Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:04 am on January 15, 2020 Permalink | Reply
    Tags: 401k, cybersecurity, , retirement fund,   

    Are thieves targeting your 401k? 

    Are thieves targeting your 401k?

    We’ve discussed several different forms of bank fraud before. Whether it’s text message scams or phishing attacks to gain your account information, we’ve talked about the myriad of ways that scammers try to empty your bank account. Now, because of all the news that has gotten out about these scams thieves and cyber-crooks have started targeting a new source of income, retirement funds and 401ks. Is your retirement nest egg vulnerable to being cleaned out? Let’s take a look at how the thieves are targeting 401ks and what can be done about them.

    According to USA Today, since so many consumers and banks have become wary of the typical scams that are used to attack bank accounts the thieves have turned to attack 401ks. The reasoning behind this is because a lot of people don’t pay close attention to their 401k. In too many cases, consumers will either ignore or discard the statements they receive from their retirement fund broker. Then when they need to check their 401k balance they discover that their fund has been slowly drained. Unlike banks, retirement funds aren’t always willing to help you get your money back.

    While the target may be new, the attacks are roughly the same. The thieves use old standards like phishing attacks and weak passwords to gain access to your 401k. In order to prevent these attacks from happening it’s recommended that you review the mailed statements you receive from your fund manager for any suspicious behavior. It’s also recommended that you use a strong password to secure your account with a password that’s not used on any of your other online accounts. Lastly, never click on any links in emails that you receive purporting to be from your 401k manager as they can be used to steal your login information. Instead, always go directly to the 401k website and log in from there to check your account.

     
  • Geebo 8:07 am on January 14, 2020 Permalink | Reply
    Tags: cybersecurity, , ,   

    Windows 7 is no longer supported, what should you do? 

    Windows 7 is no longer supported, what should you do?

    As of today, January 14th, 2020, the Windows 7 operating system is no longer supported by Microsoft. This means that as of today, Microsoft will no longer be providing security updates for Windows 7 as the operating system has reached its end of life. If you currently have a computer that runs Windows 7, you could be vulnerable to malicious attacks. Not only that but you could also leave any other computer connected to your network vulnerable to attack. In short, if your Windows 7 computer is currently connected to the internet, your data and information are at great risk. So let’s discuss what you can do to correct that.

    The first thing you want to do is back up all your data. Most security experts recommend the 3-2-1 method. That means make 3 backups on 2 different forms of media with at least 1 copy kept offsite. The easiest way to proceed from here would be to purchase a new copy of Windows 10 for over $100. That’s as long as you don’t have an older computer that doesn’t meet the requirements to run Windows 10. Microsoft says that no computer over 3 years old should install windows 10, however, Windows 10 has been known to run on older computers. A good rule of thumb may be to only install Windows 10 on a computer that had Windows 7 or 8 pre-installed.

    But if you don’t feel like spending a lot of money to upgrade to Windows 10 there is an unofficial way to get the update for free. While Microsoft isn’t advertising this method, they’re not discouraging it either. The steps for that process can be found at this link and they’re not as hard as they may seem. Be warned that this isn’t a guaranteed method for everyone.

    If your computer is not capable of running Windows 10 all is not lost. There are a number of free operating systems that fall under the Linux umbrella that should be able to be installed on your computer. If you want one that resembles Windows 7 there is a Linux distribution, or distro for short, known as Zorin OS. They have instructions on how to install their system on your computer. One of the benefits of using Linux over Windows is that Linux is more secure. While Linux does not run Windows programs natively there are many Linux versions of your favorite apps. There are also Linux alternatives for most of your favorite Windows apps.

    Just remember to back up all of your data before attempting any of these upgrades or changes.

     
  • Geebo 9:00 am on January 9, 2020 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Was Ring caught looking at customer cameras? 

    Was Ring caught looking at customer cameras?

    Amazon-owned Ring Cameras did not have the best 2019. If customer camera feeds weren’t being hacked then user information was allegedly being exposed in a data breach. Unfortunately for Ring, it doesn’t look like their 2020 is shaping up to be any better. In previous gaffes made by Ring, there was a kernel of truth in their claim that some of these privacy invasions could have been prevented by better user security. For example, by enabling two-factor authentication and not using the same password on all online accounts. But what happens when the security company is the one invading your privacy.

    Motherboard is reporting that Ring had to fire a number of employees who were caught accessing customer data that was not part of their jobs. In short, they were looking at customer video that they should not have been. While it can be expected for a company to monitor some of the user data for quality control purposes, it’s alleged that this was not the reason that certain employees were viewing customer videos. Considering that many Ring customers use the cameras inside their homes this can be especially off-putting knowing that Ring employees may be watching you at home.

    Depending on how this story gets picked up by the media, this could be a devastating blow to Ring’s reputation. How are consumers supposed to trust a company to help keep us safe when their employees are violating the privacy of the consumers? Granted, the number of people who were said to be doing this at Ring was low and they’ve all been relieved from their positions. But still, this seems to be yet another black eye for the security company that used to be the darling of families everywhere.

     
  • Geebo 9:00 am on December 31, 2019 Permalink | Reply
    Tags: cybersecurity, , , , Wyze   

    Another security cam company has data breach 

    Another security cam company has data breach

    You may have recently seen that Ring cameras have not been having the best time of it in the news lately. If their cameras aren’t being hacked by internet pranksters, they’re making headlines for a potential data breach. Because of this, you may be considering using a Ring competitor to monitor your home. If you are, you may want to choose carefully as a Ring competitor just had a massive data breach that makes Ring’s look like a minor oversight in comparison.

    A cybersecurity firm recently announced that they found the security company Wyzed had exposed the personal information of over 2 million customers. Wyze themselves said the breach came about from a database error that led to the server’s security protocols being removed. The data was exposed from December 4th until the 26th when Wyze was notified of the breach. To Wyze’s credit, they rest all the security tokens for their customers requiring them to reset their login credentials.

    However, there is something in reports that should cause concern among Wyze’s users. The cybersecurity firm that found the breach has also claimed that data was being sent to the Alibaba Cloud in China. Wyze says they do not use Alibaba Cloud and that they do not share data with any government agencies. While Wyze may not be sending data to the Chinese government is it possible that they’re just taking it instead?

    If you are a current Wyze customer, you should be on the lookout for identity theft scams such as phishing attacks.

     
  • Geebo 9:00 am on December 24, 2019 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Ring denies massive data breach 

    Ring denies massive data breach

    Ring’s cameras have been in the news a lot lately. Sometimes it’s for good reasons like footage from a Ring camera led to the arrest or conviction of a criminal. However, most of the news seems to have been bad for Ring. Throughout 2019, there was a rash of news stories where hackers and internet pranksters would access someone’s Ring security camera to try to harass or scare a random family. Ring keeps claiming that these security breaches happen due to two-factor authentication not being enabled. But how can that explain close to 4,000 Ring account credentials being exposed on the web?

    BuzzFeed News reported on the alleged breach after they were contacted by a security researcher who found the exposed credentials online. When Ring was asked about the breach, they claimed that there was no breach at all. A Ring spokesperson claims that the credentials were harvested from other data breaches outside of Ring and that Ring customers were just using the same passwords and logins as their Ring service. While that’s statistically improbable, it could be true. Except, BuzzFeed showed the customer credentials to more security experts who noted that the credentials contained Ring specific data such as camera names that customers use. Reportedly, this kind of information can’t be gleaned from outside of Ring’s network.

    If you are a Ring customer, we would recommend changing your login and password as soon as possible and to enact two-factor authentication. With 2FA enabled, it will make it more difficult for someone to access your home cameras. Also, if you’re using the same login and password for other online accounts as you do with your Ring setup, you change them immediately as well. And never use the same password across multiple online accounts. Once one of those accounts become compromised, then they all do.

     
  • Geebo 9:00 am on November 18, 2019 Permalink | Reply
    Tags: cybersecurity, Disney+, , , ,   

    Disney+ accounts are under attack 

    Disney+ accounts are under attack

    Disney+ is the home streaming service brought to you by the Walt Disney Company. It just recently launched and is already seen as a competitor to Netflix. It was hugely successful upon its recent launch and it’s easy to understand why. Not only do they provide the famous Disney catalog but they also own many other entertainment properties such as the Marvel movies and former Fox-owned shows like The Simpsons. That’s not even taking the entire Star Wars franchise into account along with the new Star Wars ongoing series The Mandalorian. Of course, where there’s an online success there are people looking to take advantage of that success and Disney+ is no different.

    Within hours of the launch of Disney+, users were already complaining that they had been locked out of their accounts. These compromised accounts are now up for sale on some of the seedier parts of the web. The accounts are going for as little as $3-$11. Many of these accounts were paid for years in advance leaving those affected with little to no recourse. Basically, hackers were gaining access to the accounts with previously compromised email and password combinations. The hackers then change the login information, locking the account’s owner out before putting the account up for sale.

    If you have a Disney+ account and you’re using a password that you’ve used elsewhere, change your password right away. In general, you should never use the same password twice. As always, we recommend using one of the many free password managers out there. If you were thinking about enabling two-factor authentication on your Disney+ account, unfortunately, you can’t. Disney has yet to offer that feature on Dinsey+. You may also want to do a malware scan on your computer as that’s another popular way that scammers and hackers can obtain your passwords.

    You should be enjoying this service and not having to spend hours with customer service trying to get the issue resolved even if you can.

     
  • Geebo 9:00 am on November 8, 2019 Permalink | Reply
    Tags: , cybersecurity, , , ,   

    Is your Ring doorbell at risk of attack? 

    Is your Ring doorbell at risk of attack?

    Ring Doorbells have become very popular over the past few years. Not only does it offer the convenience of knowing who’s at your door while you’re not home, but it also records any interaction that occurs at your front door. With the assistance of Ring Doorbells, all sorts of interlopers have been caught ranging from porch pirates to home intruders. They’ve become so popular and ubiquitous that police stations around the country are recommending residents install one and become part of a police network of cameras. So, it should come as no surprise that bad actors may want access to your camera.

    Amazon, owners of Ring, recently announced that there was a vulnerability in Ring Doorbells that could have exposed your wifi password to attackers. During the authentication process, the communication between your doorbell and the was unencrypted leaving your wifi password open in plain text and potentially available to hackers. While any attack wouldn’t be able to control the camera itself, once your home wifi is vulnerable an attacker could compromise any number of systems especially if you have a number of smart home or internet of things (IoT) devices.

    Thankfully, Amazon patched this vulnerability before they made it public knowledge. That’s not even taking into account that any attack against the doorbell would have to happen at the precise moment of authentication and the attacker would need to be in range of your home wifi. The chances of a hacker being on your property at the time of authentication are very slim. However, this does show that no smart home or internet-enabled security device is foolproof. When purchasing such a device, do your research in finding out which ones are the most secure and which ones receive regular updates from the manufacturer. Otherwise, you could be as secure as leaving your front door unlocked.

     
  • Geebo 9:00 am on November 5, 2019 Permalink | Reply
    Tags: cybersecurity, , ,   

    Are hackers spending your money on Facebook? 

    Are hackers spending your money on Facebook?

    Business owners, whether they may be big or small, often take out ads on Facebook. Considering Facebook’s massive reach, placing ads on Facebook is almost considered a no-brainer. In order for businesses to place these ads, they need to enter some kind of payment information on Facebook. That can be either a credit or debit card or some kind of online payment like PayPal. You don’t even have to be a business to place a Facebook ad as anybody can purchase an ad. Now, some hacked Facebook accounts have led to these ads being purchased without the knowledge of the account’s owner.

    CNET is reporting that they’ve received reports of hacked Facebook accounts being used to purchase questionable ads. The ads are then charged to the account of whoever’s account has been compromised while the hackers get their ads served for free. The ads tend to be for some kind of scam product where the hackers are just looking to gain the financial information of more victims. You don’t even have to have a Facebook business account for this to happen. If you’ve ever entered your payment information to Facebook for whatever reason, you could be in jeopardy if your account becomes compromised.

    To better protect yourself against an attack like this is to have a secure password used specifically for your Facebook account. Never use similar passwords for different accounts. While business accounts have to keep an eye out for fraudulent charges, personal accounts can remove their payment information from Facebook. On your Facebook account, click on the settings option then scroll down to the payment information option. Once you click on that you’ll have the option to remove your payment information.

     
  • Geebo 8:04 am on October 21, 2019 Permalink | Reply
    Tags: , cybersecurity, , , , ,   

    Smart home camera hacked in baby’s room 

    Smart home camera hacked in baby's room

    A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

    The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

    While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on October 15, 2019 Permalink | Reply
    Tags: cybersecurity, , , , sim jacking, sim swapping,   

    SIM Swapping can cost you thousands if you’re not careful 

    SIM Swapping can cost you thousands if you're not careful

    Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

    SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

    While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel