Home Tags Snapchat

Tag: Snapchat

Snapchat’s new World Lenses filter reality with 3D objects

Filters aren't just for your face anymore.

Clips is the Apple-made video sharing app that’s not a social...

Can Apple convince video sharers to move their filmmaking to its app?

Google Cloud sharpens its enterprise strategy

Google first announced its plan to become a top cloud provider for the enterprise in June 2012. But turning an inward-focused, engineering-driven company inside out to cater to enterprise customers has been a struggle. By most estimates, Google Cloud remains a distant No. 3 behind AWS and Microsoft Azure.Last week’s Google Cloud Next conference may mark a turning point. At 10,000 attendees, the three-day event was more than four times the size of last year’s conference. A change in tone emerged: Google spent more time actively reaching out to enterprises than it did flogging its technical superiority.Instead of SnapChat or Evernote, real enterprise customers waltzed across the stage, including Colgate, Disney, HSBC, Schlumberger, and Verizon. Plus Google announced a partnership with the fusty enterprise software vendor SAP, which will run its in-memory HANA analytics database on Google Cloud.To read this article in full or to leave a comment, please click here

Student accused of taking nude locker room video of school administrator

School declares: "We shall protect the privacy of all members of our school community."

Updated WhatsApp Statuses let you share photos and videos that disappear

It looks like Facebook, owner of WhatsApp, is continuing to come after Snapchat.

Teen’s selfie with the dying boy he shot leads to murder...

Shooter sent selfie to gamer via Snapchat—leading to his arrest.

Snapchat Spectacles are now available to buy online for $129

But they're only available in the US for now.

Snaplytics Releases Largest Survey Report Ever on Snapchat Trends among Brands

Analytics company study analyzes 217,000 Snaps from 500 brands running native Snapchat accounts, highlights metrics that matter for effective Snapchat strategiesFebruary 14, 2017 – Copenhagen, Denmark – Originally thought of as a social network mostly geared toward teenagers, now millennials are engaging with Snapchat.
In fact, businesses are quickly taking notice of the fastest growing social media site and the many benefits it offers.
Snaplytics, the SaaS company offering Snapchat marketing insights, is releasing the... Source: RealWire

Judge sides with Microsoft, allows “gag order” challenge to advance

Court: "First Amendment rights may outweigh the Government interest in secrecy."

Snap is paying Google $400M a year for cloud services

Over the next five years, the company behind Snapchat will pay Google at least $2 billion in cloud bills.On Thursday, Snap revealed in a filing with the US Securities and Exchange Commission that it signed a five-year contract to pay Google at least $400 million a year for cloud services.

That’s a steep figure, considering that Snap made roughly $404 million last year. [ To the cloud! Real-world container migrations. | Dig into the the red-hot open source framework in InfoWorld's beginner's guide to Docker. ]In return for the massive commitment, Snap will receive reduced pricing, though it’s not clear how deep the company’s discounts will be.
Sinking a bunch of money into Google Cloud makes sense, because Snapchat began its life built on top of Google’s AppEngine platform-as-a-service offering.To read this article in full or to leave a comment, please click here

VXers gift their mates an Android bank-raiding app’s source code

It needs admin privileges, but we know there's a pool of stupid out there waiting to be p0wned Source code for an Android banking app has been published online, spurring fears it could prompt a wave of malicious apps. The code has is being injected into otherwise legitimate apps and shared as APK installation files or on third party app stores, notorious as harbours for malicious apps. Users will need to grant the app, "Android.BankBot.149.origin", extensive permissions including administrator access in order for it to be able to steal data. If users, many of whom allow software to do almost anything, allow the software to run it can can siphon banking credentials from the likes of Bank of America, PayPal, and Google Play.

Credentials from the likes of Facebook, Viber, Youtube, WhatsApp, Uber, Snapchat, WeChat,Instagram and Twitter will also be sucked up and sent to unknown parties . Antivirus firm Dr Web says says the app is standard fare in terms of malicious Android apps but is unusual in that the code has been offered up for free, something that will likely result in the creation of more malicious apps. "When an SMS message arrives, the trojan turns off all sounds and vibrations, sends the message content to the cybercriminals, and attempts to delete the original messages from the list of incoming SMS," Dr Web researchers wrote. "As a result, a user could miss not only bank notifications about the unplanned transactions but also other incoming messages. "In general, the [capabilities] of this trojan are quite standard for modern Android bankers, however, as cybercriminals created it with publicly available information, one can anticipate that many trojans similar to it will appear." Harvested device data is shipped to attackers' command and control servers and appears on adminstrator panels from where the application can be controlled. The app can also steal all phone contacts, track user location, and create phishing dialogues. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub

The Limitations Of Phishing Education

Human nature means that education will only go so far.

Technology needs to take up the slack. In the past 12 months, millions of organizations, spanning all industries and sizes, became targets of cyberattacks.

According to a recent report, 400,000 phishing sites were detected per month in 2016, and the Anti-Phishing Working Group concluded that phishing attacks reached an "all-time high" in the second quarter. Not only are attacks proliferating, but the perpetrators have evolved into professional cybercriminals with plenty of time and resources.

For these reasons, it's unrealistic to entrust the workforce with the massive responsibility of stopping phishing. While this many sound ironic coming from someone involved in phishing mitigation, I recognize that phishing education has proved beneficial only to a certain extent.

The reality is that the imperfection of humans makes it all but impossible for us to teach everyone how to spot and avoid phishing — and if phishing efforts aren't detected and eliminated fast enough, someone eventually will click, and then it's game over. When it comes to employee expectations, the digital-native millennial generation, now the largest workforce demographic, is perhaps the most careless when it comes to cybersecurity, opting for expedience over security. Other workforce demographics, such as Generation X and baby boomers, are forced to learn new "detective" skills for identifying and reporting suspicious emails, despite being unfamiliar with technically advanced processes. Frankly, it's very hard to change behavior.
In fact, it's proven that users, regardless of training and awareness, will still click on phishing links or download attachments because of a variety of factors, including curiosity, greediness, distraction, well-crafted impersonations, and/or simply failing to learn from past mistakes.

For example: A culture of distraction: People are easily distracted by their daily tasks, especially under stressful environments, making them likely to click on a malicious link or download a suspicious file.

According to a study from Microsoft, people generally lose concentration after eight seconds, a shorter attention span than a goldfish. With an abundance of smart devices available, and an increasingly digital lifestyle, it's easy to see how so many stimuli could make it difficult to identify a suspicious email, particularly if the email intentionally includes multiple streams of media for the purpose of distracting the receiver. Spearphishing can be almost undetectable: Some attacks are just so good that it's impossible to spot them by the naked eye. What happened to Snapchat and the Clinton campaign are two examples of how sophisticated phishing attacks can trick employees through highly targeted campaigns that impersonate internal executives or well-recognized vendors.
Seagate also fell victim to a similar phishing scam, and its staff has since filed a lawsuit against the company after personal information was exposed. Phishing attacks have become so realistic that even the most cyber-aware recipient can be fooled into providing sensitive information.  Curiosity is king:  Sometimes, curiosity is stronger than the sense of security, especially when it comes to an employer's computer.

According to a recent study by FAU researchers in Germany, 56% of email recipients clicked on a link from an unknown sender despite knowing the risks. Why? Most reasoned that they were curious about the content of the photos or the identity of the sender.

According FAU, curiosity and interest are natural human traits and, with the right timing and context, people will click on a link despite their security awareness. Though employee training will always play a role in phishing mitigation, and it should, recent events prove it's not effective on its own. With increasingly clever and deceptive scams, matched with the massive amount of phishing emails sent daily, employees don't stand a chance in successfully defeating the phishing epidemic on their own. Instead, organizations should turn to next-generation technologies to fill the gap and empower employees. While some argue encryption, multifactor authentication, and database security can be effective in deterring phishers, they're outdated techniques with risks and shortcomings.

Today, forward-thinking organizations are implementing newer strategies to aid in phishing support such as sender reputation and email verification programs, including DomainKeys Identified Mail, Sender Policy Framework, and Domain Message Authentication & Reporting Conformance.

They're not perfect, however. they won't identify suspicious links and attachments or stop a determined attacker who buys a domain and installs Domain Name System records to tell servers which IP address each domain is associated with. In the future, the use of artificial intelligence and machine learning to identify phishing emails, learn from reported attacks, and create real-time signatures will help companies prepare for and prevent attacks that have been attempted around the world, without the need for human interaction.   Related Content: Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises.

Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the ...
View Full Bio More Insights