Tag Archive for: Unknown

The ‘Riskiest’ iPhone Apps Security Experts Say You Should Delete To Protect Your Personal Data Include Antivirus & Unknown VPN Apps


woman-holding-iphone

woman-holding-iphone

You can download some apps, keep them on your phone for a lifetime, and they’ll only ever offer you joy and never cause you trouble. Unfortunately, that’s not the case with all apps. Being mindful and careful about the apps that you download is one wise way to protect your data and privacy against hacking attempts and other issues. But it’s also a good idea to periodically go through the apps you have downloaded and decide which should stay and which you can afford to part with. Doing this can help you manage your storage better and may even help your battery power. Tech Expert Sufyan Mughal from Gaming Tech Review considers these the “riskiest” iPhone apps that you should delete to protect your personal data. 

App: Unverified Third-Party App Stores

Risk: Unverified third-party app stores pose a significant security risk as they often distribute modified or pirated versions of legitimate apps, Mughal says. “These apps may contain malware, spyware, or malicious code that can compromise your iPhone’s security,” he continues. “To make it less risky, it is strongly advised to uninstall unverified third-party app stores and rely solely on the official App Store for downloading apps. Apple’s strict app review process ensures that apps available on the App Store are thoroughly vetted for security and privacy concerns.”

App: Outdated and Abandoned Apps

Risk: Outdated and abandoned apps that are no longer supported by their developers are potential security vulnerabilities.

 

“These apps may contain unpatched security flaws, making them an attractive target for attackers looking to exploit known vulnerabilities,” Mughal says. “To mitigate this risk, regularly review the apps installed on your iPhone. If you come across outdated or unsupported apps, consider deleting them. Developers typically release updates to address security issues, so it’s crucial to keep your apps up to date by installing updates from the App Store.”

 

App: Suspicious or Unknown VPN Apps

Risk: Suspicious or unknown VPN (Virtual Private Network) apps can compromise your privacy and security. “Some VPN apps may harvest your personal data, inject ads, or…

Source…

Kaspersky says attackers hacked staff iPhones with unknown malware


Image Credits: Wong Yu Liang / Getty Images

The Russian cybersecurity company Kaspersky said that hackers working for a government targeted its employees’ iPhones with unknown malware.

On Monday, Kaspersky announced the alleged cyberattack, and published a technical report analyzing it, where the company admitted its analysis is not yet complete. The company said that the hackers, whom at this point are unknown, delivered the malware with a zero-click exploit via an iMessage attachment, and that all the events happened within a one to three minute timeframe. At this point, it’s unclear if the hackers exploited new vulnerabilities that were unpatched at the time, meaning they were so-called zero-days.

Kaspersky researchers said that they discovered the attack when they noticed “suspicious activity that originated from several iOS-based phones,” while monitoring their own corporate Wi-Fi network.

The company called this alleged hack against its own employees “Operation Triangulation,” and created a logo for it. Neither Kaspersky nor Apple immediately responded to requests for comment.

Kaspersky researchers said they created offline backups of the targeted iPhones and inspected them with a tool developed by Amnesty International called the Mobile Verification Toolkit, or MVT, which allowed them to discover “traces of compromise.” The researchers did not say when they discovered the attack, and said that they found traces of it going as far back as 2019, and that “attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.”

While the malware was designed to clean up the infected devices and remove traces of itself, “it is possible to reliably identify if the device was compromised,” the researchers wrote.

In the report, the researchers explained step by step how they analyzed the compromised devices, outlining how others can do the same. They did not, however, include many details of what they found using this process.

The researchers said that the presence of “data usage lines mentioning the process named ‘BackupAgent’,” was the most reliable sign that an iPhone was hacked, and that another one of…

Source…

S’pore police: Don’t download files from unknown sources on phones, risks of losing private pics & vids, banking & social media credentials real – Mothership.SG


Follow us on Telegram for the latest updates: https://t.me/mothershipsg

The Singapore police and the Cyber Security Agency of Singapore (CSA) has issued an advisory to remind the public of the dangers of downloading files from unknown sources that can lead to malware installation on victims’ mobile devices.

This may result in confidential and sensitive data, such as banking credentials, being stolen.

Don’t download things from sketchy sources

The advisory said malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown email attachments and visiting of malicious websites.

Users should also be wary if they are asked to download unknown or suspicious Android Package Kit (APK) files onto their mobile devices.

This files may appear with seemingly genuine naming conventions, such as GooglePlay23Update.apk or GooglePlay.apkUpdate.apk.

These are not official APK files released by Google even though they contain the references to “GooglePlay”, the advisory warned.

Plenty of risks

Upon installation of the mobile malware, users’ mobile devices may be exposed to the following risks:

• Significant decline in the mobile devices’ performance

• Unauthorised access to the mobile devices’ systems/ data that allow attackers to remotely control infected mobile devices, possibly resulting in loss of user control

• Unauthorised installation or uninstallation of applications

• Interception of SMSes

• Receipt of unwanted push notifications or warnings

• Exfiltration of confidential and sensitive data stored in infected mobile devices such as banking credentials, stored credit card numbers, social media account credentials, private photos and/ or videos, among other information.

Attackers can use such information to gain unauthorised access to users’ social media accounts to perpetrate impersonation scams or perform fraudulent financial transactions that results in reputational and monetary losses.

Prevention methods

Members of the public are advised to take the following steps to ensure that their mobile devices are adequately protected against malware:

• Only download and install…

Source…

Unknown Hacker Steals Data of a Billion Chinese Citizens


Breach Notification
,
Cybercrime
,
Cyberwarfare / Nation-State Attacks

Data Has Been Put on Sale for 10 Bitcoin, Equivalent to About $200,000

Unknown Hacker Steals Data of a Billion Chinese Citizens
(Source: ISMG)

A misconfigured Aliyun or Alibaba private cloud server has led to the leak of around one billion Chinese nationals’ personal details. An unknown hacker, identified as “ChinaDan”, posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoin, equivalent to about $200,000.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Touted to be one of the largest data breaches in history, the data was allegedly stolen from Shanghai National Police database, containing Chinese national’s personal details including names, home addresses, criminal records, ID and phones numbers.

“Our threat intelligence detected 1 billion resident records for sale in the dark web, including name, address, national id, mobile, police and medical records from one Asian country. Likely due to a bug in an Elastic Search deployment by a gov agency,” says a Tweet by Zhao Changpeng, founder and chief executive officer of cryptocurrency exchange Binance. “This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.”

Source…