The security experts from Georgia Institute of Technology (“Georgia Tech”) have discovered a new class of potential attacks affecting Android devices. The exploit, called Cloak and Dagger, affects all versions of Android systems, including the latest 7.1.2.

The way Cloak and Dagger works is pretty straightforward: a malicious app gets downloaded and installed to the Android device, with the necessary permissions being granted without requiring the user’s input.

The exploit takes advantage of two Android permissions – SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”). The first permission allows apps to overlap on a device’s screen, and the second lets disabled users enter inputs via voice commands.&l

We have already written about biometric security systems, commonly implemented, as an additional security measure in debit or credit cards. Similar biometrics-based authentication systems can be found in modern smartphones.
 
One of the most popular models – Samsung Galaxy S8 smartphone – was equipped not with one but three biometric security systems, including face recognition, a fingerprint scanner, and – advertised as “one of the safest ways to keep your phone locked” – an iris scanner. Unfortunately, this claim is now longer true.
 
German hackers from the Chaos Computer Club (CCC) have proven that Samsung’s iris scanner can be fooled by showing it a picture of the owner’s eye. 
However, i

It's a possibility because the “world's first operational Robocop” has already reported for duty in Dubai.

The robot, a customized REEM model was designed by the Spanish company PAL Robotics. Here you can see the robot in action. It is less than 170 cm tall, and its armor is made of high-strength plastic.

The main advantage of the robot is its ability to communicate in several languages, which is a big plus for providing information to foreign visitors. The machine is equipped with a touch screen that can be used to pay fines for traffic violations, or to report offenses and crimes directly to the local police station. It is also fitte

Do not be fooled by the tempting messages send via WhatsApp, offering one year of free membership access to Netflix.

WhatsApp users have been receiving scam messages from friendly sources, linking to a Netflix-like page. The person who clicks on the link will be redirected to the page that promises free access to Netflix on one condition – sending the link to 10 more people using the WhatsApp messenger.

If the condition is met, the victim is redirected to an external domain, unrelated to Netflix, that uses a trusted certificate to feign legitimacy. This page has the ability to automatically detect a device’s language and display its contents accordingly. It also allows the cybercriminals to mine the mobile devices for data, send SMS messag

The security experts from Google Project Zero have revealed a vulnerability associated with Wi-fi chipsets developed by Broadcom, currently being used in the Android, iPhone, Samsung, Acer, Motorola, LG, Sony Ericson and Asus devices.

The flaw can be exploited by hackers to gain control over the device. In order to do so the attackers need to be within the Wi-fi range of the affected device to silently take it over. The vulnerability allows to send Wi-fi frames, crafted with abnormal values, to the Wi-Fi controller in order to overflow the firmware’s stack.

High-skilled hackers can also deploy malicious code to take full control over the victim's device and install malicious apps, like banking Trojans and ransomware, without the victim's kno

Cybercriminals have attacked PKO BP bank clients. Fraudsters have been sending false e-mail messages entitled "Payment confirmation".

The messages do not contain any text, but only attached PDF file named "pko-trans-details-170507-121204.pdf".

As reported by the Niebezpiecznik portal, when the file is being opened, it tries to establish a connection with the cybercriminals' server. If a user opens a file using Adobe Acrobat Reader in Windows, the connection to the server is blocked.

However, should the user open the file with another program, he or she may download the malicious file which will infect the computer.

PKO BP bank assures that they analyze every signal and information recei

Once again Android OS uses were attacked by the unknown group of cybercriminals. The hackers have created a new banking malware, masquerading as a Flashlight LET Widget app. Dissimilar to other banking trojans with a static arrangement of targeted banking apps, this malware can progressively change its functionality.

The malicious app, detected by the security experts from ESET company, was defined as Trojan.Android/Charger.B.

Once the app is installed and launched, it requests device administrator rights. With the rights and permissions granted, the app hides and is available only as a Widget.

The malware registers the infected device to the hackers’ server. Based on commands from the server, the trojan can steal victims�

Microsoft is enabling a new Microsoft Account sign-in option as a handy addition to the company’s iOS and Android Microsoft Authenticator phone app. Instead of using Microsoft Authenticator for two-step authentication, the app user can sign into the account without a password.

The new feature is available for website sign-ins that require Microsoft Account, such as Outlook.com, Skype.com, and OneDrive.com.

How dose it work?
To enable the feature, the user must first install the Microsoft Authenticator app, then select his or her account from the dropdown button and lastly choose enable phone sign-in. From now one, during logging into a Microsoft Account, a new option “Use the Microsoft Authenticator app instead” will appear at t

On April 24, 2017, the Polish Ministry of Digital Affairs has activated a new e-service entitled "Check your penalty points", which allows every driver to verify their actual sum of penalty points earned for traffic offenses.
What is important, the new on-line service is available for FREE on the government portal https://obywatel.gov.pl.
Aside from the amount of the penalty points, each driver can also verify additional informations, such as the date/place of the traffic offense, and the type, brand and the registration number of vehicle involved.

In order to use the service safely, the drivers ought to set up a trusted eGO profile by filling up the on-line registration form, available at the https://pz.gov.pl

Read more

0 - Comment

The experts from threat intelligence firm Recorded Future have informed  about a new threat – the ransomware called Karmen, capable of encrypting files on the infected PC using the strong AES-256 encryption protocol. The files remain inaccessible until the victim decides to pays a large sum of money for the decryption key.

Unlike the most ransomware-type programs, Karmen is a particularly vicious. The virus is known to permanently delete its decryptor if a sandbox environment or antivirus software is detected on the victim's computer. In case like this, even if the victim pays the ransom, she or he will never regain access to the encrypted files.

This is yet another example of how important it is to make backup copy of our data, esp

Some time ago we wrote about a new ATMs biometric security system utilizing fingerprint scanner and about new high-tech form of theft targeting ATMs, called skimming.

Mastercard – a worldwide credit card provider – has decided to reveal their newest type of payment card, equipped with a new security feature – a small biometric area designed to verify the user's fingerprint. Instead of requiring its owner to enter a four-digit personal identification number (PIN), the user needs only to hold the finger over the sensor whilst making a purchase.

According to Mastercard the new technology was successfully tested in South Africa, and will most likely be fully implement throughout Europe and Asia later this year. Mastercard's chief of

Police officers from the Cybercrime Division detained eight people associated with the premium SMS fraud, which affected almost 160,000 of Polish citizens.

The fraudsters registered hundreds of websites and announced several contests offering attractive prizes, such as cash vouchers for all kinds of merchandise (clothing vouchers, top-up vouchers, etc.). In order to participate in the contest, the victim had to send a premium SMS message. The next step was to fill in the form and transfer 50 PLN to the indicated bank account, using on-line payment.

Needles to say that the victim never received any wins.

To make the whole scam took more convincing, the fraudsters employed people who were tasked with posting positive posts and

The experts from McAfee are warning of a new cyberattack that silently installs malware on the computers containing Microsoft Office  Word. The users of this software should be very careful when opening Word documents downloaded from third-party websites or attached to unknown e-mail messages.

Since the beginning of 2017 the unknown group of hackers have been exploiting a serious – and yet unpatched – zero-day vulnerability present in all modern versions of Microsoft Office Word software. The cyberattack begins by downloading a malicious HTA file disguised as a Microsoft's RTF. When opened, the malicious code gets executed, granting the cyberattackers almost complete control over the victim's computer.

The switch

Are you waiting for a parcel from the UPS Express courier company?

If so, be careful, because you may be the target of a cyberattack.

Experts from the Avlab have checked the authenticity of suspicious e-mail massages received lately by many network users. In comparison to the the original, the examen e-mails differed only by order number, while the IP address, content, pdf attachment, and website from which the "invoice" should be downloaded were identical.

To make it look even more credible, the messages contained the invoice number, along with the order amount.

Avlab has confirmed that the attached pdf file is not malicious, but the URL adders, redirecting to the external website, is. If the us