Despite its security tools and its offers of privacy, some decisions that the company has made in the past have damaged its reputation and reduced the trust that users felt towards the company. The criticisms of DuckDuckGo aside, the search engine can still exceed expectations.

Is DuckDuckGo Safe?

Browsers like Bing and Google have been accused of using cookies to track user activity, create user profiles, and peddle the data to other third-party businesses that can make use of the information to sell targeted products to the user.

Even if you switch to a private browsing session, most often, the data is recorded in one form or another. The concept of “privacy” has been distorted over the years to the point where we often become indifferent to the fact that our data is being bought and sold. That is until a major security breach occurs to jolt us back to our senses. This free exchange of services for information isn’t ideal, but it is how most browsers can make the business model work for them, “most” being the key term.

The DuckDuckGo search engine and browser offer an alternative to our tendency to “Google” everything. The tools function just like any other browser and search portal, allowing you to access all the websites of your choice, but at the same time, the company promises not to track any of your activities. 

Are DuckDuckGo’s Claims of Privacy Reliable?

Safety concerns regarding the claims DuckDuckGo makes are entirely valid, but you can review your security settings and cookies at any time to determine how your information is being used. For a browser to work, it does take some amount of data like an IP address, language settings, etc. for it to identify you as a human and determine the basic settings for your activity, but this information is only used temporarily. The browser does not share the information with the websites you access or other third-party advertisers who can put that information to use. 

Your browsing is protected by Smarter Encryption technology to see if a website can be upgraded to an encrypted version if possible, allowing your activity online to be more obscured from external watchers. According to their website, there are over 10 million sites that are on the list of encryptable pages, which means more often than not, your online activity is hidden. “Because the connection between you and DuckDuckGo Search is encrypted that means your internet provider can’t see the searches you make on DuckDuckGo either,” which is good to hear.

The search engine is transparent about its data usage, providing users with a description of what information is required and what it will be used for. For those who require more privacy, the DuckDuckGo settings give users the option to opt out of various services. 

The browser also provides protection against embedded social media content on the pages you visit, as these bits of view farms do their own share of tracking. Even if you choose to unblock the content, DuckDuckGo will limit the extent of data that is shared. It’s these little details that give you a sense of just how extensive the security services are.

DuckDuckGo Safety Concerns—There Are a Few Vulnerabilities to Look Out For

DuckDuckGo has faced criticism for multiple reasons, including complaints about its lack of personalization. The search engine isn’t as convenient to use, especially with its more limited index of websites, so apart from the privacy aspect of it there is little reason to pick it over another engine. 

It is also true that using DuckDuckGo doesn’t stop your Wi-Fi owner or internet provider from seeing what you are up to. To completely mask your internet activity, you still need a VPN to encrypt all of your activity. It is also true that you will still be susceptible to viruses and other kinds of cyberattacks despite using this search engine and browser. 

Despite these criticisms of DuckDuckGo, the search engine is as safe as you can get when you go online. All online activity gets recorded one way or another, but DuckDuckGo’s privacy mechanisms far trump what you can get from another browser. Not only does it refuse to misuse your data, it also does what is possible to block out others from doing the safe. 

Ensure you have a good antivirus system to help keep you safe and you should have very little to worry about. Now is a bad time to be a Kaspersky user if you live in the U.S. but other antivirus tools can help you stay safe. Find a combination that works best for you, and you should be able to browse the web with ease.

The post Is DuckDuckGo Safe to Use? Weighing in on the Conversation appeared first on Technowize.

In June, the Russian cybersecurity company was banned from selling its antivirus services and providing software updates within the region, which was their primary reason for slowly withdrawing from the United States.

Kaspersky’s transition to UltraAV was abrupt and unexpected despite the earlier warning the company had provided. While the email had mentioned an eventual partnership with the company for continued services, no one had expected the automatic switch. 

Kaspersky Auto-Installs UltraAV and Leaves Users Alarmed

After a recent ban of Kaspersky products in the U.S., the company began slowly shutting down its services and laying off its workers in preparation for their withdrawal from the region. According to BleepingComputer, in early September, the company sent out an email reassuring customers that they would still be able to seek reliable cybersecurity protection from another company, UltraAV. 

The update was helpful for users who wanted to continue to receive anti-virus protection and had yet to find a replacement, but the email made no mention of when the transition could be expected and how users could opt in or out of the services. As it turns out, there was no option to choose the service as Kaspersky auto-installed UltraAV for all its users after deleting its own files from its users’ devices. Customers who had a subscription to the Kaspersky VPN and found the UltraAV VPN installed on their systems. 

The Kaspersky antivirus switch to UltraAV came as a shock to users who woke up to find the foreign software already installed with no sign of Kaspersky on their systems. Many users were alarmed that some form of malware had installed itself on their system, deleting their existing antivirus in the process.

What was worse was that while Kaspersky had self-deleted and installed UltraAV, the process of deleting UltraAV was a lot more complex for some users. A few who tried to delete it found it reinstalled on their systems by rebooting it, which added fuel to the “malware” fire. Reports also suggest that systems have slowed down or faced additional issues trying to run the Pango Group’s UltraAV, which has further turned them away from using the software. 

A statement on the Kaspersky community forum is now available to reassure users that the switch was intentional to provide “continued protection for US-based customers that will no longer have access to Kaspersky’s protections.” Below the statement however, users from regions outside of the U.S. have also complained about losing access to Kaspersky antivirus and being forced to switch to UltraAV. 

The Kaspersky representative responded to the issue with a clear statement, “Only users of US licenses were updated to Ultra apps. If you are in Australia, it means you are using a US license for some reason. Please contact our Support team if you have any questions.” Users appear rightfully disgruntled at the lack of proper communication from both companies. There is also considerable suspicion surrounding UltraAV, with users unable to find any reasons and tests to show that it is a trustworthy antivirus. 

Why Did Kaspersky Transition to UltraAV?

On June 20, the Department of Commerce’s Bureau of Industry and Security (BIS) announced a prohibition on Kaspersky Lab, Inc. “from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons.” The prohibitions extended to the company’s affiliates, subsidiaries, and parent companies, creating a total block on any services provided by the firm. 

As a result of the ban, the company was no longer able to sell to new customers but even existing customers would no longer be able to receive access to updates. The software was initially banned on devices used by federal agencies, but the wider ban came soon after. The administration reported that due to the Russian government’s ability to exploit companies, Kaspersky’s access to U.S. customer information was a threat to national security. Despite Kaspersky’s denial of involvement with the government or lack of any intention of sharing their resources to hurt the U.S., the company was irrevocably banned from the states.

Kaspersky believes that “the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.” 

The statement goes on to say, “Kaspersky has implemented significant transparency measures that are unmatched by any of its cybersecurity industry peers to demonstrate its enduring commitment to integrity and trustworthiness. The Department of Commerce’s decision unfairly ignores the evidence.” Regardless of their defense, the company had no choice but to withdraw from the region.

The company was banned from entering into any new agreements with customers as of July 20, 2024, and customers were offered time till September 29, 2024, to find an alternative. Kaspersky’s transition to UltraAV was a thoughtful offer, but users were largely unsatisfied with their decision to pick a less-known brand to replace them.

From online discussion forums, it is evident that many users are determined to switch to Bitdefender or other antivirus platforms that are better known and highly reviewed so they can trust the software on their devices. Kaspersky’s choice to delete itself and force install UltraAV has rubbed a majority of the customers the wrong way.

The post Alarm Bells Ringing For Users—Kaspersky Auto-Installs UltraAV appeared first on Technowize.

Image: Pexels

Understanding the New Chrome and Edge Trojan Malware Making the Rounds in 2024

The recent browser extension malware threat is not employing any new technology but the reason it is harmful is the simplicity of its concept and the ease with which it tricks users into downloading it. The trojan malware relies on malvertising, which refers to a malicious attack that relies on spreading the threat into online advertising networks that look legitimate. These sites resemble the webpages for popular services, which causes users to let their guard down and download the file without hesitation.

Although the new Trojan malware gained notoriety in 2024, there is evidence to suggest earlier versions of it have been around since 2021. Chrome and Edge are usually very effective at eliminating malware extensions, but there are still some that manage to stay under the radar. According to the study, “Micro Search” was a Chrome extension that likely came from the same developer and was available until April, and “yglSearch” is still available online. Threats to online security can arise anywhere. 

How Do The Chrome and Edge Malware Extensions Work?

Once the download files are clicked on, the Chrome and Edge malware extensions make no more attempts to deceive the users and download the target content. Instead, once the download begins, the program creates a scheduled task on the user’s computer with a name designed to look like a real system task that won’t trigger any alarm bells on the device.

The scheduled tasks run like a PowerShell script downloaded to the system32 folder where important PC files are stored. The PowerShell script contacts a remote server and brings in a payload which is the heart of the malicious software that is then downloaded and executed in the machine. This payload supports different kinds of malicious activities, from stealing user data to pushing adware on the device.

Image: Pexels

What Does the Browser Extension Malware Threat Mean For the User?

Once the program is downloaded, the malware forces the installation of Chrome and Edge malware extensions that serve their purpose. The extensions then proceed to steal search queries when users look for anything on their browser, rerouting it through the attacker’s servers. The process is quick and interferes with future interactions with the browser, all while going to great lengths to prevent the user from detecting anything that is amiss, hiding it from the list of extensions page as well.

According to Reason Labs, the extension cannot be disabled by a user even when they go through the developer mode to try eliminating the file and regain control of their browser. It’s also of note that newer versions of the extension go as far as to block and remove browser updates, which means upgraded versions of the browser code cannot combat the problem easily either. 

Google and Microsoft have been alerted to the issue but there are no official updates on what the companies are doing to combat the spread of this malware but it does not appear to be a problem where they will settle for a lax approach. 

What to Do If You’ve Been Affected by the Chrome or Edge Trojan Malware?

ReasonLabs reports that simply deleting and redownloading the browser will not resolve the issue as the main files at fault will still remain installed on the PC. To fully address the problem, the scheduled task that keeps the malware going has to be eradicated along with the registry keys. The report provides a step-by-step guide to deleting all the relevant system files and PowerShell script tagged with the “.ps1” code. The instructions on removing the registry keys and malware are easy enough to follow but ensure you delete the correct files to avoid any issues with the system functioning. 

The guide should be a useful tool to address this particular malicious browser extension alert, but caution is recommended for all future browsing. We have all been told not to download files from unknown destinations, but most are guilty of looking for hacked versions of popular apps and games to bypass the paywall or indulge in an ad-free experience. This makes it easier for websites to parade around as the real deal for those still looking for a legitimate website, or provide users with a free alternative that ends up costing more in the long run. 

Users are also often on the lookout for browser extensions that can make their online experience much smoother. This leaves them vulnerable to extensions that pretend to offer a service while doing something entirely different. 

It is generally good practice to review any extensions you plan on enabling. Read what other users have to say and go over the permissions carefully before installing anything. You will also benefit greatly from relying on an antivirus that can attempt to catch and neutralize these malware threats early on.

The post Over 300,000 Chrome and Edge Users Targeted by Trojan Malware appeared first on Technowize.

Considering how the majority of users rely on Google to remember the password to the dozens of accounts they log in to every day, this was a very serious issue indeed.

Image: Google

Google Password Bug Locks Chrome Users Out from Accessing Saved Passwords

The password manager issue came to light on July 24 and extended to July 25, after some users who went to log in to their accounts, noticed that the autofill feature provided them with their usernames only. Their autofill passwords were nowhere to be found. With it becoming increasingly common for users to use randomized, lengthy passwords that get stored on Google to secure their accounts, this made it harder for them to access their accounts and caused temporary panic about where that information had been waylaid.

Users could still log in if they remembered their passwords or had them saved elsewhere, but not everyone has each account detail recorded in such an easily accessible fashion. The only one who they expected to remember the password was Google. The password manager issue also prevented people from being able to save any new passwords. The problem persisted for 17 hours and 51 minutes according to the tech tycoon.

What Caused the Google Password Issue?

There are over 3 billion Chrome users which means a considerable number of people were vulnerable to the problem but not all of them were affected. The company confirmed that the Google password bug had only affected users who had the M127 version of Chrome Browser, and while the configuration was rolled out to 25 percent of its user base, only 2 percent experienced the issue. Despite that sounding like a small number, it was estimated that approximately 15 million users were affected. 

The Google Workspace Status Dashboard later provided another update on why the saved passwords had disappeared, highlighting that it was a result of a “change in product behavior without proper feature guard.” This didn’t make the situation any clearer for users, but at least they were reassured that there wasn’t a data attack or leak that had stolen the information away from them to place it in the hands of someone else. 

How Did Google Respond to the Situation?

Google was very quick to respond to the situation when it came to light and identified the cause early on. The company provided users with a step-by-step guide to work around the issue and relaunch Chrome with a simple command line flag. Users who still had a problem were encouraged to reach out to the support page.

Google apologized for the password manager issue in the same incident report stating, “We apologize for the inconvenience this service disruption/outage may have caused.” It wasn’t nearly enough to persuade users that the issue has been truly resolved and will not be a problem again. 

Apple execs have likely enjoyed the chaos that the Google password bug has caused, especially considering their recent campaign against privacy measures on browsers other than Safari. While the privacy message highlighted in the ad didn’t necessarily discuss the password manager on Chrome, it still prompted users to switch to a Safari browser for all their needs. This was an unfortunately timed misstep for Google, although there is technically no right time for a service error. 

Should You Still Consider Using a Password Manager for Your Accounts?

The Google password bug has reminded us all of how technology is not as unfailing as we expect and trust it to be. A small error update or a lapse in security can make millions vulnerable to inconveniences ranging from something as simple as being unable to check your email temporarily, to more complex concerns like losing personal data to hackers. Thankfully, Google was able to identify and address the problem quickly to help those who had their saved passwords disappear, but it has still made users weary about relying on technology.

Despite these concerns, technology and the overall presence of the internet as a permanent fixture in our lives cannot be denied. Considering the number of accounts we log into on a daily basis, it is nearly impossible for most of us to have a truly unique and secure password for each one, while also remembering them all on the go. Compromising on security by creating simple passwords and repeating them across accounts is a bad idea and never the solution to this issue. 

As a result, despite the immense leap of faith it takes to trust another tech service, it is better to use a password manager of some kind to track all your different login details. Password managers provide additional protection for users who are interested in creating multiple layers of authentication before any account can be accessed by setting up encrypted digital vaults that house the sensitive data. The Chrome browser password manager is free and comes at no cost so it’s easier to use, but there are other companies that can provide a second backup for your account details as well. 

The post It’s Not a Fun Parlor Trick—Google Password Bug Explained appeared first on Technowize.

After initial outage reports began to spread, CrowdStrike took the fall for the incident. CEO George Kurtz stated that the company was “actively working with customers impacted by a defect found in a single content update for Windows hosts.” Many systems have recovered since the announcement, but it could be some time before things go back to normal for everyone. 

Image: Pexels

Microsoft-CrowdStrike Outage Caused One of the Biggest Global IT Blackouts

In our electricity-powered world, we’re heavily reliant on computers for all of our extensive processing needs. From writing the articles that go into the news reports physically and virtually to relying on electronics to run every single element of our airports, computers have a critical role to play in our lives, as evidenced by the repercussions of the global IT outage that took out everything from flights to banks.

The Microsoft-CrowdStrike outage has been discussed as one of the largest IT outages in history. Even 911 services were down as a result of the outage and regions like Alaska were forced to turn to platforms like Facebook to inform citizens about alternate numbers they could contact in an emergency. According to CBS News, over 3,000 flights across the U.S. were canceled by Friday night and more than 11,400 were delayed. Over 42,000 flights were delayed globally due to technical difficulties caused by the outage. The skies might have enjoyed the break from the air traffic but it has likely been a harrowing day for travelers stuck inside and outside airports.

Many hospitals were forced to turn to paper files for their hospital records and reschedule surgeries to ensure no problems arose during the procedure. While many officegoers were delighted to hear that systems were down and there was no work to be done at their workplace, the Microsoft-Crowdstrike outage was a major problem for almost everyone else. Microsoft has received some bad press recently over their AI choices, but this time, the negative outcome is quite unfortunate.

CrowdStrike Outage Report—Has a Solution Been Found?

Despite the “blue screen of death” striking so many devices, many services have largely been restored. The problem was caused by a problem in the latest Microsoft update, where an error with CrowdStrike’s software caused the systems to struggle with turning on. The company is an antivirus provider for Microsoft and its services are deeply integrated into the Windows system software, which is why the entire system faced a problem rather than just a flaw in one element of it.

Yesterday, CrowdStrike released an update that began impacting IT systems globally. We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.

— Satya Nadella (@satyanadella) July 19, 2024

Microsoft introduced the option for customers to restore the system to a prior version of the system without the bug, which allowed many users to restore the full functioning of their devices. The company guided users to complete a “Point-in-time restore” to go back to a period up to 24 hours before the CrowdStrike update occurred. 

The updated Microsoft blog also has instructions on how to “remove the C-00000291*.sys file on the disk directly” to address the issue. If the problem is still not resolved, customers can also attempt to repair the OS disk, but these last two solutions are a little more complicated than the understanding of an average consumer.

CrowdStrike Makes a Statement on the Global IT Outage

The tech company released a full statement on the situation, “The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.” They reiterated that a sensor configuration update to Windows triggered a logical error which resulted in the overall issue, but the update has been remediated now. The company is still investigating how the logic flaw occurred but everyone’s focus is currently set on ensuring all systems return to normal.

“CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.”

—CrowdStrike Blog

How to fix your computer if you are affected by the crowdstrike crash pic.twitter.com/a9fEOzthad

— timshady (@timshadyeth) July 19, 2024

As CrowdStrike continues to work with customers and partners to resolve this incident, our team has written a technical overview of today’s events. We will continue to update our findings as the investigation progresses. https://t.co/xIDlV7yKVh

— George Kurtz (@George_Kurtz) July 20, 2024

Microsoft has alerted users to the fact that they might have to restart their systems up to 15 times before it goes back to normal and for persisting issues, customers will have to reach out to CrowdStrike for additional assistance. Considering the scale of the problem, it will be a while before every single affected system is fully restored.

The post With Great Power, Comes Responsibility—Microsoft-CrowdStrike Outage appeared first on Technowize.

No signs of identity theft have been reported so far but users who have verified their accounts on any of these platforms should review their account activity and treat the situation with utmost seriousness.

AU10TIX’s Identity Verification Platform Left Admin Credentials Exposed for Over a Year

The public data breach reported at AU10TIX is not recent. The problem began in December 2022, when the admin account information was assumed to have been accessed by malware. The details of the account were then shared via Telegram among hacker communities in March 2023, which tells us that the credentials have been exchanged by a few hands at least. The identity verification services had assumed they had secured the information but this was not the case.

For over 18 months, the admin account remained exposed, which meant that the user data from the various platforms subscribed to the service had been exposed. The information was brought to light by cybersecurity researchers at spiderSilk who exposed the story to 404 Media. Public data breaches can be very damaging as they have the potential to reveal a significant amount of personal information about the users—information that can be misused quite easily. 

AU10TIX’s identity verification service works by asking users to verify who they are by taking a selfie and pinning it against a government ID such as a driver’s license to confirm they are the real deal. Not only would the failure of the identity protection service mean that the user names and images have been exposed, but the presence of a government ID along with birth dates, ID numbers, and the user’s image may have easily been used for criminal activity or fiscally risky tasks like taking out a fake loan. 

Verified accounts are seen as more legitimate and reliable on any platform and users are encouraged to prove their identity to bolster their presence on these different platforms. This is why AU10TIX’s identity verification services are able to find interested clients who want a safe way to certify their user accounts. Now, the possibility of identity theft is something all the individuals who have used the service need to be wary about. 

Public Data Breaches Are Growing More Common

Coinbase, one of the companies linked to the AU10TIX case of stolen data, has denied any issues of data exposure so far. A Coinbase representative told Cointelegraph that the company was currently monitoring the situation and it hadn’t found anything of concern so far. Other platforms that use the identity verification service have not made any public statements about threats to their user data either. X/Twitter, a recent partner of the company, had signed on to the platform when none of this information was known, but they may be more uncertain about the partnership depending on how the situation evolves. 

The AU10TIX identity verification service breach is an example of a very simplistic violation of trust between users and customers, but phishing attacks and security breaches are growing more common. AT&T experienced a security breach a few months ago where the Social Security details of 7.6 million current account holders and 65.4 million former accounts were leaked. BBC also reported a data breach that exposed the employee records of over 25,000 employees. 

These vulnerabilities are leaving more and more individuals at risk of identity theft, which is a serious cause for concern. Action should be taken immediately to protect personal accounts and users should regularly monitor their credit statements for any signs of unusual activity. Switching to a reliable identity theft protection service is also recommended, even if such incidents do evoke some apprehension. 

For now, the ID verification platform AU10TIX has denied that the exposed data has been exploited or misused in any way, with “no malicious activity and no data leakage” detected from their systems. They claim that the credentials have been removed completely and can no longer be used to access user information. 

The post AU10TIX’s Identity Verification Service Exposed User Credentials appeared first on Technowize.

Most everyone has experienced a security scare in the modern world, whether it’s parents breaking into your phone or an illegible text message asking you to update your password using a suspicious link that claims to lead to your bank account. We’ve moved on from Princes in distant lands sending emails to wire them money urgently, to schemes that are harder to distinguish as scams. This makes it very dangerous to be online—it increases your exposure to vulnerabilities—but it is also impossible to avoid technology these days. Staying up-to-date with the latest online security tips and implementing these best practices is a serious responsibility if you want to stay protected and keep your data safe.

Online Security Tips for You to Review Today

Giving Internet safety advice can be repetitive at times—change your password regularly, don’t reuse passwords, don’t click on suspicious links—a lot of it involves tips that you’ve already heard before. Despite that, email phishing attacks are some of the most common ways for malicious individuals to try and gain access to our data. When an email looks formal enough, we’re willing to click on the link to check the legitimacy of the email instead of verifying it from an official source, despite the warnings we’ve heard over and over again. 

A friend recently received an email to join the alumni association at our school and while he wondered about the legitimacy of the improperly punctuated email, he still clicked the link and signed up to reconnect with the familiar world of our past. Things worked out alright in this case—at least we think it did so far—but the email could’ve been sent by anyone who’d seen his LinkedIn and knew where he went to school. We might think we’re too knowledgeable to need cybersecurity tips, but reminding yourself of this internet safety advice might be a good idea. 

Use a VPN—Online Security Tip For Those Chronically Online

A VPN or a Virtual Private Network is a tool that allows you to mask your IP address and prevent any bots from tracking your data back to your location. There are a lot of benefits to using a VPN such as accessing geo-locked content or getting a better sale deal in a different location, but the primary purpose of using it is for your safety. Marking a critical point in our internet safety guide, a VPN can create a secure connection between your device and a remote server over the internet owned by the VPN provider, which lets you have a more private experience online.

There are many free VPN services available online that can help you with securing your connection, but the problem is that they only make you think you’re secure. Some of these can have slow, overcrowded servers, but more importantly, they can sell your data to third parties, defeating the entire purpose of using it. Paid subscription services like ExpressVPN and NordVPN are more regulated and offer better security protocols and encryption for you. Paid services often have some trial versions and free plans that you could consider, but avoid turning to entirely free VPN services that are not bound by any safety commitments to you.

Use a Multifactor Authentication Process Where Available

We’ve all been annoyed by Google’s panic mode when you log into Gmail on a new device but we should be more grateful to the service for checking that it’s really you. Next in our list of online security tips, consider using a multi-factor authentication (MFA) process when available and pay attention to log-in notifications when you receive them. A Multi-factor authentication process is done in different ways, but it essentially requires you to use your password and then confirm your identity through an alternate means again. 

This process ensures that someone who learns your password can’t log into your account with your biometrics or additional information that is sent to your account or your primary device. This is among the important cybersecurity best practices and you should consider turning it on whenever available on a new platform.

Don’t Click Accept All When A Website Asks You About Cookies

Saying no to cookies sounds like a criminal offense but it’s important for your own internet health. Cookies refer to the data notes the company wants to take of your browser activity and to some degree they can simplify your online experience by showing you data more relevant to your internet use. However, this data is often collected and sold to third-party services which can misuse it for their own gain. When you browse a website and then open Instagram to see ads for the product and other similar services, that’s only one example of how quickly your online data is used. If you want internet safety advice from us, then reject the cookies wherever possible. 

When you open a particular website, you are often prompted to accept all cookies. Many times you have no choice but to accept “necessary cookies,” but some websites will give you the option of reading which cookies you want to say yes to. Always say no to third-party cookies, newsletters, and whatever options it allows you to unselect. This can at least limit access to your data to some degree. Regularly going into your browser settings and clearing the cookies are also among cybersecurity best practices to consider.

Online Security Tips—Switch to Passkeys or Update Your Passwords Regularly

Whether it’s Nicholas Cage guessing the password to steal the Declaration of Independence or Sherlock Holmes getting access to CIA files because he realizes the owner of the files is a fan of Margaret Thatcher, we’ve all seen stories of how passwords can be guessed at. It may not be as easy in real life, but creating a truly unique password for each account that you can remember on the go is quite difficult. Internet safety advice that you’ve heard many times recommends you set strong passwords with a complex alphanumeric identity but if you’re unable to do it consistently, use passkeys when you can.

Passkeys are considered much safer than passwords due to their two-part nature and these can improve the security of your accounts quickly. If you aren’t able to find a passkey option and have to resort to passwords, then there are password managers available which can help you set complex passwords you won’t always need to remember. 

Avoid Public Networks On Principle—Cybersecurity Best Practices

We’ve normalized working out of coffee shops with free Wi-Fi but this isn’t always a safe option. These network connections are not as secure as a closed private network and it can be easier for malware to make its way onto your device. According to Kaspersky, it is much easier for hackers to position themselves between you and the server connection, allowing them to intercept a lot of the data you’re sending across as you work. 

Despite the risks, if you’re in a setting where it’s your only option, avoid conducting any sensitive data transactions over the network—save your banking work for when you get home and can use the network there instead. A VPN is also handy at times like this and you will not regret having an antivirus installed either. 

Close Accounts You No Longer Use—Internet Safety Guide 101

In the early days of the internet, there were innumerable shady websites that you might have made an account on that are still holding onto your data. Granted a lot of your personal information might have changed but you can never tell what data is still being shared onto those platforms. Over time when these websites are no longer maintained, they become much easier for hackers with updated tools to break into. There might be people masquerading as you on those services too, but you’ll never know because you haven’t checked. 

Try to limit the number of new accounts you create and when you stop using a service. This will also help you cancel any subscriptions you might still be paying for without realizing it. 

Monitor Activity on the Financial Front as an Additional Security Measure

Even if you’re very careful about your personal information and take these online security tips very seriously, there are always chances that data might be leaked elsewhere. AT&T recently experienced a data breach, presumably on a third-party platform, where customer details were leaked online. The company extended free credit monitoring services to those who had financial data leaked but who knows how much their information might have been misused already. 

It’s important to review your credit reports and track your accounts for any unusual activity so you can take action the moment you notice that things don’t add up.

Other online security tips include being careful of what you post online and updating your apps regularly so they have the latest security updates. Avoid downloading content without cross-checking the source, and overall, stay vigilant about the websites you’re visiting when you go online. The internet is a scary place, yes, but it doesn’t have to stay that way. If you keep an eye out for threats and stay up-to-date with the latest security protocols, you should be able to notice when something is amiss. With these cybersecurity best practices in place, you should be able to create a safe space for yourself online.

The post The Internet Is a Strange Place: 7 Online Security Tips To Implement Immediately appeared first on Technowize.

Image: Canva

What Was Mentioned in Apple’s Mercenary Spyware Warning?

Apple’s recent mercenary attack notification isn’t the first time the company has put users on high alert warning them of a potential targeted threat to their devices. Last year around October, Apple sent out a similar warning to power players like politicians and journalists in India warning of a potential threat. Later in the same year, Amnesty International found evidence of the Pegasus spyware on the iPhones of a few prominent journalists. It was reportedly sourced from Israeli spyware maker NSO Group, confirming that the Apple spyware alert had been well-grounded.

“Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total. The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.” 

—Apple

A similar situation could unfold this time as well, for users who received Apple’s global mercenary spyware warning. Techcrunch was among the first to bring these alerts to the public, sharing an example of what Apple’s mercenary attack notification looked like this time.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

As ominous as the message is, the implications of such an attack would be even worse, spelling real danger to those who are exposed to the spyware. 

Who Received the Apple Mercenary Attack Notification?

Apple has stated that if you’ve received a notification, it is because of “who you are or what you do” suggesting that the receivers have high-profile jobs or deal with sensitive issues. Considering the previous attack was also targeted at politicians and journalists, we could see a similar pattern emerge this time as well. These assumptions are further supported by speculations about countries with approaching elections being targeted, the attackers looking to disrupt and sway official proceedings. 

How to Check If You Have Received the Apple Mercenary Spyware Warning

Those who have been identified as targets of the mercenary spyware should have received an iMessage notification and email on the ID linked with the Apple account. If you think you might have missed it and want to clarify that the Apple spyware alert was not meant for you, consider logging on to your Apple account on the website. According to Apple’s support page, a threat notification should be visible on the top of the page for those who have received the Apple mercenary spyware warning. 

What To Do if You’ve Received the Apple Spyware Alert

If you’ve received a notification regarding the mercenary spyware, then Apple offers a “Lockdown Mode” that can help protect the device. This feature will restrict the functioning of the device to protect it from any of the spyware trying to get in. For example, message attachments are blocked, FaceTime from unknown contacts is restricted, location information is scraped from shared photos, and web sharing is limited. The Lockdown Mode tries to restrict your device’s contact with external sources in order to reduce the number of potential invasion points.

According to Apple, “Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma.” Apple also recommends that you contact an external expert to help with the threat, for example, the Digital Security Helpline at the non-profit Access Now. The organization should be able to provide essential security-related advice on what you should do next.

Apple has sent threat notifications to iPhone users in 92 countries informing them they “are being targeted by a mercenary spyware attack”

If you’re a member of civil society + received an alert, you can request forensic support using our Get Help formhttps://t.co/ZLXDwM5Es2

— Amnesty Tech (@AmnestyTech) April 11, 2024

Even if you have not been on the receiving end of Apple’s global mercenary spyware warning, it’s a good idea to protect yourself from external threats as much as possible. Investing in a good antivirus system that regularly scans your devices for any signs of harmful aberrations is an effective way of keeping threats at bay. Similarly, using a VPN is a useful preventive measure that can stop any lurkers from learning too much about you. It is also a good idea to regularly update your passwords, switch to passkeys, be careful of the websites you’re visiting, and stay alert for any unusual activity that might signal that something is amiss.

The post Apple’s Mercenary Spyware Warning Cautions Users to Be Wary appeared first on Technowize.

Image credit – Freepik

Regardless of the care taken to avoid clicking on suspicious links or whether you use a security service to protect your device, cyberattacks can catch just about anyone off guard. On an organizational scale, this can lead to data breaches for hundreds of customers, clients, and employees, not to mention a release of sensitive data that was never meant for the public eye. While zero-trust architectures and IoT security solutions are growing in popularity as an answer to these issues, the gap between awareness and implementation still persists.

Understanding the Nature of Cyberattacks—Where We Stand Today

Cyberattacks refer to external attempts to access and misuse data that is privately held by individuals and organizations. According to IBM, “A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications or other assets through unauthorized access to a network, computer system or digital device.” The digital attacks can result in a loss of data, or a data breach, and can cost companies dearly to address. IBM further reported that the global average cost of a data breach in 2023 stacked up to $4.45 million. These cyberattacks are complex, and admittedly ingenious, in their functioning and take on many forms. 

Malware: Software With Malicious Intent

Malware or malicious software, refers to a host of cybersecurity attacks that steal, damage, and destroy data and data systems. There are various ways in which malware enters devices and their purpose is often unclear at first glance. Viruses are often sent with the intent to do damage to the systems they invade, shutting down devices and halting any further access to the device. Computer worms often invade and multiply within computers, modifying and deleting records that they choose. These can “deplete system resources, such as hard drive space or bandwidth, by overloading a shared network,” according to Norton. 

Another form of malware is the Trojan Horse, which is usually cleverly disguised as legitimate downloads that you authorize for your system, sneaking out to do damage to your device once you grant permission for the download. If these aren’t overwhelming enough, there is also spyware that tracks data and shares it with unauthorized sources while you continue to go about your day, unaware. It is clear why cybersecurity awareness grows more and more important every day.

Ransomware: Cyberattacks That Hold Data Hostage

The term is exactly what it sounds like—a hostage situation where data is held until a hefty ransom is paid off to the attackers. One of the many versions of malware, a cybersecurity breach of this form blocks access to necessary information, often through encryption, and occasionally comes with the threat of it being published if the demands remain unmet. These ransomware software files can be downloaded by mistake while clicking on malicious links or, alternatively, lax security systems, unchanged passwords, use of public WiFi connections, and other security weaknesses can also let ransomware creep in. 

According to Astra Security, ransomware attacks occur at unfathomable frequencies, with 1.7.million attacks every day or 19 ransomware attacks every second. By 2031, these attacks could cost victims  $265 billion annually. Statista reported the U.S. to have the highest number of ransomware attacks by a large margin, with 217.5 million in 2022. Cl0p and LockBit were two of the most dangerous ransomware gangs that made their gains this year, according to Malwarebytes. In most recent news, the LockBit gang was found to be exploiting the Citrix Bleed vulnerability, a flaw in the Citrix system that left many users exposed. Boeing was among the companies hit by the ransomware gang this month. 

Phishing—Can We Have Your Data Now?

If you’ve ever received badly worded texts from strange numbers pretending to be your bank or fraudulent solicitation through emails that are clearly a farce, you might be able to laugh off phishing as an unserious attack—one that could never get you to reveal your data. But with improving technology and resources, and the exploitation of those with little cybersecurity training, phishing attackers are often able to convince individuals to reveal sensitive data that compromises the security of their personal information. According to AAG, phishing attacks make up the most common form of cybercrime, with approximately 3.4 billion spam emails sent out every day. According to Google, Gmail blocks more than 100 million scam attempts every day. While considerable, it is clear that a large number still slip through the cracks.

Cybersecurity Solutions: Investing in Cybersecurity

Cyberattacks, whether conducted with malicious intent or to be mischievously disruptive, are entirely undesirable. As fast as hackers and attackers are working to devise new ways to access your data, companies have been working on cybersecurity solutions just as relentlessly to combat them. The first step is undeniably to be aware that there is a problem at all. With technology so deeply ingrained into everything we do, regular cybersecurity training is an essential component of the world we live in today. Cybersecurity and Infrastructure Security Agency (CISA), provides support and training for those seeking cybersecurity solutions but it isn’t the only platform where training can be found.

Zero-Trust Architecture

An interesting cybersecurity solution is the zero-trust architecture that skips the network perimeter security format that becomes too lenient with devices within a network, in favor of a network architecture that is suspicious of every interaction and provides multiple levels of checks to access any data. A traditional network architecture might give a broad list of users and devices the same permission, but zero-trust architectures are more selective in providing access to resources and require user authentication on multiple levels, essential features to ensure compromised devices do not hand out information for free. 

Cloud Security

Data is no longer held only locally, on computers, and offline files that need to be physically sought out and accessed with the intention to exploit. A lot of information is held and transferred over clouds and this means an additional realm of vulnerability for organizations and individuals alike. Understanding the vulnerabilities and equipping efficient cloud security resources are key to protecting data. While cloud providers have their own security measures in place, users need to develop an understanding of these measures and see what needs to be done to further protect their data. Statista predicts that the global cloudy security market will reach a value of $37 billion by 2026. 

The potential for cyberattacks is endless and the opportunities for good cybersecurity solutions and best practices are just as relentless. Whether you choose to invest in a zero-trust architecture or find investment in simple antivirus software and VPN sufficient for your business, it is critical to do what you can to protect your systems and create pathways to find your way out of any cybersecurity vulnerabilities.

The post Exploring the Perilous Landscape of Cyberattacks appeared first on Technowize.

Image – Pexels

Google Play Malware Installed 330K Times Right Under Our Noses

According to the Xamalicious malware report by McAfee, there were about 25 different apps that carried this threat, resulting in the Google Play malware being installed over 330k times cumulatively. These apps have been in distribution since mid-2020, which is a terrifying thought considering just how much damage they might have done during this time. The apps were removed from the Google Play App Store proactively by the company, but those who still have the apps on their device without being aware of the threat are likely still exposed to the Xamalicious Android backdoor malware. 

How the Xamalicious Android Backdoor Malware Works

The Xamalicious Android backdoor malware was built on the Xamarin open-source framework that allows for the development of Android and iOS apps using .NET and C#. The backdoor then attempts to acquire accessibility privileges by convincing the user that it is necessary for the app to function, and while Android devices do throw up warnings regarding this, users are often unaware of the true extent of the threat they face and provide permission anyway. According to McAfee’s Xamalicious malware analysis, the code was originally written in .NET and compiled into a dynamic link library (DLL) and then compressed and embedded into a BLOB file or directly placed in the APK’s/assemblies directory. When the app runs, this code is loaded by a native library (ELF) or the DEX file. In simple terms, reversing the DLL assemblies can be straightforward in some cases, while in others, additional steps are needed to unpack them.

You should typically find the malicious code in two assembly files named core.dll and a <package-specific>.dll in the /assemblies directory of the Android Application Package (APK). Some variants of the malware hide the DLL assemblies through obfuscation to make it harder for analysts to study the malicious code, while others keep the original code visible. The malware communicates with its server to load a second-stage payload if the infected victim is a good target, parceling various bits of information from the user such as the device details, the geo-locations, apps installed on the device, etc. The accessibility permissions grant the Xamalicious Android backdoor malware freedom to misuse the device in many ways from spying on the user to impersonating them.

Xamalicious Malware Report: What Did It Do?

Considering the Google Play malware was installed over 330k times, it must have accomplished something in the period. McAfee found a link between the Xamalicious Android backdoor malware and an app that used to be available on the Google Play Store before it was taken down—Cash Magnet. The Cash Magnet app was originally marketed as a passive income service where the app would automatically interact with ads and other monetized tasks that would then generate points for the user. The points were then supposed to be converted into redeemable rewards for the user, promising up to $30 per month just to maintain the app on your device.

Google soon removed the ad from the store but apps like “Letterlink” and “Dots: One Line Connector” were poorly disguised replicas of the same app and likely served the same function, using your device as the path towards ad fraud. The report found that users in the USA, Brazil, and Argentina were most affected, along with the UK, Spain, and Germany as well. 

The Xamalicious malware report about the Google Play malware being installed 330k times is not the only evidence we have of malware bypassing the restrictions Google places and making its way to our Android devices. Kaspersky, another cybersecurity service provider, reported that there were over 600 million downloads of various malicious apps from the Android store in 2023. The report provides an analysis of the various apps that were on the store, for example, iRecorder was a screen-recording app that also silently turned the users’ microphones on every 15 minutes to collect data that was sent to its servers. Similarly, 38 Minecraft app clones were also discovered on the Play Store, all of which had hidden adware that would misappropriate the user’s device for ad farming. 

With the number of apps available on these app stores, many malicious apps may slip through the cracks and infest your phone with unnecessary, dangerous malware that can damage the life of your device and expose you to various threats. It is essential to become more careful about the apps we download, keeping the numbers to a minimum to reduce the number of threats we expose ourselves to. If a more regulated platform like the Google Play App Store can hold so many threats, it is likely much worse on third-party platforms that are more lax with their security. Avoid downloading from unverified sources and be very selective about providing accessibility permission to the apps that you use on your devices. 

The post The Xamalicious Malware Report: Google Play Malware Installed Over 330K Times appeared first on Technowize.