Tag Archive for: danger

The Privacy Danger Lurking in Push Notifications


To send those notifications that awaken a device and appear on its screen without a user’s interaction, apps and smartphone operating system makers must store tokens that identify the device of the intended recipient. That system has created what US senator Ron Wyden has called a “digital post office” that can be queried by law enforcement to identify users of an app or communications platform. And while it has served as a powerful tool for criminal surveillance, privacy advocates warn that it could just as easily be turned against others such as activists or those seeking an abortion in states where that’s now illegal.

In many cases, tech firms don’t even demand a court order for the data: Apple, in fact, only demanded a subpoena for the data until December. That allowed federal agents and police to obtain the identifying information without the involvement of a judge until it changed its policy to demand a judicial order.

Europe’s sweeping Digital Markets Act comes into force next week and is forcing major “gatekeeper” tech companies to open up their services. Meta-owned WhatsApp is opening its encryption to interoperate with other messaging apps; Google is giving European users more control over their data; and Apple will allow third-party app stores and the sideloading of apps for the first time.

Apple’s proposed changes have proved controversial, but ahead of the March 7 implementation date the company has reiterated its belief that sideloading apps creates more security and privacy risks. It may be easier for apps on third-party apps stores, the company says in a white paper, to contain malware or try to access people’s iPhone data. Apple says it is bringing in new checks to try to make sure apps are safe.

“These safeguards will help keep EU users’ iPhone experience as secure, privacy-protecting, and safe as possible—although not to the same degree as in the rest of the world,” the company claims. Apple also says it has heard from EU organizations, such as those in banking and defense, which say they are concerned about employees installing third-party apps on work devices.

WhatsApp scored a landmark legal win this week against the notorious mercenary hacking firm NSO…

Source…

Know the difference, defend against the danger: DoS vs DDoS attacks


Key differences between DoS and DDoS

Here are some detailed differences between DoS and DDoS attacks:

Source of Attack

The primary difference between DoS and DDoS attacks is the source of the attack. In a DoS attack, the attacker uses a single device or network to carry out the attack, while in a DDoS attack, the attacker uses a network of compromised devices (botnet) to flood the target with traffic.

Scale

The scale of the attack is another critical difference between DoS and DDoS attacks. In a DoS attack, the attacker can only generate a limited amount of traffic, which may not be enough to bring down a well-protected website or network. In contrast, a DDoS attack can involve thousands or even millions of devices, generating massive amounts of traffic that can overwhelm even the most robust defenses.

Complexity

DDoS attacks are generally more complex than DoS attacks. The attacker needs to infect a large number of devices with malware to create the botnet, which requires advanced technical skills and knowledge. Additionally, DDoS attacks may use different techniques to evade detection and mitigation, such as IP spoofing, amplification attacks, and randomization of attack patterns.

Duration

DoS attacks are typically shorter in duration than DDoS attacks. A DoS attack may last a few minutes to a few hours, while a DDoS attack can last for days or even weeks. The longer duration of a DDoS attack makes it much more challenging to mitigate and recover from.

Impact

DoS attacks and DDoS attacks can both have a significant impact on the target website or network. However, DDoS attacks can be much more damaging, as they can result in extended periods of downtime, data loss, and financial losses.

Motivation

DoS attacks are usually carried out by individuals seeking attention or revenge, while DDoS attacks are often carried out by organized criminal groups, hacktivists, or state-sponsored actors seeking to disrupt or damage a target website or network.

Also Read: Role Of Cyber Security In Compliance: A Comprehensive Guide

Source…

Billions of iPhone and Android owners warned over ‘cursed movie’ – one click steals your money and puts you in danger


IT’S almost time for the Oscars and cyber criminals are hoping to cash in on unsuspecting movie fans.

Security experts at Kaspersky are warning that one of the most popular Oscar-nominated movies is being used to steal people’s data and even money.

Security experts are warning about a fake movie scamCredit: Getty

Scammers are said to be creating fake websites that offer victims a fake chance to stream nominated movies for free.

The aim is to steal personal and banking information from victims and sell this on the dark web.

Kaspersky experts have found several websites that aim to do just that.

They ask for “small subscription fees” and promise access to movies but will actually just steal your bank information.

The experts warn that victims then become vulnerable to unauthorized transactions.

Movies being offered by scammers include Everything Everywhere All at Once and Avatar 2.

If an offer to stream a movie seems too good to be true it probably is.

Olga Svistunova, a security expert at Kaspersky, said: “The Oscars 2023 is lucrative for cybercriminals who intensify their malicious activity every year.

Most read in Phones & Gadgets

“It’s crucial to be extra cautious during this event and double-check the authenticity of any website offering free streaming of movies.

“Don’t fall for fake websites or giveaway scams that trick users into giving away their personal information.

“Always use reputable streaming services and double-check website authenticity.”

Kaspersky advises checking the authenticity of websites before you enter any personal data.

You should also be wary of sites that promise early viewings of movies before they’re released.

Source…

The danger of counterfeit mobile phones, with hidden Trojans and malware


The question is clear, why having completely solvent mid-range and entry-level mobiles, would we want to get hold of a fake. Well, the reality is that in developing countries these types of mobiles are still seen, which usually copy the external appearance of the most desired high-end mobiles.

New examples of its dangerousness

Today we are talking about this type of device again precisely because a good number of terminals have been discovered that would be infected with malicious software no less than in the system partition, come on, you are infected with malware in a severe way. It is a series of mobile phones that are mere counterfeits of other better-known models, and from the names you can get an idea of ​​what we are talking about.

These models are known as P48pro, radmi note 8, Note30u and Mate40, which are named in this way precisely to generate confusion in the consumers themselves, who, between the similar design and the similar name, end up achieving their objective of deceiving the victims. These versions of popular smartphones are called counterfeitand this example revealed by Doctor Web is one of the best exponents of what we are telling you.

Malicious and outdated software

Hackers are so obsessed with creating devices designed to infect victims that the software they carry is not old, but directly antediluvian. Because these mobiles that have found Trojans and malware inside their system partition, precisely have a version of Android with more than a decade behind them, as it is Android 4.4.2.

iphone speaker

Specifically, these phones have been detected with a clear manipulation in their operating system, specifically two files, the “/system/lib/libcutils.so” and “/system/lib/libmtd.so” that have been modified so that when any app uses one of these libraries, the Trojanization process of the mobile phone is triggered, in such a way that the indiscriminate download of malicious software to the smartphone begins, which is the objective with which this type is created of mobiles.

additional rear door

These researchers have also been able to discover that when WhatsApp or WhatsApp Business is executed, a new vulnerability, which is capable of opening a third…

Source…