fbscam

The bigger and popular sites with the huge number of visitors are like hackers’ wonderland for posting scams. Especially the users on social media websites are prone to such scams that further convert to dangerous cyber attacks. Facebook has about 1.4 billion users making it potentially the most active social media site for the hackers.

These are some of the common Facebook scams that you might fall for if you haven’t already:

5) Viral Videos/ Scandals

The word “Viral” itself has become viral which makes you yearn and see the content inside. It could be anything ranging from cute puppy videos to horrendous torture videos by terrorists. More popular in these viral videos are salacious celebrity scandals which generally contain no video at all- but a link to another phishing website or require to install an update or a plugin. Once you do that, the virus is automatically installed in your system. And you know what happens next..

You will never get adult videos on any social media website, so if you happen to scroll through one on your home page, then it is definitely a Facebook scam.

4) Free Giveaways/Survey Scams

Nothing is free in this world my friend. Especially free travel tickets, and definitely not iPhones, iPads or Mac. The social media are full of such spam offers that sound too good to be true, and coaxes you as if you are the world’s luckiest person.

There are also survey scams that trick you into giving your personal information in exchange of gift vouchers or free trips. Do not fall for these Facebook scams and never forward them to your contacts either, else you would end up spamming your friends too.

3) Facebook Customization

If any link on your home page claims to change the layout, color or give you a special “Dislike Button” give any special functionality, then it is probably another Facebook scam. You can’t just change the official interface of the world’s biggest social media website by clicking a few phishing links.

These scams will either ask you to install their specific Facebook app or ask to fill a desirability form of what changes you want. Once in, they will get full access to your data or through phishing forms spread malware into your system.

If Facebook would some day want to give you customization features, then they make a grand announcement, not any hidden link. So, be alert and avoid yourself from such Facebook scams.

2) Celebrity Friend Requests/Charity

This might not happen as frequently as others but when someone falls for this Facebook scam, it hits him/her very hard. You come by a friend request of a celebrity or from so-called official  page. Then they will ask you to donate some money for the poor or the disaster struck people.

Either they will ask your credentials or directly tell you to donate through online payment services. Never trust such messages to stay safe on Facebook.

1) Who Viewed My Profile?

This is the biggest and most pervasive Facebook scam ever. Facebook has made it pretty clear that there is no way any app can tell who has visited your profile and how many times. Any link or app that claims to do so is a scam.

In these scams, you will have to give in your information and accept their terms and conditions. This scam play with the emotions of the users as most of us want to know if their secret crush or an ex-partner visits them online.

The application does tell who viewed your profile based on an algorithm, but till then you are already been infected by the app and under attack.

So, avoid all these malicious and fraudulent apps and links to be safe on the social media. With this, we end the list of biggest Facebook scams.

We will let you know if come by any more of such scams. You can also tell us, and our fossBytes community, if you happen to know some other scams.

android-wear-lollipop-watchface-variety-970-80Do you own a Smartwatch? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch.
Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks.
In a study, HP’s Fortify tested today’s top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns.
The most shocking part of the study was that –
 

Not even a Single Smartwatch Found to be 100 percent Safe

Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers.
With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers’ security because these wearable devices could potentially open doors to new threats to personal and sensitive information.

“As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks,” Jason Schmitt, general manager at HP’s Security Fortify said in a statement.

The study [PDF], no doubt, had included Smart watches by Apple, Pebble, Samsung and Sony, as it claims to have picked top 10 smartwatches.

Here’s the list of issues reported by HP:

1. Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or still using SSL v2.
2. Insecure Interfaces – Three out of ten smartwatches used cloud-based web interfaces and all of them were vulnerable to account harvesting. This allowed unlimited login attempts, helping hackers guess passwords.
3. Insufficient User Authentication/Authorization – Three out of ten smartwatches completely failed to offer Two-Factor authentication, or the ability to lock accounts after 3 to 5 failed password attempts.
4. Insecure Software/Firmware – 7 out of 10 smartwatches had issues with firmware updates. The wearable devices, including smartwatches, often did not receive encrypted firmware updates, but many updates were signed to help prevent malicious firmware updates from being installed. While a lack of encryption did not allow the files to be downloaded and analyzed.
5. Privacy Concerns – Smartwatches also demonstrate a risk to personal security as well as privacy. All the tested devices collected some form of personal information, including username, address, date of birth, gender, heart rate, weight and other health information.
The experts said it would not disclose the names of smartphone manufacturers whose watches they had tested, but they are working with vendors to “build security into their products before they put them out to market.”
Meanwhile, HP urges users to not connect their smartwatches to the sensitive access control functions like cars or homes unless strong authorization is offered.
Recommendations
HP has the following recommendations for those looking to use or produce smartwatch devices in a more secure manner:
Consumer
• Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc).
• Enable passcode functionality to prevent unauthorized access to your data, opening of doors, or payments on your behalf.
• Enable security functionality (e.g., passcodes, screen locks, two-factor and encryption).
• For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used.
• Do not approve any unknown pairing requests (to the watch itself).
Enterprise Technical Teams
• Ensure TLS implementations are configured and implemented properly.
• Protect user accounts and sensitive data by requiring strong passwords.
• Implement controls to prevent man-in-the-middle attacks.
• Build mobile applications (specific to each ecosystem) into the device – in addition to any vendor-provided or recommended apps.

Yet another Flash Zero-Day released last night, again this exploit is coming from the data hackers obtained from breaching ‘The Hacking Team’.Adobe-Logo-psd64589

Previous issue: CVE-2015-5119 that affected Adobe Flash Player versions 9.0 through version 18.0.0.194.

All the data obtained from this breach has been made available on a Mirror site: https://ht.transparencytoolkit.org and now WikeLeaks :https://wikileaks.org/hackingteam/emails/emailid/45977 has also uploaded this data and made it easier to investigate by allowing users to search for Keywords.

I would think there could also be more on the way!

New Zero-Day: CVE-2015-5122

Affected software versions

Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

Adobe Security Bulletin

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

WikiLeaks Reference – New Zero-Day

https://wikileaks.org/hackingteam/emails/emailid/45977

Link to the New POC

http://pastebin.com/QiMumzqx

Link to the Old POC

http://pastebin.com/CcJQRxhy

POC

Public POC when ran in the Browser the exploit opens the Calc.exe on Windows.

Picture compliments of @dummys1337

1435703982690410

It’s dubbed ProxyHam and it’s a ‘hardware proxy’ that will allow users to connect to a long distance public WiFi using unidentifiable low-frequency radio channels. It is comprised of a WiFi enabled Raspberry Pi along with three antennas. One antenna is used to connect to a public WiFi network at a public place such as a Starbucks or McDonalds. The other two antennas are setup between the WiFi hotpot and you and are used to transmit the WiFi signal at a 900MHz frequency. By relaying on a 900MHz radio connection, ProxyHam effectively connects to a far-away WiFi network with a range of around 1 and 2.5 Miles depending on interference.

Caudill will unveil ProxyHam at the Def Con hacker conference in Las Vegas next month. Caudill also said that and his colleagues are working on additional features like a self-destruction and hiding the ProxyHam in things like books.

The ProxyHam is going to be selling for around $200 (£130) and will eventually be able to drop to $150 (£95).

You can read more about the ProxyHam here: motherboard.vice.com

tv-300x2241

The ATM Industry Association (ATMIA) has declared its next major migration to a Windows ATM operating system would be to Windows 10, bypassing Windows 8. With the announcement, it is clear that ATMs running older versions of Windows will be upgraded to latest Windows 10 when the OS will be available.

Windows 10 for ATMs

The main reason advertised for adopting this migration path is increased security for protection against malware and other forms of cyber-attack offered by Windows 10 and cost-to-benefit analysis to establish a strong business case for migration strategy.

Some other benefits of migrating from Windows XP, Windows 7 or Windows CE to Windows 10 are – New Microsoft philosophy of one system for all – “a single Windows for everything”

  • Overcoming previous disadvantages of Windows 8Atm-windows-xp
  • Availability of periodic updates, like service packs, etc.

ATMIA CEO Mike Lee had the following to say on the planned migration process-

ATM deployers should start their 2020 migration without delay as ATM hardware purchased now will still be in use when support for Windows 7 OS ends in that year. This means terminals would need to be upgradeable and compatible with the next big operating system. It’s important to know which ATM configurations are going to be Windows 10 compatible.”

We expect there to be some parallel trajectories in future with a mainstream solution adopted by the majority of deployers, probably Windows 10 in our view, and alternative systems like Linux and Android”, he further added.

This means ATMIA will continue to explore and discuss alternative operating systems in its Next Generation ATM Architecture Committee.

The ATM Industry Association is a non-profit trade association serving all businesses and groups in the ATM industry. The association is made up of over 5,000 members in 65 countries and represents well over 1.5 million ATMs internationally.

tv - programer

Having a solid foundation in Computer Science is important to become a successful Software Engineer. This guide is a suggested path for university students to develop their technical skills academically and non-academically through self paced hands-on learning. You may use this guide to determine courses to take, but please make sure you are taking courses required for your major in order to graduate. The online resources provided in this guide are not meant to replace courses available at your university. However, they may help supplement your learnings or provide an introduction to a topic.

Recommendations for Academic Learnings

Caintech.co.uk

 

 

In today’s society, every citizen is monitored, tracked, and profiled by their government and affiliated agencies; the American National Security Agency (NSA) and the Great Britain Government Communications Headquarters (GCHQ) are two commonly discussed examples. This page is to provide a resource for learning more about staying secure online.

Basic Security Tips:

  • When discussing potentially sensitive or anti-government issues, make sure to use a fake, online alias.
  • Never reveal your real name when associating with your online alias.
  • Always use a virtual private network.
  • Pay for things associated with your online alias, with a prepaid card. Pay for the prepaid card in cash if possible.

Virtual Private Networks

A virtual private network, also known as a VPN, is a service used to add a layer of security and privacy to networks. VPNs are often used by businesses and corporations to protect sesitive data. Although, using a VPN is becoming increasingly more popular for the average person.

Privacy and security is increased, because when active, the VPN will “replace” the users IP address with one from the VPN provider. It will also “change” your domain name system address, also known as DNS address, which will not allow your internet service provider to view what websites you are visiting. In addition to these privacy and security increases, it encrpyts your internet traffic. Most VPN providers offer at least 128-bit AES encryption, which according to documents leaked by Edward Snowden, has not been broken by the NSA yet. Some also offter 256-bit AES encryption, which is more secure.

Warnings

  • Free VPN providers are likely selling their logs and/or compromising your security.
  • Do not tell anyone what provider you are using.
  • Be sure to read the Terms of Service and Privacy Policy before using a VPN service.
  • Do your own research. Don’t trust random sources.

VPN Providers

Below is a list of paid VPN providers. We do not support or endorse any of the providers listed below. We merely provide this list as a starting point into researching the provider that is right for you.

Private Internet Access

IPVanish

AirVPN

TigerVPN

Perfect Privacy

Hide.Me

TorGuard

View a larger list of VPN Providers here.

DNS Leaking

When utilizing an anonymity service, it is extremely important that all traffic coming from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, an adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as http://www.duckduckgo.com into numerical IP addresses such as 111.222.333.444, which are required to route packets of data on the internet. Whenever your computer needs to contact a server on the internet, such as when you enter a domain name into your browser, your computer reaches out to a DNS server and requests the IP address associated with that domain name. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your internet activities.

Under certain conditions, although connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity service. DNS leaks are a huge privacy threat since the anonymity service may be providing a false sense of security while data is leaking.

Be sure to check if you are leaking any data by visiting one of the websites below.

DNS Leak Test
IP Leak

Search Engine Tracking

The sad truth is that no matter where we go, big corporations and governments attempt to track, profile, and control us. Even our own “beloved” Google search engine is used to track everything we search for. Everytime you use a regular search engine, your search data is recorded. Major search engines capture your IP address and use tracking cookies to make a record of your searches, the time, and the links you choose – then they store that information in a huge database.

Investigation of those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political believes medical conditions, financial status, and more. This database is a modern-day gold mine for government officials, hackers, and marketers. To stop storing your future searches in this database, it is recommended that you use alternative search engines.

Alternative Search Engines

There are many search engine alternatives to Google, Yahoo, Bing, and Yandex that are dedicated to the privacy of their users. The list below is a small list of the alternative search engines available.

DuckDuckGo

StartPage

Disconnect Search

IXQuick