Netflix, Birdbox & Email Scams

Unless you’re living on another planet, you’ve probably heard about the new Netflix thriller Birdbox, featuring Sandra Bullock (and a scary monster you never actually see). Don’t tell us what happens — we haven’t seen it yet. But apparently, over 45 million people have. Unfortunately, the massive win for Netflix has been the perfect setup for the bad guys.

The FTC has issued a warning about a new phishing scam that targets Netflix customers and snatches up their payment information. The fake email looks like the real deal from Netflix and warns customers that their account is on hold due to billing issues. No matter how much you want to watch Mrs. Bullock, don’t do it! Netflix says it will never ask for personal information to be sent via email and suggest logging onto its website if you suspect that there might actually be a billing issue. Be safe. . . and watch out for the monsters!

The FBI Saves Christmas

In 1988, Ernest saved Christmas (just ask anyone born before 1975). Well, in 2018, the FBI did the job. Last week, the U.S. Justice Department announced that they had seized the domains of more than a dozen DDoS-for-hirewebsites. Basically, these sites rent out access to infected devices or networks, allowing them to be exposed to denial-of-service (DDoS) attacks, disrupting user access. In the past few years, hackers have ruined Christmas Day for millions of gamers by holding the likes of PlayStation & Xbox hostage using massive DDoS attacks. Fortunately, this year the FBI was on the lookout. And 15 year-olds around the world thank you.

The Not-so-Secure Surveillance System

Over the past few years, millions of people have installed do-it-yourself home video security systems. The whole point is to provide peace of mind, security and more privacy. So you can imagine what a bummer it was for one security company when a bug allowed users to gain unauthorized access every other user’s saved surveillance footage. A password would need to be hacked, but authentication would not. Apparently, the Guardzilla, an all-in-one, IoT-enabled surveillance solution, had a design flaw in it’s firmware, allowing for the bugaboo. Experts recommend any Guardzilla user to disconnect cloud-based storage until a firmware update is released.

Even NASA? Yup…even NASA.

If we’ve learned anything over the past few years, it’s that no one is safe from potential cybercrime. The U.S. Government has been hacked. So has the U.S. Postal Service. And even the Department of Defense. Now, it’s NASA’s turn (again). The Space Agency confirmed last week that a data breach may have compromised personal information of some of its current and former employees. A recent memo said that the still unknown hackers managed to infiltrate one of its servers that stores employee information, including social security numbers and other personal data. NASA assured investigators that no space missions were jeopardized by the incident. No word yet on who the hackers are….but we see you, Flat-Earthers.

7 Tips for a Cyber Safe Holiday

The next seven days are sure to be big shopping days, especially online. The dramatic rise of shopping online also increases your risk for being the victim of cybercrime. Here are a few quick tips to help protect you and your family during the busy season ahead.

  1. Shop smart. if you’re shopping online, use only the direct, well-known URL for the business. If you’re not sure, double-check your browser to be sure it leads to the actual store you’re looking for.
  2. Stop before you click. Always use caution before you click on links. If you hover over a link, your computer will reveal the website before you click on it. If you don’t recognize it, don’t click it. And always be careful opening attachments.
  3. Watch for fakes. The holidays are a scammers dream. Watch for fake package tracking email, fake “offers” from big brands (no, Amazon doesn’t have a “free gift” for you) and fake credit card confirmation requests.
  4. Keep it clean. Ensure that all of your devices have up-to-date anti-virus/anti-malware software.
  5. Protect your passwords. Keep your passwords up to date and complex. Use multi-factor authentication wherever possible.
  6. Use text alerts. Most banks and store credit cards offer text alerts for any suspicious activity. We think it’s a great feature to use.
  7. Beware of WiFi hotspots and public computers. As always, its important to avoid unknown public WiFi hotspots since they are a favorite way for the bad guys to sneak onto unsuspecting devices.

Here are a few additional ways to be cyber smart from the U.S. Department of Homeland Security.

Hackers Hide Malware in Memes

We can’t seem to get enough of funny internet memes. You know… Grumpy Cat. Chuck Norris. Elf. Well, it turns out that hackers have devised a way to hide malicious code in some of them. What? Apparently, Trend Micro researchers discovered that hackers used steganography, a technique of hiding contents within a digital graphic image in such a way that’s invisible to an observer to hide the malicious commands embedded in a meme posted on Twitter, which the malware then parses and executes. While the meme looks normal to the human eye, the destructive code hidden in the file’s metadata triggers a screenshot of the infected computer and sends the info to a remote command center (server). The specific Twitter account that was discovered by Trend Micro has been disabled but it’s hard to say where the meme gang might strike next. So the next time you’re tempted to click on that meme…think again.

Hackers Hide Malware in Memes

We can’t seem to get enough of funny internet memes. You know… Grumpy Cat. Chuck Norris. Elf. Well, it turns out that hackers have devised a way to hide malicious code in some of them. What? Apparently, Trend Micro researchers discovered that hackers used steganography, a technique of hiding contents within a digital graphic image in such a way that’s invisible to an observer to hide the malicious commands embedded in a meme posted on Twitter, which the malware then parses and executes. While the meme looks normal to the human eye, the destructive code hidden in the file’s metadata triggers a screenshot of the infected computer and sends the info to a remote command center (server). The specific Twitter account that was discovered by Trend Micro has been disabled but it’s hard to say where the meme gang might strike next. So the next time you’re tempted to click on that meme…think again.

Got Hackers for Kids?

Do you have a kid (or know one) who loves to tear things apart to see how they work? You know, those tinkerers who leave parts and pieces all over the house. Ever stepped in Legos in the middle of the night? Yeah, that kid. Well, if you have a creative child, aka wanna-be hacker, in the family and are looking for the perfect gift to give them, we have a great idea for you.

The Kano Computer (pictured above) is a sweet little kit that allows kids to build a tablet and then play games and program on it, all the while learning Python, Javascript, and Terminal commands. There’s even a cool Hack Minecraft game. No, this isn’t an ad for Kano. We just think that if “The Woz” wishes he would have had one of these when he was a kid, it must be pretty cool.

Q: Who Had Data Breached for 100M Users? A: Quora!

So, last week 100 million Quora users found an email in their inbox from the popular Q & A website informing them that user data was stolen by hackers. Um…awkward. Similar to the Marriott breach that occurred just days ago, the stolen data included names, email and IP addresses, user IDs, and encrypted passwords. We’re told that Quora staff are looking into the breach and are encouraging all users not to reuse the same password across multiple websites. Good thing.

Giuliani Hacked (sort of)

Remember how your 3rd grade English teacher taught you the importance of good grammar? “Let’s eat, Grandpa” gets weird when you leave out the comma. Last week, when tweeting about the G-20 Summit, the former NYC Mayor did not add a space between sentences and Twitter interpreted “G-20.In” as a URL, creating a hyperlink. A prankster noticed that URL was unregistered and jumped at the opportunity. He bought the domain name and created a simple anti-Trump website. Regardless of where you stand politically, it’s always a good idea to look over what you type before hitting that ‘submit’ button! (your 3rd grade teacher name here) will thank you!