Category : Security

Mozilla Stops Facebook Tracking With a Firefox Add-On

 

[caption id="attachment_6950" align="alignnone" width="700"]Mozilla Stops Facebook Tracking With a Firefox Add-On Mozilla Stops Facebook Tracking With a Firefox Add-On[/caption]

 

“You can continue to use Facebook as normal, but Zuckerberg can no longer track you around the web.” – PC Mag’s Matthew Humphries stated on March 27th, 2018

With the recent issues with Facebook security and releasing user information, Matthew Humphries suggests adding a Foxfire Add-On through Mozilla to protect users from their personal information spreading around the web.

Regardless of what action (if any) ends up being taken on Facebook in light of the Cambridge Analytica debacle, people are waking up to just how much tracking happens on the social network. Choosing to delete your Facebook account is a little too drastic for most users, so Mozilla came up with an alternative. If you use the Firefox browser, it’s now easy to stop Facebook tracking you around the web.

Announced on The Mozilla Blog today, a new add-on for the Firefox browser has been launched called Facebook Container. When installed, it stops Facebook from tracking you around the web, but importantly, allows Facebook to function as normal when you’re actually using the social network.

Mozilla achieved this by isolating your Facebook identity and placing it in a separate container for the rest of your browsing experience. By doing so, it’s much harder for Facebook to track any visits to other websites through third-party cookies.

As Nick Nguyen, VP of Firefox Product explains, the aim here was to offer, “A solution that doesn’t tell users to simply stop using a service that they get value from. Instead, it gives users tools that help them protect themselves from the unexpected side effects of their usage.”

If you are worried about the data being collected about you but don’t want to stop using the social network, Facebook Container is a great solution for protecting yourself. It’s also a good reason to install and start using the Firefox browser if you haven’t already.

Once installed, you’ll know the add-on is working on the blue Facebook and lock symbol that appears in the address bar when visiting Facebook, just like in the image above.

 

 

________________________________________________________________

For the original content, please visit:

PCMag Facebook Tracking – Firefox Add-on

The Best VPN Services of 2018

“A virtual private network is the best way to stay anonymous online and to secure your web traffic. We’ve tested more than 50 VPNs, and these are our top performers” stated PC Mag’s, Max Eddy

Best VPN Services of 2018

 

What Is a VPN?

In the simplest terms, a VPN is used to create a secure, encrypted connection—which can be thought of as a tunnel—between your computer and a server operated by the VPN service. In a professional setting, this tunnel makes you part of the company’s network, as if you were physically sitting in the office—hence the name.

While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.

Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.

VPNs Keep You Safe Online

Have you become so comfortable with the idea of transmitting your data via Wi-Fi that you’ve stopped worrying about the safety of said data—and of who else might be looking at it? You’re not alone. In fact, you’re probably in the majority. That’s a huge privacy and security problem. Public Wi-Fi networks, which are commonplace and convenient, are unfortunately also highly convenient for attackers who are looking to compromise your personal information. When even your ISP is allowed to sell your browsing history it’s time to begin thinking about protecting your data. That’s where virtual private networks, or VPNs, come in.

 

Who Needs a VPN?

The protection provided by a VPN offers users many advantages. First and foremost, it prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. VPNs also cloak your computer’s actual IP address, making it harder for advertisers (or spies, or hackers) to track you online.

 

How to Choose a VPN Service

The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population’s growing concerns about surveillance and cybercrime, which means it’s getting hard to tell when a company is actually providing a secure service and when it’s throwing out a lot of fancy words while selling snake oil. In fact, since VPN services have become so popular in the wake of Congress killing ISP privacy rules, there have even been fake VPNs popping up, so be careful. It’s important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don’t just focus on price, though that is an important factor.

____________________________________________________________________

For the original content, please visit:

PCMag.VPN2018

Keylogger Discovered on HP Laptops

Keylogger discovered on HP Laptops

 

Keylogger‘s are used in IT organizations to troubleshoot technical problems with computers and business networks. They can also be used to monitor the network usage of people without their direct knowledge; they are sometimes used as part of home parental controls. Finally, malicious individuals may use keyloggers on public computers to steal passwords or credit card information.” Reported Bradley Mitchell.

Last week, keylogger was discovered on over 460 different models of HP laptops. The keylogger is disabled by default but is easily enabled under the Windows Registry.  Security researcher, Michael Myng, discovered keylogger in an attempt to figure out how to control HP’s laptop keyboard black light.  What he discovered has sent a shockwave throughout the industry. The keylogger was capable of recording every keystroke made by a single user. Thankfully, most are disabled by default, as previously mentioned. However, it would be a very simple change to enable it which could make your PC vulnerable to a potential hacker.

The BBC reports that HP has issued a software patch to remove the keylogger. “However, there are over 460 models of HP laptop affected, including those in the EliteBook, ProBook, Pavilion, and Envy ranges, and the keylogger has been present since 2012. The software patch support page lists all models carrying the disabled keylogger.”

HP initially allowed keylogger to be installed on so many laptops to act as a debugging tool on the drive. It was simply an oversight, then disabled but not removed. Leaving several laptops in danger of being hacked.

____________________________________________________________________

For the original content, please visit:  Keylogger Discovered on HP Laptops

Are you at risk? BlueBorne Bluetooth Attacks

Did you know that you could be an easy target for hackers if your Bluetooth is turned on? No matter the device, you could be at risk.

android_mobile_security-100434195-primary.idge

 

Researchers at security firm Armis are warning users about a new attack vector leveraging Bluetooth that affects almost 5.3 billion devices across iOS, Android, Windows, and Linux. The BlueBorne technique, which spreads through the air, could allow an attacker to take complete control of affected devices, access corporate data and networks, penetrate even “secure” networks, and spread malware.

Worse yet, “the attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode,” the company wrote in a blog post. In fact, this attack requires no user interaction at all.

If a user simply has Bluetooth enabled, a hacker would be able connect to their device and spread malware—all without the user’s knowledge. Armis explained that because it propagates through the air, BlueBorne is “much more dangerous” than the majority of attacks today, which rely on the internet. This unusual attack method also allows hackers to bypass current security defenses since they don’t protect against “airborne threats” of this kind.

“BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices,” Armis said.

Armis has uncovered eight associated zero-day vulnerabilities, four of which are classified as “critical.” The company has reported these flaws to affected companies — including Google, Microsoft, Apple, Samsung, and Linux — and is working with them to get patches deployed.

Armis strongly advises that you disable Bluetooth on any devices if you are worried.

 


 

If you would like to educate yourself further or to view the original content, please visit: https://www.pcmag.com/news/356174/blueborne-bluetooth-attack-puts-5-billion-devices-at-risk

 

 

Are you promoting a safe Network?

security

On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.

Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.

Here are 5 best practices to follow to secure your network and avoid ransomware attacks.

  1. Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.

  2. Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.

  3. Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.

  4. Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.

  5. Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.

 


 

If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com 

Fully Booked hotel & ski-resort pays bitcoin to regain control

bitcoin

Four-star hotel and ski-resort in Australia paid a reported $1,600 ransom to regain control of its computer system during a fully booked weekend. The systems were kicked offline which temporarily interfered with room keys and guest check in among other things. This ransom marks the third attack on the hotel system, but the first time full control was taken. This may be why the hotel opted to pay the bitcoin rather than mess with the situation any further. Rather than risk losing revenue and fully restricting guests from checking in or out of their rooms the hotel worked with the hackers. Cheaper and faster said the hotel representative.

“Neither police nor insurance help you in this case,” Brandstaetter lamented to The Local. “The restoration of our system after the first attack in summer has cost us several thousand euros. We did not get any money from the insurance so far because none of those to blame could be found.” – PCmag

This is not the first time that a company has had to make the difficult decision whether or not to pay the bitcoin and risk losing that money as well as their data, or not paying the bitcoin, and risk total lockout of the system. IBM Security ran a study that found 70 percent of businesses attacked and infected with ransomware have paid the dollar to regain access to their systems and or data.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com

 

Android Trojan rerouters you to Rogue DNS server

android trojan

New Android Trojan virus reported by Kaspersky Lab, that goes by the name, Switcher.

Switcher Trojan infects wifi routers through an infected Android, where an attacker can then reroute other users on the network to malicious sites. This is through brute force attacks against the admin interface of the router – using a predetermined list of password/login combos. The DNS servers are then replaced with both an active and backup server of the hacker. This allows for a multitude of potential infections, since every DNS query is directed to a network controlled by the attacker.

Kaspersky Lab researchers explained that “the ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system … the approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” – www.techgenix.com

Attacks primarily in china and proven track record predicts that the attacks will certainly spread across locations. This is the first Android malware that has been used to attack routers in this manner.

At the moment it is advised that admins and users alike should be on the look out for the following rogue DNS servers:

101.200.147.153

112.33.13.11

120.76.249.59 

“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” says Kaspersky Lab cybersecurity researcher Nikita Buchka. – www.zdnet.com

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techgenix.com

 

What/Why/How – you should always use a VPN

vpn

What is a VPN? A virtual private network creates a secure tunnel between two sites via the Internet to protect your privacy. This is usually a paid service to ensure web browsing is secure and private while using public wifi or less secure wifi networks.

What happens? Your PC connects to a VPN server, and then your web traffic passes back and forth through that server. This VPN server can be located anywhere in the world whether it be the United States or Thailand. Therefore when you are surfing the web, those websites you are visiting see you as browsing from that VPN server’s geographical location, not where your laptop is really located.

Why is that important? When you are hanging out on your laptop in a public space such as a coffee shop, perusing Amazon for some deals, hackers are far less likely to be able to steal your login credentials, your credit card information, email address, or direct you to a fake banking site or other spoof. Even your internet service provider will have a hard time trying to snoop on what websites you are visiting.

Free services are offered, but they are slow with considerably less bandwidth, so pay the $5 a month and get a service of quality. Ask questions such as what kind of logging does the VPN provider do? How long do they keep information about your VPN sessions? Are they going to be recording the IP addresses you use? Answers to these questions should be taken into consideration based on how much privacy you want and need.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com

 

Luggage Tag Code, Gives Identity and Flight Info to Hackers

gds

Researchers from German security company, Security Research Labs, recently revealed the poor security behind the current travel booking systems. Three of the largest Global Distributed Systems (GDS) handling flight reservations for worldwide travel are Amadeus, Sabre, and Travelport. These three systems handle 90 percent of flight reservations.

The poor security stems from these systems originating in the 70’s and 80’s and never being rebuilt, but rather integrated with the more modern web infrastructure of today.

Each traveler on a GDS is identified by a six-digit code that also serves as the booking code. This code houses all traveler information from home address, email address, phone numbers, credit card information, frequent flyer number and even the IP address used to make the booking online! This ID is printed on boarding passes and luggage tags.

A specific ID is not needed to find valid traveler information and airline websites and GDS do not limit the amount of times you can check for codes. This gives hackers the window to use brute force approach to finding valid codes for use.

Researchers explain that it is possible for a hacker to steal your flight by changing the flight information without your knowledge or canceling it and receiving a voucher, just from your ID printed on your luggage tag. A hacker could also take frequent flyer miles, or use the knowledge that you are on vacation for a potential phishing attack.


If you would like to educate yourself in more detail about the information presented in this post please visit: www.pcmag.com