Making Sense of Security

Securing your Digital World.

Making Sense of Security

FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

by Lisa Vaas Why do online swindlers rob people over the age of 60? Because that’s where the money is. According to the FBI’s 2019 Internet Crime Report, released on Tuesday by the bureau’s Internet Crime Complaint Center (IC3), the total amount of money clawed out of victims through a smorgasbord of cybercrime types just keeps climbing, with 2019 bringing both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000. Those of us with gray hair tend to have the most money, and thus we have the dubious honor Read more…


Google to force Nest users to turn on 2FA

by Lisa Vaas Nest owners, if you aren’t already flying with two-factor authentication (2FA) on your accounts, get ready for Google to push you into spreading those security wings. On Tuesday – which, appropriately enough, was Safer Internet Day – Google announced that in the spring (or in the fall, for those in the Southern Hemisphere), it will start forcing users of its Nest webcams and other products to use 2FA to secure their accounts. Nest users who haven’t yet enrolled in the 2FA option or migrated to a Google account will be required to take an extra step Read more…


Heading to RSA: NSA Brings Innovative Ideas to Cybersecurity Industry

FORT MEADE, Md., Feb. 12, 2020 — The breadth of talent and expertise across the private industry offers vast potential for collaboration. The RSA Conference — an annual security gathering hosting educational, professional, networking, and awards programs — offers one of the largest opportunities for NSA to bolster partnerships and continue to build understanding of shared risk, increase ongoing cooperation, and further expand opportunities, which is why the Agency will be joining participants again this year. Last year, during RSA Conference 2019, NSA released the highly praised open-source program, Ghidra, which has since garnered over half a million downloads. Read more…


Managed Defense: The Analytical Mindset

When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are the deciding factors in effectively going from alerts to answers in your organization. This blog post highlights the events of a recent investigation by FireEye Managed Defense to showcase the investigative tooling and analysis process of our analysts. Threat Overview Recently, FireEye Managed Defense responded to Read more…


Do I really need additional email security when using Office 365?

This is probably the most common question I get asked today! What customers are really asking is “Can I rely on the built-in security capabilities in Office 365 or do I still need to run a 3rd party email security solution such as a Secure Email Gateway?” And the answer — well that depends; every customer’s environment is different. Do I have to go to the Cloud? But first, let’s get the most common misconception out of the way. While it is more efficient to run your email security gateway in the cloud, close to your Office 365 tenancy, Read more…


5 tips for you and your family on Safer Internet Day

by Paul Ducklin No matter how safe and secure you feel when you use your computer, there’s always room for improvement. Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you’ve been putting off… …such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates, making backups of your most important files, and revisiting your privacy settings in case you’re oversharing by mistake? So, let’s go through those five tweaks one-by-one – they’re easier than you think, and much less hassle than you might fear. 1. PICK PROPER PASSWORDS Read more…


5 tips for businesses on Safer Internet Day

by Paul Ducklin Safer Internet Day is here! Note that it’s more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, “Cybersecurity is a journey, not a destination,” and that’s why we have SAFER internet day – it’s all about getting BETTER at cybersecurity, no matter how safe you think you are already. So here are five things you can do in your business, regardless of its size, to help you and your colleagues keep ahead of the cybercrooks. Read more…


Two-Step Verification

The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages. The most common authentication method is passwords, which are something you know. Unfortunately, using passwords just by themselves is proving to be more and more Read more…


Critical Bluetooth bug leaves Android users open to attack

Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction Google has rolled out a security update to address a critical flaw in Android’s Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two-thirds of Android devices in use, the flaw is rated critical by Google. According to German IT security provider ERNW, which discovered the ‘wormable’ security hole and Read more…


Threat Roundup for January 31 to February 7

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan 31 and Feb 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting Read more…


RobbinHood Kills Security Processes Before Dropping Ransomware

Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files. In a newly detected attack campaign, the attackers behind RobbinHood ransomware deploy legitimate, digitally signed hardware drivers to delete security tools on target machines before they encrypt files. These attacks exploit known vulnerability CVE-2019-19320, report Sophos researchers who investigated two attacks employing this technique. The flaw exists in a signed driver that is part of a now-deprecated software package published by Taiwanese motherboard manufacturer Gigabyte. When it was patched with proof-of-concept code in 2018, Gigabyte said its products weren’t affected by the Read more…


Facebook now lets parents monitor their children’s chats

The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13 Facebook is rolling out a slew of changes to Messenger Kids that give parents more control over how their children use the messaging app. You can review who your kids are interacting with and review their chat histories, according to the social network’s blog post this week. In addition, you get access to the most recent videos and photos your kids have sent or received, and you can remove the content if needed. The app’s revamp also gives you the option Read more…


Adware.Adposhel takes over your web push notifications administration

Since late last year our researchers have been monitoring a new method concerning web push notifications being deployed by an adware family detected by Malwarebytes as Adware.Adposhel. What does Adware.Adposhel change? The adware uses Chrome policies to ensure that notification prompts will be shown and add some of their own domains to the list of sites that are allowed to push web notifications. So far not very new. The recent twist however is that it enforces these settings as an administrator. This is done so the regular Chrome user will not be able to change the settings in the Read more…


How your screen’s brightness could be leaking data from your air-gapped computer

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer. And this time they haven’t done it by listening to a PC’s fan, or watching the blinking LED lights on a hard drive or even picking up FM radio waves. On this occasion the team of boffins have devised and demonstrated a method for stealing data by watching out for tiny changes to the brightness of the targeted computer’s Read more…


University of Maastricht Paid 30 Bitcoins to Ransomware Attackers

The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack. Nick Bos, vice president of the university, shared what officials knew about the digital attack at a press conference. Bos noted that the security incident began when phishers successfully compromised the email account of a university employee in November 2019. The ransomware infection unfolded in earnest on December 24, locking up the university’s computer systems and thereby preventing employees from accessing their emails or workstations. After learning of the infection, the University of Maastricht retained the Read more…


3 Malware Trends to Watch Out for in 2020

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by malware authors in the fall of 2019. Indeed, after detecting 8.5 million new samples in June and 9.56 million specimens the following month, AV-TEST saw the monthly totals jump up above 13 million in August. This monthly rate of detection has not faltered at the time of writing. After peaking in September with 17.70 million, it’s actually remained above Read more…


So You Want to Achieve NERC CIP-013-1 Compliance…

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North American Electric Reliability Corporation (NERC) has issued several critical infrastructure protection (CIP) standards. The CIP-013-1 standard, which has been approved by FERC in the fall of 2018, addresses the vulnerabilities and threat vectors that external third parties in the supply chain can have on the Bulk Read more…


Identity Verification And Fraud Prevention In 2020: Closing The Trust Gap

As technology evolves, fraudsters and hackers adapt their techniques. They get smarter and find new ways to beat the tech. That is why data leaks and theft are often in the news and can impact thousands of people. As consumers digitize their lives and take them online, verifying identities and combating fraud is becoming a growing challenge. To be honest, identity verification and fraud prevention are easier said than done. Most companies today do not have face to face meetings with their customers. The system is dependent on businesses having access to consumer information but given the risk of Read more…


Electric scooters vulnerable to remote hacks

A helmet may not be enough to keep you safe(r) while riding an e-scooter Electric scooters are steadily becoming a popular alternative for short commutes. Besides convenience, however, they also introduce a range of cybersecurity and privacy risks, according to a study by the University of Texas at San Antonio (UTSA). The review – which UTSA said is “the first review of the security and privacy risks posed by e-scooters and their related software services and applications” – outlines various attacks scenarios that riders might face and suggests measures to tackle the risks. Many e-scooters rely on a combination of Read more…


How to catch a cybercriminal: Tales from the digital forensics lab

What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice. Many people ask me about what it was like working for law enforcement. More often than not, however, they are actually enquiring about how computer crime is truly investigated. Whether it’s questions about how accurately it is portrayed on TV, the constraints felt by the police, the associated myths, or about how to find closely guarded tactics and secrets, people seem to have a morbid fascination with the dark world of digital forensics. Before joining ESET, I was a computer Read more…


DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a high volume of DNS requests over the period of a month. Those requests were consistent with a Pseudo Random Subdomain (PRSD) attack, a type of DDoS attack which attempts to disrupt DNS record lookups. A screenshot of the FBI’s PIN. (Source: Bleeping Computer) At one point, the suspected attack’s DNS requests increased more than tenfold from 15,000 to 200,000. Read more…


FTC Takes Action to Stop Anti-Aging “Cure-All” Marketers From Making Baseless Health Claims

The sellers of a pill called ReJuvenation settled Federal Trade Commission charges that they deceptively claimed that their product is a virtual cure-all for age-related ailments—including cell damage, heart attack damage, brain damage, blindness, and deafness—and even aging itself. The orders settling the FTC’s complaint prohibit the defendants from making such claims unless they are true and supported by scientific evidence. The orders also require payment of $660,000, which the Commission may use to provide refunds to defrauded consumers. “This is another company promising older adults an anti-aging wonder drug that reverses the effects of disease,” said Bureau of Read more…


Court Stops Sprawling Scheme That Operated Hundreds of Websites That Deceived Consumers About Government Services

A court has granted the Federal Trade Commission’s request to preliminarily halt a scheme in which the defendants operated hundreds of websites that promised a quick and easy government service, such as renewing a driver’s license, or eligibility determinations for public benefits. Following an evidentiary hearing, the court held that the FTC was likely to prevail in proving that “the websites were patently misleading.” The FTC’s filings in the case allege that consumers provided their information because they believe the websites will actually provide these services. Instead, consumers received only a PDF containing publicly available, general information about the service Read more…


What is Cloud Networking?

When you have many computers in a corporation with sensitive data or captured work that needs to be viewed regularly, digital space can become a problem. Computer hard drives may store large files that can cause servers and digital devices to lag. Even when you create your own blog or you’re working on other digital projects, you don’t want your work to be deleted or compromised due to a lack of space. That’s why cloud networking exists. Keep reading to find out more about cloud networking and how it’s changing the way people manage their digital space. Cloud Networking Read more…


Why certain companies are more heavily targeted by DDoS attacks

Most of the targets in 2019 were in the gaming and gambling industries, says security company Imperva. View Original Source Article HERE


What Is Log Management, and Why Is It Important?

I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization. That being said, there’s still some confusion surrounding why an enterprise would want to collect log data in the first place. There are two primary drivers for an enterprise to collect log data. These are security and compliance. Log Management for Security Per the Center for Internet Security (CIS), the collection, storage and analysis of logs is a Critical Security Control. The CIS explains Read more…


Companies Pursue Zero Trust, but Implementers Are Hesitant

Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say. Worried about protecting data, the likelihood of breaches, and the rise of insecure endpoint and Internet of Things (IoT) devices, companies are looking to technologies and security models that focus on continuous authentication, experts say. On February 4, survey firm Cybersecurity Insiders published its “Zero Trust Progress Report,” finding that two-thirds of surveyed cybersecurity professionals would like to continuously authenticate users and devices and force them Read more…


8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products

Six of them were the same as from the previous year, according to new Recorded Future analysis. For the third year in a row, cybercriminals employed vulnerabilities in Microsoft products far more so than security flaws in any other technology, new data for 2019 shows. Eight out of the 10 most exploited vulnerabilities in 2019 in fact impacted Microsoft products. The other two—including the most exploited flaw—involved Adobe Flash Player, the previous top attacker favorite, according to analysis by Recorded Future. Like it has done for past several years, Recorded Future analyzed data gathered from vulnerability databases and other Read more…


SharePoint Bug Proves Popular Weapon for Nation-State Attacks

Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets. Researchers have detected multiple instances of cyberattackers using SharePoint vulnerability CVE-2019-0604 to target government organizations in the Middle East. These mark the latest cases of adversaries exploiting the flaw, which was recently used to breach the United Nations. CVE-2019-0604 exists when SharePoint fails to check the source markup of an application package. Attackers could exploit this by uploading a specially crafted SharePoint application package to an affected version of the software. If successful, they could run arbitrary code in the Read more…


Microsoft DART Finds Web Shell Threat on the Rise

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2015-2802PUBLISHED: 2020-02-04 An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TL… CVE-2019-10786PUBLISHED: 2020-02-04 network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. CVE-2019-10787PUBLISHED: 2020-02-04 im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any Read more…


Settlement Sites and Typosquatting: We Detected What Could Be Yet Another Attack

Cybercriminals often register domains that look so much like the target organizations’ that their customers end up on the fake websites – Jonathan Zhang, CEO at Whois XML API Walnut, Calif. – Feb. 3, 2020 Popularity has a downside. Any well-known organization is likely to become a favored target of fraudsters, brand abusers, trademark infringers, phishers, and other cybercriminals. And while it’s said that imitation is the greatest form of flattery, the last thing any company would want is to be mimicked by a cyber attacker. Cybercriminals have spoofed many established companies through typosquatting. They often register domains that Read more…


How to sign up for Firefox breach alerts

Mozilla offers users a service that will send alerts for account breaches associated with email addresses. Find out how to use Firefox Monitor. View Original Source Article HERE


Next on the regulatory review roll

It can be one of the biggest expenditures a consumer makes. It’s a uniquely sensitive transaction. And it’s covered by an FTC Rule. We’re talking about funerals and the FTC has just announced that as part of its ongoing regulatory review process, it’s taking another look at the Funeral Industry Practices Rule. In effect since 1984 and last amended in 1994, the Funeral Rule is designed to protect consumers from deception and unfairness. In promulgating the Rule, the FTC observed that shopping for funeral goods and services is different from other purchases. Consumers may lack familiarity with the transaction. Read more…


Why many security pros lack confidence in their implementation of Zero Trust

Almost half of security professionals don’t know where or how to use Zero Trust policies in a hybrid IT environment, says a survey commissioned by security provider Pulse Secure. View Original Source Article HERE


Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom

For cities, states and towns, paying up is short-sighted and only makes the problem worse. When it comes to ransomware attacks on municipalities, paying hackers isn’t the right solution. First, there’s no guarantee hackers will return sensitive data. Second, there’s no guarantee cybercriminals won’t leverage and monetize the data anyway, returned or not. To effectively fight back, we need to make ransomware payments illegal, and develop a strong industry of cyber professionals, a digital army of sorts, to proactively increase security awareness and data protection. Ransomware attacks on municipal governments, from large cities to small towns, have been crippling Read more…


Iowa caucus impacted by untested app and no training for volunteers

HR experts and tech leaders say organizations that skip training during a tech transition almost always pay a high price. View Original Source Article HERE


7 Ways SMBs Can Secure Their Websites

Here’s what small and midsize businesses should consider when they decide it’s time to up their website security. 1 of 8 Too often small and midsize business (SMBs) run websites that aren’t secure or even have the basics, such as SSL encryption technology or a Web application firewall. It’s understandable: SMB owners are typically very busy and wear many hats. Few have an IT person on staff, let alone a professional security person. Yet few can do security on their own. What’s an SMB to do? Turning to the site’s Web hosting provider to find out what security features Read more…


Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users

The company believes state-sponsored actors may also be involved. Twitter has disclosed a security incident in which third parties exploited its API to match phone numbers with user accounts. The company has identified and suspended a large network of fake accounts related to the incident and believes state-sponsored actors may also be involved. The problem came to Twitter’s attention on Dec. 24, 2019, when it learned someone was using a network of fake accounts to match usernames with phone numbers – a legitimate feature that, if enabled, helps users find each other on the platform. A security researcher was Read more…


Kubernetes Shows Built-in Weakness

A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them. Containers — single processes virtualized in isolated environments — are becoming important parts of the IT infrastructure at many companies, especially those embracing DevOps or continuous deployment methodologies. And Kubernetes, an open source system for automating container deployment and management, is being embraced by a growing number of companies that use containers. So naturally, testing and improving Kubernetes’ security has become an important topic for security professionals. At the recent ShmooCon in Washington, DC, Mark Manning, technical director of NCC Read more…


What WON’T Happen in Cybersecurity in 2020

Predictions are a dime a dozen. Here are six trends that you won’t be hearing about anytime soon. In many cultures, a new year is seen as a symbol of hope, of new beginnings. A chance to refresh, reset, learn from mistakes, and power ahead with a whole lot of energy and amazing plans. But with more than 5 billion sensitive data records stolen in 2019, I figured it would be more accurate to predict what won’t be happening in cybersecurity in 2020. So I sat down with my Secure Code Warrior co-founder, Matias Madou, and came up with Read more…


4 key trends to hit the cybersecurity industry in 2020

Get ready for consolidation risk, microbreaches, and other cybersecurity hazards, warn experts from Mimecast, the Cyber Resilience Think Tank. View Original Source Article HERE


Google software glitch sent some users’ videos to strangers

Google has said a software bug resulted in some users’ personal videos being emailed to strangers. The flaw affected users of Google Photos who requested to export their data in late November. For four days the export tool wrongly added videos to unrelated users’ archives. As a result, private videos may have been sent to strangers, while downloaded archives may not have been complete. “We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25,” a Google spokesperson said. “These users may Read more…


NIST tests methods of recovering data from smashed smartphones

by John E Dunn Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones. And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means nothing if the internal memory chips remain in working order. The forensic engineers who help police gather evidence understand this even if it’s not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of Read more…


Spam Campaign Leveraged RTF Documents to Spread Infostealers

A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some samples. Its researchers performed additional analysis and found that the samples belonged to the same malicious spam campaign. Lastline’s telemetry data revealed that the campaign had begun in mid-October 2019, peaked on October 17 and then taken a three-week break before finally returning. In total, the security firm tracked 79 unique hashes out of the 138 samples, a fact which indicates Read more…


FTC Seeks Public Comment as Part of its Review of the Funeral Rule

The Federal Trade Commission is seeking public comment on whether to make changes to its Funeral Rule as part of the agency’s systematic review of all current FTC rules and guides. The Funeral Rule, enacted in 1982, protects consumers from unfair and deceptive practices in the sale of funeral products and services. Consumers in the market for such products or services often are under significant emotional strain and tight time constraints. The Rule, formally known as the Funeral Industry Practices Rule, requires funeral providers to give consumers itemized price information up front, and to provide additional information about the Read more…


Tripwire Patch Priority Index for January 2020

Tripwire’s January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware, and Linux. Exploit Alert: Metasploit Up first on the patch priority list this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect the Linux kernel. Also, exploits for CVE-2019-19781 that affect the Citrix Application Delivery Controller (ADC) and Gateway have been added to Metasploit. Exploit Alert: Canvas Next on the patch priority list this month are vulnerabilities that have been recently added to Canvas. In particular, exploits for CVE-2019-5512 that affects VMware Workstation and CVE-2019-2725 Read more…


Twitter hands over student’s account to his college

by Lisa Vaas No, we do not police the social media activity of our students, a New York university said last week, and yes, we have a sense of humor – remember the banana we taped to the wall in the student union and then posted on Instagram? That was part of a Twitter stream posted by the State University of New York (SUNY) College at Geneseo, defending itself after a student’s parody account of the college – originally called @SUNYGenseeo, switched to NOT SUNY Geneseo, and now renamed geneseo’s #1 fan – was hijacked. The account’s rightful owner Read more…


Would you get hooked by a phishing scam? Test yourself

As the tide of phishing attacks rises, improving your scam-spotting skills is never a bad idea Many people are confident in their ability to recognize phishing scams a mile away. In a recent survey, however, only 5% of the respondents had a 100-percent success rate in spotting simulated attacks aimed at stealing their sensitive information. This may ultimately help explain why this type of fraud continues to pay dividends for ne’er-do-wells. The survey and quiz of over 900 Americans, conducted by security.org, also found that 9 out of 10 respondents could match phishing with its definition fairly accurately. The Read more…


Facebook privacy settings: Protect your data with these tips

As Facebook turns 16, we look at how to keep your personal information safe from prying eyes Sixteen years, that’s how long Facebook has been around. This means that it has accompanied some of us throughout our teenage years to adulthood. Quite an achievement since websites and services tend to lose popularity over the years and fade out of existence, lingering in the dim, outer recesses of our memories – remember MySpace? To be frank, though, Facebook’s reign as the social network of choice hasn’t always been rainbows and unicorns. It has had its fair share of controversies, usually, Read more…


Google’s Super Bowl ad will make you cry. Or wince.

by Lisa Vaas “How to not forget,” is typed into a Google search bar. That’s the simple way that Google started its Super Bowl ad, which featured an elderly man’s voice as he asked Google Assistant to help him remember details about his late wife. [youtube https://www.youtube.com/watch?v=6xSxXiHwMrg?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] The narrator laughs as the ad goes on to show a photo of a younger, moustachioed version of himself with “Loretta.” “Remember, Loretta hated my moustache,” he says in a way that makes the viewer think that the man is sitting around with his friends or family, sweetly reminiscing. But while you Read more…