Corrine Posted October 3, 2017 Share Posted October 3, 2017 October is National Cyber Security Awareness Month (NCSAM). The 2017 Cyber Security Awareness Month marks the seventh anniversary of the campaign. It is also European Cyber Security Awareness Month (ECSM) https://cybersecuritymonth.eu/ and in Canada, https://www.getcyber.../index-eng.aspx Stop | Think | Connect With that in mind, consider the following suggestions not only during Cyber Security Awareness month but every day: Stop: Before you click that formatted link in your email, search results or social media account, mouse over the link to ensure the URL matches the description. Think: Whether it is email, Facebook, Twitter, an online forum or other online media, instead of spouting off the first reply that comes to mind when you disagree, think before you click the send button. Remember that your online reputation can follow you in "real life". Connect: When you connect to the Internet, ensure your device software as well as any apps or third-party software are up to date. Each week, Malwarebytes Labs will focus on a theme and provide helpful articles, useful tips, and valuable analysis so that you can increase awareness and spread the word. This week’s theme: simple steps to online safety. The first: National cybersecurity awareness month: simple steps to online safety | Malwarebytes Labs 3 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 3, 2017 Share Posted October 3, 2017 And run Linux All kidding aside, nice tips. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 3, 2017 Share Posted October 3, 2017 I wonder if Equifax is aware of this. 2 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 3, 2017 Share Posted October 3, 2017 I wonder if Equifax is aware of this. They were aware and did nothing.... 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 3, 2017 Share Posted October 3, 2017 Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 4, 2017 Share Posted October 4, 2017 Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started. Agreed. I really should use it more than I do. I just wish they would let you export the keys as it's useless to anyone that doesn't use it. Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 4, 2017 Share Posted October 4, 2017 Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. Except it was not 1 billion but over 3 billion - that is EVERY single Yahoo account was hacked. And that Russian hack was way back in 2013. Yahoo only decided to tell everyone in 2016. It is only now the real truth about the extent of the hack is coming out because Verizon took over Yahoo recently and in an effort to be transparent and forthcoming, uncovered and revealed the truth. The worry is the bad guys know the answers to common security questions. This information, along with similar information from other hacks lets bad guys know all about you: mother's maiden name, first pet, favorite food, high school mascot, favorite book or movie and more. Years ago, I started answering these questions with nonsense. Favorite movie? Pepperoni. Favorite book? 10011001. Grandfather's middle name? CoffeePot. Different answers for every account. Yeah, it takes a little longer to set up accounts but oh well. It is just another added cost for freedom. Then I put the answers in my password safe. If everyone did not change their Yahoo account passwords back in 2016, they sure should now. And make sure it is not the same as used anywhere else. Sadly, requesting the account be closed does not purge the account, your data, or your emails from every where. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 4, 2017 Share Posted October 4, 2017 Luckily I closed my yahoo account years ago as their spam filters were completely horrid. Quote Link to comment Share on other sites More sharing options...
zlim Posted October 4, 2017 Share Posted October 4, 2017 I've had a Yahoo account since 1999. I've changed the password so many times when there was any hint of trouble. My account has never been hacked because a) I chose NEVER to reuse passwords I store no passwords in the cloud where they could also get hacked and c) I change passwords when I hear rumblings of problems about any site. There is one major thing I truly dislike about Yahoo. Since they bought Flickr, you are forced to use the same password in both places. I really don't think that's a good idea. Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 4, 2017 Share Posted October 4, 2017 My account has never been hacked...That you know of. Your Yahoo account information surely was hacked, however. I don't store passwords in the cloud either. In fact, I don't store anything in the cloud. I might put a photo or document up there temporarily for someone to see/get. But it does not stay there for long. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 4, 2017 Share Posted October 4, 2017 My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly. Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 4, 2017 Share Posted October 4, 2017 My account has never been hacked... My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly.Not the point. It is not about individual accounts being hacked, having issues, or being used by a bad guy. It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters. It is very likely you would not notice if your individual accounts were hacked. Quote Link to comment Share on other sites More sharing options...
zlim Posted October 4, 2017 Share Posted October 4, 2017 (edited) Well I just read every Yahoo account was hacked in 2013. Wonderful. Source: https://www.darkread...in-2013-breach/ So, if they got a password - that was quite a few passwords ago and wouldn't help them at Yahoo or any other site 4 years later. No way can we fully protect ourselves from all the companies who do next to nothing in the way of protecting our information! In Yahoo mail: You can go to Settings, Account Info and select Recent Activity. It shows you the browser used and the location. I also see dates of times going back to 2014 with password changes I made. Nothing looked suspicious in terms of a browser or a strange location. Edited October 4, 2017 by zlim 1 Quote Link to comment Share on other sites More sharing options...
Corrine Posted October 4, 2017 Author Share Posted October 4, 2017 It gets worse: IRS awards multimillion-dollar fraud-prevention contract to Equifax - POLITICO. Quote Link to comment Share on other sites More sharing options...
Pete! Posted October 4, 2017 Share Posted October 4, 2017 It gets worse: IRS awards multimillion-dollar fraud-prevention contract to Equifax - POLITICO. I wonder if that means the IRS will be sending my checks back, because Equifax can't verify that they came from the right person. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 4, 2017 Share Posted October 4, 2017 It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters. They'll get no usable data from hacking my account at any email, forum, or other such site because since the very beginning of my internet odyssey, I've used an alias along with a wonderfully crafted alias profile. To tie that information to my REAL® identity would be somewhat difficult. Only a few very close friends on the Internet know my actual identity and I've rarely exposed my real identity to the Internet. Security by obscurity. It's not foolproof, but it's better than having my REAL® data and information floating around on thousands of servers around the world. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 4, 2017 Share Posted October 4, 2017 It gets worse: IRS awards multimillion-dollar fraud-prevention contract to Equifax - POLITICO. That is insane!!! 1 Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 5, 2017 Share Posted October 5, 2017 We still have not heard if the hacked Equifax data was encrypted or not. You would think surely they encrypted it. But if so, why not say so? They'll get no usable data from hacking my account at any email, forum, or other such siteThat's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too. I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof. I am reminded of what the military calls EEFI (pronounced "eefee") for "essential elements of friendly information". It is a part of OPSEC (operations security) and is a series of unclassified information that, when put together, reveals a classified mission or data. Base supply gets an order for 7 cold weather parkas. Base transportation gets an order for a shuttle bus to arrive at point A by 0330. 21 MREs (meal ready to eat) are ordered to be ready for pickup. The armory orders 100lbs of munitions to replace what was checked out. The Life Support shop is ordered to pack 7 parachutes. Fuels are told to have a C-130 fueled by 0400. Individually, those are common, unclassified events that mean little. Put together and you learn 7 people are leaving very early in the morning, likely to jump in to a cold climate area and planning to stay for up to 3 days. The more bits of unclassified information that is learned, the more details about the mission are determined. Securing passwords is certainly important, but not very effective. With an email address and answers to common security questions, a bad guy can reset a password and change email addresses. That's one reason there is a push to do away with passwords completely. Using an alias is a great idea, but unless you use a different alias at every location, not sure that helps. And it only takes one very close friend to get his or her accounts hacked for your "real identity" ("contact") information to be exposed. While I am confident my network and none of my computers have been compromised, I am assuming that is not the case with every one of my close friends and families who might have my real identity information stored on their computers. In the case of Equifax, if you ever co-signed for a loan for one of your kids, your information may be compromised. If someone used you (with your real name, phone number, street address and relationship) as a reference, you might be (probably are) compromised. I fully believe no matter how careful an individual is and has been, that in no way ensures they have not or will not be compromised. 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 5, 2017 Share Posted October 5, 2017 That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too. I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof. Nope. I'm safe there, too. IPs are currently from all over the world; different on different days --> VPN in use. Prior to using the VPN my IP was nothing more than one of millions in Verizon's IP range. It was dynamic and changed daily. I'm OK with other users in my household because there aren't any... unless, of course, my cats are logging in when I'm not around. You never know. 1 Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 5, 2017 Share Posted October 5, 2017 Well, that's good as far as Internet accounts go. Equifax is another issue all together. 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 5, 2017 Share Posted October 5, 2017 Ah, yes... Equifax has screwed us ALL. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 5, 2017 Share Posted October 5, 2017 Ah, yes... Equifax has screwed us ALL. And the ex-CEO got 18 million for doing so. I wish I could fired and be given 18 million.... 1 Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 5, 2017 Share Posted October 5, 2017 $18 million? Not hardly. Try a $90 million golden parachute! Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 5, 2017 Share Posted October 5, 2017 I was going by this: Equifax CEO walks away with $18 million after data breach affecting half the US occurs on his watch Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 6, 2017 Share Posted October 6, 2017 Yeah, I saw that but note that is just his "pension benefits". He also is getting all sorts of bonus and stock options and more. Regardless, IMO, he had one job - protecting our information - and he failed miserably. He needs to be in jail. And we now know, Hacked data wasn't encrypted. How irresponsible (and arrogant) can you get? There is just no excuse for that. Probably too late but the other credit bureaus better wake up and make sure their data is fully encrypted. Quote Link to comment Share on other sites More sharing options...
Corrine Posted October 12, 2017 Author Share Posted October 12, 2017 Fake flash also on TransUnion: Equifax, TransUnion websites push fake Flash player in malvertising campaign | Malwarebytes Labs. 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted October 13, 2017 Share Posted October 13, 2017 Oh, wonderful. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted October 13, 2017 Share Posted October 13, 2017 Insanity!!!! Quote Link to comment Share on other sites More sharing options...
crp Posted October 16, 2017 Share Posted October 16, 2017 timely , WPA-2 gets hacked. http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/ Quote Link to comment Share on other sites More sharing options...
Digerati Posted October 16, 2017 Share Posted October 16, 2017 WPA-2 gets hacked.It is important to note WPA2 did NOT get hacked. Rather a vulnerability (that's been there all along) was recently discovered. There is no evidence the vulnerability has been exploited - yet. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.