Class -- CCJ4933.796U19 Blog 20

Podcast: Cyber Security Today (ITWC)

Vacation deal shopping advice

Website: https://open.spotify.com/show/2YiPcnkJLIcxtQ04nCfaSu#_=_

 McAfee research suggest that nearly 1 in 8 Canadians have been scammed or nearly scammed while booking a vacation online. The McAfee survey also states that about 1/3 of the scams was from falling for a deal that was too good to be true. We've all come across a great deal online that we thought we couldn't pass up. When booking vacations, it is best to book through verified sites or through reputable companies. Another example on how criminals are looking to take money out of your wallet is by infecting the payment system within a legitimate website such as a hotel company. It becomes easy access to your credit card and personal information.

I've been a recent victim of 'too good to be true' deals. An advertisement appeared on Facebook that showed a pair of flippers for only $35 with shipping included. It turned out that it was a fake business, that ended up being shut down, and I can't get a hold of anyone to get my money back.

Class -- CCJ4933.796U19 Blog 19

Podcast: Cyber Motherboard – Manhattan’s District Attorney Explains How She Prosecutes Cybercrime

Website: https://open.spotify.com/episode/5Vb8L8A8d7BBnVPlIkGHOB?si=IWhuLwqJTSicNXuPCYNnsA

Elizabeth Roper, the chief of the cybercrime and identity theft bureau at the Manhattan’s District Attorney’s office, explained that her office does the tracking, hacking, and investigation in office rather than an outside party (unless they completely need one). Apple made a statement long ago that they will not assets law enforcement in accessing their devices to look for evidence, In her opinion she understands that its their right to choose to protect their consumer’s privacy, but she does not agree that they should be allowed to make that choice because the outcome of the evidence effects the public and thus it should be the law enforcements decision on whether that device should be broken into or not. Throughout the podcast they spoke about the clients they receive at the office, and such.

What really sparked an interest to me is the fact that they have a special department only for cybercrimes investigations, they are the ones to dig into the person’s devices trying to find something they can use as evidence. To her that seemed like the right action to be taken in regard to these crimes, but I couldn’t understand why she was not happy or supportive of the decision of companies not allowing officers to use their resources to harm (in the point of view of Apple, this is harming their client) their consumers. She is doing the same for her consumer, she is trying to gain all the information related to the case so that she can get paid at the end of the day. It was just mind-blowing to see how one could be so into their own opinions of right and wrong and not view the perspective of others related to the same case.

Class -- CCJ4933.796U19 Blog 17

Podcast: Cyber Motherboard – Is Your Password Secure? Probably Not

Website: https://open.spotify.com/episode/42mYUZxj7Qp2hXBzdm8aoT?si=5tyock3cS9GDcs61Mfg-XA

Passwords in general started when the first computer was created in around the 1950’s. People then were only able to log into the computers and devices when they were physically in the building. Then the Internet developed, it was a one system, and everyone shared it, and each had their own passwords. This rule is now still active, each person has their own password to log into their sites and computers. Is it safe? No, people tend to use the same password across many websites. This lead loads of people to get hacked because the passwords were not very secure. Throughout this Podcast Wendy Nather, a veteran of the InfoSec world, stated that people use very easy passwords that can be easily guessed if the hacker knows basic knowledge about that user. She stated that in the future we will most likely get rid of passwords and use facial recognition, hand prints, and eye scans instead. She stated passwords and secured identities will never really go away because we have developed so much into the tech world and our lives literally dept on the internet for a daily usage, for example emails and bank accounts that are only available in some areas.

I currently have no issues with passwords and how they run, I make sure my passwords are long enough with multiple factors that only I or my spouse know of. Working in the medical field you have access to loads of programs that require you to sign up with a password that is “strong” enough by their terms, they also require that it is changed every 3-4 months (depending on the site). It does get hectic to keep up with all of the passcodes but having a safe place to store them whether it’s online, in a program on the computer, pen and paper, or even just in your head! That is all that matters. I would love to see where technologies go, I currently have the newest iPhone and the facial recognition is the best! I would love to see this in other apps/devices.

Class -- CCJ4933.796U19 Blog 18

Podcast: Cyber Security Today (ITWC)

Avoid this phony Samsung App, update Microsoft Office, not so-smart door locks, and tells why a router manufacturer has been disciplined

Website: https://open.spotify.com/episode/0GHNP8iAuPIvaHPGZLZYVp

 Android phone users are being asked not to fall for an apparent Android app update found in the google play store called 'updates for Samsung'. It is a new scam targeting users to pay 34.99 to download updates. Over 10,000,000 people have already downloaded the app and in reality, are paying for advertisements to appear on their device, and have given their credit card information to an unknown person. Usually your phone will notify you once an update becomes available for your phone. If not, you can look for recent updates by visiting the settings, about phone, and then software update. I believe that those who are less technological savvy have fallen for this latest scam the most. If I were a victim of the 'update scam' I would check my recent bank statement to make sure that there were no additional charges on my card, and cancel the card used for a new one.

Hackers are trying to exploit a vulnerability in Microsoft Office that was discovered and patched over 2 years ago. It is best advised to get Microsoft Office patched if you haven't done so in a while, otherwise you are opened to be hacked. Keeping your computer along with its applications up-to-date is the safest route to go when trying to avoid being another person facing a cyber threat.

Class -- CCJ4933.796U19 Blog 14

Podcast: Cyber Motherboard – EP: How Google Tracks Hackers

Website: https://open.spotify.com/episode/1Uhk0NqtmqRs4JuyIf3hCB?si=OCPSYhrPSSmI3N2OAa5_fQ

On this podcast Shane Huntley, the Director of Google’s Threat Analysis Group (TAG), was interviewed about the pop-up messages that were displayed on some emails through Gmail. He stated that the pop ups occur when the account has had a hack attempt. He stated that when an account receives one of these pop-ups they are almost 100% sure that this account was a target. There are many companies that are booming in the tracking hacker, including Google. Google operates with its own team. Shane H. stated that the most hacking occurs when people download not known files onto their Personal computers.

I personally got one of these about 4 months ago, it came up in a red pop up box when I logged in, it stated something along the lines of unauthorized access and they recommended I change the password. So, I did through the actual setting in the email. I have not received anything ever since. I never knew that google tracked their own websites and programs to make sure that they are not hacked, I simply thought they relied on a 3rd party system like most companies to complete this job. It makes me feel safer that google is in charge of their own accounts.

Class -- CCJ4933.796U19 Blog 16

Podcast: Cyber Security Today (ITWC)

Ransomware hits college, phishing hits medical billing company and email security of politicians questioned

Website: https://open.spotify.com/episode/2kg9wmvwY8jl2MwCj6TuXt

New York City's Monroe College is the latest organization to be publicly identified as being a victim in a ransomware attack. The college was faced with the demand worth 2 million dollars in bitcoin to get encrypted data. As of July 12th, the colleges website is still down as a result of the attack. Students enrolled in online courses were still able to send in their assignments through a different method. This could become an issue for many other colleges across the nation. Experts suggest organizations such as colleges to not pay ransoms, however most organizations are not prepared for an attack making it hard to resist.

A medical billing company providing services across the United States have had a major data breech. It started with an employee clicking on a link through an email and fell for a phishing scam. Companies are now providing cyber security courses to their employees to prevent instances like this one from happening in the future. Unfortunately, some phishing scams are done so well, that it may even make one who has gone through the training fall for it. After the attacker received the encryption codes it allowed the attacker to have access to thousands of customers private information.

Class -- CCJ4933.796U19 Blog 15

Podcast: Cyber Security Today (ITWC)

Sneaky instant messaging apps attack, has this gang retired and another video conferencing app with trouble

Website: https://open.spotify.com/show/2YiPcnkJLIcxtQ04nCfaSu

Security Company Symantec states that those who are using applications such as 'Whats App’ or 'Telegram' on Android devices could allow attackers to modify documents such as audio files, photos or videos sent through those services. "It can happen if files are stored in an SD card on a device instead of in the internal storage" (Howard Soloman). Attackers that get a hold of the files on your device through specific messaging applications could ultimately alter incoming messages or files.  It is important that the files you are sharing through instant messaging apps are stored internally and not directly to the devices SD card.

Criminals have been using ransomware as a profitable measure and have "retired" in an attempt to keep a low profile and keep police from finding them. I believe that justice will be served one way or another as cyber security finds the source of where and who began to spread ransomware as a method of receiving money.

Those who have deleted "Ring Central" from their Mac computers in hopes of getting rid of it need to realize that it is still there. It is all too often that we try to delete preinstalled applications on our phones to relieve space for other application. However, in reality the application isn't quite gone and takes up some space on your phone.

Class -- CCJ4933.796U19 Blog 13

Podcast: Naked Security

Ep. 024 - Sextortion, malicious adverts and randomness explained

Website: https://soundcloud.com/sophossecurity/ep-024-sextortion-malicious-adverts-and-randomness-explained?in=sophossecurity/sets/naked-security-podcast

Sextortion is now back as one of the top scams through emails. Sextortion in this podcast was explained as someone sends you an email stating that they have any sexual content you viewed online or have posted or shared in private on file and they want you to pay them money, in hopes that they will not expose you. Of Course, this is fake, one thing that can make it very obvious is that they will make the email seem like its coming from a government agency, such as the FBI, CIA, or even law enforcement. The email will also either include very poor writing and minimal to no information about you. People tend to fall for this scam often because they feel confronted and scared that if this was to be exposed (even if they have never been onto a porn website or sent nudes) it will cost them their reputation and will result in their loved ones ending their relationship or confronting them. The innocent people in this case still fear because they fall into the thoughts and conspiracies of “what if”. What if someone hacked my phone camera and I always use my phone in the bathroom! What if someone hacked my webcam while I was changing my clothes! And such.  

From what I learned in this class and from family members, is to stay away from emails that could even give you the thought that you are being scammed. Look for clues, and if it comes to it reach out to an expert or someone with more knowledge on scams to see if they could figure it out for you. If it is Law enforcement or government officials that need your response, they will send letters and will most likely come to your front door!

Class -- CCJ4933.796U19 Blog 12

Podcast: Recorded Future – EP 116 Darknet DDOSer Does Samage to Dread

Website: https://open.spotify.com/episode/2DgZpt7trGFTo0uLHH2SKD?context=spotify%3Ashow%3A2kxOETGvN32D6hZu0wPntG&si=mqHi_aUbQ12rogD8A2Eo_A 

 TOR has businesses and most of the criminal markets on the dark net, they are selling everything codes, drugs, credit cards, fraud ID’s, and such. A hacker called “here we go again”, established in Russia, hacked Wall Street dark net and brings their site down, he informed them that if they want it back they have to pay him money. Wall Street then pays $40,000 (according to Hugbunter, another hacker). This was able to happen due to a fundamental issue with TOR.

This was a surprise to me, because if a hacker can find an issue with one system or data base, in this case TOR, and be able to hack its data base to the point where it takes sites down that rely on TOR for their illegal sales site to run... How come that was not already done by the authorities? If ONE hacker from Russia, a country labeled in the second world can do it, how come the AUTHORITIES here in the United Stated of America, a third world country, cannot? That is my ultimate question. I am glad that this hacker is able to take down these sites, every minute that a drug user, fraudulent person, or a dealer cannot access their goods to harm others or themselves it is a win for the nation. I never thought of how one system can be responsible for many other sites or run so many objects, this brought me some insight into my everyday life.

Class -- CCJ4933.796U19 Blog 11

Podcast: The new realities of cyber security (PwC UK)

S02 EP03 and Untrusted Applications

Website: https://open.spotify.com/show/6MdEXoI6DF1XPH73PPxn4K#_=_

 Clients nowadays are bringing in software from third party sources. This has grown tremendously and as a result comes along with a huge risk. Risks that increase a breach of data and compromised data. Anyone who entered their information onto the page, such as credit card numbers, were being sent directly to the attacker.

Good security and software standards could help prevent scenarios like this from happening again. It is important to make sure that the code you are using is secure and hasn't been modified. Do not take a publicly sourced code from the internet, especially if you do not know where the code originated from. It is also important to know which application you are using and who the developer is in order to avoid the potential for malware to be transferred onto your device. Opensource software is the new vector for the bad guys to try and find a way to compromise data and create problems.

Class -- CCJ4933.796U19 Blog 10

Podcast: The new realities of cyber security (PwC UK)

S02 EP01 Authenticating People

Website: https://open.spotify.com/show/6MdEXoI6DF1XPH73PPxn4K#_=_

 Passwords are the most common type of security measure to authenticate yourself on the internet. Research suggest that people can only remember up to 4-5 passwords at a given time. Trying to remember more than 5 passwords could throw you into a password overload. As a result, people are using shortcuts in order to remember them easier such as first name followed by their date of birth or reusing old passwords. These shortcuts could lead to a security challenge when trying to secure your accounts.

Companies face an issue when it comes to those who forget their password. There cost an organization time, energy and money, while also presenting a security risk. Single sign on and multi-factor authentication are methods that could reduce the risk in forgetting passwords. I believe if we continued to incorporate finger prints and facial recognition for login credentials than it would boost the measure of security compared to a typical password login.

Class -- CCJ4933.796U19 Blog 9

Podcast: Cyber Security Today (ITWC)

Watch those Amazon buckets, bad Android apps and keep an eye on your payment card statement

Website: https://open.spotify.com/episode/1kDj2SSfPT2Rec8w4UmvB4

"Companies aren't tough enough on employees who are careless with corporate data", states Howard Soloman. Employees are storing company data on Amazons cloud storage service called S3. They are putting data there because S3 buckets are a good place for computing data that staff cannot get a hold of inside their firms. The dangers associated with unsecured buckets, is that it is easily accessible for criminals to get in and steal the data. It could ultimately lead to customers getting their credit card data stolen, which we hear quite too often as of lately.

Downloading Android applications from unknown developers also pose a security risk. There is an app store that is called 9apps, that claims to be from google. Modules are then installed that displays advertisements on smart phones, and in return criminals are pocketing money from advertising exchanges. These sites seem so authentic, reports state that more than 25 million devices have been infected.

It is important to watch your payment card statements. Multiple Canadians without Spotify accounts say that hundreds of dollars have been withdrawn from their account made out to Spotify. As of now, it is unclear on how this occurred, and banks are reversing the charges made to the victim’s accounts. In order to receive a refund, you must first identify the charges made to your account. Therefore, it's important to routinely check your bank statements at least once a week.

Class -- CCJ4933.796U19 Blog 8

Podcast: Cyber Motherboard.

Website:  https://open.spotify.com/episode/7KOIKBQjaD8mYSDOCGhZWk?si=7wB14AcFTdCP3-FswXaNgQ

  In May of 2019, a reporter names Joseph Cox from Cyber Motherboard stated that a hacker by the name of Boris the bullet dodger stated that he hacked Perspectics, which is the company that is used by Customs Border Protection (CBP) to record and store travelers information (in this case from Pennsylvania). Later on CPB issues a statement stating that a breach of data occurred and that none of this information is on the web. According to this podcast however, the information that was stolen is currently on the Dark Market. The data consists of Vehicle license plates, traveler’s pictures, and even sensitive information that are taken from the travels while going through the border.

This is a very concerning issue for the public, imagine giving all of this information willingly and then out of now where it is being sold on the dark web and you have no idea who is doing what with your information.  Even though the CBP didn’t make a big deal about this it differently caused an outrage because its statements were not specific. It stated that a data breach of travels occurred; it didn’t state what exactly happened, or what information was stolen to allow the public to keep an eye on their records and activities.  

Class -- CCJ4933.796U19 Blog 7

Podcast Name: Ep. 020 - Leaky containers, careless coders and risky USB cables by Naked Security

Website: https://soundcloud.com/sophossecurity/ep-020-leaky-containers-careless-coders-and-risky-usb-cables?in=sophossecurity/sets/naked-security-podcast

A security researcher Mike Grover, he goes by The Alias MG, has developed a USB cable that looks normal but actually allows a hacker to control and monitor your PC over Wifi from their own devices. How this works is that one will buy/barrow this USB driver and plug it into their PC (MAC or Windows) then connect their PC to an internet connection, private or not, it will give the hacker access to all records, one will see their mouse move by itself, apps open or files open and transfer to where ever the hacker would like. One might ask well how is this possible, so MG created the USB with the cable part of an input device or in other words a HID. This allows the PC to view the USB as a HID device, which allows it to give permission for it to take over the computer and start following its commands. This does not require the hacker to be anywhere near the USB driver. MG also stated that this USB is also able to update and trigger malicious payloads, Kick other systems of Wi-Fi networks, and even reflash systems. He notified his followers that even while using a BadUSB Condom it will not prevent the hacking from happening.

I find this very dangerous if it falls into the wrong hands, the fact that anyone can purchase these and give them to their CEO’s, coworkers, or even government officials would lead to a huge data leaks, and money lose. Just imagine being at a conference and needing to change your phone and you see this USB sitting on the table. Someone IN NEED of one would think “oh, someone forgot it there! What a helpful person” the minute that USB is plugged into that PC to change the phone “on the go” that persons date, passwords and any other action taken is under an attack from a hacker.

Class -- CCJ4933.796U19 Blog 6

Podcast Name: Ep. 019 - Android holes, iOS screengrabbing and USB poo by Naked Security

Website: https://soundcloud.com/sophossecurity/ep-019-android-holes-ios-screengrabbing-and-usb-poo

One interesting subject described in this podcast describes how IPhone apps are recording your screen sessions without asking. Air Canada was on the hot seat after having leaked the personal data of up to 20,000 users of its mobile app. This includes information such as passport numbers and expiration numbers along with the date of birth of those with the app.  An analytics firm, known as Mixpanel, admitted to giving up user passwords and information in order to help web publishers improve user engagement with their app. Screen shots are being taken in hopes of receiving critical information that can be used shared, and in return an easy way for additional money. I believe this is going to become an ongoing issue for companies that are looking for a one up on their competition. Not only is it an invasion of privacy, it's a threat that could ultimately lead to identity theft for hackers on the other end of the computer.

Applications on the Apple Store or Google Play store should be carefully monitored, along with strict privacy standards, in order to protect the identity of those who need to use confidential information. For example, apps that require you save a payment method, need to have the strongest firewall and protection against hackers who are looking to steal your information.

Class -- CCJ4933.796U19 Blog 5

Blog name:  Naked Security Podcast by Naked Security

Website:https://soundcloud.com/sophossecurity/ep-021-leaked-calls-a-virus-on-the-loose-and-passwords-on-display?in=sophossecurity/sets/naked-security-podcast

VKontakte (VK) is a Russian social media app, such as Facebook, with more than 500 million users, it pays hackers to report bugs to them that they find. In February of 2018 a group of Hackers from Bagosi (group name) reported to VK that there was a bug in their system. VK did not pay them nor fix the bug that they reported. Bagosi then decided, one year later (February 14, 2019) that it was going to give VK a little bit of a valentine’s present. They wrote a post on VK that contained a script that would activate when viewed and would post a link to allow anyone to post on any group or page of the victims. VK discovered the bug within 2 minutes of it being active but it took them 20 minutes to control/ delete it. Unfortunately, about 140K people has already fallen victim to this none harmful bug, VK was pretty upset and banned the group from their app, only to latter un-ban them after it found that their bug did not steal any of the consumer’s information. After the event Bagosi stated that it had done it’s best to report the bug, but they were ignored and that making this un-harmful bug helped VK fix the major flaw that they submitted in the first place.

In my own opinion, the fact that Bagosi took matters into their own hand to get this flaw solved is an act of heroism. They risked losing their followers, they apparently mean a lot to people on social media these days, just to cause a reaction from VK’s. This matter makes me worried, the fact that such a huge app with over 500 Million users could easily get hacked, people now a days post their whole lives on social media… including their children’s photos, where they are going/went on vacation, where they shop at, work, live and even pictures of their homes (inside and out). The fact that a small bug can allow another user to see and comment on one’s groups and posts even when the individual is marked private is very dangerous. I guess the moral of the story, is to not post so many personal things online just in case there is a major bug that could lead someone to collecting harmful information about you.

Class -- CCJ4933.796U19 Blog 4

Name of Podcast: The CyberWire Daily Podcast

Website: https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-07-15.html

This podcast describes how county elected authorities have gone with voting machines that are running Windows 7. We rely on this machine to complete many tasks, such as tally votes and report counts. The largest voting machine vendor say's it's working with Microsoft on upgrading the system until they are able to efficiently convert over to the new operating system. Many of the systems currently used is certified under 2005 standards, meaning that it would allow vulnerabilities and easier manipulation on vote counts. A new operating system along with higher security standards would make for a fair election in the year 2020. It would also cut done on the accusations of "hacking" or "miscalculated" votes from the voting machines.

In other news, the Federal Trade Commission fines Facebook $5 billion over privacy issues. The settlement sets a record for the largest fine ever reported. Facebook has to undergo changes in order to comply with the Federal Trade Commission and how to protect the privacy of those who are a part of the network. There have been times when I've searched for a specific item on Amazon, and Facebook automatically establishes advertisements for that item. I believe that trying to automatically filter a person's story feed based on what data Facebook collects is an issue of privacy.