Daily Archives: September 4, 2018

Risky Business #512 — Five Eyes nations send clear message on encryption

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Five Eyes nations send a clear message on encryption
  • Massive Azure outage
  • FBI releases political campaign security guidance
  • Google wants to kill the URL
  • MEGA.nz plugin owned sideways
  • Final “Celebgate” hacker sentenced
  • Google launches font fuzzing tool
  • Chinese-made Google/Feitian U2F keys under scrutiny
  • Some interesting TPM research
  • MUCH MORE

This week’s podcast is brought to you by AttackIQ.

AttackIQ founder Stephan Chenette will be along in this week’s sponsor interview to talk to us about a few things – the MITRE attack matrix being one. He’ll also share with us his view that EDR is the most commonly misconfigured security technology he sees out there, and he has pretty good visibilty into things like that because AttackIQ, of course, makes attack simulation software designed to measure the efficacy of these types of solutions.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

A Look Back at the Equifax Data Breach, One Year Later

WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take a look back on the impact of the Equifax data breach, what it all means for consumers, and the current state of identity theft.

Equifax reported that the breach exposed as many as 147.9 million consumer accounts, potentially compromising information such as names, dates of birth, addresses, and Social Security numbers.

To its credit, Equifax launched a program to alert potentially affected consumers that their data may have been exposed, and offered a free year subscription to its credit monitoring service, TrustID.

Unfortunately, identity theft breaches are not an uncommon occurrence. Such incidents are up 44% overall with 1,579 reports last year, and there are likely even more that went unreported. Exposed records due to data breaches are up 389%. Roughly 179 million records have been stolen, with 14.2 million credit card numbers exposed in 2017, an 88% increase over 2016. What’s more, 158 million Social Security numbers were exposed last year, an increase of more than 8 times from 2016. And all this theft has added up – consumers reported $905 million in total fraud losses last year, a 21% increase. So, it only makes sense that identity theft ranked as roughly 14% of all consumer complaints to the FTC last year.

However, despite all the publicity about major data breaches, consumers have done very little or have changed very little largely due to optimism bias. In fact, a recent McAfee survey shows that despite increased consumer concerns, only 37% of individuals use an identity theft protection solution and 28% have no plans to sign up for an ID theft protection solution.

So now the next question is, what should consumers do to protect themselves against identity theft? Start by following these tips:

  • Place a fraud alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

Hack Naked News #187 – September 4, 2018

This week, Android OS API-Breaking Flaw, Thousands of MikroTik Routers Hacked, John McAfee's "unhackable" Bitcoin wallet is hackable, misconfigured 3D printers, researchers used sonar signal to steal unlock passwords, and the Linux Foundation sets to improve Open-Source code security. Ron Gula of Gula Tech Adeventures joins us for expert commentary, so stay tuned for this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode187

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Salute to Teachers – The Architects of Tomorrow’s Digital India

The digital whiteboards have long replaced the squeaky blackboards, while emails and text messages are replacing messages pinned on the display boards in the corridors. Today, many schools have a Bring Your Own Device (BYOD) policy, making notebooks redundant. The education pattern is itself changing from general rote learning for all to the ‘Discovery’ methods. Children are encouraged to participate in  group activities, brainstorming etc. to make learning easier, more interesting and long-lasting. As the academic system is being revolutionized by technology, the teachers, who have the task of making tech work in schools, are working hard to adapt to the changing scenario.

Technology offers an enormous range of possibilities within the confines of the same old classroom, and teachers now have greater access to reading material on the internet to do fact checks, organize presentations, get students to prepare slide shows or study at their own pace – something that was not possible even a decade ago, when I was a full-time teacher.

I feel so excited therefore when educationists talk about new strategies and concepts to enable wholesome learning and development. What’s more wonderful is that parents too, are getting to be a constant part of their child’s daily activities in schools, thanks to videos and emails. Further, the internet has made the world a global village and teachers are smartly making the most of it. Tweet chats and dedicated discussion platforms on education have allowed teachers to share findings and learn from each other. Such forums allow teachers to stay abreast of new digital learning tools and ensure that their students are making the most of what tech has to offer. After all, only an aware teacher can impart the right knowledge to our digital children.

Therefore, it’s a win-win situation for both teachers and students, leading to vastly improved academic environment and global outlook in students.

If anyone argues (and we used to write essays on this in school) would robots replace teachers in the near future or are teachers becoming irrelevant, then my answer is an emphatic “NO” and I will tell you why.

Why do students need human teachers in the digital age?

  • The human touch and attention
  • To instill the right values and cyber etiquette
  • To teach discipline and responsibility
  • Offer the right guidance on web surfing in the age of fake profiles and fake news
  • Guidance on searching for information online

It’s not an easy task. If you examine what being a teacher in the digital age entails, here are some of the skills they need to have.

Digital Age teachers should be able to:

  • Bring about required changes to move towards digitalization of education
  • Think critically or think out of the box and encourage this trait in children too
  • Stay updated with the latest tech developments and familiarize themselves with current trends to be able to establish classroom order
  • Help students select the right digital tools and use them responsibly
  • Teach kids to safeguard their devices and their online environment
  • Understand digital literacy and teach kids digital etiquette and digital hygiene
  • Use social media effectively to connect with other educationists, parents and children
  • Assist parents to become tech-savvy and cybersafety aware

Three things that every teacher needs to tackle in school:

  • Cyberbullying: Classroom bullying has gone online. It has become quite rampant- ranging from the harmless leg-pulling to serious threats and abuse. Teachers need to keep an eagle eye out for such activities, educate children on future consequences and organize peer support groups for victims of bullying so that children can learn how to deal with bullies.
  • Online dares and risky challenges: Teens especially are attracted by such competitive tasks where they can prove themselves and earn peer approval. Children need to be educated early on about the associated risks so that know where to draw the line.
  • Oversharing: Children need constant guidance on what and how much to share for they lack the foresight to think of future consequences.

Sanitization and security of the digital world of children are of paramount interest and teachers are best placed to guide them on this. This includes using only those devices that have running licensed security tools like McAfee Total Protection, using strong passphrases or better still, password managers, and being mindful of their digital actions.

Teachers are truly the nation builders; they are moulding the future digital age citizens with the right knowledge and guidance. It’s a tough task, but they do it with elegance and a smile. Wishing all you teachers a very Happy Teacher’s Day, may your tribe flourish.

The post Salute to Teachers – The Architects of Tomorrow’s Digital India appeared first on McAfee Blogs.

Trending: IoT Malware Attacks of 2018

Since January 1st of 2018, a barrage of cyberattacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices ­–from wearables and pacemakers to thermometers and smart plugs–on the market and in the home, cybercriminals are keen to leverage them in attacks. This heightened interest is due to the vulnerabilities in many IoT devices, not to mention their ability to connect to each other, which can form an IoT botnet.

In a botnet scenario, a network of internet-connected devices is infected with malware and controlled without the users’ knowledge, in order to launch ransomware and DDoS attacks (distributed denial-of-service). Once unleashed, the consequences of botnet attacks can be devastating. This possible reality sounds like the plot of a science fiction movie, one which we hypothesized in our 2018 Threats Prediction Report. As we head into this year’s final months, we take a look at how this year’s threats compared to our predictions for you, the consumer.

At the end of 2017, we predicted that the convenience and ease of a connected home could lead to a decrease in privacy. Our devices already transmit significant data, with or without the knowledge of the consumer, back to the corporations the devices are made. This unprecedented access to consumer data is what is driving cybercriminals to become more familiar with IoT botnet attacks. Just in 2018 alone, we’ve seen smart TVs, virtual assistants, and even smart plugs display detrimental security flaws that could be exploited by bad actors. Some IoT devices were used to facilitate botnet attacks, like an IoT thermometer and home Wi-Fi routers. In 2017, these security concerns were simply predictions- but now they are very much a reality. And while the window to get ahead of these attacks is closing, consumers need to be prepared in case your IoT devices go haywire.

Be the difference in your home when it comes to security and IoT devices. Protect both you and your family from these threats with these tips:

  • When buying an IoT device, make security a priority. Before your next IoT purchase, do your research. Prioritize purchasing devices that have been on the market for a while, have a name brand, or have a lot of online reviews. If you follow this protocol, the chances are that the device’s security standards will be higher, due to being vetted by the masses.
  • Change default device passwords. As soon as you bring a new device into your home, change the password to something difficult to guess. Cybercriminals often know the default settings and can use them to access your devices. If the device has advanced security options, use them.
  • Keep your software up-to-date. To protect against potential vulnerabilities, manufacturers often release software updates. Set your device to auto-update, if possible, so you always have the latest software.
  • Use a comprehensive security program. It’s important to think about security holistically. Not all IoT devices are restricted to the home; many are mobile (such as smart watches). If you’re out and about, you may need to connect to an unsecured network – say an airport with public Wi-Fi. Your kids may have devices. The scenarios may be different, but the risk is the same. Protect your network of connected devices no matter where you are and consider a suite of security products to protect what matters.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Trending: IoT Malware Attacks of 2018 appeared first on McAfee Blogs.

CVE-2018-6923 (freebsd)

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.

Social-Engineer Newsletter Vol 08 – Issue 108

 

Vol 08 Issue 108
September 2018

In This Issue

  • Information Security, How Well is it Being Used to Protect Our Children at School?
  • Social-Engineer News
  • Upcoming classes

As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

3-4 October, 2018 Advanced Open Source Intelligence for Social Engineers – Louisville, KY (SOLD OUT)

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


The SEVillage at Def Con 26 would not have been possible without it’s amazing Sponsors!

Thank you to our Sponsor for SEVillage at DerbyCon 8.0!


Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!


To contribute your ideas or writing send an email to contribute@social-engineer.org


If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.


Our good friends at CSI Tech just put their RAM ANALYSIS COURSE ONLINE – FINALLY.

The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply

Interested in this course? Enter the code SEORG and get an amazing 15% off!
http://www.csitech.co.uk/training/online-ram-analysis-for-investigators/

You can also pre-order, CSI Tech CEO, Nick Furneaux’s new book, Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence now!


The team at Social-Engineer, LLC proudly uses:


A Special Thanks to:

The EFF for supporting freedom of speech

Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

Information Security, How Well is it Being Used to Protect Our Children at School?

Information Security, How Well is it Being Used to Protect Our Children at School?

August and September are ordinary months to some, but to others they are a time of mixed emotions. It’s the start of another school year. Some are sad to see their children off, while others celebrate that day. The start of the school year brings with it a lot of paperwork and sharing of sensitive information. How well is information security being used to protect our children’s information, and even the school staff’s, personally identifiable information (PII)? How well is it being used to protect against social engineering attacks?

Think about the information that the schools keep; when you registered your child, you may have had to give them copies of their birth certificate, social security number, your phone number, and other personal information. You may have had to give your own social security number, especially if you had to fill out an application for free and reduced-price meals, or you had to register to volunteer at the school. If your child is in a college or university, even more information has to be given such as financial records, medical records, and high school transcripts. What is being done to keep that information secure?

When I read the following headlines they make me a little concerned, how about you?

These are only a few of the many stories out there. According to the Breach Level Index by Gemalto, the education sector had 33.4 million records breached in 2017 and a total of 199 reported breaches. This is a 20% increase of reported incidents over 2016. It gives meaning as to how widespread the incidents are when I see it visually on the K-12 Cyber Incident Map by the K-12 Cybersecurity Resource Center.

Who are breaching school networks and why are they doing it

Who are trying to breach a school’s network? It’s not just the student doing it to change grades or for fun, it’s also the elite attacker and the common cybercriminal. Thanks to the ease of availability of hacking tools, and the sharing of malicious attack techniques on the dark web, they are able to install ransomware, encrypt drives, and demand payment to decrypt them. They are also able to exfiltrate PII and passwords to gain further access to networks and steal and create identities. Identity thieves will use the child’s information to create their own false identity where they can take out credit cards and loans, ruining your child’s credit. When this happens, it can make it difficult to get a license, go to college, or get any loans.

How are they doing it?

Cybercriminals are opportunists who will take advantage of any vulnerabilities, especially with organizations that are less secure. Unfortunately for educational institutions, their security stance is usually poor and at a high risk. They battle staffing and budgetary constraints, their view of cybersecurity has been one of a low priority, and they view security as an inconvenience.

Another point of weakness is the ease of accessibility to the school’s network. They usually have free Wi-fi, large numbers of desktop and mobile devices, and weak passwords which all present potential points of entry into the network. In addition, students will browse the web from insecure networks and often pick up malware which can then be inadvertently shared with others via email or uploads of coursework to the secure school network.

So, what do cybercriminals do? They use a variety of web- and email-based attacks that are at their disposal. One web-based attack is that they actively target sites where students will commonly browse. These are often completely legitimate sites, such as Thesaurus.com. No click required; just viewing the ad can initiate the malware download.

An example of an email-based (phishing) attack targeting education was at Northeastern University, where some Blackboard Learning users were targeted by an email that tried to influence the reader into clicking a link that was disguised to be legitimate and tried to compel the action by using a time constraint.

With web- and email-based attacks, the cybercriminal can deliver ransomware and steal student records. All at a great cost to the school system and to those that have their information compromised.

What can be done?

When it comes to protecting our children we are willing to do anything, so what can we do to protect our children’s information?

Here are some things that parents can do:

1. Make sure that the personal computer that is used to log into the school’s network is up-to-date;

2. Make sure that computer has more than just an antivirus installed, add malware protection as well;

3. Be proactive and educate yourself and your children on security awareness;

  • Read the Social Engineer Framework;
  • Have your child create usernames that don’t contain personal information, such as birth year;
  • Look at using a private VPN when on an insecure network, such as at Starbucks. Trustworthy VPNs will usually have a fee for using them;
  • Teach children the importance of not giving out information;
  • Use a secure password manager and don’t share passwords;
  • Make sure teens don’t take a picture of their license and share it on social media; and
  • Don’t throw important documents in the trash, shred them.

4. Be watchful of your student’s browsing activity; and

5. Something you may wish to look into is an identity theft protection service to protect your child against identity theft.

Remember that just because you are asked to give out information doesn’t mean you have to. Ask, “why is it necessary for them to have that information?”

Schools need to follow the industry best practice in information security and we, as parents, need to demand that it be done. Schools should also be forced to address the human element in security:

  • Staff, teachers, students, and parents need to be educated and used as a line of defense; and
  • Institute security awareness training which includes: Performing simulated phishing exercises; Recruiting on-campus security advocates; and Holding onsite security education activities, lectures, and in-class training.

Following these suggestions will help to protect our children’s information at school.

Need Inspiration?

If you want some inspiration, look at what some schools are doing:

  • One example is that the July 2017 article of The Educator in San Diego, CA said that, “the local ESET office runs an annual cyber boot camp for about 50 middle and high school students.”
  • Another example was in the June 2017 article of The Educator, where it discusses how the Macquarie University in Australia uses the BlackBerry AtHoc as part of the University’s Emergency Management Plan and that the system will assist the school in managing and mitigating social engineering incidents, for example, by sending a message to staff and students recommending not to open a certain email or click on a certain link.

To some, the suggestions may be easier said than done, but, if they aren’t followed, the school nearest you may be the next cybersecurity incident we read about. Information security must be implemented to protect the sensitive information (PII) that is housed at the schools, especially that of protecting our children’s information.

Stay safe and secure.

Written By: Mike Hadnagy

Sources:

https://www.theeducatoronline.com/au/news/is-your-school-protected-against-cyber-threats/237855

https://www.theeducatoronline.com/au/technology/infrastructure-and-equipment/how-malware-could-be-threatening-your-school/246146

https://edtechmagazine.com/k12/article/2016/04/how-ever-worsening-malware-attacks-threaten-student-data

https://blogs.cisco.com/education/the-surprisingly-high-cost-of-malware-in-schools-and-how-to-stop-it

https://blog.barkly.com/school-district-malware-cyber-attacks

https://in.pcmag.com/asus-zenpad-s-80-z580ca/124559/news/facebook-serves-up-internet-101-lessons-for-kids

https://www.stuff.co.nz/business/105950814/schools-promised-better-protection-from-ransomware-as-taranaki-school-blackmailed

https://www.eset.com/int/about/why-eset/

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

 

The post Social-Engineer Newsletter Vol 08 – Issue 108 appeared first on Security Through Education.

CVE-2018-10907 (debian_linux, enterprise_linux_server, glusterfs, virtualization, virtualization_host)

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

CVE-2018-10904 (debian_linux, enterprise_linux_server, glusterfs, virtualization, virtualization_host)

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

CVE-2018-14627 (wildfly)

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>

ProtonVPN review: Underground data centers, one-click multi-hop, and more make for a great choice

ProtonVPN in brief:

  • P2P allowed: Yes, on specified servers
  • Business location: Switzerland
  • Number of servers: 249
  • Number of country locations: 19
  • Cost: Free, $48, $96, or $288 per year
  • VPN protocol (default): OpenVPN
  • Data encryption: AES-256
  • Data authentication: HMAC with SHA-256
  • Handshake encryption: 2048-bit RSA

When you use a third-party VPN there’s always a certain amount of trust you have to have in your service provider. Sometimes companies make that really hard by hiding who they are or basing themselves in exotic locations. Then there are services that make trust easier—like ProtonVPN, from the creator of ProtonMail.

To read this article in full, please click here

Here Are The Essential Security Tips To Stay Safe On Social Media

When you say “social media”, the first thing that comes to mind is fun and entertainment. Social media is mostly about this.

Everyone has a social account on at least one platform. Whether it is Facebook, Twitter, Instagram or LinkedIn, we can easily stay in touch with friends and family, share memorable moments of our lives, follow experts from our professional area, or just read the news.

Social media habits may differ from one person to another, but the reality is we spend a lot of time on these networks. This is why we should ask ourselves more often:

“Do we really know how to stay safe on social media and avoid becoming easy targets for cyber criminals?”

Nowadays, privacy and security should be top priorities for us.

In this guide, you will find actionable and useful security tips to help you stay safe on social media.

You will also learn about the best security practices you need to apply to protect your most valuable data.

How to better secure your Facebook account

There’s no doubt that Facebook is one of the most used and popular social networks out there with over 2 billion people using the platform on a daily basis. Who doesn’t have a Facebook account these days?

It is the platform that helps us better connect with friends and family, and keep up with what they’re doing. But it’s also the place where we share a lot of personal information, so securing our online accounts need to be of utmost importance.

In light of the recent scandal between Cambridge Analytica and Facebook that involved a massive amount of personal information of about 50 million Facebook users, it raised lots of questions on how data is controlled and managed by this platform. I want to believe it was actually a wake-up call suggesting that privacy and security should have serious attention from us.

Follow these basic security tips so you can stay safe on the platform:

  • Do not share your password with others and make sure you always set a unique and strong one. Use this security guide that will teach you how to easily manage passwords like a pro and keep malicious actors away.
  • If you’ve logged in from a different computer/device you’ve shared with others, remember to always log out and don’t check “Keep me logged in”
  • Use two-factor authentication feature which can be activated by clicking the Setup button from Settings. Confirm this action by enabling it and re-enter your password, and then you will receive an email or a code via your mobile phone saying that two-factor authentication has been activated
  • Strongly advise you to accept friend requests from people you know in real life, or at least, verify if you have a few friends in common. There are many Facebook fake accounts used by malicious people who might spam or impersonate you
  • If you notice something suspicious on Facebook, report it immediately. You can do this here.

If you care about your data (and we know you do), make sure you got all covered in terms of security by reading this useful Facebook privacy and security guide.

Apply these security measures to better secure your Twitter account

I don’t know about you, but I am a big fan of this platform and love to tweet :-), look out for cyber security specialists and inspiring people, or read news from people and brands I follow.

Whether it’s for personal use or business reasons, this network is a great option to promote yourself, your company, as well as to reach out to someone and stay up to date with various topics you may be interested in.

We strongly recommend to apply these basic security and privacy tips to strengthen your Twitter account:

  • Always use strong and unique passwords for your Twitter account, and consider choosing a password manager to encrypt and better secure them. This rule should be followed to ensure safety for every social platform;
  • Use two-factor authentication system as a second layer of protection to enhance safety and verify your identity each time you sign in;
  • Activate the option “Protect my tweets” from Settings and Privacy -> Privacy and safety module, if you want to get some control over the info shared and who is following you;
  • Do not click on suspicious links you receive via private messages, because you could be exposed to phishing attacks used by cyber criminals or malicious persons who want to obtain your Twitter credentials or any other personal information;
  • Revise and pay attention to third-party apps that connect to your account, and implicitly have access to your personal data.
  • if you ever connect to your Twitter account from someone else’s computer, do not forget to log out and delete all the data of the browser or app.

We have a dedicated article on how you can secure your Twitter account in 10 basic steps that we recommend to check out so you can be one step ahead of scammers.


These actionable tips help me better secure my social media accounts
Click To Tweet


Privacy and security tips for your LinkedIn account

LinkedIn, the largest professional social network has more than 562 million users and is focused on bringing together professionals from all over the world. It keeps you connected with people you’ve worked or with whom you want to collaborate at some point in the future. It is also the place where you can find freelance projects, and, why not, your future dream job, could be one click or message away 🙂

Given the increase of phishing attacks which are still one of the most widespread and effective methods used by cybercriminals, it is essential to be aware of these scams on LinkedIn too. You don’t want to see your sensitive data exposed out there, right?

Follow these pro security tips to boost your LinkedIn security and privacy today and keep your data away from prying eyes:

  • Do not use generic and easy to crack passwords such as “Abcd123” or “Password123” like the Western Australian government employees did, because malicious actors can easily break them. Secure them by using a password manager that generates complex and unique passwords, and stores them in an encrypted database.
  • Choose wisely what information you share in your public profile and limit the data you make visible by reviewing and editing your sensitive data.
  • Have a look at those third-party apps you authorized to connect to your LinkedIn account because they get access to all your data. Make sure you authorize only the trusted ones and remember to deactivate those you are not using anymore.
  • Be very careful about potential phishing messages that might request sharing personal or sensitive information. Don’t! For that, you need to understand how phishing works and this in-depth guide is exactly what you are looking for.

Keep in mind that all our social accounts are very vulnerable to data privacy breaches and other malicious methods. The bad guys will always find creative ways to steal any personal information, including your valuable data from LinkedIn. Do not forget that when you share private information.

Follow these pro tips to better secure your Instagram account

Instagram is the photo and video-sharing social media network where you can explore beautiful places and images. For visual artists, it is also an excellent platform where they can share and promote their work and projects.

However, it is in our best interest to keep in mind the risks we could be exposed to when we share personal information. Especially now that it has become such a popular platform, with more than 1 billion monthly active users.

Security wise, Instagram seems to make efforts to enhance protection for its users. Recently, the company announced its plans to boost security and privacy by adding new security tools: support for third-party two-factor authentication (2FA) instead of traditional text-based 2FA, account verification and “about this account” new feature.

Besides these new security tools, here are some great tips that will help you keep your account safe:

  • Activate two-factor authentication feature as an extra layer of protection for your Instagram account. This way, you are one step ahead of cyber criminals who won’t be able to take over your account.
  • Change your passwords regularly and make sure you use strong and unique ones, so no one can break them. If you want to change it, use these simple steps.
  • Think twice before you give access to third-party apps and revoke access to those you don’t use anymore, appear suspicious or you simply can’t remember them
  • Do not share sensitive data in your photos or captions, because you don’t want to expose personal information to everyone following you on Instagram, especially, if your account is public
  • Don’t reveal your location to others and make sure the service is turned off, especially for the check-ins made at home, at work or while on a vacation.
  • Make your account private, so you can share your photos and videos with people you only approve to see them, like your friends and family.

We have an essential guide on how to secure your Instagram account and increase it, so no cyber criminals and scammers get access to it.

Security tips to keep your Snapchat account safe 

Snapchat is both a social media network and a messaging platform which is more popular among teenagers and young people. According to a new report, analysts forecast that by 2019 Snapchat will have almost 5 million regular users aged 18-24 years, half a million more than Facebook.

Bill Fisher, senior analyst at eMarketer stated:

Many younger social network users are forgoing Facebook altogether in favor of more appealing mobile-first alternatives, such as Snapchat.

Snapchat shows instant messages, photos or videos that are deleted instantly, after they’ve been viewed by all recipients, but oh, snap! “How secure is your data on this social platform?”

Here’s how you can add extra levels of security to avoid seeing your data in the hands of hackers:

  • Enable two-factor authentication feature to make the account more secure and add double security layer when logging in. You can do this using an SMS verification code or an authenticator app. Here’s how to activate it.
  • Do not accept friend requests from people you don’t know, and stick to friends-only. For security measures, Snapchat has the option “friends-only” set by default, which means only those that follow you back can see your Snaps and vice versa.
  • Make your videos and stories posted to the “My Story” section are visible only for people you know or customize them from the Setting menu, but avoid making them available to prying eyes.
  • For more privacy, hide your profile from the “See me in quick add” section which can show your profile to random people who might want to add you. You can disable it from the Settings menu.
  • If you want to keep your Snapchat activity more private, don’t share screenshots or photos of your Snapcodes with others!
  • We keep saying this piece of advice until everyone understands its importance that applies to every online account or service used: Make sure you use only strong and unique passwords for Snapchat too. You don’t realize how easily malicious actors can hack them.

How do you secure your social media accounts?

All of these security and privacy tips may not be new to any of you, but we live in a world of oversharing on social media and it helps remind you how to stay safe on the most important and used networks: Facebook, Twitter, LinkedIn, Instagram or Snapchat.

Have you applied any of these security measures? Do you have others we should add? Let us know, we’d love to know your thoughts!

The post Here Are The Essential Security Tips To Stay Safe On Social Media appeared first on Heimdal Security Blog.