It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!
Showing posts with label advice. Show all posts
Showing posts with label advice. Show all posts
Thursday, January 2, 2020
Your Smart TV is Spying on You — How to stop it...
Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.
Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.
It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!
It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!
Thursday, December 26, 2019
The 11 types of business failure – and how you can learn from the mistakes of others
(Guess what made the list.)
Some rivalries between business groups have led to allegations of unethical advertising practices, and even corporate espionage... more
It's easy to "blunder" when it comes to corporate espionage. By definition, espionage is a covert practice. Because you don't see it, you don't believe it is happening. Successful espionage is invisible. Only failures make the news. Successful corporations employ specialists to monitor for espionage.
The Top 200 Worst Passwords of 2019
Independent researchers, who requested to stay anonymous, compiled and
shared with us a list of 200 most popular passwords that were leaked in
data breaches just this year. The database is quite impressive — 500
million passwords in total. And if you think that’s a lot of leaked
passwords, we have some bad news for you — it’s just the tip of the
iceberg. more
Here are the Top 20 to get you started...
Top 2020 New Years Resolution... Fortify your passwords.
Here are the Top 20 to get you started...
Thursday, November 21, 2019
Spybuster Tip #734: Don't Store Incriminating Photos on Your Android Phone
This time around, a team of security researchers found a terrifying flaw with the Android camera apps that could let malicious apps completely take control over a phone’s camera to spy on users without their knowledge.
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
Tuesday, November 19, 2019
WhatsApp? Eavesdropping. That's WhatsApp.
WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.
And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...
WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa
According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.
- Android versions of WhatsApp before 2.19.274
- iOS versions of WhatsApp before 2.19.100
- Enterprise Client versions of WhatsApp before 2.25.3
- Windows Phone versions of WhatsApp before and including 2.18.368
- Business for Android versions of WhatsApp before 2.19.104
- Business for iOS versions of WhatsApp before 2.19.100
Beginner's Guide to Small Business Cyber Security
Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more
Sunday, November 17, 2019
The New York Times Reports: "Bugging Epidemic"
With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea...
A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.
The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.” more
A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.
The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.” more
Spybuster Tip #621: Conduct your own sweeps for covert spycams. Learn how.
Thursday, November 7, 2019
How People Turn iPhones into Bluetooth Bugs
With iOS 12, Apple added a feature, called Live Listen, which essentially turns your AirPods into on-demand hearing aids. There's a bit of setup you'll need to do, but once it's done, you can place your phone on a table closer to the person you're talking to and it will send audio to your AirPods.
On your iPhone go to Settings > Control Center > Customize Controls and tap on the green "+" symbol next to the Hearing option. Then, when you need to use the feature put in your AirPods and open Control Center on your iPhone and select the Hearing icon followed by Live Listen. Turn off the feature by repeating those final steps in Control Center. more
Wednesday, October 30, 2019
More People Searching for Technical Surveillance Countermeasures (TSCM)
Analysis: More organizations are hardening their defenses against electronic surveillance and information theft. With TSCM information security surveys becoming mainstream attacks will shift toward the defenseless...
Defenseless equals lunch in the Infowar Jungle.
Defenseless equals lunch in the Infowar Jungle.
Wednesday, October 23, 2019
Free Ransomware Decryption Tool
The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.
Please note: There are limitations on what files can be decrypted. more
Of course, put all the safeguards in place first so you won't need this tool. ~Kevin
Friday, October 18, 2019
IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.
It also issued a slew of additional patches addressing other flaws in its products.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
It also issued a slew of additional patches addressing other flaws in its products. “An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
Thursday, October 17, 2019
Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?
Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more
Friday, October 11, 2019
Spy Camera Detectors – Do they work? How do they work?
In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.
Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.
With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.
5 Cheap Things to Beef Up Your Security
by Rob Kleeger, Digital4nx Group
by Rob Kleeger, Digital4nx Group
Here are a few simple things to prevent and keep most of your private information as safe as possible from hacks or negligence.
- Invest in a Password Manager: If you are like me, most people can’t remember the login details for the dozens of online services they use, so many people end up using the same password — or some variation of one — everywhere. If you are one of those people, this means that if just one site on which you use your password gets hacked, someone could gain access to all your accounts.
- Use a virtual private network (VPN) service: When connected to any internet-connected device, it helps to keep most of your browsing private from your internet service provider; it reduces some online tracking; and it secures your connections when you use public Wi-Fi.
- Turn on MFA (2FA) on everything: Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication doesn’t guarantee security, and it is vulnerable to hacking attacks like phishing attempts that spoof a login page.
- Backup: Have a backup plan. All too often, SMB leadership says they backup, but the backup is saved on the server, which if gets encrypted, serves no purpose...neither does attaching a NAS to the same network. Have a cloud-based or offline based backup plan. Confirm backups run regularly and periodically test those backups to do a full restore.
- Don't forget about the paper: In many ways, people are so focused on cybersecurity, they forget about the basics. Use a cross-cutting paper shredder. Wirecutter recommends the AmazonBasics 15-Sheet Cross-Cut Shredder for most people, though serious privacy mavens should step up to the AmazonBasics 12-Sheet High-Security Micro-Cut Shredder, which runs a little slower but produces confetti half the size of a cross-cut shredder’s pieces.
Thursday, October 10, 2019
Don't Get Struck by Lightning by Borrowing a Cable
Bad news: A hacker has created a rogue Lightning cable that lets bad guys take over your computer. Worse news: Now it’s being mass-produced.
... from now on, asking a stranger to borrow a Lightning cable, or
accepting an offer by a stranger to give you one, is the last thing
you’ll want to do if you’re scrupulous about protecting your data.
That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.
Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your data. more
... from now on, asking a stranger to borrow a Lightning cable, or
accepting an offer by a stranger to give you one, is the last thing
you’ll want to do if you’re scrupulous about protecting your data.That’s because a hacker has created the first Lightning cable that, when plugged into your Mac or PC, will allow someone to remotely take over your computer.
Worse, this hacked Lightning cable, called the O.MG Cable, isn’t a bespoke one-off. It’s being mass-produced in factories so anyone can buy and use them to target your data. more
Tuesday, September 3, 2019
Protecting Your Engineering Business from Industrial Espionage
Industrial espionage is a much more common occurrence than many
people realize.
As a business grows and begins to compete at a higher level, the stakes grow and their corporate secrets become more valuable. It isn’t just other businesses that might want this information, hackers who think they can sell the information will also be sniffing about.
Even if you can’t eliminate the risk entirely, there are certain things you can do to reduce the risk of a security breach in your business. more
A Very Short List...
Because...
If you don't look,
you may never know.
As a business grows and begins to compete at a higher level, the stakes grow and their corporate secrets become more valuable. It isn’t just other businesses that might want this information, hackers who think they can sell the information will also be sniffing about.
Even if you can’t eliminate the risk entirely, there are certain things you can do to reduce the risk of a security breach in your business. more
A Very Short List...
Shred Documents
Don’t Print Sensitive Information if You Don’t Have to
Keep Your Schematics (designs, strategies, etc.) Under Wraps
Keep it Need to Know
and my favorite...
Because... 
If you don't look,
you may never know.
Workplace Covert Recording on the Rise
 |
| Voice activated recorder. Easy to hide. |
Gadgets disguised as leather belts, eyeglasses, pens and USB sticks are all proving popular with employees in a country where abusive behavior by people in power is so pervasive that there is a word for it - “gabjil”...
Auto Jungbo Co.’s sales of voice recorders so far this year have doubled to 80 devices per day, Jang said as he forecast sales to also double this calendar year to 1.4 billion won. more
Kevin's Tips for Management
- Assume your discussions are being recorded.
- Before proceeding, ask if they are recording.
- Be professional. If you would not say it in a courtroom, don’t say it.
- Red Flag – When an employee tries to recreate a previous conversation with you.
- Have an independent sweep team conduct periodic due diligence debugging inspections.
Create a Workplace Recording Policy
Carrie's on-the-Lam Comment via a Leaked Recording
The embattled leader of Hong Kong was caught on a leaked audio recording reportedly saying she would “quit” if she could after causing “unforgivable havoc,” but on Tuesday reiterated that she hasn’t resigned because it would be the easy way out.In a press conference, Carrie Lam slammed the audio, recorded during a private meeting with a group of businesspeople, saying it was “unacceptable.”
The recording was published Monday by Reuters. In it, she is heard apparently blaming herself for igniting Hong Kong’s political crisis. more
Kevin's Tips for Management
- Assume your discussions are being recorded.
- Before proceeding, ask if they are recording.
- Be professional. If you would not say it in a courtroom, don’t say it.
- Red Flag – When an employee tries to recreate a previous conversation with you.
- Have an independent sweep team conduct periodic due diligence debugging inspections.
Create a Workplace Recording Policy
Thursday, August 29, 2019
Has Your Doctor (or other Professional) Downloaded Apps With Microphone Access?
via Robinson & Cole LLP -
Linn Foster FreedmanAs I always do when talking to people about their phones, I asked them to go into their privacy settings and into the microphone section and see how many apps they have downloaded that asked permission to access the microphone. How many green dots are there? Almost all of them looked up at me with wide eyes and their lips formed a big “O.”...
I am not picking on them—I do the same thing with lawyers, financial advisors and CPAs, and any other professional that has access to sensitive information.
When a professional downloads an app that allows access to the microphone, all of the conversations that you believe are private and confidential are now not private and confidential if that phone is in the room with you. more
Friday, August 23, 2019
Fighting Corporate Espionage — by a Counterintelligence Agent
Corporate executives must bear the responsibility... No longer is “Security” to the facility and personnel all that is required. Many foreign countries and interests take short cuts to becoming competitive through the theft of trade secrets, products and overt and covert espionage of all sorts...
Many of the tactics utilized in private sector counterintelligence have much in common with the secrets and information the government does its best to safeguard from theft...
There are open and legal methods of collection open that are harmful and a good counterintelligence program should target this as well as illegal activities such as electronic eavesdropping, hacking, etc.
Passive counterintelligence tries to curtail what a collector may do through countermeasures, and awareness training. Active counterintelligence will prove beneficial to identify and detect a threat, and will conduct operations including eliminating threats or ongoing targeting... The leaders in the private sector need to be proactive and realize that it is no longer only local threats they face. The threats can be global and may not only be an economic threat but also a threat to national security. more
Many of the tactics utilized in private sector counterintelligence have much in common with the secrets and information the government does its best to safeguard from theft...
There are open and legal methods of collection open that are harmful and a good counterintelligence program should target this as well as illegal activities such as electronic eavesdropping, hacking, etc.Passive counterintelligence tries to curtail what a collector may do through countermeasures, and awareness training. Active counterintelligence will prove beneficial to identify and detect a threat, and will conduct operations including eliminating threats or ongoing targeting... The leaders in the private sector need to be proactive and realize that it is no longer only local threats they face. The threats can be global and may not only be an economic threat but also a threat to national security. more
Subscribe to:
Posts (Atom)