Help each other out of non-Webroot technical jams and discuss tech-related stuff in general.
- 4,677 Topics
- 11,643 Replies
April 13, 2020 By Pierluigi Paganini Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices. A contact tracing app is a tool that could be used to contain new diseases, like Coronavirus, by tracking down and quarantining everyone that gets infected and localize any person that has been in contact with him/her. Contact tracing technologies played an essential role in the containment of the pandemic in several countries, including South Korea, Singapore, Israel, and other nations. Google and Apple have joined forces to develop a contract-tracing tool to face COVID19 pandemic, the IT giants are expected to release an API that could allow government agencies can integrate into their applications. The companies plan to design a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to implement an “opt in system” contact tracing technology. Full Article.
My account is already activitated. The system does not recognize my password. I have waited for the automated system to send me an email to retrieve my password, but received nothing. Automated Customer Service sent an email with a temporary password to use, but the Login does not accept it. Customer Service does not answer the phone.
January 20, 2020 By Catalin Cimpanu Password management service LastPass is currently going through a major outage as users are reporting being unable to log into their accounts and autofill passwords, with some users reporting issues going back for days. User reports about login issues have been flooding Twitter, but also the company's forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: "An error has occurred while contacting the LastPass server. Please try again later." Both home and enterprise users are impacted. Full Article.
A lesson here for all those who like IOT devices. Under Armour is making a pile of pricey devices into so many useless bricks. Kate Cox - 1/21/2020 Any smart device comes with its own set of benefits and trade-offs, but there's one huge shoe waiting to drop with every single one of them: anything you connect can be disconnected at the other end, and there's absolutely nothing you the consumer can do about it. Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights. The company quietly pulled its UA Record app from both Google Play and Apple's App Store on New Year's Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31. Full Article.
VMware wants to add Nyansa's AI and machine learning capabilities to its security and network portfolio January 22, 2020 By Dev Kundaliya VMware is to acquire network analytics software firm Nyansa in a bid to bolster its flagship SD-WAN by VeloCloud platform. The deal is expected to close in VMware's first quarter of its fiscal year 2021 - the quarter to the end of April 2020 - subject to customary closing conditions. Financial terms of the deal were not disclosed. VMware wants to add Nyansa's artificial intelligence (AI) and machine learning capabilities to its existing security and network portfolio. The added capabilities will help customers operate and troubleshoot the Virtual Cloud Network, while also strengthening VMware's ability to offer "self-healing networks", the company said. Full Article.
Paradise Ransomware Spreading Through Unusual Attachments While Paradise ransomware isn’t new to the scene, the latest methods it is using to spread have been a bit surprising. Though it still transmits over email, it offers up an IQY attachment instead of a typical word document or excel spreadsheet. These attachments can make a quick connection to a malicious URL and begin downloading the actual ransomware payload. What makes these so much more dangerous is that they appear to be a simple text file with no internal malicious code, just commands for retrieving it, so it isn’t typically picked up by most security services. https://www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Malicious Coronavirus Mapping Apps Spreading More than Misinformation Many malware authors have been capitalizing on the recent coronavirus (COVID-19) epidemic through phishing campaigns and newly renamed ransomware variants. Their latest efforts have
Maze Ransomware Targets Multiple French Industries At least five French law firms and a construction corporation have all fallen victim to the Maze ransomware variant, which is known for quickly ex-filtrating sensitive information. The Maze authors have also announced they will begin releasing the stolen data if the victims refuse to pay the ransom. Even though only two of the law firms have had their data posted so far, it is only a matter of time before the remaining firms are exposed and the entirety of the stolen data is released. Furthermore, with this type of ransomware attack, the attackers have been known to demand a doubled ransom payment to cover both the decryption key for the files and the supposed permanent deletion from the attacker’s end. Though if this type of payment isn’t made, the data has been known to be posted on Russian forums, leaving the data in the hands of any interested parties. Major Spike in MageCart Skimmer Usage At least 40 new websites have been identif
Weekly Threat News: 22nd JanuarayThreat News
Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. Ransomware FTCODE Now Info-Stealing Stealing data before encrypting it is now a very common criminal practice. This can be done automatically by malware or it can be done by hackers (such as in the new BitPyLock attacks) who have specifically targeted a network. FTCODE know joins other infections such as Trickbot in having both data stealing and encrypting components: “FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.” In all of these cases the data is stolen first and the order of events is important here. If the data was to be encrypted before the data stealing components of the attacks were deployed, then the data stolen would be largely useless to the attackers running these malware campaigns. Las Vegas Hit by Ransom
By Associated Press on February 08, 2020 Cyborgs, trolls and bots can fill the internet with lies and half-truths. Understanding them is key to learning how misinformation spreads online. As the 2016 election showed, social media is increasingly used to amplify false claims and divide Americans over hot-button issues including race and immigration. Researchers who study misinformation predict it will get worse leading up to this year’s presidential vote. Here’s a guide to understanding the problem: Full Article.
Weekly Threat News: 2nd JanuarayThreat News
Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. General News Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities Mirai was one of the biggest botnets ever seen. It consisted of millions of compromised IoT and other connected devices including routers. This army of devices was put to criminal use launching huge DDoS and other attacks. The Mirai model was so successful it spawned many variants and one of these variants, ECHOBOT, was discovered in mid-2019. Whereas the original Mirai compromised devices using a small amount of likely passwords (such as typical hardcoded router credentials) and exploits ECHOBOT uses a staggering amount of different device vulnerabilities and affects a wide range of devices. By targeting web and networking software as well as the classic Mirai targets of embedded IoT OS, ECHOBOT has greatly increased its ability to spread. There has been a lot of researc
Privacy Tips from NCSA - ConsumerData Privacy Day
Advice for Consumers: Safeguarding your Data Your mobile devices – including smartphones, laptops and wearables – are always in reach wherever you go, and they share substantial information about you and your habits. Follow these basic privacy tips to help you better manage your personal information. Tips to Help Protect your Privacy Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. You should delete unused apps, keep others current and review app permissions. Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future. Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you
Privacy Tips from NCSA - BusinessesData Privacy Day
Advice for Organizations: Privacy is Good for Business Protecting your customers’ privacy is a competitive advantage. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth. Tips for Transparency and Trust Privacy is everyone’s business: If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy. Conduct due diligence and maintain oversight of partners and vendors. If someone provides services on your behalf, y
Data Privacy Day - Consumer FactsData Privacy Day
As the issue of privacy becomes more familiar to the public, consumers are becoming more concerned about who can access their information and why. A recent survey by Pew Research Center found that majorities of Americans think their personal data is less secure now than five years ago and that data collection poses more risks than benefits. For example: A majority of Americans report being concerned about the way their data is being used by companies (79 percent) or the government (64 percent). Fully 79 percent of Americans say they are not too confident or not at all confident that companies will admit mistakes and take responsibility if they misuse or compromise personal information, and 69 percent report having this same lack of confidence that firms will use their personal information in ways they will be comfortable with. Many Americans acknowledge that they are not always diligent about paying attention to privacy policies and terms of service. Only about 1 in 5 adults say
Decision comes after a number of vendors pull out of world's biggest telecom show. Samuel Axon - 2/12/2020 [Update 2:32pm ET, February 12. 2020] Mobile World Congress 2020 (MWC) organizer the GSMA has announced that the annual technology event in Barcelona is canceled this year. Part of the GSMA's statement on the decision says: "Global concern regarding the coronavirus outbreak, travel concern, and other circumstances, make it impossible for the GSMA to hold the event." The cancellation followed news of several major exhibitors backing out due to travel restrictions and concerns related to the coronavirus outbreak in China. See below for details on that developing story. Full Article.
Hello Webroot Community! We have some very interesting informational content coming to the forum in the next couple of months and I just wanted to give you a bit of a teaser. The next big “series” of cybersecurity posts we’ll be dropping will be involved with a very relevant topic: PHISHING! Phishing has become one of the most common tactics used by bad-actors to get passwords, usernames, personal/financial info – you name it! Phishing has been at the center of many recent ground-breaking data breaches and is probably the most important cyber-threat to pay attention to. Our amazing threat researcher, Tyler Moffitt, will be writing a comprehensive and informational guide to the different types of phishing that we see today. This will be a multi-part series that we will release in the coming weeks. We’re very excited to see what Tyler comes up with – it will be educational for everyone, the Community Team included! I also wanted to take this opportunity to pose a question to y
We’ve seen reports that Chinese hackers have figured out a way to bypass two-factor authentication. Obviously, this is concerning. Reported via Information Age, the article dives into how one cybersecurity firm believes how it was done. A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report. The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to the Chinese government that has been on the radar for nearly 10 years. The report tracks the attacks of the group over the last two years and details the method behind them. Read the rest of the article on Information Age @TylerM , Webroot Security Analyst, had this to say: This is pretty scary and just shows that the different types of 2FA implementation have varying degrees of security. SMS text and phishing has always been the most vulnerable, but now it
Twenty years ago, some developers dealt with the millennium bug by postponing it until... now. January 8, 2020 By Daphne Leprince-Ringuet Twenty years ago, as the world celebrated the start of a new millennium, IT professionals across the globe were getting cold sweats at the prospect of the Y2K bug kicking in: the fear that important systems relying on two-digit date logs would come to a standstill if computers interpreted the 1 January 2000, registered as 01/01/00, as the first day of the year 1900. No major incident happened, because developers had seen Y2K coming and prepared well. But two decades later, it has become apparent that some resorted to a quicker fix than others, and simply postponed the problem to 2020. A series of incidents seem to have confirmed that Y2020 is tech's latest unwelcome blast from the past. Full Article.
Hey there Webroot Community, We are back with another series of informational posts on the topic of Cryptocurrency! The world of cryptocurrency is still an enigma to most people, and we’d like to do our part to clear up some of the confusion. There are a few things that new crypto users struggle with in regard to its usage, storage, and prevention of being scammed. In this installment of the crypto series, these are the topics we will be covering: 1) Storage 2) How to use safely 3) Infamous “crypto exchange mishaps” 4) Pros vs. cons of crypto and blockchain tech Storage Learning how to securely store your cryptocurrency is the most important process to learn before jumping into this new world. First, it’s important that you learn the difference between a “public” and a “private” key. Public key: Think of this as your PO box address that you give out to people/companies in order to receive packages. Your public key in terms of cryptocurrency is a string of letters/numbe
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.