Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Passwords. Show all posts

Apple's Shield Shattered: The Critical Flaw in iPhone Theft Defense

 


Several weeks ago, Joanna Stern from the Wall Street Journal reported that an increasing number of iPhone thieves have been stealing their devices from restaurants and bars and that one criminal was earning up to $300,000. 

During these attacks, it was common for thieves to observe their victims entering their passcodes before stealing their devices, changing their Apple ID passwords, and disabling Find My iPhone so that they could not be tracked or wiped remotely. With the help of this Keychain password manager, a thief can easily lock victims out of accounts (such as Venmo, CashApp, other banking apps, etc.) by using their passwords. 

However, Stolen Device Protection helps protect users against this vulnerability in two main ways. Users must use Face ID or Touch ID authentication (with no fallback for the passcode) to change important security settings such as Apple ID passwords or device passcodes when the feature is enabled. In addition to this, it also introduces a one-hour security delay before users can adjust any of these security settings. 

Essentially, this is intended to give victims enough time to mark their iPhones as lost before a thief can change them crucially. With the release of iOS 17.3 last week, Apple made sure that it included much anticipated features such as Collaborative Apple Music Playlists and AirPlay hotel integration. 

The biggest highlight of iOS 17.3 was the Stolen Device Protection, but we found that it was not as secure as we originally thought it would be. This is a new feature of iOS 17.3 called Stolen Device Protection that prevents bad actors from completing crucial actions such as changing your Apple ID password if they have your passcode. The purpose of this is to prevent bad actors from completing critical operations such as changing your passcode. Thus, you are unable to track the iPhone or mark it as stolen if someone stole it. 

In familiar locations such as your home and workplace, the iPhone Stolen Device Protection feature is turned off by default. However, there is a fatal flaw here. It is difficult for users to set familiar locations manually on the iPhone, as it learns your habits and automatically marks familiar locations as familiar locations. 

As a result, if you frequent the same bar or cafe over and over again, the Stolen Device Protection feature might not work, and it will be marked as a familiar place. There are two ways in which you can fix this problem. For example, the new feature automatically detects when an iPhone has been stolen, secures the device by using Face ID or Touch ID authentication, and then allows the user to change or modify any passwords stored on the device. Also, it would be necessary to wait for one hour with a mandatory time delay before any of the changes would be locked in. 

As a result of the cool-down period, users can report or mark the iPhone as lost before making any changes to it before making any changes to the devices. As ThioJoe pointed out in the post, users who have Significant Locations enabled will not be able to call upon the increased security layers if they have Significant Locations enabled on their devices. 

According to Apple, once a user starts frequenting a certain location, that location will be deemed 'significant'. As well as using this data to suggest journals, store memories, and display photos, it uses other data too. Furthermore, Apple is now also utilizing this technology to protect stolen devices after they have been lost or stolen. 

Furthermore, ThioJoe explains that users have no control over Significant Locations, which, means that once your iPhone finds itself in a Significant Location, all the protection features of the device are nullified by that moment. According to Apple, the feature, which is buried in the iPhone's settings menu, will add an extra layer of security to the iOS operating system. 

The security update addresses a vulnerability that has been exploited by thieves, allowing them to lock victims out of their Apple accounts, delete their pictures and other files from their iCloud accounts, and empty their bank accounts by using the Keychain Password Manager passwords that they keep in their accounts. Anecdotal evidence suggests that phone thefts are on the rise due to Apple's introduction of this feature. 

Incidents of stolen phones are prevalent on online forums like Reddit and in news articles across various locations, ranging from Los Angeles to London. Common tactics employed by thieves include pickpocketing, "table surfing," and moped snatching, as reported by law enforcement. The Wall Street Journal previously highlighted criminal activities where perpetrators observed individuals entering passcodes on stolen phones to access personal information. 

To counteract such security concerns, Stolen Device Protection has been introduced, designed to monitor a user's "familiar locations," such as their home or workplace. When attempting certain actions on the device outside these recognized places, additional biometric security measures are enforced. This approach aims to reduce the reliance on passcodes, susceptible to theft through various means, in favour of more secure "biometric" features like facial recognition or fingerprints, which are significantly harder to replicate.

Currently, as Apple works on developing a more robust solution, a temporary workaround involves disabling the Significant Locations feature on your iPhone. This can be done by accessing the Settings app, navigating to Privacy & Security, and selecting Location Services > Significant Locations. This feature prompts the device to request Face or Touch ID authentication when Stolen Device Protection is active. Although this serves as a temporary resolution, it is anticipated that Apple will enhance and refine this feature in future updates to provide a more comprehensive and secure solution.

Torrent Service Data Breach: What You Need to Know

 

A significant data breach has affected one of the top pirate providers, according to recent developments. Security and safety issues about online torrenting platforms have been brought up by the breach, which was found by experts in cybersecurity.
According to reports from TechRadar Pro, the breach exposed a significant amount of user data, potentially affecting thousands of users. Personal information, including email addresses, usernames, and hashed passwords, were among the data compromised. This breach has sent shockwaves through the online torrenting community, prompting users to reevaluate their online security measures.

Tech enthusiasts and torrent aficionados frequent these platforms for various reasons, including accessing hard-to-find content or sharing files among peers. However, this breach serves as a stark reminder of the risks associated with using such services.

Tech.co reports that the breach highlights the importance of maintaining strong, unique passwords and implementing additional security measures like two-factor authentication. Additionally, users are advised to be cautious about sharing sensitive information online and to regularly monitor their accounts for any suspicious activity.

Cybersecurity experts have urged affected users to change their passwords immediately, not only on the compromised torrent service but also on any other accounts where they may have used the same login credentials. This proactive approach can help mitigate the potential fallout from the breach.

The breach also emphasizes the need for torrent service providers to prioritize cybersecurity measures. Implementing robust encryption protocols and regularly updating security systems can go a long way in safeguarding user data.

Users and suppliers in the online torrenting community should take note of the recent data leak in a well-known torrent service. In today's digital world, vigilance, strong passwords, and extra security measures are essential. Users can enjoy a safer online experience and strengthen their defenses against potential breaches by implementing these precautions.





Unlocking Key Stretching: Safeguarding Your Passwords for Enhanced Security

 

To bolster the security of our digital accounts, it's imperative to fortify our passwords or passphrases. Much like how keys and locks can be vulnerable, not all passwords provide ample protection.

Security experts have devised various techniques to bolster password security, including hashing, salting, peppering, and notably, key stretching. Key stretching is a cryptographic method employed to amplify the security of passwords and passphrases. It is particularly crucial in cases where the original password lacks ample randomness or length to withstand different types of attacks, such as brute force or dictionary attacks. Key stretching fortifies a password or key by subjecting it to multiple hashing processes.

Also referred to as key strengthening, this process usually entails taking a relatively feeble and short password or cryptographic key and applying a cryptographic function or algorithm to generate a sturdier and lengthier key. This is repeated until the desired level of security is achieved. The objective is to make it computationally arduous and time-consuming for an attacker to retrieve the original key, even if they possess a hashed or encrypted version of it.

Key stretching plays a pivotal role in applications necessitating a high degree of security, like online accounts, financial transactions, and safeguarding data. It is instrumental in assuring the safety of stored passwords and cryptographic keys, ultimately leading to the protection of user data and the upholding of trust.

To understand how key stretching operates, consider a straightforward example: envision your password is something as common as "iloveyou." It's widely known that such a password is highly susceptible to attacks, as it frequently appears in brute-force wordlists and dictionaries. In fact, it would take an attacker less than 30 seconds to crack it and gain access to your account. This is where the concept of key stretching becomes invaluable.

Key stretching takes this vulnerable password and subjects it to a series of hashings, resulting in something longer and more intricate. For instance, "iloveyou" transforms into "e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae." However, the process doesn't end there.

After this new password is hashed again, it becomes "bc82943e9f3e2b6a195bebdd7f78e5f3ff9182ca3f35b5d415cf796ab0ce6e56." And once more, it is hashed to produce "46e95d6374c00c84e4970cfe1e0a2982b2b11b1de9343a30f42675a2154a28f5." This can be repeated as many times as desired.

Fortunately, there are libraries available for key stretching that can handle this process for you. Popular key stretching algorithms include PBKDF2, scrypt, Argon2, and bcrypt, with bcrypt and PBKDF2 being widely recognized.

Key stretching and salting are both crucial techniques in bolstering password security. They complement each other in fortifying the strength of passwords.

Key stretching involves subjecting passwords to multiple rounds of hashing, transforming a weak password into a more secure version. Salting, on the other hand, entails appending a unique string of characters to the password before hashing, adding an extra layer of complexity.

Remarkably, these two techniques can be employed together to further enhance password strength. The salt is integrated from the start, bolstering the weak password before it undergoes the hashing process. In essence, key stretching and salting work in tandem, fortifying and safeguarding sensitive information with an additional layer of protection.

Key stretching is pivotal in systems relying on password-based encryption and authentication. It mitigates the risk of weak or easily guessable passwords by making it computationally demanding for attackers to recover the original password or key, even if they possess hashed or encrypted versions. This makes it a vital component of security in various applications, such as safeguarding stored passwords and securing cryptographic keys.

In summary, key stretching significantly augments the security of passwords and cryptographic keys. It transforms feeble, easily guessable passwords into robust and intricate keys, greatly enhancing resistance against brute force and dictionary attacks. By implementing techniques like key stretching and salting, we fortify our defenses against potential threats, ensuring the security of our data and accounts.

Passkeys vs Passwords: The Future of Online Authentication

 

In the realm of online security, a shift is underway as passkeys gain traction among tech giants like Apple, Google, Microsoft, and Amazon. 

These innovative authentication methods offer a more seamless login experience and bolster cybersecurity against threats like malware and phishing. However, traditional passwords still hold their ground, allowing users to retain control over their security preferences.

A password is a unique combination of characters, including upper and lower case letters, numbers, and symbols, used to verify a user's identity. While originally designed to be memorized or manually recorded, they can now be securely stored online with tools like NordPass.

Passkeys, the technologically advanced successors to passwords, rely on PINs, swipe patterns, or biometric data (such as fingerprints or facial scans) for identity verification. They leverage the WebAuthn standard for public-key cryptography, generating a unique key pair on user devices, making them impervious to theft or forgetfulness.

Passkey vs Password: Security Comparison

Passkeys and passwords vary fundamentally in design, approach, and effectiveness in securing accounts. Here are some key distinctions:

Cybersecurity:

Passwords are susceptible to hacking, especially those with fewer than 10 characters. Passkeys, on the other hand, utilize biometric data and cryptographic methods, drastically reducing vulnerability. Only with access to the user's authenticator device and biometric information can a passkey be breached.

Convenience:

Creating, recalling, and managing complex passwords can be arduous and time-consuming, leading to 'password fatigue.' Passkeys, once set up, facilitate quick and seamless authentication, eliminating the need to remember multiple passwords.

Login Success Rate:

Passkeys have a significantly higher success rate compared to passwords. Recent data from Google revealed that while passwords succeed only 13.8% of the time, passkeys boasted a success rate of 63.8%.

Popularity:

Although passkeys are gaining traction, they are not yet universally supported. Familiarity with passwords and concerns over passkey error handling and biometric privacy contribute to their slower adoption.

The Evolution of Authentication

While passkeys represent a significant leap forward in security and user-friendliness, the demise of passwords is a gradual process. The established dominance of passwords, spanning over half a century, requires a patient transition. Behavioral habits and the need for technological refinement play pivotal roles in this shift.

Presently, passkey usage is seldom mandatory, allowing users to choose their preferred verification method. For sites exclusively supporting passwords, outsourcing password management is advisable, with various free tools available to assess password strength.

In conclusion, the future of online authentication is evolving towards passkeys, offering a more secure and user-friendly experience. However, the transition from passwords will be a gradual one, shaped by technological advancements and user behavior.

1Password's Swift Response to Okta Data Breach

Prominent password manager provider 1Password has shown excellent reaction and transparency following the recent Okta data leak issue. The breach forced 1Password to take measures to protect its users' security after it affected multiple organizations and possibly exposed sensitive user data.

1Password, a widely trusted password manager, has detected suspicious activity related to the Okta breach. The company acted promptly to mitigate any potential risks to its users. This incident highlights the critical role password managers play in safeguarding personal information in an increasingly interconnected digital landscape.

The Okta data breach in late October exposed a substantial amount of sensitive information, including usernames, passwords, and other authentication credentials. This incident raised alarms across the cybersecurity community, as Okta serves as an identity and access management provider for numerous organizations.

1Password's swift response sets an example for other online services in handling such incidents. The company has confirmed that all logins are secure and has implemented additional security measures to fortify its users' accounts. This includes enhanced monitoring for any suspicious activity and immediate alerts for any potential compromise.

1Password has a history of prioritizing user security, and this recent incident demonstrates their commitment to upholding the trust placed in them by millions of users worldwide. It serves as a reminder of the importance of using reputable password managers to fortify one's online security.

In light of this breach, it is recommended that users take proactive steps to further secure their accounts. This may include enabling multi-factor authentication, regularly updating passwords, and monitoring accounts for any unusual activity.

1Password's commitment to user security is demonstrated by its prompt and resolute reaction to the Okta data incident. It is impossible to overestimate the significance of strong password management given how quickly the digital world is changing. To protect their online identities, users are urged to exercise caution and take preventative action.

Guidelines on What Not to Share with ChatGPT: A Formal Overview

 


A simple device like ChatGPT has unbelievable power, and it has revolutionized our experience of interacting with computers in such a profound way. There are, however, some limitations that it is important to understand and bear in mind when using this tool. 

Using ChatGPT, OpenAI has seen a massive increase in revenue resulting from a massive increase in content. There were 10 million dollars of revenue generated by the company every year. It, however, grew from 1 million dollars in to 200 million dollars in the year 2023. In the coming years, the revenue is expected to increase to over one billion dollars by the end of 2024, which is even higher than what it is now. 

A wide array of algorithms is included in the ChatGPT application that is so powerful that it is capable of generating any text the users want, from a simple math sum to a complex rocket theory question. It can do them all and more! It is crucial to acknowledge the advantages that artificial intelligence can offer and to acknowledge their shortcomings as the prevalence of chatbots powered by artificial intelligence continues to rise.  

To be successful with AI chatbots, it is essential to understand that there are certain inherent risks associated with their use, such as the potential for cyber attacks and privacy issues.  A major change in Google's privacy policy recently made it clear that the company is considering providing its AI tools with the data that it has collected from web posts to train those models and tools.  

It is equally troubling that ChatGPT retains chat logs to improve the model and to improve the uptime of the service. Despite this, there is still a way to address this concern, and it involves not sharing certain information with chatbots that are based on artificial intelligence. Jeffrey Chester, executive director of the Center for Digital Democracy, an organization dedicated to digital rights advocacy stated these tools should be viewed by consumers with suspicion at least, since as with so many other popular technologies – they are all heavily influenced by the marketing and advertising industries.  

The Limits Of ChatGPT 


As the system was not enabled for browsing (which is a requirement for ChatGPT Plus), it generated responses based on the patterns and information it learned throughout its training, which included a range of internet texts while it was training until September 2021 when the training cut-off will be reached.  

Despite that, it is incapable of understanding the context in the same way as people do and does not know anything in the sense of "knowing" anything. ChatGPT is famous for its impressive and relevant responses a great deal of the time, but it is not infallible. The answers that it produces can be incorrect or unintelligible for several reasons. 

Its proficiency largely depends on the quality and clarity of the prompt given. 

1. Banking Credentials 


The Consumer Financial Protection Bureau (CFPB) published a report on June 6 about the limitations of chatbot technology as the complexity of questions increases. According to the report, implementing chatbot technology could result in financial institutions violating federal consumer protection laws, which is why the potential for violations of federal consumer protection laws is high. 

According to the Consumer Financial Protection Bureau (CFPB), the number of consumer complaints has increased due to a variety of issues that include resolving disputes, obtaining accurate information, receiving good customer service, seeking assistance from human representatives, and maintaining personal information security. In light of this fact, the CFPB advises financial institutions to refrain from solely using chatbots as part of their overall business model.  

2. Personal Identifiable Information (PII). 


Whenever users share sensitive personal information that can be used to identify users personally, they need to be careful to protect their privacy and minimise the risk that it will be misused. The user's full name, home address, social security number, credit card number, and any other information that can identify them as an individual is included in this category. The importance of protecting these sensitive details is paramount to ensuring their privacy and preventing potential harm from unauthorised use. 

3. Confidential information about the user's workplace


Users should exercise caution and refrain from sharing private company information when interacting with AI chatbots. It is crucial to understand the potential risks associated with divulging sensitive data to these virtual assistants. 

Major tech companies like Apple, Samsung, JPMorgan, and Google have even implemented stringent policies to prohibit the use of AI chatbots by their employees, recognizing the importance of protecting confidential information. 

A recent Bloomberg article shed light on an unfortunate incident involving a Samsung employee who inadvertently uploaded confidential code to a generative AI platform while utilizing ChatGPT for coding tasks. This breach resulted in the unauthorized disclosure of private information about Samsung, which subsequently led to the company imposing a complete ban on the use of AI chatbots. 

Such incidents highlight the need for heightened vigilance and adherence to security measures when leveraging AI chatbots. 

4. Passwords and security codes 


In the event that a chatbot asks you for passwords, PINs, security codes, or any other confidential access credentials, do not give them these things. It is prudent to prioritise your safety and refrain from sharing sensitive information with AI chatbots, even though these chatbots are designed with privacy in mind. 

For your accounts to remain secure and for your personal information to be protected from the potential of unauthorised access or misuse, it is paramount that you secure your passwords and access credentials.

In an age marked by the progress of AI chatbot technology, the utmost importance lies in the careful protection of personal and sensitive information. This report underscores the imperative necessity for engaging with AI-driven virtual assistants in a responsible and cautious manner, with the primary objective being the preservation of privacy and the integrity of data. It is advisable to remain well-informed and to exercise prudence when interacting with these potent technological tools.

Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

 


As passkeys continue to be more widely used as authenticators for a variety of sign-in purposes, the path towards a passwordless future is being driven forward. There are reports that this authentication method will be part of Microsoft's Windows 11 operating system, which may apply to user accounts on Nintendo's game consoles, Twitter accounts, and the device switching feature of messaging giant WhatsApp, as well as other websites and applications. 

Passkeys are a form of password-less authentication which harnesses the power of fingerprint, face scan, and other biometric techniques to create a stronger foundation for logins while keeping their security. A passkey is now available for consumers to register with the company and use on multiple devices to sign in from anywhere. 

According to the company, all users who have compatible devices can use the biometric login to access their smart devices, especially those who use biometric logins to access their devices. It is possible to use Passkey on iOS and Android operating systems, and all users need to do is meet the minimum requirements in terms of software to accomplish that task.

Adding a passkey to a user's Nintendo account can be done by visiting accounts.nintendo.com from the device that they plan to use the passkey on. Upon logging into their Nintendo Account, go to the Sign-in and Security settings section > Passwords > Edit, and then follow the instructions. 

After that, select Register a new passkey and follow the steps to complete the setup process on the user's device by selecting the Register a new passkey option. For now, Nintendo does not support passkeys on devices with iOS 16 or later, iPadOS 16 or later, macOS 13 or later, and Android 9 or later, as well as devices that are running iOS 16 or later. It will also allow users to register up to 10 different passkeys for their Nintendo account, and it will also assist with logging in. 

The Nintendo support page can give them more information on how to use passkeys and other issues related to passkeys. Passkeys have become a more secure alternative to passwords among an increasing number of online services that support them as a safer substitute. As far as passkeys are concerned, TikTok has joined the likes of Apple, PayPal, and 1Password in fully supporting the technology this year. 

In addition to Google Chrome, Cloud, and Workspace accounts, users can now also sign in directly to their GitHub account. GitHub just announced a passwordless method of logging in today. Passkeys are a tangible example of Nintendo's commitment to the future of authentication using digital means. Such advancements must be made in the gaming, technology, and digital security industries as the lines between them continue to blur. 

The time has come for all the developers and product managers out there to gear up and dive into the world of passkeys to learn more about them. In the future, it is going to be seamless and secure, and it seems like it can't get any better than that. 

Nintendo's Passkey now supports online account logins. A NintendoSoup team member discovered that the company has also been working on integrating Passkeys with Nintendo Accounts as part of a recent security enhancement. With this technology used as an additional layer of authentication, the company may be able to enhance the security of its accounts.  

If the user registers a passkey with their Nintendo Account, there is an additional layer of security that can protect the account from unauthorized access. To sign in to their account, users have the option of using their passkey instead of their email address or the sign-in ID and password they normally use to sign in. 

In Nintendo's opinion, users' passkeys are stored in advance on their smartphones or other devices, so they can access that device when they are signing in, and it can be retrieved by logging onto the device.  Using passkeys to switch devices in the WhatsApp beta It was announced recently that WhatsApp has enabled the use of passkeys in its beta channel to facilitate sign-in for its popular messaging app as part of its ongoing efforts to strengthen security. 

When switching devices, or when setting up the app on a new phone, users can sign in using their face or fingerprint biometrics, or with their screen lock password or pattern while setting up the app on a new phone, according to Android Police.

A new feature has been in the works on the app owned by Meta since August, and today the app outlined that the feature will be available in the next few weeks to more users. There has been a recent addition by WhatsApp to its application that allows you to lock private chats using biometrics. 

There is now the option for users to register their Passkeys to their Nintendo Accounts via supported mobile devices, as long as they meet the following requirements:   iPhone with iOS 16 or newer iPad with iPad 16 or newer Mac computer with macOS 13 or newer Android devices with Android OS 9 or newer

Beware: Government's Alert on Smishing Scam Threat

The Indian government has now urgently warned its citizens about the threat posed by smishing scams. Smishing, a combination of the words 'SMS' and 'phishing,' is the practice of hackers sending false text messages to people in an effort to get their sensitive personal information. This official warning serves as a reminder that residents need to be more vigilant and knowledgeable.

The warning highlights that cybercriminals are exploiting SMS communication to carry out their malicious intentions. These messages often impersonate legitimate entities, such as banks, government agencies, or popular online services, luring recipients into clicking on malicious links or sharing confidential information. The consequences of falling victim to smishing can be dire, ranging from financial loss to identity theft.

To shield themselves against this growing menace, citizens are urged to follow certain precautions:

1. Verify the Source: Always double-check the sender's details and the message's authenticity. Contact the organization directly using official contact information to confirm the legitimacy of the message.

2. Don't Click Hastily: Refrain from clicking on links embedded in SMS messages, especially if they ask for personal information or prompt immediate action. These links often lead to fraudulent websites designed to steal data.

3. Guard Personal Information: Never share sensitive information like passwords, PINs, Aadhar numbers, or banking details via SMS, especially in response to unsolicited messages.

4. Implement Security Measures: Install reliable security software on your mobile devices that can detect and block malicious texts. Regularly update the software for enhanced protection.

5. Educate Yourself: Stay informed about the latest smishing techniques and scams. Awareness is a strong defense against falling victim to such tricks.

6. Report Suspicious Activity: If you receive a suspicious SMS, report it to your mobile service provider and the local authorities. Reporting aids in tracking and preventing such scams.

The government's warning serves as a reminder that while technology enriches our lives, it's vital to remain cautious. Cybercriminals are continuously devising new ways to exploit unsuspecting individuals, making it imperative for everyone to stay well-informed and adopt preventive measures.

Unveiling DogeRAT: The Malware Exploiting Counterfeit Netflix, Instagram, and YouTube

 


In a recent study, Indian analysts discovered a powerful malware known as DogeRAT. This malware infects several devices and targets a wide range of industries.

Social media apps spread this malicious software by pretending to be popular Android applications such as YouTube, Netflix, Instagram, and Opera Mini.  The operators of DogeRat are running a malicious campaign in which hackers try to steal information from victims, including banking details. They are also trying to control their devices to harm them. 

In this digital era, smartphones have become an integral part of our everyday lives. With the help of a few taps on the screen, it is possible to perform multiple tasks on the device. Even though smartphones are becoming more popular, many people are still unaware of the dangers lurking online. 

Furthermore, cybercriminals are continually devising innovative tactics to deceive even the smartest and most tech-savvy individuals when it comes to cybercrime. A number of these criminals have created dangerous counterfeit apps that mimic popular brands' logos, typefaces, and interfaces, creating worrisome counterfeit versions of popular apps. 

False applications, such as these, are loaded with malware designed to steal sensitive information about users. It has been reported that DogeRAT malware has been disguised to appear as legitimate mobile applications, such as a game, productivity tools, or entertainment apps, including Netflix, YouTube, and so on. It is disseminated through social networking sites and messaging apps, such as Telegram, where it is distributed. 

It is a new Android virus that infects Android smartphones and tablets using open-source software to spy on businesses and steal sensitive data such as financial information and personal information. 

When malware is installed on a victim's device, it has the potential to steal sensitive information, including contacts, messages, and other personal information. Even when a device has been infected, hackers can even gain remote access to the device, which can then be used to conduct malicious activities, such as spam messages, payments that are not authorized, modifying files, viewing call records, and even taking photos using the infected device's rear and front cameras. 

In addition to the modified Remote Access Trojans (RATs), they are now repurposing malicious apps and distributing them to spread their scams. It is not only cost-effective and simple to set up these campaigns, but they also result in significant profits because they only take a bit of time to execute. 

A guide to protecting against malware threats

In the past few months, malware attacks have been noticeable, even though they are not novel. To protect your device from malware, being aware of and precautionary against the latest threats is essential. 

Depending on the device you use, you need to consider some points to protect your device's data and your personal information from malware attacks, such as:

There are warnings about links and attachments that could contain malware or lead to malicious websites, so be careful about which links and attachments you open. 

The most effective defense against malware is to keep your software updated. Update your operating system and applications regularly to ensure security vulnerabilities are protected. 

Make sure your security solutions are reliable. Buy antivirus tools to protect your computer from malware and other threats. 

Do not click on links or open attachments in emails that seem too unbelievable to be true or suspicious: Be aware of suspicious messages and offers, and take precautions to avoid clicking on them. 

You need to become familiar with malware to protect yourself against cyberattacks, so you need to learn about some common attack techniques.   

Taking proactive measures and exercising caution are the most effective ways for individuals to combat this threat effectively, so using precaution is imperative. It is necessary to source applications exclusively from trusted and verified platforms and conduct in-depth authentication of developers and maintain vigilance regarding suspicious links, emails, and messages to ensure such elements are avoided.

To ensure overall security, it is essential to keep up to date with device updates, operating system upgrades, and antivirus software updates as often as possible. 

Moreover, it is strongly recommended that cyber-security practices are implemented, including utilizing strong passwords and enabling two-factor authentication as well as implementing strong and unique passwords. 

Users can significantly reduce their susceptibility to malware such as 'DogeRAT' by staying informed about emerging cybersecurity threats. This is done by consistently applying these precautionary measures to protect themselves from cyber threats.

Cyberattack That Stole Personal Data of 16,000 Law Society Members, What Was Lacking?

 


Law Society Members' personal information was leaked through the Law Society of Singapore's VPN. Ransomware headlines are making the rounds, however, the reality is even grimmer. There is a high probability that victims of domestic violence will never see their names in the media, since most of them are willing to pay to resolve the problem. It is becoming increasingly dangerous as threats multiply, sophistication increases, and hackers demand more ransoms. 

As a result of a vulnerability in the Law Society's virtual private network (VPN) system, in March ransomware was launched against more than 16,000 members who were affected by the attack, according to the Personal Data Protection Commission (PDPC). 

According to the PDPC's decision, which was published on Thursday (May 11), the society used an easily guessed password for its administrator account, making it an easy target for cybercriminals.  

In addition to using an easy-to-guess password, the Singaporean Personal Data Protection Commission (PDPC) investigation concluded that the Society failed to conduct periodic security reviews. An internal audit must be completed within 60 days after the event to ensure no security gaps have been discovered by the organization. 

The ransomware attack that compromised 16,009 Law Society members has prompted a court order for the society to plug security gaps. There has been a fine of $8,000 levied against the FortyTwo furniture store for a data breach involving customer information.

In a report published this Thursday, the Personal Data Protection Commission (PDPC) mentioned these topics as some of the findings of the investigation. 

LawSoc's administrative account, which was compromised as a result of the attack, had "Welcome2020lawsoc" as the password, which had been used over the years. 

According to PDPC, the society's password for the account had not been changed at "reasonable intervals".

The PDPC's Deputy Commissioner Zee Kin Yeong concluded that many members' personal information was leaked, including their full names, residential addresses, and dates of birth. According to Channel News Asia, the (Law Society) took prompt remedial action in response to the incident since there were no signs that any personal data of its members was exfiltrated or misused. 

In its latest warning, the Cyber Security Agency of Singapore (CSA) warned that ransomware has evolved into a “massive and systemic threat” in the first half of this year. During 2020, 16,117 cybersecurity cases were reported in Singapore and accounted for 43% of all crimes committed in the country. According to the available data, as many cases of ransomware attacks are not reported to the authorities, the number of ransomware attacks in the country is likely to be much higher. 

Singapore is facing a growing threat of ransomware, a threat that you need to strengthen your defenses against and develop a response plan for, as soon as possible. 

Despite a growing number of ransomware attacks, cybercriminals continue to multiply, attract new talent, innovate new malware, and operate with impunity. You need to ensure that your defenses and incident response plan are both at the very top of their game and are constantly evolving so as to mitigate the risks. Additionally, the right defensive plan for your organisation will be unique: it will take into account your critical needs, your existing and future defenses, your vulnerabilities, as well as your ethos as an organisation.

Passwords and 2FA Codes Stolen by the Android FluHorse Malware

 


The latest Android malware named 'FluHorse' has been discovered which targets Eastern Asian users with malicious apps that look like legitimate versions with over a million installs and are designed to steal personal data and spread malware. 

Check Point Research suggests that these malicious apps collect sensitive information from your device, including your credentials and the code for your Two-Factor Authentication (2FA) service. 

A person who falls for this trick is likely to give out sensitive personal details that could eventually be misused by criminals like passwords and banking details. 

Several researchers have given the malware the name "FluHorse", reporting that it has been active for a year and its operators still run it. To spread malware, they sent phishing emails to "high-profile" targets informing them that there was a problem with payment and that they would need to download an app to solve the issue.  

One of the most dangerous features of FluHorse is its ability to steal passwords and two-factor authentication codes from malware-infected devices. Additionally, according to Check Point's report on this campaign, most of the app impersonations have over one million installs. 

The emails are used to distribute apps across the globe which include a Taiwanese app that collects tolls to help with traffic, VPBank Neo, a Vietnamese banking app, and an unnamed app that deals with transportation. 

A legal version of each of the first two apps has been downloaded over one million times. In addition, the official version of the third app has been downloaded over one million times. In their study, the researchers found that the operators did not try to duplicate the legitimate apps exactly. Instead, they copied a few windows and mimicked the GUI of the legitimate apps. It is common for a malicious app to display a "system is busy" message to the victim as soon as they enter their account credentials and credit card details to buy time until the attackers can steal the data.  

During the initial stages of phishing emails, high-profile entities such as government officials and other entities concerned with public safety were targeted in some cases.

It was also reported by Check Point that there was malware including an app used by 100,000 people cloned as a transportation app, but the name of the app was not revealed in the report. 

In the case that two-factor authentication codes need to be intercepted and repurposed later for hijacking the accounts, all three fake apps request SMS access during installation. 

To begin an attack using FluHorse, malicious email messages are sent to high-profile targets, urging them to resolve a payment issue as fast as possible.  

In addition, the report stated that, upon installation, each of the three fake apps asked users to provide SMS access to intercept incoming 2FA codes. This is if such hacking was required. 

A fake app mimics an original one, but it lacks any function other than loading a couple of windows and capturing the information from the victim's personal information through forms to be filled out.

The app will display the "system is busy" message for 10 minutes once it has captured the victim's account credentials and credit card details to simulate a real-life situation, while operators act in the background to intercept and use two-factor authentication codes.

In addition to its ability to remain undetected for long periods, one of the most concerning aspects of FluHorse is its ability to be a persistent and dangerous threat. FluHorse attacks begin with targeted and malicious emails sent to high-profile individuals to convince them to resolve a payment issue immediately, as a result of an alleged payment issue. 

Google is Phasing Out Passwords and Adopting Passkeys: Here's What You Should Know

 

Users will soon be able to log in to their Google accounts without ever having to remember a single password again, according to the firm.

Instead, Google is betting big on passkeys, which are cryptographic keys kept on your device with zero information - you don't even know what they are. They enable you to access specific accounts without using a password; all you have to do is authenticate using your device's PIN or saved biometric data, such as your fingerprint or face. 

Only a few large services, including BestBuy, PayPal, and eBay, already enable their clients to login to their accounts using passkeys, and Google is about to join them. Passkeys are part of the FIDO alliance, which establishes technological and social standards for them. All of the main tech companies are members of the alliance, including Apple, Amazon, Google, and Meta.

They are said to be safer because they are resistant to phishing and more convenient because the user does not have to remember anything. Traditional 2FA methods are likewise obsolete. The biometric information you use to authenticate is also not shared with Google or any other third party. 

Once you've added a passkey, you'll be prompted to use it to access your Google account, as well as to confirm your identity if any unusual activity is discovered. They are compatible with iOS 16 and Android 9 devices and can be shared with other devices such as by using Apple's iCloud, or a compatible password manager such as 1password or Dashlane.

There is also the option to utilize a passkey from a device other than your own, allowing you to log in using a one-time passkey that will not transfer to your own device. Google advises against creating passkeys on shared devices since any other user can access your Google account. 

Passkeys can also be canceled if users think that someone else is using them to access their accounts or if they misplace the device on which they are kept. Passkeys can also be used instead of physical security keys for members of Google's Advanced Protection Program. 

Google account holders can continue to use their passwords if they like, and it will likely be some time before Google switches entirely to passkeys, as mainstream adoption is still a long way off. 

“We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys,” said Andrew Shikiar, executive director of FIDO Alliance. 

He added, “I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.”

Data Breaches: What Do They Mean?

Data protection is a critical component of any business, whether it's a bank, password manager, merchant, telecom provider, or another corporation. A top engineer’s personal computer has been compromised by hackers, the latest blow to LastPass, which recently fell, victim. There are no exceptions, even for the US Marshals Service. There is a large range of severity and effect associated with breaches, although not all are alike. 

There is no need to feel alone if you are concerned about cybersecurity after reading about the recent data breach at multiple organizations in the past few weeks.  

How is a Data Breach Defined? 

When there is a data breach, sensitive or confidential information may be exposed. Data breaches can happen in various ways, such as losing your Social Security number, bank account number, credit card number, email address, password, financial information, or other personal information. 

A data breach may occur as a result of a deliberate act or as a result of an accident. Cybercriminals can use your personal information shared with a company to hack into their database. You may also accidentally have your information exposed online by an employee of that company. No matter how you look at it, criminals may be able to take advantage of or profit from your personal information.

The fact remains that cybercriminals continue to come up with new and creative ways to steal data from businesses. In addition to accumulating and keeping information, cybercriminals may exploit it to profit. 

An armored vehicle loaded with valuables is being accelerated by a criminal gang. The haul they have made so far seems to have been quite lucrative. Nevertheless, in practice, they do not know who owns each safe, what is inside, what the combinations are, or how the lock fits together. 

That is exactly what happens when data thieves steal password managers, and password vaults, ultimately stealing encrypted data from them. Such a vault can only be opened by the owner, and the entire decryption process should take place locally on the owner's device if it is implemented properly. 

The risk that your credit card number may be included in stolen data is not as severe as you think, but it could still happen. There is a longstanding Payment Card Industry Data Security Standard (PCI-DSS) protocol defined in excruciating detail regarding credit card transactions, which contains written regulations that businesses must follow to secure credit cards. If your credit card is being used fraudulently (at least in the United States), you will not be liable for any charges made to your account. You should know that in most cases, the customer's credit card details are stored by a third-party provider, not by the merchant with whom you made the purchase. 

Whenever you shop online or browse websites, ensure your account details are protected. Many services keep your data secure. They encrypt it all and use No Knowledge techniques to verify your login password without knowing it or storing it anywhere. If your password is stored on an insecure website and is stolen during a hack, you have close control of that website's login information. Hackers can place orders on websites, transfer money, create emails in your name, and make bank transfers. This depends on the type of site they hack. They can even change your password to prevent access. 

Taking measures right away is imperative if you or someone you know has been affected by a data breach. 

  • Investigate what type of information was stolen and how it was stolen. If an organization in the U.S. identifies a customer information breach, it must notify customers. It is recommended that you identify which accounts might be compromised if you receive this type of notification. In addition, it is recommended that you accept any help the company offers you. This offer may include a free credit monitoring service.
  • Contact your financial institution. You must discuss the next steps you want to take with your credit card issuer or bank. This includes the possibility of changing your account numbers. Additionally, you can arrange for fraud alerts to be set up, and you can dispute or cancel fraudulent charges with your bank. 
  • Ensure that your passwords for every account are strong and changed regularly. You may have a compromised account even if your account is not the one that was breached (if you have used the same password throughout the years), When you use password managers, you can save strong passwords, manage them in a safe place, and access them whenever you need them.     
  • Check your free credit report to see how your credit score has changed. The AnnualCreditReports.com website can be used to request your free credit reports every year from each of the three credit reporting agencies. In this way, you will be able to spot errors and fraud, such as opening accounts without your authorization and detecting financial fraud.    
  • You might also want to consider freezing your credit records to ensure no one opens an account under your name. If you need to open a new account in the future, you'll need to lift the freezing procedure so that new accounts can be opened.      
  • Take a look at any activity that seems suspicious. You should monitor your accounts to see if anything suspicious is occurring. If you notice on your credit report that there are charges or withdrawals you did not make, or newly opened accounts that you did not open, you should dispute them. 
Your personal information is inevitably distributed around the web if you do not cut off all connections to the digital world. You might be surprised at how many of the sites that hold your sensitive information fail to protect it adequately. 

This often leads to the data being breached. Even though you cannot prevent this from occurring, you can minimize your exposure by following our suggestions. In addition, you can maximize your chances of recovery by being attentive to any breaches and responding accordingly as soon as they occur.

iCloud Keychain Data and Passwords are at Risk From MacStealer Malware

 


Uptycs, a cybersecurity company that discovered the information-stealing malware while searching for threats on the dark web, is warning that Mac computers have been the latest targets of updated info-stealing malware. 

The iCloud Keychain can easily access cryptocurrency wallets with the help of MacStealer. This is an innovative malware that steals your credentials from your web browsers, cryptocurrency wallets, and potentially sensitive files stored in your iCloud Keychain. 

The MacStealer malware is distributed as malware-as-a-service (MaaS), whereby the developer sells pre-built builds for $100, allowing customers to run their marketing campaigns and spread the malware to their victims. 

On the dark web, cybercriminals use Mac computers as a breeding ground to launch malware and conduct illegal activities. This makes the dark web a prime place to conduct illegal activities and launch malware. 

Upon discovering the newly discovered macOS malware, the Uptycs threat research team reported that it could run on multiple versions of Mac OS. This included the current Mac OS, Catalina (10.15), and the latest and greatest Apple OS, Ventura (13.2). 

Sellers claim that the malware is still in beta testing and that there are no panels or builders available. In China, Big Sur, Monterey, and Ventura provides rebuilt DMG payloads that infect macOS with malware. 

To charge a low $100 price for a piece of malware without a builder and panel, the threat actor uses this fact. Despite this, he will release more advanced features as soon as possible. 

A new threat named MacStealer is using Telegram as a command and control (C2) platform to exfiltrate data, with the latest example being called PharmBot. There is a problem that affects primarily computers running MacOS Catalina and later with CPUs built on the M1 or M2 architecture. 

According to Uptycs' Shilpesh Trivedi and Pratik Jeware in their latest report on the MacStealer exploit, the tool steals files and cookies from the victim's browser and login information. 

In its first advertising on online hacking forums at the beginning of the month, this project was advertised for $100, but it is still far from being finished. There is an idea among the malware authors of adding features to allow them to access notes in Apple's Notes app and Safari web browser. 

Functioning of Malware

MacStealer is distributed by the threat actors using an unsigned DMG file which is disguised as being something that can be executed on Mac OS if it is tricked into going into the system.

As a result, the victim is presented with a fake password prompt to run the command, which is made to look real. The compromised machine becomes vulnerable to malware that collects passwords from it. 

Once it has collected all the data described in the previous section, the malware then begins to spread. As soon as the stolen data is collected, it is stored in a ZIP file. It is then sent to a remote server for processing and analysis. Later on, the threat actor will be in a position to collect this information as well.

Additionally, MacStealer is also able to send some basic information to a pre-configured Telegram channel, which allows the operator to be notified immediately when updates to the stolen data have been made, which will enable him to download the ZIP file immediately as well.

What can You do to Protect Your Mac?

You can do a few things right now to ensure that you have the latest software update installed on your Mac computer, beginning with opening the Settings app and checking that it is the latest version. 

The first thing you should do is install it as soon as possible if it has not been installed already. You should make sure that all of your Apple devices are up-to-date before you begin using them since Apple is constantly improving its security. 

Your devices will be protected from malware if you use antivirus software, which protects you from potentially malicious links on the internet. By clicking the magnifying glass icon at the top of my webpage, you can find my expert review of the highest-rated antivirus protection for your Windows, Mac, Android, and iOS devices, which includes reviews of which ranked antivirus protection for Windows, Mac, Android, and iOS devices.  

Different forms of malware, such as email attachments, bogus software downloads, and other techniques of social engineering, are utilized to spread stealer malware. 

Keeping up-to-date the operating system and security software of the computer is one of the best ways to mitigate such threats. In addition, they should not download files from unknown sources or click on links they find on the internet. 

"It becomes more important for data stored on Macs to be protected from attackers as Macs become more popular among leadership teams as well as development and design teams within organizations", SentinelOne researcher Phil Stokes said in a statement last week.

What Can Consumers Do to Protect Their Data?

 


There is a growing concern in Australia that the threat of cybercrime is not just increasing but exploding like crazy at a rapid rate. Recent data from the Australian Competition and Consumer Commission (ACCC) shows that from January to September of this year, Australians lost more than $47 million per month, as reported by ABC television. 

Compared to the same period a year ago, the losses were 90 percent higher than they had been. The actual losses that cyber criminals perpetrate are likely to be quite large since only 13 percent of victims report losing their money to cyber crimes. 

Cybercrime rates surged before the multiple high-profile data breaches that were reported by large corporations in recent months, which occurred before the recent spike in cybercrime. Cybercriminals exploited the lapses in security to steal the details of most Australians and this provided them with the opportunity to commit fraud or to steal their identity. Several reports have already leaked to the media regarding losses caused by those breaches as a consequence of the security breaches. For the nation, this will be a costly time as far as its infrastructure is concerned. 

Identity Theft Prevention: What Can Individuals Do? 

Almost no one in modern society can avoid using the Internet to store data online. There are many services provided over the Internet, and even if you do not enter the data directly yourself, banks, insurers, government agencies, and companies with whom you interact daily will store the data of your accounts, including your financial information, in cloud services, even if you do not directly input the information. A breach could pose a threat to your data without you knowing anything about it or doing anything to expose it to risk. 

Whenever a data breach occurs, the business is legally obligated to inform its customers, so when your data has been compromised, you will know about it (unfortunately, the word "when" does not mean "if"). However, there is an additional proactive measure that you can take if you want to protect your own identity from theft. 

The sooner you act on a data breach, the less damage it will cause to your business. There are a variety of things that you can do to make sure that a breach does not compromise your data if it occurs. However, you may not be able to prevent it. 

1) Be on the lookout for suspicious activity: The common problem when it comes to a breach of a person’s data is that they are not able to take action on it right away. This is because it is not enough. This information will be needed for them to complete their investigation, so they will seek ways to find it. It is a wise idea to be wary if you receive phone calls or emails from sources that you do not know. In addition, you need to be careful if you receive messages that ask you to confirm account details or if your password has been changed. It is clear that if a cybercriminal is looking for more data about you and seeking to obtain it, then they may have some available. 

2) Ensure that you carefully review your account and credit card statements: In the event of any unusual purchases or purchases where you think you may have simply forgotten about the purchase, it would be a wise idea to flag them immediately, regardless of how small they are. 

3) If there has been any change in details: You should always check the date and who authorized any changes to any correspondence you have received from the company or service if you notice some details have changed. 

4) Consult an Identity Restoration Specialist to see if you need help: To gain a better understanding of the most effective approach in practice, as well as how to move forward, consulting with a specialist can be helpful.

In addition, you can take some steps to completely resecure your data right away. If cybercriminals do manage to compromise the system that you're on, then you can be sure that the rest of the information that they need is much more difficult to get, and as a result, it will be more difficult for them to commit identity fraud against you. 

1) Ensure all your passwords are changed and enable two-factor authentication (2FA): It is recommended that you get a dedicated token device or a second phone that you can utilize solely for that purpose. This is in addition to a dedicated token device, to use with 2FA. A strategy called “hijacking phones” has become part of cyber criminal strategies to circumvent your 2-factor authentication measures by convincing your phone company to transfer your number to their device. Once they have done this, any of these methods can be used to circumvent your 2FA measures. There is an easy way to find the telephone number of most people online. The amount of protection against phishing attempts can be increased by having a secure number that does not have any public information about it for 2FA. 

2) Make sure that personal information available on social media is removed as far as possible: A birthday message on your Facebook wall or a tweet on your Twitter feed might be something you look forward to. It is, however, one of the most common pieces of information used to verify your identity, which is your date of birth. There are several reasons why this is so significant since access to your accounts is dependent on it. 

3) You may want to consider freezing your credit rating as a precaution: If you notice any suspicious activity on your credit report, the credit ratings on your credit report should be frozen.  
 
Despite strategies and technologies designed to prevent security breaches, companies cannot be guaranteed to remain secure at all times. In fact, it is much more likely that they have already been compromised without even realizing it in the first place. A company can begin protecting and monitoring sensitive information once the inevitability of a breach is accepted. They begin accepting the necessity of minimizing the risk that could be associated with it.

Cybercriminals Target Citizen Journalists; Here's How to Mitigate

 


The rise of digital connectivity has made it possible for citizens, governments, and businesses to communicate more easily and efficiently. however, for reasons alike cybercrime is becoming a growing problem in the modern world, with hackers targeting individuals and organizations.

Recently, a journalist at the Citizen was targeted by cybercriminals due to information he had published on the internet. In order to change the employee's banking details with the human resources department, they sent a fake letter by email to have the information changed.

When Gertrude Makafola experienced this incident, it prompted her to tweet about it. She stated that a scammer had emailed HR pretending to be her and asking to change her banking details. Upon analyzing the letter, he pointed out, "This looks like my @CapitecBankSA confirmation letter, however, it isn't. Fortunately, the HR manager doesn’t allow this through email or phone, you have to come in person @mtyala @BelindaaaPheto @Mizzyb1".

Citizens who are considered vulnerable should be aware that cybercriminals are lurking around waiting to take full advantage of unprotected networks as they use a variety of attack methods.

According to Mohammed Amin, Senior Vice President, Middle East, Turkey, and Africa for Dell Technologies, during October, Cybersecurity Awareness Month, the company is showing no signs of slowing down the rise of cybercrime, posing risks to everyone across all aspects of society. 

During the year 2021, ransomware attacks increased by 150% from the previous year. More than 80% of experts say that this growth is now posing serious risks to public safety. "In today's world, cybercrime is a major threat, and these statistics indicate the severity and prevalence of this crime."

Cybercrime can affect anyone at any time, no matter who they are


It was earlier this year when a cybersecurity company raised concerns about cybercrime and the recent efforts of the hacking group SpiderLog$. This group pointed out that many of the security systems used in South African government departments were susceptible to serious cyberattacks.

The SpiderLog$ program has managed to obtain private information on President Cyril Ramaphosa from public sources. In addition to this, he also provided details about the loan he took out from a South African bank in the 2000s. In addition, he also provided details concerning his home address, ID number, and cellphone number.

According to Pankaj Bhula, Regional Director for Africa at Check Point Software, "this recent activity showed that no one - not even South Africa's President - is immune to cybercrime and that no one can protect themselves from the threat of such criminal activities."

As a result of this report, SpiderLog$ has shown that South Africa is worryingly vulnerable to cyberattacks, with the group even saying that the country is like a playground for hackers. "Therefore, this should serve as a stark reminder for all organizations to enhance cybersecurity security within their organization."


In the face of cyber threats, what can we do to protect ourselves?


Using Amin's words, the key objective should be to develop a cyber resilience strategy that is capable of anticipating and responding to significant disruptions in data systems across the world.

A more serious test of the organization’s readiness to return to "business as usual" should be how quickly and seamlessly they can do so. There are several components to such resilience including creating and implementing thorough cybersecurity training exercises amongst the workforce as one of the critical components.”

Amin said that this not only provides employees with training and knowledge about security risks and lures, but also heightens awareness and reinforces the importance of teamwork, skills, and collaboration across the organization as a whole.

He added that in the face of rapid advances in cybercrime, the use of cybersecurity and the methods employed by cybercriminals need to be at the top of the minds of the public and business sectors.

"In the age of cyberattacks, cyber security has become more than just an insurance policy against them. A resilient cyber market, if implemented effectively, can help bolster long-term economic prosperity and innovation, as well as provide us with the digital defenses we need to protect ourselves from cyberattacks in the modern era."

The following tips will help you minimize the chances of becoming a victim of cybercrime:

  1. Keep in mind that you should never store any personal information, including banking information, on your smart device.
  2. PINs or OTPs (one-time pins) are never requested by your bank, and will never be asked by your bank.
  3. In no case will your bank ask you to process a payment to reverse a transaction that you have already completed.
  4. Before you approve any transaction, make sure you carefully check the OTPs or app approval notifications that have been sent to you. Please do not approve any payment for a transaction that you are unaware of and are not aware of in advance.
  5. The banking app you are using needs to be updated to the most recent version and your notifications need to be enabled as well.
  6. On your devices, you should enable the screen lock feature.
  7. Choosing the most reliable antivirus or security software for your business is one of the most significant decisions you can make. Your staff members should be informed not to open unsolicited emails without first making sure that the message is virus free before opening it.
  8. As often as possible, make sure all your business software is up-to-date and that your technology is updated.