Connect with us

Security

Hackers Used Microsoft Email Accounts to Steal Users’ Cryptocurrency, Report

Published

on

In worsening news for users of Microsoft’s email services like Outlook, Hotmail and MSN, several cryptocurrency holders affected by a recent hack allege that the hackers responsible stole their crypto, as reported by Vice’s Motherboard on April 29.  

One victim claimed on a Dutch tech forum to have lost just over 1 bitcoin (BTC), or almost $5,400 at press time, when hackers used his email account to reset his password and gain access to his Kraken account on March 31st.  Several Reddit users attested to similar experiences.  

According to Microsoft, the initial breach took place between January 1st and March 28th of this year, though according to others it may have extended for six months. Hackers initially reached consumer emails via a Microsoft support agent account.  

Microsoft’s initial email statement to affected users assured them that hackers may have accessed email metadata like contacts, “but not the content of any e-mails or attachments.”  

Two days later, however, reports surfaced that hackers had indeed been able to read email content.  

Microsoft has yet to respond to the latest escalation of this security breach.  

This comes just a week after an Independent Security Evaluators report on a “blockchain thief” who has stolen millions in ether by guessing weak private keys, as well as Coinbene’s continued denial of losing over $100 million to a hack in March.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

25 million Android devices hijacked by ‘Agent Smith’ malware

Published

on

By

Agent Smith has taken over more than 25 million Android devices in newly found malware that is rampant

Some new information has come out of some security researchers, according to the researchers a new form of malware called ‘Agent Smith’ has hijacked over 25 million Android units.     The security firm called Check Point has recently released a new press release that details the malware, saying that once the malware is installed it begins to look for common apps and replace them with malicious versions of them. The apps that are infected by Agent Smith begin to display crooked ads designed for financial manipulation and gain.   According to Check Point’s Head of Mobile Threat Detection Research, Jonathan Shimonovich, “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.” At the moment, most of the infected devices are located in India and surrounding counters, as the malware is distributed through 9Apps which as third-party app store that is popular within those countries.     The origins of the malware have been linked back to China, and according to the security researchers the developers attempted to get some infected apps on the Google Play Store and actually successfully managed to get 11 apps on there. Since the discovery of Agent Smith, Google has removed these apps.   Jonathan Shimonovich gave a statement on the malware, saying “This application was as malicious as they come. Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”

Read more: https://www.tweaktown.com/news/66572/25-million-android-devices-hijacked-agent-smith-malware/index.html

Continue Reading

Security

Microsoft adds new ‘passwordless’ sign-in option with latest Windows 10 20H1 test build

Published

on

By

Microsoft is continuing to roll out new Windows 10 20H1 test builds with incremental new features regularly. On July 10, the company delivered Windows 10 Build 18936 to 20H1 testers in the Fast Ring

Today’s test build adds a new “Make your device passwordless” sign-in option in Settings. By going to Settings > Accounts > Sign-in options and turning on the passwordless option, users will switch all Microsoft accounts on that Windows 10 device to use Windows Hello Face, Fingerprint, or PIN only. As Microsoft notes in its post on today’s test build, this feature is rolling out to a “small portion” of Insiders and will go to more within a week. 

Speaking of passwordless, Microsoft also made available today a public preview of FIDO2 security keys support in Azure Active Directory, which means users can try out the ability to deliver at scale FIDO2 security keys authenticating a user on a Windows 10 Azure Active Directory-joined device.  

Today’s build also adds a new option to create a quick event from the Taskbar by clicking on the date in the taskbar. Users will see a calendar flyout so they can pick their desired date and set a time and location more quickly this way. 

Microsoft also is expanding the availability of the phone screen feature in its Your Phone companion app to more PCs. This feature will be available on Surface Laptop and Laptop 2; Surface Pro 4, 5 and 6; Surface Book and Surface Book 2 starting with Build 18936. 

Source: https://www.zdnet.com/article/microsoft-adds-new-passwordless-sign-in-option-with-latest-windows-10-20h1-test-build/

Continue Reading

Security

July 2019 security patches are out for Google Pixel phones and Essential Phone

Published

on

By

Today marks the first day of July and we are now already halfway through 2019. More importantly, a new month means it’s time for new Android security updates. The patches for this month have been released for the entire Pixel family and the trusty Essential Phone is following closely behind as usual.

There are a few important functional patches for the Pixel 3Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 2, and Pixel 2 XLthis month. Users should notice improved “OK Google” and music detection. The July Android security updates are also rolling out to the Google PixelPixel XL, and Essential Phone. One device that has reached the end of its Android security cycle is the Pixel C, which received its last update in June.

July’s security patches are now available for Open Market customers. Check your Essential Phone for the latest pic.twitter.com/hc9WxrtFd8

— Essential (@essential) July 1, 2019

Pixel July 2019 ImprovementsDevices
HotwordImproves “OK Google” and music detectionPixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
BootloaderFixes an issue for some devices getting stuck during bootPixel 3, Pixel 3 XL
BootloaderFixes an issue for some devices getting stuck in EDL mode with a blank screenPixel 3, Pixel 3, XL, Pixel 3a, Pixel 3a XL
UIImproves Unicode Japanese language supportPixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
PerformanceImproves Titan M modulePixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL

The OTA files and factory images for the Pixel devices can be found at the links below. Find the Android security files for your device and click “Link” to start the download. To flash the update manually without losing all of your data, follow the steps outlined in this tutorial. The OTA Android security update for the Essential Phone has just started rolling out.

DeviceFactory ImageOTA Files
Pixel 3a XLLinkLink
Pixel 3aLinkLink
Pixel 3 XLLinkLink
Pixel 3LinkLink
Pixel 2 XLLinkLink
Pixel 2LinkLink
Pixel XLLinkLink
PixelLinkLink
Essential PH-1N/ALink

Android Security Bulletin | Pixel Update Bulletin

Source: https://www.xda-developers.com/july-2019-security-patches-are-out-for-google-pixel-phones-and-essential-phone/

Continue Reading
Advertisement

Trending

%d bloggers like this: