Featured Post

News Scan for Jun 29, 2020 | CIDRAP - CIDRAP

Image
News Scan for Jun 29, 2020 | CIDRAP - CIDRAPNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPViruses: Breaking new grounds in research | Results Pack | CORDIS | European Commission - Cordis NewsHelping Others Make Healthy Choices - Texas A&M Today - Texas A&M University Today"How Contagion Works" author Paolo Giordano on the environmental, social and political factors impacting coronavirus and future threats - Sydney Morning HeraldPandemic Outbreaks in the Past Decade: A Research Overview - ResearchAndMarkets.com - Business WireNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPPosted: 29 Jun 2020 12:00 AM PDT Ebola infects 4 more in DRC's Equateur province outbreakOfficials have reported 4 more confirmed cases in the Democratic Republic of the Congo (DRC) Equateur province Ebola outbreak, raising the total to 28, the World Health Organization (WHO) African regional office said today on Twitter.So far, no details on the latest cases in the DRC's 11th Ebola outbreak are no…

New EventBot Malware Steals Banking Passwords | Avast - Security Boulevard

New EventBot Malware Steals Banking Passwords | Avast - Security Boulevard


New EventBot Malware Steals Banking Passwords | Avast - Security Boulevard

Posted: 01 May 2020 07:58 AM PDT

A new malware called EventBot is infecting Android devices in order to steal login credentials for banking apps and cryptocurrency wallets, TechCrunch reported. Researchers believe the malware is still a work-in-progress that has not been officially "released" yet, as they have observed several major upgrades since its discovery in March, including new malicious features and improved encryption for its command-and-control server (C2) communications. Icons found in the malware lead researchers to believe that when it is launched, it will masquerade as legitimate Android apps such as Microsoft Word and Adobe Flash. 

Upon infection of the device, EventBot requests many permissions, including access to the device's accessibility features. Once it receives this access, it behaves as a keylogger, has the ability to intercept SMS messages, and can bypass two-factor authentications. Because it doesn't use any signature mechanisms or recognizable coding, researchers believe the malware is brand new, and they are mystified as to its origin. In its current iteration, EventBot seems designed to target over 200 banking and finance applications such as PayPal, Capital One, and Coinbase. 

The malware has not been detected in the official Google Play Store as of yet, and Avast Security Evangelist Luis Corrons reminds users to avoid illegal and unofficial app stores. "Android is the most used operating system in the world," he commented. "According to Google, a year ago there were already 2.5 billion active Android devices. This makes the platform really attractive for cybercriminals, and that is why it is targeted by them. Apart from having your device updated and running a security solution on it, it is key not to install apps from untrusted external sources. Just stick with the millions of apps we can find in the Google Play Store."

CISA updates Office 365 best practices for WFH employees

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to update its recommendations for security best practices regarding Microsoft Office 365, particularly geared toward the working-from-home trend. Due to how quickly businesses switched over to remote working, CISA is concerned "organizations may not be fully considering the security configurations of these platforms." The alert lays out detailed guidance for Office 365 security, which includes advice to use multi-factor authentication, to enable unified audit logging, and to disable legacy email protocols, among other tips.  

This week's stat

$500,000 in 5 months!

That's how much "sextortioners" have netted within that time frame, according to security researchers analyzing the trend. "Sextortion" is the fraud scheme that threatens users with the release of a video showing their online porn habits if they do not pay a financial demand. Read more at Dark Reading

Pirated movies packaged with malware

Malware distributors are taking advantage of the surge in pirated movie downloads during the shelter-in-place lockdowns happening in many countries. The Microsoft Security Intelligence team tweeted about it, calling attention to a cryptomining campaign it observed hiding within movie downloads. Bleeping Computer reported that the campaign is primarily targeting Spain and South America, with pirated versions of popular movies like John Wick 3 being packaged with malware. To avoid falling victim to this kind of threat, users are advised to stick to legal streaming platforms and subscription services. 

Ransomware attack group apologizes and shuts down

The distributors of Shade Ransomware, one of the oldest ransomware strains in existence, announced on GitHub that they are ending their operations and that they are sorry for all the harm they have caused. They included downloads for a set of over 750,000 encryption keys in the post, stating that the set corresponds with all versions of their ransomware over the years and that they hope users can retrieve their data. The group did not provide a reason for their change of heart, but ZDNet reported that researchers have verified the encryption keys as legitimate.

This week's quote

"The education sector is particularly vulnerable during social distancing since they need to adjust operations for over 25 million students across 4,235 higher education institutions in the United States that have been impacted by COVID-19," said Scott Gordon, chief information system security professional at Pulse Secure LLC, commenting on the impact of Chegg's third breach since 2018.

Twitter grants approved applicants livestream of COVID-19 tweets

If applicants can prove that they will use the information for the public good, Twitter will approve them to receive a livestream of COVID-19 tweets. Reuters reported that the social platform's offer is aimed at grant researchers, software developers, crisis management directors, emergency response teams, and community communication organizers. Approved applicants will receive a full real-time stream of every COVID-19 related tweet from the moment they log on. They will not receive tweets that occurred in the past. Applicants also must explain to Twitter how they will protect the privacy and safety of the users represented in the data stream. 

Hacker who served time hacks again

California journalist Matthew Keys was indicted by a federal grand jury in 2013 for stealing hundreds of viewer email addresses from a Sacramento TV station that had fired him, as well as abetting a hacker in altering a story on the Los Angeles Times website. After serving 2 years in prison for the crimes, Keys was released. In 2019, he took a job as digital editor with Comstock's Magazine but quit in January 2020 after a dispute with management. He now stands accused of hacking into Comstock's Magazine's web accounts and deleting its YouTube videos and YouTube account. Probation officers raided Keys' house, seizing 18 devices. Forensic analysis revealed Keys did delete the YouTube videos and account. His hearing is set for June 8. Read more at The Sacramento Bee

This week's 'must-read' on The Avast Blog

Wondering about this TikTok thing that is constantly occupying your kid's time? Understand the security risks and learn how to keep your kid safe with our TikTok tips and advice.  


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/new-eventbot-malware-steals-banking-passwords

Is it Still Safe to Use Avast Secureline? - Tech.co

Posted: 28 Jan 2020 12:00 AM PST

This week, an investigation by Motherboard and PC Mag revealed that security brand Avast was using its antivirus software to collect personal user data. The news came just weeks after it had stopped collecting information from its browser plug-in.

Avast has told us that is hasn't been harvesting information from its Secureline VPN product, although privacy-conscious Avast users are bound to feel cautious after this latest news.

Avast isn't alone in selling user data, but its methods are under scrutiny after this latest investigation. We explain what you need to know.

Unsure about Avast Secureline? See our guide to the Best VPNs for 2020

Avast Selling User Data via Jumpshot

The investigation, a joint probe by Motherboard and PC Mag, focused on leaks that the publications have obtained. These show that Avast has been selling its users' data to high profile customers, such as Google, Yelp and Pepsi. The information – which Avast maintains is anonymous – has been harvested and repacked for a subsidiary, Jumpshot, which it obtained in 2013.  In a 2015 post on its site, Avast explained how the collected data is used and personal data removed:

"We provide Jumpshot with anonymized and aggregated data that we collect from scanning the 150 billion URLs our users visit each month. Using Jumpshot's patent-pending algorithm, all of the personally identifiable information is removed from the data before it leaves Avast servers. Nothing can be used to identify or target individuals."

While Avast claims that it has always been open with its users about the data collected – and offered opt-outs for that that didn't want their data harvested – it certainly ran into problems with major browser operators. A number of browsers removed the Avast plug-in from their services after news of the data collection started to filter through last October. Google, Mozilla and Opera all took the decision to remove the problematic plug-in from their stores.

While Avast has stated that it has stopped data collection via its browser plug-ins, it is still gathering information from the free version of its antivirus software, via an opt-in option. According the leaked documents obtained by Motherboard and PC Mag, this data includes information such as the URLs visited by device, plus when and where the browsing happened. The data shows GPS locations, viewed YouTube videos, and even search terms entered on porn sites.

Is it Safe to Use Avast Secureline?

Avast Secureline is a VPN product from the same company. It promises – as all VPNs do – to keep your data private and hide your identity online. Many VPN users would be horrified of the thought of their data being collected in some way. It's a practice we've seen in free VPNs, but as Secureline is a paid-for product, users wouldn't expect to have their information recorded.

Secureline customers are no doubt concerned about the news of Avast collecting information, but we have seen no indication that the company is adopting the same practice with Secureline. All the information available has shown that while the browser plug-in and antivirus software have been used to collect information, nothing points to Secureline being included in this list. VPN products live and die by their ability to provide protection and privacy to paying customers, so it would be something of a misfire on Avast's part to risk this relationship through data collection.

Update: We reached out to Avast and asked for confirmation as to whether Secureline users were having their data collected. It told us that no data is ever taken from Secureline. An Avast spokesperson stated:

"In December 2019, we acted quickly to meet browser store standards and are now compliant with browser extension requirements for our online security extensions. At the same time, we completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with our subsidiary Jumpshot.
 
We ensure that Jumpshot does not acquire personal identification information, including name, email address or contact details. Users have always had the ability to opt out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV, and we are now also prompting our existing free users to make an opt-in or opt-out choice, a process which will be completed in February 2020.

Our Privacy Policy details the protections we put in place for all our users. Users can also choose to adjust their privacy levels using the broad range of settings available in our products, including control over any data sharing at any time. We voluntarily comply with the GDPR and California Consumer Privacy Act (CCPA) privacy requirements across our entire global user base.

We have a long track record of protecting users' devices and data against malware, and we understand and take seriously the responsibility to balance user privacy with the necessary use of data for our core security products."

How Can I Protect my Data?

In its coverage, Motherboard reached out to users of Avast antivirus software and found that many of them were unaware that their data was being collected. The story serves as a good reminder to be vigilant and check the permissions you have given to your software provider, to ensure you are happy with the information it is actively harvesting about you.

There's a lot of websites and software out there that are collecting your data, and there's a reason. Money. A profile of you as an individual, your likes, dislikes, spending habits and so on are invaluable to companies with deep pockets.

To protect your identity, especially in the week that Data Privacy Day happens to land, it's worth taking a few minutes out of your day to double check what you're giving away, even if you think your information is secure. So, check your profiles, remove the right to collect information or target you for advertising if you're not happy with it, and take back control of your online persona.

The Essential Guide to Coronavirus Scams | Avast - Security Boulevard

Posted: 03 Apr 2020 12:00 AM PDT

The coronavirus pandemic has changed the way so many of us live our lives that it's on many of our minds throughout most of the day. Cybercriminals, always camouflaging their tricks to blend in with the latest topics, know this all too well. As a result, they have already launched countless scams preying on the panic surrounding the virus. So now, in addition to keeping ourselves safe from the novel coronavirus, we also need to protect ourselves from the worldwide outbreak of coronavirus-related cyber scams. 

Most of these are phishing scams, in which the attacker tries to trick us into opening a malicious attachment, clicking a malicious link, or giving away personal information. This is done through outright lying and trickery, but fear not – there are ways to both recognize and combat these scams. 

How to spot an online scam

How to avoid phishing attacks

Guide to better passwords

Identifying  Fake Apps

Avast Threatlabs recently discovered a new wiper malware family called CoViper that is taking advantage of the COVID-19 crisis. The malware masquerades as a file related to the Coronavirus. This devastating malware will rewrite the file that tells your PC what to do when it reboots. The result is a machine that can never progress past an empty boot screen. 

To understand how to avoid these kinds of scams, let's look at the most common types of scams hitting inboxes these days.

  • Industry-targeted emails – Primarily aimed at the manufacturing, transportation, higher education, and healthcare industries, these scams pretend to be important coronavirus information doled out to companies by a virus/ specialist. The emails urge victims to download an attached PDF for important coronavirus safety measures, but once a victim does that, malware is released into the system where it wreaks havoc and harvests data. 

corona_email_2

  • World Health Organization emails – These target individuals on an international scale, claiming to include important tips on how to stop the spread of the virus. Again, victims are directed to open an attachment that lists "safety measures," but it actually unleashes malware into their systems. 

corona_email_3

  • Remote worker email scams – To take advantage of the fact that the majority of the workforce has shifted to working from home, attackers have devised scams that pose as corporate emails directing employees to click a link to sign up for a company seminar. Other variations on this cam request the employees click a Microsoft Word or DocuSign file. In all of these cases, the link or attachment is malicious.

corona_email_1

  • Coronavirus maps – The informative and widely-accessed coronavirus world map by Johns Hopkins that shows real-time data on the global outbreak has been copied and counterfeited many times now. The phony versions are posted as malicious URLs that steal sensitive details stored in browsers, like credit card numbers, while users look at the map. 

How to recognize coronavirus scams

The first step to avoiding these scams is being able to recognize them. The guidance here is similar to how we would spot a fake app, which is essentially to look at the finer details for dead giveaways. To detect phony apps, we look at the developer's name, the reviews, the number of downloads, and other telltale signs of legitimacy. Detecting a coronavirus scam calls for similar vigilance. Use the following checklist if you think you may be the victim of a scam:

  1. Check the source of your email. Look at the sender's email address – does it look authentic? Do you recognize the name? Have you heard of this person or company before?
  2. As always, never click on links in unsolicited emails.
  3. Check website links for strange typos, added numbers, or anything that doesn't look right. Many scammers use lookalike domain names, replacing an L with a 1, an S with a 5, etc.
  4. Think twice (or even thrice) before opening any email attachments, even if you know the sender. Do not click on it unless you are absolutely sure it is safe.
  5. Look over any information you receive through social media with a vigilant eye. Remember that Facebook posts, WhatsApp chains, and Twitter tweets can be doctored by anyone.
  6. Be immediately suspicious of any email that exhorts you to "act now." Many scams rely on the panic that can accompany a sense of urgency to trick people into clicking without first thinking about it.
  7. Legitimate organizations will never send emails soliciting personal information like account numbers, passwords, or social security numbers. If you receive one that does, it's most likely a scam.  

How to avoid and combat coronavirus scams

Just like with the actual coronavirus, you can do your part to stop the spread of these scams by keeping yourself safe and protected. Chances are, you are now working either partly or completely from home. Many scams spread by first getting a foothold in a company's system, usually through simple vulnerabilities like weak passwords. Keep yours robust by following the best practices for passwords – make them complex, never reuse any, and enable multi-factor authentication if it's available. 

Employers will want to keep security hygiene up-to-date with all their remote workers during this time. Make sure all employees are aware of these scams so they can stay vigilant. (Additionally, you can keep your workers sane and sensible with our working-from-home tips.)

The best way we can protect ourselves from coronavirus scams is to only trust information we seek out ourselves. For legitimate science and data regarding this pandemic, we should go to official medical authorities like the Centers for Disease Control and Prevention, the World Health Organization, and the National Institutes of Health.

Let's all work together to stop the spread of misinformation about this virus, to stop the spread of scams playing on this virus, and to stop the spread of the virus itself. At moments like this, we owe it to each other to stay safe, stay kind, and stay smart. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/the-essential-guide-to-coronavirus-scams-avast

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US