Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Image
Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

Avast Secure Browser for Android released, includes a built-in VPN - Help Net Security

Avast Secure Browser for Android released, includes a built-in VPN - Help Net Security


Avast Secure Browser for Android released, includes a built-in VPN - Help Net Security

Posted: 08 Apr 2020 12:00 AM PDT

Avast has released an Android version of Avast Secure Browser to extend its platform support beyond Windows and Mac on desktop to mobile.

Avast Secure Browser for Android

Avast Secure Browser for Android

Avast Secure Browser for Android was developed following Avast's 2019 acquisition of Tenta, a private browser backed by Blockchain pioneers ConsenSys, and has been built from the ground up by privacy and cybersecurity engineers focused on total encryption.

At its core is strong encryption including AES-256, ChaCha 256-bit, and the latest TLS/SSL cryptographic protocols for the data transport layer. To ensure that user DNS requests are kept private and secure, Avast Secure Browser for Android supports multiple DNS options straight out of the box, such as DNS over TLS, DNSSEC and decentralized DNS support.

Security and privacy features

Additional built-in security and privacy features available with Avast Secure Browser for Android include:

  • A VPN that encrypts all inbound and outbound connections to the VPN location
  • A user PIN code for device access that is never stored on any server nor on the device itself
  • Anti-tracking technologies used to prevent websites, advertisers and other web services from tracking online activity
  • Adblock integration to improve website load time
  • An encrypted media vault.

"Our goal is to be the first all-in-one browser to secure our users' privacy along with a frictionless secure browsing experience. Adding support for mobile is another milestone in our journey towards this long-term goal," said Scott Curtiss, VP and General Manager of Avast Secure Browser.

Mobile threats increase

In early March, Avast Threat Lab researchers found that the increasing use of mobile devices around the globe is fueling the growth of mobile-related malware. To date, 131 COVID-19 related apps have been detected as malicious through Avast's apklab.io platform as cybercriminals look to exploit the pandemic using social engineering tactics.

According to statistics gathered by the Avast researchers between October and December 2019, adware (software that hijacks user devices to spam them with malicious ads) is responsible for 72% of mobile malware, with the remaining 28% of threats linked to banking trojans, fake apps, lockers and downloaders.

"There is still a perception among many consumers that on mobile, internet and browser-based threats do not exist," said Curtiss. "This is not the case. Mobile is a lucrative platform for cybercriminals because of its majority market share versus desktop and higher levels of internet traffic. In the past 12 months, we've seen adware rise by 38% on Android."

Later this year, the mobile version of Avast Secure Browser will be made available on iOS. Avast Secure Browser is currently compatible with Windows 10, 8 and 7, Android and macOS.

New EventBot Malware Steals Banking Passwords | Avast - Security Boulevard

Posted: 01 May 2020 07:58 AM PDT

A new malware called EventBot is infecting Android devices in order to steal login credentials for banking apps and cryptocurrency wallets, TechCrunch reported. Researchers believe the malware is still a work-in-progress that has not been officially "released" yet, as they have observed several major upgrades since its discovery in March, including new malicious features and improved encryption for its command-and-control server (C2) communications. Icons found in the malware lead researchers to believe that when it is launched, it will masquerade as legitimate Android apps such as Microsoft Word and Adobe Flash. 

Upon infection of the device, EventBot requests many permissions, including access to the device's accessibility features. Once it receives this access, it behaves as a keylogger, has the ability to intercept SMS messages, and can bypass two-factor authentications. Because it doesn't use any signature mechanisms or recognizable coding, researchers believe the malware is brand new, and they are mystified as to its origin. In its current iteration, EventBot seems designed to target over 200 banking and finance applications such as PayPal, Capital One, and Coinbase. 

The malware has not been detected in the official Google Play Store as of yet, and Avast Security Evangelist Luis Corrons reminds users to avoid illegal and unofficial app stores. "Android is the most used operating system in the world," he commented. "According to Google, a year ago there were already 2.5 billion active Android devices. This makes the platform really attractive for cybercriminals, and that is why it is targeted by them. Apart from having your device updated and running a security solution on it, it is key not to install apps from untrusted external sources. Just stick with the millions of apps we can find in the Google Play Store."

CISA updates Office 365 best practices for WFH employees

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to update its recommendations for security best practices regarding Microsoft Office 365, particularly geared toward the working-from-home trend. Due to how quickly businesses switched over to remote working, CISA is concerned "organizations may not be fully considering the security configurations of these platforms." The alert lays out detailed guidance for Office 365 security, which includes advice to use multi-factor authentication, to enable unified audit logging, and to disable legacy email protocols, among other tips.  

This week's stat

$500,000 in 5 months!

That's how much "sextortioners" have netted within that time frame, according to security researchers analyzing the trend. "Sextortion" is the fraud scheme that threatens users with the release of a video showing their online porn habits if they do not pay a financial demand. Read more at Dark Reading

Pirated movies packaged with malware

Malware distributors are taking advantage of the surge in pirated movie downloads during the shelter-in-place lockdowns happening in many countries. The Microsoft Security Intelligence team tweeted about it, calling attention to a cryptomining campaign it observed hiding within movie downloads. Bleeping Computer reported that the campaign is primarily targeting Spain and South America, with pirated versions of popular movies like John Wick 3 being packaged with malware. To avoid falling victim to this kind of threat, users are advised to stick to legal streaming platforms and subscription services. 

Ransomware attack group apologizes and shuts down

The distributors of Shade Ransomware, one of the oldest ransomware strains in existence, announced on GitHub that they are ending their operations and that they are sorry for all the harm they have caused. They included downloads for a set of over 750,000 encryption keys in the post, stating that the set corresponds with all versions of their ransomware over the years and that they hope users can retrieve their data. The group did not provide a reason for their change of heart, but ZDNet reported that researchers have verified the encryption keys as legitimate.

This week's quote

"The education sector is particularly vulnerable during social distancing since they need to adjust operations for over 25 million students across 4,235 higher education institutions in the United States that have been impacted by COVID-19," said Scott Gordon, chief information system security professional at Pulse Secure LLC, commenting on the impact of Chegg's third breach since 2018.

Twitter grants approved applicants livestream of COVID-19 tweets

If applicants can prove that they will use the information for the public good, Twitter will approve them to receive a livestream of COVID-19 tweets. Reuters reported that the social platform's offer is aimed at grant researchers, software developers, crisis management directors, emergency response teams, and community communication organizers. Approved applicants will receive a full real-time stream of every COVID-19 related tweet from the moment they log on. They will not receive tweets that occurred in the past. Applicants also must explain to Twitter how they will protect the privacy and safety of the users represented in the data stream. 

Hacker who served time hacks again

California journalist Matthew Keys was indicted by a federal grand jury in 2013 for stealing hundreds of viewer email addresses from a Sacramento TV station that had fired him, as well as abetting a hacker in altering a story on the Los Angeles Times website. After serving 2 years in prison for the crimes, Keys was released. In 2019, he took a job as digital editor with Comstock's Magazine but quit in January 2020 after a dispute with management. He now stands accused of hacking into Comstock's Magazine's web accounts and deleting its YouTube videos and YouTube account. Probation officers raided Keys' house, seizing 18 devices. Forensic analysis revealed Keys did delete the YouTube videos and account. His hearing is set for June 8. Read more at The Sacramento Bee

This week's 'must-read' on The Avast Blog

Wondering about this TikTok thing that is constantly occupying your kid's time? Understand the security risks and learn how to keep your kid safe with our TikTok tips and advice.  


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/new-eventbot-malware-steals-banking-passwords

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US