Latest News - / Security - Posts

Google just pulled a bunch of password-stealing apps from the Play Store

 

One reason why you would decide to utilize Google's Play Store as your application store of decision is a result of the different safety efforts that Google has set up. The organization not just audits applications that are submitted to the store, yet there are likewise frameworks set up to guarantee that they are liberated from malware.

 

Tragically, here and there some applications can by one way or another sneak by the radar, such is the situation with a lot of applications found by Dr. Web in which these applications been able to fool clients into surrendering their Facebook passwords. These applications likewise had all the earmarks of being well known where it was assessed that joined, these applications figured out how to pile up more than 6 million downloads. As per Dr. Web:

 

"Subsequent to getting the vital settings from one of the C&C workers upon dispatch, they stacked the genuine Facebook website page https://www.facebook.com/login.php into WebView. Then, they stacked JavaScript got from the C&C worker into a similar WebView. This content was straightforwardly used to capture the entered login qualifications. From that point onward, this JavaScript, utilizing the techniques gave through the JavascriptInterface explanation, passed taken login and secret key to the trojan applications, which then, at that point moved the information to the aggressors' C&C worker."

 

Fortunately, Google has since eliminated all the culpable applications from the Play Store. The organization has likewise restricted the engineer accounts subsequently. We don't know the number of clients may have been influenced, however on the off chance that you have downloaded any of these applications and utilized Facebook to login, then, at that point possibly you should consider changing your secret phrase ASAP.


HOW TO USE TWO FACTOR AUTHENTICATION IN 2021 WITH EASE

 

What is Two-Factor Authentication

You might have noticed that some of your online accounts require a PIN number for logging in, in addition to your username and password, and wondered why that is the case. Or you might have pondered why you need to enter your PIN code after you have inserted your credit card into an ATM machine before you can withdraw your money. Such redundant verifications are the applications of an emerging security technique in the world of cybersecurity known as Two Factor Authentication (2FA). The two-step verification process requires that the users enter two pieces of information (i.e., factors) to prove they are who they claim to be thus instituting efficient protection against the rising number of phishing attacks and account takeovers.

 

Vulnerability of passwords

The concept of passwords has been around since 1960s, and it still is the most fundamental element of cybersecurity today. A password acts like a key to your account by giving you access to what is yours and denying everybody else the same.

 

Of course, hackers have also been around for just as long as passwords, so back in the days a typical safety guideline to protect your account sounded like "change your passwords frequently", "favor random unique and complex passwords over dictionary words", "use password managers", "set different passwords for different accounts" etc.

 

However, with burgeoning computing power at the disposal of cybercriminals and a swelling amount of malware enabled by it, passwords alone are no longer sufficient to keep hackers out of your system, no matter how "complex", "random", "unique" or "frequently changed" they might be.

 

In spite of the fact that passwords are no longer stored in databases in the form of plain text like they once used to (as a safety measure against data breach) and are now stored cryptographically through a process named hashing, a typical 9 character long hashed password can still be cracked by advanced algorithms in just two hours. 2FA acts to increase the number of security layers to the user's login process, thus making it harder for hackers to break in. With a staggering rise in the number of cybersecurity attacks during COVID-19, it is all the more important to add a little more safety to your accounts, and enabling a two-factor authentication system is the right place to start.

 

Strength of Multi (or Two) Factor Authentication

To truly understand the two-factor authentication system, it is important to understand Multi-Factor Authentication (MFA) first because the former is just a subset of the latter.

 

MFA basically consists of three fundamental ways (of which there are several derivatives) to gain access to a given entity. These include PIN/password, biometrics (fingerprint, retinal scan or facial recognition), and out-of-band verification methods like SMS. Understandably, 2FA includes any two of the stated verification methods thus affording you significant protection even if your password or network connection is compromised.

 

Let us now walk you through MFA methods, any combination of which is recognized to be powerful against threats.

 

PIN / Password

When you sign up for a newsletter or a social media account, you basically create an account for yourself which includes setting up a username and password to erect your first layer of defense.

 

Push Notifications

Push notifications are gaining popularity as a means of authentication. The most common example is how Google sends authentication codes to previously authorized devices every time a new device associated with a given user requests access. This method provides users with an opportunity to agree or deny the login attempt depending on whether or not they recognize it. If the user provides his/her consent, a signal to the webserver is generated which completes the authentication process.

 

Out of band verification code

Out of band verification methods rely on connections other than the internet to communicate the code to you. The most common methods are SMS and robocall. Never use email for code verification as that could be easily hacked.

 

The only downside to SIM-based methods is that if you are traveling abroad and cannot receive your code on your SIM, you are effectively locked out of your own account. Physical 2FA token is emerging as a method of choice which also successfully does away with this limitation. It is a device that works by generating codes to unlock your accounts. For example, Facebook and Amazon both have code generators that work very well with their respective websites by generating unique codes at every login attempt. The downside is, they cannot be used for any other account than the one they are made for.

 

Biometrics

Biometric verification includes voice recognition, facial recognition, fingerprint, or retinal scan. This method is getting increasingly popular because it is instantaneous. The moment you expose your biometric signature to a computer sensor, it reads your identity and authenticates it thus saving you the time typically spent waiting for an authentication code to be received on your phone.

 

Authenticator apps

There are numerous authenticator apps on various app stores which work the same way as a physical 2FA token by generating one-time, unique access codes for every login attempt. Both Microsoft and Google have their respective authenticator apps.

 

Both Microsoft and Google have their respective authenticator apps

 

Conclusion

In spite of 2FA's effectiveness against ID theft, there is a small price to pay for the additional security you are getting. If you happen to lose your mobile phone, or it just so happens that its battery dies, you will be locked out of all your accounts for which your authentication is set to be via text message, authenticator app, or QR code, and until you recover and resuscitate your phone, you will not be able to get your access back.

 

However, keeping in view its utility, this price is peanuts particularly in comparison to all the likely losses which can be incurred in the aftermath of cyberattacks which one becomes vulnerable to in the absence of a two-factor authentication system in place. So, the next time you make an account on a website and are asked if you would like to enable Two-Factor Authentication, be sure to click on "Yes".


Court records uncover that Google evidently made it harder for clients discover the privacy settings

 

Organizations like Google depend a ton on client data to help them sell promotions and administrations. On the off chance that they understand what sort of things you look for and are keen on, they would then be able to make promotions that will entice you to purchase things, which thusly will allow them to charge sponsors more cash since it works.

 

Simultaneously, the organization has kind of advocated client privacy, however that may not generally be reality. In a report from Insider, they have uncovered unredacted court archives which imply that Google had intentionally made the privacy settings on smartphones hard for clients to discover.

 

They even claim that Google had compelled phone producers into keeping the privacy settings on phones covered up so clients would make some harder memories to turn it off. The reports likewise propose that Google had gathered area information on clients even after clients had unequivocally killed area sharing.

 

This revelation is important for a claim that Arizona Attorney General Mark Brnovich had recorded against Google back in May 2020 over supposed illicit following of Android clients' area. Google has since reacted to the reports wherein they guarantee that Brnovich "and our rivals driving this claim have made a special effort to misrepresent our administrations. We have consistently constructed privacy highlights into our items and gave hearty controls to area information. We anticipate putting any misinformation to rest."


How to Choose the Right Backup Solution?

 

Introduction

Given today's reality regarding the importance of data and its protection, convincing business leaders that they need to have a comprehensive backup policy is no longer necessary. What is necessary for business leaders is choosing the right backup solution for their organization. This can be complicated, costly, and ultimately fail to meet the current or future needs of the organization. What follows is a guide of requirements that your chosen solution should at least meet if not exceed.

 

Reliable

The Internet is full of guides advising readers on how to best choose their backup solution, some of them are great while others focus on factors that may only become important in the organization's future. The first and most important factor, sometimes never discussed and often assumed, is that the solution needs to be reliable and work when needed. In order for any solution to check the best backup solution box, it needs to guarantee that no data will be lost and perform consistently as expected.

 

Ability to Adapt

For many organizations, several technologies and systems have been adopted. The backup solution needs to be able to cover all these bases. Further, ideally, the solution needs to be able to cover future adoptions and technology upgrades to leave no gaps in the data protection policy. This includes migration to cloud services and cloud storage.

 

Simple to Use

Your chosen solution should not place any additional administrative burdens on your IT teams. It should be easy to use and operate to ensure that data protection policies are best served by the solution. If the solution has a steep learning curve it may not be the solution for you. While being easy to use it must be comprehensive and complete. The varied requirements of an organization need to be met so if the solution is simple both in its operation and its scope of protection it will leave the organization open to a nasty surprise in the future.

 

Wide Scope

Given the varied data, as well as the sheer amount of stored data, organizations deal with daily a backup solution needs to include a wide scope of tasks it can complete. These include functionality to both start and stop processes, create and delete files, generate alerts, validate that backups are not encountering errors, and much more.

 

Data Retrieval

Being able to back up the organization's data is half of the story. The chosen solution also needs to be able to retrieve the backed-up data when needed in an emergency or otherwise. In general, solutions that follow legislative requirements, international standards, and best practices place a shared emphasis on data retrieval as well as data backup.

 

Virtualization

Just as being able to cater to cloud solutions has become a vital facet of modern backup solutions, so has virtualization. By this what is meant is that backup solutions need to be able to cater to virtual environments employed by the organization. This is true for images created on the platform and machines running virtual environments.

 

Conclusion

This list is by no means exhaustive, but it does include some helpful tips for choosing your backup solution. These tips have also been considered with both current and possible future demands an organization might have.


5 Essential keys to protecting your mobile device

 

In this era of advanced technology where the internet has become a basic necessity and without it, the survival of humans is not possible. It has offered people endless knowledge, entertainment and also improved communication, sharing and connectivity to great extent. Because of it, many people have made millions online out of their businesses and it also allows you to carry your basic transactions online. As every coin has two sides, the internet also has two sides, the first side is the good side which is already explained above and the other side is the bad one. Many hackers have started taking advantage of the internet and started invading people's privacy. They break into your mobile or computer's system and then steal or personal information or either they change it. They can also transact out money out of your bank without your knowledge or consent.

 

Using your phone, tabs, or any other devices on local cellular wifi is an invitation to all the vulnerabilities and is susceptible to hackers too. One should protect his/her device as it can then carry out transactions easily, cannot get hijacked, and also can save their details easily in their mobile or any other device.

 

What can you do to protect your mobile device?

Here is a list of few things which you can do as an individual to protect your as well your family's devices -

 

1. Encrypt your mobile device communication

When surfing the internet or browsing online, third parties and hackers can view your online activity when your internet connection is unencrypted. This can lead to loss of privacy, private data, and even sensitive information, leaving you vulnerable to cybercrime or cyberattacks. Buy a VPN to hide your IP address and encrypt online traffic so that third parties or hackers cannot see it.

 

2. Create a Strong PIN or Password

Keeping a weak passcode or a pin in your device can easily help the hacker or thief to unlock your device and then all your information is accessible. All your details, bank-related details, OTPs are all exposed to the hacker and they can easily leak your information or can carry transactions in their account. The solution for this is to keep a strong passcode or a pin which is not common like 1234 or 0000 like this.

 

3. Use multifactor authentication on your accounts

Multifactor authentication is required in certain cases like logging into your emails or a new app because if it is not there then a hacker can easily login into your emails or obtain your password and then change it and you cannot use it again. Many email providers have started multi-factor authentication on their accounts so that proper security is maintained.

 

4. Having antivirus software

If there is no antivirus software in your mobile or any other devices then any virus can enter your mobile while you go to any site and then corrupt your data and ultimately you lose all your data. One should have antivirus software on your mobile as well as on your computer or laptop too. It will not allow the virus to enter your mobile and fix all the bugs.

 

5. Do not rely on unencrypted WiFi Networks

Having WiFi without a strong and good password or using public WiFi is an open invitation for hackers to enter into your mobile or computer system as they are not secured at all. Your online activities can easily be tracked through Man-in-the-middle attacks and other methods too. Using the already mentioned VPN can help you solve this problem and it will make your WiFi network encrypted ensuring one not being able to enter your system.

 

Smartphone hacking is a lucrative business, it is as easy to hack a mobile device as clicking on a wrong link. Because buying and reselling data nowadays is a business which is growing vastly during these situations we are in. Many cybercriminals are interested in exploiting your data not because it's easy, it's because it's worth it. It has a lot of worth because as we all know phones are our digital autobiography book and it is an inseparable part of our lives with so many personal details in it. So, giving access to your phone is giving access to your mind, therefore, don't take the security of your phone lightly and take every possible measure to avoid such data losses and threats and protect your device. Don't give access to your phone to anyone without following proper security protocols. Therefore, think of your present as well as future and protect every possible thing on your phone, or I can say protect everything about you.

Results per page:
<< 1 2 3 4 5 6 ... 10 >>
Description

youmobileorg
Posts: 8477





© 2023 YouMobile Inc. All rights reserved