FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Pwn2Own hacking schedule released – Windows and Linux are top targets

By Paul Ducklin
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

LAPSUS$ hacks continue despite two hacker suspects in court

By Paul Ducklin
Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

By Naked Security writer
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

How To Tell If Your Smartphone Has Been Hacked

By McAfee

Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security

Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically. 

Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem. 

Hacking software and their symptoms 

Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways: 

  • Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone.  
  • Trojans: Trojans are types of malware that can be disguised in your phone to extract important data, such as credit card account details or personal information. 
  • Cryptominers: Similar to trojans, this software hides on a device. From there, it harnesses the device’s computing power to “mine” cryptocurrencies. While crypto mining is not illegal, “cryptojacking” a device without the owner’s consent is most certainly illegal. 

Some possible signs of hacking software on your phone include: 

Performance issues 

Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources. 

Your phone feels like it’s running hot 

Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat. 

Mystery apps or data 

If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well. 

Pop-ups or changes to your screen 

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked. 

What to do if you’re worried that your phone has been hacked … 

  • Install and run security software on your smartphone if you haven’t already. From there, delete any apps you didn’t download, delete risky texts, and then run your mobile security software again. 
  • If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone. 
  • Lastly, check your accounts and your credit to see if any unauthorized purchases have been made. If so, you can go through the process of freezing those accounts and getting new cards and credentials issued. Further, update your passwords for your accounts with a password that is strong and unique 

Ten tips to prevent your phone from being hacked 

While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening: 

  1. Use comprehensive online protection software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing online protection on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below. 
  2. Update your phone and its apps. Aside from installing security software, keeping current with updates is a primary way to keep you and your phone safe. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while also introducing new, helpful features. 
  3. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.  
  4. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software such as McAfee Total Protection will include one. 
  5. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and easy to track down.  
  6. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.  
  7. Encrypt your phone. Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted can go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled (typically this is automatic if you have a passcode enabled). Android users have automatic encryption depending on the type of phone. 
  8. Lock your SIM card. Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. By locking it, that keeps your phone from being used on any other network than yours. If you own an iPhone, you can lock it by following these simple directions. For other platforms, check out the manufacturer’s website. 
  9. Turn off your Wi-Fi and Bluetooth when not in use. Think of it as closing an otherwise open door. There are several attacks that a dedicated and well-equipped hacker can make on devices where the Wi-Fi and Bluetooth are open and discoverable. Likewise, while not a hack, some retailers will track your location in a store using Bluetooth technology for marketing purposes—so switching it off can protect your privacy in some situations as well. You can easily turn off both from your settings and many phones let you do it from a pulldown menu on your home screen as well. 
  10. Steer clear of third-party app stores. Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer. 

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.

The self-driving smart suitcase… that the person behind you can hijack!

By Paul Ducklin
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?

S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast]

By Paul Ducklin
Latest episode - listen now! Serious security explained with personality in plain English.

ns-1200-logo-podcast-with-mic-and-rodent-emoji

Copy-paste compromises

By Jatin Jain

Copy-paste compromises: Introduction and overview Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste compromise that we’ll discuss today, malicious actors use open-source or publicly available exploit code, web shells and other tools to gain information. Recently, Australia has revealed […]

The post Copy-paste compromises appeared first on Infosec Resources.

Copy-paste compromises was first posted on September 30, 2020 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Fuzzing introduction: Definition, types and tools for cybersecurity pros

By Pedro Tavares

Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application is not a matter of simply exploiting a specific point of an application, but also acquiring knowledge and potential crashes that could be explored in-depth through the implementation of crafted payloads […]

The post Fuzzing introduction: Definition, types and tools for cybersecurity pros appeared first on Infosec Resources.

Fuzzing introduction: Definition, types and tools for cybersecurity pros was first posted on September 30, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Format String Vulnerabilities Exploitation Case Study

By Srinivas

Introduction: In the previous article of this series, we discussed how format string vulnerabilities can be exploited. This article provides a case study of how format string vulnerabilities can be used to exploit serious vulnerabilities such as Buffer Overflows. We will begin by understanding what stack canaries are and then we will exploit a Buffer […]

The post Format String Vulnerabilities Exploitation Case Study appeared first on Infosec Resources.

Format String Vulnerabilities Exploitation Case Study was first posted on September 29, 2020 at 2:55 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications

By Dimitar Kostadinov

Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy to compromise and manipulate. Security (and privacy) by design is key for IoT, and probably the only effective way for a smart gadget to protect its communications is […]

The post IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications appeared first on Infosec Resources.

IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications was first posted on September 29, 2020 at 2:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
❌