NEW YORK, NY - One of the world's leading global hotel groups disclosed that a guest reservation database, which covers a number of major hotel brands, suffered a large data breach. An internal investigation showed that unauthorized access had been occuring since 2014. The intrusion went unnoticed for four years by Starwood, which was acquired by Marriott in 2016 for $13.6 billion. It was uncovered in early September, when a security tool alerted Marriott officials to an … [Read more...]
WordPress Vulnerability for Sites Running WooCommerce with “Shop Manager” Role
NEW YORK, NY – If you're running a WordPress website and are utilizing the popular WooCommerce plugin, a shopping cart used by roughly four-million sites, there is a new vulnerability which requires that your WooCommerce plugin be up to date, or users marked as “Shop Managers” could hijack your site and virtually wipe out all data by compromising your administrator account. This new vulnerability was first reported to WordPress and WooCommerce in August when it was … [Read more...]
“Global Internet Crash” Diverted As ICANN Implements DNS Security Enhancements
NEW YORK, NY – Early last month, The Internet Corporation of Assigned Names and Numbers (ICANN), which is responsible for maintaining the registry of domain names and IP addresses, was preparing to implement the very first change to the “cryptographic keys” which help protect the Domain Name System (DNS) - the Internet's address book. The change had been delayed for over a year as ICANN reviewed last-minute data about the change and accessed any potential risk to the … [Read more...]
Alphabet Releases App to Prevent DNS Manipulation, Deter Online Censorship
NEW YORK, - Google’s Alphabet has released a new Android app called “Intra” which prevents “DNS manipulation”, a process used often by ISPs to redirect invalid domain name resolution to their own version of branded search results, usually accompanied by search engine ads – when used nefariously, it is also a tactic of hackers who steal and redirect users to phishing sites or to otherwise dupe them into downloading viruses and spyware. The app is made available by a company … [Read more...]
New Facebook Data Breach Effecting 50 Million Accounts; Doubling Security Staff
NEW YORK, NY - On Friday, September 28, 2018 Facebook said that an attack on its computer network had affected the personal information of nearly 50 million users. The attackers exploited the "View As" feature that allows users to see their Facebook page the way someone else would. This could allow the attackers to take over Facebook accounts. Facebook has fixed this issue and informed law enforcement. They also do not know if the affected accounts were misused or if user … [Read more...]
Are Phone Caller ID Systems Getting Better at Recognising Robocall Scammers?
NEW YORK, NY – These days you can't have a phone without receiving automated calls, prerecorded messages, telemarketers, and other nefarious solicitations and scams from often-times spoofed phone numbers. According to CNBC, Americans have already received over 16 billion robocalls so far this year (2018). Most annoying as of late are calls which are received from seemingly local phones which use spoofed numbers to appear local near the target (on the same exchange - first … [Read more...]
Drupal Content Management System’s ‘Highly Critical’ Vulnerability Warning
NEW YORK - If you're running the Drupal Content Management System on any of your websites its time to ensure you've updated its core as soon as possible. On March 28, 2018, an announcement from Drupal detailing a severe core vulnerability was released. The vulnerability allows an attacker to potentially compromise an entire site running most older and many newer versions of the CMS such as releases within versions 6, 7 and 8. There are a list upgrades and patches available … [Read more...]
Another 150,000,000 Users’ Data Breached via Free Smartphone App ‘MyFitnessPal’
NEW YORK - On March 29, 2018, athletic wear company Under Armour® has announced that an unauthorized party gained access to the data tied to its free smartphone app, MyFitnessPal. The data breach, which took place late February 2018, affected approximately 150 million user accounts. Account data which is related to the breach includes users: Usernames Email addresses Hashed passwords The company is urging its users to update and change passwords for any other … [Read more...]
The Question Is Not “If” You’ve Been Compromised; It’s How Many Times?
NEW YORK - If you haven't done business with one of the companies in this extensive list, you probably do not live on planet Earth with the rest of us. In other words, if you are reading this article, more than likely, despite all of the precautions you might take, your personal information has already been compromised. Below is a list of 245 instances of data breaches all over the world; those that have been reported. Keep in mind that many data breaches are never … [Read more...]
Orbitz, AmexTravel; Victims of Latest Data Breach Effecting 880,000 Customers
NEW YORK - If you travel and like to use third party travel sites to find discounts you may be one of the latest co-victims of a data breach by hackers which compromised near a million customers who use online booking services. According to Norton Internet Security, Orbitz, which has been owned by Expedia since 2015, released information regarding two separate data breaches tied to an older web site platform that effected partner bookings including AmexTravel.com; the … [Read more...]
Wouldn’t You Gladly Give-up a Little Bit of Privacy for So Much Better Security?
NEW YORK, NY – Imagine a World in which you allowed, or even specifically created your own little environment where all of your private communications and discussions could be monitored and recorded; all day, every day, till the end of time. Sounds like something you would never do? Welcome to Google Assistant; ready to help you wherever you are. Your one Assistant extends to help you across devices, like Google Home, your phone, and more. Who owns Google these days … [Read more...]
Just Some Fun With an Online Classifieds Scammer from Craigslist, That’s All
NEW YORK, NY - There are so many scams out there these days; they are literally everywhere. Sometimes I like to learn from them and I often will write about them so others can have a bit of a heads up to what's out there. This time, I was able to have the opportunity to mess-around with the scammer a little bit. I knew they were trying to scam me from the beginning, but I let it play out some, for the heck of it. I figured, I might as well have some fun with the scammer … [Read more...]
Bad News: Beware and “Be Aware” of “Meltdown” and “Spectre” Vulnerabilities
NEW YORK, NY - As the title suggests, you should both Beware, and "Be Aware" of these new security vulnerabilities that effect pretty much every Intel processor since 1995. I say "Be Aware" because although their patches available, there is not much that can be done to fully mitigate this issue until all or most computer hardware is redesigned. This is bad news because everyone is effected, and all computers are going to need to be replaced, it seems. Meltdown and Spectre … [Read more...]
Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User
NEW YORK - A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites. According to … [Read more...]
Be Prepared for Clever Scams & Tactics
I often write about security, privacy and other important personal safety issues such as being and keeping aware of security vulnerabilities, email threats and phishing scams..... It is often very simple precautions you can take which will save you a lifetime of headaches. With this type of material in mind, I received the following tips by email over the weekend from a family member and they are seem like they are worth sharing (rather than just deleting) as they will keep … [Read more...]
New Threat to WordPress Sites Designed to Bypass All Ordinary Security Measures
NEW YORK, NY - It seems like a new security threat is born each day; maybe that is because there is. For those who operate WordPress sites, including myself, there is a new threat to consider that is designed to bypass ordinary security measures; a simple back door, you have already left wide-open, by choice. WordPress Plugins are great additions to any WordPress site as they create all sorts of easy plug-and-play options and make often complicated features simple to … [Read more...]
Phishing: Watch-out for New Dangerous Godaddy Email Phishing Attempt
NEW YORK, NY - This is just a quick reminder to remain vigilant of all sorts of threats from hackers, email-spoofers, phishers and scammers; you can never let your guard down these days when it comes to your accounts, financial information and especially your domain accounts, because loss of your domain name can be loss of your business and will likely be permanent. Just this week news broke about an Equifax hack that hit credit histories of up to 143 million … [Read more...]
US Fortune 500 Businesses, Their Domain Name Characteristics, and Secure Status
NEW YORK, NY - Each year Fortune Magazine publishes a list of the largest companies in the United States by revenue. Below is the list for 2016. Also below, are some interesting characteristics of their domain name choices including whether or not these companies are prepared for SSLs on their corporate websites. 494 are using .com domain names, 4 use .nets, 1 .org, and 1 .xyz. 494 (98.8%) have chosen the ".com" extension for their domain name. 235 (47%) are … [Read more...]
I’m Going Save Lots of Money on My Domains; Here’s How You’ll Save Too
NEW YORK – Unless you have been living under a virtual rock for the last year or so, you should be well aware that the “Google Gods” will be forcing everyone to secure their websites with SSL Certificates or an ugly message will appear on-top of browsers letting users know that the site their visiting sucks-ass (I know, I'm stretching here) and shouldn’t be trusted as much as some other sites around the web. I call them Google Gods, because they maintain that … [Read more...]
Weak Attempt at Phishing Network Solutions Account Holders
LONG ISLAND, NY - Network Solutions is a popular provider of domain names and web hosting accounts in addition to other tools used for Internet services. They're a common target due to the ability to hijack web sites and steal domain names when and if someone gains access to the account. Damages can be horrific as it is possible to permanently shut down and steal your asset or online business. Below is a weak attempt at gaining access to my Network Solutions account through … [Read more...]
Major Security Vulnerability Due to IDN Domains; Don’t Get Phished Out of Business
NEW YORK, NY - This is the most dangerous and convincing phishing trick I have ever seen before. It’s so amazingly horrible it will fool even the smartest computer users and it’s an issue that all browser companies should be fixing immediately. Browsers should be updated to prevent these Unicode domains from being translated. Once again our friends at WordFence are keeping all of us safe with critical information on this phishing trick and helping build awareness about … [Read more...]
Misfortune Anyone? This Dangerous Vulnerability Could Be Lurking In Your Network Router
NEW YORK, NY - Misfortune Anyone? Today, WordFence [I really love these people], a company whom distributes a popular security plugin for WordPress websites, released a great article about a vulnerability on computer networks that is being exploited. With the article they also included a simple button which you can use to scan your network's vulnerability, so that if you are vulnerable to this Internet router exploit, you will know about it ASAP and can begin hounding … [Read more...]
