Another Data Breach.  Just a reminder that you cannot be to careful with your data.  More information on NBC News at the link below.

The breach could potentially be one of the largest in history, behind the hacking of about 3 billion Yahoo accounts.

Source: Marriott says data breach compromised info of up to 500 million guests

The bug affects macOS High Sierra users.

Source: Apple macOS High Sierra flaw allows admin access without password – Nov. 28, 2017

Your (Fill in name of device here) is Not immune from attack.  Even the iPhone.  There are many vectors for attacking an iPhone.  One that uses WiFi (scary) was recently patched.  Update your iOS Device now.  The iPhone is still my phone of choice and is much less susceptible to attack than say Android.  But it like any other platform is still subject to attack.  So the saying “semper vigilans” is a good rule where technology is concerned.  Don’t trust unknown sources, networks, people, devices, cables, etc.   This means Don’t let people play with your phone, don’t give out your pin, don’t connect to that Free hotspot, don’t plug into some unknown charging cable/port and ALWAYS stay up to date on your patches.  If you don’t patch the holes that the experts work so hard to plug just become a bullseye for those looking for a weakness.  Each flaw gets published and when it’s not repaired it’s almost a road map of how to compromise your device. Here are a few articles to get you started. the Register: No one still things iOS is invulnerable to malware, right? CBSNews about the WiFi Exploit: If you use Wi-Fi on your iPhone or iPad, get this security update

I remember way back to the Nimda virus.  I had a client get infected within a minute of connecting it to the internet.  He had an unpatched system and was connecting it to download the service pack that eliminated this particular exploit.  Rather than download the patch to a system that was already safe, he thought he’d save time and download it directly to the unpatched system.  The issue in his case was he was leaving shiny new bike unlocked while going into the store to buy a lock.  You might be lucky, but on the internet everywhere is a bad neighborhood. In short, DO NOT connect ANY device to the internet before you at least change it’s default password.  DO NOT connect it directly unless it itself is a firewall/router, do it behind a firewall and if you are unfamiliar with any of this call the company’s toll free support number just to be safe.  Or call us of course. Read more on this story on NetworkWorld below: IoT security camera infected within 98 seconds of plugging it in

A zero day hack has been used against a human rights activist.  In this case it was unsuccessful because rather than clicking on the link, he did what you should do, he forwarded it to security experts that uncovered the exploit. Read more about it on Network World here:  NetworkWorld iOS Zero Day Hack Found

A data breach that hit Wendy’s fast food restaurants was more than three times bigger than originally disclosed and exposed customer credit card data. The company said Thursday that malware installed in point-of-sale systems was discovered at over 1,000 of its franchised U.S. restaurants — a big jump from the “fewer than 300 stores” it said in May had been affected.

117 LinkedIn E-Mails and Passwords Cracked and for sale.  Time to change your passwords (again).  Make sure you don’t use the same passwords for different sites.  I know, it’s easier..  It’s hard to remember all of those passwords.  BUT if you do and just one site gets hacked you potentially open yourself up to all of your logins being compromised. Read more below: https://community.webroot.com/t5/Security-Industry-News/117-million-LinkedIn-email-addresses-and-passwords-put-up-for/m-p/254118   http://motherboard.vice.com/read/another-day-another-hack-117-million-linkedin-emails-and-password    

Wondering about Padlock?  You should!  It’s touted as a “Serious Flaw” in SMB variations of which are used in Linux, Windows and yes even Mac.  What does the flaw exactly do?  We don’t know that yet.  But the company that discovered the flaw has also been writing the effected code for the last decade.  So the question is…  Are they just finding one of their own mistakes now and using it as a marketing tool to draw more business.  Either way, we won’t know until the details are released on April 12th.  No word on wether or not software manufactures will have the patch available by then though.  Read more on Wired Below.

A web site and logo created to draw attention to the mysterious bug is instead drawing criticism for the people who discovered the flaw.

Source: Hype Around the Mysterious ‘Badlock’ Bug Raises Criticism

Do you feel safer now that the government can hack into your iPhone?  You shouldn’t.  1 reason is that it did not invent this hack. It was discovered by an outside company.  It is believed that it is from an Israeli firm, so not even US based.  Will the government disclose this method to Apple or the people effected by it?  Very Doubtful.  This is like having a combination lock on your front door that an unknown number of people have the code too.  Now do you feel safe?  Read more on dailydot.com below.

‘We are in this together,’ said the FBI’s letter to local cops.

Source: FBI offers its new iPhone hack to local law enforcement agencies

This is why we can’t have nice things.  lol

Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months

Source: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register