Tag Archive for: online

Spyware can infect your phone or computer via the ads you see online – report

/in


(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.)

(THE CONVERSATION) Each day, you leave digital traces of what you did, where you went, who you communicated with, what you bought, what you’re thinking of buying, and much more. This mass of data serves as a library of clues for personalized ads, which are sent to you by a sophisticated network – an automated marketplace of advertisers, publishers and ad brokers that operates at lightning speed.

The ad networks are designed to shield your identity, but companies and governments are able to combine that information with other data, particularly phone location, to identify you and track your movements and online activity. More invasive yet is spyware – malicious software that a government agent, private investigator or criminal installs on someone’s phone or computer without their knowledge or consent. Spyware lets the user see the contents of the target’s device, including calls, texts, email and voicemail. Some forms of spyware can take control of a phone, including turning on its microphone and camera.

Advertisement

Article continues below this ad

Now, according to an investigative report by the Israeli newspaper Haaretz, an Israeli technology company called Insanet has developed the means of delivering spyware via online ad networks, turning some targeted ads into Trojan horses. According to the report, there’s no defense against the spyware, and the Israeli government has given Insanet approval to sell the technology.

Insanet’s spyware, Sherlock, is not the first spyware that can be installed on a phone without the need to trick the phone’s owner into clicking on a malicious link or downloading a malicious file. NSO’s iPhone-hacking Pegasus, for instance, is one of the most controversial spyware tools to emerge in the past five years.

Advertisement

Article continues below this ad

What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange….

Source…

$32k gone and $12k in debt: Woman falls for malware scam while buying fish online, Singapore News

/in


Lured in by an advertisement for grouper fish fillets on Facebook, this woman had the misfortune of falling for a scam, hook, line and sinker.

A woman surnamed Qiu, 58, was contacted by a ‘salesperson’ through WhatsApp on Aug 25 after clicking on the advertisement, Shin Min Daily News reported on Friday (Sept 22).

Qiu was instructed to download an application called “Grab&Go” in order to place her order for the fish.

Although she had her suspicions at first, Qiu decided to go ahead with the ‘purchase’ when she realised the app didn’t ask for her bank information.

Instead, all it required was her name, address and mobile phone number.

That night, however, her phone was suddenly inoperable. She assumed it was out of battery, and tried charging it.

But when she did a routine check on her bank account two days later, Qiu discovered that she only had a few dollars left across three bank accounts.

[[nid:648928]]

Additionally, she found herself some $12,200 in debt on two credit cards.

Qiu immediately reported this incident to the police and approached the bank for information – as it turned out, $32,287 had been withdrawn from her three accounts on Aug 25, she said.

One of the accounts is a joint account shared with her 16-year-old daughter, Qiu told Shin Min. That account now only has $3.06 left of the original $6,000.

“I had put my daughter’s ang bao money, scholarship money and so on in this account, which can then be used to repay my daughter’s insurance loan. 

“There are only four years left on the loan, so how can I bear to terminate it?”

Qiu also reportedly sought help from the Monetary Authority of Singapore.

However, she was told they had no way of helping her retrieve her money.

New variant of malware scams

In a press release by the police on Thursday, they announced their observation of a “new variant of malware scams”. 

Victims in this form of malware scam are contacted by ‘salespeople’ via messaging platforms such as WhatsApp and told to download an application.

Internet banking credentials can then be stolen via a keylogger in these applications, allowing scammers to access victims’ bank accounts and perform unauthorised transactions.

“In the…

Source…

Got an internet-enabled chastity device? Check your online security now.

/in


If you’re into chastity play, you might own an internet-enabled chastity device designed to share your kink with your partner. And you also might want to change your password.

TechCrunch reports that several flaws in an unnamed smart sex toy manufacturer’s servers have exposed over 10,000 of its users’ personal data, including information which can be used to identify them. This includes email addresses, plaintext passwords, home addresses, IP addresses, PayPal logs, and even GPS coordinates.

Unfortunately, there’s no quick and easy way of knowing whether you’ve been impacted. The company has not been publicly identified in order to protect its customers, as the vulnerability has not yet been fixed.

SEE ALSO:

What to look for when buying a sex toy

However, TechCrunch has confirmed that the company makes chastity devices for penises, which can be controlled by a partner using an Android app and an internet connection. Said partner can also track the person wearing the device via GPS. 

Chastity devices, such as harnesses, cages, and straps, form part of chastity play, a kink which involves one partner using a device to prevent themselves from becoming fully aroused. The idea is that once the person is freed from the device, they’ll be able to unleash their full desire.

If you own an internet-enabled chastity device, it might be time for an internet security checkup — and perhaps some consideration to the idea of deleting any unused accounts. Even if you do change your sex toy’s password, your new one could be just as exposed if the server flaw isn’t addressed.

And if you indulge in the cardinal security sin of reusing passwords, you should definitely change any that share the same one as your chastity device.

SEE ALSO:

What are password managers and how to pick the right one

According to the publisher, the vulnerability was first detected by an anonymous security researcher, who told TechCrunch they reached out to notify the sex toy company on July 17. Then, when they did not receive any response, the researcher reportedly vandalised the company’s website to leave a warning to users on Aug. 23.

“[COMPANY] has left the site wide open, allowing any script kiddie to grab any and…

Source…

Ministry of Defence hit by Russia-linked hackers as security secrets are leaked in data posted online

/in


THE Ministry of Defence has been hit by hackers with links to Russia, as security secrets have been leaked and the data posted online.

Hackers have released thousands of pages of information with could be used by criminals to access the HMNB Clyde nuclear submarine base, the Porton Down chemical weapons lab and a GCHQ listening post.

The Royal Navy’s Trident-class nuclear submarine Vanguard

2

The Royal Navy’s Trident-class nuclear submarine VanguardCredit: s

Information concerning high-security prisons and a military site key to our cyber defences was also stolen in the raid by group LockBit.

Hackers are said to have targeted the databases of Zaun, a firm which makes the fences for maximum security sites.

The information was published on the internet’s dark web, which can be accessed with specialist software.

It’s thought the information was stolen last month during an attack on the firm based in the West Midlands, according to a report by the Mirror.

I'm a cyber crime expert, how to avoid latest scams like sneaky WhatsApp trick
I’m a cyber expert and there’s 2 websites you must never search for

LockBit is regarded as the world’s most dangerous hacking gang with its keys suspects listed on the FBI’s Most Wanted list.

It’s thought they are responsible for 1,400 attacks on global targets.

The group is also allegedly behind a £66million blackmail attempt on the Royal Mail – with the postal service refusing to cave in to their demands.

A number of Russian nationals have been accused of cyber attacks and held in both the United States and Canada.

LockBit is said to have financial connections to Russian gangsters.

One document which was leaked relates to specific equipment bought to protect Porton Down in Wiltshire.

Zaun describes its work there as “very secretive”.

Another leaked document posted on the dark web is a sales order detailing goods purchased for HMNB Clyde – also known as Faslane – which is home to Trident nuclear subs.

Other documents include a sales order report for equipment at GCHQ’s communications complex in Bude, Cornwall, as well as security equipment at RAF Waddington in Lincolnshire, where the Reaper attack drones squadron is based, and Cawdor Barracks, the base of the 14th Signal Regiment, which deals in electronic warfare.

Detailed drawings for perimeter fencing at Cawdor, in Pembrokeshire, were attached to company emails.

Paperwork…

Source…