- Ransomware (3)
- Cybercrime (7)
- Internet Safety (6)
- Best Practices (11)
- Downloading (2)
- Apps (11)
- Passwords (4)
- Identity Theft (5)
- Financial Aid (4)
- Spyware (5)
- Facebook (11)
- Social Media (11)
- Apple (8)
- Online Shopping (4)
- Amazon (2)
- Privacy (23)
- Phishing (12)
- MFA (3)
- LastPass (6)
- Wi-Fi Networks (3)
- Malware (2)
- Security Awareness (3)
- Cybersecurity Careers (1)
- Breach (12)
- Spoofing (4)
- Fraud Prevention (3)
- Keylogging (3)
- Personal Identifiable Information (24)
- Catphishing (1)
- Microsoft (2)
- Mobile Device Management (4)
By Lindsey O'Donnell | threatpost.com
Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.
A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information.
The scam centers around Instagram’s labeling of verified accounts, which indicates that the account user is a public figure, celebrity or global brand with blue checkmark. The exclusive status is highly desirable for Instagram users – and scammers are looking to take advantage of that with a new phishing scam aimed at the social media users, according to researchers.Read More
UPDATE: 6/25/19 -- This implementation has been postponed until further notice.
UCLA is continuously looking out for your cyber safety. One of the ways we are increasing cyber safety is blocking known malicious threats on the VPN and Wi-Fi networks, effective June 17, 2019.
Why is UCLA implementing this now?
In the recent years, cyber security has become a forefront concern for everyone. Cyber-attacks are a daily threat, and implementing blocking will help safeguard devices and networks by preemptively stopping a malicious threat before it can infect a system. At UCLA, your online security and privacy is paramount to our core beliefs. We want to continue to provide your online experience, and ensure that all your devices are protected while connected to UCLA.Continue Reading
By Tara Seals| threatpost.com
Automatic invite notifications are spreading malicious links.
A sophisticated cyberattack is targeting Gmail users through fraudulent, unsolicited Google Calendar notifications.
The campaign takes advantage of a common default feature for people using Gmail on their smartphone: Calendar invites automatically pop up on phones, prompting users to accept or decline them.
The message is shocking and uncomfortable, threatening Stuart with the release of truly embarrassing material if he doesn’t pay hackers thousands of dollars in Bitcoin. Trying to control his destiny, Stuart discusses the email with his boss – but it might not actually be what it seems.
By Lindsey O'Donnell | threatpost.com
After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy. Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers.
According to a Thursday Motherboard report, Snap touted several internal tools enabling employees to access Snapchat users’ personal data. One such tool, dubbed SnapLion, was originally created to help collect data in response to law enforcement requests via court orders. However, several internal emails obtained by Motherboard showed several employees abused this capability, with one Snap employee looking up an email address for an account outside of a law enforcement situation, for instance.
By Dennis Fisher| duo.com
Enterprises that use Google’s G Suite for email will soon see a significant change in the way the system handles sensitive messages. In late June, Google will turn on a feature by default called Confidential mode that prevents recipients from forwarding, copying, or printing the messages and allows senders to set expiration times for their emails, as well.
Confidential mode for G Suite has been available in beta for a few months now, but on June 25 Google plans to make it the default setting for all enterprise customers. Administrators still will have the option to disable Confidential mode if they choose, though. In practice, Confidential mode enables people to send messages that don’t actually contain text in the body. Instead, each message contains a link to the content, including any attachments.
Still a little new at his job with a large, widely-followed company, Chris feels like he has a bit to prove.
This drive leads him to make a few social forum and social media posts detailing non-confirmed company information. Now he must face the consequences of his actions and learn the meaning of his team’s data classification policies.
The hackers have a plan, a way to bypass a large company’s MDM, or Mobile Device Management, software to gain access to their sensitive data.
Using inside contacts, custom servers, and text message phishing, they can get everything that they want – as long as the mobile devices in question haven’t had their software and anti-virus kept up-to-date.
By Tiffany Hsu | nytimes.com
The punch cards stuffed in your wallet know next to nothing about you, except maybe how many frozen yogurts you still need to buy to get a free one.
But loyalty programs, as they shift from paper and plastic to apps and websites, are increasingly tracking a currency that can be more valuable than how much you spend: personal data. As a result, the programs know things about you that some of your friends may not, like your favorite flavor (mango), when your cravings strike (early afternoon) and how you pay (with your Visa), in addition to billing details and contact information.
Hackers are in close pursuit.
Some criminals use stolen credentials to impersonate customers, breach loyalty profiles and then tap into separate accounts. Others deplete balances or sell points on dark web marketplaces. One hacked Southwest Airlines rewards account with at least 50,000 miles was advertised for $98.88, according to the cloud security company Armor.
By Dan Goodin | arstechnica.com
Attacks used app's call function. Targets didn't have to answer to be infected.
Attackers have been exploiting a vulnerability in WhatsApp that allowed them to infect phones with advanced spyware made by Israeli developer NSO Group, the Financial Times reported on Monday, citing the company and a spyware technology dealer.
A representative of WhatsApp, which is used by 1.5 billion people, told Ars that company researchers discovered the vulnerability earlier this month while they were making security improvements. CVE-2019-3568, as the vulnerability has been indexed, is a buffer overflow vulnerability in the WhatsApp VOIP stack that allows remote code execution when specially crafted series of SRTCP packets are sent to a target phone number, according to this advisory.
WSU to pay up to $4.7 million for data theft involving 1.2 million people. Breaches that involve health data generally will cost you more. Asia Fields reports:
Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more.
In a settlement approved in King County Superior Court on Thursday, the university agreed to pay up to $4.7 million in cash reimbursements, attorneys fees and administrative expenses. On top of that, the university will pay for two years of credit monitoring and insurance services for up to 1,193,190 people, according to the settlement agreement.