Tag Archive for: Click

There was a TikTok Android app exploit that let hackers hijack accounts with one click

/in


Don’t freak out, as it’s long resolved now, but Android users should really think twice before clicking any links in the TikTok app after security flaws were found and reported that made it ridiculously easy to steal others accounts with a simple link. While it’s been addressed for now, it’s always good internet security advice to not go clicking unknown links and with an exploit this simple it’s a good idea to be ever vigilant out there.

According to BleepingComputer, (opens in new tab) Microsoft reported the flaw to TikTok back in February but given the potential severity, it’s not too surprising we aren’t hearing about it until now. With a well crafted malicious link, reportedly more than 70 JavaScript methods could be used to get access to the app’s webview, only used by the Android app. 

Source…

Apple patches operating systems due to ‘no click’ spyware exploit

/in


In mid-September, Apple was forced to issue an emergency security update for its iPhone, iPad, Mac, and Watch operating systems after being alerted to a “no click” exploit allegedly tied to the Pegasus surveillance software distributed by the Israeli company NSO Group.

The Citizen Lab, a Canadian human rights and security advocacy group, alerted Apple to the exploit, dubbed FORCEDENTRY. The exploit targeted Apple’s image rendering library, which was found on the phone of a Saudi activist that Citizen Lab examined back in March. The exploit uses “maliciously crafted” PDF files that could lead to “arbitrary code execution,” Apple said in a security bulletin .

The “no click” designation by Citizen Lab means Apple users don’t need to open the PDF sent to them for the spyware to infect their devices. Instead, Pegasus gives attackers “virtually unfettered access to the victim’s device, where it can monitor messages, listen in on calls, activate the camera, and more,” said Daniel Markuson, a digital privacy expert at NordVPN .

The Citizen Lab spearheaded recent reporting on the NSO Group’s surveillance software, with news stories in July saying the company’s military-grade Pegasus product had been used to spy on business executives, journalists, human rights advocates, and government officials. NSO Group has disputed the reporting, saying it sells the software to governments to fight crime and terrorism.

But with some NSO customers using the software to spy on other people, several security experts urged Apple users to update their devices immediately.

“These new accusations bring a heightened sense of concern among privacy activists that no smartphone user, even those using software like WhatsApp or Signal, is safe from their privacy being infringed upon,” Markuson told the Washington Examiner. “Cyber-tech surveillance can be a real threat from both individuals and institutions, and this situation with NSO Group is only bringing this long-lasting issue into the limelight.”

Pegasus illustrates the importance of comprehensive mobile security efforts at an organization, added Hank Schless, senior…

Source…

Safety devices disguised as jewelry get you help with the click of a button

/in


JACKSONVILLE, Fla. – Safety and fashion usually are not used together in the same sentence.

However, companies have transformed bulky panic alert buttons into fashionable devices that could save your life.

In just the last few years, companies like Flare, Ripple and Nimb have come out with modern-day panic buttons. They’re designed to be discrete, fashionable and most importantly effective in alerting someone for help.

Most of these companies were inspired by scary encounters the founders experienced.

“It happened by complete accident,” said invisaWear co-founder and CEO Rajia Abdelaziz. “I never meant to start a company.”

Ad

In just the last few years, companies like Flare, Ripple and Nimb have come out with modern-day panic buttons.
In just the last few years, companies like Flare, Ripple and Nimb have come out with modern-day panic buttons. (Flare/Ripple/Nimb)

Abdelaziz said she came up with the idea after a man tried following her to her car when she was in college.

“What I couldn’t get out of my mind how, unfortunately, millions of women can’t say the same,” Abdelaziz said.

According to RAINN (Rape, Abuse & Incest National Network), someone in the United States is sexually assaulted every 73 seconds.

Wearable safety devices are meant to lower those numbers, and top security companies are now getting involved.

In December, ADT launched a partnership with invisaWear.

“We’ve seen, you know, all the way through domestic violence situations, we’ve seen medical emergencies,” explained ADT Mobile Security & Strategic Projects Vice President Leah Page.

ADT Mobile Security & Strategic Projects Vice President Leah Page speaks with News4Jax crime and safety expert Ken Jefferson and News4Jax consumer investigative reporter Lauren Verno.
ADT Mobile Security & Strategic Projects Vice President Leah Page speaks with News4Jax crime and safety expert Ken Jefferson and News4Jax consumer investigative reporter Lauren Verno. (WJXT)

Here’s how it all works.

You buy the device, which can come as a necklace, bracelet or even a hair tie.

In an emergency, you click the button twice and an alert will go out to up to five people of your choosing with your location.

Ad

The items range in price from $149 to $249.

However, if you opt into ADT’s subscription for $19.99 a month, that alert will go straight to ADT’s monitoring system.

News4Jax crime and safety expert Ken Jefferson and I sat down to test out the product. ADT representative John McGinnis answered the call as if it was…

Source…

Covid 19 text scam: Fact check, is this real? Do not click link

/in


The VERIFY team spoke with the Better Business Bureau about a new scheme, in which people are being tricked into downloading malware on their phones.

Is a message circulating by text, email, and around social media offering $1,200 for participating in a COVID-19 vaccine study legit? 

No. The Better Business Bureau is calling this text fake, warning people from clicking on the link. 

The Better Business Bureau, Scam Alert

Federal Trade Commission, Malware Advisory

The VERIFY Team spoke with Kelsey Coleman, the Director of Communications and Public Affairs at the Better Business Bureau. She urged people to be aware of a new scam circulating by text, email, and on social media. 

As interest in a potential COVID-19 vaccine grows, so do the number of people looking to take advantage. Coleman said a text has been circulating, urging people to join a COVID-19 study, which pays up to $1,200. 

The Better Business Bureau is calling this text a scam. 

“Of course there are legitimate clinical studies out there,” Coleman said. “But it’s important to make sure you do your homework.” 

According to an advisory by the Better Business Bureau, clicking on this link could lead to various problems. 

“If you click it,” the advisory reads. “You could unknowingly download malware onto your computer or phone. This virus can give scammers access to your usernames, passwords, and other personal information stored on your computer.”

Source…