From Smart TVs and refrigerators to connected light bulbs and speakers, more of our household devices are getting connected to the Internet. Could they be hacked? Are we opening up our homes to new cyberattacks?
Avast’s Chief Technology Officer, Ondrej Vlcek, and Sr. Vice President and General Manager of Mobile, Gagan Singh, will be at Mobile World Congress in Barcelona next week to discuss the future of IoT and security for smart, connected devices.
Share your questions about IoT security in the comments below. Our team will answer as many as time allows for select a few to answer at this year’s Mobile World Congress!
The data-gathering possibilities in a connected car are endless.
Engine performance, telematics, the music you listen to, the locations you visit, the phone conversations you have via the infotainment system, maybe even your eye movements, your pulse, and your unique voice signature, can all be recorded and mined for data. Connected cars are no different from the other “smart” devices in our lives. Right now we can opt out of driving connected cars, but there may come a time when we won’t have a choice.
SECURITY UPDATE: Avast Threat Labs has tracked down a new malware, disguised as Kik Messenger app, that aims to trick Facebook users into downloading spyware.
After analyzing the fake Kik Messenger app, we spotted the spyware, or the Advanced Persistent Threat (APT) "Tempting Cedar Spyware." It was designed to steal information like contacts, call logs, SMS, and photos, as well as device information, like geolocation—in order to keep track of movements—and was capable of recording surrounding sounds, including conversations victims had while their phone was within range.
Get the full scoop on our blog (along with tips from our Threat Intelligence Team on how you can do to avoid these kinds of threats) ➤ https://goo.gl/i9vG1h
In a major new report, a team of 26 international experts have warned that artificial intelligence (AI) is now a “clear and present danger” urging governments and corporations to address the “myriad” threats that it could cause.
Within the report, called “The Malicious Use Of Artificial Intelligence”, the authors present a series of scenarios wherein AI could present the greatest danger. The three scenarios examine how artificial intelligence could be used to breach our digital security, physical security and finally our political security. It also includes three potential interventions that governments, corporations and academic institutions should follow.
Tesla's cloud environment has been exploited by threat actors to mine digital currencies, researchers have discovered.
Tesla's AWS system also contained sensitive data including vehicle telemetry, which was exposed due to the unsecured credentials theft. The unknown hackers also employed a number of techniques to avoid detection. A Tesla spokesperson said their "initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."
You’ve no doubt noticed this phenomenon at some point: browse for something on Amazon and advertisements for that same thing will follow you around the internet for days after the fact.
Clearing your browsing history only removes what people can see from your computer, but you can still be tracked. Internet advertisers collect data based on your shopping habits, your browsing routine, and probably even your search history. That data is aggregated with your device hardware details such as the processor type, operating system on your device, browser settings, and geographical information to create your own unique digital fingerprint.
Here's how you can disguise your digital fingerprint and get your privacy back ➤ https://goo.gl/JcD7ZY
The Equifax data breach exposed more of consumers' personal information than the company first disclosed last year, according to documents given to lawmakers.
It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and – in some cases – driver's license numbers and credit card numbers. It also said some consumers' credit card numbers were among the information exposed, as well as the personal information from thousands of dispute documents. According to a new document, it also included tax identification numbers, email addresses, phone numbers, and other finer details.
Over the holidays, as 4iQ reported, there was a massive leak of email / password pairs on the dark web. The email / password pairs came from some big sites including Gmail, Facebook, Amazon, Yandex, and many others.
Coming up with new and unique passwords — and then trying to remember them all — can certainly be frustrating. You might be tempted just to use the same password for everything, but that’s mistake number one. As with any good investment portfolio, diversification is key. And as the hackers get smarter, so must you.
Here are some tips to help strengthen your password security ➤ https://goo.gl/2TbZNN
Last year’s Form W-2 sham that victimized hundreds of organizations and thousands of employees is predicted to be one of this year’s most onerous problems, according to the IRS.
The IRS said that reports about the scam to its email address firstname.lastname@example.org numbered about 900 in 2017 — up sharply from roughly 100 in 2016. The fraudsters tricked payroll employees into revealing sensitive information about the entire company. The crooks use the information to file bogus tax returns — or sell it on the so-called Dark Net. In some cases, the fraudsters asked for a wire transfer after receiving the employees’ information.
Read the full story here ➤ https://goo.gl/sK5duf via AccountingWEB
Victims of recent identity theft now have to contend with another bureaucratic headache: 1099 forms documenting reportable income they never received.
Although the victims reported the thefts to the Social Security Administration, they now have to contend with the messy aftermath: contesting the tax forms they received reporting Social Security benefits that were paid out on their earnings record. Consider this a cautionary tale for retirement age advisers and clients: Set up an online Social Security account to get estimated benefit statements and monitor it frequently. If you discover someone has fraudulently claimed benefits on your account, notify Social Security immediately — and buckle up for a bumpy ride.
A vigilante hacker has broken into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices, for the second time and just a year later.
The hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. “None of this should be online at all,” the hacker said. “Aside from the technical flaws, I really find this category of software disturbing. In the US, it's mainly targeted to parents."
Facebook’s two-factor authentication (2FA) system is auto-posting messages to users' profiles, some users are reporting.
A software engineer said in a tweet that when he replied “DO NOT TEXT ME” and “Pls stop” to the text message, it got posted to his Facebook profile for some reason. This issue has happened to a number of other Facebook users as well. And some Facebook critics suspect that the social networking company is doing this to drive engagement.
Google just introduced a new feature in its Chrome browser that blocks by default certain types of ads.
The new ad-filtering technology removes ads from sites that do not adhere to the guidelines of its Better Ad Standards group. Chrome will now block several kinds of ads without requiring user interaction or customization with an ad blocker. These include prestitial ads, which are full-page ads that prevent consumers from seeing a site’s content, and flashing animated ads.
#DidYouKnow most smartphone apps run invisible in the background and the worst offenders drain all three (battery, data, and storage) at the same time?
We began producing the Avast Android App Performance & Trend Report in 2014, and have discovered a number of resource-eating apps that consistently appear on the list, including: AllShare Cast Dongle software update, Samsung WatchON, Facebook, and Facebook Messenger. Most of these apps come pre-installed on your phone and are part of the Samsung or Google portfolio. So pay careful attention: go through and disable or uninstall the apps you really don’t need.
Here are the handful of newcomers and other mobile resource-draining apps ➤ https://goo.gl/5Mg1rz
SECURITY UPDATE: FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password.
The server contained more than 112,000 files, a mix of the completed US Postal Service forms used to authorize the handling of mail, along with identification. Among the exposed files were drivers' licenses, national ID cards, and work ID cards, voting cards, and utility bills. Also found were resumes, vehicle registration forms, medical insurance cards, firearms licenses, a few US military identification cards, and even a handful of credit cards that customers used to verify their identity with the FedEx division.
What smart device(s) do you use (i.e. Amazon Echo, Google Home, Ecobee4, August Smart Lock, etc) and are you concerned about your privacy and security?
Each year, billions of products that connect to the Internet. According to new research by the Security Innovation Center, Americans surveyed are increasingly concerned about security and privacy, including the prospect that a hacking of their own device could expose family, friends and colleagues to risk. 59% fear that one of... their Internet-connected products could be used by a hacker as part of a cyber attack.
The research also notes that one compromised product not only affects the owner of the product, but anyone whose information may be on it. As we connect more "things", those risks could grow exponentially from loss of data to loss of life.
What do you think?
#DidYouKnow Hackers can silently access your webcam without triggering the camera notification light? Here's how to stop them.
Webcam Shield allows Avast Premier users to have complete control over your webcam, and prevents applications and malware from accessing your PC's camera without your consent. It's available now to all our Premier users in the latest version.
Learn more here ➤ https://goo.gl/xT5RKc