Category Archives: follow cybersecurity

Shopping Security: 5 ways to take the worries out of holiday cyber shopping

Abstract

For the first time ever, a majority of Americans plan do most of their holiday shopping online. But that doesn’t mean they’ve abandoned their worries about cyber shopping. A recent F-Secure survey found that most shoppers in the U.S. have serious concerns about the potential risks that come from checking out online.*

Almost two out of three US internet users (65%) say they worry about the loss of personally identifiable information through a data breach. Nearly the same percentage (62%) say they worry about someone taking over their accounts to steal money. And these worries make sense considering that 62% said that their families have been personally impacted by cyber-crime.

Follow some common rules to secure yourself:

  • Secure all your accounts with two-factor authentication.
  • If you’re going to shop on your phone, use a retailer’s app.
  • Use one browser for all of your shopping and financial transactions: Devote one browser to anything that involves shopping, banking or checking your financial accounts. Don’t use it for anything else—especially social media.
  • Do not click on any link/vacation link appears on the social media.

Reads more in

https://blog.f-secure.com/cyber-shopping-security/

Newsletter:Creating a Cybersecure Home

Several years ago, creating a cybersecure home was simple; most homes consisted of nothing more than a wireless network and several computers. Today, technology has become far more complex and is integrated into every part of our lives, from mobile devices and gaming consoles to your home thermostat and your refrigerator. Here are four simple steps for creating a cybersecure home.

Your Wireless Network

Almost every home network starts with a wireless (or Wi-Fi) network. This is what enables all your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. They both work the same way: by broadcasting wireless signals. The devices in your house can then connect via these signals. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:

  • Change the default administrator password to your Internet router or wireless access point. (Whichever one is controlling your wireless network.) The admin account is what allows you to configure the settings for your wireless network.
  • Ensure that only people you trust can connect to your wireless network. Do this by enabling strong security. Currently, the best option is to use the security mechanism called WPA2. By enabling this, a password is required for people to connect to your home network, and once connected, their online activities are encrypted.
  • Ensure the password used to connect to your wireless network is strong and that it is different from the admin password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.
  • Many wireless networks support what is called a Guest Network. This allows visitors to connect to the Internet, but protects your home network, as they cannot connect to any of the other devices on your home network. If you add a guest network, be sure to enable WPA2 and a unique password for the network.

Not sure how to do these steps? Ask your Internet Service Provider or check their website, check the documentation that came with your Internet router or wireless access point, or refer to their respective website.

Your Devices

The next step is knowing what devices are connected to your wireless home network and making sure all of those devices are secure. This used to be simple when you had just a computer or two. However, almost anything can connect to your home network today, including your smartphones, TVs, gaming consoles, baby monitors, speakers, or perhaps even your car. Once you have identified all the devices on your home network, ensure that each one of them is secure. The best way to do this is ensure you have automatic updating enabled on them wherever possible. Cyber attackers are constantly finding new weaknesses in different devices and operating systems. By enabling automatic updates, your computer and devices are always running the most current software, which makes them much harder for anyone to hack into.

Passwords

The next step is to use a strong, unique password for each of your devices and online accounts. The key words here are strong and unique. Tired of complex passwords that are hard to remember and difficult to type? So are we. Use a passphrase instead. This is a type of password that uses a series of words that is easy to remember, such as “Where is my coffee?” or “sunshine-doughnuts-happy-lost”. The longer your passphrase is, the stronger. A unique password means using a different password for each device and online account. This way, if one password is compromised, all your other accounts and devices are still safe. Can’t remember all those strong, unique passwords? Don’t worry, neither can we. That is why we recommend you use a password manager, which is a special security program that securely stores all your passwords for you in an encrypted, virtual safe.

Finally, enable two-step verification whenever available, especially for your online accounts. Two-step verification is much stronger. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app on your smartphone that generates the code for you. Two-step verification is probably the most important step you can take to protect yourself online, and it’s much easier than you think.

Backups

Sometimes, no matter how careful you are, you may be hacked. If that is the case, often the only way you can recover your personal information is to restore from backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most mobile devices support automatic backups to the Cloud. For most computers, you may have to purchase some type of backup software or service, which are relatively low- priced and simple to use.

CyberSecurity: Triton is the world’s most murderous malware & It’s spreading.

Abstract

The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.

How dangerous it is?

The malware made it possible to take over these industrial systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm.

Read more in

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

CyberSecurity: There are no free apps.

In our phone, We all have many types of applications. Many useful Applications. Some apps may not pre-installed in the phone by default. So, We download apps like document scanner, themes, daily useful apps like flashlight etc. It is pretty common nowadays.

Some of these apps are so useful & helpful. And, The concern is not why you have so many apps. But, You may not know the unethical internal working of these apps. Before getting into those details. Let’s ask yourself a few open questions.

  • Have you ever wondered why these apps are free for everyone?
  • What does a particular app get in return? You have not paid anything for that app.
  • Google play does not charge to the user but they charge to register apps. So, Why Apps are free?

One thing we all should understand about apps that there are no free apps. In other words, There is no free lunch. Nothing is free for sure. Even Google is not a free service provider. Otherwise how would generate 12 Billion per year as their profit.

So, How does an app make money?

If we just talk about apps, Ads banners in apps is a common methodology to generate revenue but nowadays surveillance economy is on the boom. Below snapshot shows that a torch (flashlight) application is asking permissions on your locations, your phone calls, Camera, contacts, messages etc.

Have you ever wondered why a simple torch application needs to access your messages, contact list & phone calls? Why on earth a torch app needs access to phone calls to run a simple flashlight?

This is the unethical surveillance business of these applications. They access everything from your phone. These apps collect user data & sell to other vendors & services. Then other services provide content, ads on the other apps name of personalization. Every organization, apps, website etc are after your personal data & interested in your life, day to day activity. In a way, it is white-collar hacking.

Another example of surveillance. The truth of IOT Devices: Amazon Echo is not just a radio or music player. It is a surveillance device who actually spy on you when you have a private conversation with your wife, kids etc. Below Link is proof that the Echo does spy on homes.

A judge has ordered Amazon to hand over recordings from an Echo to help solve a double murder case

What’s wrong if an app asks for these permissions?

Ignorance of the users & poor understand of these apps technology is not a problem. Problem is that these apps are not mean to do what they are doing. These apps have a higher level of access and if they wish they could target individuals or hack individual. Who knows what these apps are doing?

The user never wishes to share their contact details with apps but many apps do not even ask for permissions. Apps just steal all the user information. Even Google has started banning some of the apps.

Final Thought: The purpose of the cyber article is not to scare anyone. You should know & be aware of what you are downloading & what a particular downloaded app is doing? Awareness is the key in the cyber world.

Ask right questions is your right and you should be asking.


CyberSecurity: Someone is trying to take the internet down.

I have been reading a lot of DDOS attacks & recently found that DDOS attack is so powerful that it could take the whole internet down. As per many references & stories, it is already happening. Let me share some of the interesting stories. Things are scary but we all should be aware of the danger. It is not fictional Hollywood movies anymore. It is real now.

Story-1: The internet’s worst-case scenario finally happened in real life: An entire country was taken offline, and no one knows why

Abstract

For years, countries have worried that a hostile foreign power might cut the undersea cables that supply the world with internet service.  Late last month, we got a taste of what that might be like. An entire country, Mauritania, was taken offline for two days because an undersea cable was cut. 

The 17,000-kilometer African Coast to Europe submarine cable, which connects 22 countries from France to South Africa, was severed on March 30, cutting off web access partially or totally to the residents of Sierra Leone and Mauritania.

Story-2: 3 US hackers took out key parts of the internet in 2016 because they wanted to make money on Minecraft

Abstract

Three US hackers have pleaded guilty to creating the Mirai botnet, which took out some of the internet’s biggest sites last year including Reddit, Spotify, and Twitter through distributed denial of service (DDoS) attacks.

The goal of DDoS in Minecraft is to try and frustrate users on a rival server with slow service — so that they end up switching to yours.

Story-3: INSIDE THE CUNNING, UNPRECEDENTED HACK OF UKRAINE’S POWER GRID.

Abstract

One worker was organizing papers at his desk inside the Prykarpattyaoblenergo power grid control center, the cursor on his computer suddenly skittered across the screen of its own accord.

He watched as it navigated purposefully toward buttons controlling the circuit breakers at a substation in the region and then clicked on a box to open the breakers and take the substation offline. A dialogue window popped up on the screen asking to confirm the action, and the operator stared dumbfounded as the cursor glided to the box and clicked to affirm. Somewhere in a region outside the city, he knew that thousands of residents had just lost their lights and heaters

The operator grabbed his mouse and tried desperately to seize control of the cursor, but it was unresponsive. Then as the cursor moved in the direction of another breaker, the machine suddenly logged him out of the control panel. Although he tried frantically to log back in, the attackers had changed his password preventing him from gaining re-entry. All he could do was stare helplessly at his screen while the ghosts in the machine clicked open one breaker after another, eventually taking about 30 substations offline