Subterms
Image: Getty/Jamie Grill Cyber criminals are actively exploiting remote management software to aid phishing scams and steal money from victims, a joint advisory by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has warned. The warning comes following the discovery of an email phishing campaign that tricks victims into downloading […] More
The process shouldn’t take more than a couple of minutes.Now that you’re done, make sure to store your keys in separate places (I have one in use and another as backup, but you might want one for home and another for the office, or whatever works for you).Don’t keep both in the same place — such as on the same keyring. That way if you lose one, you’ll lose both. More
Image: Maskot / Getty Developers across government and industry should commit to using memory safe languages for new products and tools, and identify the most critical libraries and packages to shift to memory safe languages, according to a study from Consumer Reports. The US nonprofit, which is known for testing consumer products, asked what steps […] More
Image: Apple Apple has once again released a patch for a likely critical flaw affecting the iPhone 5s, iPhone 6, and older iPads — models for which it rarely provides security. Along with patches in iOS 16.3 and macOS Ventura this week, Apple released a rare patch in the iOS 12.5.7 update to […] More
An Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims. The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer offence. He was sentenced to two years and eight months’ imprisonment, said the Australian Federal Police (AFP), which gathered evidence from website registrations suspected of being used to facilitate the phishing scams.It noted that these sites were used to target customers of local telecommunications providers and financial institutions. Phishing activities were believed to have begun in 2018, when victims were lured into entering their personal data on the fraudulent websites. The information then was used to access the victims’ phone and bank accounts and create new accounts. Investigations into the crime kicked off in September 2021, with the AFP working alongside the NSW Police Cybercrime Squad to execute a search warrant at the man’s home in November. SIM cards, bank cards, electronic devices, mobile phones, and storage devices were amongst items seized from his home.AFP said they were able to link the man to more than AU$100,000 stolen from the accounts of 39 people. He was arrested on November 24, 2021. The police also worked with Commonwealth Bank of Australia, National Australia Bank, and local telco Telstra to identify victims who provided their personal details to the phishing sites. Additional security protocols were implemented to prevent further funds from being stolen from these account holders, which AFP said stopped further theft of another 16,147 Australians.AFP’s spokesperson Chris Goldsmid said: “Scammers will use any tools they can to exploit people for their own profit. The internet and other new technologies provide opportunities to remotely access potential victims. We encourage Australians to protect themselves against phishing scams by carefully reviewing emails or SMS messages before clicking on any links.”The Singapore government last year also urged the need for shared responsibility, after a massive phishing scam involving 790 customers of OCBC Bank resulted in losses totalling SG$13.7 million ($10.18 million). The Consumers Association of Singapore (CASE) this past week issued two alerts via its Facebook page, including one yesterday, to warn consumers of phishing email claiming to be its officers and directing recipients to fraudulent websites for monetary compensation. Targeted victims were given fake ticket numbers of disputes or claims and asked to click on a chat icon to access the phishing sites to receive updates or money. CASE said its IT systems and database were secured and had not been compromised. It added that the police had been notified of the scams. Following OCBC’s phishing incident, Singapore banks rolled out a “kill switch” as part of security measures the government mandated to safeguard against future scams. Consumers also were urged to access their accounts via mobile banking apps, instead of web browsers, to minimise risks. RELATED COVERAGE More
Shutterstock Way back on Android 8, Google introduced a protected folder in the Files application that password protects access to any files within. That protected folder is called Safe folder and it’s built-in and free to use. If you’re uncertain as to why you might need to use such a file, consider this: You have […] More
Like any form of multi-factor authentication (MFA), Security Keys for Apple ID is designed to ensure that you’re the only one who can access your account — in this case, your Apple ID account. If used correctly, it can provide you with an extra layer of protection against phishing, social engineering scams and many other cyber attacks. The idea is that even if a hacker does know your password, they can’t access your account without also having access to the physical key.The first layer of authentication is your Apple ID username and password. In this case, the physical key is the second layer of authentication — you need it in your possession to access your account, something which prevents attackers from remotely stealing MFA access codes sent using an app or SMS. Because while MFA applications do help to keep accounts secure, hackers can still remotely intercept codes. If your account is protected with Security Keys for Apple ID, it’s much harder for someone to access your account, because not only would they need your password, they’d need physical access to your device and your hardware key. More
Image: Getty Cyber criminals are making less money from ransomware attacks as victims increasingly refuse to pay their ransom demands. Analysis by cryptocurrency and blockchain company Chainanalysis suggests that ransom payments dropped by 40% last year, declining from $765.6 million in 2021 to $456.8 million in 2022. Meanwhile, cybersecurity researchers at Coveware have also suggested that […] More
