Tech Support Blog

Audacity 3.0 called spyware over data collection changes by new owner

July 5, 2021 by admin

Audacity, the well-known open-source audio-editing software, has been called spyware in a report, with privacy policy changes revealing the tool is collecting data on its users and sharing it with other firms, as well as sending the data to Russia.

Audacity was acquired by Muse Group in May, a company that also controls Ultimate Guitar, MuseScore, and Tonebridge. Since the purchase of Audacity, changes have been discovered in online support documents indicating that it is being used to perform data collection on its users.

Bad Android Apps Removed From Play Store—Uninstall These Now

November 7, 2019 by admin

Updated: Google has confirmed that another set of Play Store apps have now been removed after they were found to be infecting devices with malware. Any users with those apps installed should ensure they are uninstalled from their devices. The seven apps are designed to open backdoors onto an infected device, pulling separate malware apps from elsewhere, circumventing Play Store security. When those apps are downloaded and installed, they hide away from users who don’t even realize they’ve been brought onto their phones. The malicious intent of the latest malware-laced apps is ad fraud , but there is a more dangerous threat lurking behind.

This latest warning comes just as as Google announced an “App Defense Alliance” to “ensure the safety of the Play Store.” The seven apps, discovered by the threat research team at Wandera, do not contain ad fraud malware themselves. Instead they are dropper apps—they download malware “payload” apps and install them onto target devices. This leaves the user with both the dropper app and the payload app installed. Both need to be identified and deleted. The dropper apps bypass store security to bring in threats from outside the ecosystem.

These dropper apps pull the malware payloads from Github, and Wandera VP Michael Covington told me the team was escalating details about the apps “because the backdoor introduced via the dropper code is a significant risk for anyone using these apps—given the obfuscation techniques in use, we have not yet ruled out other apps that may be using similar techniques to introduce unsanctioned code.”

Continue Reading

Trend Micro insider sold 120,000 customer records to scammers

November 6, 2019 by admin

Trend Micro today revealed one of its staff went rogue and illegally sold the personal information of roughly 120,000 of its customers.

The security software vendor said names, email addresses, ticket support numbers, and in some cases phone numbers, of around one per cent of Trend’s 12 million customers, were copied from an internal database by the worker and sold off to an outside scammer.

Payment card details are not believed to have been accessed, nor were any details from government or enterprise customer accounts, we’re told.

Trend said it caught wind the scheme back in August, when customers began to report receiving suspicious calls by people claiming to be Trend Micro support staff. After learning that the scammers seemed to know detailed information about the clients and their accounts, Trend started probing.

“We immediately started investigating the situation and found that this was the result of a malicious insider threat,” Team Trend said in announcing the leak. “The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.

Continue Reading

Updating your software makes you more secure

November 4, 2019 by admin

“Keep your software updated!” is the closest thing we have to security advice that will work for everyone. But the reasoning behind it can be counterintuitive, and even quick updates can intolerably interrupt people’s workflows. Below are several common questions about why it is so important to update one’s software, as well as tips for how to talk about it with people new to digital security.

Updating your software makes you more expensive to hack.

No software is perfect. Programmers make mistakes, best practices get updated, and security problems are discovered over time.

Sometimes, security researchers will discover security bugs and not report them to the developer. This kind of bug is called a “zero day” or “0-day,” because the company that could fix it does not know about it and has had “zero days” to address it. These kinds of bugs can be hard to find and expensive to purchase, and are sometimes used in targeted malware or phishing attacks on very high-value targets. Most people do not have to worry about these kinds of bugs.

More often, it will be amateur or professional security researchers, academics, or employees at the company itself who discover such problems, and report them back to the developers to get fixed. When that’s the case, the company can release updates (also known as “patches”) to correct the problem. If you update your software as soon as that pesky “Update!” notification pops up, you are staying current with the best available protections.

Read More

Dont fall for fake virus infection alerts

September 19, 2019 by admin

Two Americans used bogus virus-infection alerts to bilk $10m out of PC owners, it is alleged.

Romana Leyva, 35, of Las Vegas, Nevada, and Ariful Haque, 33, of Bellerose, New York, were each charged this week with one count of wire fraud and conspiracy to commit wire fraud. Each count carries a maximum of 20 years in the clink.

fake virus alerts According to prosecutors in southern New York, Leyva and Haque masterminded a classic tech-support scam that warned netizens their computers were infected with malware that didn’t actually exist and would need a costly, and yet entirely unnecessary, repair.

We all know this type of scam: phony “system alert” pop-up ads in web browsers that try to scare punters into believing their machine is riddled with spyware, along with a phone number to call for “tech support” or a repair service that costs an arm and a leg – and doesn’t actually do anything useful.

“In at least some instances, the pop-up threatened victims that, if they restarted or shut down their computer, it could cause serious damage to the system’ including ‘complete data loss’,” the prosecution wrote in its court [PDF] paperwork.

Continue Reading at The Register

Apple Is Discouraging Repair by Locking iPhone Batteries

August 14, 2019 by admin

By activating a dormant software lock on their newest iPhones, Apple is effectively announcing a drastic new policy: only Apple batteries can go in iPhones, and only they can install them.

iPhone Battery Locked

If you replace the battery in the newest iPhones, a message indicating you need to service your battery appears in Settings Battery, next to Battery Health. The “Service” message is normally an indication that the battery is degraded and needs to be replaced. The message still shows up when you put in a brand new battery, however. Here’s the bigger problem: our lab tests confirmed that even when you swap in a genuine Apple battery, the phone will still display the “Service” message.

It’s not a bug; it’s a feature Apple wants. Unless an Apple Genius or an Apple Authorized Service Provider authenticates a battery to the phone, that phone will never show its battery health and always report a vague, ominous problem.

Continue Reading at iFixIt