Placeholder Content Image

“Turn your phone off”: The simple reason behind Albanese’s warning

<p>Prime Minister Anthony Albanese has issued a clear warning to the public, advising them to "turn their phones off" as a safety measure to avoid potential dangers.</p> <p>Albanese delivered this cautionary message last week while announcing the appointment of Australia's first national cybersecurity coordinator, Air Commander Darren Goldie of the Royal Australian Air Force.</p> <p>Goldie was quick to echo the Prime Minister's sentiments, emphasising the importance of mobilising both the private sector and consumers in the fight against cyber threats.</p> <p>"We all bear responsibility in this matter. Simple actions, such as turning off your phone every night for five minutes, can make a significant difference.</p> <p>"I encourage everyone watching to adopt this practice once every 24 hours, perhaps while engaging in daily routines like brushing your teeth," stated Albanese during the press conference.</p> <p>While rebooting your device on a daily basis may seem like a basic precaution, it can greatly enhance your protection against cybercriminals. Often, various applications and processes continue running in the background of your phone or computer, even when you're not actively using them.</p> <p>If unauthorised individuals gain access to these apps and processes, they can monitor your activities and collect your data, including financial information and identification documents, and even hijack your webcam or phone camera.</p> <p>By rebooting your phone, you force the closure of all background applications and processes, effectively evicting anyone attempting to track your virtual movements.</p> <p>Priyadarsi Nanda, a cybersecurity expert at the University of Technology Sydney, supported Albanese's advice, emphasising the importance of periodically turning off one's phone.</p> <p>"Considering how extensively we use smartphones in our daily lives, there have been cases where individuals haven't turned off their phones for an entire year," Dr. Nanda told <em>The Guardian</em>.</p> <p>"If there is a malicious process running, switching off the phone breaks the chain. While it may only provide protection while the phone is off, it undoubtedly frustrates potential hackers. Although not foolproof, rebooting can make it more challenging for hackers to compromise your device."</p> <p>It is crucial to note that this measure does not safeguard against all forms of cybercrime. If your password has been stolen or you are being repeatedly and strategically targeted, for example, a simple reboot is unlikely to deter the most persistent hackers.</p> <p><em>Image: Wikimedia / Australian Government</em></p>

Technology

Placeholder Content Image

"Deplorable": Medibank hacker announces ransom demands

<p>As more sensitive health data has been posted on the dark web, the Medibank hacker has shared their ransom demands for the information to be returned safely. </p> <p>Along with the unlawful release of the information, the hacker stated, "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."</p> <p>At current rates, US$9.7 million is worth $15.07 million.</p> <p>The alleged hacker, also posted: "Medibanks (sic) CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."</p> <p>Following the release of 200 users' personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.</p> <p>While the file is titled "abortions", it is understood that the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for "Supervision of high risk pregnancy, unspecified, first trimester", according to <a href="https://www.9news.com.au/national/medibank-hack-update-more-health-data-ransom-demand-posted/32e7d105-1b5f-4291-bbb4-32620cbe3456" target="_blank" rel="noopener">9News</a>. </p> <p>Medibank CEO David Koczkar has called the latest health data release as "deplorable", while assuring customers they are working to secure their information. </p> <p>He said, "The release of this stolen data on the dark web is disgraceful."</p> <p>"We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.</p> <p>"We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.</p> <p>"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.</p> <p>"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."</p> <p>With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.</p> <p>Those customers should be on high alert for scammers.</p> <p>Medibank has yet to reach out to the 500,000 customers whose health data is in jeopardy, to advise them whether more information has been lost to the scammers. </p> <p><em>Image credits: Getty Images </em></p>

Legal

Placeholder Content Image

Shocking twist to 12-year-old’s heroic fundraising effort

<p dir="ltr">A 12-year-old boy who raised over $400,000 (NZ 480,000) for those suffering in Ukraine has experienced a sudden shock - his social media accounts have been targeted by Russian hackers.</p> <p><span id="docs-internal-guid-3f4c4284-7fff-75e4-9f41-65f2826569a5"></span></p> <p dir="ltr">Gabriel Clark’s story started when his dad, TV and film director Richard Clark, posted to Twitter asking his followers to follow his son’s woodworking account on Instagram.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Lovely twitter people - I don't know how many of you are also <a href="https://twitter.com/hashtag/instagram?src=hash&amp;ref_src=twsrc%5Etfw">#instagram</a> users but I'm looking for a wee favour. I've a 12yr old who loves woodwork. He spends hours on his lathe making bowls and creating chopping boards which he's sells to save up for a mountain bike. 1/3 <a href="https://t.co/Ny60rFf1TE">pic.twitter.com/Ny60rFf1TE</a></p> <p>— Richard R Clark 🇺🇦 (@rclarkie) <a href="https://twitter.com/rclarkie/status/1507415791116857349?ref_src=twsrc%5Etfw">March 25, 2022</a></p></blockquote> <p dir="ltr">By the following day, Gabriel’s followers grew from just six to over 33,000 and he had received a whopping 20,000 orders for the bowls and chopping boards he makes using his lathe.</p> <p dir="ltr">“It was a lot to take in for a wee lad of 12yrs (sic),” his dad wrote in a Twitter thread recounting the situation.</p> <p dir="ltr">After calculating that it would take him 32 years to fulfil every order, Gabriel decided to make just one bowl, called ‘Gabriel’s Bowl for Ukraine’.</p> <p dir="ltr">“We set up a Just Giving page 10 days ago for Save the Children’s Ukraine Appeal, with Gabriel setting a target of £5,000,” Richard explained. “The fundraiser would stay live until Easter when one donor would be chosen at random to win his bowl.”</p> <p dir="ltr">Within 24 hours, donations exceeded £50,000 and by April 21, nearly 14,000 people had given a total of £251,661, with an entrant named Renuka Chapman winning the special prize.</p> <p dir="ltr"><span id="docs-internal-guid-38c7529e-7fff-cb3a-a323-dbcf793b8e71"></span></p> <p dir="ltr">But, Gabriel’s successes have been soured within just one week, with Mr Clark revealing that Russian hackers had taken down Gabriel’s Instagram account and they had lost all of his content.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Ok everyone. GABRIEL REALLY NEEDS YOUR HELP. Russian hackers have taken down his <a href="https://twitter.com/instagram?ref_src=twsrc%5Etfw">@instagram</a> account clarkie_woodwood. All posts and everything gone. We desperately need Instagram to contact us.<br />Please help &amp; RT! <a href="https://t.co/pWubH87cKQ">pic.twitter.com/pWubH87cKQ</a></p> <p>— Richard R Clark 🇺🇦 (@rclarkie) <a href="https://twitter.com/rclarkie/status/1519957679287975940?ref_src=twsrc%5Etfw">April 29, 2022</a></p></blockquote> <p dir="ltr">Appealing for online help once again, even Ben Wallace, the UK’s Defence Secretary, called on the country’s National Cyber Security Centre to lend a hand.</p> <p dir="ltr">“@NCSC (The National Cyber Security Centre’s Twitter account) let’s see what we can do to help. What a thing to do to Gabriel!” Mr Wallace wrote.</p> <p dir="ltr">As of publication, Mr Clark confirmed that his son’s account was “half back at least”, describing it as “one less stressful day.</p> <p dir="ltr"><span id="docs-internal-guid-e350c057-7fff-e19d-bd95-7018f8ecddd2"></span></p> <p dir="ltr"><em>Image: @rclarkie (Twitter)</em></p>

Caring

Placeholder Content Image

Woman scammed out of $730,000

<p dir="ltr">A woman has lost an eye-watering $730,000 after opening an email from who she thought was her settlement agent.</p> <p dir="ltr">The victim was in the process of purchasing a property in Western Australia and had clicked on the email which asked for money to be deposited into an account they were in control of.</p> <p dir="ltr">After filling out the “authentic-looking documents”, the scammers were able to take control of $730,000. </p> <p dir="ltr">Consumer Protection WA confirmed that the settlement agent’s email was hacked by the scammers in what is described as payment redirection scams.</p> <p dir="ltr">Payment redirection scams are almost impossible to tell the difference between the real and the fake thing. </p> <p dir="ltr">In this instance, the woman did not think twice that the email would have been a scam after the agent reminded her of the payment. </p> <p dir="ltr">Consumer Protection executive director Trish Blake said the hack is sophisticated and can make it difficult to know when the hacking took place.</p> <p dir="ltr">“These scams usually involve the hacking into someone’s email account or computer system but it can be difficult to determine exactly where the hack has occurred,” she told <a href="https://www.news.com.au/technology/online/hacking/woman-loses-730000-after-one-scam-email-while-buying-property/news-story/0eabd0fcc189dc3a0bd7c472f0034150" target="_blank" rel="noopener">news.com.au</a>.</p> <p dir="ltr">“The hackers may have successfully guessed the password or installed spyware or malware on computers or laptops after recipients open attachments or click on links in scam emails.</p> <p dir="ltr">“The losses from these scams can be extremely devastating to the victims who may have lost their home deposit that they have been saving for many years and may not be able to buy the home of their dreams. Or it may be a business doing it tough that can least afford to lose such a large amount of money.”</p> <p dir="ltr"><em>Image: Shutterstock</em></p>

Money & Banking

Placeholder Content Image

How to stop getting hacked on Facebook

<p>A new scam involving Facebook users is currently surging worldwide. It involves enticing messages, supposedly from a friend reading: “look what I found”.</p> <p>The phishing scam targets people via Facebook Messenger, as scammers are able to send these fake messages to the contacts of people whose Facebook accounts had previously been compromised.</p> <p>Along with the “look what I found” message, which is often followed by one or multiple emojis, comes a link. Once you click on it, you’re taken to a malicious webpage that asks for your Facebook log-in. This is where they will obtain sensitive information and even attempt to install malware onto the device.</p> <p>The scam has been known about for several years but recently appears to be surging out of control. It’s one of a number of scams targeting people via Messenger.</p> <p>Another example is one where people receive a message from a friend saying, “is this you in this video?”, or similar.</p> <p>“Messages seemingly coming from a Facebook friend much more likely result in clicks than messages sent by strangers, because people might only or primarily focus on the sender’s name at first rather than the message content, regardless whether that has red flags,” Leslie Sikos, a cyber security expert from Edith Cowan University says.</p> <p>“There are many scams of this sort, meaning that there is no single appearance or behaviour users could learn to avoid.</p> <p>“Note that if someone is tricked by a message and they click a scam’s link, they still might not be victims in the end if they can realise it’s a scam by keeping an eye on the website loading process, which would reveal the redirection to a malicious website.”</p> <p><strong>Here's what to look out for</strong></p> <p>Dr Sikos says while the scam can be difficult to detect, there could be a number of seemingly obvious clues that give away a phishing message.</p> <p>“(For example) there is no proper greeting and/or signature that would match the style of the sender,” he said.</p> <p>“Scams often have bad grammar or typos that can also indicate their true nature. For example, ‘look what i found’ instead of ‘Look what I’ve found’.”</p> <p>He's also flagged to look out for a “gibberish, obviously machine-generated and fake domain name that, when clicked, would actually redirect you to another domain”.</p> <p>Other clues to indicate a phishing message include: the message came from a Facebook friend who you wouldn’t normally chat with, or the message was sent at a strange hour of the day or night.</p> <p><em>Image: Getty</em></p>

Technology

Placeholder Content Image

Don't leave yourself vulnerable to hackers in 2022

<p><br />Passwords are just as vitally important as they are frustrating. However, making a mistake with our passwords could leave us exposed to hackers and other fraudulent activities online.</p><p><br />According to the Australian Competition &amp; Consumer Commission, Australians lost a record $323.7 million to scams and identity theft in 2021, with phishing scams up 62% on the previous year.</p><p><br />It’s not just your main accounts like social media or online banking that are at risk. As our list of logins grows, all it takes is one data breach to compromise everything. So, what can you do in order to protect yourself?</p><p><br /><strong>1. Don’t use the same password across multiple sites</strong><br />If you use one password across multiple platforms or sites, you’re at greater risk.<br />“By far the biggest mistake people make with passwords is using the same one across multiple sites,” says Val Quinn, Sunrise tech expert.<br />“Because if one site gets hacked, then the hackers have the same password that they can use on different sites to try to login under your name.”</p><p><br /><strong>2. Use a passphrase instead</strong><br />“Hackers can use special tools where they can actually brute force guess your passwords,” says Quinn.<br />“That means we have to make them very complicated, long combo of letters, characters and numbers, upper and lower case.”<br />For extra protection, try using a passphrase instead of a traditional password. But – make sure to remember that phrase!<br />It’s also a good idea to ensure it’s not a common or popular quote or song that can be easily guessed by somebody who knows you.</p><p><br /><strong>3. See if you’ve been breached</strong><br />Sites like <a href="https://haveibeenpwned.com/" target="_blank" rel="noopener">Have I Been Pwned?</a> allow you to check if your email address or password have been caught up in known data breaches.<br />Started by Australian cyber security consultant Troy Hunt, who is also Microsoft’s regional director, the site aggregates known issues, providing a snapshot of that sites where your data may have been compromised.</p><p><br /><strong>4. Don’t use personal information</strong><br />This tip sounds simple but a lot of people continue to fall into the trap of using personal information. Avoid using obvious things like a pets name or birthday.</p><p><br /><strong>5. Use a password manager</strong><br />Most of us have passwords across email, social media, banking, streaming services and online shopping.<br />Keeping track of login details can be daunting, that’s where password managers come in handy.<br />“A password manager is almost a must,” explains Quinn.<br />“It really helps ensure you use different passwords for all of the sites you log into, otherwise you just can’t remember very easily.”<br /><br />Most common passwords of 2021<br />According to NordPass, these are the most common passwords globally in 2021, all of which the tech company estimates take under one second to hack.</p><ul><li>123456</li><li>123456789</li><li>12345</li><li>qwerty</li><li>password</li><li>12345678</li><li>111111</li><li>123123</li><li>1234567890</li><li>1234567<br /><br /></li></ul><p>NordPass research also revealed these were the most common passwords in Australia.</p><ul><li>123456</li><li>password</li><li>lizottes</li><li>password1</li><li>123456789</li><li>12345</li><li>abc123</li><li>qwerty</li><li>12345678</li><li>holden</li></ul><p><em>Image: Getty</em></p>

Technology

Placeholder Content Image

What hackers can do with just your phone number

<p><strong>Your number can be used in many malicious ways</strong></p> <p>Your phone number is an easy-to-find key that can be used by hackers and scammers to unlocking your personal data. They can also use your number in many other malicious ways.</p> <p>I used to think that maybe, at best, a person could possibly find my name and address using my phone number. I was wrong. Recently, someone I don’t know used my phone number to find out the private details of my life, then emailed me everything they had discovered.</p> <p>With just my phone number this person found out where I live, my previous addresses, information on if I’ve ever been evicted, some personal financial information, a map of my neighbourhood, and my birth date. They even found the only speeding ticket I’ve ever had, way back in 2006. It was disturbing, to say the least.</p> <p>I felt, and still feel, violated. I reported the person to the social media site they contacted me through and blocked them, but is there more I can do?</p> <p>After contacting some security experts for their take, it turns out that finding important details about someone’s life with just a phone number is incredibly alarmingly easy…and profitable.</p> <p>“In the wrong hands, your phone number can be used to steal your identity and take over almost every online account you have,” Veronica Miller, cybersecurity expert at VPN overview, tells Reader’s Digest.</p> <p>There are several ways a hacker can use a phone number to turn your life upside down. Here are some ways criminals can target you.</p> <p><strong>Data mining the easy way</strong></p> <p>The easiest way to use your phone number maliciously is by simply typing it into a people search site. Sites like these can reveal personal information about you in less than a few seconds, according to tech expert Burton Kelso.</p> <p>People search sites, purchase your personal information and then sell it to people who want your data, like hackers with your phone number.</p> <p>The information found through these sites includes your address, bankruptcies, criminal records and family member’s names and addresses. All of this can be used for blackmail, stalking, doxing or identity theft.</p> <p><strong>Rerouting your number</strong></p> <p>Another tactic is to contact your mobile carrier provider claiming to be you, said Miller. Then, the hacker can make it so your number routes to their phone. From there, the hacker will log into your email account. Of course, they don’t have your password, but they don’t need it.</p> <p>They just click “Forgot your password” and get the reset link sent to their phone that now uses your phone number. Once the hacker has access to your email account, it’s easy to gain access to any of your accounts.</p> <p>While many service providers have some security features to prevent scammers from switching phones, if the person has your phone number, though, they may be able to find enough information about you to get past the security questions.</p> <p><strong>Spoofing</strong></p> <p>There were billions of scam calls in 2019, according to data collected by YouMail, and scammers are getting smarter. Now they are using a technique called spoofing to make it easier to scam you. Spoofing is when someone makes your phone number pop up on a caller ID when it really isn’t you that’s making the call.</p> <p>For example, a scammer once spoofed my daughter’s phone number to make me think she was calling me. The goal was to trick me into answering the phone. It worked, because what if it was an emergency and my daughter needed me?</p> <p>When a scammer gets you to pick up, they have the chance to trick you into whatever scheme they’ve come up with, like tricking you into giving them your credit card information.</p> <p>It doesn’t take much to spoof a phone number. There are apps and websites that allow scammers to simply type in a phone number and make a call. It’s super easy and quick, which makes it appealing to scammers.</p> <p><strong>Texting scams</strong></p> <p>Scammers can also use your phone number to send you malicious text messages. This type of scam is called ‘smishing’, according to digital privacy expert Ray Wallsh.</p> <p>In these texts, scammers can send links that can infect your phone with malware that can steal your personal information, or they can straight-up scam you by pretending to be your bank, the IRS, or your doctor.</p> <p>Posing as someone you trust, the scammers will then try to trick you into giving them personal information and credit card numbers.</p> <p><strong>How to protect yourself</strong></p> <p>All of the experts I contacted recommended that to combat your phone number being misused, share it as little as possible. “Many apps and services require a cell number for verification at sign up. By handing your data to these apps, services and businesses, you increase the likelihood that your phone number will be passed on to third parties and data aggregators,” said Wallsh. Limit giving out your phone number to friends and family and your doctor.</p> <p>For everyone else, you need a virtual number that can forward calls to your phone so you don’t need to give anyone your real number that is linked to your personal information. You can set up a virtual number for free through Google Voice or through services like Burner.</p> <p>Also, never click on links sent to you in text messages, even if they look like they were sent from a trusted contact. If your bank, credit card company, doctor or service you use contacts you through text, call them using a verified number from their website to confirm the communication was truly sent from them to avoid malware or scams.</p> <p>To protect yourself from hackers rerouting your number, ask your mobile carrier to add an extra layer of security like a password or PIN number to your account, advises Miller.</p> <p>All of these steps can help keep your personal information private, but it only works to a point. Your personal data has probably already been sold to people search sites and while you can send these sites requests to remove your information, it’s a huge task. Plus, the site may simply repost your information later.</p> <p>So, in the end, there may not be a way to completely prevent hackers and scammers from getting access to your phone number. Knowing what someone can do with your number, though, can help you avoid scams and protect your information from being more widely spread.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This article originally appeared on <a rel="noopener" href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/what-hackers-can-do-with-just-your-phone-number" target="_blank">Reader's Digest</a>.</em></p>

Technology

Placeholder Content Image

Urgent email warning to Aussies over China hackers

<div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <p>Australians are being urged to check their emails after a major Chinese infiltration of Microsoft's email system has left many exposed.</p> <p>There are fears that 7,000 servers are impacted by the threat in Australia after the Chinese state-backed hacker group known as HAFNIUM hit more than 30,000 servers in the USA.</p> <p>The campaign led by the hackers found recently discovered flaws in Microsoft Exchange software and stole emails while infecting computer servers with tools that left hackers to take control of the servers remotely.</p> <p>Brian Krebs, a cybersecurity expert, has reported on this massive breach.</p> <p>“At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organisations,” Krebs wrote in the<span> </span><a rel="noopener" href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/" target="_blank">post</a>.</p> <p>One insider close to the incident explained whose been hit.</p> <p>“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter.</p> <p>“Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”</p> <p>A zero-day attack is where hackers exploit potentially serious software security that the developer might be unaware of.</p> <p>The Microsoft Threat Intelligence Center (MSTIC) attributed the attacks with "high confidence" to a "state-sponsored threat actor" based in China which they named Hafnium.</p> <p>Microsoft is urging network owners to download the security patches available as soon as possible.</p> <p>It told customers "the best protection" was "to apply updates as soon as possible across all impacted systems".</p> <p>However, if your Microsoft Exchange servers have already been compromised, the patches are not "full protection against attack". You can find out<span> </span><a rel="noopener" href="https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/" target="_blank">more information here.</a></p> </div> </div> </div>

Legal

Placeholder Content Image

Hackers are getting smarter by targeting councils and governments

<p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat.</p> <p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p> <p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.</p> <p><strong>A new plan of attack</strong></p> <p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said.</p> <p><em><a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span> <span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span></em></p> <p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust.</p> <p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p> <p><a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span> <span class="attribution"><span class="source">pule_madumo/twitter</span></span></p> <p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder.</p> <p><strong>When to trust the word of a cybercriminal?</strong></p> <p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them.</p> <p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>.</p> <p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly.</p> <p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware.</p> <p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys.</p> <p><strong>The traditional ransomware attack</strong></p> <p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>.</p> <p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere.</p> <p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms.</p> <p><strong>Trouble close to home</strong></p> <p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p> <p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat.</p> <p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever.</p> <p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught.</p> <p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/126190/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/roberto-musotto-872263">Roberto Musotto</a>, Cyber Security Cooperative Research Centre Postdoctoral Fellow, <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a> and <a href="https://theconversation.com/profiles/brian-nussbaum-874786">Brian Nussbaum</a>, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, <a href="http://theconversation.com/institutions/university-at-albany-state-university-of-new-york-1978">University at Albany, State University of New York</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">original article</a>.</em></p>

Technology

Placeholder Content Image

7 alarming things a hacker can do when they have your email address

<p><strong>1. Send emails from your address</strong></p> <p>This is probably the most obvious thing hackers can do with your email address, and it’s a nuisance for sure. Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. As Garry Brownrigg, CEO &amp; Founder of <a href="https://www.quicksilk.com/">QuickSilk</a>, explains, “They can ‘spoof’ an email message with a forged sender address – they don’t even need your password for this.” The things they send can be anything from harmful malware to scams and requests for money; either way, you’d certainly rather they didn’t come from your address.</p> <p>And although it’s mostly harmless (most savvy internet users are able to catch on when they receive a scam email from a friend’s address), it could still be a problem in some cases. “If a criminal really wanted to hurt someone, they could use this as a way to hook a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems in their personal or professional life by impersonating them online,” says Jason Glassberg, co-founder of <a href="https://www.casaba.com/">Casaba Security</a> and former cybersecurity executive at Ernst &amp; Young and Lehman Brothers.</p> <p><strong>2. Send phishing emails</strong></p> <p>Since there isn’t a lot that hackers can do with just the email address, they’re not going to stop there. “When a hacker knows your email address, they have half of your confidential information – all they need now is the password,” warns Greg Kelley of <a href="https://www.vestigeltd.com/">Vestige Digital Investigations</a>. They employ a few different methods to access it, the most common being the phishing email. This is an email, in the guise of being a legitimate email from a trusted source, designed to trick you into logging in. “They might create a legitimate-sounding email that appears to be sent from a service such as Amazon, eBay, Paypal or any number of other popular services… Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service,” explains Ray Walsh, a digital privacy expert at <a href="https://proprivacy.com/">ProPrivacy.com</a>. “However, if people use the login on that fake website, the hacker instantly receives the credential and password for the real account.”</p> <p>Another way they can do this, ironically, is by sending you an email saying that your account is compromised or has been accessed from a new device, so you need to change your password for security reasons. (You’ve almost definitely had one of those at one point or another!) When you change your password, then your account really is compromised and the hacker has your password. Once hackers have your password, the range of things they can do becomes much greater.</p> <p><strong>3. Access your online accounts</strong></p> <p>Nowadays, our emails do double duty as our logins for scores of social media sites, in addition to Google Docs, online retailers, and so on. Internet users also have a very understandable tendency to use the same passwords for all of these accounts. And even if you don’t use the same password, the hacker can click the old ‘forgot password’ button and use the resulting email – which comes to your email address, which they do have the password for – to change the password, and voilà. Your accounts are their accounts, and they have access to anything on them that you do.</p> <p><strong>4. Access personal information</strong></p> <p>The things hackers can do with your information seem to be something of a chain reaction. Once a hacker has access to your online accounts, just think about all of the information that is right at their fingertips. Allan Buxton, Director of Forensics at SecureForensics, sums it up: “At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures,” he says. “Throw that email address into LinkedIn, and they’ll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school. That’s more than enough to start some real-world stalking. That’s just two sites – we haven’t talked about political views, travel or favourite places they might glean from Twitter or Instagram.”</p> <p>Glassberg admits that such ‘real-world stalking’ is rare, sure, but anything is possible in an era where people document nearly everything online.</p> <p><strong>5. Steal financial information</strong></p> <p>Things start to get really problematic if hackers are able to find your credit or debit card information – which, more likely than not, you’ve sent via email at one point or another. Your online bank accounts can also be a major target for hackers, especially if you use your email address as a login for those, too. And, needless to say, once a hacker has access to those, your money is in serious jeopardy. “This is one of the biggest risks you’ll face from an email hack,” Glassberg says. “Once [hackers] have the email, it’s easy to reset the bank account and begin issuing transactions.” In addition to potentially being devastating of your finances, this can also hurt your credit score, as <a href="https://www.beenverified.com/">BeenVerified</a>’s Chief Communications Officer Justin Lavelle explains: “Cybercriminals can use your credit card details, open bank accounts in your name, and take out loans. It will likely ruin your credit card’s rating and your credit report will take a hit.”</p> <p><strong>6. Blackmail you</strong></p> <p>As if things weren’t scary enough, hackers can use your personal info to ruin, or threaten to ruin, your reputation. This is fairly rare, but it can happen, especially if a hacker finds something that the user wouldn’t want to be seen publicly. “[Hackers] can use this access to spy on you and review your most personal emails,” says Daniel Smith, head of security research at <a href="https://www.radware.com/">Radware</a>. “This kind of information could easily be used to blackmail/extort the victim.”</p> <p><strong>7. Steal your identity</strong></p> <p>This is definitely a worst-case scenario, but “once the hacker has your personally identifiable information, they can steal your identity,” Brownrigg warns. With information like your tax file number and credit card info, identity theft can sadly be well within reach for hackers. So, if you start noticing signs someone just stole your identity, consider that your email address may have been compromised.</p> <p><strong>How you can stay safe from hackers</strong></p> <p>Hopefully, though, you won’t have to encounter any of these problems, and there are some measures you can take to keep your information safe. Avoid using your verbatim email address as a login for other sites, and make sure that your password is strong and difficult to guess. You should also change those passwords every couple of months or so for maximum security. Glassberg also recommends securing your email account with two-factor authentication. This “[requires] a one-time code to be entered alongside the password in order to gain access to the email account,” he told RD. “In most cases, the code will be texted to the person’s phone, but there are also apps you can use, like Google Authenticator.”</p> <p>And, of course, just use common sense. Don’t share information or type in your email password on public WiFi networks, and be smart about the information you share over email.</p> <p><strong>What to do if you think you’ve been hacked</strong></p> <p>Starting to notice some strange online activity? There are a couple of ways you can try to get ahead before it gets too bad. If you hear about spam emails being sent from your address, change your password immediately. You should also tell your contacts so that they know to ignore anything coming from you. Finally, Lavelle offers some other suggestions: “Change your email settings to the highest privacy setting, scan your computer for malware and viruses, and be sure your browsers are updated,” he says.</p> <p><em>Written by Meghan Jones. This article first appeared in </em><em><a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/7-alarming-things-a-hacker-can-do-when-they-have-your-email-address">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, </em><a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA93V"><em>here’s our best subscription offer</em></a><em>.</em></p> <p><img style="width: 100px !important; height: 100px !important;" src="https://oversixtydev.blob.core.windows.net/media/7820640/1.png" alt="" data-udi="umb://media/f30947086c8e47b89cb076eb5bb9b3e2" /></p>

Technology

Placeholder Content Image

How to stop hackers from attacking your mobile phone while online shopping

<p><span style="font-weight: 400;">In new research revealed by Norton’s cyber safety insight report, about 30 per cent of shoppers have fallen victim to cybercrime in the past year at a cost of a shocking $1.3 billion.</span></p> <p><span style="font-weight: 400;">The report noted that 21 per cent of smartphone users had no idea that their device was able to be hacked.</span></p> <p><span style="font-weight: 400;">Cybercrime expert Julian Plummer agrees that users are laxer about mobile security compared to their laptops.</span></p> <p><span style="font-weight: 400;">“As mobile becomes increasingly de rigueur the security risk to consumers will only rise,” said Mr Plummer, who is the managing director of Midwinter Financial Services in Sydney.</span></p> <p><span style="font-weight: 400;">There are two ways that your smartphone is able to be hacked, which is phishing and over public wi-fi networks.</span></p> <p><span style="font-weight: 400;">As hackers are only getting smarter at duping their victims when it comes to phishing, sophisticated criminals are now impersonating big-name brands, including banks and other institutions.</span></p> <p><span style="font-weight: 400;">“It used to be that seeing a padlock in the URL bar meant that the site was safe, but now hackers are ‘securing’ their sites using cheap security certificates to provide a false sense of security,” Mr Plummer warned to </span><a href="https://thenewdaily.com.au/life/tech/2019/05/29/mobile-phone-cybercrime-safety/"><span style="font-weight: 400;"><em>The New Daily</em></span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">The second way is via public Wi-Fi networks, which is surprisingly sophisticated.</span></p> <p><span style="font-weight: 400;">“Hackers use a ‘Wi-Fi pineapple’ to mimic a public wi-fi access point,” he explained.</span></p> <p><span style="font-weight: 400;">“Unfortunately, logging on to these malicious wi-fi access points allows hackers to intercept any unencrypted personal data. Always be very wary when connecting to an untrusted wi-fi network – especially overseas.”</span></p> <p><span style="font-weight: 400;">It’s easy to protect yourself from hackers though, according to Mr Plummer.</span></p> <p><span style="font-weight: 400;">“The crucial thing for mobile phone users is to stop reusing passwords,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“With a major security breach happening almost on a monthly basis, if hackers were to get your password from one shopping website, they then have access to all your online accounts if you re-use your password.”</span></p> <p><span style="font-weight: 400;">The second way to keep your information safe might be tedious, but it’ll be worth it in the long run. It involves keeping your phone’s operating system up to date.</span></p> <p><span style="font-weight: 400;">“The main reason manufacturers provide updates is to close off security loopholes within their device,” Mr Plummer said.</span></p> <p><span style="font-weight: 400;">“Hackers are well versed in any security bugs in your mobile device, so make sure you have automatic updates turned on for your mobile phone.”</span></p>

Technology

Placeholder Content Image

The scary new way hackers can find out your passwords

<p><span style="font-weight: 400;">New research from the University of Cambridge in England as well as Sweden’s Linköping University has explained that malware is now capable of accurately guessing your passwords by listening to the sound of your fingers tapping the screen.</span></p> <p><span style="font-weight: 400;">The hackers use the malware to listen via the microphone of your smartphone and use technology that can accurately guess where you’re touching the screen to get every password you use on the smartphone device. </span></p> <p><span style="font-weight: 400;">“We showed that the attack can successfully recover PIN codes, individual letters and whole words,” researchers wrote in the paper, according to </span><a href="https://www.9news.com.au/technology/iphone-android-hackers-can-find-out-your-passwords-by-hearing-how-you-type/bf7c66ce-0d49-4c26-8be2-1dd5c6196d30"><span style="font-weight: 400;">9News</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">“We have shown a new acoustic side-channel attack on smartphones and tablets.”</span></p> <p><span style="font-weight: 400;">Research showed that during testing, the machine learning software correctly guessed a four-digit passcode 73 per cent of the time after ten tries.</span></p> <p><span style="font-weight: 400;">The software was also able to identify 30 per cent of passwords that ranged from seven to 13 characters in length after 20 tries.</span></p> <p><span style="font-weight: 400;">The malware is reliant on machine learning to predict which key a user has tapped by tracking which sound the microphone heard first. This is a detail that is picked up in a matter of seconds.</span></p>

Technology

Placeholder Content Image

Warning: WhatsApp voicemail scam gives hackers access to your account

<p>A worrying new WhatsApp hack allows cyber criminals to access victim’s accounts via their voicemail inbox.</p> <p>According to <a href="https://nakedsecurity.sophos.com/2018/10/08/attackers-use-voicemail-hack-to-steal-whatsapp-accounts/"><strong><em style="font-weight: inherit;"><u>Naked Security</u></em></strong></a>, a blog run by British security company Sophos, scammers are attempting the attacks at night so they can take advantage of the app’s six-digit verification code.</p> <p>The attacks have become so prevalent that Israel’s National Cyber Security Authority issued a nationwide warning.</p> <p>Hackers start the scam by installing WhatsApp on their own phone using a legitimate user’s phone number.</p> <p>To verify the login attempt, WhatsApp sends a six-digit verification code via text message to the victim’s telephone.</p> <p>However, hackers are carrying out this scam at night, so victims are most likely sleeping rather than checking their phones.</p> <p>WhatsApp then allows the hacker to send the six-digit verification code via phone call with an automated message.</p> <p>As the victim is not on their phone, the message ideally goes to voicemail.</p> <p>The cyber criminal then exploits a security flaw in many telecommunication networks which allows customers to use a generic phone number to call and retrieve their voicemails.</p> <p>For many mobile phone owners, only a four-digit pin is required to access their voicemails – which if they haven’t changed is commonly 0000 or 1234 by default.</p> <p>Hackers will then enter the password and gain access to the victim’s voicemail inbox, allowing them to retrieve the WhatsApp message containing the six-digit code.</p> <p>Once the scammer enters the code into their own phone, they have complete access to the victim’s WhatsApp account.</p> <p>To avoid being hacked, it is recommended that users turn on two-factor authentication on their account, adding an extra layer of security.</p> <p>“Using application-based 2FA ... mitigates a lot of the risk, because these mobile authentication apps don’t rely on communications tied to phone numbers,” Sophos researchers explained. </p> <p>This can be done by navigating to Settings in WhatsApp, then tapping ‘Account’.</p> <p>Users must then press on ‘Two-step verification’ and tap ‘Enable’.</p> <p>Experts also encourage users to have a strong PIN on their voicemail inbox.</p> <p>Have you encountered this WhatsApp scam? Let us know in the comments below. </p>

Technology

Placeholder Content Image

How to protect your Facebook account from being hacked

<div class="replay"> <div class="reply_body body linkify"> <div class="reply_body"> <div class="body_text "> <p><a rel="noopener" href="https://newsroom.fb.com/news/2018/09/security-update/" target="_blank">Facebook</a> has announced that 50 million accounts have been compromised by hackers who “exploited a vulnerability in Facebook’s code”, allowing them to access personal details of its users.</p> <p>Now <em><a rel="noopener" href="https://www.news.com.au/technology/online/social/your-stolen-facebook-account-can-be-bought-for-just-390-on-the-dark-web/news-story/0ec028c40c5c348edcdd99a5480971af" target="_blank">news.com.au</a> </em>reports that login details for Facebook accounts are being sold on the dark web for as little as $3.90.</p> <p>But there are ways you can act now to protect your Facebook account from being hacked.</p> <p><strong>1. Make sure you use a strong password</strong></p> <p>Remembering passwords is a bane of modern life, and it’s tempting to repeat passwords or make them something we’ll easily recall like birthdays, pet names, family members or “1234”!</p> <p>It may seem an obvious solution, but it can’t be stressed enough how important it is to have a strong and unique password for your Facebook account. Make sure to use a combination of numbers, symbols and upper and lowercase symbols.</p> <p><strong>2. Use two-factor identification</strong></p> <p>Two-factor identification simply means having a code as a second layer of protection for your account on top of your password. The code can be sent to you on a different device like your smartphone, which makes it harder for hackers to access your account even if they do find out your password.</p> <p>You can learn more about two-factor identification <a rel="noopener" href="https://www.facebook.com/notes/facebook-security/two-factor-authentication-for-facebook-now-easier-to-set-up/10155341377090766/" target="_blank">here</a>.</p> <p><strong>3. Set your devices to lock quickly</strong></p> <p>It may seem inconvenient, but the faster your device locks, the less time someone has to physically access it. So if you don’t have your devices set to lock, it’s well worthwhile. And make sure, just like any passwords, that those for your devices are unique and hard to crack. That means no birthdays!</p> <p><strong>4. Reconsider what information you share</strong></p> <p>Of course, social media is made for sharing our information but it could be a good time to reconsider what private information you’re willing to share on Facebook. So think twice before sharing personal tidbits about your life on your Facebook page. </p> <p>You can find more ways to secure your account at <a rel="noopener" href="https://www.facebook.com/help/325807937506242" target="_blank">Facebook</a>.</p> <p>What do you do to protect yourself online? Tell us in the comments below.<span class="detail_tools"><span class="who_watched"><span class="people_count_container"><span class="people_count current"></span></span></span><a class="likebtn"><span class="post_like_button icon icon-dapulse-thumb"></span></a></span></p> </div> </div> </div> </div> <p> </p>

Technology

Placeholder Content Image

WhatsApp scam that sends fake messages from you

<p style="margin-top: 0cm; background: white; vertical-align: baseline;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">A new bug discovered within popular messaging app WhatsApp allows hackers to infiltrate and message your contacts.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">Experts have warned that when the bug is combined with existing glitches, it allows hackers to send messages to your friends and family.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">The bug, first identified by Check Point Research cybersecurity analysts, was created by vulnerabilities between WhatsApp for mobile and for web, where users must sync in order to send messages via desktop.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">On their website, Check Point said the bug could “allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources.”</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">According to Check Point, hackers can manipulate users' messages and change the identity of a sender in the group conversation, even if that person is not a member of the group.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">Hackers can also send a private message to a group chat member, but when the targeted individual responds, everyone in the conversation can see it.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">The bug will enable hackers to impersonate users and spread fake news.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">The researchers who discovered the bug, believe it is of the “utmost importance” that WhatsApp fixes the problem immediately, however, the Facebook-owned company has “acknowledged” the flaws but said it was a part of the app’s “design framework”.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">In a recent blog post, WhatsApp wrote: “WhatsApp cares deeply about your safety.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">“We encourage you to think before sharing messages that were forwarded.</span></p> <p style="margin-top: 0cm; background: white; vertical-align: baseline; box-sizing: border-box; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;"><span style="font-size: 11.5pt; font-family: 'Helvetica',sans-serif; color: black;">“As a reminder, you can report spam or block a contact in one tap and can always reach out to WhatsApp directly for help.”</span></p>

Technology

Placeholder Content Image

MasterChef star homeless after hackers steal $250K in scam

<p>Former <em>MasterChef Australia</em> star Dani Venn has been caught up in an online hacking scam that has cost her and her family $250,000.</p> <p>The cyber-attack has left Dani, her husband Chris and their two young children homeless.</p> <p>Appearing on <em>MasterChef</em> in 2011 where she came fourth in the reality TV series, Dani and Chris’s life savings were wiped out after an online conveyancing giant was linked to a hacking scam.</p> <p>Apparently, Dani and her family were warned twice about the security fears in the weeks leading up to the cyber-attack, which resulted in their funds being stolen.</p> <p><img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819434/1-dani_498x280.jpg" alt="1 Dani"/></p> <p>The substantial lump sum that was sitting in their bank account was proceeds from the sale of their old home. But after the $250,000 was stolen, it meant they could not settle on their new property.</p> <p>“This is our life savings here,” an emotional Dani told <em><a href="https://www.9news.com.au/national/2018/06/26/19/40/masterchef-contestant-dani-venn-home-sale-hack-pexa">A Current Affair</a></em>.</p> <p>“We’ve got two small children, a four-and-a-half-month old and a three-and-a-half-year-old,” she continued. “You just can’t do this to people.”</p> <p>Since the hackers wiped out their account, Dani and the couple’s two kids have had to move in with her mother. Her husband Chris has been forced to live in a caravan.</p> <p><img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819435/4-dani_498x280.jpg" alt="4 Dani"/></p> <p>Meanwhile, because the couple missed the settlement on their new home, they are being charged $500 a day in contractual penalties. They are at risk of losing the property and their deposit if they don’t come up with the $120,000 needed to finalise the purchase.</p> <p>“It’s scary because it could happen to anyone buying or selling a property,” Dani explained.</p> <p>PEXA (Property Exchange Australia) is the online platform that Dani and Chris’s conveyancers used to settle the real estate purchase when the proceedings were compromised by hackers.</p> <p>The conveyancing company was unaware the hackers created a fake username under their PEXA account.</p> <p>In the meantime, the Commonwealth bank has managed to freeze $138,000 of the stolen funds, however, $110,000 is still missing and not recoverable.</p> <p><iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2FACurrentAffair9%2Fvideos%2F1595163487256689%2F&amp;show_text=0&amp;width=560" width="560" height="315" style="border: none; overflow: hidden;" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true"></iframe></p> <p><em>A Current Affair</em> said they repeatedly requested PEXA for an on-camera interview and sent close to 20 questions for them to respond to, but all requests were ignored.</p> <p>However, PEXA’s Acting CEO James Ruddock said in a statement to <em>ACA</em> that their system is safe, and the loan offer still stands.</p> <p>“PEXA provides a platform to conduct property settlements. Like the paper process, individual conveyancers are responsible for conducting the settlement process accurately,” Mr Ruddock stated.</p> <p>“Ms Venn’s funds were misdirected when her conveyancer approved bank account details that were incorrect by using their digital key and password to authorise the settlement of the transaction through the PEXA system.”</p> <p>Dani’s scam follows two other incidents where one client lost more than $1 million during the settlement process, while another lost close to $700,000.</p> <p> </p>

Legal

Placeholder Content Image

Why you shouldn’t wish people “Happy Birthday” on Facebook

<p>Wishing a happy birthday on Facebook could get your account hacked and your private information stolen, a new survey has found.</p> <p>When combined with other information gleaned from Facebook posts, the annual birthday wishes could give scammers enough details to steal sensitive data.</p> <p>A survey by <a rel="noopener" href="https://www.nationwide.co.uk/oversharing" target="_blank"><span style="text-decoration: underline;"><strong>Nationwide</strong> </span></a>of people aged 16-25 found that 83 per cent said their friends “overshared” online, including information like their relationship status, health and political beliefs, and holiday updates. Up to 56 per cent of respondents said friends also share their current location on Facebook.</p> <p>These types of revealing posts are a goldmine for hackers and can even put homes at risk of burglary.</p> <p>“Social media is a great way for people to connect with friends or family, but it’s important to think about the information you are sharing with others, so it doesn’t fall into the wrong hands,” said Stuart Skinner, director of fraud at Nationwide.</p> <p>He continued: “Wishing someone a happy birthday or sharing your location may seem innocent enough, but fraudsters can piece together information from various places, collecting enough to defraud people.</p> <p>“To protect yourself, check privacy settings so only vetted friends can see updates, don’t give away too much information or anything you wouldn’t want a fraudster to see, have a strong password that doesn’t use any of your personal information and stop and think before sharing.”</p>

Technology

Placeholder Content Image

The rise of fake Wi-Fi: How hackers are stealing your personal data

<p><span>A new report has revealed how hackers are able to easily access personal data using fake Wi-Fi accounts.</span></p> <p><span>The investigation by the US <em>Today</em> show found that cyber scammers can quickly access your credit card information, flight details and purchase history, once a victim is logged onto their fake Wi-Fi.</span></p> <p><span>Investigative journalist Jeff Rossen used a security expert to set up fake Wi-Fi hotspots at the Grand Fiesta Americana hotel in Cancun, Mexico, reported <em>The Sun.</em></span></p> <p><span>Tourists were tricked into clicking on the fake Wi-Fi hotpots because the duo gave them names similar to the hotel's secure Wi-Fi.</span></p> <p><span>After various tourists had clicked on the fake W-Fi, Rossen went around the resort tracking people by their phones to warn them of what they had done.</span></p> <p><span>The tourists were shocked at how easily they had been fooled.</span></p> <p><span>Rossen shared tips to the tourists about how they could stay safe online while on holiday.</span></p> <p><span>One key piece of advice Rossen shared was to log off public Wi-Fi when making online purchases on your phone.</span></p> <p><span>He recommends using your mobile phone network, even if it is more expensive, as it will ensure you are safe from fake Wi-Fi.</span></p> <p><span>He also advised phone users to click “forget this network” after using public Wi-Fi, to avoid auto-logging on to hotspots.</span></p> <p><span>You can also turn off your Wi-Fi’s “auto-join” feature for safer use.</span></p> <p><span>One last trick Rossen shared was, the best way to test the authenticity of the Wi-Fi claiming to be your hotel is to enter the wrong room number when prompted.</span></p> <p><span>If you still receive access, you will know it is a scam network that is letting anyone in. If it is actually your hotel network, you will be denied access.</span></p> <p><span>Over the summer holidays, Australian families were warned to be careful when logging into free Wi-Fi networks.</span></p> <p><span>One man had $155,000 worth of digital currency Bitcoin stolen after logging into a restaurant’s unsecured public Wi-Fi network. </span></p> <p><span>Have you ever had a dodgy Wi-Fi experience? Tell us in the comments below. </span></p>

Accommodation

Our Partners