1:M Cyber Security News 3/21/22

Greetings everyone,

I wanted to send some interesting updates in the world of security, as there have been. Lot of things going on for sure, and I hope you are all keeping safe online.

The conflict in Europe has prompted a global effort to support the people of Ukraine. Unfortunately, scammers also use these times of conflict and tragedy to take advantage of those wanting to help.
As such, it is important to still practice prudence with charities, so that we do not fall victim to these scammers. Below are a few tips that can assist:

* Never click on unsolicited donation links that come via email, text message or social media
* Search the name of the charity and “scam” or “fraud” in Google, to see if anyone has previously reported them. You can check what https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams#research are saying about that organization.
* Be wary of any ‘pop-up’ Ukrainian charities. It’s always safer to donate through official, trusted organizations. Do so by navigating directly to their website in your browser, rather than via any links sent to you.
* It’s advised not to send donations via cryptocurrency, as it is difficult to determine who truly owns the cryptowallet receiving the funds. Whenever possible, always pay with credit card.

There have also been questions around whether regular people around the world could be affected by the current crisis. Right now, there is a lot of active cyber attacks, and tit-for-tats between the West and Russia, but so far these are related to critical infrastructure, government, media, and the financial sector (there is a tiny risk of malware ‘spillover’ (which happened in Ukraine in 2017 and affected many companies, but I am not concerned about this for us right now) I will be monitoring the situation closely, to see if things change, but please continue to practice the usual & healthy cyber paranoia, for unrelated cyber attacks.


For those that might be worried someone is stalking them on their computer or phones, or are a victim of domestic abuse, please read this article. It gives very good advice on how to kick stalkers out of your devices:
* https://www.consumerreports.org/digital-security/shut-stalkers-out-of-your-tech-a6642216357/



This IS A HUGE DEAL for Internet security: Beginning in April, MS Office macros will be disabled by default in files downloaded from the internet. This is one of the most popular methods hackers use to get onto your system, so turning this off by default will be a big blow to them. As always, don’t trust anything from the Internet, especially a MS file asking you to enable macros:

* https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
* https://mobile.twitter.com/campuscodi/status/1490755169071636481



A nice write up on the benefits of Credit Freezes vs Credit Reports, which as you know by now, I highly recommend the Freeze.

Keep in mind, the first step in avoiding identity theft, or stopping the damage, is placing a fraud freeze on your credit report. This makes it harder for a thief to open new credit in your name, and lets you get free copies of your credit report from each of the three credit bureaus. Next, read through your reports and note any accounts or transactions that don’t belong. Then, go to IdentityTheft.gov for more information on how to be helped.

* https://consumer.ftc.gov/consumer-alerts/2022/02/credit-freeze-or-fraud-alert-right-you


A recently discovered FBI training document shows that US law enforcement can still gain limited access to the content of encrypted messages from secure messaging services like iMessage, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. And a lot of has to do with chat backups into the cloud (which I personally disable anyway)

* https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/



Privacy-focused search engine DuckDuckGo, which I recommend in my the training, has offered a first look at its forthcoming desktop “browsing app” that promises simple default privacy settings. It says it will be much more private than Chrome, and even Brave, because they will be creating their own internal engine, rather than using Google Chromium engine that most browsers are based on. This is one to watch for sure:

* https://www.zdnet.com/article/now-duckduckgo-is-building-its-own-desktop-browser/



This is how shady scammers can be, by pretending you just picked up Covid from a coworker as a ploy to get your machine infected by malware: Shame on them:

* https://mobile.twitter.com/alex_lanstein/status/1473711501059964943



A nice breakdown of the major 2FA authentication apps. I personally recommend Authy or one included with LastPass or 1Password password managers, but many others are good also:

* https://www.kaspersky.com/blog/best-authenticator-apps-2022/43261/


The new features in Android 12 from Google has included a bunch of privacy and security additions, such as Privacy Dashboard, checking Microphone & Camera sensors, and being able to delete your Advertising ID for your device:

* https://www.wired.com/story/android-12-privacy-settings-updates/


The New Apple iOS Privacy Report is also cool, and gives you lots of transparency into which of your downloaded apps are accessing your microphone/camera/location, as well as other website traffic on your phone.

* https://www.wired.com/story/ios-15-app-privacy-report/




Leave a Reply