Remember when you used to make sure you were home at a certain time so you wouldn’t miss your favorite TV show? That was called “appointment television”, and those of you old enough to remember watching The X-Files or Friends when they originally aired know what I’m talking about. But, with the new USA Network show, Mr. Robot, it feels like those days are back again. Sure, I have my DVR set to record, but I will definitely watch it live. Since all my buddies are watching too, I will be itching to talk about it the next day.
Avast’s new Hack Chat video series brings back that around-the-watercooler discussion. Watch our debut episode here (10:13).
Avast Hack Chat: Episode 1 “Hello Friend” Program Notes
In episode 1 of Avast Hack Chat, host Ariana welcomes special guest, security researcher and software developer, Pedram Amini.
One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.
The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”
Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.
We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.
But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.
So how do you minimize the risk of online shopping?
Here’s your wrap up of security and privacy related news from the June 17 – 27 posts on the Avast blog:
It’s summertime in the Northern Hemisphere and many people are going on or planning their vacation. Beware of fake vacation packages and beautiful rental properties that are not as they seem. These Vacation scams can ruin your holiday, so read up before you become a victim.
More than 600 million Samsung phones were reported to be at risk because of a vulnerability found in the keyboard app SwiftKey. The best way to protect yourself is to use a virtual private network (VPN) when using an unsecured Wi-Fi hotspot. If you have a Samsung S6, S5, or S4, you need to read Samsung phones vulnerable to hacker attack via keyboard update.
Cybercrooks run their organizations like businesses these days. They have multinational offices, marketing departments, business development, and technical support teams. Maybe they also need some security…
Malware entrepreneur sentenced to 57 months in prison
One such malware entrepreneur, Alex Yucel, sold malware through a website that he operated, to other hackers. The Blackshades malware allowed hackers to remotely control their victims’ computers. They could do such things as log the victim’s keystrokes, spy through webcams, and steal usernames and passwords for email and other services. They could also turn their computers into bots which were used to perform Distributed Denial of Service (DDoS) attacks on other computers, without the knowledge of the victim.
Manhattan U.S. Attorney Preet Bharara said: “Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing – gain control of a computer, and with it, a victim’s identity and other important information. This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.” See the Department of Justice press release here.
Yucel sold the software for as little as $40 on PayPal and various black market forums. Read more…
For as long as there have been governments, there have been spy agencies, and for as long as there have been spy agencies, they’ve done spying. Spy agencies are always looking for ways to get information. Information is valuable, always has been, always will be. ~Avast CEO Vince Steckler
New documents from the many that were leaked by former US intelligence analyst Edward Snowden were published this week in The Intercept. They reveal that the U.S.’s National Security Agency (NSA) and its British counterpart, Government Communications Headquarters (GCHQ), spied on security companies including Avast, AVG, Kaspersky Lab, and Antiy. The spy agencies seem to be targeting non-American security companies; Avast and AVG are based in Prague, Czech Republic; Kaspersky is based in Moscow, Russia; and Antiy is Chinese. Together, these companies have nearly a billion users. No U.S. or U.K. -based companies were included in the list.
“Geopolitically, it makes sense that the NSA and GCHQ are targeting products that are prevalently used by foreign governments, like Kaspersky in Russia or CheckPoint in Israel,” said Steckler in an interview with RT News. “On the flip side, Russian or Chinese spy agencies may be similarly targeting products that the American government heavily uses, for example Symantec and McAfee. We’re hearing just one side of the story.”
Do you dream of lounging with an umbrella drink on a sunny beach, hiking by a pristine lake in the cool mountains, or leisurely strolling through a world class museum? As you begin to make summer vacation plans, much of it planned and reserved via the Internet, here are a few scams to be aware of:
Fake vacation rentals
Private vacation rentals are growing in popularity and it’s easy to find one these days through portals like Airbnb, HomeAway, and Craigslist. A typical scam starts with attractive pictures of a property in a desired location. The phony landlord, who is really a scam artist, requires an up-front deposit on the rental that is typically sent by wire transfer. When the happy family arrives at the destination, it either doesn’t exist, it’s not at all like it was described, or it is not available for rental. It may even belong to someone else, who lives there and has no knowledge of the transaction.
How to protect yourself from vacation rental scams
Don’t be fooled by pretty pictures. Photoshop is amazing and an artist can do all kinds of tricks with it. Ask the property owner to send you additional photos. You can even look it up on Google’s Street View to make sure the property and address actually exists.
Many of the Wi-Fi hotspots you use in your hometown and when you travel have major security flaws making it easy for hackers to see your browsing activity, searches, passwords, videos, emails, and other personal information. It’s a public Wi-Fi connection, meaning that you are sharing the network with lots of strangers. Those strangers can easily watch what you’re doing or steal a username and password to one of your accounts while you sip your latte.
An easy and affordable way to maintain your security whenever you use free Wi-Fi is to use a virtual private network (VPN). It sounds techie, but Avast has made it simple.
A VPN service, like our SecureLine VPN, routes all the data you’re sending and receiving through a private, secure network, even though you’re on a public one. That way, SecureLine makes you 100% anonymous while protecting your activity.
Forget about shoplifting or painting graffiti on the wall at midnight. Opportunistic teens are turning to cybercrime to get their kicks these days.
A 14-year old boy in Florida was recently arrested and charged with a felony offense for unauthorized access against a computer system. The 8th grader said he was playing a prank on his teacher when he used the teacher’s administrative password to log onto a school computer and changed its desktop background to an image of two men kissing. The password was the teacher’s last name, and the prankster said he figured it out by watching the teacher type it in.
We have had a busy month with multiple announcements important to Avast customers and company-watchers. Here’s the quick rundown in case you missed it.
Avast SecureMe will launch in the next month or so to protect the new Apple Watch, as well as iPhones and iPads, when connected to unsecured Wi-Fi. That’s sure to make Apple gadget freaks happy. Read Avast SecureMe Protects Apple Watch Wi-Fi Users.
Windows 10 is scheduled to launch in July, and Avast is ready. Avast version V2015 R2 and newer are already compatible with Windows 10. Read Latest versions of Avast compatible with Windows 10.
Your router is one of the weakest links in your security, and researchers have proven once more that your home router puts you at risk.
Sixty security flaws have been identified in 22 router models that are distributed around the world, mostly by ISPs to their customers. These flaws could allow hackers to break into the device, change the password, and install and execute malicious scripts that change DNS servers to those the attacker wants. They do this so they can send your traffic through servers they control and direct you unwittingly to malicious sites or load malicious code on your machine when you visit a legitimate site.
Other flaws include allowing the hackers to read and write information on USB storage devices attached to the affected routers and reboot the devices.
The research report describes how the attackers can get in – through a backdoor with a universal password that is used by the ISP’s technical support staff to help troubleshoot for their customers over the phone. This second default administrator access is hidden from the router owner.