NEW YORK, NY – From time to time I like to point out some phishing scams that are out there in hopes to help some people not fall for these email-traps; today is one of those day. This email stuck out not for its sophistication but for more of its non-sophistication, and recurring delivery. For instance, I’ve received these at least 4 times in the last couple of days. This scam pictured below is trying to capture FedEx users regarding the non-delivery of their package; a … [Read more...]
Personal Info of 500 Million Guests Exposed in Marriott’s Starwood Reservation System
NEW YORK, NY - One of the world's leading global hotel groups disclosed that a guest reservation database, which covers a number of major hotel brands, suffered a large data breach. An internal investigation showed that unauthorized access had been occuring since 2014. The intrusion went unnoticed for four years by Starwood, which was acquired by Marriott in 2016 for $13.6 billion. It was uncovered in early September, when a security tool alerted Marriott officials to an … [Read more...]
WordPress Vulnerability for Sites Running WooCommerce with “Shop Manager” Role
NEW YORK, NY – If you're running a WordPress website and are utilizing the popular WooCommerce plugin, a shopping cart used by roughly four-million sites, there is a new vulnerability which requires that your WooCommerce plugin be up to date, or users marked as “Shop Managers” could hijack your site and virtually wipe out all data by compromising your administrator account. This new vulnerability was first reported to WordPress and WooCommerce in August when it was … [Read more...]
“Global Internet Crash” Diverted As ICANN Implements DNS Security Enhancements
NEW YORK, NY – Early last month, The Internet Corporation of Assigned Names and Numbers (ICANN), which is responsible for maintaining the registry of domain names and IP addresses, was preparing to implement the very first change to the “cryptographic keys” which help protect the Domain Name System (DNS) - the Internet's address book. The change had been delayed for over a year as ICANN reviewed last-minute data about the change and accessed any potential risk to the … [Read more...]
Alphabet Releases App to Prevent DNS Manipulation, Deter Online Censorship
NEW YORK, - Google’s Alphabet has released a new Android app called “Intra” which prevents “DNS manipulation”, a process used often by ISPs to redirect invalid domain name resolution to their own version of branded search results, usually accompanied by search engine ads – when used nefariously, it is also a tactic of hackers who steal and redirect users to phishing sites or to otherwise dupe them into downloading viruses and spyware. The app is made available by a company … [Read more...]
New Facebook Data Breach Effecting 50 Million Accounts; Doubling Security Staff
NEW YORK, NY - On Friday, September 28, 2018 Facebook said that an attack on its computer network had affected the personal information of nearly 50 million users. The attackers exploited the "View As" feature that allows users to see their Facebook page the way someone else would. This could allow the attackers to take over Facebook accounts. Facebook has fixed this issue and informed law enforcement. They also do not know if the affected accounts were misused or if user … [Read more...]
Are Phone Caller ID Systems Getting Better at Recognising Robocall Scammers?
NEW YORK, NY – These days you can't have a phone without receiving automated calls, prerecorded messages, telemarketers, and other nefarious solicitations and scams from often-times spoofed phone numbers. According to CNBC, Americans have already received over 16 billion robocalls so far this year (2018). Most annoying as of late are calls which are received from seemingly local phones which use spoofed numbers to appear local near the target (on the same exchange - first … [Read more...]
Drupal Content Management System’s ‘Highly Critical’ Vulnerability Warning
NEW YORK - If you're running the Drupal Content Management System on any of your websites its time to ensure you've updated its core as soon as possible. On March 28, 2018, an announcement from Drupal detailing a severe core vulnerability was released. The vulnerability allows an attacker to potentially compromise an entire site running most older and many newer versions of the CMS such as releases within versions 6, 7 and 8. There are a list upgrades and patches available … [Read more...]
Another 150,000,000 Users’ Data Breached via Free Smartphone App ‘MyFitnessPal’
NEW YORK - On March 29, 2018, athletic wear company Under Armour® has announced that an unauthorized party gained access to the data tied to its free smartphone app, MyFitnessPal. The data breach, which took place late February 2018, affected approximately 150 million user accounts. Account data which is related to the breach includes users: Usernames Email addresses Hashed passwords The company is urging its users to update and change passwords for any other … [Read more...]
The Question Is Not “If” You’ve Been Compromised; It’s How Many Times?
NEW YORK - If you haven't done business with one of the companies in this extensive list, you probably do not live on planet Earth with the rest of us. In other words, if you are reading this article, more than likely, despite all of the precautions you might take, your personal information has already been compromised. Below is a list of 245 instances of data breaches all over the world; those that have been reported. Keep in mind that many data breaches are never … [Read more...]
Orbitz, AmexTravel; Victims of Latest Data Breach Effecting 880,000 Customers
NEW YORK - If you travel and like to use third party travel sites to find discounts you may be one of the latest co-victims of a data breach by hackers which compromised near a million customers who use online booking services. According to Norton Internet Security, Orbitz, which has been owned by Expedia since 2015, released information regarding two separate data breaches tied to an older web site platform that effected partner bookings including AmexTravel.com; the … [Read more...]
Wouldn’t You Gladly Give-up a Little Bit of Privacy for So Much Better Security?
NEW YORK, NY – Imagine a World in which you allowed, or even specifically created your own little environment where all of your private communications and discussions could be monitored and recorded; all day, every day, till the end of time. Sounds like something you would never do? Welcome to Google Assistant; ready to help you wherever you are. Your one Assistant extends to help you across devices, like Google Home, your phone, and more. Who owns Google these days … [Read more...]
Just Some Fun With an Online Classifieds Scammer from Craigslist, That’s All
NEW YORK, NY - There are so many scams out there these days; they are literally everywhere. Sometimes I like to learn from them and I often will write about them so others can have a bit of a heads up to what's out there. This time, I was able to have the opportunity to mess-around with the scammer a little bit. I knew they were trying to scam me from the beginning, but I let it play out some, for the heck of it. I figured, I might as well have some fun with the scammer … [Read more...]
Bad News: Beware and “Be Aware” of “Meltdown” and “Spectre” Vulnerabilities
NEW YORK, NY - As the title suggests, you should both Beware, and "Be Aware" of these new security vulnerabilities that effect pretty much every Intel processor since 1995. I say "Be Aware" because although their patches available, there is not much that can be done to fully mitigate this issue until all or most computer hardware is redesigned. This is bad news because everyone is effected, and all computers are going to need to be replaced, it seems. Meltdown and Spectre … [Read more...]
Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User
NEW YORK - A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites. According to … [Read more...]