Beware of all this...(Cyber security)

 Don’t be lazy, stop saving your card details

Stop saving your card details on your online accounts.
Don’t save them for your cloud provider, don’t save them for your favorite ecommerce retailer, don’t save them anywhere.
No cards saved on any account, no matter how small or insignificant or secure you might consider it.
If you want to buy something online, take your time and fill in the credit card details every single time.
Yes, it’s a pain in the… fingertips. But it’s worth it to lose 30 seconds and do this manually each time you want to buy something.
The lazy alternative also comes with a high risk of card fraud. You can never know who manages to breach your account (no matter who’s at fault for it) and end up using your card.

 Beware of adware


Adware is a type of software that delivers ads on your system.
Usually, these pop-up ads appear like annoying pop-up ads or banners while visiting websites. And they can also slow down your computer.
Adware comes in “bundle” versions with other applications.
Most types of adware are not dangerous, maybe a bit annoying since they deliver pop-up ads while visiting a website.
But there is another dangerous form of adware that delivers spyware, which can track down your activity and retrieve sensitive information.
How to protect against it: don’t download software from unsafe websites and pay attention to software that comes bundled.
If you’re already infected, this clean-up guide can come in handy.

How exploit kits work (graphic)


You may have heard the term before, as more and more cyber criminals use these tools in their attacks.
Exploit kits (EKs) are computer programs designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities).
Online criminals use them to gain access into a system or a network.
Exploit kits are extremely versatile and easy to use, which is why attackers of all ranges have access to them. EKs can download malicious files and feed the attacked system with malicious code after infiltrating it.
Shortly, here is how they work:
how angler exploit kit works

Types of malware you can find in the wild (wild Internet)


You probably wondered at least once how many types of malware (malicious software) are there and how they differ from one another.
Here’s a super quick overview:
Adware – delivers bad ads and can infect your computer with additional malware.
Bots – malicious code engineered to perform specific tasks. They can be both harmless and malicious.
Bug – cyber security bugs (flaw in software) open up security holes in computer systems that cyber criminals can take advantage of. In this context, bugs can allow attackers to gain access to a system and do irreparable damage.
Ransomware – a type of malware that encrypts the victim’s data and demands a ransom in order to provide the decryption key. More info on how to protect yourself against it.
Rootkit – a type of malicious software (but not always) which gives the attackers privileged access to a computer. A rootkit is activated before the operating system boots up, so antivirus can’t detect it.
Spyware – a type of malware that will spy on your activity (browsing habits, keystrokes, financial data, etc.) and send the information to servers controlled by cyber criminals.
Trojan Horse – malware that’s able to disguise itself as a normal file, to trick victims into downloading and installing more malware on their devices.
Virus – a form of malware that can copy itself so it can spread to other computers. Viruses attach themselves to other computer programs and execute malicious commands when the victim uses those compromised programs. Thus, viruses rely on the victim’s activity to spread.
Worm – a type of malware that exploits security holes in operating systems. Worms use the infected system’s resources and self-replicate. They spread independently, without requiring the victim to do anything.
Here’s a more in-depth read about the main types of malwarep

Your one-page anti-ransomware checklist


Worried about the dangers of ransomware?
I put together a one-page anti-ransomware checklist so you can make sure you have all the right safeguards in place.
Download it, use it and share it with whoever you think needs it.

 The 3 fundamental infosec principles

Although a general term, information security (or infosec) is a practice with a very clear goal: to protect information from:
  • unauthorized access
  • unauthorized use
  • unauthorized disclosure
  • disruption
  • unauthorized modification
  • unauthorized perusal
  • unauthorized inspection
  • unauthorized recording
  • destruction.
The CIA triad of confidentialityintegrity, and availability is fundamental information security. What this means:
Confidentiality – information should not be made available or disclosed to unauthorized individuals, entities, or processes.
Integrity – information should not be modified in an unauthorized or undetected manner. The data should remain accurate and complete from sender to receiver.
Availability – information should be readily available when needed.
In order for all these principles to be respected, so you can use and enjoy your data at all times, proper safeguards must be implemented.
Venn diagram - infosec principles - Confidentiality, integrity and availability

 Cyber security myth busters


Myth: In case I get infected, I will definitely notice it.
Truth: Well, don’t be so sure about this.
In the past, when a computer started running slow and pop-ups appeared all over the screen, maybe you could tell. But today, cyber criminal methods have evolved and increased their efficiency.
In most cases, a normal user can’t tell if their system is involved in spam campaigns or coordinated online attacks.
Current malware is built to be undetectable and untraceable by antivirus products, retrieving private information without the victims noticing.
Designed to evade normal detection systems and working in the background, the latest data-stealing malware harvests private data like credit card details and account logins without leaving visual evidence.
But you’re already applying these tips, so you’re well on your way to better online security!

What a botnet actually is (graphic)


As you’ve read in the tip about different types of malware, a botnet is also a kind of malicious software.
More specifically, a botnet is a network of infected computers that communicate with each other in order to perform the same malicious actions.
These actions can vary from launching spam campaigns or phishing attacks, to distributed denial-of-service attacks.
The network can be controlled remotely by online criminals to serve their interests. At the same time, this allows the cyber criminals to avoid detection or legal actions by law agencies. (A detailed intro to botnets is available here.)
Shortly, here’s how a botnet is created:
How botnets are created and operate

How antivirus works


Have you ever wondered how a traditional antivirus works? Here’s how:
Real-time scanning – your antivirus should include this option which checks every executable program you open against known types of malware. Antivirus also looks at different types of behavior in the program to see if there’s anything potentially malicious about it.
Full system scan – this is useful to check if any of the programs you already have installed is malicious or includes malware. Or you can use this scan to do a computer clean-up and rid your system of malware.
Virus definitions – these are the main way an antivirus solution identifies and stops malware. These definitions pertain to different types of known malware. If a program or file on your PC matches one of these definitions, your AV will quarantine it to stop it from spreading.
Unfortunately, antivirus is not enough to protect your data and you should read why that happens.

How your online accounts are connected


Have you ever thought of how your online accounts are interconnected?
You may think that cyber criminals could never find your data appealing, but let me show you the truth.
How your online accounts are interconnected
Your email holds crucial information about all your accounts, plus confidential information about your work and personal life.
Your Facebook account or other social media profiles host details about your preferences, your friends and family, the places you’ve been, etc.
If someone accessed your Amazon account, they’d learn about the stuff you bought, your wishlist, your shipping address and even your credit card details.
And the list goes on and on and on.
Are you sure that your data is not valuable? Because cyber criminals can definitely find a thousand ways to use it and make money from it.

Why you should never, EVER reuse passwords


I hope you can take the time to think about how your online accounts are interconnected.
Now think what would happen if an online criminal would find out the password of one of your accounts, Facebook let’s say.
Do you use that password anywhere else?
If you do, the attackers will use your email address (which they already have and try to see if you’ve set up accounts with the same credentials.
How many accounts would the attacker be able to access?
What kind of information could be stolen or compromised?
Too few people really understand the dangers of password reuse. Apparently, not even Mark Zuckerberg is careful about his password security.
Waves of attacks are often fueled by weak credentials which are easily compromised, like the TeamViewer case.
And if you ever reuse your online banking password, well… you won’t enjoy the consequences.
Promise yourself, here and now, that you’ll always use unique, strong passwords for every account. If you need help in doing so, this guide is your go-to solution.

Manage your Google Voice & Audio activity


Did you know that Google saves a recording of your voice and other audio to your Google Account?
Google does this to learn the sound of your voice so you can use features like voice search (activated with „Ok Google”).
But if you’d rather keep your privacy, here’s what to do to delete your voice recordings that Google has:
Delete items one at time
  1. Visit the Voice & Audio Activity page. You may be asked to sign in to your Google Account.
  2. Check the box next to the items you want to delete.
  3. At the top of the page, select Delete.
Delete all items at once
  1. Visit the Voice & Audio Activity page. You may be asked to sign in to your Google Account.
  2. In the top right corner, select More > Delete options > Advanced.
  3. Choose Select date > All time > Delete > Delete.
More info on this here.

The best encrypted messaging apps


Encryption is a trending subject right now, although not everyone understands its applications or benefits just yet.
But since the Snowden leaks, interest has definitely spiked for messaging apps that are safer from cyber criminals and even government monitoring.
If you’re interested in the available options, I put together a list of the best encrypted messaging apps available at the moment.
Our recommendation is you give them a try and see what fits your needs best.
For business users, we also recommend you check out this extensive article that covers the pros and cons of the best business messaging apps out there.

Check these security elements on your online banking website


You probably hear a lot about financial malware.
If you haven’t, you should read about it and know that it can use many insidious tactics to trick you.
Here are some of the elements you should check before making an online transaction, to ensure that you cyber criminals don’t steal your card details:
1. Check is the website uses encryption (the padlock symbol) and uses https. This means you data is transmitted safely to and from the bank’s servers.
2. Check if the URL is correct and doesn’t include any typos. If you’re unsure of how the official website looks like (it may be your first time), do a quick Google search and verify the information.
3. Check if there are any unusual or extra fields added to your usual login steps. No bank will ever ask you for your address or card number or, worse, for your PIN in the login process. If you see anything out of place, leave the website, contact the bank and see how you can safely conclude the transaction.
4. Check if the logo and other elements are fuzzy, because sometimes cyber criminals use elements they can find on the web to mimic the appearance of a legitimate online banking website. Do a Google search of the official websites and compare them. If you find something strange, contact the bank and report it.
online banking
Additionally, you can check the footer of the website and see if there is any legitimate information on the bank, such as company details, locations and so on. The more information, written professionally and that can be verified, the safer you’ll know you are.
Some red flags you may have noticed are:
  • The sender address (GoDaddy is a website hosting company, so it’s an obvious scam)
  • The attachment with the weird name(banks and other financial services, such as Paypal, never send attached documents; they require you log into your account to download them)
  • The attachment format: HTML – this clearly leads to an online destination. Never click on these if you spot a similar scam! The phishers probably used an HTML attachment because people have learnt that clicking on weird links in emails is a very, very bad idea.
  • The lack of an official signature at the end of the email (although sometimes cyber attackers can fake those as well).

5 key cyber security trends explained by a top expert


There are a few key trends in the cyber security world that impact all of us, as users.
1. Nation states may be robbing banks.
It’s a known fact that nation states often create malware, especially for cyber espionage, but things may be a bit more complicated than we realize. The full article will set the proper context for this one.
2. Ransomware is not going away.
The technology associated with ransomware keeps evolving, as cyber criminals incorporate new tactics.
These apply to both technical aspects and the social engineering tricks played by attackers to lure potential victims.
3. Cyber crime as a business is growing.
Online attackers are making big money off ransomware and other financial malware, but not only that.
They’re building what you could call “business empires”, complete with teams of developers, a business strategy and the skills to implement it.
4. Poor passwords are still a pain
Although cyber security specialists have been saying this for years, users continue to use weak passwords and, what’s worse, reuse them. This creates huge problems, especially in the event of a data breach.
Cyber criminals only have to try and see if those users have reused their passwords to gain control of millions of accounts.
I really hope you don’t do this.
5. Cyber crime empires are bigger than you can imagine
Although no one can accurately and fully track all the money cyber criminals are making, their transactions amount to astounding sums!
If these cyber crime-as-a-business enterprises would be legitimate, they would be HUGE!
This wasn’t exactly a short tip, but you should read the entire thing to realize the extent of the problem we’re all dealing with.

Drive-by attacks – getting infected without knowing


Drive-by attacks have to be one of the worst things that can happen to an Internet user.
Definition:
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system.
A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
Example:
You’re surfing your favorite news website. On it, there’s an online ad you don’t even notice. What you don’t know is that the ad is infected with malware.
Without you even clicking or hovering your mouse over it, the malware in the ad will scan your system for security holes. If it finds one, it will exploit it to gain access into your PC and create further damage.
And you’ll never know this is happening.
Protection tips include keeping your software up to date, using both reactive (antivirus) and proactive (traffic filtering) protection and hardening your browsers against cyber threats.

Cyber Security Tip #107: Review every device where you logged in to your Facebook account


Got a couple of minutes?
Here’s a quick tip on how to check every device (mobile phone, browser, etc) where you logged in to your Facebook account.
Open your Facebook account, go to Settings, click on the Security tab (it’s the second one) and review these two fields:
Your Browsers and Apps – From here you can check all the web browsers and apps you saved in order to access your Facebook account without (re)confirming your identity. Don’t recognize one of them or you don’t use them anymore? Disconnect them immediately. Keeping them active only makes you vulnerable.
Where You’re Logged In – Use it together with the previous feature to review your logged-in status. End activity for any device or place that doesn’t look familiar. Also make sure you remove any devices that you don’t use anymore, such as the ones used in former workplaces or ex mobile phones.

Was your account was involved in a data breach? What to do about it

The odds are against us when it comes to data breaches. Most likely than ever, one of our accounts will be breached. And it doesn’t even have to be our fault, as history proved.
In May 2016, a cluster of mega data breaches was dissected in the media.More than 642 million social accounts were compromised – and it happened in less than two weeks.
LinkedIn, MySpace, Amazon, Twitter, Badoo – they were all affected, more or less directly.
Here’s what you should do in order to reduce the damage:
  1. Keep calm and change your password. I’m talking about the password for the hacked account – log in as soon as you find out about the breach. Change the password, make sure you set up a new, strong and unique one.
  2. Activate two-factor authentication, if the hacked service offers you this option. It will act as a second layer of protection, besides the initial password. Every time you’ll want to log in from a new device or browser, it will request you to authenticate using a second pass code, that’s unique and time sensitive. You’ll receive that one on your mobile phone – via a special app or text message.
  3. In case you were reusing the initial password, will you please stop doing that? Connect to all your other accounts and change their passwords. Start with the email account that was linked to the hacked account. Repeat the previous steps (new, strong and unique password, and activate two-factor authentication).
 Stop and check before you click on that

Clicking on links that you have no idea where they’ll take you? Not a bright idea.
I don’t care if you received that shortlink from your boss, your life partner, your favorite band or your mother (or at least so you may believe).
If you don’t want to end up in a phishing or malware trap, check it first.
Check it safely: you can use a service that shows you where that link redirects you to, or you can choose one that remotely takes screenshots of the website.

Comments

Post a Comment

Popular posts from this blog

Cyber Security Tips for Students and there parents

Cyber security should start at a young age. Kids are using cell phones, playing video games, streaming music, paying for things with credit cards and engaging with smart technology as young as toddlers (and they are just as susceptible as their parents). In fact, the   National Cyber Security Alliance (NCSA) reports that   kids ages 8-18 spend 7 hours and 38 minutes per day online . That’s nearly 1/3 of their day! This is why it’s vital for younger generations to stay informed and guarded against digital dangers as well. Get them started on the right foot  – Before unboxing or passing down a device to them, set it up with all the security settings and parental controls to ensure they aren’t opening up a can of worms when they power up. Even playing field for parents and kids  – Share that the adults are following the same rules. This will make them feel they are not being punished or called out for having to adhere to special guidelines. Think before you clic...
Read more

Understanding firewall

What do firewalls do? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary network traffic and preventing malicious software from accessing the network. Firewalls can be configured to block data from certain locations or applications while allowing relevant and necessary data through. (See  Understanding Denial-of-Service Attacks  and  Understanding Hidden Threats: Rootkits and Botnets  for more information.) What type of firewall is best? There are various types of firewalls with differences in where they are located and what types of activity they control. Firewalls may be broadly categorized as hardware or software. While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use. Hardware  – Typically called network firewalls, these external devices are positioned between your computer and the Internet (or o...
Read more