Connect with us

Security

Kaspersky raises alarm over security breaches through apps

Published

on

Cybersecurity firm, Kaspersky, has raised an alarm over security breaches, which emanated from apps downloads.

According to it, the target has primarily become mobile devices. Kaspersky noted that in 2019 the number of worldwide mobile phone users is expected to reach 4.68 billion of which 2.7 billion are smartphone users.

It noted that with smartphone users increasing, it makes users more vulnerable. Kaspersky said with several unsecured Wi-Fi connections, network spoofing, phishing attacks, ransomware, spyware and improper session handling – mobile devices make for the perfect easy target. In fact, according to Kaspersky mobile apps are often the cause of unintentional data leakage.

General Manager for Kaspersky in Africa, Riaan Badenhorst, said: “Apps pose a real problem for mobile users, who give them sweeping permissions, but don’t always check security. These are typically free apps found in official app stores that perform as advertised, but also send personal – and potentially corporate – data to a remote server, where it is mined by advertisers or even cybercriminals.

“Data leakage can also happen through hostile enterprise-signed mobile apps. Here, mobile malware uses distribution code native to popular mobile operating systems like iOS and Android to spread valuable data across corporate networks without raising red flags.”

In fact, according to recent reports, six Android apps that were downloaded 90 million times from the Google Play Store were found to have been loaded with the PreAMo malware, while another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30 million Android devices. Surveillance malware was also loaded onto fake versions of Android apps such as Evernote, Google Play and Skype.

Kaspersky said considering that as of 2019, Android users were able to choose between 2.46 million apps, while Apple users have almost 1.96 million app options to select from, and that the average person has 60-90 apps installed on their phone, using around 30 of them each month and launching nine per day – it’s easy to see how viral apps take several social media channels by storm.

Enterprise Sales Manager at Kaspersky in Africa, Bethwel Opil, “In this age where users jump onto a bandwagon because it’s fun or trendy, the Fear of Missing Out (FOMO) can overshadow basic security habits – like being vigilant on granting app permissions.

In fact, accordingly to a previous Kaspersky study, the majority (63 per cent) of consumers do not read license agreements and 43 per cent just tick all privacy permissions when they are installing new apps on their phone. And this is exactly where the danger lies – as there is certainly ‘no harm’ in joining online challenges or installing new apps.”

However, it is dangerous when users just grant these apps limitless permissions into their contacts, photos, private messages, and more. “Doing so allows the app makers possible, and even legal, access to what should remain confidential data. When this sensitive data is hacked or misused, a viral app can turn a source into a loophole which hackers can exploit to spread malicious viruses or ransomware,” Badenhorst added.

Kaspersky advised that online users should be mindful and be more careful when it comes to the Internet and their app habits including: only download apps from trusted sources. Read the reviews and ratings of the apps as well; select apps you wish to install on your devices wisely; read the license agreement carefully; pay attention to the list of permissions your apps are requesting. Only give apps permissions they absolutely insist on, and forgo any programme that asks for more than necessary; avoid simply clicking “next” during an app installation; for an additional security layer, be sure to have a security solution installed on your device.

“While the app market shows no signs of slowing down, it is changing. Consumers download the apps they love on their devices which in turn gives them access to content that is relevant and useful. The future of apps will be in real-world attribution, influenced by local content and this type of tailored in-app experience will lead consumers to share their data more willing in a trusted, premium app environment in exchange for more personalised experiences. But until then, proceed with caution,” Opil said.

Source: https://guardian.ng/business-services/business/kaspersky-raises-alarm-over-security-breaches-through-apps/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Firm introduces new cyberthreat detection service

Published

on

By

Sophos, a global leader in network and endpoint security, has announced the availability of a fully managed threat hunting, detection and response service, called Sophos Managed Threat Response.

The firm said the re-sellable service would provide organisations with a dedicated 24/7 security team to neutralise the most sophisticated and complex threats.

According to a statement, these threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally.

“Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes, and Sophos MTR helps eliminate this threat,” it said.

The Chief Technology Officer at Sophos, Joe Levy, said cybercriminals were adapting their methods and increasingly launching hybrid attacks that combined automation with interactive human ingenuity to more effectively evade detection.

He said, “Once they gain a foothold, they’ll employ ‘living off the land’ techniques and other deceptive methods requiring human interaction to discover and disrupt their attacks.

“For the most part, other managed detection and response services simply notify customers of potential threats and then leave it up to them to manage things from there.

“Sophos MTR not only augments internal teams with additional threat intelligence, unparalleled product expertise, and round-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralise even the most sophisticated threats.”

Source:
https://punchng.com/firm-introduces-new-cyberthreat-detection-service/

Continue Reading

Security

Google now treats iPhones as physical security keys

Published

on

By

The latest update to Google’s Smart Lock app on iOS means you can now use your iPhone as a physical 2FA security key for logging into Google’s first-party services in Chrome. Once it’s set up, attempting to log in to a Google service on, say, a laptop, will generate a push notification on your nearby iPhone. You’ll then need to unlock your Bluetooth-enabled iPhone and tap a button in Google’s app to authenticate before the login process on your laptop completes. The news was first reported by 9to5Google.

Two-factor authentication is one of the most important steps you can take to secure your online accounts, and provides an additional layer of security beyond a standard username and password. Physical security keys are much more secure than the six digit codes that are in common use today, since these codes can be intercepted almost as easily as passwords themselves. Google already lets you use your Android phone as a physical security key, and now that the functionality is available on iOS it means that anyone with a smartphone now owns a security key without having to buy a dedicated device.

Attempting to log in to a Google service will send a push notification to your phone over Bluetooth.

The new process is similar to the existing Google Prompt functionality, but the key difference is that Smart Lock app works over Bluetooth, rather than connecting via the internet. That means your phone will have to be in relatively close proximity to your laptop for the authentication to work, which provides another layer of security. However, the app itself doesn’t ask for any biometric authentication — if your phone is already unlocked then a nearby attacker could theoretically open the app and authenticate the login attempt.

According to one cryptogopher working at Google, the new functionality makes use of the iPhone processor’s Secure Enclave, which is used to securely store the device’s private keys. The feature was first introduced with the iPhone 5S, and Google’s app says that it requires iOS 10 or later to function.

The new iPhone support appears to be limited to authenticating Google logins from the Chrome browser. When we attempted to use an iPhone to authenticate a login of the same service (we tested with Gmail) using Safari on a MacBook, we were prompted to insert our key fob (which we don’t have), meaning it created an extra step in our login process where we had to pick an alternative 2FA option.

Source:
https://www.theverge.com/2020/1/15/21066768/google-iphone-ios-security-key-2-factor-authentication

Continue Reading

Security

Samsung made a fingerprint-secured portable SSD

Published

on

By

Portable SSDs have become quite popular lately but only a handful of them offer proper security so Samsung is taking matters into its own hands by introducing the T7 Touch with fingerprint reader identification. This way you can rest assured that your sensitive data is safe even if you misplace the actual drive.

Samsung made a fingerprint-secured portable SSD

The T7 Touch succeeds the T5 from last year by offering a capacitive fingerprint scanner and AES 256-bit hardware encryption and password for added security. Moreover, the T7 Touch boasts about 1 GB/s read and 1 GB/s read speeds, which is almost twice as fast as its predecessor.

Connectivity options include USB-C to USB-C and USB-C to USB-A while the connector of the device supports 10Gbps speeds over USB 3.2 (Gen 2).

The T7 Touch comes in three flavors – 500GB for $129, 1TB for $229 and 2TB for $399 with planned availability this month. The available paint jobs of the titanium case are black and silver and the whole thing weighs just 58 grams.

Source:
https://www.gsmarena.com/samsung_made_a_fingerprintsecured_portable_ssd-news-40949.php

Continue Reading
Advertisement

Trending

%d bloggers like this: