How to stop trolls from taking over your Zoom call

Zoombombing can be prevented, but it’s not as easy as it should be
By Casey Newton@CaseyNewton Mar 27, 2020, 3:37pm EDT


Photo by Andrew Lichtenstein/Corbis via Getty Images


Zoom is an easy-to-use videoconferencing tool with a generous free tier. With people around the world isolating indoors to protect themselves against the spread of the coronavirus, it has never been more popular.

But its popularity has also attracted trolls. The phenomenon of “Zoombombing,” in which an uninvited guest uses Zoom’s screen-sharing feature to broadcast porn and shock videos, has been on the rise. Most Zoom meetings have a public link that, if clicked, allow anyone to join. Trolls have been collecting these links and sharing them in private chat groups, and then signing on to other people’s calls to cause mischief.

There’s an easy way to stop this from happening, but Zoom makes it needlessly difficult to find. If you schedule a meeting from the web interface, you won’t see the option to disable screen sharing. Instead:
Click on “Settings” in the left-hand menu
Scroll down to “Screen sharing” and under “Who can share?” click “Host Only”
Click on “Save”

Once you save your settings, future meetings that you start will have sharing disabled by default.

If you forget to change the setting before you start your meeting, there’s a way to modify your settings after it starts:
Once your Zoom meeting is running, click the caret to the right of the green “Share Screen” button in the center of the bottom row of icons
Click “Advanced Sharing Options...”
A dialog box will pop up allowing you to switch screen sharing availability from all participants to the host only.

And what if you’re creating a meeting from your mobile device?

To disable screen sharing after you’ve started your meeting:
Tap the More (...) button at the bottom right corner of the screen
Tap “Meeting Settings”
If you’re using an iPhone, scroll down to “Allow Participants to Share” and switch the toggle off.

If you’re using an Android phone, find “Lock Share” and switch the toggle on.

OpenWrt: Σοβαρό σφάλμα επιτρέπει πλήρη πρόσβαση στο σύστημά σας

By SecNews 26 Μαρτίου 2020, 19:15



Ένας ερευνητής ασφαλείας ανακάλυψε σοβαρό σφάλμα στο λειτουργικό σύστημα OpenWrt το οποίο επιτρέπει στους επιτιθέμενους να εισάγουν κακόβουλο λογισμικό στα ευάλωτα συστήματα.

Το OpenWrt είναι ένα λειτουργικό σύστημα βασισμένο στο Linux που χρησιμοποιείται κυρίως σε ενσωματωμένες συσκευές και routers για τη δρομολόγηση του network traffic και υπάρχει σε εκατομμύρια συσκευές σε όλο τον κόσμο.

Το σφάλμα, το οποίο ονομάστηκε RCE, επιτρέπει στον package manager να αγνοεί το SHA-256 checksum, με αποτέλεσμα να επιτρέπει στον εισβολέα να παρακάμψει τον έλεγχο των .ipk πακέτων. Ο ερευνητής Guido Vranken, εξήγησε ότι βρήκε αυτήν την ευπάθεια τυχαία όταν προετοίμαζε ένα task για το opkg.

Για να εκμεταλλευτεί κάποιος το σφάλμα, πρέπει πρώτα να στείλει τα μολυσμένα πακέτα από ένα web server. Στη συνέχεια, πρέπει να δημιουργηθεί επικοινωνία μεταξύ της συσκευής και του downloads.openwrt.org και ο εισβολέας πρέπει να έχει τη δυνατότητα να αλλάξει το DNS Server, για να μπορεί το downloads.openwrt.org να αντιστοιχεί σε έναν server ο οποίος είναι υπό τη διαχείριση του εισβολέα. Στην πραγματικότητα, το opkg του ΟpenWrt επιτρέπει στους επιτιθέμενους να αποκτήσουν πλήρη πρόσβαση σε ολόκληρο το σύστημα.

Κατά τη διάρκεια της επίθεσης, ο hacker πρέπει να έχει ένα έγκυρο και signed package index από το downloads.openwrt.org, ενώ τα κακόβουλα πακέτα πρέπει να έχουν το ίδιο μέγεθός όπως αυτό το οποίο αναφέρεται στο index.

Η ευπάθεια πλέον έχει διορθωθεί και οι χρήστες καλούνται να αναβαθμίσουν το σύστημά τους στην πιο πρόσφατη έκδοση του OpenWrt. Η αναβάθμιση γίνεται με τις ακόλουθες εντολές:cd /tmp
opkg update
opkg download opkg
zcat ./opkg-lists/openwrt_base | grep -A10 "Package: opkg" | grep SHA256sum
sha256sum ./opkg_2020-01-25-c09fe209-1_*.ipk

"Corona antivirus" infects victims with malware

"Corona antivirus" infects victims with malware


By Anthony Spadafora 2 days ago

New site claims its antivirus software can protect users from getting the coronavirus




(Image credit: Malwarebytes)


Cybercriminals continue to leverage the ongoing coronavirus outbreak for their own gain by launching numerous scam campaigns which use Covid-19 as a lure to trick users into installing a variety of malware and data stealers.

In the latest scam, discovered by Malwarebytes, cybercriminals have set up a website advertising “Corona Antivirus - World's best protection” which tries to trick users into installing antivirus software that supposedly has the capabilities to protect users from becoming infected with the virus in real life. The creators of the site have even provided more details on how their solution works, saying:

“Our scientists from Harvard University have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.”
Beware these new coronavirus email scams
Malware strains using coronavirus to avoid detection
Phones from US government came packed with Chinese malware



While most users will likely understand that there is no way for any type of software to protect them from becoming infected with the coronavirus, there is a possibility that some will fall for this scheme as the cybercriminals behind it have taken the necessary steps to make their website appear legitimate.

BlackNET RAT

Once a user installs the application available on the Corona Antivirus site, their computer will be infected with malware. The installation file, which contains the commercial packer Themida, will turn a user's PC into a bot ready to receive commands.

After inspecting the command and control server, Malwarebytes discovered a control panel for the BlackNET botnet. The full source code for the BlackNET toolkit was published on GitHub a month ago and some of its features include deploying DDoS attacks, taking screenshots, stealing Firefox cookies, stealing saved passwords, implementing a keylogger, executing scripts and stealing Bitcoin wallets, among others.

While working from home, it is important that all users keep their computers up to date and exercise caution when downloading and installing new programs to avoid falling victim to the many coronavirus-themed scams that are currently making their way around the web.

After investigating the Corona Antivirus site, Malwarebytes informed CloudFlare of its discovery and the CDN took immediate action to flag the website as a malicious.

Home office is where the heart is…

James Shepperd23 Mar 2020


Home office is where the heart is…

Or is it… home office is where the hurt is?

Usually I am quite happy to have home office, in my division at ESET (IT company) we are permitted two per month. It’s not a lot but maybe that is why I look forward to it. My kids are at school, my wife is at work and my colleagues are behind a virtual wall that I control! (-;

Or, I should probably say, that was home office. With COVID-19 restrictions in place, home office has… certainly changed, a lot! For starters, both my kids and wife are home. Then, my team… well it just got a lot bigger. The number of ESET staff and departments I connect with has virtually multiplied by a factor of three, at least it feels like it. It’s not that I am bitter, just well, its not fun and games anymore.

VPN
Shields up! With only 2 home offices per month, I simply relied on my company provided Virtual Privacy Network (VPN) as a significant enough safeguard, but after reading this blog on home office security measures end to end, which I requested; I took a look at my router settings. Oh, looks like I have some security improvements to make. Anyway, with my VPN turned on I can access some otherwise restricted marketing resources, which have their own protection protocols. In simply terms a VPN lets you to make a secure connection to another network over the Internet, access region or security-restricted websites, shield your browsing activity. Now that I, along with every other marketer in the company is accessing these files from their home networks I can see why there is the added layer of protection.

Passwords
Best Practice Aside from the little notebook with the hard copy of passwords I keep buried under my..., I use a password manager, which can store all my needed credentials in one place, under one “master password”. Just as a reminder, create a strong password or passphrase, keep the password(s) secure and consider a second (factor) method of protection that helps prevent unwanted access.
Even strong passwords can fall victim to malicious actors using keyloggers and other technology to crack your online accounts. So, strongly consider using a product like ESET Smart Security Premium that integrates several privacy protection features including password management and protection against keylogging via Two Factor Authentication (2FA).

Two Factor Authentication
“Open Sesame” and… While my VPN is a prerequisite for accessing our intranet and a number of applications that can be found there, for more sensitive applications I am challenged at the “gate”. What I mean is that my login is quickly followed by a request for a single time passcode.

The companion app for our intranet platform pings my mobile phone with the authenticator, I enter the code and “I’m in!”. When I first came to the company, I used to mutter under my breath about accessing various admin dashboards or restricted forums with 2FA. I saw it as just another barrier or headache. But in the years since, especially working on our offer for small and medium businesses and small or home office clients I have seen up close how social media or whole websites get disrupted, events that cause serious reputational damage. I don’t want that kind of damage on my name. These days I even use 2FA on my personal email account after it got hacked.

Kids and Home Office
The Pain, now on to a more personal note, my kids interfering with my perfect home office vibe! The Corona virus has upped the ante on my multitasking skills. My kids have to learn – my wife and I are their new substitute teachers. We also have to work. So it means, teach and work at the same time. So, my top tip, keep them on their usual schedule.

Mornings: Wake at 6:30 am, we have a bite to eat and then put on our masks and glasses and then take a brisk 20min walk through the park behind our house. This gets everyone going and ready to start their daily assignments, which come via email. I know many of you won’t have empty parks behind your houses, but if you have an area near bye with low numbers of people (at 6:45-7:00 am they should be empty), then the benefit to mood and focus is (to me) worth the risk.

By 8:00 am, I am at my desk, and the kids have started with any assignments. Our rule is that they have to finish their first block of assignments by 11:00 am, the lunch time I had pre-COVID-19. I found that by addressing my needs first I am able to be more patient and adaptable with covering their needs.

Meals, well… when I shop, I buy a lot of fruit for snacks and when making sandwiches or cooking warm meals have started making double portions to ensure we have enough leftovers. They are starting to accept that we aren’t going to the store so often and they will get leftovers at least once every day. Smiley (-:

Afternoons: After lunch, I disengage from my work and review any questions, lost assignments, or missing workbook issues. Before sinking myself into that task I make sure to lock my PC (Ctrl+Alt+Del). That prevents my kids from accidentally loosing my work… or publishing anything to the company’s social media.

My wife: She has a busy job, lots of calls, video chats etc. This is a challenge. Back to my 8:00am – 11:00am sprint. During those hours he tries to be available for the kids, in the afternoon I am up. This trade off doesn’t mean we are in full teacher mode, but it allows one of us to accept a period of interruption, knowing that later, we will have higher quality work time. When we both know we’ll be engaged on conference calls or whatever… that is when some scheduled online educational games and snacks come in handy.








Oh, and the daily device wipe down: Since my hands haven’t completely fallen off, yet… I also take the opportunity to wipe down my keyboard, mouse and trackpad. If you’ve got tablets, I’d do those to with (screen safe) cleaner or in a pinch simply a damp rag. I start with our devices and move on to doorknobs and high traffic surfaces.

Promises: I promised this personal view on my secure home office to the Public Relations team at ESET. After saying “YES”, I started to feel vulnerable. “My security practices are gonna be visible to all my colleagues and the wider public.” But, there is hope.

Only via critique can you learn better practices and maybe the Corona virus can achieve what GDPR and countless internet security awareness campaigns have yet to do, raise people’s appreciation for basic security measures.

Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme



March 24, 2020Ravie Lakshmanan
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.

Dubbed "Tekya," the malware in the apps imitated users' actions to click ads from advertising networks such as Google's AdMob, AppLovin', Facebook, and Unity, cybersecurity firm Check Point Research noted in a report shared with The Hacker News.

"Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on)," the researchers said.


While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer and utility apps to perform phony clicks on ads.


Malware Abuses MotionEvent API to Simulate User Clicks
Stating that the campaign cloned legitimate popular apps to gain an audience, the newly discovered 56 apps were found bypassing Google Play Store protections by obfuscating its native code and relying on Android's MotionEvent API to simulate user clicks.

Once an unwitting user installed one of the malicious apps, the Tekya malware registers a receiver, an Android component that's invoked when a certain system or application event occurs — such as a device restart or when the user is actively using the phone.



The receiver, when it detects these events, then proceeded to load a native library named "libtekya.so" that includes a sub-function called "sub_AB2C," which creates and dispatches touch events, thereby mimicking a click via the MotionEvent API.


An Ongoing Problem of Mobile Ad Fraud
Mobile ad fraud manifests in different ways, including threat actors planting malware-laced ads on user phones or embedding malware in apps and online services to generate clicks fraudulently to receive payouts by advertising networks.


Mobile security vendor Upstream's analysis of 2019 data revealed that the favorite apps for hiding ad-fraud malware are those that purport to improve productivity or improve device functionality. Nearly 23 percent of the malicious Android ads that Upstream encountered last year fell into this category. Other apps that attackers frequently used to hide malware included gaming apps, entertainment, and shopping apps.

Google, for its part, has been actively trying to stop rogue Android apps from infiltrating the Google Play Store. It has leveraged Google Play Protect as a means to screen potentially harmful applications and also forged an "App Defense Alliance" in partnership with cybersecurity firms ESET, Lookout, and Zimperium to reduce the risk of app-based malware.

To safeguard yourself from such threats, it's recommended that you stick to the Play Store for downloading apps and avoid sideloading from other sources. More importantly, scrutinize the reviews, developer details, and the list of requested permissions before installing any app.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.