Welcome to your April Savvy Cybersecurity newsletter. As always, we saw many cybersecurity happenings this month including breaches at Microsoft, Toyota and Facebook. Read on to learn more about those as well as:
- Why you need to update your Verizon Fios router now
- A new Social Security scam making the rounds
- How Android users can boost their password security
- And much more
“Tidying Up”: Cybersecurity edition
Marie Kondo’s “Tidying Up” series on Netflix has taken off. Donation centers around the country have reported a huge increase in donations as people sort through their belongings and search for joy. If you are not familiar with Kondo’s “Tidying Up” process, she recommends combing through your items, methodically holding each one and asking yourself if it sparks joy. If the item sparks joy—you keep it. If not, you thank it for its time and donate it or throw it out.
Kondo recommends using this process to organize your clothes, books, paperwork, and other miscellaneous items such as kitchenware. But the same idea can be applied to our digital lives. During this spring cleaning season, tidy up different aspects of your digital world to stay organized and fend off cyber threats.
Start with your computer
Our computers—personal and business—hold a trove of files and programs that are often forgotten. In many cases, these software programs may be out of date or unnecessary—creating a cybersecurity concern. To start the tidying process, go through the programs that are installed on your computer. Ask yourself if the program sparks joy and if it is something you use on a regular basis. If not, delete it. Programs sitting idle on your machine can easily miss updates, leaving you vulnerable to hacks.
If you have any of the following programs on your computer, you certainly want to delete them unless they are integral to what you do. These programs are constant cybersecurity threats and many are no longer serviced by its provider:
- Adobe Flash Player
- Adobe Shockwave
- Apple Quicktime
As you go through the different programs on your computer, take a minute to check the update settings. If you can set the software to auto-update, you may want to consider choosing that setting. This ensures that your programs are receiving security patches as soon as they are released.
Take a closer look at your phone and tablet
Smartphones and tablets have radically changed how we interact with the world. New apps are released daily that can make life easier. Unfortunately, not all apps are created equal and many may be collecting and selling your data unbeknownst to you.
First, go through your handheld devices and delete the apps that you no longer use and no longer spark joy. For the apps that remain, review the privacy settings and the data you share with the app. You can do that through the settings of the device. In some cases, you can limit the data that is shared with the app. Also, be sure that the app is updated and running the most recent version.
Review your social media accounts
Social media allows us to stay connected with family and friends but can also cause us to share too much information with the wrong people and apps. To start, go through the friends and followers on your social media profiles and ask yourself if you still want this person to see details on your life. Remove those who are no longer a part of your life.
Then, visit the security settings for all of your social media accounts. Be sure they are set to private so you are not sharing personal data with the outside world.
Lastly, review the third-party apps that are linked to your Facebook account. Facebook has been in the news lately due to data leaks stemming from these third-party apps. To review the apps that have access to your Facebook account, go to Settings, then Apps, then Websites. There you can see which have access to your data. Remove those that no longer spark joy.
Maintaining good cybersecurity is an ongoing process. “Tidying up” your devices and digital life is a sensible step to take every year. It forces you to review the programs that you are sharing data with and decide if you still need to do so.
Verizon Fios routers are susceptible to being hacked, according to security company Tenable. The company discovered that new Verizon Fios Quantum Gateway routers were being distributed with a flaw that could allow hackers to take control of an entire wireless network and all the connected devices. Verizon has issued a new firmware patch to fix the problem. If you use a Verizon router, you should check for the update.
Toyota data breach exposes information on up to 3 million customers. The automotive maker announced the breach recently saying that Toyota Tokyo Sales Holding and three independent dealers in Japan were affected by the breach. According to Toyota, hackers were able to gain unauthorized access to the network. This is the second Toyota breach this year.
Facebook exposes user data…again. Two unsecured databases were discovered on the cloud. That data was acquired by third-party apps running through Facebook. The affected apps are Cultura Colectiva and At the Pool. Facebook IDs, names, friends, and other information were exposed. It is important to review your Facebook permissions regularly to be sure you are not granting access to apps and websites you do not trust. To do so, go to www.facebook.com/settings.
New Wi-Fi protocol, WPA3 is not as secure as experts had hoped. The latest generation of Wi-Fi was released last year and was supposed to protect users better than the previous Wi-Fi protocol, WPA2. Researchers, however, have discovered that WPA3 has many of the same security issues as WPA2. The researchers determined that, “WPA3 does not meet the standards of a modern security protocol. ” WPA3 has only been released to a small number of devices and fixes are being made.
Social Security scam affects thousands nationwide. The Federal Trade Commission is warning the public of a new phone scam where a caller informs victims that someone is using their name and Social Security number to send thousands of dollars to Mexico and Colombia. The victims are told a warrant is out for their arrest and they must provide money via Google Play cards to get rid of the warrant. The scammers are able to make the call appear to be coming from the Social Security Administration on caller IDs.
Amazon adds HIPAA-compliant healthcare services to Alexa devices. The company has partnered with various companies to create new Alexa Skills that will allow healthcare providers to use the devices for health-related questions while remaining HIPPA compliant. Cigna, Boston Children’s Hospital, and Express Scripts are among the organizations working with Amazon on this development.
Microsoft reveals breach of managed email services such as Outlook, MSN, and Hotmail. The company announced this month that hackers were able to compromise a customer support account and access customers’ email data. Microsoft claims that a limited number of users were affected while a report by Motherboard disagrees. Microsoft reports the breach occurred from January 1 to March 28 while Motherboard says it may have lasted six months. Microsoft has contacted users that were affected.
Hackers release personal information on thousands of federal agents and police officers, according to TechCrunch. Three different FBI websites were compromised by hackers which allowed them to download the contents of each server. They then created a spreadsheet of the hacked data which includes member names, titles, government email addresses, postal addresses and more. The hackers claim to have information on over one million federal and public service employees.
The Internal Revenue Service reports drop in identity theft victims in recent years. According to the IRS, the number of identity theft victims has dropped 71% between 2015 and 2018. This may in part be due to the creation of the Security Summit which is a partnership between the IRS and private and public sector companies. The goal of the Summit is to decrease tax fraud. And while individual tax fraud has decreased, there has been an increase in tax fraud directed at tax professionals.
Android users can now use their phones as a security key. If you use a phone running Android 7.0 or higher, your phone can now act as an additional authentication layer to protect your accounts. The process works by sending login alerts to users for approval on phones that are enrolled in the program. Here are instructions for activating the feature.
Over 20 malicious apps created by an Italian surveillance company were hosted on the Google Play store for two years. The apps, which are believed to have infected millions, were spyware that infected the user’s device with malware and accessed data such as audio recordings, phone calls, geolocation, texts, and more. You can read more here.
Adobe: Adobe released updates for Acrobat, Adobe Reader, AIR, and Flash Player this month. You can read more about the updates here. Note that Flash updates are typically auto-installed, but you may need to reboot your browser for the update to complete. Adobe also ended support for its Shockwave Player this month; this software has always been vulnerable to security breaches. Experts advise deleting Shockwave from your devices, since the last version had known security holes that will likely be exploited.
Microsoft: More than 70 security vulnerabilities received patches in this month’s Microsoft updates. These updates affect Windows, Internet Explorer, Edge, Office, Sharepoint, and Exchange. Two of the flaws are considered zero-day exploits, while eight carry the critical warning, so be sure to update as soon as possible. Your device should prompt you. You can learn more here.