1:M Cyber Security Update 4/5/19

Hi everyone,

Here are some recent cyber security news I think are interesting/relevant for you guys to check out:

 

———

 

Firefox ‘Send’ allows you to encrypt and send large files for FREE via your browser

Using any browser of your choosing, simply go to send.firefox.com. and you can now send password-protected, and fully encrypted large files for free, and up to 1GB in size (or 2.5GB if you have a Firefox account). Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads—up to 100—or a certain amount of time, ranging from five minutes to seven days. For  comparison, the biggest Gmail attachment you can send is 25 megabytes, so this is most useful. There are already ways to share large files e.g. Google Drive, Dropbox, but you have to first store the file in the cloud, before you share it with others. With Firefox Send it is sent DIRECTLY from you to the receiver with end-to-end encryption, so not even Mozilla Firefox can see the contents of what you’re sharing. You can go to that website, and it will load JavaScript inside the browser, and all the encryption is done right there in your browser for you. Thanks Firefox 🙂

https://www.wired.com/story/firefox-send-encrypted-large-files/

https://send.firefox.com/

———–

Google revealed that it took down 2.3 BILLION bad ads in 2018, including 58.8 million phishing ads

As also mentioned in ‘Training Module 14 Search Engine Optimization’, Google has a serious issue when it comes to displaying malicious ads in its search results. Google now says it pushed out a bunch of new Ad policies in 2018, and as a result, managed to catch 6 MILLION bad ads a day! Incredible. Most of these malicious ads revolved around 3rd-party tech support, ticket resellers, cryptocurrency and local services (garage door repairmen, bail bonds and addiction treatment facilities). As noted in the training module, please do NOT click on any Google ads for now, until Google finds a very effective fix for this serious issue.


https://www.securityweek.com/google-took-down-23-billion-bad-ads-2018

———–

Fake Google Ad leads to malicious tech support scam

Case in point about malicious Google ads, apparently there was a malicious eBay ad displaying in Google search results for a WEEK, without being noticed. When one clicked on it, it would display a fake tech support scam. Please void all Google Ads until they fix this issue!

https://www.bleepingcomputer.com/news/security/fake-ebay-ad-in-google-search-led-to-tech-support-scams/

———–

How to make DuckDuckGo your default Chrome search engine

As we mention in the training, DuckDuckGo is a fantastic replacement for Google Search, if you do not want your search queries to be tracked and profiled. DuckDuckGo does NOT do any user tracking at all. They still gets their revenues from displaying ads, but they do this based on immediate searches rather than building data profiles of us. Keep in mind that Safari and Firefox have both supported DuckDuckGo since 2013, but now you can configure Chrome to use DuckDuckGo by default as well

“To switch to DuckDuckGo as your default search engine, in the Chrome menu select Preferences, then scroll down to the search engine section. Select DuckDuckGo in the Search engine used in the address bar section. If you don’t see it, click Manage search engines and select it from the longer list.”

https://nakedsecurity.sophos.com/2019/03/15/duckduckgo-shows-up-as-chrome-search-option/?

———–

2/3 of all Android Antivirus apps are fraudulent!

According to a recent study, 170 out of 250 Android antivirus apps found in the Google Play Store failed the most basic detection tests, and were basically a complete fraud. They either “failed to meet that benchmark, frequently mistook benign apps for malware, or have been pulled from the Play Store altogether.”

What’s worse, they were uploaded to Google Play as a way to steal user data once downloaded onto mobile phones (antivirus apps by nature ask for, and generally receive, many permissions, so they have access to a LOT of user data). However, some of the apps, such as F-Secure, Bitdefender and Symantec did very well in their detection rates. So please make sure to download an Android Antivirus app from a REPUTABLE COMPANY only.

https://www.zdnet.com/article/two-thirds-of-all-android-antivirus-apps-are-frauds/

———–

Facebook apps expose millions of users’ Facebook data

Once again, Facebook’s platform has been found exposing private user data. This time, it was millions of our records stored on an open cloud server for all to see. The data was gathered by 3rd party apps that have access to Facebook. This is common when you give a 3rd party app, or website, access to your Facebook account – a major no no!  Please review your Facebook apps and their permissions right now, and update the info they can request, or remove the apps and websites you no longer want connected to your Facebook profile. Also review your privacy settings, by using the Privacy menu item on the Settings screen to access the Privacy Settings and Tools page. And don’t forget to set up 2FA!  (We cover all this in Training Module 20 and 22).

https://nakedsecurity.sophos.com/2019/04/04/facebook-apps-expose-millions-of-users-facebook-data/

———–

BEC Scammers using SMS texts to scam you

BEC scammers are now trying to move over to SMS text messaging to scam you. This way, they can talk directly with you on your phone via SMS text, and have you send pictures of purchased gift card barcodes to them directly” (we cover BEC scams in Training Module 7). Please be aware, and ALWAYS verify all transactions/wire transfers by calling the authorizing party directly, not over SMS or email.

https://www.agari.com/email-security-blog/bec-goes-mobile/

 

———–

 

 
Please be safe out there everyone.

#ClickGameOver

Leave a Reply