Could the Internet of Things spark the Ransomware of Things? ESET’s Stephen Cobb examines how ransomware and jackware are evolving.
The newest phishing email to hit my Outlook inbox had a visual message: Spammers have learned that design sells. Most phish are really like fish – they smell, and not just after three days. There usually is something that screams “FAKE” and practically pushes you to trash it. The obvious forgery of most phish also […]
There’s never been a better time than now to check and tighten your LinkedIn account security and privacy: After all, email addresses and hashed (and sometimes already cracked) passwords of the network‘s users have been put up for sale recently.
Are you afraid of one of your social media accounts being hacked – and how to clean up the mess after the fact? Let’s take it one step further — what can you do preemptively to make your account more secure. Here are 3 tips to reduce the chances that your Twitter account will get hacked.
If you are not from the UK you might never have heard of Carphone Warehouse before. Which makes since, it being a UK company and all.
The post Carphone Warehouse: Data of up to 2.4 million customers at risk appeared first on Avira Blog.
Why? Because cars are now definitely hackable. It has been proven. By driving a Chrysler Jeep Cherokee in a ditch. Let me tell you guys: It didn’t end well for the car!
What basically happened is this: Two security researchers, Charlie Miller and Chris Valasek, were asked by WIRED writer Andy Greenberg to hack his car.
“I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass,” he describes the experience.
But that was merely the beginning. After Greenberg entered the highway the two hackers cut the transmission. Yes, you’ve hear right. The results? The accelerator stopped working. The car got slower and slower. Cars were honking and driving by. But “the most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.”
Are you not sure whether to believe the tale or not? Then just take a look at his expercience yourself:
But how can something like that even happen? The issue apparently lies in a wireless service called Uconnect which connects these cars to the Sprint cellphone network. Uconnectis featured in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks. It not only controls the vehicle’s entertainment and navigation systems but also, enables phone calls, and offers a Wi-Fi hot spot! The researchers only had to find a vulnerability – which they did – to access and control the car’s system. Anyone who knows the IP address can gain access to it.
Luckily Chrysler released a patch – so make sure to apply it ASAP if you own one of the vulnerable cars. But while it fixes the described issue, how many others remain unfound, exploitable and dangerous?
Ashley Madison is a social network for people in relationship (mostly married I’d guess) who want to have an affair. Now, according to Krebs on Security, the page has been hacked by “an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information”. Large parts of stolen data have been posted online by The Impact Team, the people responsible for said hack.
Apparently The Impact Team decided to post the stolen data because while Avid Life Media (ALM), the company that owns Ashley Madison, says that they will delete user profiles permanently for $19 that’s not happening, at least not completely. While there has been some controversy concerning this topic before the reaction of The Impact Team seems rather extreme.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” the hacking group wrote.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
According to ALM CEO Noel Biderman the company’s investigation is ongoing. He also states that he believes that the breach was actually an inside job – perhaps by a former employee or contractor: “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication. I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.“
Sounds obvious â right? But can you always tell? For instance, if several bloggers contribute posts to the same account, will you know who was supposed to post which article and when? And if you use a service like NetworkedBlogs to automatically publish links from your blog to your Twitter and Facebook accounts, do you really carefully check every tweet and post?
If you notice unexpected posts on your social media accounts, delete them immediately and change your password.
Most social media services these days enable you to check the location of the last logins â even if they tend to be approximate. So if you are in Germany and you see that someone logged in on a different continent, chances are your account was hacked.
Regularly check the locations where you supposedly logged in. If you notice an open session in an unexpected location, terminate it. A step-by-step guide on how to do that in Facebook can be found here.
Ever heard of likejacking? It is a derivative of âclickjackingâ, but specific to Facebook. It works as follows: you are lured onto a page with an attractive post, such as the â10 funniest television bloopersâ or âwatch this baby panda sneezeâ. The page is composed of two layers â a front layer, which is a cute sneezing panda, and a back layer, with a Facebook âLikeâ button, which follows your cursor wherever you click. As soon as you do so, youâre Facebook page will get flooded with adsâ¦
On Facebook you have the ability to checkÂ which apps you have liked and can disable them. If you donât know the apps that you find there, remove them from your profile â a hacker may have liked them to get money for every purchase made form those ads. Make sure that their posts are also gone.
Assuming that you didnât simply forget your password, it might be that someone accessed your account and changed your password. Please note that if this is indeed the case, most probably the cyber criminals have also replaced the email address used to recover the password.
Contact the owner of the platform (e.g.: Facebook, Twitter) â itâs the best way to claim your account back.
Are you now following lots of new and unknown people? For example, malware may hijack your account and make you follow spambots on Twitter or Facebook. This then further spreads malicious URLs to more people.Â The same applies for a host of private messages/tweets sent from your account â unbeknown to you.
Change your password immediately. Optionally, we recommend you delete the posts and let everyone know that they should not click on the links posted from your account during the period of time when you were hacked.
If you think you may own a hacked social media account, you can contact the owner here: