For those using the on-line password manager 'Lastpass'; if you are not already aware, they have doubled their annual subscription for Premium users to $28 [£21.47]. - GITS
Printable View
For those using the on-line password manager 'Lastpass'; if you are not already aware, they have doubled their annual subscription for Premium users to $28 [£21.47]. - GITS
Facebook has got your number even if it is not your number.
I may be a bit late with this as it headlined a few weeks ago however it may help somebody, if you already aware forgive duplication, personal security refers.
https://nakedsecurity.sophos.com/201...t-your-number/
What's Facebook
Introduction to Cyber Security: Stay Safe Online by The Open University [Kindle] - FREE @ Amazon
just in case anybody is worried
Whats Amazon?...
Thought it was a riverQuote:
Originally Posted by LightOrder
No thats Argos which runs between the 'Fat Cats' and the 'Profiteers'Quote:
Originally Posted by welchboy
'Power-Point' users watch for this, specially if involved with any of these set-ups. "Threat actors are leveraging malicious PowerPoint files and a recently patched Microsoft Office vulnerability to target UN agencies, foreign ministries, international organizations, and entities interacting with international governments."
http://www.securityweek.com/targeted...lware-delivery
The bearer of bad news again : For those of you with Bluetooth devices (ie pretty much everyone!) please note the risk of remote malware infection/device hijack/data theft using Blueborne (some kind of weird homage to 2 Sqn, RAF Regt?) which is a vulnerability in the underlying protocol stack in Bluetooth - pretty serious as it affects billions of devices worldwide including smart TVs, smart watches, smart TV's, Bluetooth speakers, Bluetooth car audio systems, etc, etc, etc.... Check
https://www.armis.com/blueborne/
for more details re updates for Apple, Microsoft, Android, Linux - most major items addressed but many Internet of Things (IoT) things (smart fridge anyone?) have built-in Linux appliances which may not be able to be updated...Best advice, if you can, turn Bluetooth off when not actually in beneficial use. 💀
More than two million people who downloaded security software CCleaner have been infected by malware on their computers, its developers have confirmed.
Piriform, the company behind the software, said on its website that a new version of the app had been tampered with before being released.
The malicious code was added to the legitimate code for CCleaner, which allows users to wipe unwanted files from their hard-drives, and could have allowed hackers to take over the devices of 2.27 million people.
More bad news I am afraid, Equifax, the credit checking agency has been hacked as well, if you have an account with them it is suggested that you change your password or if you have any dealings with financial organizations [like most of us have ] you may be on their data base so keep an eye on your financial dealings.
"Heads up" again Chaps, seems to be a lot of this '****' about this week, there is a 'Ransom Ware' scam coming up to watch out for, as usual I wont post any links here as thats how the bad guys get in.
Suggest watch out for e-mails from or containing 'Herbalife' within, Googe for more info.
On a bright note and not to detract from the thrust of the matter:
What do you do if you are attacked by a circus mob?
Go for the juggler. 🤣
and an even brighter note: Why does it take pirates so long to learn the alphabet?
Because they spend years at "C". :)
Both these credited to 'Cortana'
Netflix scam
Another “pain in the undercarriage” guys, but we all know not to click on links in
e-mails by now, so just one to watch out for.
“Netflix users are receiving phishing emails in their inboxes.
This Netflix scam is convincing. It's easy to get fooled by these phishing emails. The sender of the email is SupportNetflix.
There's a support phone number too.
The fraudulent messages can look official to the untrained eye but they are actually spoofed by cybercriminals.”
Once again it’s out on the web if you really need to know more, as usual no links to click on here for the obvious reason.
Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments
Another one for Apple users (the once 'impregnable' Apple!), hackers have compromised some Apple accounts (likely on non-Apple web sites) passwords have then been used to lock people out of their Macs, see macrumors.com for more info; as usual I WONT paste links on here for the obvious reason.
Suggest two-factor-authentication mechanism or use complex passwords and use a different one for each account to alleviate this.
Posting under the banner of ‘Internet security , I thought these web sites and info might help with safety when navigating the Cyber Frontier.
Submit any downloads to virustotal.com which uses 50-odd antivirus packages to check for malware (file size caps at 150MB)
For the more paranoid (or on critical systems) also look for hashes in any downloaded software and validate the hashes against those advertised on the source web site in case anyone's hacked the download file web page.
For websites, VT has a good URL checker but the one on URLVoid.com can also do IP address etc lookups.
These sites are all operated and maintained by security threat researchers who spend their lives doing this kind of stuff.
Also safeweb.norton.com enables you to submit a website’s URL to see if there are any Security issues.
Self-evidently it is NOT appropriate to upload sensitive documents to any Internet web sites!
As you are aware it is normally my policy NOT to post any links here for the obvious reasons, so suggest you Google the above sites for access.
Apple Users
If you are on iOS 11 [not sure about iOS 10] the latest security thinking is to disable “Allow Siri when locked”, you can do this in Settings – Siri - Allow Siri when locked, on phones, tablets and pods.
The reason for this is that anyone picking up one of these devices could activate Siri without the passcode and get into all your ‘stuff’, i.e. contacts, files and other Apps.
You are especially vulnerable if you have not calibrated your voice to your device, as any voice could activate Siri.
this is highlighted in the new Dan Brown bookQuote:
Originally Posted by LightOrder
Good to see Dan is "ahead of the game", I thought this was a recent observation , good stuff!
Mechanical keyboard maker accused of keylogging as customers examine software
Reports have surfaced that software supplied with MantisTek's GK2 mechanical keyboard is keylogging input and transmitting the data online in plain text. This data is supposedly collected and used by a customer of Alibaba Cloud [China].
Check out Digital trends November 6, 2017 - or currently on finance.yahoo.com under the above heading.
Just saw this and whist it relates to government departments surly the warning ⚠️ should apply to public users of their system The Government has been warned by Britain's main cyber security agency not to use Russian anti-virus software.Bit worrying as well is the fact that our government departments are having to use cyber security from foreign countries surly GCHQ can write a programme
Quote:
Originally Posted by jones20
Barclays Bank now pulled it as a freebie to their customers take heed those that use it
iOS 11.2 Update just released.
Mc Afee is a good alternative to the Russian stuff and its free with most BT broadband packages, also the "built in" one in Windows 10 seems to do the job, although it might not have all the "Bells & Whistles".
Even if you are using Kaspersky and unless you are doing somthing tricky [Sensitive] on your machine you should be ok, I should think their targets would be the big corporates or Government departments, change when your subscriptions runs out.
if you do your banking online I would think that’s good enough reason to change it like every other institution that takes your money they are very reluctant to give it back,if you are a Barclays customer and have been told they are withdrawing it I would have thought that they have send a message to use a different security as well therefore if money is taken guess what they are going to say.But As Lightorder says doubt they would be after small fish like us
If you bank with HSBC McAfee is free for a year but at the end of the year just use a different email address to download it free again
Conservative MP Nadine Dorries is being told to 'get your house in order' after admitting she shares login passwords with staff, including temporary interns.
What hope does joe blogs have this is what people who run the country are doing
Ideal target for 'Harry Hacker'
Dozens of laptop models sold by HP contain built-in "keylogging" technology that stores everything users type, researchers have warned.
The records of what users type on the keyboard were stored in plain text on the computers, meaning anyone with access to them could read messages, passwords, web searches and credit card numbers if they knew where to look.
HP issued a fix for some of the affected models on Thursday night and promised another for the rest of the devices would be released today.
iPhone users - Not desparate if you keep your mobile with you and look after it, but be aware there is a device out there that can Allegedly
crack iPhone/Pad passwords.
LINK VERIFIED - https://www.macworld.com/article/326...-yourself.html
"Lets be careful out there", Link verified
https://youtu.be/vwbKYcBdVyk
Those of you with Android phones would do well to watch for a scam doing the rounds telling you your battery's a bit flaky and to download a tool to sort the issue - if you see such a pop-up RESTART your phone, do NOT click either option on the pop-up as either will install malware – LINK VERFIED
https://www.scmagazine.com/60000-and...rticle/775634/
For the Guys with Apple devices...Patch releases...[LINK VERIFIED]
https://www.scmagazine.com/apple-pat...rticle/779699/
Google Chrome starts telling users huge numbers of sites are 'not secure' after latest update
A couple of new threats to watch out for if it effects you, links verified.
For you artistic types, please note some critical Photoshop patches
Patch time! Adobe issues unexpected ‘critical’ fix for Photoshop CC
https://nakedsecurity.sophos.com/2018/08/23/patch-time-adobe-issues-unexpected-critical-fix-for-photoshop-cc/
for those working in the defence sector, watch out for PDF attachments to emails, apparently targeted attacks ('phishing') per
Latest Turla backdoor leverages email PDF attachments as C&C mechanism
https://medium.com/@anastasisvasilei...m-7ca89a66c8c8
Facebook has suffered an attack that exposed 50 million people's personal accounts, the company has admitted.
A vulnerability in the social network's code meant that hackers could take over people's log-ins and see their most private information, the company said. It said that it was "sorry" the potential breach had occurred.
A couple of new threats to watch out, links verified, Microsoft W10 & Ios 12 updates
https://www.bbc.co.uk/news/technology-45784482
https://www.scmagazine.com/home/news...phone-features
I'm sure no one on this group would ever view porn but 'if you know someone that does' they might like to be aware of a scam which uses compromised email addresses, from various hacks, to convince people they've been videoed watching porn when in fact the passwords being shown are from these hacks and there's no comprise of their PCs/laptops/etc - might be worth considering. Check the story at
SC MediaSC Media
Sextortion plot uses public breach data to trick victims into thinking they were hacked | SC Media
Two research reports are providing details on an ongoing "sextortion" scam in which malicious actors use publicly available lists of breached email addresses and passwords to contact victims and then blackmail them with claims that they were caught viewing pornographic materials.
https://www.scmagazine.com/home/security-news/sextortion-plot-uses-public-breach-data-to-trick-victims-into-thinking-they-were-hacked/
Link verified
A TERRIFYINGLY convincing scam is targeting iPhone users with fake websites.
Hackers can create web addresses that look identical to actual websites – but these phoney mock-ups are designed to steal your passwords.
The scam is known as an IDN homograph attack.
It’s when someone registers a web domain that uses special Unicode text characters – with look like normal letters.
Gadget makers regularly tweak their devices to stop this from happening, but people using older versions of software can be caught out.