Hackers Set Their Sights On Cloud Services

Hackers Set Their Sights On Cloud Services

Thanks to the pandemic, tens of millions of people are working from home. Even before then, the Cloud was experiencing a tremendous amount of growth, but since shelter in place orders were issued by many governments around the world, growth has absolutely skyrocketed. This has drawn the attention of a number of hacking groups, which have taken an increased interest in gaining access to Cloud resources, stealing login credentials and then making off with a wide range of sensitive data. According to statistics gathered by McAfee, the number of attacks aimed squarely at Cloud services have increased by a whopping 630 percent between January and April of this year. Broadly speaking, the attacks come in two basic flavors: First, logins from anomalous locations that haven’t previously been used and is not familiar to the organization. Second, what researchers are calling ‘suspicious superhuman’ logins, which are defined by multiple login attempts in a short span of time from locations scattered across the globe. For instance, you might see one login attempt made in South America with another, a few seconds later, in Asia, and so on. Rajiv Gupta, the Senior Vice President For Cloud Security at McAfee, had this to say about the company’s findings: “The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior.” The good news is that there’s a relatively simple way for organizations to reduce the risk to near-zero. Simply enable two-factor authentication and the vast majority of these types of attacks will be doomed to fail. The bottom line is that the risks are increasing and...
Gmail Gets New Quick Menu Setting In Update

Gmail Gets New Quick Menu Setting In Update

Google recently announced a change to Gmail that will make it easier for the service’s 2 billion+ users to experiment with different themes, layouts and settings. Even better, users can see the results of their changes before actually applying them. To make use of the new feature, all you have to do is click the gear icon on your Gmail screen. This displays the settings menu, which allows you to select and view different display options, inbox types and interfaces. The changes are shown alongside your current inbox, giving you a simple way to compare and contrast. Just find one you like and once you’re happy, apply the change. The company started rolling out the new “Quick Menu” option for G Suite and consumer uses on Tuesday, but if you don’t see it at present, give it a few days. With more than two billion users, it’s going to take several days for Google to complete the rollout. Google had this to say about the recent change: “We’re making these options easier to find, and letting you explore them in real time, so your actual inbox will update immediately to show you exactly what the setting will do. We hope this makes it easier to set up Gmail the way that works best for you.” It’s a small point, but it’s worth mentioning that the new menu option is enabled for all users by default, and there is no admin control option for it. In any case, it’s well worth experimenting with as you may find a layout that allows you to work more efficiently. Honestly, we love the...
Wishbone App Database Leaked To Public By Hacker

Wishbone App Database Leaked To Public By Hacker

The hacking group calling themselves ‘The Shiny Hunters’ has been busy. Recently, they put databases containing user records from eleven different companies up for sale on the Dark Web, including a massive database containing some 40 million records belonging to the popular Wishbone app. Wishbone is a social media platform that’s especially popular among children. It allows users to compare two items by way of a simple poll. The database was initially being offered for 0.85 bitcoin, which is, at the time this article was written, worth approximately $8,000. Only days after the database was originally offered for sale, it appeared elsewhere on the Dark Web in its entirety, for free. The information it contains includes usernames, email addresses, phone numbers, geo-location data, hashed passwords, and profile data, including links to uploaded user photos. That’s bad news indeed for any parent, because again, this app is especially popular among children. A closer inspection of the records the database contains reveals that the hashed passwords are only weakly encrypted, using MD5, which can easily be broken using freely available tools, putting every one of the 40 million users identified in the database at risk. If you’re not sure if your child has downloaded Wishbone, it pays to double check immediately. Be sure to change the password on any account you or your children may have associated with the account. For the company’s part, a notice recently went up on the Wishbone website that read: “Protecting data is of the utmost importance. We are investigating this matter and will share any significant developments.” Unfortunately, the most significant development is that some...
New Data Breach Affected Some Bank Of America Loan Applicants

New Data Breach Affected Some Bank Of America Loan Applicants

If you’re like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic. If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data. The breached data included, but was not limited to: Your business’ name and physical address Designated company contact officials Your firm’s Tax Identification Number The name of the company owner The Social Security Number of the company owner, as well as the owner’s email address, phone number and citizenship Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem. Per a company spokesman, “…this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process.” The company’s official words on the matter makes the issue seem rather insignificant, but there’s more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just ‘authorized lenders’ may have seen the details of your loan application. The investigation...
Microsoft Phasing Out 32Bit Windows 10 Support Starting With OEMs

Microsoft Phasing Out 32Bit Windows 10 Support Starting With OEMs

Be advised that Microsoft has announced it will begin phasing out support of the 32-bit version of Windows 10, beginning with OEM’s. The change is effective as of the May 2020 release. Microsoft had this to say about the recent change: “Beginning with Windows 10, version 2004, all new Windows 10 systems will be required to use 64-bit builds for OEM distribution. This does not impact 32-bit customer systems that are manufactured with earlier versions of Windows 10; Microsoft remains committed to providing feature and security updates on these devices, including continued 32-bit media availability on non-OEM channels to support various upgrade installation scenarios.” The long and the short of this change is that it sounds far worse than it is. The simple truth is that this change is only slated to impact about 0.20 percent of the massive Windows 10 installed base. The vast majority of Windows 10 installations already use the 64-bit version of the OS. Even so, if you are one of the few users relying on the 32-bit version, be aware that this is the first of several steps that will gradually see Microsoft backing away from 32-bit entirely. Overall, most industry experts agree that this is a good move. With such a tiny user base, systematically eliminating 32-bit support eliminates a broad range of potential issues and development conflicts that could arise as a consequence of supporting both architectures. Bottom line: It streamlines and simplifies everyone’s life, which means that Microsoft, and every company that develops Windows-compatible software will have one less thing to worry about. Kudos to Microsoft for making the decision, and...
Home Chef Company Data Breach Affected 8 Million Customers

Home Chef Company Data Breach Affected 8 Million Customers

Are you a Home Chef customer? If so, be advised that the company recently announced a data breach. It was discovered after the hackers who broke in sold more than 8 million user records on the Dark Web. The group, calling themselves “The Shiny Hunters” has been busy of late. They’ve been selling databases containing records stolen from a total of eleven different companies, with prices ranging from $500 to $2500 per database. Home Chef was made aware that the database containing their customers’ information was available for sale nearly two weeks ago. However, the company waited an inordinate amount of time before coming forward and publicly announcing the breach, a delay which has cost them in the eyes of their customers. Part of the company’s notice on their website reads, in part, as follows: “Protection of customer data is a top priority for Home Chef and we work hard to safeguard our customers’ information. We recently learned of a data security incident impacting select customer information.” The FAQ accompanying the notification goes on to outline that the stolen data includes the following information. It included the customer names, email addresses, phone numbers, the last four digits of any credit card numbers on file, encrypted passwords, and a variety of other general profile information. Home Chef stressed that only the last four digits of a customer’s card was accessed, and reiterated that they don’t store complete payment information in their databases. That’s all well and good, but the company is finding it hard to convincingly sell the idea that protection of customer data is a top priority. After all,...