JR. SECURITY EVANGELIST

Heimdal Security has recently joined the front line on the fight against ransomware. The No More Ransom project is a joint effort in which over 30 companies and police agencies seek ways to prevent further malicious encryptions, and decrypt existing ones.

Another important development of the week was the discovery of an aggressive campaign that compromises websites and uses them as distribution vectors for ransomware and financial malware against their users. Website owners, take note!

Security articles of the week (February 12-17, 2017)

A university who was suddenly under (a DDoS) attack by its very own smart light bulbs and vending machines.

It probably would be funny, if there weren’t 170 million unsecured smart devices spread across the US.

No more spoilers though, here’s this week’s weekly security roundup:

1.         Here’s What Making Cell Phone Calls in North Korea Sounds Like

An American academic has recreated “a taste” of North Korean cell phone service, “without the trip to Pyongyang.”

2.         8 things you should know about spyware

Spyware is defined as a “generic term for a range of surreptitious malware such as keyloggers, remote access trojans, and backdoor trojans, especially those that allow remote surveillance of passwords and other sensitive data”.

3.         US visitors must hand over Twitter, Facebook handles by law – newbie Rep starts ball rolling

A newbie congressman has floated his first ever US law bill – one that demands visitors to America hand over URLs to their social network accounts.

House Rep Jim Banks (R-IN) says his proposed rules – dubbed the Visa Investigation and Social Media Act (VISA) of 2017 – require visa applicants to provide their social media handles to immigration officials.

4.         How Two Security Pros Turned The Tables On A Nigerian Scam Operation

Phishing scams have been around for decades, and they’re still going strong in 2017. And while the classic Nigerian prince (or 419) scams haven’t made the rounds in quite some time, there are definitely still active phishing campaigns being run from Nigeria. Fortunately, there are skilled security professionals working to protect the public… and they’re taking some creative approaches to combating cybercrime.

5.         Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level

Matt Olsen, who has also served as the NSA’s top lawyer, told the RSA security conference today that the levels of online terror we’ve seen have been limited to propaganda and the occasional script-kiddie-level attack that can quickly get them caught. Having said that, the terrorists are trying to up their game, he noted, and may be willing to buy in outside help.

6.         This Ransomware Malware Could Poison Your Water Supply If Not Paid

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone’s neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars.

7.     89% of consumers do not pay for any protection against mobile malware

Allot Communications Ltd. released Allot MobileTrends H1/2017 Report: Consumer View on Mobile Security. Results showed that 89% of consumers currently do not pay for mobile security services. The survey also reveals that mobile consumers in every region, representing 61% overall, want and are willing to pay for protection services from their service provider.

8.          Man sues Uber after privacy flaws ‘led to his divorce’

The plaintiff, living  in the south of France, said in his claim that his wife was informed of his Uber trips whenever he took a ride, even though he had logged out of his account after using it on her smartphone. Ongoing notifications from Uber showed her his pickup points and destinations, and when his ride took place. She left him after suspecting that he was having an affair based on his ride data, said reports.

9.         Researchers discover over 170 million exposed IoT devices in major US cities

On Wednesday, researchers Numaan Huq and Stephen Hilt from Trend Micro revealed at the RSA conference in San Francisco, California, that many IoT devices are lacking basic security and are visible using services such as the Shodan search engine, which is used to discover devices which are accessible from the Internet.

10.   Infected Vending Machines And Light Bulbs DDoS A University

IoT devices have become a favorite weapon of cybercriminals. Their generally substandard security — and the sheer numbers of connected devices — make them an enticing target. We’ve seen what a massive IoT botnet is capable of doing, but even a relatively small one can cause a significant amount of trouble.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve written an extensive and highly in-depth article about rootkits, some of the most unpleasant and persistent types of malware out there.

On top of that, it seems Dridex still won’t give up it’s dirty tricks, and is now in the middle of a fake invoice campaign targeting UK users.

Security articles of the week (February 5-10, 2016)

Plenty of interesting stories to go around this week, from the proposal to demand social media passwords for visitors to the US, to the EU’s plan to make sure robots won’t harm us and also the strange story of someone who hacked 150,000 printers just for the fun of it all.

Here are this week’s best cybersecurity stories:

1. Privacy 101: How your fingerprint could actually make your iPhone less secure

When Apple introduced its fingerprint reader to the iPhone, the company thought it would help keep your data more secure.

But the problem is that feds have figured out that if it legally wants access to your iPhone’s data, it can’t force you to turn over your passcode but it can force you to unlock it with your fingerprint.

2. 20 years of top-secret data stolen; NSA contractor faces 200 years in prison

Former Navy officer and 52-year-old Harold Thomas Martin has allegedly been stealing classified information for 20 years from US agencies like US Cyber Command, the CIA and the National Reconnaissance Office, and keeping the documents in his home and vehicle in Glen Burnie, Maryland.

3. When Hackers Hack Hackers

While most cybercriminals tend to set their sights on siphoning valuable data from poorly protected enterprises, there’s no limit to the kinds of targets they’ll seek out. There’s no honor among thieves, so it shouldn’t be a surprise that with the right kind of motivation, malicious hackers will happily attack other black hat and grey hat hackers.

4. The EU’s Plan for Making Sure Robots Don’t Bring Harm to Humans

People aren’t freaking out quite yet, but many in Europe are feeling some apprehension about the rise of robots. That’s the reason why the European Parliament has developed a set of rules to regulate the relationship between robots, citizens, and companies, in a manner that may recall the robotic laws of Isaac Asimov.

5. Anonymous hacker took down 10,000+ dark web sites, including child abuse content

On 3 February, visitors to 10,613 dark web sites running on Freedom Hosting II came across a message indicating someone had hacked the hosting provider. The message explains that hackers associated with Anonymous copied and downloaded 74 GB worth of files as well as a database dump of 2.3 GB. Anonymous then created torrents to the files (excluding user data) and to the database dump.

6. Google set to purge Play store of apps lacking a privacy policy

Google is warning developers that it plans to purge its Play store of apps that don’t have privacy policies.

The move could affect millions of apps that don’t spell out what they do with user data.

7. Hacker Takes Over 150,000 Exposed Printers

Network-connected printers around the world have been emitting mysterious messages over the weekend after a hacker claimed to have commandeered about 150,000 of the devices left accessible via the Internet.

8. Nomophobia is putting relationships at risk, experts warn

Smartphone dependency has reached new extremes, with 79% of Britons feeling anxious if they don’t have access to their phone at any one time. This fear of being disconnected from mobile devices, known as Nomophobia, is taking its toll on relationships and a third of Brits (32%) reported their partner seems more interested in their phone than them.

9. Visiting the US soon? They might want your passwords, financial records

Visa-based entrance to the United States may soon depend on whether you are willing to give authorities your social media passwords, as part of President Donald Trump’s “extreme vetting” policy, Homeland Security Secretary John Kelly said in a congressional hearing on Tuesday, according to NBC News.

10. WhatsApp adds two-step verification — here’s how to enable it

The extra layer of security means that it is now more difficult to gain unauthorized access to an account, and it is a feature that is being made available to iOS, Android and Windows users. With the feature enabled, if you — or anyone else, for that matter — tries to verify your phone number on WhatsApp, you — or they — will have to provide the 6-digit passcode you create.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This first full month of 2017 has given us a glimpse of what we can expect for the whole year. And judging by the huge amount of cybersecurity incidents, breaches and hacks, it’s going to be a very turbulent one indeed.

Here’s a more in-depth look at everything that’s happened this month.

 Security articles of the week (January 30 – February 3, 2016)

In what was probably the biggest “oops” moment of the week, Google accidentally blocked the British National Health Service, after it confused it for a botnet attack.

We’ve also got to see some more cybersecurity statistics coming out about 2016,  and believe us, they’re pretty scary.

Here are the biggest cybersecurity stories of the week:

1. Google mistakes the entire NHS for massive cyber-attacking botnet

Google is blocking access to the entire NHS network, mistaking the amount of traffic it is currently receiving as a cyber attack.

An email from an NHS trust’s IT department seen by The Register confirmed that the US search giant has mistaken the current traffic levels for a botnet.

2. Security flaws in Pentagon systems ‘easily’ exploited by hackers

Several misconfigured servers run by the US Department of Defense (DOD) could allow hackers easy access to internal government systems, a security researcher has warned.

The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department’s systems to make it look as though it originated from US networks.

3. Crooks Raked in $16B via Identity Fraud Last Year

Javelin Strategy & Research’s 2017 Identity Fraud Study shows a significant increase in the number of people who fell victim to identity theft in 2016—a 16% year-over-year increase to 15.4 million victims, up from from 13.1 million in 2015. This number, representing 6.15% of all consumers, is a record high since Javelin Strategy & Research began tracking identity fraud in 2003.

4. Securing your social security number and what to do if it’s stolen

The technology, which the social network calls “delegated account recovery,” functions much like the increasingly prevalent “login with Facebook” plugin now seen across websites as an alternative to creating site-specific credentials. In this case, if a user loses access to the phone number or security keys she uses at a third-party website, she can use her Facebook account to provide additional authentication as part of the recovery process.

5. How WhatsApp Fights Spam Without Seeing Your Messages

“If you have well-instrumented behavioral features, it’s totally possible to detect spam without any access to message content in an end-to-end encrypted world,” Jones said.

So, how does WhatsApp do it? Well, some of the solutions they found are pretty logical – they’ll look at how many messages a user is sending and will flag them as spam if there’s a really high number of messages per minute. But that’s not all, because it’s not exactly the most fool-proof method out there.

6. Spoofed Grindr Accounts Turned One Man’s Life Into a ‘Living Hell’

Herrick was smoking a cigarette in front of his West Harlem brownstone when the first visitor appeared. As Herrick tells it, the man innocently pressed the buzzer for Herrick’s apartment. Then he asked matter-of-factly if Herrick was the one who’d been communicating with him via the hookup app Grindr, and who’d minutes earlier invited him over for sex.

7. Over 70% of Washington surveillance cameras were hacked before Trump’s inauguration

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack.

8. How AI is stopping criminal hacking in real time

While AI is not anywhere close to being perfect, experts tell CSO that machine learning, adaptive intelligence, and massive data models that can spot hacking much faster than any human are here to help.

9. Most banks aren’t confident they can detect a data breach

Just one in five (21%) of financial service organizations admitted they’re “highly confident” they could detect a data breach. On the other hand, 83% of consumers trust banks and insurers with their data.

10. Is anyone spying on you through your webcam?

In the case of a web camera, the greatest possible risk is that a hacker gains access to it – even without being noticed – and records the user in order to blackmail them or to collect valuable information from the user’s surroundings.

To prevent this happening to you, Europol’s Data Protection Office (DPO), in cooperation with the European Cybercrime Centre (EC3), is raising awareness on spyware attacks, how to recognise the signs and how to protect yourself.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

The end of 2016 has brought us some interesting data regarding software vulnerabilities. This has allowed us to make a comprehensive article on the most vulnerable software of 2016.

On top of that, we’ve also written a step-by-step article on how to remove malware from your PC, together with some practical advice on how to keep it safe and clean.

Security articles of the week (January 23-27, 2017)

Many new security features have been implemented this week by Facebook and Google. The social media giant has come up with a new method to secure your account, and simplified its privacy settings. On its end, Google has added a new security feature to Gmail to secure it against JavaScript attacks.

But there are more interesting stories in our weekly security roundup.

1.         Gmail is about to get its best new security feature in a long time

Malware attacks often creep in via email, as attachments that unsuspecting users open on their work and personal computers. These malicious programs can potentially unleash hell on those machines in the process. Google is now looking to make Gmail even safer when it comes to malware attacks by adding a new feature that blocks any JavaScript attack that would otherwise hit your inbox.

2.         In a bad mood? You might not be allowed to log on

There’s been a lot in the news recently on how biometrics are allowing – or denying – individuals access to resources based on their identity. Scientists are now exploring how biometrics could be used in a completely new way: to allow or deny access to resources based on a person’s emotional state.

3.         Twitter Accidentally Made Half a Million People Follow Trump

Twitter CEO Jack Dorsey confirmed users’ claims that Twitter had automatically followed the @POTUS account (at this point, under the authorship of President Donald Trump) for them. Approximately 560,000 people were affected by a flaw in the script used to migrate followers to the new archival handles.

4.         Online Dating Fraud Hits Record High

The number of people defrauded in the UK by online dating scams reached a record high in 2016.

As reported by the BBC, there were 3889 victims of so-called romance fraud last year, with those affected handing over a record £39 million, according to the National Fraud Intelligence Bureau.

5.         Your social media posts are popular—with malicious hackers

The ways in which cyber criminals weaponize social media channels are limited only by their imagination. Hackers can create fake corporate accounts for harvesting customer credentials, impersonate company executives, damage the brand’s reputation, and post legitimate-looking links that contain malware.

Here’s a more in-depth article of ours if you want to read more about social media scams.

6.         Why It Takes So Damn Long to Connect to a Wi-Fi Network

You surely know the feeling of waiting for a connection. You’ve picked a Wi-Fi access point to connect to, but your device is just hanging there in limbo. It’s frustrating for the reason above — not being connected means not having access to most of the functionality of your device. Most of your apps rely on some cloud functionality; your music and video is streamed from the cloud; GPS relies on downloading maps from the cloud. So, why does it sometimes take so damn long to get a connection?

 

7.         Half of ransomware victims pay criminals’ demands to recover data

A report on ransomware sheds new light on attacks in 2016, starting with the fact that 48 percent of businesses hit by ransomware said they paid the ransom. That’s in spite of pleas from cyber security experts and the FBI not to do so. Other insights include the average ransom payment was $2,500 with 7 percent of respondents admitting to paying more than $10,000 to get their data back.

8.         Facebook makes its privacy settings much clearer

Facebook has made lots of changes to its privacy settings over the years, usually in a bid to make them simpler to understand and use, yet many people just stick with the defaults.

Facebook’s new Privacy Basics aims to make it much easier for people to find the tools they need to control their information on the social network.

On top of that, Facebook now offers a new security measure to protect your account, and it is genuinely useful.

9.   Top 10 most malware-infected US cities

Webroot revealed the top 10 most malware-infected US cities. According to Webroot’s data, Houston is the most infected US city with 60,801 infected devices.

The research reflects the number of PCs, laptops, tablets and smartphones that have been infected with malware. Surprisingly, each infected device has, on average, between six and 24 pieces of malware installed.

10.    Google’s big crackdown: 1.7 billion bad ads axed, plus bans for 200 fake news sites

Google has released its 2016 Bad Ads report, to show how serious it is about combating deviants who abuse its massive ad network, from fraudulent advertisers to phony news sites.

The company says it axed 1.7 billion bad ads in 2016, just over double the 780 million it took down in 2015 for violating its various policies.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week we’ve posted an article on the methods used by cybercriminals to hack your password. And that’s just in time, since apparently 17% of Internet users use “123456” as their default password.

Security articles of the week (January 15-20, 2016)

Technology is improving at a very rapid pace, a testimony to that is how facial recognition has advanced to the point where it can recognize the same face 18 years apart. We also can’t forget to mention the genuine conversation that exists concerning the potential threat posed by AI.

So without further ado, here are this week’s top 10 security articles.

1.          Weak passwords are still the root cause of data breaches

“Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads. Nearly 17 percent of users are safeguarding their accounts with “123456.” What really perplexed us is that so many website operators are not enforcing password security best practices.” states the report published by Keeper Security. “We scoured 10 million passwords that became public through data breaches that happened in 2016.

2.          Anonymous launches a new operation — to stop seagull genocide!

After a Middle East Airlines flight encountered a sizeable flock of seagulls as it landed at the Rafik Hariri International Airport in Beirut, Lebanese government officials reportedly called for hunters to shoot any birds in the area.

Outraged by what it refers to as “Seagull genocide”, Anonymous is calling on all environmentalists and animal rights activists to spread the word before it’s too late.

3.          Locky Ransomware Hackers Are On Extended Vacation For Some Reason

For the past year, the malware known as “Locky,” which infects victims’ computers and encrypts their files before demanding a ransom in order to release them, has been one of the most effective and dreaded threats on the internet.

But in the last three weeks, a period that coincided with the holidays, Locky attacks have pretty much stopped, according to security researchers.

4.          The top mobile threats of 2016

If we learned anything in 2016, it’s that mobile threats are not going away – if anything, they’re growing, multiplying and becoming increasingly sophisticated. While there’s no perfect crystal ball, I do expect to see some new trends and patterns emerge in 2017 that CISOs need to be ready for. Here is a look at some of major threats discovered in 2016, and what these threats will look like in 2017.

5.          How—and why—you should use a VPN any time you hop on the internet

One of the most important skills any computer user should have is the ability to use a virtual private network (VPN) to protect their privacy. A VPN is typically a paid service that keeps your web browsing secure and private over public Wi-Fi hotspots. VPNs can also get past regional restrictions for video- and music-streaming sites and help you evade government censorship restrictions—though that last one is especially tricky.

6.          Alexa, Are You Keeping My Information Private?

Let’s get an understanding of how Alexa works. When the wake word is spoken, it actually takes a few seconds of recorded data before the wake word and about 60 seconds in recorded data in total. This data is stored locally and sent up to the cloud for analysis and to assist with Alexa’s logic. These recordings are also used to better understand speech by Amazon, helping to teach its A.I. about accents and speech recognition.

7.          You Can Crash Anyone’s iPhone Or iPad With a Simple Emoji Text Message

A newly discovered bug in Apple’s iOS mobile operating system is being exploited in a prank that lets anyone crash your iPhone or iPad by just sending an emoji-filled iMessage, according to several reports.

8.          Anti-virus software is getting worse at detecting both known and new threats

Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way – from an average of 80 percent down to 70 percent or lower.

9.          Elite Scientists Have Told the Pentagon That AI Won’t Threaten Humanity

A new report authored by a group of independent US scientists advising the US Dept. of Defense (DoD) on artificial intelligence (AI) claims that perceived existential threats to humanity posed by the technology, such as drones seen by the public as killer robots, are at best “uninformed”.

10.  Alleged child molester caught after 18 years thanks to facial recognition

In a pretty awesome demonstration of how far facial recognition technology has advanced, a child molester has been arrested after being recognized by such specialized software.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Trump’s inauguration is just around the corner, and at this point both the Obama administration and the incoming one have revealed their final moves in the cybersecurity field before the transition takes place.

Also, this week’s news has been dominated by The Shadow Broker’s offering of a database of NSA-grade hacking tools, and we were the first to break the news about it.

As for our own blog, we’ve published our latest article on browser hijackings, and why they are such a big cybersecurity threat.

Security articles of the week (January 8-13, 2017)

The saga about Russian interference in the US election is quickly drawing to a close, as some of his top selected officials at the CIA, Department of Defense and Secretary of State admit that Russia intervened in the US election process. President-elect Trump himself admitted that, even if begrudgingly.

Here are some of the other top important news of the week:

1.      How Cyber Propaganda Influenced Politics in 2016

Recent events in 2016 have demonstrated how important security is for political organizations. In 2016, we saw at least eight different high-profile attack campaigns against political organizations in countries like the United States, Germany, Ukraine, Turkey, and Montenegro. These campaigns were not meant for espionage alone, but for active interference with political processes and to influence public opinion.

2.      LA School Pays $28,000 Ransomware Bill

A Los Angeles school has paid a whopping $28,000 to regain access to key systems after being hit by a ransomware attack, as reports resurface that $1 billion may have been generated from such scams in 2016.

3.      Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’

US president-elect Donald Trump’s freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.

4.      Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and pals

A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies.

5.      This Is How Russian Spies Could ‘Crack’ Telegram

Telegram was founded by Russian entrepreneur Pavel Durov, and has become a popular alternative to other apps like WhatsApp or Signal, especially in countries like Russia or Iran. The app markets itself as a secure, encrypted app, but end-to-end encryption is not enabled by default (users have to open a “Secret Chat” to turn it on) and security researchers and cryptography experts have repeatedly questioned the app’s security.

6.      Hackers Hacked Phone Hacking Company

This time, however, Cellebrite is making the headlines because of the different reason: it got hacked, and attackers managed to steal no less than 900 gigabytes of data.

7.    How to find out if your PC is vulnerable to ransomware

Ransomware is the nastiest form of malware there is. It encrypts your files and demands a ransom to release them. While you can remove the threat, doing so will often leave your files locked, with no way to recover them.

8.      Trump Confirms Russian Hacking Campaign, Aide Says

President-elect Donald Trump reportedly now accepts the U.S. intelligence community’s assessment that Russia attempted to meddle in U.S. elections, and may take action in response once he takes power, an aide says.

9.      Here’s a video recording of a complete Locky ransomware infection

CSO wanted to demonstrate the speed and devastation that comes with a ransomware attack, and the only way to do that was to infect one of our own systems. So just before the Thanksgiving holiday in the U.S., that’s exactly what we did.

10.  Adobe Sneaks a Google Chrome Extension in Latest Security Update to Collect Data

SwiftOnSecurity revealed on Twitter that the latest Adobe Reader update also deploys a Google Chrome extension that includes telemetry features to collect data from users’ computers.

The extension is simply called “Adobe Acrobat” and is automatically added to Google Chrome when installing the security update, but it does require users to enable it when launching the browser.

Conclusion

That’s it for this week, thank you for staying with us and tune in for our next update! Stay safe!

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

A tumultuous and memorable 2016 is now firmly behind us, but fear not, for 2017 is shaping up to be even more “interesting”.

The past year’s hard data has shown us a worrisome trend: spending on cybersecurity is going up and up, but not enough to contain rising cybercrime levels. New technologies such as Bitcoin and the Internet of Things have opened up new opportunities for criminal activity which malicious hackers have fully exploited.

Security articles of the week (January 2-6, 2017)

The conflict (if we can name it that) around alleged Russian involvement in the US presidential election has kept on escalating, with President Obama expelling 35 Russian diplomats.

In a further development reminiscent of both fake news and the threat of Russian hacking, the Washington Post published and then retracted an article about a supposed Russian attack on Vermont’s power grid. Turns out, there was no such attack after all.

We won’t dwell more on the matter since plenty of other events warrant our attention:

1.     Florida Man sues Verizon for $72m – for letting him commit identity theft

James Leslie Kelly, who is serving a prison term in the US state for grand theft and criminal use of personal information, is seeking $72m in damages from the telecom giant. He claims a Verizon shop in Highlands County was negligent when it allowed him to steal another man’s identity.

2.     Ukraine Suffered 6,500 Cyberattacks In Two Months, President Says

Ukraine President Petro Poroshenko said the country suffered 6,500 cyberattacks in the last two months and investigations have shown Russia was behind them, according to a Reuters report.

3.     Android tops 2016 vuln list, with 523 bugs

Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list. Even so, with 523 vulnerabilities carrying a CVE number in 2016, Android carried nearly double the patch-load of Adobe Flash (which had 266 and was number four on the list).

4.     Staying Anonymous Online: Lessons learned from Silk Road Founder’s Mistakes

Is using a web anonymizer like Tor or one of its alternatives, enough to keep you truly anonymous online? Does a VPN make you anonymous? Is there any one program or service that will keep you completely anonymous on the internet?

Regrettably, the answer to all of the above questions is the same two letter word: No.

You also need to be aware of the common mistakes that people make online that lead to anonymity being broken.

5.     Ransomware took in $1 billion in 2016

According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related Bitcoin wallets.

6.     Deleted Data Is Still There, On Your Disk

This article will make you rethink how you clear and delete data from devices you have stopped using. “Delete” and “Clear Recycle Bin” isn’t enough, since a large part of the data is secretly stored by the device, and will only be removed after it has been overwritten by new data.

7.     Be Prepared: The Top ‘Social Engineering’ Scams Of 2017

Most blackhat hackers don’t rely purely on exception technical skills to do the evil deed. Usually, the hacker is someone tricking the target themselves or a helpful customer service agent or an employee into opening the way for them — a strategy called social engineering, and this tactic is used in more than two-thirds of hacking attacks.

8.     Malicious hackers can now transform your smart meter into a bomb

Smart meters are “dangerously insecure,” according to researcher Netanel Rubin – who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode. The software vulnerability hunter derided global efforts to roll out the meters as reckless, saying the “dangerous” devices are a risk to all connected smart home devices.

9.     How to tell if your Snapchat has been hacked, and how to get it back

A mega breach on the scale of what affected LinkedIn, Tumblr, and Yahoo has yet to strike the messaging app.

But that’s not to say criminals aren’t trying to find a way into people’s accounts. Attackers clearly have Snapchat in their sights, which is why users need to learn how to spot the warning signs of a hack and how they can recover their accounts if someone compromises them.

10. The power grid hack that wasn’t – Vermont’s Burlington Electric

The Washington Post reported that Russian hackers had penetrated the U.S. power grid by compromising a utility in Vermont. The story was altered, and the initial claims were eventually retracted, but by the time this happened, the news had spread to other media outlets.

Conclusion

The year 2017 has started with a bang, and it seems the major trends of 2016 such as nation sponsored hacks, growth of ransomware and the security problems of the Internet of Things will come back to haunt us once again.

Fortunately, this time we know what we’re up against.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

 

 

Security Tips and Tricks from Top Experts
2016.06.27 SLOW READ

50+ Internet Security Tips & Tricks from Top Experts

Expert Roundup Software Patching
2016.04.06 SLOW READ

15+ Experts Explain Why Software Patching is Key for Your Online Security

27 Cyber Security Experts
2015.08.25 SLOW READ

The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing

Comments

Howdy, I do think your blog could possibly be having internet browser compatibility problems. When I look at your web site in Safari, it looks fine but when opening in IE, it’s got some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, fantastic site!

Thanks for letting us know. Are you sure your browser resolution is set to the standard for your desktop resolution? We’ve found that other readers experienced this and, when they set their browser resolution to normal, the issue was gone. The fastest way to do this is to hold CTRL and press 0.

And thanks for the awesome feedback!

[…] You can also follow our blog’s weekly roundup or our social profiles (especially Twitter), where we share the latest cybersecurity […]

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP