The SecuriTea News - Issue #20
Each week The SecuriTea News brings you the latest Cybersecurity News. Receive even more information by signing up for our newsletter. Here's what's new for this week:
Scary Real-Life Hijacking Camera Incident.
Please, please - did I say please? - err on the side of caution when setting up new smart devices into your home. Very creepy (see, scary) incidents have been occurring recently were families that bought and installed Ring security cameras in Mississippi, Georgia, Florida, and Texas have reported incidents that hackers had tormented the families with racial slurs, encouraged children into destructive behavior and demanded a ransom in Bitcoin. One such incident occurred where a camera was installed in a daughter's room, to keep watch on as the mother works at night, and instead of her mother's watchful eye an attacker hijacked the camera, started playing creepy music, talked to the little girl and even encouraged destructive behavior before her dad came into the room and disconnected the camera. It is a parent's, and honestly, anyone's worst nightmare to have their privacy invaded by these vulnerable devices. An investigation is currently underway regarding how this can be occurring but here are some important steps you can take to make sure you are being safe: 1) If you are installing a device on your home network make sure your wifi is safe! (Don't reuse passwords). 2) Enable Multi-factor authentication on all smart devices, if possible (This gives you an extra layer of protection). Read more about the incident here.
Google Chrome Warns You If Your Username/Password Has Been Stolen.
Google has added several new featured to its Chrome browser that is aimed at keeping your browsing experience safer. For example, the next time you try to login to a website, Chrome will warn you if your username and password were compromised in a data breach. It will also suggest you change any passwords you've reused. The feature has been in the works for some time now and was launched as an extension back in February. Now it has been embedded directly into Google Accounts. Below is an example of what you will now see when you login using a certain username/password to a website.
Google is also adding real-time phishing protection to Chrome on the desktop. The Chrome browser already warns you when it thinks you're about to navigate to a website that will attempt to steal your information, however, Google says this new feature is now 30 percent more likely to warn you of a potential threat. Additionally, Chrome will also tell you when it thinks you're about to enter your Google Account password into a suspected phishing website. Google is offering many other features that are a great step in the direction of helping users protect themselves on the internet. You can read more about the password protections Chrome has to offer here.
Deepfake expected to disrupt 2020 elections.
Previously, we have spoken about the rise of deepfake technology and it's potential to disrupt the way audiences discern truth from fiction. Now, the credit bureau Experian has rolled out the 2020 edition of its annual Data Breach Industry Forecast that predicts that hackers will increasingly target the political scene and activists using deepfake content and other infamous cyber weapons. “Cybercriminals will leverage text-based ‘smishing’ identity theft techniques to target consumers participating in online communities, such as those supporting presidential candidates, with fraudulent messages disguised as fundraising initiatives,” reads the forecast. (Smishing is just a combination of the word 'phishing', which is a popular email-based attack method, and the acronym SMS as a way to explain that these two things are being combined in a new attack). Experian tells readers to watch out for telltale signs like misspelled words, poor grammar and requests for personal information such as your social security number, credit card or bank account information. “A good rule of thumb is to refrain from responding to text messages from unknown senders,” the report says. Something else that has come from this publication is that cyber-crooks will begin leveraging deepfake content to help influence political outcomes – i.e. in nation-states with upcoming elections or ongoing political turmoil. You can read more predictions and the full report here.
DHS Rollsback Facial Recognition Program After Privacy Backlash.
Remember just last week when we said that the Department of Homeland Security was going to require passengers, entering and leaving the United States, to be subjected to a facial recognition scan? Well, major backlash from privacy advocates have forced the DHS to revise this program so that now all U.S citizens are not required to participate, according to an online statement. In fact, “U.S. citizens may opt-out of the biometric facial comparison process by notifying a CBP officer or airline representative,” according to the statement. “Individuals who opt-out simply present their passport for visual inspection, as is standard practice at ports of entry today.” This facial-recognition program has already been implemented in various airports through something called the “Biometric Exit” program, which the U.S. Customs and Border Protection (CBP) first introduced in 2015. As of April, the program was operational in 17 airports, with the agency reportedly planning to expand that number to 20 by 2021.
And that's a wrap for your Weekly SecuriTea Report. Be sure to check out the latest every week for the latest in Information Security News. Follow us on social media for daily news.