All posts by kami12

Untrusted sources

There’s an app for that. But where does it come from?

Never, EVER install apps, on your computer, phone or tablet from untrusted sources.

If a website looks like this, navigate away immediately:

Make sure you have this turned OFF your Android phone or tablet:


And never tap “Install” on apps like these on your iPhone/iPad:

Rule of thumb: always use official websites and official app stores to download and install apps. Fake apps can pack malware, adware and other types of infections you do not want on your PC/tablet/phone.

Are you under attack? Detect & block cyber criminals actions

With so many ways out there to access and exploit vulnerable systems, I want to make sure you are able to recognize a malware infection in order to defend your systems from malicious software and cybercriminals.

For this reason, you need to find out how a malware infection appears, so that you can correctly assess the risk and create an effective defense strategy.

Malware affects us all.

The increasing number of Internet users worldwide creates an equal (or larger) number of opportunities for cyber criminals to take advantage of our systems. As we become more dependent on the online environment, we can clearly see a massive growth in malware and cyber criminal activities all across the globe.

Source: McAfee Labs Threats Report, August 2015

With so many ways out there to access and exploit vulnerable systems, we need to make sure we’re able to recognize a malware infection in order to prevent and defend our systems.
Because it is a battle and you need to be ready.

This article will show you what the main symptoms of a malware infected system are. You’ll also learn to correctly evaluate the risk and know where to look for a solution. Let’s get to it

Symptoms of a malware infection


Does it take longer than normal for your operating system to boot up?

Are you waiting too long for some of your programs to start?

It is a known fact that malware has the tendency to slow down your operating system, your Internet speed or the speed of your applications.

If you notice something like this and you’re not using any resource-heavy program or application, check for other causes first. It may be a lack of RAM memory, a fragmented system, a lack of space on your hard drive or maybe a hardware issue affecting your drive. These 10 tips will come in handy when evaluating such problems.

If you have already thoroughly verified these possible causes and all seems fine, you can start considering a potential malware infection.


One of the most annoying signs of malware is represented by the unwanted pop-up windows. Unexpected pop-ups which appear on the system are a typical sign of a spyware infection.

In this particular case, the main issue is created not only by the numerous pop-up windows that affect your Internet navigation, but also because it is quite difficult to remove them from the system.

Pop-ups are not only annoying, but they usually come bundled with other concealed malware threats, and which could be far more destructive for our systems.

To avoid spyware and its impact on our systems, keep in mind a few security practices:

  • don’t click any suspicious pop-up windows
  • don’t answer unsolicited emails/messages
  • be careful when downloading free applications

To remove this type of threat, you need a very good security product against spyware. A few popular products capable of removing spyware from your system are MalwarebytesSpybot Search and DestroyLavasoft’s Ad-Aware and others. This guide can help you get rid of this pesky problem.


If your programs or your system crash constantly or the infamous BSOD (Blue Screen of Death) appears regularly, it’s a clear warning that your system is not working properly and you should look into it.

There are two things that can cause this type of issues:

  • You could be dealing with a technical issue caused by a potential incompatibility between your software and/or hardware
  • Or it may be a malware issue.

If you suspect a technical issue, multiple software problems may lead to this.

Are you running various programs which may conflict with each other? Are there any orphan registry keys which have not been removed that could down and eventually crash your system?

If you are checking for malware, simply run a complete scan on the system with a good antivirus product. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update and a firewall.

To find the best solution, check the antivirus test results run by big company names in the security industry, such as AV Comparatives, PC MagazineAV-TEST or Virus Bulletin and select the best antivirus solution for your system.


Another warning sign of a potential malware infection on your system is the hard drive activity.
If you notice that your disk continues to exhibit excessive activity even when you don’t use it and there is no program or download running at that moment, this could be the right time to check your system for malware.

We have to mention that another possible cause for the abnormal hard disk activity could be a hardware failure of the disk. You should also take this into consideration.


Regarding the hard drive, you also need to check if your physical storage space has been increasing lately or if some of your files disappeared or changed their names.

This is another sign of malware activity, since there are numerous types of malicious software which use various methods to fill up all the available space in the hard drive and cause it to crash.


There are cases where the user is not connected to the Internet through his browser, and there is no program that may connect to online servers to download or upload any data,  but high network activity can still be observed.

First of all, we need to check the following:

  •  Is there any Windows update at that moment?
  •  Is there any program or application that’s downloading or uploading any data?
  •  Is there any update for a certain app running at that moment?
  •  Is there a large download that you started and forgot about, which may still be running in the background?

If the answer to all these questions is No, then maybe you should check where all that traffic is going.

  • To monitor your network, you can use one of the following programs: GlassWireLittle Snitch or Wireshark.
  • To check for a malware infection, use a good antivirus product to check your system.
  • If you suspect that your computer has been infected by a dangerous financial malware, you need a specialized security suite designed to address these type of threats.



Have you noticed that your home page has been changed and you don’t remember doing it yourself?

Did a new toolbar pop out of nowhere and landed at top of your web browser?

Have you tried to access your favorite blog, but you were redirected to a different address?

This usually happens when you visit a website and you accidentally click a link or a pop-up window. This triggers unwanted software to download and install on your device. Its effects are not only annoying, but also malicious.

Run a complete scan with your security solution as soon as possible. Because these type of threats don’t go away easily. Make sure you run additional scans with specialized software, such as anti-spyware programs as the ones mentioned above.


A few warning signs should really make you suspicious. If any of these happen, pay closer attention and try finding the cause:

  • if, all of a sudden, you see programs opening and closing automatically
  • your Windows operating system shutting down without reason
  • if you notice strange windows in the booting process
  • or if Windows informs you that you’ve lost access to some of your drives.

Though the root cause may be a technical one, it could also be a sign that malware has compromised your system. If this is the case and you lost access to some important areas of your operating system, you need to prepare for the worst. These are the cases when a complete wipe and reinstall of the operating system is taken into consideration.


If your antivirus solution doesn’t seem to work anymore or if the Update module seems to be disabled, then check to see what happened immediately!

You should know that some types of malware are especially designed to disable security solutions, leaving you without any defense. If you already tried to reboot your computer, close and open the security solution and all your troubleshooting efforts were useless, you could consider the malware infection scenario.

This is especially the case since traditional antivirus solutions are sometimes unable to block and remove advanced malware, such as ransomware or financial malware. There are a couple of strong reasons why this is happening, and you should read about them, so you can enhance your protection by adding multiple layers.


Are your friends telling you that they received suspicious emails from you or instant messages from your social media account, which often include attachments or links?

Source: Malware spread via Facebook chat

First of all, you need to verify whether those emails or messages were sent from one of your accounts (so check your Sent Items folder in your email/social media account). If there’s nothing there, those messages could have been delivered from an application which is out of your control.

If you discover the messages were sent from one of your accounts, take these steps:

  • Make sure you logged out from all your accounts. We access the same accounts on our work computers, on our home laptops and of course, on our mobile devices. Since we log in to our favorite online accounts on so many devices, it can happen that sometimes we forget to log out. Therefore, always make sure to log out from your online accounts on all devices.
  • Set strong passwords for your accounts. Don’t use the same password for all your accounts! Even if you are hacked, having different passwords for each account will help you limit a potential loss. Make a habit of managing your passwords safely.
  • Use two-factor authentication. This option can significantly increase your control over your accounts’ security. Using two-factor authentication means that, besides entering your credentials, you will also need to enter a code sent to your phone.

Knowledge is our best weapon

Knowing how malicious software behaves on a regular system may just prove to be the key element between staying safe and having your system wrecked or your online identity stolen.

Since we live in a connected and complex environment, online security doesn’t end with installing a series of security programs and forgetting about them. It’s essential that we also understand how malware behaves on the system, so we can mitigate its impact.

How to keep your cloud-stored data safe

Hi there,
This Article From Heimdal Security:

In today’s tech-dominated environment, we keep trying to find software that will make us more productive, more creative, more organized and, especially, more relaxed.

So we try a lot of new services, because they seem interesting, because they promise us we’ll have more time to spend doing the things we love.

The problem is that we rarely think of the security implications every new app we begin using brings to our lives. And to think it used to be so simple…

Do you remember how your personal IT “infrastructure” used to look like 7-8 years ago?
Just like me, you probably had a desktop computer or had just bought your first or second laptop. You also probably relied on a dial-up connection or on a really poor DSL one. Smartphones were practically dinosaurs compared to what we use today, and you most likely didn’t have entire gigabytes of data that you needed to store.

But, oh, how the times have changed! Today, our personal IT micro-universe looks more like a piece of corporate infrastructure, with tenths of services relying upon each other to handle our data and make it accessible everywhere.

Enter: the Cloud

Think back to when cloud computing was just taking off, some 5-6 years ago: we were all a bit skeptical about it and its benefits, but we eventually started using it on a daily basis.

Now, most of us don’t even notice the difference between storing our data locally and keeping it in the cloud. Knowingly or unknowingly, most of us have data in the cloud. Be it that we use Dropbox, Google Drive or Microsoft OneDrive, or other cloud-based applications, such as Evernote, Facebook, Skype or Youtube.

If you’re wondering what “the cloud” really is, I found a video that provides a great explanation:

For those of you who’d rather read than watch the video, here’s a quick definition:

“The cloud” is actually an informal term used when talking about cloud computing.

Cloud computing is a type of Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g., computer networks, servers, storage, applications and services), which can be rapidly provisioned and released with minimal management effort.

Source: Wikipedia

Since it became widespread, data virtualization (aka putting it in the cloud) brought us many benefits, such as lower costs to store data, flexibility in accessing and moving it, ease of collaboration and many more.

This quote from PCMag tells it like it is:

Just to clear up any confusion, the cloud part of cloud-based storage services refers to storing your files somewhere other than your computer’s hard drive, usually on the provider’s servers. As one tech pundit put it: “There is no Cloud. It’s just someone else’s computer.” Having data in the cloud refers to the ability to access those files through the Internet.

Naturally, the next thing you may think about is how secure your information is when stored in the cloud, given the numerous layers that sit behind it. And that’s exactly what you can read about below.

Cyber threats that target your cloud-stored data

Be it at home or at work, you probably use some of these cloud-based apps every day:
Source: Netskope 2016 Cloud Security Report

What makes them a target for cybercriminals is the amount of personal and/or professional data that flows through them. Malicious hackers compromise cloud apps using attack methods similar to those applied for other apps and platforms:

  • Document malware, such as macro viruses and PDF exploits;
  • Ransomware;
  • Javascript malware;
  • Exploit kits;
  • Phishing in all its forms (whaling, pharming, etc.);
  • Password sniffing or dictionary attacks;
  • Attacks against insecure APIs (APIs are the building blocks used for building software). For example, if you have your Facebook account connected to Dropbox, so it can automatically save the pictures you post, if your Facebook account gets compromised, the same will happen to your Dropbox account;
  • Social engineering -attackers can try to persuade you into uploading a malicious file to your cloud account. This can give the attacker the tools he/she needs to take control over your cloud account and steal/delete everything that’s in there. Yes, that could also include your backup.

The list could go on, but by now you probably have a pretty good picture of potential attack tactics. The recent statistics below might help as well:

Source: Netskope 2016 Cloud Security Report

The consequences of cyber attacks targeting cloud apps range from unauthorized access to data loss and data leakage, loss of control (through malicious ransomware), business interruptions and the list can go on.

If such an event happens at work, your job could be at risk. If it happens to your personal data, you may lose important documents or memories which were only stored digitally.

Also, keep in mind that cloud apps are mostly used for sharing access to information, so, as a result, malware infections can spread to other devices if the infected file is located in the cloud. According to Netskope, 55,9% of malware-infected files are shared with others, including internal or external users. While this study was done in companies, the same logic applies to home users.

Many types of ransomware include this feature so they can encrypt more data and cause the biggest amount of damage possible.

What’s more, there’s another type of sharing involved. Cloud apps usually plug into one another, so if one account gets compromised, so do all of the others who are connected to it.

For example, just look at some of the many integration options that Dropbox offers:

The biggest companies that create cloud apps are doing a good job at ensuring the security of your data, especially in times likes these. However, nothing is 100% secure and, sometimes, human nature (either your own or someone else’s) can become a vulnerability in your data’s protection.

From our experience, cyber security is a matter of detail and the best approach is to protect your data and devices with multiple layers of security. And this is what the next part of this guide is all about.


1. Use cloud services that encrypt your data.

Using a reliable and trustworthy cloud storage solution is fundamental, so I recommend you browse through the best-rated options as recommended by PCMag. Most of these services, such as CertainSafe, SpiderkOakONE, IDrive, or SugarSync, include encryption as a protective layer by default.

You can also use this list to cross-reference and pick out the best solution for your needs and budget.

Once you read the reviews, you’ll find it much easier to figure out if one service or another is the best solution for you.
2. Encrypt your data before uploading it to the cloud.
It may sound like encryption is only for hardcore security fans, but that’s just a misconception. Encryption has many benefits and we even put together a list of 9 free encryption tools that you can use to protect your data before uploading it to cloud services.

In the guide, you’ll see what encryption is all about and why it can really make it difficult for cybercriminals to compromise your data if they manage to steal it.

3. Read the terms of service.

If you’re going to trust a cloud service provider with your data, you should take a moment to read their terms and conditions. By going through the fine print, you’ll find out where they store your data and what happens in case of a breach or another type of compromise.

Here are some quick links to the Google Drive ToS, Dropbox ToS, OneDrive ToS and the iCloud ToS, so you can get a better idea of what to look for.

4. Avoid storing sensitive information in the cloud.

Storing unencrypted documents, lists of passwords, scanned IDs and other personally identifiable information in the cloud is not recommended.

However, if you choose to encrypt these documents before uploading them to your service of choice, then you can lower your risk.

PS: Please don’t keep your passwords on a list that everyone can see and keep reading.

5. Use strong passwords.

The password to your cloud storage account should be as strong as possible. This protection layer depends on you and you alone.

In our password security guide, we outlined the best solution to handling them (spoiler alert: it’s a password manager!) and some important mistakes to avoid. It only takes a few minutes to read the guide, but applying the advice inside will give you peace of mind for years.

Hint: it involved not using your pet’s name as a password.

6. Enable two-factor authentication

If your cloud storage provider offers two-factor authentication, enable it immediately! It’s incredibly helpful for any of your accounts.

You will receive a code via SMS or through an authentication app each time you log into a new browser/device, so the service can verify your identity and block malicious attempts at compromising your account.

7. Disable automatic uploads to the cloud

Remember this scene from the movie “Sex Tape”?

I bet you don’t want to be one of those people who says that “nobody understands the cloud!”. What’s more, you probably definitely don’t want to be in a similar situation with the one in the movie.

What I recommend it you don’t keep your cloud storage solution synced on your device 24/7. Not only because you might upload files that you’re not supposed to share, but also because ransomware can use this feature to encrypt the files in your cloud account too!

I usually sync my files twice or thrice a day, in the morning, around lunchtime and in the evening, to make sure that the latest versions of my documents are safe and sound.

You can choose whatever option you’d like, but you should remember what a ransomware infection can do. (Anti-ransomware protection plan here.)

8. Keep it clean and simple.

Do a general check-up of your cloud accounts, and see what services depend upon another. If you haven’t used that specific dependency in the last 2 months, it’s probably time to revoke access for that app to your cloud account.

Try not to connect your cloud hosting accounts to your social media apps, no matter how big the temptation. Keeping things isolated will help you maintain a higher degree of security.

9. Beware of social engineering and its consequences.

Social engineering describes an entire category of attacks based on psychological manipulation. These attacks can be used against any platform and service, so be aware of them.

Don’t share your passwords with anyone and don’t share access to your cloud-stored folders with people you don’t know and trust.

10. Use next-generation anti-hacking tools along with your antivirus solution.

Unfortunately, as much as we want it, there is no single solution against malware. Antivirus used to be the go-to solution, but it’s not enough nowadays. There are a number of reasons why antivirus has difficulties detecting 2nd generation malware and you should know why this happens.

I’ve talked before about using multiple layers of protection and I’m going to insist on this. You can add next-generation anti-hacking tools on top of your antivirus. These play a crucial role when it comes to proactively securing your data from malicious attacks.

Remember: safe and clean device = safe and clean cloud storage.

11. Sharing is caring – when you do it safely.

Start by reviewing who are the people who have access to documents stored in your cloud account. Once that’s done, take the necessary actions: revoke access where no longer needed and limit access to “read only” where possible.

You should refrain from offering administrator privileges to anyone, even if you trust them. If their account gets compromised, yours can become exposed as well.

12. Back up your data in several places.

Keeping your data in the cloud alone is not enough. Security experts recommend you back up your data in at least 3 places: on your device, in the cloud and on an external hard drive.

If you’re unsure how to start with this, our step by step guide might come in handy. It includes information on how to do it, what solutions to choose and how to manage your files so you don’t lose important progress.

If you should delete files from your devices, make sure to delete them from your cloud account as well, so you can keep things in order and not complicate your digital life unnecessarily.
13. Strengthen your Wi-fi security.
Do you use a Wi-fi connection most of the time?

When you’re at work, you’ll most likely connect to a secured connection, but you should take additional precautions at home as well. And if you’re tempted to use a public Wi-fi hotspot, you really need to follow these 11 security steps.

Since you upload and download data to and from your cloud accounts via Wi-fi, an unsecured connection could expose you to Man-in-the-Middle attacks or password sniffing. Cloud security doesn’t only depend on the service provider, but on your network’s defenses as well.

14. Keep it up to date

Cloud storage apps get updates too, not only in terms of features, but also in terms of security. Keep them up to date and install the latest version possible.

If you find update prompts nagging, you can always automate them with a tool like Heimdal

When it comes to security, remember that it all works together: technology depends on the human factor to make it work, but it can also be compromised by the same thing.

Dependencies are essential when you think about how all the services we use work together, so you should always consider that when signing up for a new account or granting privileges to an apps to use features and information from another app you’re using.

Ads With Malware

Did you know that attackers can inject malicious code or malware-filled ads into legit online advertising networks and websites?

This tactic is called malvertising and it can get your computer infected with all sorts of malware, Trojans, and so on.

How it happens: you browse your favorite website at and there are many ads on it. But one is infected. The malicious code in the ad will search for vulnerabilities in your system. If it finds one (and it’s not difficult to do so), it’ll infect your computer with malware.

What to do?

  1. Use an adblocker.
  2. Use a reliable antivirus.
  3. Use protection against attacks that antivirus can’t block.

Social Media Security

This Article From Heimdal Security:

Social media is part of our lives. And many times, when you think about social media, you tend to think of Facebook, Twitter and LinkedIn.

Facebook, for example, spread so much that even our parents, neighbors and distant relatives (even from remote areas of the country) now have a Facebook account.

Since these social platforms are so popular and the distinction between public and private is blurred, these online services attract dangerous elements that are interested in retrieving our sensitive information. And in this point you may become a victim to identity theft and malicious actions from online criminals.

So, how do I balance using social media and keeping confidential information confidential?

  • Facebook
  • Twitter
  • LinkedIn
Protect Your Facebook Account

Since Facebook is probably the biggest and most popular online network right now, I will try to go deeper into this platform’s privacy and security settings and then present shortly 10 additional steps you can follow to stay safe online.

Access your Facebook Settings

To access your Facebook account settings, start by going to the top right corner of your screen and select Settings from the drop-down menu.

Note: Though I can classify actions and steps in security and privacy sections, I believe it is easier for you to follow me, as I take each section and discuss it before I continue to the next, as it appears in the Facebook settings menu.

General Account Settings

By clicking the Settings button, you should see the General Account Settings on the left hand side of the page in the provided sidebar.
In this location you can update your Facebook account password and Download a copy of your Facebook data.
Security Settings 
Let’s continue on the left hand side of the page with the Security Settings.

Login Notifications

This option allows you to opt in to receive Text and Email messages when your account is accessed from an unknown computer or mobile device. This is very useful in case a hacker tries to access your account.

Login Approvals

Turning on this option will require a security code to be generated in order to access the account on a new browser. You have three options:

  • have a security code sent by SMS to your mobile device;
  • generate a security code by Code Generator in your Facebook mobile device app, if you have an Internet connection;
  • pre-generate 10 codes that you can print on a piece of paper and use them when you don’t have your phone with you;

This layer of security is also meant to keep other people from accessing your Facebook account.

Code Generator

This option is used with Login Approvals to create codes that you can use to access your Facebook account from a new browser.

App Passwords

This option helps you create single use passwords to access third party applications on Facebook and keep your main Facebook password safe. When you log out of the application, the password is not saved. To access the third party application again, you will need to generate a new password.

Trusted Contacts

Select close friends to contact if you have any trouble accessing your Facebook account.

Trusted Browsers

This is where you find a list of saved (trusted) web browsers you used to access your Facebook account. You can choose to remove a browser from the list if you don’t use it anymore, let’s say you left your work place and of course, you don’t use the browser in that location anymore.

Where You’re Logged In

This is where you can review your logged-in status and End Activity (terminate the session) on places and devices you don’t recognize.

Deactivate your account

From this place, you can choose to deactivate the Facebook account. This is useful if you know that you won’t be able to access, or you simply don’t want to access, the Facebook account for a period of time. You can reactivate the account at any time.

Privacy Settings

The next section you need to access to improve your overall security is the Privacy Settings area. The settings from this location are meant to help you review basic privacy settings and make sure your profile and the content you shared are viewed by the audience you select.

Who can see my stuff?

Select the audience for your posts. You can choose:

  • Public
  • Friends
  • Friends with Acquaintances
  • Only Me
  • or you can create a Custom audience

I recommend you to set the default sharing option to Friends.

In the same location, you can review your posts and your Facebook activity by using the Activity Log, or limit the audience for your posts in the past.

Who can contact me?

Set who can send you friend requests. If you want to be located by people you used to know in the past, you need to set this to Everyone.

Who can look me up?

In this place, you can choose if you want to be looked up by people using your e-mail address or your phone number. At the same time, you can select if you want search engines to send someone looking for your name to your Facebook timeline.

This is an important privacy setting that you should consider, since your Facebook timeline will appear in search engine results if someone searches for your name.

Timeline and Tagging Settings

This place allows you to set other privacy settings for your Facebook account. You can choose who can add things to your timelinewho can see posts you share on your timeline and how to manage tagging options.

Who can add things to my timeline?

This one is pretty straight forward. You can choose to allow friends posting on your timeline and review a post you are tagged in, before it appears online.

Who can see things on my timeline?

Use this option to check what other people have access to on your timeline. You can select a single person and view how he or she views your timeline. You can also select who can see posts you have been tagged in on your timeline and choose who can see what others post on your timeline. In the last two cases, you should set these options to Friends.

How can I manage tags people add and tagging suggestions?

Turning on this option, you will be able to check the tags friends add to your photos before they appear. It is an important privacy option because if someone adds a tag to one of your posts, his/her entire list of friends will see your specific post.


In the Blocking tab you can restrict the way in which other Facebook users, Facebook applications or pages interact with you.

Restricted List

This list is useful when you want to restrict a friend from seeing the posts you share on your timeline for other friends. Nevertheless, that person can still see content you make public.

Block users

Users you add to this list cannot see your Facebook profile, send you invitations, add you as a friend or start a conversation with you. Use this option to add a friend whose account has been hacked. In the same Blocking tab, you have the option to block app invites or event invites from someone, block apps and Facebook pages.


This is probably one of the most important security settings you can set to your Facebook profile.

To enable Login Approvals, you need to enter a mobile phone number here. In case your browser is not recognized, you will receive a code via text message to log in to your Facebook account.


Most of us use third party applications on Facebook, applications which usually ask permission to access our content and private data.

In this location you can see exactly what each third party app has access to and you can choose to remove it from the list, in case you don’t use it anymore or you have discovered you are dealing with a suspicious app.


Do you want to allow third party sites access to your personal information?

Do you want Facebook telling your friends what you like? If you want to opt-out from these two options, simply select No one to these two options.

The third option, Ads based on your use of websites or apps off Facebook, let’s you opt out of ads that are selected for you by Facebook, based on your behavior on a particular website. We all searched for a hotel on a website and we were amazed to see on our Facebook page an ad for that hotel.

10 tips and tricks for increasing your Facebook security

1. Don’t accept friend requests from unknown people. One of the favorite methods used by online scammers to collect private data and sensitive information from users is by creating fake Facebook profiles. Make sure you and your children pay attention to this possible privacy threat.

2. Do not disclose your personal details and your Facebook credentials (e-mail address, phone number and password) to other users. This information can be used by cyber-criminals to access your personal data.

3. Keep your browser up-to-date with the latest available patches. Your browser and other software on your system, not to forget the operating system, should have the latest patches installed. Stay safe and don’t expose your system to cyber-criminal attacks.

4. Use a good security program. You need to rely on a good security software, which includes a real-time scanning engine. This means that files you download from online locations are analyzed in a very short period of time.

5. Stay safe from phishing attacks. Pay attention to the various messages you receive from unknown users, which ask for your personal data.

6. Don’t use the same password from your Facebook account to other online accounts. If you use the same password in other locations as well, you are vulnerable to a potential hacker attempt that tries to get access to all your accounts.

7. Activate Login Approvals. Though I have already mentioned this step before, I need to emphasize again its importance.

8. Be careful when connecting to free wireless networks from public spaces. Online criminals use these types of unprotected networks to access users’ credentials and steal sensitive data. To limit your exposure, you can use a private browsing session.

9. Don’t click that link! Since social media and in this case, our Facebook profile, is used for spreading and sharing various content, it is also one of the favorite means of carrying malicious links across the Internet.

10. Log out of your Facebook account. This piece of advice is useful when using a public or work computer, which is used by multiple individuals.

Protect your Twitter Account in 10 Steps  

Twitter is one of those popular social media platforms used not only by private individuals, but by large businesses and important names in the IT industry.

Due to its short writing style, it has been related to journalism and even used as a favorite news spreading tool for revolutions and revolts around the world.
To stay safe from malicious attacks targeting social media accounts and prevent online criminals from retrieving private data from us, you need to follow additional steps to keep your Twitter account secure:

1. Create and use a strong password

Yes, I know, it is easy to remember and use a password in multiple online accounts. Maybe using something familiar like your family name or your birthday date seems to be a good idea. But isn’t this exactly the same thing online criminals count on?

To make sure your account is safe from online intrusions, it’s key to create a strong password which includes upper and lower case characters, numbers and symbols, and is over 10 characters long. This way it will be difficult for cyber-criminals to access your Twitter account.

At the same time, don’t use the same password in more than one online account. The reason is easy to guess: if one of your online accounts is hacked, the others will soon follow. By using different passwords, you reduce the potential loss in case your Twitter account is accessed.

2. Use login verification

Login verification is a security option which helps you protect your Twitter account.

It is a form of two-factor authentication, where you’ll be asked to provide a phone number and an e-mail address before you connect to your online account.

This login verification adds a second check, where you have the following 3 options:

  • enter a verification code sent to your phone’s Twitter app
  • enter a text message sent to your phone number
  • enter a photo of a backup code saved on your phone from when you first enrolled in login verification

To activate Login verification, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding option.


3. Don’t post private information and do not disclose your location

Don’t let online criminals know where you are and what you’re doing. By default, Twitter is a public network and anyone and see your tweets and can follow you.

If you want to control other people’s follow requests or you want to share your tweets only with your followers, you can make the necessary modification in the Security and privacy area and check Protect my Tweets under the Privacy section.

At the same time, make sure you don’t offer valuable information to cyber-criminals, such as your location. This kind of data becomes very important for a hacker who wants access to your private files or needs to create a persona for you, in order to proceed to identity theft attacks.

To protect your tweets and disable tweets location, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding options.


4. Stay safe from phishing attempts

Phishing attempts on Twitter usually start with a direct message you receive from an unknown person who tries to retrieve your Twitter credentials for spamming purposes.

It is a classic phishing attack through which they try to trick you into giving away personal information or private data.

This type of message will provide a link, which sends you to a malicious login page. Don’t reply to this type of e-mail or click the provided link.
At the same time, many of us had that Twitter friend which sent an unusual direct message to all his followers. In this case, that particular account has been hijacked and you should not reply or click any link that it may contain.

5. Use a specialized security solution against spyware threats

Even if you pay attention to phishing attempts and spam campaigns, you still need to keep yourself secured with a safety net. I am talking about a specialized security solution against spyware threats.

To keep your system secured against spyware, use one of the popular anti-spyware products available online. A few security solutions capable of removing spyware from your system are Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Aware, etc.

6. Check what apps can access your Twitter account

Another important way to protect your account is to be cautious when giving access to third-party apps — these services can gain full control of our account.

To make sure your Twitter account is not vulnerable, do not give access to untrusted third party apps. When you give your account credentials to an app, they have complete control and they can take actions which may cause your account to be suspended.

Pay extra attention to apps that promise money or a big number of followers. When in doubt, simply search the Internet for that app’s name before you provide access.

To check permissions apps have to your Twitter account, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Apps in the left menu.
  5. Take the necessary steps to allow or revoke access.

7. Make sure you keep your vulnerable apps up-to-date

Security news on software vulnerabilities have appeared lately all over the important security blogs and related IT channels in the industry.
These threats cannot be ignored. Cyber-criminals use software vulnerabilities in our systems and mobile phones apps to take advantage of our private data and use it in identity theft attacks.

Therefore, keeping popular software like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime up to date is important, but
paying attention to our mobile phones apps is also important and you should always make sure you have the latest updates installed.

8. Use a Virtual Private Network To Hide Your IP Address

One of the favorite methods used by cyber-criminals to steal credentials is to employ wireless sniffers to retrieve data sent over unsecured networks.

To safeguard your social media accounts and protect your online activities, you can use a VPN, that is a Virtual Private Network.

Using a VPN means that you hide your IP address, encrypt your connection and access various web locations in a private environment. This method keeps your sensitive data from cyber-crime, identity theft and phishing attempts. Stay safe online especially when using wireless networks by using a popular VPN like CyberGhost.

9. Secure your browsing habits

Choose your web browser with care and make sure you have made the necessary changes to improve your security and privacy. Vulnerabilities in web browsers are like open doors to hackers, who try to retrieve private data from our systems and from our social media accounts.

To secure our online privacy, follow these guidelines:

  • Secure your web browser from online criminals’ attacks by choosing the latest version for your browser and installing the latest security patches.
  • Read this Ultimate Guide to Secure your online browsing and increase your online security
  • If you access your social media account from an unsafe location, choose a private browsing session in order to remove the browsing history details.

10. Don’t forget to log out from your Twitter account

This security step should be followed if you connect to your account on a public computer. Though you may be used to closing the web browser as soon as you are done with your activity, you should remember to log out from your accounts when you finish your online sessions.

If you don’t do this, especially if you are in a public location, the next person who opens the Twitter account, for example, will access directly our online profile.

Private browsing sessions are also recommended if you want to prevent authentication credentials (or cookies) from being stored.

Protect your LinkedIn Account in 10 Steps

Social media is not all about having fun. Or starting a revolution for that matter.

You may go for Twitter if you want to find out the latest news and choose Facebook to stay up-to-date with your friends’ latest interests.

But when you turn to your LinkedIn account, you need to keep things serious and professional. And this is even more important than on the other less “serious” channels.

LinkedIn can become our vulnerability when dealing with online criminals, since there is more private information shared publicly than on other popular social media accounts. You simply expose and reveal more about ourselves than on our Facebook profile.

Therefore, make sure you follow these 10 steps in order to increase your security when using your LinkedIn online account:

1. Check your current connections to LinkedIn

This option is very useful because it allows you to see which devices you have connected to your LinkedIn account and which sessions are still opened.

This LinkedIn feature can help you if you know you have connected to your LinkedIn account from a publicly shared computer or from a computer in a place you have recently left.

In case you notice you are connected to your online account from an unknown device, choose the option to sign out as soon as possible from that device.
It may be a cyber-criminal trying to retrieve sensitive data from your account and using this private information later on against you in an identity theft attempt.

2. Request an archive of your data

Using this option, you can request LinkedIn to send you an archive of your account data.

It is an important step for your online privacy allowing you to see not only what information you made available online for others, but IP records of your past login connections, recent searches and other details.

3. Who do you connect to?

Connect only to people you know and trust. Adding to your list of connections unknown people, or people you don’t actually know very well, increases the risk of adding online criminals who only want to use your personal information.
Using this professional data, which can be combined with personal information from social media accounts, like Facebook, cyber-criminals attempt to put all this data together before they run an identity theft operation.

Before you know, your online banking accounts’ credentials have been guessed and your money removed without any notice.

We have dedicated lesson 5 to this topic.

4. Let’s keep it private: protect your sensitive information

Online security is connected to privacy. As I mentioned above, private information may be used against you if it comes in the wrong hands. Therefore, you need to pay attention to what you share with others, especially with unknown people you have given access to your LinkedIn profile.

Use the following options to increase your privacy online:

  • Turn on/off your activity broadcasts: If you want to hide from your connections the changes you choose to do on your profile, who you follow or when you make recommendations, choose to uncheck this option.
  • Select who can see your activity feed: To hide your actions on LinkedIn or let only some connections see your actions, select from the drop-down menu: EveryoneYour networkYour connections or Only you.
  • Select what others see when you’ve viewed their profile: You don’t want your connections see that you accessed their LinkedIn profile? Choose to go anonymous using this option.
  • Select who can see your connections: You don’t want to share your list of connections with the others in the list? Use this option to change it to Only you.
  • Edit your public profile: How do other people see you? Did you know you can control your public profile and how you appear on search engines? This is the place where you can make the necessary modifications and what information you choose to make visible online, like your current or past work places, your skills or your education. Choose wisely.

5. Enable Two-Step Verification to block cyber-criminals from accessing your online account

First of all, I need to say that this security measure should be enabled and used for any online account you have, where this option is available. Some of the most popular online accounts allow activating this security step, for example Google, Facebook, yahoo Mail or Dropbox, to name a few.

But what exactly is Two-Step Verification for LinkedIn?

This security option is a form of verification that can be used against identity theft and unauthorized access to your LinkedIn online account.

Activating Two-Step Verification requires that you insert a security code sent to your phone every time you connect from an unknown device. Since most cyber-criminal attacks and identity theft attempts occur from unknown devices, I strongly recommend using this security option.

6. Secure your connection with HTTPS option

Using the same location in the LinkedIn security settings where you enabled Two-Step Verification, you have the option to activate the secure browsing mode.

This security option should be used as an extra protection step against unauthorized access to your browsing sessions and to make sure you are actually connected to your real LinkedIn account.

Most of all, I recommend activating and using this secure browsing option if you access LinkedIn regularly from unsafe or public locations, such as Wi-Fi networks in cafes, airports or hotels. These places are usually favorite locations for online criminals to access and retrieve your online accounts’ credentials for banking websites and other online accounts.

7. Don’t forget to sign out of your online account

This is something I highly recommend, especially after using a publicly shared computer or an unsafe Wi-Fi network. We tend to think that closing the web browser as soon as we are done with our online activity is enough, but you should remember to log out every time you finish your online connection.

If you forget to do this, especially if you are in a public space, any person accessing the browser may be sent directly to your online profile.

At the same time, if you really need to use a computer from a public location and you are not sure about its security settings, I recommend using a “private browsing” session, which prevents your browsing session history and credentials from being preserved.

8. Keep your software up to date

Software vulnerabilities seem to increase each day. Now, they have become one of the main tools used by online criminals to take advantage of our systems.

By not keeping our Windows operating system and our programs up-to-date, you allow online criminals to use these security gaps and gain access to your programs and applications. It is a quite well known fact that vulnerable software applications like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime are on most people’s computers and are widely used.

Few people in return actually acknowledge these solutions are under threat from cyber-criminals and they should use a dedicated solution to keep them up-to-date.

9. Set a Strong Password for your LinkedIn account

You may notice by now that I recommend more than anything setting a strong password, if you have an online account. So, the same advice is valid here.

Here are a few simple steps you can follow:

  • Use different passwords for different online accounts. In case one of your online accounts is accessed by an IT criminal, at least you know that the other online accounts won’t follow.
  • Make sure your password has over 10 characters.
  • Don’t forget to use capital letters, numbers and symbols.
  • Use a special program to keep your passwords, like LastPass.

Remember lesson 5, when Andra helped you make your passwords hacker-proof?

10. Watch out for phishing messages requesting personal or sensitive information

Phishing is an old tactic used by IT criminals who try to steal your sensitive information and your financial data. For this reason, you should keep an eye, not only on e-mail messages, but also on messages received via your LinkedIn account.

For this reason, always look closely at the received e-mail before you open any attachment or click any link in the message. Do you know the sender or the company who send the message? If you are not sure about their identity, look them up online for more information.

Do they ask you to download and install an application? This is not a good sign of trusting that message. And is there a link you need to follow? Check the link before you click it. Simply hover the mouse over the link to see if it sends you in a legitimate location. To make sure you are going in a good direction, check the suspicious links using a reliable URL checker, such as VirusTotal.

Public Wi-Fi Networks

This Article From Heimdal Security:

How to protect your valuable data on public Wi-Fi networks that are anything but safe?

  • Public Wi-Fi Networks
  • Home Wi-Fi Networks

And how exactly do you increase security on your own home Wi-Fi network?

Before we follow the steps that should be taken to increase protection for a home wireless network, I would like to give you some valuable insights on how to defend your privacy on public wireless networks.

So it is okay if I use public WI-Fi to buy stuff online, check out my online banking account or entering passwords to crucial websites?

The answer is simple: No.

Malicious hackers might use Wi-Fi sniffers and other methods to intercept almost all the data that goes through the router, such as emails, passwords, addresses, browsing history and even credit card data.

You can minimize these Wi-Fi dangers by using only routers encrypted with WPA2.

Here are some examples of public Wi-Fi attacks to get a better picture of what you’re going up against.

  1. Brute-force/cracking attacks. These can be used by malicious hackers to bypass a public Wi-Fi password either by mass testing a huge amount of passwords (brute force attacks) or by using specialized software and tools to trick the router into revealing the password (cracking attack).
  2. War driving. This involves the malicious hacker driving around various locations, looking for vulnerable Wi-Fi connections he can later exploit.
  3. Wi-Fi sniffing. This process involves intercepting specialized tools or software than can intercept and reassemble internet data sent between a router and a device. From a technical perspective, it’s very easy to set up a Wi-Fi sniffer since all you need is a laptop and some widely available software to add the necessary functions.
  4. Karma Attacks. If you’ve seen Mr. Robot, then you’re probably familiar with this type of attack. To carry this one out, a malicious hacker needs a specialized hardware tool which can create a clone of the target Wi-Fi, tricking connected devices into switching to the cloned network. At this point, the malicious hacker has complete visibility over everything the connected devices are doing while hooked up to the network. Here’s an example of just how powerful this method is.

In one of the more thought provoking cybersecurity news that we’ve come across, a cybersecurity researcher managed to completely take control of a city-wide public Wi-Fi.

Every once in a while however, you’ll probably need to connect to a public WiFi network. But you can mitigate some of the risks involved by following a few basic both your device and data.

1. Turn off public network sharing when connected to an unsecured Wi-Fi.

It’s usually fine to allow resource sharing, such as connected printers or public folders, if you device is hooked up to either your home or work network. However, an open Wi-Fi poses a security risk.

For instance, a malicious hacker might get access to important files and documents stored on the cloud, or they might even do a reverse hack, where they break into a printer first and then to any other connected devices.

To turn off public sharing, follow these steps:
1. Go to your Windows Control Panel.
2. Access the Network and Sharing Center window.
3. Click Change Advanced Sharing Settings.
4. Select the Public profile.
5. Turn off File SharingNetwork Discovery, and Public Folder Sharing, in case they aren’t already OFF. Usually, by simply choosing that you are connecting on a Public network, these options are automatically turned off.

(The steps may differ on different Windows operating systems.)

2. Keep the Firewall Enabled

Keep your Windows firewall enabled at all times. If you have a security product with an even better firewall, then use that one instead.

Usually we turn off the Windows firewall because of the annoying popups and notifications and then just completely forget about it. If you want to restart it,  then head over to the Control Panel, go to System and Security and select Windows Firewall.

(The steps may differ on different Windows operating systems.)

3. Use secure websites for sensitive operations

First of all, we don’t recommend running any important operation or financial transaction on an open Wi-Fi because of the security risk involved. This being said, if you still need to use a public network to check your bank balance, make sure you visit a secure website, or go one step further and use specialized secure browsers.

To know you’re using a secure site, look to the left of the web address and find the “Lock” icon. This indicates you are on an encrypted or verified location.

At the same time, check the web address starts with “https://“. The “S” is from “secure socket layer” and you know you are going to a site where communication is encrypted.

If you don’t want checking all the time the web address, use HTTPS Everywhere, which is available for Firefox, Chrome, and Opera. This little extension has the role to encrypt your communications with many major websites, making your browsing more secure and safe from online criminals.

Even if you don’t use this extension, many sites like Facebook or Gmail use https automatically.
In a surprising twist, some of the most insecure websites out there are the ones centered on “serious topics” such as business & economy sites. And in an even more surprising twist, porn sites tend to be more secure than news sites.


4. Use a Virtual Private Network

Public networks are favorite places for cyber-criminals to retrieve sensitive data by using wireless sniffers in order to obtain emails, passwords and other such data sent over the unsecured Wi-Fi network.

A quick way to stay more secure is to use a “private browsing” session, which disables the browser to remember your browsing history and storing data in the cache. While this stops a malicious hacker from accessing past data, it can’t prevent him from listening in to your browsing session in real time.

That’s why we recommend you use a VPN when setting up a connection to an unsecured public Wi-Fi.

A VPN, short for Virtual Private Network, hides your IP address by encrypting your connection and allowing you to browse online in anonymity. In most cases, not even your ISP is able to track what exactly you are up to while online.

Using this method you protect your online privacy and you keep your valuable information from cyber threats, online scams, identity breaches or phishing attempts.

To keep your online session private on public wireless networks, we recommend a popular VPN solution like CyberGhost. If CyberGhost isn’t to your taste, then here’s a complete ranking of the best VPN solutions out there.

5. Turn the Wi-Fi connection OFF

Are you done using the Wi-Fi network? Then don’t forget to turn it off.

There is no reason to stay connected more than you need. The longer you’re on the network, the more you expose yourself to the dangers of public Wi-Fi such as sniffing or malicious software. It’s also bad for your battery life.

6. Update and patch everything

Keep your Windows operating system up-to-date

Updates are important for your cybersecurity since they patch a lot potential vulnerabilities in your operating system or other programs.

To make your Windows OS update automatically, follow these steps:

1. Go to your Windows Control Panel window.
2. Select Windows Update and click Change settings.
3. Make sure Install updates automatically is selected.

Software vulnerabilities in third-party programs such as Flash or Chrome also pose a security risk by tricking the software into downloading and running malicious software.

Unfortunately, not all third-party software programs have an automatic update function, so chances are you will have to do the updates manually, which is a huge chore and time waste.
It’s for this reason that we propose you use our own Heimdal FREE, which can automatically update without bothering you with popups and annoying notifications.

7. Don’t connect to a public Wi-Fi without a reliable antivirus

Not all antivirus programs are created equal. A good one can make all the difference when it comes to keeping your computer free of malware.

Three things are important when choosing a good antivirus: virus scanners, heuristic analysis capabilities (meaning, how well an antivirus can detect unknown malware) and how frequently is it updated with the latest malware definitions and other software patches.

We’ve set up a guide to help you figure which antivirus is the best for you.

8. Don’t browse without a good anti-spyware solution

First, what do we mean by spyware?

Spyware is a type of malware used to intercept internet data and do many other nasty things to your computer. Here are just some of the symptoms:

  • pop-up windows spring up everywhere
  • strange error messages
  • web browser search engine has been replaced with something fishy
  • web browser home page is not the one you set
  • unknown toolbars appear in your browser
  • frequent system slowdowns.

How do I protect from spyware?

Spyware can infect you at any time, but the lax security on public Wi-Fi increases the likelihood of catching the bug.

You can however use some specialized software such as  Malwarebytes or Lavasoft’s Ad-Aware which are specialized around finding and removing spyware and other similar threats.
In the end however, the best anti-malware solution out there are your own Internet skills. That’s why we always recommend you:

  • don’t click suspicious fishing links or random pop-up windows.
  • don’t reply to strange questions in your web browser or your e-mail inbox.
  • be diligent and careful in the applications and software you download.

9. Don’t run financial transactions without special protection

We’ve talked about this earlier but this deserves a section all of its own.

Doing financial transactions over an unsecured public Wi-Fi is risky business.

Nevertheless, if you really need to access your bank account or pay online, we recommend you use a special security solution that can scan incoming and outgoing internet traffic for malicious software before these can infect your device and allow cybercriminals to hack you.

This software represents a complementary layer of security for the traditional antivirus solutions and it’s just one way you can strengthen your financial security.

10. Secure your browser before you go online

Browsers are main gateway for Internet traffic, and because of this, it is the first target of many malware programs. That’s why a safe and secure browser will filter out many potential threats and minimize some of the risks associated with the Internet.

Here are just a few of the steps you can follow to make sure your browser can cope:

  • Make sure you have the latest browser version and security patches.
  • Access and modify your browser’s security settings. Since this is a long topic, we recommend one of our most popular articles.
  • Use private browsing sessions to minimize how much data a cybercriminal can gather from you. To step up your privacy and anonymity use a proxy or a VPN such as CyberGhost.

11. Use two-factor authentication everywhere

This option is an extra security step you need to complete in order to login into your account. Use this whenever possible, especially when it comes to your Facebook and email accounts.

This extra security step requires you type in a security code you received on your phone before you log in. This way, a malicious hacker can’t log in without also having access to your phone number or SMS inbox, even if they know your email account and its associated password.

Here’s a more in-depth guide on how two-factor authentication works and how you can set it up for your email and social media accounts.


It’s not really feasible to always avoid public Wi-Fi and use your data plan, especially if you don’t have much data left, or if you happen to visit another country. However, awareness of the risks involved will go a long way in helping you stay clear of most dangers.

That’s it for today! Thank you for sticking with us. In our next lesson we’ll go over how to keep your email accounts safe and secure from malicious hackers and other threats, all by doing just a few easy steps!

See you next time!
Paul from Heimdal Security

Good News: Android’s Huge Security Problem Is Getting Less Huge

This article is from Wired:

Good News: Android’s Huge Security Problem Is Getting Less Huge

Author: Andy Greenberg. Andy Greenberg Security

Wanna Get Away – Generals Password

This article is from infosecblog:

Wanna Get Away – Generals Password – Roger’s Information Security Blog

I see this was posted 3 months ago to Youtube, but its new to me.

This being blogging, lets over-analyze.

The General’s password is ihatemyjob1.

Not a bad password.  Using a passphrase is easy to remember.  Easy to type.
No doubt he should have capitalized the “I”.  Most systems can handle spaces, which would add some length.  Putting in a “@” in for a and a “0” in for o would add some complexity.  If the password file is compromised, this wouldn’t be enough to prevent breaking the hash.  But its good for a day-to-day logon.  For accounts where a password safe can be used to ease login, random would be better.  But that doesn’t work for every account.

The General’s password is echoed to the screen.   Typical security controls require that your password not be displayed on the screen.  It should be replaced by asterisks.  The General would also have been better entering it himself and not telling a subordinate the password.  He could have turned off the output of the computer to the big screen temporarily to prevent the room from seeing the password.

In pressure situations, its easy to take actions that compromise our security.  This is the type of feeling that phishers, and fraudsters often try to create so you just act and not thinking about if what you are doing makes sense.

Yes, it’s just a funny commercial.  But it can also be used as a teachable moment.  Hopefully without sucking all the fun out of the commercial