Welcome to another edition of our Cybersecurity weekly blog. We believe staying up to date with the latest news and security threats helps us make better decisions when navigating today’s ever expanding online world. We will get started with some headlines and then offer some tips on the best practices for a safe and secure password.
Here are last week’s news stories ending June 3rd:
- Malicious Chrome extensions with 75M installs removed from Web Store
- Bleeping Computer reports on a story where Google recently removed 32 malicious extensions from their Web Store. The extensions were found to push spam, alter search results, and they were downloaded over 75 million times. This story highlights the need for users to exercise caution when downloading apps and browser extensions from official store pages. It also notes that despite these extensions being removed from the store page, users will have to manually uninstall the affected extensions to be safe.
- Akron-Summit County Public Library investigating ‘ransomware incident’ that caused outages
- The Akron Beacon Journal writes about a ransomware attack on the Akron-Summit County Public Library and its 18 branches. Computers, phones and the library catalog were taken offline for a few days. The incident is still being investigated but the story highlights the quick action taken by the libraries’ team to investigate and secure their systems.
- Idaho hospital diverts ambulances, turns to paper charting following cyberattack
- Fierce Healthcare reports on a cyberattack targeting the Idaho Falls Community Hospital and its partner clinics. Ambulances were diverted, some clinics closed, and paper charting was used while services were disrupted. It’s unclear at this point if it was a ransomware attack. The article highlights the importance of having a plan in place in the event of such attacks.
- FTC Slams Amazon with 30.8M Fine for Privacy Violations Involving Alexa and Ring
- The Hacker News is reporting on a story about Amazon’s Alexa assistant and Ring security cameras. The FTC recently hit Amazon with a $30 million dollar fine that includes a $25 million penalty for breaching children’s privacy laws. A big takeaway from this story is that while some of these security devices and voice assistants can make our lives easier, they also come with some big security risks.
- Microsoft Discovers Critical macOS Vulnerability Allowing SIP Bypass
- SecureWorld has an article about Microsoft discovering a critical macOS vulnerability. The vulnerability referred to as “Migraine” allows attackers to bypass System Integrity Protection (SIP) if they have root access. This article shows that collaboration is important in the security world, and big tech companies should work together when the need arises. MacOS users should also make sure to update their OS to the latest version as soon as possible.
Best password practices in 2023:
- Use strong and unique passwords for all accounts.
- Never use information in a password that can be found on your social media accounts.
- Do not use words found in a dictionary, come up with passphrases instead.
- Make sure to use upper and lower case letters with a combination of numbers and symbols.
- Never reuse the same password on multiple accounts.
- Minimum password length of 14 characters.
- Password managers are a great tool for storing and creating complex passwords.
- 2-factor authentication is recommended for all accounts linked to sensitive data.
Never use any of the following: (Top 10 most used passwords 2022 according to Forbes)
Remember that having a strong password is vital to keeping your most important data safe and secure. That’s all for this week’s Cybersecurity blog post. We’ll be back next week for another edition! Thanks for reading, remember to be vigilant and stay safe out there!
Welcome to this week’s edition of our Cybersecurity Blog, where we bring you the latest updates on online security and practical tips to keep you safe in the digital realm. Stay informed and empowered as we take a look at the latest news in the world of cybersecurity.
Here are last week’s news stories ending on May 19th:
- Smashing Pumpkins Singer Pays Ransom to Avoid Early Release of Songs
- SecureWorld.io reports on the recent ransomware attack targeting the iconic rock band, Smashing Pumpkins. This incident highlights the ongoing threat of ransomware attacks targeting high-profile individuals and organizations, emphasizing the importance of robust cybersecurity measures and proactive defense strategies.
- Cybercrime gang pre-infects millions of Android devices with malware
- BleepingComputer reveals a sophisticated cybercrime gang that has pre-infected millions of Android devices with malware. The malware is capable of stealing personal information, intercepting SMS messages, and displaying fraudulent advertisements, posing a significant threat to Android users worldwide.
- US. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
- The Hacker News announces that the US government has issued a $10 million reward for information leading to the identification and capture of a Russian national accused of launching ransomware attacks on thousands of victims across the world. This aggressive move demonstrates the government’s commitment to combating the escalating threat of ransomware attacks and sends a strong message to cybercriminals involved in such activities.
- Cybersecurity audit of Utah state government released
- Fox 13 Now reports on the findings of a cybersecurity audit conducted on the Utah State Government. The audit highlights how much money cyberattacks have cost the state and notes that some local governments have only one part time employee working on cyber security policies and procedures.
- Apple fixes three new zero-days exploited to hack iPhones, Macs
- BleepingComputer reveals that Apple has addressed three previously unknown vulnerabilities, or zero-days, that were actively exploited to target iPhones and Macs. The patches aim to prevent potential malicious activities and reinforce the security of Apple devices, highlighting the importance of promptly updating software to mitigate such risks.
As we wrap up this blog entry, we want to share with you the top three ways to safeguard your personal data online and maintain your privacy in the digital world.
- Strong and Unique Passwords: Use strong, complex passwords for all your online accounts. Avoid using common passwords or reusing passwords across different platforms. Consider using a reputable password manager to generate and securely store your passwords.
- Enable Two-Factor Authentication (2FA): Enable 2FA whenever possible for your online accounts. This adds an extra layer of security by requiring a second verification step, such as a unique code sent to your mobile device, in addition to your password. It significantly reduces the risk of unauthorized access even if your password is compromised.
- Be Mindful of Sharing Personal Information: Exercise caution when sharing personal information online. Only provide necessary details on trusted platforms and avoid oversharing on social media. Regularly review privacy settings on social media accounts and limit the visibility of your personal information to a trusted audience.
By implementing these three key practices, you’ll greatly enhance your online security and reduce the risk of your personal information falling into the wrong hands. Thank you for being a part of our journey to promote cybersecurity awareness. Stay informed, stay vigilant, and continue to prioritize your privacy in the digital age.
Welcome to our Weekly Cybersecurity News segment where you can stay informed about the latest data breaches, hacking incidents, emerging cyber threats, and the innovative measures being taken to combat them. We believe that knowledge is the first line of defense, and our goal is to keep you updated and empowered to navigate the digital landscape with confidence. So, grab a cup of coffee, settle in, and let’s explore the fascinating and ever-changing realm of cybersecurity together.
Here are last week’s news stories ending on May 12th:
- Boot Guard Keys from MSI Hack Posted, Endangering PCs.
- Tom’s Hardware highlights a significant security concern as the BootGuard keys for MSI motherboards were leaked online, potentially exposing them to malicious exploitation. This leak could enable attackers to bypass the system’s security measures, compromising the integrity and trustworthiness of affected MSI systems.
- Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance
- The Hacker News highlights critical vulnerabilities found in Netgear routers that expose users to remote attacks. The flaws allow threat actors to execute arbitrary code, monitor users’ internet activity, hijack internet connections, emphasizing the need for immediate firmware updates and proactive security measures by Netgear router users.
- Toyota: Car location data of 2 million customers exposed for ten years
- BleepingComputer reveals a data breach that exposed the location data of approximately 2 million Toyota customers for a decade. The incident occurred due to a misconfiguration of a cloud environment, potentially allowing unauthorized access to sensitive information such as vehicle tracking and trip history. The article notes that technically no personally identifiable information (PII) was leaked, only the VIN numbers.
- Bl00dy ransomware gang targets schools via PaperCut flaw
- TechTarget reports on a ransomware gang known as “Bl00dy” exploiting a vulnerability in the popular print management software, PaperCut MF. The gang specifically targeted schools, encrypting their systems and demanding ransom payments, highlighting the importance of promptly patching vulnerabilities and implementing robust cybersecurity measures in educational institutions.
- Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested
- This article from The Hacker News reports on the successful operation carried out by Spanish law enforcement to dismantle a large-scale phishing operation that had illicitly obtained millions of euros from unsuspecting victims. The authorities arrested several individuals involved in the scheme and seized significant assets. This story emphasizes the importance of cybersecurity awareness to prevent falling prey to such scams.
As we conclude this blog entry, we want to leave you with the top three essential ways to secure your home network and protect your digital life.
- Update and Patch Regularly: Keep all your devices, including routers, computers, and smart devices, up to date with the latest firmware and software patches. Regular updates often include crucial security fixes that address known vulnerabilities.
- Strong Passwords and Network Encryption: Ensure your Wi-Fi network is protected with a strong and unique password. Avoid using default or easily guessable passwords. Additionally, enable encryption, such as WPA2 or WPA3, to safeguard the data transmitted over your network.
- Enable Network Firewalls and Guest Networks: Activate the built-in network firewall on your router to filter incoming and outgoing network traffic, adding an extra layer of protection. Moreover, consider setting up a guest network for visitors. This segregates their devices from your main network, minimizing potential risks.
Remember, securing your home network is crucial in today’s interconnected world. By following these three fundamental steps, you significantly reduce the risk of unauthorized access, data breaches, and potential cyber threats.
Stay vigilant, stay informed, and continue prioritizing your online security. Thank you for being a part of the Baldwin Public Library Cybersecurity News Blog, and we look forward to sharing more valuable insights with you in the future. Stay safe!
- Ransomware attack hampering Dallas police operations (This appears to have been caused by a phishing email!)
- Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads (Be careful when downloading random apps to your mobile devices. They found this Malware in 11 different apps!)
- Russian hackers use WinRAR to wipe Ukraine state agency’s data
- Hackers hijacked a university’s emergency system to threaten students and faculty
- Dental offices report hacking leaving patients scrambling, frustrated
- The Importance of Protecting Your Personal Information
- How to Protect Your Digital Privacy This is a good article about securing your digital privacy. However, they recommend LastPass as a password manager, which does not have a good track record. 1Password has a much cleaner record.
- SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023
- Iranian hacking group targets Israel with improved phishing attacks
- Elk Grove Unified employees with tax filing issues may have fallen for phishing email, school district says
- Gone in seconds: rising text message scams are draining US bank accounts
- Georgia is paying hackers to break into its Medicaid portal
- Cybersecurity students learn how to beat hackers at their own game
- Walmart, Amazon, Netflix and MetaMask — Top Scams and Phishing Attempts This week – This is a nice summary of some of the current scams going on. Just note that TrendMicro is also advertising their products in this article. We don’t recommend purchasing anything but wanted to share the helpful information between the ads.
- Password Encryption 101: Best Practices Guide for Orgs of All Sizes
- What is Data Security?