Snapchat map update raises child safety worries

_96608647_37561a

An update to Snapchat that shows publicly posted images on a searchable map has raised safety concerns among parents.

Snap Map lets people search for places such as schools and see videos and pictures posted by children inside.

It also lets people locate their “friends” on a map that is accurate enough to determine where people live.

Snap, the company behind Snapchat, stressed to the BBC that location sharing was an opt-in feature.

Exact location
Snap Map was launched on Wednesday and was promoted as a “new way to explore the world”.

Video clips and photos that members have posted publicly can be discovered on the map, while members who have chosen to share their location can also be seen on the map by those they have added as “friends”.

However, members can add people they have never met to their friends list too.

A message to parents posted by St Peter’s Academy in Staffordshire warned that the location-sharing feature lets people “locate exactly where you are, which building you are in and exact whereabouts within the building”.

One parent described the update as “dangerous” while another said she could not find the setting to disable it.

People have expressed concern online that the app could be used for stalking or working out exactly where somebody lives.

“If you zoom right in on this new Snapchat map thing it literally tells you where everyone lives? Like exact addresses – bit creepy no?” wrote one user called Leanne.

“This new Snapchat update is awful. An invitation for stalkers, kidnappers, burglars and relationship trust issues,” suggested Jade.

Snap told the BBC that accurate location information was necessary to allow friends to use the service to meet, for example at a restaurant or crowded festival, and said points of interest on the map, such as schools, were provided by third-party mapping service Mapbox.

Concerned parents could find out more information on its Privacy Center website, a spokesman told the BBC.

“With Snap Map, location sharing is off by default for all users and is completely optional. Snapchatters can choose exactly who they want to share their location with, if at all, and can change that setting at any time,” a Snap spokesman said.

“It’s also not possible to share your location with someone who isn’t already your friend on Snapchat, and the majority of interactions on Snapchat take place between close friends.”

How to switch off Snap Map location sharing

When in photo-taking mode, pinch the screen to open Snap Map
Touch the settings cog in the top right corner of the screen
Tap “Ghost Mode” to switch off location sharing
Photos and videos posted to Snapchat’s public ‘Our Story’ will still be discoverable on the map

Sears says some Kmart customer credit card numbers compromised

1496289321918

Sears Holdings said on Wednesday it found a security breach involving “unauthorized” credit card activity following some customer purchases at its Kmart stores.

Certain credit card numbers were “compromised” in the event, the company said in an emailed statement, without providing exact figures.

No personal information such as contact details and social security numbers of customers were obtained by those responsible for the breach, Sears said.

“There is also no evidence that kmart.com or Sears customers were impacted,” it said.

Employment Scam Targets College Students

fbi-seal

In a public service message from the Federal Bureau of Investigation, released the 18th of January, the FBI spoke of an employment scam, targeting college students for the ending result of identity theft. Their public service announcement said as follows:

College students across the United States continue to be targeted in a common employment scam. Scammers advertise phony job opportunities on college employment websites, and/or students receive e-mails on their school accounts recruiting them for fictitious positions. This “employment” results in a financial loss for participating students.

How the scam works:

-Scammers post online job advertisements soliciting college students for administrative positions.
-The student employee receives counterfeit checks in the mail or via e-mail and is instructed to deposit the checks into their personal checking account.
-The scammer then directs the student to withdraw the funds from their checking account and send a portion, via wire transfer, to another individual. Often, the transfer of funds is to a “vendor”, purportedly for equipment, materials, or software necessary for the job.
-Subsequently, the checks are confirmed to be fraudulent by the bank.
The following are some examples of the employment scam e-mails:

“You will need some materials/software and also a time tracker to commence your training and orientation and also you need the software to get started with work. The funds for the software will be provided for you by the company via check. Make sure you use them as instructed for the software and I will refer you to the vendor you are to purchase them from, okay.”

“I have forwarded your start-up progress report to the HR Dept. and they will be facilitating your start-up funds with which you will be getting your working equipment from vendors and getting started with training.”

“Enclosed is your first check. Please cash the check, take $300 out as your pay, and send the rest to the vendor for supplies.”

Consequences of participating in this scam:

-The student’s bank account may be closed due to fraudulent activity and a report could be filed by the bank with a credit bureau or law enforcement agency.
-The student is responsible for reimbursing the bank the amount of the counterfeit checks.
-The scamming incident could adversely affect the student’s credit record.
-The scammers often obtain personal information from the student while posing as their employer, leaving them vulnerable to identity theft.
-Scammers seeking to acquire funds through fraudulent methods could potentially utilize the money to fund illicit criminal or terrorist activity.

Tips on how to protect yourself from this scam:

-Never accept a job that requires depositing checks into your account or wiring portions to other individuals or accounts.
-Many of the scammers who send these messages are not native English speakers. Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses.
-Forward suspicious e-mails to the college’s IT personnel and report to the FBI. Tell your friends to be on the lookout for the scam.
-If you have been a victim of this scam or any other Internet-related scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at http://www.IC3.gov and notify your campus police.

How safe is Bigo Live for minors?

bigo-live-app

Severity level: HIGH

A few months ago, CCRA reported on a cell phone video application named Live.me. When our online investigators started observing the program, we were floored at the amount of online enticement incidents we observed. Not only were the number of underage users high in numbers, but so were the predators.

Today, CCRA was made aware of the cell phone video application named Bigo Live, owned and operated by Bigo Technology, located out of Singapore. At first, it looks cute and innocent with the cartoon dinosaur logo, but when we first logged in, what we spotted made Live.me look like a joke along the lines of “dangerous applications”.

When making our first observations of the broadcasters, not only were we shocked at the large number of underage users from around the world, but in seconds, multiple messages to those users from grown adults, were making requests that should never be made to children. Not only were we appalled over the requests, but the fact of how Bigo Live makes available personal information on these minors as well. Anything can be found on their profiles from IP addresses, phone numbers and cities and states. We knew when spotting this that the danger level for minors was absolutely ridiculous.

Our staff made several attempts to contact Bigo Live support, however, their support team gives out no phone number, no email address and only allows you to contact them via their application’s instant message. We’ll be shocked if we even receive back a response.

Due to the danger level of this application, we strongly suggest that parents check their children’s phones and remove this application as soon as possible. The Bigo Technology group appears to show no interest in the safety of their users, particularly towards minors.

Facebook user threatens students at Byrnes High

facebook-online-course

DUNCAN, SC (FOX Carolina) – A Byrnes High School student reported receiving multiple threats online against him and Byrnes High, according to District Five administrators.

On Saturday, a spokesperson for District Five said extremely vulgar threats were made on Facebook that specifically targeted those who are Jewish and Muslims at Byrnes. A student alerted law enforcement of the threats on Friday.

The student was able to screenshot the posts and deputies interviewed him about the incident, according to the report.

In the report the student said the threats stated that a user going by the name of Xaver Lotz on Facebook was going to “kill Jews and Muslims at Byrnes High School,” and that the killings would take place on Tuesday.

Other comments made by the user include:

1

The incident is currently under investigation as deputies work to identify the source of the threats.

Security Alert: QuickTime for Windows

According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation.

Description

All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows.

The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows.

Impact

Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.

Solution

Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime.

References

Trend Micro – Urgent Call to Action: Uninstall QuickTime for Windows Today

Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerabilit

Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulner

Apple – Uninstall QuickTime 7 for Windows

Security Alert: Dorkbot

img_1344

Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.

Description

Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims’ computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices.
In addition, Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to Microsoft’s analysis, a remote attacker may be able to:
Download and run a file from a specified URL;
Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
Block or redirect certain domains and websites (e.g., security sites).

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users’ credentials for online services, including banking services.

Solution

Users are advised to take the following actions to remediate Dorkbot infections:
Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though Dorkbot is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of Dorkbot, update your anti-virus software definitions and run a full-system scan.

Change your passwords – Your original passwords may have been compromised during the infection, so you should change them.

Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available.

Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool to help remove Dorkbot from their systems.

Disable Autorun­ – Dorkbot tries to use the Windows Autorun function to propagate via removable drives (e.g., USB flash drive). You can disable Autorun to stop the threat from spreading.

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx

The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Microsoft Malware Protection Center – Worm: Win32/Dorkbot

Microsoft Malware Protection Center – Microsoft assists law enforcement to help disrupt Dorkbot botnets