FOR IMMEDIATE RELEASE. CAMERON PARK, CA (November 12, 2020) – Cyber Safety Net today announced How Hacks Happen and how to protect yourself was awarded the Nonfiction Authors Association's Gold Award.
"The Nonfiction Authors Association sets the bar extremely high," says author Mark Anthony Germanos. "To have How Hacks Happen be reviewed by other authors and receive the Gold Award is truly an honor. I am glad the reviewers, and reading public as a whole, are finding How Hacks Happen valuable. The content helps keep you safe online." Some sample reviews are as follows:
In How Hacks Happen, Mark Anthony Germanos uses two author personas to explain and illustrate the hazards to our online information: the cybersecurity expert trying to help us and the black-hat hacker exploiting our ... Read More
Free email services monetize your personal information. Use one of them and you are vulnerable. Free email and social media services are indexing and monetizing your mailbox data. They use that information for their gain, not yours.
Gmail monetizes your personal informationFor example, https://policies.google.com/terms?hl=en says “When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited ... Read More
Remote Desktop is a big vulnerability
Maybe you use Microsoft’s Remote Desktop feature to connect to your workstation at work from…anywhere. Remote Desktop has been in Windows for 20 years at no extra cost. The network administrator at my target reviews the workstation’s logs through Windows’ Event Viewer. This screenshot is from my research honeypot.
Someone is trying to login to this virtual machine at a ferocious pace
The unlucky soul who has to read these logs finds login attempts are international. My perusal shows login attempts from five IP addresses:
211.72.1.31 in Taipei, Taiwan
24.142.48.215 in Dartmouth, Canada
87.147.195.55 in Olching, Germany
47.185.77.29 in Keller, Texas
91.234.125.163 is in Sosnicowice, Poland
Assuming it is one hacker who either employed a botnet (a series of computers simultaneously tasked with a large task) or is ... Read More
Let LastPass manage your passwords (you have other things to think about today).
We have too many passwords. Keeping track of them mentally or on Post-It notes does not work. Keeping them in a Microsoft Word document is also troublesome. If you change a password and fail to update the document, then the record becomes wrong. Next time you go to that website and use the password in your Microsoft Word document, it won’t work. You did not update the document. Let me introduce LastPass.
Several companies have solutions. I use LastPass, which lets you create a vault that holds all your passwords. You don’t have to remember what LastPass stores in the vault. You only have to remember the master password to access the vault. The ... Read More
2-factor Authentication helps protect your identity.
You should deploy 2-factor Authentication. This increases your security and reduces your chances of becoming an identity theft victim. Most services encourage 2-factor Authentication and let you deploy it at no additional cost.
Here's a quick question for you.
When attempting to access a website, the website can challenge you based on:
A) What you know (e.g. password).
B) Who you are (e.g. fingerprints).
C) What you have (e.g. phone).
D) All of the above.
Correct answer: D.
How it looks in real life.
Daisy runs a dental office in Folsom, CA. Keeping the practice up and running is her top priority. She runs most of her patient, insurance and vendor communications through her Gmail account. She deploys 2-factor Authentication with the steps at https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome. She keeps her smartphone nearby. ... Read More
Social media connection requests are not always real
Meet Lynne. She sent you a social media connection request. Here's some background on Lynne. Happily married to a professional athlete. Real estate agent in San Francisco. Runs three marathons a year. Promised her mom she would visit all seven continents before turning 50. Laughs and walks away when you try talking politics.
Would you accept a social media connection request from Lynne? She looks decent and honest, right?
Fake profile
Think twice. She is fake. I visited https://www.thispersondoesnotexist.com/ and chose three pictures for my book. I wrote the profiles from scratch. https://www.thispersondoesnotexist.com/ uses a generative adversarial network, defined at https://en.wikipedia.org/wiki/Generative_adversarial_network to create pictures. Wikipedia tells us “a GAN trained on photographs can generate new photographs that look at least superficially ... Read More
Office Depot found malware in scans...not really
Office Depot and its tech partner tricked customers into buying unneeded tech support services by offering malware scans that gave fake results, according to the FTC (Federal Trade Commission). Consumers paid up to $300 each for unnecessary services.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers.
Office Depot caught claiming out-of-box PCs showed “symptoms of malware”
Between 2009 and 2016, Office Depot and OfficeMax offered computer scans inside their stores using a "PC Health Check" ... Read More
Triton got into a petrochemical plant
In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyber attack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences. It all started when someone launched a spear phishing attack and someone else clicked a link they should not have clicked.
Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As ... Read More
Phishing and File Sharing
Internet thieves have long used file sharing sites and services to host their malicious files. When they do this, they typically use the underlying service to generate download links that anyone can click without logging in to the hosting service.
Over the past month we started noticing apparently legitimate Dropbox emails pushing links to files with names suspiciously similar to those routinely used by the bad guys. When we clicked the links to check, however, we were greeted with a demand to log in to the service. That's typically been a sign that the files involved were legit.
Still, something wasn't right here. Given the file names presented, we reckoned there was little chance those files were innocuous. So, we decided to log in to ... Read More
Ransomware knocked most systems offline
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The County hired cyber-security consultant to negotiate ransom fee with hacker group. Jackson County officials have not yet confirmed how hackers breached their network.
The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system.
"Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."
Jackson County officials notified the FBI and hired a cyber-security consultant. ... Read More