JR. SECURITY EVANGELIST

This week, we’ve published our huge (and we do mean HUGE) Cybersecurity Mega Guide, which teaches you everything you need to know about how to stay safe online.

Security articles of the week (March 20-24, 2017)

What a week we’ve had so far in cybersecurity. The biggest and most impactful event was the US Senate vote to allow ISPs to sell the browsing history and other data of their customers to advertisers.

The other headline grabbing story, but with a much less unclear outcome, is Apple blackmail by a group of London cybercriminals called the Turkish Crime Family.

So without further spoilers, here are the biggest cybersec stories of the week:

1.         US Senate Just Voted To Let ISP’s Sell Your Browsing Data Without Permission

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.

The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership.

2.         Uncovering the cost and profitability of DDoS attacks

DDoS attacks are a popular cyber criminal technique, used either to cause a distraction for a different crime or demand a ransom for calling off or not launching an attack.

New research from Kaspersky Lab reveals how profitable this activity can be. Researchers studied the DDoS services on offer on the black market and looked at how far the illegal business has advanced, as well as the extent of its popularity and profitability.

3.         Two major US technology firms ‘tricked out of $100m’

A Lithuanian man has been charged with tricking two US technology firms into wiring him $100m (£80.3m) through an email phishing scam.

Posing as an Asian-based manufacturer, Evaldas Rimasauskas tricked staff into transferring money into bank accounts under his control, US officials said.

4.         Apple iCloud ransom demands: The facts you need to know

Hackers are demanding Apple pay a ransom in bitcoin or they’ll blow the lid off millions of iCloud account credentials.

Beyond the primary headline, however, there are a bevy of loose ends and nuances to ponder.

5.         Half Of Android Devices Unpatched Last Year

Google said more than half of Android devices haven’t received a security update in the past year, and the percentage of potentially harmful apps running on devices installed from all sources rose in 2016.

If you want to keep your smartphone safe, we suggest you check out our guide on smartphone security.

6.         6 of the most effective social engineering techniques

Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people. Criminal hackers recognize this fact. In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.

7.         How the dark web fuels fraud

2.3M estimated fraud victims in the UK alone in 2015 according to the ONS. 173,000 confirmed reports of identity theft amongst CiFas members (largely utilities and finance companies) in 2015.

From a consumer perspective the chances are that over a period of three to four years you are now more likely than not to be a victim of a successful fraudulent act of some kind.

8.         Comparing the privacy policy of internet giants side-by-side

Any company or organization that collects information about its customers or users ought to have a privacy policy. A privacy policy describes all of the ways that a company gathers, uses, and discloses user data. Some consider privacy policies legally binding documents, while others argue they are mainly for informational purposes.

9.         Here are the top 6 ways websites get hacked, according to Google

In 2016, the number of hacked websites rose by 32%, according to a recent blog post from Google. And, unfortunately, the search giant said it believes that number will continue to rise as hackers become more sophisticated.

10.                          New generation of cyber highwaymen could threaten parcel drones

Robbing the mail has a long and dishonorable history dating back to the days of the stagecoach. But UK-based online parcel broker ParcelHero is warning that automated delivery drones and droids could see the rise of a new breed of high-tech highwaymen.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Security articles of the week (March 13-17, 2017)

A fairly quiet link as far cyber security goes. The biggest leak of the week happened over to the guys at Wishbone, following an older vulnerability in the MongoDB database.

Anyway, here are this week’s biggest cybersec stories:

1.         Sound Waves Used to Hack Common Data Sensors

University of Michigan researchers have shown that sound waves can be used to hack into devices that use a commonly deployed piece of silicon called a MEMS accelerometer. Fitbits, smartphones, and a variety of medical devices and GPS locators all rely on accelerometers.

2.         10 Biggest Cyber Crimes and Data Breaches…so far

The good folk at The Best VPN have put together an Infographic summarising ten of the worst “known” cyber attacks and data breaches to date, it’s a good recap of the high stakes when cyber security goes wrong

3.         Making this one change could eliminate spam, says police tech chief

Cybercrimes like phishing and malware distribution could almost be eradicated if organisations took one simple step to actively fight against it, a senior member of the UK’s organised crime fighting operation has claimed.

4.         Will hackers turn your lifesaving device into a life-threatening one?

The U.S. Food and Drug Administration recently released a safety warning that St. Jude Medical implantable cardiac devices and their remote transmitters contain security vulnerabilities. An unauthorized party could use the vulnerabilities to “modify programming commands” on the device that could result in rapid battery draining or “administration of inappropriate pacing or shocks.”

5.         Hire a DDoS service to take down your enemies

With the onrush of connected internet of things (IoT) devices, distributed denial-of-service attacks are becoming a dangerous trend. Similar to what happened to DNS service provider Dyn last fall, anyone and everyone is in the crosshairs. The idea of using unprotected IoT devices as a way to bombard networks is gaining momentum.

6.         We-Vibe vibrator creator to pay damages after spying on user sex lives

Sex toy company Standard Innovation Corp. has agreed to settle a class-action lawsuit following allegations the company spied on customer sex lives without permission.

Two women launched a class-action lawsuit against the company last year in relation to the We-Vibe 4 Plus, dubbed the “No. 1 couples vibrator” which allows users to “connect in new, exciting ways.”

7.         Bad bots attack 96% of websites with login pages

Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.

8.         Wishbone hack leaks 2 million user records on the dark web, mostly of underage girls

Millions of user records were leaked on the dark web, including 2,326,452 full names, 2,247,314 unique email addresses, 287,502 cellphone numbers, and other personal data such as birthdates and gender. Most of the leaked data belongs to underage girls.

To see if your information is at risk, go check out www.haveibeenpwned.com and see if it appears in any of the leaks there.

9.         The rise of Cyber Insurance: The good and the bad

There are numerous indicators showing that demand for cyber insurance will rise significantly in a short period. PwC, for one, estimates that annual gross written premiums will triple to $7.5 billion by 2020 from $2.5 billion in 2014.

10.   Inside the Russian hack of Yahoo: How they did it

One mistaken click. That’s all it took for hackers aligned with the Russian state security service to gain access to Yahoo’s network and potentially the email messages and private information of as many as 500 million people.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

How can you protect yourself against someone who wants to scam you using a fake social media account? This was one of the questions we set out to answer in the first article we published this week.

The other question was  “How can I prevent adware from installing itself on my computer and feed me unwanted ads, slow down my system performance, and generally make my digital life a mess?”. To answer this rather long question, we’ve written an extensive article that covers all you need to know about adware, as well as a removal and prevention guide.

Security articles of the week (March 6-10, 2017)

Probably the two biggest news of the week have been the leaking of the CIA hacking tools and methods by Wikileaks, and Uber’s use of Greyball, a software that specializes in detecting government investigators.

However, we shouldn’t let those two stories overshadow the other major developments of the week.

1. Google’s CAPTCHA Service Now Goes Invisible for Human Users

Google’s CAPTCHA service now allows human users to pass through and access a website without seeing the “I’m not a robot” checkbox.

The CAPTCHA provider, known as No CAPTCHA reCAPTCHA, uses an “advanced risk analysis engine” to separate users from bots. The service has developed numerous challenges since it first launched. But it all started with a single click.

2. Facebook to listen out for posts from people vulnerable to suicide

Facebook plans to update its algorithms so that it can “listen” for people who are in danger of suicide, in a move planned to roll out initially in the US. The idea will be to look out for certain key phrases and then refer the matter to human beings on the Facebook staff, who will then ask whether the writer is OK.

3. Uber Uses Ubiquitous Surveillance to Identify and Block Regulators

Stories have surfaced about Uber’s usage of Greyball, a software designed to identify potential government investigators that might pose a threat to the company’s business model.

4. ‘Nigerian princes’ snatch billions from Western biz via fake email

Spoofed email and malware hidden in attachments netted crooks in West Africa more than $3bn in three years from businesses.

That’s according to research carried out by the International Criminal Police Organization (Interpol) and infosec biz Trend Micro. Forget claims of money stuck in bank accounts. Scammers are now raking it in from so-called business email compromise (BEC) schemes, according to the security team.

5. Spammers expose their entire operation through bad backups

This is the story of how River City Media (RCM), Alvin Slocombe, and Matt Ferris, accidentally exposed their entire operation to the public after failing to properly configure their Rsync backups.

6. One million Yahoo and Gmail account passwords for sale on the dark web

More than one million Yahoo and Gmail accounts – including usernames, email addresses and plain text passwords – are reportedly for sale on the dark web.

Check out this website to see if your email is one of the leaked ones, and also this guide we’ve written on how to protect your email.

7. Kaspersky brings you the smell of malware

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky’s latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as ‘threatening yet provocative’ the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

8. Feds Drop Child Pornography Case to Protect Exploit Code

Federal prosecutors in the United States have opted to drop charges against a child pornography suspect rather than reveal the hacking technique used to ensnare him – a move that is sparking heated debate.

9. WikiLeaks will share CIA hacking details with companies, but can they use it?

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.

But will software companies want it?

The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified — and it almost certainly is — possessing it would be a crime.

10.    Poachers are trying to hack animal tracking systems

Animal tracking through electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers, hunters, animal-persecution groups and people interested in seeing and interacting with the animals – all to the detriment of our animal brethren.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Day by day our technology moves forward and makes previously impossible tasks seem possible. On the flipside, it also makes previously impossible crimes into possible ones. In an interview given to PCAge, our CEO, Morten Kjaersgaard, explains Heimdal’s role in the cybersecurity fight, and how we try to stay one step of ahead of cybercriminals.

This week, we’ve also written an extensive guide about doxxing, and how to prevent that from happening to you. With online harassment being much too common on the web, you can use any protection advice that you can actually apply.

Security articles of the week (February 27 – March 3, 2017)

1.     Soon, you can buy gadgets that self-destruct when stolen

Researchers have developed new technology that can prevent stolen phones and laptops from getting into the wrong hands — by destroying them.

This new self-destruct mechanism built by researchers at the King Abdullah University of Science and Technology (KAUST) in Saudi Arabia would provide an extra layer of defense against thieves who resell the devices or access the device’s sensitive data.

2.     Top 5 Tax Season Scams

During tax season most of us are probably still dreading the moment we have to quit procrastinating, buckle down, and file our income taxes. Coincidentally, it’s also a time that cybercriminals are working overtime to scam home users into giving over their financial data, and even their tax returns. The frequency of attacks only increases as the IRS tax deadline (April 18th this year) looms ever closer.

3.     Facebook ramps up its suicide prevention tools and Messenger chat support

Facebook is updating the tools it offers to help try to prevent suicide. Aimed both at those thinking of suicide, and friends and family who are concerned about loved ones, the revamped support tools make use of artificial intelligence and real people to offer help when it is needed most.

4.     Advertising trojans take top position in mobile viruses

Reviewing the malware trends in 2016, virus researchers noticed a surge in mobile trojans. According to the annual report published by Kaspersky Lab, banking trojans, trojanized mobile ransomware (261,214 infections) and advertising trojans topped the list of mobile infections last year.

5.     This Simple Tweak Is One Of The Best Ways To Protect Your Windows Computer

A lot of Windows users take an additive approach when it comes to security. Think you need to increase your protection? Install another piece of software. There are some great apps out there, but you can actually make your Windows PC a lot more secure simply by changing one little setting.

6.     A typo that crashed the internet

When a large portion of the internet went offline earlier this week, no one could have guessed that the reason for it would be a simple typo. Yet, that’s exactly what happened, as Amazon gave an explanation to the incident.

7.     Password managers may not be as secure as you think

Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords — that would normally be virtually impossible for the average person to memorize (or for someone to crack) — and the user only has to remember a master password — that encrypts them — to access those credentials.

But then again, no software is perfect, and that applies to password managers too.

8.     Why electronic healthcare records are valuable pieces of information

Electronic health record databases are becoming the most precious commodities in the cyber criminal underground.

The healthcare sector has been the industry with the highest number of data breaches in 2015 when a total of 113.2 million healthcare-related records were stolen by hackers.

9.         IT admin was authorized to trash employer’s network he says

On Dec. 5, 2011, Michael Thomas quit his job as IT admin for a startup called ClickMotive.

This was no ordinary resignation. This was the mother of all IT admin resignations: the type of blow-it-all-to-smithereens resignation that some – many? Please, Lord, let it not be not all – sysadmins dream about.

10. Fake FBI email asks to transfer 112$ to verify iCloud account

This time cyber criminals struck again and aimed at Apple users. Victims receive a fake email from Federal Bureau of Investigation that informs about unauthorized activity on the iCloud account and asks to verify the account by sending 112$ to the provided Bitcoin wallet address. Indeed, the email you receive from the FBI might look terrifying and serious.

If you want to learn how to protect yourself against such scams, we recommend you check out one of our in-depth articles on the subject.

 

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

One of the biggest is the comeback of the TeamSpy malware that turns TeamViewer into a spy software. We shared the details how this happens in our security alert

On top of that, we’ve also written an extensive article on cyber attacks, which contains short and sweet definitions for a lot of the hacking methods out there. If there’s something we didn’t include, please leave us a comment, because we plan to keep this guide relevant and packed with useful information.

Security articles of the week (February 20-24, 2016)

This week’s biggest headlines were dominated by Google. First, they managed to break a 20 year old encryption system called SHA1, and secondly, they found out a huge vulnerability that affects major websites.

So without further ado, here are this week’s security articles:

1.         Germany Bans Internet-Connected Doll That Could Spy on Your Kids

Every parent’s nightmare seems to be coming true after it was revealed hackers could easily turn a doll called “My Friend Cayla” into a spying device.

2.         This Is How Google Keeps 1.6B Android Devices Safe

Adrian Ludwig joined Google six years ago. His job: ensuring the security of a few hundred million Android devices. Today, he’s overseeing more than 1.6 billion Android devices… and they’re more secure than ever.

3.         A typo in Zerocoin’s source code helped hacker’s steal ZCoins worth $585,000

Zcoin announced Friday that “a typographical error on a single additional character” in the Zerocoin source code helped an attacker to steal 370,000 Zerocoin, which is over $585,000 at today’s price.

4.         Frank Abagnale, world-famous con man, explains why technology won’t stop breaches

Frank Abagnale is world-famous for pretending to be other people. The former teenage con man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it’s perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers.

5.         Announcing the first SHA1 collision

SHA1 is a widely used encryption method that secures information such as passwords as they are being transmitted from the sender (such a PC user loging into an account) to the receiver (meaning the site receiving the information). Think of it as a sort of password generator for passwords.

Google has now managed to break the SHA1 encryption, and so a great part of Internet infrastructure has to change.

6.         This is What Hackers Think of Your Defenses

Billions of dollars are spent every year on cyber security products; and yet those products continually fail to protect businesses. Thousands of reports analyze breaches and provide reams of data on what happened; but still the picture worsens. A new study takes a different approach; instead of trying to prevent hacking based on what hacking has achieved, it asks real hackers: how do you do it?

7.         Two Step Verification, and How Facebook Plans to Overhaul It

Facebook has just announced a new way to recover forgotten passwords safely and without the need of a phone.

8.         Google Just Discovered A Massive Web Leak… And You Might Want To Change All Your Passwords

A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid.

9.         950,000 Coachella Festival Credentials For Sale on Dark Web

A Dark Web data trader claims to be selling more than 950,000 user accounts for the website of popular US music festival Coachella, including email addresses, usernames and hashed passwords. It opens the door for a rash of follow-on phishing attacks.

10.  Ransomware ‘customer support’ chat reveals criminals’ ruthlessness

Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Heimdal Security has recently joined the front line on the fight against ransomware. The No More Ransom project is a joint effort in which over 30 companies and police agencies seek ways to prevent further malicious encryptions, and decrypt existing ones.

 

 

 

Security Tips and Tricks from Top Experts
2016.06.27 SLOW READ

50+ Internet Security Tips & Tricks from Top Experts

Expert Roundup Software Patching
2016.04.06 SLOW READ

15+ Experts Explain Why Software Patching is Key for Your Online Security

27 Cyber Security Experts
2015.08.25 SLOW READ

The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing

Comments

Howdy, I do think your blog could possibly be having internet browser compatibility problems. When I look at your web site in Safari, it looks fine but when opening in IE, it’s got some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, fantastic site!

Thanks for letting us know. Are you sure your browser resolution is set to the standard for your desktop resolution? We’ve found that other readers experienced this and, when they set their browser resolution to normal, the issue was gone. The fastest way to do this is to hold CTRL and press 0.

And thanks for the awesome feedback!

[…] You can also follow our blog’s weekly roundup or our social profiles (especially Twitter), where we share the latest cybersecurity […]

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP