Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
Tag Archives: Privacy
ProtonMail Back Online Following Six-Day DDoS Attack
Encrypted email service ProtonMail is back online Monday following a crippling six-day DDoS attack.
Nearly 157,000 TalkTalk customers had their personal details hacked
TalkTalk talks numbers – revealing that “only 4%” of its users were affected by the hacking attack on its systems.
The post Nearly 157,000 TalkTalk customers had their personal details hacked appeared first on We Live Security.
Brazil faces unique cybersecurity challenges
Futurecom is Brazil’s major conference and exhibition for the mobile industry to come together and look at the specific requirements that this unique country and culture need.
I was fortunate enough to be asked to be on a panel of industry experts, which included companies such as Tefonica, TIM, Telebras, Deloitte IBM, KPMG and of course AVG. The discussion was promised to be about cybersecurity with the following questions asked by the moderator through the 1.5 hours to get the discussion going.
- How does the advancement of mobile applications and the use of new devices (and any connected “thing”) make even greater challenges for cybersecurity?
- What are the most critical aspects which users need to worry about?
- How can suppliers, operators and providers contribute to increase the level of protection in these environments?
- What are the main trends in cybersecurity compared to mobile and the internet of things which just tend to grow?
Each participant gave a view point, and what interested me was how the entire conversation, regardless of the question, seemed to revolve around two topics: data breaches and consumer privacy. This dominated the answers, yet if the same questions had been asked 3 years ago this would have been about malware and protecting devices, but now the conversation is about us, the consumer.
Brazil has some unique challenges in this area as there is no legislation requiring companies to disclose any data breach, and therefore the consumer never knows if their data has been compromised. The consensus of the panel was that governments need to legislate. While I agree with the need for ‘some’ legislation there is also an opportunity for industry to self-regulate and show a responsible path. Self-regulation in any industry allows companies involved to find innovative ways to provide solutions and allows new business practices that may not have been permitted by the strictness of specific legislation.
The fact that data breaches and consumer privacy topped the agenda is not surprising. If we look at the trend of security stories in the US and Europe you’ll notice that the news coverage is all around these topics and the many data breaches that have taken place.
We, whether knowingly or not, disclose and share more information with companies than any generation has ever done before us: our preferences for food, where we shop, our location — the list of data is endless. It is only when this data falls into the wrong hands do we take time to think about the consequences of having shared it, and then maybe regretting it a little. As consumers we need greater choice and control on what is being collected about us and ultimately how it may be used.
It’s not surprising that in one of the world’s major populations, in which a large number of people moved straight to mobile skipping the PC generation, that mobile applications are used in slightly different ways to the rest of the world. I recommend watching to see how Brazil handles the challenges of data breaches and consumer privacy, whether legislated or self-regulated.
Mozilla Embraces Private Browsing with Tracking Protection in Firefox 42
Mozilla has pushed a feature in Firefox live that allows Firefox web browsers to block certain page elements while browsing privately.
UK government: Data encryption needs to be limited
The UK government is to put forward proposals that will require organizations to limit the effectiveness of data encryption, arguing it weakens security.
The post UK government: Data encryption needs to be limited appeared first on We Live Security.
6 Tips for safer online shopping this Christmas
It’s the end of the year and that means the festive season is almost here! Many of us will be buying gifts for our friends and loved ones, and many of us will being doing it online — it’s convenient, less hassle and there are some great deals to be found.
Scammers don’t take holidays. Unfortunately they’re especially busy during the holiday season targeting unsuspecting online shoppers who are eager to snap up Christmas bargains.
Here are a few things you can do to enjoy safer online shopping this season.
1. Buy from reputable and trusted stores or sellers
When shopping online you should try and purchase from trusted or well-established online stores or marketplaces, and ensure that sellers or merchants have a good reputation and track record.
Some scammers take the time to set up highly elaborate and genuine looking websites, so don’t be fooled by their good looks. If in doubt, do your research — read reliable online reviews, ask around in website forums, and maybe even go that extra mile and check a seller’s business credentials.
Some e-commerce sites give you the option of using a third party payment method. This can be useful if they offer features like Paypal’s buyer protection. It means that if something does go wrong you can recover some of your money.
2. Avoid the ‘too good to be true’ offer
If you see deals or offers that are too good to be true, then they probably are — try and avoid them. Shoppers are often tempted into taking up unbelievable offers, and in doing so purchase a product that never arrives or they inadvertently divulge their private and financial details to scammers.
3. Pay securely
When purchasing online always make sure you’re using a secure payment method at the checkout. This will ensure that the information being sent in the transaction is encrypted and can’t be intercepted. You can confirm that an online store’s checkout is encrypted by making sure there is a little lock icon visible in the address bar, followed by ‘https’ and not ‘http’.
4. Avoid upfront payments or fees
You might receive an unsolicited email saying that you’ve received a prize in a competition or a parcel that needs to be delivered, but to receive it you first need to pay an administrative fee or extra postage. Be very wary! Don’t give out any details or pay any fees upfront to claim a ‘free’ item from someone via an unsolicited email, message or phone call.
5. Watch out for phishing emails
Phishing emails often look legitimate and are from businesses that you would normally use — It could be a bank, online store or even a government agency.
The fake email might provide plausible reasons for you to click a link to visit a website and update your details, for example: a problem with your account that needs an update, or that you need to confirm an existing order with correct account credentials.
Be very careful. Don’t reply to the email or click any links, instead go directly to the business or organisation’s website in your browser and login into your account to verify everything is in order.
Also, remember to avoid opening any file attachments from unsolicited or unknown senders. If you do, you could be at risk of accidentally installing malware or trojans.
6. Install an antivirus solution and keep software up-to-date
You should keep all your software and the operating system on your devices up-to-date to avoid vulnerabilities that could be exploited by malicious software and hackers. If you don’t have one already, you should consider installing an effective antivirus solution to prevent viruses and malware.
AVG offers award winning antivirus protection — PC users can install AVG AntiVirus Free, and Mac users can download our free AVG AntiVirus for Mac. If you have a phone running Android, you can download AVG AntiVirus for Android from the Google Play Store, which is also free.
Happy holidays and stay safe out there.
If you or anybody you know has been affected by cybercrime fraud you can report it to:
US
Federal Bureau of Investigation, Internet Crime Complaints Center
http://www.ic3.gov/default.aspx
UK
ActionFruad – National Fraud & Cyber Crime Reporting Centre
http://www.actionfraud.police.uk
AUS
Scamwatch
https://www.scamwatch.gov.au/report-a-scam
ACORN – Australian Cybercrime Online Reporting Network
https://report.acorn.gov.au
Avast 2016 protects your private information
Avast simplifies how you protect your privacy with new products for 2016.
Avast 2016 introduces new products to protect your privacy
Count the number of devices you own. If you are like most modern digital-age people, you have a smartphone, half of you own a tablet, and most all of us have a desktop or laptop computer connected through a home router.
Now think about all the private information that you have on those devices. Bank account numbers, passwords, photos, messages and emails – all of them needing some form of protection to stay out of the wrong hands.
In a survey we did this year, 69% of you told us that your biggest fear is that the wrong person would see your personal information. In fact, Americans are so scared of having their financial information get into a bad guy’s possession, that 74% said they’d rather have nude photos of themselves leaked on the Internet! The problem is that most people are not doing anything to protect their privacy, for example, 40% of Americans don’t even lock their smartphones.
“While people are rightfully concerned about privacy, there is a disconnect between that concern and the steps they take to protect themselves,” said Vince Steckler, chief executive officer of Avast. “Users have a multitude of devices and passwords to keep track of, which can be overwhelming. When users feel overwhelmed, they tend to default to unsafe practices that put their privacy at risk.”
The new Avast 2016 for PC and Mac, the redesigned Avast Mobile Security, and the new kid on the block, Avast SecureMe, will all help reduce the complex task of protecting your private, personal information.
So time to face your fear and take steps to protect yourself. Here’s some tools that Avast is launching today to help you:
Protect personal information on your mobile devices
You probably use your Android mobile phone more than your laptop these days. Much of your life is on your mobile devices – banking information, private messages and photos. Protect all your data with the completely redesigned Avast Mobile Security – for free!
Here’s Avast Mobile Security features I want you to know about today:
Leading Mobile Malware Protection — Yes, malware is a threat but it works differently than classic PC viruses and Trojans. We’re on top of it, with the most advanced mobile malware protections available, now even faster with Avast’s cloud-scanning engine.
Privacy Advisor – Your apps, from mobile messengers to your bank, contain information that you want to protect. Privacy Advisor informs you about what data apps have access to and the ad networks that are included in the apps.
Wi-Fi Security – It’s not called mobile for nothing. You are out-and-about all the time, connecting to who-knows-what free Wi-Fi hotspot. We notify you when you connect to an unsecure router, so you can avoid bad guy’s eavesdropping and snooping on you.
Unlimited App Locking — Nosy kids, friends, and family members can be kept out of your business because we can password protect any apps on your device, providing another line of defense against prying eyes.
Protect personal information on your computer
The designers and engineers of the world’s most trusted antivirus got together with the mission to make your life easier. Avast 2016 sports a new simplified user interface with fewer buttons. It’s compatible with Windows 10, and it notifies you of Windows updates so you can easily keep software up-to-date and patched.
But it’s these two new features that we’re most excited about today:
Avast Passwords (for PC, iOS, Android) automatically generates extremely strong passwords that you don’t have to struggle to remember! All you do is set and remember one master password to access all your passwords. One password to rule them all!
SafeZone Browser (available with all premium versions of Avast) keeps all your banking and payment sites isolated in a protected space called Pay Mode, and if you run into suspicious sites, an isolated, virtual environment called Safe Mode will automatically open, so you don’t risk the safety of your machine and data.
Protect personal information on your iPhone and iPad
Wi-Fi Security – This is the same great feature that’s available in Avast Mobile Security. When you connect to an unsecure router you will be notified.
VPN – Avast SecureMe establishes a secure connection when you’re connected to open Wi-Fi.
Where do I get the new Avast security products?
- Avast 2016 for PC and Mac is now available for download at www.avast.com.
- Avast 2016’s Avast Passwords feature is now available for PC, Android and iOS, and will soon be available for Mac.
- The new Avast Mobile Security app can be found in the Google Play Store.
- Avast SecureMe will soon be available on the Apple App Store.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Avira starts lawsuit against adware distribution site
Avira has filed a lawsuit against the German Freemium.com download site for unfair business practices and misleading consumers into installing unwanted programs (PUA). We’re the first security vendor to stick up for customer rights and go directly after a software publisher.
The post Avira starts lawsuit against adware distribution site appeared first on Avira Blog.
TalkTalk data breach
Over the last few days, more details pertaining to the recent news that TalkTalk has suffered a data breach have been made public, but there are still many questions about exactly what was taken. In many data breach cases, details are limited by the need for the company and law enforcement agencies to ascertain the extent of the breach and to collect evidence.
With the news that a suspect has been arrested in connection to the cyber attack, I am sure more details will start to become available over the coming days.
So far, it appears the data exposed – some of which may have been encrypted – could include: names, addresses, DoBs, email addresses, phone numbers, TalkTalk account information, bank details and partial credit card details. But what could this mean practically?
Take account information, for example – is a user’s Active Choice information held within their account settings? If so, I wonder how many people would be embarrassed by people discovering they have disabled porn filters on their broadband. With this sort of personal information, could we be looking at ‘Ashley Madison 2.0′?
Looking at recent data breaches, spear phishing is a frequent method of entry – targeting individuals within a company or organization to reveal details allowing hackers access to internal systems.
This means implications for both companies and consumers. Organizations should limit employee access to sensitive information in order to limit the risk of falling victim to attacks like this. Employee education – ensuring workers are aware of the dangers – is also paramount.
My advice to consumers:
- Ensure other online accounts aren’t using the same email and password combination as stored with TalkTalk. If so, change them.
- Be wary of spammers sending emails that look like they’re coming from TalkTalk. Scrutinize these emails carefully and, if in doubt, contact TalkTalk directly to ensure it’s an official communication.
- If you are concerned that credit card details have been breached, then call your card company and have the card suspended or stopped.
