FvncBot - neuer Banking‑Trojaner aus Polen für Polen (noch)
FvncBot gibt sich als Sicherheits‑App von mBank aus und richtet sich aktuell gezielt an polnische Mobile‑Banking‑Kunden. Der Code sei vollständig neu geschrieben worden und nicht nicht von bekannten Trojanern abgeleitet...
Mehr: https://maniabel.work/archiv/732
#Android‑Accessibility‑Services #Banking #FvncBot #Keylogging #Malware #Trojaner #infosecnews
Generative AI, and especially AI that is used to "personalize" and track your activity across the web and on your computer are never going to be in your best interest, it is always going to serve these companies in whatever way will line their pockets the most, and all it takes is updating their terms of service once, and then all of that data they promised they weren't collecting suddenly all belongs to them.
via novella-november
If you are on a Windows 11 computer, pause everything you are doing for one minute and:
Open computer settings
Click on Accessibility on the left-hand menu
Scroll down the Accessibility menu and click on the Keyboard Option
Under the "related settings" tab, click "Typing" which should have a description of "spellcheck, autocorrect, text suggestions."
Turn off the AI "correct misspelled words"
and most importantly: turn off Typing Insights.
🚨🚨Announcement alert 🚨🚨
🛠️ Excited to announce our upcoming training during the #r2con2024:
Keylogger for All Stacks with @dreg !
Dive into PS2 keylogging techniques across all layers: user space, kernel, and hardware. We’ll also cover how powerful debuggers like Radare2 are essential for developing and troubleshooting keyloggers.
📅When?
8-9 November https://rada.re/con/2024/Reserve your spot today!
Get your ticket! https://eventzilla.net/e/r2con-2024-2138650032
New PIXHELL acoustic attack leaks secrets from LCD screen noise
In a PIXHELL attack, malware modulates the pixel patterns on LCD screens to induce noise in the frequency range of 0-22 kHz, carrying encoded signals within those acoustic waves that can be captured by nearby devices such as smartphones.
#Pixhell #acoustic #LCD #keylogging #malware #security #cybersecurity #hackers #hacking #hacked
The recent advice from the director of Canada’s intelligence agency urging Canadians to remove TikTok from their phones has raised significant questions. If TikTok poses a security threat, why aren’t similar concerns raised about other major platforms like Google and Meta (Facebook)? This article explores the nuances and distinctions that contribute to the perceived threat from TikTok compared to other social media giants.
TikTok’s Unique Position
TikTok, owned by the Chinese company ByteDance, has come under scrutiny primarily because of its potential connections to the Chinese government. According to the 2017 Chinese National Intelligence Law, any Chinese organization or citizen is required to support, assist, and cooperate with state intelligence work. This law has fueled fears that the Chinese government could access TikTok’s vast troves of user data [❞].
The types of data TikTok collects include device information, browsing history, app usage, and even biometric data such as facial recognition and voice prints [❞]. This extensive data collection, combined with the geopolitical tensions between China and Western countries, underpins much of the concern.
Comparisons with Google and Meta
While TikTok’s data collection practices are extensive, it’s important to recognize that Google and Meta also engage in comprehensive data harvesting. Both companies track user behavior across their services and third-party websites through mechanisms like tracking pixels and cookies. For instance, Meta (Facebook) has been found collecting sensitive data from various online platforms, including government websites and hospital portals [❞].
However, the primary difference lies in the geopolitical context and ownership. Google and Meta are US-based companies, which means their data practices are subject to US laws and regulatory frameworks. Despite controversies, there is a level of transparency and accountability expected from them. These companies also face significant scrutiny and regulatory challenges within the US and Europe, aimed at protecting user privacy and data security [❞].
Security and Privacy Concerns
Both TikTok and its US counterparts have faced accusations of misusing user data. TikTok’s keylogging feature, which tracks users’ keyboard inputs within its in-app browser, has raised alarms. Although TikTok claims this feature is for debugging and performance monitoring, it theoretically allows the collection of sensitive data such as passwords and credit card information [❞].
Google and Meta, on the other hand, have been involved in various data privacy scandals. For instance, Meta has been implicated in using tracking pixels to collect data from unsuspecting users on third-party websites [❞]. Both companies have extensive advertising networks that rely on detailed user profiles to target ads effectively, which involves substantial data collection and analysis.
Government and Regulatory Responses
Governments and regulatory bodies worldwide have taken steps to mitigate these risks. In the US, TikTok has been subject to ongoing scrutiny by the Committee on Foreign Investment in the United States (CFIUS) due to concerns over national security [❞]. CFIUS has the authority to compel ByteDance to divest TikTok if deemed necessary for national security.
Similarly, Google and Meta are frequently under the regulatory microscope. The General Data Protection Regulation (GDPR) in Europe imposes strict data protection and privacy rules on these companies, compelling them to handle user data with greater care and transparency. In the US, the Federal Trade Commission (FTC) has also taken action against these companies for various privacy violations [❞] [❞].
The Role of Public Perception
Public perception plays a crucial role in how these companies are viewed. The narrative around TikTok is heavily influenced by its Chinese ownership and the associated geopolitical implications. Even without direct evidence of data misuse by the Chinese government, the theoretical risk is enough to create significant concern [❞].
In contrast, while Google and Meta are often criticized for their data practices, the threat is seen more in terms of corporate overreach and lack of transparency rather than state-level espionage. This distinction affects how regulatory bodies and the public respond to each company.
The security threats posed by TikTok, Google, and Meta are not entirely dissimilar, given that all engage in extensive data collection and tracking. However, the geopolitical context and ownership structure of TikTok amplify the perceived risk. While Google and Meta operate within frameworks that provide a level of accountability and transparency, TikTok’s ties to China and the potential implications of Chinese intelligence laws present a unique challenge.
As digital citizens, it is crucial to stay informed about how these platforms use our data and to advocate for stronger data protection regulations that apply uniformly across all tech companies, regardless of their country of origin. Through awareness and regulatory action, we can better manage the risks associated with using these pervasive digital platforms.
For further reading, you can explore detailed analyses from sources like CISecurity, The Register, Brookings, and more. These provide deeper insights into the complexities of data security in the age of social media.
If TikTok is a threat to my security, why aren’t Google and Meta?
https://www.youtube.com/watch?v=CHQBylSxCDs
https://miltonmarketing.com/news/if-tiktok-is-a-threat-to-my-security-why-arent-google-and-meta/
#advertisingNetworks #biometricData #ByteDance #CFIUS #china #ChineseGovernment #cybersecurity #dataCollection #dataHarvesting #DataPrivacy #dataProtection #digitalPlatforms #Facebook #FTC #GDPR #geopoliticalTensions #google #informationSecurity #keylogging #Meta #NationalIntelligenceLaw #privacyPolicy #publicPerception #regulatoryBodies #regulatoryScrutiny #securityThreat #Surveillance #TechGiants #TikTok #trackingPixels #USBasedCompanies #userData #userPrivacy
📬 Trojanisierte McAfee Security-App gefährdet Android-Nutzer
#Malware #Smartphones #BankingApps #Brainexe #Brunhilda #Keylogging #McAfee #SMSPhishing #Trojaner #Vultur https://sc.tarnkappe.info/417efa
App bancarie compromesse dai trojan su android. Trojan bancari su Android, nel 2023 10 nuove famiglie che prendono di mira oltre 900 app. Sempre più diffusi e con nuove funzionalità, i trojan bancari sono una minaccia concreta e pericolosa per gli utenti di smartphone.
La società di sicurezza Zimperium ha condotto
#android #appbancarie #furtidiidentità #googleplaystore #keylogging #malware #phishing #smartphone #trojanbancari #ZimperiumZLabs
https://scienzamagia.eu/misteri-ufo/app-bancarie-compromesse-dai-trojan-su-android/
What is #Keylogging #Malware and How to Protect Yourself ⌨️
Once installed, keylogging malware can track every keystroke made by the user, including sensitive information such as usernames, passwords, credit card numbers, and other #confidential #data. 🔒
🗞️ Read the full article in our Privacy Hub - https://hoody.com/privacy-hub/what-is-keylogging-malware-and-how-to-protect-yourself
#AI can decode what key you are pressing over #Zoom audio, say researchers. "Laptops, in particular, are more susceptible to having their keyboard recorded in quieter public areas, like coffee shops, libraries, or offices, the paper notes. A" #keylogging #passwords #cybersecurity #security https://arstechnica.com/gadgets/2023/08/type-softly-researchers-can-guess-keystrokes-by-sound-with-93-accuracy/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
This is a scary reality: #AI-Powered '#BlackMamba' #Keylogging #Attack #Evades Modern #EDR #Security
RT @n3ll41@twitter.com
Hacker's Corner: Complete Guide to Keylogging in Linux - Part 1
https://linuxsecurity.com/features/complete-guide-to-keylogging-in-linux-part-1
@digitalcourage.de @digitalcourage
Die Funk-Redaktion hat das Gespräch mit Sebastian Meineck nach dem Zerschneiden leider an einer Stelle falsch zusammengefügt und einen falschen Sinnzusammenhang hergestellt:
#E2EE wird nicht durch #hashing umgangen, sondern durch #keylogging und #screenshotting.
Eine Datenbank mit Medien-Hashes braucht ein solcher #Uploadfilter auch, aber das ist unabhängig davon, ob E2EE umgangen oder gebrochen wird.
Websites that Collect Your Data as You Type https://www.schneier.com/blog/archives/2022/05/websites-that-collect-your-data-as-you-type.html #academicpapers #datacollection #Uncategorized #keylogging #privacy
Websites that Collect Your Data as You Type
A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form.
<blockquo... https://www.schneier.com/blog/archives/2022/05/websites-that-collect-your-data-as-you-type.html
#academicpapers #datacollection #Uncategorized #keylogging #privacy
Lightning Cable with Embedded Eavesdropping https://www.schneier.com/blog/archives/2021/09/lightning-cable-with-embedded-eavesdropping.html #Uncategorized #eavesdropping #keylogging #hacking #Apple #Wi-Fi
This Seemingly Normal Lightning Cable Will Leak Everything You Type
https://web.archive.org/web/20210904092150/https://www.vice.com/en/article/k789me/omg-cables-keylogger-usbc-lightning
For the first time we are seeing an #Android banking #trojan that has #ScreenRecording and #keylogging as the main strategy to harvest #LoginCredentials in an automated and scalable way, While banking #malware such as #MysteryBot, #Grandoreiro, #Banker.BR, and #Vizom have traditionally relied on #OverlayAttacks traditionally.
