Security

Viber, other Android apps are at risk of getting hacked right now

Patches are still being developed

Published

on

If you read most vulnerability reports today, most risky apps are, quite obviously, risky. Most have names that clearly reveal their nature to a discerning user. However, there are rare times when reliable apps fall into occasional pits of controversy. Now, for example, some of the world’s more popular apps — like Viber — are current at high risk of getting your phone hacked.

Specifically, the vulnerability affects the Google Play Core Library, one of Google Play Services’ essential systems. Without getting into technical details, malicious parties can exploit the vulnerability and access an Android phone’s system files. In there, the hacker can then consider itself as coming from a verified source, bypassing Android’s usual security measures. Thankfully, Google had already patched the vulnerability earlier this year.

However, besides Google themselves, the affected apps should also patch their own software to reflect the changed, more secure system.

Today, Check Point Research named some of the apps that they already notified of the vulnerability. The list includes Viber, Booking.com, OKCupid, Edge, Xrecorder, and PowerDirector. On the other hand, a few listed apps — like Grindr and Moovit — has already patched their respective apps after being listed today.

If you have any of the apps listed, it might be a good idea to shelve the unpatched apps for now. If they have already been patched, grab the latest version as soon as you can.

SEE ALSO: Snapdragon chips have over 400 new vulnerabilities

CES 2021

Hedgehog protects your smart home from cyber attacks

This homeware keeps people, data, and devices safe

Published

on

Protecting your home is more than just smart locks, CCTVs, and firewalls for your digital premises. With the rise of the Internet of Things (IoT) or those appliances and devices that are becoming smarter, life has been easier. However, the price of convenience comes with the risk of a new threat: cyber attacks.

These days, both enterprises and homeowners must increase security at all levels. As such, we need an extra guardian. Meet Hedgehog, the “world’s first whole home” cybersecurity device.

Launched at CES 2021, Hedgehog was described as a home’s digital guardian, protecting the household from possible attacks that firewalls and anti-virus software can’t.

The digital guardian we need?

Unsure how you can possibly be attacked? Imagine if your smart fridge got hacked, or if your smart vacuum malfunctioned. How about if your smart locks break and make it possible for actual thieves to enter your home.

These situations aren’t far from happening in our reality. After all, cyber criminals are actively and increasingly targeting everyday people. Home networks are easy to target to access personal and corporate data, especially at an age where people are remotely working from home.

Hedgehog aims to protect the entire home and all IoT devices inside a network. From phones, fridges, PCs, speakers, webcams, tablets, and Smart TVs — basically anything that’s smart enough to use the Internet and make your life easier.

A smart, functional homeware

Despite being a digital guardian, Hedgehog doesn’t dismiss your existing firewalls and anti-virus software. Rather, it works alongside those security measures and other home security products, offering holistic protection. It simply shields all the people, devices, and networks within a home.

Even though it’s a smart piece of technology, designed to look like homeware. Its unassuming look helps it blends easily. It’s also smart enough to install itself and connect to an existing Wi-Fi connection.

And when it does, it watches the entire household, identifying anything suspicious, and alerts the home-owner via an app. It also neutralizes threats quickly and effectively, protecting both data and people.

Price and availability

The Hedgehog device and its annual subscription are available to pre-order at a discounted price of EUR 99 with no subscription fees. It’s available in two colors: Orange Belly and Midnight Blue. Get more information about the device and its offers through this link.

Continue Reading

Computers

Cybersecurity threats to lookout for in 2021 and beyond

Threats to intelligent edge computing and 5G-enabled devices will increase

Published

on

Illustration/Sketchify via Canva

Researchers from Fortinet have identified several cybersecurity threats for 2021 that will greatly impact both the consumer and enterprise sector. By 2021, cybersecurity threats on intelligent edge computing and 5G-enabled devices will double as most companies continue to implement remote working schemes.

A new wave of cybersecurity threats will also arise due to advances in computing. These threats have the potential to disrupt a large number of businesses and consumers in the future. Thus, preparation and eventual mitigation are key to stemming the potential disruption by these threats.

Threats on the intelligent edge are on the rise

Intelligent edge computing is more popular than ever thanks to remote work with most employees making use of personal and interconnected devices to access the company network. However, intelligent edge computing presents new threats as cybercriminals exploit these “edges” (i.e. connected IoTs, personal devices) thanks to a decentralized approach by companies.

These threats can run the gamut from ransomware to malware. As intelligent edge computing booms, cybercriminals can specifically target edge devices with malware that could disrupt corporate networks. They can design malware that could understand usage patterns, adapt accordingly, and attack networks with little to no risk of suspicion. Moreover, sophisticated malware may spread through networks to propagate additional attack commands or disrupt more networks and devices.

Ransomware on the rise

This 2021, consumers and businesses should be more concerned with social engineering-based attacks and ransomware. One of the most common forms of social engineering-based attacks is phishing. In phishing, cybercriminals send fake emails supposedly from legitimate entities coercing users into sending their personal information. For example, a user may receive a fake bank email notice warning of impending account closure but contains malicious links instead.

Illustration/Sketchify via Canva

These attacks may even lock users from their personal data, holding them hostage until they pay a hefty amount of cash. Ransomware attacks do just that, affecting not only consumers but also the enterprise sector. As more businesses rely on edge devices for critical operations, the potential for a future ransomware attack rises significantly posing more risks than ever before.

Human lives are also at stake with ransomware attacks that blow out of control. An example of this happened last year when several hospitals across the US were hit by a variant of the Ryuk ransomware. As a result, several hospitals have to transfer their patients to other facilities since their systems cannot perform patient monitoring and other critical operations.

Advances in crypto mining and attacks on satellite-based networks

Bringing artificial intelligence and machine learning could also open up advances in crypto mining. While not inherently bad, cybercriminals can infect consumer devices more easily and gain access to system resources. When abused, crypto mining could potentially impact any device and affect users’ experience.

Meanwhile, network operators should prepare for more advanced attacks as they become reliant on satellite-based systems. Cybercriminals could infect a satellite base station and propagate malware to connected devices. Satellite-based networks could become a conduit for distributed denial-of-service (DDoS) attacks in this way.

As an example, a cybercriminal could hijack a base station and inject scripts into other devices. In turn, infected devices could run malicious commands that could disrupt the connection of other networks.

Quantum computing, preparing for present and future threats

Quantum computers are the next big thing in computing, relying on qubits instead of the traditional binary bit present in all devices today. Research in quantum computing has made significant progress over the years, with working quantum computers not too far on the horizon.

Quantum computers, however, could also pose a new problem in the future. In the future, these can break traditional encryption algorithms rendering encryption moot. Fortinet advises businesses to adapt accordingly by using the principles of crypto agility.

Illustration/Sketchify via Canva

In the meantime, businesses can readily adapt to these threats through a careful combination of technology, people, training, and partnerships. Artificial intelligence (AI) and machine learning (ML) are also key technologies for preparing against and mitigating future cybersecurity threats. Businesses can train AI to spot attack patterns and identify threats even before they become a reality.

Partnerships are also vital in stemming the tide against cybercriminals. The enterprise sector, for example, could partner with law enforcement agencies for information sharing and dismantling of malicious networks.

Cybersecurity threats are here to stay

Connected devices have transformed society by enabling instant communication and richer user experiences. However, it also opens up new threats from cybercriminals willing to exploit and gather sensitive data.

There’s an old adage that says that an ounce of prevention is worth a pound of cure. The same adage applies all the more in cybersecurity. Threats are here to stay, so consumers and businesses should prepare and mitigate potential impacts as much as possible. Thankfully, it is easy to stay safe and protected by following best practices.

SEE ALSO: 6 tips to make your phone more secure and private

Continue Reading

India

Data of 100 million credit, debit cardholders leaked

A close call for everyone!

Published

on

Sensitive data about 100 million credit and debit cardholders have leaked on the dark web. For now, we know that it includes full names, mobile numbers, emails, addresses, and even the last four digits of their card.

Cybersecurity researcher Rajshekhar Rajaharia found the data dump and confirmed to Gadgets360 that it was on sale. “The hacker was contacting buyers on Telegram and was asking for payments in Bitcoin,” he added.

It appears the leak is associated with the payments processing platform Juspay. Global merchants like Amazon, Swiggy, Bookmyshow, Cred, Vodafone-Idea, Bigbasket, and more rely on the platform’s tech stack to process transactions seamlessly.

Juspay is an Indian company and most of its clients are based in the country. It has Payment Card Industry Data Security Standard (PCI DSS) Level-1 compliance, considered to be the best in the industry. Visa, Mastercard, and Discover define Level 1 merchants as those processing more than 6 million credit card transactions annually.

While the leaked dataset cannot be directly linked to Juspay, a comparison of the MySQL database against Juspay’s API documentation prove the connection. The structure of the two files is identical, indicating that there was a genuine breach.

Juspay founder Vimal Kumar acknowledged that they detected an unauthorized breach in August but could terminate it within some time. Kumar added that no sensitive information like card details was not completely exposed. Meaning users are still safe, financially.

Continue Reading

Trending