Posting a privacy notice on your Facebook feed does nothing to keep your updates, photos, or videos private. You need to tweak the settings yourself.
You may have noticed a legal-sounding statement being shared on people’s Facebook News Feed lately. As we explained in the blog, Posting a privacy notice on Facebook is useless, this statement does nothing to protect users’ privacy. However, it’s great that Facebook users are concerned about these things – it demonstrates a leap forward in awareness and a desire to protect yourself. That’s why we are sharing the three major areas you need to be aware of when it comes to protecting your privacy:
- 1. Your posts
- 2. Your profile
- 3. Your apps
Your posts control who can see what you share when you post from the top of your News Feed or your profile. This tool remembers the audience you shared with the last time you posted something and uses the same audience when you share again unless you change it.
Your profile includes information about you like Work and Education, Places You’ve Lived, Family and Relationships, etc. To see how others view your profile, go to your profile and select View As… on the menu in the lower right corner of your cover photo. If there is information that you don’t want the world to see, then click Update Info at the bottom of the cover photo of your profile to make sure it’s up-to-date and shared with who you want.
Your apps are what you’ve logged into with your Facebook identity. More and more websites and applications, including Avast, are allowing you to do that, because it’s more convenient than creating a new username and password.
When you choose to use your Facebook information to log in, you are also sharing personal information from your Facebook account with the other website. Third party websites can also sometimes post updates to your wall on your behalf. You can edit who sees each app you use and any future posts the app makes for you, or delete the apps you no longer use. Edit your apps by going to your App Settings.
You can view other settings at any time in your Privacy Settings. Or click the padlock icon located in the top right corner.
Use Social Media Security in your Avast account
Every Avast customer has access to our Social Media Security check via your MyAvast account. You can secure your Facebook profile with:
- 24/7 check of all posts
- Protection from dangerous links and viruses
- Monitoring of all photos, friends, and activities
Here’s what you do:
- 1. Go to your my.avast.com account. Your Avast Account is created automatically from the email account entered for any Avast GrimeFighter purchase or Avast Free Antivirus registration. Here’s instructions on our FAQ if you don’t have an account.
- 2. On the bottom left side of the main screen, you will see Social Media Security. Click the blue button to begin a scan. (You may need to connect your Facebook account first.)
- 3. After the scan is complete, Social Media Security will show you all the issues that it found. You can choose to review each of those issues and disregard if it’s OK, or manage the settings within Facebook.
Other variations have come through in the past few days with legal-sounding statements, like this:
“In response to the new Facebook guidelines, I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, professional photos and videos, etc. (as a result of the Berner Convention)….”
The good news is that Facebook users are becoming more aware of privacy issues, and they seek a way to control their own shared media. The bad news is that this notification has no legal standing at all, you are bound to the terms and conditions that you agreed to when you signed up with Facebook, and you are annoying your friends.
The truth is that YOU own all of the content and information you post on Facebook, and YOU can control how it is shared through your privacy and application settings. If you neglect to look at those settings, you grant Facebook a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any content that you post on or in connection with Facebook.
In tomorrow’s blog, we will share the top 3 areas in Facebook where you need to make sure the privacy is set to your liking.
Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.
Internet of (Every)Thing at risk
The “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.
We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person. But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, cybercrooks will feel the space out probably starting with adware uploaded on our smart TVs.
What to keep your eye out for
- New technologies and businesses around the IoT including
- Increased demand for low cost bandwidth and processing
- Expansion of infrastructure that carries Wi-Fi traffic
- Start-ups focused on communication and sensors between devices, storage, data analytics
- Home and factory automation
- The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere
Room for improvement
- Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
- The fractured ecosystem will make it harder to identify threats or protect against security exploits.
- Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.
Social media world
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.
Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.
Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.
What to keep your eye out for
- Continuation of scams associated with important events like celebrity gossip or sporting events.
- Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
- More fraudulent and malicious ads will appear on social networks.
- Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.
Room for improvement
- Cut back on sharing too much on social media and through Internet of Things devices.
- Adjust privacy settings in each social network.
At the end of September 2014, a new threat for the Linux operating system dubbed XOR.DDoS forming a botnet for distributed denial-of-service attacks was reported by the MalwareMustDie! group. The post mentioned the initial intrusion of SSH connection, static properties of related Linux executable and encryption methods used. Later, we realized that the installation process is customized to a victim’s Linux environment for the sake of running an additional rootkit component. In this blog post, we will describe the installation steps, the rootkit itself, and the communication protocol for getting attack commands.
Installation Script & Infection Vector
The infection starts by an attempt to brute force SSH login credentials of the root user. If successful, attackers gain access to the compromised machine, then install the Trojan usually via a shell script. The script contains procedures like main, check, compiler, uncompress, setup, generate, upload, checkbuild, etc. and variables like __host_32__, __host_64__, __kernel__, __remote__, etc. The main procedure decrypts and selects the C&C server based on the architecture of the system.
In the requests below, iid parameter is the MD5 hash of the name of the kernel version. The script first lists all the modules running on the current system by the command lsmod. Then it takes the last one and extracts its name and the parameter vermagic. In one of our cases, the testing environment runs under “3.8.0-19-generic\ SMP\ mod_unload\ modversions\ 686\ “, which has the MD5 hash equal to CE74BF62ACFE944B2167248DD0674977. Read more…
For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.
So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.
Data breaches will continue
Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.
What to keep your eye out for
- Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
- Increase in phishing and social engineering attacks on employees of big companies in order to break in.
- Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
- More revelations that governments and even companies are using cyber attacks against each other.
- Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
- Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
- Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
- Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
- Consumers and companies should update from the old, vulnerable Windows XP.
Mobile is attractive to cybercrooks
Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information. Read more…
In last night’s broadcast of the Sugar Bowl, a showdown of two power-house college football teams in the USA, Allstate Insurance, aired a series of brilliant commercials about the risk of over-sharing on social networks. The social media team at Avast has been preaching this message for a while now, so we were happy to see this clever series of advertisements.
The ads are about a couple who shared on social networks that they were away from their house, actually attending the game. Allstate’s “Mayhem” character took advantage of this knowledge and broke into their unoccupied house, and proceeded to have a “MayhemSale” of all their possessions. “Buy Matt & Shannon’s stuff now at MayhemSale.com,” he announced, then soon after took to Twitter to sell off items one-by-one. I immediately visited the website, but apparently there were so many other interested people, that it kept crashing.
— Mayhem (@Mayhem) January 2, 2015
Burglars can easily search Facebook or Twitter for targeted keywords or see who has checked into airport lounges on Foursquare. According to FBI statistics, summertime is the most active for burglaries and oversharing can tip off thieves to your absence. Homeowners should be extra vigilant about protecting their goods.
Our advice – be extremely cautious what you share on social media, and wait until after you are back to share your vacation pictures.
From our headquarters in Prague, Czech Republic to our offices in the USA, Germany, China, and South Korea, all of us at Avast Software wish you love, laughter, and peace in 2015.
Looking back on 2014, we are grateful for the trust that our 220 million customers have placed in us. We thank you for your loyalty and for sharing Avast with your friends and family. We appreciate your support, your suggestions and feedback (even when it’s not so good ), the way you help others on our forum and social channels like Facebook, Google +, and Twitter, and especially when you write us with your stories of how Avast saved the day for you.
As we enter this new year, we promise to bring you the best security products for your home network, your business, your PCs, Macs, and Android devices, that we can. We will stay on top of new threats and contain the old ones that keep coming back to plague us. We will strive to keep your trust, but most of all, to keep you and your important data and hardware save from harm.
So raise your glass with us, and join us for our 2015 wish.
Peace. Love. Security. ~ from Avast
[AUDIO VERSION: This is an audio version of this blog post. Click below to listen.]
During the Christmas holidays, my mother received this email from a well-meaning friend. Since her daughter works for the most trusted security company in the world, she immediately asked me about the authenticity of the message.
Here’s the email:
Subject: VIRUS COMING !
PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!
You should be alert during the next few days. Do not open any message
with an attachment entitled POSTCARD FROM HALLMARK , regardless of who sent it to you.
It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole
hard disc C of your computer.
This virus will be received from someone who has your e -mail address
in his/her contact list.
This is the reason you need to send this e -mail to all your contacts.
It is better to receive this message 25 times than to receive the virus
and open it.
If you receive an email entitled “POSTCARD,” even though it was sent to
you by a friend, do not open it! Shut down your computer immediately.
This is the worst virus announced by CNN.
It has been classified by Microsoft as the most destructive virus ever.
This virus was discovered by McAfee yesterday, and there is no repair
yet for this kind of Virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the
vital information is kept.
COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.
REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US
This particular email has been around for years, and you have probably seen one of its incarnations. Although there are real incidents of malware being distributed via e-cards, this is a bogus, unsubstantiated hoax.
The language is quite strong – phrases like the worst virus and the most destructive virus ever are sure to get the attention of security-minded people. The problem is that the email fails to provide any authentic details to learn more about the threat, just vague announcements and classifications.
“The email doesn’t actually mention a specific virus,” said Jan Zika, an Avast Virus Lab analyst. “Sure some viruses use the “Postcard” social engineering method to trick users to click the link, but this email has been circulating for a couple of years now, and it never says which virus it is.”
The email does say what the virus can do, This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept, and it burns the whole hard disc C of your computer. Pretty scary stuff!
“No, it cannot burn anything, and no, it is not most destructive virus ever,” said Zika. His advice? “It’s best to avoid such messages unless you can confirm that the threat is real.”
Protect yourself against email hoaxes
- Keep you antivirus protection up-to-date and scan regularly for viruses and malware. Both Avast Internet Security and Avast Premier include anti-spam filters to keep your inbox free of this kind of nonsense.
- Use caution when opening attachments or downloading files. Double check that it’s from a sender you know and trust.
- Before clicking on any links or attachments, try to verify that the email came from a legitimate source. If you can’t, then don’t click.
Earlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once again hacked. A group calling themselves Lizard Squad claiming responsibility for the attacks via Twitter.
As of now, PlayStation is still offline and PSN is directing users to their @AskPlayStation Twitter account for updates.
Please follow @AskPlayStation to get the latest updates as we work to restore full network functionality.
— Ask PlayStation (@AskPlayStation) December 26, 2014
Xbox Live Status reports that its core services are running, but there is limited access to apps for IGN, Maxim, and MLG.tv.
Related article: Sony PlayStation Network down due to hacker attack
2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year.
We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified as North Korea. The Sony Entertainment attack, still being investigated by the FBI, resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was an attack on privacy due to the theft of a massive amount of personal records, but also essentially blackmail; aiming to silence something that the North Korean government didn’t like – namely the release of The Interview, a movie depicting an assassination attempt on Kim Jong-Un.
Most of the blame for state-sponsored cybercrime in 2014 has been with Russian or Chinese hackers. Whether private or state-sponsored, these hackers have attempted to access secret information from the United States government, military, or large American companies. Recently, Chinese hackers sponsored by the military were indicted for economic espionage by the U.S. Department of Justice.
Along with the Sony breach, other notable companies that suffered from cybercrime include Home Depot, eBay, Michaels, Staples, Sally Beauty Supply, and others. A significant number of these breaches were begun months or years ago, but were revealed or discovered in 2014.
Nearly 110 million records were stolen from Home Depot; the largest ever breach of a U.S retailer. The cyber-heist included 56 million payment card numbers and 53 million email addresses.
JPMorgan Chase’s data breach impacted nearly 80 million households in the U.S., as well as 7 million small- and medium-sized businesses. Cybercriminals were able to gain access after stealing an employee’s password, reminiscent of the Target breach from 2013. This breach is said to be one of the largest breaches of a financial institution. The FBI is still investigating.
Financial and data stealing malware
GameOver Zeus, called the most infamous malware ever created, infected millions of Internet users around the world and has stolen millions of dollars by retrieving online banking credentials from the infected systems.
Tinba Trojan banking malware uses a social engineering technique called spearfishing to target its victims. The spam campaign targeted Bank of America, ING Direct, and HSBC customers using scare tactics to get customers to download a Trojan which gathered personal information.
Chinese hackers were at it again, and again, targeting South Korean banking customers with banking malware using a VPN connection. The customers were sent to a look-alike webpage where they were unknowingly handing cybercrooks their banking passwords and login information.
Many of the breaches that occurred in 2014 were because of unpatched security holes in software that hackers took advantage of. The names we heard most often were Adobe Flash Player/Plugin, Apple Quicktime, Oracle Java Runtime, and Adobe Acrobat Reader.
Avast’s selection of security products have a feature called Software Updater which shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.