In today’s connected world, social media has become a major part of our lives. In fact, the majority of adults in the US use social media on a daily basis. Unfortunately, not everyone uses social media for catching up with friends and sharing cat videos. Whether it be hackers trying to remotely access your information, or a suspicious partner hoping to catch a cheater in the act, social media is usually the first place they turn to as well.
With so much of our personal information being uploaded and shared on these social media platforms, how can we be sure that our information is secure? In truth, the only way to completely secure your information would be to refrain from uploading it in the first place. That being said, there are some ways you can protect the data you deem appropriate to put online. Here are a few helpful tips.
Secure Your Logins
Setting up your login credentials in a secure way is going to be your first line of defense against the most common online threats. During account creation, most platforms will ask to use your email address as your username. While this isn’t a security risk on its own, using the same email address or account name across multiple platforms can be. To combat this, try using a separate username and password for each of your social media accounts. That way, if one of your accounts is hacked, you can be sure that the rest are safe.
Password strength is another factor to consider while you’re securing your social media accounts. Most social media platforms will provide security tips or grade you on the strength of your password. These requirements, while somewhat useful, are based upon old guidelines that aren’t as effective today. Instead of following these guidelines, try using long phrases containing random words for your passwords. This will not only help you create a strong password, but it will also make that password far easier to remember.
If you feel the need for enhanced security on your social media accounts, you should consider activating two-factor authentication. Just about every social media platform has an option to turn on this security feature. If you’ve never used two-factor authentication before, the process is quite simple. You start by signing into your account as you normally would. After entering the correct information, you will receive a notification on your smartphone. Simply verify your login attempt and you will be granted access to your account. This will prevent anyone signing in on a foreign device from accessing your account.
Are you already following some of these tips? Have a few that you would like to add? Leave a comment for us in the section below!
Think back to the last online account you’ve created. Whether it was for a new social media platform or an online forum, chances are you were asked to create a password. A common misconception about passwords is that they need to contain random numbers and special characters to be considered “strong.” In fact, most websites won’t even let you finish creating an account until your password is strong enough. In reality though, following these password recommendations could result in an easy to crack password. Now, security researchers are suggesting the use of long phrases as a replacement, however, there is still an issue with this as well.
While remembering a single, long phrase is easy to do, trying to remember a separate one for each of your online accounts can become confusing. And if you choose to use the same phrase for each of your online accounts, you’ll be putting them all at risk in the event of another data breach. Luckily, passwords are not the only way to secure online accounts.
Biometrics As A Password Replacement
Biometric scanning is a relatively new alternative to the standard password. And thanks to popular smartphones such as the iPhone X and Galaxy S8, biometric scanning has gone mainstream. From fingerprint readers to facial recognition software, there are multiple ways in which you can choose to protect your devices as well as your online accounts.
Biometric scans are not without their own faults however. For instance, this past week a flight from Doha to Bali was grounded after a woman discovered her husband had been cheating on her. How did she find out? She had used her husband’s finger to unlock his smartphone while he was sleeping. While that’s certainly one way to catch a cheater, it does raise some concerns about the use of biometric scanning as the primary way to access sensitive information.
The Fast Identity Online Alliance
What we need is a way to combine the convenience of biometric scanning with stronger security. This is where the FIDO (Fast Identity Online) Alliance comes in. The FIDO Alliance is an authentication standard that is quickly growing in popularity among the world’s tech giants. Adopted by Android and iOS devices, along with popular browsers such as Firefox and Google Chrome, the FIDO Alliance looks to enhance the standard username and password experience. They offer multiple authentication options, including password-less login and second-factor verification. The password-less experience allows you to use your preferred biometric scan (usually done through your smartphone) as a way to access your online accounts.
But if you’re truly concerned about the security of your online accounts, you can use FIDO’s two factor authentication process instead. This authentication method takes account security to the next level by adding a USB security key to the login process. That way if someone were to try and remotely access your accounts, they would require your physical USB security key to do so.
What is your take on the future of the password? Do you think biometric scanning is strong enough to replace passwords altogether? Let us know below!
Following in the footsteps of WannaCry and NotPetya, a new ransomware attack has surfaced. First discovered last week, Bad Rabbit has infected hundreds of computer systems. While the vast majority of infected systems are located in Russia, a few instances of the malware have appeared in Germany, Ukraine, Bulgaria, and Turkey. Unfortunately, the source of the attack has yet to be identified. Researchers believe BadRabbit may have originated from the creators of NotPetya. Here’s everything we know about Bad Rabbit at this point.
What We Know About Bad Rabbit
One important thing that we know about Bad Rabbit is the way in which it spreads. To start, the malicious code is uploaded onto an insecure website (the majority of websites infected with the Bad Rabbit code were Russian domains). Once a victim arrives on one of these websites, they will be prompted to download an update for Adobe Flash. Opening this fake installer will infect the user’s computer with the Bad Rabbit malware. At this point, the system will be locked and a screen will appear demanding payment of .05 bitcoin (roughly $286). If the payment is not made within 40 hours, the cost will begin to rise.
Compared to WannaCry and NotPetya before it, this new ransomware attack is relatively small. Both of the previous attacks affected hundreds of thousands of devices (especially WannaCry which infected more than 200,000 in the span of two days). In this way, Bad Rabbit is far less severe, having infecting only a few hundred devices. That being said, the threat is still out there, which means devices are still at risk of infection.
However, this is some good news. A cybersecurity researcher discovered that the data locked by Bad Rabbit may be recoverable. So even if you’ve been infected by the Bad Rabbit malware, you may be able to retrieve your data.
Are ransomware attacks keeping you up at night? Are you doing anything in particular to protect yourself from them? If so, let us know in the comment section.
It’s been a little over a year since the last major botnet, Mirai, was discovered. This particular piece of malware is responsible for infecting over 2.5 million devices over the course of a few months. The vast majority of these devices were routers and webcams running off of older versions of Linux OS. Once infected, these devices were then used en masse to perform several DDoS attacks, including one which effectively took down the internet for the majority of the US.
The Reaper Botnet Is Here
Just in time for Halloween, a far more advanced botnet has surfaced. This new botnet, fittingly referred to as Reaper, functions similarly to last year’s Mirai. Both of these botnets attempt to grow their zombie horde by targeting IoT devices. That being said, there is one major difference between these two botnets. And it just so happens to be the reason why Reaper is more dangerous.
Reaper vs. Mirai
To compare, Mirai’s method of breaking into IoT devices was through a simple (but effective) brute force attack. Essentially, Mirai’s malware would identify the manufacturer and model of a particular device and break into it using the device’s default login credentials, which can easily be found online. Reaper on the other hand operates in a much more sinister way.
Reaper assumes control by exploiting common weaknesses found in an IoT device’s (notoriously weak) security protocols. Think of a hacker breaking into a computer system or network – Reaper uses similar tactics to hack IoT devices. This, in turn, allows Reaper to possess far more devices than Mirai ever could.
To put things into perspective, Mirai took nearly 3 months to accumulate it’s peak 2.5 million IoT devices. However, Reaper was only discovered last week and has already infected close to two million IoT devices.
If you have reason to believe that your IoT devices may have become enslaved by a botnet overlord, the first thing you should do is look for any new updates or patches made available by the device’s manufacturer. If your device does not have the ability to update (as is the case with many IoT devices) your only other option may be to perform a factory reset. Note you’ll have to redo any changes you once made to your device, such as changing the login credentials.
Have you been affected by this new botnet attack? Are you concerned about the future of IoT security? Let us know in the comments below!
Earlier this week, a major WiFi vulnerability was found to exist in the WPA2 (WiFi Protected Access 2) encryption protocol. Prior to the discovery of this vulnerability, WPA2 was hailed as the most secure method of protecting your WiFi network. It’s been estimated that WPA2’s Advanced Encryption Standard (AES) would take millions of years for even the most advanced supercomputers to break through its encryption process. Unfortunately, the latest attack does not have to break through any form of encryption. Instead it exploits a serious weakness found in WPA2’s framework.
The KRACK WiFi Vulnerability
A Key Re-installation Attack (KRACK for short) can completely bypass WPA2’s security. The attack works by tricking the WiFi network into believing that the hacker has the correct credentials to access the network. Once inside, the hacker can monitor every piece of information flowing into and out of the WiFi network. All kinds of personal information, such as credit cards, social security numbers, usernames, and passwords are at risk of being stolen. If you believe your information may have been stolen, try running a background check on yourself to determine if someone has been using your information.
Certain operating systems are more susceptible to KRACK (such as Android 6.0 or higher and Linux OS). It’s important to note that all devices operating off of WiFi networks are vulnerable. This includes PCs, laptops, smartphones, and even IoT devices (such as digital home assistants and smart TVs).
How To Protect Your WiFi Network
Mathy Vanhoef, the security researcher who discovered WPA2’s vulnerability to key re-installation based attacks, has published both a research paper as well as a website that goes into further detail on subject. However, if you’re not into the more technical aspects of the attack, and are only concerned with how you can protect yourself from this new threat, we’ve got you covered.
Update All Devices On Your Network
Updating any WiFi connected device is by far the most important thing you can do to protect your network. In this particular case, your number one priority should be updating your router’s firmware. While updating firmware usually requires some additional steps, the process is simple enough that anyone can do it.
Once you’ve updated the firmware on your router, your next priority is the software on the rest of your devices. Most major manufacturers have already developed patches for the KRACK vulnerability. However, there are still some manufacturers who have yet to release an update for their devices. If you’re unsure about whether your device’s manufacturer has already provided a patch for this WiFi vulnerability, take a look at this list.
Use An Alternative Connection To WiFi
What if the majority of your devices have not been properly patched? In that case, the next best thing you can do is disable your router’s WiFi and use an alternative connection. While not every device has a built in ethernet port available, some of the more data sensitive devices, such as PCs and laptops, are sure to have one. Consider utilizing these ethernet connections on your important devices until a proper fix has been publicly released.
In addition to PCs and laptops, smartphones also contain a ton of sensitive information. Unfortunately, many of these devices are at an elevated risk (Android devices in particular). In order to protect your smartphone from this WiFi vulnerability, try using your smartphone’s data instead of connecting to the WiFi, especially if you find yourself in a public place.
If there’s one thing you take away from this article, it’s that you should always keep your devices updated. Most modern devices come standard with some sort of auto-update feature. Enabling this feature can help secure your devices from potential vulnerabilities in the future. For those devices that require manual updates (such as router firmware), remain vigilant and keep a lookout for future updates.
If you found this article helpful, or have any additional tips, please let us know in the comment section below!
Update (11/8/2017): Google has released a new security patch for Android devices (versions 5.0.2 Lollipop to 8.0 Oreo) that addresses the KRACK WiFi vulnerability. There are multiple patches available for November, however the 2017-11-06 patch is the one to look out.
On September 12, 2017, Apple announced the next generation smartphone, the iPhone X. As a result of this announcement, many of the rumored features of the device were verified, including wireless charging, a fully edge-to-edge OLED display, and, perhaps most notably, facial recognition.
Facial Recognition Makes Its Way Onto The iPhone X
Similar to Touch ID (the fingerprint scanner of past generations), Apple’s facial recognition software has been named “Face ID.” The process works by scanning an individual’s face with a specially designed infrared sensor. Once a match has been made to the owner of the device, the phone will unlock. The iPhone X Face ID can also be used to verify purchases made on the Apple store and other third-party apps. However, Face ID will not protect your device from online threats, such as malicious software. That being said, it is important to take the appropriate measures to ensure your personal safety and data protection. If you happen to receive a suspicious text or email after making a purchase to a third-party vendor using Face ID, use a person searchtool to verify the sender’s identity before you open the message or click on any links within it.
While facial recognition is a new feature for Apple’s iPhone, other smartphones have been using this technology for years now. However, not all facial recognition software is created equal. For instance, Apple’s Face ID uses its infrared sensor to cast 30,000 dots on the user’s face. This allows the iPhone X to perform a quick 3D analysis of the individual’s physical features. This is incredibly important when it comes to device security. For instance, it will prevent a 2D image, such as a simple photograph of the owner’s face, from unlocking the phone. This same issue that has plagued other smartphones utilizing facial recognition software.
Similar to how Touch ID works, Face ID will not store a complete image of the user’s face. Instead, it will save that information in an encrypted, mathematical form. So even if someone were to gain access to the device, they would not be able to reconstruct an image of the user’s face from the saved data. This data will only be stored locally on the device in a special processing unit called the “Secure Enclave.” The information stored here cannot be uploaded to the cloud. That way, not even Apple will have access to it. All of this effort is put into place to make Face ID as secure as humanly (and digitally) possible.
While Apple has seemingly taken every precaution into account, there are still some issues that cannot be avoided. Let’s take a look at some of the potential security concerns that come along with using facial recognition.
Face ID Security Concerns
While Apple’s Face ID may be a more secure method of locking your phone than other biometric scanners, there is still one major risk. According to U.S. law, biometric scans are not protected under the fifth amendment. Under normal circumstances, an authority figure cannot force you to unlock your phone. However, in the event that your phone has been locked via biometric scan,authorities can then force you to unlock your device. For this reason alone, a password is a far more secure method of unlocking your phone than any other method.
Apple has also stated that anidentical twin, or sibling who closely resembles you, may be able to trick Face ID into unlocking. The closer the genetic relationship to the owner, the more likely that individual will be able to access the device through facial recognition. In addition to this, the iPhone Face ID should not be used by any children under the age of 13. This is because the majority of their distinctive features have yet to become fully developed. Their facial features also have the potential to change drastically over a short period of time, which could end up locking them out of their phones.
Lastly, it’s worth noting that it took only two weeks for hackers tobypass touch ID on the iPhone 6. While it’s far too early to say whether a similar situation may arise for the iPhone X’s Face ID, it’s a possibility.
If nothing else, the iPhone X Face ID will certainly be an upgrade over Touch ID in terms of security. However, the jury is still out on whether biometric scanscan protect your phone as securely as a strong password. Once the general public gets their hands on the iPhone X, we should know more about this issue.
Are you thinking of picking up your own iPhone X when it launches? If so, are you going to use the new Face ID or stick to the traditional password? Let us know by replying below!
Update (11/13/2017): Researchers at the Vietnamese security firm Bkav have discovered a way to trick the iPhone X’s facial recognition software into unlocking the device using a specially crafted mask. According to the researchers, it took approximately $150 worth of materials (along with a 3d printer) to produce the mask. They also acknowledged the fact that the average consumer should not worry about this finding due to the time and effort required to create the mask. That being said, it does go to show that Apple’s facial recognition software is not as infallible as originally thought.
Most of our personal information is stored online and easily accessible in today’s digital age. Many internet users choose to save their personal information on their favorite browser — everything from account names and passwords to home addresses and phone numbers are commonly saved in this way.
Even if you choose not to save your information, chances are it’s already been recorded somewhere on your device. This could potentially lead to a serious data breach if your device is targeted by a hacker or malicious software. Luckily, there are some steps you can take in order to secure your connected devices and reduce the risk of a break-in.
Turn Off Your Bluetooth Connection When Not In Use
Many newer devices rely heavily on Bluetooth to provide a wireless connection. However, hackers are also able to utilize this connection to remotely gain access to your devices. The most effective way to combat this is to turn off your Bluetooth whenever you’re not using it (same with your Location Services). This is especially important for connected devices, such as smart TVs and e-readers, which typically do not have the same level of security as PCs and smartphones.
Aside from a lack of security, many of these devices also lack the ability to receive updates or patches to fix potential exploits. Even for devices that do have the ability to update, it can take manufacturers months to identify a particular vulnerability, let alone develop a patch to address it. For example, at the time of this article, Apple’s iPhone operating system, iOS, has received a massive patch to address a malicious Bluetooth hack, while Google is still in the process of developing a fix for their mobile devices.
That particular Bluetooth vulnerability is known as the BlueBorne hack. When Bluetooth is turned on, the device is constantly open, trying to find other Bluetooth enabled devices to connect itself with. The BlueBorne hack takes advantage of this behavior by disguising itself as a Bluetooth enabled device seeking to make a connection. Once a connection has been established with another device, it begins to scan for potential vulnerabilities.
These vulnerabilities can be present in outdated operating systems or in a device that lacks security features altogether (which is the case for many of these devices). Once an access point has been established, the hacker can remotely control the device, even if it already has an established connection. At this point, the hacker will be able to extract any information that’s been entered or stored on the device. If the hacked device happens to be a smart phone, there’s no limit to the amount of personal information the hacker can extract.
There is some good news, however. The BlueBorne hack, as well as any other Bluetooth-related vulnerability, will require close proximity to the device in order to access it (roughly 35 feet for most Bluetooth devices). This means the connected devices in your home are more or less safe from intrusion. That being said, any connected device that you take with you outside of your home may be at risk, especially if you find yourself in crowded, public areas.
The key takeaways here are to make sure your connected devices are always updated to their latest version (if possible) and to ensure that your Bluetooth connection is turned off while it’s not in use. In doing so, you can better protect yourself against Bluetooth intrusions.
Change The Password On Your Router And Any Connected Devices
Most internet users know about the need for security features, such as firewalls, anti-malware software, and virus scans, but few people ever go the extra mile and change the default login credentials on their routers. What most people don’t know is that this is one of the most important steps you can take to protect all the devices connected to your Wi-Fi network.
By not changing the login information on your router, you’re putting the entire computer network at serious risk. This is because it gives potential hackers an easy way to bypass any security protocols your system may have. For most updated devices, breaking through these security protocols is a difficult and time-consuming task. On the other hand, if you’re one of the many people that never change the default login credentials on your router, it can be as easy as typing in a username and password to break into your network and extract any data flowing in or out of your network.
This same rule applies to any connected devices you may have. Just like routers, many consumers don’t know about the security risks associated with leaving the default login credentials unchanged. This rule is perhaps even more of a necessity when it comes to connected devices, due to the prevalence of botnets.
The term “botnet” is used to describe a collection of devices infected with a specific malicious software that allows a single source to control the actions of each infected device at the same time. Connected devices are commonly targeted by this malware because the default login credentials can easily be found online. Once a large enough network of botnets has been established, the hacker can then use the network to perform distributed denial of service (DDoS) attacks on websites and servers alike. In addition to this, these connected devices have little to no onboard security, making the login screen the only thing stopping potential hackers from breaking into them.
While there are different ways in which you can secure your personal devices and information, following these simple tips provide a good starting point. Remember, if you’re proactive about the security on all of your internet enabled devices, you can protect yourself from the majority of hackers.
Are you one of the few people who are already following these tips? Are there any other ways in which you have secured your own devices and data? Let us know in the comments section!
Update (11/16/2017): Armis, a cyber security firm which specializes in protecting IoT devices, released a report today which revealed a total number of 20 million Amazon Echo & Google Home devices were made vulnerable to the Blueborne attack. Both Amazon & Google have since patched out these vulnerabilities on their respective devices. These devices also auto-update by default, so if you do happen to own one of these devices, chances are you’re in the clear.
When trusting your devices with important data and files, you never expect that something will happen to them. The sad truth is that every day, all over the world people are experiencing malware attacks that threaten the security of their computers, cell phones, and tablets (and the precious data they contain). There are many more types of malware than most people realize, so it’s important to be informed in order to protect your devices.
Here are 9 types of malware that may put your computer data at risk:
This is the most widely-known type of malware, which is what reviews of antivirus software tend to target. However, not everyone knows exactly what a virus entails. A virus is a code that is attached to a piece of software. It’s easily spread and replicates itself just like a human virus, contracted by file or software sharing (often via email).
Trojans are the most dangerous type of malware, because their end goal is to steal your financial information by taking control of your device. In a larger system, this can result in a denial-of-service attack, meaning the system itself is down to users. This is a huge threat to businesses.
One of the more obvious malwares is the spyware, since it does exactly what its title suggests. It spies on your computer activities and logs them in order to target you, usually with advertisements.
A keylogger records everything you type in order to collect your username and password data. This is often one of the first steps in hacking a specific user because it does not require guesswork or backdoor methods to get into your private information.
When your computer is infected with ransomware, you will be unable to access your computer or the data within. It holds your device hostage and typically will request that you pay the hacker money to regain control.
Adware targets advertisements at you that are unwarranted. This is usually done by first using spyware to see which ads will be most effective for the hacker to use against you.
Worms are aptly named, since they are programs that will duplicate themselves and then proceed to “eat” away at your data and computer programs. They won’t stop until your drive is completely empty and you have lost all your data.
Backdoors are malware programs that create a weakness in your computer security to allow for other types of malware or hackers themselves to gain access to your system.
Now that you know all about the different kinds of malware, you can choose a security or antivirus software that works for you to protect yourself. If you suspect you may already have been the target of a malware attack, check out our related post: 6 Symptoms Of An Infected Computer
The average internet user knows that not all wifi networks are secure. If they’re smart about it, they already have done a review of security software to be certain their computer is safe from a hacked network. However, aside from a weak password, what are the potential hidden vulnerabilities in your wifi connection?
Here are 4 vulnerabilities in your wifi connection that you probably didn’t know about:
1. Default or shared password
Although the SSID and password that your network came with might seem randomized and, thus, more secure, skilled hackers will be able to crack into your system much easier than if you were to change them to something more personalized. Using a password randomizer is the best way to go about this, but if you don’t think you’ll be able to remember what it is, be sure it’s saved in a safe place.
2. Unsecured hardware
If someone can physically mess with your hardware, they can interrupt or corrupt your wifi connection. Furthermore, many users leave the SSID and password taped to the side or bottom of the router. If your modem and router aren’t locked away in a secured location, you run the risk of having your information stolen.
3. Not using enterprise mode
Enterprise mode is much more secure for those with more than one user than traditional WPS pin authentication is. For starters, pin authentication is easier to crack and allows hackers to decode the password. However, enterprise mode is also protected against internal user spying. This means users already connected to the network cannot spy on the wireless traffic of others.
4. Automatic connection to neighboring networks
If your wifi connection isn’t the greatest and often lags or takes a long time to connect, users may instead automatically connect to nearby public networks. If this occurs, they may be accidentally hooking up to a false or hacked network that will steal their data. Always be sure you have a data recovery software like DDI Utilities installed in case this happens accidentally. Furthermore, if the users connects to an alternate network, the users on the other network will have the ability to snoop on that computer’s traffic and private files. This can be especially detrimental for business computers.
Especially for corporations, securing your wifi network is vital to keeping your private information safe from harm. These vulnerabilities are the lesser known ones, but if you’re struggling to protect your wifi at a basic level, check out our related post: 7 Ways To Create A Secure Password And Protect Your Data
These days, almost all men, women, and even many children have cell phones. They are excellent for communication purposes like staying in touch with friends or contacting someone in case of an emergency. However, in recent years the shift has been made from simply a communication tool to a necessary gadget used to keep people occupied and organize their lives. What many people don’t think about is that the smartphone is not a simple mobile device any longer. It’s a miniature computer, which means it’s just as susceptible to scams, viruses, and hacking as a PC. Smartphone scams are a scary new way of interfering with the lives of the masses, so it’s important to stay vigilant of the risks.
Here are 3 smartphone scams everyone should beware of:
1. Fake text messages
If you receive a text from a number you don’t recognize and you don’t remember signing up for anything, don’t open it! Don’t click on the attached links, don’t respond to it, and certainly don’t send them any sensitive information. Sometimes simply opening the attached link can crash your phone’s entire system. Furthermore, some hackers will try to gain access to your accounts by claiming to be your bank and ask for private details like your password, pin number, account number, or social security number. This kind of communication will never occur through text message, so be sure to call your bank’s customer service line directly to report it.
2. One-ring scam
These types of smartphone scams are clever. Crooks program their calling systems to disconnect or jump to your voicemail after only one ring. This makes it nearly impossible for you to answer in time, piquing your curiosity when you see a missed call or get a voicemail from an unknown number.
Do not call it back! This is a scam to get you to call back international numbers that will charge you ridiculously high fees. If you do happen to fall for this trap, be sure to keep an eye on your phone bill for strange charges. If you are unsure of who is calling you, use a people search service like Kiwi Searches to input the number and receive detailed information about who they are before jumping to return the call. It’s better to be safe than sorry.
Smartphones allow you to surf the internet anywhere at any time. This is an amazing advancement in technology, but if you aren’t careful it can also be a major source of strife. Clicking on suspicious or unfamiliar ads or links can result in viruses being uploaded to your phone that will enable hackers to take over your device. You will receive a popup that says your device has been rendered inactive unless you pay a fee to the thieves to unlock it and get your data back. These smartphone scams in particular are easily preventable, though, by conducting a search for mobile security software reviews and installing a program that will effectively protect your device.
Your phone (and the data within) is far too valuable to risk. Take every precaution to ensure you and your personal information are always safe from harm. Even the apps you download can contain malware and viruses, so to stay alert be sure to visit our related post: How Do You Know If An App Is A Scam?