PageFair estimated that only 2.3% of the people who visited the affected sites would have been at risk of getting infected themselves. Although this particular attack seems to be over for now, there are still plenty of fake Flash “updates” out there which take advantage of people who don’t know what they’re clicking “Install” on. Don’t fall victim to popups on websites telling you that your Flash player or any other type of software is out of date and never download an .exe/.dmg file from these popups because you never know what it is you’re downloading onto your computer.
I found an interesting article online that said that the most tech-savvy staff in a workplace are the worst offenders. According to Intermedia, a staggering 93% of office workers “engage in some form of unsafe online habits that could jeopardize their employer or their customers.” I find this quite surprising since the article goes on to explain that most of the people who have access to company data and help keep it secure–IT personnel–are the ones that are actually taking advantage of the workplace’s resources and going against workplace policies. Some of the statistics are listed below:
- 32% of IT professionals have given out their login / password credentials to other employees (compared to 19% across all respondents)
- 28% of IT professionals said they have accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents)
- 31% of IT professionals said they would take data from their company if it would positively benefit them – nearly three times the rate of general business professionals.
On top of these numbers, 41% of employees will install apps on their work computers without consulting their IT department. With these kinds of activities going on, it’s quite obvious how data breaches, compliance failures, and data loss occurs.
Some additional things I’d like to note here is that last bullet mentioned above. 31% of IT professionals admitting to taking data from their company to benefit them. If that’s the case, businesses will have a much harder time picking out the right, and most importantly, trustworthy IT professional to handle and secure all of that sensitive information.
Before I begin I have to say that these are becoming a favorite of mine now, so here’s yet another tech support scam. This one is quite different though because it disguises under Apple’s remote assistance website (www.ara.apple.com) where users go when they have an issue with their Apple computer and want to have a technician troubleshoot it using a service such as LogMeIn or TeamViewer. This scam is registered to a domain similar to Apple’s official remote assistance website (www.ara-apple.com) and tricks the visitor of the site into calling a phone number which presumably connects them to a scam center in India.
This tactic isn’t particularly new as there are many websites that tell the user to call a number or visit a website to “seek assistance”, but this one is different in the way that the bogus Apple assistance website the user visits starts providing them with .dmg downloads that they need in order to “begin the troubleshooting process”. It only gets worse from there as the user starts downloading malicious programs onto their computer and most likely does more damage to it than before. So much for assistance.
What’s also pretty funny is that the website is registered to some guy in Delhi, India and he used GoDaddy to register it. Malwarebytes, the organization which initially posted about this site just yesterday, reached out to GoDaddy in hopes of getting the site down.
So there’s another “tech support” scam going around on the internet and it’s quite ridiculous so I thought I’d share a blog post about it this week. In this one, a user visits a certain website and is told that they need to enter a “safe key” which will unlock their browser in order to continue using it. The instructions are pretty unclear other than that the user has to call a phone number to obtain this so-called “safe key”.
This past Thursday, Global informational services group Experian announced that one of its clients had been involved in a massive data breach, T-Mobile. The data that was part of this breach involved personal information for over 15 million customers and applicants in the United States who may have applied for T-Mobile’s service.
The CEO of T-Mobile John Legere released a letter to consumers that explained the breach in more detail and goes on to say that “Experian has assured us [T-Mobile] that they have taken aggressive steps to improve the protection of their system and of our data”. Upon finding out about the breach, Experian said that it took immediate action and secured the server, initiated a comprehensive investigation, and notified U.S. and international law enforcement.
With data breaches happening so often nowadays to all types of companies, it’s hard to think that any of our data is safe anymore.
In recent news, 1.5 million American people had their health records along with their names, addresses, and phone numbers to be found in the open on Amazon’s web servers. At the moment, it is unknown how exactly the information was uploaded, but it is clear that it was stored in a SQL database. The breach was reported to Systema Software by a person from Texas.
According to TheRegister.com, one million social security numbers, five million financial transactions, and over 100,000 injury reports had been exposed. It’s quite scary knowing that people will probably be searching for more than just the latest iPhone on Amazon now…
Just recently, the United States and China have come to an agreement that both nations will not “use any sort of cyberweapons to cripple each other’s critical infrastructure.” Both the U.S. and China are known for their persistent attacks on one another in cyberspace and the feud has been ongoing for a number of years already.
The deal, which should be in place by this Thursday September 24th, would put a sort of “barrier” between the two nations and their cybersecurity threats. U.S. President Barack Obama is set to meet with Chinese president Xi Jinping in Washington to discuss the deal in more detail this week.