In my office we use Slack as our interoffice communication, like many other offices around the country. We started using it as a way to increase our productivity and team communication. Instead of having constant meetings or running back and forth to talk to certain people all of that communication could be done in one centralized online location. And at first it worked out great. But now I am finding it incredibly difficult to get work done because my notifications are going off all day long. All this after the Yanny vs. Laurel debate too.
Even when I change my settings to show that I’m unavailable, the messages still come. They are always there just waiting for me to read them. If I try to turn it off for an hour or two, when I come back there are dozens of messages to sort through. Some of which have nothing to do with me.
I think that the easy accessibility we have to each other makes us less productive. In a meeting there is an agenda and a structure so we can talk about specific things. When I’m not using my cell phone spy app. But on Slack and other instant messaging platforms, it’s too easy for conversations to drift on endlessly. Private messages become long conversations that have very little to do with any thing work related. This is a huge time waster. I think I got more done when all communication was face to face.
How can you reclaim your productive time from constant instant message intrusions? The best way I’ve found is to totally sign out of instant messaging. Of course, that means that people can’t reach me. They can leave me a message, send me an email, or come to my desk if they need something. But no one has ever come to my desk since I started reclaiming my time. Not one person needed my attention so badly they actually crossed the office to get it.
If you find that instant messaging is bringing down your productivity, try signing out of your instant messaging. And don’t leave your email inbox open for a few hours each day. That gives you some quiet mental space so that you can focus on getting things accomplished. Giving myself just a few hours of interruption free time made a huge difference in my productivity. It can make a difference in yours too. Multitasking isn’t always the best and most productive use of your time. Especially since your boss is likely monitoring your productivity.
Unless you’ve been living under a rock this past week, you’ve probably heard something about Meltdown and Spectre. These cyber attacks look to exploit a serious flaw embedded in just about all modern processors. Unfortunately, this flaw isn’t limited to personal computers. Smartphones as well as other smart devices are also at risk.
In order to understand how Meltdown and Spectre exploit your system’s processor, you must first understand a key function of modern CPUs: speculative execution. Without going into technical detail, speculative execution can improve CPU performance by predicting the route in which information will travel. This allows the CPU to execute a command in any order it sees fit. This avoids potential bottlenecks that would otherwise increase processing time. In the event that the processor fails to predict the correct route, the command will be rolled back in a way that is invisible to applications. These attacks exploit this function, allowing them to extract information from the CPU’s memory cache. Like a reverse phone number lookup, Meltdown and Spectre can access an unprecedented amount of sensitive information.
Meltdown And Spectre Vulnerabilities
While both of these attacks exploit the same processor flaw, the Meltdown attack causes the greatest amount of concern. This is because Meltdown allows the attacker to access information from the computer’s “kernel” (the central part of the operating system). The kernel essentially acts as a bridge between the computer’s applications and the processing unit. By peering into this location, Meltdown can extract the most sensitive information on a given device. As you can probably tell, an attack that can penetrate this deep into a computer system poses a massive security risk. For that reason, just about every major tech company and manufacturer has issued a patch to address this vulnerability.
Spectre, while still a significant security threat, is a far more difficult attack to execute than Meltdown. Unfortunately, this also makes Spectre more resilient to patches that otherwise address Meltdown. Some researchers believe software updates will not be enough to completely protect our systems from Spectre. Only by developing new hardware without speculative execution can we completely eliminate the threat of Spectre. That being said, it may take years before CPU manufacturers can develop such a chip. Until then, Spectre will continue to haunt our processors.
Another issue regarding these exploits is that no single company can fix either on their own. In order to address these vulnerabilities, processor companies (Intel, AMD), operating system companies, (Microsoft, Apple) and cloud service companies (SAP, IBM) have to work in tandem. So far the efforts of these companies have successfully created a working patch for the Meltdown attack (while still addressing Spectre in some ways).
The Impact Of Meltdown And Spectre
Even though fixes for Meltdown (and in some ways, Spectre) have been released by most major manufacturers, some devices have yet to be patched. For those devices that have fixes available, installing the patches can slow down your computer by upwards of 30%. While the typical user might not notice a slowdown, the same cannot be said for everyone. In fact, many systems that rely on cloud computing are having trouble. For instance, Epic Games, the creator behind the popular shooting game “Fortnite” has had numerous reports of login failure and server downtime since the patches went public. The company has since revealed that a third-party cloud service, responsible for handling the game’s influx of players, is at fault for the issues.
If you happen to be running an AMD chip however, a 30% slowdown is the least of your worries. Many AMD users who have installed Microsoft’s Meltdown and Spectre patch have bricked their entire system. Microsoft seems to be working on a fix for this issue. So we’ll be sure to update this blog when the fix arrives. In the mean time, if you happen to own a device with an AMD chip in it, make sure you disable the Windows auto update feature. Hopefully, as developers learn more about these vulnerabilities, more efficient ways to address Meltdown and Spectre will be found. For now however, we’ll have to settle for slower processing speeds and failed login attempts.
I’m sure most of you reading this have heard about cryptocurrency in one form or another. Some of you may have even invested in this new form of currency. But for those of you who aren’t familiar with the different cryptocurrencies and how they work, I’ll go over some very basic knowledge before jumping into cryptojacking and its effects.
Cryptocurrencies are a secure digital asset that have exploded in both popularity and value over the past year. There are many different types of cryptocurrencies in circulation today. Aside from the most well-known (and valuable) Bitcoin, there is Ethereum, Ripple, and Monero. It’s important to understand how Monero differs from the others, since it’s the primary currency being used in cryptojacking efforts.
While it may be difficult to uncover the real name behind a bitcoin address, it is certainly possible. And once that name is uncovered, a simple person search can be used to find out everything there is to know about that individual. Monero on the other hand is completely anonymous and notoriously difficult to track payments. That is why its been so widely adopted by the online black market.
Unlike traditional forms of money that print new bills to add to circulation, a specialized process know as “mining” is used to create new cryptocurrency. Without going too in-depth, the practice of mining essentially uses your computer’s processor to solve complex mathematical sequences. Once the correct solution is found, the user will be awarded a predetermined amount of cryptocurrency. In order to be successful at mining however, a massive amount of processing power is needed. This is why most miners build specialized computers and join groups of other miners to increase the power of their networks.
Cryptojacking And How It Can Affect Your Device
Contrary to it’s name, the term cryptojacking does not refer to stealing an individual’s currency. Instead, cryptojacking refers to stealing computing resources (and the electricity used to power those resources) from an individual’s computer in order to mine for cryptocurrency.
The first wide-spread instances of cryptojacking were reported back in September when Showtime and the popular torrent site The Pirate Bay were found to have injected cryptojacking code into their websites. While it’s unclear what method Showtime used, The Pirate Bay admitted to testing a new program called Coinhive in hopes of replacing their notoriously terrible ads. Essentially what this program does is turn any visiting computer into a mining tool for the host website. As a result, any Internet users browsing The Pirate Bay were subjected to an increased CPU load.
The issue with cryptojacking isn’t that websites are trying to monetize their traffic. In fact, some researchers believe this technique, in a more legitimate form, could actually help websites reduce the need for advertisements. The problem is, websites running these programs are using their visitor’s computer resources without their permission. Not only is this an invasive practice, it can also impact the lifespan of the computer itself. One researcher found that having multiple tabs opened to known cryptojacking websites easily brought the computers CPU load up to 100%. Prolonged usage at these rates can significantly reduce the lifetime of internal components. In some cases, important components can be irreversibly damaged, rendering the whole system inoperable.
How You Can Protect Yourself
Now that you’re all caught up, let’s take a look at some ways you can protect your devices. The first thing to look into would be your anti-virus software. Some of these programs, such as Malwarebytes, offer tools that can block cryptojacking scripts. If your anti-virus software doesn’t have such a tool, then you can download an extension for your browser that will do the same thing. One such example is the NoCoin extension for the Chrome browser. If extensions aren’t really your thing, you could instead download the new Opera browser. As of today, Opera’s 50th version will come standard with cryptojacking protection. Choose the option which best suits your needs and remember to always keep an eye on your computer’s performance.
Following in the footsteps of WannaCry and NotPetya, a new ransomware attack has surfaced. First discovered last week, Bad Rabbit has infected hundreds of computer systems. While the vast majority of infected systems are located in Russia, a few instances of the malware have appeared in Germany, Ukraine, Bulgaria, and Turkey. Unfortunately, the source of the attack has yet to be identified. Researchers believe BadRabbit may have originated from the creators of NotPetya. Here’s everything we know about Bad Rabbit at this point.
What We Know About Bad Rabbit
One important thing that we know about Bad Rabbit is the way in which it spreads. To start, the malicious code is uploaded onto an insecure website (the majority of websites infected with the Bad Rabbit code were Russian domains). Once a victim arrives on one of these websites, they will be prompted to download an update for Adobe Flash. Opening this fake installer will infect the user’s computer with the Bad Rabbit malware. At this point, the system will be locked and a screen will appear demanding payment of .05 bitcoin (roughly $286). If the payment is not made within 40 hours, the cost will begin to rise.
Compared to WannaCry and NotPetya before it, this new ransomware attack is relatively small. Both of the previous attacks affected hundreds of thousands of devices (especially WannaCry which infected more than 200,000 in the span of two days). In this way, Bad Rabbit is far less severe, having infecting only a few hundred devices. That being said, the threat is still out there, which means devices are still at risk of infection.
However, this is some good news. A cybersecurity researcher discovered that the data locked by Bad Rabbit may be recoverable. So even if you’ve been infected by the Bad Rabbit malware, you may be able to retrieve your data.
Are ransomware attacks keeping you up at night? Are you doing anything in particular to protect yourself from them? If so, let us know in the comment section.
It’s been a little over a year since the last major botnet, Mirai, was discovered. This particular piece of malware is responsible for infecting over 2.5 million devices over the course of a few months. The vast majority of these devices were routers and webcams running off of older versions of Linux OS. Once infected, these devices were then used en masse to perform several DDoS attacks, including one which effectively took down the internet for the majority of the US.
The Reaper Botnet Is Here
Just in time for Halloween, a far more advanced botnet has surfaced. This new botnet, fittingly referred to as Reaper, functions similarly to last year’s Mirai. Both of these botnets attempt to grow their zombie horde by targeting IoT devices. That being said, there is one major difference between these two botnets. And it just so happens to be the reason why Reaper is more dangerous.
Reaper vs. Mirai
To compare, Mirai’s method of breaking into IoT devices was through a simple (but effective) brute force attack. Essentially, Mirai’s malware would identify the manufacturer and model of a particular device and break into it using the device’s default login credentials, which can easily be found online. Reaper on the other hand operates in a much more sinister way.
Reaper assumes control by exploiting common weaknesses found in an IoT device’s (notoriously weak) security protocols. Think of a hacker breaking into a computer system or network – Reaper uses similar tactics to hack IoT devices. This, in turn, allows Reaper to possess far more devices than Mirai ever could.
To put things into perspective, Mirai took nearly 3 months to accumulate it’s peak 2.5 million IoT devices. However, Reaper was only discovered last week and has already infected close to two million IoT devices.
If you have reason to believe that your IoT devices may have become enslaved by a botnet overlord, the first thing you should do is look for any new updates or patches made available by the device’s manufacturer. If your device does not have the ability to update (as is the case with many IoT devices) your only other option may be to perform a factory reset. Note you’ll have to redo any changes you once made to your device, such as changing the login credentials.
Have you been affected by this new botnet attack? Are you concerned about the future of IoT security? Let us know in the comments below!
Most of our personal information is stored online and easily accessible in today’s digital age. Many internet users choose to save their personal information on their favorite browser — everything from account names and passwords to home addresses and phone numbers are commonly saved in this way.
Even if you choose not to save your information, chances are it’s already been recorded somewhere on your device. This could potentially lead to a serious data breach if your device is targeted by a hacker or malicious software. Luckily, there are some steps you can take in order to secure your connected devices and reduce the risk of a break-in.
Turn Off Your Bluetooth Connection When Not In Use
Many newer devices rely heavily on Bluetooth to provide a wireless connection. However, hackers are also able to utilize this connection to remotely gain access to your devices. The most effective way to combat this is to turn off your Bluetooth whenever you’re not using it (same with your Location Services). This is especially important for connected devices, such as smart TVs and e-readers, which typically do not have the same level of security as PCs and smartphones.
Aside from a lack of security, many of these devices also lack the ability to receive updates or patches to fix potential exploits. Even for devices that do have the ability to update, it can take manufacturers months to identify a particular vulnerability, let alone develop a patch to address it. For example, at the time of this article, Apple’s iPhone operating system, iOS, has received a massive patch to address a malicious Bluetooth hack, while Google is still in the process of developing a fix for their mobile devices.
That particular Bluetooth vulnerability is known as the BlueBorne hack. When Bluetooth is turned on, the device is constantly open, trying to find other Bluetooth enabled devices to connect itself with. The BlueBorne hack takes advantage of this behavior by disguising itself as a Bluetooth enabled device seeking to make a connection. Once a connection has been established with another device, it begins to scan for potential vulnerabilities.
These vulnerabilities can be present in outdated operating systems or in a device that lacks security features altogether (which is the case for many of these devices). Once an access point has been established, the hacker can remotely control the device, even if it already has an established connection. At this point, the hacker will be able to extract any information that’s been entered or stored on the device. If the hacked device happens to be a smart phone, there’s no limit to the amount of personal information the hacker can extract.
There is some good news, however. The BlueBorne hack, as well as any other Bluetooth-related vulnerability, will require close proximity to the device in order to access it (roughly 35 feet for most Bluetooth devices). This means the connected devices in your home are more or less safe from intrusion. That being said, any connected device that you take with you outside of your home may be at risk, especially if you find yourself in crowded, public areas.
The key takeaways here are to make sure your connected devices are always updated to their latest version (if possible) and to ensure that your Bluetooth connection is turned off while it’s not in use. In doing so, you can better protect yourself against Bluetooth intrusions.
Change The Password On Your Router And Any Connected Devices
Most internet users know about the need for security features, such as firewalls, anti-malware software, and virus scans, but few people ever go the extra mile and change the default login credentials on their routers. What most people don’t know is that this is one of the most important steps you can take to protect all the devices connected to your Wi-Fi network.
By not changing the login information on your router, you’re putting the entire computer network at serious risk. This is because it gives potential hackers an easy way to bypass any security protocols your system may have. For most updated devices, breaking through these security protocols is a difficult and time-consuming task. On the other hand, if you’re one of the many people that never change the default login credentials on your router, it can be as easy as typing in a username and password to break into your network and extract any data flowing in or out of your network.
This same rule applies to any connected devices you may have. Just like routers, many consumers don’t know about the security risks associated with leaving the default login credentials unchanged. This rule is perhaps even more of a necessity when it comes to connected devices, due to the prevalence of botnets.
The term “botnet” is used to describe a collection of devices infected with a specific malicious software that allows a single source to control the actions of each infected device at the same time. Connected devices are commonly targeted by this malware because the default login credentials can easily be found online. Once a large enough network of botnets has been established, the hacker can then use the network to perform distributed denial of service (DDoS) attacks on websites and servers alike. In addition to this, these connected devices have little to no onboard security, making the login screen the only thing stopping potential hackers from breaking into them.
While there are different ways in which you can secure your personal devices and information, following these simple tips provide a good starting point. Remember, if you’re proactive about the security on all of your internet enabled devices, you can protect yourself from the majority of hackers.
Are you one of the few people who are already following these tips? Are there any other ways in which you have secured your own devices and data? Let us know in the comments section!
Update (11/16/2017): Armis, a cyber security firm which specializes in protecting IoT devices, released a report today which revealed a total number of 20 million Amazon Echo & Google Home devices were made vulnerable to the Blueborne attack. Both Amazon & Google have since patched out these vulnerabilities on their respective devices. These devices also auto-update by default, so if you do happen to own one of these devices, chances are you’re in the clear.
When trusting your devices with important data and files, you never expect that something will happen to them. The sad truth is that every day, all over the world people are experiencing malware attacks that threaten the security of their computers, cell phones, and tablets (and the precious data they contain). There are many more types of malware than most people realize, so it’s important to be informed in order to protect your devices.
Here are 9 types of malware that may put your computer data at risk:
This is the most widely-known type of malware, which is what reviews of antivirus software tend to target. However, not everyone knows exactly what a virus entails. A virus is a code that is attached to a piece of software. It’s easily spread and replicates itself just like a human virus, contracted by file or software sharing (often via email).
Trojans are the most dangerous type of malware, because their end goal is to steal your financial information by taking control of your device. In a larger system, this can result in a denial-of-service attack, meaning the system itself is down to users. This is a huge threat to businesses.
One of the more obvious malwares is the spyware, since it does exactly what its title suggests. It spies on your computer activities and logs them in order to target you, usually with advertisements.
A keylogger records everything you type in order to collect your username and password data. This is often one of the first steps in hacking a specific user because it does not require guesswork or backdoor methods to get into your private information.
When your computer is infected with ransomware, you will be unable to access your computer or the data within. It holds your device hostage and typically will request that you pay the hacker money to regain control.
Adware targets advertisements at you that are unwarranted. This is usually done by first using spyware to see which ads will be most effective for the hacker to use against you.
Worms are aptly named, since they are programs that will duplicate themselves and then proceed to “eat” away at your data and computer programs. They won’t stop until your drive is completely empty and you have lost all your data.
Backdoors are malware programs that create a weakness in your computer security to allow for other types of malware or hackers themselves to gain access to your system.
Now that you know all about the different kinds of malware, you can choose a security or antivirus software that works for you to protect yourself. If you suspect you may already have been the target of a malware attack, check out our related post: 6 Symptoms Of An Infected Computer
These days, almost all men, women, and even many children have cell phones. They are excellent for communication purposes like staying in touch with friends or contacting someone in case of an emergency. However, in recent years the shift has been made from simply a communication tool to a necessary gadget used to keep people occupied and organize their lives. What many people don’t think about is that the smartphone is not a simple mobile device any longer. It’s a miniature computer, which means it’s just as susceptible to scams, viruses, and hacking as a PC. Smartphone scams are a scary new way of interfering with the lives of the masses, so it’s important to stay vigilant of the risks.
Here are 3 smartphone scams everyone should beware of:
1. Fake text messages
If you receive a text from a number you don’t recognize and you don’t remember signing up for anything, don’t open it! Don’t click on the attached links, don’t respond to it, and certainly don’t send them any sensitive information. Sometimes simply opening the attached link can crash your phone’s entire system. Furthermore, some hackers will try to gain access to your accounts by claiming to be your bank and ask for private details like your password, pin number, account number, or social security number. This kind of communication will never occur through text message, so be sure to call your bank’s customer service line directly to report it.
2. One-ring scam
These types of smartphone scams are clever. Crooks program their calling systems to disconnect or jump to your voicemail after only one ring. This makes it nearly impossible for you to answer in time, piquing your curiosity when you see a missed call or get a voicemail from an unknown number.
Do not call it back! This is a scam to get you to call back international numbers that will charge you ridiculously high fees. If you do happen to fall for this trap, be sure to keep an eye on your phone bill for strange charges. If you are unsure of who is calling you, use a people search service like Kiwi Searches to input the number and receive detailed information about who they are before jumping to return the call. It’s better to be safe than sorry.
Smartphones allow you to surf the internet anywhere at any time. This is an amazing advancement in technology, but if you aren’t careful it can also be a major source of strife. Clicking on suspicious or unfamiliar ads or links can result in viruses being uploaded to your phone that will enable hackers to take over your device. You will receive a popup that says your device has been rendered inactive unless you pay a fee to the thieves to unlock it and get your data back. These smartphone scams in particular are easily preventable, though, by conducting a search for mobile security software reviews and installing a program that will effectively protect your device.
Your phone (and the data within) is far too valuable to risk. Take every precaution to ensure you and your personal information are always safe from harm. Even the apps you download can contain malware and viruses, so to stay alert be sure to visit our related post: How Do You Know If An App Is A Scam?
With the rise of smartphones came an increasing need for customization. This came in the form of mobile apps that allow you to add functionality to your device. From to-do lists to games to streaming services, there are millions of apps to choose from. However, not all apps are made equally, and neither are their creators. Many apps are created with malicious intentions that will hack into your phone or even contain viruses to render it unusable. But how do you know if an app is a scam?
Here are 5 tips for mobile app predator prevention:
1. Do your research
Google is at your service! Look up the name of the app and any other information that the app store tells you to find out some background information on it. Especially check out the software reviews, because if someone had a negative experience they will be sure to post about it all over the web.
2. Look into the developer
Another important piece of information you can discover through the app store is the name of the app’s developer. Some developers will be accredited by the app store with a badge appearing next to their name. Click on the developer and do research on them to see what other apps they have created (if any) and if they have a reputable, professional website or social media presence. If you’re able to get any personal information, like their name or company phone number, you can use a service like Kiwi Searches to get more details about their criminal record to ensure their intentions are good.
3. Check permission requirements
When you click on the app you want within the app store, the description will also include a list of the permissions requested from your phone. Some apps will require access to your contacts, messages, call history, or other secure information. If it seems irrelevant to the function of the app, be wary. The more apps that have access to your information, the more likely you are to be scammed and have your data stolen.
4. Download security software
Security and antivirus software isn’t only for desktop and laptop computers. Phones themselves are miniature, portable computers that also need protecting. The best way to avoid app scams is to look at security software reviews to find an app to protect your device and alert you of potential scams when downloading other apps to your phone. The peace of mind it will afford you is almost as valuable as the protection it provides to your device.
5. Only use credible sources
There are two main sources of mobile apps: the Google Play Store and the App Store, for Android and iPhone devices respectively, which are the two most popular devices for app users. If you download an app from any other resource or online site, you run the risk of accidentally programming malware, ransomware, or spyware into your cell phone instead of the intended application.
Remember to always listen to your gut when it comes to your findings. No one is safe from hackers or viruses. These scary takeovers of our devices risk our data and potentially even our lives. Take caution when downloading apps to your phone and follow our advice for making smart decisions during the process.
Cash transactions are becoming more and more obsolete with time. An increasing number of retailers are beginning to accept digital payments like Apple Pay or credit cards with chip technology and are stocking their registers as minimally as possible. This is done for convenience as well as concern for health. CNN reported recently that there are 100+ different types of bacteria swarming all over the currency circulating New York City alone. Imagine how much more can be found throughout the state, country, or even world? It’s unsanitary and the reason food handlers have requirements for wearing and changing their gloves during cash transactions.
Consumers realize this. It’s a major source of the switch from physical bills to digital payments. Of course, it’s also so much easier to carry your wallet around on your phone. For men and women alike, carrying around cash is bulky and irritating to deal with. Minimalism is the new trend, including reduction of personal items on your actual person. Especially for travelers, this is the safest way, since cash is easier to steal and makes you more of a target for thieves and scammers.
Digital funds have even taken over the personal transaction market, with apps like Venmo that allow you to instantly transfer money from your bank account or Venmo reserve to friends via only your mobile device. No need for cash, a credit card to upload funds, or even to meet in person. You can send money to someone that lives halfway around the world in an instant if you want or need to.
Now, Venmo is expanding its reach by venturing into the retail environment. Soon, users everywhere will be able to use a Venmo debit card in their favorite stores. This practice will use your reserve of Venmo funds as if Venmo itself is your bank. This way, if a friend pays you through the app, instead of having to transfer the money back into your bank account or use it to pay someone else in the future, you can use your debit card to make a transaction directly from your account.
How else do digital transactions protect us?
When your funds are entirely digital, it’s not only easier to spend money, but it’s easier to keep track of your payments. There are apps to track your spending, like Mint or GoodBudget, as well as financial planning software you can download to your computer. They will even analyze the data for you to help you spend and budget most efficiently. Look around to find the best program for you. Check out reviews of Intuit Quickbooks, for example, before taking the plunge. Many of these softwares are for the business owner and individual alike.
Although digital currency like Bitcoin has done extremely well in terms of its value over the past few years, it has yet to catch on as the popular mode of spending (although its use is widely accepted by online retailers and marketplaces). However, given the trend towards digitizing our purchasing power, there’s no doubt that we will see an entirely computerized world–money and all.
Digital wallets are the most effective method of spending while traveling, too, for safety purposes. If you’re interested in learning more about protecting yourself and your devices from theft while on vacation, check out our related post: 6 Safety Tips For The Tech-Savvy Traveler