ICT Security-Sécurité PC et Internet

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password.

Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue. As a result, the exploit is now built into various information stealers.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

Exploit erlaubt böswilligen Zugriff trotz Passwort-Reset
Durch eine Schwachstelle in einem OAuth-Endpunkt können sich Cyberkriminelle dauerhaft Zugriff auf das Google-Konto einer Zielperson verschaffen.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet

Seit Anfang 2017 sammeln Android-Smartphones im Hintergrund die Standortdaten der Anwender. Dies ist selbst der Fall, wenn die Nutzung von Ortungsdiensten deaktiviert ist.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=tracking

Les deux enceintes intelligentes de Google et Amazon, le Google Home et l’Amazon Echo, victimes de la faille Bluetooth BlueBorne.

Des chercheurs ont réussi à prouver que la faille Bluetooth BlueBorne impactait aussi les enceintes intelligentes Google Home et l’Amazon Echo. Révélées il y a quelques semaines, huit failles critiques de Bluetooth ont récemment étaient révélées. Elles affectent des milliards d’appareils Android, iOS, Windows et Linux. Voilà que les deux assistants des deux géants du web sont aussi impliqués dans cet énorme « merdier » numérique comme le confirme la société Armis.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=BlueBorne

A million Google accounts have been compromised in a massive fraud campaign exploiting Android devices and Google Play.

At the heart of the campaign is a new variant of Android malware dubbed Gooligan, concealed in dozens of Android apps that exploit two unpatched flaws in Android to root infected devices.

The malware nabs email account information and authentication tokens for accessing Google accounts. The attackers use the tokens to install select apps from Google Play on an infected device to boost in-app advertising revenue.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Android

Google-Nutzer aufgepasst: Trojaner nutzt Cookies, um Konten zu übernehmen
Ein relativ neuer Typ von Schadsoftware nutzt Cookies, um Zugang zu Google-Konten zu erlangen. Da er diese auch selbst generieren und entschlüsseln kann, behalten Hacker auch dann Kontrolle über das Konto, wenn das Passwort geändert wird.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet

Google says that it is getting better than ever at protecting Android users against bad apps and malicious developers.

In fact, in a recent post on the Android Developers blog, the company boasts that it removed a record number of malicious apps from the official Google Play store during 2017.

How many apps did Google remove from its app marketplace after finding they violated Google Play store policies? More than 700,000. That’s an impressive 2000 or so every day, and 70% more than the number of apps removed in 2016.

Furthermore, Google says it is getting better at proactively protecting Android users from the growing menace of mobile malware:

“Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them. This was possible through significant improvements in our ability to detect abuse – such as impersonation, inappropriate content, or malware – through new machine learning models and techniques.”

Furthermore, Google claims it banned more than 100,000 developer accounts controlled by “bad actors” who had attempted to create new accounts and publish yet more malicious apps.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

Google has confirmed it has been able to track the location of Android users via the addresses of local mobile phone masts, even when location services were turned off and the sim cards removed to protect privacy.

Revealed by a report by Quartz, Google’s Android system, which handles messaging services to ensure delivery of push notifications, began requesting the unique addresses of mobile phone masts (called Cell ID) at the beginning of 2017.

The information was captured by the phone and routinely sent to Google by any modern Android device, even when location services were turned off and the sim card was removed. As a result Google could in theory track the location of the Android device and therefore the user, despite a reasonable expectation of privacy.

A Google spokesperson said: “In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery.

“However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=tracking

Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt vor drei Sicherheitslücken in Googles Chrome-Browser. Auch die Open-Source-Variante Chromium soll betroffen sein.
Zwei der Schwachstellen sind als kritisch eingestuft. Sie ermöglichen es Hackern, beliebigen Code auszuführen.

Nutzern, die noch nicht auf die aktuellen Versionen (jeweils 61.0.3163.100) umgestiegen sind, wird dringend angeraten, das Browser-Update durchzuführen. Betroffen von der Schwachstelle sind Systeme mit Windows (ab Windows XP), Macintosh (Mac OS X und macOS Sierra) sowie Linux und Chrome OS. Bei Letzterem ist der Browser integraler Bestandteil.

Laut BSI ermöglichen die Lücken "einem entfernten, nicht authentifizierten Angreifer" das Ausführen von beliebigem Code. So könnte etwa ein Denial-of-Service (DoS)- Angriff durchgeführt werden.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/05/02/get-smart-with-5-minutes-tutorialsit-securitypart-1-browsers/

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/