Malware types explained.

The amount of cyber attacks is on the rise across the globe,  Here is a quick refresher on what the different types are.

Spyware.

 This malicious software keeps an eye on your computer use without your knowledge. It collects a variety of data, depending on its design. Some forms of this malware are actually legal, often bundled with free software; it monitors your web browsing habits, uploading the data to advertising servers.

Ransomware.

This new type of malware holds your computer or files hostage and demands a payment. Some forms may simply display a pop-up demanding money before you can continue using your computer. More harmful versions encrypt your files, rendering you helpless unless you’ve got backup.

The Trojan, or Trojan Horse. 

This type of malware disguises itself as a legitimate file. When you download and run the program, the malware runs in the background, allowing third parties to access your computer. This malware is often used to monitor activity on your computer, or to link your computer to a botnet.

The Virus. 

This malware copies itself by infecting other files. It can do many different things — watch in the background and steal your passwords, display advertisements, or just crash your computer — but its key characteristic is how it spreads: by infecting programs on your computer. When you run the program on another computer, the virus will infect programs on that computer, and so on.

The Worm.

 This malware spreads in a unique way. Rather than infecting files and relying on human activity to propagate, it spreads over computer networks of its own accord. It can do any number of harmful things once it infects a computer.

Malvertising. 

This term describes the use of online advertising to spread malware.

How to detect phishing emails.

A timely reminder - please share 

 

7 Ways to Improve Your Mobile Banking Security

As mobile banking grows in popularity, experts are offering consumers advice on how to safely use this service so they can be protected while conveniently managing their finances. It’s timely advice; mobile banking is one of the industry’s fastest growing trends because it gives consumers flexibility and the chance to manage their finances anytime and anywhere. But to enjoy the benefits without compromising security, you need to make informed decisions, avoiding the scams and schemes that are growing up around this new technology. To that end, some tips:


1.Invest in an antivirus app for your smartphone or tablet to help protect you when downloading other apps and mobile content. A good site I found for ideas on this is Digitl Trends, Top 5 Android security Apps.

2.Never provide personal identification or banking information over your mobile device unless you initiate the contact and you know that you’re dealing directly with your bank.

3.Never share your password, account number, PIN, or answers to your secret questions. Moreover, don't save this information anywhere on your phone – if you do, and it’s lost or stolen, you’re a sitting duck.

4.Never set an app to automatically log you into your bank account. If you do and your device is lost or stolen, someone will have free access to your money.

5.Set your phone to require a password to power on the handset or awaken it from sleep mode.

6.Remember, your bank would never call or text you asking for personal or banking information. Assume any unsolicited text request is fraudulent.

7.Immediately tell your mobile operator and your bank if you lose your phone.


You can ensure multiple antivirus programs aren’t interfering with each other by making sure they aren’t scanning at the same time.



--> Clickbank Products

Owning your online presence - food for though.

Most of us know to secure our home networks, and to be wise in choosing when to connect to wireless networks when we’re out and about.  But did you know your device can be broadcasting your position even when it is not connected to a wireless network?


All WiFi-capable devices broadcast a unique ID called a media access control (MAC) address, when they're looking for networks, and so long as WiFi is enabled they are always looking for networks.  This means that if you walk around carrying a mobile device with WiFi enabled, then you are broadcasting your own unique radio beacon and it's easy to track your movements.

This GPS and Location-based information can be useful for the following:

•More accurate directions when using maps and directions.
•Customized information from shopping apps (showing nearest locations, deals in your area, etc.).
•Safety and peace of mind from “Find my Friends” (iOS) or “Guardian” (Windows) apps.  Apps like these can enable families to be aware of each other’s locations.  Guardian enables users to call for help through an 'SOS' alert button and also connect to security agencies, police and hospitals easily in times of crisis.  

This is not a comprehensive list, however it does show these features offer wonderful benefits.  But you want to make sure you are in control of the information you are broadcasting to the cyber world.

Is your smartphone broadcasting your movements when you shop?

Some retailers are taking advantage of the signal sent by WiFi-enabled devices. You might see a sign in a shopping center that reads:  “To provide a better shopping experience for our customers we anonymously survey the movement of mobile phones to help show us how the centre is used. No personal data is recorded at any time.”

This raises some security concerns such as claims the collected data would be de-identified and de-personalized, but “anonymous” data can still provide a lot of information and similar to other cookies and tracking methods, retailers want to use location information to produce personal profiles and targeted advertising.  But if retailers can use this information, so can phishers and social engineers.
This movement tracking is even speading to your car, with BMW developing similar technology which will allow businesses to market their products through the German car maker’s built-in satellite navigation system.
The easiest way to defeat the anonymous tracking -- simply turn off WiFi and Bluetooth on your mobile device when away from home.

Another tracking method expanding rapidly is Google’s Location History Browser, which gives a minute-by-minute map of your life.

Location History allows Google to store a history of your location data from all devices where you are logged into your Google Account and have enabled Location Reporting.  So if you have a device that uses a Google-driven operating system (e.g. an Android phone or tablet), there’s a good chance you had to answer a prompt about location history during device set-up.  And if you opted-in to this tracking, Google might have a pretty comprehensive history of where you’ve been.

This long-term tracking of location data can give deep insight into your habits and patterns.  On one hand, this can be eerie or even creepy.  But it can also be kind of fun and nifty to review.

To get around this, Google allows you to manage your privacy in two ways:  either by clearing your history, or by opting out of the service altogether.  Learn how here:  Manage Location in Google Settings

In Summary: Some tips to own your Online Presence

•When you’re not at home, consider turning off WiFi and Bluetooth.  This will both conserve your device’s battery life and also protect you from continually broadcasting your location.  Turn it on again when you want to connect to a wireless network.

•Review the privacy settings on your devices.  Be intentional about the apps you allow to access your location.  Consider turning permissions off when you are not actively using an app.

•Periodically clear your history.  This certainly applies to location history, but it applies to other kinds of history too -- this site offers practical tips for managing brower history and other private data

Keep your Networks and Data Safe.

Home Wireless Devices: 


Most wireless access points are ready-to-go right out of the box, but from a security perspective, they are wide open and insecure. This means that anyone driving (or walking) by your house or living in close proximity to your house can instantly connect to your wireless access point. Without proper security configurations enabled, your neighbors can even connect to the Internet through your network at no cost to them and could possibly access files on your home systems which reside on your PC or network.


We urge you to follow and apply the guidelines below where possible.


Protect Your Personal Information:

•Remember that everyone can view data in the airspace. Protect it appropriately by encrypting the data by using Wi-Fi Protected Access (WPA and preferably WPA2).
•Install personal firewalls and Anti-Malware software on all devices and have the most up-to-date signature files installed. You should also have the latest security patches (such as Microsoft Windows updates and Adobe Reader updates) installed on your system.
•Change the administration password on the Access Point to something other than the default one assigned by the manufacturer.
•The Service Set ID (SSID) is the name of your wireless network. For example, a Linksys router most commonly has a default SSID of "linksys." You should change your SSID from the manufacturer default, but not to something that is easily guessable.  Avoid using mailing addresses, street names, or your last name.  This can give away too much information about your physical location or identity. Suggestions might include: "homenet8273" or "h563."

Keep a Clean Machine:

•Make sure you’re using the latest firmware update for your specific Access Point / Wireless Router. Not only will you benefit from hardware bug fixes, you may also gain improved security features as well. Firmware updates are usually freely available from the manufacturer’s website and include instructions on how to perform the upgrade.
•Using Internet Security all-in-one tools are also recommended as they usually have Host Intrusion Prevention tools which are not dependent on signature files and are more behavior based.

Connect with Care:

•For the more technically savvy, you can filter, by Media Access Control (MAC) address, what devices/computers can connect and obtain an IP address from your wireless Access Point. There is a table where you can enter the MAC address from each device/computer on your network that you want to allow to communicate.
•Disable "remote administration" for the Access Point (usually the default setting). This is different from local administration, which is always enabled. Remote administration can potentially allow untrusted users on the Internet to connect to your wireless access point and administer it.

LearnSecurityOnline.com is a highly interactive online security training experience. We do this by utilizing simulators, security games, challenge servers, and hacking competitions to give you both the technical knowledge and hands-on experience required to be a competent IT & IT Security Professional all in a safe and legal environment.

Beware of Keylogging

Keystroke logging (often called keylogging) is the action of monitoring each keystroke a user types on a specific computer's keyboard, typically in a covert manner so that the person using the keyboard is unaware that their keystrokes are being collected in the background. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

 

Hardware Keyloggers:  As a hardware device, a keylogger is a small plug that serves as a connector between the user's keyboard and computer. This device looks like a normal keyboard accessory, and can be easily concealed. 

As the user types, the device collects each keystroke and saves it as text in its own tiny hard drive for the attacker to retrieve at a later time. 
 

Great examples of state of the art key loggers are available at  http://www.keelog.com/
 
 

Software Keyloggers:  Keylogger software does not require physical access to a user's computer. It can be downloaded intentionally by someone who wants to monitor activity on a designated computer (ie. public computers like those at hotels), or it can be downloaded involuntarily as Malware sent to a victim. The keylogger software records each keystroke the user types and uploads the information over the Internet to the attacker.

 
Tips to prevent keylogging...


Do not visit untrusted web sites. Some sites may have code in them that can exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even trustworthy sites can be hacked. The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could deliver a keylogger to your system when visited.)

Do not download add-ons (or other files) from untrustworthy sites. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source that you trust.

Be sure to run the latest version of your browser software.  Keep it patched and up to date.  Many exploits that hackers used have already been patched by the software vendors - all you have to do is stay up to date. 

Make sure your OS version is up-to-date and has the latest patches. Also make sure Anti-Malware client signatures are current to combat vulnerabilities to security exploits or attacks. Just like with browsers, many hackers will try to install keyloggers on your system using exploits that have long since been patched by the software vendor. If you run Windows, be sure to run Windows Automatic Updates on a regular basis.

Note: It is considered good system hygiene to check these things manually yourself on occasion.

Be wary of opening unexpected e-mail attachments.  Do not open attachment files with file extensions that are likely to be associated with Malware (e.g., .pdf, doc, .xls, .bat, .com, .exe, .pif, .vbs).

Do not open e-mails that claim sexual or monetary content. This is a common ploy used by attackers.

Delete chain e-mail and junk mail. You can also block email and create rules to better manage email that appears to be suspicious, junk, etc. Spam filters in Yahoo and gmail are particularly stringent.