Monthly Archives: February 2017
Here we go again. Right on the heels of the latest revelations from the Yahoo hack, another popular web company has been seriously compromised.
Cloudfare, a popular web performance and security company, is the newest addition. Over 5.5 million websites who use Cloudflare, including Fitbit, Uber, OkCupid, Medium, and Yelp, may have been compromised.
If you have or had accounts on Fitbit, Uber, OkCupid, Medium, or Yelp, you should probably change your passwords. In a blog postthe web performance and security company Cloudflare said it had fixed a critical bug discovered over the weekend that had been leaking sensitive information such as website passwords in plain text from September 2016 to February 2017.
What should you do?
1: Change your passwords and make them very strong. Consider using a password manager like LastPass to create a long, random string of characters for every online account.
2: Where possible – enable two-factor authentication. Two-factor authentication requires a code sent to your mobile phone, in addition to your password.
3: While you’re at it, add a PIN to your phone number account.
A dedicated Hacker can bypass two-factor authentication by providing your name and the last four digits of your social security number to your mobile carrier. Simply call the customer care number at your mobile provider/carrier to enable this feature.
There’s a list available of all the websites identified so far if you want to see if you might be at risk. See the link at the end of this article. There’s also a list of many potentially affected IOS apps as well.
Thanks to BuzzFeedNews for this very relevant information.
List of Websites available here: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
IOS Apps potentially affected: https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps/
If you use a Mac, beware. The Russian cyberspies blamed for the US election hacks are now targeting Macs. Security researchers have discovered a malware targeting Mac’s that is very likely a variant of the malware used to hack the Democratic National Committee during last year’s election. What’s worse is that this particular piece of malware is believed to be tied to a group affiliated with the Russian military intelligence service.
Yes, the Russian hackers. The same hackers that are being talked about by the news media each and every day for their reported efforts to sway the US Presidential election and their potential undue influence over the present Administration. The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.
Politics aside, this group is purported to be the most sophisticated hacking organization in the world. Why they are now targeting Mac computers is not yet known. Nor is it known how they are distributing the malware, but it’s out there. If you are using MacKeeper for anti-virus, replace it, a vulnerability in that program appears to be the most plausible point of penetration.
Don’t buy in to popular misconception that Mac’s are not vulnerable to virus and malware attacks. They are and this certainly proves it. Be sure you have strong anti-virus and anti-malware protection, keep it updated and perform regular deep scans on your Mac to be sure it’s clean.
Additional MAC Malware information from Bitdefender Labs: https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
The “Can You Hear Me?” phone scam has generated a lot of interest and concern in recent weeks but do you really have to be worried about it?
This scam has been reported recently by USA Today, NBC News, CBS News, Boston television stations and newspapers across the country including last Sunday’s Globe.
People around the country have reported receiving a phone call from someone who claims to be from a home security agency, cruise line, Social Security Administration, or another agency or business. The scam caller starts the conversation with: “can you hear me?”
If you reply “Yes” which most of us would say automatically, the scammer supposedly records your answer and uses it to sign you up for a product or service. When an invoice arrives in the mail demanding payment and you call the listed number to protest the charge, the scammers say they have your recorded “yes” confirming the purchase. Some folks are worried that by simply saying “yes” they might be out hundreds or even thousands of dollars.
Should you be worried? I don’t think so!!! Snopes.com – one of my favorite sites to dispel rumors, scams and even urban legends posted that there is no evidence of individuals losing money or having their identities stolen due to this scam, only that some people have received phone calls. http://www.snopes.com/can-you-hear-me-scam/
This type of scam has previously been targeted at businesses. The business ends up receiving invoices or bills in the mail for products or services they didn’t order. Even though they are not legally required to pay a bill for any product or service they did not order, sometimes the business owners are so scared of the thought of debt collectors, they pay the bill.
To take money from you, the scammers would need other personal information to successfully charge items on their credit card or take money from their bank account. In those cases and with that information, a recorded “yes” wouldn’t be needed anyway. Even if such a scenario existed, it’s hard to imagine why scammers would need to utilize an actual audio recording of the victim’s repeating the word “yes” rather than simply providing that verbal response themselves.
As far as I know, phone companies, utility companies, and credit card issuers don’t maintain databases of voice recordings of their customers and use them to perform real-time audio matching to verify identities during customer service calls.
If you or a family member gets this type of phone call, your best bet is to simply hang up. Make it a habit to just hang up every time you get an unsolicited phone call from any organization or business. Don’t let these scammers waste your time.