A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

A recent scoop by **Reuters** revealed that mobile apps for the **U.S. Army** and the **Centers for Disease Control and Prevention** (CDC) were integrating software that sends visitor data to a Russian company called **Pushwoosh**, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the **Pincer Trojan**, malware designed to surreptitiously intercept and forward text messages from **Android** mobile devices.

Pushwoosh says it is a U.S. based company that provides code for software developers to profile smartphone app users based on their online activity, allowing them to send tailor-made notifications. But a recent investigation by Reuters raised questions about the company’s real location and truthfulness.

The Army told Reuters it removed an app containing Pushwoosh in March, citing “security concerns.” The Army app was used by soldiers at one of the nation’s main combat training bases.

Reuters said the CDC likewise recently removed Pushwoosh code from its app over security concerns, after reporters informed the agency Pushwoosh was not based in the Washington D.C. area — as the company had represented — but was instead operated from Novosibirsk, Russia.

Pushwoosh’s software also was found in apps for “a wide array of international companies, influential nonprofits and government agencies from global consumer goods company **Unilever** and the **Union of European Football Associations** (UEFA) to the politically powerful U.S. gun lobby, the **National Rifle Association** (NRA), and Britain’s **Labour Party**.”

The company’s founder **Max Konev** told Reuters Pushwoosh “has no connection with the Russian government of any kind” and that it stores its data in the United States and Germany.

But Reuters found that while Pushwoosh’s social media and U.S. regulatory filings present it as a U.S. company based variously in California, Maryland and Washington, D.C., the company’s employees are located in Novosibirsk, Russia.

Reuters also learned that the company’s address in California does not exist, and that two LinkedIn accounts for Pushwoosh employees in Washington, D.C. were fake.

“Pushwoosh never mentioned it was Russian-based in eight annual filings in the U.S. state of Delaware, where it is registered, an omission which could violate state law,” Reuters reported.

Pushwoosh admitted the LinkedIn profiles were fake, but said they were created by a marketing firm to drum up business for the company — not misrepresent its location.

Pushwoosh told Reuters it used addresses in the Washington, D.C. area to “receive business correspondence” during the coronavirus pandemic. A review of the Pushwoosh founder’s online presence via Constella Intelligence shows his Pushwoosh email address was tied to a phone number in Washington, D.C. that was also connected to email addresses and account profiles for over a dozen other Pushwoosh employees.

Pushwoosh was incorporated in Novosibirsk, Russia in 2016.

**THE PINCER TROJAN CONNECTION**

The dust-up over Pushwoosh came in part from data gathered by **Zach Edwards**, a security researcher who until recently worked for the Internet Safety Labs, a nonprofit organization that funds research into online threats.

Edwards said Pushwoosh began as **Arello-Mobile**, and for several years the two co-branded — appearing side by side at various technology expos. Around 2016, he said, the two companies both started using the Pushwoosh name.

A search on Pushwoosh’s code base shows that one of the company’s longtime developers is a 41-year-old from Novosibirsk named **Yuri Shmakov**. In 2013, KrebsOnSecurity interviewed Shmakov for the story, “Who Wrote the Pincer Android Trojan?” wherein Shmakov acknowledged writing the malware as a freelance project.

> Shmakov told me that, based on the client’s specifications, he suspected it might ultimately be put to nefarious uses. Even so, he completed the job and signed his work by including his nickname in the app’s code.
> 
> “I was working on this app for some months, and I was hoping that it would be really helpful,” Shmakov wrote. “\[The\] idea of this app is that you can set it up as a spam filter…block some calls and SMS remotely, from a Web service. I hoped that this will be \[some kind of\] blacklist, with logging about blocked \[messages/calls\]. But of course, I understood that client \[did\] not really want this.”

Shmakov did not respond to requests for comment. His LinkedIn profile says he stopped working for Arello Mobile in 2016, and that he currently is employed full-time as the Android team leader at an online betting company.

In a blog post responding to the _Reuters_ story, Pushwoosh said it is a privately held company incorporated under the state laws of Delaware, USA, and that Pushwoosh Inc. was never owned by any company registered in the Russian Federation.

“Pushwoosh Inc. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “However, in February 2022, Pushwoosh Inc. terminated the contract.”

However, Edwards noted that dozens of developer subdomains on Pushwoosh’s main domain still point to JSC Avantel, an Internet provider based in Novosibirsk, Russia.

**WAR GAMES**

Pushwoosh employees posing at a company laser tag event.

Edwards said the U.S. Army’s app had a custom Pushwoosh configuration that did not appear on any other customer implementation.

“It had an extremely custom setup that existed nowhere else,” Edwards said. “Originally, it was an in-app Web browser, where it integrated a Pushwoosh javascript so that any time a user clicked on links, data went out to Pushwoosh and they could push back whatever they wanted through the in-app browser.”

An _Army Times_ article published the day after the Reuters story ran said at least 1,000 people downloaded the app, which “delivered updates for troops at the National Training Center on Fort Irwin, Calif., a critical waypoint for deploying units to test their battlefield prowess before heading overseas.”

In April 2022, roughly 4,500 Army personnel converged on the National Training Center for a war games exercise on how to use lessons learned from Russia’s war against Ukraine to prepare for future fights against a major adversary such as Russia or China.

Edwards said despite Pushwoosh’s many prevarications, the company’s software doesn’t appear to have done anything untoward to its customers or users.

“Nothing they did has been seen to be malicious,” he said. “Other than completely lying about where they are, where their data is being hosted, and where they have infrastructure.”

**GOV 311**

Edwards also found Pushwoosh’s technology embedded in nearly two dozen mobile apps that were sold to cities and towns across Illinois as a way to help citizens access general information about their local communities and officials.

The Illinois apps that bundled Pushwoosh’s technology were produced by a company called Government 311, which is owned by Bill McCarty, the current director of the Springfield Office of Budget and Management. A 2014 story in _The State Journal-Register_ said Gov 311’s pricing was based on population, and that the app would cost around $2,500 per year for a city with approximately 25,000 people.

McCarty told KrebsOnSecurity that his company stopped using Pushwoosh “years ago,” and that it now relies on its own technology to provide push notifications through its 311 apps.

But Edwards found some of the 311 apps still try to phone home to Pushwoosh, such as the 311 app for Riverton, Ill.

“Riverton ceased being a client several years ago, which \[is\] probably why their app was never updated to change out Pushwoosh,” McCarty explained. “We are in the process of updating all client apps and a website refresh. As part of that, old unused apps like Riverton 311 will be deleted.”

**FOREIGN ADTECH THREAT?**

Edwards said it’s far from clear how many other state and local government apps and Web sites rely on technology that sends user data to U.S. adversaries overseas. In July, Congress introduced an amended version of the Intelligence Authorization Act for 2023, which included a new section focusing on data drawn from online ad auctions that could be used to geolocate individuals or gain other information about them.

_Business Insider_ reports that if this section makes it into the final version — which the Senate also has to pass — the Office for the Director of National Intelligence (ODNI) will have 60 days after the Act becomes law to produce a risk assessment. The assessment will look into “the counterintelligence risks of, and the exposure of intelligence community personnel to, tracking by foreign adversaries through advertising technology data,” the Act states.

Edwards says he’s hoping those changes pass, because what he found with Pushwoosh is likely just a drop in a bucket.

“I’m hoping that Congress acts on that,” he said. “If they were to put a requirement that there’s an annual audit of risks from foreign ad tech, that would at least force people to identify and document those connections.”

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

KnowBe4 empowers end users by introducing security awareness and compliance training on the go at no additional cost.

**TAMPA, Fla., Nov. 28, 2022 /PRNewswire/** — KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it is launching the new KnowBe4 Mobile Learner App to empower end users by introducing security awareness and compliance training on the go at no additional cost to customers, improving user engagement and strengthening security culture.

With a large majority of the world's population using smartphones today, mobile training revolutionizes the way people learn. This new app will enable end users to complete their security awareness and compliance training conveniently from their tablets or smartphones, giving them 24/7/365 access.

"The KnowBe4 Mobile Learner App is the first of its kind to launch in the security awareness and compliance training space, making it easier than ever to train users while subsequently strengthening an organization's security culture," said Stu Sjouwerman, CEO, KnowBe4. "This new app will enable IT and security teams to improve engagement and completion rates for required training thanks to a seamless user experience. This will also help users to associate security with their personal devices, keeping it top of mind all the time rather than only when they are at work on their computers. We are making this substantial new capability available at no additional cost to all subscription levels as a show of our commitment to supporting our customers' security and human risk management objectives."

Based on subscription levels, KnowBe4 offers 100+ Mobile-First training modules that were designed specifically for mobile. The KnowBe4 Learner App supports push notifications for custom announcements, and updates on assigned training as well as KnowBe4 newsletters.

The app is available for iOS and Android, and free to all KnowBe4 customers with a KnowBe4 training platform subscription. For more information, visit https://www.knowbe4.com/mobile-learner-app.

**About KnowBe4**

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 54,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

SOURCE: KnowBe4

KnowBe4 Launches New Mobile Learner App for Cybersecurity Learning

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.

The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.

It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages.

Google, which previously turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on Messenger for select users by default this past August.

Musk further touted that new user signups to the social media platform are at an "all-time high," averaging over two million per day in the last seven days as of November 16, up 66% compared to the same week in 2021. Twitter has over 253.8 million monetizable daily active users (mDAU).

The slides also reveal that reported impersonations on the service spiked earlier this month, before and in the wake of the launch of its revamped Twitter Blue subscription.

The new subscription tier is tentatively set to be rolled out as early as December 2, 2022, with a multi-colored verification system that aims to give out gold badges for companies, gray for governments, and blue for individual accounts.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.
The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.

The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.

It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages.

Google, which already turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on Messenger for select users by default this past August.

Musk further touted that new user signups to the social media platform are at an "all-time high," averaging over two million per day in the last seven days as of November 16, up 66% compared to the same week in 2021. Twitter has over 253.8 million monetizable daily active users (mDAU).

The slides also reveal that reported impersonations on the service spiked earlier this month, before and in the wake of the launch of its revamped Twitter Blue subscription.

The new subscription tier is tentatively set to be rolled out as early as December 2, 2022, with a multi-colored verification system that aims to give out gold badges for companies, gray for governments, and blue for individual accounts.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Plus: WikiLeaks’ website is falling apart, tax websites are sending your data to Facebook, and cops take down a big phone-number-spoofing operation.

Cybersecurity startup Corellium offered or sold its software to spyware and hacking-tool creators in multiple repressive countries, a WIRED investigation revealed this week. A previously unreported 507-page document, believed to have been prepared by Apple, details how Corellium offered a trial of its products to the controversial spyware firm NSO Group, to a cybersecurity company with ties to the UAE government, and to a firm in China that also has government links. In response, Corellium, which makes phone-virtualization software that can help find security bugs in iOS and Android, published a blog post detailing how it now vets potential customers.

As millions of people across the US celebrated Thanksgiving and attended parades, we looked at the US shortage of bomb-sniffing dogs. Experts say the pandemic has led to a drop in the supply of dogs in the country—85 to 90 percent of them come from overseas—and that the lack of trainer animals is fueling national security concerns.

In other national security news, US lawmakers are calling for stricter rules on autonomous vehicles (AVs), which are able to gather reams of real-time data about their environment. China is a chief concern. In a letter shared exclusively with WIRED, Republican congressman August Pfluger said, “AV technology has opened the door for a foreign nation to spy on American soil, as Chinese companies potentially transfer critical data to the People’s Republic of China.”

We also looked at how hidden data stored in PDF files helped researchers reveal names that had been redacted. Court filings, national security files, and responses to Freedom of Information Act requests have all exposed such information in this way. And we heard the cautionary tale of how one person lost $17,000 in crypto—and how you can avoid the same fate. 

Finally, we published part five of the series “The Hunt for the Dark Web’s Biggest Kingpin,” which chronicles the downfall of AlphaBay, the world’s largest dark-web marketplace. In this installment, investigators in Thailand swoop in on AlphaBay’s mastermind, Alexandre Cazes, and discover he had a fortune topping $20 million. 

But wait, there’s more! Each week, we highlight news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Apple’s privacy policy for analytics services on its devices, which gather data about how you use its products, claims the information collected isn’t used to identify you. However, a new analysis of the tools, reported by Gizmodo, claims a permanent ID number within the service is “tied to your full name, phone number, birth date, email address and more.” This ID number is sent to Apple alongside the analytics data about how you use your device, researchers from the software company Mysk told the publication. 

The findings appear to contradict the company’s privacy promises. Apple did not answer Gizmodo’_s_ questions on the report. In recent years, Apple has pushed a pro-privacy stance, using it as an advantage over competitors, and it has run ads saying the data on people’s iPhones stays on their devices. However, experts have increasingly questioned some of Apple’s practices. (At the same time, Apple has been growing its advertising business.) In separate research published earlier in November, Mysk researchers claimed that Apple collects detailed information on people using its products through its own apps, even when they turn tracking off.

In June, the UK government approved the extradition of WikiLeaks founder Julian Assange to the United States. While Assange waits on an appeal in the case, the website he created is falling apart. At one point, WikiLeaks hosted more than 10 million leaked documents. However, according to an analysis by the Daily Dot, fewer than 3,000 of the files are now available. Aside from the drop-in documents, the website also has technical issues: It is frequently inaccessible, people have problems searching its content, and parts of its navigation have vanished. 

Meta’s Pixel, formerly known as the Facebook Pixel, is a snippet of code that websites can install to track their visitors. The tool is useful for advertisers. Millions of websites use the tracking tool, and the data is sent back to Meta. This week, The Markup revealed that major US tax websites are using the Pixel and sending financial information to Meta. Some of the data transferred includes names, email addresses, income information, and tax filing status. Some tax websites stopped using Meta’s Pixel following the report. A spokesperson for Meta, Dale Hogan, said that advertisers “should not send sensitive information” about people through its tools. 

And finally, in a major blow to scammers, an international police operation took down the iSpoof website, which let people disguise their phone numbers and show fake caller IDs when making phone calls. It’s estimated that people using iSpoof were contacting up to 20 people every minute of the day as they used false identities to try and trick people into handing over their money. One person was tricked out of £3 million ($3.6 million), reports say. The website now shows a notice saying it has been seized by the FBI and United States Secret Service. In total, 142 people were arrested in the operation, including the alleged administrator of the website, who was arrested in the UK. Police from the UK, US, Ukraine, France, Germany, and five other countries were involved.

Apple Tracks You More Than You Think

By Owais Sultan
A parental control app is an effective software that can help parents stay on guard, prevent, and react timely to online and offline dangers.
This is a post from HackRead.com Read the original post: Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure they’re not getting into trouble or spending excess time on their phones?

If so, then you need a cell phone tracker app. We have your back covered and have handpicked the 6 best free and paid tools for Android and iOS devices to quench your concerns. Forewarned is forearmed.

**Why Would You Need to Resort to a Cell Phone Tracker App?**

Whether a paid or free parental control app, effective software can help parents stay on guard, prevent, and timely react to the following online and offline dangers:

1.  Sexual predators that target kids online or in the real world
2.  Involvement in cyberbullying, either as victims or perpetrators
3.  Exchanging inappropriate photos or videos with others
4.  Communicating with strangers that try to lure children into meeting in person
5.  Risk of kidnap or trafficking if they spend excess time alone or unsupervised
6.  Access to inappropriate websites
7.  Kids spend excess time on phones and inadequate time doing homework or interacting with the family

The market is riddled with cell phone tracking apps, making picking the right one challenging. This article lists the most prominent and handy solutions for parents.

Did you know around 2100 children go missing in the US daily? Kids are usually easy to find when parents provide relevant information about them. Resorting to the right prevention measures can help parents ensure their kids’ safety. 

**6 Advanced Cell Phone Tracker Apps for Parental Control**

A family tracking app enables parents and guardians to monitor their children when they are not around. Therefore, if you are unsure whether your kids are where they claim to be or are lying, the app can help you know the truth. Here are some of the top-notch tracker apps to help monitor their whereabouts and not only.

**Keep Your Kids Safe with the uMobix Parental Control App**

uMobix is the best parental control app today. It allows real-time tracking of daily progress on their mobile phone or tablet. With this phone monitoring app, users are enabled to capture browser history, see screengrabs, and supervise over 30 apps, including Facebook, WhatsApp, Instagram, TikTok, Telegram, and Snapchat.

This phone tracking app has advanced monitoring features, including a GPS tracker, outgoing, incoming, and missed call records, mic and camera access, text message history, deleted call history, message, and contacts. Also, this monitoring app can capture keystrokes to see what your loved ones are up to.

Additionally, uMobix allows you to remotely pull videos and photos from the target phone and store them on your device. Its advanced GPS tracking feature lets you know the real-time location of the required gadget. Thus, your kid can’t lie about their location anymore if you use this app to track them without knowing.

**How to Use uMobix to Track Your Kid’s Location**

Since uMobix has a demo version, it is possible to use it as a free app to view your child’s phone. The 1-day trial offer allows users to start monitoring for $1. For the extended version, follow these steps to watch your kids with uMobix.

1.  Register by selecting a subscription plan and complete the purchase to receive detailed instructions.
2.  Access the target phone to install uMobix by following the instructions provided in the user account. The process differs for Android and iOS but is straightforward in both cases.
3.  Navigate to your account to receive real-time data about the required phone activity. The GPS location tab can identify your child’s whereabouts anytime.
4.  Cocospy – Multifunctional Parental Control App for Android and iOS

Cocospy is also among the best phone tracking apps. It makes it possible to supervise locations, calls, messages, and app usage. Also, this tracking software enables you to take a sneak peek at the saved contacts. Installing software is straightforward, after which it is possible to track all outgoing and incoming calls, received and sent messages, browser activity, and social media interactions, including iMessages. 

Some social media platforms to monitor Cocospy include Facebook Messenger, Snapchat, Instagram, WhatsApp, Snapchat, and Viber. The app can detect a SIM card change and check the device’s IMEI number.

You may want to know how to supervise a kid’s iPhone with Cocospy. Well, the process is also straightforward. Just sign up with an email ID, then verify your iCloud account. Add the target’s iCloud details and disable two-factor authentication. After that, monitor the device’s activity and location by logging into your Cocospy account.

Cocospy runs in stealth mode, meaning they won’t detect that you’re monitoring them. Also, it manages your kid’s screen time to ensure they spend only a little time on their device. Thus, it allows you to safeguard their health and keep them safe.

**Spyic – Top-Rated Parental Control App for Real-Time Monitoring**

Spyic is a surefire phone location tracking app that can spot your loved one’s whereabouts without their knowledge. It’s a widely used tool providing tracking solutions for iPhones and Android phones. Also, this web application is easy to use from a browser, meaning you don’t have to download anything.

The software has numerous features that make it ideal for location tracking. It’s a hidden family tracking app with a feature-packed online dashboard. For instance, Spyic is there for you to locate a phone’s location without installing an additional app. Access this feature by logging in to your Spyic account via a web browser.

Additionally, Spyic uses unique security protocols to ensure that nobody else can view data about the target device. It shares the target phone’s location coordinates directly with you, and its servers don’t store anything.

Using this app to pin down somebody’s location assures you that they won’t know you’re doing it. Thus, you may monitor their movements, the areas they previously visited, and check-ins. 

**Google Family Link Free Phone Tracker**

As the name suggests, Google Family Link is a family locator that enables you to keep loved ones safer online. Families have unique relationships regarding technology. Therefore, this device and location tracking app provide greater flexibility to allow users to select the right balance for their families. Also, this application helps you create healthy online habits for your family members.

**Find My Kids – Child Locator**

Find My Kids is a location tracker for ensuring child’s safety. It helps you keep in touch with children when they are not nearby or fail to respond to your calls. This GPS phone tracker allows parents to pin down their kids on Google Maps and see their movement history.

Another benefit is the opportunity to find out the apps your children use, including social media platforms and their interactions with them. The time tracking capability helps you know the duration your kids use their devices and the apps they use the most. The family chat feature may make this app unique. It lets you chat with the kids and use funny stickers to enhance the fun. 

This parental control app for free use makes it possible to keep track of your loved ones with minimum expenses, though its functionality is somehow limited compared to tracking apps outlined above. The app is available for Android and iOS users.

**Life360**

The last app on our list is Life360. It’s a well-known app in the US, offering only limited functionality outside the country. Here’s what the app can do for you: 

1.  The app allows you to plan routes and schedules with your family members. 
2.  You can request or send real-time locations. 
3.  You can set up smart notifications for when someone reaches a particular destination or leaves it. You also get alerts if someone’s phone battery is running dry. 

You’ll need Life360 installed on the target iPhone to get it to track the device’s location. You’ll also need permission from the target device, which may or may not be possible.

**Is it Legal to Supervise Your Child’s Device?**

It is legal for parents and guardians to supervise their children’s devices as long as they are minors. Provided the child is under 18 (pay attention that every state has a different age of being an adult), a US parent or guardian can monitor how they use their mobile phone or tablet. That means the parent can use a cell phone tracker to observe their whereabouts and interactions with other people.

The Children’s Online Privacy Protection Act gives parents control over the information that children can access online. This rule protects kids under 13 while considering the internet’s dynamic nature. Also, it applies to online service providers and commercial website operators. When it comes to monitoring an adult person, written consent is required.

**What Should I Look for in a Parental Control App?**

The following tips should help you choose an app to track cell phones.

*   Privacy: You don’t want to expose your loved one’s privacy to the wrong people. Therefore, pick an app that allows for secure and safe parental control.
*   Transparency: The top phone tracking apps are transparent in their operations. They ensure that users know what they can do and how they help them enhance their kids’ safety.
*   Network security: A good tracker app keeps a child safe from illicit content, cyberbullying, and other online crimes.
*   Activities: The primary phone tracker work is to check out the activities the target person does on their device. And this entails all the actions an individual can perform on their device. Therefore, go for an app that can track your phone when lost, monitor social media and online activities, and do everything your kid can do on their phone. Also, it should let you monitor websites and app usage.
*   Friendly interface: An ideal parental control application is easy to use and navigate.
*   Compatibility: Choose an app compatible with the phone required, whether iPhone or Android. Some apps require only the phone number only to track a mobile device.

**Keep Your Kids Safe with the Right Monitoring Software**

Although some make use of a free phone tracker to keep track of loved ones, premium applications are better due to extended functionality and glitch-free operation. That’s because they have more practical features and functionalities. Also, consider customer support, price, and user reviews. Ideally, take your time understanding how the phone tracker app you want to use works to pick one that suits your needs.

1.  What is a parental control app and what are your options
2.  Croatian Police arrests minor over A1 Telecom ransom demand
3.  9 risky apps that you need to monitor on your kids’ smartphone
4.  Germany bans kids’ smartwatches, asks parents to destroy them
5.  Medical Software Firm exposes vulnerable children’s sensitive data

Top 6 Cell Phone Tracker Apps for Parental Control

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.

CVE-2022-41926

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

**The API & platform builder, build your apps 10x faster, even more.**

It's open source & 100% free !

Try live demo

     

**Why badaso ?**

*   **100% FREE** - No need for extra thinking about finance to adopt badaso
*   **Modern PWA Dashboard** - Fast and SPA based on Vue.js with PWA technology
*   **Native installation** - Lazy to open the browser? Install badaso on Windows, Linux, MacOS, Android & iOS
*   **Working offline** - No more f\*cked with a bad internet connection, badaso can running offline
*   **Headless** - Badaso use JWT authentication & authorization as default
*   **Seamless integration** - Badaso use Rest API & GraphQL, no need to develop API for your mobile & IoT
*   **Modern design** - Keep your system design amazing and up to date
*   **Secure** - Build based on laravel make it secure as laravel
*   **Modular** - Install custom library in seconds like your other laravel projects
*   **Scalable** - Like your other laravel projects
*   **Easy maintenance** - Like your other laravel projects
*   **Long time support** - Great choice for your long-term project, maintain by uasoft

**Badaso features**

*   **Advanced CRUD generator** - Build your application faster and be more productive
*   **API generator** - Integrate your application (mobile, desktop, even IoT) through Rest API & GraphQL
*   **User management** - Manage your application user
*   **Role management** - Your application user can have a different role
*   **Permission management** - Each role has different access permission
*   **Menu management** - Manage your application menu so easy and faster
*   **Database management** - Handle your database migration via application
*   **Activity logging** - Keep your system safe, know who makes the trouble
*   **Log UI viewer** - No need to open your server to check the log, just stay focused on your application
*   **Daily database backup** - Keep your valuable database safety
*   **Media manager** - Manage your local & cloud media via application
*   Many more!

**Live demo**

Click here for live demo (some error may happen because random test by a lot of random people)

The live demo will reset every 1 hour

**Getting started (installation, how to use & more)**

You can see official badaso documentation.

**Support Badaso**

To keep badaso up to date and support this awesome long-term project you also can donate to badaso.

We appreciate it so much and will keep badaso up to update and support your awesome long-term projects!

*   Become a backer/sponsors on OpenCollective
*   Become a sponsor via github
*   One-time donation via Paypal
*   Direct (contact hello@uatech.co.id)

Good financial support will make badaso keep up to date and keep support your awesome long-term projects!

Thanks to all backers & sponsors!

**Sponsors****Contributing**

Thank you for considering contributing to badaso !

Please read our contributing guideline before submitting a Pull Request to the project.

Thanks to all contributors!

For documentation repo contributing click here.

**Community support**

For general help using badaso, please refer to the official badaso documentation.

For additional help, you can use one of these channels to ask a question:

*   Github discussion (Questions and Discussions)
*   Github issues (Bug reports, Contributions)
*   Facebook groups (Discussion for active facebook users)
*   Telegram groups (Discussion for active telegram users)
*   Youtube tutorial (For visual learner)

**Credits**

Thanks to these awesome projects that make badaso awesome :

*   laravel/laravel (Framework)
*   vuejs/vue (Javascript framework)
*   lusaxweb/vuesax (Vue component)
*   spatie/laravel-backup (automation production database & application backup)
*   spatie/laravel-activitylog (logging dashboard activity)
*   spatie/flysystem-dropbox (dropbox cloud storage integration)
*   nao-pon/flysystem-google-drive (google drive cloud storage integration)
*   league/flysystem-aws-s3-v3 (aws S3 cloud storage integration)
*   guzzlehttp/guzzle (advanced http request)
*   webpatser/laravel-uuid (uuid provider)
*   lcobucci/jwt (JWT provider)
*   tymon/jwt-auth (JWT auth provider)
*   arcanedev/log-viewer (application logging GUI)
*   the-control-group/voyager (reference)
*   UniSharp/laravel-filemanager (file manager)
*   Contact us for credit here.

All financial support that badaso gets will also shared to project above to support the ecosystem and make badaso keep up to date and keep your awesome long-term projects running.

**License**

See the LICENSE file for licensing information.

CVE-2022-41705: GitHub - uasoft-indonesia/badaso: Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !

By Deeba Ahmed
Researchers believe that the attack is ongoing, in which hackers are using malicious versions of SoftVPN, SecureVPN, and OpenVPN software.
This is a post from HackRead.com Read the original post: Bahamut Using Fake VPN Apps to Steal Android User Credentials

Bahamut is a notorious cyber-mercenary group that has been active since 2016 and is currently targeting Android devices with fake VPN apps and injecting malware to steal user credentials. The malware-laden apps were first discovered by Slovakian cybersecurity firm ESET’s Lukáš Štefanko.

**Beware of Bahamut**

ESET researchers discovered a new attack spree from the infamous cybercrime group Bahamut. The group launched malware attacks through fake Android VPN applications. Research revealed that hackers use malicious versions of SoftVPN, SecureVPN, and OpenVPN software.

In this highly targeted campaign, hackers aim to extract sensitive data from infected devices. The campaign was started on January 22. The fake VPN apps are distributed through a bogus SecureVPN website. In previous campaigns from Bahamut, the prime targets were located in the Middle East and South Asia.

**8 Variants of Spyware Apps Detected**

Researchers have identified 8 different variants of the infected apps. These contain trojanized versions of genuine VPN apps such as OpenVPN. Bahamut is offering these fake VPN apps as a service for hire.

Malicious website spreading SecureVPN and the permission it asks for upon installation (Image: ESET)

According to ESET’s blog post, attacks are launched via spear phishing messages and fake apps. Researchers believe that this campaign is still active.

Reportedly, the targets are carefully selected because the app requires the victim to enter an activation key to enable the features using a distribution vector. The activation key is designed to establish contact with the attacker-controlled server and prevents the malware from accidentally triggering after it is launched on a non-targeted device.

**How does the Attack Works?**

According to Štefanko, the fake app requests an activation key before the VPN and spyware feature is enabled. The key and URL are sent to the targeted users. After the app is activated, the hackers get remote control of the spyware and can infiltrate/harvest confidential user data.

Furthermore, hackers can spy on almost everything stored on the device, including call logs, SMS messages, device location, WhatsApp data and other encryption app data, Telegram and Signal data, etc. The victim remains unaware of the data harvesting.

“The data exfiltration is done via the keylogging functionality of the malware, which misuses accessibility services,” Štefanko said.

It is worth noting that the malicious software linked with the service and the malware-infected app wasn’t promoted on Google Play. Moreover, researchers are clueless about the initial distribution vector, but they believe it is through social media, SMS, or email.

1.  Edward Snowden urges users to stop using ExpressVPN
2.  Popular free Android VPN apps on Play Store contain malware
3.  38% of Android VPN Apps on Play Store Plagued with Malware
4.  Top 10 Android Educational Apps That Collect Most User Data
5.  Hackers Selling US Colleges VPN Credentials on Russian Forums

Bahamut Using Fake VPN Apps to Steal Android User Credentials

'Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure.

Black Friday attracts crowds, and crowds attract scammers, and that means you need to take extra care when shopping online over the Black Friday and Cyber Monday weekend. There'll be people out there eager to relieve you of more money than you'll save on a TV set or a gaming console.

The following precautions apply any time of year, but it's worth reminding yourself of them every time a serious holiday season comes around. In the rush to get gifts sorted, it's all too easy to miss a warning sign, or get complacent about online security.

Update All Your Software

Keeping programs and operating systems up to date is important enough that Microsoft, Apple, Google, Mozilla, and all the other big names in tech now make it difficult for anyone to lag behind with their updates—most of the time you'll be prompted regularly to install new versions of your software, and it might even happen automatically in the background without you noticing.

The biggest retail event of the year has grown into an entire month of sales that ebb and flow. Here’s how to make the most of it.

Today's browsers, apps, and OSes are adept at spotting scams as they happen, whether it's phishing emails (designed to lure you to a fake shopping or banking site) or unauthorized logins on your accounts. To make the most of this built-in security, ensure you're running the latest versions across the board, which means the latest security patches—if you've been putting off updates on your phone or your computer, then get them done ahead of Black Friday.

If you do have a laptop that's too old to run the latest versions of Windows or macOS, avoid using it if possible—you'll be safer shopping on your phone, as long as it's running the most recent Android or iOS updates. On Android, you can check for updates via **System** and **System Update** in Settings; on iOS, it's **Settings** and then **General** and **Software Update**.

Be Wary of Email and Social Media Deals

You're likely to be inundated with special offers over email and social media this Black Friday, but be careful when it comes to clicking through on deals that come from suspicious sources (stores you've never shopped at before, for example). Always check that the link you clicked sent you to the website you were expecting to visit.

There's no hard and fast way to guarantee you'll never get caught out by a dodgy link (apart from just ignoring them all completely), but you can minimize the risk: Check that the social media account or email address sending the link is genuine, head to the site in question in a separate browser window to see whether you can find the same offer advertised, and be sure the offer you're looking at is the one that was promoted.

If your browser is up to date, as we mentioned above, dangerous links should be blocked before you reach them, but we'd still recommend being wary. You'll see some great offers advertised over social media and email, but no discount is worth the risk of exposing yourself to scammers.

Make sure all your devices are updated before shopping.

Android via David Nield

Do Your Research

Wherever possible, stick to trusted stores online. All the major players have robust security procedures in place, so the chances of them (and you) getting hacked are smaller. Still, if you're buying from any site, always check you're on the store website you think you are by checking in your browser's address bar.

We're not saying you should never shop at smaller outlets, but make sure they're using HTTPS technology (indicated with a padlock in your browser's address bar). Look for contact details, an office with a physical address, and reviews left by other users (Trustpilot can be helpful here). See if they're on Twitter and Facebook—and whether those accounts are actually active.

Debit and credit card issuers will usually protect you against fraud—check their policies online if you're not sure about yours—but nevertheless, keep an eye on your bank accounts throughout the Black Friday weekend to make sure only the amounts you're expecting to be debited are going out.

Double-Check Deals

Retailers change their prices all the time—especially online—so a "big discount" you see might only apply to whatever the price was last week, not what it's been over the course of the past year. Price trackers such as CamelCamelCamel can help you work out whether you're getting a genuine bargain or just something that was already heavily reduced.

Checking out product reviews on the web is a useful way of determining how current something is and how much you should be spending on it. Are you looking at the genuine article, or just a cheap knock-off? Is the gadget you're about to buy future-proofed with the latest tech or will it be out of date in six months? And (especially on Amazon) is it being sent from your current region or the other side of the world? Who's the actual seller? Make sure you read what previous buyers have to say via the user reviews before spending your money.

Just be aware that stores also use the occasion to try and shift their remaining stock of older, less popular products. Make sure you're looking at what you're buying and not just the price drop.

CamelCamelCamel will show you previous price drops on Amazon.

CamelCamelCamel via David Nield

Protect Your Accounts

As always, keep your accounts locked down and protected on Black Friday. Use strong, unique passwords for all your accounts (a dedicated password manager or your browser's password management system can help here), and turn on two-factor authentication on every account that offers it (Microsoft, Apple, Google, Facebook, and Twitter ones all do, for a start).

While it may seem convenient to quickly set up a new shopping account with your “usual” password, it only takes one account sharing the same password to get exposed, and all the others can come tumbling down after it. If you're using the latest versions of Chrome and Safari, you'll notice you can now use a strong password suggested by your browser (the option should pop up automatically when you're in a password field).

If you're planning on shopping at outlets where you haven't purchased anything before, it's a good idea to get these accounts set up ahead of time—this means you aren't rushing when it comes to thinking up new passwords and entering potentially sensitive information into your web browser.

Guard Your Payment Info

Many places that you're shopping at on Black Friday and Cyber Monday will already have your payment info on file, but if you're entering details into a new site, again make sure the padlock symbol is showing in the address bar—the full URL should also begin “https://”, which indicates that your payment details will be encrypted in transit.

If you’re on vacation or out of town, we recommend waiting until you get back home before buying anything—or at least using the cellular data on your phone to make a connection rather than a public Wi-Fi hotspot, as it's much harder for hackers to intercept your details (or look over your shoulder as you're typing them). If you are shopping in-store, be careful to guard your PIN numbers and other sensitive details when you're surrounded by crowds—or even just one shop assistant.

As tempting as Black Friday offers might be, it's usually a good idea to shop in as few places as possible, if you can: The fewer companies that hold your payment data, the less likely you are to be victim to a data breach, and the risk of those breaches are really down to the company's security policies rather than any precautions you can take.

Tag

#android