In this New York Times article they discuss FaceBook sharing your personal information with 3rd parties.  This is probably not a surprise to anyone in IT, but you may not realize how much data they share and with whom.  Two of the companies have links to the Russian and Chinese government.  You may not care if Microsoft has your info or Apple, but how do you feel about a Russian search engine being able to tell who & what you like, where you are and even possibly information in private messages.  All while trying to effect the outcome of a presidential election.  In their research the NYT finds that permissions were given above what was needed and they weren’t monitored or rescinded when there was no longer a need.  I encourage you to read more on the link below.

  Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

Source: As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants

Another Data Breach.  Just a reminder that you cannot be to careful with your data.  More information on NBC News at the link below.

The breach could potentially be one of the largest in history, behind the hacking of about 3 billion Yahoo accounts.

Source: Marriott says data breach compromised info of up to 500 million guests

The Breach didn’t compromise passwords, but was related to a secure token allowing someone to convince Facebook they were you.  It also effected some other apps that use Facebooks services. Read more on the CNet link below.

The vulnerability had to do with the social network’s “view as” feature.

Source: Facebook breach put data of 50 million users at risk

Don’t trust inbound e-mails, phone calls, texts, etc.  People will say anything to trick you out of your money.  As a rule, change your passwords often.  Protect your passwords.  Don’t share them with anyone and don’t use the same ones on different accounts.  Keep your AV up to date.  We recommend WebRoot (ask us about it).  Cover your camera when not in use as a rule of thumb too. Read more about this scam at the link below. Source: Sextortion Scam Uses Recipient’s Hacked Passwords — Krebs on Security

Time for Samsung users to switch to iPhone?  It’s a scary headline that random pics from your phone can be sent to random people in your contacts.  Still scary that you don’t know unless that person tells you.  I would consider this a HUGE security issue.  Many people keep confidential information in their phone as pics, including things like credit cards or passwords, not to mention personal pics.

  Protect the nudes

Source: Samsung phones are spontaneously texting users’ photos to random contacts without their permission – The Verge

Your (Fill in name of device here) is Not immune from attack.  Even the iPhone.  There are many vectors for attacking an iPhone.  One that uses WiFi (scary) was recently patched.  Update your iOS Device now.  The iPhone is still my phone of choice and is much less susceptible to attack than say Android.  But it like any other platform is still subject to attack.  So the saying “semper vigilans” is a good rule where technology is concerned.  Don’t trust unknown sources, networks, people, devices, cables, etc.   This means Don’t let people play with your phone, don’t give out your pin, don’t connect to that Free hotspot, don’t plug into some unknown charging cable/port and ALWAYS stay up to date on your patches.  If you don’t patch the holes that the experts work so hard to plug just become a bullseye for those looking for a weakness.  Each flaw gets published and when it’s not repaired it’s almost a road map of how to compromise your device. Here are a few articles to get you started. the Register: No one still things iOS is invulnerable to malware, right? CBSNews about the WiFi Exploit: If you use Wi-Fi on your iPhone or iPad, get this security update

If you are viewing a post from a mobile device pay close attention to the URL.  A new(ish) exploit method simply uses a bunch of  — (Dashes) to obscure part of the address.  The article specifies Facebook but this same technique would work with other sites as well.  The key is to be ever vigilant.   Read more here: https://www.techworm.net/2017/06/facebooks-new-phishing-scam-pads-urls-hyphens.html  

In case you haven’t heard (if you follow our Blog or Facebook page you should have) there is some fallout from the NSA hacking tools being leaked.  At least allegedly.   Our  WebRoot customers are covered and our IDMax customers have been updated.  Are you one?  If not contact us and stay protected. The ‘new’ Ransomware has been wreaking havoc, causing outages, effecting Hospitals, telecoms and business in the UK, Russia, Tiawan and elsewhere. Microsoft has put out patches for it’s operating systems as well as offering some patches for it’s older XP and 2003 OS even though it discontinued support for them sometime ago.   Read More: Here on NetworkWorld, Here on ZDNet.com, More here on ZDNet.com including links to the Patches for Older OS (XP/2003)  

As I have said many times undisclosed vulnerabilities make EVERYONE susceptible to exploits. In an attempt to extort money, a group know as Shadow Brokers has acquired a bunch of hacking tools used by the NSA (and others?).  These are a bit dated, but still very effective on Windows 7 to 2012.  When no one would pay the hush money they demanded they decided to just start releasing them to the public.  So now unpatched systems or ones with no current patch available can be fairly easily exploited. In layman terms someone you don’t like could have complete access to your computer.  Install or run any software they wanted including key loggers, monitoring software, viruses or just download or delete your files.  That’s not all either.  Think you’re safe behind your firewall?  There are also exploits for Cisco and VPN technologies. Read more on The Register. Remember to patch your systems or have us do it for you.

What does a Linux Security Hole look like?  Well, something like this. Never drop to a command shell when you have an error.  This is a debugging technique ONLY and should never end up in production code.  Especially with Root level access. Read More here: ZDNet: Major Linux security hole gapes open Security Doc Info Here: CVE-2016-4484