Posts

Google Play Protect fails Android security tests once more

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Google Play Protect fails Android security tests once more

Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.

Google’s Android mobile threat protection, which automatically scans over 100 billion apps every day, was introduced during the Google I/O 2017 in May 2017, with rollout to all Android devices starting in July 2017.

Since then, Google Play Protect has been deployed to billions of devices and is now the built-in malware protection on over 2.5 billion active Android devices.

According to AV-TEST’s results, Google’s mobile threat protection solution ranked last out of 15 Android security apps tested over a span of six months, between January to June 2021.

While always running and scanning every app installed and launched on the device, “the endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect.”

AV-TEST endurance test
Image: AV-TEST

Last of the pack

During this 5-month long endurance test, Google Play Protect detected a little over two-thirds of nearly 20,000 infected apps the testing lab used as part of three rounds of tests.

Each of these testing rounds pitted the security apps against over 3,000 newly-discovered malware samples (up to 24 hours old) and a reference set of more than 3,000 other up to one-month-old samples.

“A total of 5 apps always detected all the attackers 100 percent in the real-time test and in the test with the reference set,” AV-TEST found.

“Finishing in last place, Google Play Protect only detected 68.8 percent in the real-time test and 76.6 percent in the test with the reference set.”

Out of all mobile security apps tested, Bitdefender, G DATA, McAfee, NortonLifeLock, and Trend Micro were the ones that hit a perfect 100% detection rate.

Google Play Protect also mistakenly detected 70 apps as potentially malicious out of almost 10,000 harmless ones installed by AV-TEST from the Play Store and third-party Android app stores.

Given that the Android built-in malware protection solution failed to detect over a third of the 20,000 malware…

Source…

Russia fails to deny takedown of ReVil hacking group is connected to Biden’s pressure on Putin

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


The Kremlin has failed to deny that the takedown of Russian-based hacking group ReVil is tied to US President Joe Biden’s pressure on Russian President Vladimir Putin.

Press secretary of the President of the Russian Federation Dmitry Peskov said Wednesday the state doesn’t have any information about REvil’s sudden disappearance from the internet and insisted Russia wants to ‘cooperate’ with the US in taking down cybercriminals.

REvil’s dark web data-leak site and ransom-negotiating portals have both been unreachable since about 1am on Tuesday. 

The timing of the takedown raised eyebrows coming just days after Biden demanded Putin took action following a series of devastating ransomware attacks by the Russia-based group on US businesses.

REvil, also known as ‘Ransomware evil’, was responsible for the Memorial Day ransomware attack on the meat processor JBS and the supply-chain attack this month targeting the Miami-based software company Kaseya that crippled well over 1,000 businesses globally.   

The Kremlin has failed to deny that the takedown of the websites used by Russian-based hacking group ReVil is tied to US President Joe Biden's pressure on Russian President Vladimir Putin. Biden and Putin pictured meeting at the Geneva Summit on June 16

The Kremlin has failed to deny that the takedown of the websites used by Russian-based hacking group ReVil is tied to US President Joe Biden’s pressure on Russian President Vladimir Putin. Biden and Putin pictured meeting at the Geneva Summit on June 16 

When asked Wednesday by reporters if Russia was behind REvil’s takedown from the darknet, Peskov denied having any knowledge of what had happened.  

‘I cannot answer your question, because I do not have such information. I do not know which group, where it disappeared from,’ he said, according to Russian News Agency TASS.

He said Russia believes cybercriminals ‘should be punished’ but doubled down that he was not aware if the ransomware gang had been deliberately been targeted by authorities.  

‘We believe that [cybercriminals] should be punished,’ he said. 

‘On the international level, we believe that we should all cooperate. In this case, Russia and the United States should cooperate in order to suppress such manifestations. 

‘As for the particulars about this group, I, unfortunately, with such information I don’t have it, ‘he added.

Peskov said the US and Russia had begun talks on how to work together to tackle cyber crime.

Source…

How to recover from ransomware when prevention fails – CRN Channel Academy – CRN Australia – People/HR – Promoted Content – Security

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


How to recover from ransomware when prevention fails

A disaster recovery plan should evolve as your business does.
Photo by Michael Geiger on Unsplash

Ransomware attacks don’t just target a business’s single endpoint. They can infect its entire network in seconds if they can penetrate remote management software. On top of the increasing ransomware threat, businesses are producing more data than ever. In fact, according to a StorageCraft Global Research study, 86% of experts believe data volume will increase 10 times or more in the next 5 years.

With increasingly targeted ransomware attacks and an explosion in data creation, it’s clear why businesses must take a more sophisticated approach to data protection. The only thing between your business and data loss or a ransom is a disaster recovery (DR) plan. Ransomware is everywhere, and sooner or later your business will be attacked. When that happens, how will you recover? Recovery starts with a clearly defined plan.

Ransomware Planning: It’s Working (Mostly)

The good news is that although more businesses are succumbing to ransomware, at the same time more businesses are recovering safely. According to our recent webinar, StorageCraft has seen an 8X growth in ransomware restorations since 2017. Businesses that can recover have a plan, execute it, and ultimately prevent data loss.

But remember, a plan should account for protecting data as well as reducing downtime. Although data may be safe with basic data protection measures, many businesses take days—or even weeks—to recover if there’s a significant failure event. According to data from StorageCraft’s recent global study, only 15% of businesses can recover from severe data loss within an hour. When downtime can cost as much as $5,600 every minute, even an hour can be expensive.

Rather than watch dollars slip down the drain, let’s look at how to build a solid plan that prevents data loss and costly downtime.

Three steps for building a rock-solid DR plan for ransomware

A disaster recovery plan should…

Source…

Apple’s security check fails second time in six weeks

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Once installed, the apps would download and install the OSX/MacOffers malware.

(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Six malicious apps that posed as Adobe flash player have bypassed Apple’s App notarisation process for the second time in the past six weeks, according to Joshua Long, Chief Security Analyst at Mac security software maker Intego.

Once installed, the apps would download and install the OSX/MacOffers malware. The virus uses a technique that hides the malicious payload within a separate JPEG image file, which is why it slipped past Apple’s notarisation process.

Apple notarisation is a security protection system introduced earlier this year. Mac software developers submit their apps to Apple. An automated system scans software for malicious content and checks for code-signing issues with an aim to assure users that the Developer ID-signed software has been checked by Apple.

If the software appears to be malware-free, Apple notarises the app and place it in the whitelist inside the Apple Gatekeeper security service. After an app it notarised, it becomes much easier for users to run the app on macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur.

This increases the chances of a victim installing Trojan horse malware that sneaked through the security process undetected. This marks the second incident of Apple notarising Mac Malware samples after the first known incident occurred in late August.

Mac malware researcher Matt Muir discovered the first sample while hunting for malware that removes registration requirements or other restrictions that limit software functionality.

While Long said nobody should believe any site that prompts them to download or update Flash. Most malware makers are able to succeed with Flash installers since many users are unaware that Adobe plans to discontinue security updates for the real Flash Player at the end of this year and browsers have already dropped support for Flash Player or disable it by default.

Never install Flash Player if you’re prompted to; it’s a telltale sign of malware,” Long mentioned.

Apple has revoked the malware…

Source…