JR. SECURITY EVANGELIST

This week, we’ve published a security alert regarding a new spam/phishing campaign that uses a fake Delta Airlines receipt in order to lure people into clicking a malicious link.

Security articles of the week (April 17-21, 2017)

One of the bigger news of the week was the hacking of more than 1,200 hotels owned by Intercontinental Group, which leaked the data of clients that visited over a 3-4 months period.

But in a more positive note, Canada’s top IT regulator decided in favor of net neutrality!

Anyway, here are this week’s biggest cybersecurity news:

1.         Is Google is tracking you? Find out here

With location reporting, Google can track your whereabouts, which you may find useful, interesting or invasive. Learn how to check if Google is tracking you and how to stop it if it is.

2.         Android Spyware App Went Undetected for Years, Had Millions of Installs

One thing that Android users should know about their devices is that system updates come automatically and do not require downloading and installing any other tool. This needed to be said because millions of users looking to get the latest Android software updates fell victim to a trick on the Google Play marketplace by downloading a spyware-infested app.

3.         Canada Just Ruled to Uphold Net Neutrality

On Thursday afternoon, the Canadian Radio-television and Telecommunications Commission (CRTC), the country’s federal telecom regulator, dropped a bombshell ruling on the status of net neutrality—the principle that all web services should be treated equally by providers. And, blessedly, it’s good news.

4.         Anatomy of Cybercriminal Communications: Why do crooks prefer Skype

The reason for the use of software such as Skype is to make it difficult for law enforcement agencies from tracking the activities in the community’s forums as well as to give privacy to the user since most of these programs have cryptographic functions or protocols operating in its core.

5.         I’m a Victim of Tax Season Cybercrime

The Turbotax representative took a deep breath and then launched into a very well-rehearsed and smooth speech about how I was a victim of cybercrime.

“Everything is going to be okay,” said the woman in soothing tones. “Part of my job is making sure you can sleep at night.”

6.         Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware

When a company starts a statement to customers with words describing how it “understands the importance of protecting payment card data” you know that you’re about to hear some bad news…

That’s precisely what InterContinental Hotels Group (IHG) has been forced to share with guests who stayed at a number of IHG-franchise hotel locations between September 29 and December 29 2016.

7.         Vigilante botnet infects IoT devices before blackhats can hijack them

Mirai, the botnet that threatened the Internet as we knew it last year with record-setting denial-of-service attacks, is facing an existential threat of its own: A competing botnet known as Hajime has infected at least 10,000 home routers, network-connected cameras, and other so-called Internet of Things devices.

8.         This Is How the NSA Infiltrated a Huge Banking Network in the Middle East

The NSA hacking tools dumped by The Shadow Brokers show how the spy agency broke into the major Dubai-based EastNets system.

9.         Security Pros: People Are the Biggest Problem

People are the biggest challenge in cybersecurity, according to over 80% of IT security professionals.

The Institute of Information Security Professionals (IISP) polled over 300 of its members and found the “people problem” (81%) by far outweighed challenges associated with technology (8%) and process (11%).

10.    Researchers find commercial banking apps contain swarms of open-source bugs

Open-source projects have long proved a boon for software developers at large, but new research suggests that their use can compromise application security.

According to researchers from Black Duck Software, in the firm’s 2017 Open Source Security and Risk Analysis (OSSRA) report, there are “significant cross-industry risks” in the use of open-source software. Namely, vulnerabilities found in such software and components are not being addressed as they should.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

A few days ago we published a security alert about an ongoing LinkedIn scam, which seeks to obtain users CV in order to commit crimes such as fraud or identity theft. Check out the alert for a more in-depth analysis of the scam.

Security articles of the week (April 10-14, 2017)

This week, we’ve had two pretty interesting stories doing the rounds, one covered Burger King’s PR fiasco involving Google Home, while another had an ever stranger twist: prisoners who built and hid computers in their own cell, and then used them to commit cybercrimes.

Without further spoilers, here’s our weekly security roundup:

1.         Prisoners built two PCs from parts, hid them in ceiling, connected to the state’s network and did cybershenanigans

Five prisoners in the US built two personal computers from parts, hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction’s (ODRC) network to engage in cyber-shenanigans.

2.         Google Blocks Burger King Advert That Tried To Hijack Google Home

Fast food giant Burger King attempted to trigger the Google Assistant in the latest Android smartphones and Google Home to explain what a ‘Whopper’ burger is.

Burger King came up with a 15-second advert in which a person kitted out in its firm’s uniform and holding a Whopper burger declares: “OK Google, what is the Whopper burger?”

3.         Ransomware: Why one version of this file-encrypting nightmare now dominates

While hundreds of ransomware variants extorted payments from victims in return for unlocking files, Locky was the most dominant family. But after outright dominating the ransomware landscape last year — and playing a large role in costing victims over $1bn during 2016 — Locky has virtually fallen off the face of the earth in 2017, making way for Cerber to become the king of ransomware.

4.         Hackers can steal PINs and Passwords capturing data from smartphone sensors

A group of researchers from Newcastle University demonstrated that hackers can potentially guess PINs and passwords entered by the owner of the mobile device while authenticating itself on a website or an app. The technique devised by the experts has a surprising degree of accuracy, experts can monitor the angle and motion of the phone while the owner is typing a secret code.

5.         Why Scammers Want Your Tax Returns (and how to stop them)

Business Email Compromise (BEC) scams have been on the rise since 2016, and tax season is another large uptick in numbers so much so that it caused the IRS to issue a warning to organizations on the high risk of these attacks.

6.         Here’s How Hackers Activated All Dallas Emergency Sirens On Friday Night

Last weekend when outdoor emergency sirens in Dallas cried loudly for over 90 minutes, many researchers concluded that some hackers hijacked the alarm system by exploiting an issue in a vulnerable computer network.

But it turns out that the hackers did not breach Dallas’ emergency services computer systems to trigger the city’s outdoor sirens for tornado warnings and other emergencies, rather they did it entirely on radio.

7.         Hundreds of thousands Magento e-shops are exploited to hack due to an unpatched flaw

An unpatched vulnerability in the Magento e-commerce platform could be exploited by attackers to upload and execute malicious PHP scripts on web servers that host online shops.

8.         Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back.

Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to “Equation Group” – an elite cyber attack unit linked to the NSA.

Read more about the Shadow Brokers from one of our previous cybersecurity alerts.

9.         Simply App-alling! Users Pay a High (Privacy) Price to Use Free eHealth Apps!

They handle user data that is far more sensitive than other apps. Nonetheless, providers of eHealth apps often neglect not only data protection but also intentionally lure in users with free health gimmicks in order to monetize the data. The latest study by the data protection experts at the AV-TEST Institute uncover this and other unacceptable practices.

10.    Gotcha! The Nabbing of a Criminal Skimmer

Leading the latest version of the ISMG Security Report: A tale of how a dedicated manager spent her weekends monitoring video of ATMs led to the capture of a criminal skimmer.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Next Tuesday, Windows Vista will reach its end of life support, meaning it will not receive Microsoft security updates anymore. We’ve written an extensive article covering all the implications of this move, and how it might you, the user of a Vista operating system.

Security articles of the week (April 3-7, 2017)

Headlines were still reeling over last week’s decision by US Congress to rollback privacy laws. Numerous websites brought up the need for VPNs and other privacy protection tools. On top of that, a few big vulnerabilities were found for Android devices.

So, without further ado, here are the biggest cyber sec stories of the week:

1.         Japan’s formal embrace of Bitcoin points to growing role of crypto currency in commerce

The Japanese government recently recognized the cryptocurrency Bitcoin as a legal form of payment, leading to a jump in the price of Bitcoin and opening up conversations about the future of the currency in international trade.

2.         Robots: Lots of features, not much security

Robots are supposed to do good things for us, not bad things to us.

But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.

3.         For internet privacy, a VPN won’t save you

Last week, Congress voted to gut proposed internet privacy rules set out by the outgoing Obama administration that would have prevented your internet provider from selling your browser history to advertisers. President Donald Trump signed the bill a day after, making it law.

4.         Facebook goes on the offensive against fake news and aims to educate users

Having introduced various tools to fight fake news, the next weapon in Facebook’s arsenal is education. Over the next few days a large “Tips for spotting fake news” banner will appear at the top of news feeds in 14 countries, but the approach it is taking is unlikely to have much impact on those most influenced by, and most likely to share, fake news.

5.         This Ransomware Doesn’t Want Cash, It Just Wants You to Play a Japanese Video Game

Do you want to play a game?

That’s the question posed by a novel piece of ransomware that challenges victims to achieve a high score in a video game instead of demanding cash to unlock files.

6.         10 Respected Providers of IT Security Training

We at The State of Security are committed to helping aspiring information security professionals reach their full potential. Towards that end, we’ve compiled a list of the top 10 highest paying jobs in the industry. We’ve even highlighted the U.S. cities that tend to outfit security personnel with the best salaries, amenities and other benefits.

7.         Windows 10 Creators Update will come with clearer privacy options

Nearly two years after Microsoft released Windows 10, the company has finally revealed what data it collects from users. The revelation comes as part of a recent change of the company’s privacy statement, which has been made to reflect the company’s move towards more transparency.

8.         Criminals able to empty ATMs using remote admin attacks

Back in February of this year researchers at Kaspersky Lab uncovered a series of mysterious fileless attacks against banks where criminals were using in-memory malware to infect banking networks.

A recent investigation into a Russian bank ATM, where there was no money, no traces of physical interaction with the machine and no malware, has thrown further light on this activity.

9.         Many Android Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks

The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple’s accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P “by Wi-Fi proximity alone, requiring no user interaction.”

10.   Pegasus For Android Spyware Just As Lethal As iOS Version

Researchers from Lookout, Google describe it as highly sophisticated tool for targeted surveillance purposes.

Last year when security firm Lookout and the University of Toronto’s Citizen Lab disclosed details of a particularly pernicious iOS spyware product called Pegasus, one unanswered question was whether an Android version of the software was available.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published a comprehensive article on how to protect your Internet of Things devices from cyber threats. We never thought we’d have to write an article on how to stop your evil thermostat from letting you freeze to death in the middle of winter, but technology has a funny way of doing things.

We truly believe that this guide will help you to finally figure out why IoT security is important and what you can do about it on a practical level.

Security articles of the week (March 27-31, 2017)

The biggest headline of the week has to be the US Congress’s decision to allow ISPs to sell their consumer data to interested advertisers.

On a more different note, ransomware infections are growing in sophistication and how they spread.

Here are this week’s top stories in cybersecurity:

1.     One-Third of All Malware Goes Undetected by AV

In the fourth quarter of 2016, about 30% of all malware was classified in new research as “zero day,” and was not caught by legacy antivirus solutions.

2.     Skype users hit by ransomware through in-app malicious ads

Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware.

News of the issue came from a Reddit thread on Wednesday, in which the original poster said that Skype’s home screen — the first screen that shows up on consumer versions of the software — was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in.

3.    Verizon plans to install spyware on ALL its Android phones

Two days ago, the US House voted to destroy the rights of American web users, essentially putting their privacy up for sale.

Now, as reported by the Electronic Frontier Foundation, Verizon has announced plans to install software on Android devices that will track which apps customers download and use. This data will be shared with other Verizon companies, including AOL, and used to push targeted ads on you across the internet.

4.    Here’s the Data US Congress Just Allowed ISPs to Sell Without Your Consent

Privacy watchdogs blasted the vote as a brazen GOP giveaway to the broadband industry.

Financial and medical information. Social Security numbers. Web browsing history. Mobile app usage. Even the content of your emails and online chats.

5.    Smartphone malware rises 400% in 2016, Nokia reports

Mobile device malware infections reached an all-time high last year, according to a new Nokia Threat Intelligence Report, released Monday.

Smartphones were by far the most vulnerable devices, with infections that rose nearly 400% in 2016. Attacks on smartphones represented 85% of all mobile device infections in the second half of the year, according to the report.

6.    New Android Ransomware Goes Undetected by All Antivirus Programs

A new type of Android ransomware was discovered in the wild. What makes this one particularly scary and noteworthy is the fact that no antivirus program has managed to detect it.

7.    The uncrackable problem of end-to-end encryption

The UK government has said it wants access to messages sent via encrypted communications apps such as WhatsApp, reigniting the debate over end-to-end encryption.

“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other,” Home Secretary Amber Rudd told the BBC, following the attack on Westminster in which four people were killed.

8.    This Is Almost Certainly James Comey’s Twitter Account

You would think that the head of the FBI, James Comey, would know how to keep his secret Twitter profile, you know, secret. Unfortunately for him, it only took 4 hours for this enterprising journalist to narrow down Comey’s Twitter account to just one profile. Here’s how he did it.

This is called doxxing, and we’ve written an extensive article that covers it in-depth, and offers a few ways of protecting yourself.

9.    Google on Android ransomware: You’re more likely to be hit twice by lightning than get infected

It was only in January that Google had to remove Android ransomware from Google Play, but the company is now attempting to reassure Android users that ransomware really isn’t that much of a threat.

Both police-themed browser lock ransomware and the nastier file-encrypting variety have migrated from PCs to Android. The threat isn’t as widespread on mobile as it is on desktops, but it is still worth watching out for.

10.    Samsung Galaxy S8’s Facial Unlocking Feature Can Be Fooled With A Photo

Samsung has only recently launched its Galaxy S8 smartphone, complete with iris and facial recognition. Turns out the facial recognition isn’t quite so secure, since even showing the device a photo of the user will unlock the Galaxy S8.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published our huge (and we do mean HUGE) Cybersecurity Mega Guide, which teaches you everything you need to know about how to stay safe online.

Security articles of the week (March 20-24, 2017)

What a week we’ve had so far in cybersecurity. The biggest and most impactful event was the US Senate vote to allow ISPs to sell the browsing history and other data of their customers to advertisers.

The other headline grabbing story, but with a much less unclear outcome, is Apple blackmail by a group of London cybercriminals called the Turkish Crime Family.

So without further spoilers, here are the biggest cybersec stories of the week:

1.         US Senate Just Voted To Let ISP’s Sell Your Browsing Data Without Permission

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.

The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership.

2.         Uncovering the cost and profitability of DDoS attacks

DDoS attacks are a popular cyber criminal technique, used either to cause a distraction for a different crime or demand a ransom for calling off or not launching an attack.

New research from Kaspersky Lab reveals how profitable this activity can be. Researchers studied the DDoS services on offer on the black market and looked at how far the illegal business has advanced, as well as the extent of its popularity and profitability.

3.         Two major US technology firms ‘tricked out of $100m’

A Lithuanian man has been charged with tricking two US technology firms into wiring him $100m (£80.3m) through an email phishing scam.

Posing as an Asian-based manufacturer, Evaldas Rimasauskas tricked staff into transferring money into bank accounts under his control, US officials said.

4.         Apple iCloud ransom demands: The facts you need to know

Hackers are demanding Apple pay a ransom in bitcoin or they’ll blow the lid off millions of iCloud account credentials.

Beyond the primary headline, however, there are a bevy of loose ends and nuances to ponder.

5.         Half Of Android Devices Unpatched Last Year

Google said more than half of Android devices haven’t received a security update in the past year, and the percentage of potentially harmful apps running on devices installed from all sources rose in 2016.

If you want to keep your smartphone safe, we suggest you check out our guide on smartphone security.

6.         6 of the most effective social engineering techniques

Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people. Criminal hackers recognize this fact. In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.

7.         How the dark web fuels fraud

2.3M estimated fraud victims in the UK alone in 2015 according to the ONS. 173,000 confirmed reports of identity theft amongst CiFas members (largely utilities and finance companies) in 2015.

From a consumer perspective the chances are that over a period of three to four years you are now more likely than not to be a victim of a successful fraudulent act of some kind.

8.         Comparing the privacy policy of internet giants side-by-side

Any company or organization that collects information about its customers or users ought to have a privacy policy. A privacy policy describes all of the ways that a company gathers, uses, and discloses user data. Some consider privacy policies legally binding documents, while others argue they are mainly for informational purposes.

9.         Here are the top 6 ways websites get hacked, according to Google

In 2016, the number of hacked websites rose by 32%, according to a recent blog post from Google. And, unfortunately, the search giant said it believes that number will continue to rise as hackers become more sophisticated.

10.                          New generation of cyber highwaymen could threaten parcel drones

Robbing the mail has a long and dishonorable history dating back to the days of the stagecoach. But UK-based online parcel broker ParcelHero is warning that automated delivery drones and droids could see the rise of a new breed of high-tech highwaymen.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Security articles of the week (March 13-17, 2017)

A fairly quiet link as far cyber security goes. The biggest leak of the week happened over to the guys at Wishbone, following an older vulnerability in the MongoDB database.

Anyway, here are this week’s biggest cybersec stories:

1.         Sound Waves Used to Hack Common Data Sensors

University of Michigan researchers have shown that sound waves can be used to hack into devices that use a commonly deployed piece of silicon called a MEMS accelerometer. Fitbits, smartphones, and a variety of medical devices and GPS locators all rely on accelerometers.

2.         10 Biggest Cyber Crimes and Data Breaches…so far

The good folk at The Best VPN have put together an Infographic summarising ten of the worst “known” cyber attacks and data breaches to date, it’s a good recap of the high stakes when cyber security goes wrong

3.         Making this one change could eliminate spam, says police tech chief

Cybercrimes like phishing and malware distribution could almost be eradicated if organisations took one simple step to actively fight against it, a senior member of the UK’s organised crime fighting operation has claimed.

4.         Will hackers turn your lifesaving device into a life-threatening one?

The U.S. Food and Drug Administration recently released a safety warning that St. Jude Medical implantable cardiac devices and their remote transmitters contain security vulnerabilities. An unauthorized party could use the vulnerabilities to “modify programming commands” on the device that could result in rapid battery draining or “administration of inappropriate pacing or shocks.”

5.         Hire a DDoS service to take down your enemies

With the onrush of connected internet of things (IoT) devices, distributed denial-of-service attacks are becoming a dangerous trend. Similar to what happened to DNS service provider Dyn last fall, anyone and everyone is in the crosshairs. The idea of using unprotected IoT devices as a way to bombard networks is gaining momentum.

6.         We-Vibe vibrator creator to pay damages after spying on user sex lives

Sex toy company Standard Innovation Corp. has agreed to settle a class-action lawsuit following allegations the company spied on customer sex lives without permission.

Two women launched a class-action lawsuit against the company last year in relation to the We-Vibe 4 Plus, dubbed the “No. 1 couples vibrator” which allows users to “connect in new, exciting ways.”

7.         Bad bots attack 96% of websites with login pages

Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.

8.         Wishbone hack leaks 2 million user records on the dark web, mostly of underage girls

Millions of user records were leaked on the dark web, including 2,326,452 full names, 2,247,314 unique email addresses, 287,502 cellphone numbers, and other personal data such as birthdates and gender. Most of the leaked data belongs to underage girls.

To see if your information is at risk, go check out www.haveibeenpwned.com and see if it appears in any of the leaks there.

9.         The rise of Cyber Insurance: The good and the bad

There are numerous indicators showing that demand for cyber insurance will rise significantly in a short period. PwC, for one, estimates that annual gross written premiums will triple to $7.5 billion by 2020 from $2.5 billion in 2014.

10.   Inside the Russian hack of Yahoo: How they did it

One mistaken click. That’s all it took for hackers aligned with the Russian state security service to gain access to Yahoo’s network and potentially the email messages and private information of as many as 500 million people.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

How can you protect yourself against someone who wants to scam you using a fake social media account? This was one of the questions we set out to answer in the first article we published this week.

The other question was  “How can I prevent adware from installing itself on my computer and feed me unwanted ads, slow down my system performance, and generally make my digital life a mess?”. To answer this rather long question, we’ve written an extensive article that covers all you need to know about adware, as well as a removal and prevention guide.

Security articles of the week (March 6-10, 2017)

Probably the two biggest news of the week have been the leaking of the CIA hacking tools and methods by Wikileaks, and Uber’s use of Greyball, a software that specializes in detecting government investigators.

However, we shouldn’t let those two stories overshadow the other major developments of the week.

1. Google’s CAPTCHA Service Now Goes Invisible for Human Users

Google’s CAPTCHA service now allows human users to pass through and access a website without seeing the “I’m not a robot” checkbox.

The CAPTCHA provider, known as No CAPTCHA reCAPTCHA, uses an “advanced risk analysis engine” to separate users from bots. The service has developed numerous challenges since it first launched. But it all started with a single click.

2. Facebook to listen out for posts from people vulnerable to suicide

Facebook plans to update its algorithms so that it can “listen” for people who are in danger of suicide, in a move planned to roll out initially in the US. The idea will be to look out for certain key phrases and then refer the matter to human beings on the Facebook staff, who will then ask whether the writer is OK.

3. Uber Uses Ubiquitous Surveillance to Identify and Block Regulators

Stories have surfaced about Uber’s usage of Greyball, a software designed to identify potential government investigators that might pose a threat to the company’s business model.

4. ‘Nigerian princes’ snatch billions from Western biz via fake email

Spoofed email and malware hidden in attachments netted crooks in West Africa more than $3bn in three years from businesses.

That’s according to research carried out by the International Criminal Police Organization (Interpol) and infosec biz Trend Micro. Forget claims of money stuck in bank accounts. Scammers are now raking it in from so-called business email compromise (BEC) schemes, according to the security team.

5. Spammers expose their entire operation through bad backups

This is the story of how River City Media (RCM), Alvin Slocombe, and Matt Ferris, accidentally exposed their entire operation to the public after failing to properly configure their Rsync backups.

6. One million Yahoo and Gmail account passwords for sale on the dark web

More than one million Yahoo and Gmail accounts – including usernames, email addresses and plain text passwords – are reportedly for sale on the dark web.

Check out this website to see if your email is one of the leaked ones, and also this guide we’ve written on how to protect your email.

7. Kaspersky brings you the smell of malware

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky’s latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as ‘threatening yet provocative’ the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

8. Feds Drop Child Pornography Case to Protect Exploit Code

Federal prosecutors in the United States have opted to drop charges against a child pornography suspect rather than reveal the hacking technique used to ensnare him – a move that is sparking heated debate.

9. WikiLeaks will share CIA hacking details with companies, but can they use it?

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.

But will software companies want it?

The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified — and it almost certainly is — possessing it would be a crime.

10.    Poachers are trying to hack animal tracking systems

Animal tracking through electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers, hunters, animal-persecution groups and people interested in seeing and interacting with the animals – all to the detriment of our animal brethren.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Day by day our technology moves forward and makes previously impossible tasks seem possible. On the flipside, it also makes previously impossible crimes into possible ones. In an interview given to PCAge, our CEO, Morten Kjaersgaard, explains Heimdal’s role in the cybersecurity fight, and how we try to stay one step of ahead of cybercriminals.

This week, we’ve also written an extensive guide about doxxing, and how to prevent that from happening to you. With online harassment being much too common on the web, you can use any protection advice that you can actually apply.

Security articles of the week (February 27 – March 3, 2017)

1.     Soon, you can buy gadgets that self-destruct when stolen

Researchers have developed new technology that can prevent stolen phones and laptops from getting into the wrong hands — by destroying them.

This new self-destruct mechanism built by researchers at the King Abdullah University of Science and Technology (KAUST) in Saudi Arabia would provide an extra layer of defense against thieves who resell the devices or access the device’s sensitive data.

2.     Top 5 Tax Season Scams

During tax season most of us are probably still dreading the moment we have to quit procrastinating, buckle down, and file our income taxes. Coincidentally, it’s also a time that cybercriminals are working overtime to scam home users into giving over their financial data, and even their tax returns. The frequency of attacks only increases as the IRS tax deadline (April 18th this year) looms ever closer.

3.     Facebook ramps up its suicide prevention tools and Messenger chat support

Facebook is updating the tools it offers to help try to prevent suicide. Aimed both at those thinking of suicide, and friends and family who are concerned about loved ones, the revamped support tools make use of artificial intelligence and real people to offer help when it is needed most.

4.     Advertising trojans take top position in mobile viruses

Reviewing the malware trends in 2016, virus researchers noticed a surge in mobile trojans. According to the annual report published by Kaspersky Lab, banking trojans, trojanized mobile ransomware (261,214 infections) and advertising trojans topped the list of mobile infections last year.

5.     This Simple Tweak Is One Of The Best Ways To Protect Your Windows Computer

A lot of Windows users take an additive approach when it comes to security. Think you need to increase your protection? Install another piece of software. There are some great apps out there, but you can actually make your Windows PC a lot more secure simply by changing one little setting.

6.     A typo that crashed the internet

When a large portion of the internet went offline earlier this week, no one could have guessed that the reason for it would be a simple typo. Yet, that’s exactly what happened, as Amazon gave an explanation to the incident.

7.     Password managers may not be as secure as you think

Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords — that would normally be virtually impossible for the average person to memorize (or for someone to crack) — and the user only has to remember a master password — that encrypts them — to access those credentials.

But then again, no software is perfect, and that applies to password managers too.

8.     Why electronic healthcare records are valuable pieces of information

Electronic health record databases are becoming the most precious commodities in the cyber criminal underground.

The healthcare sector has been the industry with the highest number of data breaches in 2015 when a total of 113.2 million healthcare-related records were stolen by hackers.

9.         IT admin was authorized to trash employer’s network he says

On Dec. 5, 2011, Michael Thomas quit his job as IT admin for a startup called ClickMotive.

This was no ordinary resignation. This was the mother of all IT admin resignations: the type of blow-it-all-to-smithereens resignation that some – many? Please, Lord, let it not be not all – sysadmins dream about.

10. Fake FBI email asks to transfer 112$ to verify iCloud account

This time cyber criminals struck again and aimed at Apple users. Victims receive a fake email from Federal Bureau of Investigation that informs about unauthorized activity on the iCloud account and asks to verify the account by sending 112$ to the provided Bitcoin wallet address. Indeed, the email you receive from the FBI might look terrifying and serious.

If you want to learn how to protect yourself against such scams, we recommend you check out one of our in-depth articles on the subject.

 

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

One of the biggest is the comeback of the TeamSpy malware that turns TeamViewer into a spy software. We shared the details how this happens in our security alert

On top of that, we’ve also written an extensive article on cyber attacks, which contains short and sweet definitions for a lot of the hacking methods out there. If there’s something we didn’t include, please leave us a comment, because we plan to keep this guide relevant and packed with useful information.

Security articles of the week (February 20-24, 2016)

This week’s biggest headlines were dominated by Google. First, they managed to break a 20 year old encryption system called SHA1, and secondly, they found out a huge vulnerability that affects major websites.

So without further ado, here are this week’s security articles:

1.         Germany Bans Internet-Connected Doll That Could Spy on Your Kids

Every parent’s nightmare seems to be coming true after it was revealed hackers could easily turn a doll called “My Friend Cayla” into a spying device.

2.         This Is How Google Keeps 1.6B Android Devices Safe

Adrian Ludwig joined Google six years ago. His job: ensuring the security of a few hundred million Android devices. Today, he’s overseeing more than 1.6 billion Android devices… and they’re more secure than ever.

3.         A typo in Zerocoin’s source code helped hacker’s steal ZCoins worth $585,000

Zcoin announced Friday that “a typographical error on a single additional character” in the Zerocoin source code helped an attacker to steal 370,000 Zerocoin, which is over $585,000 at today’s price.

4.         Frank Abagnale, world-famous con man, explains why technology won’t stop breaches

Frank Abagnale is world-famous for pretending to be other people. The former teenage con man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it’s perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers.

5.         Announcing the first SHA1 collision

SHA1 is a widely used encryption method that secures information such as passwords as they are being transmitted from the sender (such a PC user loging into an account) to the receiver (meaning the site receiving the information). Think of it as a sort of password generator for passwords.

Google has now managed to break the SHA1 encryption, and so a great part of Internet infrastructure has to change.

6.         This is What Hackers Think of Your Defenses

Billions of dollars are spent every year on cyber security products; and yet those products continually fail to protect businesses. Thousands of reports analyze breaches and provide reams of data on what happened; but still the picture worsens. A new study takes a different approach; instead of trying to prevent hacking based on what hacking has achieved, it asks real hackers: how do you do it?

7.         Two Step Verification, and How Facebook Plans to Overhaul It

Facebook has just announced a new way to recover forgotten passwords safely and without the need of a phone.

8.         Google Just Discovered A Massive Web Leak… And You Might Want To Change All Your Passwords

A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid.

9.         950,000 Coachella Festival Credentials For Sale on Dark Web

A Dark Web data trader claims to be selling more than 950,000 user accounts for the website of popular US music festival Coachella, including email addresses, usernames and hashed passwords. It opens the door for a rash of follow-on phishing attacks.

10.  Ransomware ‘customer support’ chat reveals criminals’ ruthlessness

Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Heimdal Security has recently joined the front line on the fight against ransomware. The No More Ransom project is a joint effort in which over 30 companies and police agencies seek ways to prevent further malicious encryptions, and decrypt existing ones.

 

 

 

Security Tips and Tricks from Top Experts
2016.06.27 SLOW READ

50+ Internet Security Tips & Tricks from Top Experts

Expert Roundup Software Patching
2016.04.06 SLOW READ

15+ Experts Explain Why Software Patching is Key for Your Online Security

27 Cyber Security Experts
2015.08.25 SLOW READ

The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing

Comments

Howdy, I do think your blog could possibly be having internet browser compatibility problems. When I look at your web site in Safari, it looks fine but when opening in IE, it’s got some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, fantastic site!

Thanks for letting us know. Are you sure your browser resolution is set to the standard for your desktop resolution? We’ve found that other readers experienced this and, when they set their browser resolution to normal, the issue was gone. The fastest way to do this is to hold CTRL and press 0.

And thanks for the awesome feedback!

[…] You can also follow our blog’s weekly roundup or our social profiles (especially Twitter), where we share the latest cybersecurity […]

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP