WebProNews

Tag: Hackers

  • FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    The FBI is trying to determine if JetBrains was compromised as part of the SolarWinds attack.

    The SolarWinds attack was one of the largest, most damaging hacks against US government and corporate entities. Some experts have said it will take months, or even years, to understand the extent of the damage.

    What made the SolarWinds attack so successful was that it was a supply chain attack. Rather than trying a brute force attack, or tricking organizations into installing suspect software, hackers compromised SolarWinds’ Orion IT monitoring and management software. Since this legitimate software is in use by countless organizations, by compromising it and installing a trojan directly in it, hackers were able to hack organizations using Orion IT.

    The FBI is now concerned a second application may have been compromised in a similar nature, according to Reuters. JetBrains makes a project management application called TeamCity. Like Orion IT, TeamCity is used by companies around the world, making it extremely important to determine if it was compromised as well.

    “We are not aware of any investigation nor have we been contacted by any agencies,” a JetBrains spokesman said. “We are not aware of any vulnerabilities in the product or breaches that would allow for this, nor that any of our customers were affected.”

  • FBI Warns of Cyberattacks Against Online Learning

    FBI Warns of Cyberattacks Against Online Learning

    The FBI is warning that hackers are increasingly targeting online learning as students get back to class after the holidays.

    While the success of remote work and distance learning have exceeded many people’s expectations, it has also provided new opportunities for hackers and bad actors. Companies have had to take measures to ensure employees can connect remotely and schools have worked to protect their classes from Zoom-bombing and other hacks.

    Even so, the FBI is warning that hackers are increasing their attacks.

    “It’s of greater concern now when it comes to K-12 education, because so many more people are plugged into the technology with schooling because of the distance learning situation,” FBI Cyber Section Chief Dave Ring told ABC News. “So things like distributed denial of service attacks, even ransomware and of course, domain spoofing, because parents are interacting so much more with the schools online.”

    While Zoom-bombing may be one type of attack, ransomware is another common, more dangerous attack. According to the FBI, there has been a nearly 30% increase in ransomware attacks against schools.

    “The broader the move to distance learning, I think the more attacks you’re going to see, just simply because there are more opportunities for it and it’s more disruptive,” Ring said. “Not everybody’s looking to make money when it comes to criminal motivations for these attacks. A lot are they’re looking to steal information. They’re looking to use that for financial gain. They’re looking to collect ransoms.”

  • SolarWinds Hackers Gained Access to Microsoft Source Code

    SolarWinds Hackers Gained Access to Microsoft Source Code

    Microsoft has revealed that hackers viewed some of its source code as part of the SolarWinds attack that government agencies are still investigating.

    The SolarWinds attack is one of the most devastating cyberattacks perpetrated against US companies and government agencies. Believed to be the work of Russian hackers, the attack was a supply chain attack, compromising SolarWind’s Orion IT monitoring and management software.

    As one of the organizations impacted, Microsoft has now revealed the hackers viewed some of its source code, but did not make any modifications.

    We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.

    Microsoft is not concerned about the source code being viewed, since the company’s security protocols assume its source is being viewed by outside elements.

    At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.

    As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access.

    Although Microsoft seems to be containing any damage adequately, the degree to which the attackers compromised one of the biggest tech companies in the world is further evidence just how successful the SolarWinds attack was.

  • GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy is once again in the news for all the wrong reasons after employees were tricked into helping hackers take over domains.

    This latest attack targeted a number of cryptocurrency services, and relied on “social engineering” to convince GoDaddy employees to hand over control of the target companies’ domain names. Mike Kayamori, CEO of Liquid, described the attack:

    On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

    Kayamori said the company believes all client funds and digital wallets are secure, although personal information was compromised, including names, emails and encrypted passwords.

    Although there does not appear to be any statement on GoDaddy’s website acknowledging the breach, the company issued a statement to Engadget, confirming that a “limited number” of its employees had fallen for “social engineering” tactics resulting in unauthorized changes to customers accounts and domains.

    This is a huge embarrassment for GoDaddy, especially since the company was victim of a similar attack that impacted Escrow.com back in March.

  • FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    The FBI has warned that hackers have been accessing proprietary source code from government agencies and businesses by exploiting SonarQube.

    SonarQube is a code inspection platform that currently supports 27 programming languages and helps developers write cleaner, more secure, bug-free code. SonarQube integrates with a number of third-party services and platforms, including GitHub, GitLab, LDAP, Active Directory, BitBucket, Azure DevOps and more.

    Unfortunately, according to the FBI (PDF), it appears a number of organizations using SonarQube left the default parameters in place, opening themselves up to security issues and code theft.

    In August 2020, unknownthreat actors leaked internal data from two organizations through a public lifecycle repositorytool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks. This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.

    During the initial attack phase, cyber actorsscan theinternetfor SonarQube instances exposed to the open Internet using the default port (9000) and a publicly accessible IP address. Cyber actors then use default administrator credentials (username: admin, password: admin) to attempt to access SonarQube instances.

    The FBI recommends following basic security protocols that, quite frankly, organizations should have implemented from the beginning. This includes, changing the default admin username and password, the default port through which SonarQube is accessed, putting SonarQube behind a login screen, checking for unauthorized users and keeping the platform behind the company firewall.

  • Ransomware Results In a Fatality In Germany

    Ransomware Results In a Fatality In Germany

    Ransomware has been a growing issue for years but, in a first, ransomware appears to have caused the death of a hospital patient.

    According to the BBC, a ransomware attack disabled Düsseldorf University Hospital in Germany. A female patient at the hospital was preparing for a life-saving procedure when the ransomware hit, and died when medical personnel were trying to transport her 30km away to the nearest hospital.

    It’s possible the hackers mistakenly targeted the hospital. The BBC quotes local reports saying the hackers were trying to hit another university. Those same reports say the hackers turned over the decryption keys without payment once they realized the hospital had been impacted.

    Whether the attack was intentional or not, authorities are now investigating it as a negligent homicide. Unfortunately, it also appears the attack could have been averted. The hackers used a well-known vulnerability in Citrix VPN software, a vulnerability that organizations had been warned about as early as January. If prosecutors do make their case, the hospital will likely face penalties for ignoring the danger.

    This tragedy should serve as a sobering reminder to companies of all kinds to keep up with security alerts and vulnerabilities, and keep their software and services up-to-date.

  • Canon Suffers Major Ransomware Attack

    Canon Suffers Major Ransomware Attack

    Cannon has suffered a crippling ransomware attack, impacting numerous services and resulting in data loss and theft.

    Cannon’s online photo and video storage service experienced a nearly week-long outage, as well as data loss for customers using the 10GB of free storage Canon offered. Despite the obvious problems, Canon was tightlipped about the issue, and refused to comment.

    In response, BleepingComputer set out to investigate. A source confirmed to BleepingComputer that Canon’s email, Microsoft Teams and other applications were all experiencing outages. BleepingComputer was also able to obtain a partial copy of a Maze ransomware note Canon allegedly received. After reaching out to Maze, Maze operators confirmed to the publication they had successfully breached Canon, although denied they were responsible for issues with the image site that initially prompted BleepingComputer to investigate. The hackers also claimed to have stolen some 10TB of data, including private databases.

    If the ransomware attack is as bad as the Maze operators are claiming, Canon is in a tough spot. While it’s understandable that they wouldn’t want to reveal details about the attack, being as tightlipped as they have been will likely backfire in the long run.

  • Majority of Users Don’t Change Passwords After Data Breach

    Majority of Users Don’t Change Passwords After Data Breach

    A new study has found the vast majority of users fail to change their passwords after being notified their data was impacted by a security breach.

    Virtually everyone has received an email from a credit agency, or a company whose products and services they use, informing them their data was compromised in a breach. Inevitably, those emails include recommendations to change their password. Unfortunately, it appears those warning go largely unheeded.

    Sruti Bhagavatula and Lujo Bauer of the Carnegie Mellon University, and Apu Kapadia of the Indiana University Bloomington, conducted a study on the aftermath of data breaches, with a goal to helping companies better mitigate damage.

    According to the researchers, “only 21 of the 63 affected participants changed a password on a breached domain after the breach announcement.”

    To make matters even worse, “previous work has shown that, on average, a user exactly or partially reuses their passwords on over 50% of their accounts.”

    This means that many customers are not only at ongoing risk from the data breach directly impacting them, but their data on other, unrelated sites is also at risk because of reusing passwords.

    The study illustrates that companies need to do a far better job of helping customers choose more secure passwords, and engage them post-breach to help them update their passwords and information. Overall, the study is an in-depth look at the challenges companies face in order to better mitigate the impact of data breaches and is a must-read for any security professional.

  • Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited

    Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited

    Sophos has issued a hotfix for its XG Firewall to patch a zero-day exploit that was being actively exploited by hackers.

    According to Sophos, the firm was first made aware of the issue on April 22 by a customer who noticed “a suspicious field value visible in the management interface.” After investigating, Sophos determined the value was not a bug, but indicative of an attack against both physical and virtual XG Firewall units.

    “The attack used a previously unknown pre-auth SQL injection vulnerability to gain access to exposed XG devices,” reads the security bulletin. “It was designed to exfiltrate XG Firewall-resident data. Customers with impacted firewalls should remediate to avoid the possibility that any data was compromised. The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts. For example, this includes local device admins, user portal accounts, and accounts used for remote access. Passwords associated with external authentication systems such as Active Directory (AD) or LDAP were not compromised.”

    Because Sophos issued a hotfix for the vulnerability, a message should display on the XG management interface informing customers if their units were impacted. Uncompromised customers do not need to take any additional action, while compromised customers are encouraged to reset device administrator accounts, reboot the devices and reset passwords for local user accounts. If users had reused their XG passwords anywhere else, those should also be reset.

  • Mozilla Raising Firefox Bug Bounties

    Mozilla Raising Firefox Bug Bounties

    Mozilla has announced it is raising the bug bounties it pays for Firefox to $10,000.

    Bug bounties are a popular way of encouraging developers and “white hats,” the term for ethical hackers that find and report vulnerabilities, to work with companies and test their products and services. Most major companies pay significant bounties for bugs that are reported to them. In many cases, white hats are able to make a full-time income off the bounties they collect.

    According to Mozilla’s blog post, the company has made use of bug bounties since 2004, paying out some $965,750 between 2017 and 2019. While the average payout was $2,775, the most common amount was $4,000.

    The company is making a number of changes to make the bounty program more accessible, while also splitting bounties among duplicate reports that are filed within 72 hours of the first report. This is being done in an effort to reward individuals who may have come in second or third by mere hours. In addition, the company is raising its payouts.

    “Besides rewarding duplicate submissions, we’re clarifying our payout criteria and raising the payouts for higher impact bugs,” writes Mozilla’s Tom Ritter. “Now, sandbox escapes and related bugs will be eligible for a baseline $8,000, with a high quality report up to $10,000. Additionally, proxy bypass bugs are eligible for a baseline of $3,000, with a high quality report up to $5,000.“

    Mozilla’s announcement will likely be a big motivation for white hats to continue finding and reporting bugs in Firefox.

  • Apple Says iOS Mail Vulnerability Poses No Immediate Threat

    Apple Says iOS Mail Vulnerability Poses No Immediate Threat

    Apple has said a recently discovered iOS Mail vulnerability poses no immediate threat and a fix is coming soon.

    As previously covered, security firm ZecOps discovered a flaw in iOS Mail, affecting both iPhones and iPads. The flaw involved a blank email being sent to a device, an email that would cause a crash and reset. The reset created an opportunity for a hacker to steal data from the device. ZecOps believes the vulnerability was being exploited as far back as 2018, and was working with a client they believed was targeted using this vulnerability in late 2019.

    In spite of that, Apple reached out to Bloomberg reporter Mark Gurman to issue a statement, which Gurman tweeted:

    Apple responds to ZecOps report on Mail app vulnerabilities, says it doesn’t pose immediate risk and software update coming.

    ”Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.”

    — Mark Gurman (@markgurman) 4/23/20

    Apple’s response is good news, although it still leaves a number of questions, not the least of which is what did ZecOps find in the way of vulnerabilities being exploited over the last two years?

  • Hackers Targeting Unpatched Windows Bug

    Hackers Targeting Unpatched Windows Bug

    Microsoft has issued an advisory warning that hackers are using a new, unpatched bug to target Windows users.

    According to the advisory, “Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.

    “Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

    “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

    Microsoft is working on a fix and will likely include the fix on Update Tuesday, the second Tuesday of the month.

  • 100,000 WordPress Sites Vulnerable To Being Wiped

    100,000 WordPress Sites Vulnerable To Being Wiped

    A security issue in a popular WordPress plugin has left some 100,000 websites vulnerable to being completely wiped.

    Security firm WebARX discovered a flaw in the ThemeGrill Demo Importer plugin. The plugin imports other plugins developed by ThemeGrill. When WebARX first discovered the flaw, some 200,000 websites had the plugin installed, although that number has now dropped to 100,000. This is likely due to companies uninstalling the plugin to mitigate the risk.

    To make matters worse, this vulnerability is being actively exploited. WebARX has already stopped over 16,000 attacks attempting to exploit the plugin.

    “This is a serious vulnerability and can cause a significant amount of damage,” writes WebARX. “Since it requires no suspicious-looking payload just like our previous finding in InfiniteWP, it is not expected for any firewall to block this by default and a special rule needs to be created to block this vulnerability.”

    ThemeGrill has updated the plugin to fix the vulnerability. All impacted sites would install the new version immediately.

  • Ring Is a Case Study In Bad Privacy Policy

    Ring Is a Case Study In Bad Privacy Policy

    Ring has been in the news for its ongoing struggles with privacy issues. Its latest response, not to mention its approach in general, could serve as a case study of what not to do.

    Ring was first in the news over a number of incidents where individuals were able to hack the cameras, spy on and interact with the owners. Following that, VICE tested Ring’s security and found it was abysmal. The nail in the coffin was the Electronic Frontier Foundation’s (EFF) investigation that showed Ring was sharing a load of identifiable information with third-parties. The worst part is that users were not notified of what data was being collected and shared, let alone given a way to control or opt-out of the collection.

    Now CBS News is reporting that “although it confirmed that it shares more data with third parties than it previously told users, the company said in a statement that it contractually limits its partners to use the data only for ‘appropriate purposes,’ including helping Ring improve its app and user experience.”

    Essentially, the company is saying “yes, we got caught doing something we shouldn’t have been doing, but you should totally trust us that we’re doing it responsibly.”

    Ring’s troubles and their response should be a lesson to every company that deals with customers’ private data: A strong commitment to privacy should NEVER be an afterthought, add-on or damage control. In an era when hackers are eager to take advantage of weak data policies, when companies look to profit from their customers’ data and when an interconnected world means that a single breach can have far-reaching consequences—privacy must be built-in from the ground up.

    The fact that it should especially be built-in from the ground up in a service that is designed specifically to protect user privacy and security should go without saying. However, since Ring obviously needed someone to say it, the company should stand as an example of what not to do when it comes to protecting customer privacy.

  • U.S. Indicts 4 China Military Personnel for Equifax Breach

    U.S. Indicts 4 China Military Personnel for Equifax Breach

    TheStreet.com is reporting the U.S. has handed down a nine-count indictment against four Chinese military personnel, claiming they hacked into Equifax.

    “This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William Barr said in a statement.

    “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us.”

    The indictment accuses the hackers of stealing Americans’ personal data, as well as trade secrets from Equifax. The hackers evidently used a tor router to route their connection through nearly 20 countries and 34 different servers in an attempt to cover their tracks.

    While there’s virtually no chance the indictments will result in anyone being brought to justice—since they are active Chinese military personnel—it will likely be a source of embarrassment to Chinese officials, especially as the country is trying to end the trade war with the U.S.

  • WhatsApp Bug Let Hackers Access Computers Via a Text Message

    WhatsApp Bug Let Hackers Access Computers Via a Text Message

    Facebook has just patched a vulnerability in WhatsApp that could allow a hacker to take control of a target’s computer via a single text message.

    Security research Gal Weizman, with PerimiterX, discovered the flaw and worked with Facebook to fix it. The flaw does not impact all users, only those using the iOS version paired with a desktop version, either macOS or Windows.

    According to Facebook’s security advisory, “a vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.”

    As Weizman points out, much of this is because Facebook has not properly updated the underlying framework on which the desktop version of WhatsApp is built on. That framework is Electron, a platform that allows developers to use web technologies to create “native” apps. Electron, in turn, is based on Chromium, the open-source foundation of Google Chrome. In an era where cloud computing and web applications have become dominant, Electron gives companies the ability to maximize their developer talent by focusing on web languages, frameworks and technologies.

    Unfortunately, in this instance, WhatsApp was based on Electron 4.1.4, instead of the current 7.x.x. In version 4.1.4, the included version of Chromium was Chrome/69, instead of the current Chrome/78. If Facebook had updated to the latest version of Electron, and therefore the underlying Chromium, this bug would not have been possible, as it had been patched in Chromium and Electron some time ago.

    “It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message,” Weizman writes.

    He’s absolutely right. At a time when hackers are developing more powerful tools and methods to compromise systems, there is no excuse for development this lazy and irresponsible.

  • Google Paid Record-Breaking $6.5 Million In Bug Bounties In 2019

    Google Paid Record-Breaking $6.5 Million In Bug Bounties In 2019

    Google has announced it paid a record-breaking $6.5 million through its Vulnerability Reward Programs in 2019.

    Google’s VRPs rewards security researchers who find and report bugs so the company can address them. According to the company, 2019’s payout doubled what had been paid in any previous single year.

    Programs such as this have become a critical tool for companies in the fight against hackers and cybercriminals. By relying on security researchers and “white hat” hackers, companies hope to find security vulnerabilities and bugs before cyber criminals, or “black hats.”

    According to Google, “since 2010, we have expanded our VRPs to cover additional Google product areas, including Chrome, Android, and most recently Abuse. We’ve also expanded to cover popular third party apps on Google Play, helping identify and disclose vulnerabilities to impacted app developers. Since then we have paid out more than $21 million in rewards.”

    Although $6.5 million is a sizable amount, it pales in comparison to the cost of an exploited security vulnerability or data breach. In fact, according to a study sponsored by IBM Security, the average cost of a single data breach is $3.92 million. In view of the number of bug fixes that $6.5 million facilitated, it seems like quite the bargain.

  • Intel Dealing With Zombieland Flaw For Third Time

    Intel Dealing With Zombieland Flaw For Third Time

    For the third time in a year, Intel is preparing to release a patch to address two microarchitectural data sampling (MDS) flaws, also known as Zombieland flaws.

    According to the company’s blog post, of these two new issues, one is considered low risk and the other medium. Both of them require authenticated local access, meaning a hacker should not be able to remotely exploit these flaws. These new issues are closely related to issues that were addressed in May and November 2019, as Intel has worked to progressively reduce the MDS vulnerability.

    “These issues are closely related to INTEL-SA-00233, released in November 2019, which addressed an issue called Transactional Synchronization Extensions (TSX) Asynchronous Abort, or TAA,” writes Jerry Bryant, Director of security communication in the Intel Platform Assurance and Security group. “At the time, we confirmed the possibility that some amount of data could still potentially be inferred through a side-channel and would be addressed in future microcode updates.

    “Since May 2019, starting with Microarchitectural Data Sampling (MDS), and then in November with TAA, we and our system software partners have released mitigations that have cumulatively and substantially reduced the overall attack surface for these types of issues. We continue to conduct research in this area – internally, and in conjunction with the external research community.”

    Intel has faced intense criticism from security researchers for its decision to address these vulnerabilities in phases, rather than taking an immediate, comprehensive approach to fixing them.

    In the meantime, the latest patch should be available “in the near future.”

  • PSA: NSA Issues Warning About Windows 10 Vulnerability

    PSA: NSA Issues Warning About Windows 10 Vulnerability

    The National Security Agency (NSA) has issued a press release detailing a severe vulnerability in Windows 10 and encouraging all users to update immediately.

    According the NSA’s press release, the agency discovered the vulnerability in the Windows 10 cryptography functionality. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.”

    It is relatively unusual for the NSA to issue a press release about a vulnerability, but the severity of this particular one warranted it.

    “The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

    The agency recommends all users immediately apply all January 2020 Patch Tuesday patches to mitigate the danger.

  • FBI Using Deception to Help Protect Companies From Cybercrime

    FBI Using Deception to Help Protect Companies From Cybercrime

    According to an Ars Technica story, the FBI is using one of the oldest tricks in the book to help companies protect data: deception.

    Under a program called IDLE (Illicit Data Loss Exploitation), the FBI is working to proactively protect companies, rather than waiting for an incident to occur. According to Ars, IDLE is “a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.”

    The goal is to lure hackers into going for fake data, servers or infrastructure, leading them down dead-ends. The longer hackers are engaged with these fake systems, the more time security experts have to track them down.

    The program represents a fundamental shift in the FBI’s approach, where there is a greater emphasis placed on cooperation between the FBI and other government agencies, as well as with the private sector. In the ongoing arms race between cyber criminals and cyber security experts, the FBI’s approach is an innovative—albeit old—tactic that should help companies better protect themselves.

  • FBI Warns Travelers About Automatically Joining WiFi Hotspots

    FBI Warns Travelers About Automatically Joining WiFi Hotspots

    On the eve of the holiday travel season, the FBI’s Oregon field office is warning travelers about the danger of letting their computers and devices automatically connect to open WiFi networks.

    Many devices have a feature that allows them to automatically scan for, and join, open WiFi networks. While convenient, the feature represents a world of potential problems, as there is no way to verify the safety and security of an unknown hotspot. There could be hackers scanning traffic on a third-party, open network, or the network itself could be hosted by bad actors.

    The FBI’s post outlined a number of common sense precautions travelers should take:

    “Now is not the time you want to talk about cyber security, but we do have a few travel tips to keep you safe while you are on the go.

    • Don’t allow your phone, computer, tablet, or other devices to auto-connect to a free wireless network while you are away from home. This is an open invitation for bad actors to access your device. They then can load malware, steal your passwords and PINs, or even take remote control of your contacts and camera.
    • If you do need to connect to a public hotspot – such as at an airport or hotel – make sure to confirm the name of the network and the exact login procedures. Your goal is to avoid accidentally connecting to a fraudster’s WiFi that they are trying to make look legit.
    • If you absolutely have to use an unsecured hotspot, avoid doing anything sensitive like accessing your bank account. A hacker would love your user ID and password – don’t give it to them.
    • Related to the above point, using your own secured hotspot from your phone is generally a better option.
    • If you are having guests stay at your home, consider setting up a separate WiFi account for them. That way, if they are running unsecured devices on your network, you can segregate their vulnerabilities from your sensitive data.
    • Disable location services – including those on your social media accounts and in your camera settings – that tell people where you are.
    • Finally, as hard as this may be in a world of oversharing, consider NOT pushing out pictures and posts about your grand adventures. Yes, your kids are adorable and Christmas morning was the best ever – but do you really want to tell the world that you are away from home?

    “From the FBI family to your family, enjoy your travels and stay safe.”

    The FBI’s recommendations are solid tips that should be followed at all times.