Categories: A week in security
The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (August 1 - August 7) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (August 1 - August 7)

By Waqas
Cellebrite is an Israel-based smartphone hacking (or cracking) firm that previously made headlines for unlocking iPhone devices for…
This is a post from HackRead.com Read the original post: Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

****Cellebrite is an Israel-based smartphone hacking (or cracking) firm that previously made headlines for unlocking iPhone devices for law enforcement and security agencies in the United States.****

An anonymous source has leaked around 4TB of proprietary data belonging to Israeli digital intelligence firm, **Cellebrite**. The affected products are the company’s flagship product, Cellebrite Mobilogy, and the Cellebrite Team Foundation server.

It is worth noting that as of now, the leaked data is only available to researchers and journalists by requesting Distributed Denial of Secrets (**DDoSecrets**), a non-profit whistleblower organization.

The trove of data comes in two parts including Cellebrite Mobilogy and Cellebrite Team Foundation Server.

**About Cellebrite**

Cellebrite provides digital data collection, analysis, and management services. Its services are quite similar to the infamous NSO Group behind Pegasus spyware. Cellebrite’s tools are used by companies, enterprises, and federal/state/local law enforcement authorities.

Cellebrite Universal Forensic Extraction Device is among the key products from Cellebrite used by law enforcement agencies, and it shared its code with the impacted product Cellebrite Mobilogy.

Team Foundation Server offers a platform for collaborative working and has now been replaced with Azure DevOps Server, which is used for sharing code, tracking work, and shipping software.

**Leaked Data Analysis**

Another attack targeted against backup files for the Cellebrite Team Foundation Server resulted in the leaking of 430 GB of data. Reportedly, around 3.6TB of data was compromised and leaked from Cellebrite Mobilogy. This product is used for device diagnostics, content backup, transfer, and restoration.

The source behind this data leak is not yet identified. And no cybercriminal or hacker group has claimed its responsibility. The hacking technique is also not disclosed as yet.

For your information, Cellebrite is the company that helped the FBI unlock San Bernardino shooter **Syed Rizwan Farook’s iPhone**.

Screengrab: DDoSecrets

*   **iPhone hacking tool Cellebrite is being sold on eBay**
*   **Signal CEO hacks Cellebrite cellphone hacking, cracking tool**
*   **US government gets its hand on a $15,000 iPhone cracking device**
*   **Cellebrite claims its new tool unlocks almost any iOS or Android device**
*   **Textalyzer Device Tells Police Everything Users Do on Their Smartphone**

**Previous Cyber Attacks on Cellebrite**

Cellebrite has previously been targeted in several cyberattacks. **In January 2017**, an anonymous attacker leaked 900GB of data stolen from the Israeli firm. The data contained information about the political scenario in different countries.

**In February 2017**, a hacker released the cache of sensitive data from the company regarding Cellebrite’s methods of hacking into Android, Apple, and Blackberry smartphones. Reportedly, a hacker successfully compromised Cellebrite’s security systems and stole sensitive data from its servers.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.

Companies that rely on texts for a second factor of authentication are putting about 20% of their customers at risk because the information necessary to attack the system is available in compromised databases for sale on the Dark Web.  

About 1 billion records synthesized from online databases — representing about one in every five mobile phone users in the world — contain users' names, email addresses, passwords, and phone numbers. This gives attackers everything they need to conduct SMS-based phishing attacks, also known as smishing, says Thomas Olofsson, CTO of cybersecurity firm FYEO. 

Cybersecurity experts have long known that the addition of an SMS one-time password is a weak form of two-factor authentication and the simplest form of two-factor authentication for attackers to compromise. However, combining such attacks with the readily available information on users produces a "perfect storm" for attacking accounts, he says.

At Black Hat USA, Olofsson plans to go over findings from research into the problem during a session on Wednesday, Aug. 10, called "Smishmash — Text-Based 2FA Spoofing Using OSINT, Phishing Techniques, and a Burner Phone."

"The research that we have done is two parts: How do you bypass 2FA, and how many phone numbers can we tie to an email address and a password," he tells Dark Reading. "So, for about one in five — a billion — people, we can connect your email address to your phone number, and that is really bad."

The analysis found that by collecting information from known databases of compromised usernames and passwords, researchers could create a database of 22 billion credentials. Linking those credentials to a phone number reduced the exposure to a bit more than 1 billion records, of which about half have been verified.

To make use of those records, attackers can conduct an adversary-in-the-middle attack, where the smishing attack goes to a proxy. When a targeted user opens a link in a malicious SMS message on a mobile device, browsers on iOS and Android rarely show any security information, such as a the URL, since screen real estate is so small. Because of that, few — if any — signs of the attack are presented to the user, making the attacks much more effective, Olofsson says.

In addition, smishing attacks are seven times more likely to succeed than phishing attacks conducted through email, he says.

"It makes it extremely likely that someone will click on the link," Olofsson says. "I even look at our attacks, and I said, wow, I could fall for this."

Attackers have used smishing to compromise financial accounts — especially those linked to cryptocurrency exchanges — during the past two years, with more than $1.6 billion of crypto stolen so far in 2022, according to an analysis published in May. 

**SMS for 2FA: Risky Biz**

Meanwhile, the US federal government has already put additional restrictions on any use of SMS for a second factor of authentication. In 2016, the National Institute of Standards and Technology (NIST) warned against using one-time passwords sent as text messages for a second factor to authenticate users.

"An SMS sent from a mobile phone might seamlessly switch to an internet message delivered to, say, a Skype or Google Voice phone number. Users shouldn't have to know the difference when they hit send — that’s part of the Internet’s magic. But it does matter for security," NIST wrote in an explanation of the policy, adding: "While a password coupled with SMS has a much higher level of protection relative to passwords alone, it doesn't have the strength of device authentication mechanisms inherent in the other authenticators allowable" by NIST guidelines.  

To make it less likely that such attacks succeed, users should ignore any notifications that come through SMS and instead log directly into their account.

"Never trust an SMS message," Olofsson says. "If you feel something is wrong, don't click on it, don't trust it. Go on a computer, and see if you have an e-mail, because at least you can verify the headers then."

Unfortunately, many financial institutions and other companies make it hard for users to implement better security because they only offer SMS as an option for the second factor of authentication. Adding reCAPTCHA checks can give users a hint that something is wrong, Olofsson notes, because any adversary-in-the-middle attack will display the proxy server, not the user's IP address.

Stolen Data Gives Attackers Advantage Against Text-Based 2FA

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.

CVE-2022-36833

Flaw that opened the door to cookie modification and data theft resolved

Flaw that opened the door to cookie modification and data theft resolved

A bug in the Chromium project allowed attackers to bypass site isolation protection through iFrames and popup windows to carry out a host of malicious activities.

The security weakness opens the door to a number of exploits including stealing private information, reading and modifying cookies, and gaining access to microphone and camera feeds.

The vulnerability – which was recently patched – was caused by a code change made to a previous version of the browser.

**Site isolation bypass**

Site isolation is a security feature that puts every origin’s renderer in a different process to prevent different websites in a browser from accessing each other’s data. The technology also allows the browser to assign each renderer a specific origin, which it calls “process locks.”

Process locks are checked before allowing sensitive actions requested by the origin. If a renderer pretends to be another origin, the browser will notice the process lock does not match and block access.

“Both techniques combined prevent memory-compromised renderers or logic bugs such as my bug from being able to read, modify, or perform sensitive actions related to another origin,” Alesandro Ortiz, the security researcher who discovered the bug, told The Daily Swig.

“There are other checks that are also used to enforce site isolation, but they’re less robust than process locks. This bug bypasses these less-robust checks.”

Catch up with the latest browser-related security news

According to Ortiz’s findings, the vulnerability is triggered if an embedded iFrame opens a new window, such as a popup or a new tab, with a specially crafted URL that keeps the initial navigation entry for the new window. It can then access the data of the top window.

“The initial navigation entry is supposed to inherit the origin of the opener, but the bug causes the navigation entry to inherit the origin of the top-most page,” Ortiz said.

**A broad range of attacks**

“There are only a couple of ways to trigger the bug, but there is a broad range of ways to exploit it,” Ortiz explained. In essence, anything that has not been protected by process locks can be exploited through the vulnerability.

Ortiz details some of these exploits in his report.

For example, in e-commerce websites, chat applications, and social networks, an attacker would be able to read cookies, IndexedDB data, and CacheStorage data, any of which may contain sensitive data, including authentication info for account access. In cases where the website has been granted access to the device’s microphone or camera, the attacker will be able to silently record the victim’s conversations or visible activity.

A potential attacker will also be able to receive messages from the website using postMessage, WebSockets, BroadcastChannel, and SharedWorkers communication APIs, which may contain sensitive data, including authentication info.

iFrame sandboxing can mitigate the attack if “allow-scripts” and “allow-popups” are not present. In some cases, the attack requires “allow-same-origin” to be enabled.

“Unfortunately, ‘allow-scripts’ and ‘allow-same-origin’ are fairly common, and ‘allow-popups’ is also present in many cases,” Ortiz said.

This is not the first time that a site isolation bypass bug has been discovered. However, most of the recent site isolation bypasses affect a single feature or a small subset of features while the latest vulnerability is more wide ranging in its effects.

“This bug is unusual in that it spoofs several different values that are used by many important features to enforce site isolation, hence the much wider impact,” Ortiz said. “Typically spoofing only one of these values would trigger either process lock checks or other site isolation checks.”

**Going down the rabbit hole**

In 2020, Ortiz discovered CVE-2020-6506, a Universal Cross-Site Scripting (XSS) bug in Android WebView (part of Chrome). The proof of concept (PoC) for that bug involved calling window.open() with a javascript: URL.

The PoC used a JavaScript dialog as one way to demonstrate impact. That PoC and a tip from another researcher helped Ortiz find the new bug.

“On March 30th, 2022, a researcher sent me a Twitter DM about potentially unexpected behavior when trying CVE-2020-6506’s PoC in Chrome,” Ortiz said. “The initial details were vague and I often get outreach from researchers confused about expected vs observed behavior regarding this CVE, but I try to chase down every reasonable lead.”

After some exploration, Ortiz realized the JavaScript dialog was showing the incorrect origin, a telltale sign of a potential security lapse.

“At this point I realized there was likely an interesting security issue here, so I kept investigating,” Ortiz said.

Ortiz submitted the initial Chromium security report knowing only the JavaScript dialog impact since that in itself was already a vulnerability.

“I kept investigating and quickly identified there were further impacts. The full investigation took a while, but I realized this was a wider-impact bug within a couple of hours of submitting the initial report,” he said.

The full bug report is an interesting study of going back and forth between researcher and vendor, all the while finding new exploits along the way.

**Bad coding**

According to Ortiz’s findings and the discussion thread on Chromium’s bug tracker, a misunderstanding of the logic behind the functions for opening new windows in the browser introduced the site isolation bypass in one of the commits in Chromium version 98. This bug was in Chrome Canary for about four months and in the Stable release for around two months before it was discovered.

“There are always interesting bugs even in secure software like major browsers,” Ortiz said. “Even the best of programmers accidentally make mistakes. I would have probably made the same mistake given the same circumstances as the commit author.”

“Different changes over time plus lack of context is usually a recipe for bugs, sometimes with security implications. I can't speak on behalf of the Chromium team, but I personally don't think there was a single point of failure here,” Ortiz concluded.

Ortiz was awarded $20,000 in bug bounty by the Google Vulnerability Reward Program (VRP) panel, of which he gave $4,000 to a collaborating researcher.

YOU MAY ALSO LIKE Chromium browsers vulnerable to dangling markup injection

Chromium site isolation bypass allows wide range of attacks on browsers

By Deeba Ahmed
According to the latest research findings from VirusTotal, cybercriminals and threat actors are increasingly relying on mimicked versions…
This is a post from HackRead.com Read the original post: VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

According to the latest research findings from **VirusTotal**, cybercriminals and threat actors are increasingly relying on mimicked versions of genuine, common-use apps such as Adobe Reader, Skype, and VLC Player to successfully conduct social engineering attacks.

**Findings Details**

In their study of malware, researchers at Google’s VirusTotal revealed that cybercriminals deploy numerous approaches to abuse the trust users have in many reputable apps.

The most widespread tactic is **mimicking legit apps to deliver malware**. In this technique, the app’s icon is replicated to gain the victim’s trust and convince them to use the mimicked app. The purpose behind this malicious new strategy is to bypass security solutions such as IP or domain-based firewalls on devices and spread malware via trusted domains.

Another commonly used attack tactic is stealing authentic signing certificates from legit software vendors and using them for signing the malware. Reportedly, since 2021, over one million signed samples had been declared suspicious.

Around thirteen percent of the samples checked by Google’s team didn’t have a valid signature when uploaded on VirusTotal for the first time, and over ninety-nine percent of them were DLL or Windows Portable Executable files.

This happens because the process of examining the validity of a signed file can be abused by malware stated VirusTotal security engineer Vicente Diaz. This becomes concerning when attackers start stealing legit certificates and creating an **ideal supply chain attack scenario**.

The third technique is incorporating legit installers as a portable executable resource into malicious samples to execute the installer when malware is run.

1.  **Microsoft Office Most Exploited Software in Malware Attacks**
2.  **US and China Exposed Most Databases Among 380k Found in 2021**
3.  **Fake reviews & third-party apps cause 50% of threats against Android**
4.  **134 million downloads in 85 countries: A look at VPN usage in H1 2020**
5.  **Google, Microsoft and Oracle generated the most vulnerabilities in 2021**
6.  **Google Drive accounted for 50% of malicious Office document downloads**

**Over 2 Million Suspicious Files Downloaded from Top Domains**

According to VirusTotal’s **blog post**, ten percent of the **top 1,000 Alexa domains** had distributed suspicious samples, including the domains commonly used for distributing files, and over 2 million shady files were downloaded from these domains.

Despite the technique’s simplicity, Diaz explains, it can effectively avoid raising red flags for the victim. That’s why many channels are becoming popular as potent malware distribution vectors. This includes the distribution of **cracked software**.

**Most Abused Websites and Apps**

The top three mimicked apps include the following:

*   Adobe Acrobat
*   VLC media player
*   Skype VoIP platform

When they researchers examined the URLs using web icon similarity, WhatsApp, Instagram, Facebook, and iCloud were the four most abused sites.

> “Adobe Acrobat, Skype, and 7zip are very popular and have the highest infection ratio, which probably makes them the top three applications and icons to be aware of from a social engineering perspective.”
> 
> VirusTotal

Furthermore, VirusTotal discovered 1,816 samples since January 2020 masquerading legit software by hiding the malware in installers for popular software like Zoom, Google Chrome, Proton VPN, Brave, and Mozilla Firefox.

Other impersonated apps by icon were TeamViewer, 7-Zip, CCleaner, Steam, Microsoft Edge, Zoom, and WhatsApp. The abused domains included are discordappcom, squarespacecom, amazonawscom, mediafirecom, and qqcom. 

The reason why attackers are using these software and apps is unknown as yet but one reason could be their popularity, Diaz stated.

**More Malware News**

1.  **Malware families using Pay-Per-Install service to expand targets**
2.  **This malware hides behind free VPN, pirated security software keys**
3.  **Fake KPSPico Windows activator tool KPSPico steals crypto wallet data**
4.  **Malware droppers for hire targeting users on fake pirated software sites**
5.  **Researchers Warn of New Variants of ChromeLoader Browser in the Wild**

VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

We give you some tips as you gear up to return to school or college to ward off theft, and limit the impact should the worst happen.
The post How to protect yourself and your kids against device theft appeared first on Malwarebytes Labs.

Posted: August 3, 2022 by  
Last updated: July 21, 2022

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment.

Maybe you are away at university for the first time and have a new place to live, or maybe your kids have devices they take into school. Whatever the reason, if you lose a device or it gets stolen, the end result can be quite serious—from loss of sensitive data, wasted time and misplaced work, to blackmail or harassment if the data is unencrypted.

And it’s not just one piece of technology to worry about. Students are likely to own tablets, laptops, and mobile phones at the bare minimum. It’s tricky to juggle all the potential privacy and security pitfalls when dealing with so many pieces of technology…but it can be done!

**How to protect yourself against mobile device theft**

A phone is much easier to lose track of in school or on campus than a much larger device like a laptop. It’s also a great target for thieves for precisely the same reason. Depending on the model, your device likely contains a wealth of security options. Here’s what you can do in advance to take the sting out of a mobile theft.

*   **Lock your device**. Your lockscreen should serve as the barrier between you and your data. This is because it’ll also serve as the barrier between your device and other people. Protect it with a passcode, or biometrics (such as your thumbprint, your faceprint, or even a scan of your eye). Should someone steal your phone or simply pick it up off the ground after you drop it, they won’t be able to access your data.
*   **Encrypt your data**. If your device isn’t encrypted, the information on it is potentially at risk if the phone is stolen. Once encrypted, everything on the device is scrambled in a way which requires the correct PIN to access the secured data. Older versions of Android used something called Full-Disk encryption. Newer versions use File-based encryption. iPhones and iPads have encryption as standard when using Face or Touch ID, or a passcode. You can check by going to **Settings > Face ID/TouchID & Passcode**. If you scroll to the bottom you should see “Data Protection is enabled”
*   **Turn on Find my phone**. This option is hidden away in the security settings of most Androids, and you may need to dig around a little to find it. It does what it suggests, using a combination of several forms of technology to locate the missing device. On Apple products, it’s likely to be turned on by default, but you can check by navigating to the “Find My” app.

**How to protect yourself against laptop theft**

Laptops aren’t quite as easy to make disappear as a mobile device, but it does happen! Here are some of the ways you can prevent laptop theft while on campus or out and about between classes.

*   **Don’t neglect physical security**. Never leave your laptop bag unattended, even for a second. Going back to the counter for another coffee? Take it with you. Need to go to the bathroom? Pack your laptop away, and take it with you. Sitting at a table with your bag on the floor? Put one foot through the laptop bag’s strap, so if someone tries to snatch it they won’t be able to.
*   **Observe campus rules**. If the laptop you’re using is campus supplied, the device may be encrypted by default. There may well be security tools present to help fend off potential malware infections, but there may be nothing available to remedy loss or theft, such as location tracking. While it may be tempting to install a third-party tracking tool, your school or university will have policies with regard to what you can, or cannot, install. If in doubt, ask IT for assistance.
*   **Encrypt your device (again**). If you’re using a Windows operating system, you have a couple of options available. You could, for example, make use of BitLocker. If you’re running Windows Home, you may well have to consider using a third-party alternative because BitLocker isn’t available. On Macs, you can use FileVault to encrypt your device.
*   **Turn on Find your device**. This works in a similar fashion to trace tools for lost mobiles and should be set up when you first get your device. On Windows, navigate to **Start** > **Settings** > **Update & Security** > **Find my device**, and then select “**Change**” to finish configuring. On Mac, navigate to **System Preferences > AppleID > iCloud**. Select **Find My Mac** and click **Allow**.

****A tip for both mobiles and laptops****

No matter what you’re taking on campus, remember to backup your data. Device loss is bad enough, but losing everything on the device makes it even worse. Get into the routine of backing up data daily.

Your mobile may also have the option of cloud backups. Take care to check how the data is stored, if it’s encrypted, and if it eventually expires. There may well be a limited amount of space available, or it could eat into some of your data allowance.

There are more options on the desktop. You could use removable storage, additional hard drives, local desktop backups, and more. There are also various cloud-based options available like Dropbox and Google Drive, and it’s worth noting that many of these services will also work on mobile too.

**RELATED ARTICLES**

September 2, 2020 - With the pandemic in full swing, many US schools are empty, or rather, full of distance learners. How can parents make sure their kids stay secure in virtual instruction?

September 9, 2019 - A roundup of the latest cybersecurity news for the week of September 2 – 8, including TrickBot’s new trick, a social engineering toolkit, and how to keep remote workers safe.

August 14, 2017 - When you buy your child new devices, it's important to lay down some ground rules—especially when it comes to security. That's why we're providing you with a cybersecurity checklist you can use to prepare your children for the coming school year.

August 15, 2015 - Ahhhhh, back-to-school. The smell of freshly sharpened pencils. Blank notebooks and backpacks free of bottom-of-the-bag schmutz. New books with crackling spines. And, most importantly, your very own computer. Owning your own computer is a huge investment. It’ll hold all of your schoolwork, your photos, your browsing history. You don’t have to worry about clearing the...

**ABOUT THE AUTHOR**

Christopher Boyd  
Lead Malware Intelligence Analyst

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

How to protect yourself and your kids against device theft

Categories: Awareness
Tags: back to school

Tags: device

Tags: encryption

Tags: Mobile

Tags: school

Tags: theft

Tags: university

We give you some tips as you gear up to return to school or college to ward off theft, and limit the impact should the worst happen.



(Read more...)




The post How to protect yourself and your kids against device theft appeared first on Malwarebytes Labs.

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment.

Maybe you are away at university for the first time and have a new place to live, or maybe your kids have devices they take into school. Whatever the reason, if you lose a device or it gets stolen, the end result can be quite serious—from loss of sensitive data, wasted time and misplaced work, to blackmail or harassment if the data is unencrypted.

And it's not just one piece of technology to worry about. Students are likely to own tablets, laptops, and mobile phones at the bare minimum. It’s tricky to juggle all the potential privacy and security pitfalls when dealing with so many pieces of technology…but it can be done!

**How to protect yourself against mobile device theft**

A phone is much easier to lose track of in school or on campus than a much larger device like a laptop. It’s also a great target for thieves for precisely the same reason. Depending on the model, your device likely contains a wealth of security options. Here’s what you can do in advance to take the sting out of a mobile theft.

*   **Lock your device**. Your lockscreen should serve as the barrier between you and your data. This is because it’ll also serve as the barrier between your device and other people. Protect it with a passcode, or biometrics (such as your thumbprint, your faceprint, or even a scan of your eye). Should someone steal your phone or simply pick it up off the ground after you drop it, they won’t be able to access your data.
*   **Encrypt your data**. If your device isn’t encrypted, the information on it is potentially at risk if the phone is stolen. Once encrypted, everything on the device is scrambled in a way which requires the correct PIN to access the secured data. Older versions of Android used something called Full-Disk encryption. Newer versions use File-based encryption. iPhones and iPads have encryption as standard when using Face or Touch ID, or a passcode. You can check by going to **Settings > Face ID/TouchID & Passcode**. If you scroll to the bottom you should see "Data Protection is enabled"
*   **Turn on Find my phone**. This option is hidden away in the security settings of most Androids, and you may need to dig around a little to find it. It does what it suggests, using a combination of several forms of technology to locate the missing device. On Apple products, it's likely to be turned on by default, but you can check by navigating to the "Find My" app.

**How to protect yourself against laptop theft**

Laptops aren’t quite as easy to make disappear as a mobile device, but it does happen! Here are some of the ways you can prevent laptop theft while on campus or out and about between classes.

*   **Don’t neglect physical security**. Never leave your laptop bag unattended, even for a second. Going back to the counter for another coffee? Take it with you. Need to go to the bathroom? Pack your laptop away, and take it with you. Sitting at a table with your bag on the floor? Put one foot through the laptop bag’s strap, so if someone tries to snatch it they won’t be able to.
*   **Observe campus rules**. If the laptop you’re using is campus supplied, the device may be encrypted by default. There may well be security tools present to help fend off potential malware infections, but there may be nothing available to remedy loss or theft, such as location tracking. While it may be tempting to install a third-party tracking tool, your school or university will have policies with regard to what you can, or cannot, install. If in doubt, ask IT for assistance.
*   **Encrypt your device (again**). If you’re using a Windows operating system, you have a couple of options available. You could, for example, make use of BitLocker. If you’re running Windows Home, you may well have to consider using a third-party alternative because BitLocker isn’t available. On Macs, you can use FileVault to encrypt your device.
*   **Turn on Find your device**. This works in a similar fashion to trace tools for lost mobiles and should be set up when you first get your device. On Windows, navigate to **Start** > **Settings** > **Update & Security** > **Find my device**, and then select “**Change**” to finish configuring. On Mac, navigate to **System Preferences > AppleID > iCloud**. Select **Find My Mac** and click **Allow**.

****A tip for both mobiles and laptops****

No matter what you’re taking on campus, remember to backup your data. Device loss is bad enough, but losing everything on the device makes it even worse. Get into the routine of backing up data daily.

Your mobile may also have the option of cloud backups. Take care to check how the data is stored, if it’s encrypted, and if it eventually expires. There may well be a limited amount of space available, or it could eat into some of your data allowance.

There are more options on the desktop. You could use removable storage, additional hard drives, local desktop backups, and more. There are also various cloud-based options available like Dropbox and Google Drive, and it’s worth noting that many of these services will also work on mobile too.

By Waqas
The DDoS attacks also targeted the country’s largest airport, the Defence and Foreign Ministry. As US House Speaker…
This is a post from HackRead.com Read the original post: Taiwanese President and Top Govt Sites Hit by DDoS Attacks Amid Pelosi visit

****The DDoS attacks also targeted the country’s largest airport, the Defence and Foreign Ministry.****

As US House Speaker Nancy Pelosi began her visit to Taiwan, the island nation’s websites were hit with a series of **DDoS attacks** (Distributed Denial-of-Service attacks). While it is not yet clear who was behind the attacks, experts say that they could be the work of Chinese hackers.

Among the affected websites are the official website of the president of Taiwan Tsai Ing-wen, the website of the Foreign Affairs Ministry, the website of Taiwan Taoyuan International, the country’s largest airport, and the National Defense Ministry, etc.

According to the Presidential Palace spokesperson Chang Tun-Han **on Facebook**, the DDoS attack on the President’s website lasted for about 20 minutes. However, at the time of publishing this article, other than the website of the Ministry of National Defense, all known targeted sites were back online.

Taiwanese Presidential Palace spokesperson Chang Tun-Han on Facebook

For your information, **a DDoS attack** is a cyber-attack where multiple compromised devices, typically infected with a Trojan, are used to target a single system, service, or website. The aim of the attack is to saturate the target system or service with traffic, resulting in a denial of service for legitimate users.

John Hultquist, Vice President of Intelligence Analysis at Mandiant told Hackread.com that DDoS attacks on Taiwanese cyberinfrastructure come as no surprise. Hultquist anticipates that Chinese threat actors are also carrying out significant cyber espionage against targets in Taiwan and the U.S. to provide intelligence on the crisis.

> Chinese actors have responded with cyber attacks to political crises like the Belgrade embassy bombing and the Hainan island incident in the past, but compared to their peers, they have not heavily leveraged this capability. On rare occasions, Chinese state actors have been linked to DDoS capability, destructive attacks, and possible probing of critical infrastructure. Nonetheless, we believe China is capable of significant cyber attacks inside Taiwan and abroad.”
> 
> John Hultquist, Vice President of Intelligence Analysis at Mandiant.

This is not the first time that Taiwan has been targeted in a cyber attack; in fact, the island nation is often a target of Chinese hackers due to its strong relationship with the United States.

1.  China’s insidious surveillance against Uyghurs with Android malware
2.  Android malware HenBox hits Xiaomi devices & minority group in China
3.  Chinese Hackers Caught Spying on Taiwan Prior To Upcoming Elections
4.  Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Taiwanese President and Top Govt Sites Hit by DDoS Attacks Amid Pelosi visit

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

For the best web experience, please use IE11+, Chrome, Firefox, or Safari

*   Resources
*   Blogs
    
    *   IT Industry Insights
    *   Quest Solution Blogs
        *   Data Protection
        *   Data Management
        *   Microsoft Platform Management
        *   Performance Monitoring
        *   Unified Endpoint Management
        *   IT Ninja
        *   Toad World Blog
    
*   Forums
*   
*   *   United States (English)
    *   Brazil (Português)
    *   China (中文)
    *   France (Français)
    *   Germany (Deutsch)
    *   Japan (日本語)
    *   Mexico (Español)
    
*   
*   *   Account Settings
    

Products

**Products****By Product Category**

Solutions

**Solutions**

*   **Automate backup & disaster recovery**
    
    Restore business operations, data integrity and customer trust in minutes or hours instead of weeks or months
    
*   **Become data driven**
    
    Empower enterprise stakeholders to use data assets strategically for data operations, data protection and data governance
    
*   **Gain comprehensive data protection**
    
    Protect and recover all your systems, applications and data while reducing backup storage costs
    
*   **Improve your cybersecurity posture**
    
    Achieve identity-centric cybersecurity to protect the people, applications and data that are essential to business
    
*   **Migrate & consolidate Microsoft workloads**
    
    Conquer your next migration (now and in the future) by making it a non-event for end users
    
*   **Protect and secure your endpoints**
    
    Discover, manage and secure evolving hybrid workforce environments
    
*   **Strengthen hybrid AD & Microsoft 365 security**
    
    Detect, defend against and recover from cyber attacks and insider threats
    

About

*   Why Quest
*   Leadership
*   Customer Stories
*   News
*   Careers
*   Contact Us

Home / KACE Unified Endpoint Management

KACE® by Quest supports your unified endpoint management (UEM) strategy by helping you discover and track every device in your environment, automate administrative tasks, keep compliance requirements up-to-date and secure your network from a range of cyberthreats. With KACE, you can effectively address your endpoint management needs with individual products for specific tasks or as an integrated UEM solution.

**Key benefits**

**Discover**

Centralize systems management while gaining visibility and control through a single view of your assets

**Manage**

Efficiently manage your endpoint landscape and lifecycle while reducing complexity and automating tasks

**Secure**

Protect your endpoints while minimizing the risks of non-compliance with data protection and licensing requirements

**KACE Product Portfolio**

 02:41

**KACE Unified Endpoint Manager**

KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface. Discover, manage and secure all your endpoints from one console as you co-manage your traditional and modern endpoints, including Windows and Mac laptops, and iOS and Android mobile devices. 

**Key Features**

*   Scan to discover devices and remotely provision them
*   Access a detailed inventory of data on each traditional device
*   Define policies and administrative functions for a single device or group of devices
*   Autonomously track, deploy and maintain current versions of software and applications
*   Automate patch identification and deployment

 01:58

 01:54

 01:37

**KACE Cloud Mobile Device Manager**

Inventory, manage and secure the mobile devices in your environment with KACE Cloud Mobile Device Manager. Get a simple, straightforward, cloud-based solution for mobile device management. Enjoy single-pane-of-glass management for both mobile and traditional devices when combined with the KACE Systems Management Appliance.

**Key Features**

*   Powerful device control
*   BYOD and company-owned device support
*   Android and iOS Support

 02:01

**KACE Desktop Authority**

Use KACE Desktop Authority to eliminate the hassle of deploying and securing network-connected devices by customizing them at first login. Easily configure firewall and browser security settings for physical, virtual and published Windows environments. Ensure that applications are maintained and access to network resources is always available.

**Key Features**

*   Flexible criteria-based settings and configurations
*   Windows environment management
*   Remote user support
*   Device security

 02:00

**KACE Privilege Manager**

Maintain a least-privileged, GDPR-compliant environment with KACE Privilege Manager. Quickly elevate and manage your organization’s end users and administrative rights. Give users an easier and more affordable way to maintain security using self-service capabilities in a locked-down PC environment.

**Key Features**

*   Elevation on-demand
*   Criteria-based assignment of access rights
*   Digital certification verification
*   Application blacklisting

 01:26

**RemoteScan**

Simplify your document scanning workflow and make sure that images are securely stored on the server and not at the endpoint with RemoteScan. Support remote desktop scanning for terminal server and cloud environments while easily meeting compliance requirements by using secure virtual channels to transmit scanned images at fast scanning speeds, even over complex networks.

**Key Features**

*   Supports TWAIN scanning software applications
*   Connects scanners in remote desktop environments
*   Complies with enterprise requirements
*   Supports TWAIN, WIA and ScanSnap drivers

**Resources**

**Awards**

**St. Dominic Hospital**

The KACE Systems Management Appliance has made life a whole lot easier. We can see asset information and software details, down to the version. I mean, it's been the ultimate timesaver.

Rudy Bracey Systems Administrator, St. Dominic Hospital Read Case Study

**Coastal Community Credit Union**

KACE is a one-stop shop for our biggest IT needs. Sabrina Geoffroy, Technical Business Analyst, Coastal Community Credit Union

Sabrina Geoffroy Technical Business Analyst, Coastal Community Credit Union Read Case Study

**Maniilaq Association**

I know I implemented RemoteScan in a brand-new way, but the software was flexible enough to allow it. That was the big bonus

Wayne Hogue VMware Administrator, Maniilaq Association Read Case Study

Tag

#android