Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Netflix. Show all posts

X's URL Blunder Sparks Security Concerns

 



X, the social media platform formerly known as Twitter, recently grappled with a significant security flaw within its iOS app. The issue involved an automatic alteration of Twitter.com links to X.com links within Xeets, causing widespread concern among users. While the intention behind this change was to maintain brand consistency, the execution resulted in potential security vulnerabilities.

The flaw originated from a feature that indiscriminately replaced any instance of "Twitter" in a URL with "X," regardless of its context. This meant that legitimate URLs containing the word "Twitter" were also affected, leading to situations where users unknowingly promoted malicious websites. For example, a seemingly harmless link like netflitwitter[.]com would be displayed as Netflix.com but actually redirect users to a potentially harmful site.

The implications of this flaw were significant, as it could have facilitated phishing campaigns or distributed malware under the guise of reputable brands such as Netflix or Roblox. Despite the severity of the issue, X chose not to address it publicly, likely in an attempt to mitigate negative attention.

The glitch persisted for at least nine hours, possibly longer, before it was eventually rectified. Subsequent tests confirmed that URLs are now displaying correctly, indicating that the issue has been resolved. However, it's important to note that the auto-change policy does not apply when the domain is written in all caps.

This incident underscores the importance of thorough testing and quality assurance in software development, particularly for platforms with large user bases. It serves as a reminder for users to exercise caution when clicking on links, even if they appear to be from trusted sources.

To better understand how platforms like X operate and maintain user trust, it's essential to consider the broader context of content personalization. Profiles on X are utilised to tailor content presentation, potentially reordering material to better match individual interests. This customization considers users' activity across various platforms, reflecting their interests and characteristics. While content personalization enhances user experience, incidents like the recent security flaw highlight the importance of balancing personalization with user privacy and security concerns.


New Password-sharing Rule from Netflix Can Annoy Users


Netflix puts a stop to password-sharing

Netflix is bringing new rules to stop password sharing. It can be good news for Netflix and its investors hoping to increase revenue. But it surely is bad news for customers, their families, and their friends.  

So Netflix is using a unique multi-step process for bringing out this unpopular change. First, it warned everyone about it in advance. After that, it slowly started bringing out changes in secondary markets in Latin America before touching the Canada and U.S., where Netflix gets 44% of its revenue. 

When will the new password-sharing rule apply

The company said that new changes might come in more places in the first months of 2023. In its newest edition, it has given more information about how the password crackdown might actually help, but it hasn't provided enough info for customers to understand how it will affect them. Or when. 

These are smart tactics from a smart company. The reaction to this latest change on social media and media is not positive. By the time these new changes are implemented in the U.S., it will feel like old news. 

Users who do password sharing may actually create new accounts, or switch to other streaming platforms like Amazon Prime, Disney+, or Hulu instead. The new rule might also trigger some existing customers to cancel their subscriptions. However, it is unlikely to see large numbers of people quit Netflix because the outrage will be dampened by then. 

New password-sharing rules will annoy users

Even if you're not a user who shares their Netflix password, the new rules can annoy you at some point- if you're traveling or watching Netflix at a cafe or at someone else's home. Netflix said the user might be asked to verify their devices in certain situations when the user is away from home. The company assures that "Verifying a device is quick and easy." 

If the process sounds complex to you, you may be thinking "how many times will I have to go through this process." Unfortunately, there's no immediate answer to this as Netflix hasn't provided many details about that. It said that if a user is away from a Netflix household for a certain amount of time, you may be sometimes asked to verify their device. 

Password-sharing may ask for periodic verifications

The rules also say that the user may have to verify their device "periodically." But if you're at home, you won't have to do it as Netflix will recognize your device from your IP address and device ID. It can annoy users who are concerned about sharing their data. 

Is the crackdown on password sharing a stupid move, especially during a time when streaming platform competition is at an all-time high? Or was Netflix foolish in the past to have a rule that it knew people would break? Will the vast number of freeloaders really buy their own Netflix accounts, or will they simply ask their friends to share the 4-digit OTP? 

We will know the answers only when the new password-sharing rule is brought in.

Researchers Have Issued a Warning About Phishing Scams That Imitate Netflix

 

The tremendous shift of movie and television audiences to streaming services over the last year has offered scammers a golden opportunity to conduct phishing attacks in order to trick future customers into handing over their payment information. Cybercriminals will always follow payment data, according to Kaspersky's Leonid Grustniy, who warned of phishing attempts disguised as Netflix, Amazon Prime, and other streaming service offers. 

Depending on their current streaming subscription status, Kaspersky's researchers detected several lures aimed at targets. Fake sign-up pages for services like Netflix were used to obtain victims' email addresses and credit card information. “Armed with your info, they can withdraw or spend your money right away; your email address should come in handy for future attacks,” Grustniy wrote. 

Fans who did not have subscriptions were lured in by cybercriminals who offered them the chance to view popular series on a bogus website. They usually display a short clip as a teaser, which they try to pass off as a fresh, previously unaired episode. It's usually taken from trailers that have been in the public domain for a long time. Victims who are interested are then prompted to purchase a low-cost subscription in order to continue viewing. What happens next is a standard scenario: any payment information entered by users is sent directly to the fraudsters, and the never-before-seen episode continues. 

Account credentials for streaming services are also popular among cybercriminals, who are interested in more than just bank account information. Because hijacked accounts with paid subscriptions are sold on the dark web. 

Scammers are increasingly using the extensive cultural influence of video streaming platforms as a weapon. For example, the worldwide enthusiasm in Netflix's Squid Game has recently been used to scam crypto investors out of more than $3.3 million. Check Point Research identified a fraudulent Netflix application in the Google Play store last spring, which spread via WhatsApp chats.

Users should avoid clicking on any emails that appear to be affiliated with streaming services and be aware of obvious signals that it's a scam, such as misspellings in messages when payment information is requested. “Do not trust any person or site promising viewings of movies or shows before the official premiere,” Grustniy added.

Users of Netflix, Instagram, and Twitter are all Targeted by the MasterFred Malware

 

MasterFred is a new Android malware that steals credit card information from Netflix, Instagram, and Twitter users via bogus login overlays. With unique fake login overlays in several languages, this new Android banking virus also targets bank clients. In June 2021, a MasterFred sample was uploaded to VirusTotal for the first time, and it was discovered in June. One week ago, malware analyst Alberto Segura released a second sample online, claiming that it was deployed against Android users in Poland and Turkey. 

Avast Threat Labs researchers uncovered APIs given by the built-in Android Accessibility service to show the malicious overlays after examining the new malware. "By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter," Avast said. 

Malware creators have been utilizing the Accessibility service to simulate taps and traverse the Android UI to install their payloads, download and install other malware, and do various background operations for a long time. MasterFred, on the other hand, stands out in a few ways. One of them is that the malicious apps that transmit malware to Android devices also include HTML overlays that display bogus login forms and collect financial information from users. 

The malware also sends the stolen data to Tor network servers controlled by its operator via the Onion.ws dark web gateway (aka Tor2Web proxy). Because at least one of the malicious apps bundled with the MasterFred banker was recently available in Google's Play Store, it's safe to assume that MasterFred's operators are also distributing this new malware through third-party stores.

"We can say that at least one application was delivered via Google play. We believe that it has been removed already," Avast's research team said. 

Another Android malware was identified in September that managed to infect over 10 million devices in over 70 countries. GriftHorse is the name of the malware, which was found by researchers at mobile security firm Zimperium. GriftHorse's success, according to Zimperium researchers, Aazim Yaswant and Nipun Gupta, is due to the malware's "code quality, which uses a wide range of websites (194 domains), malicious apps, and developer identities to infect people and avoid detection for as long as possible."

Sydney Man Detained by AFP, Obliged to Pay AUS $1.66 Million

 

As punishment, a Sydney man who has been selling hijacked subscription service deets must now pay almost $1.66 million in cryptocurrency (and some cash). The 23-year-old had previously been sentenced to two years and two months in prison in April for running the massive illicit operation that sold Netflix, Hulu, and Spotify usernames and passwords. 

According to the AFP, the funds would be allocated by the Department of Home Affairs to assist crime prevention, law enforcement, and community safety activities. The accused will now face a two-year and two-month jail term also. 

The AFP launched an investigation in May 2018 after receiving information from the FBI concerning a now-defunct account-generating website named WickedGen.com. 

WickedGen was a portal that offered stolen login information for internet subscription services such as Netflix, Spotify, and Hulu. The account information belonged to unwitting individuals in Australia and across the world, including the United States. 

The Sydney resident was identified as the site's founder, operator, and major financial beneficiary, as well as the developer, of WickedGen and three additional sites which too provided similar services. The perpetrator had over 150,000 registered members throughout four websites and sold about 86,000 memberships to unlawfully access authorized streaming services. 

In October of last year, the Sydney-based man pled guilty to acquiring these log-ins and passwords. Following the guilty plea, the AFP's Criminal Assets Confiscation Taskforce (CACT) secured restraining orders on the individual's cryptocurrencies, as well as bank and PayPal accounts kept under fictitious identities. 

While comparing to all those who watch free-to-air television, the usage of online subscriptions has increased in Australia, with nearly the same amount of Australians consuming material via online subscription streaming platforms, such as Netflix. 

According to the observations published by the Australian Bureau of Communications, Arts, and Regional Research, the prominence of over-the-top services has been on the surge.

Fake Netflix App Spreads Malware via WhatsApp Messages

 

Researchers have discovered malware camouflaged as a Netflix application, prowling on the Google Play store, spread through WhatsApp messages. As per a Check Point Research analysis released on Wednesday, the malware took on the appearance of an application called "FlixOnline," which publicized by the means of WhatsApp messages promising "2 Months of Netflix Premium Free Anywhere in the World for 60 days." But once installed, the malware begins stealing information and credentials.

The malware was intended to monitor incoming WhatsApp messages and automatically react to any that the victims get, with the content of the response crafted by the adversaries. The reactions attempted to bait others with the proposal of a free Netflix service, and contained links to a phony Netflix site that phished for credentials and credit card information, analysts said. 

“The app turned out to be a fake service that claims to allow users to view Netflix content from around the world on their mobiles,” according to the analysis. “However, instead of allowing the mobile user to view Netflix content, the application is actually designed to monitor a user’s WhatsApp notifications, sending automatic replies to a user’s incoming messages using content that it receives from a remote server.” Once you install the FlixOnline application from the Play Store, it asks for three sorts of authorizations: screen overlay, battery optimization ignore, and notification. Researchers from Check Point noticed that overlay is utilized by malware to make counterfeit logins and steal client credentials by making counterfeit windows on top of existing applications. 

The malware was additionally able to self-propagate, sending messages to client's WhatsApp contacts and groups with links to the phony application. With that in mind, the computerized messages read, “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE [Bitly link].”

“The malware’s technique is fairly new and innovative,” Aviran Hazum, manager of Mobile Intelligence at Check Point, said in the analysis. “The technique here is to hijack the connection to WhatsApp by capturing notifications, along with the ability to take predefined actions, like ‘dismiss’ or ‘reply’ via the Notification Manager. The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags.”

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Attention Binge-Watchers! A New Netflix Scam Is On the Loose






Netflix users, become the target of yet another cyber-attack, this time as a phishing scam email requesting for the users to update their billing information so as to unlock their accounts.

The email scam says that the user account has been briefly suspended because of a few issues in the "automatic verification process" in this way, to unlock their accounts, the users would need to update their billing information i.e. the details of their payment method and credit/debit cards.

Since the user will have to login to their respective Netflix accounts they will be in danger of having their 'identity' stolen and their bank account will be at risk of being cleared.

This kind of scam isn't new though, particularly for huge brands, such as Netflix.

"Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information," a Netflix spokesperson said.

The email security service responsible for detecting the Netflix phishing email and releasing an announcement advising users to be alert was MailGuard ,which is known to detect and block the "criminal intent" messages.

Despite the fact that Netflix utilizes various proactive measures to distinguish such fake exercises, a spokesperson from the 'streaming giant'  told media and the users who need to figure out how to guard their Netflix personal data from scams to visit netflix.com/security or contact customer service directly when situations similar to these arise.

What's more, in the event that if the user has already entered their details on the phishing page, he prompted them to change passwords for the account being referred to, be it Netflix or some other service.

Furthermore, on the off chance that they've entered the payment information, then immediately contact their bank to block their cards and along these lines prevent any exchanges.

Microsoft, Netflix and PayPal Emerge As the Top Targets for Phishing Attacks



Email security provider Vade Secure released another phishing report following the 25 most 'spoofed' brands in North America that are imitated in phishing attacks. Amongst them the top three are Microsoft, Netflix and PayPal.

Out of all the 86 brands that were tracked, 96% of them all were done so by the company as per their Q3 2018 report.

Bank of America and Wells Fargo are not so far behind Microsoft and the other top 2 targets in this case as there has been an increase in these phishing attacks by approximately 20.4% as reported by Vade Secure. As the attackers attempt to access Office 365, One Drive, and Azure credentials their focus has been towards cloud based services as well as financial companies.



Vade Secure's report states - "The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials. With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, One Drive, Skype, Excel, CRM, etc. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization."

The attackers, through a feeling of urgency endeavor to show that the recipient's account has been suspended or so thus inciting them to login in order to determine the issue, this happens in the case of Office 365 phishing emails. By doing this though they expect for the victims to be less wary when entering their credentials.

Exceptionally compelling is that attackers have a tendency to pursue a pattern with respect to what days they send the most volume of phishing mails. As per the report, most business related attacks tend to happen amid the week with Tuesday and Thursday being the most popular days. For Netflix though, the most focused on days are Sunday because that is the time when users' are taking a backseat and indulge in some quality television.

As these attacks become more targeted Vade Secure’s report further states – "What should be more concerning to security professionals is that phishing attacks are becoming more targeted. When we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools."

For the users' however , it is advised to dependably examine a site before entering any login details and if there are any occurrences of the URL seeming abnormal or even something as minor as a language blunders then they should report the issue directly to either the administrator or the company itself.