Forrest Gump’s mama nailed it on the head.
My mama always said, ‘Life was like a box of chocolates. You never know what you’re gonna get.’
Today, Russell Stover has announced that they’ve suffered from a data security incident affecting purchases made from retail stores. Purchases made between February 9 and August 7, 2019 may have been impacted.
From their press release:
While Russell Stover’s investigation is ongoing, the company believes that certain payment card data, including some consumers’ first and last names, payment card numbers and expiration dates could have been acquired. At this time, Russell Stover has no evidence that any information has been inappropriately used.
The Hacker News is reporting that malware has been discovered embedded within the free version of CamScanner, a popular app for creating PDF documents. The free version, which had over 100 million downloads, has been removed from the Google Play Store.
Researchers had recently discovered a hidden Trojan module within the app that could allow remote attackers to download and install malicious software onto users’ Android devices without their knowledge.
If you are currently using the free version of the app (the paid version is not affected), it is highly recommended to delete the app from your device, at least until a fix or update is released, and the app is re-listed in the Google Play Store.
This brings up a good point to help drive home for mobile devices, especially Android ones. Always be wary of the permissions an app requests when running for the first time.
Get a new flashlight app, and it’s asking for permissions to your contacts and messages? Why? That should immediately set off alarm bells, and tell you to remove it right away. Ideally, apps should only ask for the permissions it needs to run properly.
Have you received any emails from or received messages on any sites you frequently visit requiring you to change your password? If so, don’t jump to conclusions. The sites may be merely looking out for you, and not that they have suffered an attack or breach.
Companies nowadays are constantly on the lookout for compromised credentials for users of their site/product/service. Many times, they will check with the dark web for known lists of compromised accounts, and compare the breached credentials with their own databases, to ensure that malcontents don’t try to use the same compromised credentials to hack their way in (called ‘credential stuffing’).
Take the time to read this article:
The most important thing to take away from this article is this:
Don’t reuse passwords across sites.
If you have difficulty thinking of passwords unique to each site, use one of the many flavors of password managers, such as 1Password, LastPass, DashLane, etc. Many of them offer free or low-cost options, can generate unique and secure passwords, and have apps and browser extensions available to integrate auto-filling usernames and passwords into sites and other apps. You’ll never need to remember your passwords again.
Remember MoviePass? Apparently, people are still using it…
TechCrunch has reported that a security researcher had discovered a critical server was not protected with a password, and exposed a database containing over 160 million records to the internet. Many of the records in the database included MoviePass customer card numbers.
Other records contained in the unencrypted database were things such as names, postal and email addresses, logs of (presumably) incorrectly entered passwords, and personal credit card numbers with expiration dates.
MoviePass has since taken the database offline, but until an investigation is conducted, there is really no way to determine what kind of impact this will have on their customers.
Read all about it on Naked Security…
Seen something like this on your Facebook/Instagram feeds? Seems this hoax is making the rounds once again…
Remember, when it comes to spam and hoaxes, ‘just say no’. 🙂
This seemed like a pretty good first post to share with my would-be or soon-to-be followers on this blog.
Security company Sophos has written up a rather interesting blog post in regards to Chrome users.
If you didn’t know, Google offers a Chrome extension called ‘Password Checkup‘.
How does it work? From Sophos:
Every time the user logs into a website, the extension checks a hashed version of the password and username used against a database of four billion possibilities amassed by Google from real data breaches, warning if it finds a match.
The scary part? According to Google, only 1 in 4 people who are notified about breached accounts from the extension actually go about changing their passwords.
How secure are YOUR passwords?
“Cybersecurity is a shared responsibility, and it boils down to this: in cybersecurity, the more systems we secure, the more secure we all are.” -Jeh Johnson
If you’ve found me from my personal style blog (https://thestyleofterry.com), then you’re going to see a whole different side of me! If you’re new, then welcome! I hope you enjoy what you see here.
What is this blog for?
- For me to learn and grow in the ever-changing and complex world of cybersecurity
- To share things I think are important in my journey or to warn you about things you should know – think breaches, vulnerabilities, things like that
A little bit about me: I currently work as a server administrator and a bit in access management for the local university where I live. I’m relatively new to this field. I’ve been working here at various places of the university for almost twenty years. I’ve mainly been doing desktop support. I’ve recently become very interested in cybersecurity, and have started on the path by obtaining my CompTIA Security+ certification.
I am very excited to learn more about this world in my career development, and I hope you will join me on the ride, as I share what I learn, and help try to explain things with more everyday speak.