any form of security begins with the user or individual, and as such businesses and employees should pay attention to social engineering attacks, aimed at swindling businesses.

“The issue is about awareness, if you want to do an online business, you should know the risks involved. Having the business alone or migrating your business online may be cost-effective, but we need to pay attention to the risks which exist on various platforms we list our businesses.”

He further stated that majority of the attacks on small and medium businesses recorded in Ghana are socially engineered attacks rather than hacking.

He went on to say that such attacks prey on the vulnerability of users by swindling them.

“When you look at the trend of attacks, a lot of these attacks is not hacking, it is socially engineered attacks which prey on your intelligence. It is about your level of operation and what you need to know to arm yourself”.

“Once you know the schemes, you will be able to detect an attack and find solutions to it”, he said.

On his part, Henry Cobblah, Project Lead at Skillmine Africa cautioned users to make an effort to understand the various services operating on the internet before signing up.

According to him, just as every home is not safe, no matter the levels of security put in place for protection so is the internet, therefore the users should be vigilant.

“Whenever you are getting into anything on the internet, make sure you understand the platform or service before jumping on. Read about it, ask about before investing or signing up to anything on the internet. Lack of understanding of platforms makes you more vulnerable to scamming”, he stressed.

“Ensuring cyber safety has become very important especially now that a lot of businesses are migrating online and relying on cloud services for business support. Though a lot of attacks we see here in Ghana are mainly social engineered attacks, it becomes imperative for businesses…

Source…