There are apps for most things; use them safely and securely

Thanks to apps, your phone, tablet and maybe your smart watch have become the smartest and fastest way to communicate, navigate, shop, bank, book, pay, get your entertainment … and much more. But convenience can be accompanied by disadvantages, so we’d like to pass on a few expert tips about making sure you choose and use apps safely and securely.

Use only official app stores

Avoid downloading fraudulent or otherwise illegitimate apps by using only the official store for your device’s operating system, and avoiding unauthorised sources such as bulletin boards and peer-to-peer networks. Even then, read reviews and choose with care, as some rogue apps occasionally make their way into app stores.

Read the small print

When downloading apps, you’re usually asked to agree to terms and conditions. These can be quite lengthy and complex, but it’s important to do so as some small print includes details on data sharing, in-app payments and other conditions.

Know what permissions you’re granting

You may be asked for permission for an app to access your location, photos, camera, contacts or other functions or data. Before agreeing, think about if you really want this type of access enabled, and the safety aspects of others knowing what you’re doing and where you are (especially important for children).

Check settings

Where possible, check app settings to determine whether downloading updates and day-to-day data are enabled automatically. This may be convenient, but it could also make it easier for your data to be intercepted, and may use up your data allowance.

Check content ratings

Most apps found in the official app stores feature ratings with guidance on the content and intensity of various aspects of the app. Each store has its own policy, so ratings may vary from store to store. A nice-to-have for you, but essential for apps which may be accessed by children.

Use public Wi-Fi safely

When you’re out and about, remember that you shouldn’t use Wi-Fi hotspots for confidential communications or transactions in places like cafés, pubs and hotel rooms, as there’s no guarantee of security. Instead, use your data, or wait until you get back to your secure Wi-Fi.

Always log out

When you’ve finished using an app – particularly one for banking, shopping or payments – always log out, as simply closing the app may not necessarily do it for you. This also goes for location-based apps, when you want to keep your whereabouts to yourself.

Download updates

Always download app updates when prompted, because as well as providing new features and better functionality, updates usually contain at least one security fix.

Look after your devices

With today’s apps, your mobile device becomes a computer, wallet, satnav, photo album, TV, filing cabinet, and much more. You shouldn’t leave any of these items in an unlocked house or vehicle, or unattended in a café or on a train …your mobile device is no different. And always PIN or password-protect your device as a first line of security.

Keep an eye on those bills

Be aware of the data used by apps when you’re out and about, including roaming charges abroad. And remember that some apps enable in-app purchases, which can be very attractive to use – especially to children – but at a price.

Do your housekeeping

Filling your phone or tablet with dozens of apps you don’t use can affect its performance, including reducing battery life. Remove the ones you haven’t used for a while, apart from security apps. If you’re disposing of your phone by any means, erase all data and apps, also preferably doing a factory re-set.

Click here for the full story

Stop children bingeing on social media during holidays, parents urged | Society | The Guardian

Children’s commissioner says too much time is spent online as she launches ‘five a day’ campaign. Children’s access to Snapchat should be limited, the children’s commissioner says. Photograph: Lucy Nicholson/Reuters.

Source: Stop children bingeing on social media during holidays, parents urged | Society | The Guardian

‘LinkedIn Update’ Phishing Scam Email

If you use LinkedIn, keep an eye out for an email that claims you must click a link to update your account. The email, which has the subject “LinkedIn Update” claims that LinkedIn is updating its “Services Agreement and Privacy.

The message warns that your account will be deactivated if you do not click the link and update your account. However, LinkedIn did not send the email and your account will not be deactivated if you don’t click the link. Instead, the email is a phishing scam that is designed to steal your LinkedIn account login details. If you click the link, you will be taken to a fraudulent website that has been built to emulate the real LinkedIn login page. Once on the fake site, you will be asked to enter your account email address and password to log in. After entering your details, you’ll see a message claiming that you’ve successfully completed the supposed update.

Online criminals can now use the information you provided to hijack your LinkedIn account. Once they have gained access to your account, the criminals can use it to send spam, scam, and malware messages to your LinkedIn contacts in your name.  They may also gather more of your personal information from your account and use it to pose as you and attempt to steal your identity. LinkedIn users are regularly targeted in such phishing scams.

LinkedIn has information about phishing scams and how to report them on its website.

Which smartphone is the most secure? – NCSC Site

Andy P (EUD Security Research Lead) says: “When talking about end-user device security, one of the questions I hear most often is ‘Which smartphone is the most secure?’ . Now, since Jon’s told us we’re not allowed to say ‘It Depends’, we’d better have a good answer. So here’s what I think.”

‘The most secure platform’ isn’t really a useful metric. It’s an old adage that the most secure computer is the one turned off, disconnected, and locked in a safe. Pretty secure, and not very usable. But it illustrates the point that there’s plenty more to think about than just security when deciding which device you’re going to use to get your job done (or play Minecraft on). Instead, I believe the question we should be asking is ‘Is it secure enough?’.  Once you’ve established which of your potential options are in that category, you can then pick the one that best meets your other requirements, such as cost, features, battery life, availability of your favourite apps and so on.

Source: Which smartphone is the most secure? – NCSC Site

It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

 

A variant of the Marcher banking trojan is targeting Android users by masquerading as a mobile Adobe Flash Player app.

This version of the malware arrives via popcash[dot]net, an advertising network which is known to serve “popunder” ads that display behind a main browser window so that the user sees them when they try to exit.

The ads drop malware payloads that pose as Adobe Flash Player. If a user clicks on the dropper URL, they see a message warning them that their Flash Player is out of date.

The dropper also loads the malware “Adobe_Flash_2016.apk” onto the user’s device, a program which then guides the user to disable security features and allow app installations from unknown sources.

Successful installation prompts the malware to conceal its icon from the home screen, to register the infected device with its command-and-control (C&C) server, and to send important information about the infected device including a list of installed apps to its server.

Source: It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

A breach at UK car insurance company, the AA, has exposed information on more than 100,000 customers, including names, email addresses and partial credit card details, according to security researchers.

The company said a ‘server misconfiguration’ was responsible for the information being openly available on the web for a few days in April of this year.

The AA have been criticized for its handling of the incident: After claiming no sensitive information was included in the exposed cache, the company was called to task when security researcher Troy Hunt said he found 117,000 unique email addresses, names and partial credit card info among the details.

The company never notified its affected customers, he added.

Source: Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

‘Petya’ cyber attack targeting ‘everyone’: How to protect yourself

Cyber security experts are warning that consumers can also be targeted by the ransomware that has affected huge organisations around the world.

A new variant of known malware Petya is believed to be behind the chaos, which initially hit Ukraine, before spreading to companies in a number of other countries, including the UK.

However, it’s not just big businesses that are under threat.  Consumers are also at risk and should be wary if they are running operating systems that are vulnerable to the exploit, in other words if you have not patched,” Raj Samani, chief scientist & fellow at McAfee, told the Independent.

Roblox – a guide for parents | Safer Internet Centre

Childnet Education Officer Tom offers some top tips for parents to help young people stay safe on Roblox.

“In Childnet education sessions, young people and parents often mention Roblox, the popular gaming site. Young people regularly tell us how much they enjoy the different games and levels within it. This blog explains a bit about Roblox,  what to be aware of as a parent and offers our top tips on how to ensure your child stays safe. This is will include:

  1. Communication: how Roblox can be used to communicate with other users
  2. Content: what content is available on Roblox that might not be suitable for children
  3. Costs: what ways children might accidentally run up costs while using Roblox

Plus we will share our top tips for staying engaged with your children’s use of Roblox and making the most of the safety features available on the service.

Source: Roblox – a guide for parents | Safer Internet Centre

Apple Mac computers targeted by ransomware and spyware

Mac users are being warned about new variants of malware that have been created specifically to target Apple computers. One is ransomware that encrypts data and demands payment before files are released. The other is spyware that watches what users do and scoops up valuable information.

Experts said they represented a threat because their creators were letting anyone use them for free. The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor “dark web” network that acted as a shopfront for both.

How to stay secure while staying connected on vacation – Help Net Security

The wide availability of Wi-Fi networks can make it difficult to unplug and disconnect on vacation, but if consumers take that extra step and unplug they can experience a more secure trip.

Despite the benefits experienced from unplugging, most individuals still prefer to stay connected when on vacation. But when individuals put convenience over security, by using unsecured Wi-Fi access points that are easily hackable for example, they leave themselves open to the possibility of having their personal information compromised.

Source: How to stay secure while staying connected on vacation – Help Net Security