Security Protection – Harry Waldron (WP)

Facecrooks security notes a newer version of this hoax was found to be circulating 

http://facecrooks.com/Scam-Watch/Hoax-Claims-Facebook-is-Shutting-Down-on-May-15.html

QUOTE: The same rumors and hoaxes tend to circulate on Facebook time and again. There’s the classic viral message claiming that Facebook is going to begin charging users to access the site, and another popular rumor asserting that if you merely re-post a viral message, you can prevent Facebook from accessing your data. Another old rumor that apparently still has some legs asserts that Facebook will shut down imminently. 

Of course, this hoax is patently absurd; Facebook is a publicly traded company whose stocks goes for almost 27 dollars a share. It’s one of the biggest tech companies in the world; to announce that it’s going to be shut down because the CEO is stressed out is completely ridiculous, but, for whatever reason, people believe it. It’s important to treat everything you read with a healthy dose of skepticism, particularly on the Internet. Facebook isn’t going away anytime soon, and apparently neither are the hoaxes that spread on it.

Google has made some beneficial recent changes as noted below:

http://nakedsecurity.sophos.com/2013/04/28/google-tightens-up-play-store-policy-officially-bans-off-market-updates/

QUOTE: Google has made a number of changes to its Android Play Store ecosystem recently. Part of the reason is that Mountain View has been copping lots of flak for the prevalence of malware in unofficial application markets, often in pirated apps. That’s a trifle unfair, since one of the attractions of Android over Apple’s iOS is that it’s actually possible to shop “off-market” if you wish. Sure, there’s a greater risk of shooting yourself in the foot if you do, but you’re not forced to live dangerously, and even if you do go outside the Play Store, a little caution goes a long way towards keeping you safe. More realistically, however, Google has been criticized for the appearance of malicious apps in its own Play Store.

An interesting article describing risks in using personally owned mobile phones for business use

http://redtape.nbcnews.com/_news/2013/04/23/17864332-use-your-personal-smartphone-for-work-email-your-company-might-take-it

QUOTE: If you use your personal smartphone or tablet to read work email, your company may have to seize the device some day, and you may not get it back for months. Employees armed with a battery of smartphones and other gadgets they own are casually connecting to work email and other employer servers. It’s a less-than-ideal security arrangement that technology pros call BYOD — bring your own device. Now, lawyers are warning there’s an unforeseen consequence of BYOD. If a company is involved in litigation — civil or criminal — personal cellphones that were used for work email or other company activity are liable to be confiscated and examined for evidence during discovery or investigation.

The convenience is hard to ignore, as is the personal touch — workers love picking their own phones — but of course, cost savings is the real driving force. Increasingly, companies are requiring workers to supply their own gadgets at their own cost, the way a restaurant might require waiters to purchase their own uniforms. Even if companies reimburse those employees, there can be a big hidden cost for workers — the possibility of losing their phone for days or months while their company combs through it for data relevant to legal action.

Ransomware is a malicious attack that puts a lock on a user’s PC, where they cannot easily proceed without paying the charge or removing the malware.  A new fake version appears to come from FBI and even has capability to activate a user’s webcam.  Infected users should never pay this fee and they should seek removal tools to delete these malicious agents.

http://redtape.nbcnews.com/_news/2013/04/26/17917497-ransomware-tricks-victims-into-paying-hefty-fines

http://www.symantec.com/connect/blogs/upswing-ransomware-activity

QUOTE: Computer users around the globe are being hit by a new kind of virus that freezes their computer and accuses them of committing heinous crimes. The threats sound real enough that victims are coughing up $200 to pay a “fine,” and virus writer gangs are netting millions, security firms say.  In each case, the accusation appears on a pop-up screen while the virus simultaneously disables the computer. The message often shows the user’s IP address and city, and sometimes, recent websites visited by the victim.  The most alarming version activates the victim’s webcam, takes his or her picture, and displays it on the warning.

“They are saying, ‘we know who you are, where you are, and what you were doing,’” said John Harrison, a security researcher with Symantec. “They attempt to scare the heck out of you.” The victim is then offered an option: pay a fine within 72 hours, and the charges will be dropped, while the computer will be restored.

The ISC is capturing social engineering attacks and have close to 200 incidents documented

https://isc.sans.edu/diary/Report+Fake+Tech+Support+Calls+submission+form+reminder/15704

https://isc.sans.edu/reportfakecall.html

QUOTE: We are trying to better understand how common “Fake Tech Support” calls are, and what they are trying to achieve. If you received a call that claims to provide tech support, or another service, only to extract information from you or to trick you into installing malware on your system, please use the form below to report any details.

SUMMARY OF DATA CAPTURED
https://isc.sans.edu/reportfakecallstats.html

Facecrooks security warns of a new APPLICATION SCAM which is circulating inviting users to change their Facebook settings to support 8 different colors. Members who invoke this scam will send it to all contacts and may compromise their personal information 

http://facecrooks.com/Scam-Watch/Change-your-FB-Color-to-8-different-colors-Facebook-Scam.html

QUOTE: Anytime the URL starts off with apps.facebook.com/app_name_here, you should know that Facebook didn’t develop the app. Scammers often try to trick users by promoting apps promising Facebook features, upgrades, etc.  If an unsuspecting user installs the application, this will allow them to spam their scam messages to all of your friends. Do you really want to let an unknown (scam) developer have this much access to your Facebook information? These scams are known to use multiple Facebook apps to spread virally across Facebook. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.

As noted below, PC Magazine recently noted key anti-virus tools in recent article:

http://securitywatch.pcmag.com/security-software/310783-which-antivirus-is-best

* Best Cleanup — the free Malwarebytes utility excels at cleanup
* Best Installation Experience — Malwarebytes, Webroot, and Bitdefender are among those that took a five-star rating
* Best Free Antivirus — Malwarebytes is free, but it’s cleanup-only. For ongoing protection, so you won’t have to come clean up again next week, consider AVG.
* Best Ongoing Protection — Norton excels at blocking access to malicious and fraudulent websites. AVG and Webroot were among those that detected almost every threat

As noted in the security awareness post by Facecrooks security, Facebook users should always be careful of what they post on social networking sites

http://facecrooks.com/Internet-Safety-Privacy/Study-Finds-that-81-of-Lawyers-Use-Evidence-From-Facebook-Other-Social-Sites.html

QUOTE: At this point in the history of social media, virtually everyone understands that what they say or do online can come back to haunt them. A shocking statistic was revealed this week by The American Academy of Matrimonial Lawyers. They found that 81 percent of their members had used evidence from Facebook and other social networking sites. The use of Facebook evidence in divorce hearings goes beyond just proving infidelity, though there’s plenty of that. According to a study by the Pew Internet and American Life Project, about one in five adult Facebook users use the site for flirting. Lawyers also peruse the site to provide evidence of anger issues, drug problems, or items that could prove useful to their case.

While it may be a sign of the times that everyone from the police to divorce attorneys is mining Facebook for evidence, there are simple steps every user can take to protect their information. Total Divorce, the group that illustrated the link between Facebook and divorce proceedings, recommends keeping your distance from Facebook if you’re going through a divorce. Don’t post all over Facebook about how bad your ex is, and try to keep your circle of friends separate as well. That angry message you dash off at 3 a.m. might just end up biting you in court.

Numerous users were impacted by this cyber attack and should change their accounts to use strong passwords immediately

http://abcnews.go.com/Technology/livingsocial-hacked-50-million-customers-data-compromised/story?id=19057439

http://www.huffingtonpost.com/2013/04/26/livingsocial-hacked-cyber-attack_n_3165643.html

https://livingsocial.com/createpassword

QUOTE: LivingSocial, the second-largest daily deal company behind Groupon Inc, said on Friday that it was hit by a cyber attack that may have affected more than 50 million customers. The company said the attack on its computer systems resulted in unauthorized access to customer data including names, email addresses, date of birth for some users, and “encrypted” passwords.

LivingSocial stressed that customer credit card and merchants’ financial and banking information were not affected or accessed. The company also does not store passwords in plain text. “We are actively working with law enforcement to investigate this issue,” the company, part-owned by Amazon.com Inc, wrote in an email to employees.

PC Magazine warns of a new exploit that can allow hackers to unlock phones exposing private data and creating opportunities for misuse of the account.

http://securitywatch.pcmag.com/security/310678-viber-exploit-lets-hackers-unlock-your-android-phone

QUOTE: The Viber messaging app has been gathering momentum on Google Play, but a new exploit might give users pause. Just a few days ago, the security company Bkav announced that it has found a way to gain full access to Android phones using the popular Viber messaging app. Unlike the Samsung lockscreen issue we reported on earlier, this attack doesn’t take any fancy finger work. Instead, all it needs is two phones, both running Viber, and a phone number.

Here’s how it works. The victim phone is locked, but it has Viber installed and set up. The attacker phone sends a message to the victim, which brings up an alert window on the lockscreen. One of the unique features of Viber is that you can respond even while the phone is locked, and activating the Viber keyboard is the next step in the attack.  Once the keyboard is active on the victim phone, the attacker sends another message. This time, press the back button on the victim phone, and suddenly you have full access to the victim phone.

According to Bkav, the issue stems from the way Viber interacts with the Android lockscreen. BKav’s security division director Nguyen Minh Duc explained on the company’s website, “the way Viber handles to popup its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear.”