Cyber Security Informer

Beware of Aarogya Setu Contact Tracing App clones

SecureBlitz

APRIL 22, 2024

Aarogya Setu app, India’s contact tracing app for Covid-19, has become the latest government-backed app to be threatened by cybercriminals who have developed clones to steal data from users.

Government

Government Malware Cybersecurity

Critical Vulnerabilities Found in Phoenix Contact Charging Controllers

Penetration Testing

MARCH 14, 2024

Industrial automation leader Phoenix Contact has issued an urgent security alert regarding multiple critical vulnerabilities discovered within the firmware of their CHARX SEC charge controllers.

Penetration Testing

Penetration Testing Firmware

Me on COVID-19 Contact Tracing Apps

Schneier on Security

MAY 1, 2020

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. The false positive rate is the percentage of contacts that don't result in transmissions.

Media

Media Internet Internet Government

Fake Contact Tracing Apps Spreading Malware, Ransomware

Adam Levin

JUNE 26, 2020

Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort.

Malware

Malware Ransomware Mobile Scams

Contact Tracing COVID-19 Infections via Smartphone Apps

Schneier on Security

APRIL 13, 2020

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you've been in contact with.

Facebook Acknowledges “Unintentional” Harvesting of Email Contacts

Adam Levin

APRIL 18, 2019

Facebook announced that it “unintentionally” harvested the email contacts of 1.5 Upon submitting a form to “confirm” their accounts, registrants saw a screen showing that their email contact lists were harvested without any means of providing consent, opting out, or interrupting the process. million of its users without their consent.

Passwords

Passwords Accountability Media Identity Theft

Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware

Tech Republic Security

MARCH 14, 2022

The post Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware appeared first on TechRepublic. A new social engineering method is spreading this malware, and it’s very easy to fall for. Here’s what it’s doing and how to avoid it.

Malware

Malware Social Engineering Cybersecurity Engineering

Designing Contact-Tracing Apps

Schneier on Security

SEPTEMBER 13, 2021

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.

How to Contact IdentityIQ Customer Service

Identity IQ

NOVEMBER 20, 2023

How to Contact IdentityIQ Customer Service IdentityIQ In our digitally connected world, the security of your personal information and credit has never been more critical. Here’s how to contact IdentityIQ customer service team, what to expect from them, and a list of some of the ways our expert team maximizes your IdentityIQ experience.

Identity Theft

Identity Theft Accountability Insurance Education

Law Enforcement Eyeing Contact Tracing Apps

Security Boulevard

FEBRUARY 10, 2021

Some might say it was inevitable that, once law enforcement and intelligence agencies realized the power of COVID-19 contact tracing applications to confirm proximity between persons, privacy would become a secondary issue. The post Law Enforcement Eyeing Contact Tracing Apps appeared first on Security Boulevard. They would be right.

Data collection

Data collection Data privacy Risk Government

5 million WordPress sites potentially impacted by a Contact Form 7 flaw

Security Affairs

DECEMBER 17, 2020

The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability. “Contact Form 7 5.3.2 has been released.

Hacking

Hacking Information Security Malware

iPhone Hack Allows Access to Contacts, Photos

Adam Levin

OCTOBER 3, 2018

Apple’s iOS 12 update includes a workaround that can allow a hacker to access a device’s photos and contacts without having the passcode to unlock it. The post iPhone Hack Allows Access to Contacts, Photos appeared first on Adam Levin. See the original video detailing the hack here.

Hacking

Hacking Government

Signal fixes bug that sent random images to wrong contacts

Bleeping Computer

JULY 26, 2021

Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out. [.].

BazarBackdoor Malware Distributed via Corporate Website Contact Forms

Heimadal Security

MARCH 11, 2022

Threat actors are employing a new technique and leveraging website contact forms instead of common phishing emails to deliver BazarBackdoor. The post BazarBackdoor Malware Distributed via Corporate Website Contact Forms appeared first on Heimdal Security Blog. This helps them bypass security software detection. What Is BazarBackdoor?

Malware

Malware Phishing Software Cybersecurity

Attackers use website contact forms to spread BazarLoader malware

Security Affairs

MARCH 12, 2022

Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms. 200 using port 443.” ” continues the analysis. .

Malware

Malware Phishing Ransomware Banking

Ransomware gang threatens to leak data if victim contacts FBI, police

Bleeping Computer

SEPTEMBER 7, 2021

The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. [.].

Ransomware

Threat actors contacted for compensation against cryptocurrency heist

CyberSecurity Insiders

DECEMBER 7, 2021

BadgerDAO officials who contacted the US and Canada law enforcement agencies along with security firms Mandiant and Chainalysis have concluded of compensating the threat actor with some funds in exchange for the stolen digital currency in million.

Cryptocurrency

Cryptocurrency Cyber Attacks Accountability Cybersecurity

Attackers deliver legal threats, IcedID malware via contact forms

Bleeping Computer

APRIL 9, 2021

Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware. [.].

Malware

Malware Phishing

Corporate website contact forms used to spread BazarBackdoor malware

Bleeping Computer

MARCH 10, 2022

The stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software. [.].

Malware

Malware Phishing Software

Crooks abuse website contact forms to deliver IcedID malware

Security Affairs

APRIL 10, 2021

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. ” reads the analysis published by Microsoft. Pierluigi Paganini.

Malware

Malware Banking Marketing Authentication

BSidesRDU 2021 – Ell Marquez’ ‘First Contact With Container Security’

Security Boulevard

FEBRUARY 13, 2022

The post BSidesRDU 2021 – Ell Marquez’ ‘First Contact With Container Security’ appeared first on Security Boulevard. Many thanks to BSidesRDU for publishing their outstanding videos from the BSidesRDU 2021 Conference on the organization’s YouTube channel.

Education

Education InfoSec Information Security Cybersecurity

Contact Form 7 Flaw (CVE-2023-6449): Patch Now to Prevent Website Exploitation

Penetration Testing

DECEMBER 1, 2023

Contact Form 7, a popular WordPress plugin with over 5 million installations, has been found to harbor a vulnerability (CVE-2023-6449, CVSS score of 6.6)

Penetration Testing

How contact forms can be exploited to conduct large scale phishing activity?

Security Boulevard

FEBRUARY 8, 2022

A contact form for customer inquiries is one of the most common features present on the websites of most companies. The post How contact forms can be exploited to conduct large scale phishing activity? The post How contact forms can be exploited to conduct large scale phishing activity? WordPress’ plugins are available that […].

Phishing

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280 , in the call-center software Unified Contact Center Express. Cisco released a set of security patches , including one for a critical flaw in its call-center software Unified Contact Center Express, tracked as CVE-2020-3280.

System Administration

System Administration Advertising Software Hacking

Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses

Security Boulevard

JULY 17, 2022

The post Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses appeared first on The Shared Security Show. The post Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses appeared first on Security Boulevard.

Data breaches

Data breaches Risk Data privacy Technology

5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack

Threatpost

DECEMBER 17, 2020

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.

Apple and Google to prevent contact tracing apps from tracking your location

Tech Republic Security

MAY 6, 2020

The built-in technology would ban the use of GPS location data to monitor contact with people who test positive for COVID-19.

Technology

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Threatpost

NOVEMBER 19, 2020

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.

Data privacy

Adventures in Contacting the Russian FSB

Security Boulevard

JUNE 7, 2021

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. The reason I contacted the FSB -- one of the successor agencies to the Russian KGB -- ironically enough had to do with security concerns raised about the FSB's own preferred method of being contacted.

Antivirus

Antivirus VPN Encryption Malware

Hackers Using Website's Contact Forms to Deliver IcedID Malware

The Hacker News

APRIL 13, 2021

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.

Malware

Singapore?s Contact Tracing Wearable Causes Privacy Backlash

Threatpost

JUNE 8, 2020

Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development.

Data privacy

Data privacy Mobile

How to Spot a Fake Contact Tracing Message

SecureWorld News

MAY 21, 2020

Praised by public health officials, contact tracing is rolling out as areas reopen. The FTC warns that a contract tracing smishing scheme is ramping up at the same time contact tracing is expanding. This format is particularly useful to contact tracing scammers, as text messages are a component to legitimate contact tracing.

Wireless

Wireless Scams Phishing Banking

COVID-19 contact tracing: The tricky balance between privacy and relief efforts

Tech Republic Security

APRIL 21, 2020

As more governments consider the use of contact tracing apps to prevent the spread of coronavirus, researchers say privacy will have to be at the forefront of efforts in order for civilians to use it.

Government

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Security Affairs

APRIL 3, 2020

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. The plugin was installed on more than 100k WordPress sites using the Contact Form 7 Datepicker plugin. ” reported the analysis published by WordFence.

Hacking

Hacking Advertising Authentication Accountability

Most Contact-Tracing Apps Fail Basic Security

Dark Reading

JUNE 18, 2020

A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.

Microsoft data breach exposes customers’ contact info, emails

Bleeping Computer

OCTOBER 19, 2022

Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. [.].

Data breaches

Data breaches Internet Internet

Hangzhou could permanently adopt COVID-19 contact-tracing app

Security Affairs

MAY 26, 2020

The City of Hangzhou is planning to make a contact tracing system developed to fight the COVID-19 pandemic permanent for its citizens. The contact tracing app was developed by Tencent and Alibaba and is mandatory, it implements a “triage” system based on the travel history of the citizen. Pierluigi Paganini.

Advertising

Advertising Surveillance Firewall Government

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Security Affairs

SEPTEMBER 7, 2021

The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies. The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies. Pierluigi Paganini.

Ransomware

Ransomware VPN Authentication Passwords

How to Backup Outlook Contacts?

Spinone

APRIL 11, 2020

If you back up your contacts, you can always restore them in case of an emergency. Let’s take a look at two ways to backup Outlook Contacts : exporting a PST file and using backup software. Method 1: Exporting a PST File You can create a backup of your Microsoft Outlook Contacts using native Office 365 functionality.

Backups

Backups Software Accountability Ransomware

USENIX Security ’23 – Mingli Wu, Tsz Hon Yuen ‘Efficient Unbalanced Private Set Intersection Cardinality And User-Friendly Privacy-Preserving Contact Tracing’

Security Boulevard

DECEMBER 30, 2023

Permalink The post USENIX Security ’23 – Mingli Wu, Tsz Hon Yuen ‘Efficient Unbalanced Private Set Intersection Cardinality And User-Friendly Privacy-Preserving Contact Tracing’ appeared first on Security Boulevard. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Architecture

Architecture Education Information Security Cybersecurity

Secure Contact Tracing Needs More Transparent Development

Dark Reading

MAY 12, 2020

Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.

SiteLock

AUGUST 27, 2021

With no contacts established or the functionality is disabled, the plugin should not have the ability to send an email, however, with this particular vulnerability it can still send spam emails. that is being run and then send spam emails, even when no contacts are defined on the website. Com_contact is activated by default in Joomla!

Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom

Security Affairs

MARCH 27, 2021

” Clop ransomware operators invited the victim’s customer to contact the victim and ask it protect their privacy by paying the ransomware. The post Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware DDOS Banking Hacking

USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’

Security Boulevard

JANUARY 7, 2024

Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’ appeared first on Security Boulevard. Permalink The post USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M.

Architecture

Architecture Education Information Security Network Security

Beware of Aarogya Setu Contact Tracing App clones

Critical Vulnerabilities Found in Phoenix Contact Charging Controllers

Trending Sources

Me on COVID-19 Contact Tracing Apps

Fake Contact Tracing Apps Spreading Malware, Ransomware

Contact Tracing COVID-19 Infections via Smartphone Apps

Facebook Acknowledges “Unintentional” Harvesting of Email Contacts

Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware

Designing Contact-Tracing Apps

How to Contact IdentityIQ Customer Service

Law Enforcement Eyeing Contact Tracing Apps

5 million WordPress sites potentially impacted by a Contact Form 7 flaw

iPhone Hack Allows Access to Contacts, Photos

Signal fixes bug that sent random images to wrong contacts

BazarBackdoor Malware Distributed via Corporate Website Contact Forms

Attackers use website contact forms to spread BazarLoader malware

Ransomware gang threatens to leak data if victim contacts FBI, police

Threat actors contacted for compensation against cryptocurrency heist

Attackers deliver legal threats, IcedID malware via contact forms

Corporate website contact forms used to spread BazarBackdoor malware

Crooks abuse website contact forms to deliver IcedID malware

BSidesRDU 2021 – Ell Marquez’ ‘First Contact With Container Security’

Contact Form 7 Flaw (CVE-2023-6449): Patch Now to Prevent Website Exploitation

How contact forms can be exploited to conduct large scale phishing activity?

Cisco fixed a critical issue in the Unified Contact Center Express

Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses

5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack

Apple and Google to prevent contact tracing apps from tracking your location

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Adventures in Contacting the Russian FSB

Hackers Using Website's Contact Forms to Deliver IcedID Malware

Singapore?s Contact Tracing Wearable Causes Privacy Backlash

How to Spot a Fake Contact Tracing Message

COVID-19 contact tracing: The tricky balance between privacy and relief efforts

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Most Contact-Tracing Apps Fail Basic Security

Microsoft data breach exposes customers’ contact info, emails

Hangzhou could permanently adopt COVID-19 contact-tracing app

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

How to Backup Outlook Contacts?

USENIX Security ’23 – Mingli Wu, Tsz Hon Yuen ‘Efficient Unbalanced Private Set Intersection Cardinality And User-Friendly Privacy-Preserving Contact Tracing’

Secure Contact Tracing Needs More Transparent Development

SiteLock© INFINITY™ Patches the Joomla! Contact Form Vulnerability

Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom

USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’

Stay Connected