Tag Archives: Malicious

Business

Gautam Adani slams short-seller Hindenburg’s claims as ‘baseless’ and ‘malicious’

Leave a comment


New Delhi
CNN
 — 

India’s Adani Group on Wednesday denounced allegations of fraud made by US-based short seller Hindenburg Research as “baseless” and a “malicious combination of selective misinformation.”

Hindenburg Research published an investigation on billionaire Gautam Adani’s sprawling conglomerate on Tuesday, accusing it of “brazen stock manipulation and accounting fraud scheme over the course of decades.”

Hindenburg said it has taken a short position in companies in the Adani Group “through U.S.-traded bonds and non-Indian-traded derivative instruments.” Short sellers aim to make money by betting that the stock price of the companies they target will fall.

Adani’s business empire contains seven listed companies — in sectors ranging from ports to power stations — and shares in most of them fell by between 3% and more than 8% on Wednesday.

The plunge had an immediate impact on the billionaire’s net worth. According to Bloomberg’s Billionaires Index, Adani lost nearly $6 billion on Wednesday. He is currently worth $113 billion.

In its investigation, which Hindenburg said took two years to compile, the research firm questioned the “sky-high valuations” of Adani firms and said their “substantial debt” puts the entire group “on a precarious financial footing.”

The research firm concluded its report with 88 questions for the Adani Group. These range from asking for details on Adani’s offshore entities, to why it has “such a convoluted, interlinked corporate structure.”

CNN has not verified the claims in the report, and India’s stock market regulator did not immediately respond to a request for comment.

Shares of Adani’s companies have surged in the last few years, making him Asia’s richest man.

In a statement released a few hours after Hindenburg published its report, the Adani Group’s chief financial officer Jugeshinder Singh said that Hindenburg did not make “any attempt to contact us or verify the factual matrix,” adding that the allegations made by the short seller are “stale, baseless and discredited.”

The conglomerate has faced scrutiny from Indian authorities in the past. In 2021, shares in Adani’s companies tumbled after The Economic Times newspaper said that foreign funds that hold stakes worth billions of dollars were frozen by the country’s National Securities Depository. The Adani Group called that report “blatantly erroneous.”

Nate Anderson, who founded Hindenburg Research, has made a name for himself in the past few years by targeting companies that he thinks are overvalued and have suspect financials. Anderson is best known for going after electric truck company Nikola in 2020, calling it an “intricate fraud,” and causing the firm’s stock to plunge sharply. In 2022, Nikola’s founder was convicted by a US jury of fraud in a case alleging he lied to investors about the company’s technology.

But some have accused Hindenburg of trying to push stocks lower with its research reports in order to make a profit.

Its report on the Adani Group comes at a sensitive time. Later this week, Adani Enterprises, the conglomerate’s flagship company, is aiming to raise 200 billion rupees ($2.5 billion) by issuing new shares.

Singh said that the “timing of the report’s publication clearly betrays a brazen, mala fide intention to undermine the Adani Group’s reputation with the principal objective of damaging the upcoming follow-on public offering.”

The conglomerate is also considering taking five new businesses to the stock market in the next two to five years.

A college dropout and a self-made industrialist, Adani is the world’s fourth richest man, ahead of Bill Gates and Warren Buffet, according to Bloomberg’s Billionaires Index. He is also seen as a close ally of India’s current prime minister, Narendra Modi.

The 60-year-old tycoon founded the Adani group over 30 years ago. It now has established businesses in industries ranging from logistics to mining, and is aggressively growing in diverse sectors such as media, data centers, airports, and cement.

But this is not the first time analysts have expressed fear that the rapid expansion of his business comes with a huge risk. Adani’s juggernaut has been fueled by a $30 billion borrowing binge, making his business one of the most indebted in the country.

Last year, CreditSights, a research firm owned by Fitch Group, published a report about Adani Group titled “Deeply Overleveraged” in which it expressed strong concerns about its debt-funded growth plans.

Adani Group responded to CreditSights with a 15-page report, saying that the “leverage ratios” of its companies “continue to be healthy and are in line with the industry benchmarks in the respective sectors” and that they “have consistently de-levered” in the last nine years.

Read original article here

World

‘Malicious and targeted’ sabotage halts rail traffic in northern Germany

Leave a comment

BERLIN, Oct 8 (Reuters) – Cables vital for the rail network were intentionally cut in two places causing a near three-hour halt to all rail traffic in northern Germany on Saturday morning, in what authorities called an act of sabotage without identifying who might be responsible.

The federal police are investigating the incident, Interior Minister Nancy Faeser said, adding the motive for it was unclear.

The disruption raised alarm bells after NATO and the European Union last month stressed the need to protect critical infrastructure after what they called acts of sabotage on the Nord Stream gas pipelines.

Register now for FREE unlimited access to Reuters.com

“It is clear that this was a targeted and malicious action,” Transport Minister Volker Wissing told a news conference.

A security source said there were a variety of possible causes, ranging from cable theft – which is frequent – to a targeted attack.

Omid Nouripour, leader of the Greens party, which is part of Chancellor Olaf Scholz’s federal coalition, said anyone who attacked the country’s critical infrastructure would receive a “decisive response”.

“We will not be intimidated,” he wrote on Twitter.

CHAOS BEFORE ELECTION DAY

“Due to sabotage on cables that are indispensable for rail traffic, Deutsche Bahn had to stop rail traffic in the north this morning for nearly three hours,” the state rail operator said in a statement.

Deutsche Bahn (DB) had earlier blamed the network disruption on a technical problem with radio communications. Spiegel magazine said the communications system was down at around 6:40 a.m. (0440 GMT). At 11:06 a.m, DB tweeted that traffic had been restored, but warned of continued train cancellations and delays.

The disruption affected rail services through the states of Lower Saxony and Schlewsig-Holstein as well as the city states of Bremen and Hamburg, with a knock-on effect to international rail journeys to Denmark and the Netherlands.

They came the day before a state election in Lower Saxony where Scholz’s Social Democrats are on track to retain power and the Greens are seen doubling their share of the vote, according to polls.

Queues rapidly built up at mainline stations including Berlin and Hanover as departure boards showed many services being delayed or canceled.

Register now for FREE unlimited access to Reuters.com

Reporting by Sarah Marsh; Additional reporting by Andreas Rinke and Christian Ruettger; Editing by David Holmes and Mark Potter

Our Standards: The Thomson Reuters Trust Principles.

Read original article here

World

Beijing hits out at Nato strategy for ‘malicious attack’ on China | China

Leave a comment

China has issued a strong rebuke at Nato, calling out what it said was “cold war thinking and ideological bias”, after the western military bloc said Beijing posed “serious challenges” to global stability.

Nato allies agreed for the first time to include challenges and threats posed by China into a strategy blueprint in its latest summit in Madrid this week. The alliance’s previous document, issued in 2010, made no mention of China.

In its new Strategic Concept, Nato said tackling “systemic challenges posed by the People’s Republic of China to Euro-Atlantic security” and the “deepening strategic partnership” between China and Russia would now be among its main priorities.

Beijing was furious about Nato’s decision. “Who’s challenging global security and undermining world peace? Are there any wars or conflicts over the years where Nato is not involved?” China’s mission to the EU said in a statement on Thursday.

“Nato’s so-called Strategic Concept, filled with cold war thinking and ideological bias, is maliciously attacking and smearing China. We firmly oppose it,” the statement said. “When it comes to acts that undermine China’s interests, we will make firm and strong responses.”

Since Russia’s invasion of Ukraine, China has been pointing its finger at the US and Nato on multiple occasions. But Nato’s attention to the China-Russia partnership began even before Moscow’s military operations in its neighbour. It has also been openly talking about China for some time.

In its annual summit in Brussels last June, the traditionally Russia-focused military alliance asserted, for the first time, that it needed to respond to Beijing’s growing power. The language the bloc used at the time also echoed the EU’s phrase of “systemic rival”, and the UK’s “systemic competitor” when describing China.

Beijing’s response was equally strong. When responding to Nato secretary general Jens Stoltenberg’s remark on China-Russia military ties last year around the time of the Brussels summit, a foreign ministry spokesperson urged the alliance to “abandon cold war mentality and ideological bias” – a similar language to the one deployed this week.

This week, Nato was keen to add a layer of nuance into its descriptions of Russia and China. “China is not our adversary, but we must be clear-eyed about the serious challenges it represents,” Stoltenberg said on Wednesday, adding that Nato was still “open to constructive engagement” with Beijing.

The language contrasted Nato’s view on Vladimir Putin’s Russia. “The Russian Federation is the most significant and direct threat to allies’ security and to peace and stability in the Euro-Atlantic area,” Nato’s Strategic Concept wrote, vowing to “continue to respond to Russian threats and hostile actions in a united and responsible way”.

Yet, the alliance was clearly wary of Beijing’s close ties with Moscow. “The deepening strategic partnership between the People’s Republic of China and the Russian Federation and their mutually reinforcing attempts to undercut the rules-based international order run counter to our values and interests,” the blueprint said.

It is not immediately clear what the talk of China in its latest strategy means for Nato operationally. “We know there will be greater collaboration with the EU on areas of China policy that the EU has more experience in, such as resilience and economic coercion,” said Meia Nouwens of the London-based thinktank International Institute for Strategic Studies (IISS).

She added: “The concept mentioned that the Alliance will work with existing and new partners in the Indo-Pacific. But we don’t know which new partners Nato is looking at – perhaps certain countries in south-east Asia or India.”

Some experts have urged Nato to establish a “China council” to coordinate Nato’s policies on China, but there was no talk of it this week in Madrid. And in the last few days, reports emerged that France and Germany had objected to describing China as a “threat”, as it might jeopardise Europe’s interests in trade and technology.

“It’s interesting that after three years of conversations about China and agreeing on the challenges that it poses to the alliance, allies still don’t fully agree on how to frame that discussion and how to respond,” said Nouwens.

Read original article here

Technology

Skylines players warned to check for malware after malicious code is discovered in mods • Eurogamer.net

Leave a comment

Players who use mods to play Cities: Skylines have been warned to check their machines for malware after several popular mods have been found to include malicious code.

A hidden auto-updater has reportedly been bundled in all the mods “redesigned” by a modder aptly known as Chaos. As well as making it a core download for several other mods, it also crippled any mods not made by Chaos, forcing around 35,000 unwitting players into using more infected mods.

“Malicious code has been found in mods published by an author using the names Holy Water and Chaos,” a pinned post on the Cities: Skylines subreddit warns. “These mods have been “forks” (modified and reuploaded versions) of popular mods from well-known creators (e.g. Harmony, Network Extensions, Traffic Manager: President Edition). Several (but not all) of these mods have been removed from the Steam Workshop and the author’s account is currently suspended.

“We recommend in the strongest possible terms that you unsubscribe from all items published by this author and do not subscribe, download, or install any mods, from any source, that may be published by this individual in future.”

A moderator of the subreddit additionally told NME: “Users install Harmony (redesigned) for a particular reason, suddenly they get errors in popular mods. The solution provided is to use his versions. Those versions gain traction and users, and people come across them instead of the originals… and see Harmony (redesigned) marked as a dependency. Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer.”

Although Valve has now reportedly banned Chaos (and their known alt accounts) and removed the infected mods, players are still worried they can return as a loophole in Steam workshop rules means Chaos may be able to edit and update their mods from accounts other than those banned.

“Chaos can then remotely deploy any code he chooses to users simply by releasing updated code on his GitHub,” the anonymous moderator added. “There is no validation by Steam, GitHub, or any third party. It’s a direct link from Chaos’ brain to users’ computers. If users run the game as [an] administrator for any reason, this could expose them to keyloggers, viruses, bitcoin mining software – literally anything.”

Cities: Skylines’ new expansion, Airports, is out now.

As Matt summarised for us at the time, as its name suggests, Airports – which is Cities: Skylines’ tenth major expansion, following on from After Dark, Snowfall, Natural Disasters, Mass Transit, Green Cities, Parklife, Industries, Campus, and Sunset Harbour – gives budding urban planners the tools needed to create and manage their own air-focused transportation hubs.

That includes a steadily expanding selection of modular airport building options, cargo terminals, and connected public transport – and you’ll see a fair number of Airports’ new features in action in the newly released gameplay trailer below.

// Load the SDK Asynchronously (function (d) { var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0]; if (d.getElementById(id)) { return; } js = d.createElement('script'); js.id = id; js.async = true; js.onload = function () { if (typeof runFacebookLogin == 'function') { runFacebookLogin(); } if (typeof runFacebookRegistrationLogin == 'function') { runFacebookRegistrationLogin(); } };

js.src = "https://connect.facebook.net/en_GB/all.js"; ref.parentNode.insertBefore(js, ref); }(document)); }

fbq('init', '560747571485047');

fbq('track', 'PageView');

appendCarbon(); }

Read original article here

Sports

Dolphins owner Stephen Ross responds to Brian Flores’ allegations: ‘False, malicious and defamatory’

Leave a comment

Miami Dolphins owner Stephen Ross issued a statement late Wednesday in response to a lawsuit from former head coach Brian Flores, who is suing the Dolphins, New York Giants and Denver Broncos, alleging he experienced racial discrimination during the hiring process.

Ross, 81, said he takes “great personal exception to these malicious attacks,” according to a statement obtained by NFL Network’s Cameron Wolfe. He and the team will also “cooperate fully” with a likely investigation from the NFL, per the statement.

“With regards to the allegations being made by Brian Flores, I am a man of honor and integrity and cannot let them stand without responding,” Ross added in the statement. “I take great personal exception to these malicious attacks, and the truth must be known.”

BRIAN FLORES SUES NFL, GIANTS, DOLPHINS FOR ALLEGED RACIAL DISCRIMINATION

In the lawsuit, Flores, 40, alleged Ross incentivized him to lose games during the 2019 season (to get better draft picks) by offering to pay him $100,000 per loss. The Dolphins owner definitively denied this allegation and others concerning racial discrimination in his statement. 

Owner Stephen Ross of the Miami Dolphins looks on prior to the game against the Buffalo Bills at Hard Rock Stadium on Sept. 19, 2021, in Miami Gardens, Florida. (Getty Images)

“His allegations are false, malicious, and defamatory,” Ross continued in the statement. “We understand there are media stating that the NFL intends to investigate his claims, and we will cooperate fully. I welcome that investigation and I am eager to defend my personal integrity, and the integrity and values of the entire Miami Dolphins organization, from these baseless, unfair and disparaging claims.”

BRIAN FLORES OPENS UP ABOUT RACIAL DISCRIMINATION LAWSUIT: ‘WE GOTTA CHANGE HEARTS AND MINDS’

Earlier Wednesday, Flores appeared on “Get Up” where he said he told Miami players about the alleged incentive, ESPN reported

Head coach Brian Flores of the Miami Dolphins takes the field during introductions prior to the game against the New England Patriots at Hard Rock Stadium on Jan. 9, 2022 in Miami Gardens, Florida.
(Getty Images)

“That was a conversation about not doing as much as we needed to do in order to win football games,” the former coach said. “Take a flight, go on vacation, I’ll give you $100,000 per loss — those were his exact words. I deal in truth, I tell the players this, as well. I’m gonna give you good news, bad news — but it’s going to be honest.”

“To disrespect the game like that, trust was lost, and there were certainly some strained relationships, and ultimately, I think that was my demise in Miami,” Flores added, according to the report.

Flores was the head coach of the Dolphins for three seasons before he was fired at the end of the 2021 NFL regular season. He led the Dolphins to a 24-25 record in that span. The Dolphins never made the playoffs in those three years.

CLICK HERE TO GET THE FOX NEWS APP

The Broncos also put out a statement denying the racial discrimination accusation. 

“The allegations from Brian Flores directed toward the Denver Broncos in today’s court filing are blatantly false,” the team said. “Our interview with Mr. Flores regarding our head coaching position began promptly at the scheduled time of 7:30 a.m. on Jan. 5, 2019, in a Providence, R.I., hotel. There were five Broncos executives present for the interview, which lasted approximately three-and-a-half hours — the fully allotted time — and concluded shortly before 11 a.m.”

Head coach Brian Flores of the Miami Dolphins on the sidelines in the game against the Indianapolis Colts at Hard Rock Stadium on Oct. 3, 2021, in Miami Gardens, Florida. 
(Getty Images)

The team added: “Pages of detailed notes, analysis and evaluations from our interview demonstrate the depth of our conversation and sincere interest in Mr. Flores as a head coaching candidate.”

“Our process was thorough and fair to determine the most qualified candidate for our head coaching position. The Broncos will vigorously defend the integrity and values of our organization — and its employees — from such baseless and disparaging claims,” the Broncos’ statement concluded.



Read original article here

Sports

Charges are ‘false, malicious and defamatory’

Leave a comment

Miami Dolphins owner Stephen Ross has broken his silence over the claims against him and the organization in a lawsuit filed by former coach Brian Flores.

In the suit, centered on alleged discriminatory hiring practices in the NFL, Flores also says he was offered a bonus of $100,000 per game by Ross to tank games during his tenure as coach. Flores coached the Dolphins for three seasons and went 24-25 before being fired after a 9-8 campaign in 2022.

Ross personally pushed back against Flores’ claims in a statement released late Wednesday night after the Dolphins had already said they “vehemently deny any allegations of racial discrimination.”

“With regards to the allegations being made by Brian Flores, I am a man of honor and integrity and cannot let them stand without responding,” Ross said. “I take great personal exception to these malicious attacks, and the truth must be known. His allegations are false, malicious and defamatory.

“We understand there are media reports stating the NFL intends to investigate his claims, and we will cooperate fully. I welcome the investigation and I am eager to defend my personal integrity, and the integrity of the entire Miami Dolphins organization, from these baseless, unfair and disparaging claims.”

Flores also alleges Ross pressured him to recruit a prominent quarterback in violation of NFL rules in the winter of 2020. That quarterback was Tom Brady, according to the Palm Beach Post.

“[T]he writing had been on the wall since Mr. Flores’ first season as Head Coach of the Dolphins, when he refused his owner’s directive to ‘tank’ for the first pick in the draft,” the lawsuit claims. “Indeed, during the 2019 season, Miami’s owner, Stephen Ross, told Mr. Flores that he would pay him $100,000 for every loss, and the team’s General Manager, Chris Grier, told Mr. Flores that ‘Steve’ was ‘mad’ that Mr. Flores’ success in winning games that year was ‘compromising [the team’s] draft position.’ ”

The Dolphins missed out on landing quarterback Joe Burrow with the first pick, after going 5-11, to the 2-14 Bengals — who are now in the Super Bowl. Miami selected its current quarterback, Tua Tagovailoa, at No. 5.

Read original article here

Entertainment

Magnolia Network to bring back ‘Home Work’ after no ‘ill or malicious intent’ found during renovation projects

Leave a comment

Check out what’s clicking on FoxBusiness.com.

Magnolia Network is allowing the show “Home Work” to return to air after an investigation into accusations of shoddy home improvement work, Fox News Digital has confirmed.

“Home Work” follows Utah-based couple Andy and Candis Meredith, and their blended family of nine as the two tackle renovation projects for clients’ homes and rental properties. The duo previously hosted “Old Home Love” on HGTV.

‘Home Work’ will return to Magnolia Network following accusations the couple behind the show performed shoddy renovation work. (Noam Galai/Getty Images for Shorty Awards / Getty Images)

Magnolia Network, launched by Chip and Joanna Gaines, confirmed to Fox Business that the show had been pulled Saturday. However, after speaking with the Merediths and other homeowners, the network found that there was no “ill or malicious” intent by the couple.

“Magnolia Network is dedicated to sharing hopeful and genuine stories. In doing that, we strive to meet people with compassion and to cautiously approach difficult moments with honest understanding,” Magnolia President Allison Page said in a statement to Fox News Digital.

CHIP AND JOANNA GAINES’ MAGNOLIA EMPIRE: A LOOK INSIDE

“After speaking with homeowners as well as Candis and Andy Meredith regarding renovation projects for ‘Home Work’ and hearing a mix of both positive and negative experiences, we do not believe there was ill or malicious intent. Our commitment now is to provide resolutions for those whose experience with ‘Home Work’ fell short of our network’s standards.”

At least three homeowners had come forward with accusations that the work done by Andy and Candis Meredith was incomplete or had unsafe work conditions. (Magnolia Network)

CHIP AND JOANNA GAINES LAUNCH MAGNOLIA NETWORK, REBRAND DIY NETWORK

“While ‘Home Work’ will return to Magnolia Network, we recognize the responsibility we have to act on how we can better support not only our talent but those who put their trust in them and this brand,” she concluded.

At least three homeowners, who worked with the Merediths for the show came forward with accusations, alleging the couple’s work was incomplete or had unsafe conditions, in addition to budget issues and timelines.

After Magnolia Network, launched by Chip and Joanna Gaines, spoke with other homeowners and the couple, it concluded there was no ‘ill or malicious intent’ done by the Merediths. (Roy Rochlin/FilmMagic via Getty Images)

CLICK HERE TO READ MORE STORIES ON FOX BUSINESS

“Home Work” originally appeared on Discovery+. The show was set to air on Magnolia Network Jan. 8. The launch of Magnolia Network had been set for October 2020 but had been delayed due to the coronavirus pandemic.

Fox Business’ Melissa Roberto contributed to this report.

Read original article here

Technology

Twitch Confirms That ‘Malicious Third Party’ Was Behind Hack

Leave a comment

Image: Twitch

Twitch has just issued an update after yesterday’s major attack on the service, which resulted in the theft and then public posting of, among other things, the platform’s source code. According to their ongoing investigation, a “a malicious third party” is responsible.

Described by those responsible as “part one” of “an extremely poggers leak,” the data released yesterday included the source code for Twitch’s website and services, its client apps for various consoles, revenue figures for its most prominent streamers, its Amazon cloud-based services, various proprietary SDKs, other services Twitch owns, tools used by its security operations center, and even for an “unreleased Steam competitor from Amazon Game Studios.”

The short statement, issued this evening, says in an enormous understatement that “some data was exposed to the internet”, originating from “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party”. Twitch also reiterates they have “no indication that login credentials have been exposed”, and that “full credit card numbers were not exposed.”

The full statement, published on Twitch’s website under a headline calling this a “Twitch Security Incident”, reads:

We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.

As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.

At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.

Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.

Read original article here

Technology

Malicious iPhone Wi-Fi attack is now more dangerous than ever

Leave a comment

According to Forbes, Schou has since discovered that there is a way for bad actors to increase the damage done by the hack to the point that getting Wi-Fi up and running again requires a custom factory reset while the iPhone’s back up file is manually edited to remove entries that create problems. There had been concerns that the hack, known formally as a format string flaw – could be enhanced to do even more damage. The goal for the bad actors is to use the attack to place malicious code onto handsets and even entire networks.

Novelty iPhone Wi-Fi hack morphs into a more dangerous malicious attack

Originally, iPhone users weren’t too concerned because they would have to be connected to a weirdly named Wi-Fi network in order to get hacked and truthfully, how many of us will connect to a Wi-Fi network named “%p%s%s%s%s%n.” However, it is possible that the strange Wi-Fi network name can be converted into a regular, legit network moniker that could trap iPhone users into believing that they are connecting to a legitimate Wi-Fi network.

Amichai Shulman, CTO of wireless security specialist AirEye, stated that “Our research team was able to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name.” That is a big deal because without the flashing red light of a network named %p%s%s%s%s%n warning an iPhone user to stay away, they could easily find themselves syncing with a malicious Wi-Fi network.

If the malicious attackers can spoof legit hotspots that are used nationwide, iPhone owners won’t be able to tell whether they are connecting to a Wi-Fi network helping them connect to the internet, or connecting to a hacker’s trap that shuts down their Wi-Fi connection.

Shulman says, “Since the attack traffic is not part of the corporate network, Firewalls, NACs and Secure WLANs do not protect against this type of attack and most traditional network security solutions remain completely oblivious to it. Attack traffic can be sent over channels that are not used for corporate network traffic. Consequently, the attack goes undetected by network security solutions and does not leave any trace in the forensics and networking logs.”

Will Apple push out a patch in the upcoming iOS 14.7 build currently being beta tested?

Amichai adds that Apple’s MacBooks could also be vulnerable and format string flaws can also be created for devices running Android, Windows and Linux. “Airborne attacks are new and an as-yet unaddressed threat vector. Given their stealthy nature we’re bound to see more such attacks,” the chief technical officer says.

Apple really does need to put an end to this quickly and the best way to do that would be to disseminate a patch that would stop this malicious hack right in its tracks. Apple has been beta testing iOS 14.7 and perhaps it isn’t too late to add the patch to the final version of iOS 14.7. Until this hack is definitively killed off, you will have to be suspicious of Wi-Fi networks that you’ve never safely connected to before.

All Apple iPhone models running iOS 14 are considered at risk.



Read original article here

Technology

Uninstall These Malicious Android Apps That Stole Facebook Passwords

Leave a comment

Photo: sitthiphong (Shutterstock)

Researchers from Dr. Web have found nine apps with more than 5.8 million combined downloads that were sneakily stealing user’s Facebook passwords using a genuine Facebook login page. As of writing, Google has banned the developer and removed these nine apps from the Play Store, but if you’ve downloaded any of them, it’s time to change your passwords.

How did the apps steal the data?

According to the researchers at Dr. Web, the developer, chikumburahamilton, created fully functional apps for photo editing, exercising, horoscopes, and junk cleaning (among others). After a point, these apps would prompt users to log in using Facebook to unlock the full functionality of the app.

When users did that, the app would kick in their own C&C server (a Command-and-Control server controlled by the developer used to copy and store data from a webpage). After receiving the settings from the C&C server, the app loaded then loaded the legitimate Facebook login page.

Then, the app loaded the JavaScript received from the C&C server into the Facebook login page (JavaScript code is versatile and can be inserted at any point, even when a user just taps on a text field). This Javascript code was then used to copy the username and password.

G/O Media may get a commission

The JavaScript then passed the copied data to the application, which in turn passed it to the app’s C&C server, where it was saved. Once the user logged in to the application, the app also stole cookies from the current authorized session, which were in turn sent to cybercriminals.

In this instance, the apps only used Facebook’s genuine login page. But because of the way JavaScript and C&C servers work, they could have easily done this with any service requiring you to log in.

What can you do about it?

The first thing you should do is to check if you were running one of these nine apps:

  1. PIP Photo
  2. Processing Photo
  3. Rubbish Cleaner
  4. Inwell Fitness
  5. Horoscope Daily
  6. App Lock Keep
  7. Lockit Master
  8. Horoscope Pi
  9. App lock Manager

If you have any of these apps installed, the first step is to uninstall the application.

Then, if you used Facebook login with the app, you need to reset your password immediately.

Next, stay vigilant. Use a trusted anti-virus application like Malwarebytes to detect apps with malicious code. If possible, avoid connecting third-party services like Facebook with random apps downloaded from the Play Store. Because of the way Play Store works, it’s trivially easy for developers to reenter and resubmit apps even after they are taken down (a developer license only costs $25).

Lastly, turn on two-factor authentication for any site that allows it, and pair it with a password manager. This will help you generate and store long passwords securely. And even if a website leak reveals your password, two-factor authentication will protect you from hackers.

[Ars Technica]

Read original article here