A new series of attacks against almost every Wi-Fi router has been posted called FragAttacks. Anyone who can receive radio signals from your router or Wi-Fi hotspot can use these vulnerabilities and steal data from your devices. The issue is the design of the Wi-Fi protocols themselves, along with programming errors to certain Wi-Fi devices. Some products have multiple issues and a dozen different CVEs have been posted that document them.
You can read my blog post for Avast here.
Last week, we described the privacy changes happening within Apple’s iOS 14.5. Now, in this post, we’ll be presenting the advertiser’s perspective of the situation at hand. While advertisers may think the sky is falling, the full-on Chicken Little scenario might not be happening. The changes will make it harder – but not impossible – for advertisers to track users’ habits and target ads to their devices. And as I mention in my latest blog for Avast here, digital ad vendors need to learn new ways to target their campaigns. They have done it before, and hopefully the changes in iOS will be good for everyone, eventually.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/68526858/FB_ATT_Prompt.001.5.png)
This week, Apple announced the availability of iOS version 14.5 for its smartphones and tablets. The release contains an update that is a major change in direction and support for digital privacy. If you are concerned about your privacy, you should take the time to do the update on your various devices. Earlier iOS versions had the beginnings of this anti-tracking feature. If you go to Settings/Privacy/Tracking, you can turn off this tracking or selectively enable it for specific apps. When you install a new app, you will get a popup notification asking you about which tracking features you wish to grant the new app.
In my blog for Avast, I talk about what exactly is included in the new iOS, and why it is important for preserving your privacy.
Volunteers approach the American Red Cross from many different directions. Mike DeSantis came through donating blood. And then doing it again, and again, and again. He wanted to start donating blood while he was in high school, but was born too late in the year, so he had to wait until he turned 18 when he was in college before his first visit. “I gave whole blood then, and found it wasn’t all that hard or that intimidating,” Mike said. “After a few times at the local blood center, a nurse asked me if I had considered apheresis and told me I had nice big veins.” That was the beginning of something that blossomed into a decades-long relationship. By one accounting, he has donated more than 530 units of platelets over 375 visits. He tries to come in every other Friday afternoon. “This is a lot easier to remember than the whole blood schedule,” he said. There is a lot more to his story, and you can read about him on the Red Cross blog here.
Like so many Red Cross volunteers, Kathryn Buril spreads her love around by serving multiple community organizations. The Little Rock Red Cross chapter volunteer is active at Saint Mark Baptist Church and on the board of directors of Volunteers in Public Schools (ViPS). She has held leadership roles at local branches of the National Association of University Women, the American Association of University Women and the local AARP chapter.
Kathryn began her Red Cross service with sheltering and mass care disaster assistance groups in the summer of 2009 when numerous hurricanes hit the Gulf Coast. “People were coming into Little Rock by the hundreds,” she recalled. Kathryn’s first deployment was in Mena, Arkansas, at a tornado disaster relief shelter.
You can read more about her exploits and volunteer efforts on the Red Cross blog here.
Every mobile phone has a special card called a Subscriber Identity Module. This is the challenge for a type of attack called SIM swapping which is becoming increasingly easier, thanks to leaks that associate email addresses and mobile phone numbers. In my latest post for Avast’s blog, I take a deeper dive into how this type of attack is pulled off, why it’s so popular, and steps that you can take to prevent it in the future.
Unfortunately, Facebook (and Google) don’t make authentication particularly easy. And to make matters worse, both companies have the habit of changing their menu options to confound even those who have done it previously. My recommendation is to use a web browser, rather than mobile apps, for these activities. This is because you’ll want the additional screen real estate and some of the options are more difficult to find in mobile apps.
Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications. The overarching goal of identity management is to grant access to the enterprise assets that users and devices have rights to in a given context. That includes onboarding users and systems, permission authorizations, and the offboarding of users and devices in a timely manner.
However, part of the problem are the users and their love/hate affair with their passwords. We all have too many passwords, making the temptation to share them across logins – and the resulting security implications – an issue.
You can read my post for CSOonline here.
Ransomware continues to be a blight across the landscape and has gotten new life thanks to the pandemic and a growing collection of capabilities to make malware operators more potent. While using both cloud computing (what is somewhat mistakenly called ransomware-as-a-service or RaaS) and extortion techniques aren’t new, they are being deployed more often and in more clever and targeted ways than ever before. This has brought a rise in overall ransom attacks and in demanded payouts. One report has average ransom demands increasing by a third since Q32019.
In this blog post for Avast, I describe what RaaS is and how it is being exploited by the Darkside crime group.
If you are compromised by Darkside, there is this decryptor tool available. Suggestions (as with other ransomware preparation): ensure your backups are intact and accurate, intensify phishing awareness and education, and lockdown your accounts with MFA.
It has been a bonus year for cyber criminals. The FBI’s Internet Crime Complaint Center (IC3) received nearly 800,000 complaints about cybercrime last year, more than two-thirds of a jump from what was seen in 2019. About a third of these complaints are from phishing attacks. The report summarizes data submitted by the general public and businesses on its website portal and is produced each year. Over $4 billion in losses attributable to these complaints was calculated, the most ever for what has been seen in one of these reports.
In my blog post for Avast, I summarize what was reported to the IC3 in the past year and suggest some simple strategies that individuals and businesses can take to prevent them.