PALM BEACH, FL – I have been reviewing and writing about email phishing scams for years and I have seen a ton of them, from outright laughable in their easy discoverability to incredibly convincing, but this latest one I must write about because its one of the most convincing I have ever seen, and it has been happening for over a year now. I know it well as I once fell for it. The reason this is one of the most convincing I’ve ever seen is because unlike most phishing … [Read more...]
Vulnerability In Official Facebook Chat Plugin Allowed Attackers to Chat With Site Visitors
WEST PALM BEACH, FL – At 3:47 PM today, the Threat Intelligence Team from WordFence, posted research detailing a vulnerability in The Official Facebook Chat Plugin, currently installed on over 80,000 WordPress websites. This vulnerability allowed authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. We initially reached out to Facebook on June 26, 2020 … [Read more...]
Critical Vulnerability Exposes over 700,000 Sites Using WP Divi, Extra, and Divi Builder
WEST PALM BEACH, FL - This morning, the Wordfence Threat Intelligence Team published details about a critical vulnerability discovered in two themes by Elegant Themes, Divi and Extra, as well as the Divi Builder plugin. Combined, these products are installed on an estimated 700,000 sites. Elegant Themes provides some of the most popular WordPress themes in the world and includes a visual page builder. We initially reached out to Elegant Themes on July 23, 2020 and, … [Read more...]
How Expired Domain Names Have Been Used to Redirect to Malicious Websites
WEST PALM BEACH, FL - Expired domains or domain names which have not been renewed by their previous owner are encountered by all of us often – most times we just don’t notice it. When we do, we open a website only to find out it no longer exists. We are redirected to a site with links on it, or it showcases a sales page for auction of the domain name. These types of websites are generally considered harmless, but recent research proves otherwise. In a report released by … [Read more...]
Highly Coordinated Attack Impacts Twitter Accounts of World’s Most Famous People
WEST PALM BEACH, FL - On July 15, 2020, several verified Twitter accounts of famous people and companies were taken over in a security breach, including Apple, Elon Musk, Bill Gates, Jeff Bezos, Barack Obama and others. Hackers then published tweets from these accounts soliciting donations via Bitcoin. For example, one tweet read: “We are giving back to our community. We support Bitcoin and we believe you should too. All Bitcoin sent to our address below will be sent … [Read more...]
It’s Only A Matter of Time Until You Need to Be Licensed to Operate A Web Server
PALM BEACH, FL – I have been thinking about this off and on for a few years now, but I have never really posted or written about it. That is because it is an awful prediction that I hate the idea of, but I think it is going to eventually happen. Here it goes…. I predict that to operate a web server sometime in the near future, you will be required to have a license, or have passed a basic course in IT security or Cybersecurity intrusion mitigation. Not at the single site … [Read more...]
10 Simple Yet Effective Security Tips To Keep You Cyber Safe and Worry Less in 2020
PALM BEACH, FL - There is no shortage of security breaches and data leaks reported in the news this past year. As we all move into 2020, here are some simple tips to help keep you stay cyber safe, so you can worry less and have more to look forward to this year. Don't Shorten 2020 in Dates You shouldn’t shorten the year 2020 when signing things. Scammers can easily change the abbreviated date, for example from “3/30/20” to “3/30/2018”. Make sure to write out the full … [Read more...]
Data of 267 Million Facebook Users Exposed in Online Database; Found on Hacker Forum
PALM BEACH, FL - Data security researchers discovered an online database containing the names, phone numbers, and Facebook IDs of 267 million Facebook users available for download on a hacker forum. The database was not password protected and had been posted on December 12th. On December 14th, the researchers contacted the internet service provider that was hosting the database and the database was removed on December 19th. According to the Associated Press, a … [Read more...]
This AMEX Email Phishing Scam Wants You Homeless & Poor, With A Zero FICO Score
PALM BEACH, FL - Nothing could better destroy your holiday spirit than a compromise of your most secure personal information in the form of a phishing expedition. Here is one of the latest email scams circulating what is probably hundreds of thousands of inboxes, just in time for Christmas. Here is how it all plays out: You receive an email which appears to be from American Express, but it isn't, it's from some scrupulous hacker hiding somewhere behind a computer who is … [Read more...]
Malicious Web Code Added To Macy’s Website Leads to Critical Data Breach
PALM BEACH, FL - Right at the start of the year's busiest shopping season, retailer Macy's notified impacted customers (by letter) that an unauthorized third party was able to access sensitive customer payment information from the Macys.com checkout and wallet pages. The following information may have been accessed if it was typed into the affected web-pages by a customer: Payment card numbersPayment card security codesPayment card expiration datesFull … [Read more...]
Cryptocurrency Exchange BitMEX Called “Outrageously Incompetent” for Using “CC”
PALM BEACH, FL – BitMex, a peer-to-peer cryptocurrency exchange founded in 2014 has accidentally emailed its users with the CC (carbon copy) field rather than the “private” BCC (blind carbon copy) field leading to outrage by many of its users. In a tweet posted on Nov. 1, crypto-currency attorney Jake Chervinsky said the leak was done in the most “outrageously incompetent way imaginable.” BitMEX released an official statement on the issue, emphasizing that no … [Read more...]
Think Your Domains Are Safe by Using Two Factor Authentication? Think Again
PALM BEACH, FL – Sometimes I read stories that really make me think (and worry). For those who have great domains under management, you might feel super-safe by using “two factor authentications”, where your mobile device is used to verify each login you make to your registry account by sending you a text message for confirmation. I’ve often thought how horrible it might be if someone got control of my mobile device and was able to use it to verify an account change … [Read more...]
U.S. GDPR: The California Consumer Privacy Act (CCPA) Goes Into Effect January 2020
PALM BEACH, FL - The US's answer to European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), enacted in 2018, will create new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires California's Attorney General to solicit broad public participation and adopt regulations to further the CCPA's purposes. The proposed regulations will establish … [Read more...]
New “Mind Your Own Business Act” Allows for Fines, Jail Time for Privacy Violations
WASHINGTON - Senator Ron Wyden, an Oregon Democrat, has introducedlegislation, called the Mind Your Own Business Act, that would make it more difficult for online platforms to collect and use customer data. The bill is in some ways similar to the European Union’s General Data Protection Regulation (GDPR). Among other things, the bill would: Give the Federal Trade Commission the authority to establish minimum privacy and cyber-security standards. Allow the FTC to issue … [Read more...]
FTC Warns Consumers of Fake Equifax Data Breach Websites for Settlement Claims
PALM BEACH, FL – The Federal Trade Commission is warning Internet users, all 147 million people who were affected by the Equifax Data Breach in 2017, to beware of fake Equifax settlement websites which have been setup by thieves trying to steal consumers information when they attempt to file a claim online. Typically, users are sent an email that a class action lawsuit has resulted in a settlement making them eligible for credit monitoring services and/or a cash claim … [Read more...]