Gambling and cheating goes hand-in-hand, doesn’t it? AND THAT’S JUST THE BOOKIES EH? We’re kidding of course, should any jumpy lawyers be reading. We don’t want to have to write articles with thumb-screws on either.
Anyway, those who like playing online poker should be aware that there’s some malware doing the rounds that allows other players to see your cards. People who are getting stung by this are those who have downloaded something like an app, from a site that isn’t official or legit.
Really. People need to stop doing that. It is the source of far too many problems.
This particular malware allows a ne’er-do-well to track your ID, so they can follow you around and whoop you every time you play.
PokerStars and Full Tilt Poker users are at risk of being cheated out of money, and the malware is called Win32/Spy.Odlanor, or just Odlanor. Robert Lipovsky, Eset malware researcher, says: “In other cases, the spyware is installed through various poker-related programs”
As ever, to combat this, you need to make sure your anti-virus software is up-to-date, and get rid of any malicious files with it.
There’s a vulnerability in the service which is allowing hackers to trick people into executing snide code for them. It is called the ’MaliciousCard’ vulnerability, and basically, it is executed by sending a vCard contact card which contains malicious code to your account.
This is according to security firm Check Point, and they say that, once the code has been opened up, it starts to distribute bots, ransomware, and a whole bunch of other malware nonsense.
WhatsApp have been told about this, and they have issued an update which should fix the bug. If you’re running WhatsApp Web v0.1.4481 (or later), you’re fine.
This news follows the fact that WhatsApp have said that they have just reached 900 million monthly active users, which is not too shabby. Of course, the company is owned by Facebook so it won’t be long before everyone starts wishing everyone involved at the service were dead in a grisly manner.
If being single isn’t tough enough, all the baddies on the internet are going after their dating profiles. AshleyMadison was the big profile hack, complete with leaks, and now, Match.com has been compromised as well.
A security alert was issued by an outfit called Malwarebytes, and they noted that the dating site was hacked and has spilled data all over the place. A hackers version of a money shot, if you like.
Malwarebytes said the site has fallen victim to malvertising, which looks to swindle the lonely out of their hard earned money. It is thought that there’s 5.5 million users at risk from this attack, which happens to be based on the Bedep trojan for those of you who know about this sort of thing. In plain English, it means that ne’er-do-wells can get at a load of private info and start trying to cadge money from you.
“The cost per thousand impressions for the booby trapped ad was only 36c, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $500 per victim,” said Jerome Segura, senior security researcher at Malwarebytes.
“We alerted Match.com and the related advertisers, but the malvertising campaign is still ongoing via other routes.”
A spokesperson for Match.com told The Inquirer: “We take the security of our members very seriously indeed. We are currently investigating this alleged issue.”
Even though Apple’s iOS is well regarded for its robust security, it isn’t completely without the risk of some swine causing bother with it. If you jailbreak a phone, you do away with all that lovely security so you can get full control of your gadget.
With that, malware is being installed via third-party iOS apps onto jailbroken iPhones, which has resulted in what is being described as “the largest known Apple account theft caused by malware.”
The malware is called KeyRaider, and has stolen around 225,000 iOS users’ Apple account credentials, purchasing receipts, certificates and private keys according to the security firm, Palo Alto Networks and Chinese iPhone developers Weiptech.
And now, for a lot of jargon.
“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device. KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the Palo Alto Networks wrote in a blog post.
So what’s happening, in plain English? Around 225,000 accounts are thought to be affected, and some people have said that their accounts are showing abnormal purchasing history. Others have said that their phones are being held for ransom by people who are best described as ‘not-rights’.
If you don’t have a jailbroken iPhone, iPad or iPod, then you don’t need to do anything at all. You’re golden. Those with affected jailbroken phones reside in countries including the UK, France, Germany, Australia, Russia, Japan, America, Canada, Israel, Italy, Spain, Singapore, and South Korea.
You can read all of Palo Alto Networks findings and check out their tool which will help you to check if your device has been affected and some other helpful bits… click here.
Like all big events, scamsters are swarming around the Rugby World Cup. An investigation by Which!!! has uncovered rip-off deals for those trying to get to Twickenham, where money is stumped up, but tickets don’t arrive.
One of the sites that has been singled out is GetSporting.com, who appear to be offering tickets for games that have sold out. They seem to have hundreds of tickets, including every England match and the final, but do they have the tickets?
Which!!! say: “We’ve found one website – GetSporting.com – offering deals that may be too good to be true, selling tickets for sold out matches like England v Australia and England v Wales. It appears consumers are unlikely to receive tickets or could even receive fake ones.”
GetSporting.com seems to have an infinite supply of tickets for England’s opener against Fiji on September 18th, and the site isn’t keen on telling you where your seat in the stadium will be, or what the face value of the ticket is. If you’re reselling tickets for an event, by law, you have to disclose both of these things – so keep an eye out for that.
Which!!! continued: “Its payment methods have also given us cause for concern. It’s offering a discount for people who pay for their tickets through wire transfer but this method of payment means it’s almost impossible to get your money back if something goes wrong.”
The ubiquitous Richard Lloyd from Which!!! says: “With fans trying to get last minute tickets to Rugby World Cup 2015, it’s an ideal time for ticket scammers to try to make a fast buck.”
“We expect the authorities to take swift action against dodgy sites and we advise people to keep their wits about them. If an offer looks too good to be true, it probably is.”
You need to install updates on your browser at once, because there’s an exploit in it that wants to steal your data and has been turning up on websites and causing havoc.
Right away, go to Help, then hit ‘About Firefox’, then press the ‘Check for Updates’ button, to ensure you’ve got the latest version of the browser.
In a blog, Mozilla say the exploit makes use of a weakness in Firefox’s PDF viewer. The bug basically gets into your Windows computer and searches through your files looking for passwords from a host of popular FTP apps, as well as any text files with ‘pass’ or ‘access’ in the name. It will then, you suspect, send all that information to people who you really don’t want to be having that sort of information.
Even if you’re on a Mac and using Firefox, it’d be a good idea to do an update, as there’s no good reason why the baddies aren’t going after you too. So hurry up. Update your Firefox. Do it now!
How the Android fanboys laughed at the Apple fanboys, when there was a text message that could crash iPhones.
Well, the Apple crew can get their own back now, as there’s news of a text that can really stuff things up for Android devices. The rest of us, meanwhile, can wonder why people argue about which phone you should have. Seriously. Go for a walk or something.
Anyway, what’s this flaw? Well, seeing as most Android phones automatically download photos, and there’s a scam going around that enables hackers to take control of your phone via photo messages, and there’s 950 million Android users worldwide, we’ve got a problem.
The picture in question allows nasty sorts to get complete control of Android devices, accessing your camera and everything else. Thanks to Android phones automatically downloading photos in texts, you wouldn’t even need to open it to be vulnerable to the malware.
So what are Google doing about it?
They said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users.”
“As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at BlackHat.”
There you go then.
The National Trading Standards Scams Team (NTSST) have been cracking down on these ne’er-do-wells for the past three years, and have discovered lists of would-be victims who were being targeted because they’ve previously engaged with marketing mailings.
A lot of these people were vulnerable, so were likely to live alone or be elderly, according to the the NTSST.
These particular scams included fake prize draws and special deals, with the average victim losing out on £1,100, or more. So, keep an eye on nana next time you see her.
Lord Toby Harris, chair of NTSST, said: “To have saved consumers more than £5m in three years is a great achievement and shows the powerful effect the National Trading Standards Scams Team is having. However, we know our work is not done. Criminal scammers are targeting some of the most vulnerable people in society – ripping them off in many cases for thousands of pounds.”
“We are going to continue in our fight to protect consumers and we urge you to help us by reporting suspected cases of postal fraud to the Royal Mail.”
That’s right – the Royal Mail are in on this too. The NTSST have teamed-up with the postal service and have 2,000 staff trained-up, in a bid to spot bogus marketing and other scams. However, such is the volume of these scams, We The People need to help them out as well.
Louise Baxter, who leads the NTSST, added: “We really need the public to help us with this – by being vigilant about mass marketing scams themselves but also looking out for relatives or neighbours, particularly those who are elderly or vulnerable. We often find victims who have lost hundreds of thousands over several years; the impact on individuals and consumers is devastating.”
There’s a limit on how much you can spend via a contactless payment, but the watchdog found that, by buying some cheap contactless card-reading technology, they were able to remotely make off with key details from a contactless card, and then use the info to buy stuff, including a telly that was worth £3,000.
That is considerably more than the £20 limit (increasing to £30 in September).
Which!!! tested 10 cards, and they found that, via software from what they call ‘a mainstream website’, they could read the card number and expiry date from all 10 cards. Don’t worry – the cards came from volunteers.
They were not able to get the CVV security code from the back of the cards, but it turned out that this didn’t matter, as they were able to make purchases without the cardholder’s name or CVV code.
With their dodgy reader, a mere tap saw Which!!! getting enough details to enable a trip to the online shops, and thanks to online transactions not being subject to a limit, some scamster could go crazy with your card.
Peter Eisenegger, a security expert who helped develop EU standards for contactless cards, told Which!!! that it would be possible for crims to get a card reader that could lift your details from further away than the one in this test.
He said: “It’s vital to protect consumers from fraudsters who have the knowhow to develop mobile card readers with much greater reading distances than those used by retailers.”
Well, you might want to tell your boss (and if you are the boss, pull your finger out already) that Microsoft have not only stopped support for the operating system, but they’ll also stop their free anti-virus software. So basically, you will be using a computer that is just asking for trouble and malfunctions.
On Microsoft’s sites, they say that the Malicious Software Removal Tool and updates to Microsoft Security Essentials will stop being a thing after 14th July 2015. Yes. That’s a date that is now gone.
If you don’t know, the Malicious Software Removal Tool checks your computer for infections by prevalent malicious software. Normally, it is updated once a month, but as of yesterday, any threats can now waltz their way inside your XP computer and cause bother.
And you can guarantee that cyber-crooks will be looking to exploit those who are lazy and have thought ‘it’ll be fine’. That’s what they do. They’re good at it too.
Naturally, if you’re running a computer that has XP on it, then it is invariably a bit on the old side. That means it is worth considering buying a new one. You could buy a cheap Windows 8 PC and just wait for the Windows 10 free release, which will be happening very soon. Or, if you’re a Linux nut, you could eye that up.
Failing that, you can just try and style it out and hope for the best, but don’t go crying to anyone when your PC dies with loads of infections.
According to the Information Commissioner’s Office (ICO), there’s been a rise in spam calls and texts, with more than 180,000 complaints made about these nuisances in the last year alone. That’s a 12% rise, compared with the year before.
The watchdog also said that they’d issued five fines relating to all this, totalling £386,000, alongside eight enforcement notices, with another 31 firms being “monitored”.
The said: “Most concerns related to accident claims, green energy deals, payday loans and lifestyle surveys. Live calls generate significantly more concerns than automated calls and spam texts.”
One of the reasons there’s been a spike, is that this year, the law was changed, to make it easier for companies to be fined for breaching rules regarding nuisance calls and texts. The ICO have also been doing a load of investigations where allegations of personal data being obtained or disclosed illegally. In one case, a Transport for London employee was prosecuted for illegally accessing Oyster card records.
Launching the report, the information commissioner, Christopher Graham, said: “We’ve seen real developments in the laws we regulate during that time, particularly over the past year. Just look at the EU court of justice ruling on Google search results, a case that could never have been envisaged when the data protection law was established.”
The executive director of Which!!!, Richard Lloyd, said that this was jst “tip of the iceberg”, adding: “This is why regulators, government and industry must work harder to cut off unwanted calls and texts that annoy millions of us every day. The ICO must use its new powers to full effect and hit hard any company breaking cold-calling rules. We also want to see senior executives personally held to account if their company makes unlawful calls.”
“Our community assigns an item a value that is at least partially determined by that item’s scarcity. If more copies of the item are added to the economy through inventory rollbacks, the value of every other instance of that item would be reduced,” say Steam’s policy.
“We sympathize with people who fall victim to scams, but we provide enough information on our website and within our trading system to help users make good trading decisions.”
Valve concludes that “all trade scams can be avoided”.
So basically, they’re saying ‘it really is your own stupid fault if you get scammed, soz like’. Seems a bit odd to put the onus on the user, but there you go.
If you’re going to trade, then you might want to do some reading up on scams first, so you don’t get burned, because they’re not going to help you out one bit
The keyboard comes installed in advance of 600 million of Samsung’s mobile devices, and apparently, it can be very easily hacked, which in turn, can give away a lot of your vital information.
This is according to Ryan Welton, who is a researcher with cyber-security firm NowSecure. He reckons that the flaw could allow hackers to see what you’re up to and can access your GPS, camera and microphone, as well as enabling them to secretly install malicious applications.
NowSecure say they told Samsung about this back in November, but no-one has done anything about it, so they’ve gone public.
In a statement by SwiftKey a while ago, they said, “the way this technology was integrated on Samsung devices introduced the security vulnerability.” However, they soon deleted that. The Guardian ran a quote from Joe Braid, chief marketing officer of SwiftKey, saying, “Unfortunately, we were only made aware of the issue on Tuesday. We are working as hard as possible to support Samsung and help it fix the issue.”
Samsung have since said that they “take emerging security threats very seriously… and [is] committed to providing the latest in mobile security.”
If you’re worried about this, there’s a host of other keyboards you can download from the Google Play store or, if you want to bolster your device’s security, here’s the Bitterwallet guide to the best security and anti-virus programs you can download.
Careful on your phone, now! Why? Criminals are sending people text messages that look like they’re from your bank – but they’re not! And of course, they’re after you juicy bank details so they can steal your pennies.
So what’s the skinny? Well, the texts claim that there has been fraudulent activity in your account or, in a more sly move, that your account details need to be updated. A phone number and website are provided, saying that the matter is very urgent.
Of course, the number and website is controlled by scammers, and Financial Fraud Action UK, have warned that this type of hoodwinkery is on the rise, with a spike in the last couple of weeks.
To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
Katy Worobec, director of Financial Fraud Action UK, said: “These text messages can look very authentic, so it’s important to be alert. Always be wary if you receive a message out of the blue asking you for any personal or financial details. If you’re ever at all suspicious, call your bank on a number that you know. Remember, fraudsters are after your security details – don’t reveal anything unless you are absolutely sure who you are dealing with.”
Of course, what normally happens when there’s fraud, is that your bank will ring you up and tell you what’s going on. There, you’ll go through security and other means to put your mind at ease. If your bank texts you, ever, it is usually to sell you something, so be aware. However, some fraudsters will send a text to say you’ll be receiving a call from your bank’s fraud department, which makes the whole thing more complicated.
Things to look out for
If you get a text, asking you for your personal details and sensitive information, chances are, it is a scam. A bank will never ask for your full password.
If you’re asked to call the number given in the text message, it’d be worth entering the number online, as it is likely to come up as a scam number. If you’re unsure, get a number you trust, like one included on your statement or one from your bank’s official website.
Your bank will never ask you to update your personal details via a link in a text, or tell you how to respond to a text message to confirm a transaction. They will also never ask you to transfer money into another account, ever. So if you get a whiff of anything that sounds dodgy, don’t do it.
The watchdog sent an illegal Vauxhall Astra with broken and missing light bulbs, irregular tyre pressures, oil leaks and faulty windscreen wipers to the centre in Filton, Bristol. The car was supposed to get a major service, which should’ve cost £235.
Investigators soon found that something was amiss, and told North Avon Magistrates’ Court: “It became obvious that not all the checks were done. Things were ticked as having been done that had not been and the consumer was not made aware (of the defects).”
“This is a national company. A consumer puts a lot of trust and faith in a national firm to do a proper job to ensure a car service is conducted thoroughly and professionally and in these circumstances it was not.”
This won’t allay some of the fears that many drivers have, that they’re being ripped off when it comes to getting their cars fixed or given the once over. This uncover sting came about after the number of complaints about the car industry in the area, were rather high.
Halfords pleaded guilty to eight counts of breaching consumer protection laws and the mechanic who carried out the service, has since resigned. Magistrates fined the company £32,000, ordered them to pay £14,862.04 costs and a £120 victim surcharge.