Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: Uncategorized

How to take charge of your Google privacy settings

Have you had a Google Privacy Checkup lately? If not, when better than Data Privacy Day to audit the privacy of your Google account? Users have become increasingly sensitive about how their data is handled, which in turn means that tech companies face increasing scrutiny. Google, for example, has introduced new privacy features in recent years in a bid to increase the transparency of how it handles data and to put control back in the users’ hands. One simple way to boost your Google account privacy is to use the Privacy Checkup feature. In a number of simple steps, Read more…


Looking for silver linings in the CVE-2020-0601 crypto vulnerability

by Chester Wisniewski The scene stealer in January’s Patch Tuesday updates from Microsoft was CVE-2020-0601, a very serious vulnerability in the crypt32.dll library used by more recent versions of Windows. The flaw, which also goes by the names Chain of Fools and Curveball, allows an attacker to fool Windows into believing that malicious software and websites have been digitally vouched for by one of the root certificate authorities that Windows trusts (including Microsoft itself). An attacker could exploit the flaw to disguise malware as legitimate – Microsoft-approved – software, to conduct silent Man-in-the-Middle attacks or to create more realistic phishing Read more…


‘Fleeceware’ Apps Downloaded 600M Times from Google Play

New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store. Google has made a concerted effort in recent months to try to eliminate bad apps for its Android mobile platform on the Google Play store—something the company historically has battled. However, fleeceware apps—which trick users into paying excessive amounts of money for simple apps with functionality that’s available free elsewhere—are still getting past Google’s radar in significant numbers, according to security researchers. These type of apps have been installed nearly 600 million times on 100 million plus devices, according Read more…


Don’t fall for the “Start your 2020 with a gift from us” scam…

by Paul Ducklin Have you ever received items by courier from people overseas? If so, you’ll know that sometimes – notably in the case of gifts, where the other person hasn’t told you what they’re sending – the courier company doesn’t deliver the item directly. Sometimes you get an email saying that the item is delayed because the authorities want to inspect it; or there’s import duty; or there’s a supplementary delivery charge if you can’t collect it from the depot yourself. And to help you get through the paperwork easily, there’s often a tracking code and a clickable Read more…


Special Olympics New York Hacked to Send Phishing Emails

New York Special Olympics has been compromised, a non-profit organization focusing on competitive athletes with mental handicaps. New York Special Olympics presents equal opportunity to participate in Competitive, organized sports for people with intellectual disabilities. Sadly, during the Christmas holiday, the non-profit agency was compromised and the perpetrators then used their email server to initiate a phishing operation against their donors. “Friends, Boo! As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies. While donating to Special Olympics NY is always a good idea, we would never ask Read more…


North London hacker sentenced for blackmailing Apple

On Friday, a British citizen was convicted for trying to bribe Apple by alleging that he had a massive iCloud folder and other Apple accounts. The guy, 22-year-old Kerem Albayrak from North London, approached Apple Security alleging that millions of iCloud users had access to information. He demanded Apple to give him a bitcoin ransom of $75,000 or a thousand $100 iTunes gift cards in return for deleting the folder. Albayrak told Apple Security on March 12, 2017 that if the company refused to pay, it would sell the online database and factory reset devices associated with 319 million Read more…


Researcher: Identifying non-decryption DNS-Over-HTTPS traffic

Apparently, without even decrypting it, DNS-over-HTTPS (DoH) traffic can be detected, a security researcher has discovered. The aim of the DoH protocol is to improve the overall Internet security by using TLS when submitting DNS requests and obtaining DNS responses over HTTP. DoH seeks to counter both passive monitoring and aggressive redirection attacks by encrypting DNS data and allowing domain authentication. Different protections are given over TLS via DNS. One could actually identify DoH traffic by analyzing both traffic to and from a site, according to Johannes Ullrich, Dean of Research at the SANS Technology Institute. For his project, Read more…


Maze Ransomware Operators Publish User Information

As if it wasn’t hard enough to have their data compromised, businesses who fell victim to Maze ransomware are now facing another threat: their data could become public. Maze’s operators have been collecting data from victim organisations for a while, ultimately using it as a weapon until payment is received to decrypt archives. Now, for all those victims who refuse to pay the ransom, they threaten to release the data. In this respect, a website was created by the threat actor where they identified the names and websites of eight businesses who allegedly refused to pay the sum demanded Read more…


Visa Warns About Hackers Stealing Gas Pumps Credit Card Data

Payment processing company Visa reported that attackers at gas pumps intercept credit card data from point-of-sale networks, which are becoming increasingly attractive targets for such cybercrime organizations due to their lack of safe recognition software. Visa said its Payment Fraud Disruption or PFD teams detected three separate threats targeting point-of-sale retailer or POS networks expected to be carried out by advanced cybercrime organizations in the summer of 2019. Two of the attacks targeted North American fuel dispenser merchants ‘ POS systems. Forensic analysis of the targeted networks, according to Visa, suggested that the assaults on the fuel dispenser merchants Read more…


Do NOT Answer Your Phone!

Follow my blog with Bloglovin That’s right! We said do NOT answer your phone! There have been way too many issues lately of innocent yet unknowledgeable people getting scammed out out their hard earned money. The first thing to know with your phone is to NOT answer the phone if you DO NOT KNOW who is calling. If you do NOT recognize the phone number calling you, then-DO NOT ANSWER it! As simple as that! There are too many bots calling to see which numbers are active, landlines, mobile phones and who is gullible enough to answer. Further, scammers Read more…


SCAM ALERT-SSA

Follow my blog with Bloglovin SCAM ALERT SOCIAL SECURITY ADMINISTRATION CALLING SCAM DO NOT ANSWER The Social Security Administration recently announced that the public is being scammed with threats to cancel individual’s social security numbers. The victims are being told that they have “committed a fraud” and they are told to pay the SSA money and to do so with a prepaid or loadable debit card from a store. One the many things you need to know, the Social Security Administration (nor the IRS) will NEVER call you! They do not usually have your phone number. And if so, Read more…


Welcome to Making Sense of Security

Making Sense of Security

Follow my blog with Bloglovin Welcome to Making Sense of Security. Technology is evolving at a rapid speed. There is much advancement at the stroke of a key. Making sense of what functions best for one may not be for another. Keeping up with advancements to be able to maintain functions is vital. We are here to assist with making sense of technology whether you are a beginner, intermediate or just need to refresh. Understanding digital security is a perpetual task. We ensure to provide a better understanding and simplify what you need to keep functioning. Implementing security is Read more…