Tagged: cybersecurity Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on February 4, 2020 Permalink | Reply
    Tags: , cybersecurity, ,   

    Coronavirus fears have led to cyber attacks 

    Coronavirus fears have led to cyber attacks

    The coronavirus has taken up much of the headlines lately and with good reason. Recent reports have come out claiming that it could become a global pandemic although the potential fatality rate remains in doubt. Add to that the amount of rumors and misinformation that is being spread about the disease isn’t helping allay public fears. So as is can be expected, cybercriminals have taken it upon themselves to take advantage of that fear for their own crooked purposes. As we always say, scammers and con artists never fail to take advantage of a disaster or crisis to try and put one over on their victims at great personal cost.

    Security experts at Kaspersky Labs have discovered several phishing emails being spread about the coronavirus. The emails, a sample of which can be seen here, pretend to be from a medical professional who is a coronavirus expert. The emails then request that you click on a link so you can get more information about protecting yourself from the coronavirus. The links are disguised as being any number of video or document files such as pdfs and mp4s. However, these attachments are filled with malware that can do any number of malicious things to your device including destroying your files or holding your device for ransom, among others.

    [youtube https://www.youtube.com/watch?v=tEFFZ7uZoFM%5D

    As always, you should never click on any links or attachments in emails from someone you don’t know personally. If you are concerned about the coronavirus you can get the most factual information from either the World Health Organization, the Centers for Disease Control, or both. Education about the disease is one of the best tools we have as a society in defeating it.

     

  • Geebo 9:00 am on January 29, 2020 Permalink | Reply
    Tags: cybersecurity, , LabCorp, , , Wawa   

    Recent data breaches can affect your money, health, and privacy! 

    Recent data breaches can affect your money, health, and privacy!

    If you’ve ever been to the East Coast especially the Pennsylvania and South Jersey areas you may be familiar with the convenience store chain Wawa. They recently had a data breach that could have exposed up to 30 million payment cards of its customers. Reportedly, hackers had installed malware into the payment processors at multiple stores at both the register area and their gas pumps. Some of the payment card information has even ended up on the web for sale to malicious actors. If you used a debit or credit card at a Wawa store in the past couple of months you’ll want to keep an eye on your account for unauthorized purchases.

    [youtube https://www.youtube.com/watch?v=qyT4SabnV2w%5D

    LabCorp is one of the nation’s largest medical testing companies. They recently had a flaw in their website that allowed 10,000 patient records to be exposed. This information included dates of birth, Social Security numbers, and lab results among other medical data. This is the second breach for LabCorp in the past year as their payment system was exposed back in June which resulted in the compromise of close to 8 million payment records. This latest breach could result in heavy fines for LabCorp under the Health Insurance Portability and Accountability Act (HIPAA). LabCorp has said that they will be notifying patients who had their data exposed.

    Lastly, it seems we can’t talk about data breaches without talking about Ring. While Ring’s most recent incident may not be a data breach per se, it does show how your information can be put at risk. The internet privacy advocates at the Electronic Frontier Foundation (EFF) claim they have discovered that the Android version of the Ring camera app sends user information to several third-parties. One of those third-parties is said to be Facebook and it doesn’t matter if you have a Facebook account or not. Some of the information sent to these third-parties include users’ full names, email addresses, and app settings including the number of locations they have Ring devices installed in.

     

  • Geebo 9:00 am on January 28, 2020 Permalink | Reply
    Tags: , cybersecurity, Kobe Bryant, , spear phishing   

    Scammers are preying on the loss of Kobe Bryant 

    Scammers are preying on the loss of Kobe Bryant

    No matter what your opinion of Kobe Bryant may be, it’s a tragedy that he and his 13-year-old daughter Gianna along with seven other people lost their lives in a helicopter crash over the weekend. Leave it to the scammers of the internet to waste no time in trying to take advantage of this horrible accident. It seems like it took the scammers no time at all to put their schemes into action after the news broke of Kobe’s untimely passing. In less than a day, con artists had taken to the internet to try to prey on Kobe’s fans in their time of mourning.

    [youtube https://www.youtube.com/watch?v=LnB0S6QZYXg%5D

    The Better Busines Bureau, as always, is already on top of these scams. They are warning that the scams are coming in two different forms of attack. The first is what’s known as a spear-phishing attack. Emails are being sent out en masse claiming to be from a reputable news outlet. The email will claim to have some kind of exclusive news that’s not being reported anywhere else. The email will contain either a link or an attachment that the scammers will hope you’ll click on. This could lead to any kind of malware being installed on your device.

    In a similar vein, the second form of attack is clickbait. These are the headlines you may see that claim to have news that ‘you won’t believe’. Or they may claim that they have ‘exclusive footage’ that no one else has. These websites also contain malware that could be used to steal personal information from your device.

    In any case, you should never click on links or attachments in emails from people you don’t know personally. Also, the articles that go along with shocking headlines usually aren’t shocking at all and could contain code that could possibly hijack your device. Always think twice before clicking on any potentially risky link.

     

    • Suberinacooperjohnson 4:43 am on January 30, 2020 Permalink

      The FBI should take these people check.

    • Suberinacooperjohnson 4:45 am on January 30, 2020 Permalink

      Continue praying for the entire kobe bryant family especially his wife , vanassa& daughters. As well as his mother/father & sisters.entire Lakers family, friends & fans.

  • Geebo 9:00 am on January 24, 2020 Permalink | Reply
    Tags: cybersecurity, FedEx, , , ,   

    FedEx text scam is more dangerous than you think! 

    FedEx scam is more dangerous than you think!

    A number of reports went out nationwide yesterday about a scam that’s appearing in the text messages of many Americans. As you can see by the graphic above, the text claims to be from FedEx telling you that you have an incoming package that requires you to submit your delivery preferences. The text then provides you a link to click on. While this appears to be just a ‘normal. phishing scam on the surface, this particualr scam goes much deeper than that and can end up costing you a lot of money.

    If you were to click on the link in the phony text you would be taken to a site that looks like Amazon but isn’t. The fake Amazon site then asks you to fill out a customer service survey in order to claim a prize. However, to collect the prize you need to cover the cost of shipping and for that, you need to provide your financial information. Yet, it doesn’t stop there. On top of everything else, by providing your payment information you’re also signing up for a subscription service that will charge you close to $100 a month for products related to the ‘prize’ you chose. We’ve previously discussed subscription scams here.

    [youtube https://www.youtube.com/watch?v=Ez1ZmkI4EfA%5D

    If you receive this text, delete it immediately. It goes without saying that you shouldn’t click the link nor should you respond to it. While FedEx does offer a service to text message you about the arrival of your packages you have to sign up for that service. FedEx will never send unsolicited text messages. If you are expecting a package to be delivered from FedEx or any other courier and you are concerned about the delivery, always use the courier’s website or official app to see if there have been any actual problems with delivery.

     

  • Geebo 9:00 am on January 23, 2020 Permalink | Reply
    Tags: cybersecurity, , , Personal Data Protection Fund, , US Trading Commission   

    Can you get paid for data breaches? 

    Can you get paid for data breaches?

    Sadly, data breaches are just a part of our way of digital life anymore. It’s not a matter of if some of our data will be exposed, it’s a matter of when. Some of the more egregious data breaches have even landed companies in legal trouble such as the infamous Equifax leak. Some of these have resulted in class action lawsuits which while costing the companies large sums of money, consumers affected by the leaks can only claim a very small part of that settlement. Some scammers are now using that fear of exposure and a little bit of consumer greed to try to trick people into giving up their personal information.

    Security experts Kaspersky Labs recently came across a website that promises to send you money if your data has been exposed in one of these corporate leaks. The website claims to be from the ‘Personal Data Protection Fund’ that was created by the ‘US Trading Commission’. There is no governmental office known as the US Trading Commission. The site asks you to enter your information including your Social Security information to see if your data has been leaked. Of course, it tells you that it has and promises you a payout of $2,500. All you have to do is give them your bank number in order to collect the payout. As you might have expected, there is no payout and now some overseas scammer has all the information they need to steal your identity or worse.

    As always, you should never give your personal or financial information to just anyone who asks on the internet. Don’t be lured in by promises of money where you don’t have to do anything for it. Also, the government doesn’t hand out payments for people who have had their data breached. If you’re afraid your data may have been breached you can check at haveibeenpwned.com which is one of the more trustworthy places online.

     

  • Geebo 9:04 am on January 15, 2020 Permalink | Reply
    Tags: 401k, cybersecurity, , retirement fund,   

    Are thieves targeting your 401k? 

    Are thieves targeting your 401k?

    We’ve discussed several different forms of bank fraud before. Whether it’s text message scams or phishing attacks to gain your account information, we’ve talked about the myriad of ways that scammers try to empty your bank account. Now, because of all the news that has gotten out about these scams thieves and cyber-crooks have started targeting a new source of income, retirement funds and 401ks. Is your retirement nest egg vulnerable to being cleaned out? Let’s take a look at how the thieves are targeting 401ks and what can be done about them.

    According to USA Today, since so many consumers and banks have become wary of the typical scams that are used to attack bank accounts the thieves have turned to attack 401ks. The reasoning behind this is because a lot of people don’t pay close attention to their 401k. In too many cases, consumers will either ignore or discard the statements they receive from their retirement fund broker. Then when they need to check their 401k balance they discover that their fund has been slowly drained. Unlike banks, retirement funds aren’t always willing to help you get your money back.

    While the target may be new, the attacks are roughly the same. The thieves use old standards like phishing attacks and weak passwords to gain access to your 401k. In order to prevent these attacks from happening it’s recommended that you review the mailed statements you receive from your fund manager for any suspicious behavior. It’s also recommended that you use a strong password to secure your account with a password that’s not used on any of your other online accounts. Lastly, never click on any links in emails that you receive purporting to be from your 401k manager as they can be used to steal your login information. Instead, always go directly to the 401k website and log in from there to check your account.

     

  • Geebo 8:07 am on January 14, 2020 Permalink | Reply
    Tags: cybersecurity, , ,   

    Windows 7 is no longer supported, what should you do? 

    Windows 7 is no longer supported, what should you do?

    As of today, January 14th, 2020, the Windows 7 operating system is no longer supported by Microsoft. This means that as of today, Microsoft will no longer be providing security updates for Windows 7 as the operating system has reached its end of life. If you currently have a computer that runs Windows 7, you could be vulnerable to malicious attacks. Not only that but you could also leave any other computer connected to your network vulnerable to attack. In short, if your Windows 7 computer is currently connected to the internet, your data and information are at great risk. So let’s discuss what you can do to correct that.

    The first thing you want to do is back up all your data. Most security experts recommend the 3-2-1 method. That means make 3 backups on 2 different forms of media with at least 1 copy kept offsite. The easiest way to proceed from here would be to purchase a new copy of Windows 10 for over $100. That’s as long as you don’t have an older computer that doesn’t meet the requirements to run Windows 10. Microsoft says that no computer over 3 years old should install windows 10, however, Windows 10 has been known to run on older computers. A good rule of thumb may be to only install Windows 10 on a computer that had Windows 7 or 8 pre-installed.

    But if you don’t feel like spending a lot of money to upgrade to Windows 10 there is an unofficial way to get the update for free. While Microsoft isn’t advertising this method, they’re not discouraging it either. The steps for that process can be found at this link and they’re not as hard as they may seem. Be warned that this isn’t a guaranteed method for everyone.

    [youtube https://www.youtube.com/watch?v=7o7By0cifNI%5D

    If your computer is not capable of running Windows 10 all is not lost. There are a number of free operating systems that fall under the Linux umbrella that should be able to be installed on your computer. If you want one that resembles Windows 7 there is a Linux distribution, or distro for short, known as Zorin OS. They have instructions on how to install their system on your computer. One of the benefits of using Linux over Windows is that Linux is more secure. While Linux does not run Windows programs natively there are many Linux versions of your favorite apps. There are also Linux alternatives for most of your favorite Windows apps.

    Just remember to back up all of your data before attempting any of these upgrades or changes.

     

  • Geebo 9:00 am on January 9, 2020 Permalink | Reply
    Tags: cybersecurity, , , ,   

    Was Ring caught looking at customer cameras? 

    Was Ring caught looking at customer cameras?

    Amazon-owned Ring Cameras did not have the best 2019. If customer camera feeds weren’t being hacked then user information was allegedly being exposed in a data breach. Unfortunately for Ring, it doesn’t look like their 2020 is shaping up to be any better. In previous gaffes made by Ring, there was a kernel of truth in their claim that some of these privacy invasions could have been prevented by better user security. For example, by enabling two-factor authentication and not using the same password on all online accounts. But what happens when the security company is the one invading your privacy.

    Motherboard is reporting that Ring had to fire a number of employees who were caught accessing customer data that was not part of their jobs. In short, they were looking at customer video that they should not have been. While it can be expected for a company to monitor some of the user data for quality control purposes, it’s alleged that this was not the reason that certain employees were viewing customer videos. Considering that many Ring customers use the cameras inside their homes this can be especially off-putting knowing that Ring employees may be watching you at home.

    [youtube https://www.youtube.com/watch?v=CWg85eJDFu4%5D

    Depending on how this story gets picked up by the media, this could be a devastating blow to Ring’s reputation. How are consumers supposed to trust a company to help keep us safe when their employees are violating the privacy of the consumers? Granted, the number of people who were said to be doing this at Ring was low and they’ve all been relieved from their positions. But still, this seems to be yet another black eye for the security company that used to be the darling of families everywhere.

     

  • Geebo 9:00 am on December 31, 2019 Permalink | Reply
    Tags: cybersecurity, , , , Wyze   

    Another security cam company has data breach 

    Another security cam company has data breach

    You may have recently seen that Ring cameras have not been having the best time of it in the news lately. If their cameras aren’t being hacked by internet pranksters, they’re making headlines for a potential data breach. Because of this, you may be considering using a Ring competitor to monitor your home. If you are, you may want to choose carefully as a Ring competitor just had a massive data breach that makes Ring’s look like a minor oversight in comparison.

    A cybersecurity firm recently announced that they found the security company Wyzed had exposed the personal information of over 2 million customers. Wyze themselves said the breach came about from a database error that led to the server’s security protocols being removed. The data was exposed from December 4th until the 26th when Wyze was notified of the breach. To Wyze’s credit, they rest all the security tokens for their customers requiring them to reset their login credentials.

    [youtube https://www.youtube.com/watch?v=2kwtkMaT8nw%5D

    However, there is something in reports that should cause concern among Wyze’s users. The cybersecurity firm that found the breach has also claimed that data was being sent to the Alibaba Cloud in China. Wyze says they do not use Alibaba Cloud and that they do not share data with any government agencies. While Wyze may not be sending data to the Chinese government is it possible that they’re just taking it instead?

    If you are a current Wyze customer, you should be on the lookout for identity theft scams such as phishing attacks.

     

  • Geebo 9:00 am on December 24, 2019 Permalink | Reply
    Tags: cybersecurity, , , , ,   

    Ring denies massive data breach 

    Ring denies massive data breach

    Ring’s cameras have been in the news a lot lately. Sometimes it’s for good reasons like footage from a Ring camera led to the arrest or conviction of a criminal. However, most of the news seems to have been bad for Ring. Throughout 2019, there was a rash of news stories where hackers and internet pranksters would access someone’s Ring security camera to try to harass or scare a random family. Ring keeps claiming that these security breaches happen due to two-factor authentication not being enabled. But how can that explain close to 4,000 Ring account credentials being exposed on the web?

    [youtube https://www.youtube.com/watch?v=XxcYimzcTik%5D

    BuzzFeed News reported on the alleged breach after they were contacted by a security researcher who found the exposed credentials online. When Ring was asked about the breach, they claimed that there was no breach at all. A Ring spokesperson claims that the credentials were harvested from other data breaches outside of Ring and that Ring customers were just using the same passwords and logins as their Ring service. While that’s statistically improbable, it could be true. Except, BuzzFeed showed the customer credentials to more security experts who noted that the credentials contained Ring specific data such as camera names that customers use. Reportedly, this kind of information can’t be gleaned from outside of Ring’s network.

    If you are a Ring customer, we would recommend changing your login and password as soon as possible and to enact two-factor authentication. With 2FA enabled, it will make it more difficult for someone to access your home cameras. Also, if you’re using the same login and password for other online accounts as you do with your Ring setup, you change them immediately as well. And never use the same password across multiple online accounts. Once one of those accounts become compromised, then they all do.

     

← Older posts

Newer posts →

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel