Target, CNN, HBO, Chipotle, Gamestop, Equifax - what do all these companies have in common? They have all been hacked this year.
But why, in our opinion, is the Equifax hack the worst? Well, many know Equifax as one of the top three credit reporting agencies. Ever applies for a home loan or an auto loan? Chances are the bank you are using has run your credit through Equifax. Equifax is reporting that sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans has been exposed. The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.
Unlike other data breaches, those affected by the breach may not even know they're customers of the company, as the company gets its data from credit card companies, banks, retailers and lenders - sometimes without you knowing.
When did this happen?
Equifax said the breach happened between mid-May and July. It
discovered the hack on July 29. It informed the public on September 7.
How did this happen?
Equifax said criminals "exploited a U.S. website application
vulnerability to gain access to certain files."
Am I at risk, and what is Equifax doing to help?
Equifax is proposing that customers sign up for credit file monitoring
and identity theft protection. It is giving free service for one year
through its TrustedID Premier business, regardless of whether you've been impacted by the hack.
To enroll and / or check whether you were affected, visit www.equifaxsecurity2017.com and click on the Check Potential Impact tab.
You'll need to provide your last name and the last six digits of your
social security number. Once submitted, you will receive a message
indicating whether you've been affected. (Giving your personal information to a company that was just hacked...ironic, we know). Then, you have the option to enroll in the program, but you can't
actually sign up for the service until next week. Each customer is
provided an enrollment date starting earliest on Monday.
Can I sue Equifax?
If you sign up for Equifax's offer of free identity theft protection
and credit file monitoring, you may be limiting your rights to sue and
be forced to take disputes to arbitration. But you can opt out of that provision
if you notify the company in writing within 30 days. In addition, some
attorneys argue that even if you don't opt out, the arbitration
provision does not cover suits related to this breach.
It seems like companies are getting hacked a lot. Is this the biggest ever?
The Equifax breach is one of the largest breaches ever. Another high-profile examples
include two breaches at Yahoo - the bigger one involved 1 billion
accounts, the lesser impacted 500 million.
Sunday, September 10, 2017
Wednesday, August 2, 2017
The FBI has issued a security warning about IoT toys.
IoT toys have the potential to violate children’s privacy and safety,
given the amount of pertinent information the toys can collect and
store, the Federal Bureau of Investigation (FBI) warned this week in an advisory.
The sensors, microphones, data storage capabilities, cameras and other features of Internet of Things (IoT) toys are able to vacuum up extensive details about a child’s name, school, activities and even their physical location.
And if those toys are hacked, criminals could use the stolen information to harm a child, the FBI warned.
What Makes IoT Toys Vulnerable?
Data collected from interactions or conversations between children and toys are typically sent and stored by the manufacturer or developer via a server or a cloud service. In some cases, data are also collected by third party companies that manage the voice recognition software used in the toys.
Voice recordings, toy Web application passwords, home addresses, WiFi information, and sensitive personal data could be exposed if the security of the data is not sufficiently protected with the proper use of digital certificates and encryption when it is being transmitted or stored.
Smart toys connect to the Internet either directly, through WiFi to an Internet connected wireless access point; or indirectly, via Bluetooth to an Android or iOS device that is connected to the Internet.
Key factors affecting the user’s security include: the cyber security features, the toy’s partner applications and the WiFi network through which the toy connects.
Superior communications connections - where data is encrypted between the toy, WiFi access points, and Internet servers that store data or interact with the toy - are crucial to mitigate the risk of hackers exploiting the toy or eavesdropping on conversations or audio messages.
The FBI notes that Bluetooth connected toys that do not have authentication requirements (such as PINs or passwords) pose risks for unauthorized access, enabling criminals to communicate with children.
What You Can Do To Protect Your Child
The sensors, microphones, data storage capabilities, cameras and other features of Internet of Things (IoT) toys are able to vacuum up extensive details about a child’s name, school, activities and even their physical location.
And if those toys are hacked, criminals could use the stolen information to harm a child, the FBI warned.
What Makes IoT Toys Vulnerable?
Data collected from interactions or conversations between children and toys are typically sent and stored by the manufacturer or developer via a server or a cloud service. In some cases, data are also collected by third party companies that manage the voice recognition software used in the toys.
Voice recordings, toy Web application passwords, home addresses, WiFi information, and sensitive personal data could be exposed if the security of the data is not sufficiently protected with the proper use of digital certificates and encryption when it is being transmitted or stored.
Smart toys connect to the Internet either directly, through WiFi to an Internet connected wireless access point; or indirectly, via Bluetooth to an Android or iOS device that is connected to the Internet.
Key factors affecting the user’s security include: the cyber security features, the toy’s partner applications and the WiFi network through which the toy connects.
Superior communications connections - where data is encrypted between the toy, WiFi access points, and Internet servers that store data or interact with the toy - are crucial to mitigate the risk of hackers exploiting the toy or eavesdropping on conversations or audio messages.
The FBI notes that Bluetooth connected toys that do not have authentication requirements (such as PINs or passwords) pose risks for unauthorized access, enabling criminals to communicate with children.
What You Can Do To Protect Your Child
- Choose IoT toys very carefully by doing lots of research. Look for any known reported security issues regarding a toy.
- Find out if a toy can receive firmware or software updates and security patches - and ensure the toy is running on the latest version.
- Closely monitor your child’s activities with each toy through the toy’s parent application, if such a capability exists.
- Ensure the toy is turned off when it is not in use.
- Create a strong and unique login password when establishing a user account. For extra strong passwords, use lower and upper case letters, numbers and special characters.
- Provide only what is minimally required for creating a user account.
Monday, July 24, 2017
RIP Microsoft Paint
Microsoft's graphics program Paint has been included in a list of Windows 10 features that will be either removed or no longer developed.
Paint has been part of the Windows operating system since its release in 1985 and is known for its simplicity and basic artistic results.
Paint's successor, Paint 3D, will still be available.
The list was issued as part of the Windows 10 Fall Creators Update, which rolls out in the autumn.
Microsoft says that features on the list will be either removed from Windows 10 or "not in active development and might be removed in future releases".
Other features facing the axe include the Outlook Express email client, which is replaced with the built-in Mail app, and the Reader app, which will be integrated into Microsoft Edge.
The BBC has contacted Microsoft for comment.
Welsh YouTuber Chaotic described Paint as "the greatest thing to have ever existed".
The artist known as Jim'll Paint It uses the program to create artwork on outlandish themes, commissioned by strangers. He has nearly 700,000 followers on Facebook.
"Paint hasn't been all that since they messed about with it anyway. I'm running XP on a virtual machine because it's the best one," he tweeted.
"They should just release the source and make it public domain," tweeted games developer Mike Dailly, creator of Lemmings and Grand Theft Auto.
One thing is for sure, Paint, you will be missed.
Paint has been part of the Windows operating system since its release in 1985 and is known for its simplicity and basic artistic results.
Paint's successor, Paint 3D, will still be available.
The list was issued as part of the Windows 10 Fall Creators Update, which rolls out in the autumn.
Microsoft says that features on the list will be either removed from Windows 10 or "not in active development and might be removed in future releases".
Other features facing the axe include the Outlook Express email client, which is replaced with the built-in Mail app, and the Reader app, which will be integrated into Microsoft Edge.
The BBC has contacted Microsoft for comment.
RIP Paint
People have expressed disappointment at the news on social media, with many tweeting "RIP" messages.Welsh YouTuber Chaotic described Paint as "the greatest thing to have ever existed".
The artist known as Jim'll Paint It uses the program to create artwork on outlandish themes, commissioned by strangers. He has nearly 700,000 followers on Facebook.
"Paint hasn't been all that since they messed about with it anyway. I'm running XP on a virtual machine because it's the best one," he tweeted.
"They should just release the source and make it public domain," tweeted games developer Mike Dailly, creator of Lemmings and Grand Theft Auto.
One thing is for sure, Paint, you will be missed.
Tuesday, June 20, 2017
Watch out Mac owners...Someone is offering Mac ransomware on the Dark Web!
In the wake of the WannaCry, a flawed piece of malware that spread virally that could've done much more damage than it did, it seems like everyone wants to jump on the ransomware bandwagon.
And if you're a malware developer, what better place to try your luck if not with Mac computers, where most user still believe they are safe by default and seem to have their guard down? That seems to be the thinking of an unknown cyber criminal who developed two new type of malicious software for Apple computers: MacSpy and MacRansom.
Despite some people's misguided beliefs (fueled in part by Apple's marketing) there's been plenty of Mac malware, even ransomware. But MacRansom and MacSpy show once again that bad guys are starting to target Macs more and more, even offering them as a service to others.
At the end of May, an unknown cyber criminal, or group of criminals, launched two sites offering MacSpy and MacRansom as services, meaning they marketed them as malware that they would sell and then offer support for.
BleepingComputer writer Catalin Cimpanu first spotted the sites. Some researchers, as well as security firms Fortinet and AlienVault have since then analyzed the samples of the ransomware and the spyware or backdoor.
While both pieces of malware aren't that sophisticated, they prove that more and more malicious hackers want to target Macs.
The bottom line: users should not assume that just because they're using a Mac they're inherently safe.
Source: BleepingComputer
And if you're a malware developer, what better place to try your luck if not with Mac computers, where most user still believe they are safe by default and seem to have their guard down? That seems to be the thinking of an unknown cyber criminal who developed two new type of malicious software for Apple computers: MacSpy and MacRansom.
Despite some people's misguided beliefs (fueled in part by Apple's marketing) there's been plenty of Mac malware, even ransomware. But MacRansom and MacSpy show once again that bad guys are starting to target Macs more and more, even offering them as a service to others.
At the end of May, an unknown cyber criminal, or group of criminals, launched two sites offering MacSpy and MacRansom as services, meaning they marketed them as malware that they would sell and then offer support for.
BleepingComputer writer Catalin Cimpanu first spotted the sites. Some researchers, as well as security firms Fortinet and AlienVault have since then analyzed the samples of the ransomware and the spyware or backdoor.
While both pieces of malware aren't that sophisticated, they prove that more and more malicious hackers want to target Macs.
The bottom line: users should not assume that just because they're using a Mac they're inherently safe.
Source: BleepingComputer
Monday, June 12, 2017
Sick of the "storage almost full" message on your iPhone? Here's how you can free up space in less than 30 seconds!
There's nothing worse than the dreaded "storage almost full"
notification and all the panic and anxiety that ensues. Trying to decide
which apps to delete can be a daunting task. So if
you're short on time, these quick cheats and easy settings adjustments
will free up space in your iPhone ASAP. That way you can get back to
watching Netflix and reacting to Facebook posts.
Set your old texts to automatically delete
There's no good reason to save that "hey what's up" message for eternity. But instead of deleting those old garbage texts one by one, simply go to Settings > Messages > Keep Messages. Decide how long you want to keep them around, and your phone deletes the oldies in one fell swoop.
Set your old texts to automatically delete
There's no good reason to save that "hey what's up" message for eternity. But instead of deleting those old garbage texts one by one, simply go to Settings > Messages > Keep Messages. Decide how long you want to keep them around, and your phone deletes the oldies in one fell swoop.
Photo Stream combines all the images you've taken on your other
devices with the photo roll on your phone, taking up precious MBs. Go to Settings > Photos & Camera, then switch off Photo Stream and revel in those sweet, sweet extra bytes.
Go to Phone > Voicemail > Edit, select old voicemails and Delete. Your phone still stores deleted voicemails for no good reason, so make sure that afterwards you scroll down to Deleted Messages > Clear All or all that hard work will have been for nothing
Delete podcasts you've already listened to
This one's going to be kind of hard to swallow, but it's time to
delete Serial off your phone. At this point, you should just assume all
parties involved are guilty. Podcasts run around 25 MBs each, so free up
some space by going to Settings > Podcasts > Delete Played Episodes.
Clear your browser cache
If you use Safari a lot, it's likely storing a ton of unnecessary web history and data to keep you browser ever-so-slightly faster. Clear that mess in Settings > Safari > Clear History and Website Data.
Purge your extraneous Instagram photos
If you use Safari a lot, it's likely storing a ton of unnecessary web history and data to keep you browser ever-so-slightly faster. Clear that mess in Settings > Safari > Clear History and Website Data.
Purge your extraneous Instagram photos
You definitely don't need a whole album full of duplicate photos that
are already readily available on Instagram. What are you going to do
with two pictures of that chicken dinner you made last night? Let it go! Go to your Photos > Edit and delete the Instagram photo album in one go.
And tell Instagram to stop saving them
This preventative measure ensures Instagram will stop saving photos in a separate album in your Photos app. Open the Instagram app > your profile > Options > unselect "Save Original Photos."
And tell Instagram to stop saving them
This preventative measure ensures Instagram will stop saving photos in a separate album in your Photos app. Open the Instagram app > your profile > Options > unselect "Save Original Photos."
Dump all that offline data
If you're a Spotify premium subscriber (or pay for similar
access to Apple Music or Slacker) you probably save certain playlists for
offline listening (so you can rock out underground during your subway
commute). But if you're in desperate need of extra space, you'll want to
scrap that luxury. There's no on-button-fix-all here; you need to
manually uncheck "Available Offline" from any playlist where you've
enabled it.
Tuesday, May 16, 2017
Beware: the WannaCrypt / WannaCry Ransomware
What is WannaCrypt Ransomware?
WannaCrypt Ransomware, also known by the names WannaCry, WanaCrypt0r or Wcrypt is a ransomware which targets Windows operating systems. Discovered on May 12, 2017, WannaCrypt was used in a large Cyber-attack and has since infected more than 230,000 Windows PCs in 190 countries.
How does WannaCrypt ransomware get into your computer?
As evident from its worldwide attacks, WannaCrypt first gains access to the computer system via an email attachment and thereafter can spread rapidly through your LAN network. The ransomware can encrypt your systems hard disk and attempts to exploit the SMB vulnerability to spread to random computers on the Internet via TCP port and between computers on the same network.
The best thing you can do it to avoid clicking on any attachments sent to you via email, even if they appear to be legitimate!
Although the first wave of this ransomware was stopped, we are already seeing new variations of it hitting computers around the world. Be sure your systems are consistently backing up. If you are unsure, contact your assigned IES agent.
Lastly, if you see the message below - or a similar one - it’s already too late for you. IMMEDIATELY SHUT DOWN YOUR COMPUTER and call IES at 781-816-9437.
WannaCrypt Ransomware, also known by the names WannaCry, WanaCrypt0r or Wcrypt is a ransomware which targets Windows operating systems. Discovered on May 12, 2017, WannaCrypt was used in a large Cyber-attack and has since infected more than 230,000 Windows PCs in 190 countries.
How does WannaCrypt ransomware get into your computer?
As evident from its worldwide attacks, WannaCrypt first gains access to the computer system via an email attachment and thereafter can spread rapidly through your LAN network. The ransomware can encrypt your systems hard disk and attempts to exploit the SMB vulnerability to spread to random computers on the Internet via TCP port and between computers on the same network.
The best thing you can do it to avoid clicking on any attachments sent to you via email, even if they appear to be legitimate!
Although the first wave of this ransomware was stopped, we are already seeing new variations of it hitting computers around the world. Be sure your systems are consistently backing up. If you are unsure, contact your assigned IES agent.
Lastly, if you see the message below - or a similar one - it’s already too late for you. IMMEDIATELY SHUT DOWN YOUR COMPUTER and call IES at 781-816-9437.
Wednesday, April 5, 2017
IES is pleased to announce our new partnership with Heartland Payment Systems - the largest credit card processor in the United States.
Heartland Payment Systems is a Global Payments company. Global Payments Inc. (NYSE: GPN) is a leading worldwide provider of payment technology services that delivers innovative solutions driven by customer needs globally. Their technologies, partnerships and employee expertise enable them to provide a broad range of products and services that allow our customers to accept all payment types across a variety of distribution channels in many markets around the world.
Headquartered in Atlanta, Georgia with more than 8,500 employees worldwide, Global Payments is a member of the S&P 500 with merchants and partners in 29 countries throughout North America, Europe, the Asia-Pacific region and Brazil.
What Heartland Stands For
Founder of the Merchant Bill of Rights: Heartland created The Merchant Bill of Rights to promote fair credit, debit and prepaid card processing practices on behalf of owners of small- to mid-sized businesses. The aim was to create an industry standard, that calls for the clear and straightforward presentation of card processing costs. The purpose of The Merchant Bill of Rights is to enable business owners who don’t have the resources of large purchasing organizations to effectively manage their costs, determine which processor best meets their needs and realize significant savings.
Making Sure Your Money Stays in Your Hands: In 2011, legislation was passed that could mean significant savings for many businesses. The Durbin Amendment, part of the Dodd-Frank Wall Street Reform Act, placed a cap on interchange or transaction fees and was intended to provide merchants relief from card processing costs. Since the amendment was passed, Heartland has delivered every cent of savings to the rightful recipients - business owners.
“We will help businesses prosper by providing them with effective solutions in a fair, honest and transparent manner.”
– Bob Carr, Heartland’s Founder
Why IES Has Partnered With Heartland
From lodging to hospitality, restaurants, bars, clubs, convenience stores, and even the government & education sectors - Heartland processes credit cards for every industry. IES is thrilled to be able to partner with a company that holds itself to such high standards.
What This Means For IES Clients
If you are an IES client, we can help you save on your merchant processing fees. Not only do we pass along the savings to you, but if you run into trouble down the road, you know you can count on us to resolve any issues! With our partnership, we have a direct link to support personnel and a dedicated account representative to guide us through anything that is thrown our way.
The Ultimate Question
How are your credit card processing rates? Give IES a call at 781-816-9437 or email contactus@iesadvisors.com to see how we can save you on merchant fees!
Subscribe to:
Posts (Atom)