How the new age of antivirus software will protect your PC

Antivirus software ain't what it used to be. The sneaky, sophisticated security threats your PC faces now have gone far beyond what traditional software can do. The future of protecting your PC will require a multi-pronged approach involving vigilant updates, bug bounties, and artificial intelligence.

Like any software, antivirus is susceptible to bugs. Earlier this summer, Google’s Project Zero discovered serious flaws in enterprise and consumer products from Symantec that allowed malicious actors to take control of a computer. Symantec provided updates for the bugs, but some required manual installation from users, who needed to be in the know.

Symantec isn’t alone. Project Zero regularly publishes findings that reveal security flaws in software made by Kaspersky Lab, McAfee, and FireEye, to name a few. Brian Soldato of NSS Labs, a security product testing organization, says his company has seen “unprecedented numbers” of vulnerabilities that are bypassing security software.

Read more »

3

Phone hacking: What the FBI won't reveal could hurt users, experts argue

WASHINGTON—We already know that law enforcement agencies can hack our phones. But we don’t know what they find, how they find it, or even who helps them discover the information. Top cybersecurity experts and lawmakers argued about how much should be revealed at a July 11 meeting of the Congressional Internet Caucus.

“Government hacking has already happened. The question of whether it should happen is actually way past the point,” said Harley Geiger, director of public policy at Rapid 7, an Internet security company. 

Geiger and others cited the FBI-Apple encryption dispute as a troubling example. Apple refused to help the FBI unlock the iPhone belonging to one of the terrorists involved in the December, 2015 attack in San Bernardino, California. The agency sued Apple, then dropped the lawsuit when it used a third party to crack the passcode in the phone instead. The issue of whether law enforcement should be able to take advantage of vulnerabilities remains unresolved, and government hacking is still unregulated.

Read more »

6

This is what your messaging app needs to be truly secure

You may love your messaging app, but your messaging app may not love your privacy and security. WhatsApp, arguably the most popular messaging app in the world with a billion users, made a significant step in April by introducing end-to-end encryption built on the Signal protocol, much to the chagrin of governments and police forces.

Some apps are much further ahead in the security game than others. As you wade through the glut of messaging services available, these are the features to look for.

End-to-end encryption

Read more »

7

How greed could destroy the ransomware racket

Ransomware scam artists have a good thing going. They infect some computers and inflict a distasteful—but ultimately logical—choice on the victims: Pay up or lose your data.

Ransoms can be an expensive lesson for most. Many consumers opt not to pay and rely on whatever backups they have. Businesses often pay—an act that may require dealing with Bitcoin markets as well as feeling like a chump. Yet, even the FBI has said it understands when victims pay.

Ransomware rules, broken

Read more »

9

All about your 'fullz' and how hackers turn your personal data into dollars

If cyber criminals have a Holy Grail, it’s your fullz, or your full set of personal information. And they’ll go to great lengths to get it.

Since 2005, more than 6,000 companies and organizations have reported breaches. Judging from prior trends, about half of those breaches likely involved the exposure of sensitive information, where consumers’ names are paired with additional data such as addresses, phone numbers, birth dates, Social Security numbers, and health records. In just 2015, for example, nearly 165 million records containing Social Security numbers were compromised in 338 breaches, according to the Identity Theft Resource Center.

Cyber crimimals are focused on bringing together an individual's full information to facilitate identity theft, allow the purchase of goods and services on the Internet, and enable criminals to open new accounts in a victim’s name. Fullz are also for sale in underground markets and the dark web, ranging in price from $15 to $65 for a U.S. citizen’s complete record, according to data collected by security services firm Dell Secureworks.

Read more »

17

How to keep USB thumb drive malware away from your PC

Maybe you know not to plug strange USB drives into your computer, but trends indicate that most people think nothing of it. 

This is not a new risk. A decade ago, a group of penetration testers—hackers who are paid to break into companies, a la Sneakers—dropped 20 USB sticks around the parking lot of a credit union. Fifteen of them were found by employees, and each of those was eventually plugged into a computer, unwittingly running a program that communicated with a "bad" server.

In a recent and more rigorous experiment, a group of researchers from the University of Illinois Urbana-Champaign, University of Michigan and Google, dropped nearly 300 USB thumb drives around six campus locations and found that at least 45 percent of them were plugged into a computer and perused by the person who found them. While some of the people made an attempt to check the drive for malware—scanning it with antivirus software, for example—very few seemingly understood the risk of using an untrusted USB drive. 

Read more »

14

What to ask your doctor, lawyer, and accountant about protecting your personal data

Accountants, doctors, and law firms—we trust them with our sensitive information, but increasingly it’s obvious that these businesses, as well as the government agencies who hold such information, are hard-pressed to keep our data safe.

In March 2016, for example, more than 2.5 million patient records were put at risk due to stolen laptops, unauthorized access, and hacking, according to data from the U.S. Department of Health and Human Services. Typically, the information is used for fraud, especially the pursuit of healthcare benefits using other people’s information.

Law firms have similarly been widely targeted by online thieves. It's one thing for the rich clients of Mossack Fonseca to be compromised after hacktivists targeted the Panamanian legal firm, but other law firms serving businesses and consumers have not been immune from such attacks.

Read more »

4