Tag Archive for: immediately

Billions of Android and iPhone users warned to delete messages immediately after ‘bank-draining’ attack alert

/in


SECURITY experts have revealed a staggering rise in smartphone phishing scams.

The amount unexpecting people click on the dangerous phishing links has risen by 637% in just two years.

Phishing attacks are said to be on the rise, especially via your smartphoneCredit: Getty

That’s according to The Global State of Mobile Phishing recently released by Lookout.

It states: “2022 had the highest percentage of mobile phishing encounter rates ever — with over 30% of personal and enterprise users exposed to these attacks every quarter.”

And adds: “These attacks are the tip of the spear for more advanced campaigns.

“They can grant attackers access to your apps and data under the guise of being a legitimate user.”

The report claims that over 50 percent of all mobile devices were exposed to a phishing attack in 2022.

Attacks bombard long lists of smartphone users with phishing emails and text messages hoping they can get as many people to click as possible.

Sometimes they target specific people if they want access to where they work or view their personal data as particularly valuable.

Around 36 percent of US smartphone users were said to encounter phishing attacks.

Most read in Phones & Gadgets

HOW TO AVOID A PHISHING SCAM

Firstly, you should be thorough when checking who the email is from.

Even if it looks official, double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address.

Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.”

You should also be wary of links in emails.

If you’re certain an email you have received is a scam, report it to your email provider and delete it.

Source…

This Is The One iCloud Setting You Have To Stop Using Immediately

/in


icloud-sign-in-page

icloud-sign-in-page

If you’re using iCloud to safely store files and other data, you’re already one step ahead of the game when it comes to protecting yourself online. But even iCloud storage isn’t 100 percent safe and secure, and it helps to be aware of settings that can put you more at risk for hacking attempts. “In today’s digital age, personal data is one of the most valuable assets we have,” said Tech Expert Kosha Shah, digital strategist at Technostacks Infotech Pvt. Ltd. “From credit card information to private messages, our devices hold a wealth of information about us that, if accessed by the wrong person, can lead to identity theft, financial fraud, and a host of other issues.. That’s why it’s so important to be aware of the various settings on our devices that can leave our data vulnerable to attack.”

One of the most commonly used features on Apple devices is iCloud Backup, according to Shah. “This feature automatically backs up your iPhone or iPad to iCloud, including all of your personal data such as photos, contacts, and messages. It’s a convenient way to make sure your data is safe, but it can also be a security risk.” Here’s what you need to know about this setting and why it’s a good idea to turn it off. 

What is the iCloud setting in question?

The iCloud Backup feature is the setting that automatically backs up your device to iCloud, Shah said. “This includes all of your personal data such as photos, contacts, and messages. It’s a great way to make sure your data is safe, but it can also be a security risk.”

Why is it a security risk?

“The problem with iCloud Backup is that if an attacker gains access to your iCloud account, they can easily access and download all of this sensitive information,” Shah said. “They can also use this information to gain access to your other accounts, such as your bank account or social media profiles. This is because many people use the same login information for multiple accounts, making it easy for an attacker to gain access to multiple systems.”

Another issue with iCloud Backup is that it stores your data in the cloud, which means it’s accessible from anywhere with an…

Source…

Check your Android phone immediately and delete these popular apps now

/in


Android phone users have been hit by yet another worrying warning that could leave personal details in the hands of hackers. Security experts at Synopsys Cybersecurity Research Center (CyRC) have discovered three popular applications that appear to have a serious flaw which could allow online crooks to gain full access to vital data such as user names and passwords.

The apps, which are all available via the Google Play Store, have been downloaded over two million times which is why this latest news is so serious.

All of the software included in the warning offers the ability to transform Android phones into remote keyboards or a mouse for PCs. It’s that handy functionally which is why the applications have proven to be so popular.

However, CyRC says its research has uncovered weak or missing authentication mechanisms and insecure communication vulnerabilities in all three of the apps. This means they could be easy to exploit with hackers then able to use the apps to eavesdrop on keystrokes and see exactly what people are inputting, such as passwords, on their PCs.

It’s a pretty scary flaw and here is the full list of apps affected

• Telepad versions 1.0.7 and prior

• PC Keyboard versions 30 and prior

• Lazy Mouse versions 2.0.1 and prior

READ MORE: Google bans another popular Android app and all UK phone owners must delete it now

Although the developers don’t appear to have meant to have released anything malicious the applications remain vulnerable even though they have been warned about the problems.

CyRC has confirmed that it has reached out to the creators of the apps multiple times but has not received a response.

It appears that all three of the applications remain widely used but they are neither maintained nor supported, and evidently, security was not a factor when these applications were developed.

If you think you have them on your Android phone and are worried but the lack of security, CyRC is recommending you remove them immediately.

Speaking about the threat, Synopsys Cybersecurity Research Center (CyRC) said: “We have exposed multiple vulnerabilities in three applications that enable an Android device to be used as a remote keyboard and mouse for their computers.

“Lazy…

Source…

Security experts urge Chrome users to patch new zero-day exploit immediately

/in


What just happened? Google just released an emergency security update to patch a newly discovered vulnerability in the Chrome web browser. The buffer overflow-based exploit was discovered by Clément Lecigne, a member of the Google Threat Analysis Group (TAG). Google acknowledged the issue and pledged to withhold further details about the vulnerability until the patch has been widely deployed.

The new vulnerability, categorized as CVE-2022-4135, is a heap buffer overflow issue in the GPU that can result in malicious actors gaining unauthorized access to information, induce application instability, or potentially provide permission to execute arbitrary code on the target machine.

Google’s TAG acknowledged the vulnerability in a recent stable channel update that was deployed to prevent further exploitation. Google engineers updated stable channel 107.0.5304.121 for Mac and Linux systems as well as channel 107.0.5304.121/.122 for Windows-based systems. A list of all associated updates and release notes can be found in Chromium’s release logs.

The finding marks the software giant’s eighth zero-day vulnerability of 2022. Previously patched vulnerabilities included:

The heap overflow can provide attackers with the ability to augment functional pointers within an application, instead pointing them toward arbitrarily deployed malicious code. The condition is the result of a buffer overwrite in the heap portion of a system’s memory.

Google’s decision not to immediately share the exploit’s details is a standard practice intended to minimize the vulnerability’s use and impact. By slowing the understanding and awareness of the vulnerability’s details, users have more time to patch and update their browsers before the exploit can be leveraged. It also provides developers of heavily used third-party libraries with the ability to patch the vulnerability, further limiting exploitability.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” – Prudhvikumar Bommana

Chrome users are…

Source…