AskCyberSecurity.com

Cyber Security News - Data Privacy Advocates

xe Money Transfer
AskCyber Home » Archives for Max » Page 2

Max

Saturday Sitrep: Covid-19 and Telecommuting

by

With a national state of emergency declared in the United States and with states declaring quarantines around confirmed clusters of infections, people are finding themselves forced to work from home. This shift to telecommuting, however temporary, increases the threat exposure of any company with employees working from home. Businesses spend millions building, maintaining, and policing their internal networks. Their servers, routers, and anti-intrusions measures are the best they can afford. None of that can be said for the home of your average employee, after all they’re not worried about an intrusion attempt. Unprotected software and hardware represent a treasure trove for bad actors, and we should expect a rise in phishing and malware attacks in the coming weeks as corporate data finds itself moving through unusual channels. The solution to this is the use of a VPN, which would provide a safe way to transmit data. Some companies may have invested into a corporate level VPN and provided their employees with the training to do so. We recommend a VPN for everyday use, and especially when working with sensitive or confidential data. Check out our guides on how to work from home securely!

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Spam Text Messages – How to Block Text Spam Messages

by

Spam Text Messages – How to Recognize and Stop Spam Text Messages

Spam texts are a type of spam, or unwanted communication, sent via SMS text message to a recipient’s phone. SPAM is any type of unwanted or unsolicited communication sent individually or en masse via text messages, spam emails, robocalls, or chats. Spam texts may deliver unwanted, irrelevant, or inappropriate messages. The spam texts are often malicious in nature and try to trick the recipient into clicking on a link or to respond with personal information

Scammers send spam texts to fool recipients into visiting malicious websites or divulging personal information.

When a spammer gets your email address, name, username, password, or account number, they could gain access to your email, bank or other online accounts. Often people reuse the same password across multiple online accounts. If a hacker gains access to something low-level like a social media account taken off and use it to hack into your email and reset the passwords and more valuable accounts like your bank or credit cards. Read our post on how the most common hacked passwords

Hackers also send spam texts to collect personal data to sell on the dark web.

This Post Covers

  1. Spam Text Message Example
  2. Can You Get Hacked by Responding to a Spam Text?
  3. What Are Spam Text Messages?
  4. Why Do I Get Spam Texts??
  5. How to Block Spam Texts
  6. Block Spam Texts iPhone
  7. Block Spam Texts Android
  8. What to Do About Spam Text Messages

Spam Texts Example

Scammers who send spam texts use a variety of messages to trick recipients into taking action. Often the spam text messages prompt the recipient to reply to a text message or click on a link. In the case of a spam text message, replying to the message even to opt-out of future texts, only confirms to the spammer that the phone number is valid and monitored. Clicking on a malicious link in a spam text message may begin a malware download or infect the phone with spyware.

Spam Text Messaging Signal
Spam Text Messaging (Image 1)

Spam Texts May Include Messaging That

  • Offers gift cards like our example spam text (Image 1)
  • Promises prizes or cash for participating in the survey
  • May I offer things a recipient is otherwise not eligible for like a large alone or credit card

When it comes to spam text messages the old adage is real, if an offer sounds too good to be true it probably is.

What Are Spam Text Messages?

Spam texts are a type of unwanted or unsolicited communication, just like spam emails, sent to large numbers of phones. They may send an offer, advertisement, or other messaging. But often spam texts are designed to trick the recipient into giving up personal information, credit card numbers, or login credentials to online accounts.
If you receive a spam text, it may be a violation of the law. According to the Federal Communication Commission (FCC), it is unlawful to send unsolicited commercial messages to wireless devices unless the recipient agreed to receive the messages from a sender. Sender must get permission first.

RELATED READ: How to Get Started With Encrypted Messaging Apps

Can You Get Hacked by Responding to a Spam Text?

Spam texts often sent by a scammer to verify that the phone number is active and monitored. In this scenario, if you follow the instructions and reply with STOP to opt out of future text messages, you may very well have the opposite effect. Scammers may send a text message periodically to test phone numbers for future campaigns. The spam texts contain instructions on how to opt-out of future texts, but following the instructions only confirms to the hacker that the phone number is valid. Replying with STOP often results in an increase in future text messages.

  1. Spam texts are often designed to steal personal information and can cause finacial ruin. Text scams are cleverly disguised as promotions, credit offers, and limited time offers and try to get you to reveal personal information. To receive these offers, you must provide information such as your credit card and date of birth
  2. Clicking on a link in a spam text may send you to a malicious website that downloads malware or spyware to your phone. If you engage with a spam text message and don’t have an antivirus app installed your phone could be taken over by ransomware spyware or other malware.
  3. If you don’t have an unlimited data plan, spam text messages may result in additional charges on your monthly wireless carrier bill. That’s one reason why businesses are required to ask you to opt-in to text message notifications and caution you that data charges may result.

Why Do I Get Spam Texts?

People often get spam texts and spam emails because they give away their personal information too easily . Oftentimes, contests and loyalty rewards programs are a way to collect phone numbers and email addresses that are sold to marketers and other businesses. If you are receiving a lot of spam texts:

  1. Check your social media accounts for publicly visible personal information like phone numbers or email addresses
  2. Stop Signing up for Contests and promotions. If a business or social media account asks that you give away your phone number or email address to enter a contest it’s most likely so they can spam you with future promotional messaging
  3. Don’t give your contact Information away. Including business cards, to just anybody at trade shows or other business events
  4. Don’t participate in online surveys
  5. Don’t give your phone number to retailers to send you promos, coupons, in store receipts or to join loyalty programs

How to Block Spam Texts

Legitimate companies offer subscribers the chance to opt out of receiving SMS text messages from them. First, if the company is legitimate you must have opted into receiving texts for this to occur. Scammers use this tactic to confirm phone numbers.

File a Complaint with the Feds

According to the Federal Trade Commission (FTC), it is not legal to send unsolicited commercial text messages to wireless devices without the owner’s consent. This act includes text messages to your cell phone. The only exceptions to this law are transactional messages, or non-commercial messages such as political surveys or fundraising messages

What to Do About Spam Text Messages

Do place your cell phone number on the National Do Not Call Registry. Visit the Do Not Call Registry to add your phone number to the Federal Trade Commission’s National Do Not Call Registry The FTC Do Not Call list lets you opt out of robocalls and spam texts, but this really only going to help you with legitimate businesses that respect the registry and the law.. Scammers and hackers are most likely going to ignore the law and send you text messages anyway.

  1. Do not reply to a spam text message
  2. Do not send a new message to the spam phone numbers
  3. Don’t click on any links in the text message
  4. Don’t reply with “STOP” or follow any other instructions to supposedly opt out of future SMS messages

Report Spam Text Messages to Your Wireless Carrier

If you receive spam texts, it’s pretty easy to report the messages to your wireless carrier. The phone number is the same no matter who your wireless carrier is.

Report spam text messages to AT&T, Sprint, Verizon, or T-Mobile by forwarding the suspected spam text to 7726 (SPAM) from your phone. Your wireless carrier will reply with a text asking for the phone number of the spam text

Block Spam Texts iPhone

  1. Unlock the iPhone that is receiving spam texts are robocalls
  2. Open the text from the number you want to block
  3. Tap the info (i) icon
  4. From the Details screen, scroll down
  5. Select Block this Caller

Block Spam Texts Android

  1. Unlock your Android phone
  2. Open your phone app
  3. Tap on the three dots in the upper right corner Choose Settings
  4. Tap Block numbers
  5. Choose a Phone number from the list of recent calls
  6. Alternatively, tap the People Icon to choose a contact or group to block

You will find several options including unknown callers, recent call, or from your contact list. Select the phone number you want to block. If you know a phone number that you want to proactively block, you can choose to type it in from this screen.

How to Report Spam Text Messages to the FTC

If you receive a spam text or marketing call 31 days after your number was added to the National Do Not Call Registry, report it to the FTC.

  • Forward the spam text to 7726 (SPAM)
  • Report it to the Federal Trade Commission at ftc.gov/complaint

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

FormBook Malware Exploits Coronavirus Outbreak Fears

by

FormBook Malware Exploits Coronavirus Outbreak Fear Steals Screenshots and Keystrokes

Another Coronavirus themed phishing email campaign is sending FormBook malware to victims. This cyber attack tries to trick the reader into opening an email attachment disguised as Word Health Organization (WHO) information about the Coronavirus outbreak. If the victim opens the zipped email attachment it executes a file that begins a malware download and infects their device. FormBook malware is an info-stealer and has been used as spyware. This FormBook malware campaign captures screenshots of the infected computer’s desktop, read information that is copied to the clipboard, and records keystrokes. The malware can also clear the infected device’s browser cookies, downloading files, and executing them.

The newest phishing email campaign is disguised with informative and even colorful graphics designed to look like they are sent by the World Health Organization. The graphics, seen on Malware Hunters Twitter feed, even tell the reader how many gloves and masks have been used to fight the disease. The reader is also encouraged to read a pdf file to learn more information. The email has a zipped file attachment that supposedly offers stats and updates on COVID-19. The attachment contains a malicious executable called “MyHealth.exe,” which is disguised as an Excel spreadsheet, the researchers report. The Adobe .pdf is of course weaponized. Opening the attachment begins a malware download that infects your computer with FormBook malware. The reader is also encouraged to send a rely email to learn about grant money. Replying to any scam email only confirms to the hacker that the receiving email address is valid and monitored.

RELATED READ: Remote Work – Six Ways to Keep Your Data Safe When Working Remotely

FormBook malware is an information-stealer malware that was first seen in 2016. FormBook malware was used previously to impersonate DHL in a phishing campaign. It was also used to exploit a pair of Microsoft Office exploits (CVE-2017-0199 and CVE-2017-11882) to spy on the infected systems.

Coronavirus Phishing Emails

Since January 2020, over 4,000 new coronavirus-related domain names were registered globally. Of those with websites, three percent are malicious and another five percent of the websites are suspicious. This is according to cyber security researchers at Check Point. In that same time, there has been an increase in the number of phishing and malware campaigns using delivering Emotet malware. Emotet is the most common malware used in cyber attacks against local governments and small businesses.

This is not the first or even second wave of new Coronavirus phishing email and malware. COVID-19 themed phishing campaigns started in Japan with similar, supposedly useful public health information send vis phishing emails. They were accompanied by email attachments that if opened would launch malware attacks.
London University launched an online course to help educate the public about the Coronavirus. When in doubt visit the World Health Organization website for virus information. Johns Hopkins University has an up-to-date map of all new cases.

Now is the time to educate employees increased cyber security related fraud targeting employees and consumers. Hackers are exploiting people’s fears about the COVID-91 outbreak as it spreads worldwide. Anyone can be targeted by a Coronavirus themed email that is cleverly disguised with supposedly helpful information, attachments, and maps. The emails are either phishing emails, malware downloads, or both.

  1. Read our guide on how to spot a phishing email so you can learn how to scrutinize and protect yourself against phishing email, spear phishing emails, and malicious email attachments
  2. Download a quality antivirus app to protect all of your computers and phones
  3. Use a quality VPN to protect your data

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Saturday Sitrep: EARN IT Act vs Encryption

by

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (“EARN IT“) was introduced into the US Senate, and while the bill has good intentions (combatting child pornography and sexual trafficking), the measures it calls for are seen as going too far by many in the IT industry. Specifically, EARN IT is intended to counter the rising cyber awareness of criminals and sexual predators who have readily adopted the use of encryption and secure transfer technology so they can share their horrific content without fear of reprisal from law enforcement. It’s unfortunate that the criminal world seems quicker to adopt good cyber practices than corporations. There have been several high-profile cases of law enforcement agencies vs. tech companies, primarily Apple, when law enforcement is unable to get access a suspected criminal’s devices due to the encryption. In every instance, the tech companies have resisted the request to unlock the device, primarily because strong encryption means that not even the manufacturer has access to the encryption key for an individual device. Worse still, some lawsuits have seen law enforcement agencies asking for a backdoor to be built into encryption schemes, with the promise that law enforcement will only use it when necessary. Rightly so, tech companies have pushed back even harder against those requests as they would utterly invalidate the very concept of encryption. EARN IT removes the protection from liability provided to tech companies with regards to user-created content unless they comply with several requirements. The leaked draft version of EARN IT banned the use of end-to-end encryption, which would allow the government, or anyone else, to listen in to all of your web traffic. The DOJ has an open request to major tech companies to stop employing end-to-end encryption, under the pretext of preventing terrorism and sexual exploitation. While these are noble requests, you need to ask yourself if totally surrendering your privacy is the right choice. Sure, EARN IT probably would help law enforcement tracking predators and other dangers, but is it the most effective way to do so? Does the information it provides balance out the cost of stripping an individual’s right to privacy? EARN IT creates a dangerous precedent for other legislation that would weaken your right to privacy.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Let’s Encrypt Revokes Millions of Website Security Certificates

by

Let’s Encrypt Revokes Over 3 Million Digital Security Certs – How to Check if a Website is Safe to Use and the Certificate is Valid

A security bug was discovered on February 29, 2020 in millions of Let’s Encrypt website security certificates. As a result, over three million TLS encryption certificates issued by Let’s Encrypt were revoked – rendering them invalid. The company found a bug in its Certificate Authority Authorization (CAA) code. All certificate authorities — like Let’s Encrypt – are required by law to comply with the CAA or incur steep penalties from web browser producers. It is believed that the bug was existed since 25 July 2019.
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Although the majority of website encryption certificates do not pose a security concern for consumers, the law requires that the certificates be revoked and replaced because they are not in full compliance with specific standards.

Let’s Encrypt sent emails to all website owners affected by the bug. Those websites will have to install a new, valid certificate to reestablish encryption on their websites. If your Let’s Encrypt certificate was is managed by your hosting provider, like this website is managed by our hosting provider Siteground, then it is possible that they have already handled this issue for you. To check your website’s certificate, go to https://checkhost.unboundtest.com/ and enter the URL.

Lets Encrypt Logo
Lets Encrypt Logo

What is Let’s Encrypt?

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) . The organization provides free website security certificates for Transport Layer Security (TLS) encryption. Let’s Encrypt, along with SEO policies from Google, helped move the internet to a more secure environment with their free service.

Internet users should always be mindful of what websites they shop on and who they give payment card numbers and personal information to. Shoppers can also use a free Let’s Encrypt online too to check to see if a website is considered safe and secure to use.
Go to this URL to check any website certificate https://checkhost.unboundtest.com/

Read our Tips for Safe Smartphone Shopping to help protect your money and data.

What Does Website Encryption Matter?

Whenever you enter sensitive information including usernames, passwords, and payment card information on a website or app, your data is transmitted over the internet connection being used by your device. If that data is not encrypted from the instant it leaves your phone or computer, then it can be intercepted and read by anyone else who is using that same internet connection. For example, the WiFi connection at coffee shops is public and not secure to use.

Websites also have to be secured with encrypted digital certificates website security certificates for Transport Layer Security, TLS, encryption. Often this is referred to as SSL which is an earlier encryption technology or HTTPS. Using TLS encryption ensures that all of the information entered in a webpage is secured and cannot be intercepted by hackers. Even if a website only requires a username and password and does not accept payment information it is still important that the information be secured with encryption.
People commonly use the same passwords across multiple accounts. If a hacker can steal low level usernames and passwords to social media accounts, they can often use that to hack into more important accounts like bank accounts and credit cards.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Coronavirus Cyber Security Preparations

by

Coronavirus Cyber Security Preparations – Prepping for Survival During the COVID-19 Outbreak Involves Collecting Basic Supplies and Cyber Security Beast Practices

We write a lot about viruses but have always talked about computer viruses, malware, worms – and other malicious things that can happen to our beloved phones and laptops. Cyber security best practices include survival skills to protect your money, keep your data private and protect yourself online. But prepping means more than protecting your phone with an antivirus app and a virtual private network. Our survival skills and prepping now considers the breakdown or inability to communicate using WiFi, the internet, and all of our electronic gadgets.

Since January, we have been watching the spread of COVID-19, the novel Coronavirus, that is spreading globally and has not successfully infiltrated the United States. The attempt to contain COVID-19 has resulted in quarantined communities, travel bans, and testing that cannot keep up with the outbreak. Do you know how to get information if you are physically cut off from your regular contacts? Do you have enough supplies to live at home without going to a market? Or what if the market has nothing to sell?

If you think you need two of something (like gallons of drinking water) then you should store three. If you feel you only need one, then have two on hand. Be more prepared than you think. You will have enough to survive isolation or share with others in need.

Here are real-world tips for cyber prepping:

Download Email Contacts

Download your phone contacts including phone numbers and names. Let’s face it, how many people’s phone numbers do you have memorized? It’s convenient to have them stored in the cloud, but if you lose access to the internet, you won’t be able to call, message, or text anyone if you don’t have their number and a functioning device.

Although the Coronavirus, or other emergencies, may not cause the internet to go down, it’s possible that you may be in an area silenced by government censorship, or more likely an overloaded network. When 9/11 happened, I lived in central New Jersey. I had been on the phone with people further North in New Jersey when the cellular network went dead. Our landline wouldn’t work either. I watched fighter jets fly overhead for days but all the while, I could not place a call for days. Add some apps like WhatsApp, WeChat, or other apps that can use the internet or cellular service so you can stay in touch with loved ones.

Go Old School, Grab a Radio

Get a Radio (or two). You should have a few backup communications systems planned. Two-way radios are a good, old school, way to maintain communications when our smartphones cannot connect. Step up your preparedness with encrypted two-way radios. Why encrypted? Hopefully, we all stay sensible and social order prevails. But it’s nice to keep comms private while talking over public airwaves. Think of it as scrambled walkie-talkie.

Better yet, get an antena. goTenna’s mobile mesh networks enable communications even when cell, wifi, and satellite are unavailable.

Get a Map

Do you know your way to Grandma’s house without using Google Maps or Waze? Get a map of your local area or the location you plan to hole up in. Find alternative sources of water in the event there is a shortage. Some biological contaminants (not the Coronavirus) are water borne and that may make water scarce. Speaking of contaminated water, make sure your immunizations are up to date. Like your smartphone and laptop, you can get viruses too!

Defend Against Malware Attacks

Assuming that you’re still connected to th internet, watch out for scams. As always you have to be wary of people who are out to scam you. COVID-19 has only been around since January and there are at least four variants of Coronavirus themed phishing emails spotted in the wild. The content of these malicious emails plays off these fears of people worried about the global infection. Under the banner of offering helpful virus related information but delivers Emotet malware if the recipient opens an attachment.

Emotet malware is a banking trojan that can steal banking credentials or download even more malware.

Stash Some Water

You need water to live. Don’t count on buying bottled water from a local store either. In the anxiety mounting over the spread of COVID-19 across the globe, people stocking up food and supplies over Coronavirus fears have already resulted in a shortage of necessities. Stores like Costco and Home Depot have placed limits on purchase quantities.

Establish a Meet Up Point

One of my biggest concerns is that my group is separated when an emergency begins, or something happens to our home base while someone is out on a supply run. For example, if something happens to our home (we live in a coastal storm area) and we need to flee, where will we meet up again? How will we know to meet up? What do we bring along if forced to flee home and how will you carry your supplies?

During the days following 911, we had a vehicle stocked with food, clothes and supplies. It was kept with a full tank of gas and ready to go. We had no idea what happened, why, and what could happen next. You have to know where the next meeting point is, especially if you don’t have working communications. You should have a go-bag prepared with the essentials and some escape routes planned.

Tools

Along with basic supplies, food, and water, yiu’re going to need some tools. A useful and rugged Leatherman is one of our favorites. We’ve used it for micnor reapirs, to gt the oil cap off airplane engines, and for cutting.

Stay Away from Public Gathering Places

You may get lonely holed up for days, weeks, or months while chaos subsides. But the temptation to head to shopping malls or crowded public areas for information or entertainment isn’t a good plan. Close contact is how diseases like the Coronavirus, SARS, and MERS are spread. Appearing in public may also be dangerous. If you aren’t looking as gaunt or pale as everyone else, that may mean you have supplies.

Stock Up on Food and Medicine

As the COVID-19 Coronavirus advances across the United States, food and basic medical supplies will be snapped up. Stocking up ahead of time will make sure you are prepared, and it will also keep you out of markets and other public spaces.

Stock up on Batteries

If electricity fails or is working intermittently, you’ll need a way to charge batteries on phones, laptops, or portable lights. Have some rechargeable Lipos as well as NiCad batteries on hand in the sizes you need for flashlights. Make sure you have lots of candles and a way to light them.

Stay Informed

Rumors and fake news spread like wildfire during panic and cause unneccesary anciety. Check WHO website and CDC website for updates as well and local government websites for accurate information. Listen to reliable news sources like NPR. In the event of a global disease outbreak stay informed by reading updates from the World Health Organization (WHO) website, the US Center for Disease Control (CDC) and the US Department of Homeland Security (DHS).

Check your local health department and school district website for information on closing, vaccinations, and outbreak status.

Use Twitter

Like it or hate it, or not Twitter is a good resource for information and news. Twitter is a light and simple mobile app. it’s also fast to load and you can leave direct messages, so consider signing up for a Twitter account. Most government agencies have a Twitter profile and use it to inform the public with updates.

Limit What You Share on Social Media

Anytime you go on vacation or travel for work your home is at risk. Thieves troll social media looking for people posting vacation photos meaning their home is unattended. If they can go back in your profile and find older photos that identify where you live, then it’s an opportunity to burglarize your home.

If you decide to hole up with friends or family leaving your house empty, then it is at risk for theft. Even if there was no Coronavirus, posting on social media that you are not at home is an invitation for ordinary thieves or looters to break into damage property or steal.

Remember to practice sensible social media best practices – all the time, not just during times of crisis.

  1. Avoid oversharing online
  2. Don’t post your location unless it’s needed in the SHTF scenario
  3. Don’t post photos or share info about your wealth. In this case it may be how much food you have rather than how big your house is
  4. Use a VPN to protect your username and password. Hackers capitalize on times of trouble and are always looking to scam data

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Saturday Sitrep: Huawei vs the US Government

by

Saturday Sitrep: Huawei vs the US Government

The US government publically decided to bar Huawei products from being used, limit Huawei’s access to the US market, and attempted to convince its allies to do the same while claiming that major security flaws existed in Huawei products that would allow the Chinese government to spy on any Huawei user. The US government also claims that Huawei is soo closely intertwined with Chinese intelligence agencies as to be inseparable and that any device produced by Huawei would be too vulnerable to the insertion of intelligence gathering software of hardware. In this day and age, communications technology is a major source of risk, whether communications are protected (such as a terrorist’s device) or unprotected (and thus, easy to break into). It’s important to note that the US government has, and most certainly still does, attempts to sell compromised hardware and software to individuals and organizations for it to exploit in the future. At the RSA conference in San Francisco, Katie Arrington acknowledged that every intelligence agency is engaged in this practice because the rewards it can provide are too great to pass on. For its part, Huawei has repeatedly denied any collaboration with Chinese intelligence gathering agencies and has asserted that its production facilities are secure. Huawei has challenged the US ban in court, but the results of that challenge will take years of litigation to find. Beyond challenging the ban legally, Huawei claims that as the largest producer of mobile products in the world that the US simply can’t choose to not work with them. Huawei produces on a scale totally unmatched by other mobile companies and is capable of leveraging economies of a completely different scale. Huawei devices, even in the US, are usually cheaper than the equivalent device produced by mainstream brands. Huawei is also the premier producer of 5G technology, something that the US has declared to be of critical strategic importance.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Facial Recognition Company Clearview AI Breached

by

Facial Recognition Company Clearview AI Breached – Facial Recognition Tech Company Law Enforcement Customer List Stolen

A controversial facial recognition technology company, Clearview AI, had its entire customer list of police agencies stolen. The company announced the data breach in letters to its customers. The stolen data includes Clearview’s customer data, which are all law enforcement agencies or banks. The stolen data includes the name of the subscriber, number of their user accounts, and the number of searches the customers had conducted.

Clearview maintains their own database of an incredible three billion images of people, all of which were collected and stored without innocent people’s knowledge or consent. Clearview positions itself and its technology as a resource for law enforcement. The Federal Bureau of Investigation (FBI) facial recognition database has about 600 million images. According to the Clearview website, the company’s mission statement, “Clearview is a new research tool used by law enforcement agencies to identify perpetrators and victims of crimes.” Clearview’s website states it has helped law enforcement “down hundreds of at-large criminals.”

The statement from the company, reported by the Daily Beast, said that someone “gained unauthorized access” and stole the entire customer list comprised of police forces, law enforcement agencies, and banks. The company said that the person didn’t obtain any search histories conducted by customers, which include some police forces.

Clearview AI’s attorney Tor Ekeland said, “unfortunately, data breaches are a part of life.”

security cameras
security cameras

The company developed technology that matches faces and information to a database of more than three billion images. The images and video footage were scraped from public social media sites like Facebook, Venmo, YouTube, and more. Although this is legal, it is against the terms of service the sites established for themselves. Scraping is a term that means using automated software to visit websites and download text, photos, and other information from each page. Sony Life is Clearview AI’s parent company.

Access to the information is shared with Law Enforcement agencies as a subscription service.

There is also the Clearview app that lets police take a photo of anyone, anywhere and use the app to retrieve personal details like name, address, and anything else on file. All of this can happen without knowledge or consent of those being photgraphed, including those who have not been accused, charged, or convicted of any crime.

Clearview built its database by scraping information from public facing websites and social media sites. The company retains the images in their database even after users delete them from the social media accounts or change their accounts to private. Clearview has received cease-and-desist letters from Twitter, Google, and Facebook. The state of New Jersey banned the use of Clearview and launched an investigation.

Amazon Also Sells Facial Recognition Tech to Police

In May 2019, Amazon shareholders voted to go ahead with selling Amazon’s facial recognition technology to law enforcement agencies. The technology called, Facial Rekognition, can be used by police for mass surveillance. Both Microsoft and Google have refused to work with certain government agencies, and Microsoft has called for increased government regulation of facial recognition technology.

In February 2018, Amazon acquired Ring. The home security cameras have an app that lets users share video footage with other customers on its Neighbors app. Police can also access the videos, without a warrant, and use them to surveil neighborhoods.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

DHS Warns of Chrome Security Bugs

by

DHS Warns of Chrome Security Bugs – DHS CISA Encourages Chrome Users to Update Browser to Fix Multiple Security Vulnerabilities

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Google advises Chrome web browser users to update to Chrome version 80.0.3987.116. This update affects Windows, Mac, and Linux versions of Chrome. Google made the update available on February18, 2020. The Common Vulnerabilities and Exposures (CVE) information was published on February 21, 2020. The Google Chrome updates fixes multiple security vulnerabilities a hacker might exploit to take control of a computer. A security vulnerability, or bug, is an error in computer code or hardware configuration that could a allow a hacker to download code to the device, gain unauthorized access, or cause damage.

The information was posted on the US-CERT Current Activity web page.

If left unpatched, a vulnerable Chrome web browser is vulnerable to hackers who could inject computer code that allows them to escalate access and control over the unpatched computer. A hacker could exploit the security bugs in Chrome to install malware, view, alter, or delete data. They could also create user accounts on the computer giving themselves further access and the ability to cause more damage. Hackers use security vulnerabilities, or bugs, in software to install malicious computer code and steal information. The malicious code can be used to hack into a machine by elevating the hackers user permissions to admin user level – the same as the device owner. After gaining admin user access, the hacker is then able to access and manipulate software and hardware.

Multiple Google Chrome Security Bugs Could Allow for Arbitrary Code Execution
The Chrome CVE give insights into the five vulnerabilities found by cyber security researchers. Vulnerabilities include CVE-2020-6383, CVE-2020-6384, and CVE-2020-6386 all of which are considered high importance to personal and business users. Users should download the newest version of Chrome to address these issues.
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html

How Do I Fix Google Chrome Problems?
Like most app developers, Google releases software updates (patches) to fix security vulnerabilities and secure the software and the device it is installed on. It is important for users to keep all software, hardware, apps, and devices up to date. Unpatched software allowed some of the biggest malware attacks like WannaCry to spread across Europe in 2017. The cyberattack affected unpatched Windows machines only. The software has been previously fixed in an update. However, UK’s National Health System (NHS) reported that operations were crippled because many of their computers were unpatched. The attack was later blamed on North Korea.

The following actions be taken to update Chrome web browser:

  1. Accept the latest and upgrade to update to Chrome version 80.0.3987.116
  2. Create a non-admin user on your laptop and run all software from that user account. This helps prevent malware from gaining privileged access to a computer
  3. Stay away from suspicious looking websites
  4. Never shop on a website that is not using HTTPS
  5. Do not click on links in emails sent from people you don’t know. If an email asks for money or information, vet who is asking. Calling them may be the best way.
  6. Do not download files sent in emails or even click on them to see more information. Even Microsoft Word docs can be weaponizes to download malware
  7. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Saturday Sitrep: 2020 Election Interference

by

With the Democratic primary race for the 2020 election reaching its peak, the accusations and claims of election interference are beginning to fly. President Trump has said that he wants to run against Bernie Sanders, believing him to be the easiest candidate to win against given his more radical positions compared to the other candidates, and claims of Russian interference to help Sanders win the nomination begin appearing. For his part, Sanders has condemned any interference into the primary race and has sworn to stop the Russians if he becomes president. Earlier in the week senators were briefed on Russian interference in the 2020 election, and Matthew Whitaker, the former acting Attorney General, has stated that he believes the Russians are aiming to interfere in the elections. If the reports are to be believed, then the interference is following the same patterns as it did in the previous election cycle: misinformation, misdirection, and rabblerousing through social media channels. Bernie Sanders was attacked by other candidates in the most recent debate about the combative nature of his base, the “Bernie Bros” on social media. There are multiple instances of inflammatory or derogatory statements coming from Sander’s supporters, but what’s to say that they aren’t being perpetrated by foreign interference campaigns?

This raises a further question: Social media channels are, generally speaking, a public forum. Yes, a Russian citizen can’t vote in the 2020 election but does that mean they shouldn’t be allowed to speak about Sanders on the internet? Trolling, flaming, and worse have always plagued the internet regardless of the subject matter. How does one “protect” against foreign influence on a global public platform without trampling over an individual’s right to free speech? Furthermore, should a person be held accountable for what others say and do in their name if they don’t encourage those actions or words? When does a person’s following become their responsibility? When does someone become accountable for how others interpret their words?

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/