Category Archives: PSA

Fraud and Shopping Online

The holidays are coming. Are you protected while shopping online?

It’s holiday shopping season. If you’re like millions of other shoppers, you like to do your shopping online, however, online shopping also comes with risk.

Here are some tips to help protect you while shopping online.

  • Secure your mobile device and computer. Make sure your anti-virus software is up to date.
  • Use strong passwords. If you need to create an account, use a strong password, and use a unique password for each site.
  • Do not use public computers or public wireless networks for your online shopping. Criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other confidential information.
  • Pay by credit card, not debit card. Credit cards are covered by the Fair Credit Billing Act, which may limit your liability if your information is used improperly. Check your statements regularly.
  • Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s address and phone number.
  • Look for “https” when making an online purchase. The “s” in “https” stands for “secure.”
  • Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs.
  • Hover over links in emails before clicking on them to verify where you’re being directed. If you question the validity of an email, contact the source directly.
  • Do not auto-save your personal information. t is always safest to opt out of auto-save and enter in your information manually every time.
  • Don’t ever give your financial or personal information by email or text. Information on many current scams can be found on the FBI Internet Crime Complaint Center.
  • Review privacy policies. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.
  • Keep all receipts and documents. Make sure you print out a copy of the receipt once you have finished your purchase.

Facebook expands search to all 2 trillion of its posts

Facebook announced on Thursday that it will expand its search function to include every publically-available post in its archive, not just those of your friends and liked Pages. But this won’t simply be a firehose of information, Facebook will reportedly segregate and stack results depending on the source.

So depending on your posts, if you published any public, you may want to change your privacy settings for those posts.


Malicious adware’s latest trick is replacing your whole browser

Just recently, infosec celebrity Swift on Security pointed out a new piece of adware called the “eFast Browser.” It does the kind of malicious crap that we’ve all seen quite often over the years: throwing pop-up and pop-under ads on your screen, putting other ads into your web pages, pushing you towards other websites with more malware, and (of course) tracking your movements on the web so that nefarious marketers can send more crap your way.

But what’s nefariously intriguing about this software is that it isn’t trying to hijack your current browser, it’s straight-up replacing it. As reported by Malwarebytes, eFast tries to delete Chrome and take its place, hijacking as many link and file associations as it can. Its icon and window looks a lot like Chrome’s and it’s based on the open source Chromium project in the first place, so it acts a lot like Chrome too. The software comes from a company calling itself Clara Labs, which is actually behind a slew of similar browsers with names like BoBrowser, Tortuga, and Unico.

Chrome really lead the way to the new paradigm of how to do extensibility correctly. Firefox/Edge is almost literally working on copying it.

— SecuriTay (@SwiftOnSecurity) October 16, 2015

The weird thing about this software is that it’s actually kind of good news, security wise. As Swift on Security points out, it’s easier for malware to just try to replace your browser than it is to infect it. That’s because Chrome moved toward locking down extensions by requiring that they come through Google’s web store (and thereby Google’s code review and code signing). Mozilla’s Firefox and Microsoft’s Edge browsers are moving in the same direction. So while replacing your whole browser isn’t totally new for malware, the fact that it’s the best vector for attack now might be.

According to PCrisk, eFast and its ilk try to get on your computer by burrowing themselves into the installers for free software from dubious sources on the web. It should be relatively easy to avoid installing it and, fortunately, should also be relatively easy to uninstall if you’ve found it on your computer.


An Android Porn App Takes Your Photo and Holds It to Ransom


Users of the “Adult Player” Android app are in for a shock: it’s emerged that the Android app has been secretly taking photos of users – and wants their cash in exchange for deletion.

The Register reports that security firm Zscaler was first to spot the app, which presents itself as a normal video playing app, albeit for playing videos of an adult nature. Apparently once it has silently snapped photos of its victim it will display a message on screen demanding that they pay $500 . Otherwise, well… do you want people knowing you’ve used the app?

Apparently once the ransom message appears it will stay fixed on your phone screen, even if you reboot. Whilst no doubt highly illegal and bad and wrong, you have to admire how clever the ruse is.

But there is good news: Adult Player isn’t actually available on the Google Play store, and to use it users will have to have installed the app’s APK file manually, checking the box in settings to allow their phones to run apps from non-trusted sources. So there’s no need to be too nervous when downloading new apps to your phone. If an app was listed in the app store, apart from the fact that Google would probably stop it from being published in the first place, if it wanted to use your camera you would have to grant it explicit permission.

So let this be a lesson: If you want to let a porn app do anything to your phone, make sure you use an app that ensures that it does it, umm, explicitly.


Firefox private browsing test keeps more of your data off-limits

Numerous browsers have a private mode to prevent local users from learning too much about your web habits, but what about preventing the sites themselves from tracking what you’re doing? Mozilla thinks it can help. It just released a pre-beta version of Firefox whose updated, experimental Private Browsing mode blocks web elements that could track your behavior, such as analytic tools and social network services. While the measure could break some sites, Mozilla reckons that it’s ultimately better to keep you off sites’ radars by default. If you do run into problems, there’s a central control area where you can tweak your privacy and security settings.

That isn’t the only test underway. The pre-beta also enforces add-on verification by default, so that social plugin you downloaded shouldn’t add unwanted toolbars, inject ads or collect more data than it should. Like with Chrome, you can turn off this filter if you’re willing to throw caution to the wind. If you just have to try either of these features right away, you’ll want to grab this early Firefox build now — it’s going to be a while before they make their way into a finished version.


Source: Mozilla


Zero-Day Exploit Can Completely Brick Your Mac

It’s Black Hat season, meaning that we are getting a new batch of zero-day exploits showing how insecure our gadgets are. Xeno Kovah and Trammell Hudson found a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status.

This zero-day exploit dubbed Thunderstrike 2 targets your Mac’s firmware thanks to an attached Thunderbolt accessory, such as an Ethernet adaptor or an external hard drive. After receiving the code via a phishing email or a malicious web site, malware code could look for connected Thunderbolt accessories and flash their option ROMs.

If you reboot your Mac with this infected Thunderbolt accessory plugged in, the EFI will execute the option ROM before booting OS X. As this option ROM has been infected, it will execute malicious code infecting the EFI itself. For example, it could simply make your Mac’s firmware refuse to boot OS X, turning your Mac into a useless machine. And if your firmware is compromised, there is no way to boot OS X, update the firmware and remove the malicious code.

The best part of this zero-day vulnerability is that your Thunderbolt accessory remains infected. If you plug your Ethernet adaptor into a new Mac, this Mac will get infected as well when it reboots. It’s not as harmful as malware that spreads through the Internet, but it could make some serious damage in an office environment for example.


Malwarebytes already spotted an adware creator who uses this zero-day vulnerability to get root permission and then execute a script to install a bunch of applications — the VSearch adware, the Genieo adware and the MacKeeper junkware. It also makes the Mac App Store unusable at it will endlessly prompt you to install Download Shuttle.

Apple already fixed DYLD in El Capitan’s beta but not in the current Yosemite version. It has also added applications using these exploits to its malware blacklist, but it’s just a temporary cat-and-mouse fix. The company will issue security patches for both OS X Yosemite and OS X El Capitan beta. In the mean time, be careful when you download something and unplug all your Thunderbolt devices before rebooting your Mac — just in case.


Affair Site Ashley Madison Hacked, Info Stolen For 37 Million Accounts

You won’t find Ashley Madison on any of my recommendations. However, the site aimed at helping people in existing relationships have an affair has been hacked, with 37 million users’ data stolen. And worse yet, that data’s currently being held for ransom. Who knows where this could lead?

According to security site Krebs on Security (who previously reported the Home Depot hack), Ashley Madison’s parent company Avid Life Media suffered a security breach at the hands of a hacker group calling itself the Impact Team. The group is currently holding data on 37 million of Avid Life Media’s users for ransom, demanding that Ashley Madison, as well as sister-site Established Men, be taken offline permanently.

The personal data stolen includes real names, financial records, and private details for users of the site. While the data has not yet been revealed to the public, a small sample data set was initially released before being taken offline.

Avid Life Media released a statement saying that it has secured the unauthorized access points and is currently working with law enforcement to identify the perpetrators of the attack and prevent the data from being released. It’s unclear whether there’s anything users can do to protect their accounts.

Online Cheating Site AshleyMadison Hacked | Krebs on Security