by Scott Muniz | Jan 13, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.
In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and indicators of compromise to help detect and respond to potential attacks.
CISA encourages users and administrators to review AR21-013A and apply the recommendations to strengthen cloud environment configurations.
by Scott Muniz | Jan 13, 2021 | Security
This article was originally posted by the FTC. See the original article here.
There’s a new coronavirus-related scam making the rounds, but this time the crooks are targeting small businesses. It starts with an email that claims to come from the “Small Business Administration Office of Disaster Assistance.” It says you’re eligible for a loan of up to $250,000 and asks for personal information like birth date and Social Security number. Let’s do a CSI-style investigation to spot clues that the email is a fake.
Clue #1. You got an email or phone call out of the blue that claims to be from the IRS, the Social Security Administration, or – in this case – the Small Business Administration. The FTC has warned about
government imposter scams like this.
Clue #2. You were told that you’re automatically eligible for a big loan. Real lenders never do this.
Clue #3. You’re asked to hand over your date of birth and Social Security number. This is a tip-off that the sender is trying to steal your personal information.
Phishing attempts aren’t the only scam that business owners are reporting. We’ve heard from people who have applied for loans through websites pretending to be part of the SBA’s Economic Injury Disaster Loan program, which has been extended to December 31, 2021. And other people report they’ve been contacted to repay loans they never took out. The likely culprits? Criminals who illegally applied for loans in their name.
Here are steps you can take to help protect yourself.
Check your credit report. The worst time to learn that someone has taken out a loan in your name is when you’re applying for a loan yourself. So check your credit report first at
www.annualcreditreport.com, the authorized source for the free reports consumers are guaranteed by law. In addition, the three major credit bureaus are offering free weekly online reports to consumers through April 2021. If you’re not in the market for credit or a loan,
freezing your credit offers an extra – and free – measure of protection.
Look for reliable sources of information. Looking for a loan? Don’t click on a link in an unsolicited email and be careful with online search engine results. Scammers often bait their online traps with sound-alike names and URLs, phony endorsements, and professional-looking websites. For small business owners looking for COVID-relief programs, always start at
www.sba.gov, the official site of the Small Business Administration. Or reach out to a trusted financial institution in your community.
Check out lenders before sharing personal information. Scammers who impersonate lenders have the perfect excuse to ask you for lots of personal information that can be used to steal your identity. Don’t leave a trail of personal information exposed by filling out lots of applications online with lenders you don’t know. Investigate lenders first and if you spot something amiss, stop. And then file a report at
ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 13, 2021 | Security
This article was originally posted by the FTC. See the original article here.
New health apps are popping up every day, promising to help you track your health conditions, count your calories, manage your medications, or predict your ovulation. These apps often ask for some of your most sensitive personal information, like your health history, medication list, or whether you have ever suffered a miscarriage.
Some apps use that sensitive information only to give you services. But others may use it for their own research, to target you with ads, or disclose — or even sell — your data to other companies. And, unlike your doctor, these apps may not be covered by health privacy laws like HIPAA.
For example, Flo is a health app that functions as an ovulation calendar, period tracker, and pregnancy guide. In a settlement announced today, the FTC said that the makers of the Flo app shared users’ personal health information with marketing and analytics companies like Facebook and Google — even though it had promised users to keep this sensitive information private. As part of the settlement, Flo Health, Inc. has agreed to get users’ consent before it can share their information in the future. The settlement also requires Flo to get an outside review of the honesty of its privacy promises.
How can you avoid the risks associated with these types of health apps? Here are some things to consider:
- Compare privacy protections. Many competing health apps offer similar services. When choosing between apps, compare their privacy protections. Look for a privacy notice that explains in simple terms what health information the app collects from you, as well as how it uses and shares your information with other companies and users. If the app shares your information, does it tell you why, and does it limit what others can do with it?
- Take control of your sensitive information. Take a look at the app’s settings to see if it gives you control over what health information it collects and shares. An app’s default settings often encourage sharing, so it can be useful to select more protective options.
- Keep your app up to date. App updates sometimes include important fixes for privacy or security glitches. One of the best ways to protect your information is to keep your app (and your phone’s operating system) up to date.
- Recognize the risks. What sensitive information will the app have access to? Are the app’s services worth the risk of someone else getting hold of that? Some companies don’t uphold their privacy promises. In this case, we said that even if you reviewed Flo’s privacy promises and looked at the settings, your information could still have been disclosed to other companies. Sharing sensitive information always carries risks, so be sure you’re comfortable with what you’ve shared, in case privacy promises aren’t kept.
- Report your concerns. If you think a health app isn’t keeping up its end of the bargain, let the FTC know. The FTC regularly brings enforcement actions against companies that misrepresent how they use or disclose people’s sensitive health information.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 12, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s January 2021 Security Update Summary and Deployment Information and apply the necessary updates.
by Scott Muniz | Jan 12, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Warp Speed, and the Department of Defense’s pandemic-influenced transition to telework.
For further details on those and other accomplishments, CISA encourages users and administrators to read the NSA Cybersecurity 2020 Year in Review.
Recent Comments