Beware! This Is The Smartest Gmail Phishing Attack You’ll Ever Encounter

Gmail phishing is one of most common methods used by hackers to compromise the online security of naive users. But, a recent Gmail phishing attack, uncovered by Wordfence, mimics your past conversations and succeeds in fooling the tech-savvy netizens.

….

How does this scary Gmail phishing attack work?

This phishing attack first compromises a victim’s Gmail account and starts sniffing the contact list. Then, it sends fake emails, which look very much legitimate, to everyone.

Now comes the smart part — the attack scans the user’s Gmail history and finds the file names of the sent attachments. Then, it applies the same name to the new attachments that appear to be PDFs. However, they are images that send the user to phishing web pages. To make the overall scheme more convincing, the attack steals subject lines from previous emails.

Read the entire article including how to defeat this phishing attack…

Source: Beware! This Is The Smartest Gmail Phishing Attack You’ll Ever Encounter

Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World

You just think this doesn’t apply to you.  It will in the very near future…  Are you LGBT, a person of color, have a religious preference other than Christianity, an advocate, a social reformer, a community leader, in the government, or ???  You will be losing your privacy rights.

Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies from today onwards.

The changes introduced to the Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice came into effect on Thursday, after an effort to block the changes failed on Wednesday.

The change grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge (even magistrate judges). Usually, magistrate judges only issue warrants for cases within their jurisdiction.

Read the entire article

Rule 41 — FBI Gets Expanded Power to Hack any Computer in the World | The Hacker News

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Luckily, not many US Android phones.  Just a matter of time before manufacturers install rootkits as a matter of course.

Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers.

According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy.

Read the article…

Source: Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Spammers using Facebook Messenger to Spread Locky Ransomware

One more thing to worry about…

If you came across any Facebook Message with an image file (exactly .SVG file format) send by any of your Facebook friends, just avoid clicking it.

An ongoing Facebook spam campaign is spreading malware downloader among Facebook users by taking advantage of innocent-looking SVG image file to infect computers.

If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware that has quickly become one of the favorite tools among criminals due to its infecting capabilities.

Read the article & view the image file being sent (safely)…

Source: Spammers using Facebook Messenger to Spread Locky Ransomware

Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship

You won’t believe your eyes while reading this, but this is true. Microsoft just joined the Linux Foundation as a high-paying Platinum member.

Microsoft’s love with open source community is embracing as time passes. At its first Connect event in 2013, the company launched Visual Studio 2013. A year later, Microsoft open sourced .NET, and last year, it open sourced the Visual Studio Code Editor, as well.

Read the entire article…

Source: Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

In the fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products.

However, a new report from a security firm suggests Apple’s online syncing service iCloud secretly stores logs of its users’ private information for as long as four months — even when iCloud backup is switched off.

Read more…

Source: iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

Adobe Flash Hacked in 4 Seconds, Safari Pwned In Less Than Half Minute

Most software vendors do not take security very seriously.  This was a huge wake-up call to the world at large.

PwnFest 2016 has become a death call for many software vendors. The hackers have managed to take down Apple’s Safari web browser in 20 seconds using a root privilege escalation zero-day. Another team managed to compromise Adobe Flash using an exploit that took just 4 seconds to run.fresh bytes of technology and more

Source: Adobe Flash Hacked in 4 Seconds, Safari Pwned In Less Than Half Minute

Shadow Brokers reveals list of Servers Hacked by the NSA

Please take note of the following line:  “A  few target domains were based in Russia, and at least nine domains include .gov websites.

Yes, the NSA is hacking our own government…  At what point is an agency deemed out of control?

The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA’s hacking tools and exploits, is back with a Bang!

The Shadow Brokers published more files today, and this time the group dumped a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations.

Source: Shadow Brokers reveals list of Servers Hacked by the NSA

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Users are advised to update their Flash software now and apply Windows patches as soon as they become available.

Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.

Yes, the critical zero-day is unpatched and is being used by attackers in the wild.

Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix.

Source: Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

“10 Immutable Laws of Security” That Every Geek Must Know

More than a 10 years ago, Microsoft shared its Ten Immutable Laws of Security that outlined Microsoft’s security principles. These laws were considered its basic security primer for newbie computer users.

Because of changing technology, in 2011 Microsoft released its version 2.0. Feel free to share with anyone you know who is unclear about basic security principles.

Do you know about Microsoft’s 10 Immutable Laws Of Security? These laws might be a few years old, but they act as a solid guide on security principles. These laws cover various aspects like the importance of security, the safety of encryption keys, and update antimalware scanner.

Continue reading…

Source: “10 Immutable Laws of Security” That Every Geek Must Know

Why We Should All Dump Yahoo Now

If you still have a yahoo account, security experts strongly recommend that you delete it today.  Recently it was leaked that Yahoo compromised the security and privacy of hundreds of millions of users by installing a secret program that searched all incoming emails at the request of US intelligence officials.

“The order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit,” said ACLU Staff Attorney Patrick Toomey.

….

There have been conflicting reports about what kind of program was installed, with initial reports stating it was probably just a modified version of Yahoo’s existing scanning system that searches all incoming email for malware, spam and images of child pornography. But sources have since told Motherboard that the program was more like a “rootkit,” or a piece of malware that grants a hacker nearly complete and undetectable control over the infected system.

Source: Why We Should All Dump Yahoo Now

Here’s Why You Should Delete Your Yahoo Account Right Now

Yahoo’s troubles don’t seem to be ending anytime soon. A Reuters’s report has just dropped a massive bombshell on the company, suggesting that Yahoo complied with a U.S. government request and implemented a secret software to scan all the emails. CEO Marissa Mayer gave green signal without any counsel with company’s security head Alex Stamos. Later, in protest, Stamos left the company.

Source: Here’s Why You Should Delete Your Yahoo Account Right Now

Yahoo Confirms 500 Million Accounts Were Hacked by ‘State Sponsored’ Hackers

“State-sponsored actor”? This is what happens when privacy and personal information is stepped on: the people paid to protect you are the perps…

500 million Yahoo accounts have been compromised and company believes a “state-sponsored actor” was behind this data breach

Source: Yahoo Confirms 500 Million Accounts Were Hacked by ‘State Sponsored’ Hackers

Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox

So you found a USB stick, but wait, wait, wait!!! Do not plug in an unknown usb anything into your computer, laptop, phone, whatever!  If you’re confused, watch the first year of Mr. Robot. Or, know that hackers put malware on these devices that WILL infect your machine. Be safe.

…unmarked USB flash drives containing harmful malware being dropped inside random people’s letterboxes in the Melbourne suburb of Pakenham.

It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers.

Read article…

Source: Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox

Google Penalties Coming for Mobile Pop Ups – SiteProNews

Google is getting ready to enforce the strict mobile standards it has deemed the wave of the future.

“Pages that show intrusive interstitials provide a poorer experience to users than other pages where content is immediately accessible. This can be problematic on mobile devices where screens are often smaller. To improve the mobile search experience, after Jan. 10, 2017, pages where content is not easily accessible to a user on the transition from the mobile search results may not rank as highly.”

This is not all that shocking considering that many are keenly aware of just how intrusive certain pop ups can be and how these adverts effectively diminish the user experience. And when it comes to user experience, this is at the top of Google’s list of priorities.

Starting in January 2017, Google will be doing away with mobile friendly badges due to 85 percent of the mobile SERPs meeting its standards, and any site that is still leveraging the technology known as “interstitial” pop ups would effectively be penalized and demoted in Google’s mobile search rankings.

Read the entire article…

Source: Google Penalties Coming for Mobile Pop Ups – SiteProNews

Cisco finds new Zero-Day Exploit linked to NSA Hackers

If it wasn’t for hackers, you would have no idea what your government is doing to erode your privacy and security. How secure do you feel now?

Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA’s hacking exploits and implants leaked by the group calling itself “The Shadow Brokers.”

Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA’s Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet.

….

Now Cisco has found another zero-day exploit, dubbed “Benigncertain,” which targets PIX firewalls.

Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products.

But, further analysis of Benigncertain revealed that the exploit also affects Cisco products running IOS, IOS XE and IOS XR software.

Read the article…

Source: Cisco finds new Zero-Day Exploit linked to NSA Hackers

Ultimate Social Media Shortcuts Cheat Sheet — Facebook, Twitter, YouTube, Tumblr, Google+

This comes complete with a handy, downloadable Cheat Sheet for the major social media applications.  Nice to have on hand!

Keyboard shortcuts come in handy when we have to accomplish tasks real quick. Here is an ultimate cheat sheet which includes social media keyboard shortcuts for websites like Facebook, Twitter, YouTube, etc.

Source: Ultimate Social Media Shortcuts Cheat Sheet — Facebook, Twitter, YouTube, Tumblr, Google+

Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

Download the free utility and see whether your phone needs patching. Verizon has patched only 1 of the 4 vulnerabilities. Shameful!

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.

What’s even worse: Most of those affected Android devices will probably never be patched. Dubbed “Quadrooter,” the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.

The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.

Read more for a free utility that will test your phone…

Source: Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

Why all bloggers should offer an email subscription – The Garage

If you’re not gathering email data from your website visitors (legally) and following up with consistent & periodic email blasts, then you’re throwing the money you spent on your website and business down the drain.

An email subscription service should be a staple of any blogger’s content plan to attract blog traffic and create a transparent reader relationship.

Use a signup form on your blog to kickstart the email subscription process.

Read the entire article…

Source: Why all bloggers should offer an email subscription – The Garage

Google makes 2-Factor Authentication a lot Easier and Faster

Two-Factor Simplicity!

Two-factor authentication is important & necessary, but a real pain in the butt.  This new process by Google is a breeze! I enabled and in a few seconds had authenticated with a press of a button on my phone. Get on it people!

When it comes to data breaches of major online services like LinkedIn, MySpace, Twitter and VK.com, it’s two-factor authentication that could save you from being hacked.

Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling the feature just to save themselves from irritation of receiving and typing a six-digit code that takes their 10 to 15 extra seconds.

Now, Google has made the 2-Step Verification (2FV) process much easier for its users, allowing you to login with just a single tap instead of typing codes.

Previously, you have had to manually enter a six-digit code received via an SMS or from an authenticator app, but now…

Google has introduced a new method called “Google Prompt” that uses a simple push notification where you just have to tap on your mobile phone to approve login requests.

Read the article …

Source: Google makes 2-Factor Authentication a lot Easier and Faster

Github accounts Hacked in ‘Password reuse attack’

Popular code repository site GitHub is warning that a number of users’ accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches.

[…]

Since the leaked credentials of recent widespread megabreach date back more than 3 years, there may have still been a possibility that those credentials were being re-used by many online users for other services.

So, it’s high time you changed your passwords for all social media sites as well as other online services, especially if you use the same password for different websites.

read the entire article…

Source: Github accounts Hacked in ‘Password reuse attack’

Top Phishing Scams on Social Media

For older people just getting into technology, the “imposter customer care” scam seems to be the most prevalent. So many have casually remarked to me how the “nice man on the phone fixed all their computer problems.” The worst thing is that they actually paid for the service, a double pay day for the scammers.

Phishing attempts on social media have more than doubled over the past year as scammers find new ways to trick people into providing personal and financial information.

During the first quarter of 2016, ploys to glean log-in credentials, credit card and other ID-worthy information soared 150 percent over the same period in 2015, according to Proofpoint, which provides social media security services to leading companies and nearly 225 million of their individual followers on Facebook, Twitter, LinkedIn, Google+, Instagram and Pinterest.

Read more…

Source: Top Phishing Scams on Social Media

Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

Watching this video shows exactly how fast and simple it is for thieves to alter a credit card terminal, almost in full view.

So, be cautious when you use any ATM and always look carefully at the teller machine before using it. If you find that the machine has been tampered with, or if its card slot looks damaged or scratched, DO NOT use the ATM.

Card Skimmers have been around for years, but the video posted below is a perfect example of the evolution of the technology used by thieves.

The video released by Miami Beach Police involved two men who work as a team to install a credit card Skimmer on top of a card terminal at a local gas station in LESS THAN 3 SECONDS.

Yes, in just less than 3 seconds hackers can turn a regular credit and debit card reader into a Skimmer – a device designed to secretly steal a victim’s credit or debit card information.

The two men were caught on video by a security camera, but it all happened so fast that one might have to rewatch the video to actually catch the crime.

Read more…

Source: Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

5 Things to Know Before Starting a Web Project – Build Studio

This is really good information from the web developer’s point of view. We always try to charge appropriately, but some things just take time and resources — like backing up an entire site, creating a test environment so an update doesn’t hose the entire site, working in antiquated software the client insists upon — and there’s not much we can do about it except charge our client or eat the loss. After a bunch of times eating the costs for a number of clients because the actual charge seems awfully high, it’s hard to make a living.

If you’ve never been involved in the creation of a website before, there are some paths that can lead to delays or bloated budgets. We’ve identified what we feel are the biggest pitfalls and how to avoid them. 1. You’re Likely Underestimating How Long Content Will Take In the majority of sites we make, the client…. Continue Reading »

Source: 5 Things to Know Before Starting a Web Project – Build Studio

Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Another older article, but because of the recent Win10 updates, it is still relevant. Learn why.

Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10. Of course, if you are one of the Millions, you should aware of Windows 10’s Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should

disable it right away.
Even some researchers advised Windows 10 users to rename their Wi-Fi access points.
Before discussing the risks of Wi-Fi Sense, let’s first know how it works.
Read the rest of the article…

Source: Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Reminder! If You Haven’t yet, Turn Off Windows 10 Keylogger Now

This is an older article, but one you may have missed. Simple instructions on how to turn off the keylogger and why you should.

Do you know? Microsoft has the power to track every single word you type or say to its digital assistant Cortana while using its newest operating system, Windows 10.Last fall, we reported about a ‘keylogger’ that Microsoft openly put into its Windows 10 Technical Preview saying the company ‘may collect voice information’ as well as ‘typed characters.’It was thought that the company would include the keylogger only within the Technical Preview of Windows 10, just for testing purpose. But, the thought was Wrong!

 

Read the rest…

Source: Reminder! If You Haven’t yet, Turn Off Windows 10 Keylogger Now

SEO Is Not A Get-Rich-Quick Scheme For Their Website

Quote

It’s important everyone understands that SEO is not a get-rich-quick scheme for their website. Project managers who underestimate the demands of a top-to-bottom SEO game plan will find themselves overwhelmed.

WHERE DOES SEO STRATEGY FIT IN THE WEB DEVELOPMENT PROCESS? EVERYWHERE. Nathan Reimnitz | GoDaddy Garage, May 2, 2016

Beware of These Smartphone Scams, AARP Bulletin|Sid Kirchheimer

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

With new technology comes new opportunities to fleece people out of their hard-earned money. Here are the latest scams from AARP and, while this is geared for older people, the information given works for all ages so don’t be put off by a presupposition.

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

AARP Bulletin|Sid Kirchheimer|March 2016

Be prepared: Scammers target smartphones every day via constantly evolving cons. — Eric Nyffler

En español | Love your smartphone? So do scammers. With more than 1.5 billion smartphones forecast to be sold worldwide in 2016, you can expect more mobile mayhem this year. The reigning ruses include the following:

Spam

Nearly 70 percent of smartphone texters say they receive unwanted spam messages, studies show. And people are three times more likely to respond to spam received by cellphone than when using a desktop or laptop computer. That’s particularly dangerous because more than a quarter of text-message spam—such as free gift cards, cheap medications and similar text-message come-ons—is intended to criminally defraud you, compared with only about 10 percent of spam arriving by email. These texts often lead you to shady websites that install malware on your phone or otherwise seek to steal sensitive details for identity theft.

What to know: Don’t click on links or follow instructions to text “stop” or “no” to prevent future texts. This only confirms to scammers that yours is a live, active number for future spam. Use and regularly update anti-malware software designed for smartphones; ask your phone’s manufacturer or service provider for recommendations. Forward suspicious texts to 7726 (“SPAM” on most keypads) to alert your carrier to those numbers, and then delete them.

In a longtime calling scam, crooks leave voice messages asking you to call back a specific number because you have won a sweepstakes or have an undeliverable package. Now they simply program calls to smartphones to ring only once or disconnect when you answer. Your curiosity over a missed-call alert results in you spending upwards of $30 to call back. The reason: Despite a seemingly American area code, the call is to an international phone number—often in the Caribbean—that charges a premium connection fee and per-minute rate, which is extended through long holds and frequent transfers.

You might also find charges crammed onto your bill with such innocuous language as “special services,” “Internet advertising” or “minimum monthly usage fee.”

What to know: Beware of any unfamiliar calls—one ring or otherwise—with area codes 268, 284, 473, 649, 664, 767, 809, 829, 849 or 876.

Bank messages

These text messages claim to be from your bank or credit card company and say there’s a problem with your account. You’re instructed to click an included link, which leads you to a look-alike, scammer-run website that seeks your name, account number and online log-in credentials.

See also: Billed for fake debt

What to know: If there’s really an account problem, you might get an email, but it will include your name and a portion of your account number. Or your bank or credit card company may telephone you with a fraud alert, but it won’t ask for any personal data.

Finally, keep in mind that smartphones are prime targets for old-fashioned theft. Don’t let yours reveal your secrets if it winds up in the wrong hands. Always protect it with a strong PIN. And don’t use it to store credit card and account log-in information—or anything else potentially compromising.

More on Scams

DNS HiJacking ( Introduction ) – Cybrary

An introduction to DNS HiJacking

What is DNS and how does hijacking work? What are the dangers of DNS hijacking? How can you prevent or recover from hijacking or being hijacked? Well, read on!

Hello Readers… DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer …

Source: DNS HiJacking ( Introduction ) – Cybrary

How does The Internet Work?

So, how does the internet work?

The internet is something nearly everyone uses on a daily basis. We’ve all come to rely on it and some of us make our living using it. So, how does it work? How do computers connect? How do messages pass between computers? Is it really a bunch of tubes? (hint, nope!) Who owns it?

This article explains some of the more general points about an indispensible system.

Nowadays, internet has became essential after food. There are many people who will not be agree with this statement but once they start using internet, they will be agree. You are reading this article so i hope you are already aware of ‘what internet is’. But, really?

You will say ‘Yes i know what is internet’ but it is enough ? Don’t you ever wonder how does the internet work? Maybe you already know how it works if you are an IT pro or teacher but i think everyone should know this because internet is common and it is for everyone. So the study of internet should not be only for IT students. So coming to the point, i wrote this article to let everyone aware about internet concepts and its working with the help of website Howstuffworks.com . I hope you have enough time to read it patiently.

Source: How does The Internet Work?

USB Thief — Self-projecting USB Trojan Is Here To Give You Nightmares

Rule of Thumb

Never, never, never use usb drives from an unknown source. This includes buying cheap usb drives from unknown sources on eBay! So many interesting things are being pre-loaded these days. Tell your uncle with the nude pics on the usb drive that you’ll pass. BTW, do we need to have a conversation about the objectification of women?…

Security researchers have identified a new malware named USB Thief that has the ability of stealing data from air-gapped computers without leaving its trace.

Source: USB Thief — Self-projecting USB Trojan Is Here To Give You Nightmares

How Just Opening an MS Word Doc Can Hijack Every File On Your System | The Hacker News

If you receive a mail masquerading as a company’s invoice and containing a Microsoft Word file, think twice before clicking on it.
Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed “Locky,” into their systems.

Read More: How Just Opening an MS Word Doc Can Hijack Every File On Your System | The Hacker News

Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car – fossBytes

Please note that he noticed the potential security risks inherent in the hospital’s system and medical equipment and got permission to run tests to expose the vulnerabilities.

When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.

Source: Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car – fossBytes

36 Reasons Why Having a “Free Website” is a Bad Idea

This is a great article explaining exactly why you get what you pay for and nothing is ever “free.” The least of which is they can lock down your data, they can shut down your website, unprofessional web address (no credibility there), the company can disappear (with your stuff), you lose your site address, they can sell your information, notorious for distributing malware (do you really want to be a part of that?), and they are vulnerable to hacking attempts.

Is this the way you want potential clients/customers/members to see your organization? But wait, there’s more!…

Are you looking for a free website hosting service on the web? Take a look at these 36 reasons explaining why having a free website is a bad idea.

Source: 36 Reasons Why Having a “Free Website” is a Bad Idea

Hundreds of compromised WordPress sites serve TeslaCryptSecurity Affairs

If you are not keeping up on your updates, you may have a compromised site. It’s important to make sure you have the latest security patches to your WordPress site.

Emergency. Hundreds of compromised WordPress sites serve TeslaCrypt ransomware

Source: Hundreds of compromised WordPress sites serve TeslaCryptSecurity Affairs

HTTPS provides more than just privacy

So why do you need HTTPS for your site? You don’t sell stuff. You don’t ask users for any information. Here’s why you need a TLS Certificate (formerly SSL Certificate). There are two(?) types of TLS Certificates: EV (Extended Validation Certificate) and DV (Domain Validated Certificate). The typical website holder uses the DV certificate.

HTTPS can provide identity, SEO, access to HTML5 powerful features and even keep network carriers from messing with your site’s content. Read on for how.

Source: HTTPS provides more than just privacy

Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | By Peter Kafka

Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | By Peter Kafka

loser gif
If you’re still seeing ads in twitter apparently you’re a loser!

Twitter makes its money by showing ads to its users.

But not all of its users: For the past few months, the social media company has stopped displaying ads, or has dramatically reduced the number of ads it displays, to a small group of some of its most prominent and active users.

For those people, Twitter is an ad-free, or nearly ad-free, experience.

Sources say Twitter made the move in an attempt to get some of its VIP users to stay engaged with the service. That seems a little counterintuitive for a company that appears to be focused on getting new users, not pleasing its hardcore base. But CEO Jack Dorsey seems to endorse the notion: Twitter started playing around with the idea in September, when Dorsey was interim boss, and has kept at it since he took the title for good.

Twitter sources say the company doesn’t select the no-ad or low-ad group purely by star power, but by a variety of criteria, including the volume and reach of the tweets they generate.

Read More…

Source: Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | <re/code> By Peter Kafka

Uber tests out using smartphones to monitor driver behavior | Ars Technica

So, what could possibly go wrong? Is anyone else weirded out by this?

Uber announced today that it will monitor some of its drivers’ behavior for things like excessive speeding or distracted driving. Starting with a trial in Houston, the program will use Uber drivers’ own smartphones to provide data to the company.

The company will use a phone’s gyroscopes, accelerometers, and GPS to record whether drivers break speed limits or play with their phone while the vehicle is in motion. But in this trial, Uber will only access that data if a customer has a complaint about driving standards.

Always-on monitoring of driving standards may come later, according to Uber Chief Security Officer Joe Sullivan. For now, the initiative is about being able to fact-check complaints and keep the company’s rating system on the rails.

Distracted driving is a serious problem, and it’s responsible for much of the push toward self-driving cars in the US. As companies like Zendrive have shown, the sensors in smartphones today are very capable of assessing whether a phone is being used while traveling in a car.

Source: Uber tests out using smartphones to monitor driver behavior | Ars Technica

What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

According to Ghost Security Group, 2016 will be an eventful year in cybersecurity. Ransomware, ISIS, Bitcoin, hacks and breaches will likely paint the headlines as they did in 2015. 

“As was seen recently with the Ransom32 software earlier this year, ransomware is only getting better,”

Ghost Security Group activist Akenalus told Hacked. 

“At some point it may even begin scanning our computers, extracting credit card information and automatically paying its own ransom.” 

This isn’t likely to happen any time soon, but it will be coming in the next few years.

“We can most definitely expect ransomware to be more commonly used, maybe even being used to take over things like the Playstation network and hold either Sony or individual users hostage, extracting ransom that way,”

the hacktivist said. No matter how it is used, ransomware won’t disappear in the upcoming year. That’s clear by recent innovations in ransomware.

“And if Ransom32 was any kind of an example, we can expect it to get worse.”

As has already been shown in the last year, cyber warfare plays a huge role in modern war. Ghost Security Group has gained a name for itself in the online battle against ISIS. They feel this is the most effective way to undermine ISIS influence.

Read more…

Source: What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers

A press release by the Spanish security company revealed the startling number to be nine million new samples more than the previous year – 2014. Essentially, that’s 230,000 new malware samples produced every single day on average throughout 2015.

2015 also saw another record notched up wherein 27 percent of all malware samples – ever recorded – were observed during the previous year.

The highlights revealed that:

  • Trojans proved to be the undisputed king of malware at 51.45% of all collected samples.
  • Viruses constituted for 22.79%
  • Worms came after at 13.22%.

Potentially unwanted programs or PUPs figured in next at 10.71% followed by cases of spyware at 1.83%.

The notorious Cryptolocker ransomware was the most destructive, far-reaching and widely-scaled cyberattack of them all, affecting hundreds of thousands, if not millions of computers around the world.

Read more…

Source: Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

path of apple servers to reading all of your messages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW!

In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products.

When it comes to Apple’s iMessage service, the company claims that it can’t read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it.

Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose back in 2014. “It is encrypted, and we do not have a key.”

But Wait!

There are still hundreds of Millions of Apple users whose data are stored on Apple’s servers in plain text even after Apple’s end-to-end encryption practice.

Read the rest of the article…

Source: Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Hacking your head: How cyber criminals use social engineering | Malwarebytes/Wendy Zamora

Hacking your head: How cyber criminals use social engineering

Social engineering is nothing new. It’s a tool of psychological manipulation that’s been used since the dawn of man. Why? To influence people into taking action that might not be in their best interest.

Sometimes it’s fairly harmless, like a child sweet-talking his mom in order to get extra candy. (I’m a victim of this one.) Many times, however, social engineering is used for nefarious purposes.

There are classic examples of social engineering at play throughout human history. Confidence tricks were first used by charmers in the 19th century to con people into trusting others with their valuables. (They should not have trusted…the charmers made off with the goods.) Psychological manipulation, otherwise known as propaganda, influenced droves of people during World War II to go out and buy war bonds. And advertising subtly hints that you’re not pretty enough until you buy this product.

Social engineering taps into the human psyche by exploiting powerful emotions such as fear, urgency, curiosity, sympathy, or the strongest feels of them all: the desire for free stuff.

Which is why cyber criminals have caught on.

Cyber crooks use this dangerous weapon to get at the weakest link: us. They know that the easiest way to penetrate a system is to go after the user, not the computer. “Attacking the human element has always been a favorite,” says Jean-Phillip Taggart, Senior Security Researcher at Malwarebytes. “Why use some hard technical flaw to acquire a password when you can simply ask the user for it?”

Read More…

Source:  Hacking your head: How cyber criminals use social engineering | Malwarebytes/Wendy Zamora

Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

Facebook “Page Disabled” Phish Wants your Card Details — Targets Page Admins

Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of.

The scam begins with a message like this, courtesy of Twitter user Alukeonlife:

Warning!!!
Your page will be disabled.
Due to your page has been reported by other users.
Please re-confirm your page in order to avoid blocking. You violate our terms of service. If you are the original owner of this account, please re-confirm your account in order to avoid blocking.

If the multiple exclamation marks and generally terrible grammar didn’t give the game away, the following request certainly might:

To complete your pages account please confirm Http below:

https(dot)lnkd(dot)in/bNF9BUY?Facebook.Recovery.page

"Attention"

If you do not confirm, then our system will automatically block your account and you will not be able to use it again.
Thank you for the cooperation helping us improve our service.
The Facebook Team

Note that they use the Linkedin URL shortener, which is somewhat unusual – perhaps the scammers think people are growing suspicious of endless bit(dot)ly and goo(dot)gl URLs being sent their way, and are attempting to throw a business-centric sheen on their shenanigans. They won’t get away with it without a fight, however – Google Safe Browsing flags the final destination as a dubious website: and fires up a “Deceptive site ahead” warning:

Fake FaceBook Phishing Warning

As for the scam page itself, which is located at

report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm

it looks like this:

FaceBook Phishing Scam Page

Read More…

Source:  Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

When URL Shorteners and Ransomware Collide

When URL Shorteners and Ransomware Collide

We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations.

Recently, a URL shortening service was used to shrink a dubious link, obfuscating a malicious destination:

46(dot)30(dot)45(dot)39/Statement.jpg

which was actually a malicious script dowloader “Statement.js”, dropping Cryptowall from

46(dot)30(dot)45(dot)39/yyo.w

Cryptowall is Ransomware which encrypts files on your computer and demands that a ransom be paid in order to receive instructions (private key) for decrypting your files (in this case, RSA-2048 encryption was used).

<…>

There are precautions that can be taken to avoid clicking on a malicious shortened link, such as not clicking on a shortened link if you do not know who it is from. If you want to take additional measures, there are services that unshorten shortened URL’s such as

checkshorturl(dot)com

Furthermore, it is highly recommended that you use anti-virus and anti-malware in conjunction for the best possible protection. Malwarebytes Anti-Malware protects users from this attack, including blocking identified malicious IPs and domains associated with Ransomware.

Read More…

Source:  When URL Shorteners and Ransomware Collide | Malwarebytes Labs

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

A new critical zero-day vulnerability has been discovered in the Linux kernel that could allow attackers to gain root level privileges by running a malicious Android or Linux application on an affected device.

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.

The vulnerability was present in the code since 2012, and affects any operating system with Linux kernel 3.8 and higher, so there are probably tens of millions of computers, both 32-bit and 64-bit, exposed to this flaw.

However, the most bothersome part is that the problem affects Android versions KitKat and higher, which means about 66 percent of all Android devices are also exposed to the serious Linux kernel flaw.

Impact of the Zero-Day Vulnerability

An attacker would only require local access to exploit the flaw on a Linux server.

If successfully exploited, the vulnerability can allow attackers to get root access to the operating system, enabling them to delete files, view private information, and install malicious apps.

“It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,” Yevgeny Pats, co-founder and CEO at security vendor Perception Point, said in a blog post published today.

“With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.”

Usually, flaws in Linux kernel are patched as soon as they are found; therefore, Linux-based operating systems are considered to be more secure than others. However, zero-day vulnerability recently discovered in the Linux kernel made its way for almost 3 years.

Read the rest of the article…

Source: Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable | The Hacker News

Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper

Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper – The Hacker News

Apple Mac Computers are considered to be much safer than Windows computers at keeping out the viruses and malware, but the new Exploit discovered by researchers again proves it indeed quite false.
Last year, The Hacker News reported a deadly simple exploit that completely bypassed one of the core security features in Mac OS X known as Gatekeeper.

Apple released a patch in November, but now the same security researcher who discovered the original Gatekeeper bypass vulnerability said he found an equally obvious workaround.

Patrick Wardle, ex-NSA staffer and head of research at security intelligence firm Synack, said the security patch released by Apple was “incredibly weak” and that the update was “easy to bypass” in minutes.

Gatekeeper’s Failure Once Again

Introduced in July of 2012, Gatekeeper is Apple’s anti-malware feature designed to block untrusted, dodgy apps from running, keeping Mac OS X systems safe from malware.

Read More…

Source: Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper – The Hacker News

Password secrets: Your Passwords Aren’t As Secure As You Think

Password secrets: Your Passwords Aren’t As Secure As You Think – Technotification

There is one thing that make us so vulnerable is ignorance. Today, everything is going to be depended on the internet. Yes, and you know it better! and a concept that we use to secure our internet accounts and all is our passwords. but is it enough to set password and feel that we are secure? are you really aware about of how to use passwords?

Our lack of understanding about passwords is allowing crooks to spy on us, steal from us, and deceive us into thinking nothing ever happened. Despite the volumes of texts that have already been written about them, how many of us have ever read a single chapter paragraph about the nitty-gritty of passwords?

That’s why i have compiled the following three short lists which outline the most common misconceptions about passwords; the ways in which our passwords can be stolen; and the tools you need to make sure it doesn’t happen to you.

Each of these sections can be read in less than two minutes. But once you’re done, you will have acquired enough information to deal safely and confidently with your passwords.

Password Myths You Should Stop Believing

  1. A file, folder, computer, or account protected by a password is safe.
    Read the rest of the article and learn why that statement is no longer true.

Read More…

Source: Password secrets: Your Passwords Aren’t As Secure As You Think