Help each other out of non-Webroot technical jams and discuss tech-related stuff in general.
- 4,794 Topics
- 12,208 Replies
Cyber News Rundown: May 2020
Bank of America Breach Reveals PPP Info After processing over 300,000 Paycheck Protection Program applications, Bank of America revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. Bank of Costa Rica Suffers Data Breach Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic. Old LiveJournal Breach Data Re-emerges Researchers have been looking into a recent data dump that appear
Apple and Google join forces to develop Contact Tracing app against Coronavirus
April 13, 2020 By Pierluigi Paganini Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices. A contact tracing app is a tool that could be used to contain new diseases, like Coronavirus, by tracking down and quarantining everyone that gets infected and localize any person that has been in contact with him/her. Contact tracing technologies played an essential role in the containment of the pandemic in several countries, including South Korea, Singapore, Israel, and other nations. Google and Apple have joined forces to develop a contract-tracing tool to face COVID19 pandemic, the IT giants are expected to release an API that could allow government agencies can integrate into their applications. The companies plan to design a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to implement an “opt in system” contact tracing technology. Full Article.
Cyber News Rundown: April 2020
Zoom Video Software Targeted by Hackers With much of the world working from home, the need for teleconferencing has peaked. Hackers have taken notice, finding vulnerabilities within Zoom’s videoconferencing software to hijack online meetings. Over 400 new domains were registered through Zoom in just the last month, of which another decent percentage have been found to contain suspicious content or activity. Some other adware variants have been discovered spoofing Microsoft’s Teams while performing malicious activities in the background. Malicious COVID-19 Websites Surge More than 136,000 new domains have been registered referencing the COVID-19 pandemic in recent months, many of which have yet to be flagged. A large portion of these sites have been distributing phishing campaigns, with some creating fake bank login sites, using obviously inaccurate URLs, and packing them with pandemic buzz words. Hopefully, some domain registrars will implement better detection for these types of scam
LastPass is in the midst of a major outage
January 20, 2020 By Catalin Cimpanu Password management service LastPass is currently going through a major outage as users are reporting being unable to log into their accounts and autofill passwords, with some users reporting issues going back for days. User reports about login issues have been flooding Twitter, but also the company's forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: "An error has occurred while contacting the LastPass server. Please try again later." Both home and enterprise users are impacted. Full Article.
MacOS Big Sur Announced
MacOS Big Sur Announced with New UI – Screenshots & Features Jun 22, 2020 Apple has announced the next major system software release for Mac; MacOS Big Sur. The release is named after Big Sur, a stunning stretch of coast line in Central California south of the San Francisco Bay Area. Versioned as Mac OS 11 (or 10.16, depending), macOS Big Sur includes a visual overhaul and a variety of new features and capabilities that further blur the lines between Mac, iPhone, and iPad. Full Article
Smart scale goes dumb as Under Armour pulls the plug on connected tech
A lesson here for all those who like IOT devices. Under Armour is making a pile of pricey devices into so many useless bricks. Kate Cox - 1/21/2020 Any smart device comes with its own set of benefits and trade-offs, but there's one huge shoe waiting to drop with every single one of them: anything you connect can be disconnected at the other end, and there's absolutely nothing you the consumer can do about it. Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights. The company quietly pulled its UA Record app from both Google Play and Apple's App Store on New Year's Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31. Full Article.
Cyber Threats in the Time of COVID-19Blog
Cyber Threats in the Time of COVID-19 In the past 3 months, we’ve seen a staggering amount of change worldwide, not least of which involves the majority of global business offices switching to WFH. With so many employees suddenly working from their home devices and networks, this massive shift has brought numerous challenges for employees and employers alike. One of the main challenges is that many employees were not set up for successful, secure remote work. While they might’ve had antivirus, DNS protection, VPNs, group policies, and other cybersecurity measures on corporate devices, not all employees could take these computers home with them. That means they had to start using personal devices for work, which begs the question: how many of those devices had robust cybersecurity measures (if any) in place? Probably not many at all. So now the problem becomes clearer; valuable company data is being sent via unsecured or inadequately secured devices, across unsecured or inadequate
VMware to acquire AI-based network analytics firm Nyansa
VMware wants to add Nyansa's AI and machine learning capabilities to its security and network portfolio January 22, 2020 By Dev Kundaliya VMware is to acquire network analytics software firm Nyansa in a bid to bolster its flagship SD-WAN by VeloCloud platform. The deal is expected to close in VMware's first quarter of its fiscal year 2021 - the quarter to the end of April 2020 - subject to customary closing conditions. Financial terms of the deal were not disclosed. VMware wants to add Nyansa's artificial intelligence (AI) and machine learning capabilities to its existing security and network portfolio. The added capabilities will help customers operate and troubleshoot the Virtual Cloud Network, while also strengthening VMware's ability to offer "self-healing networks", the company said. Full Article.
Cyber News Rundown: March 2020
Paradise Ransomware Spreading Through Unusual Attachments While Paradise ransomware isn’t new to the scene, the latest methods it is using to spread have been a bit surprising. Though it still transmits over email, it offers up an IQY attachment instead of a typical word document or excel spreadsheet. These attachments can make a quick connection to a malicious URL and begin downloading the actual ransomware payload. What makes these so much more dangerous is that they appear to be a simple text file with no internal malicious code, just commands for retrieving it, so it isn’t typically picked up by most security services. https://www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Malicious Coronavirus Mapping Apps Spreading More than Misinformation Many malware authors have been capitalizing on the recent coronavirus (COVID-19) epidemic through phishing campaigns and newly renamed ransomware variants. Their latest efforts have
Cyber News Rundown: February 2020
Maze Ransomware Targets Multiple French Industries At least five French law firms and a construction corporation have all fallen victim to the Maze ransomware variant, which is known for quickly ex-filtrating sensitive information. The Maze authors have also announced they will begin releasing the stolen data if the victims refuse to pay the ransom. Even though only two of the law firms have had their data posted so far, it is only a matter of time before the remaining firms are exposed and the entirety of the stolen data is released. Furthermore, with this type of ransomware attack, the attackers have been known to demand a doubled ransom payment to cover both the decryption key for the files and the supposed permanent deletion from the attacker’s end. Though if this type of payment isn’t made, the data has been known to be posted on Russian forums, leaving the data in the hands of any interested parties. Major Spike in MageCart Skimmer Usage At least 40 new websites have been identif
Weekly Threat News: 22nd JanuarayThreat News
Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. Ransomware FTCODE Now Info-Stealing Stealing data before encrypting it is now a very common criminal practice. This can be done automatically by malware or it can be done by hackers (such as in the new BitPyLock attacks) who have specifically targeted a network. FTCODE know joins other infections such as Trickbot in having both data stealing and encrypting components: “FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.” In all of these cases the data is stolen first and the order of events is important here. If the data was to be encrypted before the data stealing components of the attacks were deployed, then the data stolen would be largely useless to the attackers running these malware campaigns. Las Vegas Hit by Ransom
Cyborgs, Trolls and Bots: A Guide to Online Misinformation
By Associated Press on February 08, 2020 Cyborgs, trolls and bots can fill the internet with lies and half-truths. Understanding them is key to learning how misinformation spreads online. As the 2016 election showed, social media is increasingly used to amplify false claims and divide Americans over hot-button issues including race and immigration. Researchers who study misinformation predict it will get worse leading up to this year’s presidential vote. Here’s a guide to understanding the problem: Full Article.
Privacy Tips from NCSA - ConsumerData Privacy Day
Advice for Consumers: Safeguarding your Data Your mobile devices – including smartphones, laptops and wearables – are always in reach wherever you go, and they share substantial information about you and your habits. Follow these basic privacy tips to help you better manage your personal information. Tips to Help Protect your Privacy Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. You should delete unused apps, keep others current and review app permissions. Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future. Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you
Privacy Tips from NCSA - BusinessesData Privacy Day
Advice for Organizations: Privacy is Good for Business Protecting your customers’ privacy is a competitive advantage. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth. Tips for Transparency and Trust Privacy is everyone’s business: If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Build trust by doing what you say you will do. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy. Conduct due diligence and maintain oversight of partners and vendors. If someone provides services on your behalf, y
Data Privacy Day - Consumer FactsData Privacy Day
As the issue of privacy becomes more familiar to the public, consumers are becoming more concerned about who can access their information and why. A recent survey by Pew Research Center found that majorities of Americans think their personal data is less secure now than five years ago and that data collection poses more risks than benefits. For example: A majority of Americans report being concerned about the way their data is being used by companies (79 percent) or the government (64 percent). Fully 79 percent of Americans say they are not too confident or not at all confident that companies will admit mistakes and take responsibility if they misuse or compromise personal information, and 69 percent report having this same lack of confidence that firms will use their personal information in ways they will be comfortable with. Many Americans acknowledge that they are not always diligent about paying attention to privacy policies and terms of service. Only about 1 in 5 adults say
World Password Day 2020
Chances are, if you’re like the average American, you could use some help with strengthening your passwords. In fact according to our latest report, almost half (49%) of Americans admit to using the same password across multiple sites... If you haven’t seen the report, be sure to read our overview here It’s ok. We’re here to help. In honor of World Password Day, celebrated every May 7th, I sought the advice of a few cybersecurity experts to get their take on what we can all do to improve our password habits. What is one piece of advice you would give a consumer? What is most important for an SMB to keep top of mind? Change your password regularly and do NOT rely on passwords alone if additional ways of signing on are available. Most Banks offer using your cell phone to send passcodes as additional proof of who you are and there are of course fingerprints or even authentication apps. George Anderson, Product Marketing Director, Webroot Use a password manager lik
2 billion phones cannot use Google and Apple contact-tracing tech
System developed by Silicon Valley relies on technology missing from older handsets. Tim Bradshaw, ft.com - 4/20/2020 As many as a billion mobile phone owners around the world will be unable to use the smartphone-based system proposed by Apple and Google to track whether they have come into contact with people infected with the coronavirus, industry researchers estimate. The figure includes many poorer and older people—who are also among the most vulnerable to COVID-19—demonstrating a “digital divide” within a system that the two tech firms have designed to reach the largest possible number of people while also protecting individuals’ privacy. Apple’s iPhones and devices running on Google’s Android operating system now account for the vast majority of the 3.5 billion smartphones estimated to be in active use globally today. That provides a huge potential network to track infection, with surveys suggesting widespread public support for the idea. Full Article.
Lockdown Lessons: Profile and Stereotypes of Hackers
Mobile World Congress canceled due to coronavirus [Updated]
Decision comes after a number of vendors pull out of world's biggest telecom show. Samuel Axon - 2/12/2020 [Update 2:32pm ET, February 12. 2020] Mobile World Congress 2020 (MWC) organizer the GSMA has announced that the annual technology event in Barcelona is canceled this year. Part of the GSMA's statement on the decision says: "Global concern regarding the coronavirus outbreak, travel concern, and other circumstances, make it impossible for the GSMA to hold the event." The cancellation followed news of several major exhibitors backing out due to travel restrictions and concerns related to the coronavirus outbreak in China. See below for details on that developing story. Full Article.
Content Teaser: Phishing!
Hello Webroot Community! We have some very interesting informational content coming to the forum in the next couple of months and I just wanted to give you a bit of a teaser. The next big “series” of cybersecurity posts we’ll be dropping will be involved with a very relevant topic: PHISHING! Phishing has become one of the most common tactics used by bad-actors to get passwords, usernames, personal/financial info – you name it! Phishing has been at the center of many recent ground-breaking data breaches and is probably the most important cyber-threat to pay attention to. Our amazing threat researcher, Tyler Moffitt, will be writing a comprehensive and informational guide to the different types of phishing that we see today. This will be a multi-part series that we will release in the coming weeks. We’re very excited to see what Tyler comes up with – it will be educational for everyone, the Community Team included! I also wanted to take this opportunity to pose a question to y
Are you cyber-smarter than your neighbor?
If you think you’re taking adequate steps for your cybersecurity, you’re in good company. Nearly 9 out of 10 Americans (89%) believe they’re taking appropriate steps to stay safe online, according to our most recent version of an annual survey, 2020’s Most (and Least) Cyber-Secure States. Unfortunately, in terms of our actual behavior, the average American’s cyber-safety habits put us at about 58% on our cyber-risk scale. If you think about that in terms of letter grades in school, that’s an F. Not pretty, right? Let’s back up a little and go over some positives. Overall, the cyber-safest states in the U.S. are Nebraska, New Hampshire, Wyoming, Oregon, and New Jersey. Well done, Oregon!Good habits of the cyber-safe: Protecting all your devices with antivirus and a VPN. Regularly backing up data, preferably to both a physical drive and a secure cloud backup. Keeping your operating systems, antivirus software, and other apps up to date. Investigating and improving on the security of al
Chinese hackers bypass 2FA authenticationAlert
We’ve seen reports that Chinese hackers have figured out a way to bypass two-factor authentication. Obviously, this is concerning. Reported via Information Age, the article dives into how one cybersecurity firm believes how it was done. A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report. The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to the Chinese government that has been on the radar for nearly 10 years. The report tracks the attacks of the group over the last two years and details the method behind them. Read the rest of the article on Information Age @TylerM , Webroot Security Analyst, had this to say: This is pretty scary and just shows that the different types of 2FA implementation have varying degrees of security. SMS text and phishing has always been the most vulnerable, but now it
The Y2K bug is back, causing headaches for developers again
Twenty years ago, some developers dealt with the millennium bug by postponing it until... now. January 8, 2020 By Daphne Leprince-Ringuet Twenty years ago, as the world celebrated the start of a new millennium, IT professionals across the globe were getting cold sweats at the prospect of the Y2K bug kicking in: the fear that important systems relying on two-digit date logs would come to a standstill if computers interpreted the 1 January 2000, registered as 01/01/00, as the first day of the year 1900. No major incident happened, because developers had seen Y2K coming and prepared well. But two decades later, it has become apparent that some resorted to a quicker fix than others, and simply postponed the problem to 2020. A series of incidents seem to have confirmed that Y2020 is tech's latest unwelcome blast from the past. Full Article.
Cryptocurrency: storage, scams and hacks, oh my!Blog
Hey there Webroot Community, We are back with another series of informational posts on the topic of Cryptocurrency! The world of cryptocurrency is still an enigma to most people, and we’d like to do our part to clear up some of the confusion. There are a few things that new crypto users struggle with in regard to its usage, storage, and prevention of being scammed. In this installment of the crypto series, these are the topics we will be covering: 1) Storage 2) How to use safely 3) Infamous “crypto exchange mishaps” 4) Pros vs. cons of crypto and blockchain tech Storage Learning how to securely store your cryptocurrency is the most important process to learn before jumping into this new world. First, it’s important that you learn the difference between a “public” and a “private” key. Public key: Think of this as your PO box address that you give out to people/companies in order to receive packages. Your public key in terms of cryptocurrency is a string of letters/numbe
Join the Conversation
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.