Public Wi-Fi DOs and DON’Ts

Advertisements

Russell Stover Suffers Security Breach

Image by Jill Wellington from Pixabay

Forrest Gump’s mama nailed it on the head.

My mama always said, ‘Life was like a box of chocolates. You never know what you’re gonna get.’

Today, Russell Stover has announced that they’ve suffered from a data security incident affecting purchases made from retail stores. Purchases made between February 9 and August 7, 2019 may have been impacted.

From their press release:

While Russell Stover’s investigation is ongoing, the company believes that certain payment card data, including some consumers’ first and last names, payment card numbers and expiration dates could have been acquired. At this time, Russell Stover has no evidence that any information has been inappropriately used.

Malware Discovered in Free Version of CamScanner App for Android

The Hacker News is reporting that malware has been discovered embedded within the free version of CamScanner, a popular app for creating PDF documents. The free version, which had over 100 million downloads, has been removed from the Google Play Store.

Image by 200 Degrees from Pixabay

Researchers had recently discovered a hidden Trojan module within the app that could allow remote attackers to download and install malicious software onto users’ Android devices without their knowledge.

If you are currently using the free version of the app (the paid version is not affected), it is highly recommended to delete the app from your device, at least until a fix or update is released, and the app is re-listed in the Google Play Store.

This brings up a good point to help drive home for mobile devices, especially Android ones. Always be wary of the permissions an app requests when running for the first time.

Get a new flashlight app, and it’s asking for permissions to your contacts and messages? Why? That should immediately set off alarm bells, and tell you to remove it right away. Ideally, apps should only ask for the permissions it needs to run properly.

Forcing a Password Change Doesn’t Always Mean Assume the Worst

Image by Gerd Altmann from Pixabay

Have you received any emails from or received messages on any sites you frequently visit requiring you to change your password? If so, don’t jump to conclusions. The sites may be merely looking out for you, and not that they have suffered an attack or breach.

Companies nowadays are constantly on the lookout for compromised credentials for users of their site/product/service. Many times, they will check with the dark web for known lists of compromised accounts, and compare the breached credentials with their own databases, to ensure that malcontents don’t try to use the same compromised credentials to hack their way in (called ‘credential stuffing’).

Take the time to read this article:

https://krebsonsecurity.com/2019/08/forced-password-reset-check-your-assumptions/

The most important thing to take away from this article is this:

Don’t reuse passwords across sites.

If you have difficulty thinking of passwords unique to each site, use one of the many flavors of password managers, such as 1Password, LastPass, DashLane, etc. Many of them offer free or low-cost options, can generate unique and secure passwords, and have apps and browser extensions available to integrate auto-filling usernames and passwords into sites and other apps. You’ll never need to remember your passwords again.

MoviePass database found storing unencrypted customer information

Picture comes from here

Remember MoviePass? Apparently, people are still using it…

TechCrunch has reported that a security researcher had discovered a critical server was not protected with a password, and exposed a database containing over 160 million records to the internet. Many of the records in the database included MoviePass customer card numbers.

Other records contained in the unencrypted database were things such as names, postal and email addresses, logs of (presumably) incorrectly entered passwords, and personal credit card numbers with expiration dates.

MoviePass has since taken the database offline, but until an investigation is conducted, there is really no way to determine what kind of impact this will have on their customers.

What a hoax… Facebook is NOT making your content public!

Facebook Hoak. Image Source: https://www.offthepegdesign.com/peg-talk/facebook-hoaxes/. Fair Use.

Read all about it on Naked Security

Seen something like this on your Facebook/Instagram feeds? Seems this hoax is making the rounds once again…

Don’t forget tomorrow starts the new Facebook rule where they can use your photos. Don’t forget Deadline today!!! It can be used in court cases in litigation against you. Everything you’ve ever posted becomes public from today Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook’s privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute. NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tacitly allowing the use of your photos, as well as the information contained in the profile status updates. FACEBOOK NOR ANYONE ELSE DOES NOT HAVE MY PERMISSION TO SHARE PHOTOS OR MESSAGES

Remember, when it comes to spam and hoaxes, ‘just say no’. 🙂

Use Chrome? Have you changed your passwords lately?

This seemed like a pretty good first post to share with my would-be or soon-to-be followers on this blog.

Security company Sophos has written up a rather interesting blog post in regards to Chrome users.

If you didn’t know, Google offers a Chrome extension called ‘Password Checkup‘.

How does it work? From Sophos:

Every time the user logs into a website, the extension checks a hashed version of the password and username used against a database of four billion possibilities amassed by Google from real data breaches, warning if it finds a match.

The scary part? According to Google, only 1 in 4 people who are notified about breached accounts from the extension actually go about changing their passwords.

How secure are YOUR passwords?

The Obligatory Introduction

“Cybersecurity is a shared responsibility, and it boils down to this: in cybersecurity, the more systems we secure, the more secure we all are.” -Jeh Johnson

If you’ve found me from my personal style blog (https://thestyleofterry.com), then you’re going to see a whole different side of me! If you’re new, then welcome! I hope you enjoy what you see here.

What is this blog for?

  • For me to learn and grow in the ever-changing and complex world of cybersecurity
  • To share things I think are important in my journey or to warn you about things you should know – think breaches, vulnerabilities, things like that

A little bit about me: I currently work as a server administrator and a bit in access management for the local university where I live. I’m relatively new to this field. I’ve been working here at various places of the university for almost twenty years. I’ve mainly been doing desktop support. I’ve recently become very interested in cybersecurity, and have started on the path by obtaining my CompTIA Security+ certification.

I am very excited to learn more about this world in my career development, and I hope you will join me on the ride, as I share what I learn, and help try to explain things with more everyday speak.