Security researchers have found that the TikTok iPhone app is spying on its users by secretly reading the clipboard. The vulnerability, resulting from the fact that iOS and iPadOS apps have unrestricted access to the system-wide general pasteboard, means that a user's precise location may be made available to an app if they simply copy and paste a photo.
Earlier this year, the same researchers found that TikTok was found to be copying clipboard data on Android devices, which the developers Bytedance blamed on the use of an outdated Google advertising SDK and promised to change. The fact that the popular Chinese social media app is doing the same on Apple devices casts doubt on that claim.
More Info at Computing.co.uk
A mysterious hacker group has been taking over ad servers for the past nine months to insert malicious ads that redirect users to malware download sites. Hackers have targeted advertising networks running old versions of the Revive open-source ad servers and silently append malicious code to existing ads. Once the tainted ads load on legitimate sites, the malicious code hijacks and redirects site visitors to websites offering malicious files, usually disguised as Adobe Flash Player updates.
Researchers say the hackers have managed to load its malicious ads on thousands of sites and they spike of up to 1.25 million affected ad impressions in a single day. Allegedly the attacks are still going on as not all advertising companies that have been breached have acted on warnings.
Learn More at ZD Net:
IMPORTANT INFORMATION: Tips on how to avoid Coronavirus (COVID-19) inspired scamming campaigns
We have become aware of a number of Coronavirus (COVID-19) related scams designed to lure account holders into revealing sensitive banking or personal information; or to encourage the download of malicious software that gives fraudsters access to home or office computers.
What to look out for
In light of this we are asking you to be extra vigilant and especially careful when receiving any COVID-19 related communication, particularly email or text messages (SMS) that claims to be from, or have links with organisations such as:
Please note: This list is not extensive, there may be many more variants like above..
What to do if you receive a COVID-19 email you think is suspicious
If you can, you should check who sent it to you as it may be a legitimate communication from a government agency or from someone you do business with. However, we would ask that you ensure you DO NOT do any of the following:
If you do receive an email that you think is suspicious, you should delete it immediately.
While the world grapples with the coronavirus pandemic, hackers are reportedly using infection-related emails as a hook for a new phishing campaign. A coronavirus-themed attack is looking to steal personal information from victims, including cryptocurrency wallets, web browser details for login credentials, IP addresses and more.
Discovered by BleepingComputer, the new scam email is designed to appear like it has been sent from a nearby hospital, and informs users that they’ve come in contact with a COVID-19 infected person and asks the user to print out an attached file. Once its downloaded the embedded macros in the file start to download, install a malware.