Social media connection requests are not always real
Meet Cassandra. She sent you a social media connection request. Here's some background on Cassandra. Single mom. Receptionist for a federal government agency's Los Angeles office. Helps establish neighborhood watches throughout Los Angeles County. Tells her kids and neighbors the country will be screwed up until we elect a woman President.
Would you accept a social media connection request from Cassandra? She looks decent and honest, right?
Fake profile
Think twice. She is fake. I visited https://www.thispersondoesnotexist.com/ and chose three pictures for my book. I wrote the profiles from scratch. https://www.thispersondoesnotexist.com/ uses a generative adversarial network, defined at https://en.wikipedia.org/wiki/Generative_adversarial_network to create pictures. Wikipedia tells us “a GAN trained on photographs can generate new photographs that look at least superficially authentic to ... Read More
September 17, 2024Mark Anthony Germanos
How to save money on your domain renewals
Here's a smart way to save money. Yesterday, Domain Listings sent me a letter asking me to renew an Internet domain. This domain is truly one of mine and I need to keep this domain alive. An Internet domain is your address on the Internet. CNN.com is CNN’s Internet domain, Amazon.com is Amazon’s and eBay.com is eBay’s. I have several. This list includes HowHacksHappen.com, CyberSafetyNet.net and CameronParkComputer.com. All are mine. I am writing about this letter because Domain Listings' renewal price is ridiculously high. Do not fall into their trap.
Internet domains typically renew for $18/year. Domain Listings is offering me a chance to renew at $228/year. Let me save you the math. This is a 12.67x markup. This ... Read More
September 17, 2024Mark Anthony Germanos
Intellectual property is still relevant
Last week, I argued intellectual property was no longer relevant. This week, I argue the opposite. Despite the challenges posed by artificial intelligence, intellectual property (IP) rights continue to play a crucial role in fostering innovation and protecting creative works. In case you've already read, https://cybersafetynet.net/does-intellectual-property-still-exist-with-artificial-intelligence-generating-content-no/, fasten your seat belt. I am making the opposite argument here.
Human creativity remains central
While AI can generate content, human creativity and ingenuity are still at the core of innovation. Humans design, develop, and refine AI systems, making critical decisions about their architecture, training data, and application. The creative process often involves human-AI collaboration, where AI serves as a tool to augment human capabilities rather than replace them entirely. Therefore, traditional intellectual property protections remain relevant ... Read More
September 17, 2024Mark Anthony Germanos
Did you know your multifunction printer has its own backdoor WIFI?
Allen called me one day and said his printer was printing nonstop garbage. He wasn’t printing anything, but somebody was printing through WIFI. This print job was consuming his toner and paper. How did this happen?
I told Allen that in addition to joining your multi function printer to your office or home WIFI, you’ll find the printer broadcasts its own WIFI signal. You, or anybody close enough to the printer, can hop on that printer through that WIFI. A hacker could then cause mischief, including changing the printer’s IP addresses or printing large print jobs that consume paper and toner. I am showing you how to identify your printer’s WIFI, and how to secure it.
Assumptions
... Read More
September 10, 2024Mark Anthony Germanos
HHS announces new rules
The federal Office for Civil Rights (OCR), part of the Department of Health and Human Services, announced today the issuance of the final conscience rule that protects individuals and health care entities from discrimination on the basis of their exercise of conscience in HHS-funded programs. Just as OCR enforces other civil rights, the rule implements full and robust enforcement of approximately 25 provisions passed by Congress protecting longstanding conscience rights in healthcare.
The final rule fulfills President Trump’s promise to promote and protect the fundamental and unalienable rights of conscience and religious liberty, a promise he made when he signed an executive order in May 2017 protecting religious liberty. In October 2017, the Department of Justice issued guidance encouraging other Departments, including HHS, ... Read More
September 10, 2024Mark Anthony Germanos
Office Depot found malware in scans...not really
Office Depot and its tech partner tricked customers into buying unneeded tech support services by offering malware scans that gave fake results, according to the FTC (Federal Trade Commission). Consumers paid up to $300 each for unnecessary services.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers.
Office Depot caught claiming out-of-box PCs showed “symptoms of malware”
Between 2009 and 2016, Office Depot and OfficeMax offered computer scans inside their stores using a "PC Health Check" ... Read More
September 10, 2024Mark Anthony Germanos
Triton got into a petrochemical plant
In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyber attack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences. It all started when someone launched a spear phishing attack and someone else clicked a link they should not have clicked.
Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As ... Read More
September 10, 2024Mark Anthony Germanos
Insurance companies pay off ransomware
Fasten your seat belt. Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up—actually their insurance companies pay up. They try to minimize the cost of recovery.
In this new RSA Conference 2019 Threatpost video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.
According to Zelonis, a new trend of victims paying off the ransoms could reverse the wane in ransomware attacks that has been seen in the last year or so. Here is a snippet from the interview:
Cheaper for insurance companies
Tara Seals: "Before we kick off our video interview here, you had mentioned that you’ve been seeing a trend of companies actually paying the ransomware when they ... Read More
September 10, 2024Mark Anthony Germanos
Ransomware Authors Agreed to $400,000
Officials in Jackson County, Georgia, paid $400,000 to cybercriminals last month. That was the extortion fee to get an encryption key for a ransomware infection and regain access to their IT systems. The County hired a cyber-security consultant to negotiate a ransom fee with the hacker group. Jackson County officials have not yet confirmed how hackers breached their network.
The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system.
"Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more ... Read More
September 10, 2024Mark Anthony Germanos
Phishing and File Sharing
Internet thieves have long used file sharing sites and services to host their malicious files. When they do this, they typically use the underlying service to generate download links that anyone can click without logging in to the hosting service.
Over the past month we started noticing apparently legitimate Dropbox emails pushing links to files with names suspiciously similar to those routinely used by the bad guys. When we clicked the links to check, however, we were greeted with a demand to log in to the service. That's typically been a sign that the files involved were legit.
Still, something wasn't right here. Given the file names presented, we reckoned there was little chance those files were innocuous. So, we decided to log in to ... Read More
September 10, 2024Mark Anthony Germanos