Password & Digital Identity/Privacy News

Ransomware Targeted by New Justice Department Task Force

The Justice Department has formed a task force to curtail the proliferation of ransomware cyberattacks, in a bid to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them.

In an internal memorandum issued this week, Acting Deputy Attorney General John Carlin said ransomware poses not just an economic threat to businesses but “jeopardizes the safety and health of Americans.”

The top keywords used in phishing email subject lines

In recent months, hacking groups have brought critical aspects of U.S. infrastructure to a halt, and phishing is a popular tool in cybercriminal’s seemingly ever-expanding armamentarium of attack methods. On Wednesday, Expel released a report, highlighting the top keywords used in phishing attempt subject lines. Based on the findings, employees may need to be particularly wary of the seemingly innocuous emails in their inboxes.

International law enforcement take down DoubleVPN service allegedly used by ransomware gangs

The VPN service was shut down on Tuesday as officials from the US, Canada, and several European countries seized servers and websites around the world belonging to DoubleVPN, according to Europol, the European law enforcement coordinating agency. Visitors to the company’s website are now greeted by a government takedown notice.

IT, healthcare and manufacturing facing most phishing attacks: report

The company’s researchers examined more than 905 million emails for the 1H 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails.

Americans lost over $3 billion to credit card fraud in 2020: How to spot it and keep your money safe

Concerns about cyberattacks are rampant after last month’s Colonial Pipeline ransomware attack, which after last month’s Colonial Pipeline ransomware attack, which cost the company $5 million and drove up gas prices. But cyberhacks and data breaches don’t just happen to big banks and corporations: Scams target individual people, too, and put sensitive financial information at risk.

Credit card fraud, in particular, has been taking off. Fraud reports surged by 107% from the first quarter of 2019 to the fourth quarter of 2020, according to data from the Federal Trade Commission. Consumers lost a staggering $3.3 billion last year alone, up from $1.8 billion in 2019.

DuckDuckGo’s Quest to Prove Online Privacy Is Possible

DuckDuckGo is on a mission to prove that giving up one’s privacy online is not, in fact, inevitable. Over the past several years, it has expanded far beyond its original search engine to provide a suite of free privacy-centric tools, including a popular browser extension, that plug up the various holes through which ad tech companies and data brokers spy on us as we browse the internet and use our phones. This year it will roll out some major new products and features, including a desktop browser and email privacy protection. And it will spend more money than it ever has on advertising to get the word out. The long-term goal is to turn DuckDuckGo into an all-in-one online privacy shield—what Gabriel Weinberg, the company’s founder and CEO, calls “the ‘easy button’ for privacy.”

This is how fast a password leaked on the web will be tested out by hackers 

Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible.

Cybersecurity researchers at Agari planted thousands of credentials – that were made to look like they belonged to real users, but were in fact of under the control of the researchers – onto websites and forums popular for dumping stolen usernames and passwords.

Europe’s data privacy rules could turn out to be very expensive for everyone, says Facebook

The EU is tightening its grip on the transfer of personal data outside of the bloc, but according to Facebook, the European drive to protect privacy could come with unexpected – and costly – consequences for businesses and citizens alike. 

The social media platform has published a new piece of research that it commissioned to economists from Analysis Group, which attempts to quantify exactly how much money could be lost if some organizations were suddenly unable to transfer personal data outside of the EU. 

Apple WWDC 2021: iOS 15, new MacBook Pros, and what else to expect

 

Apple’s annual developer extravaganza, the Worldwide Developers Conference (WWDC), is coming up fast, kicking off with the keynote presentation on June 7th at 1PM ET. Like last year, WWDC will be an entirely digital and online-only event due to the COVID-19 pandemic, and for the keynote, that means we can likely expect another tightly produced video highlighting everything Apple has in store.

The Biden administration is responding to the growing threat of ransomware attacks with a vigor and seriousness unparalleled in the government’s decades-long battle against hacking.The response to the wave of costly and disruptive attacks — in which hackers lock up victims’ computers and demand payment to free them — involves nearly every facet of the federal government. It was spurred most recently by high-profile ransomware attacks against the energy and food sectors but also by a drip, drip series of hits on schools, hospitals and local governments that collectively demonstrate an unacceptable level of vulnerability across the nation’s vital infrastructure. 

Online fraud attempts are up 25% in the US—here’s why

From identity theft to phishing attempts, the number of digital fraud attempts in the U.S. is up 25.07% in the first four months of 2021, compared to the last four months of 2020. 

TransUnion defines digital fraud as any online scams or fraudulent transactions. That includes schemes where fraudsters attempt to steal personal information through social media networks and online sites and phishing attempts, which occur when cyber criminals send fake emails to you that either attempt to retrieve personal information or infect a device with malware.

The first part of the new section explains that TikTok may collect information about the images and audio that are in users’ content, “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.

Survey reveals businesses fall short of consumer expectations for login experience

The study, conducted by Auth0 and YouGov, found that most organizations fail to meet consumer expectations around login technology, highlighting how a login box can impact the user experience of a brand.

Mining for bitcoin and other cryptocurrencies is typically done by companies that own massive server farms operating outside of the United States. But cybersecurity firm NortonLifeLock is hoping to bring mining to your desktop.

What businesses need to know about cybersecurity challenges

In December 2020, U.S. national security officials made a shocking announcement: the American government had been hacked. The cyber attack, which was attributed to a nation state actor that had leveraged a backdoor in network monitoring software, comprised a range of federal agencies and critical infrastructure. Even today, the scope of the breach remains unclear.

Sen. Ted Cruz of Texas advised Sen. Richard Blumenthal of Connecticut on Tuesday that he should change his iPhone passcode after Blumenthal held his phone up to the camera and entered it on live television.

WhatsApp Is Suing The Indian Government To Protect People’s Privacy

Messaging service WhatsApp is suing the Indian government in the Delhi High Court, challenging new rules that would force it to break its encryption, potentially revealing the identities of people who had sent and received billions of messages on its platform, a WhatsApp spokesperson told BuzzFeed News.

Big changes are afoot in the ad-sponsored web, and the browser has become a key battleground for end-user privacy. While Chrome is by far the most widely used browser in the world, there are alternative browsers and ways to improve your privacy when using Chrome.

Facebook-backed Jio leaked trove of coronavirus app data because it didn’t have a password

A security lapse in Reliance Jio‘s coronavirus symptom checker exposed the results of millions of folks who took the tests. As first reported by TechCrunch, while the data was largely anonymized in nature, bad actors could’ve taken advantage of it and published all the information.

A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.

Passwords suck. They’re hard to remember, hackers exploit their weaknesses and fixes often bring their own problems. Dashlane, LastPass, 1Password and other password managers

But there are ways that you can be proactive and take measures to ensure safety across all of your smart devices. From VPNs to password managers, all of these top-rated and award-winning programs help ensure you are online banking, web surfing, phone calling, data storing and creating passwords as securely as possible. As a bonus, all of them happen to be on sale, too.

Your Notes App Could Be Giving Away All Your Secrets

The last few months have been littered with high-profile webcam security breaches, with creeps on the internet hacking into live feeds and even talking directly to children. A lot of the stories have revolved around Amazon Ring products, but some Google Nest owners were recently hit by a ‘sextortion’ scam too.

Consumers Would Sell Their Data, Online Privacy For Monthly Fee

Clearview AI, The Company Whose Database Has Amassed 3 Billion Photos, Hacked

Clearview AI, the company whose database has amassed over 3 billion photos, has suffered a data breach, it has emerged. The data stolen in the hack included the firm’s entire customer list–which will include multiple law enforcement agencies–along with information such as the number of searches they had made and how many accounts they’d set up. 

 

Facebook Dating delayed in Europe over data privacy concerns

Facebook Dating, the company’s in-app dating feature, was initially set to roll out to European users on February 13, the day before Valentine’s Day. However, the rollout has since been delayed to an unknown date after privacy regulators raised concerns about Facebook Dating’s compliance to new data privacy rules in the European Union.

A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.

 

Google to tell you if any of your passwords have been hacked, here’s how to use the feature

Every year, February 11 is celebrated as Safer Internet Day. To mark this day, tech giant Google has shared a password checkup feature that can help users to test how strong or weak their passwords are on variety of parameters.

Facebook employees reportedly feel guilty that the company didn’t fix a known security risk fast enough 

Facebook was repeatedly warned about a security risk that was taken advantage of in a hack involving 50 million accounts in 2018, and failed to fix it in time, according to a report by the Telegraph’s Laurence Dodds.

 

Security News This Week: Pro-trump Trolls Flooded the Iowa Caucus Phone Lines

The week kicked off with the Iowa caucuses, which went very poorly, in so many ways! We’ll talk about a few of them below, but the main takeaway is that adding unvetted technology to the voting process—or anything—rarely makes things better. Other states, please take note! Actually, Nevada and New Hampshire already have. It’s a start.

Chinese Government Hackers Charged With Massive Equifax Hack

Four members of the Chinese military have been indicted over the huge hack of credit agency Equifax, which led to the personal data of nearly 150 million Americans’ information being stolen in 2017

 

Indian Cops Have Been Asked to Spy on Students’ WhatsApp Groups

This series of directives were given out at a recent annual conference in Pune, which was attended by top police officers from across India, and addressed by Prime Minister Narendra Modi

Scotland makes inroads in digital identity project

The Scottish government has reported progress in its digital identity service project, as it moved into a 10-week development and testing cycle of a prototype.

Most Android phones can be hacked via Bluetooth right now: What to do

Hey, Android users: You might not want to use Bluetooth in public for a while, because there’s a serious flaw that could let anyone within Bluetooth range — say, in a subway car, on a busy street or in a parking lot — wirelessly hack your device without your knowledge.

Can You Trust DNA Companies With Your Data?

It’s pretty remarkable that DNA tests are a normal part of life in the 21st century. For a reasonable fee you can learn all about your ancestry and genetic traits. Of course, mailing saliva to a tech startup so they can analyze your DNA also sounds like a dystopian sci-fi movie. How safe is it to trust these companies with your genetic data?

How to Stop Reusing Passwords for Good

Take a moment to consider how much of your life is happening online: shopping, ordering food, banking, booking travel—even just talking to friends! The average person has gone from having a few accounts to over 150. And because each activity has its own login and “unique” password (or really just some variation of p@ssw0rd or Pa$$woRd?), online life has become a lot less convenient, and more like an infinite loop of forgotten password clicks.

Google Chrome’s password protection will alert you if your accounts have been hacked

Basically, Google’s browser will now let you know if any of the sites you log into using your Google credentials have been compromised. Given that data breaches and hacks are happening every other week nowadays it’s a case of when rather than if your details get exposed.

 

 

This Crafty Malware Makes You Retype Your Passwords So It Can Steal Them

Detailed by cybersecurity researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico.

6 Simple Steps for Hardening your WordPress Security

Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks.