Top Ten Cyber Security Predictions

1. The Internet of Things

The First Major Attack on IoT Devices​ 2016 was the breakout year for attacks on IoT devices. In October, the first massive cyber attack involving IoT devices, such as​ ​webcams and DVRs, occurred. The ​Mirai Botnet was unleashed, and it took down half the Internet in the United States ​for hours. Using what is called a Distributed Denial of Service (DDoS) attack, cybercriminals flooded one of the largest server companies in the world with massive amounts of traffic, bringing down the servers and websites hosted on them. It was discovered that tens of millions of computers were sending data to targeted websites, simultaneously. Shortly after the U.S. attack, the same botnet attacked Germany, disrupting services for over 900,000 Internet subscribers.

​This particular strain of malware is not going away anytime soon. The malware itself is believed to be widely distributed on the black market, and hackers are offering established botnet armies for hire. The big surprise for users involved in this attack was realizing that connected devices have default usernames and passwords.

Because of this fact, the attackers targeted certain devices that for which they had obtained the default usernames and passwords.This threat is likely to continue given the increasing popularity of connected devices, but there are ways you can protect yourself. IoT devices, no matter how small they seem, are computers too! Do some research on your device to see if it has a default password. If it does, the manufacturer’s website should have instructions on how to change it.

A new security solution for IoT vulnerabilities​

Over the past year, here at Norton, we’ve been keeping a close eye on the Internet of things threat landscape. As a result, we’re proud to announce the brand new Norton Core router.

Unlike conventional routers, Norton Core was built to secure and protect connected homes. To provide strong wireless coverage, Norton Core has a unique antenna array inside a geodesic dome of interlocking faces, inspired by defense and weather radars deployed in the extreme reaches of the globe. Norton Core’s unique mathematical design encourages users to place it out in the open, as part of their home décor, providing a strong, unobstructed Wi-Fi signal.

IoT Ransomware

In addition to the Mirai Botnet targeting IoT devices, we also saw a new ransomware threat that affected smart TVs. FLocker (short for “Frantic Locker”) ransomware was capable of locking up an Android-based television. This particular ransomware strain is not new, as it has been posing a threat to Android smartphones since May of 2015. However, this particular strain made the jump to smart TVs running android OS in 2016. Luckily, this variant of malware does not encrypt files on the infected television. However, it does lock the screen, preventing the user from watching TV.

The continued targeting of smart devices by cybercriminals is our top threat prediction for 2017. With all these new attacks starting to ramp up in late 2016, we can only expect to see more of attacks on these devices in 2017.

2. The Apple Threat Landscape

The Apple threat landscape was extremely busy in 2016. We reported on seven major stories in 2016. In 2015, we saw quite a few proof of concepts, but 2016 brought more threats out into the wild. These are the same threats that are affecting Windows and Android devices.

Fake Apps Do Exist for iPhones

Cybercriminals sneaked fake shopping apps into the app store right before the holiday season. While Apple has a rigorous vetting process for their apps, these scammers got tricky and updated the apps with malware after Apple approved them for the App Store.

Spyware Is Everywhere

In addition to fake apps, 2016 saw the first targeted spyware released in the wild for iOS. Researchers discovered that a highly sophisticated cyber espionage group deployed a very rare, advanced form of spyware, which can break an iPhone wide open. The spyware, known as Pegasus, is distributed by sending a link to a malicious website via text message. The good news: Apple has already pushed out the update to the vulnerability.

iOS Bugs Are Ramping Up

Also on the iOS platform, there were three major vulnerabilities to keep an eye on. Researchers discovered a way to break the encryption used by iMessage that could allow attackers to access and steal attachments such as images, videos and documents that are being shared securely with contacts.

The second vulnerability discovered involves the handling of PDF documents. An attacker could send you a booby-trapped PDF that would then cause malicious code to run on your iPhone.

The third involves the fix of a three-year old cookie theft bug. Cookies are small files that contain various types of data that remember a user, and are placed on your computer or mobile device by websites you visit. This flaw can allow hackers to impersonate users and steal sensitive information by creating a malicious public Wi-Fi network. The hackers then wait for a compromised user to join the network and redirect them to a malicious website designed to steal user credentials. From there, the hacker would be able to open the embedded browser screen you would see when joining a public Wi-Fi network, load content into a user’s phone and execute it without them knowing.

Mac Ransomware–It’s Happening!

In March of 2016 Apple customers were the targets of the first Mac-focused ransomware campaign executed by cybercriminals. In this instance, it was the first time that cybercriminals used malware to execute real-life attacks.

In this particular case, users were downloading a program called “Transmission for BitTorrent,” which is used for peer-to-peer file sharing. Users downloaded a “bad” version of the installer for the software, which contained a malicious Trojan horse, known as OSX.Keranger. A Trojan horse is malicious software that can wreak havoc with data in many ways–such as the deletion, modification, copying, and stealing of data–as well as implant ransomware on the device. Like most ransomware, will encrypt a user’s files and demand a fee to release them.

Not Just Macs and iPhones Anymore

2016 also brought the first major issue to Apple’s AirPort routers. Apple discovered vulnerabilities in the firmware of AirPorts that could allow attackers to execute commands on the affected devices and infiltrate home networks. If your AirPort is flashing yellow, go update your firmware now!

This just goes to show that Apple products do need security software, now more than ever. You can protect your Mac against these threats and more with Norton Security Premium.

3. Man in the Middle Attacks

2016 was also a big year for Man-in-the-Middle (MitM) attacks. An MitM attack employs the use of an unsecured or poorly secured, usually public, Wi-Fi router. The hacker scans the router using special code looking for certain weaknesses such as default or poor password use. Once a vulnerability is discovered, the attacker will then insert themself in between the users’ computer and the websites the user visits to intercept the messages being transmitted between the two.

A lot of these attacks take place on public Wi-Fi hotspots. Since most of these networks are unsecured, it’s easy pickings for cybercriminals. In addition to unsecured hotspots, hackers will also set up legitimate-looking Wi-Fi networks in order to lure unsuspecting users to connect and give them full access to their device.

Norton WiFi Privacy is a VPN that encrypts all the information sent and received by your mobile device while you’re on public Wi-Fi, making your public connection private. Download Norton WiFi Privacy now.

4. Android, Android, Android!

In 2016, we reported on six major Android events. The top three threats we saw involved fake apps, botnets, and, of course, ransomware.

Bad Apps

Hundreds of malicious applications showed up on the Google Play store in October, disguised as legitimate applications. These malicious apps were carrying malware known as Dresscode. Dresscode is designed to infiltrate networks and steal data. It can also add infected devices to botnets, which carry out denial-of-service (DDoS) attacks as well as take part in spam email campaigns.

Android Botnets

Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages.  The Mazar BOT, as it is called, tricks the Android user into providing administrative access to the infected Android phone and can then erase any stored data. Although security research experts believe this malware has several hidden capabilities that are still being discovered, they know this malware will turn your smartphone into part of a hacker botnet web.

Mobile Ransomware

In 2016 there was a lot of mobile ransomware rampant on the threat landscape. Most notably, there were two that left devices completely vulnerable.

One variant of Android ransomware uses what is called “clickjacking” tactics to try and trick users into giving the malware device administrator rights. Clickjacking occurs when attackers conceal hyperlinks beneath legitimate content, tricking the user into performing actions of which they are unaware. Users stumble upon these illegitimate links, assuming that when they fill out a field, click on a link, or type in their passwords they’re gaining access to what they see in front of them.

Android.Lockdroid was spotted on March 11, 2016, and disguised itself as a system update. What’s different about this particular strain is that once the ransomware detects that it’s installed on a device in a certain country, it displays the ransom message in that country’s language. This is the first type of “chameleon” ransomware we’ve spotted. In general, Android.Lockdroid needs to be manually downloaded by the user from adult sites to infect devices. It could also automatically arrive on the device when the user clicks on advertising links, which is known as malvertising, a form of malicious advertising.

Taking advantage of quality security software such as Norton Mobile Security, (link is external) is an important measure that protects your device from malicious apps. With Norton Mobile Security, you can use our app advisor to scan for “bad apps” before downloading them to your phone. Norton App Advisor is a special feature included with Norton Mobile Security. It warns of privacy risks, intrusive behavior of apps, excessive battery drainage and data plan usage. It also features call and SMS blocking, anti-theft, contacts backup and protects your mobile phone from malware.

5. Malicious Sites, Drive-by-Downloads and Malvertising

Malvertising is a combined term for malicious advertising, and uses legitimate online advertising services to spread malware. Malvertising requires placing malware-infected advertisements on regular Web pages through authentic online advertising networks in order to infect a device through the Web browser. Malvertising can affect ANY device–PC, Mac, Android, etc.

In March of 2016 several mainstream websites fell victim to a massive malvertising campaign. The tainted ads in these websites directed thousands of unsuspecting users to a landing page hosting the notorious Angler Exploit Kit, a kit that stealthily installs crypto-ransomware.

Malicious Websites and Drive-by-Downloads

A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit. There is no interaction needed on the user’s part other than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of the browser and inject malware via the security hole. Symantec identified thousands of websites in 2016 that had been compromised with malicious code. Of the compromised websites, 75 percent were located in the U.S.

Defensive software such as Norton Security will prevent known drive-by downloads and warn you when you try to visit a malicious website.

If you are unsure about the credibility of a website you can also use Norton Safe Web, a free online tool, that can help identify risky websites as you browse the Web.

6. Social Media Scams

In 2016, Facebook reported that it had 1.71 billion monthly active Facebook users. Twitter has 313 million monthly active users. With so many active users, popular social sites are a scammer’s paradise. The motives are the same: scammers try to exploit these stories for any kind of financial gain possible.

Scammers will try to entice you into clicking by posting sensational or emotional breaking news stories, sometimes capitalizing on a recent news event, or making up a fake, shocking news story. When you click on the link, you get a notification that you need to download a plug-in in order to view the video. Click on it and you could be downloading spyware that will stay on your device and collect personal information that could be used for identity theft. Remember to delete emails from unknown senders and don’t download unknown plug-ins.

7. Tax Scams and Identity Theft

It’s important to realize that tax documents contain a plethora of personally identifiable information about people, such as wage information, Social Security numbers, home addresses and place of employment. Once these documents are obtained, the criminals would have everything they need to perform tax refund fraud; effectively stealing tax refunds owed to others. Because these documents contain a plethora of information, they can help the scammers commit identity fraud In addition to tax refund fraud.

Examples of phishing emails to be on the lookout for:

  • Fake IRS and TurboTax emails claiming the recipient’s tax refund is restricted or their account has been locked
  • Fake IRS-branded emails asking the recipient to update their tax filing information
  • Fake email claims saying a tax payment was deducted and includes a “receipt”
  • Fake email from the IRS seeking proof of identity documents because “You are eligible to receive a refund”
  • W2 phishing emails targeting employees

Existing Trends Coming Back for More

8. Ransomware:

Ransomware is here to stay. The first known case of ransomware popped up in 2013, and hackers have latched on to this tactic, refining it over the years. In 2016 we reported on eight major ransomware campaigns, which affected everything: Macs, Windows computers, Android platforms and more.

This year, we saw some notably new forms of ransomware, which just goes to show that cybercriminals are trying to “up their game” in extorting money from you.

The most unique form of ransomware we saw was the Jigsaw ransomware. This is not your average ransomware. Like other ransomware, Jigsaw will encrypt your files and demand a ransom in order to retrieve your files; however, it also comes with a countdown timer. During the first 24 hours it will start deleting a few files every hour. On the second day, the ransomware will delete hundreds of files, on the third day it will delete thousands–until the ransom is paid. Additionally, if you try to tamper with the ransomware or even restart your computer, it will delete 1,000 files as a “punishment.

”Whatever happens in ANY case of ransomware, do NOT pay the ransom, and be sure to keep regular backups to help protect your data in case you become a victim of ransomware.

Need backup? Norton Security Premium offers you an easy way to help defend against ransomware as well as a convenient backup solution.

9. Software Vulnerabilities and Software Updates:

Major software vulnerabilities continued to be a huge problem in 2016. Attackers heavily rely upon these vulnerabilities, as it is the easiest way to sneak malware into a user’s device unnoticed, with little action on the user’s part.

We reported on six major vulnerabilities in 2016- including an Adobe patch for 25 flaws, as well as quite a few other emergency patches from them as well.

The best way to combat against these attacks is to perform any and all software updates as soon as they are available. Software updates will patch those security holes attackers exploit, add new features and improve bug fixes.

10. 2016 Was a Banner Year for Mega Data Breaches

​Unfortunately, data breaches are almost as common as malware outbreaks. In 2016 there were eight mega-breaches involving major companies. Most recently, in December, over 1 million Google accounts were breached via malicious Android apps. This attack was particularly nasty because the only way to completely remove this malware from an infected device is to do a clean installation of the operating system. This is a complicated process, but mobile carriers can perform the installation for users.

However, topping the list for the most accounts breached was Yahoo, with a whopping total of 1.5 billion users. Yahoo announced this year that they had been the victim of two separate cyber attacks that occurred in 2014. The first breach that was announced stole information associated with 500 million accounts. The second breach, which is now the largest data breach in history, stole information from one billion accounts.

The second largest data breach of 2016 was from FriendFinder Networks Inc., which involved a breach of over 400 million accounts. 117 million LinkedIn user credentials were also snagged in 2016, and Dropbox verified that 68 million credentials were also stolen last year.

Big data is big money for attackers, so they set their sights on companies that tend to hold large amounts of personally identifiable data on their customers, such as Social Security numbers, birthdates, home addresses and even medical records. It’s easy for a cybercrime victim to report credit card fraud and just get a new number. When it comes to a Social Security number, though, you are bound to it for life. And Social Security numbers open the door to all sorts of identity theft.

Source/Reference

The dangers of jailbreaking or rooting devices

Jailbreaking, rooting and unlocking are the processes of gaining unauthorized access or elevated privileges on a system. The terms are different between operating systems, and the differences in terminology reflect the differences in security models used by the operating systems vendors.

Here are just some of the dangers that you’re exposing your device to when rooting/jailbreaking it:

General risks:

  1. Some jailbreaking methods leave SSH enabled with a well-known default password (e.g., alpine) that attackers can use for Command & Control;
  2. The entire file system of a jailbroken device is vulnerable to a malicious user inserting or extracting files. This vulnerability is exploited by many malware programs, including Droid Kung Fu, Droid Dream and Ikee. These attacks may also affect unlocked Windows Phone devices, depending on the achieved unlocking level;
  3. Credentials to sensitive applications, such as banking or corporate applications, can be stolen using keylogging, sniffing or other malicious software and then transmitted via the internet connection.

iOS

  1. Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data contained in other apps or install malicious software negating sandboxing functionality;
  2. Jailbroken devices can allow a user to install and run self-signed applications. Since the apps do not go through the App Store, Apple does not review them. These apps may contain vulnerable or malicious code that can be used to exploit a device.

Android

  1. Android users that change the permissions on their device to grant root access to applications increase security exposure to malicious applications and potential application flaws;
  2. 3rd party Android application markets have been identified as hosting malicious applications with remote administrative (RAT) capabilities.

5 Bad online habits you need to break

Here are 5 bad online habits you need to quit:

1. Allowing your browser to remember passwords.

2. Reusing passwords.

3. Relying on a free antivirus alone to protect you from all cyber threats.

4. Not updating your apps and operating system when a new update is launched. (This is true for all your devices.)

5. Thinking you have nothing to hide or to lose if cybercriminals do compromise your devices and data.

If you still find yourself guilty of these cyber security “sins”, it’s time to confess it to yourself and do whatever you can to change them. Maybe not all at once, but at least trying will help you improve your security vastly.

Important things you need to know about phishing

Phishing is when an attacker misuses technology to trick someone into divulging sensitive information, such as usernames and passwords or credit card numbers. People often associate phishing with fraudulent email messages—think Nigerian prince scams—but
phishing also reaches victims through web pages, documents, text messages, social media content, instant messaging, advertisements, and even phone calls.
  •  A phishing website lives, on average, for 15 hours. Cybercriminals take phishing websites down quickly so authorities can’t track them down.
  • Attackers use safe websites to hide their phishing websites to keep their operations going.
  • In 2016, cyber security researchers have found over 400,000 phishing websites each month! That’s almost 5 million phishing websites in a year!
  • Cybercriminals impersonated Google, PayPal, Yahoo and Apple the most this year, using them to manipulate users and trick them into revealing their confidential information.
Despite its humble beginnings, phishing has come a long way
since those first crudely constructed phishing emails. The
following are the most important findings from this report:
Strengthening an organization’s anti-phishing strategy means
moving beyond old techniques that use static phishing
domain or URL lists to highly automated technologies based
on sophisticated machine learning methods. These more
advanced technologies can quickly check the characteristics
and metadata for each requested webpage to look for signs of
phishing, then report a score or rating that the organization can
use to make automated decisions about allowing or denying
access to the page. When phishing sites can appear and
disappear in the length of a coffee break, highly automated
machine learning solutions are the only way to prevent
successful phishing attacks and the major data breaches they
facilitate.

‘Tis the season for stopping robocalls


Nothing puts a damper on the holidays like unwanted calls interrupting your day.

Maybe you’ve gotten one — you answer the phone and hear a recorded message instead of a live person. Internet-powered phone systems have made it cheap and easy for scammers to make illegal sales robocalls from anywhere in the world.

Fortunately, you have some options to block robocalls and other unwanted calls. Some are free and others cost money.

  • Check with your carrier about call-blocking services. Many carriers now offer services that block unwanted calls for wireless phones and for some types of home phones, too.
  • Try a call-blocking app. These apps use blacklists to weed out or flag unwanted calls and give you options about how to handle the calls — ringing through with a warning, going straight to voicemail, or blocking the call altogether. Many apps also let you flag additional numbers that should have been blocked, which helps improve the app. Some apps even use complaints to the FTC as a source of information.
  • Use features built into your mobile phone. These features can let consumers block specific contacts, identify unwanted incoming calls for future blocking, and set “do not disturb” hours.
  • Consider a call-blocking device for your home phone. Devices can be installed directly on a home phone.

During the last few years, the FTC has stopped billions of robocalls that offer everything from fraudulent credit card services to so-called auto warranty protection. We recently announced a case against a company offering allegedly bogus credit card interest rate reduction services.

If you get a robocall, hang up the phone. Don’t press 1 to speak to a live operator and don’t press any other number to get your number off the list. If you respond by pressing any number, it could lead to more robocalls.

Reference

Computer Security | Consumer Information

Scammers, hackers and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have good reason.

Update Your Software. Keep your software – including your operating system, the web browsers you use to connect to the Internet, and your apps – up to date to protect against the latest threats. Most software can update automatically, so make sure to set yours to do so.

Outdated software is easier for criminals to break into. If you think you have a virus or bad software on your computer, check out how to detect and get rid of malware.

Protect Your Personal Information. Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether you can really trust the request.

In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information.

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

  • Use at least 10 characters; 12 is ideal for most home users.
  • Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
  • Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
  •  If you write down a password, keep it locked up, out of plain sight.

Consider Turning On Two-Factor Authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.

Give Personal Information Over Encrypted Websites Only. If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you’ll still have access to your files.

Reference

3,1 billion data records leaked in 2016. How do you protect yourself?

In 2015, data breaches caused for 480 million data records to be leaked, breached or otherwise exploited by cyber criminals. But that figure doesn’t even compare to the astounding statistic from 2016.

With 3.1 BILLION data records breached in 2016, chances are high that your own data was involved in one of the massive breaches of the year.

let’s walk through some of the major hacks and data breaches from the past couple of years, and how they impacted the users:
1. Ashley Madison – August 2015 – 37 million people that were using the Ashley Madison site had their data published online, including credit card and sexual preferences. The service encouraged extramarital affairs, by helping users cheat on their partners. It led to many divorces and even some suicides.
2. iCloud / Apple – September 2014 – Not even cloud storage is safe from data breaches. Hundreds of nude celebrity photos leaked online, in a hack that was dubbed “The Fappening”. Apple later reported that the data was obtained using a highly targeted attack on user names, passwords and security questions.
3. Sony Pictures Entertainment – November 2014 – You most likely remember the Sony hack, that was allegedly planned by North Korea. 47.000 social security numbers of Sony employees were taken by attackers, plus names, address and financial information. However, the press mainly focused on the gossip side of the hack. The published stories covered the private conversations between Hollywood actors and movie industry players that also leaked.
4. Snapchat / SnapSaved – October 2014 – Also known as the Snappening, in reference to the Fappening, more than 13 GB of Snapchat videos and photos leaked online. The files were breached via a third-party app, SnapSaved, that was used to save and access Snapchat files.
5. IRS – May 2015 – More than 330.000 taxpayers were affected in this data breach. It may seem like a small number, compared to other data breaches, but the impact was disastrous. The attackers gained access to filed tax returns, financial information and social security numbers.
6. Vtech – November 2015 – Information on 6.4 million children and 5.9 million adults were exposed in what experts consider the largest theft of personal data targeting kids. Name, gender and birthdate were among the stolen data on the kids, while parents had their name, mailing address, secret question and answer for password retrieval, IP address, download history and encrypted password leaked. We don’t even want to imagine what could happen if some ill-intentioned individuals would pair the info on the parents and their children.
7. LastPass – June 2015 – Who says password manager services are safe? LastPass servers were attacked last summer. The data accessed by the intruders included email addresses, password reminders and authentication hashes. However, encrypted user data (aka your stored passwords) was not breached. The company prompted all the users to update their master password immediately.
8. eBay – May 2014 – One of the biggest data breaches of all times, that let 145 million users with their names, email and postal addresses, phone numbers, birthdates and encrypted passwords exposed.
9. Anthem – February 2015 – A data breach of the second biggest health insurer in America exposed medical information of 80 million customers. Plus names, birthdays, social security numbers, email and home addresses.
10. Spotify – November 2014 – Not even music streaming services are safe from attackers. Last year, over a thousand Spotify users had their email addresses and passwords leaked online. Gaana, the most popular indian music streaming service, with more than 7.5 million monthly users, also got hacked and had its database exposed.

Source

Ransomware can now encrypt your smart TV too

Ransomware keep evolving and can now encrypt smart TVs.

According to the software developer, when he first contacted LG’s tech support, he was told that a technician would have to come over and take a look for a fee of around $340.

The ransom amount itself was $500 although even paying that would have been difficult because there was no way to click on the payment section to find the instructions on how to do so. The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote.

In order to keep your smart TV safe, avoid downloading strange apps (even if they are in the Google Play store), keep your software up to date and protect your home Wi-fi.

Top 10 Tips To Stay Safe Online


With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these threats.

Here are some tips to help you get started:

1. Create Complex Passwords. We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice: use a password manager to help you store and create strong passwords for all of your accounts.

Then, check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.

2. Boost Your Network Security. Now that your logins are safer, make sure that your connections are secure. When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi.The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a Virtual Private Network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

3. Use a Firewall. Even if your network is secure, you should still use a firewall. This an electronic barrier that blocks unauthorized access to your computers and devices, and is often included with comprehensive security software. Using a firewall ensures that all of the devices connected to your network are secured, including Internet of Things (IoT) devices like smart thermostats and webcams. This is important since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

4. Click Smart. Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.

5. Be a Selective Sharer. These days, there are a lot of opportunities to share our personal information online. Just be cautious about what you share, particularly when it comes to your identity information. This can potentially be used to impersonate you, or guess your passwords and logins.

6. Protect Your Mobile Life. Our mobile devices can be just as vulnerable to online threats as our laptops. In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices.

7. Practice Safe Surfing & Shopping. When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool such as McAfee SiteAdvisor to steer clear of risky sites.

8. Keep up to date. Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.

9. Lookout for the latest scams. Online threats are evolving all the time, so make sure you know what to look out for. Currently, ransomwareis on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.

10. Keep your guard up. Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to backup your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.

Reference

Why keeping your OS up to date

They say Macs are safer than Windows PCs, but Apple’s devices have their own share of vulnerabilities that can be exploited by hackers to seize full control of the systems.

If you’re still unsure of why you should update your operating system to the latest version, here’s a true story I hope will persuade you why it’s the right thing to do.

A Swedish security expert showed how a $300 device can steal passwords from sleeping or closed Macs (the same which most people think are impenetrable to cyberattacks).

“Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”

Apple fixed this vulnerability in macOS 10.12.2, so that’s why applying these updates is key for your cyber security. Of course, the same goes for Windows, even more so than for Mac OS X.