Hi everyone,
I hope all is well with you. Here are a few things that you need to be aware of today. As always, if you have any questions or need advice about anything security-related, let me know. Our cyber experts are at your disposal 24 hours a day seven days a week. Also, the world of ransomware has just got a little bit stranger, in that cybercriminals took over a French electrical company’s data and demanded that the ransom be paid in baguettes (or bread!). Read on for more. But, let’s start with cyber threats that you need to be aware of right now:
Cyber Threats
A new Android banking Trojan is doing the rounds right now. It is called ToxicPanda and if you are unlucky enough to get this onto your device the developers can pretty much gain access to all information, they can also get your banking passwords. Once your phone has been infected your bank account can be emptied very quickly. Please be extra careful about where you download your applications from and also what permissions you give. Even an innocent application, could be side-loaded down the road to turn it into banking malware. You can read the full article here, but in a nutshell, exercise extreme caution about the applications that you install.
Also, be aware, SteelFox and Rhadamanthys Malware are now using copyright scams to target victims. You can read the article here, but in a nutshell, cyber attackers will send you an email claiming that you have violated copyright law and they claim to be taking legal action against you. Luckily, you can avoid legal action by opening the file and following the instructions. The only problem is that this file is loaded with malware. If you receive an email, even if it looks very official claiming that you’ve breached copyright law don’t be so quick to engage. If the person asks you to open an attachment, it’s a scam. If you’re in doubt, send a message to me and I’ll take a look and I’ll let you know.
Update Android. Google has just released the November security updates, it’s fixes over 50 vulnerabilities on Android versions 12 to 15 including one critical floor that is being actively exploited. Google is doing a great job staying up-to-date with all of the security vulnerabilities that are being found. What you can do is make sure you’re always running the latest version. If you need any help on how to do this let me know.
Scam Watch
Here is an excellent article, to keep you abreast of a new eBay scam that is currently happening. Essentially, technical support scammers are targeting eBay customers via fake Google ads. Here is a great article on what to do when you receive a scam message on WhatsApp. Now, you could replace WhatsApp with any instant messaging application, including your device’s built-in SMS feature. Anyway, it’s a great article if you have a few minutes to spare.
Also, while we are talking about how to spot a fake or a scam message, here’s another article about how to spot a Smishing attack.
Is the TOR network secure? – Short answer – NO
I have written about the TOR network a few times in the past. If you have time here is an excellent article written by Kaspersky explaining the ins and outs of using the tour network for privacy. You cannot assume your communications are secure when you are using this network. There have been many examples, as recently as September, where police and government agencies have been able to identify people using the TOR network. If you have time it’s a very good read. Overall, and in my humble opinion, you can’t trust anything on the Internet. Someone is always listening. Use your common sense.
Wow!
Wow, I didn’t think domain names were still being traded for multi-million dollar deals. But here is it really interesting article on the verge about how chatGPT, or the company behind it openAI has paid well over $10 million just to get the chat.com domain name. In the past, you had to go to chatgpt.com to access the AI platform but now you just have to go to chat.com.
Data Breaches
Last week, cybercriminals claimed to have hacked into Nokia and claimed to have stolen their source code, as well as all of their certificates and their account information. I can confirm, that this actually did take place and that the information is currently for sale on the dark web. As you can read, in this article here, the stolen data has already been reserved for a buyer. The dark web exchange where these deals happen is very well organised. It won’t be long before the exploited data will be weaponised against users of Nokia systems.
The French multinational energy management company, Schneider Electric have been ransomware and the attackers are demanding that they pay $125,000 in baguettes or else its sensitive customer and operational information will be leaked. Yes, you heard that right, the hackers want to be paid in bread. They could easily ask for money, but they have thousands of other ransomware demands out there so this one is just for fun. It’ll be really interesting to see if the electric company do pay them in banquettes 🙂
Anyway, that’s it from me for today. At this point, I am only covering a fraction of the cyber threats, I’m only covering a fraction of the news stories that you need to be aware of. When I first started writing privacy tips, it was one tip per day. Now, I could write 100 tips per day and still not cover everything.
If you need anything specific, let me know. If there’s anything that you’re worried about, let me know. Most of the time you can navigate through the digital world security by making sure you have strong passwords, two-factor authentication et cetera. Make sure, you do the simple things right.
Sending you and yours all the best, Max.