Tag Archives: dangerous

Most dangerous Android threat in years: Attackers threaten to take ‘complete control’

Android users often hear alerts about dangerous new Google Play Store apps or malware to avoid. And with warnings coming left, right and centre, it’s easy to begin to glaze over a little when the next ‘red alert’ comes along. However, the latest Android alert is one Google fans cannot take lightly. Trust us.
The latest warning comes from the horse’s mouth – Google, the company that owns and develops Android. The Californian search company revealed this week the existence of four Android new vulnerabilities out in the wild that bad actors know about – and have been actively exploiting.

All four of these vulnerabilities allow threat actors to execute malicious code to take complete control of an Android device. The reason this latest alert is so important for Android users to take heed of is such exploits are a rarity. As reported by Threatpost, since 2014, there have only been six Android bugs to be exploited in the wild.

This means the four vulnerabilities announced this week make up two-thirds of all zero-day threats that Android users have faced since 2014. Yikes.

READ MORE: Biggest Android update in years makes your phone look like new

In 2020, Google only disclosed one zero-day Android vulnerability, according to security firm Zimperium. The latest security threat was revealed by Google in an update to its May security bulletin on Wednesday. The post, originally published on May 3, highlighted 50 vulnerabilities that Android users needed to be aware of. And in the latest update to the bulletin, Google said there were “indications” four of these “may be under limited, targeted exploitation.”

Maddie Stone, the security researcher with Google’s Project Zero, also added on Twitter: “Android has updated the May security with notes that 4 vulns were exploited in the wild”. All four of these vulnerabilities could allow hackers to take complete control of an Android device, with all of them affecting GPU firmware code. Two can affect the ARM Mali GPU driver, while the other two impact the Qualcomm Snapdragon CPU graphics component.

DON’T MISS: Looking to buy a new Android phone? Pixel 6 leaks may make you wait

Asaf Peleg, the VP of strategic projects at Zimperium, told ArsTechnica that a successful exploit of these vulnerabilities “would give complete control of the victim’s mobile endpoint”.

Peleg added: “From elevating privileges beyond what is available by default to executing code outside of the current process’s existing sandbox, the device would be fully compromised, and no data would be safe.”

Android phones that use ARM- or Qualcomm-branded GPUs are the only ones affected by the vulnerability. It’s unclear exactly how attackers would take advantage of such a flaw. After all, Google keeps quiet about exactly

But what is for certain is that Android users should make sure they download the May 2021 security update, which addresses these vulnerabilities, as soon as it becomes available to them.

Author:
This post originally appeared on Daily Express :: Tech Feed

Elite Dangerous Odyssey release date, launch time and server maintenance

This week will see the next big update arrive in Elite Dangerous on PC, with a PS4 and Xbox One launch coming later this year.

Frontier Developments has confirmed that Elite Dangerous Odyssey will be the biggest expansion ever released for the game, and with the number of changes being worked on, it’s easy to see why.

A phase of alpha testing has seen Odyssey fleshed out with new features and content that will make it into the final product.

Speaking about the console release, a message from Frontier Development explains: “After continued feedback, iterations and balancing, we are targeting our release on PlayStation 4 and Xbox One in the autumn of this year.

“We understand that for many, this additional delay will be frustrating. Once again, we would like to apologise wholeheartedly to our community, especially our console Commanders.

“However, as mentioned previously, we feel it is vital to ensure that the content being released on consoles meets the highest standards, and this will require this additional extension to our roadmap.

“Throughout this time we will continue to bring more news, videos and content of the development in progress.

“We would like to thank you all for the ongoing support and we are very excited to bring in this new era to the game with you.

“Your feedback, support and involvement is a vital part of this process and we are looking forward to a shared Alpha experience, which will be touching down very soon.”

But with such a big update coming to the game, the Elite Dangerous Odyssey release date is going to include maintenance and server downtime.

Elite Dangerous Odyssey

Disembark, Commander, and leave your mark on the galaxy in Elite Dangerous: Odyssey. Explore distant worlds on foot and expand the frontier of known space. Be the first to step out onto countless unique planets as you discover land untouched since time began. Elite Dangerous: Odyssey invites you to become a true pioneer.

One Giant Leap

See the galaxy like never before. Touch down on breathtaking planets powered by stunning new tech, soak in suns rising over unforgettable vistas, discover outposts and settlements, and explore with unrestricted freedom.

Forge Your Own Path

Take on a wide variety of contracts and play your way, from diplomacy and commerce to lethal stealth and all-out combat. Diverse settings, objectives, and NPCs offer endless mission variety and a near infinite amount of content to enjoy.

Assemble Your Crew

Social hubs spread throughout the galaxy give Commanders the ideal place to plan their next move. Form alliances, procure services, and even find expert support in highly coveted Engineers. These public outposts also help you acquire and upgrade weapons and gear to perfect your playing style.

The Sphere of Combat

Experience intense first-person combat, kit out your character with an array of weapons and gear, and coordinate with teammates to master a multi-layered, deep, tactical environment where Commanders, SRVs and Starships converge.

Author:
This post originally appeared on Daily Express :: Gaming Feed

Discover Is your Wi-Fi safe? Millions at risk from dangerous flaw

Discover Is your Wi-Fi safe

Discover Is your Wi-Fi safe

“The discovery of these vulnerabilities comes as a surprise, because the security of Wi-Fi has in fact significantly improved over the past years,” said Vanhoef.

This new warning comes courtesy of Mathy Vanhoef, a Belgian security expert who has discovered some serious flaws in a number of popular routers.

The glitch, which has been named “FragAttacks” comes from a mixture of simple design errors within the router itself and mistakes with the software that powers them. Incredibly, some of these problems stem from when routers were first implemented back in 1997.

Vanhoef says that devices affected by the issue can be easily hacked as long as the cyber criminal is within radio range of a victim.

To give manufacturers time to fix the glitch, the problem was disclosed to the WiFi Alliance last year before being made public.

A number of high profile manufactures have already rushed to push out updates to patch the glitch.

Luckily, it doesn’t appear that hackers have yet been able to take advantage of this flaw but it’s vital that you keep your router’s software fully updated to protect your digital life from attacks.

Many firm’s including Netgear, Intel, Lenovo and Samsung have released updates and advice for customers.

In a post on its site, Netgear said, “it is aware of a set of industry-wide WiFi protocol security vulnerabilities known as Fragment and Forge. If exploited, these vulnerabilities can be used to withdraw data without your knowledge and can lead to other exploits.”

And speaking about its update, Eero’s Co-founder & CEO Nick Weaver, said: “We proactively released an eero OS patch to protect all eero customers from these issues, and we have no evidence that this issue has been exploited on eero devices.

“We appreciate all the work of independent researchers who helped bring this issue to the industry’s attention.”

Vanhoef says that if updates for your device are not yet available, you can mitigate some attacks (but not all) by assuring that websites use HTTPS and by assuring that your devices received all other available updates.

Author:
This post originally appeared on Daily Express

7 simple steps to keep your Wi-Fi safe

The following tips can help secure your home Wi-Fi network against unauthorized access.

1. Change the default name of your home Wi-Fi

The first step towards a safer home Wi-Fi is to change the SSID (service set identifier). SSID is the network’s name. Many manufactures give all their wireless routers a default SSID. In most cases it is the company’s name. When a computer with a wireless connection searches for and displays the wireless networks nearby, it lists each network that publicly broadcasts its SSID. This gives a hacker a better chance of breaking into your network. It is better to change the network’s SSID to something that does not disclose any personal information thereby throwing hackers off their mission.

2. Make your wireless network password unique and strong

Most wireless routers come pre-set with a default password. This default password is easy to guess by hackers, especially if they know the router manufacturer. When selecting a good password for your wireless network, make sure it is at least 20 characters long and includes numbers, letters, and various symbols. This setting will make it difficult for hackers to access your network.

3. Enabling network encryption

Almost all wireless routers come with an encryption feature. By default it is turned off. Turning on your wireless router’s encryption setting can help secure your network. Make sure you turn it on immediately after your broadband provider installs the router. Of the many types of encryption available, the most recent and effective is “WPA2.”

4. Turn off network name broadcasting

When using a wireless router at home, it is highly recommended that you disable network name broadcasting to the general public. This feature is often useful for businesses, libraries, hotels and restaurants that want to offer wireless Internet access to customers, but it is usually unnecessary for a private wireless network.

5. Keep your router’s software up to date

Sometimes router’s firmware, like any other software, contains flaws that can become major vulnerabilities unless they are quickly fixed by firmware releases from the manufacturer. Always install the latest software available on the system and download the latest security patches to ensure no security hole or breach is left open to online predators.

6. Make sure you have a good firewall

A “firewall” is designed to protect computers from harmful intrusions. Wireless routers generally contain built-in firewalls but are sometimes shipped with the firewall turned off. Be sure to check that the wireless router’s firewall is turned on. In case your router doesn’t have such a firewall, make sure you install a good firewall solution on your system to watch for malicious access attempts to your wireless network.

7. Use VPNs to access your network

A virtual private network, or VPN, is a group of computers or networks that work together over the Internet. Individuals can use VPNs, like Norton Secure VPN as a method to secure and encrypt their communications. When you connect to a VPN, a VPN client is launched on your computer. When you log in with your credentials your computer exchanges keys with another server. Once both computers have verified each other as authentic, all your Internet communication is encrypted and secured from outside prying.

Most of all, check what devices connect to your home network and make sure they have reliable security software like Norton Security installed against viruses and spyware.

Source

Don’t click! Microsoft Outlook users warned about dangerous new scam

Microsoft has issued a warning about a new email scam that Microsoft Outlook users need to be aware of. Outlined in a blog post published online, the latest Microsoft Outlook email threat is a scam surrounding gift cards. Bad actors are specifically targeting organisations with what is known as a business email compromise (BEC) attack.
As the Redmond-based tech giant explained, the scam emails are being sent to people working remotely due to the coronavirus pandemic.

The message is sent allegedly from a target’s boss to their assistant and is coming from an account that – at first glance – may look like it’s being sent from an organisation’s official domain name.

Some 120 fake domains were created to spread the scam, however, the giveaway is these domain names contain typos in them. The scam message claims that a target and everyone on their team is being asked to purchase gift cards to help keep spirits high amid the Covid-19 pandemic.

Scam messages spotted featured vague messages such as “I need you to do a task for me” or “let me know if you’re available”.

READ MORE
Love it or loathe it, Windows 10 is a massive success for Microsoft

If the target replied they would be asked to purchase gift cards for their ‘boss’ and then send back the relevant codes to them.

The bad actors did their research as well to ensure the scam looks legit, looking through company websites, LinkedIn and social media accounts to ensure names mentioned were correct.

While it may seem that the scam won’t net cybercriminals a huge amount of money, that couldn’t be further from the truth.

Microsoft said in 2020 alone BEC scams managed to swindle $ 1.8billion from victims.

With this latest scam, a wide variety of sectors were targeted including professional services, agriculture and manufacturing. But the most targeted industry was ‘consumer goods’ which accounted for over a third (38 percent) of the scam messages sent out.

Thankfully, if you’re worried about your business falling victim to this scam there is a way to stay safe. Microsoft said Defender for Office 365 can protect against attacks, being able to identify potential BEC threats.

In the blog post the Windows 10 makers said: “In this campaign, we found that attackers targeted organisations in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors using typo-squatted domains to make the emails appear as if they were originating from valid senders.

“BEC emails are intentionally designed to look like ordinary emails, appearing to come from someone the targeted recipient already knows, but these campaigns are more complex than they appear. They require behind-the-scenes operations, preparation, and staging.”

Author:
This post originally appeared on Daily Express :: Tech Feed

Coffee side effects: Is it dangerous to have too much coffee? Five common side effects

Coffee is one of the most popular hot drinks around the world, generally because of its high caffeine content. But drinking too much coffee might actually be doing more harm than good.
Coffee is a popular drink that’s originally made from coffee beans.

The beans are the roasted fruit of the Coffea arabica bush, and it’s grown in about 80 countries.

Most people drink coffee because they either like the distinctive taste, or they want to caffeine buzz.

Caffeine stimulates the nervous system, heart and muscles, and helps people to feel more alert and awake.

READ MORE: Matcha tea can boost your health – here’s how

“Coffee and tea are incredibly healthy beverages,” said nutritionist Franziska Spritzler.

She wrote for medical website Healthline: “Most types contain caffeine, a substance that may boost your mood, metabolism and mental and physical performance.

“However, high doses of caffeine may have unpleasant and even dangerous side effects.

“To get the benefits of caffeine without undesirable effects, conduct an honest assessment of your sleep, energy levels and other factors that might be affected, and reduce your intake if needed.”

There’s no set amount of coffee that you’re allowed to have each day.

But, generally, anything up to 400mg of caffeine each day appears to be safe for most adults.

A single cup of coffee might contain about 100mg of caffeine, so it’s advisable to avoid having more than four cups each day.

You should cut back on the amount of coffee in your diet if you frequently develop headaches, insomnia, nervousness or a fast heartbeat.

Author:
This post originally appeared on Daily Express :: Health Feed
Read More

Millions of Dell PCs at risk from dangerous flaw in Windows 10 and Windows 7

If you own a Dell-branded Windows PC, chances are, you’ll need to update your machine ASAP. The leading PC manufacturer has issued a patch that addresses five “high severity” flaws. And this issue affects hundreds of Dell models that have been released since 2009, and impacts Microsoft operating systems from Windows 7 to the latest flagship OS – Windows 10.
The vulnerability was discovered by the security experts at Sentinel Labs, who outlined their findings in a post online.

Laptops, desktops, notebooks and tablets made by Dell are all impacted by the driver vulnerability, which could lead to privilege escalation or denial of service attacks.

Thankfully, there’s no evidence of the flaw being exploited in the wild – with Dell saying a bad actor would either need local access to a machine or trick a victim with a phishing attack to carry out the hack.

READ MORE: Changing this one Windows 10 setting could seriously hurt your PC

Speaking about the risk of these vulnerabilities, Sentinel Labs said: “These high severity vulnerabilities, which have been present in Dell devices since 2009, affect hundreds of millions of devices and millions of users worldwide.

“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”

If you have a Dell machine and are worried you’ve been impacted then the good news is a patch has been released.

You can head to the Dell website to find a full list of affected machines and download the update needed to resolve the issue.

The operating systems affected by the vulnerability are Windows 7, Windows 8.1 and Windows 10. In terms of the impacted Dell machines, some 381 supported Dell devices are at risk from the vulnerability.

Among the affected lines are XPS, Inspiron and some Dell Dock devices as well as plenty of others. While 195 Dell platforms that have reached their end of service are also impacted by the flaw, including seven Alienware computers.

Dell has advised affected customers to update their machines as soon as possible. The security vulnerability has been classified as CVE-2021-21551 and has a CVSS score of 8.8. The CVSS scale is a ranking system used to rate the severity of computer system security vulnerabilities.

The now patched Dell vulnerability is not far off from being ranked as the highest threat possible – critical. Describing the flaw Dell said: “Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.”

Author:
This post originally appeared on Daily Express :: Tech Feed

Do NOT open this text! Sky warns all customers to immediately delete dangerous DHL message

Sky has warned its customers to be on the lookout for a dangerous scam being sent via text message. Anyone who receives the scam message, which claims to be from DHL and provides a quick link to track an upcoming delivery, should block the number, send a report to Sky’s fraud squad, and then delete the text for good.
The warning was shared via the @SkyHelpTeam account on Twitter, which is used to share information with Sky Mobile, Sky Broadband and Sky Q customers who have encountered trouble. It states: “We’re aware of a new scam involving fake text/SMS messages”. The tweet includes a link to detailed blog post about scams targeted at Sky Mobile customers, which adds: “Don’t follow the links in any suspicious text messages; Report suspicious texts by forwarding them to 7726; Block the number and delete the text.”

This scam message promises details on an online order out for delivery with DHL – but when phone owners click on the link to get the delivery information, they’re taken to a spam website that tries to download malware to their device. If you use an iPhone, the malware isn’t able to infect your device, so there’s no risk visiting the website. That’s because Apple doesn’t allow users to install apps from the web – with only the App Store able to install new software. However, if you’re using an Android smartphone or tablet and click on the link – you will kickstart a download of FluBot.

The ability to download apps using files known as APKs is something that leads many people to pick Android over iPhone. It means you’re not restricted to a single App Store and can download software that customises the operating systems in ways that Google or Apple might not allow. However, downloading from outside of the Google Play Store or App Store carries some risks.

FluBot is spyware, which steals passwords and other sensitive data from your smartphone. Given how much personal information we keep on our smartphones, from banking apps to credit card numbers, text messages to friends and teased family photos – you really don’t want any malicious software digging through your files.

Worse still, if your Android device is infected, FluBot will raid your contact details to send out more fake DHL, Hermes or other delivery scams to try to keep spreading the spyware.

If you’re reading this a little too late and already clicked on the link – it’s easy enough to do, especially if you’ve been shopping in the sales online and have lost track of which couriers will be handling your orders – the team at Sky Mobile has some advice about your next steps. In its blog, it warns: “If you’ve already followed a link and given any details and/or agreed to download anything, your phone might be infected with malware.

“The mobile industry recommends you factory reset your device to remove it. After that, avoid restoring from any back-ups you created after the phone was infected to ensure any malware is completely removed. Android users should avoid downloading third-party apps from unknown sources via Settings and ensure the Google Play Protect function is on. If you gave any bank details or used banking apps on your phone, we also recommend informing your bank.”

READ NEXT
Samsung blocks all Android updates from some Galaxy smartphones

This concerning trend is known as smishing – a portmanteau of scam messaging.

The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.

“You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.”

The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the DHL order tracking webpage of your own volition and inputting the order number from the text will soon rumble it as a fake.

Author:
This post originally appeared on Daily Express :: Life and Style Feed
Read More

Dyson fans warned about dangerous vacuum cleaner scam sweeping the UK

A number of UK residents have started to receive emails claiming to be from well-known high street stores, like Currys PC World, congratulating them on winning a Dyson vacuum cleaner. If you’ve recently bought something from Currys PC World – or simply logged onto their site to check out the latest Bank Holiday deals – there’s a good chance you might assume this prize draw is the real deal. The email includes a prominent “Get Started” button that supposedly takes you through the process to redeem the prize.

Unfortunately, it’s all a scam.

Currys PC World isn’t dishing out free Dyson vacuum cleaners at the moment. The email has been crafted to try to steal your bank details. To do that, the fraudulent Currys PC World giveaway team ask for a small £1 charge to cover the cost of delivery of your prize. If you input your credit or debit card details, this information is passed directly to the cyber crooks behind the email scam – enabling them to start their own shopping spree behind your back.

“You are the lucky online winner of a brand new Sweepstakes Dyson Vacuum entry for FREE! It will only take a minute to receive this fantastic prize,” one example of the scam email promises.

MORE LIKE THIS
DHL, Hermes and other parcel delivery text scams are on the rise

A few variations of this scam are currently circulating in the UK, with some versions promising a free MacBook Pro or Nespresso Coffee Machine as the prize. Needless to say, all of these are fake and are designed to use the same £1 delivery charge to get access to your bank details.

Speaking about the recent email, Ray Walsh, a digital privacy expert at ProPrivacy, told Express.co.uk, “Consumers in the UK need to be on the lookout for unexpected emails from Currys PC World to avoid being scammed by a bogus competition. The email looks genuine and includes all the official logos and lettering you would expect to see from the electrical giant.

“If you follow the Get Started link to claim sought after rewards such as a Dyson vacuum cleaner or a Nespresso coffee machine – you will be asked to fill in a questionnaire. This will allow hackers to steal your information for identity theft purposes and further phishing campaigns. Some versions of the phishing email have been forwarding the recipient to a page that asks for a £1 delivery fee to post the prize. If payment details are provided, the victim will be providing their address and banking details to criminals.

“While this is a sophisticated phishing scam that successfully impersonates the popular brand, there are some clues that it is not legit. If you look carefully you will see that the emails are coming from [email protected] and not an official corporate email account. As is always the case, if something appears to be too good to be true then it is probably a scam.”

If you’re reading this article a little too late and you’ve fallen for one of these growing number of email scams, you need to act fast.

First up, report the scam to Action Fraud by calling 0300 123 2040. If you’ve entered your payment details into a website or online form that you believe was set-up by hackers, you should contact your bank to flag the mistake. This ensures they will be on high alert for any potential fraud. It also means they can provide you with a new card if they believe the details are already compromised.

Author:
This post originally appeared on Daily Express :: Tech Feed

Don't open this dangerous text message! EE, Vodafone and Three send warning to customers

Author:
This post originally appeared on Daily Express :: Tech Feed

The UK’s National Cyber Security Centre has also issued a similar warning on its website saying that it is aware that a malicious piece of spyware – known as FluBot – is affecting devices across the UK.

“The spyware is installed when a victim receives a text message, asking them to install a tracking app due to a ‘missed package delivery’. The tracking app is in fact spyware that steals passwords and other sensitive data. It will also access contact details and send out additional text messages – further spreading the spyware,” the post explains.

It’s worth noting that this threat only works on Android devices and Apple’s iPhone is not currently at risk. This is due to the way the malware is downloaded and installed via something called an APK.

Unlike Apple, who only allows apps to be installed via its official App Store, Android is a much more open platform with users able to add extra software to their devices away from the Google Play Store.

What does it feel like when you have a blood clot? The dangerous warning signs

The most common place for a blood clot to occur is your lower leg or arm, but clots can also be found in the arms, heart, pelvis, lungs, brain, abdomen, and other areas of the body.

Cerebral venous sinus thrombosis (CVST) is the clot linked to the AstraZeneca vaccine, and this type of blood clot occurs in the cerebral venous sinus in the brain.

These sinuses are responsible for draining blood from the brain, and if a blood clot occurs, the sinuses can’t filter the blood out.

The other clots found in people vaccinated with the AstraZeneca jab are called splanchnic vein thrombosis, which is a clot in the veins of the abdomen.

This article originally appeared on Daily Express :: Health Feed
Read More