So what technology myths do you still believe in? See a partial list below and read the article to find out the rest. Still believe that a Mac can’t get a virus? Read on!
The most-believed myth: that more megapixels in a digital camera make for an instantly better picture. Eighty-six percent of the respondents went for that one; marketing hype doesn’t help. But what really helps with a better photo is a bigger sensor inside the camera.
Next, 52 percent of respondents believe that charging a phone overnight somehow harms the battery. That’s not true, and here are several other battery myths debunked. (Another: Don’t freeze your phone to extend battery life!) We also enlighten the 17 percent of people who think you have to run down your smartphone battery completely before you can charge it. Nope.
The third biggest myth: Thirty-one percent believe that an airport X-ray will hurt the stored memory on their phone or laptop. This is a holdover from when people had film cameras, and the X-rays actually could damage the film. But they won’t bother a hard drive. A giant magnet could though, so make sure to keep your phone and PC out of the MRI machine when you’re getting a brain scan.
The list goes on, with people thinking you can’t infect a Mac with malware and that overnight shutdown of a PC is a requirement. You should feel pretty superior if you don’t believe any of these.
Read the entire list of debunked beliefs here…
Source: Even in 2019, People Believe Too Many Tech Myths | News & Opinion | PCMag.com
This is a great list to help you stay safe on the internet and through email. It also gives you some great suggestions for products that fit into each checklist item. Stay safe!
Be safe on the internet.An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.
Go to the checklist
Source: Security Checklist
“There’s no shortage of data breaches these days, but this one should make you sit up and pay attention. The newly discovered “Collection #1” is the largest public data breach by volume, with 772,904,991 unique emails and 21,222,975 unique passwords exposed.
Update 3:42pm ET: It gets worse. Security reporter Brian Krebs reports that the Collection #1 trove is just a single offering from a seller who claims to have at least six more batches of data. Also, the Collection #1 data is said to be 2-3 years old, so not exactly the freshest but potentially still valuable to malicious actors. Including the Collection #1 data, Krebs writes, this person is selling “almost 1 Terabyte of stolen and hacked passwords.”
See complete article and how to check if you’ve been compromised
Source: Massive Collection #1 Breach Exposes 773 Million Emails
Do you know how much data you use during normal Facebook usage?
Credo has 3 smart and common sense tips for limiting your data usage, especially if you’re not on an unlimited or large data plan.
Normal use of the Facebook app—browsing your News Feed and looking at photos—consumes about 1.5MB per minute. Watching videos on Facebook uses around 2.6MB per minute. Spend 45 minutes a day on the Facebook app and it’ll cost you over 2GB of data in a month, which does not include the data the app drains while it runs in the background.
Read what the tips are…
Source: Tuesday Tip: 3 Ways to Limit Facebook Data Usage | CREDO Mobile Blog
Read the article to see how to discern whether the email is real or a phishing scam.
In a Wednesday warning, the FTC described fake Netflix messages claiming the customer’s account is on hold because the service is “having some trouble with your current billing information.”A screenshot of the email, captured by Ohio police, initially appears credible.
Source: Is That Netflix Email Legit? FTC Warns of Phishing Scam – Geek.com
TechCrunch has put together 5 separate guides to help you stay safe and protect your privacy.
We’ve put together five how-to guides covering cybersecurity basics that anyone can learn — and everyone should learn, including:
Why you need to use a password manager
Two-factor authentication can save you from hackers
How to protect your cell phone number and why you should care
How to browse the web securely and privately
How to get started with encrypted messaging apps
For more information check the Source: Cybersecurity 101: Five simple security guides for protecting your privacy | TechCrunch
If you’ve ever had issues with Windows updates — haven’t we all — this is the article for you. It tells you how to delay the updates until Microsoft gets the bugs out. After all, they’re not paying you to test their software. With their last earnings, they can afford to hire and pay employees to get the brunt of the bugs fixed before forcing a roll-out to its captive users.
Rumors swirling all over the blogosphere have Microsoft re-releasing the ill-fated Win10 version 1809 on Patch Tuesday this month. Personally, given the dearth of worthwhile features in 1809 and the painful first release last month, I’d rather that they just wait a week or a month or six, until it’s fully baked, but that probably won’t happen.
Better still, I wish they’d wait a year or two, roll in some new features worthy of a full reinstall, and then unleash something new and worthwhile. If wishes were horses …
While we wait for Pennywise the September October November 2018 Update clown to appear again, now’s a very good time to make sure your machine won’t install it — or any other poorly tested patches — until the cannon fodder has weighed in.
Source: Time to block Windows Automatic Update — with a new twist for Win10 Pro | Computerworld
The following information was sent via email from AARP and answers quite a few questions that my clients have had. Many people don’t realize that connecting to a free wi-fi spot at Starbucks or McDonalds carries quite a bit of risk for the uninformed.
Is Public Wi-Fi Safe?
Free public Wi-Fi, available at places like airports and coffee shops, is convenient, but can be risky.
How It Works:
Scammers monitor commonly used Wi-Fi network names, and set up their own “evil twin” access points in hopes your computer or device will automatically connect to it without your consent. Or they launch a “man in the middle” attack, by hacking in between you and your Wi-Fi connection. Their goal? To grab your personal information, emails, credit card numbers, and passwords.
What You Should Know:
Any data you send over free public Wi-Fi is vulnerable, so be diligent about how you use it.
What You Should Do:
- Even if it seems obvious, ask an employee at the location offering free public Wi-Fi for the name of the network. Just because you are at the airport, don’t just assume that “free airport Wi-Fi” is a legitimate wireless network; it could have been set up by a hacker to trick you into connecting.
- Avoid online banking, checking emails, making credit card purchases or even posting on social media on public Wi-Fi.
- Check your device’s settings to make sure it doesn’t automatically connect to any free public Wi-Fi that you’re in range of.
- Stick to browsing the web, checking news, weather, or traffic when on public Wi-Fi. When possible, avoid sites that require you to share login information such as a user name and password.
- If you find you use public Wi-Fi regularly, play it safe and sign up for a Virtual Private Network (VPN) that keeps your data secure by routing your communications through a secure, third-party server. Some are free, while others charge a subscription.
When it comes to fraud, vigilance is our number one weapon. You have the power to protect yourself and your loved ones from scams. Please share this alert with friends and family.
Fraud Watch Network
P.S. Spotted a scam? Tell us about it. Our scam-tracking map gives you information about the latest scams targeting people in your state. You’ll also find first-hand accounts from scam-spotters who are sharing their experiences so you know how to protect yourself and your family.
AARP Fraud Action Network
This is a very informative article from welivesecurity.com.
Know the risks
It all starts with the awareness of the risks along with the realization that everybody is a potential target. Much of what we do every day involves the internet positively in one way or another. On the other hand, the digital world is also inhabited by criminals who never miss a chance to steal fellow netizens’ data or money, or both. First of all, then, it pays to be clear-eyed not just about the benefits, but also about the security and privacy risks of cyberspace.
This ties in with the fact that attackers deploy ever more advanced tools and techniques to attack their targets. While we hold no sway over attackers’ capabilities and incentives, we can make their “job” harder by acknowledging and addressing the vulnerabilities in ourselves, as well as in our devices and software.
Source: ECSM: Five simple steps to staying safe online now and in the long run
Everyone should be using a vpn because there seem to be no boundaries on what information can be gleaned from your search and browsing habits. This is not an admission of guilt on the part of anyone who uses a vpn. On the contrary, your personal information belongs to you and is no one else’s (or corporate or political interests’) business.
The vpn is supposed to block anyone from getting your information through your ip address, but some vpn services, while stating that they don’t keep your information, actually do and they profit doubly from what you’re paying them and what they get from selling your information.
If you’re thinking that this is outrageous, you would be correct, but are you really surprised that corruption and lying seem to be the current business model? If you pay for one of these services, stop. If you’re thinking about getting a vpn, don’t use one of these.
And maybe thank those that do this legwork for us…
- HotSpot Shield
- VPN Unlimited
- Boleh VPN
- HideIP VPN
- VPN Gate
- Ace VPN
- Flow VPN
Read more on what information on you each service keeps
Source: 100+ VPNs & Their Logging Policy (What Logs Are Kept by Who?)
Have you ever wondered what the heck the DNS is and why it’s important? Well, here’s a really good intro for your edification!
Every website has an IP address that identifies it among all others. Theoretically, you could navigate the web using only IP addresses instead of domain names, but this wouldn’t be practical. To understand how IP addresses and domains relate to each other, you need to get to know the Domain Name System (DNS).
The DNS enables us to navigate the web more intuitively. In this article, we’re going to talk more about what the DNS is and how it works. Then, we’ll introduce you to multiple DNS-related terms you should know and talk about why they’re important. Let’s jump right in!
Source: An Introduction to the Domain Name System (DNS) And How it Works | Elegant Themes Blog
Check your WordPress sites for this plugin and remove it
The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.
A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website. This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself.
The backdoor installation code is unauthenticated, meaning anyone can trigger it. We will edit this post to include a proof of concept after 30 days with technical details on how the backdoor installation and execution works.
Source: Backdoor in Captcha Plugin Affects 300K WordPress Sites
The FCC is days away from voting to end net neutrality. Congress can still stop the vote, but only if we make them. On December 12th — protest by“breaking” your site, app, or social media profile. Use our tools, or do something creative and wild. Show your audience how terrible the future of the web could be, and get them to contact Congress. That’s how we win. Are you in?
Source: December 12: Break the Internet, Save Net Neutrality
Privacy Lab has published details from its research into 25 trackers hidden inside popular Google Play apps such as Uber, Tinder, Skype, Twitter, Spotify, and Snapchat. Publication of this information is in the public interest, as it reveals clandestine surveillance software that is unknown to Android users at the time of app installation. These trackers vary in their features and purpose, but are primarily utilized for targeted advertising, behavioral analytics, and location tracking.
The 25 trackers are a sample of the 44 identified-to-date by security researchers at Exodus Privacy, a non-profit organization based in France. Their Web-based privacy auditing platform, also named Exodus, analyzes apps available via Google Play. Exodus scans apps for the signatures of known trackers and identifies Android operating system permissions. To coincide with Privacy Lab’s publication, the Exodus organization has made its app auditing platform available to the public at https://exodus-privacy.eu.org and is releasing the code as Free and Open-Source Software.
source: Yale University Privacy Lab, https://privacylab.yale.edu/press.
Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season.
In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social engineering scams, malspam, and malicious, spoofed websites in order to dupe the droves of people expected to spend nearly $4 billion online this year.
So, bargain hunters, it’s important to know the warning signs. Here’s your guide to safe online shopping on Cyber Monday and beyond.
Source: 10 tips for safe online shopping on Cyber Monday
Your every move on the internet is being sold to third parties…
Behind many consumer websites, software companies track users’ moves, potentially exposing personal information such as medical conditions or prescription-drug use.
“I don’t think most users realize that when they interact with a website that their information about that visit is being shared with 40 to 100 third parties,”
Source: You’re Browsing a Website. These Companies May Be Recording Your Every Move.
If you’ve been procrastinating taking the plunge to windows 10, now’s the time to do it…
Should you need a Windows 10 upgrade after the December 31st cutoff, you’ll probably have to pay for it. A license for the Home edition starts at about $75 for a system builder OEM copy that is tied to a specific PC. Retail copies with less restrictive licensing are a bit more expensive, as is the professional version of the operating system.
Source: Microsoft Will End Final Free Windows 10 Upgrade Program On December 31 – ExtremeTech
This exploit uses the users’ common sense against themselves.
Security researchers at Cisco’s Talos threat research group have discovered one such attack campaign spreading malware-equipped Microsoft Word documents that perform code execution on the targeted device without requiring Macros enabled or memory corruption.
This Macro-less code execution in MSWord technique, described in detail on Monday by a pair of security researchers from Sensepost, Etienne Stalmans and Saif El-Sherei, which leverages a built-in feature of MS Office, called Dynamic Data Exchange (DDE), to perform code execution.
Dynamic Data Exchange (DDE) protocol is one of the several methods that Microsoft allows two running applications to share the same data. The protocol can be used by applications for one-time data transfers and for continuous exchanges in which apps send updates to one another as new data becomes available.
Read the article to see how this attack is accomplished…
Source: MS Office Built-in Feature Allows Malware Execution Without Macros Enabled
What could possibly go wrong when your privacy and phone are given “selectively” without your knowledge or ability to intervene? What happens when Uber is hijacked? Or Uber uses this access unscrupulously?
Security researcher Will Strafach recently revealed that Apple selectively grants (what’s known as an “entitlement“) Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch.
The screen-recording API allows the Uber app to record user’s screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen.
What’s more? The company’s access to such permission could make this data vulnerable to hackers if they, somehow, able to hijack Uber’s software.
Source: Apple Allows Uber to Use a Powerful Feature that Lets it Record iPhone Screen
Remember the old saying about bad things coming in threes? Flaw hunters Wordfence would probably agree with the sentiment after uncovering some nasty zero-day flaws in a trio of WordPress plugins.
Not a great start, then, but much worse is that the vulnerabilities were already being exploited when the company discovered them by chance during recent attack investigations – meaning anyone running them is vulnerable and should update immediately.
Read the article to see what plugins are affected
Source: Hackers pounce on 3 vulnerable WordPress plugins – Naked Security
Anyone still using Yahoo is either really uninformed or masochistic (or maybe employed by Equifax?)…
The largest known hack of user data in the history just got tripled in size.
Yahoo, the internet company that’s acquired by Verizon this year, now believes the total number of accounts compromised in the August 2013 data breach, which was disclosed in December last year, was not 1 billion—it’s 3 Billion.
Yes, the record-breaking Yahoo data breach affected every user on its service at the time.
Late last year, Yahoo revealed the company had suffered a massive data breach in August 2013, which affected 1 billion user accounts.
The 2013 hack exposed user account information, including names, email addresses, telephone numbers, dates of births, hashed passwords (using MD5), and, in some cases, “encrypted or unencrypted security questions and answers,” Yahoo said in 2016.
Source: It’s 3 Billion! Yes, Every Single Yahoo Account Was Hacked In 2013 Data Breach
Don’t despair, here is a link to a site that will tell you whether your email account has been breached. https://haveibeenpwned.com/ I am very careful and I was breached in 4 areas: Adobe breach 2012 (changed in 2014); LinkedIn in 2013 (changed in 2013); and 2 other sites that sold the 2 old breaches. If you have been breached, CHANGE YOUR PASSWORD TO A REAL PASSWORD! And don’t use the same password for every site! Get a password keeper to store and retrieve your passwords.
A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind.
A French security researcher, who uses online handle Benkow, has spotted the database on an “open and accessible” server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world.
The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password.
read the article…
Source: Over 711 Million Email Addresses Exposed From SpamBot Server
They’re baaaack, bigger and stronger. Learn how to protect yourself from the latest iterations of ransomware…
Currently, there is no decryptor available to decrypt data locked by Mamba and Locky as well, so users are strongly advised to follow prevention measures in order to protect themselves.
Beware of Phishing emails: Always be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source.
Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
Keep your Antivirus software and system Up-to-date: Always keep your antivirus software and systems updated to protect against latest threats.
Source: Warning: Two Dangerous Ransomware Are Back – Protect Your Computers
You should have the information you need to prevent (as much as possible) a Ransomware attack, but if you are still locked out of your files, here are some tips to help you recover. Remember, prevention is the best solution here, including backups of all your files. I’ve listed the steps, but you’ll need to read the article for the full version.
Ransomware attacks are becoming more frequent with hackers stealing your most important files. Follow these steps if you are a victim of a ransomware.
- Reinstall your files from a backup.
- Make sure your operating system and antivirus are up to date.
- Contact your IT department or antivirus company.
If none of that works, consider the worst “solution”:
- Accept that your files are lost and gone forever.
Source: How to Recover from a Ransomware Attack – AARP
Some you probably know, but what about excluding multiple words or phrases? What about finding words near each other? Read the article to learn how this is done!
In SEO, it’s often the little things that matter. After you’ve learned the basics, you can’t stop. You need to push yourself and learn more and more. You might not learn anything that will revolutionize how you look at SEO, but I guarantee that you will learn how to become a better SEO. One of […]
Source: 39 Essential Google Search Operators Every SEO Ought to Know
More CIA spying tools…
WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.
Read the article and where to find the download & docs on how it works…
Source: WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows
If you were infected by WannaCry, they have released a decryption tool to unlock your files without paying the ransom.
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.
Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
WannaCry Ransomware Decryption Keys
The WannaCry’s encryption scheme works by generating a pair of keys on the victim’s computer that rely on prime numbers, a “public” key and a “private” key for encrypting and decrypting the system’s files respectively.
Read the entire article here…
Source: WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom
Make sure you get this Microsoft update asap.
Microsoft’s own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable.
Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend.
Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered “the worst Windows remote code [execution vulnerability] in recent memory.”
Natalie Silvanovich also published a proof-of-concept (PoC) exploit code
that fits in a single tweet.
The reported RCE vulnerability, according to the duo, could work against default installations with “wormable” ability – capability to replicate itself on an infected computer and then spread to other PCs automatically.
According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft Malware Protection Engine (MMPE) – the company’s own antivirus engine that could be used to fully compromise Windows PCs without any user interaction.
Source: Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner
For all you FireFox users…
The malicious scam campaign, “The ‘HoeflerText’ font wasn’t found,” is back, which was previously targeting Google Chrome users to trick them into installing Spora ransomware on their computers.
This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda.
Interestingly, the attackers behind this new campaign are so stupid that they forgot to change the name of the font, i.e. HoeflerText, due to which it was easily caught by Kafeine, a security researcher at Proofpoint.
Read the article…
Source: Beware! Don’t Fall for FireFox “HoeflerText Font Wasn’t Found” Banking Malware Scam
For all you do-it-yourself-ers, this is why it’s important to stay current on your core, theme, and plugin updates. If you can’t find the time, hire me, or another professional, to do it consistently. Most updates should not be considered “optional.” They are done to stay ahead of hackers or fix exploit flaws.
WordPress, the most popular CMS in the world, is vulnerable to a logical vulnerability that could allow a remote attacker to reset targeted users’ password under certain circumstances.
The vulnerability (CVE-2017-8295) becomes even more dangerous after knowing that it affects all versions of WordPress — including the latest 4.7.4 version.
The WordPress flaw was discovered by Polish security researcher Dawid Golunski of Legal Hackers last year in July and reported it to the WordPress security team, who decided to ignore this issue, leaving millions of websites vulnerable.
Read the article…
Source: Unpatched WordPress Flaw Could Allow Hackers To Reset Admin Password
Why not let Windows do all the heavy lifting when you have a problem?
Windows includes a variety of “troubleshooters” designed to quickly diagnose and automatically solve various computer problems. Troubleshooters can’t fix everything, but they’re a great place to start if you encounter a problem with your computer.
Troubleshooters are built into the Control Panel on Windows 10, 8, and 7, so practically all Windows users can take advantage of them. On Windows 10’s Creators Update, most troubleshooters are now available through the Settings app.
Read the article to find out more…
Source: How to Make Windows Troubleshoot Your PC’s Problems for You
Did someone just share a random Google Doc with you?
First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it’s from someone you know.
I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] “has shared a document on Google Docs with you.”
Read entire article…
Source: Warning! Don’t Click that Google Docs Link You Just Received in Your Email
Yet one more reason why Microsoft should be worried about their market share…
“It generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document,” Scribbles’ user guide manual reads.
Scribbles Only Works with Microsoft Office Products
The user manual also specifies that the tool is intended for off-line preprocessing of Microsoft Office documents. So, if the watermarked documents are opened in any other application like OpenOffice or LibreOffice, they may reveal watermarks and URLs to the user.
Source: Source Code for CIA’s Tool to Track Whistleblowers Leaked by Wikileaks
Why is net neutrality important and why should you care?
The war for the open internet is the defining issue of our time. It’s a scramble for control of the very fabric of human communication. And human communication is all that separates us from the utopia that thousands of generations of our ancestors slowly marched us toward — or the Orwellian, Huxleyan, Kafkaesque dystopia that a locked-down internet would make possible.
By the end of this article, you’ll understand what’s happening, the market forces that are driving this, and how you can help stop it. We’ll talk about the brazen monopolies who maneuver to lock down the internet, the scrappy idealists who fight to keep it open, and the vast majority of people who are completely oblivious to this battle for the future.
Please read this article in its entirety here…
Source: The future of the open internet — and our way of life — is in your hands
Hopefully, this service will expand and people will actually use it…
… last October, along with our partners at Jigsaw, we announced that in a few countries we would start enabling publishers to show a “Fact Check” tag in Google News for news stories. This label identifies articles that include information fact checked by news publishers and fact-checking organizations.
After assessing feedback from both users and publishers, we’re making the Fact Check label in Google News available everywhere, and expanding it into Search globally in all languages. For the first time, when you conduct a search on Google that returns an authoritative result containing fact checks for one or more public claims, you will see that information clearly on the search results page. The snippet will display information on the claim, who made the claim, and the fact check of that particular claim.
Read the article…
Source: Fact Check now available in Google Search and News around the world
Here are some good safety tips for opening Word documents, especially since Microsoft seems to be so slow at patching known exploits. The easiest and most foolproof (so far) method is to open your documents in an online service: either Office online or Google Docs. This way the desktop exploits can’t be utilized.
Microsoft Office document files you download from the internet can harm your PC. Office files can contain dangerous macros, but macros aren’t the only risk. With new malware attacking PCs through dangerous Office documents that don’t even contain macros, keeping yourself safe in Office is just one of the security practices you should follow.
Source: How to Open Office Files Without Being Hacked
People worry about the data their camera and GPS captures, but there are so many hidden sensors that relay data that most users are unaware of.
Hackers Can Steal Your PINs and Passwords Just by Monitoring Sensors on Your SmartPhone
Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities?
An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.
Now, according to a team of scientists from Newcastle University in the UK, hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone’s sensors, like the angle and motion of your phone while you are typing.
Read entire article…
Source: Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors
As a general rule, you should never open a file from anyone that you aren’t expecting. If your best friend or family member sends you a file you didn’t ask for, email them and make sure they sent it. This exploit bypasses the disabled macro settings and is very devious.
According to researchers, this zero-day attack is severe as it gives the attackers the power to bypass most exploit mitigations developed by Microsoft, and unlike past Word exploits seen in the wild, it does not require victims to enable Macros.
Due to these capabilities, this newly discovered attack works on all Windows operating systems even against Windows 10, which is believed to be Microsoft’s most secure operating system to date.
Besides this, the exploit displays a decoy Word document for the victims to see before terminating in order to hide any sign of the attack.
Read the entire article…
Source: Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
Microsoft has always collected data for diagnostics, but it’s never really said what data it actually collects:
… now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update, bringing an end to nearly two years of its mysterious data collection practices.
The Windows 10 Creators Update, which will be available from April 11 for users to download for free, comes with a revamped Privacy settings section.
Read the article…
Source: Microsoft Finally Reveals What Data Windows 10 Collects From Your PC,
These are some great tools to secure your online privacy. Just getting a vpn or using Tor browser is not enough. Btw, just because someone values their privacy doesn’t mean they are doing something wrong. Privacy can be, and is, eroded at any time, especially when corporate corruption and greed are such strong motivations and there are little or no consequences.
In the last 7 years of ibVPN, we’ve secured the online privacy for hundreds of thousands of people. But first, we did our best to secure our own privacy and be one step ahead when it comes to security and online freedom. So, we’ve tested the tools we sincerely recommend below
Source: Tools We Recommend – ibVPN
If viable, these could be very valuable tools…
Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware.
Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals.
The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools.
Source: No More Ransom — 15 New Ransomware Decryption Tools Available for Free
Again, how can this be good for Microsoft business?
This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare.
Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline.
Read the article…
Source: Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability
This newly discovered bugs in Java and Python is a big deal today.
The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.
And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures.
The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don’t syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.
Source: Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection
Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack……
Just Don’t Download and Install It. It’s a Trap!
Scammers and hackers are targeting Google Chrome users with this new hacking scam that’s incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.
Source: Beware! Don’t Fall For “Font Wasn’t Found” Google Chrome Malware Scam
Could this be one of the reasons why Microsoft is no longer an industry leader?
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
A few months back, the search engine giant disclosed a critical Windows vulnerability to the public just ten days after revealing the flaw to Microsoft.
Source: Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!
People, what will it take for you to stop using Yahoo?
Has Yahoo rebuilt your trust again?
If yes, then you need to think once again, as the company is warning its users of another hack.
Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.
Well, it’s happened yet again.
Read the article…
Source: Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack
The smarter the object, the more able to relay your personal data.
Your government is spying on you! Businesses are spying on you! Your phone and browser are constantly spying on you!
Even your TV is spying on you!Yes, you should also worry about your “smart” TV, as one of the world’s biggest smart TV makers Vizio has been caught secretly collecting its consumers’ data through over 11 Million smart TVs and then selling them to third-parties without the user’s explicit consent.
Source: Smart TV Maker Fined $2.2 Million For Spying on Its 11 Million Users
During tax time, there are a lot of clever people who use their powers for evil waiting to take advantage of you. Here is one tool to fight back.
|As part of National Tax Identity Theft Awareness Week, AARP’s Fraud Watch Network and AARP Foundation Tax-Aide are joining forces with federal agencies to highlight the dangers of tax identity theft and recovery steps for victims. To register for the free webinar on February 2 at 2 pm EST, click here.
|How it Works:
|Tax identity theft occurs when someone steals your personal information for a fraudulent refund or to earn wages. It can involve:
- Filing a tax return using another person’s Social Security number.
- Claiming someone else’s children as dependents.
- Claiming a tax refund using a deceased taxpayer’s information.
|What Are The Signs:
- Your Social Security number is lost, stolen or compromised.
- Your tax refund is delayed.
- You receive a notice from the IRS stating it has received a duplicate tax return filing, you have unreported income, or you and somebody else are claiming the same dependents.
|What You Should Do:
|To avoid becoming a victim of tax identity theft:
- Submit your tax return as early in the tax season as possible.
- Be careful what you share – don’t give out your personal information unless you know who is asking and why, and don’t be shy about refusing!
- Dispose of sensitive information safely – shred it with a micro-cut shredder.
- Know your tax preparer.
|Check the status of your refund after filing at www.irs.gov/refunds. If you think someone filed a fraudulent refund with your information, call the IRS Identity Theft line at 800-908-4490. To learn more, visit www.ftc.gov/taxidtheft.
Fraud Watch Network
P.S. Spotted a scam? Tell us about it. Our scam-tracking map gives you information about the latest scams targeting people in your state. You’ll also find first-hand accounts from scam-spotters who are sharing their experiences so you know how to protect yourself and your family.
Source: Webinar for Consumers on Tax Identity Theft | Federal Trade Commission
Gmail phishing is one of most common methods used by hackers to compromise the online security of naive users. But, a recent Gmail phishing attack, uncovered by Wordfence, mimics your past conversations and succeeds in fooling the tech-savvy netizens.
How does this scary Gmail phishing attack work?
This phishing attack first compromises a victim’s Gmail account and starts sniffing the contact list. Then, it sends fake emails, which look very much legitimate, to everyone.
Now comes the smart part — the attack scans the user’s Gmail history and finds the file names of the sent attachments. Then, it applies the same name to the new attachments that appear to be PDFs. However, they are images that send the user to phishing web pages. To make the overall scheme more convincing, the attack steals subject lines from previous emails.
Read the entire article including how to defeat this phishing attack…
Source: Beware! This Is The Smartest Gmail Phishing Attack You’ll Ever Encounter
You just think this doesn’t apply to you. It will in the very near future… Are you LGBT, a person of color, have a religious preference other than Christianity, an advocate, a social reformer, a community leader, in the government, or ??? You will be losing your privacy rights.
Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies from today onwards.
The changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice came into effect on Thursday, after an effort to block the changes failed on Wednesday.
The change grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge (even magistrate judges). Usually, magistrate judges only issue warrants for cases within their jurisdiction.
Read the entire article
Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World | The Hacker News