Apple Will Release a Special iPhone for Security Research Purposes

Apple will release a special modified iPhone for research purposes only. With new software installed within its operating system, this modified iPhone is set to be a part of Apple’s bug-bounty program. While Apple’s bug-bounty program was initially introduced in 2016, this is the first time such iPhones will be used for this service.  

These new iPhones will be included in Apple’s iOS Security Research Device Program and will only available to the security research team. The program supplies security researchers with this uniquely modified iPhone to which these analysts will use to help with making security-related improvements. This would make it easier for ‘experienced bug hunters’ to work on Apple products. 

These modified iPhones will have “advanced debugging capabilities and a root shell, among other modifications designed to make the software more open and accessible for researchers,” says Lisa Eadicicco of Business Insider

In August, Apple announced that the new Research Device Program is one of many updates in their bug-bounty program. They have yet to announce how many applications they will accept into this program. Apple will pay a $1 million reward to researchers who find flaws and to whoever could take control of a device with no user interaction involved. The company will expand their bug-bounty program, so it will include most of Apple’s products, such as the Apple Watch, Mac computers, and their Apple TV, in addition to the current iOS.

Cybercriminals Impersonate These Well-Known Companies in Phishing Emails

Suspicious emails coming through to your mailbox? Does the email claim to be from Microsoft and need your login information to fix an unfounded issue? Cybercriminals increasingly send victims emails such as these, impersonating large-scale companies to appear legitimate, and it’s not only Microsoft impersonations. From Facebook to Amazon, to Paypal and Netflix, it’s a good idea to double check where those emails are actually coming from.

Cybersecurity company Vade Secure conducted an analysis of companies that were most impersonated and found that Microsoft was one of the most used brands in phishing schemes, with an increase of 15.5% since the previous year. Due to the popularity in Outlook mail and Office365, Microsoft is a widely popular impersonation target. With businesses and corporations relying on Office365 for keeping restricted and sensitive files, hackers look for any means necessary to get their hands on such valuable information. Access to Office365 accounts can also open more doors for targeting other users to gain access to more accounts. 

Illegitimate emails claiming to be from Microsoft ask users to log in via a link provided by the hacker and open up a spoof page that mirrors the actual website, prompting users to input their login credentials and submitting it to the cybercriminal.

Paypal comes out as the second most common company to be used in phishing schemes, as the brand is easily recognizable by many. While Paypal still remains a popular choice in targeting victims with fake emails, malicious URL targeting has been declining.

The third most popular company to be used in a phishing attack is Facebook, as Vade Secure tracked a 176% increase in fake URL use to target users’ social media accounts. The social network acts as a perfect opportunity for hackers to send phishing messages to victims’ friends. Facebook access can particularly be harmful if victims have third party applications connected, to which cybercriminals can also access. 

The report further lists other brands like Netflix, Bank of America, and Apple that are also used in these emails. Amazon is now the eighth most popular brand for phishing use by hackers, and its use has grown over 400% in just a year, this likely due to the popularity in Amazon Prime Day and the extensive number of shoppers on the site. 

Phishing attacks are continuously utilized by hackers due to the cheap and easy way it reaches a mass of users. If you receive any such suspicious emails in your inbox, mark it as spam immediately. If you are ever unsure about your account, log in through the company’s official site instead of clicking on malicious email links.

Google Study Reveals Many People Are Still Using Breached Passwords

Recently, a Google study showed that about 316,000 passwords have already been breached and are still in use. These used password credentials also include financial and governmental accounts. The information used to create this study was from Google Chrome’s Password Checkup extension. Google recently stated on their blog, “The study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking.”

The Password Checkup Extension activates when someone signs into a site, which uses one out of 4 billion username/passwords that Google finds unsafe due to a third-party breach. Google found out that out of 21 million passwords and usernames, 1.5% of these sign-ins were risky. They also stated that many people like to reuse passwords that tend to be vulnerable, which puts them at risk. People use vulnerable passwords when it comes to entertainment and news websites, and sometimes on shopping sites where there could be credit card information stored. About 26 percent of unsafe passwords were reset by users. In addition to that, 60 percent of those new passwords are secured, leaving out the possibility of guessing attacks, which would take a hacker over a hundred million guesses before figuring out the user’s new password. 

Not changing used passwords can lead to cybercriminals gaining unauthorized account access. There have been “credential-stuffing incidents”, which affected companies like Dunkin Donuts and State Farm. Hackers would use lists of breached usernames and passwords to log in to web application accounts through automated requests. When the right username and password combination are found, cybercriminals can gain access to the targeted account. 

Google recommends using their Password Checkup Extension as a precautionary measure to alert users of whether their password has been breached. It is good practice to use different passwords for all your accounts and store them in a secure password manager application. As always, avoid using simple-to-guess passwords and instead use phrases with numbers and symbols. 

New Trojan Malware Spreads via Word Document

There’s a new trojan malware spreading through malicious Word documents, and cybercriminals are using this virus to steal personal information and sensitive banking details. The malware, Ursnif trojan, attacks Windows operating systems and is popular with hackers since its main source code was leaked, becoming a more widely available option for cybercriminals to take advantage of. This type of trojan has existed in different forms over the years, starting in 2007 when the code first surfaced in the Gozi banking trojan. 

Since the code was leaked, hackers have customized it to their liking, stealing banking account information and other valuable account details. Cybersecurity firm Fortinet has identified a new version of the trojan that spreads through Word documents, it’s file format name: “info_[date].doc.” The hacker attaches a malicious macro script to launch once the document’s macros (a series of operations done through a single command) have been enabled.  

The macros can be enabled by clicking “Enable Content” which releases a VBA code that drops a version of the Ursnif malware onto the victim’s computer. This malware then runs “iexplorer.exe” processes to connect to a command and control server on the hacker’s end. In an effort to sway user suspicion, the host list for the server refers to security companies as well as Microsoft. 

Researchers have stated that the campaign is still operating. Even though these techniques might seem a little basic, an easy phishing email attack could give these cybercriminals a chance to invade networks and initiate an extensive cyberattack. 

As always, be mindful of the emails you receive, especially those with unsolicited document attachments, and check the sender email address to verify if the email is spam. When in doubt, directly contact the company referenced in the email using a phone number provided on the actual website.

iPhone Settings Changes That Will Help Your Battery Life Last Longer

Our iPhone batteries never last long enough because we rely on it for nearly everything. From searching up places to eat, to ordering an Uber, to relying on our device for hours of scrolling through social media – we never have enough battery life that lasts for an entire day. To combat quick battery drainage, there are small adjustments you can make to your phone just from a few Settings adjustments! Switching to Low Power Mode, turning off your location services, turning off automatic downloads, lowering your screen brightness and disabling push notifications all help you save more power to get the most use out of your phone. 

Another modification you can make to your iPhone is limiting the Background Refresh feature. With this feature you have the option to turn it off or only use Wi-Fi. To do this you would first go into your Settings, and then tap on General, and click on Background App Refresh. You could also pick and choose which apps you want to refresh instead of having all of them refresh automatically. To do this, just follow the same steps as above, but instead of clicking the Background App Refresh, start scrolling down to see the apps that are on your iPhone and turn off/on the ones you want!

To check which apps take up most of your battery life, you would go to your Settings app, then click on Battery, and then scroll down to the subsection where it states Battery usage by app. This shows you the percentage of the apps you use and how much of your battery life each app is eating up.

A few other small tips to help with your phone’s battery are: 

  • Enabling airplane mode in areas with poor reception
  • Using Wi-Fi instead of cellular internet when you have access to it (However, be wary of Unsecured Wi-Fi networks. Avoid conducting online business that involves inputting personal or sensitive information when on public Wi-Fi).
  • Turning off Wi-Fi and Bluetooth when you are not using it 
  • Turning off your Location Services

Hackers Gained Access to Sprint Customer Accounts via Samsung Site

Image Source: iStock.com/TennesseePhotographer

As reported on Tuesday, July 16, Sprint has confirmed that a data breach took place through  Samsung’s website, in which hackers were able to access customers’ accounts. There is no detail on how many of such accounts were breached through this occurrence.

The data breach took place on June 22nd, to which Sprint had notified consumers that information such as first and last names, billing addresses, phone numbers, account numbers and more were compromised. According to a statement provided through their website, Sprint stated how the information collected by hackers does not allot for the possibility of fraud or identity theft to occur. After the breach, Sprint had “taken appropriate action” in securing customer accounts to avoid another mishap such as this from happening again. The carrier company also noted how fraudulent activity has yet to be detected. 

On June 25th, Sprint had reset its customers’ Personal Identification Numbers (PINs) in case hackers had breached consumer accounts through PIN. Hackers could have likely gained access to account PINs via a Boost Mobile breach that occurred back in March (Boost Mobile uses Sprint’s network). 

Sprint’s spokesperson emailed CNET stating that “credit card and social security numbers are encrypted and were not compromised” when the data breach happened. Another spokesperson from Samsung had stated that fraudulent activity was detected through hackers using Sprint account information on Samsung’s main website. The spokesperson continues: “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”

Zoom Conference App Vulnerability Allowed Unauthorized Access to Mac Users’ Video Cameras

 

A researcher, Jonathan Leitschuh, claimed that Zoom users that use Apple’s Mac computers were left unprotected and could have had their computer camera hacked. This application glitch allowed any user to force other users into joining Zoom calls, turning on their camera without permission. Leitschuh, the one who discovered this flaw, stated in his blog, “This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.”

Leitschuh discovered how to expose the flaw by switching the Participants option from “Off” to “On.” When he notified the public about this vulnerability, users on social media put it to the test – and it was a frightening success. In addition, even if a user deletes Zoom from their Mac, a hacker could reinstall it. As a quick and temporary fix to this issue, users can go into their Zoom settings and click on “Turn off my video when joining a meeting.” 

Leitschuh gave Zoom a 90 day window to repair this issue. Over 40 million people who use Zoom are exposed to potential invasion of privacy. He was not convinced with the quick fix Zoom came up with. The company commented that the issue is still ongoing, however, on Tuesday, they stated that had begun to fix this matter. 

Apple recently released a silent update to patch the vulnerability on users’ Zoom apps. The update is deployed without the need for user interaction and effectively stops the possibility of web servers activating a user’s video camera without permission.

Cybercriminals Are Using Domain Fraud to Trick Victims into Using Forged Websites

Cybercriminals are using top level domains (TLD) to their advantage, performing domain fraud in the hopes of directing user traffic towards their own registered sites. Domain fraud happens when hackers register a domain that is made to look legitimate by using, for example, typos in the site name. The domains are meant to imitate real company names.  

In the instance of typo use, these lookalike domains replace letters that are easy to go unnoticed without a second glance. For example, cybercriminals can replace “m” with  “r” and “n” combined and easily trick site visitors into thinking the domain is legitimate. These illegitimate sites with typo-registered domains can be used for phishing schemes in which a hacker may attach their domain link to an email made to look like it came from a real company source. After clicking on the link, victims would be directed to a fake site that asks for users to log in, thereby allowing hackers to steal sensitive credentials. Cybercriminals also use their fake sites for other means like selling counterfeit products of a well-recognized brand. 

Researchers at Proofpoint noted how there has been an 11% increase in malicious domain registrations in 2018, with retail brand sites the main target for such domain fraud. 96% of organizations as part of Proofpoint’s customer base had noticed that their domains were copied as is, with the only exception being the domain name extension change (i.e. .net, .co, .info). 

Due to the extensive variety in domain name extensions, cybercriminals have found it much easier to register domains that copy actual business sites or brand names. Alongside this, the European Union’s General Data Protection Regulation allows privacy for domain registrars thereby making it much more difficult to track cybercriminals. 

Cybersecurity experts warn users to always check the URL for a safety certificate – in which HTTPS is used rather than HTTP – to ensure a fraudulent site isn’t used. However, hackers can always use safety certificates to their advantage, posing their site as one that is legitimate. In this case, it’s always best to double-check the URL spelling or do a quick search on Google to find the actual company site. 

Walmart’s New AI-Camera Technology Can Prevent Theft at Checkout

Image Source: iStock.com/artran

Computer vision technology has been implemented in over 1,000 Walmart stores. This type of technology is called the Missed Scan Detection which helps checkout registers recognize if items have passed by the scanner without being scanned and immediately notifies the attendant. Walmart’s surveillance system is being upgraded by applying this new technology at their kiosk stations and their registers. 

AI is surely becoming a part of our everyday lives as large retailers like Walmart begin to rely on these systems for daily operations. The ultimate goal of computer vision technology is to prevent revenue loss and theft, which, in 2017, turned out to be a big problem for many U.S. retailers who lost up to $47 billion. Since the system was installed, Walmart stated that they have had decreased theft, losses, and errors.

Walmart hasn’t been the only large retailer to use AI. Amazon has been investing in Artificial Intelligence as well, however, the approach is a little different. They have produced a smooth and cashier-less experience for their customers in their own Go stores. 

Aside from it’s anti-theft technology, Walmart also recently opened an AI-powered store to supervise their large inventory. This makes it easier for employees to keep track of when stocks are running low and order items on time before supply runs out.

Instagram is Testing New Feature That Can Help Users Combat Hackers Stealing Accounts

Image Source: iStock.com/bigtunaonline

Instagram is working on putting user account security at a high priority by making it more difficult for hackers to steal accounts to hold them hostage for ransom or sell for high profit.  

Hackers are after big influencer accounts in a scheme reported by Motherboard which involves cybercriminals targeting big name Instagrammers. The attack works through an email link that – once clicked – directs users towards a fake Instagram login page. Once a hacker steals the login credentials and has access to the account, victims are unable to sign-back in or regain access to their own profiles, as hackers change both the recovery email address and phone numbers associated with the account.

Instagram had previously acknowledged the problem of users having difficulty in accessing their accounts, to which the company had advised in setting up two-factor authentication as well as implementation of stronger passwords, but adding these extra steps of security doesn’t exactly help when a cybercriminal has already accessed an account. Phishing links have been used as a primary means of tricking influencers into signing into bogus login pages made to look authentic. Furthermore, if an influencer has used the same account credentials that were previously involved in a data breach elsewhere, cybercriminals can use this information to their advantage to gain access to an account

After users have long complained about Instagram’s lack of responsibility and initiative in taking care of the hacker issue, the company recently announced new ways of combating this ransom tactic.

If a user can’t log in to his/her page, Instagram gives one the option of sending a six-digit authentication code to the account’s original phone number or email address that was used when the account was first created. Any other devices used by hackers that are logged in will be logged out, allowing a user to recover their page by resetting their email and password. This feature is currently under testing. 

Image Source: Instagram

 

Instagram has also promised to bring another feature – one already available for Android users – to iOS. The feature allows a user to change their Instagram handle while also allowing one to maintain their previous handle for 14 days. This upcoming update is meant to deter any hackers from taking popular usernames to sell for profit. After the 14 day period is over, the username becomes available for anyone to use.