Consumer Threat Notices

twitter40-300x169-3.jpg

Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt

Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt

Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial information on prospective car buyers were recently leaked due to a database that was left without password protection.

The database belonged to Dealer Leads, a company that gathers information on prospective buyers through a network of targeted websites. These targeted websites provide car-buying research information and classified ads for visitors, allowing Dealer Leads to collect this information and send it to franchise and independent car dealerships to be used as sales leads. The information collected included records with names, email addresses, phone numbers, physical addresses, IP addresses, and other sensitive or personally identifiable information – 413GB worth of this data, to be exact. What’s more, the exposed database contained ports, pathways, and storage info that cybercriminals could exploit to access Dealer Lead’s deeper digital network.

Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt

Although the database has been closed off to the public, it is unclear how long it was left exposed. And while it’s crucial for organizations to hold data privacy to the utmost importance, there are plenty of things users can do to help safeguard their data. Check out the following tips to help you stay secure:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your accounts for unusual activity. This will help you stop fraudulent activity in its tracks.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt appeared first on McAfee Blogs.

img_1596040370943472-300x225.jpg

Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips

Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips

Celebrities: they’re just like us! Well, at least in the sense that they still face common cyberthreats. This week, “Avengers: Endgame” actor Robert Downey Jr. was added to the list of celebrities whose social media accounts have been compromised. According to Bleeping Computer, a hacker group managed to take control of the actor’s Instagram account, sharing enticing but phony giveaway announcements.

Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips

The offers posted by the hackers included 2,000 iPhone XS devices, MacBook Pro laptops, Tesla cars, and more. In addition to the giveaways added to the actor’s story page, the hackers also changed the link in his account bio, pointing followers to a survey page designed to collect their personal information that could be used for other scams. The tricky part? The hackers posted the link using the URL shortening service Bitly, preventing followers from noticing any clues as to whether the link was malicious or not.

This incident serves as a reminder that anyone with an online account can be vulnerable to a cyberattack, whether you have superpowers or not. In fact, over 22% of internet users reported that their online accounts have been hacked at least once, and more than 14% said that they were hacked more than once. Luckily, there are some best practices you can follow to help keep your accounts safe and sound:

  • Don’t interact with suspicious messages, links, or posts. If you come across posts with offers that seem too good to be true, they probably are. Use your best judgment and don’t click on suspicious messages or links, even if they appear to be posted by a friend.
  • Alert the platform. Flag any scam posts or messages you encounter on social media to the platform so they can stop the threat from spreading.
  • Use good password hygiene. Make sure all of your passwords are strong and unique.
  • Don’t post personal information. Posting personally identifiable information on social media could potentially allow a hacker to guess answers to your security questions or make you an easier target for a cyberattack. Keep your personal information under wraps and turn your account to private.

To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips appeared first on McAfee Blogs.

McAfee_consumer_1female1child_smartphone_cafe_72dpi-300x200.jpg

Attention Facebook Users: Here’s What You Need to Know About the Recent Breach

Attention Facebook Users: Here’s What You Need to Know About the Recent Breach

With over 2.4 billion monthly active users, Facebook is the biggest social network worldwide. And with so many users come tons of data, including some personal information that may now potentially be exposed. According to TechCrunch, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts.

It appears that the exposed server wasn’t password-protected, meaning that anyone with internet access could find the database. This server held records containing a user’s unique Facebook ID and the phone number associated with the account. In some cases, records also revealed the user’s name, gender, and location by country. TechCrunch was able to verify several records in the database by matching a known Facebook user’s phone number with their listed Facebook ID. Additionally, TechCrunch was able to match some phone numbers against Facebook’s password reset feature, which partially reveals a user’s phone number linked to their account.

Attention Facebook Users: Here’s What You Need to Know About the Recent Breach

It’s been over a year since Facebook restricted public access to users’ phone numbers. And although the owner of the database wasn’t found, it was pulled offline after the web host was contacted. Even though there has been no evidence that the Facebook accounts were compromised as a result of this breach, it’s important for users to do everything they can to protect their data. Here are some tips to keep in your cybersecurity arsenal:

  • Change your password. Most people will rotate between the same three passwords for all of their accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Facebook Users: Here’s What You Need to Know About the Recent Breach appeared first on McAfee Blogs.

twitter61-300x169.jpg

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website.

How exactly does this exploitation campaign work? According to WIRED, researchers revealed a handful of websites that had assembled five exploit chains. These exploit chains are tools that link security vulnerabilities together and allow a hacker to penetrate each layer of iOS digital protections. This campaign took advantage of 14 security flaws, resulting in the attacker gaining complete control over a user’s phone. Researchers state that these malicious sites were programmed to assess the Apple devices that loaded them and compromise the devices with powerful monitoring malware if possible. Once the malware was installed, it could monitor live location data, grab photos, contacts, passwords, or other sensitive information from the iOS Keychain.

So, what makes this attack unique? For starters, this exploitation campaign hides in plain sight, uploading information without any encryption. If a user monitored their network traffic, they would notice activity as their data was being uploaded to the hacker’s server. Additionally, a user would be able to see suspicious activity if they connected their device to their computer and reviewed console logs. Console logs show the codes for the programs being run on the device. However, since this method would require a user to take the extra step of plugging their iPhone into a computer, it’s highly unlikely that they would notice the suspicious activity.

iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks

Although iOS exploits usually require a variety of complexities to be successful, this exploitation campaign proves that iOS hacking is very much alive and kicking. So, what can Apple users do to help ward off these kinds of attacks? Here’s how you can help keep your device secure:

  • Install automatic updates. In your device settings, choose to have automatic updates installed on your device. This will ensure that you have the latest security patches for vulnerabilities like the ones leveraged in these exploit chains as soon as they’re available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks appeared first on McAfee Blogs.

twitter48-300x169.jpg

Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis

Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis

“Is Your Digital Front Door Unlocked?” explores the modern implications of our human nature: our inherent inclination to share our experiences, specifically on the internet. Our increasing reliance on technology to connect with others has us sharing far more information about ourselves than we realize, and without a full understanding of the risks involved.

While we’re posting innocent poolside pictures, we’re also creating a collection of highly personal information. And not just on social media. It happens by simply going about our day. Whether it is the computers we use for work and play, the smartphones that are nearly always within arm’s reach, or the digital assistants that field household requests—all of these devices capture and share data about our habits, our interests, and even our comings and goings. Yet we largely don’t know it’s happening—or, for that matter, with whom we’re sharing this information, and to what end.

I wrote this book for anyone who wants to live online as safely and privately as possible, for the sake of themselves and their family. And that should be plenty of us. With news of data breaches, companies sharing our personal information without our knowledge, and cybercrime robbing the global economy of an estimated $600 billion a year, it’s easy to feel helpless. But we’re not. There are things we can do. It’s time to understand how we’re creating all this personal information so we can control its flow, and who has access to it. The book takes an even-handed look at the most prevalent privacy and security challenges facing individuals and families today. It skips the scare tactics that can dominate the topic, and illustrates the steps each of us can take to lead more private and secure lives in an increasingly connected world.

The notion that binds the book together is the idea of a personal data lake. “Data lake” is a widely used term in business to reflect a large repository of data that companies collect and store. In the book I explore how we create personal data lakes as we go about our digital lives. I explore how our data lakes fill as we do more and more activities online, and offer insights that can be used to protect our personal data lakes, so that we can live more privately and enjoy safe online experiences.

This book is for people in families of any size or structure. It looks at security and privacy across the stages of life, and explores the roles each of us play in those stages, from birth to the time we eventually leave a digital legacy behind, along with important milestones and transitional periods in between. You’ll see how security and privacy are pertinent at every step of your digital journey, and how specific age groups have concerns that are often unique to that stage of life. The structure allows you to easily navigate to the chapters and sections that most relate to the life stage you are in, and offers guidance.

This book, like most things in life, is about choice. You can choose to roll the dice and hope that you’re not one of the hundreds of millions who are victims each year of phishing scams, ransomware attacks, and identity theft, or among the handful of people who still fall for the Nigerian prince lottery scam. You can also choose to use your computers, tablets, smartphones, and personal assistants as you have been, letting companies grift all kinds of personal information from you, without your knowledge or consent. Or you can choose to embrace the guidelines outlined in the book and make it extremely more difficult for a bad actor or cybercriminal to make you or your loved ones a victim.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Introduction to “Is Your Digital Front Door Unlocked?” a book by Gary Davis appeared first on McAfee Blogs.

twitter29-300x169.jpg

14 Million Customers Affected By Hostinger Breach: How to Secure Your Data

14 Million Customers Affected By Hostinger Breach: How to Secure Your Data

Whether you’re a small business owner or a blogger, having an accessible website is a must. That’s why many users look to web hosting companies so they can store the files necessary for their websites to function properly. One such company is Hostinger. This popular web, cloud, and virtual private server hosting provider and domain registrar boasts over 29 million users. But according to TechCrunch, the company recently disclosed that it detected unauthorized access to a database containing information on 14 million customers.

Let’s dive into the details of this breach. Hostinger received an alert on Friday that a server had been accessed by an unauthorized third party. The server contained an authorization token allowing the alleged hacker to obtain further access and escalate privileges to the company’s systems, including an API (application programming interface) database. An API database defines the rules for interacting with a particular web server for a specific use. In this case, the API server that was breached was used to query the details about clients and their accounts. The database included non-financial information including customer usernames, email addresses, hashed passwords, first names, and IP addresses.

Since the breach, Hostinger stated that it has identified the origin of the unauthorized access and the vulnerable system has since been secured. As a precaution, the company reset all user passwords and is in contact with respective authorities to further investigate the situation.

14 Million Customers Affected By Hostinger Breach: How to Secure Your Data

Although no financial data was exposed in this breach, it’s possible that cybercriminals can use the data from the exposed server to carry out several other malicious schemes. To protect your data from these cyberattacks, check out the following tips:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your accounts for unusual activity. This will help you stop fraudulent activity in its tracks.
  • Reset your password. Even if your password wasn’t automatically reset by Hostinger, update your credentials as a precautionary measure.
  • Practice good password hygiene. A cybercriminal can crack hashed passwords, such as the ones exposed in this breach, and use the information to access other accounts using the same password. To avoid this, make sure to create a strong, unique password for each of your online accounts.

And, as always, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 14 Million Customers Affected By Hostinger Breach: How to Secure Your Data appeared first on McAfee Blogs.

ellen-300x173.png

Ellen DeGeneres Instagram Hack: What You Can Do to Protect Your Account

Today was not an easy morning for Ellen DeGeneres. She woke to find that her Instagram account was briefly hacked according to the talk show host’s twitter and Yahoo Entertainment. A series of giveaways offering free Tesla cars, Mac Books, and more, were posted to the talk show host’s account last night. After seeing the posts, some of her followers became skeptical and warned her of the suspicious behavior. They were smart to flag the giveaways as untrustworthy because DeGeneres confirmed that her Instagram was in fact infected by malicious activity.

Ellen DeGeneres Instagram Hack: What You Can Do to Protect Your Account

While Ellen joked about “password” not being the most secure password, it’s always a best practice to use strong passwords that differ from each of your other accounts to avoid easy break-ins from cybercriminals.

One of the central reasons hackers target social media accounts is to retrieve stored personal information. Once cybercriminals log in to an account, they have access to everything that has ever been shared with the platform, such as date of birth, email, hometown, and security questions. They then could potentially use this information to try to log in to other accounts or even steal the person’s identity, depending on the level of information they have access to.

Another motive for infecting a user’s social media account is to spread phishing scams or malware amongst your network. In DeGeneres’ case, her 76 million Instagram followers were prompted to click on links that were scams in disguise of giveaways so hackers could steal their personal information. In other cases, hackers will use adware so they can profit off clicks and gain access to even more valuable information from you and your contacts. Sometimes these cybercriminals will post publicly on your behalf to reach your entire network, and other times they will read through private messages and communicate with your close network directly.

It’s not just celebrities that are vulnerable to cybercriminals. In fact, over 22% of internet users reported that their online accounts have been hacked at least once, and more than 14% said that they were hacked more than once. If your account gets hacked, the first step is to change your password right away and notify your network, so they don’t click on any specious links.

The good news is that by taking proper precautions, you can significantly reduce risk to help keep your account safe. Here are five best practices for protecting your social media accounts from malicious activity:

  • Use your best judgment and don’t click on suspicious messages or links, even if they appear to be posted by a friend.
  • Flag any scam posts or messages you encounter on social media to the platform, so they can help stop the threat from spreading.
  • Use unique, complicated passwords for all your accounts.
  • Avoid posting any identifying information or personal details that might allow a hacker to guess your security questions.
  • Always use comprehensive security software that can keep you protected from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Ellen DeGeneres Instagram Hack: What You Can Do to Protect Your Account appeared first on McAfee Blogs.

McAfee_consumer_1male2female_tablet_laptop_coffeeshop_72dpi-300x180.jpg

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

If you’re a frequent moviegoer, there’s a chance you may have used or are still using movie ticket subscription service and mobile app MoviePass. The service is designed to let film fanatics attend a variety of movies for a convenient price, however, it has now made data convenient for cybercriminals to potentially get ahold of. According to TechCrunch, the exposed database contained 161 million records, with many of those records including sensitive user information.

So, what exactly do these records include? The exposed user data includes 58,000 personal credit cards and customer card numbers, which are similar to normal debit cards. They are issued by Mastercard and store a cash balance that users can use to pay so they can watch a catalog of movies. In addition to the MoviePass customer cards and financial information numbers, other exposed data includes billing addresses, names, and email addresses. TechCrunch reported that a combination of this data could very well be enough information to make fraudulent purchases.

The database also contained what researchers presumed to be hundreds of incorrectly typed passwords with user email addresses. With this data, TechCrunch attempted to log into the database using a fake email and password combination. Not only did they immediately gain access to the MoviePass account, but they found that the fake login credentials were then added to the database.

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

Since then, TechCrunch reached out to MoviePass and the company has since taken the database offline. However, with this personal and financial information publicly accessible for quite some time, users must do everything in their power to safeguard their data. Here are some tips to help keep your sensitive information secure:

  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach appeared first on McAfee Blogs.

McAfee_consumer_1female_laptop_balcony_72dpi-300x200.jpg

Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks

Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered a weakness in the Bluetooth wireless standard that could allow attackers to intercept device keystrokes, contact lists, and other sensitive data sent from billions of devices.

The Key Negotiation of Bluetooth attack, or “KNOB” for short, exploits this weakness by forcing two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection, allowing attackers within radio range to quickly crack the key and access users’ data. From there, hackers can use the cracked key to decrypt data passed between devices, including keystrokes from messages, address books uploaded from a smartphone to a car dashboard, and photos.

Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks

What makes KNOB so stealthy? For starters, the attack doesn’t require a hacker to have any previously shared secret material or to observe the pairing process of the targeted devices. Additionally, the exploit keeps itself hidden from Bluetooth apps and the operating systems they run on, making it very difficult to spot the attack.

While the Bluetooth Special Interest Group (the body that oversees the wireless standard) has not yet provided a fix, there are still several ways users can protect themselves from this threat. Follow these tips to help keep your Bluetooth-compatible devices secure:

  • Adjust your Bluetooth settings. To avoid this attack altogether, turn off Bluetooth in your device settings.
  • Beware of what you share. Make it a habit to not share sensitive, personal information over Bluetooth.
  • Turn on automatic updates. A handful of companies, including Microsoft, Apple, and Google, have released patches to mitigate this vulnerability. To ensure that you have the latest security patches for vulnerabilities such as this, turn on automatic updates in your device settings.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks appeared first on McAfee Blogs.

twitter43-300x169.jpg

The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data

The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data

A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim’s contact list. What’s more, the author of the Cerberus malware has decided to rent out the banking trojan to other cybercriminals as a means to spread these attacks.

According to The Hacker News, the author claims that this malware was completely written from scratch and doesn’t reuse code from other existing banking trojans. Researchers who analyzed a sample of the Cerberus trojan found that it has a pretty common list of features including the ability to take screenshots, hijacking SMS messages, stealing contact lists, stealing account credentials, and more.

When an Android device becomes infected with the Cerberus trojan, the malware hides its icon from the application drawer. Then, it disguises itself as Flash Player Service to gain accessibility permission. If permission is granted, Cerberus will automatically register the compromised device to its command-and-control server, allowing the attacker to control the device remotely. To steal a victim’s credit card number or banking information, Cerberus launches remote screen overlay attacks. This type of attack displays an overlay on top of legitimate mobile banking apps and tricks users into entering their credentials onto a fake login screen. What’s more, Cerberus has already developed overlay attacks for a total of 30 unique targets and banking apps.

The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data

So, what can Android users do to secure their devices from the Cerberus banking trojan? Check out the following tips to help keep your financial data safe:

  • Be careful what you download.Cerberus malware relies on social engineering tactics to make its way onto a victim’s device. Therefore, think twice about what you download or even plug into your device.
  • Click with caution.Only click on links from trusted sources. If you receive an email or text message from an unknown sender asking you to click on a suspicious link, stay cautious and avoid interacting with the message altogether.
  • Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use robust security software like McAfee Total Protection so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data appeared first on McAfee Blogs.

vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)