Subject: Why iOS 13 Will Be A Security Nightmare For Millions Of Apple iPhone Users
Source: Forbes
https://www.forbes.com/sites/
Apple’s latest iOS operating system upgrade is now just days away. On September 10, alongside the latest generation of shiny smartphones, comes iOS 13 with its raft of security updates. But it’s not all good news for Apple’s 1 billion+ iPhone users. Because for those still persisting with anything older than an iPhone 6s, the new update will not work. And from a security perspective, that is seriously bad news.
Apple reportedly shipped around 200 million iPhone 6 and 6 Plus units, for example. And all of those phones will be dumped into OS-limbo come the iOS 13 release. The phones will still work, but security updates will not come through. Essentially, you’re on your own.
…
iOS13 is only compatible with the following devices:
…
Which means leaving those older devices exposed. The recently confirmed Chinese web hack that hit iOS devices until a patch in February, and the even more recent emergency 12.4.1 patch to close a hacking vulnerability go to show how critical such updates are to keep our phones and all our data safe and sound.
Which means if you do have one of those older models you have a real dilemma on your hands. Upgrade now to this interim step and maybe miss out next year, or take a risk for 12 months. Tough choices. But, realistically, security should come first.
[I suspect than anyone who has an obsolete iPhone isn’t going to want to upgrade to the latest and greatest b/c of cost — just my 2 bits /pmw1]
Subject: Safe Online Surfing Challenge Launches
Source: FBI via beSpacific
https://www.bespacific.com/
“The FBI’s Safe Online Surfing (SOS) Internet Challenge, which had record participation in 2018-2019, is reopening for the start of the new school year to help students navigate the web securely. As the FBI sees more and more crimes begin online, the growing participation numbers show that educators and caregivers also recognize the importance of teaching young people web literacy and safety. “Many children and teens see Internet-enabled devices as essential to their lives—needed for everything from schoolwork to social connections,” said Unit Chief Jonathan Cox of the FBI’s Office of Public Affairs. “The fact that these tools feel like second nature, however, makes it easy for young people to forget the risks they can face online. The goals of the FBI’s SOS program are to make children aware of these threats and give them the knowledge they need to steer around them.”…
beSpacific Subjects: Cybercrime, Cybersecurity, E-Government, Education, ID Theft, Internet, Social Media
sample RSS feed:
https://www.bespacific.com/
SOS site in Espanol:
https://sos.fbi.gov/es/
Subject: Protecting Against Malicious Code
Source: CISA
https://www.us-cert.gov/ncas/
What is malicious code?
Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.
- Viruses have the ability to damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.
- Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding.
- Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.
- Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.
How can you protect yourself against malicious code?
…
NB other CISA Tips:
https://www.us-cert.gov/ncas/
CISA Tips RSS feed:
https://www.us-cert.gov/ncas/
Subject: The Windows 10 Privacy Settings You Should Check Right Now
Source: WIRED
https://www.wired.com/story/
Whether you’re new to Windows 10 or have been using it for years, take a minute to lock down your privacy.
If you’re at all concerned about the privacy of your data, you don’t want to leave the default settings in place on your devices—and that includes anything that runs Windows 10.
Microsoft’s operating system comes with a variety of controls and options you can modify to lock down the use of your data, from the information you share with Microsoft to the access that individual apps have to your location, camera, and microphone. Check these privacy-related settings as soon as you’ve got your Windows 10 computer set up—or now, in case you’re a longtime user who hasn’t gotten around to it yet.
Subject: Apple calls out Google for ‘stoking fear’ and creating ‘false impression’ of iOS exploit
Source: USA Today via Yahoo
https://news.yahoo.com/apple-
Apple has issued a sharply worded rebuttal to Google’s claims that iOS security vulnerabilities exposed iPhone users to hackers for years.
Google released a lengthy blog post in late August claiming that attackers could access your Apple device if you simply clicked on a malicious website. Now, the iPhone giant wants to “make sure all our customers have the facts.”
Apple said on Friday that Google’s allegations are overstated and “narrowly focused.”
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case,” Apple said a statement just days before its next glitzy iPhone unveiling.
…
This article originally appeared on USA TODAY: Apple-Google feud intensifies over ‘false’ iPhone security flaws
Subject: Forget email: Scammers use CEO voice ‘deepfakes’ to con workers into wiring cash
Source: ZDNet
https://www.zdnet.com/article/
Criminals are using AI-generated audio to impersonate a CEO’s voice and con subordinates into transferring funds to a scammer’s account.
So-called deepfake voice attacks could be the next frontier in a scam that’s cost US businesses almost $2bn over the past two years using fraudulent email.
The Wall Street Journal reports that the CEO of an unnamed UK-based energy company thought he was talking on the phone with his boss, the CEO of the German parent company, who’d asked him to urgently transfer €220,000 ($243,000) to a Hungarian supplier.
CEOs could be an easier target for AI-generated voice fraud because their voices are often contained in earnings calls, media appearances, YouTube videos, and conferences, offering scammers plenty of data to build a model of someone’s voice.
Insurance giant AIG (American International Group) recently reported that BEC-related issuance filings from the EMEA region accounted for 23% of all cyber-insurance claims it received in 2018. It was followed by ransomware, which accounted for 18% of these claims.
More on deepfakes, business computer fraud
- FBI: US companies lost $1.3 billion in 2018 due to BEC scams
- BEC overtakes ransomware and data breaches in cyber-insurance claims
- AI, quantum computing and 5G could make criminals more dangerous than ever, warn police
- Why deepfakes are a real threat to elections and society TechRepublic
- Google, Facebook, Twitter put on notice about deepfakes in 2020 election CNET
Subject: LinkedIn Can’t Block Analytics Company From Scraping Profiles
Source: MediaPost
https://www.mediapost.com/
LinkedIn can’t rely on a 33-year-old anti-hacking law to prevent the analytics firm HiQ Labs from mining data, a federal appellate court ruled Monday.
The ruling, issued by a three-judge panel of the 9th Circuit Court of Appeals, leaves in place an injunction that requires LinkedIn to allow publicly available data about its users to be scraped by HiQ.
The decision stems from a dispute dating to May of 2017, when the Microsoft-owned LinkedIn demanded that HiQ stop scraping data from the service.
HiQ gathers data from LinkedIn’s publicly available pages, examines the information to determine which employees are at risk of being poached, and then sells its findings to employers.
LinkedIn contended that HiQ’s scraping violates the Computer Fraud and Abuse Act, a 1986 law that makes it illegal to access computer services without authorization.
Monday’s ruling appears to effectively overrule a decision issued six years ago in a dispute between Craigslist and the data miner 3Taps, which also scraped publicly available listings.
Subject: We Asked Prosecutors if Health Insurance Companies Care About Fraud. They Laughed at Us
Source: ProPublica
https://www.propublica.org/
Like most of us, William Murphy dreads calling health insurance companies. They route him onto a rollercoaster of irrelevant voice menus, and when he finally reaches a human, it’s a customer service rep who has no idea what he’s talking about. Then it can take days to hear back, if anyone responds at all.
The thing is, Murphy isn’t a disgruntled patient. He prosecutes medical fraud cases for the Alameda County District Attorney’s Office in Oakland, California. And when he calls insurers, he’s in pursuit of criminals stealing from them and their clients. But, he said, they typically respond with something akin to a shrug. “There’s no sense of urgency, even though this is their company that’s getting ripped off.”
It’s not just Murphy. I called health care fraud prosecutors across California to ask what insurers were doing to help bring cases against those plundering health care dollars. More than one simply burst out laughing. “Not much,” one prosecutor said.
…
filed under https://www.propublica.org/
more: https://www.propublica.org/
Subject: Why iOS 13 Will Be A Security Nightmare For Millions Of Apple iPhone Users
Source: Forbes
https://www.forbes.com/sites/
Apple’s latest iOS operating system upgrade is now just days away. On September 10, alongside the latest generation of shiny smartphones, comes iOS 13 with its raft of security updates. But it’s not all good news for Apple’s 1 billion+ iPhone users. Because for those still persisting with anything older than an iPhone 6s, the new update will not work. And from a security perspective, that is seriously bad news.
Apple reportedly shipped around 200 million iPhone 6 and 6 Plus units, for example. And all of those phones will be dumped into OS-limbo come the iOS 13 release. The phones will still work, but security updates will not come through. Essentially, you’re on your own.
…
iOS13 is only compatible with the following devices:
…
Which means leaving those older devices exposed. The recently confirmed Chinese web hack that hit iOS devices until a patch in February, and the even more recent emergency 12.4.1 patch to close a hacking vulnerability go to show how critical such updates are to keep our phones and all our data safe and sound.
Which means if you do have one of those older models you have a real dilemma on your hands. Upgrade now to this interim step and maybe miss out next year, or take a risk for 12 months. Tough choices. But, realistically, security should come first.
[I suspect than anyone who has an obsolete iPhone isn’t going to want to upgrade to the latest and greatest b/c of cost — just my 2 bits /pmw1]
Subject: Safe Online Surfing Challenge Launches
Source: FBI via beSpacific
https://www.bespacific.com/
“The FBI’s Safe Online Surfing (SOS) Internet Challenge, which had record participation in 2018-2019, is reopening for the start of the new school year to help students navigate the web securely. As the FBI sees more and more crimes begin online, the growing participation numbers show that educators and caregivers also recognize the importance of teaching young people web literacy and safety. “Many children and teens see Internet-enabled devices as essential to their lives—needed for everything from schoolwork to social connections,” said Unit Chief Jonathan Cox of the FBI’s Office of Public Affairs. “The fact that these tools feel like second nature, however, makes it easy for young people to forget the risks they can face online. The goals of the FBI’s SOS program are to make children aware of these threats and give them the knowledge they need to steer around them.”…
beSpacific Subjects: Cybercrime, Cybersecurity, E-Government, Education, ID Theft, Internet, Social Media
sample RSS feed:
https://www.bespacific.com/
SOS site in Espanol:
https://sos.fbi.gov/es/
Subject: Protecting Against Malicious Code
Source: CISA
https://www.us-cert.gov/ncas/
What is malicious code?
Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.
- Viruses have the ability to damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.
- Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding.
- Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.
- Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.
How can you protect yourself against malicious code?
…
NB other CISA Tips:
https://www.us-cert.gov/ncas/
CISA Tips RSS feed:
https://www.us-cert.gov/ncas/
Subject: The Windows 10 Privacy Settings You Should Check Right Now
Source: WIRED
https://www.wired.com/story/
Whether you’re new to Windows 10 or have been using it for years, take a minute to lock down your privacy.
If you’re at all concerned about the privacy of your data, you don’t want to leave the default settings in place on your devices—and that includes anything that runs Windows 10.
Microsoft’s operating system comes with a variety of controls and options you can modify to lock down the use of your data, from the information you share with Microsoft to the access that individual apps have to your location, camera, and microphone. Check these privacy-related settings as soon as you’ve got your Windows 10 computer set up—or now, in case you’re a longtime user who hasn’t gotten around to it yet.
Subject: Apple calls out Google for ‘stoking fear’ and creating ‘false impression’ of iOS exploit
Source: USA Today via Yahoo
https://news.yahoo.com/apple-
Apple has issued a sharply worded rebuttal to Google’s claims that iOS security vulnerabilities exposed iPhone users to hackers for years.
Google released a lengthy blog post in late August claiming that attackers could access your Apple device if you simply clicked on a malicious website. Now, the iPhone giant wants to “make sure all our customers have the facts.”
Apple said on Friday that Google’s allegations are overstated and “narrowly focused.”
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case,” Apple said a statement just days before its next glitzy iPhone unveiling.
…
This article originally appeared on USA TODAY: Apple-Google feud intensifies over ‘false’ iPhone security flaws
Subject: Forget email: Scammers use CEO voice ‘deepfakes’ to con workers into wiring cash
Source: ZDNet
https://www.zdnet.com/article/
Criminals are using AI-generated audio to impersonate a CEO’s voice and con subordinates into transferring funds to a scammer’s account.
So-called deepfake voice attacks could be the next frontier in a scam that’s cost US businesses almost $2bn over the past two years using fraudulent email.
The Wall Street Journal reports that the CEO of an unnamed UK-based energy company thought he was talking on the phone with his boss, the CEO of the German parent company, who’d asked him to urgently transfer €220,000 ($243,000) to a Hungarian supplier.
CEOs could be an easier target for AI-generated voice fraud because their voices are often contained in earnings calls, media appearances, YouTube videos, and conferences, offering scammers plenty of data to build a model of someone’s voice.
Insurance giant AIG (American International Group) recently reported that BEC-related issuance filings from the EMEA region accounted for 23% of all cyber-insurance claims it received in 2018. It was followed by ransomware, which accounted for 18% of these claims.
More on deepfakes, business computer fraud
- FBI: US companies lost $1.3 billion in 2018 due to BEC scams
- BEC overtakes ransomware and data breaches in cyber-insurance claims
- AI, quantum computing and 5G could make criminals more dangerous than ever, warn police
- Why deepfakes are a real threat to elections and society TechRepublic
- Google, Facebook, Twitter put on notice about deepfakes in 2020 election CNET
Subject: LinkedIn Can’t Block Analytics Company From Scraping Profiles
Source: MediaPost
https://www.mediapost.com/
LinkedIn can’t rely on a 33-year-old anti-hacking law to prevent the analytics firm HiQ Labs from mining data, a federal appellate court ruled Monday.
The ruling, issued by a three-judge panel of the 9th Circuit Court of Appeals, leaves in place an injunction that requires LinkedIn to allow publicly available data about its users to be scraped by HiQ.
The decision stems from a dispute dating to May of 2017, when the Microsoft-owned LinkedIn demanded that HiQ stop scraping data from the service.
HiQ gathers data from LinkedIn’s publicly available pages, examines the information to determine which employees are at risk of being poached, and then sells its findings to employers.
LinkedIn contended that HiQ’s scraping violates the Computer Fraud and Abuse Act, a 1986 law that makes it illegal to access computer services without authorization.
Monday’s ruling appears to effectively overrule a decision issued six years ago in a dispute between Craigslist and the data miner 3Taps, which also scraped publicly available listings.
Subject: We Asked Prosecutors if Health Insurance Companies Care About Fraud. They Laughed at Us
Source: ProPublica
https://www.propublica.org/
Like most of us, William Murphy dreads calling health insurance companies. They route him onto a rollercoaster of irrelevant voice menus, and when he finally reaches a human, it’s a customer service rep who has no idea what he’s talking about. Then it can take days to hear back, if anyone responds at all.
The thing is, Murphy isn’t a disgruntled patient. He prosecutes medical fraud cases for the Alameda County District Attorney’s Office in Oakland, California. And when he calls insurers, he’s in pursuit of criminals stealing from them and their clients. But, he said, they typically respond with something akin to a shrug. “There’s no sense of urgency, even though this is their company that’s getting ripped off.”
It’s not just Murphy. I called health care fraud prosecutors across California to ask what insurers were doing to help bring cases against those plundering health care dollars. More than one simply burst out laughing. “Not much,” one prosecutor said.
…
filed under https://www.propublica.org/
more: https://www.propublica.org/
Subject: Think your credit card is safe in your wallet? Think again
Source: Washington Post via beSpacific
https://www.bespacific.com/
Washington Post – …“Card-not-present” credit, debit and prepaid card fraud has ballooned in the United States in the last few years, reaching $4.57 billion in 2016, up 34 percent from the year before, according to the most recent Federal Reserve Payments Study. These shadowy crimes hurt both small businesses and the customer shopping experience. If you’ve swiped a credit card at a gas station that has a hidden skimmer, your information was compromised during the Equifax data breach, or you ordered something from a website infected by malware, it is more than likely that thieves have your card information, according to cybersecurity experts, who often find themselves one step behind international criminal networks.
“Recent figures suggest that over 80 percent of credit cards currently in people’s wallets have already been compromised,” said Markus Bergthaler, director of programs and marketing for the nonprofit Merchant Risk Council, which educates businesses on strategies to curtail fraud. Crooks obtain credit card information by stealing it right from the card or buying it on the massive online marketplace for stolen cards on Facebook, Twitter, Instagram and YouTube as well as the dark Web, a separate network that can’t be reached with normal browsers…”
Privacy and security issues impact every aspect of our lives – home, work, travel, education, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly complex and wide ranging ways technology is used to compromise and diminish our privacy and security, often without our situational awareness. Four highlights from this week: Beware of web beacons that can secretly monitor your email; Study finds Big Data eliminates confidentiality in court judgements; and Threat of mass shootings give rise to AI-powered cameras.
Subject: Think your credit card is safe in your wallet? Think again
Source: Washington Post via beSpacific
https://www.bespacific.com/
Washington Post – …“Card-not-present” credit, debit and prepaid card fraud has ballooned in the United States in the last few years, reaching $4.57 billion in 2016, up 34 percent from the year before, according to the most recent Federal Reserve Payments Study. These shadowy crimes hurt both small businesses and the customer shopping experience. If you’ve swiped a credit card at a gas station that has a hidden skimmer, your information was compromised during the Equifax data breach, or you ordered something from a website infected by malware, it is more than likely that thieves have your card information, according to cybersecurity experts, who often find themselves one step behind international criminal networks.
“Recent figures suggest that over 80 percent of credit cards currently in people’s wallets have already been compromised,” said Markus Bergthaler, director of programs and marketing for the nonprofit Merchant Risk Council, which educates businesses on strategies to curtail fraud. Crooks obtain credit card information by stealing it right from the card or buying it on the massive online marketplace for stolen cards on Facebook, Twitter, Instagram and YouTube as well as the dark Web, a separate network that can’t be reached with normal browsers…”