PALM BEACH - Earlier this week, it was reported that one of the country's largest titles companies, First American Financial Corp (NYSE: FAF), unknowingly exposed up to 885 million files related to real estate title insurance records dating from 2003 to 2019. Anyone with a URL for a valid document could view other documents by modifying a single digit in the URL. The records exposed by the website included critical financial information and documents such … [Read more...]
Half of All U.S. Households Likely Victims of New Data Leak; 80 Million Records Exposed
PALM BEACH – A new data leak will likely make victims out of what has been estimated at approximately half of all adults in the United States; 80 million records of those over age 40. This new leak is the cause of an undisclosed company which hosts its database with Microsoft services and the information was freely available on the Internet for those who knew the location of the data, until this week according to Forbes.com's Kate O'Flaherty who contributes as a … [Read more...]
Robo Callers, Phone Spoofing, Auto Dialers; It’s No Longer Annoying, It’s Disruptive
NEW YORK, NY – Everyone gets them - and it’s starting to go from nuisance, to disruptive. Robocalls, Spammers and other automated dialers; it’s beginning to actually go from annoying to interfering with my day to day operations. They come in on both my telephones and mobile device. Constantly, all day and it is becoming far more than a nuisance to the point where the FCC is going to have to start getting more aggressive on this practice. Isn’t that what they do? I … [Read more...]
FedEx Email Phishing Scam Attempt: Not That Clear What Actual Motive Is
NEW YORK, NY – From time to time I like to point out some phishing scams that are out there in hopes to help some people not fall for these email-traps; today is one of those day. This email stuck out not for its sophistication but for more of its non-sophistication, and recurring delivery. For instance, I’ve received these at least 4 times in the last couple of days. This scam pictured below is trying to capture FedEx users regarding the non-delivery of their package; a … [Read more...]
Personal Info of 500 Million Guests Exposed in Marriott’s Starwood Reservation System
NEW YORK, NY - One of the world's leading global hotel groups disclosed that a guest reservation database, which covers a number of major hotel brands, suffered a large data breach. An internal investigation showed that unauthorized access had been occuring since 2014. The intrusion went unnoticed for four years by Starwood, which was acquired by Marriott in 2016 for $13.6 billion. It was uncovered in early September, when a security tool alerted Marriott officials to an … [Read more...]
WordPress Vulnerability for Sites Running WooCommerce with “Shop Manager” Role
NEW YORK, NY – If you're running a WordPress website and are utilizing the popular WooCommerce plugin, a shopping cart used by roughly four-million sites, there is a new vulnerability which requires that your WooCommerce plugin be up to date, or users marked as “Shop Managers” could hijack your site and virtually wipe out all data by compromising your administrator account. This new vulnerability was first reported to WordPress and WooCommerce in August when it was … [Read more...]
“Global Internet Crash” Diverted As ICANN Implements DNS Security Enhancements
NEW YORK, NY – Early last month, The Internet Corporation of Assigned Names and Numbers (ICANN), which is responsible for maintaining the registry of domain names and IP addresses, was preparing to implement the very first change to the “cryptographic keys” which help protect the Domain Name System (DNS) - the Internet's address book. The change had been delayed for over a year as ICANN reviewed last-minute data about the change and accessed any potential risk to the … [Read more...]
Alphabet Releases App to Prevent DNS Manipulation, Deter Online Censorship
NEW YORK, - Google’s Alphabet has released a new Android app called “Intra” which prevents “DNS manipulation”, a process used often by ISPs to redirect invalid domain name resolution to their own version of branded search results, usually accompanied by search engine ads – when used nefariously, it is also a tactic of hackers who steal and redirect users to phishing sites or to otherwise dupe them into downloading viruses and spyware. The app is made available by a company … [Read more...]
New Facebook Data Breach Effecting 50 Million Accounts; Doubling Security Staff
NEW YORK, NY - On Friday, September 28, 2018 Facebook said that an attack on its computer network had affected the personal information of nearly 50 million users. The attackers exploited the "View As" feature that allows users to see their Facebook page the way someone else would. This could allow the attackers to take over Facebook accounts. Facebook has fixed this issue and informed law enforcement. They also do not know if the affected accounts were misused or if user … [Read more...]
Are Phone Caller ID Systems Getting Better at Recognising Robocall Scammers?
NEW YORK, NY – These days you can't have a phone without receiving automated calls, prerecorded messages, telemarketers, and other nefarious solicitations and scams from often-times spoofed phone numbers. According to CNBC, Americans have already received over 16 billion robocalls so far this year (2018). Most annoying as of late are calls which are received from seemingly local phones which use spoofed numbers to appear local near the target (on the same exchange - first … [Read more...]
Drupal Content Management System’s ‘Highly Critical’ Vulnerability Warning
NEW YORK - If you're running the Drupal Content Management System on any of your websites its time to ensure you've updated its core as soon as possible. On March 28, 2018, an announcement from Drupal detailing a severe core vulnerability was released. The vulnerability allows an attacker to potentially compromise an entire site running most older and many newer versions of the CMS such as releases within versions 6, 7 and 8. There are a list upgrades and patches available … [Read more...]
Another 150,000,000 Users’ Data Breached via Free Smartphone App ‘MyFitnessPal’
NEW YORK - On March 29, 2018, athletic wear company Under Armour® has announced that an unauthorized party gained access to the data tied to its free smartphone app, MyFitnessPal. The data breach, which took place late February 2018, affected approximately 150 million user accounts. Account data which is related to the breach includes users: Usernames Email addresses Hashed passwords The company is urging its users to update and change passwords for any other … [Read more...]
The Question Is Not “If” You’ve Been Compromised; It’s How Many Times?
NEW YORK - If you haven't done business with one of the companies in this extensive list, you probably do not live on planet Earth with the rest of us. In other words, if you are reading this article, more than likely, despite all of the precautions you might take, your personal information has already been compromised. Below is a list of 245 instances of data breaches all over the world; those that have been reported. Keep in mind that many data breaches are never … [Read more...]
Orbitz, AmexTravel; Victims of Latest Data Breach Effecting 880,000 Customers
NEW YORK - If you travel and like to use third party travel sites to find discounts you may be one of the latest co-victims of a data breach by hackers which compromised near a million customers who use online booking services. According to Norton Internet Security, Orbitz, which has been owned by Expedia since 2015, released information regarding two separate data breaches tied to an older web site platform that effected partner bookings including AmexTravel.com; the … [Read more...]
Wouldn’t You Gladly Give-up a Little Bit of Privacy for So Much Better Security?
NEW YORK, NY – Imagine a World in which you allowed, or even specifically created your own little environment where all of your private communications and discussions could be monitored and recorded; all day, every day, till the end of time. Sounds like something you would never do? Welcome to Google Assistant; ready to help you wherever you are. Your one Assistant extends to help you across devices, like Google Home, your phone, and more. Who owns Google these days … [Read more...]
Just Some Fun With an Online Classifieds Scammer from Craigslist, That’s All
NEW YORK, NY - There are so many scams out there these days; they are literally everywhere. Sometimes I like to learn from them and I often will write about them so others can have a bit of a heads up to what's out there. This time, I was able to have the opportunity to mess-around with the scammer a little bit. I knew they were trying to scam me from the beginning, but I let it play out some, for the heck of it. I figured, I might as well have some fun with the scammer … [Read more...]
Bad News: Beware and “Be Aware” of “Meltdown” and “Spectre” Vulnerabilities
NEW YORK, NY - As the title suggests, you should both Beware, and "Be Aware" of these new security vulnerabilities that effect pretty much every Intel processor since 1995. I say "Be Aware" because although their patches available, there is not much that can be done to fully mitigate this issue until all or most computer hardware is redesigned. This is bad news because everyone is effected, and all computers are going to need to be replaced, it seems. Meltdown and Spectre … [Read more...]
Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User
NEW YORK - A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites. According to … [Read more...]
Be Prepared for Clever Scams & Tactics
I often write about security, privacy and other important personal safety issues such as being and keeping aware of security vulnerabilities, email threats and phishing scams..... It is often very simple precautions you can take which will save you a lifetime of headaches. With this type of material in mind, I received the following tips by email over the weekend from a family member and they are seem like they are worth sharing (rather than just deleting) as they will keep … [Read more...]
New Threat to WordPress Sites Designed to Bypass All Ordinary Security Measures
NEW YORK, NY - It seems like a new security threat is born each day; maybe that is because there is. For those who operate WordPress sites, including myself, there is a new threat to consider that is designed to bypass ordinary security measures; a simple back door, you have already left wide-open, by choice. WordPress Plugins are great additions to any WordPress site as they create all sorts of easy plug-and-play options and make often complicated features simple to … [Read more...]
Phishing: Watch-out for New Dangerous Godaddy Email Phishing Attempt
NEW YORK, NY - This is just a quick reminder to remain vigilant of all sorts of threats from hackers, email-spoofers, phishers and scammers; you can never let your guard down these days when it comes to your accounts, financial information and especially your domain accounts, because loss of your domain name can be loss of your business and will likely be permanent. Just this week news broke about an Equifax hack that hit credit histories of up to 143 million … [Read more...]
US Fortune 500 Businesses, Their Domain Name Characteristics, and Secure Status
NEW YORK, NY - Each year Fortune Magazine publishes a list of the largest companies in the United States by revenue. Below is the list for 2016. Also below, are some interesting characteristics of their domain name choices including whether or not these companies are prepared for SSLs on their corporate websites. 494 are using .com domain names, 4 use .nets, 1 .org, and 1 .xyz. 494 (98.8%) have chosen the ".com" extension for their domain name. 235 (47%) are … [Read more...]
