Spammers are Reportedly Behind the Facebook Hack

This post was made on 10/18/2018.

Facebook reported a security breach on September 25th that revealed personal information of over 29 million accounts.

This breach was caused by the “view as” feature which let users see how their profiles looked to other people. The reason this feature was so easy to manipulate was because of “access tokens” which grant temporary access to one’s facebook page. This allowed the hackers to use access tokens and take over Facebook pages, they would then target friends of the page they just took over as their next victim.

These hackers would disguise themselves as a digital marketing company and Facebook has claimed they are spammers and used their malicious ways to force themselves into random people’s accounts and take them over.

Facebook is currently working with the FBI to try and fix this. They have also stated “There is no reason to believe the breach was related to the upcoming US 2018 midterm elections.”

Facebook needs to get its computer security up to snuff if it’s ever going to prevent hacks like this from happening. Over the past few years Facebook has been involved in far too many security breaches and has seemingly learned nothing from each of them. I also think that we are going to see more and more radical political interference on social media platforms like Facebook as we get closer and closer to the midterm elections.

While it may be true that this hack was not directly related to the US midterms, it would be foolish to say that it has nothing to do with it at all. I’m sure some of these hacked Facebook pages are spreading political propaganda to divide the two main parties in the US. So if you do use Facebook alot, keep an eye out for propaganda that will try to reel you in and feed you false information to demonize the opposing party.

Source: Spammers Behind Facebook Hack

If You Like Privacy, then the DuckDuckGo Browser is Perfect for You

This post was made on 10/16/2018.

DuckDuckGo is an online browser that doesn’t collect your search history and doesn’t use cookies to remember your browser. This helps users stay more anonymous without corporations collecting your search history and data.

DuckDuckGo just recently stated that it hit 30 million users daily after only 10 years of being opened. DuckDuckGo proudly states that privacy is its number one priority for its users and a spokesperson of DuckDuckGo states “The Internet shouldn’t have to be so creepy.”

I have personally used DuckDuckGo as my main browser for over a month now and it’s nice to know that some giant corporation isn’t collecting data. It is a bit slow and freezes at times but it works as a good Internet browser. Hopefully DuckDuckGo will only improve and and fix any of the problems I had in the future because I do think it’s going to become a bigger service as more and more stories come out of companies like Google and Facebook leaking an absurd amount of personal data on the Internet.

Source: DuckDuckGo hits 30 million daily users

Fake Flash Updates Infects Computers with Crypto-Mining Malware

This post was made on 10/13/2018.

In a new way to try and trick users into giving access to their computers, hackers have created what seems to be a Adobe Flash update that tells users that they need to update their Adobe Flash player. This fake update installs crypto-mining malware onto the users computer that can have the user unknowingly mine for Monero.

Monero is a cryptocurrency that is used to keep the private. Much like other cryptocurrencies, it is used primarily on the dark web to purchase illegal goods and services.

Crypto-mining has a huge toll on computing power and usually significantly slows down ones computer when the mining is active. The crypto-mining malware can be activated at any time with anyone who has been infected by this malware, which means the hackers can anonymously mine on your computer without your knowledge.

Different types of cryptocurrencies — There are several different types of cryptocurrencies that generally use blockchain technology. This helps keep the buyers and miners of these cryptocurrencies hard to track.

This is just another creative way hackers can access your computer for their own nefarious purposes. They are essentially trying to trick you with a cleverly disguised fake Adobe Flash update that will give them full access to your computer. It is of utmost importance you keep an eye out for stuff like this in the news because they want to trick you, but if you know how they are trying to trick you, then you will be able to avoid tricky malware like this.

Source: Cryptomining Malware Discovered Masquerading as Flash Updates

Google+ Shuts Down and Reveals a Major Security Flaw that Revealed Over 500,000 Users Data

This post was made on 10/12/2018.

Google announced that it’s shutting down it’s social network Google+ in the next 10 months. Google also conveniently announced right after this that there was a security flaw that revealed the data of over 500,000 users.

The security flaw allowed third-party app developers to access your data. But not only can these third-party developers access your data, they can access all of your friends data on Google+.

The reason Google is shutting down Google+ is because of low user activity. Google really had a big push for Google+, after the launch in 2011, by forcing people who wanted to make a Gmail account to make Google+ account as well. They removed having to sign in to Google+ to make a Gmail in 2014 after many users complained about needing a Google+ account to even make an email. Google always tried to force Google+ down peoples throat by forcing users to sign in to it to use some of their other products. They tried to integrate Google+ into: YouTube, Google Maps, Google Photos, Google search, and many more Google services. These we’re attempts to get people to use their social media service more and be a liable competitor to other social media platforms like; Facebook, Twitter, Reddit, etc.

Google+ HQ — Google+ launched back in 2011 as a social media platform in hopes to be the next big social media platform. Sadly, it never really took off with Internet users.

It’s no surprise that Google+ is shutting down because of the low user engagement, but announcing that they had a major security flaw after this, is just scummy. Google+ was a failure of a social media platform, the people who made it knew that, the users knew that and even Google knew that, so it was only inevitable that Google+ would eventually shut down. But Google essentially announcing “Hey we’re shutting down Goggle+, also there was a major security flaw that may or may not have revealed your data. Bye!” is not a good way of announcing this! If there was a major security flaw in your platform, the users should know about this as soon as possible, not as your shutting down your platform.

Google likely did this after seeing what happened to Facebook over the 2016 presidential elections and figured it would be best to kill it’s dying platform in order to try and limit the bad public relations they are going to get for this. Google and other social media giants, should be held more accountable with what they decide to do with our data and where it goes. We should not have to worry if our data is being misused to trick or manipulate us into whatever these third-parties please. Social media companies are going to have to be strict with who they give our data to if they don’t want another scandal like the Facebook 2016 presidential election scandal to happen again.

Sources:

Google+ shuts down and reveals security flaw

The ways Google+ tried to get users to use their platform

China has a Surge in Hacking Activity

This post was made on 10/05/2018.

A Chinese hacking group known as cloudhopper is launching cyber-attacks on technology service providers in an attempt to steal data.

The Department of Homeland believes that the government of China may be aiding this hacking group, but the Chinese government denies these allegations. China’s government may be behind this because of the escalating trade war between the U.S and China.

The cloudhopper hacking group usually tries to access a internet router to spread malware and other malicious code. They use unrelenting bots to try and get into these routers and collect what they need. They usually target telecommunications, technology, and other types of wireless technology. They usually try to access telecommunications especially because of how much sensitive information is on there that they can use for their own villainous intentions.

U.S cybersecurity firms are aware of cloudhopper and is sending out information on how to prevent, find, and remedy, cyberattacks from cloudhopper. This information will help technology service providers be more careful and hopefully stop any cyber-attack attempts that cloudhopper will try to use on them.

FireEye Logo — FireEye one of many Cybersecurity firms that tries to find any cyber threats to our Nation and stop them.

It wouldn’t surprise me if China was helping these hackers to get personal info. The trade war is starting to become more and more volatile as the U.S is making it harder to sell and buy things. If China loses U.S as a trading partner then they are going to lose a lot of money as a result. So now China has become more aggressive and is trying to collect data. For what though? I can’t exactly answer that question, but if I had to guess I would say that China is trying to have an influence on the U.S population. Russia did this in the 2016 election to make all sorts of propaganda to divide the people of the U.S, and you know what? It kind of worked. So now China is trying to do the same thing and collect data to target certain people into supporting whoever China wants. There could be other ways they are using this info, like for money, identity theft, or something along those lines.

My theory could be completely wrong and they are using that data in other ways, but that’s not the point. We now have to have our cybersecurity ready now more then ever if we want to be able to prevent threats like this. Luckily our cybersecurity analysts have identified this and warned potential victims of these cyber-attacks and has given them instructions on what to look for. We are going to have our cybersecurity on its toes in the future if we are going to be able to combat to these cyber-attacks, because,in the future, these attacks will become way more elaborate and vicious.

Source:

China’s Hacking Group is now Cyber-Attacking the U.S

Phishers Can Use Your Phone Number To Try and Scam You!

This post was made on 10/04/2018.

Recently I had a very strange thing happen to me. I was at my home eating dinner when I got this phone call. The phone callers number was my number, which I found a bit strange at first. I picked up my phone to be greeted by a bot that stated “Your phone provider has not received any type of payment this month, please click 1 on the keypad to continue and make your payment.” I was confused by this because I had already payed my phone bill for the month a two weeks prior to this call. I had a sneaking suspicion that this was was a scam of sorts because my phone company has NEVER directly contacted me about my phone bill, or at least they don’t call me. So I hung up the phone and logged into my phone account on my computer. I found that everything was completely normal! No bills needed to be payed and there was no sign of any problem at all with my phone provider. At this point I was almost certain that someone tried to scam me, I then looked up ways that people would try and scam you and sure enough I found that scammers can call you with your own number.

Phone scammers, or phishers, use a variety of ways to try and contact you through your phone. They can use a local phone number or possibly even your own phone number to try and trick you into giving them your financial information! Some of these calls can even send malicious code to your phone if your not careful! The phishers usually use bots in this situation to try and get people to spill their financial information. They have a few methods of trying to get that information too! The bots will try and tell you that they need some credit info to check your security or they will tell you you owe money to some company or they’ll say you haven’t filed your taxes and you owe them money. There are more ways than that but you get the idea of how they operate. They just want your financial information.

These calls are illegal and usually use “spoof” numbers to call you. These spoof numbers are usually your area code or your phone number. They do this because it gets around call blocking (blocking calls from sketchy places), and it makes them hard to track down.

Now you may be asking yourself “what do I do in that situation?” Easy, just don’t pick up the phone. If you do pick it up and hear a bot trying to get you to pay something hang up as soon as possible. The longer you stay on the phone with the bot, the more information it will try and get from you. Also never click or dial anything it asks you to. This is likely a virus link that will infect your phone.

Should this repeatedly happen to you or maybe you just don’t want that phisher trying to steal your info again, I would highly suggest you call the Federal Trade Commission (FTC) to block that caller. I will leave a link below if you need to do that. I would also keep up with all the phone scams that could happen to you. Luckily I have a link to that as well which will tell you about all the current scams people will try and use on you.

Be careful to who you give your financial information to, you never know who will try and steal that from you!

Links:

Block a scammer link

Scam alerts link

Local Government Website GovPayNow.com Leaks Over 14 million Customer Records

This post was made on 9/27/2018.

The company GovPayNow.com, that has been used, and is still used, by local governments and the US state government has reported a leak that put over 14 million user records at risk of being stolen or used by hackers. These records could possibly include: names, addresses, phone numbers and the last four digits of the payer’s credit card.

These records could be accessed by just about anyone by simply changing the digits in the web address that was on each receipt. This would allow one to jump from receipt to receipt taking whatever information you could get your hands on. These receipts could date back as far as 2012.

GovPayNow.com has fixed what they call “a potential issue” and issued a statement saying:

“GovPayNet has addressed a potential issue with our online system that allows users to access copies of their receipts, but did not adequately restrict access only to authorized recipients, the company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction. Additionally, most information in the receipts is a matter of public record that may be accessed through other means. Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts. We will continue to evaluate security and access to all systems and customer records.”

While no customers have appeared to be harmed by this leak, there’s a substantial amount of personal information on the receipts of these websites that could be used in a variety of ways. From Identity theft, to Credit Fraud, this information could allow anonymous users to hold this information and use it as they will.

The glaring security flaw on GovPayNow.com should have never been there and should have been found, then fixed, way sooner than this. The fact that this company has just got away with leaking over 10 million user records without any fines or warnings, is just downright wrong. This websites sole purpose is to keep the information provided to the website personal and use them to have the user pay their fines or tickets.

My point is when when we let companies like this leak or share our data with people we don’t want to share data with, then that is when they have failed to keep the public safe from harm. Any psychopath on the internet who wants to find ways to scam and use your data just need your; name, your address, and your phone number, to do a variety of creative ways to get your money. For example, I could call a phone company just to find and have access to your phone. How? I’ll tell them that I lost my phone and need a new SIM card. At most all you would need is your name and phone number. With this SIM card I would have access to all of your contact information which can be used to access your email when you have forgotten your password. If I could have access to your email the I could have access to a whole bunch of accounts that could be used to spend or transfer money (Banks, Online Shopping, etc). This is only one example of how I could potentially use your information.

There are probably more sinister and quick ways to get to your money, but my point was to show you what I could do with the information provided by the leak from GovPayNow.com. Companies should be held liable for information breaches like this and should pay a huge fine for such a simple security fix. The only way to get companies to care more for stuff like this is to attack them where it hurts, their wallet. I wouldn’t be surprised if GovPayNow.com was sued by a user of their platform. They would have every right to sue them and maybe it would make the company be more attentive with their security.

Source: GovPayNow.com Leaks 14M+ Records

According to Google; Apps can Scan and Share Your Data, with Consent

This post was made on 9/23/2018.

Google just told the US Senators that Gmail can have add-ons scan your Gmail inbox and use your data to hand to other companies. However, Google has stated that they have to have the users consent before they can initiate this practice.

Google’s Vice President, Susan Molinari, wrote to the US senators: “Developers may share data with third parties so long as they are transparent with the users about how they are using the data.”

These add-ons or apps that can be installed to your Gmail can be used to organize your email and even compare shopping prices and deals with each other. But these apps have the ability to go through personal emails and use them in their product refinement purposes, according to the Journal.

The idea of companies using your data for whatever they feel like it has always seemed wrong. Especially if they are using that data from your inbox that you can get important and personal information. Getting your data with consent is a step in the right direction, but I feel like getting information from your inbox, even with permission, is a bit wrong. There is so much personal and business information going into these inboxes that giving third parties permission to use them and do whatever they want with that data is still scary.

I feel like there are boundaries on the internet when it comes to using your data. If you are roaming the internet, going to various websites that don’t require too much personal information, then you can gather that data and use that for third parties. Hopefully you ask the user for permission to use their data, but we all know that’s not happening any time soon. Places where you gather personal info, (banks, taxes, medical records, etc), should be completely off-limits to third-party companies. That should include your email because so much sensitive information goes in there that third parties should have no business in my email.

Source: Google Apps can Scan your Gmail with your consent

US Military Initiates a New Strategy Against Cyber-Attacks

This post was created on 09/20/2018.

The U.S. military has initiated a more aggressive way of dealing with malicious cyber activity. The Pentagon calls it the “defend forward” strategy and will try to stop any malicious cyber activity at its source. This new strategy emphasizes the fact that the U.S. military wants to build a more lethal force of hackers to use against enemy forces. This essentially just gives the U.S. military more freedom to do what it wants, even against friendly countries.

Now this, of course, has caused some people to be extremely concerned as to what the U.S. military will be able to do with these more “loose” rules of cyber-security. Jason Healey, a senior research scholar at Columbia University and former George W. Bush White House cyber official, has stated that “If you loosen the rules of engagement, sometimes you’re going to mess that up.” Even if the U.S. military does try to use this new tactic as ethically as possible, there is inevitably going to be human error that will slip through and cause problems.

This new tactic could be used in a variety of ways, both good and bad. This new tactic could be used to try and stop any election meddling and try and stop the Russians from targeting the U.S. infrastructure. It could also be used in more malicious ways, let’s say the U.S. military believes there are hackers in France and decide to take down an entire network of computers in France. They could do this before but they would have had to get permission from the NSA, but under these new rules they don’t have to get permission from the NSA, now they can just do it.

This new strategy is going to be more aggressive towards those who use hacking or any use of malicious cyber attacks. This could potentially cause problems in the future if the U.S. military is abusive with it, but it could also prevent a lot of cyber sabotage over the free internet. There is inevitably going to be a mistake made with this “defense forward” strategy, but if it keeps hackers from meddling with our infrastructure, then maybe it’ll do some good.

Source: US military given more authority to launch preventative cyberattacks

Mark Zuckerberg says Facebook is “Better Prepared” for the Next Political Election

This post was made on 09/16/2018.

In 2016 it surfaced that Facebook had some Russian hackers meddling in the 2016 presidential election. It showed that these “hackers” made several political ads and websites in order to get more votes for presidential candidate Donald Trump. Facebook also shared data with Cambridge Analytica, which is a data-mining firm that had connections to Donald Trumps presidential campaign.

Since then, Facebook CEO Mark Zuckeeberg, has claimed that they have “gotten better” at dealing with such political hackers.

They have removed fake accounts, and have removed pages spreading disinformation. Not only has Facebook removed these dishonest pages, they have programmed the algorithm that makes users less likely to find themselves on these pages of disinformation.

Facebook has also made getting political ads a bit trickier. If you want to get a political ad on Facebook, you will have to verify that you are a U.S. citizen before you can get any ads. Facebook has also made a searchable database of all the political ads to keep track of all the data that is being collected from them.

Mark Zuckerberg is also very aware that in the future the “hackers” will get more complicated and harder to track down. He hopes that Facebook will evolve enough to avoid these types of attacks but only time will tell.

Zuckerberg also points out that Facebook was not the only social media website that was effected by these disinformation attacks. Reddit, Instagram, and Twitter are just some of the other social media platforms that have been effected too. These Social media companies need to communicate with each other if they are going to try and stop these cyber attacks on their platforms, Zuckerberg claims.

I think it is very important to point out that Facebook was not the only one effected by these “hackers”. I am certain that other social platforms have been effected, I just think it was Facebook who got caught doing it and the social media crucified them for it.

If we are going to blame the Russian hackers for causing Donald Trump to win the presidency in 2016, then we are willfully ignoring other factors that went into play over the election year. There were other things that caused Donald Trump to win, however I cannot deny that the Russian hackers had a part in it.

We have to remember that social media is still very new to us. We still have not been able to fully comprehend the power it has to influence people. Hopefully over the next political election we have, we will be more prepared and alert for these types of political ads that target people and get them caught in an echo-chamber of disinformation.

Source: Mark Zuckerberg Caims Facebook is “getting better” at Fighting Political Interference