Some you probably know, but what about excluding multiple words or phrases? What about finding words near each other? Read the article to learn how this is done!
In SEO, it’s often the little things that matter. After you’ve learned the basics, you can’t stop. You need to push yourself and learn more and more. You might not learn anything that will revolutionize how you look at SEO, but I guarantee that you will learn how to become a better SEO. One of […]
Source: 39 Essential Google Search Operators Every SEO Ought to Know
More CIA spying tools…
WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.
Read the article and where to find the download & docs on how it works…
Source: WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows
If you were infected by WannaCry, they have released a decryption tool to unlock your files without paying the ransom.
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.
Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
WannaCry Ransomware Decryption Keys
The WannaCry’s encryption scheme works by generating a pair of keys on the victim’s computer that rely on prime numbers, a “public” key and a “private” key for encrypting and decrypting the system’s files respectively.
Read the entire article here…
Source: WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom
Make sure you get this Microsoft update asap.
Microsoft’s own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable.
Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend.
Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered “the worst Windows remote code [execution vulnerability] in recent memory.”
Natalie Silvanovich also published a proof-of-concept (PoC) exploit code
that fits in a single tweet.
The reported RCE vulnerability, according to the duo, could work against default installations with “wormable” ability – capability to replicate itself on an infected computer and then spread to other PCs automatically.
According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft Malware Protection Engine (MMPE) – the company’s own antivirus engine that could be used to fully compromise Windows PCs without any user interaction.
Source: Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner
For all you FireFox users…
The malicious scam campaign, “The ‘HoeflerText’ font wasn’t found,” is back, which was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers.
This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda.
Interestingly, the attackers behind this new campaign are so stupid that they forgot to change the name of the font, i.e. HoeflerText, due to which it was easily caught by Kafeine, a security researcher at Proofpoint.
Read the article…
Source: Beware! Don’t Fall for FireFox “HoeflerText Font Wasn’t Found” Banking Malware Scam
For all you do-it-yourself-ers, this is why it’s important to stay current on your core, theme, and plugin updates. If you can’t find the time, hire me, or another professional, to do it consistently. Most updates should not be considered “optional.” They are done to stay ahead of hackers or fix exploit flaws.
WordPress, the most popular CMS in the world, is vulnerable to a logical vulnerability that could allow a remote attacker to reset targeted users’ password under certain circumstances.
The vulnerability (CVE-2017-8295) becomes even more dangerous after knowing that it affects all versions of WordPress — including the latest 4.7.4 version.
The WordPress flaw was discovered by Polish security researcher Dawid Golunski of Legal Hackers last year in July and reported it to the WordPress security team, who decided to ignore this issue, leaving millions of websites vulnerable.
Read the article…
Source: Unpatched WordPress Flaw Could Allow Hackers To Reset Admin Password
Why not let Windows do all the heavy lifting when you have a problem?
Windows includes a variety of “troubleshooters” designed to quickly diagnose and automatically solve various computer problems. Troubleshooters can’t fix everything, but they’re a great place to start if you encounter a problem with your computer.
Troubleshooters are built into the Control Panel on Windows 10, 8, and 7, so practically all Windows users can take advantage of them. On Windows 10’s Creators Update, most troubleshooters are now available through the Settings app.
Read the article to find out more…
Source: How to Make Windows Troubleshoot Your PC’s Problems for You
Did someone just share a random Google Doc with you?
First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it’s from someone you know.
I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] “has shared a document on Google Docs with you.”
Read entire article…
Source: Warning! Don’t Click that Google Docs Link You Just Received in Your Email
Yet one more reason why Microsoft should be worried about their market share…
“It generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document,” Scribbles’ user guide manual reads.
Scribbles Only Works with Microsoft Office Products
The user manual also specifies that the tool is intended for off-line preprocessing of Microsoft Office documents. So, if the watermarked documents are opened in any other application like OpenOffice or LibreOffice, they may reveal watermarks and URLs to the user.
Source: Source Code for CIA’s Tool to Track Whistleblowers Leaked by Wikileaks
Why is net neutrality important and why should you care?
The war for the open internet is the defining issue of our time. It’s a scramble for control of the very fabric of human communication. And human communication is all that separates us from the utopia that thousands of generations of our ancestors slowly marched us toward — or the Orwellian, Huxleyan, Kafkaesque dystopia that a locked-down internet would make possible.
By the end of this article, you’ll understand what’s happening, the market forces that are driving this, and how you can help stop it. We’ll talk about the brazen monopolies who maneuver to lock down the internet, the scrappy idealists who fight to keep it open, and the vast majority of people who are completely oblivious to this battle for the future.
Please read this article in its entirety here…
Source: The future of the open internet — and our way of life — is in your hands
Hopefully, this service will expand and people will actually use it…
… last October, along with our partners at Jigsaw, we announced that in a few countries we would start enabling publishers to show a “Fact Check” tag in Google News for news stories. This label identifies articles that include information fact checked by news publishers and fact-checking organizations.
After assessing feedback from both users and publishers, we’re making the Fact Check label in Google News available everywhere, and expanding it into Search globally in all languages. For the first time, when you conduct a search on Google that returns an authoritative result containing fact checks for one or more public claims, you will see that information clearly on the search results page. The snippet will display information on the claim, who made the claim, and the fact check of that particular claim.
Read the article…
Source: Fact Check now available in Google Search and News around the world
Here are some good safety tips for opening Word documents, especially since Microsoft seems to be so slow at patching known exploits. The easiest and most foolproof (so far) method is to open your documents in an online service: either Office online or Google Docs. This way the desktop exploits can’t be utilized.
Microsoft Office document files you download from the internet can harm your PC. Office files can contain dangerous macros, but macros aren’t the only risk. With new malware attacking PCs through dangerous Office documents that don’t even contain macros, keeping yourself safe in Office is just one of the security practices you should follow.
Source: How to Open Office Files Without Being Hacked
People worry about the data their camera and GPS captures, but there are so many hidden sensors that relay data that most users are unaware of.
Hackers Can Steal Your PINs and Passwords Just by Monitoring Sensors on Your SmartPhone
Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities?
An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.
Now, according to a team of scientists from Newcastle University in the UK, hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone’s sensors, like the angle and motion of your phone while you are typing.
Read entire article…
Source: Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors
As a general rule, you should never open a file from anyone that you aren’t expecting. If your best friend or family member sends you a file you didn’t ask for, email them and make sure they sent it. This exploit bypasses the disabled macro settings and is very devious.
According to researchers, this zero-day attack is severe as it gives the attackers the power to bypass most exploit mitigations developed by Microsoft, and unlike past Word exploits seen in the wild, it does not require victims to enable Macros.
Due to these capabilities, this newly discovered attack works on all Windows operating systems even against Windows 10, which is believed to be Microsoft’s most secure operating system to date.
Besides this, the exploit displays a decoy Word document for the victims to see before terminating in order to hide any sign of the attack.
Read the entire article…
Source: Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
Microsoft has always collected data for diagnostics, but it’s never really said what data it actually collects:
… now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update, bringing an end to nearly two years of its mysterious data collection practices.
The Windows 10 Creators Update, which will be available from April 11 for users to download for free, comes with a revamped Privacy settings section.
Read the article…
Source: Microsoft Finally Reveals What Data Windows 10 Collects From Your PC,
These are some great tools to secure your online privacy. Just getting a vpn or using Tor browser is not enough. Btw, just because someone values their privacy doesn’t mean they are doing something wrong. Privacy can be, and is, eroded at any time, especially when corporate corruption and greed are such strong motivations and there are little or no consequences.
In the last 7 years of ibVPN, we’ve secured the online privacy for hundreds of thousands of people. But first, we did our best to secure our own privacy and be one step ahead when it comes to security and online freedom. So, we’ve tested the tools we sincerely recommend below
Source: Tools We Recommend – ibVPN
If viable, these could be very valuable tools…
Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware.
Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals.
The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools.
Source: No More Ransom — 15 New Ransomware Decryption Tools Available for Free
Again, how can this be good for Microsoft business?
This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare.
Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline.
Read the article…
Source: Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability
This newly discovered bugs in Java and Python is a big deal today.
The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.
And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures.
The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don’t syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.
Source: Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection
Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack……
Just Don’t Download and Install It. It’s a Trap!
Scammers and hackers are targeting Google Chrome users with this new hacking scam that’s incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.
Source: Beware! Don’t Fall For “Font Wasn’t Found” Google Chrome Malware Scam
Could this be one of the reasons why Microsoft is no longer an industry leader?
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
A few months back, the search engine giant disclosed a critical Windows vulnerability to the public just ten days after revealing the flaw to Microsoft.
Source: Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!
People, what will it take for you to stop using Yahoo?
Has Yahoo rebuilt your trust again?
If yes, then you need to think once again, as the company is warning its users of another hack.
Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.
Well, it’s happened yet again.
Read the article…
Source: Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack
The smarter the object, the more able to relay your personal data.
Your government is spying on you! Businesses are spying on you! Your phone and browser are constantly spying on you!
Even your TV is spying on you!Yes, you should also worry about your “smart” TV, as one of the world’s biggest smart TV makers Vizio has been caught secretly collecting its consumers’ data through over 11 Million smart TVs and then selling them to third-parties without the user’s explicit consent.
Source: Smart TV Maker Fined $2.2 Million For Spying on Its 11 Million Users
During tax time, there are a lot of clever people who use their powers for evil waiting to take advantage of you. Here is one tool to fight back.
|As part of National Tax Identity Theft Awareness Week, AARP’s Fraud Watch Network and AARP Foundation Tax-Aide are joining forces with federal agencies to highlight the dangers of tax identity theft and recovery steps for victims. To register for the free webinar on February 2 at 2 pm EST, click here.
|How it Works:
|Tax identity theft occurs when someone steals your personal information for a fraudulent refund or to earn wages. It can involve:
- Filing a tax return using another person’s Social Security number.
- Claiming someone else’s children as dependents.
- Claiming a tax refund using a deceased taxpayer’s information.
|What Are The Signs:
- Your Social Security number is lost, stolen or compromised.
- Your tax refund is delayed.
- You receive a notice from the IRS stating it has received a duplicate tax return filing, you have unreported income, or you and somebody else are claiming the same dependents.
|What You Should Do:
|To avoid becoming a victim of tax identity theft:
- Submit your tax return as early in the tax season as possible.
- Be careful what you share – don’t give out your personal information unless you know who is asking and why, and don’t be shy about refusing!
- Dispose of sensitive information safely – shred it with a micro-cut shredder.
- Know your tax preparer.
|Check the status of your refund after filing at www.irs.gov/refunds. If you think someone filed a fraudulent refund with your information, call the IRS Identity Theft line at 800-908-4490. To learn more, visit www.ftc.gov/taxidtheft.
Fraud Watch Network
P.S. Spotted a scam? Tell us about it. Our scam-tracking map gives you information about the latest scams targeting people in your state. You’ll also find first-hand accounts from scam-spotters who are sharing their experiences so you know how to protect yourself and your family.
Source: Webinar for Consumers on Tax Identity Theft | Federal Trade Commission
Gmail phishing is one of most common methods used by hackers to compromise the online security of naive users. But, a recent Gmail phishing attack, uncovered by Wordfence, mimics your past conversations and succeeds in fooling the tech-savvy netizens.
How does this scary Gmail phishing attack work?
This phishing attack first compromises a victim’s Gmail account and starts sniffing the contact list. Then, it sends fake emails, which look very much legitimate, to everyone.
Now comes the smart part — the attack scans the user’s Gmail history and finds the file names of the sent attachments. Then, it applies the same name to the new attachments that appear to be PDFs. However, they are images that send the user to phishing web pages. To make the overall scheme more convincing, the attack steals subject lines from previous emails.
Read the entire article including how to defeat this phishing attack…
Source: Beware! This Is The Smartest Gmail Phishing Attack You’ll Ever Encounter
You just think this doesn’t apply to you. It will in the very near future… Are you LGBT, a person of color, have a religious preference other than Christianity, an advocate, a social reformer, a community leader, in the government, or ??? You will be losing your privacy rights.
Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies from today onwards.
The changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice came into effect on Thursday, after an effort to block the changes failed on Wednesday.
The change grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge (even magistrate judges). Usually, magistrate judges only issue warrants for cases within their jurisdiction.
Read the entire article
Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World | The Hacker News
Luckily, not many US Android phones. Just a matter of time before manufacturers install rootkits as a matter of course.
Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers.
According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy.
Read the article…
Source: Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones
One more thing to worry about…
If you came across any Facebook Message with an image file (exactly .SVG file format) send by any of your Facebook friends, just avoid clicking it.
An ongoing Facebook spam campaign is spreading malware downloader among Facebook users by taking advantage of innocent-looking SVG image file to infect computers.
If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware that has quickly become one of the favorite tools among criminals due to its infecting capabilities.
Read the article & view the image file being sent (safely)…
Source: Spammers using Facebook Messenger to Spread Locky Ransomware
You won’t believe your eyes while reading this, but this is true. Microsoft just joined the Linux Foundation as a high-paying Platinum member.
Microsoft’s love with open source community is embracing as time passes. At its first Connect event in 2013, the company launched Visual Studio 2013. A year later, Microsoft open sourced .NET, and last year, it open sourced the Visual Studio Code Editor, as well.
Read the entire article…
Source: Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship
In the fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products.
However, a new report from a security firm suggests Apple’s online syncing service iCloud secretly stores logs of its users’ private information for as long as four months — even when iCloud backup is switched off.
Source: iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off
Most software vendors do not take security very seriously. This was a huge wake-up call to the world at large.
PwnFest 2016 has become a death call for many software vendors. The hackers have managed to take down Apple’s Safari web browser in 20 seconds using a root privilege escalation zero-day. Another team managed to compromise Adobe Flash using an exploit that took just 4 seconds to run.fresh bytes of technology and more
Source: Adobe Flash Hacked in 4 Seconds, Safari Pwned In Less Than Half Minute
Please take note of the following line: “A few target domains were based in Russia, and at least nine domains include .gov websites.”
Yes, the NSA is hacking our own government… At what point is an agency deemed out of control?
The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA’s hacking tools and exploits, is back with a Bang!
The Shadow Brokers published more files today, and this time the group dumped a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations.
Source: Shadow Brokers reveals list of Servers Hacked by the NSA
Users are advised to update their Flash software now and apply Windows patches as soon as they become available.
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.
Yes, the critical zero-day is unpatched and is being used by attackers in the wild.
Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix.
Source: Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable
More than a 10 years ago, Microsoft shared its Ten Immutable Laws of Security that outlined Microsoft’s security principles. These laws were considered its basic security primer for newbie computer users.
Because of changing technology, in 2011 Microsoft released its version 2.0. Feel free to share with anyone you know who is unclear about basic security principles.
Do you know about Microsoft’s 10 Immutable Laws Of Security? These laws might be a few years old, but they act as a solid guide on security principles. These laws cover various aspects like the importance of security, the safety of encryption keys, and update antimalware scanner.
Source: “10 Immutable Laws of Security” That Every Geek Must Know
If you still have a yahoo account, security experts strongly recommend that you delete it today. Recently it was leaked that Yahoo compromised the security and privacy of hundreds of millions of users by installing a secret program that searched all incoming emails at the request of US intelligence officials.
“The order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit,” said ACLU Staff Attorney Patrick Toomey.
There have been conflicting reports about what kind of program was installed, with initial reports stating it was probably just a modified version of Yahoo’s existing scanning system that searches all incoming email for malware, spam and images of child pornography. But sources have since told Motherboard that the program was more like a “rootkit,” or a piece of malware that grants a hacker nearly complete and undetectable control over the infected system.
Source: Why We Should All Dump Yahoo Now
Yahoo’s troubles don’t seem to be ending anytime soon. A Reuters’s report has just dropped a massive bombshell on the company, suggesting that Yahoo complied with a U.S. government request and implemented a secret software to scan all the emails. CEO Marissa Mayer gave green signal without any counsel with company’s security head Alex Stamos. Later, in protest, Stamos left the company.
Source: Here’s Why You Should Delete Your Yahoo Account Right Now
“State-sponsored actor”? This is what happens when privacy and personal information is stepped on: the people paid to protect you are the perps…
500 million Yahoo accounts have been compromised and company believes a “state-sponsored actor” was behind this data breach
Source: Yahoo Confirms 500 Million Accounts Were Hacked by ‘State Sponsored’ Hackers
So you found a USB stick, but wait, wait, wait!!! Do not plug in an unknown usb anything into your computer, laptop, phone, whatever! If you’re confused, watch the first year of Mr. Robot. Or, know that hackers put malware on these devices that WILL infect your machine. Be safe.
…unmarked USB flash drives containing harmful malware being dropped inside random people’s letterboxes in the Melbourne suburb of Pakenham.
It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers.
Source: Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox
Google is getting ready to enforce the strict mobile standards it has deemed the wave of the future.
“Pages that show intrusive interstitials provide a poorer experience to users than other pages where content is immediately accessible. This can be problematic on mobile devices where screens are often smaller. To improve the mobile search experience, after Jan. 10, 2017, pages where content is not easily accessible to a user on the transition from the mobile search results may not rank as highly.”
This is not all that shocking considering that many are keenly aware of just how intrusive certain pop ups can be and how these adverts effectively diminish the user experience. And when it comes to user experience, this is at the top of Google’s list of priorities.
Starting in January 2017, Google will be doing away with mobile friendly badges due to 85 percent of the mobile SERPs meeting its standards, and any site that is still leveraging the technology known as “interstitial” pop ups would effectively be penalized and demoted in Google’s mobile search rankings.
Read the entire article…
Source: Google Penalties Coming for Mobile Pop Ups – SiteProNews
If it wasn’t for hackers, you would have no idea what your government is doing to erode your privacy and security. How secure do you feel now?
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA’s hacking exploits and implants leaked by the group calling itself “The Shadow Brokers.”
Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA’s Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet.
Now Cisco has found another zero-day exploit, dubbed “Benigncertain,” which targets PIX firewalls.
Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products.
But, further analysis of Benigncertain revealed that the exploit also affects Cisco products running IOS, IOS XE and IOS XR software.
Read the article…
Source: Cisco finds new Zero-Day Exploit linked to NSA Hackers
This comes complete with a handy, downloadable Cheat Sheet for the major social media applications. Nice to have on hand!
Keyboard shortcuts come in handy when we have to accomplish tasks real quick. Here is an ultimate cheat sheet which includes social media keyboard shortcuts for websites like Facebook, Twitter, YouTube, etc.
Source: Ultimate Social Media Shortcuts Cheat Sheet — Facebook, Twitter, YouTube, Tumblr, Google+
Download the free utility and see whether your phone needs patching. Verizon has patched only 1 of the 4 vulnerabilities. Shameful!
Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.
What’s even worse: Most of those affected Android devices will probably never be patched. Dubbed “Quadrooter,” the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.
The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.
Read more for a free utility that will test your phone…
Source: Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack
If you’re not gathering email data from your website visitors (legally) and following up with consistent & periodic email blasts, then you’re throwing the money you spent on your website and business down the drain.
An email subscription service should be a staple of any blogger’s content plan to attract blog traffic and create a transparent reader relationship.
Use a signup form on your blog to kickstart the email subscription process.
Read the entire article…
Source: Why all bloggers should offer an email subscription – The Garage
Two-factor authentication is important & necessary, but a real pain in the butt. This new process by Google is a breeze! I enabled and in a few seconds had authenticated with a press of a button on my phone. Get on it people!
When it comes to data breaches of major online services like LinkedIn, MySpace, Twitter and VK.com, it’s two-factor authentication that could save you from being hacked.
Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling the feature just to save themselves from irritation of receiving and typing a six-digit code that takes their 10 to 15 extra seconds.
Now, Google has made the 2-Step Verification (2FV) process much easier for its users, allowing you to login with just a single tap instead of typing codes.
Previously, you have had to manually enter a six-digit code received via an SMS or from an authenticator app, but now…
Google has introduced a new method called “Google Prompt” that uses a simple push notification where you just have to tap on your mobile phone to approve login requests.
Read the article …
Source: Google makes 2-Factor Authentication a lot Easier and Faster
Popular code repository site GitHub is warning that a number of users’ accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches.
Since the leaked credentials of recent widespread megabreach date back more than 3 years, there may have still been a possibility that those credentials were being re-used by many online users for other services.
So, it’s high time you changed your passwords for all social media sites as well as other online services, especially if you use the same password for different websites.
read the entire article…
Source: Github accounts Hacked in ‘Password reuse attack’
Using simple hacks, a hacker can be able to know about your personal unauthorized information. Knowing about these common hacking techniques for yourself
Source: Top 10 Common Hacking Techniques You Should Know About
For older people just getting into technology, the “imposter customer care” scam seems to be the most prevalent. So many have casually remarked to me how the “nice man on the phone fixed all their computer problems.” The worst thing is that they actually paid for the service, a double pay day for the scammers.
Phishing attempts on social media have more than doubled over the past year as scammers find new ways to trick people into providing personal and financial information.
During the first quarter of 2016, ploys to glean log-in credentials, credit card and other ID-worthy information soared 150 percent over the same period in 2015, according to Proofpoint, which provides social media security services to leading companies and nearly 225 million of their individual followers on Facebook, Twitter, LinkedIn, Google+, Instagram and Pinterest.
Source: Top Phishing Scams on Social Media
Watching this video shows exactly how fast and simple it is for thieves to alter a credit card terminal, almost in full view.
So, be cautious when you use any ATM and always look carefully at the teller machine before using it. If you find that the machine has been tampered with, or if its card slot looks damaged or scratched, DO NOT use the ATM.
Card Skimmers have been around for years, but the video posted below is a perfect example of the evolution of the technology used by thieves.
The video released by Miami Beach Police involved two men who work as a team to install a credit card Skimmer on top of a card terminal at a local gas station in LESS THAN 3 SECONDS.
Yes, in just less than 3 seconds hackers can turn a regular credit and debit card reader into a Skimmer – a device designed to secretly steal a victim’s credit or debit card information.
The two men were caught on video by a security camera, but it all happened so fast that one might have to rewatch the video to actually catch the crime.
Source: Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds
This is really good information from the web developer’s point of view. We always try to charge appropriately, but some things just take time and resources — like backing up an entire site, creating a test environment so an update doesn’t hose the entire site, working in antiquated software the client insists upon — and there’s not much we can do about it except charge our client or eat the loss. After a bunch of times eating the costs for a number of clients because the actual charge seems awfully high, it’s hard to make a living.
If you’ve never been involved in the creation of a website before, there are some paths that can lead to delays or bloated budgets. We’ve identified what we feel are the biggest pitfalls and how to avoid them. 1. You’re Likely Underestimating How Long Content Will Take In the majority of sites we make, the client…. Continue Reading »
Source: 5 Things to Know Before Starting a Web Project – Build Studio
Another older article, but because of the recent Win10 updates, it is still relevant. Learn why.
Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10. Of course, if you are one of the Millions, you should aware of Windows 10’s Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should
disable it right away.
Even some researchers advised Windows 10 users to rename their Wi-Fi access points.
Before discussing the risks of Wi-Fi Sense, let’s first know how it works.
Read the rest of the article…
Source: Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know