The following alerts have been updated to reflect new and important security protection schemes:
1/22/2020: SIM Swap compromises using your smartphone to get text messages to authenticate with websites. Avoid using text messages to do rescue logins. A new paper from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others. Send text messages to a VoIP number such as Google Voice instead. Do not allow Google Voice to forwards Texts/Calls to your main number.
1/20/2020: Virtually all Cablemodems have the Cable Haunt critical vulnerability. Call you cable operator an ask them to upate your cablemodem’s software now. You cannot do it on your own.
12/10/2019: Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.
10/1/2019: iOS 13 has a handy feature to stop unwanted calls. You can set the phone to send unknown callers straight to voicemail! (Those not in your contacts) – Settings – Phone – Silence Unknown Callers
5/12/2019: Thrangrycat Attacks Cisco Switches, Firewall and routers. Update and patch now
3/19/2019: Windows 10 is loading more and more crap. These scripts let you uninstall the junkware and reclaim privacy.
2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page! Update your Android software right away. If your phone no longer gets updates, please consider buying a new one.
1/2019: Marvell’s Wi-Fi chip is used in millions of devices. Unfortunately, it has a major security flaw. Look for updates soon. Devices that have no way to get updated are worrisome.
12/2018: Marriott – Starwood Hotels got hacked, leaking a ton of data. Change your credit card if you booked there.
10/4/2018: Bloomberg reports that China has infiltrated major tech companies by compromising servers from their Chinese factories. Never trust your hardware!
8/24/2018: HP Inkjet printers with Fax capability have a Faxploit exploit where someone could fax you a special page and take over your entire network. Patch now.
6/11/2018: The FBI has asked users to reboot your wireless router in an effort to prevent infection from the VPNFilter malware. You should do more than this, write down its settings, reset it to default settings, and updated it to the latest software.
Always update the software for your router to the latest version. If no update has occurred in the last 6 months, BUY a new one! Affected devices include: (Expanded List)
RB Groove (new)
RB Omnitik (new)
Other QNAP NAS devices running QTS software
PBE M5 (new)
Unknown Models* (new)
ZXHN H108N (new)
4/24/2018: Windows Defender System Guard is now installed by the latest Windows 10 Updates. Make sure you are up to date.
3/21/2018: 184.108.40.206 is a free DNS Domain Name Service that helps hide the sites you goto. Cloudflare runs it and promises no logging.
1/12/2018: Laptops for Business use may have Intel AMT. You need to configure it or else your open to Intel AMT attacks.
1/5/2018: Meltdown and Spectre are 2 new processor chip bugs that affect most modern computers, smartphones, and tablets. They will need software updates to mitigate this bad bug. More Details – Older system without updates are dangerous to continue to use. Time to buy new hardware.
11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites. Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)
11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update. It works well and should be used by all Windows 10 users.
10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. Virtually ALL Wi-Fi equipped devices need to be updated. The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.
10/6/2017: Kaspersky has been implicated in stealing data from the NSA. Uninstall any of their antivirus software right away. It is now banned in the US government. Best Buy has stopped selling it.
9/1/2017: Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.
5/12/2017: Wanna Cry ransomware is spreading fast. It exploits a Microsoft bug that was patched in March 2017. It is more infectious because it can spread throughout a local network.
WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot after getting infected.
A basic lesson in patching right away and stop running old Operating systems. Microsoft took the unusual step to put out a Windows XP, 8 , Windows Server 2003 patch to help stop this. If you use any of these OS’s, upgrade to Windows 10 now.
4/12/2017: 2 easy ways to increase your security and not have to constantly update are:
4/4/2017: Google Project Zero has found a major flaw in a WiFi chip that is used on many Android and iPhones. Hackers can run malware on devices. Apple iOS 10.3.1 and newer fixes the bug. Android patches are rolling out soon. Make sure you update your device. Any phone that does not get security updates any more, should be recycled and replaced.
3/16/2017: Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..
2/16/2017: Apricorn makes a secure USB flash drives that require a pin code to be entered before they function. No software or drivers required, so it works with any operating system. Dust and water resistant durable aluminium housing
2/2/2017: Laser Printers are vulnerable to security issues. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are all affected.
2/1/2017: Netgear has updated firmware for many routers that fixes a major security hole.
1/30/2017: Security minded people use VPNs to secure their communications. Many Android VPN clients have privacy and security risks. Be careful which you use.
12/12/2016: 26 different low cost Android devices on the MTK platform have Trojan horses built in.
12/8/2016: Keyless Car Entry: Security minded folks would never buy a car that has this feature. The National Insurance Crime Bureau has a post on how a Mystery Device is used to relay your key fob’s signal to steal cars. It is best to wrap your key fob in foil or some RF blocking shield when you are away from the vehicle.
11/30/2016: Gooligan Malware has infected over 1million Android phones, most of which downloaded apps outside the official Google Play store.
11/15/2016: Some Cheap cell phones made in China have spyware that sends all your texts to China. This includes the $50 BLU R1 HD sold by amazon! Update the firmware of this device NOW.
10/2/2016: D-Link DWR-932B and Quanta 4G LTE QDH routers have major security holes- Upgrade it to the latest firmware. Details
9/22/2016: Do you run a website? If so make sure you test it for security vulnerabilities. Tinfoil Security has a nice free 90 day trial.
9/21/2016: Yahoo finally admits to a biggest breach ever. It happened back in 2014 of 500 million accounts. Change your passwords, never enter ‘real’ information into security questions. Use a Yahoo Account Key instead of a password.
9/18/2016: The Rowhammer memory vulnerability is getting important everyday. See if your hardware is vulnerable using Memtest86.
7/29/2016: No More Ransom.org (Kaspersky Lab in collaboration with Europol, the Dutch National Police and Intel Security) has a new site to help vicitims. It has a page with Decryption Tools. Beware of this company though.
7/12/2016: Kanguru makes a fast USB 3.0 flash drive with physical write protect switch and a digitally signed secure firmware to protect against Badusb. One of the first to do this. Get item to put a Linux Live CD like Ubuntu on and keep it from getting modified by malware.
- ESET has a decryptor for TeslaCrypt infections
2/24/2016: MouseJack is a new security vulnerability that allows a malware to be remotely downloaded onto a computer via a hijacked wireless mouse or keyboard connection. A hacker could remotely type in commands or move your mouse. Update the firmware on your wireless mouse/keyboard if possible, otherwise use a wired mouse – keyboard.
Logitech Update – Worked for us, but required several tries.
2/5/2016: Netgear Wireless routers do not automatically add passwords to hard drives that are plugged into them, leaving them accessible to anyone on the Internet. Make sure you change the default password. Hackers can use Shodan to find you quickly.
1/19/2016: The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems. Keep your router’s software update and if it is older than 2 years, you should buy a new one. Most networking companies’ stop updating them after a year or two. How to setup a Secure Wireless Router was updated.
11/17/2015: Several tutorials have updated lists of secure instant messaging apps. Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.
Try ones like:
- Silent Circle
- Chat Secure
- Signal (Formerly Textsecure)
7/24/2015: First of its kind. 1.4 Million 2013-2015 model year Chrysler, Dodge, Jeep Vehicles are vulnerable to remote hacking that can cause the vehicle to be controlled remotely. Get the special USB drive and update your car now.
4/28/2014: A new Internet Explorer Vulnerability that has no patch, is being actively exploited by malware. US Computer Emergency Readiness Team suggests people stop using Internet Explorer. Windows XP users need to use an alternative browser like Chrome or Firefox.
4/10/2014: Heartbleed Security Hole. Servers that use certain versions of OpenSSL software to create secure connections are vulnerable to a major bug. Lastpass has a page that can help you test websites for this bug. Flippie.io has one too.
4/7/2014: Users should change their passwords for the following sites due to the Heartbleed Internet Security Bug: fitbit.com, github.com, rememberthemilk.com, yahoo.com. Cnet has a nice list.