Weekly Cyber Security News
Welcome to Astria’s blog and our Weekly Cyber Security News segment. Here we share some of the most interesting and relevant pieces of cyber security news that we find. This valuable resource is here to keep you informed of vulnerabilities and solutions for your business, as well as to discuss some cyber security concepts.
1. CSO Online: “Facebook’s free VPN acts like spyware to iOS users in the U.S.”
In case you have ever thought that Facebook needs more ways to collect your information, their newest product on iOS should be your next download. Facebook has just launched a VPN product that collects a lot of data from its users.
If you are not familiar with the technology, Virtual Private Networks (VPN) make private, secured networks through the internet. This is beneficial because it can keep your information private while connecting to the internet. It is very helpful while using Public WiFi at places like coffee shops as these networks have very little security.
But while Facebook’s new VPN may protect you from outside cyber criminals, it also plans to collect your data while you use it. The VPN app makes it clear that it monitors your use of websites, apps, and data.
So why does their VPN monitor that data? They plan to improve Facebook, understand what you use, and “build better experiences” for Facebook users. Building better experiences often means things like more tailored ads— not what most would consider a benefit of VPNs.
Currently this VPN app is only available to iOS users in the USA. You can find the product by clicking the new “Protect,” button. But as this article and others advise, it may be better to use a different VPN product. If you need help selecting one, please feel free to contact us.
2. WeLiveSecurity: “How safe are you around your Smart TV?”
While we’re on the subject of being spied on, it’s time to bring up Smart TV’s. These new devices can be very handy, offering you Netflix, Hulu, and even Roku access without any other equipment. Some Smart TV’s even let you check your Facebook and Twitter. But just how safe are these devices?
Unfortunately, Smart TV’s and other Internet of Things (IoT) devices are historically insecure. Software is an important element in Smart TV’s because they are essentially computers. But weaknesses in the software often allow criminals to take over the device.
Once criminals have taken over a Smart TV, they may have several options. If the TV has voice activation, they may be able to eavesdrop on your conversations. If it runs Netflix or other programs, they may be able to steal your password to try and steal credit card info. But if that’s not enough, they could also use the TV to try hacking into your phone, laptop, desktop, or other computers.
All of these are risks of connecting Smart TV’s to the internet. These IoT devices are often a problem because most developers write the software to provide better features, not better security. We recommend not connecting these devices to the internet, and isolating devices that you need to connect from important systems.
3. Krebs on Security: “IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts.”
Tax fraud is something many people are aware of during this time of year, but cyber criminals now have a new scheme to use. They are now hacking into online accounts of tax preparation firms, and using them to file false refund requests. The IRS processes the refunds and victims end up with a surprise of cash deposited into their accounts.
So how do the criminals exploit this? After the victims receive their false refund, criminals contact them claiming to be working for a collection agency hired by the IRS. Then, the criminals posing as a collection agency tell the victim that the deposit into their account was a mistake. They demand the victim pays the money back to IRS through their agency, claiming the victim will face criminal charges if they do not comply.
The scam is also more believable because of the great care the criminals put into the emails for contacting victims. The emails look very professional and include personal data such as SSNs, addresses, and banking information. They also try to explain the situation as a normal error and claim to provide you with a personal debt collector— complete with pictures of smiling faces to reassure the victim.
If you end up receiving fraudulent funds from the IRS, it is important to be aware of these scams. The IRS recommends contacting your tax preparers and your bank, because you will need to close the old account and open a new one. If criminals have the means to put funds into your account, they likely can take money out as well.