RSS

Monthly Archives: May 2016

Choosing the ‘Most Secure’ Online Money Transfer Service

Online money transfer is easy these days; there are services- like Square Cash, Venmo etc- that make it quite easier for you. At the same time, there are some that make it somewhat tough for you to get your own money. So, what kind of service would you choose for online money transfer? Stop and ponder on a few points before giving an answer or rather before making a choice next time…

Some very critical security lapses in Venmo were found and discussed recently. These security holes included Venmo not alerting customers when passwords were changed or when new devices were connected. All this when Venmo, owing to its ease and convenience, has gained such an amount of popularity that people sort of now use Venmo as a verb, as in “Why bother, just Venmo me!”

Well, these “easy” and “fast” money fast transfers do use SSL Certificates; they do ensure encryption of personal data and some of them even claim to be PCI compliant. But still hacks happen and money is stolen, fraudulent transactions are made and much of damage is done. The basic reasons are that most of these ‘easy’, ‘convenient’ services don’t have basic security features like two-factor authentication, or the alerts that should come when passwords are changed or reset or when new devices are added to accounts. Paypal, which is Venmo’s parent company, and Google Wallet could perhaps be seen as the most secure among online money transfer services. Paypal has two-factor authentication and alerts you when passwords are changed and when new devices are connected to accounts. Paypal offers information on how they secure accounts and how accounts can be protected and also guides you on how to file disputes, chargebacks etc. Google Wallet too is among the safest of services and provides enormous amounts of information on how to stay safe using their service. Putting in your money and making purchases is easy, but Google Wallet, and PayPal too, makes it really tough to access the money that’s sent through these services. This is good since others can’t access and get away with your money that easily; at the same time this could be termed bad too, since you yourself would find it a bit tough to get your own money. Now, don’t be misled to think that PayPal and Google Wallet are hackproof; they have also been hacked. It’s just that these are safer, or rather, the safest of the online money transfer services.

So, what’s the solution? How to choose the most secure online money transfer service? Or is it better to send money through banks’ mobile apps or websites?

Well, in today’s world, living without online money transfer would be rather unthinkable for most of us. So the best thing to do would be to do the following things, in addition to checking for SSL certificates and PCI compliance, when you choose to go for online money transfer…

  • Enable all security features available.
  • Watch, carefully monitor your transactions.
  • Keep your notifications turned on.
  • Keep the number of devices connected to your account low.
  • Choose services that have two-factor authentication.
  • Choose services that send alerts when transactions and changes are made.

Advertisements
 
Leave a comment

Posted by on May 30, 2016 in Internet Security, SSL

 

Viking Horde malware bypasses Google Play store Scans – You may be infected

It had been predicted that in the year 2016, attacks against the Android Operating system would increase dramatically. Now, it is just May, and incoming reports seem to ascertain the predictions. Wait! It’s not yet done. There is hell-a-lot more to come this year.

All apps in the Google Play Store have been deemed to be safe, and users believe it to be so. Google follows a stringent procedure to ensure that apps on its store do not contain malware. However, fraudsters seemed to have successfully bypassed the Google Play Store’s vigilant malware verification procedures and scans. So, you may be at risk even if you download from the Google Play Store. While Google has fixed this vulnerability, it is not that cyber criminals will stop breaking through the Google Play Store’s defenses again. Cyber criminals will continue to try hacking through all operating systems, and authentic stores like the Google store. We have to live with it. It will be continuous cycle – Hacking and fixing the vulnerability.

The Viking Horde malware attack

The latest attack on Android has been named as the Viking Horde malware attack. This malware joins the infected device into a botnet, that can then be used for spamming, DDoS attacks, ad fraud and other malicious activities. The owner of the device will have no knowledge that the device has become part of a botnet. And if the device has been rooted, it is more vulnerable – the damage is more severe – malware for remote code execution is downloaded . If the malware gains root privileges then its removal is very, very difficult.

Viking Jump app was rated a top free app on Google Play store after it was uploaded in April 2016. The game received massive downloads. During installation the malware app asks for root access, which is a questionable request/ permission. Users need to be wary of such permissions instead of just clicking on “Agree”. Techno savvy users may have been suspicious and may have not downloaded the app.

The Viking Horde includes other apps – Wi-Fi Plus, Parrot Copter, Memory Booster, and Simple 2048. When a game is initiated, certain components get installed outside the directory of the app. The malware initiates a communication protocol with a command and control server (C&C server). An anonymous proxy connection with two IP addresses and ports is then created. The botnet exploiter uses one socket, while the other socket is for the target. The cyber criminal’s IP gets hidden behind the victim’s IP. The botnet is also quite difficult to detect, and the user may not know that this device is a bot.

The other primary motive of the Viking malware was to hijack the device and use it for ad clicks. The malware would cause clicks on websites to generate revenue, and as the clicks were from proxied IP addresses it would be difficult to doubt the transactions.

To conclude, Be Safe! Be Wary of what you download even from the Google Store or any other reputed app store. Check the permissions that the app demands, and don’t download if you are not comfortable with the permissions. And if you have downloaded – Viking Jump, Wi-Fi Plus, Parrot Copter, Memory Booster, or Simple 2048, try to uninstall them immediately and scan your device with an effective antivirus for android.

 

Tags: ,

Virus Scan Stops Medical Device to Crash During Major Heart Surgery

Medical Device Stops Due to Unprompted Virus Scan During Cardiac Surgery

Jokes about forgetful doctors leaving scalpels inside their patients’ guts are becoming cliched now. In today’s “connected” world, where technology is fast replacing jobs, computers too can cause unthinkable goof ups. In a rare turn of events, an antivirus software scan almost cost a patient’s life recently during a highly-sensitive medical surgery in the US.

Generally, an antivirus software is supposed to protect a device from malwares and increase its efficiency. In this case though, the antivirus caused an almost-fatal incident by forcing a computerized medical device to crash in the middle of the cardiac surgery.

Medical Device Stops Due to Unprompted Virus Scan During Cardiac Surgery

Although it took place in February, the incident only surfaced recently in the news waves when Softpedia published a news piece about it. A report was filed to the Food and Drugs Administration (FDA) for investigation and other online media quickly picked up the story.

According to reports, the antivirus software hindered the functioning of a medical device called Merge Hemo, an equipment that’s critical in its role for monitoring the real-time health of patients during cardiac surgeries.

Apparently, the hospital staff behind the operation of the machine had set-up the machine’s virus scan configuration cycle on hourly basis, which is against what the software vendor recommends. Following this, the antivirus software prompted a malware scan and caused Merge Hemo interface to freeze and eventually crash momentarily.

The FDA, in its report about the incident clarifies that it wasn’t Merge Hemo that malfunctioned, but blames the mistakenly pre-set configuration for it. “Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect,” writes the FDA report.

It further notes, “The anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files. Our experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.”

The incident proved to be a narrow escape for the fortunate patient as the doctors were able to revive the crashed machine and complete the procedure successfully. The said medical procedure is reported to be catheterization, for which surgeons put a catheter inside the heart’s veins and arteries to diagnose any existing heart ailments. Such specialized surgeries have very little room for human neglect because they bear the risk of major impair in a patient’s health or fatal deaths.

Neither the Softpedia news nor the FDA reveal the hospital’s name or location involved in this case.

 
 

Tags: , ,