Ads With Malware

Did you know that attackers can inject malicious code or malware-filled ads into legit online advertising networks and websites?

This tactic is called malvertising and it can get your computer infected with all sorts of malware, Trojans, and so on.

How it happens: you browse your favorite website at FavoriteWebsite.com and there are many ads on it. But one is infected. The malicious code in the ad will search for vulnerabilities in your system. If it finds one (and it’s not difficult to do so), it’ll infect your computer with malware.

What to do?

  1. Use an adblocker.
  2. Use a reliable antivirus.
  3. Use protection against attacks that antivirus can’t block.

Social Media Security

This Article From Heimdal Security:

Social media is part of our lives. And many times, when you think about social media, you tend to think of Facebook, Twitter and LinkedIn.

Facebook, for example, spread so much that even our parents, neighbors and distant relatives (even from remote areas of the country) now have a Facebook account.

Since these social platforms are so popular and the distinction between public and private is blurred, these online services attract dangerous elements that are interested in retrieving our sensitive information. And in this point you may become a victim to identity theft and malicious actions from online criminals.

So, how do I balance using social media and keeping confidential information confidential?

  • Facebook
  • Twitter
  • LinkedIn
Protect Your Facebook Account

Since Facebook is probably the biggest and most popular online network right now, I will try to go deeper into this platform’s privacy and security settings and then present shortly 10 additional steps you can follow to stay safe online.

Access your Facebook Settings

To access your Facebook account settings, start by going to the top right corner of your screen and select Settings from the drop-down menu.

Note: Though I can classify actions and steps in security and privacy sections, I believe it is easier for you to follow me, as I take each section and discuss it before I continue to the next, as it appears in the Facebook settings menu.

General Account Settings

By clicking the Settings button, you should see the General Account Settings on the left hand side of the page in the provided sidebar.
In this location you can update your Facebook account password and Download a copy of your Facebook data.
Security Settings 
Let’s continue on the left hand side of the page with the Security Settings.

Login Notifications

This option allows you to opt in to receive Text and Email messages when your account is accessed from an unknown computer or mobile device. This is very useful in case a hacker tries to access your account.

Login Approvals

Turning on this option will require a security code to be generated in order to access the account on a new browser. You have three options:

  • have a security code sent by SMS to your mobile device;
  • generate a security code by Code Generator in your Facebook mobile device app, if you have an Internet connection;
  • pre-generate 10 codes that you can print on a piece of paper and use them when you don’t have your phone with you;

This layer of security is also meant to keep other people from accessing your Facebook account.

Code Generator

This option is used with Login Approvals to create codes that you can use to access your Facebook account from a new browser.

App Passwords

This option helps you create single use passwords to access third party applications on Facebook and keep your main Facebook password safe. When you log out of the application, the password is not saved. To access the third party application again, you will need to generate a new password.

Trusted Contacts

Select close friends to contact if you have any trouble accessing your Facebook account.

Trusted Browsers

This is where you find a list of saved (trusted) web browsers you used to access your Facebook account. You can choose to remove a browser from the list if you don’t use it anymore, let’s say you left your work place and of course, you don’t use the browser in that location anymore.

Where You’re Logged In

This is where you can review your logged-in status and End Activity (terminate the session) on places and devices you don’t recognize.

Deactivate your account

From this place, you can choose to deactivate the Facebook account. This is useful if you know that you won’t be able to access, or you simply don’t want to access, the Facebook account for a period of time. You can reactivate the account at any time.

Privacy Settings

The next section you need to access to improve your overall security is the Privacy Settings area. The settings from this location are meant to help you review basic privacy settings and make sure your profile and the content you shared are viewed by the audience you select.

Who can see my stuff?

Select the audience for your posts. You can choose:

  • Public
  • Friends
  • Friends with Acquaintances
  • Only Me
  • or you can create a Custom audience

I recommend you to set the default sharing option to Friends.

In the same location, you can review your posts and your Facebook activity by using the Activity Log, or limit the audience for your posts in the past.

Who can contact me?

Set who can send you friend requests. If you want to be located by people you used to know in the past, you need to set this to Everyone.

Who can look me up?

In this place, you can choose if you want to be looked up by people using your e-mail address or your phone number. At the same time, you can select if you want search engines to send someone looking for your name to your Facebook timeline.

This is an important privacy setting that you should consider, since your Facebook timeline will appear in search engine results if someone searches for your name.

Timeline and Tagging Settings

This place allows you to set other privacy settings for your Facebook account. You can choose who can add things to your timelinewho can see posts you share on your timeline and how to manage tagging options.

Who can add things to my timeline?

This one is pretty straight forward. You can choose to allow friends posting on your timeline and review a post you are tagged in, before it appears online.

Who can see things on my timeline?

Use this option to check what other people have access to on your timeline. You can select a single person and view how he or she views your timeline. You can also select who can see posts you have been tagged in on your timeline and choose who can see what others post on your timeline. In the last two cases, you should set these options to Friends.

How can I manage tags people add and tagging suggestions?

Turning on this option, you will be able to check the tags friends add to your photos before they appear. It is an important privacy option because if someone adds a tag to one of your posts, his/her entire list of friends will see your specific post.

Blocking

In the Blocking tab you can restrict the way in which other Facebook users, Facebook applications or pages interact with you.

Restricted List

This list is useful when you want to restrict a friend from seeing the posts you share on your timeline for other friends. Nevertheless, that person can still see content you make public.

Block users

Users you add to this list cannot see your Facebook profile, send you invitations, add you as a friend or start a conversation with you. Use this option to add a friend whose account has been hacked. In the same Blocking tab, you have the option to block app invites or event invites from someone, block apps and Facebook pages.

Mobile

This is probably one of the most important security settings you can set to your Facebook profile.

To enable Login Approvals, you need to enter a mobile phone number here. In case your browser is not recognized, you will receive a code via text message to log in to your Facebook account.

Apps

Most of us use third party applications on Facebook, applications which usually ask permission to access our content and private data.

In this location you can see exactly what each third party app has access to and you can choose to remove it from the list, in case you don’t use it anymore or you have discovered you are dealing with a suspicious app.

Ads

Do you want to allow third party sites access to your personal information?

Do you want Facebook telling your friends what you like? If you want to opt-out from these two options, simply select No one to these two options.

The third option, Ads based on your use of websites or apps off Facebook, let’s you opt out of ads that are selected for you by Facebook, based on your behavior on a particular website. We all searched for a hotel on a website and we were amazed to see on our Facebook page an ad for that hotel.

10 tips and tricks for increasing your Facebook security

1. Don’t accept friend requests from unknown people. One of the favorite methods used by online scammers to collect private data and sensitive information from users is by creating fake Facebook profiles. Make sure you and your children pay attention to this possible privacy threat.

2. Do not disclose your personal details and your Facebook credentials (e-mail address, phone number and password) to other users. This information can be used by cyber-criminals to access your personal data.

3. Keep your browser up-to-date with the latest available patches. Your browser and other software on your system, not to forget the operating system, should have the latest patches installed. Stay safe and don’t expose your system to cyber-criminal attacks.

4. Use a good security program. You need to rely on a good security software, which includes a real-time scanning engine. This means that files you download from online locations are analyzed in a very short period of time.

5. Stay safe from phishing attacks. Pay attention to the various messages you receive from unknown users, which ask for your personal data.

6. Don’t use the same password from your Facebook account to other online accounts. If you use the same password in other locations as well, you are vulnerable to a potential hacker attempt that tries to get access to all your accounts.

7. Activate Login Approvals. Though I have already mentioned this step before, I need to emphasize again its importance.

8. Be careful when connecting to free wireless networks from public spaces. Online criminals use these types of unprotected networks to access users’ credentials and steal sensitive data. To limit your exposure, you can use a private browsing session.

9. Don’t click that link! Since social media and in this case, our Facebook profile, is used for spreading and sharing various content, it is also one of the favorite means of carrying malicious links across the Internet.

10. Log out of your Facebook account. This piece of advice is useful when using a public or work computer, which is used by multiple individuals.

Protect your Twitter Account in 10 Steps  

Twitter is one of those popular social media platforms used not only by private individuals, but by large businesses and important names in the IT industry.

Due to its short writing style, it has been related to journalism and even used as a favorite news spreading tool for revolutions and revolts around the world.
To stay safe from malicious attacks targeting social media accounts and prevent online criminals from retrieving private data from us, you need to follow additional steps to keep your Twitter account secure:

1. Create and use a strong password

Yes, I know, it is easy to remember and use a password in multiple online accounts. Maybe using something familiar like your family name or your birthday date seems to be a good idea. But isn’t this exactly the same thing online criminals count on?

To make sure your account is safe from online intrusions, it’s key to create a strong password which includes upper and lower case characters, numbers and symbols, and is over 10 characters long. This way it will be difficult for cyber-criminals to access your Twitter account.

At the same time, don’t use the same password in more than one online account. The reason is easy to guess: if one of your online accounts is hacked, the others will soon follow. By using different passwords, you reduce the potential loss in case your Twitter account is accessed.

2. Use login verification

Login verification is a security option which helps you protect your Twitter account.

It is a form of two-factor authentication, where you’ll be asked to provide a phone number and an e-mail address before you connect to your online account.

This login verification adds a second check, where you have the following 3 options:

  • enter a verification code sent to your phone’s Twitter app
  • enter a text message sent to your phone number
  • enter a photo of a backup code saved on your phone from when you first enrolled in login verification

To activate Login verification, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding option.

 

3. Don’t post private information and do not disclose your location

Don’t let online criminals know where you are and what you’re doing. By default, Twitter is a public network and anyone and see your tweets and can follow you.

If you want to control other people’s follow requests or you want to share your tweets only with your followers, you can make the necessary modification in the Security and privacy area and check Protect my Tweets under the Privacy section.

At the same time, make sure you don’t offer valuable information to cyber-criminals, such as your location. This kind of data becomes very important for a hacker who wants access to your private files or needs to create a persona for you, in order to proceed to identity theft attacks.

To protect your tweets and disable tweets location, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding options.

 

4. Stay safe from phishing attempts

Phishing attempts on Twitter usually start with a direct message you receive from an unknown person who tries to retrieve your Twitter credentials for spamming purposes.

It is a classic phishing attack through which they try to trick you into giving away personal information or private data.

This type of message will provide a link, which sends you to a malicious login page. Don’t reply to this type of e-mail or click the provided link.
At the same time, many of us had that Twitter friend which sent an unusual direct message to all his followers. In this case, that particular account has been hijacked and you should not reply or click any link that it may contain.

5. Use a specialized security solution against spyware threats

Even if you pay attention to phishing attempts and spam campaigns, you still need to keep yourself secured with a safety net. I am talking about a specialized security solution against spyware threats.

To keep your system secured against spyware, use one of the popular anti-spyware products available online. A few security solutions capable of removing spyware from your system are Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Aware, etc.

6. Check what apps can access your Twitter account

Another important way to protect your account is to be cautious when giving access to third-party apps — these services can gain full control of our account.

To make sure your Twitter account is not vulnerable, do not give access to untrusted third party apps. When you give your account credentials to an app, they have complete control and they can take actions which may cause your account to be suspended.

Pay extra attention to apps that promise money or a big number of followers. When in doubt, simply search the Internet for that app’s name before you provide access.

To check permissions apps have to your Twitter account, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Apps in the left menu.
  5. Take the necessary steps to allow or revoke access.

7. Make sure you keep your vulnerable apps up-to-date

Security news on software vulnerabilities have appeared lately all over the important security blogs and related IT channels in the industry.
These threats cannot be ignored. Cyber-criminals use software vulnerabilities in our systems and mobile phones apps to take advantage of our private data and use it in identity theft attacks.

Therefore, keeping popular software like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime up to date is important, but
paying attention to our mobile phones apps is also important and you should always make sure you have the latest updates installed.

8. Use a Virtual Private Network To Hide Your IP Address

One of the favorite methods used by cyber-criminals to steal credentials is to employ wireless sniffers to retrieve data sent over unsecured networks.

To safeguard your social media accounts and protect your online activities, you can use a VPN, that is a Virtual Private Network.

Using a VPN means that you hide your IP address, encrypt your connection and access various web locations in a private environment. This method keeps your sensitive data from cyber-crime, identity theft and phishing attempts. Stay safe online especially when using wireless networks by using a popular VPN like CyberGhost.

9. Secure your browsing habits

Choose your web browser with care and make sure you have made the necessary changes to improve your security and privacy. Vulnerabilities in web browsers are like open doors to hackers, who try to retrieve private data from our systems and from our social media accounts.

To secure our online privacy, follow these guidelines:

  • Secure your web browser from online criminals’ attacks by choosing the latest version for your browser and installing the latest security patches.
  • Read this Ultimate Guide to Secure your online browsing and increase your online security
  • If you access your social media account from an unsafe location, choose a private browsing session in order to remove the browsing history details.

10. Don’t forget to log out from your Twitter account

This security step should be followed if you connect to your account on a public computer. Though you may be used to closing the web browser as soon as you are done with your activity, you should remember to log out from your accounts when you finish your online sessions.

If you don’t do this, especially if you are in a public location, the next person who opens the Twitter account, for example, will access directly our online profile.

Private browsing sessions are also recommended if you want to prevent authentication credentials (or cookies) from being stored.

Protect your LinkedIn Account in 10 Steps

Social media is not all about having fun. Or starting a revolution for that matter.

You may go for Twitter if you want to find out the latest news and choose Facebook to stay up-to-date with your friends’ latest interests.

But when you turn to your LinkedIn account, you need to keep things serious and professional. And this is even more important than on the other less “serious” channels.

LinkedIn can become our vulnerability when dealing with online criminals, since there is more private information shared publicly than on other popular social media accounts. You simply expose and reveal more about ourselves than on our Facebook profile.

Therefore, make sure you follow these 10 steps in order to increase your security when using your LinkedIn online account:

1. Check your current connections to LinkedIn

This option is very useful because it allows you to see which devices you have connected to your LinkedIn account and which sessions are still opened.

This LinkedIn feature can help you if you know you have connected to your LinkedIn account from a publicly shared computer or from a computer in a place you have recently left.

In case you notice you are connected to your online account from an unknown device, choose the option to sign out as soon as possible from that device.
It may be a cyber-criminal trying to retrieve sensitive data from your account and using this private information later on against you in an identity theft attempt.

2. Request an archive of your data

Using this option, you can request LinkedIn to send you an archive of your account data.

It is an important step for your online privacy allowing you to see not only what information you made available online for others, but IP records of your past login connections, recent searches and other details.

3. Who do you connect to?

Connect only to people you know and trust. Adding to your list of connections unknown people, or people you don’t actually know very well, increases the risk of adding online criminals who only want to use your personal information.
Using this professional data, which can be combined with personal information from social media accounts, like Facebook, cyber-criminals attempt to put all this data together before they run an identity theft operation.

Before you know, your online banking accounts’ credentials have been guessed and your money removed without any notice.

We have dedicated lesson 5 to this topic.

4. Let’s keep it private: protect your sensitive information

Online security is connected to privacy. As I mentioned above, private information may be used against you if it comes in the wrong hands. Therefore, you need to pay attention to what you share with others, especially with unknown people you have given access to your LinkedIn profile.

Use the following options to increase your privacy online:

  • Turn on/off your activity broadcasts: If you want to hide from your connections the changes you choose to do on your profile, who you follow or when you make recommendations, choose to uncheck this option.
  • Select who can see your activity feed: To hide your actions on LinkedIn or let only some connections see your actions, select from the drop-down menu: EveryoneYour networkYour connections or Only you.
  • Select what others see when you’ve viewed their profile: You don’t want your connections see that you accessed their LinkedIn profile? Choose to go anonymous using this option.
  • Select who can see your connections: You don’t want to share your list of connections with the others in the list? Use this option to change it to Only you.
  • Edit your public profile: How do other people see you? Did you know you can control your public profile and how you appear on search engines? This is the place where you can make the necessary modifications and what information you choose to make visible online, like your current or past work places, your skills or your education. Choose wisely.

5. Enable Two-Step Verification to block cyber-criminals from accessing your online account

First of all, I need to say that this security measure should be enabled and used for any online account you have, where this option is available. Some of the most popular online accounts allow activating this security step, for example Google, Facebook, yahoo Mail or Dropbox, to name a few.

But what exactly is Two-Step Verification for LinkedIn?

This security option is a form of verification that can be used against identity theft and unauthorized access to your LinkedIn online account.

Activating Two-Step Verification requires that you insert a security code sent to your phone every time you connect from an unknown device. Since most cyber-criminal attacks and identity theft attempts occur from unknown devices, I strongly recommend using this security option.

6. Secure your connection with HTTPS option

Using the same location in the LinkedIn security settings where you enabled Two-Step Verification, you have the option to activate the secure browsing mode.

This security option should be used as an extra protection step against unauthorized access to your browsing sessions and to make sure you are actually connected to your real LinkedIn account.

Most of all, I recommend activating and using this secure browsing option if you access LinkedIn regularly from unsafe or public locations, such as Wi-Fi networks in cafes, airports or hotels. These places are usually favorite locations for online criminals to access and retrieve your online accounts’ credentials for banking websites and other online accounts.

7. Don’t forget to sign out of your online account

This is something I highly recommend, especially after using a publicly shared computer or an unsafe Wi-Fi network. We tend to think that closing the web browser as soon as we are done with our online activity is enough, but you should remember to log out every time you finish your online connection.

If you forget to do this, especially if you are in a public space, any person accessing the browser may be sent directly to your online profile.

At the same time, if you really need to use a computer from a public location and you are not sure about its security settings, I recommend using a “private browsing” session, which prevents your browsing session history and credentials from being preserved.

8. Keep your software up to date

Software vulnerabilities seem to increase each day. Now, they have become one of the main tools used by online criminals to take advantage of our systems.

By not keeping our Windows operating system and our programs up-to-date, you allow online criminals to use these security gaps and gain access to your programs and applications. It is a quite well known fact that vulnerable software applications like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime are on most people’s computers and are widely used.

Few people in return actually acknowledge these solutions are under threat from cyber-criminals and they should use a dedicated solution to keep them up-to-date.

9. Set a Strong Password for your LinkedIn account

You may notice by now that I recommend more than anything setting a strong password, if you have an online account. So, the same advice is valid here.

Here are a few simple steps you can follow:

  • Use different passwords for different online accounts. In case one of your online accounts is accessed by an IT criminal, at least you know that the other online accounts won’t follow.
  • Make sure your password has over 10 characters.
  • Don’t forget to use capital letters, numbers and symbols.
  • Use a special program to keep your passwords, like LastPass.

Remember lesson 5, when Andra helped you make your passwords hacker-proof?

10. Watch out for phishing messages requesting personal or sensitive information

Phishing is an old tactic used by IT criminals who try to steal your sensitive information and your financial data. For this reason, you should keep an eye, not only on e-mail messages, but also on messages received via your LinkedIn account.

For this reason, always look closely at the received e-mail before you open any attachment or click any link in the message. Do you know the sender or the company who send the message? If you are not sure about their identity, look them up online for more information.

Do they ask you to download and install an application? This is not a good sign of trusting that message. And is there a link you need to follow? Check the link before you click it. Simply hover the mouse over the link to see if it sends you in a legitimate location. To make sure you are going in a good direction, check the suspicious links using a reliable URL checker, such as VirusTotal.

Public Wi-Fi Networks

This Article From Heimdal Security:

How to protect your valuable data on public Wi-Fi networks that are anything but safe?

  • Public Wi-Fi Networks
  • Home Wi-Fi Networks

And how exactly do you increase security on your own home Wi-Fi network?

Before we follow the steps that should be taken to increase protection for a home wireless network, I would like to give you some valuable insights on how to defend your privacy on public wireless networks.

So it is okay if I use public WI-Fi to buy stuff online, check out my online banking account or entering passwords to crucial websites?

The answer is simple: No.

Malicious hackers might use Wi-Fi sniffers and other methods to intercept almost all the data that goes through the router, such as emails, passwords, addresses, browsing history and even credit card data.

You can minimize these Wi-Fi dangers by using only routers encrypted with WPA2.

Here are some examples of public Wi-Fi attacks to get a better picture of what you’re going up against.

  1. Brute-force/cracking attacks. These can be used by malicious hackers to bypass a public Wi-Fi password either by mass testing a huge amount of passwords (brute force attacks) or by using specialized software and tools to trick the router into revealing the password (cracking attack).
  2. War driving. This involves the malicious hacker driving around various locations, looking for vulnerable Wi-Fi connections he can later exploit.
  3. Wi-Fi sniffing. This process involves intercepting specialized tools or software than can intercept and reassemble internet data sent between a router and a device. From a technical perspective, it’s very easy to set up a Wi-Fi sniffer since all you need is a laptop and some widely available software to add the necessary functions.
  4. Karma Attacks. If you’ve seen Mr. Robot, then you’re probably familiar with this type of attack. To carry this one out, a malicious hacker needs a specialized hardware tool which can create a clone of the target Wi-Fi, tricking connected devices into switching to the cloned network. At this point, the malicious hacker has complete visibility over everything the connected devices are doing while hooked up to the network. Here’s an example of just how powerful this method is.

In one of the more thought provoking cybersecurity news that we’ve come across, a cybersecurity researcher managed to completely take control of a city-wide public Wi-Fi.

Every once in a while however, you’ll probably need to connect to a public WiFi network. But you can mitigate some of the risks involved by following a few basic both your device and data.

1. Turn off public network sharing when connected to an unsecured Wi-Fi.

It’s usually fine to allow resource sharing, such as connected printers or public folders, if you device is hooked up to either your home or work network. However, an open Wi-Fi poses a security risk.

For instance, a malicious hacker might get access to important files and documents stored on the cloud, or they might even do a reverse hack, where they break into a printer first and then to any other connected devices.

To turn off public sharing, follow these steps:
1. Go to your Windows Control Panel.
2. Access the Network and Sharing Center window.
3. Click Change Advanced Sharing Settings.
4. Select the Public profile.
5. Turn off File SharingNetwork Discovery, and Public Folder Sharing, in case they aren’t already OFF. Usually, by simply choosing that you are connecting on a Public network, these options are automatically turned off.

(The steps may differ on different Windows operating systems.)

2. Keep the Firewall Enabled

Keep your Windows firewall enabled at all times. If you have a security product with an even better firewall, then use that one instead.

Usually we turn off the Windows firewall because of the annoying popups and notifications and then just completely forget about it. If you want to restart it,  then head over to the Control Panel, go to System and Security and select Windows Firewall.

(The steps may differ on different Windows operating systems.)

3. Use secure websites for sensitive operations

First of all, we don’t recommend running any important operation or financial transaction on an open Wi-Fi because of the security risk involved. This being said, if you still need to use a public network to check your bank balance, make sure you visit a secure website, or go one step further and use specialized secure browsers.

To know you’re using a secure site, look to the left of the web address and find the “Lock” icon. This indicates you are on an encrypted or verified location.

At the same time, check the web address starts with “https://“. The “S” is from “secure socket layer” and you know you are going to a site where communication is encrypted.

If you don’t want checking all the time the web address, use HTTPS Everywhere, which is available for Firefox, Chrome, and Opera. This little extension has the role to encrypt your communications with many major websites, making your browsing more secure and safe from online criminals.

Even if you don’t use this extension, many sites like Facebook or Gmail use https automatically.
In a surprising twist, some of the most insecure websites out there are the ones centered on “serious topics” such as business & economy sites. And in an even more surprising twist, porn sites tend to be more secure than news sites.

SOURCE.

4. Use a Virtual Private Network

Public networks are favorite places for cyber-criminals to retrieve sensitive data by using wireless sniffers in order to obtain emails, passwords and other such data sent over the unsecured Wi-Fi network.

A quick way to stay more secure is to use a “private browsing” session, which disables the browser to remember your browsing history and storing data in the cache. While this stops a malicious hacker from accessing past data, it can’t prevent him from listening in to your browsing session in real time.

That’s why we recommend you use a VPN when setting up a connection to an unsecured public Wi-Fi.

A VPN, short for Virtual Private Network, hides your IP address by encrypting your connection and allowing you to browse online in anonymity. In most cases, not even your ISP is able to track what exactly you are up to while online.

Using this method you protect your online privacy and you keep your valuable information from cyber threats, online scams, identity breaches or phishing attempts.

To keep your online session private on public wireless networks, we recommend a popular VPN solution like CyberGhost. If CyberGhost isn’t to your taste, then here’s a complete ranking of the best VPN solutions out there.

5. Turn the Wi-Fi connection OFF

Are you done using the Wi-Fi network? Then don’t forget to turn it off.

There is no reason to stay connected more than you need. The longer you’re on the network, the more you expose yourself to the dangers of public Wi-Fi such as sniffing or malicious software. It’s also bad for your battery life.

6. Update and patch everything

Keep your Windows operating system up-to-date

Updates are important for your cybersecurity since they patch a lot potential vulnerabilities in your operating system or other programs.

To make your Windows OS update automatically, follow these steps:

1. Go to your Windows Control Panel window.
2. Select Windows Update and click Change settings.
3. Make sure Install updates automatically is selected.

Software vulnerabilities in third-party programs such as Flash or Chrome also pose a security risk by tricking the software into downloading and running malicious software.

Unfortunately, not all third-party software programs have an automatic update function, so chances are you will have to do the updates manually, which is a huge chore and time waste.
It’s for this reason that we propose you use our own Heimdal FREE, which can automatically update without bothering you with popups and annoying notifications.

7. Don’t connect to a public Wi-Fi without a reliable antivirus

Not all antivirus programs are created equal. A good one can make all the difference when it comes to keeping your computer free of malware.

Three things are important when choosing a good antivirus: virus scanners, heuristic analysis capabilities (meaning, how well an antivirus can detect unknown malware) and how frequently is it updated with the latest malware definitions and other software patches.

We’ve set up a guide to help you figure which antivirus is the best for you.

8. Don’t browse without a good anti-spyware solution

First, what do we mean by spyware?

Spyware is a type of malware used to intercept internet data and do many other nasty things to your computer. Here are just some of the symptoms:

  • pop-up windows spring up everywhere
  • strange error messages
  • web browser search engine has been replaced with something fishy
  • web browser home page is not the one you set
  • unknown toolbars appear in your browser
  • frequent system slowdowns.

How do I protect from spyware?

Spyware can infect you at any time, but the lax security on public Wi-Fi increases the likelihood of catching the bug.

You can however use some specialized software such as  Malwarebytes or Lavasoft’s Ad-Aware which are specialized around finding and removing spyware and other similar threats.
In the end however, the best anti-malware solution out there are your own Internet skills. That’s why we always recommend you:

  • don’t click suspicious fishing links or random pop-up windows.
  • don’t reply to strange questions in your web browser or your e-mail inbox.
  • be diligent and careful in the applications and software you download.

9. Don’t run financial transactions without special protection

We’ve talked about this earlier but this deserves a section all of its own.

Doing financial transactions over an unsecured public Wi-Fi is risky business.

Nevertheless, if you really need to access your bank account or pay online, we recommend you use a special security solution that can scan incoming and outgoing internet traffic for malicious software before these can infect your device and allow cybercriminals to hack you.

This software represents a complementary layer of security for the traditional antivirus solutions and it’s just one way you can strengthen your financial security.

10. Secure your browser before you go online

Browsers are main gateway for Internet traffic, and because of this, it is the first target of many malware programs. That’s why a safe and secure browser will filter out many potential threats and minimize some of the risks associated with the Internet.

Here are just a few of the steps you can follow to make sure your browser can cope:

  • Make sure you have the latest browser version and security patches.
  • Access and modify your browser’s security settings. Since this is a long topic, we recommend one of our most popular articles.
  • Use private browsing sessions to minimize how much data a cybercriminal can gather from you. To step up your privacy and anonymity use a proxy or a VPN such as CyberGhost.

11. Use two-factor authentication everywhere

This option is an extra security step you need to complete in order to login into your account. Use this whenever possible, especially when it comes to your Facebook and email accounts.

This extra security step requires you type in a security code you received on your phone before you log in. This way, a malicious hacker can’t log in without also having access to your phone number or SMS inbox, even if they know your email account and its associated password.

Here’s a more in-depth guide on how two-factor authentication works and how you can set it up for your email and social media accounts.

Conclusion

It’s not really feasible to always avoid public Wi-Fi and use your data plan, especially if you don’t have much data left, or if you happen to visit another country. However, awareness of the risks involved will go a long way in helping you stay clear of most dangers.

That’s it for today! Thank you for sticking with us. In our next lesson we’ll go over how to keep your email accounts safe and secure from malicious hackers and other threats, all by doing just a few easy steps!

See you next time!
Paul from Heimdal Security

Good News: Android’s Huge Security Problem Is Getting Less Huge

This article is from Wired:
URL:https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/

Good News: Android’s Huge Security Problem Is Getting Less Huge

Author: Andy Greenberg. Andy Greenberg Security

Wanna Get Away – Generals Password

This article is from infosecblog:
infosecblog.org

Wanna Get Away – Generals Password – Roger’s Information Security Blog

I see this was posted 3 months ago to Youtube, but its new to me.

This being blogging, lets over-analyze.

The General’s password is ihatemyjob1.

Not a bad password.  Using a passphrase is easy to remember.  Easy to type.
No doubt he should have capitalized the “I”.  Most systems can handle spaces, which would add some length.  Putting in a “@” in for a and a “0” in for o would add some complexity.  If the password file is compromised, this wouldn’t be enough to prevent breaking the hash.  But its good for a day-to-day logon.  For accounts where a password safe can be used to ease login, random would be better.  But that doesn’t work for every account.

The General’s password is echoed to the screen.   Typical security controls require that your password not be displayed on the screen.  It should be replaced by asterisks.  The General would also have been better entering it himself and not telling a subordinate the password.  He could have turned off the output of the computer to the big screen temporarily to prevent the room from seeing the password.

In pressure situations, its easy to take actions that compromise our security.  This is the type of feeling that phishers, and fraudsters often try to create so you just act and not thinking about if what you are doing makes sense.

Yes, it’s just a funny commercial.  But it can also be used as a teachable moment.  Hopefully without sucking all the fun out of the commercial