A major Apple security flaw allows cybercrooks and spies to grab personal information like email, credit card numbers, and other sensitive data. Apple confirmed researchers’ findings that the same SSL/TSL security flaw fixed with the latest iOS 7.0.2 update is also present in notebook and desktop machines running OS X.
Please apply the patches as advised in this post.
It is clear that we need constant protection to cover flaws that will always exist; flaws that we are not even aware of. Reuter‘s reported that
The bug has been present for months, according to researchers who tested earlier versions of Apple’s software. No one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it hadn’t been used.
But documents leaked by former U.S. intelligence contractor Edward Snowden showed agents boasting that they could break into any iPhone, and that hadn’t been public knowledge either.
It’s very public now, and that means the race is on between cybercrooks to exploit the flaw and Apple to fix it. You are exposed until the bugs are identified by the vendor, a patch is created, and it’s pushed out or you install it. Your vulnerability increases when you use public WiFi Hotspots.
Your best protection is constant protection
It’s precisely because we put ourselves at risk by using free WiFi, and we don’t know when the next security crisis is coming that we need constant protection. SecureLine VPN is that protection. Read more…
The massive hack against Target, in which 40 million credit and debit card numbers were stolen, began with stolen login credentials from the air-conditioning repairman. This illustrates the old adage, “a chain is only as strong as its weakest link.”
While consumers can’t control why a third party contractor would have external network access at a major retailer, there are some things you can do to protect yourself.
How can I be notified if my email address or password was hacked?
Every two seconds in the US, someone becomes a victim of identity fraud. With 13.1 million victims last year and multiple companies (Facebook, Target, Neiman Marcus, Adobe) being exploited, there is a good chance you could be among them. You can use the have i been pwned notification service to learn if your email address was included in a large data breach. This service allows you to enter an email address and will notify you if your address appears in any databases added to the service. I learned that my email address was stolen from the Adobe breach, but thankfully, I haven’t been notified of anything else.
What’s your weakest link?
You can’t stop shopping, but there are things you can do (other than paying cash only) if you’ve become the victim of hacking.
- 1. Change your passwords We’ve talked about it plenty of times, but here’s a reminder: Make passwords long and strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password. eNcrYP0123tion$ is stronger than Encryption123. If you can’t remember different passwords for all the accounts you have, use a password manager like avast! EasyPass. Read more…
If you are one of the thousands of visitors headed to Sochi, Russia for Friday’s 2014 Winter Olympics opening ceremony then you will be hacked. Richard Engel, from NBC news, reported that it’s not if you get hacked, it’s when, and he discovered that it starts from the moment you turn on your device.
In an experiment conducted by NBC Nightly News, their just out-of-the-box computer and smartphone were hacked in seconds while in Sochi. “The State Department warns that travelers should have no expectation of privacy; even in their hotel rooms. And as we found out, you are especially exposed as soon as you try and communicate with anything,” reported Engel.
“As tourists and families of athletes arrive in Sochi…if they fire up their phones at baggage claim, it’s probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to be hacked,” said NBC’s anchorman Brian Williams as he introduced the report.
Watch the video report of NBC’s experiment (there’s an ad first, so give it a few seconds):
Protect yourself with avast! SecureLine VPN
Wherever you travel – whether to Sochi or your neighborhood coffee shop – you are sure to use public WiFi, which is full of security risks. That’s why we came up with a solution - have avast! SecureLine VPN installed on your devices. avast! SecureLine is available for PCs, and just recently we released avast! SecureLine for Android and iOS devices.
How to get avast! SecureLine
avast! SecureLine for PC is available as an add-on to avast! Antivirus. Get it from our website, or open the AVAST interface, click on the Store tab and get a free trial or one-month, one-year, or two-year subscription.
UPDATE: NBC has taken some criticism for the story since this report, with claims that it was misleading and promoted scaremongering. The experts they worked with released a white paper describing how each new device, without the protection of antivirus software, was compromised. NBC responded by stating that their experiment was designed to “show in general how easily a non-expert can fall victim.”
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Whether on business travel or vacation, you don’t want to worry about the security of your devices when you connect to the internet. Using a WiFi network in a café, airport, or hotel is a serious security risk that requires additional protection to secure your data and computer.
avast! SecureLine VPN is now completely integrated into all of AVAST’s free and premium products. Here’s the top 6 reasons why you should use avast! SecureLine VPN:
1. Hides your data from thieves – avast! SecureLine VPN encrypts your public WiFi communications. That means that someone snooping on you will see a bunch of gibberish instead of your email, files, passwords, etc.
2. Keeps eavesdroppers from listening to your VOIP calls – avast! SecureLine VPN makes your voice or video conversations through the internet using Skype or Viber, for example, safe and secure by encrypting your conversation. This allows you to talk to people without fear of being eavesdropped on by cybercrooks, your ISP, and even the government! Read more…
Millions of people use social networks like Facebook and Twitter every day to share photos, comments, and ideas with their friends and followers. These popular platforms have become magnets for cybercrooks and are used to spread different types of scams. Hackers take advantage of the easy accessibility of data we put online to manipulate or steal them.
The security of AVAST users is a total priority for us. Therefore we monitor and warn you about new threats we discover on social media. We have noticed that while trying to be creative, scammers also run out of ideas and certain type of threats repeat periodically. Hence, we have gathered the top 4 sneakiest scams and prepared a summary of the most typical malicious behavior recently distributed via social networks.
Facebook Photo Scams
Most of us are softies and scammers know it. Who wouldn’t “like” a photo of a child in need if it could help them? Especially if it says: Each time you like the photo, you donate one cent to…, or If I collect 1,000,000 likes my parents will… Like my photo, please! Scammers count on our sympathetic hearts to respond to these calls for help, and we do by clicking like and share. Read more…
Question of the week: First it was Facebook, then Living Social, then LinkedIn, now Twitter accounts have been hacked. How can I keep my business and personal accounts from being hacked, if the big boys can’t even protect theirs?
You are right. It seems like every week we hear about another major website or an account on a social network being hacked into. Your concern is genuine, because once hackers get in they can not only gain control of your account, but they can also get your email address, passwords, and even get access to your bank account.
There are some steps you can take.
There is a nasty botnet trolling WordPress sites trying to log in with the default admin user name and using “brute-force” methods to crack the passwords. Our advice to save your wordpress blog from being hacked is to change admin as the login name to something else and use strong passwords.
Matt Mullenweg, the founder of WordPress, advises the same thing on his blog. He also said to turn on the two-step authentication, which prompts you to enter a secret number you get from the Google Authenticator App on your smartphone. To make as secure an environment as you can, ensure that the latest version of WordPress is installed as well.
“Do this and you’ll be ahead of 99% of sites out there and probably never have a problem,” Mullenweg writes to assure 64 million WordPress users.
Last month we wrote about a flaw in Microsoft’s Internet Explorer that could allow cybercrooks to take control of a Windows-based computer if the user browses to a malicious website. The website making news for that attack was the US-based think tank, the Council on Foreign Relations (CFR). Avast Virus Lab has since discovered that two Chinese human rights sites, a Hong Kong newspaper site, a Russian science site, and weirdly, a Baptist website (see the recent tweet) are also infected with the Flash exploit of IE8.
You can imagine the interesting audience that frequents sites such as these. The CFR, for example, attracts high ranking government officials including former presidents and secretaries of state, ambassadors, journalists, and leaders of industry. These sites were chosen on purpose; instead of targeting the general masses, like in a phishing attack, the perpetrators of a so-called “watering hole attack” target specific topics like defense or energy and lie in wait for persons of interest to visit, similar to a predator at a watering hole waiting for its victims to come to it. Read more…
See update below
For the past three Tuesday mornings, DDoS (distributed denial of service) attacks have caused online outages at major U.S. banks, including Bank of America, Chase, Wells Fargo, U.S. Bank and PNC. The attacks end by Friday afternoons. A DDoS attack causes the site or service to be temporarily unavailable by flooding the targeted website with traffic until the site’s servers are overloaded. Yesterday, customers started reporting on SiteDown that they were having trouble accessing the Wells Fargo and Bank of America websites.
The banks that experienced outages have confirmed that no sensitive financial information or personally identifiable information about customers was exposed, supposedly because the attacks were motivated by politics, not fraud.
A hacktivist group called “Cyber fighters of Izz ad-din Al qassam” are taking credit for the attacks, but experts say that this group has not historically been affiliated with hacktivism. The variety and scale of the attacks have experts doubting that the group was involved, citing the massive bandwidth used in the attacks.
Collaboration among banking institutions, online-banking platform providers, other vendors, industry associations and the government, has been stronger than ever because of these attacks, reports BankInfoSecurity. “There definitely seems to be more of a community effort for the first time here to address this issue. And now we are seeing a real-life situation where we’ve had to pull together and be prepared,” says a security and fraud executive at a $4 billion banking institution in the U.S. who wishes to remain unidentified.
Early warnings about attacks aimed at these institutions were issued by the FBI and the FS-ISAC benefiting the entire industry. However, there is criticism that banks have not done enough to communicate with consumers about what is causing the outages. They might be legally barred from releasing details, however, since an ongoing investigation is in progress. The best you can expect is a “Sorry for the inconvenience.”
At this point it doesn’t appear that the DDoS attacks put your money in danger besides being unable to access your account for periods of time. Once you can access your bank’s website, check the security of your account. For those of you wanting to take precautions when conducting online financial transactions, Avast offers extra protection to keep your transactions private. Avast! SafeZone (available in avast! Pro Antivirus and avast! Internet Security) creates full desktop isolation so that other applications don’t see what’s happening – perfect for secure banking or online shopping– and leaves no traces once it’s closed. Check out the Deal of the Week for savings on our premium protection.
Update, October 12: Regions Bank was attacked today and Capital One and SunTrust were hit earlier this week. Izz ad-din Al qassam, the group taking credit for the attacks, warned about them in advance, saying it expects to spend the weekend developing plans for more attacks next week. The group claim the reason behind all this mischief is because of a YouTube movie trailer believed by the group to be anti-Islam. If the group repeats their established pattern, banks could expect more attacks next Tuesday, Oct. 16. No fraud activity has been reported by the banks.
While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.