Security Alerts

Four More Malicious Adware Apps Discover on Google Play

Here we go again, more malicious apps serving adware, preforming click-fraud and trying to trick mobile users into installing malware were discovered by Malware Bytes. These fours apps are on Google Play in a developer’s account: Mobile apps Group.  These four fraudulent apps have accumulated over 1-Million combined installs. A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users sites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators. Some of these sites offer victims to download fake security tools or updates, to trick users into installing…

Read More

Twitter Phishing Email Attack

With the ongoing uncertainty with Twitter verification, Cybercriminals are trying to take advantage of the confusion.  Emails are being sent from a Gmail account (twittercontactcenter) claiming to be from Twitter Services with a subject Re: Twitter Warning. The email claims Twitter users can keep their ‘free verified status’ if they confirm they are a ‘well-known person’ (what if I am a robot?). The email is sent from a Gmail account, abd links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make…

Read More

Google Removes 16 Ad Fraud Apps

Google Inc. 189,70 -0,45 -0,24% has removed 16 apps from their Playstore that have been found to be performing ad (click) fraud. In addition they were casing users device battery’s to deplete and in some cases causing users to exceeded their data caps. Furthermore, these 16 apps had a combined install base of around 20 million. The apps provided legitimate functions, including flashlight, camera, QR reading, and measurement conversions, security firm McAfee said on Wednesday. When opened, however, the apps surreptitiously downloaded additional code that caused them to perform ad fraud. From then on, infected devices received messages through the Google-owned…

Read More

Weekly Roundup: The Good, The Bad and The Ugly

Today is Sunday, October 2nd: time for the weekly roundup of the good, the bad and the ugly tech news of the week! This week’s picks are centered around user privacy. The Good Some browsers (looking at you Chrome) are going out of their way NOT to help protect their user’s privacy. It is a refreshing change to hear Brave, a privacy based browser built off of Chromium will automatically block cookie consent banners/pop-ups in future releases. One of the unfortunate side effects of the EU’s GDPR is those annoying ‘this site uses cookies, please accept them (so our advertisers…

Read More

Meta bypassing beefy Apple security to spy on millions

Three Facebook, Inc. 196,64 +0,99 +0,51% Facebook and Apple Inc. 251,04 +2,91 +1,17% Apple iOS users have filed class action lawsuits against Meta (parent company of Facebook) accusing of them of bypassing Apple’s updated privacy rules from 2021. These rule changes caused so many people to have opted out that the Electronic Frontier Foundation reported that Meta lost $10 billion in revenue over the next year. To ‘work-around’ this Meta updated the coding of their Facebook and Instagram apps so that links users clicked on were opened in an app browser instead of the user’s default browser. This action was…

Read More

Weekly Roundup: The Good, The Bad and The Ugly

It is Sunday, September 25th and time for a new weekly feature where we look back at the tech news this past week and highlight one each of the: The Good, The Bad and The Ugly. This week as a bit of a slow week even with Microsoft’s Windows 11 22H2 update. The Good There has been much talk these days about slowing down climate change and reducing C02 emissions by getting people to ditch their ICE vehicles in favor of battery Electric Vehicles (EVs). However, the effects of climate change (extreme heat/cold) are taking its toll on the US…

Read More

Morgan Stanley fined $35M: Unencrypted and Unwiped Hard Drives Auctioned

This is ugly, sloppy and overall very unacceptable behavior for a company the size and caliber of Morgan Stanley: Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped. Much of the failure stemmed from the 2016 hire of a moving company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the data of millions of customers. The moving company received 53…

Read More

Spellcheck is a blessing and a curse. On one hand you get instant feedback if you mistype something. On the other hand, it causes people not to know how to correctly spell. However, if users have opted-in to use Chrome’s Enhanced Spellcheck or Microsoft Editor (add-on) in Edge, users could unknowingly be sending Personally Identifiable Information (PII) to Google or Microsoft. Users can check if they opted-in to use Chrome’s Enhanced Spellcheck. by entering: chrome://settings/?search=Enhanced+Spell+Check in the Chrome address bar. Enhanced spell check setting in Chrome needs to be opted-in (BleepingComputer) Now you may be wondering what kind of PII could I…

Read More

Microsoft Edge Users Beware: Tech Support Scam via Newsfeed

Microsoft’s Edge Browser is built off of Chrome is the default (and if S Mode is enabled only) browser for Windows 10 and 11. Some users are being feed fake stories in their Microsoft Edge Newsfeed which when clicked-on can bring up a fake Microsoft Defender Security Center landing page with a toll-free number to call Microsoft. Alternatively, clicking the ‘ad’ may bring the user to a decoy page. This is yet another variation of the ever evolving and popular Tech Support Scams. These fake ads/stories have a catchy headline and picture such as ‘Man Finds a Hidden Cave Inside…

Read More

Tik Tok: We were NOT Hacked

TikTok the short-form video hosting service owned by Chinese company ByteDance is strongly denying claims it has been hacked. TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform’s source code and user information (via Bleeping Computer). In response to these allegations, TikTok said its team “found no evidence of a security breach.” “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” TikTok spokesperson Maureen Shanahan said in…

Read More