Tag Archive for: Urged

Billions of Android owners urged to turn on three hidden safety locks – you’re living on the edge without them

/in


THESE three quick tricks will keep upgrade your phone’s security.

You might be tempted to download a security subscription service to keep your Android safe from hackers or thieves.

There are three life-saving tips that will padlock your phone shutCredit: GETTY

But there are free, ready-to-go safety tricks hidden on your phone — you simply need to know where to look.

Here are three life-saving tips that will padlock your phone shut, according to Computer World.

1. Safe Browsing

Chrome‘s Safe Browsing mode is enabled by default, but there is a newer and more effective version.

It’s called “Enhanced Safe Browsing” and will operate “in the background to provide faster, proactive protection against dangerous websites, downloads, and extensions,” according to Google’s website.

Here’s how you access it:

  • Open Chrome on your Android.
  • Select the three-dot menu icon in the app’s upper-right corner.
  • Select Settings > Privacy and Security > Safe Browsing. Tap the dot next to “Enhanced protection.”

An extra helpful tip: Return to Chrome’s Settings menu and select “Safety check.”

This will open a useful one-tap tool for scanning browser settings and saved passwords, and will let you know of any possible breaches or weak spots in your security.

Most read in Phones & Gadgets

2. Smart Lock

Android’s Smart Lock feature is designed to make security simpler, by pausing the extra protections when it’s in your hands.

It will automatically allow you to keep your phone unlocked whenever you’re in a trusted place like your home or office, or when you’re connected to a commonly-used Bluetooth device, like your earbuds.

Here’s how depending on your device type:

  • For Android 12 and later, Android settings > Security > Advanced Settings.
  • For earlier Android versions, open Android settings > Security > Screen Lock.
  • For Samsung devices, Settings > Lock Screen.

3. Lockdown Mode

No, not that kind of lockdown.

The handy Android setting called “Lockdown Mode” provides you with an easy way to temporarily lockdown your phone.

In this mode, only a pattern, PIN, or password can get a person past your lock screen and into your device.

It temporarily shuts down your phone from all biometric and Smart Lock…

Source…

CISA urged to add 8 severe ransomware bugs to vulnerability catalog

/in


Researchers found that eight of the 131 vulnerabilities associated with ransomware not yet listed in a federal catalog meant to help the cybersecurity community are considered “most dangerous” because they could be easily exploited from initial access to exfiltration. 

A ransomware report from Cyber Security Works, Ivanti, Cyware, and Securin warned organizations not to ignore vulnerabilities that have yet to be added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog (KEV), especially those with complete MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) kill chains where each stage of an attack can be defined, described, and tracked by attackers.  

According to the report, researchers identified 57 extremely dangerous ransomware-associated vulnerabilities with complete kill chains, eight of which are excluded in the KEV. These eight bugs are found in over 30 products, including products by Microsoft, Oracle, Zyxel, and QNAP.

The Ivanti research team highlighted that bugs (CVE-2016-10401, CVE-2017-6884) in Zyxel, a subsidiary of a Taiwanese multinational broadband provider Unizyx Holding is particularly notable because of the nation-state and global threat actor focusing on Taiwan. Additionally, these are old vulnerabilities discovered in 2016 and 2017, yet do not have a patch. 

Srinivas Mukkamala, chief product officer at Ivanti, told SC Media that the research team has reached out to CISA to recommend including all of the severe vulnerabilities to its KEV catalog.  

CISA has yet to respond to SC Media’s inquiry on whether it will add them, or if they plan to do so.  

CISA published the KEV catalog in November 2021 to help organizations manage vulnerabilities and prioritize remediation for free. It started with 287 vulnerabilities and it is now a repository of 866 CVEs.  

Mukkamala said all researchers should actively collaborate with CISA and contribute to expanding the KEV catalog.  

“KEV is the authoritative source of exploited vulnerabilities. We benefit from this best service without having to pay for it. So as defenders, why don’t we give back by sharing our knowledge and information with CISA?” he…

Source…

More than 20 million Android users urged to delete three apps right now

/in


If you entered 2023 with a fitness-focused new year’s resolution, you might be among the millions who have downloaded active apps to stay motivated.

But cyber experts are now warning that dodgy developers could be exploiting your health kick.

WATCH THE VIDEO ABOVE: Queen’s Brian May warns fans his Twitter account has been hacked.

Watch the latest news and stream for free on 7plus >>

Three apps that claim to track and encourage healthy habits are actually serving advertisements and lies.

Pedometer and health tracking apps have been flagged by anti-virus company Doctor Web for claims that users can accrue virtual rewards which can then be exchanged for real money and online gift cards.

However, the developers have removed the applications’ functional ability to withdraw payment in a later update, which effectively means that users attempting to earn money using the app will find their balance becomes worthless.

Apart from being told they can earn these ‘virtual rewards’ by performing fitness tasks, users are also constantly served advertisements and actually encouraged to boost their reward balance by watching them.

The deceptive update was detected in three apps including Lucky Habit: health tracker, which has the same command-and-control (C&C) server as two fitness apps: WalkingJoy and Lucky Step-Walking Tracker.

“This might indicate that they are all connected and that at any moment ‘Lucky Habit: health tracker’ and ‘WalkingJoy’ users may also lose all hope of receiving payments,” Dr Web reports.

All three applications were previously available for download on the Google Play Store, boasting average star ratings above 3.9 stars. However, at the time of writing only Lucky Habit: health tracker was available for download.

The apps had been downloaded over 20 million times cumulatively.

Experts have found that fitness app Lucky Habit, and two associated apps, have been scamming Android users. Credit: Dr Web

The apps’ users are told they need to collect two million “coins” to withdraw the cash equivalent of around $35, but once they have reached the required balance they are prompted to watch 30 more advertisements in order to make a withdrawal.

But after that, no…

Source…

Hospitals urged to tighten DDoS defenses after health data found on Killnet list

/in


The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.

In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”

However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.

As such, provider entities should ensure they have adequate DDoS protection for their web hosting.

Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.

The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed. 

What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.

But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.

The Department of Justice seized 48 internet domains tied to some of…

Source…