by Emily Kowalsky | Jan 10, 2019 | Home + Mobile
We live in a digital age where internet-connected devices are the norm. Our phones, our televisions, even our light bulbs are tied together in today’s tech ecosystem. For high school and college students, this degree of digital connection is the standard, and when school is in session, tech accessories are a popular way to customize the various connected devices that are now an essential part of students’ lives.
With their focus on specialized accessories, it’s easy for
students to overlook the importance of securing their connected devices. What’s
the point of an expensive phone case or the perfect PopSocket if you’re leaving
yourself, and your data, vulnerable? Hacks, security breaches, and stolen
identities are often seen as things that don’t happen to digital natives. But
security breaches can happen to anyone—no matter how sophisticated a user may
be—and are almost always preventable by practicing safe
cyber habits and having the right security is in place. But where do you start?
Back to basics
For students at any level, these best practices may seem eye-rollingly intuitive, but they are the basic tools for staying safe and secure online. Flaws with basic cybersecurity often prove to be the catalyst for a chain reaction of breaches, so by making sure these essential fail-safes are in place, you go a long way toward protecting yourself from cybercrime.
Awareness
Being aware of your surroundings and the connectivity of
your devices is the first step towards a digitally secure life. But what does
awareness mean from a cybersecurity standpoint? It means turning airdrop, file
sharing, and open Bluetooth connectivity off, before you use your device in a public area. It means not leaving
your laptop unattended, even if you’re just running to the bathroom at the
coffee shop. It means using a free tool, such as haveibeenpwned.com,
to see if your data has been breached in the past and taking corrective
measures if it has been. Most importantly, it means treating public networks
like they are public, and not accessing sensitive information through them
unless you take the proper precautions (more on that below).
Two-Factor authentication
Two-factor authentication, where a validation message is
sent upon login, is a security feature that verifies that you are the one who is actually attempting to access your account,
particularly if the access request is coming from an unrecognized device or
location. Two-factor authentication is the best way to
stop unauthorized users from logging into your accounts. Most social
media services offer two-factor authentication, but if you don’t trust them to
be up to the task, use a third party service such as Authy or Google
Authenticator. SMS and email two-factor authentication measures are demonstrably weaker than other
available two-factor measures, and should be avoided if possible (although it’s
better than using only a password alone).
Multiple passwords
No one likes to remember multiple passwords, let alone
multiple secure passwords. But never reusing passwords is the best way to
prevent third-party breaches from affecting multiple accounts. A good tip for
varied passwords you can remember? Choose a phrase (or favorite song lyric) and
break it down into sections. For example, the
quick brown fox jumps over the lazy dog, becomes three separate passphrases.
- the quick brown
- fox jumps over
- the lazy dog
This is a handy trick to wean yourself off the same two
passwords you’ve been using since middle school, and is better than password
redundancy. Make sure you include spaces in your passphrases. In the rare case
spaces are not allowed, then a phrase without spaces will suffice.
Digging deeper
If the tips above are the metaphorical security sign in the
window of your digital life, the measures outlined below are the actual
security system. A small amount of additional effort on your part will help
keep you safe during your educational career.
Antivirus software
Making sure you have trusted antivirus software running on
all devices is one of the most effective ways to stay safe from online threats.
A cross-device service, such as Webroot
SecureAnywhere® solutions, will keep you safe from potentially malicious
emails, files, or apps. An important step to never skip? Keeping your antivirus
software up to date. This will help prevent newly surfaced viruses and malware
from penetrating your systems. Or, chose cloud-based antivirus solutions, like Webroot’s,
that do not require updates.
Password managers
Don’t want to bother with remembering passwords at all?
Password managers with secure
encryption make generating and storing passwords safe and easy. Many
password managers are compatible with common browsers such as Chrome and
Firefox, making it easy
to securely auto-fill passwords and other forms online.
Message encryption
Encryption services use ciphers to convert messages into
random symbols, which are only able to be converted back when accessed by the
intended recipient, with a special key. Common encryption options are Apple
Messages and Signal, as well as WhatsApp, which is owned by Facebook. If you
prefer an encryption option that isn’t owned by a large corporation, Signal is
a part of Open Whisper Systems.
Virtual private networks
If you must access sensitive information through a public
network, setting up a virtual private network (VPN) will block and
redirect your IP address, preventing outside parties from tracking
and storing your information. Your VPN setup will largely depend on both your
specific devices and price point, but with a little research and energy you can
prevent anyone and anything from accessing your digital vault.
Vigilance is key
These tools are the true must-have tech accessories to
support young people today and their digitally enhanced life. It’s easy to be
overwhelmed as a student with school, work, and social life, but don’t let your
cybersecurity defenses lag. Stay informed and stay updated.
by Aaron Sherrill | Jan 7, 2019 | SMBs
SMBs are overconfident about their cybersecurity posture.
A survey of SMBs conducted by 451 Research found that in the preceding 24 months, 71% of respondents experienced a breach or attack that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties. At the same time, 49% of the SMBs surveyed said that cybersecurity is a low priority for their business, and 90% believe they have the appropriate security technologies in place. Clearly, SMBs are not correctly evaluating cybersecurity risk.
Many of us can relate – each day we ignore obvious signs that point to a reality that is in direct contrast to our beliefs. For example, as each year passes, most of us get a little slower, muscles ache that never ached before, we get a bit softer around the middle, and we hold our reading material farther away. Yet, we are convinced we could take on an NBA player in a game of one-on-one or complete the American Ninja Warrior obstacle course on the first try.
While it’s unlikely that most of us can make the improvements needed to compete with elite athletes, the same can’t be said for enterprise cybersecurity. The journey is not an easy one given the security talent vacuum, a lack of domain understanding at the executive level, and the complexity of implementing a long-term, metric-based strategy. But, if you are an SMB struggling to run up and down the proverbial court, here are five things you should consider when building a better security practice:
1. Experienced staff are valuable, but expensive, assets.
Although enterprise cybersecurity is a 24/7/365 effort requiring a full roster of experienced professionals, many SMB cybersecurity teams are underequipped to handle the constant deluge of alert notifications, let alone the investigation or remediation processes. In fact, only 23% of survey respondents plan to add staff to their security teams in the coming year. For many SMBs, the security staffing struggles may get worse as 87% reported difficulties in retaining existing security professionals. To fill this gap, SMBs are increasingly turning to MSPs and MSSPs to provide the expertise and resources needed to protect their organizations around the clock.
2. Executives understand what is at stake, but not what action to take.
As the threat landscape becomes more treacherous, regulatory requirements multiply, and security incidents become more common, executives at SMBs have become more acutely aware of the business impact of security incidents – most are feeling an urgency to strengthen organizational cybersecurity. However, acknowledging the problem is only the first step of the process. Executives need to interface with their internal security teams, industry experts and MSPs in order to fully understand their organization’s risk portfolio and design a long-term cybersecurity strategy that integrates with business objectives.
3. Security awareness training (SAT) is low-hanging fruit (if done right).
According to the 451 Research Voice of the Enterprise: Information Security: Workloads and Key Projects survey, 62% of SMBs said they have a SAT program in place, but 50% are delivering SAT on their own using ‘homegrown’ methods and materials. It should be no surprise that many SMBs described their SAT efforts as ineffective. MSPs are increasingly offering high-quality, comprehensive SAT for a variety of compliance and regulatory frameworks such as PCI-DSS, HIPAA, SOX, ISO, GDPR and GLBA. SMBs looking to strengthen their security posture should look to partner with these MSPs for security awareness training.
4. Securing now means securing for the future.
The future of IT architecture will span both private and public clouds. This hybrid- and multi-cloud infrastructure represents a significant challenge for SMBs that require a cybersecurity posture that is both layered and scalable. SMBs need to understand and consider long-term trends when evaluating their current cybersecurity strategy. With this aim in mind, SMBs can turn to MSPs and MSSPs with the experience and toolsets necessary for securing these types of complex environments.
5. A metrics-based security approach is needed for true accountability.
In a rush to shore up organizational security, SMBs might make the all-too-common mistake of equating money spent with security gained. To be clear: spending not backed by strategy and measurement only enhances security posture on the margins, if at all. To get the most bang for each buck, SMBs need to build an accountable security system predicated on quantifiable metrics.Again, this is an area where SMBs can partner with MSPs and MSSPs. This serves as an opportunity to develop cybersecurity strategy with measurable KPIs to ensure security gains are maintained over time. MSPs can help SMBs define the most applicable variables for their IT architectures, whether it be incident response rate, time-to-response or other relevant metrics.
The strategic reevaluation of organizational security is a daunting task for any organization, but given the risks SMBs face and their tendency to be underprepared, it is a necessary challenge. These key points of consideration for SMBs embarking on this critical journey underscore the importance of building an accountable and forward-looking security system and highlight the ways in which SMBs can work alongside MSP or MSSP partners to implement the right cybersecurity system for their organizations. I hope this will be the wake-up call all SMBs need to unleash their inner cybersecurity all-star.
If you’re interested in learning more about how other SMBs are approaching cybersecurity, read my report Security Services Fueling Growth for MSPs.
by Connor Madsen | Jan 4, 2019 | Industry Intel
American Newspapers Shutdown After Ransomware Attack
Nearly all news publications owned by Tribune Publishing suffered disruptions in printing or distribution after the publisher was hit by a ransomware attack. Many of the papers across the country were delivered incomplete or hours or days late. Even some papers that had been sold off to other publishers in previous years were affected. Fortunately, digital and mobile versions of the newspapers were untouched by the attack, allowing users to view local news as normal online.
‘PewDiePie’ Hacker Turns Focus to Smart Devices
The hacker previously responsible for hacking
thousands of printers and directing them to print ads in support of
PewDiePie, the world’s largest YouTuber, has now started using unsecured smart
devices to continue the campaign. In addition to requesting the “victim”
subscribe to PewDiePie, the hacker’s main message is to bring light to the
extreme lack of security many of us live with daily. By using the standard
ports used by smart TVs to connect to streaming devices, the hacker has even
created scripts that will search for these insecure ports and begin connecting
to them.
California Alcohol Retailer Faces Data Breach
One of the largest alcohol retailers in California, BevMo,
recently announced they’ve fallen victim to a credit card breach on their
online store. The breach lasted for nearly two months, during which time
customer payment card data for nearly 14,000 customers was illegitimately
accessed. While officials are still unclear as to who was behind the breach, it
is likely related to the MageCart attacks that appeared across the globe during
the latter half of 2018.
Blur Password Manager Leaves Passwords Exposed
An independent security researcher recently discovered a
server that was allowing unauthenticated access to sensitive
documents for well over two million users. The exposed information
included names, email addresses, IP addresses from prior logins, and even their
account password, though the company has remained firm that the passwords
contained within their accounts are still secure. Since the reveal, Blur’s parent
company, Abine, has prompted users to change their main passwords and enable
two-factor authentication, if they had not already done so.
Bitcoin Wallets: Still Major Target for Hackers
Nearly $750,000 worth of Bitcoin was stolen from Electrum
wallets in an attack that began only a few days before Christmas. By
exploiting a previously documented vulnerability, the hackers were able to inject
their own server list into the connections made by the Electrum wallet and
successfully rerout their victims to another server, where they were then
presented with a fake update screen. By moving forward with the “update,”
malware was promptly downloaded to the device and users could then enter their
wallet credentials, only for them to be stolen and their accounts drained.
by Connor Madsen | Dec 28, 2018 | Industry Intel
Amazon User Receives Thousands of Alexa-Recorded Messages
Upon requesting all his user data from Amazon, one user promptly received over 1,700 recorded messages from an Alexa device. Unfortunately, the individual didn’t own such a device. The messages were from a device belonging to complete stranger, and some of them could have easily been used to find the identity of the recorded person. While Amazon did offer the victim a free Prime membership, it’s cold comfort, as these devices are constantly recording and uploading everyday details about millions of users.
San Diego School District Hacked
In a recent phishing scheme, hackers successfully gained the trust of a San Diego Unified School Districtemployee and obtained credentials to a system that contained student, parent, and staff data from the past decade. The database mostly consisted of personal data for over half a million individuals, but also included student course schedules and even payroll information for the District’s staff.
Data Breach Affects Hundreds of Coffee Shops
Attackers were able to access payment data for 265 Caribou Coffee shopsacross the United States. The breach could affect any customers who made purchases between the end of August 2018 and the first week of December. The company recommends that any customers who may have visited any of their locations across 11 states engage a credit monitoring service to help avoid possible fraud.
FBI Shuts Down DDoS-for-Hire Sites
At least 15 DDoS-for-Hire siteshave been taken down in a recent sweep by the U.S. Justice Department, and three site operators are currently awaiting charges. Some of the sites had been operating for more than 4 years and were responsible for over 200,000 DDoS attacks across the globe. This is the second in a series of government-led cyberattack shutdowns over the last year.
Email Scam Offers Brand New BMW for Personal Info
A new email scam is informing victims that they’ve just won a 2018 BMW M240iand over $1 million dollars, which they can easily claim if they provide their name and contact information. Victims who provide their contact details are then contacted directly and asked to give additional information, such as their social security number and credit or bank card details. If you receive this email or one like it, we recommend you delete it immediately, without opening it.
by Megan Johnson | Dec 21, 2018 | Home + Mobile
The cybersecurity landscape is in constant
flux, keeping our team busy researching the newest threats to keep our
customers safe. As the new year approaches, we asked our cybersecurity experts
to predict which security trends will have the most impact in 2019 and what
consumers should prepare for.
Continued Growth of Cryptojacking
“Cryptojacking will continue to dominate the landscape. Arguably more than a third of all attacks in 2019 will be based off of leveraging hardware in your devices to mine cryptocurrency.” – Tyler Moffitt, Senior Threat Research Analyst
The largest cyber threat of 2018 will continue
its unprecedented growth in 2019. Cryptojacking—a type of hack that targets
almost any device with computing power, including mobile devices, company
servers, and even cable routers to mine for cryptocurrencies—grew
by more than 1,000% in the first half of 2018. Compared to ransomware attacks,
cryptojacking is incredibly stealthy, with many systems losing processing power
while sitting idle anyway. We are now seeing cryptojacking in more significant
systems, as was the case when Nova Scotia’s St. Francis Xavier University struggled
for weeks to recover after cryptojacking software led to the school to disable its
entire digital infrastructure in order to purge the network. For home internet
users, cryptojacking can put undue stress on your computer’s processor, slowing
down performance and increasing your electric bill.
But, as with any cybersecurity threat, it’s a
constant cat-and-mouse game between criminals and the security industry. As
cryptojacking continues to grow, so does criminals’ ability to successfully
implement the attack. At the same time, so does our knowledge and ability to
defend against it. This type of attack can impact your devices in multiple ways,
whether via a file on your computer or a website you visit. We recommend a
layered solution that can protect against these
different attack vectors, like Webroot SecureAnywhere® solutions.
General Data Protection Regulation (GDPR) Influence
“We are going to see a lot more legislation proposed within the US that will be very similar to GDPR, much like California already has. These types of laws will inspire the idea that companies don’t own data that identifies people, and we need to be better stewards of that data. Data, by all accounts, is a commodity. It’s necessary for innovation and to stay competitive, but the data must be good to be of any use.” – Briana Butler, Engineering Data Analyst
The General Data Protection Regulation (GDPR) is a set of regulations put in place in 2018 that standardize data protection measures within the European Union, marking the beginning of a new era of international data protection. In the United States, California has been on the frontlines of data protection law since 2003 when bill SB1386 was passed, pioneering mandatory data-breach notifications nationwide. California continues to innovate in data privacy law with the recently passed California Consumer Privacy Act of 2018 (CCPA), possibly the toughest data privacy law in the country. Although clearly influenced by GDPR, it differs in many ways—enough that companies who are compliant with GDPR may need to take additional steps to also be compliant under the CCPA. But it’s not just lawmakers who are pushing for data protection regulation, influential tech industry leaders like Tim Cook are also calling for stronger consumer protections on data collection nationwide.
What does this mean for you? Expect another wave of “Privacy Update” emails and cookie collection pop-up notices while browsing, as well as expanded protections regarding the collection and storage of your personal data. Given the rising regularity of third party data breaches—like the one that recently left 500 million Marriott guests exposed—stronger data protection laws can only mean good things for consumers.
Biometrics on the Rise
“We will see continued growth in biometric services. Devices with usernames and passwords will become the legacy choice for authentication.” – Paul Barnes, Sr. Director of Product Strategy
Largely associated with facial and fingerprint recognition, biometrics have been on the rise since at least 2013, when the launch of TouchID placed the technology in every iPhone user’s hands. But the adoption of biometric technologies—particularly facial recognition biometrics—was dampened by cultural and ethical concerns, with some fearing the establishment of a national biometric database. But today we are beginning to see the normalization of facial recognition biometrics, like those utilized by Snapchat and Instagram. Biometrics are also now widely seen used in critical infrastructure applications. Airports use biometrics to facilitate a faster boarding process, and hospitals are adopting biometrics for both patient care and as a HIPAA security precaution.
We predict this regular exposure to biometrics will lead to a larger cultural acceptance and adoption of biometrics as a trusted security standard, leading to the eventual death of usernames and passwords. Why bother with a login when your computer knows the minute details of your iris? But convenience may come as a cost. Corresponding with rising use, biometric data will continue to become a more valuable commodity for cybercriminals to steal.
The Beginning of the End for SSNs
“There will be significant discussion around replacing Social Security numbers for a more secure, universal personal identity option.” – Kristin Miller, Director of Communications
In 2017 the Equifax breach compromised 145.5
million Social Security numbers, forcing us to face an uncomfortable truth:
SSNs are a legacy system. First available in 1935 from the newly minted Social
Security Administration, they were created to track accounts using Social
Security programs. They were never intended to act as the secure database key
we expect them to be today.
The conversation has already begun on the
federal level. “I think it’s really clear there needs to be a change,” White
House Cybersecurity Coordinator Rob Joyce said at the 2017
Cambridge Cyber Summit. “It’s a flawed system. If you think about it, every
time we use the Social Security number you put it at risk.”
Although it will be some time until we fully replace Social Security numbers, what should you expect from a replacement? When it comes to personal identifiers that are both unique and secure, the conversations tend to center around two technologies: biometrics and blockchains. Biometrics—particularly behavioral biometrics, which derive their logic from individual’s behavioral patterns, such as the syncopation of types or taps on a screen, or even your unique heart beat—are proving to be an especially intuitive solution.
Certification for the Internet of Things
“We will finally see a consumer IoT/connected goods certification body, similar to the Consumer Electrical Safety Certifications today. This will enforce the notion of Security by Design for a smart goods manufacturer.” – Paul Barnes, Sr. Director of Product Strategy
We love the Internet of Things (IoT). It
powers our smart homes, our fitness trackers, and our voice assistants. But IoT
devices are notoriously insecure, oftentimes featuring overlooked flaws that
can lead to exploitation in unexpected places. A recent Pew Research Center survey looked
at how growing security concerns are influencing the spread of IoT connectivity
reported only 15% of participants saying security concerns would cause significant
numbers of people to disconnect from IoT devices. Alternatively, 85% believe
most people will move more deeply into an interconnected life due to the
convenience of IoT products. Recently
published documents may signal that the time of putting convenience
ahead of security is quickly coming to an end.
The United Kingdom’s department for Digital, Culture, Media, and Sport (DCMS) published the “Code of Practice for Consumer IoT Security.” The code outlines thirteen steps for organizations to follow for the implementation of appropriate security measures in IoT offerings. It also emphasizes the need for a secure-by-design philosophy, a belief that security measures need to be designed into products, not bolted on afterwards. This type of regulatory influence on the industry is sure to make waves across the pond, and we are already seeing this play out with California’s new IoT security law.
Keep these predictions in mind as you make
your way through 2019. Staying informed is the best way to keep you and your
family safe, so check back here for more cybersecurity trend updates in the
future!
by Connor Madsen | Dec 21, 2018 | Industry Intel
Facebook API Bug Reveals Photos from 6.8 Million Users
Facebook announced this week that an API
bug had been found that allowed third-party apps to access all user
photos, rather than only those posted to their timeline. The vulnerability was
only available for 12 days in mid-September, but could still impact up to 6.8
million users who had granted apps access to their photos in that time.
Children’s Charity Falls Victim to Email Scam
Over $1 million was recently diverted from a children’s
charity organization after hackers were able to gain access to an
internal email account and begin creating false documents and invoices. Due to
a lack of additional authentication measures, the funds were promptly
transferred to a Japanese bank account, though insurance was able to compensate
for most of the loss after the scam was finally discovered.
Email Extortion Scams Now Include Hitmen
The latest in a series of email
extortion campaigns promises its victims will be executed by a
hitman if a Bitcoin ransom of $4,000 isn’t paid within 38 hours. Given such
poorly executed scare tactics, it comes as no surprise that the payment account
has still not received any funds after several days. Hopefully, as the threats
of violence leads to victims contacting law enforcement rather than paying the
scammers, these types of scams will become more rare.
Hackers Force Printers to Spam PewDiePie Message
Nearly 50,000 printers
around the world have been spamming out a message suggesting subscribing to
PewDiePie on YouTube and recommending the recipient improve their printer
security. The group behind the spam has stated they want to raise awareness of the
real threat of unsecured devices connected to the internet and how they can be
used maliciously. In addition to sending print-outs, attackers could also steal
data being printed or modify documents while they are being printed.
Cybersecurity Audit Shows Major Vulnerabilities in U.S. Missile Systems
A recent report showed that U.S. ballistic missile defense systems have consistently failed security audits for the past five years. Some of the major flaws included a lack of encryption for data stored on removable devices, patches reported in previous years that remained untouched, and the regular use of single-factor authentication for entire facilities. Physical security issues that could leave highly-sensitive data exposed to anyone willing to simply try to access it were also detailed in the report.
by Connor Madsen | Dec 14, 2018 | Industry Intel
Clemson Supercomputer Susceptible to Cryptojacking
IT staff at Clemson University have been working to remove the recent introduction of a cryptominer on its supercomputer, known as Palmetto. As they compromised the system for the mining of Monero, the attackers’ ploy was only spotted due to spikes in computing power and rising operating costs for the supercomputer, since manually monitoring the entire system is nearly impossible. It’s still unknown who was responsible for the mining, but Clemson staff have already begun increasing security measures to discourage copy-cat crimes.
Cyberattack Strikes Italian Oil Company
Italian oil and gas company Saipemfell victim to a cyber-attack earlier this week that knocked several critical servers offline. The attack appears to have focused specifically on servers located in Middle Eastern countries in which the company operates. It’s presently believed the attackers were also involved in prior cyberattacks on Saudi Aramco, for whom Saipem is a supplier.
Data Breach Affects Topeka Residents
A data breach that could expose the personal details of nearly 10,000 residents of Topeka, Kansas was recently discovered. The breach could affect anyone who made online payments to the Topeka Utilities Department between October 31 and December 7. Officials are still working to determine the cause of the breach. The city’s utility department is in the process of contacting all 10,000 potential victims.
Google+ Reaches End of Life Sooner than Expected
While the consumer version of Google+was destined to be shut down in mid-2019, a new bug will hasten its end to April. This final vulnerability had the potential to expose entire user profiles to any applications searching for data, even if the account was set to private. This vulnerability left over 52 million accounts accessible to any number of app developers during the six days it was left exposed.
Android-based Trojan Steals Credentials
A new Trojan has been spotted on the Android OS that uses screen overlays for popular applications to trick users into entering credentials for apps like PayPal, Google Play, and even several banking apps. By displaying the overlay in the lock foreground screen, users are unable to close the pop-ups with normal methods, and can only do so by completing a form requesting login information. Additionally, the malware can identify if a legitimate app is currently installed and prompt the user to open it and log in, thereby removing a step in gaining access to the victim’s funds.
by Emily Kowalsky | Dec 13, 2018 | Home + Mobile
Virtual Private Networks (VPNs) are quickly becoming a fundamental necessity for staying safe online. From large corporations to family households, people are turning to VPNs to ensure their data is encrypted end to end. But as with any emerging technology, it’s easy to become overwhelmed with new and untested VPN options. So, how does Webroot® WiFi Security distinguish itself from other VPNs?
Whether or not you can trust your VPN provider should be the first thing to consider when selecting a VPN. A recent analysis of nearly 300 mobile VPN services on the Google Play store found that, unlike Webroot WiFi Security, almost one in five didn’t encrypt data as it was transmitted through their private network, a core tenant of VPN protection. At Webroot we have decades of cybersecurity experience. We’ve built confidence with every customer, from the world’s leading IT security vendors to families just like yours. Security and privacy are what we do best, and Webroot WiFi Security was purpose-built to always encrypt your data without screening, storing, or selling your private information.
“New products from unknown companies can be risky—what data are they capturing, what are they doing with the data, and how are they protecting that information?” notes Andy Mallinger, Webroot director of product. “Webroot has been in the security business for more than 20 years, and has built machine learning-based security systems for more than a decade. We designed our products to evolve with the ever-changing threat landscape. Adding VPN protection with Webroot WiFi Security, is a perfect next step in our continued evolution.”
Best-in-class security
Webroot WiFi Security was built to provide best-in-class security, while still being easy to use. A one-click setup automatically enables security features without any confusion or missed steps. For extra security, Android®, Mac®, and Windows® users can enable Webroot WiFi Security’s unique “killswitch” feature. If your VPN connection is lost, the kill switch prevents the transmission of your data over an unsecure network until you are reconnected to the VPN.
“Webroot WiFi Security also helps protect your privacy by obscuring your location,” says Randy Abrams, senior security analyst at Webroot. “Websites are able to precisely pinpoint your location and use that information to track your browsing habits. With Webroot WiFi Security, you can be in Broomfield, Colorado, but your VPN IP address can make it look like you are in any one of the more than 30 countries where our VPN servers are located.”
Privacy plus security
Webroot WiFi Security also offers Web Filtering powered by BrightCloud® Threat Intelligence*. This feature provides an extra layer of protection that keeps your financial information, passwords, and personal files from being exploited. Webroot goes a step above other VPNs by safeguarding users from visiting malicious or risky websites known to be associated with malware, phishing, key logging spyware, and botnets. Web Filtering is a feature that the user can choose to enable or disable.
The combination of consumer trust and the power of best-in-class threat intelligence makes Webroot WiFi Security one of the most unique and secure VPN offerings on the market. Webroot has a deep history of protecting its customers’ privacy, and we are excited to showcase this dedication in the VPN market.
Ready to make the switch to Webroot WiFi Security? Learn more after the jump.
*The BrightCloud Web Filtering feature is only available on Windows®, Mac®, and Android® systems.
by Connor Madsen | Dec 7, 2018 | Industry Intel
Touch ID Used to Scam Apple Users
Two apps were recently removed from the Apple App Store after several users reported being charged large sums of money after installing the app and scanning their fingerprint. Both apps were fitness-related and had users scan their fingerprint immediately so they could monitor calories or track fitness progress. But the apps launched a payment confirmation pop-up with the user’s finger still on the device to charge any card on file for the account. Luckily, the apps were only available for a brief period before being removed and refunds issued.
Signet Jewelers Expose Customer Order Data
Signet Jewelers, the parent company for Kay and Jared jewelers, was informed last month by an independent researcher of a critical flaw in their online sites. By simply altering the hyperlink for an order confirmation email, the researcher was able to view another individual’s order, including personal payment and shipping information. While Signet resolved the issue for future orders, it took additional weeks to remedy the flaw for past orders.
WeChat Ransomware Hits over 100k Chinese Computers
In the five days since December began, a new ransomware variant dubbed WeChat Ransom has been spreading quickly across China. With over 100,000 computers currently infected and thousands more succumbing each day, WeChat has made a significant mark. Though it demands a ransom of only roughly $16 USD, the variant quickly begins encrypting the local environment and attempts to steal login credentials for several China-based online services. Fortunately, Tencent banned the QR code being used to send ransom payments and disabled the account tied to it.
Nearly 100 Million Users Compromised in Quora Breach
Servers containing sensitive information for nearly 100 million Quora.comusers were recently compromised by unknown hackers. In addition to personal information about users, any posts or messages sent over the service were also breached. While informing affected users of the leak, Quora stated that all password data they store was fully encrypted using bcrypt, which makes it considerably more expensive and time-consuming for the hackers to break the algorithms and obtain the data.
Marriott Hotels Breach Leaves Half a Billion Users Vulnerable
In one of the largest data breaches to date, Marriott International is under fire for exposing the personal data of nearly 500 million individuals. A class-action lawsuit has been filed against the hotel chain. For many victims, their names, home addresses, and even passport information was available on an unsecured server for nearly four years after the company merged with Starwood, whose reservation systems were already compromised.
by Connor Madsen | Nov 30, 2018 | Industry Intel
USPS Website Leaves Personal Data Available to Anyone
Within the last week, The U.S. Postal Service (USPS) has been working to resolve a vulnerability that allowed any authenticated user to view and modify the personal information for any of the other 60 million users. Fortunately, USPS was quick to fix the vulnerability before any detectable alterations were made, which could have included changes to social security numbers, addresses, and even live tracking information on deliveries.
Amazon Exposes Customer Data
Many Amazon shoppers recently received an email informing them that their personal information was released, though the announcement was light on details. To make matters worse, Amazon’s only response was that the issue has been fixed. It did not mention what the actual issue was or what may have caused it. Official Amazon forums have been bombarded with concerned customers in advance of the approaching holiday season.
IRS Audit Reveals Fraud Protection Failure
It was revealed during a recent audit of the IRS that victims of at least 89 unique data breaches received no fraud protection for their tax filings. The number of affected victims is just over 11,000, some of whom have already fallen victim to tax filing fraud for either their 2016 or 2017 tax return. IRS staff have made promises to include the missing breaches in their tracking systems as quickly as possible and to begin assisting the victims of these incidents.
Atrium Health Breach Involves 2.65 Million Patients
The names and other sensitive personal information have been compromised for over 2.65 million patients of Atrium Health after a third-party provider experienced a data breach. Over the course of a week in late September, several servers belonging to AccuDoc were illegitimately accessed, though none of the data was downloaded. Fortunately, the servers didn’t contain payment or personal medical records and Atrium Health was informed just 2 days after the incident was discovered.
New Jersey Police Computers Hit with Ransomware
Since Thanksgiving Day, the computer systems for one New Jersey police force have been taken completely offline after experiencing a ransomware attack. Computer and email systems normally used by office administrators were also shutdown as a precaution. It’s possible that the attack originated from one of the two official devices that have been missing for several months following the previous mayor’s abrupt passing.
