Cyber-security Highlights – July 24

Every Monday we’ll be bringing you a review of the pervious week’s hottest cyber-security and on-line privacy news articles.

Here at IronSocket, we work to continually raise awareness of the threats that we as individuals face in our connected lives. We are 100% committed to helping our customers stay safe and secure while on-line, both through our VPN and proxy services as well as through education.

Here are the top articles we have gleaned from last week’s news avalanche.

 

Malware on macOS

It used to be that, security-wise, us Mac users didn’t have anything to worry about. That has changed now. This new strain of the OSX/Dok malware will infect your Mac, pretend to be a bank website, and capture your bank account user name and password. And, to protect itself from being discovered, it will disable security updates and block traffic from being sent to Apple’s servers. How does it do this? Read the article to find out.

http://www.techrepublic.com/article/macos-users-beware-a-new-and-nearly-undetectable-malware-is-on-the-rise/

 

A Password Thief for Chrome

Anyone who has 13 bucks U.S. and the chutzpah to venture into the dark web can buy the Ovidiy Stealer. It will help if you can read Russian but other than that, that’s all you need. This malware runs on Chrome and Opera and it steals passwords. Purchasing it gives you a dashboard where you can monitor your victims’ activities and even get technical support from the author of the malware.

Malware distribution and use as a business is a real thing.

https://www.forbes.com/sites/leemathews/2017/07/17/new-password-stealing-malware-spreads-rapidly-thanks-to-rock-bottom-pricing/#7c1aaf886f16

 

Phishing Attacks are Getting More Sophisticated

Let’s say you’re a hacker who wants to target a specific organization. This organization has pretty good cyber security. So, what do you do? You get someone on the inside to unknowingly do your work for you. Think U.S. presidential campaigns and the Democratic National Committee. Phishing scams attack people, not computer systems. Find someone who works for your target organization and who also has a good chunk of personal information on social media. Once you know some details about this person, you can tailor your phishing attack so it seems completely legit.

http://www.freep.com/story/money/personal-finance/susan-tompor/2017/07/16/phishing-attempt-work/475151001/

 

The Gaping Security Chasm that is the Internet of Things

People who write software hate to “reinvent the wheel.” So, if there is a collection of resources (a library) that contains bits of ready-to-use software (functions, objects, classes, etc.) that you need for the application you’re developing, you’ll want to go with that, rather than writing your own from scratch. And if it’s open-source and freely available on a public software repository, it’s a no-brainer.

The problem is, if there is a bug in one of these resources, and companies all over the globe are integrating this flawed resource into their products, well, you get the picture.

http://www.zdnet.com/article/millions-of-iot-devices-hit-by-devils-ivy-bug-in-open-source-code-library/

 

Speaking of the IoT – Think of the children!

Does your child’s connected device have a camera and/or a microphone? Did you read the user agreement that came with the device? Do you know what the manufacture’s privacy policy is? Do you know what data they collect and where that data is stored? Do you know what they do to protect the security and privacy of your child’s data? Do you know if they’ve ever been hacked? When they do get hacked, do you know how they will contact you and how they will manage the problem?

We know it sounds cliché, but cyber-security and on-line privacy begin with you.

http://www.darkreading.com/cloud/fbi-issues-warning-on-iot-toy-security/d/d-id/1329373?

 

That’s all for this week. As usual, if you have any questions or comments, don’t hesitate to write to us. We’re here to help you stay safe, secure, and protected while online.

About IronSocket

Our staff has been involved with computers since the early days of dial up modems. We have combined experiences spanning decades working on a multitude of internet based projects. One of our goals is to make a conscience effort to inform others about staying safe on the internet. If you ever need to reach us, leave a comment, put in a ticket, or contact us using our website’s contact us form.