Month: April 2021

Android users should be wary of messages that are being circulated on WhatsApp and other major messaging apps, and promise to provide a new color theme for WhatsApp. Disguised as an official update for the ubiquitous chat app, the “WhatsApp Pink” theme is actually a variant of malware. The tainted app includes malicious code that allows attackers to fully compromise a device. Most of the infections were reported by WhatsApp users in India.

Once the app is installed on the device, when the user clicks on its icon, the app disappears, claiming that it was never installed. The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.

The good news is that Android users that have installed the WhatsApp Pink app can simply remove it from their device.

Read more about it here.

Geico, the second largest auto insurer in the US, has fixed a security bug that let fraudsters steal customers’ driver’s license numbers from its website.

Some Geico customers were notified in April 2021 that their personal information — specifically their drivers license number — had been compromised in a data breach caused by a security bug on the insurer’s website.

The message sent to customers said that “between January 21, 2021 and March 1, 2021, fraudsters used information about you — which they acquired elsewhere — to obtain unauthorized access to your driver’s license number through the online sales system on our website.”

Geico further said it had “reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”

Geico said it has since secured its website from the vulnerability.

Read more about it here.

On April 3, 2021, Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, alerted the public via Twitter that a Facebook data leak had made 533 million personal records available online “for free.” There are records for more than 32 million accounts in the US, 11 million in the UK, and 6 million in India. Leaked details in some cases included full name, location, birthday, email addresses, phone number, and relationship status.

Facebook said the data was scraped in 2019, when malicious actors took advantage of a vulnerability with its contact importer tool. It also said it had fixed the issue in September 2019.

The scraped information did not include financial information, health information or passwords. Although the data is from 2019, it could still be of value to hackers and cyber criminals who engage in identify theft.

Following a massive data leak to the political research firm Cambridge Analytica, Facebook reached a landmark agreement with the US Federal Trade Commission in 2019, that requires the company to report breaches affecting 500 or more users within 30 days of confirming an incident.

What can you do to protect yourself ?

• Visit the web site Have I Been Pwned, and enter your email address or phone number. The site run by security researcher Troy Hunt.
• If your data has been compromised, change your password and enable two factor authentication.

Read more about it here.