Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe. Read More
Related Posts
Google will start deleting location history
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past.
In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old data. If you use this feature, that means you have about five months before losing your location history.
Moving forward, Google will link the Location information to the devices you use, rather than to the user account(s). And, instead of backing up your data to the cloud, Google will soon start to store it locally on the device.
As I pointed out years ago, Location History allowed me to “spy” on my wife’s whereabouts without having to install anything on her phone. After some digging, I learned that my Google account was added to my wife’s phone’s accounts when I logged in on the Play Store on her phone. The extra account this created on her phone was not removed when I logged out after noticing the tracking issue.
That issue should be solved by implementing this new policy. (Let’s remember, though, that this is an issue that Google formerly considered a feature rather than a problem.)
Once effective, unless you take action and enable the new Timeline settings by December 1, Google will attempt to move the past 90 days of your travel history to the first device you sign in to your Google account on. If you want to keep using Timeline:
Open Google Maps on your device.
Tap your profile picture (or initial) in the upper right corner.
Choose Your Timeline.
Select whether to keep you want to keep your location data until you manually delete it or have Google auto-delete it after 3, 18, or 36 months.
In April of 2023, Google Play launched a series of initiatives that gives users control over the way that separate, third-party apps stored data about them. This was seemingly done because Google wanted to increase transparency and control mechanisms for people to control how apps would collect and use their data.
With the latest announcement, it appears that Google is finally tackling its own apps.
Only recently, Google agreed to purge billions of records containing personal information collected from more than 136 million people in the US surfing the internet using its Chrome web browser. But this was part of a settlement in a lawsuit accusing the search giant of illegal surveillance.
It’s nice to see the needle move in the good direction for a change. As Bruce Schneier pointed out in his article Online Privacy and Overfishing:
“Each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.”
This has led us all to a world where we don’t even have the expectation of privacy anymore when it comes to what we do online or when using modern technology in general.
If you want to take firmer control over how your location is tracked and shared, we recommend reading How to turn off location tracking on Android.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.
Hackers Deliver FakeBat Malware via MSIX Installer Files
Hackers Deliver FakeBat Malware via MSIX Installer Files
[[{“value”:”
Cybercriminals have been distributing a new strain of malware, dubbed FakeBat, by exploiting the trust in MSIX installer files.
This alarming trend has raised concerns as it involves masquerading as legitimate software applications, including popular productivity tools like Notion, Trello, Braavos, and OneNote.
The Lure of Legitimacy
The attackers have cleverly designed their campaign to impersonate well-known software brands, thereby increasing the likelihood of users downloading and executing the malicious installers.
Document
Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
By leveraging the reputation of these trusted names, the cybercriminals aim to bypass the natural skepticism that users might have towards unknown sources.
Camouflaged Links and Obfuscated Scripts
To further evade detection, the malvertisements have utilized URL shorteners, a common tactic for hiding the true destination of the links and making them appear less suspicious to potential victims.
Once clicked, these links lead to downloading MSIX files containing obfuscated PowerShell scripts.
These scripts are designed to be complex and challenging to analyze, allowing malware to bypass basic security measures and initiate the infection process.
A recently published article by Broadcom has highlighted the spread of a new malware strain called FakeBat.
This malware is being distributed through malvertising campaigns and is particularly concerning because it can evade detection by most traditional antivirus software.
According to a recent tweet by CyberXTron Technologies, cybercriminals are using MSIX installer files to distribute a new malware variant called FakeBat.
Threat Campaign Alert – FakeBat Malware Uses Legitimate Websites and Diverse Brand Impersonation Tactics
Summary: February witnessed a significant rise in search-based malvertising incidents, nearly doubling the documented cases. FakeBat malware leverages malvertising… pic.twitter.com/qQYrrkztip
— CyberXTron Technologies (@CyberxtronTech) March 13, 2024
Staying Safe Online
To protect yourself from such threats, it is crucial to maintain a robust security posture:
Always download software from official sources or directly from the vendor’s website.
Be wary of advertisements offering free downloads of paid software.
Keep your antivirus software current to benefit from the latest protection mechanisms.
Educate yourself and others about the latest tactics used by cybercriminals.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Hackers Deliver FakeBat Malware via MSIX Installer Files appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
New macOS Backdoor Linked to Prominent Ransomware Groups
New macOS Backdoor Linked to Prominent Ransomware Groups
[[{“value”:”
Written in Rust, the new RustDoor macOS backdoor appears linked to Black Basta and Alphv/BlackCat ransomware.
The post New macOS Backdoor Linked to Prominent Ransomware Groups appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed