An experienced CYBER SECURITY ANALYST dealing in transborder crimes on phones,computers,threat intelligence, bug hunting,.... White hat hacking and Repairing phones and reviewer of new technology gadgets
Friday, January 31, 2020
On 28/1/2020 it was reported that avast was stealing user data and selling it...Are you safe?
The anti-virus giant Avast has announced shutting down one of its subsidiaries called Jumpshot after the company was found stealing user data and selling it for big bucks.
On January 28th, 2020 based on the investigation by PCMag and Vice, Avast was secretly stealing browsing data from millions of its customers and selling it to third-parties. Some of its active buyers included Google, Pepsi, IBM, Yelp, Microsoft, TripAdvisor, and Unilever, etc.
Avast’s data collection worked or still works in such a way that the software collects all of your browsing data which is then accessed by Jumpshot. The latter in return takes it and uses it as a part of what makes up its product offerings.
An example of it is Avast’s “All Clicks Feed” which lets companies access your behavior on the internet and any clicks you make on any particular range of domains. Reportedly, Avast sold user data to one of its New York-based customer for a hefty sum of $2,075,000.
However, in a blog post published on 30th January Avast CEO Ondrej Vlcek apologized to their customers and announced shutting down Jumpshot.
“Jumpshot has operated as an independent company from the very beginning, with its own management and board of directors, building their products and services via the data feed coming from the Avast antivirus products,” Vlcek added.
“During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018, as it was a rigorous legal framework addressing how companies should treat customer data. Both Avast and Jumpshot committed themselves to 100% GDPR compliance. “
This is not the first time when Avast made headlines for stealing customer data. In December last year, Google banned Avast security extensions including AVG security over data snooping.
Nevertheless, the damage for Avast is done and it may be too late to apologize or shutting down Jumpshot. As a customer, the main purpose of using anti-virus software is to protect our data from online crooks, malicious hackers and cybercriminals and Avast has turned out to be all three.
On January 28th, 2020 based on the investigation by PCMag and Vice, Avast was secretly stealing browsing data from millions of its customers and selling it to third-parties. Some of its active buyers included Google, Pepsi, IBM, Yelp, Microsoft, TripAdvisor, and Unilever, etc.
Avast’s data collection worked or still works in such a way that the software collects all of your browsing data which is then accessed by Jumpshot. The latter in return takes it and uses it as a part of what makes up its product offerings.
However, in a blog post published on 30th January Avast CEO Ondrej Vlcek apologized to their customers and announced shutting down Jumpshot.
“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable. For these reasons, I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect,” wrote Vlcek in his blog post.Vlcek also maintained that Jumpshot did not break GDPR rules and committed themselves to 100% GDPR compliance.
“Jumpshot has operated as an independent company from the very beginning, with its own management and board of directors, building their products and services via the data feed coming from the Avast antivirus products,” Vlcek added.
“During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018, as it was a rigorous legal framework addressing how companies should treat customer data. Both Avast and Jumpshot committed themselves to 100% GDPR compliance. “
This is not the first time when Avast made headlines for stealing customer data. In December last year, Google banned Avast security extensions including AVG security over data snooping.
Nevertheless, the damage for Avast is done and it may be too late to apologize or shutting down Jumpshot. As a customer, the main purpose of using anti-virus software is to protect our data from online crooks, malicious hackers and cybercriminals and Avast has turned out to be all three.
Thursday, January 30, 2020
The cyber security status of top 100 airports,where is ENTEBBE?
New research from web security company Web finds that 97 out of 100 the world’s largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
The 2020 annual meeting of the World Economic Forum (WEF) urged the consideration of emerging cybersecurity challenges in the aviation industry, addressed in its “Advancing Cyber Resilience in Aviation: An Industry Analysis” report.
To shed some light on the current state of aviation transportation security, ImmuniWeb decided to conduct research on cybersecurity, compliance and privacy of the world’s largest airports.
Key findings
Top 3 Most Secure Airports:
During the research, ImmuniWeb identified three international airports that successfully passed all the tests without a single major issue being detected:
— Amsterdam Airport Schiphol (EU)
— Helsinki-Vantaa Airport (EU)
— Dublin Airport (EU)
— Helsinki-Vantaa Airport (EU)
— Dublin Airport (EU)
Main Website Security:
Application weaknesses and software vulnerabilities continue to be the most common means by which cyber criminals carry out external attacks says Forrester in its recent research.
Regrettably, only 3 main (“www.”) websites of the airports received the best possible “A+” grade, 15 got an “A” grade:
As many as 24 of the main websites had a failing “F” grade, meaning that they had outdated software with known and exploitable security vulnerabilities in CMS (e.g. WordPress) and/or web component (e.g. jQuery). Some of the websites even had several vulnerable components as detailed below:
— 97% of the websites contain outdated web software
— 24% of the websites contain known and exploitable vulnerabilities
— 76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively
— 24% of the websites have no SSL encryption or use obsolete SSLv3
— 55% of the websites are protected by a WAF
— 24% of the websites contain known and exploitable vulnerabilities
— 76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively
— 24% of the websites have no SSL encryption or use obsolete SSLv3
— 55% of the websites are protected by a WAF
Mobile Application Security:
During this research, we found and tested 36 official mobile applications belonging to the airports. In total, 530 security and privacy issues were identified, including 288 mobile security flaws (15 per application on average). We found that:
— 100% of the mobile apps contain at least 5 external software frameworks
— 100% of the mobile apps contain at least 2 vulnerabilities
— 15 security or privacy issues are detected per app on average
— 33.7% of the mobile apps outgoing traffic has no encryption
— 100% of the mobile apps contain at least 2 vulnerabilities
— 15 security or privacy issues are detected per app on average
— 33.7% of the mobile apps outgoing traffic has no encryption
Dark Web Exposure, Code Repositories and Cloud:
Compared to the Fortune 500 companies’ exposure, global airports are doing fairly well. For the purpose of this research, ImmuniWeb leveraged its award-winning AI technology to distil findings from the Dark Web marketplaces and other locations, notably to remove duplicates, fakes and irrelevant findings.
After purification of the results, the research team found that 66 out of the 100 airports are exposed on the Dark Web in one way or another. 13 airports have leaks or exposures of a critical risk:
— 66% of the airports are exposed on the Dark Web
— 72 out of 325 exposures are of a critical or high risk indicating a serious breach
— 87% of the airports have data leaks on public code repositories
— 503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
— 3% of the airports have unprotected public cloud with sensitive data
— 72 out of 325 exposures are of a critical or high risk indicating a serious breach
— 87% of the airports have data leaks on public code repositories
— 503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
— 3% of the airports have unprotected public cloud with sensitive data
Ilia Kolochenko, CEO & Founder of ImmuniWeb, comments: “Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming. Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity. Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of travellers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.
Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure the success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”
How to Reduce the Risks
— Implement a continuous security monitoring system with anomaly detection to spot intrusions, phishing and password re-use attacks.
— Run a continuous discovery and inventory of your digital assets, visualize your external attack surface and risk exposure with an Attack Surface Management (ASM) solution enhanced with Dark Web and code repositories monitoring.
— Implement a holistic, DevSecOps-enabled application security program to test and remediate your web and mobile applications, APIs and OSS in a timely manner
— Implement a third-party risk management program encompassing continuous monitoring of your vendors and suppliers going beyond a paper-based questionnaire.
— Invest in security awareness of your personnel, explain the risks of using professional emails on third-party resources, gamify anti-phishing training and reward the best learners.
Wednesday, January 29, 2020
Protect your phone number to protect your identity
Back in the day, a phone number was simply a piece of contact information, a way for your friends and family to call you. Nowadays, companies use phone numbers to identify you or prove who you are by texting security codes or calling for verification.
Think about the many ways you use your phone number. You include it when you sign up on websites or log into an app. You give it to your favorite store as part of their loyalty program and share it to receive text alerts from your bank. You use it when you need to reset a password or login to your accounts using two-factor authentication.
That also means that with your phone number and some other information, like your birthday or address, bad guys have a better chance of impersonating you and getting to your personal data and accounts.
Here are a few ways to secure your phone number to protect your identity from the bad guys.
- Don’t overshare your mobile phone number. Don’t share your phone number online (social media, comments sections , untrusted apps, etc.) or provide it to strangers.
- Think about where your number is used. Keep a running list of the companies and accounts that use your phone number to prove who you are.
- Consider using a landline number. For situations where a phone number is an identifier for discounts and loyalty rewards, like grocery stores, consider using a landline or other non-mobile number.
- Unsubscribe from text alerts. Text messages from companies, like your airline or bank, can be convenient. But sometimes there are other ways they can contact you. Some companies have apps so you can receive updates without including your phone number.
- Set up an extra layer of protection for your wireless account. For example, AT&T customers can add a passcode to their account.
- Secure your mobile device. Lock your phone when it’s not in use and avoid bad apps.
Aside from the risk for identity theft, giving out your phone number can lead to spam calls, phone scams or unsafe text messages that have links to malware.
Bottom line: it’s important to secure both your personal information and your mobile number. The next time an app, a company or a stranger asks for your mobile number, take a moment to decide whether you really need to give it out.
What's the way forward with ever changingtechnology?
With technology advancing as quickly as it is, it seems like it’s always time for a new smartphone, tablet or other gadget. When you get it, you probably can’t wait to turn it on and see what it can do. But as you set up your new device, that’s the perfect time to set up your safety features to better protect yourself from the bad guys.
Here are a few tips to get started.
Set Up Strong Personal Security
Depending on the kind of device, there are multiple ways to lock and unlock it, including passcode, fingerprint, pattern-based lock or facial recognition. Use a long passcode number or a passphrase to strengthen the security. Short codes are easier to break. The pattern-based lock is less secure because scammers can trace the trail your fingers leave on the screen.
Adjust the time it takes before your phone to automatically lock. The shorter, the better – this helps prevent a bad guy from picking up an unattended phone and getting past your lock screen.
Most phones come with the option for encryption. Enable this feature. The device will then translate your data and information into a secret code that is hard for fraudsters to see.
Keep Your Phone Updated
Many people think the newest smartphones always include the latest operating systems. However, some phone-makers roll out updates within weeks after launching a new device. It’s important to update your operating system and apps regularly to make sure you have the latest security features.
Download Trusted Apps
Bad guys often create apps that promise one thing, but also steal passwords, get your personal information and potentially take over your phone. Make sure you only install trustworthy apps, and download a security protection apps.
Make sure your old device is ready to say “goodbye.”
When you turn in your old device, make sure you don’t trade in all your personal information, too.
Also, remember to back-up your data often. If you ever lose your phone or its contents, you’ll still have another place where your photos, files and contacts are stored.
Fear over sharing of intelligence info as Huawei takes on 5G network implementions in UK,
While Boris Johnson previously argued that Huawei’s work on the British 5G network won’t affect ties between London and Washington, Mike Pompeo warned that the US takes a dim view of the Chinese company’s involvement.
The United Kingdom’s decision to allow Huawei to have a role in the country’s 5G networks does not affect Britain’s ability to securely share intelligence data, a spokesman for UK Prime Minister Boris Johnson announced on 29 January.
Previously, Johnson himself dismissed concerns that Huawei’s involvement could negatively impact London’s cooperation with Washington.
This development comes as US Secretary of State Mike Pompeo, who arrived in London just ahead of Brexit, announced his intent to explain to British officials the alleged dangers of relying on Huawei to roll out the UK’s next-generation 5G network, a move which he claimed would create a “real risk” to security.
"Our view of Huawei is putting it in your system creates real risk. This is an extension of the Chinese Communist Party with a legal requirement to hand over information to the Chinese Community Party," Pompeo said. "We'll evaluate what the United Kingdom did.... But our view is we should have Western systems with Western rules and American information should only pass across a trusted network. We'll make sure we do that."
US officials have long maintained that Huawei has been engaging in surveillance activities on behalf of the Chinese government; said allegations, however, have been vehemently denied by the Chinese authorities.
Two satellites may collide, leaving debris that may interfere orbiting of other satellites in the LEO
IRAS satellite
Close encounters of a third kind may not be as exciting as they sound. It was recently reported that two American defunct satellites in low Earth orbit could potentially crash into each other this evening. If this crash occurs it could result in hundreds of pieces of debris that could interfere with the paths of other satellites.
The NASA Infrared Astronomical Satellite (IRAS) and the United States Naval Research Lab’s Gravity Gradient Stabilization Experiment (GGSE-4) will fly by each other this evening. The two satellites will be between 43 feet to 285 feet around 6:39pm EST nearly 600 miles above Pittsburgh, Pennsylvania. Both satellites are traveling at around 32,000 mph.
There is a 1 in 1,000 chance that the satellites will collide. At first glance, the crash appears to be very unlikely. However, Dr. Jonathan McDowell, an astronomer at the Harvard-Smithsonian Center for Astrophysics remarked, “We start getting worried when it's 1 in 10,000, so 1 in 1,000 is unusual and it might actually be a lot worse than that.”
Depiction of Low Earth Orbit debris, image via NASA
The GGSE-4 only weighs 190 lbs, but the IRAS weighs a whopping 2,400 lbs. Their collision would result in at least a few hundred pieces of debris that would remain in orbit. The debris could interfere with other, larger satellites that are still in commission.
NASA’s IRAS was originally launched on January 25, 1983 to survey the sky at infrared wavelengths. Its mission only lasted ten months, but during that time it was able to capture images of the Milky Way’s core and other interesting discoveries. The GGSE-4 was launched in 1967 and was part of a United States intelligence mission. Its mission included intercepting radar emissions from Soviet Union vessels. It was decommissioned in the 1970s and part of its mission was declassified in 2005.
Since both satellites are now defunct, there is no way to communicate with them. All anyone can do at this point is to wait and see. Many astronomers are concerned about the number of satellites in orbit. The number of collisions and amount of debris will likely increase as companies such as SpaceX continue to launch satellites into orbit. Dr. McDowell further stated that, “If we're going to allow this large number of satellites, then we have to require more investment in the tracking and the sort of traffic control of them.” Perhaps the threat of this collision will encourage government programs and companies to further analyze how to control their satellites once they are in orbit.
The NASA Infrared Astronomical Satellite (IRAS) and the United States Naval Research Lab’s Gravity Gradient Stabilization Experiment (GGSE-4) will fly by each other this evening. The two satellites will be between 43 feet to 285 feet around 6:39pm EST nearly 600 miles above Pittsburgh, Pennsylvania. Both satellites are traveling at around 32,000 mph.
There is a 1 in 1,000 chance that the satellites will collide. At first glance, the crash appears to be very unlikely. However, Dr. Jonathan McDowell, an astronomer at the Harvard-Smithsonian Center for Astrophysics remarked, “We start getting worried when it's 1 in 10,000, so 1 in 1,000 is unusual and it might actually be a lot worse than that.”
Depiction of Low Earth Orbit debris, image via NASA
The GGSE-4 only weighs 190 lbs, but the IRAS weighs a whopping 2,400 lbs. Their collision would result in at least a few hundred pieces of debris that would remain in orbit. The debris could interfere with other, larger satellites that are still in commission.
NASA’s IRAS was originally launched on January 25, 1983 to survey the sky at infrared wavelengths. Its mission only lasted ten months, but during that time it was able to capture images of the Milky Way’s core and other interesting discoveries. The GGSE-4 was launched in 1967 and was part of a United States intelligence mission. Its mission included intercepting radar emissions from Soviet Union vessels. It was decommissioned in the 1970s and part of its mission was declassified in 2005.
Since both satellites are now defunct, there is no way to communicate with them. All anyone can do at this point is to wait and see. Many astronomers are concerned about the number of satellites in orbit. The number of collisions and amount of debris will likely increase as companies such as SpaceX continue to launch satellites into orbit. Dr. McDowell further stated that, “If we're going to allow this large number of satellites, then we have to require more investment in the tracking and the sort of traffic control of them.” Perhaps the threat of this collision will encourage government programs and companies to further analyze how to control their satellites once they are in orbit.
Friday, January 24, 2020
How to avoid OTT on small phones
Since the beggining of the error of OTT tax, I discovered a simple way of helping those with small phones who couldn't use VPN!This technich is to avail those with small phones and had no mobile money access but needed to use Facebook. This simple technique can allow one to log to twitter,Facebook on opera,firefox,and all browsers. It also helps to log into Facebook on a mini Facebook lite app,and Instagram on Firefox and opera.Take a look at the screen shots on how to go about it in the settings.
This simple trick also works on symbian,BlackBerry and all chinese is
On Android you edit as in the screen shots below
I have many tricks and you can change those settings in many ways onball sim networks
USA's FBI hacked the iPhone 11..I have always told you my fellow Africans that you cannot hide yourselves from the intelligence bodies like CIA,MOSSAD,MI15/16
In the past, Apple has repeatedly refused to unlock the iPhone for the FBI pleasing its fan base with the notion that it indeed has no secret backdoor to your smartphone. Yet, this sadly did not mean that the iPhone was unhackable.
In fact, there have been numerous instances including strange cases such as when a teenager hacked Apple twice. No massive black hat teams sitting behind a plethora of big screens, literally a teenager.
Now, another incident is on the rise with it being reported that the FBI can unlock all iPhones using Graykey – a product of Grayshift, an Atlanta based company. Moreover, this is not the first time that the tool has been in the headlines for helping unlock any iPhone using brute force techniques.
As reported by Thomas Brewster from Forbes, a search warrant of a United States District Court for Ohio dated October 16 of last year confirms the use of such a device to obtain forensic data:
The iPhone in question was an 11 Pro Max belonging to Baras Ali Koch, a man alleged to have helped his brother escape the U.S following an arrest order using Baras’s passport. An alarming thing emerging from this is that it was expected that iOS 13 would finally guard against such attacks but alas, it doesn’t seem to get any better.
What if the iPhone was already unlocked? To debunk this, Thomas reports that Forbes themselves confirmed from Koch’s lawyer, Ameer Mabjish, that the device was locked. Adding further, he stated that
“Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware.”
We also analyzed an application of a search warrant as shown below which clearly shows the suspect’s iPhone locked in an attachment within.
It is important to note though that the FBI is not the only government agency to possess such tech. Previously, the Immigration Customs and Enforcement Authority (ICE) has made hefty purchases in the past amounting to over $1.2 million.
This though poses another question, if the FBI can hack any iPhone in this way, why ask Apple for help? The reason is that Apple has been stepping up its efforts on the side such as introducing a USB restricted mode with iOS 12 which prevents tools like Graykey from working. Moreover, the tool would not be a success in all cases as certain measures can be taken to resist i
To start with, since a brute force technique is being used, you can start using longer digit passcodes instead of the more often used 4 digit ones. To put this in perspective, Caleb from PIA explains by stating that:
“It takes Graykey an average of 6.5 minutes to crack a four-digit passcode. For a six-digit passcode, the time needed is 11.1 hours on average. A 10 digit passcode, the maximum allowed, requires Graykey an average of 4629 days to average.”
However, we’re still wondering why Apple has failed to implement measures that resist tools like Graykey under normal conditions. Is it something intentional while maintaining a public stand to appease both governments and its users or is it a coincidence? What do you think? Let us know in the comment section.
Nevertheless, this is not the first time when Feds have unlocked an iPhone device without Apple’s help. In 2016, the FBI used Israel based firm CellebriteCellebrite to unlock the iPhone 5C device of San Bernardino suspected shooter
Thursday, January 23, 2020
Clear view app can be used by police to get information about any cyber criminal by merely getting his or her photos
Clearview app is not for personal use but only for law enforcement authorities, the company emphasizes.
China has been for a long time the poster face of conducting mass surveillance on its citizens. This has been attributed to its use of advanced AI-powered algorithms being able to facially recognize anyone on the streets. Yet, it seems like it won’t be the only state to do so for long.
Recently, it has been revealed in an investigation by the New York Times that a startup named Clearview AI has developed a facial recognition app that allows anyone to snap a picture of a stranger anywhere and instantly learn about their name, address and any other details available online.
How it does this is no secret. By scrapping images available from social networking services like Facebook and YouTube, the company records number over 3 billion pictures, far more than the databases of law enforcement agencies such as the FBI which has over 641 million images of U.S Citizens comprising of passport and driver’s license photos. Therefore, it is no surprise that over 600 U.S law enforcement agencies like the FBI and the Department of Homeland Security are already Clearview’s customers.
But the crucial question is, what are the implications of such a service being available?
Firstly, it has been reported by The Times that the app has assisted in solving crimes ranging from minor misdemeanors like shoplifting to indictable offenses such as murder, sexual exploitation, and credit card fraud.
While this is a good thing, it needs to be realized that it could turn bad pretty quickly too. States could use it as a tool to monitor the lives of citizens at a very personal level. Additionally, since we cannot expect the tech to be 100% accurate, false positives can end up getting innocent people blamed for crimes they did not commit.
But that’s not all. Since one needs to upload photos to Clearview’s servers, who makes sure those photos are secure? We’ve seen billion-dollar companies suffering from breaches, what makes this small company bulletproof?
Moreover, currently, we’ve only seen a few cities like San Francisco banning the app with there being no federal law regulating their use. This is expected to change with their being a significant focus on making laws governing facial recognition as a result of increasing advocating for such.
As an example, several civil rights groups like the American Civil Liberties Union have complained of such systems, primarily like those of Amazon stating,
“We demand that Amazon stop powering a government surveillance infrastructure that poses a grave threat to customers and communities across the country.”
On the other hand, when it comes to the mass public, although the app is not available for them currently, it is highly probable that it will be in the near time. With this, we’ll see stalkers stepping up their game and a rise in cyberbullying.
However, not everyone is criticizing the startup. According to Detective Constable in the Sex Crimes Unit Canadian Law Enforcement,
“Clearview is hands-down the best thing that has happened to victim identification in the last 10 years. Within a week and a half of using Clearview, [we] made eight identifications of either victims or offenders through the use of this app "
To conclude, social media platforms must learn from this expose and work on finding ways to avert the scraping of their data on a large scale. If they do that, all of these apps will find it difficult to engage in such business. Meanwhile, if government agencies are going to indeed use it, they should at the very least urge the app’s management to take the strictest of security precautions.
Subscribe to:
Posts (Atom)
FARDC and Wazalendo claim that many M23 have been neutralized and several villages liberated .
This Saturday 21/12/24 the village of KANYAMBI, a major stronghold of the M23_RDF in the Lubero territory was retaken by the Congolese army ...
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...