Tag Archive for: warned

Millions warned over Wi-Fi hack that can leak data as FBI warns against using public networks

/in


EXPERTS have raised the alarm on a Wi-Fi hack known as ‘kr00k’ that can expose your search history.

It comes as the US’ Federal Bureau of Investigation (FBI) warns people against using public internet networks.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw

1

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flawCredit: Reuters

Fraudsters tend to prey on the weaker security and bigger victim pool that comes with shared Wi-Fi.

“Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard,” the FBI wrote in a recent announcement.

“Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.”

Experts Mathy Vanhoef, Domien Schepers and Aanjhan Ranganathan have described the kr00k hack as a Wi-Fi “design flaw” in a recent paper.

People are just realising there's a hidden Wi-Fi 'killer' affecting your internet
Wi-Fi users warned over hacking signs – check router for 'criminal' alerts

Information about a network’s management, control and data is documented in what’s known to experts as Wi-Fi frames.

These frames will be queued and buffered so that they’re sent to access points at appropriate times.

Access points are devices similar to the broadband router you have at home, but is designed for local wireless networks that are often found in train stations, airports, shopping centres and hotels.

However, hackers can intercept these frames when they are buffering, according to the three researchers.

This means they can get a text-based breakdown of their victims browser history on almost all devices.

Cyber criminals can evade the security blockades on Windows and Mac computers, as well as iPhone and Android devices.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack,” the researchers explained in their paper, which will be presented at the Usenix Security Symposium later this year.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw.

In some cases, hackers may also need to be…

Source…

Billions of Android and iPhone users warned to delete messages immediately after ‘bank-draining’ attack alert

/in


SECURITY experts have revealed a staggering rise in smartphone phishing scams.

The amount unexpecting people click on the dangerous phishing links has risen by 637% in just two years.

Phishing attacks are said to be on the rise, especially via your smartphoneCredit: Getty

That’s according to The Global State of Mobile Phishing recently released by Lookout.

It states: “2022 had the highest percentage of mobile phishing encounter rates ever — with over 30% of personal and enterprise users exposed to these attacks every quarter.”

And adds: “These attacks are the tip of the spear for more advanced campaigns.

“They can grant attackers access to your apps and data under the guise of being a legitimate user.”

The report claims that over 50 percent of all mobile devices were exposed to a phishing attack in 2022.

Attacks bombard long lists of smartphone users with phishing emails and text messages hoping they can get as many people to click as possible.

Sometimes they target specific people if they want access to where they work or view their personal data as particularly valuable.

Around 36 percent of US smartphone users were said to encounter phishing attacks.

Most read in Phones & Gadgets

HOW TO AVOID A PHISHING SCAM

Firstly, you should be thorough when checking who the email is from.

Even if it looks official, double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address.

Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.”

You should also be wary of links in emails.

If you’re certain an email you have received is a scam, report it to your email provider and delete it.

Source…

Google releases security updates for Android owners with millions warned over ‘critical’ flaws putting phones at risk

/in


Millions of Android owners are being urged to update their devices to fix security flaws making their phones vulnerable to hackers.

Google this week released its March security updates, revealing 60 flaws including critical-level vulnerabilities that need to be addressed.

WATCH THE VIDEO ABOVE: Flip phones making a return with a modern twist.

Watch the latest News on Channel 7 or stream for free on 7plus >>

The flaws are fixed by two security patches, 2023-03-01 and 2023-03-05, that can be downloaded by updating the device.

The first patch fixes core Android components like framework, system and Google Play, while the second deals with fixes for third-party vendor components from MediaTek, Unisoc and Qualcomm.

“The most severe of these issues is a critical security vulnerability in the system component that could lead to remote code execution with no additional execution privileges needed,” Android says in its latest security bulletin.

“User interaction is not needed for exploitation.”

Google chooses to withhold additional information on the two critical-level security flaws affecting the Android system, tracked as CVE-2023-20951 and CVE-2023-20954, to prevent hackers from exploiting devices before the owners have the chance to apply the updates, Bleeping Computer reports.

Two other critical severity vulnerabilities, tracked as CVE-2022-33213 and CVE-2022-33256, have been identified on closed-source Qualcomm components, while all other flaws are high-severity vulnerabilities.

To update your device, head to settings and system update or select security and privacy and then choose security update.

“We encourage all users to update to the latest version of Android where possible,” Android said.

To learn if a device is updated to the necessary security patch level, visit here.

Aussie woman gets stuck in KFC drive through after alcohol interlock goes off.

Source…

Billions of iPhone and Android owners warned over ‘cursed movie’ – one click steals your money and puts you in danger

/in


IT’S almost time for the Oscars and cyber criminals are hoping to cash in on unsuspecting movie fans.

Security experts at Kaspersky are warning that one of the most popular Oscar-nominated movies is being used to steal people’s data and even money.

Security experts are warning about a fake movie scamCredit: Getty

Scammers are said to be creating fake websites that offer victims a fake chance to stream nominated movies for free.

The aim is to steal personal and banking information from victims and sell this on the dark web.

Kaspersky experts have found several websites that aim to do just that.

They ask for “small subscription fees” and promise access to movies but will actually just steal your bank information.

The experts warn that victims then become vulnerable to unauthorized transactions.

Movies being offered by scammers include Everything Everywhere All at Once and Avatar 2.

If an offer to stream a movie seems too good to be true it probably is.

Olga Svistunova, a security expert at Kaspersky, said: “The Oscars 2023 is lucrative for cybercriminals who intensify their malicious activity every year.

Most read in Phones & Gadgets

“It’s crucial to be extra cautious during this event and double-check the authenticity of any website offering free streaming of movies.

“Don’t fall for fake websites or giveaway scams that trick users into giving away their personal information.

“Always use reputable streaming services and double-check website authenticity.”

Kaspersky advises checking the authenticity of websites before you enter any personal data.

You should also be wary of sites that promise early viewings of movies before they’re released.

Source…