Don't Trust Anyone, Literally

Everywhere you go, everything you do could be subject to malware and spying for legitimate or illegitimate purposes. But whatever the reason, most of it is done without the users' knowledge. Even what they assumed was secure and encrypted is not. Even with anti-virus and anti-malware software installed, they are not protected.

LastPass Hacked, Change Your Master Password Now

Source: https://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

"LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account."

NYPD Officer Hacks NYPD in Ballsy Side-Hustle Scam

Source: https://gizmodo.com/nypd-officer-hacks-nypd-in-ballsy-side-hustle-scam-1692479948

An NYPD officer has been arrested for hacking NYPD and FBI databases so he could pose as a lawyer and profit off tricking traffic victims.

Yehuda Katz, an NYPD Auxiliary Deputy Inspector based in Brooklyn, allegedly hacked into restricted databases and ran thousands of queries to find out enough information to starthardcore conning people:

?Samsung Television Spies on Viewers? Without Their Knowledge

Source: https://www.schneier.com/blog/archives/2015/02/samsung_televis.html

Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn't just processed by the television; it may be forwarded over the Internet for remote processing.

A single sentence in Samsung's 1,500-word privacy policy, the one most of us don't read, stated: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

?Android malware spies on you even after phone is shut down

Source: https://mashable.com/2015/02/19/android-malware-spies-shut-down

?A particularly devious new Android malware can make calls or take photos even if you shut the device down, according to security research firm AVG.

To achieve this, the malware hijacks the shutting down process — making it appear as though your Android device is shutting down. You see the animation, the screen goes black, but the phone is actually still on. In this state, the malware can use the phone to send your messages to a third party, record a call or take a photo, essentially turning your phone into a device that spies on you.

AVG, which posted code excerpts showing some of the malware's functionality, names this threat Android/PowerOffHijack.A. According to the company, it infects devices running Android versions below 5.0 and requires root permissions in order to act.?

?How US and British spies were able to eavesdrop on millions of cell phones

Source: https://www.businessinsider.com/nsa-gchq-hacked-the-largest-sim-card-maker-to-secretly-monitor-cellphone-2015-2

The US National Security Agency (NSA) and British counterpart Government Communications Headquarters (GCHQ) hacked the largest SIM card manufacturer in the world, according to secret documents leaked to The Intercept by former NSA contractor Edward Snowden.

All mobile communications are private because of an encrypted connection between an individual's cellphone and the wireless carrier's network. The key to decrypt that communication is in every phone's SIM card.

Once US and British agents stole the encryption keys from the SIM manufacturer, the government agencies gained the ability to secretly monitor voice and data cellular communications from 450 wireless network providers without the approval of telecom companies or foreign governments. They could intercept and decrypt all communications, if they chose to.

The SIM card manufacturer — a huge company called Gemalto, which operates in 85 countries — still couldn't find a trace of the hacks, even after The Intercept alerted it that GCHQ had access to its entire network.

The NSA hides surveillance software in hard drives

Source: https://www.engadget.com/2015/02/16/hard-drive-spyware/

It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparentlystate-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.

Lenovo Installs Adware on New Computers That Could Steal Private Data

Source: https://gizmodo.com/lenovo-installs-adware-on-new-computers-that-could-stea-1686721226

Oh no, Lenovo. Users are reporting on the company's forums that its computers are coming installed with adware straight out of the box—that can monitor secure connections.

According to a number of Lenovo users, the software called Superfish is installed on factory-fresh laptops. The adware injects third-party ads into Google searches and on to websites without the user's permission—on Chrome and Internet Explorer, at least. That, alone, is bad but not awful. But other users have pointed out that the adware can also install its own self-signed certificate authority—creating spurious SSL certificates—allowing it to monitor secure connections.

You Can Get Identity-Stealing Malware By Visiting This Popular Porn Site

Source: https://gizmodo.com/you-can-get-identity-stealing-malware-by-watching-this-1686567341

People checking out RedTube, one of the most popular porn sites, are in danger of identity theft. Hackers have infected the site's source code to redirect to malware used to steal personal information.

Visiting a porn hub usually results in sketchy-looking pop-up ads; it's not unusual for porn sites to have malware problems. This one is notably bad because it's the site itself that is infected, not its advertisements. This means simply going to the homepage will redirect you to a Trojan that can be used to steal personal information.

Malwarebytes says the particular family of Trojans used here are known for "stealing personal information from users as well as installing browser helper objects that spread pop-up ads, some redirecting to additional exploit pages and therefore more malware infections."