Categories
Uncategorized

Making two-factor authentication much stronger in two easy steps

Add Your Heading Text Here

Share it:

Disabling lock-screen notifications on iPhone:

iPhone users have a bit more flexibility in notification settings. First of all, you can set up notification previews in general:

  • Open Settings;
  • Go to Notifications;
  • Tap on Show Previews at the very top if you want to turn off lock-screen notifications all at once.
  • Select When Unlocked or Never

In iOS, you can fine-tune the balance of convenience and privacy. If you prefer to keep some notification previews on your lock screen and hide only those that contain sensitive information, you can choose another approach and set up this option individually for each app:

  1. Again, open Settings;
  2. Go to Notifications;
  3. Tap on the app in question, for example, Messages;
  4. Scroll down to the option for showing previews and select either When Unlocked or Never.

Disabling lock-screen notifications on Android:

Android settings can vary a bit depending on version and device — and there’s quite a number of them. With that said, it’s impossible to make an ultimate guide, so poke around a bit if necessary.

  1. Open Settings;
  2. Go to Apps & Notifications, then Notifications;
  3. Choose On the lock screen;
  4. Choose either Don’t show notifications or Show notifications but hide sensitive content.

Most Android versions don’t allow you to set up lock-screen notifications individually for each app; however, in Samsung’s version of the OS you can do it.

Don’t forget to protect your SIM card:

Removing notifications from your lock screen is a good start, but our job isn’t done yet. You see, it isn’t a phone that actually receives text messages, but rather a tiny piece of plastic no one thinks about much: a SIM card. It’s incredibly easy to remove a SIM card from one phone, insert it into any other phone, and receive your calls and messages — including messages with 2FA one-time codes.

It’s pretty easy to protect yourself from that kind of information theft — just set up a PIN code request for your SIM card. Here’s how to do it on an iPhone:

  1. Open Settings;
  2. After a fair bit of scrolling, tap on Phone;
  3. Go to SIM PIN;
  4. Switch SIM PIN on;
  5. Enter your current PIN. If you never set one, use the default code set by the operator — you can find it in your SIM starter kit;
  6. Tap on Change PIN to use custom code instead of the default one;
  7. Enter your current PIN;
  8. After that enter your new PIN code, and enter it once again for confirmation.

For Android (again, it may be slightly different in your phone):

  1. Go to Settings, then Security & Location;
  2. Choose SIM card lock and Lock SIM card;
  3. When prompted, enter the SIM PIN. If you didn’t set one up, find the default SIM PIN in the documentation from your SIM card;
  4. Choose Change SIM PIN;
  5. Enter the old PIN;
  6. Enter a new PIN (and again, for confirmation).

Now every time your phone is restarted or the SIM card is inserted in another phone, you’ll need to enter the PIN code, or else it won’t start. You’re set — at least as far as two-factor authentication codes go.

source:  kaspersky

Categories
Uncategorized

Mobile Malware and Where to Find Them

Add Your Heading Text Here

Share it:

Our smartphones and tablets know almost everything about us — from contact details to bank card numbers and current location. This information is a goldmine for cybercriminals. As a result, the Web is full of all kinds of pests out to grab anything lying around (or carelessly typed).

Spyware

Spyware is the name given to programs that, yes, spy on people. Like hidden cryptominers, spyware tries to lie low on your smartphone for as long as possible, which tends to make it very difficult to detect.

Some types of spyware steal data — anything from user names and passwords to photos and geolocation data; other types stick to the spy game, recording audio, shooting videos, and so on.

Here’s what such malware is capable of:

  • Stealing your e-mails and text messages (both SMS and IM) and forwarding them to cybercriminals,
  • Recording phone conversations,
  • Sending your device’s GPS coordinates to scammers,
  • Revealing your browser history and clipboard contents,
  • Stealing personal or work documents, or any files from your phone,
  • Turning on the microphone and/or camera and sending out secretly recorded photos, audio, and video,
  • Stealing social media and online bank account details,
  • Collecting system information.

For example, the Trojan spyware Skygofree starts recording audio when the owner of the infected device is in a place selected by the spyware operators; it also harvests browser history, user names, passwords, and card numbers. It then connects to Wi-Fi all by itself and transfers the booty.

Keyloggers

Spyware can be general-purpose or specialized. For example, keyloggers are malware programs that log keystrokes on the keyboard. Sure, modern phones have only virtual keys, but that’s even better for keyloggers. Some masquerade as alternative keyboards, making it child’s play to pick up what the user taps.

Banking Trojans

Another specialized breed of spyware, banking Trojans steal data linked to bank cards and apps. These monsters are quite popular with hackers because they provide a direct route into other people’s accounts.

Banking Trojans come in a variety of flavors, and in many cases they combine an array of functions. For example, many can overlay the banking app interface with their own, making it seem as though the user is entering data in the banking app while in fact giving it to the Trojan, which logs the details and feeds them into the banking client so that the user suspects nothing. Also, in many cases, mobile banking Trojans intercept SMS messages from banks containing confirmation codes or information about withdrawals.

Source:    Kaspersky Lab

Categories
Uncategorized

HACKERS STEAL 50 MILLION FACEBOOK USERS’ ACCESS TOKEN USING ZERO-DAY FLAW

Add Your Heading Text Here

Share it:

As of the second quarter of 2018, Facebook had 2.23 billion monthly active users.  In the third quarter of 2012, the number of active users had surpassed one billion, making it the first social network ever to do so. Active are those which logged into Facebook during the last 30 days.

Facebook is already under heavy fire since the revelation that consultancy firm Cambridge Analytica had misused data of 87 million Facebook users to help Donald Trump win the US presidency in 2016.

And now, the recent revelation which was reported on Friday 9/28/2018, having a zero-day flaw residing in the “View As” feature located on users timeline.

The feature has been disabled and a reset done on compromised (50 million) accounts and other (40 million) accounts

What the view as a feature means on Facebook:

After clicking to view, Facebook will direct you to your Facebook page that people who aren’t your Facebook friends can see.

If you can see certain posts and photos, this means those posts and photos are available for public eyes because you posted with a public privacy setting.

Facebook has admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access token for more than 50 million accounts.

The vulnerability allows hackers to steal secret access tokens that could then be used directly access users’ private information without required their original account password or validating two-factor authentication code.

Attack was discovered three days ago (on 25 September) and an investigation is ongoing. Meanwhile, the vulnerability has been patched.

These recent revelation has once again underlined the failure of the social-media giant to protect its users’ information while generating billions of dollars in revenue from the same information.