Blog

Internet Security News

Internet Security News for August 19, 2019 (Hacks, Antivirius Software with Vulnerabilities, Warnings to Update These Items with Security Issues, and a Synagogue hit with Ransomware)

Internet Security & Privacy Should Be Your Website’s Priority

If you own a business, you know that in today’s markets you must have a website. There’s no getting around it. However, there comes responsibility with having that website. You’re responsible to keep your visitors and their information secure. You can easily do that with a Security Program that includes monitoring, updates, backups and 24-hours upon alert to repair and restore your website. The following is only a partial list of security issues found around our nation.

Apple will soon treat online web tracking the same as a security vulnerability

Apple is putting your privacy before the advertisers. They’ll be treating online programming intended to track your online habits, like cookies, like they are a security risk.

“Publishers and companies rely heavily on online tracking — i.e. collecting (anonymized) data about a user’s activity on the web — to keep tabs on your every move as you hop from one site to the other.

While this is typically used for targeted advertising, the implications go beyond just serving relevant ads in that it allows marketers to create detailed dossiers about your interests — resulting in significant loss of privacy.”

Article by Ravie Lakshmanan

https://thenextweb.com/privacy/2019/08/16/apple-will-soon-treat-online-web-tracking-the-same-as-a-security-vulnerability/

 

Kaspersky Lab Exposed Users’ Browsers to Website Tracking

Speaking of tracking your web habits to better know how to market their products and services to you… it looks like antivirus company Kaspersky Lab may have opened the doors for advertisers. But it isn’t just advertisers who could recreate this tracking, anyone can – including hackers! Jeb Su, also reported on this security issue in Forbes online. He pointed out that this Russian-based, antivirus software could be a breach beyond just online advertisers.

“Since fall 2015, the company has been injecting Javascript code via its various products, including Kaspersky Lab Internet Security and Kaspersky Lab Free Anti-Virus. Eikenberg even created a website to test whether he could extract and read the Kaspersky Lab’s unique identifier. It turns out he could, which made him wonder: ‘If I was able to create a website in a short period of time that reads and saves the IDs, why couldn’t others have done it at some point in the last four years?’”

Article by Michael Kan

https://www.pcmag.com/news/370210/kaspersky-lab-exposed-users-browsers-to-website-tracking

“Last month, Kaspersky issued a patch which gives the same identifier for all the users of a specific version of the Russian company’s antivirus software (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security) which still allows a malicious hacker to know that an antivirus software is installed on the machine and whether the version has already been patched against the ID leak—which is still very valuable information for an attacker.”

Article by Jeb Su

https://www.forbes.com/sites/jeanbaptiste/2019/08/16/warning-a-security-flaw-in-kaspersky-antivirus-lets-hackers-spy-users-online-millions-at-risk/#661fed6eba34

 

ECB Says One of Its Websites Was Hacked, Data Possibly Captured

First Capital One and now the European Central Bank has been hacked. This shows why a website needs to have security monitoring. Prevention is a goal, but it cannot be guaranteed. Repair and restore within 24-hours of notification can be accomplished.

“According to an emailed statement, hackers installed malware onto an external server that hosts the Banks’ Integrated Reporting Dictionary, or BIRD, to aid phishing activities. It’s possible that email addresses, names and position titles of 481 subscribers to the BIRD newsletter may have been captured, the ECB said, but that passwords were not.”

Article by Carolynn Look and Nicholas Comfort

https://www.bloomberg.com/news/articles/2019-08-15/ecb-says-one-of-its-websites-was-hacked-data-possibly-captured

 

How to protect your router and home security cameras from hackers

Protecting your computers aren’t enough. This NBCNews.com article will help you secure your home’s computers and cameras.

“When it comes to digital security, lack of knowledge and complacency can result in serious consequences, including identity theft, financial fraud and a massive loss of privacy.

You try to be vigilant with your computers because they contain so much personal information, but chances are you don’t have the same level of diligence when it comes to your router and home security camera. Hackers are counting on this.”

Article by Herb Weisbaum

https://www.nbcnews.com/better/lifestyle/how-protect-your-router-home-security-cameras-hackers-ncna1041806

 

Cybercrime a potential liability for clinics

American Veterinary Medical Association has put out the following article warning Vets that their practices are at the same risks of cyber-attacks that ‘human hospitals’ are dealing with right now.

“The threat of this sensitive data being stolen is significant, especially when veterinarians are not proactively preventing this type of threat or are not prepared to deal with the ramifications of an attack swiftly.” Dr. Lance Roasa, national president, American Veterinary Medical Law Association

Article by R. Scott Nolen

https://www.avma.org/News/JAVMANews/Pages/190901i.aspx

 

Ransomware attacks hit local company

In Alexandria, Minnesota’s Echo Press news, it was reported how a local company that was hacked last December turned their experience around to be educational for their community. One opened email created a problem where “each of its 400 computers nationwide had to be reloaded and new software reinstalled.”

“Representatives from Alexandria Industries and High Point Networks spoke at Alexandria Technical and Community College’s IT conference on July 31. They shared their story of the outbreak and all they had learned first-hand, and what security features they have put in place to prevent this from happening again. They did not disclose whether the cyber attackers demanded money.”

Article by Rachel Kubik

https://www.echopress.com/business/technology/4324771-Ransomware-attacks-hit-local-company

 

That 4G hotspot could be a hotbed for hackers

It has been said time and time again that public Wi-Fi is not secure. So many people opted for a 4G Hotspot. Hotspots are portable devices that allow your devices to connect wireless to the internet. Some people have phones that can be hotspots, but others prefer a separate device. Unfortunately, there have been issues found with the ones created by ZTE.

“Security researchers have discovered a slew of vulnerabilities affecting 4G hotspots from ZTE, and the company hasn’t provided fixes for all of the affected devices. The security flaws could allow a potential hacker to redirect traffic from the hotspot to other malicious websites, researchers said.”

Article by Alfred Ng

https://www.cnet.com/news/that-4g-hotspot-could-be-a-hotbed-for-hackers/

 

Krebs says the SEC is investigating First American data exposure

Due to a “design defect in a (web) application” on their website, First American had left a vulnerability to their customers’ highly sensitive information. Now the SEC is investigating just how that exposure happened.

Security for your website isn’t just about keeping hackers out, it’s, also, about making sure you are not exposing your visitors’ and customers’ data for anyone, including hackers, to get.

“The Securities and Exchange Commission is reportedly investigating a security incident involving First American’s website that may have exposed more than 885 million records related to real estate closings and mortgage fundings going back to 2003, cybersecurity expert Brian Krebs said on Monday.”

Article by Kathleen Howley

https://www.housingwire.com/articles/49845-krebs-says-the-sec-is-investigating-first-american-data-exposure

 

6 Security Considerations for Wrangling IoT

Internet of Things (IoT) includes, but is not limited to, your home appliances that have Wi-Fi connections. You know, like the refrigerator that will text your phone with grocery lists, your dryer that will alert you when the load is done or that new fancy security camera that allows you to talk to visitors like your home. These extra conveniences that are time-savers, they’ve, also, been known to become dangerous when hackers get a hold of them.

“The sheer increase in the volume of consumer IoT fostered by retail and tech giants has created a massive attack surface. Consumers may have dozens of IoT devices in their homes. And with all of their variations in software, suppliers, and connection points, the possibilities for things to go wrong seem endless.

For instance, the simple task of turning on your home security system (an IoT device that communicates with a server), driving your car (your phone or car could also be an IoT device), and using a streaming camera at home seems innocuous on their own, but the data may be tracked by various parties, and combining them causes alarming possibilities of potential malicious activity.”

Article by Prabhuram Mohan

https://www.darkreading.com/endpoint/6-security-considerations-for-wrangling-iot/a/d-id/1335411

 

PSA: Canon DSLRs are Vulnerable to Ransomware, Update Yours Now

Like your Canon DSLR? Update its software ASAP.

“The critical flaw in Canon’s Picture Transfer Protocol was revealed (sic) by Security Company Check Point Research during Hacking Conference DEF CON 2019. As you can see in the demo video above, the company was able to take full control of a Canon 80D using either a USB or WiFi connection. Once they had control, they were able to install “ransomware,” encrypting all of the photos on the SD card and holding them hostage until and unless the victim pays a sum of money (usually in cryptocurrency) to receive the encryption key and unscramble their images.”

Article by DL Cade

https://petapixel.com/2019/08/12/psa-canon-dslrs-are-vulnerable-to-ransomware-update-yours-now/

 

Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated)

We recommend making sure you install on your smartphone (available for iPhone and Android) an antivirus app and Malwarebyte’s app.  Also, do not download apps without a quick search about it to make sure there’s no malware concerns.

“Millions of Android users are being warned about a devious new banking trojan, dubbed Cerberus, that infects devices by masquerading as an Adobe Flash Player installation. Once installed, the fake download requests accessibility permissions that allow an attack to take place. The malware overlays login screens for banking apps, stealing credentials for its operators. Cerberus also has a crafty evasion technique—using the accelerometer on an infected device to ensure the target is real and not a desk-based security analyst.”

Article by Zac Doffman

https://www.forbes.com/sites/zakdoffman/2019/08/16/dangerous-new-android-trojan-hides-from-malware-researchers-and-taunts-them-on-twitter/#148700696d9c

 

FBI looks for who hacked Maitland synagogue

Hackers hit a synagogue in Maitland, Florida with ransomware.

“Kay (Rabbi David Kay) said hackers stole documents from a server then demanded a ransom to be paid in bitcoin to unlock what they’d stolen. Kay said the hackers took operational documents which have made work at the synagogue difficult, but he’s glad the hackers didn’t get anything that would put people at personal risk.

‘All of our financial information, all our membership information is on separate systems,’ Kay said.”

By Matt Lupoli

https://www.wesh.com/amp/article/fbi-looks-for-who-hacked-maitland-synagogue/28724692

 

Website & WordPress Security

Don’t think because you’re a small to mid-size business, or a hotel or resort that you do not have to worry about your website’s security. This is the landscape of the internet. We offer monthly monitoring services that are part of our “Website Security Program.” There are never any guarantees that you’re safe, but with our services we run daily backups, monthly updates of your website core files, plugins and themes. Should your business website get hacked, we get it repaired and restored within 24 hours of becoming aware of it.

Call us today at (561) 822-9931 or complete the form below to get eyes on your website’s security.

We can sign you up immediately and schedule a website review. Was your website hacked? Upon sign up, you will receive the benefit of a 24-hour repair and restore. You’ll receive a monthly notice from us when your website and plugins have been updated. You’ll never be guessing if we’re doing our monthly service. Move to our host (cost included in Security Program) and have the benefits of our server’s security monitoring, too.

Contact us today!

AUTHOR - Beth Varian

Beth Varian has been working on the internet since 1995. She was the first SEO Expert at CBS SportsLine.com. When starting Webmaster For Hire, she wanted to focus on the personalized experience with quality results. Communication with clients is important. Though the internet has been around for decades now, it is still a mystical place for many business owners. Webmaster For Hire is the digital agency to guide small to mid-size businesses in the service and hospitality industries.