Category - Privacy & Security News

A new Microsoft Office malware planted by Russian Fancy Bear hackers

A new cyber-attack has been spreading through Office documents without the macros. Fancy Bear, an advanced hacking group is behind this malware and security specialists believe the group has links with the Russian government.

The malware basically infects computers using Microsoft Office documents through the DDE (Dynamic Data Exchange) feature. Fancy Bear hackers send a Word document called “IsisAttackInNewYork.docx” as bait.

If the target opens the file, it connects to a control server, downloads the malware called Seduploader and installs it on the computer.

Read More

Concerning flaws in iOS 11 and news about Apple’s X facial data

If you have mixed feelings about Apple’s iOS 11, you’re not the only one and you’re completely entitled to. iOS 11 has kind of disappointed Apple fans.

First, it was the common complaining many users had about how iOS 11 has slowed down their phones and the functioning of apps in general.

Now, everyone talks about a new flaw: that of turning “off” the Wi-Fi and Bluetooth which doesn’t seem to be OFF after all. Apparently, switching your app from blue to grey does not mean that you disconnected the service.

Here’s what happens:

Your iPhone will disconnect from Wi-Fi networks, but will stay on for Apple services and other Apple devices (like Apple Watch and Pencil) stay connected. Not only this creates a security loophole, but Apple didn’t even communicate this important detail to users.

A similar thing happens when turning Bluetooth “off”: it will disconnect other Bluetooth devices connected to your phone but it does not actually turn off the Bluetooth service on the iPhone or iPad.

Since these two elements didn’t happen with older iOS versions, here is what you can do to fix the trouble:

Go to the “Settings” app and flip the switch to the OFF position to completely disable Wi-Fi and/or Bluetooth.

This is not much of an effort but it’s best that you know about it and take action so you don’t keep your phone exposed to any possible hacks.

How Apple developers can use facial data

Other news about Apple is related to the fact that the company allows developers who work on improving new Apple X features to access users’ facial data. This is done with their consent, but it still raises some privacy issues.

A flaw in Apple's #iOS 11 regarding Wi-Fi and how #iPhoneX wants to improve #facialdata Click to Tweet

The reason behind this decision is to just create a users’ complete map of facial expressions, such as analyzing how people smile, blink or raise an eyebrow. While the arguments seem fair, many have concerns regarding the way these data will be used. Security specialists believe that collected data may be used for advertising or marketing reasons, such as selling it to marketers, so they would know how people react to commercials.

This is just a heads-up alert and maybe you should think twice before saying “Yes” to a new feature or when a company asks your consent for something.

Implementation of ePrivacy Regulation – re-gain control over your personal data

A privacy law proposed by the European Commission is about to set a new model in terms of online privacy for people residing in Europe. The ePrivacy Regulation was initially drafted in 2002 and was revised in 2009. In the beginning of 2017, the EU updated the text and introduced new policies regarding users’ prior consent when it comes to websites and marketing companies processing and controlling their own personal data.

The updates will bring significant changes to the web surfing activity, if they are indeed approved. The legislation still needs to be approved by the member states during a vote that will be held in a Parliament plenary session in Strasbourg next week.

These new privacy proposals align with changes suggested by the GDPR (EU General Data Protection Regulation); the organization has as main aim to make sure EU citizens enjoy online privacy and are protected from data breaches. The difference between the two is that GDPR wants to enhance Article 8 of the European Charter of Human Rights referring to personal data protection, while the ePrivacy regulation is meant to complement Article 7 of the charter in respect to a person’s private life.

The fundamental changes of the ePrivacy rules refer to:

  1. Cookies law – give your consent for web tracking

Read More

Beware of the Bad Rabbit new wave of ransomware

Initially, Bad Rabbit was thought to be similar to the Petya and WannaCry outbreaks that have corrupted Windows computers. However, according to researchers from Kaspersky Lab, Bad Rabbit is actually linked to the ExPetr (notPetya attacks).

The malware has hit the systems in Ukraine, Turkey and Germany, but the largest number of victims affected by the attack are from Russia. Here, three important news agencies have been attacked; Interfax, one of them, has complained their servers were deeply affected, making the company distribute their activity solely on their Facebook account.

In Ukraine, Bad Rabbit has damaged the systems of the Kiev Metro, Odessa airport, and Ukrainian ministries of infrastructure and finance.

Additionally, U.S. security experts have mentioned that they have been receiving complaints regarding malware infections in other countries around the world as well.

This is what we know about Bad Rabbit so far:

How it infects your computer

Security firm Eset has discovered the malware is spread via a bogus Adobe Flash update.

Read More

How net neutrality issues in the U.S. can affect us all

Update, October 23rd, 2017:

According to latest news, by November 22nd, the chairman of the FCC will give an official response regarding net neutrality. In the case of a negative comeback which will put net neutrality to an end, that would mean internet service providers will charge U.S. citizens extra for accessing certain websites, apps or even streaming services.

If you want to put a stop to the vote that approves dissolving net neutrality, you can do that by giving as many calls to the U.S. Congress members through the official battle for the net website. Mention you are in favor of net neutrality and that you demand the FCC Chairman to quit his plan.

Article originally published on September 28th, 2017

The road to digital freedom is not straight. In fact, it is full of obstacles along with a new proposal set by the United States Federal Communications Commission (FCC). The new rule is meant to put an end to net neutrality and let ISPs (Internet Service Providers) decide which online content their subscribers should have access to. Mainly, it gives them the right to promote their own services online and block their rivals.

In other words, ISPs will determine what you can see and read on the internet based on how much internet customers pay for.  So much for free speech and equal opportunities, not to mention the beginning of a censorship era in the online world.

What security specialists fear is that big companies will afford a toll given to ISPs, but small companies won’t. In a way, this is already happening. A few years ago, a news service run by Verizon banned web content regarding mass surveillance as ideas revealed in those websites opposed their interests. However, FCC’s Republican chairman Ajit Pai wants to make it all legal, even though FCC is the same authority that promised to protect net neutrality in 2015.

Why should you care about an internet freedom rule passed in the USA?

If you don’t live in the U.S., you may think this doesn’t concern you. Well, surprise! This decision will affect you too.

Read More

A sad, censored internet world – a potential risk of the EU copyright law

Clearly, the internet world and online content are constantly changing.  Apparently, the European Commission believes it has become a far greater and wider world than anyone can bear so the organization found its way to make it just a little smaller. One specific article from the EU copyright law has become a cause for concern for many worldwide organizations and ministers.

This is what Article 13 says:

“Information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users shall, in cooperation with rightholders, take measures to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures such as the use of effective content recognition technologies shall be appropriate and proportionate. “

This change contradicts a former EU policy, passed in 2000, which states that websites should act as “mere conduit”, which means simply offering a platform for online users. The policy does not indicate the fact that website owners should be held responsible for material posted to their sites.

Where would the implementation of Article 13 lead to?

Limitations on freedom of speech and expression

Based on Article 13, internet service providers will have to implement upload filters for all online content such as music, movies, and any text such as news and information.  At a first glance, this largely affects big companies like YouTube or Wikipedia, but at large, it affects all online users simply because the freedom of expression is reduced. This also means the worldwide digital content will be drastically diminished.

Read More

WiFi breach makes devices vulnerable to hacks, but there is a solution

Much to everyone’s concern, there have been discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs), notes krackattacks.com.

The “Krack” attack works by exploiting the “handshake” that a WiFi network and a device give to each other when the latter wants to join. Usually, the two decide on an encryption key for all future traffic, meaning that each device will only be able to read data if it has that key.

“Note that if your device supports Wi-Fi, it is most likely affected,” wrote security researcher Mathy Vanhoef, whose work was noted by the US government.

Read More

© 2017 CyberGhost