Category Archives: How To

ITauditSecurity: The Analytic Staircase for Auditors

Building a successful audit analytics program is like climbing a staircase. The staircase is a set of steps that consist of several items having increasing levels of maturity. The staircase steps not only help you build your program, but enable … Continue reading





ITauditSecurity

10 Cyber Security Decisions You (and Me) Will Regret in The Future

We may not realize it, but our daily routine habits have long-term effects. Some of them are positives, others could be in a negative note, but there is always at least one lesson to be learned. If you choose to eat healthy regularly, this habit will surely impact your lifestyle for the next years. If you read a few pages of one book every day, you’ll see the world from different angles and better understand it.

This applies to cyber security (decisions) as well. Our daily routine habits in the digital landscape can impact greatly our future. If you are like me, you probably want to know that all your valuable digital assests such as photos, work-related documents and files, apps, emails are in a safe and secure place.

I really hope you don’t have the widely-spread mindset “It can’t happen to me”, and assume you can’t be a victim. Cyber criminals don’t target only large organizations or institutions, everyone is exposed and can be vulnerable to all kind of cyber attacks. Is wrong to think that. We should take all the necessary precautions to better secure our online identity.

With wise security choices come no regrets.

Did you know a recent report found that cyber attacks are in the top three risks for the society, along with natural disaster and extreme weather? 

Source: Reactiongifs.com

You shouldn’t be surprised! Life on the Internet doesn’t provide safety as we’d want it, or as we tend to think it does (the “security by default” mentality). There are online threats with every click we take and we need to think about our online behavior seriously. It is essential to adjust our habits so that we can become our own layer of protection.

Don’t expose yourself out there and take security choices you’ll regret in the upcoming years.  Learn how to be resilient and easily detect online threats.

Apply these security measures to enjoy safer digital experiences

  1. Do not share too much personal information on the Internet, because you can expose yourself to identity theft and imposter scams. For security reasons, it is better not to give full information such as birthdate, address, the city of birth, phone number, or other sensitive and personal details that could expose you out there.
  2. You may not realize it, but each time you check-in at home, in the airport, restaurant or any other public place, you become an easy target for malicious hackers. Who knows when you might get a visit from potential thieves? Once you expose your current location, attackers will know you’re on vacation and (most likely) rob you. For security and privacy matters, do not share your current location and provide as little information as possible about it while on the go.
  3. Also, don’t share photos of your credit card details on social channels, because hackers can find different ways to get access to your financial accounts. Food for thought: read these stories of people who share images of their credit cards on Twitter or Instagram.  You can easily get ripped off. “Sharing a picture online of your credit/debit card is a surefire way to have your details hacked.”
  4. Make sure that you don’t reveal your passwords to other people. Not even with your best friend or family members! The password is the key to access all your sensitive data stored on the email or other online accounts. Same goes for the working environment. You never know, but an insider threat could be next to you and can easily access sensitive data of your company.
  5. We highly recommend changing your passwords regularly and set strong and unique passwords for your online accounts. Use this password guide to manage your passwords like an expert.
  6. Be careful when accepting random friends requests on FB from people you don’t know. You may be targeted by online scammers who want to collect data about users by creating fake Facebook profiles. If one of your friends send you a suspicious link, don’t click it, because it may redirect you to a malicious site and infect your PC with malware.
  7. Most of the spam campaigns usually take place via email, so we strongly advise you not to click or download any file or document attached that looks suspicious to you. Online criminals will always find innovative methods (like spoofing) to steal users’ sensitive data. Here’s how online scams work and how you can easily detect them.
  8. Don’t post private conversations without permission in advance. Social media is a great place to communicate and work with others, but many of us still have problems on understanding how to use these online platforms properly. Follow and use these specific netiquette rules. Remember that all the messages you post on FB or other social media channels will stay there forever, because they store and collect data, and might affect you at some point. Always check your privacy and security settings for every social media platform you use and think twice before choosing how much data you want to make publicly accessible or keep it private.
  9. When you browse the Internet and search for something specific, you are not completely safe and you can infect your PC with malware or other online threats. Every browser has vulnerabilities that need to be fixed, so it is important to keep your browser up to date all the time and apply all patches available. This applies to all your plugins, add-ons or operating system. This step-by-step guide will show you how to get solid browser security.
  10. Education is always the key to stay safe online and be protected, and we strongly remind you to stay informed and learn from free educational resources.

We thought it might be useful to compile a list of 10 security decisions that can have an impact in the future. It can harm us more than we realize, so read them carefully. 🙂

Decision 1: Allowing someone else dictate your security priorities

Friendly advice: Don’t let someone else tell you how to focus on your security issues!  Make sure you understand your needs and decide what security measures are needed to enhance online protection.

When it comes to security priorities, it’s better not to rely on everyone who exposes their views on digital safety. Do not be influenced by someone who tells you how to approach security matters. Instead, think of your own security challenges and prioritize them to better protect your valuable online assets.

Decision 2: Not focusing on educating yourself about cyber security

Probably one of the best investments for each of us is education. I truly believe that cyber security education is our best weapon to fight against today’s wave of cyber attacks. Education should be our core belief and a primary concern in keeping our valuable assets secure.

Cyber security education is the key to unlock a safer future and minimize the impact of cyber security incidents. Make sure you focus on spending more time and effort to learn as much as possible about the cybersecurity environment.

Why? Because the most successful cyber attacks aren’t just technological but tied to the human error.

If you don’t know where to start your learning path, you can have a look at these free educational resources that can apply to anyone, no matter the background or skills level.

Decision 3: Reading cyber security resources with no actionable insights for you (and myself included)

What’s the point of reading cyber security online resources if you don’t apply the information found there? I know that a quick search on Google can generate lots of blogs and websites in this field. The big challenge comes when you need to filter and choose those valuable resources that can teach us actionable stuff.

I think we should start with a simple idea: your reading should be useful and actionable all the way through the journey in cyber security. You need it. We all need it. Plus, it’s essential to come in handy for the future.

“Practical application of what you read reinforces what you’ve learned because you’re forced to integrate it into your life. If all you do is consume, you’re much more likely to forget what you read” said Srinivas Rao on Medium

As the author says, reading things we don’t actually apply lead us to a “vicious cycle of excessive consumption which limits the creativity and prevents you from consuming less and creating more”.

If you want to read useful cyber security resources, we’ve curated a list of Internet blogs and websites that could help you become savvier in info security.

Also, we asked security experts about books, and they’ve recommended some of the best educational cyber security books out there to read.

Decision 4: We don’t think of the security implications beyond our devices

After purchasing a device, – whether it is a desktop or mobile – , we don’t think of all the security implications too much. We are probably too excited about the cool features (and apps) included, and we miss this part.

We expose ourselves and our data by becoming more vulnerable to cyber attacks and easily prone to malware infection.

Everyone (myself included) believe that security is by default, and we don’t take the time to check all the existing settings.


I learnt how my security decisions have a great impact on my future.
Click To Tweet


Here are some hands-on and actionable guides you may want to read for keeping your devices safe:

Smartphone security guide

Windows 10 Security Guide

How to Protect your PC with Multiple Layers of Protection

Decision 5: Not paying enough attention to the security software you install

When you look for a security software program, you’ll probably choose based on a recommendation from someone you know. This is a wise decision showing you care about your data. You want to add an extra layer of security to lower the risks of seeing your files being stolen by hackers.

Depending on your budget, you might choose a free or paid security software to protect your digital assets. Also, make sure you pay enough attention to the product you’ll install, so you don’t have regrets afterward.

Why? Because generally we install software products on our devices with a few clicks and that’s it. We forget about them. We don’t:

  • Check for all the necessary system requirements;
  • Change default passwords;
  • Choose carefully and not investing in quality and legitimate products;
  • Check for built-in apps and all the software package included.

Independent software programs usually include modules that constantly check for updates. Some have the auto-update feature built-in, while other program lets you do it manually. I recommend performing these updates that deliver revisions to your device (fixing major security vulnerabilities, removing and including new features).

Here’s what security experts say about the importance of software patching and why it’s an essential key factor for your online safety. Cultivate this healthy habit of checking and installing for updates as a part of your daily digital routine.

Also, remember that the longer your devices run without updates, the more exposed you are to data leakage and other cyber security threats.

Decision 6: Postponing data backups

I am sure you worry about your data like I do, but postponing to have a backup of all your critical data is a choice we might regret in the future.

The longer we delay this action, the more our data is prone to be lost unexpectedly. For this reason, It is essential to have a copy of all your valuable data on external sources like a hard drive or in the cloud (Google Drive or Dropbox).

Here are the golden rules of data backup you should follow right now:

1. Keep at least 2 copies of your data.

2. Keep backups on different external devices.

3. Maintain a constant, automated backup schedule.

4. Keep your data backups in a secure and external location.

5. Secure your backups with strong passwords and keep those passwords safe.

So, for people like you and I, who can’t really spare that much time when it comes to backing up their data, here’s a simple and actionable guide to follow.

Several security solutions offer backups for your computer data, and many of them will do this automatically and periodically. You can also create your own backups (and it won’t hurt to have multiple backups anyway). Just be disciplined in making sure you regularly do the backups so that if something should happen, the minimum amount of data is lost.

Decision 7: Not using two-factor authentication

A Google software engineer said during a security conference that less than 10 percent of active Google accounts use two-step authentication to enhance protection for their devices.

You may not give it too much importance now, but its main purpose is to make malicious actors’ life harder and reduce potential fraud risks. It will make it more difficult for cyber criminals to breach your account.

It’s nothing wrong with facing difficulties to understand new technologies. It’s wrong trying to ignore or postpone them because it will be disadvantageous for your online safety in the long run.

3 main reasons why should you use/activate two-factor authentication (2FA):

  • Passwords on their own aren’t as powerful as we believe they are, and can’t fully protect us. Cyber attackers have the power to try billions of passwords combinations and crack them instantly.
  • People tend to use the same password on different accounts and when online criminals succeed to crack it (via brute force attack), all your data will be exposed. Don’t! Set unique and strong passwords and consider using a password manager tool.
  • 2FA offers an extra layer of security and reduces cybercriminals’ chances to launch an attack.It’s hard for them to get through the second authentication factor.

Enabling two-factor authentication method is a must-have for all our email accounts, social media accounts, apps or online banking accounts. You can use this step-by-step guide to help you activate it for various online accounts. As for the passwords, do not reuse them for different online accounts.

Decision 8: Sharing too much personal information on social media

This is one of those security decisions you will definitely regret in the future. For privacy matters, do not to share your full personal data (birthdate, address, the city of birth, phone number, or any other details on social accounts).

This way, you open up yourself to identify threats and most likely become more vulnerable to social scams. Cybercriminals use social engineering techniques to exploit your data and get quick access to them.

Nothing beats learning from personal experience, but sometimes it’s better to learn from others’ experience rather than having a negative one. These true Internet stories could be an inspiration for you to take cyber security very seriously. Also, it doesn’t harm to be a little bit paranoid and protect your digital assets like everyone wants them.

Decision 9: Connecting to unprotected Wi-Fi networks

There is no news that Wi-fi networks come with a set of security issues. This allows malicious hackers to use Wifi sniffers and other methods to intercept almost all the data (such as emails, passwords, addresses, browsing history and even credit card data).

Before I started working in cyber security, I used to connect to every public and free Wi-fi network when visiting a coffee shop or restaurant. I learned not to do this anymore.

I realized (and understood) the security risks I was exposing myself and all my data by relying on Wi-fi networks. Now I turn it off :-).

This is one of those security decisions you’ll regret one day, so do your best and avoid Wi-fi connections that don’t provide password encryption when you’re enabling it. Cybercriminals can hack into a public Wi-Fi, just like this 7-year-old kid did.

To be extra safe on public Wi-fi, make sure you:

  • Visit and use only secure websites with the HTTPS protocol while browsing the Internet and, mostly, while doing various banking operations.
  • Consider using a Virtual Private Network (VPN) and block malicious actors’ attempt to access sensitive data sent over the unsecured Wi-Fi network.
  • Keep your operating system up to date and patch everything
  • Do not connect to a public Wifi without having an antivirus software installed on your device.

Decision 10: Giving up on cyber security because it seems too complicated

For many of us, cyber security seems to be way too technical and difficult to approach, and for this reason, most users give up on understanding the basics of cyber security.

It gets confusing for regular users, but also for business owners, journalists, or people working or involved in cyber security. At some point, all parties involved think “why can’t security be simpler?”

Cybersecurity is complicated because life is complicated and there is no perfection. We can’t be a hundred percent secure – so the rhetoric and fear monger of vendors and security professionals has given in to a feeling of helplessness and disparity among the 80%. said Ian-Thornton-Trump on an expert roundup.

You can easily tackle it by attending a (free) cyber security course for beginners that will teach you how to improve your online safety. Once again, I emphasize the importance of education that can open and save digital lives.

The more we have a proactive cyber security defense, the safer we’ll be on the Internet where we can better combat the alarming wave of online threats. Cyber criminals don’t cease to surprise us with the various methods used during their cyber attacks.

Is any of these security decisions on your list to follow? What key factors influence your security decisions making? We are curious to know what you think of it, so feel free to share your thoughts.

50+ Useful Cyber Security Online Courses You Should Explore [Updated]

Finding the best cyber security courses is incredibly difficult, so we wanted to make it easier to gain knowledge in this area. This is why we put together this list of 50+ cyber security online courses.

Use the links below to explore the cybersecurity resource you’re most interested in:

Free courses for regular users

Free and paid courses for small businesses

Courses for beginning an infosec career
Free
Paid

Courses for advanced infosec professionals
Free
Paid

Whether you’re a regular user wanting to be informed, someone looking to improve their career or own a small business, cyber security courses are the way you will learn how to protect yourself and your information online. We hope you will find these resources valuable because we will continue to update them periodically.

 

Free online cyber security courses for regular users

Cyber Security for Beginners

As the creators of the Heimdal suite of anti-malware products, we receive a lot of messages from users who want simple, straightforward explanations on cyber security terms and advice.

Here is a free, email-based online course comprised of 20 step-by-step lessons that will teach you how to secure your information and devices.

You can register and receive free lessons every 2 days, delivered straight to your inbox.

FutureLearn

We’ve taken a few courses ourselves and found them to be amazing resources to ensure your data protection on a personal level.

Introduction to cyber security is well-structured and has great assignments. Cyber security: Safety at Home, Online, in Life offers 3 weeks of practical, guided training.

Udemy Cyber Security Guides and Resources

Udemy is a great platform for learning a lot of new skills. On the cybersecurity front, start with these 3 guides:

Canvas Network Introduction to Cyber Security

The Introduction to Cyber Security course is designed for students and enthusiasts wanting to learn the basics of cybersecurity, including standards and laws.

The only requirement is basic computer knowledge.

The Daily Security Tip

This is not a cyber security course per se, but it’s a fun way to understand online security and get the actionable tips to protect yourself online. Signing-up gives you a security tip every day, for a full year, delivered to your inbox.


Found some good, free #cybersecurity courses for beginners
Click To Tweet


Courses for small businesses

The Cyber Security Course for Small Business Owners

This course is developed by the Heimdal Security team in partnership with the London Digital Security Centre (LDSC).

This course has two parts. In it, you will learn the basics of cyber security for yourself, then the essential safeguards for your business. It includes protecting your clients’ data and adapting to the EU Data Protection Regulation, also known as GDPR, a new set of regulations that will affect companies around the world.

Leap Cyber Security 101 and 201

The 101 and 201 courses are free to learn, have research assignments and are pretty fast to complete.
They include information on things like frameworks for improving critical infrastructure cybersecurity,  secure DNS deployment, enterprise patch management technology and more.

Futurelearn

This cyber security course is dedicated to small and medium enterprises and takes 6 hours total. It includes examples of famous cyber attacks like The Panama Papers and tools and strategies to avoid security incidents.

Cyberplanner by FCC.gov

The FCC.gov website offers a wonderful, self-guided course cybersecurity for small businesses. The tool allows you to pick what areas you want to improve on.

SBA Cybersecurity for Small Businesses

This is a self-paced training exercise that covers topics like best practices, the importance of data security and risk management methods.


Small business owners could use these free #cybersecurity courses to protect their customers.
Click To Tweet


Udemy Cyber Security for Small Business

This paid course is for absolute beginners in information security as it applies to running a business. It will include practical steps to avoid attacks, how to avoid ransomware and more.

Courses for beginning an infosec career

Free courses

Leap Cyber Security courses

The same 101 and 201 free courses we mentioned as useful for those owning small businesses could be great for your career.

As we said, they include information on things like frameworks for improving critical infrastructure cybersecurity,  secure DNS deployment, enterprise patch management technology and more. This means they can provide you with a lot of insight into organizations and cultures.

Cybrary.it

This intermediate course will be very appealing for those fascinated by hacking and can be done in less than a week.

We can also recommend the CompTIA Security+ for beginners and the Secure Coding micro-course, but you will find a lot of other great training materials there.

Paid courses

Concise Courses

This platform offers a lot of cybersecurity training courses for most infosec career paths, from penetration testing to digital forensics.

Their security bundle has a fair price and offers a lot of internationally recognized certifications.

SANS SEC560

One of the most acclaimed courses available, SEC560 Network Penetration Testing and Ethical Hacking prepares you to conduct high-value penetration testing projects step-by-step and end-to-end. There is also a free demo available.

EC-Council Certificate Ethical Hacker (CEH)

The CEH is one of the best and widely known penetration testing  courses and has a lot of diverse modules.

Udemy

The volume 3 of The Complete Cyber Security Course: Anonymous Browsing is really insightful for the future cyber security specialist. It focuses on protecting your online anonymity, detailing things like VPNs, proxies, and the Tor browser.

Of course, Udemy is one of the best platforms for learning new skills, so explore what they have to offer.

Experfy Training

A reader recommended this concise course on IoT cyber security concepts, knowledge that is now essential due to the meteoric rise of smart devices. It’s not a course for absolute beginners, but for executives, product developers and those who will be involved in IoT.


Want an #infosec career? Here a few #cybersecurity courses to get started, both free and paid
Click To Tweet


Courses for advanced infosec professionals

Free courses

ISIS Laboratory

This course was developed from the materials of NYU Poly’s old Penetration Testing and Vulnerability Analysis course.

MIT Open Courseware

Network and Computer Security and Computer Systems Security are both great options to consider for advancing your professional knowledge at no cost.

OpenSecurityTraining.info

These training options include beginner, intermediate and advanced classes and they’re all FREE of charge! Subjects range from Android forensics to secure coding and vulnerability assessment.

Khan Academy

Intro to Cryptography is a great way to learn about code breaking and how cryptographic methods work.

Rapid 7

Metasploit Unleashed is an ethical hacking training course that will help you dip your toes in the waters of penetration testing for free. And you’ll also be able to make a charitable donation for a good cause, should you feel like it.

Cybrary.it

Cyber Security is an amazing resource of free online cyber security courses for professionals of various levels and experiences. You’ll be able to learn about social engineering, computer forensics, ethical hacking and more, just by investing your time and energy.

Coursera

Coursera offers plenty of options, being one of the biggest MOOC platforms in the world. You can start with any of the courses we picked below, but you should also explore the course list according to your interest. Don’t forget to use the handy filters: categories, language, if it’s eligible for certifications or specializations and if the course is on demand.

Udemy

A good selection of free courses for more advanced cyber security security professionals includes:

Georgia Tech College of Computing

Introduction to information security is presented as “a graduate-level introductory course in information security,” so you should be prepared for a structured way to learn a lot about the fundamental elements of information security.

Looking to get more info about this particular program? You can find it right here.

SANS Cyber Access

By taking this course, you’ll be able to explore the three fundamental areas of information security: Operating Systems, Networking and Systems Administration. You’ll consolidate both your skills and knowledge, so you can start whenever you’re ready.

OpenLearn

An introduction to information security requires that you’re quite advanced in your knowledge of cyber security. The course focuses on the importance of cyber security in a business context, while also emphasizing its impact on the organization. Very useful for those who want to grow and reach higher ranks in their company’s cyber security department.

Concise Courses

These free cybersecurity courses will allow you to learn something new:

Want more training options? Concise Courses has them!


Building an #infosec career requires constant education, so here are some of the best #cybersec…
Click To Tweet


There will be 1 to 2 million cyber security job openings in 2018 and a need for 6 million cyber security analysts – what will do about this opportunity?

If you’re a cyber security professional, you’ll certainly agree with me when I say that:

Investing in your continuous development is essential!

So if you’re already set on spending some money (wisely) on a great training program, here is the list of courses we discovered:

Paid courses

Carnegie Mellon University, Software Engineering Institute, CERT Division

This amazing platform lists 3 major categories of courses:

  • Incident Handling
  • Network & Software Security
  • Risk Assessment & Insider Threat.

CERT is a major institution when it comes to cyber security training, so you can fully rely on their resources to help you achieve your professional development goals!

SANS Institute

They also offer Online Security Training, so do check it out, because they’re as trustworthy as CERT in the field. You can take the course in various forms, from on-demand to live or through self study, whichever fits your way or learning best.

Coursera

We have to mention them again because on Coursera you’ll find an entire specialization dedicated to Cybersecurity Fundamentals. You can earn the following knowledge and abilities:

  • Usable Security
  • Software Security
  • Cryptography
  • Hardware Security

The specialization is created and taught by professors and specialists from the University of Maryland, College Park, and also by industry specialists.

cybersecurity fundamentals coursera 1

Canvas Network

Information Security and Risk Management: An Overview will help you become more aware of the legal implications of managing cyber security in organizations. Study topics include:

  • Information security strategies and individual privacy
  • Legal security implications
  • Medical health record confidentiality and integrity
  • Cutting-edge technologies.

Learning Tree

From “Cyber Security for Management and the Boardroom” to “Cyber Security: Accessibility and Quality“, LearningTree offers a wide range of courses for infosec professionals.

You should take your time to read the course descriptions thoroughly before starting a course and see where they fit in your career path.

Stanford University

You can pick your favorite from various courses offered by this prestigious institution:

Know that these courses require advanced skills and knowledge to complete.

Security Tube

Security training online courses provides at least two interesting subjects to study:

PentesterAcademy

Here you’ll find some very technical and very specific cybersecurity courses, such as:

These courses boast using real-world scenarios which will help you try your hand at situations that you can come across in your professional practice.

The Virus Doctor

Advanced Techniques for Virus Removal is a great course for those involved in the business of computer repairs and assistance. As technology evolves, more people will need help with identifying malware infections and mitigating their impact, so this course could help you improve your business.

Infosec Institute

As the name says, the Infosec Institute focuses on helping cyber security and IT professionals keep the extra-fast pace of the field they work in.

The list of live courses is very appealing, as you can see from the sample below:

  • Information Security
  • Information Assurance
  • IT Audit
  • Microsoft
  • Cisco
  • 8570.1
  • CompTIA
  • Secure Coding
  • Linux
  • Project Management
  • ITIL.

 

More cybersecurity resources to follow!

I really hope that this list of cyber security online courses gives you a good starting point to finding exactly what you need to improve your knowledge and skills!

Do you have more insight?

If you have any recommendations, please send them in a comment below and I’ll be happy to add them to the list!

Are you new to MOOC (massive open online courses)?

Here is an article about Coursera, Udacity and edX will help you get a better picture of how you can explore them to your benefit.

This article was published by Andra Zaharia on May 17, 2016 and updated by Ana Dascalescu on February 9, 2018.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The Essential Guide to Secure Your Instagram Account [Updated]

These are the essential steps to achieve Instagram security for your account and avoid getting hacked or having your private info exposed. Read on for detailed instructions and explanations about the risks of Instagram and see why it’s important to get as much Instagram security as possible.

  1. Enable Two-Factor Authentication.
  2. Revoke access to third-party apps
  3. Don’t allow access to your location
  4. Keep your profile information private.

 

Instagram is a fun way to explore your creative side while taking photos and sharing them with your friends. It’s a great platform to share your work or build a personal brand. It’s also an amazing way to discover great content from around the world. However, it’s also a social media platform and that brings a lot of risks for you and your personal information.

The real Jessica Rhychly is a Minnesota teenager with a broad smile and wavy hair. She likes reading and the rapper Post Malone. When she goes on Facebook or Twitter, she sometimes muses about being bored or trades jokes with friends.

[…]

But on Twitter, there is a version of Jessica that none of her friends or family would recognize. The fake Jessica followed or retweeted accounts using Arabic and Indonesian, languages the real Jessica does not speak. While she was a 17-year-old high school senior, her fake counterpart frequently promoted graphic pornography, retweeting accounts called Squirtamania and Porno Dan.

This is the start of a report by NYTimes into the dark world of social media bots, stolen identities and the underground economy of popular platforms.

All of us take our social media knowledge for granted and, because of this, we usually have no fears on our security or privacy. We have a misguided sense of protection on the social networks, that we are in a safe place, only surrounded by friends, and nothing bad can happen to us.

However, if you look at the risks involved, a way to secure your Instagram and other social media accounts becomes mandatory.

Before we get in too deep with explanations, you should ask yourself a few simple questions:

Are you a public person? Do you want to work on your online branding?
If not, since your friends already know who you are, how relevant is it for you to use your real name?
Do you really need to expose your location, your workplace or where you live?

Internalize these questions and answer them every time you post a new photo on Instagram or let your children use it. Now let’s see the Instagram security and privacy options available that you need to implement to increase your online protection.

1. How to make Instagram private

If you don’t want your photos to be public and available to be seen by everyone, you can make your profile private.

To only share your photos with the users you choose, like your friends and family, follow these steps:

1. Go to your Instagram profile window.

2. Click on the three dots in the right corner.

3. At the bottom you’ll find the Private Account option. Make sure this security setting is ON. (The button should turn to Blue)

Activating this option means that only those who follow you can see your online photos.

Instagram Security Make your account private 1

2. Block followers you don’t know

You have created an Instagram account and you want followers. So, you start following even unknown people that you discover. In return, some of them follow you back. However, after a while, you may start to receive inappropriate comments on your photos from those users. Or, on the contrary, they may not interact with your posts in any way and you feel that they are only lurking.

Even if you have turned on the option to make your photos private, it won’t keep your posts private from those who are already following you.

In this case, you will have to manually remove (Block) the people you don’t want to see your photos.

To remove one of your followers from your list, follow these steps:

1. Go to your Followers list and check out the people who follow you.

2. Tap on the user that you want to block.

3. From the top-right corner, tap on the menu button.

4. In the new window, choose the Block User option.

Instagram Security How to block followers 1

3. Keep your Profile Information Private

Don’t expose too much private data in your profile information and especially in your EDIT PROFILE area.

Don’t write any personal information that could be used against you in the Bio field.

For extra privacy, do not show your Activity Status (the last time you were active on Instagram), To do this, tap the menu in the upper right corner, scroll down and turn off the Show Activity Status slider.

Instagram Security How to edit your profile information 1

4. Don’t expose your location

Another important step you can take to keep yourself secure from identity theft and hide your account’s credentials from online criminals, is to make sure your location services for Instagram is turned off.

This is also extremely important for the check-ins made at home, at work or while on a vacation. There have been plenty of cases of thieves that were tipped off because of check-ins made on social media. People left for a short holiday, bragged about it online, and came home to find the place emptied.

So, the first step to avoid becoming a victim is, of course, to avoid checking-in certain photos. You can turn off your Location Services for Instagram through your phone’s settings, in the Privacy section.

If it’s too late to do that and just want to remove check-ins you already have, this is how you remove location from Instagram photos:

1. Go to your Instagram photos

2. Find those photos that have a location attached to them and hit the options menu (top right corner, three vertical dots)

3. Select edit, then click on the location of the photo. If you leave that field empty, location will be deleted.

5. Manually approve Photo Tags

Let’s just imagine a situation where someone posts an embarrassing photo with you on Instagram, a photo your friends or family members should not see.

That’s why you should always hand-approve each tag, on any social media platform.

The answer, in this case, is to activate the Instagram option that allows you to manually add photos you’ve been tagged in to your profile.

To do this, follow these steps:

1. Go to your Instagram profile account and access the Photos of You area.

3. Tap the menu button in the top-right corner.

4. Choose the option to add photos manually to your profile.

Instagram security how to add photo tags manually 1

6. Hide Instagram Stories and live videos from specific people

You should secure your privacy not just for photos or location, but also for your stories.

It’s easy to hide Instagram Stories from specific individuals or deny people the chance to share your stories with their followers.

Here’s how to hide Stories or control who interacts with them.

  1. Go to your profile
  2. Tap the menu button and go to the Options menu
  3. Scroll to Story Settings and adjust the sliders for maximum privacy.

story settings

For maximum Instagram security, turn off Share Your Story to Facebook, pick the people you want to Hide Story from and pick who can reply to your broadcasts.

6. Activate Two-Factor Authentication

2fa

Two-Factor Authentication works as an extra shield of protection for your account. In case a cyber criminal somehow finds out your password, they won’t be able to take over your account, as they will need this second factor to authenticate themselves.

The second factor consists of a unique, time-sensitive code, that you’ll receive via text on your mobile phone. You’ll have to introduce it any time you’ll want to log-in to your Instagram account from a new device.

Of course, it’s also essential that you set a strong, unique password to your account, so don’t ignore that aspect either.

Here’s how to turn on the Two-Factor Authentication for Instagram:

1. Open the mobile app and go on your profile.

2. Click on the Options icon (top right of the screen).

3. In the menu you’ll see a shortlink for “Two-Factor Authentication”, click on it.

4. Turn it on and set it up using your mobile phone.

That’s it. From now on, any time you’ll want to log in to your Instagram account from a new mobile phone, you’ll have to introduce the password and the extra unique code, that you’ll receive via text message.

As an alternative, in case you ever lose your mobile and don’t have access to your phone number, you can also use one of the Backup Codes. Each Instagram account has five unique codes. You’ll find them in the same place where you activate the Two-Factor Authentication.

7. Revoke access to third-party apps

Most likely you logged in using your social account to third party apps. It can be other social networks, or services that analyse your number of followers, post on your behalf and so on.

For security and privacy matters, you should only allow access to the apps that are trustworthy (especially those created directly by the Instagram and Facebook teams). Remember that those apps have access to your profile and personal information, thus making you vulnerable.

So take your time and do a spring cleaning.You have to do this in a browser, not directly in the app. Check every single app that you allowed to access and use your Instagram account. Revoke access to the ones that you don’t use anymore, look suspicious or you can’t even remember them.

Here’s how to do that:

1. Log into your Instagram account from the browser (desktop / laptop).

2. On the top right of the screen, click on your profile photo. Select “Edit Profile”.

3. From the Menu, select “Manage Applications”. It will take you to a page from where you can manage the apps that you authorized to use your Instagram account. Revoke access to Instagram apps that might make your account vulnerable.

Capture 2

In this area you can even Hide Inappropriate Comments or filter certain words or phrases.

General Guidelines to follow before posting on Instagram

  • Don’t post sensitive information in your photos or captions
  • Don’t reveal your location
  • When possible, make sure the location is not revealed by background details
  • When possible, don’t use hashtags that may reveal private data (or the location)
  • Don’t post provocative or violent photos
  • Don’t post photos of other people without their consent
  • Do not engage in online bullying
  • Parents, please don’t post photos of your kids on social media or do it sparingly
  • If you log into your Instagram account from other devices (public / shared), make sure you log out every time

I found this useful, easy-to-follow guide on how to secure my Instagram account:

CLICK TO TWEET

There aren’t as many options available for Instagram security as we have on Facebook, LinkedIn or Twitter, but there are a few and we should use them if we don’t want to face unwanted surprises.

Remember that by collecting all the available information on us, from multiple online accounts, cyber criminals are capable of creating a public persona and eventually operate identity theft.

When it comes to Instagram, there are a lot of services promising you followers, if you just give them access to your account. Don’t.

Do you know who really is watching you?

If you want to discover great people or grow your personal brand, do it organically by following people and hashtags, then start a conversation. For Instagram security, just follow the steps we outlined above.

Of course, if you have any more tips to add or want to share a story about a compromised Instagram account, we’d love to read your contribution in the comments.

This article was written by Aurelian Neagu in August 2016 and was updated by Ana Dascalescu in February 2018.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

How to Convert and Copy a DVD to Your PC, iOS and Android Gadgets?

Sometimes, you may want a copy of your DVD collection on your computer. Therefore you can watch it at any time, and don’t have to necessarily have the DVD disc on hand every time. Or perhaps, you need to make a backup of DVD just in case of losing the DVD content when it’s damaged.

To meet the demands, we highly recommend a program that allows you to copy protected DVDs on your PC and convert the content into one of common formats. That is WonderFox DVD Ripper Pro, which is excellent and can accomplish copying a DVD to your computer with just a few steps.

Note: WonderFox DVD Ripper Pro can be used to keep backups of your purchased DVDs for personal use. Please don’t use it for illegal sale.

Now, let’s start to learn more about the program. And also, here below is how to copy and convert a protected DVD to your PC with WonderFox DVD Ripper Pro.

WonderFox DVD Ripper Pro is one of the best Windows 10 DVD Ripper programs which help you create copies of DVDs and save them to your computer and portable devices. It is an alternative to HandBrake and DVD Shrink, giving the user the possibility to enjoy safe DVD movie backup without difficulty.

The software is full-featured. And after installing the program, you can see that it has an intuitive interface. There are 3 source options: DVD Disc, ISO Image, and DVD Folder. That means it can also convert and copy video_ts to MP4, MOV, and more common formats.

How to Convert and Copy a DVD to Your PC, iOS and Android Gadgets?

We press the DVD Disc button. And the program begins to analyze and decrypts the DVD. The time for analyzing depends on DVD data amount, your hard drive, etc. After a little while, we’ll see a new interface. See the image below. The program has already selected the right main movie of the DVD. Well, you can also choose the other content, such as Ads, to meet the best of your own needs.

How to Convert and Copy a DVD to Your PC, iOS and Android Gadgets?

And then you can convert it to a video format from its supported format lists on the right, including MP4, AVI, H.264, MPG, MKV, MOV and more. Besides, converting movie to audio like MP3, WAV, FLAV, ALAC, DTS, AAC, etc. is also available.

An interesting feature is that WonderFox DVD Ripper Pro can convert DVD to formats compatible with a wide range of gadgets such as iPhone, iPad, Apple TV, Samsung phones and tablets, HUAWEI devices, Windows Phone and other models of Android smartphones and tablets.After choosing a target output format or profile, press RUN at the right bottom.

Acquire a Licensed Copy with Special Discount

WonderFox DVD Ripper Pro provides the best, quickest and easiest way to convert DVD to digital copy. Readers of this review can take advantage of a time-limited offer to get a licensed copy with 50% discount.

The post How to Convert and Copy a DVD to Your PC, iOS and Android Gadgets? appeared first on TechWorm.

How To Deploy Django App on Heroku

Hey geeks and really interesting people out there, today we are doing a little resume on how you can deploy django app on heroku.

Yeah, even if you don’t know anything about it, here you can learn how to do it, so keep reading to become a deployer master.

Is kinda obvious, but first, you need to have a Heroku account, is you already have it skip this step, however if you don’t, you can create a Heroku account in like one minute or even less, you can choose the plan that is more suitable for the functionalities you need to have, this platform counts with 4 plans: Free that will cost you $0, and then the ones you need to pay to have, that are hobby, standard, and performance. This time we are working on the free plan.

I need to highlight something really important here, at the moment you create your account,  you choose the “primary development language”, please be sure you select Python. After you finish all the steps you will receive a confirmation email.

Having your account next is installing the CLI for Heroku, this is the main tool you need to interact properly with Heroku, to do this you need first open the console, enter your user-name and password, of the account you already have or just create.

Then start creating a Heroku app, and next you need to connect to PostgreSQL, is kind of easy for those who already have experience on the field.

After you start creating your app, you can start configuring the Django apps for your Heroku system, you can try at first writing a really easy Django application, however, if you are a lot more experienced you can try to do one a little bit more complicated.

You need to have the requirements.txt file, this file contains a list of all you need for app packages, you need to create this file in the root folder. After you have this configured, you need to have the profile, this describes all the commands you will need to execute the app. And last in this step but not least; you need to have the runtime.txt, which is the file that specifies the Python version.

Then we need to separate the Django settings, this is necessary for the app you are creating is this start to grow. After you have it, you need to set up static files. First, you need to modify settings.py ? wsgi.py; that will assure you a correct display of files. After this step, it came the data configuration and the local launch.

If you complete all these steps correctly, you will just need to go and deploy Django to Heroku, run migrations and that’s it! For those who want to take a look at the code here, you have all the information available. It seems really complicated; however, once you achieve it you will feel so satisfied!

The post How To Deploy Django App on Heroku appeared first on TechWorm.

How to Choose The Right Industrial Gearbox For Your Appliance

It can be confusing to choose a gearbox when there are so many to choose from. The most important thing that need to be considered when choosing an industrial gearbox is your requirements because different gearboxes offer different benefits, and you can get the right one only when you know why you need it.

Gearboxes aren’t an entirely new invention. The gear arrangement was introduced by Aristotle in 330 B.C., while Archimedes was the one to use gears in the third century. Since then, gears have been used for the same purpose. i.e, to produce a uniform motion among two shafts on a consistent ratio.

There are many factors that need to be considered when it comes to buying gearboxes. These include:

  • Torque produced
  • Size
  • Gear ratio
  • Duty cycle
  • Shaft alignment
  • Backlash
  • Amount of noise it produces
  • Mounting arrangements
  • Smoothness.

Besides these factors, efficiency and power are two of the other main characteristics to keep in mind. For this you must know the amount of load you want a machine to move or lift.

In a nutshell, it depends upon your requirements to determine what type of gearbox will best suit your needs:

Here’s how you can choose the best industrial gearbox according to your needs:

For High Efficiency

If it’s efficiency that you’re looking for in a gearbox, then planetary gearbox will serve you the best. The reason they’re highly efficient is because of the way the inner gears are arranged.

Planetary gearboxes contain a large gear at the center called the central gear which help move the smaller gears (planets). This arrangement of gears make it 3 times more efficient than most type of industrial gears used to enhance torque.

Another reason for them being the most reliable is the fact that no matter how much amount of load is exerted on these gearboxes, the weight is evenly distributed among the plants, thus the higher efficiency.

To take it up a notch, planetary gearboxes are often combined with other gearboxes such as helical and bevel to achieve even more efficiency and power.

Smooth Operation

Smooth operation means less noise and energy transmission in a constant flow. If your requirement is to find a gearbox that makes the least possible noise while operating and keeps on operating without any issues then bevel gearboxes can be of help.

There are two shafts in this type of gearbox that aims to provide maximum flexibility between the shafts.

Since this gearbox is mountable, it can support a great deal of force without any trouble.

Other Factors To Consider

Keep in mind that different gearboxes are mounted differently. Some might be shaft mounted, some foot mounted and some flange mounted.

Durability is also a concerning factor. Most gears are made of steel to ensure heavy weights are carried easily. However, weight of the gearbox might be an issue for some, hence, gearboxes are also manufactured in plastic to minimize their weight.

The Verdict

It is vital to pick an industrial gearbox as per your needs so that your money.

The post How to Choose The Right Industrial Gearbox For Your Appliance appeared first on TechWorm.

How to Enhance your Home Wireless Network Security

What is a home wireless network?

In a few simple words, a basic home wireless network means connecting an Internet access point, such as a cable from your Internet Service Provider, to a (wireless) router in order to allow multiple devices to connect to the network very quickly.

poza wifi 1

Source: The Computer Revolution

In many cases, once a Wireless router has been installed, we find a place in our home for it and forget about it. As long as all our devices are set up and connected via the Wi-fi network, that’s all that matters, right? Wrong!

Probably many of you don’t realize, but the Internet router is one of the most important devices in our home. It’s the gateway to our Internet access and also prone to exploits by cybercriminals who can sneak into our devices and get access to our system.

Let’s not forget that we live in the age of data breaches, ransomware attacks, and many other online threats. Thus, you should be worried about the security of your home network and take all the needed security measures to increase Wifi security.


How many of these 12 security measures have you used to secure your home network?
Click To Tweet


The only measure most people use to protect their home network is to set up a password and prevent neighbors and other people from taking control over your data. But we have to be more serious about security and do more than just setting a simple password. A serious risk is that an online criminal might exploit your poor Wi-fi security measures and “listen” to your traffic in order to retrieve sensitive information or take advantage of your network to launch malicious attacks such as Man-in-the-Middle attacks, network sniffing or data theft.

Though relatively easy to use and access, Wi-Fi networks are not always SECURE networks. Wi-fi comes with lots of security issues, and it’s worth reminding about the Krack vulnerability found in the Wireless Protected Access II (WPA2) protocol which affected all devices connected via Wi-fi.

For this reason, learning how to secure your wireless home network against cybercriminals is a wise and smart move. Given how many Internet of Things devices you may own, making sure your network is extra safe carries even more weight, even though sometimes taking care of your cybersecurity can be a tedious but necessary task.

In this article, you will learn how you can better secure your home network and decrease chances of getting your valuable data compromised.

Use these steps below to enhance the security of your home wireless network:

Step 1. Change the name of your default home network

If you want to better secure your home network, the first thing you should do is to change the name of your Wi-Fi network, also known as the SSID (Service Set Identifier).

While giving your Wi-Fi a somewhat provocative name such as “Can’t hack this” may backfire at times, other names such as “this is not a wifi” or “too fly for a wifi” are perfectly acceptable.

Changing your Wi-Fi’s default name makes it harder for malicious attackers to know what type of router you have. If a cybercriminal knows the manufacturer name of your router, they will know what vulnerabilities that model has and then try to exploit them.

We strongly advise not to call your home network something like “John’s Wi-Fi”. You don’t want them to know at first glance which wireless network is yours when there are probably three or four other neighboring Wi-Fis.

Also, remember that disclosing too much personal information on a wireless network name may expose you to an identity theft operation.

Here’s a step-by-step and simple guide that explains how you can easily change the name of your wireless network.

Step 2. Make sure you set a strong and unique password to secure your wireless network

You probably know that every wireless router comes pre-set with a default username and password, which is needed in the first place to install and connect your router. The worst part: it’s easy for hackers to guess it, especially if they know the manufacturer.

So, make sure you change them both immediately.

A good wireless password should be at least 20 characters long and include numbers, letters, and various symbols.

Use this guide to set up a strong password for your network. Friends coming over for a visit may complain about the unusual length of your password, but this might discourage them from needlessly consuming your data with boring Facebook or Instagram posts.

Step 3. Increase your Wi-Fi security by activating network encryption

Wireless networks come with multiple encryption languages, such as WEP, WPA or WPA2.

To better understand this terminology, WPA2 stands for Wi-Fi Protected Access 2 and is both a security protocol and a current standard in the industry (WPA2 networks are almost everywhere) and encrypts traffic on Wi-Fi networks. It also replaces the older and less secure WEP (Wired Equivalent Privacy), and is an upgrade of the original WPA (Wi-Fi Protected Access) technology. Since 2006, all Wi-Fi certified products should use WPA2 security.

WPA2 AES is also a standard security system now, so all wireless networks are compatible with it. If you want to enable WPA2 encryption on your Wireless router, use these six steps. If you are using a TP-Link wireless router, here’s how to secure your wireless network.

The good news is that the WPA3 is already here and will replace WPA2. The Wi-Fi Alliance recently announced its next-generation wireless network security standard which aims to solve a common security issue: open Wi-Fi networks. More than that, it comes with security enhancements and includes a suite of features to simplify Wi-fi security configuration for users and service providers.

Step 4. Turn off the wireless home network when you’re not at home

In order to secure your network, we strongly recommend you to disable the wireless home network, in case of extended periods of non use. You should do the same thing with all your devices that are using Ethernet cables or when you won’t be at home.

By doing this, you are closing any windows of opportunity malicious hackers might attempt to get access to it while you are away.

Here are a few advantages of disabling your wireless network:

  • Security reasons – Turning off your network devices, it minimizes the chances of becoming a target for hackers.
  • Surge protection – When you power off your network device, you also lower the possibility of being damaged by electric power surges;
  • Noise reduction –  Although the modern home networks are much quieter these days, disabling your wireless home network can add calmness to your home.

Step 5. Where is the router located in your home?

You probably haven’t thought about this in the first, but where is your Wi-Fi place in your home can also have an impact on your security.

Place the wireless router as close as possible to the middle of your house. Why? First of all, it will provide equal access to the Internet to all the rooms in your home. Secondly, you don’t want to have your wireless signal range reach too much outside your home, where it can be easily intercepted by malicious persons.

For this reason, we recommend not to place your wireless router close to a window since there’s nothing to block the signal going outside your home.

Step 6. Use a strong network administrator password to increase Wi-Fi security

To set up your wireless router, you usually need to access an online platform or site, where you can make several changes to your network settings.

Most Wi-fi routers come with default credentials such as “admin” and “password” which are such an easy for malicious hackers to break into.

Did you know that the number of wireless networks has increased dramatically over the last 8 years? In 2010 there were 20 million Wi-Fi networks around the globe, and in 8 years, that number increased to 400 million.

Smartphones, laptops, tablets and other devices have driven this growth, and because of how expensive data plans are, most people choose to connect their device to wireless Internet connections.

Step 7. Change your default IP address on the Wireless router

Changing the default IP address to a less common one is another thing you should consider doing to better secure your home network and make it more difficult for hackers to track it.

To change the IP address of a router, you should follow these steps:

  1. Log into your router’s console as an administrator. These basic steps will teach you how to easily connect to your home network as an admin. Usually, the address bar type looks like http://192.168.1.1 or http://192.168.0.1
  2. Once you are there, insert the username and password on the login page;
  3. Then select Network > LAN which is in the menu of the left side;
  4. Change the IP address to preference, then click Save.

Note: After you’ve changed the IP address, you’ll need to type the new IP address into the web browser bar.

You can also change the DNS server that your Wireless router is using to filter the Internet traffic and this guide will show how to do it.

Step 8. Turn off the DHCP functionality on the router

To enhance the wireless network security, you should turn off the Dynamic Host Configuration Protocol (DHCP) server in your router which is what IP addresses are assigned to each device on a network. Instead, you should make use of a static address and enter your network settings.

This means that you should enter into your device and assign it an IP address that is suitable to your router.

Step 9. Disable Remote Access

Most routers allow you to access their interface only from a connected device. However, some of them allow access even from remote systems.

Once you turned off the remote access, malicious actors won’t be able to access your router’s privacy settings from a device not connected to your wireless network.

To make this change, access the web interface and search for “Remote access” or “Remote Administration“.

Step 10. Always keep your router’s software up-to-date

The software is an essential part of your wireless network security. The wireless router’s firmware, like any other software, contains flaws which can become major vulnerabilities and be ruthlessly exploited by hackers, as this unfortunate family would find out.

Unfortunately, many wireless routers don’t come with the option to auto-update their software, so you have to go through the hassle of doing this manually.

And even for those Wi-Fi networks that can auto-update, it still requires you to switch on this setting. But, we remind you about the importance of software patching and how neglecting to do this can leave open doors for cybercriminals to exploit various vulnerabilities.  Read what security experts have to say about updating your software and why it is a key to online security.

Step 11. A firewall can help secure your Wi-fi network

Firewalls aren’t just software programs used on your PC, they also come in the hardware variety.

A hardware firewall does pretty much the same thing as a software one, but its biggest advantage is that it adds one extra layer of security.

The best part about hardware firewalls is that most of the best wireless routers have a built-in firewall that should protect your network from potential cyber attacks. This article can help you figure out if your router has a firewall built in and how you can activate it. And we strongly suggest to turn it on t if it’s not by default as an extra layer of protection.

If your router doesn’t have one, you can install a good firewall device to your router in order to protect your system from malicious hacking attempts against your home network.

Step 12. Enhance protection for the devices most frequently connected to your home network

Important: Do not leave any exposed vulnerabilities for online criminals to pick on!

Even though you’ve increased protection for your router and home network, you need to make sure you don’t have any security holes that can be exploited by online criminals.

Here’s what we recommend you to do:

  1. Remember to always keep your devices up to date with the most recent software available;
  2. Always apply the latest security patches to ensure no security hole is left open to malicious actors.
  3. check which devices connect most often to your home network and make sure they have antivirus and/or an anti-malware security software installed. If you don’t know which one should you choose, this guide will be very useful.
  4. Make sure to protect your devices using multiple security layers consisting of specialized security software such as updated antivirus programs and traffic filtering software. You may consider using an antimalware software program like Heimdal PRO or Malwarebytes.

Final thoughts

Securing the home network should be a top priority for each of us interested in keeping the data safe and secure. These steps can be really useful even for the non-tech savvy person to apply.

Also, do not forget that your wireless network security can be sometimes weak, and  prone to exploits.  It almost doesn’t matter how strong your password is or if your software is up to date if cybercriminals can just hijack your Wi-Fi data.

So this is why we’ve written this guide on how to secure a wireless network. You still have to keep an eye out for insecure Wi-Fi routers out there, however, since most will probably still use WEP and not follow these safety procedures.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

Biometric Authentication Overview, Advantages & Disadvantages

What is biometric authentication?

Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What’s complicated is the technology behind it, so let’s see how it works.

To understand it better, just know that biometrics is the name for any type of body measurements and calculations. Biometric identification verifies you are you based on your body measurements. Biometric authentication goes one step further and uses that information to compare you against a database and enters your information in a service.

Think of it like this: biometric identification is like a neighbor who looks through the peeping hole at the 2 people who just rung the bell. The neighbor decides which one of them is Dave based on height, hair color, eye color and so on.
Biometric authentication is the neighbor who looks through the peeping hole to see who is calling the door. If it’s Dave, the neighbor lets him in.
If it’s not Dave, the door remains shut.

CHECK YOUR CYBER SECURITY HABITS
Would you rather use a password or a biometric authentication method?

This is just the simplified explanation for biometric authentication but stay tuned!

Here’s what we will cover in this extensive explanation of biometric authentication, a fascinating technology with significant adoption in the present and huge potential in the future.

Table of contents

How biometric authentication works

Biometric authentication works by comparing two sets of data: the first one is preset by the owner of the device, while the second one belongs to a device visitor. If the two data are nearly identical, the device knows that “visitor” and “owner” are one and the same, and gives access to the person.

The important thing to note is that the match between the two data sets has to be nearly identical but not exactly identical. This is because it’s close to impossible for 2 biometric data to match 100%. For instance, you might have a slightly sweaty finger or a tiny, tiny scar that changes the print pattern.

Designing the process so that it doesn’t require an exact match greatly diminishes the chance of a false negative (the device doesn’t recognize your fingerprint) but also increases the odds that a fake fingerprint might be considered genuine.

Popular biometric authentication methods and how they work

There are quite a few types of identifying a user by way of his own body. Below are the most popular biometric technologies that have made their way into users’ hands.

Fingerprint Scanners and how they are stored

There are three types of fingerprint scanners: optical, capacitive and ultrasound.

  • An optical scanner takes a photo of the finger, identifies the print pattern, and then compiles it into an identification code.

optical fingerprint scanner 1

Source

  • A capacitive scanner works by measuring electrical signals sent from the finger to the scanner. Print ridges directly touch the scanner, sending electrical current, while the valleys between print ridges create air gaps. A capacitive scanner basically maps out these contact points and air gaps, resulting in an absolutely unique pattern. These are ones used in smartphones and laptops.
  • Ultrasonic scanners will make their appearance in the newest generation of smartphones. Basically, these will emit ultrasounds that will reflect back into the scanner. Similar to a capacitive one, it forms a map of the finger unique to the individual.

How are your fingerprints stored?

Both Google and Apple store your fingerprint on the device itself and do not make a copy of it on their own servers.

Apple’s TouchID won’t store the actual image of the fingerprint, but a mathematical representation of it. So even if a malicious hacker reaches this mathematical representation, he cannot reverse engineer it to reveal an actual image of your fingerprint. Not only that, but the fingerprint data itself is encrypted.

As this security researcher pointed out, TouchID can be hacked but it’s still an extremely safe method of biometric authentication. For someone to hack an iPhone using TouchID sensors, they would need a really good copy of someone’s fingerprint. This will get them access to your unlocked phone, but not to a copy of your fingerprint, so it differs from stealing a password.

apple touch id finger

Source

Also, not even the device’s OS can access the fingerprint data directly, much less an app. Instead, there’s a gatekeeper security software called Secure Enclave that sits between the fingerprint data, and the program making the fingerprint scan request.

Android phones operate under similar guidelines. They store the fingerprint data in a secure part of the main processor called Trusted Execution Environment, or TEE for short. The TEE is isolated from other parts of the processor and doesn’t directly interact with installed apps.

Just as with Apple devices, fingerprint data is stored in an encrypted state. In addition, removing a user from the device should also delete any fingerprints stored on it.

While Apple has moved away from fingerprint scanning authentication and replaced TouchID with FaceID, other companies still rely on it.

Indeed, in 2018, a lot of smartphone developers are aiming to incorporate fingerprint scanners in the screen itself. Vivo is the first one to market such a device. The Vivo phone has a Synaptic CMOS sensor, a small camera, taped to the back of the OLED panel. Whenever the OLED screen lights up, it also illuminates your fingerprint, which the sensor sees and then compares it to the info already stored. For users, the result is a seamless experience: simply touch the screen with your finger and your phone will unlock.

Here’s how Android and iPhones store your fingerprint and other biometric data

CLICK TO TWEET

Eye scanners

Security researchers consider the eye as one of the most reliable body parts for biometric authentication since it the retina and iris remains almost completely unchanged during a person’s lifetime.

  • A retinal scan will illuminate the complex blood vessels in a person’s eye using infrared light, making them more visible than the surrounding tissue. Just like fingerprints, no two persons will ever have the same retinal pattern.

retina 1

Source

  • Iris scanners rely on high-quality photos or videos of one or both irises of a person. Irises too are unique to the individual. However, iris scanners have proven to be easy to trick simply by using a high-quality photograph of the subject’s eyes or face.

How iris scanners work

When it comes to biometrics, the iris has several major advantages compared to a fingerprint:

  • You don’t spread the information around every time you touch something.
  • The iris stays virtually unchanged throughout a person’s life. A fingerprint, on the other hand, can be dirtied, scarred or eroded.
  • You can’t use a fingerprint with dirty or sweaty hands. Irises, however, have no such problem.

The only major disadvantage of an iris scanner is that high-quality photos of your face or eyes can trick the scanner and unlock the device. iris scanner 1

Source

Despite these limitations, the technology has made its way as a security feature in airports, banks, and other sensitive buildings. Of course, just like with other security measures, it’s used in conjunction with multiple authentication technologies.

How it works. In the enrollment phase, the scanner will make a photograph of your iris using both normal light, as well as infrared light to capture details that wouldn’t be visible otherwise.

After the device records the person’s iris, it will remove any unnecessary details, such as eyelashes, and then transform the information into mathematical data and encrypt it.

During verification, an iris scanner will again emit infrared light to spot those hidden details. Because an iris scanner supplies its own light, it also works in low light or dark conditions.

Speaker recognition

Speaker recognition, unlike voice recognition, wants to identify who is talking, and not what is being said.

Source

In order to identify the speaker, the specialized software will break down their words into packets of frequencies called formants. These packets of formants also include a user’s tone, and together they form his voice print.

Speaker recognition technology is either:

  • Text-dependent, meaning it unlocks after identifying certain words or phrases (think “Hey Alexa!” for the Amazon Echo).
  • Text-independent, where it tries to recognize the voice itself but ignores what is actually said.

Unlike other methods mentioned here, speaker recognition comes with a significant usability problem, since it’s easy for background noises to distort the person’s voice and make it unrecognizable.

When it comes to consumer devices, voice activation can come across as awkward (a.k.a. talking to Siri in the subway).

But the biggest issue with speech recognition is how easy it is to create a high-quality reproduction of a person’s voice. Even low-quality smartphones can accurately record a person’s voice, complete with inflections, tone, and accents.

This hasn’t stopped speaker recognition and similar technologies from gaining mainstream adoption. Just look at the success of Amazon Echo, Google Home, and other voice controlled speakers integrated into a lot of smart homes. What do you get when you combine an Amazon Alexa with an Amazon Key that unlocks your home to couriers when you’re at work?

It’s an amazing biometric authentication experience for users. At the same time, it’s a security risk of nightmare proportions.

We don’t mean just biometric authentication exploits, but “classic” hacker methods as well. Rhino Security Labs demonstrated just how to attack Amazon Key via WiFi so the camera is blind to whoever would enter your home.

We covered the risk of using IoT devices and we explained how to secure them here. In this guide, you’ll find the best ways to protect your home wireless network. But let’s return to biometric authentication types and how they work because we’ll later explain how their advantages and disadvantages.

Other biometric technologies

The methods above are the most well known and most popular, but not the only ones. Here are some other technologies:

Facial recognition systems

Generally speaking, facial recognition systems approach biometric authentication from a lot of angles.

Source

The classic way is to simply extract your face’s features from an image (eyes, nose, distance between your lips and your nose etc) and compare them to other images to find a match.

Through skin texture analysis, your unique lines, beauty marks, wrinkles and so on are turned into a mathematical space, which is then compared to other images.

Both of them can be easily fooled with makeup, masks or, in some cases, simply obstructing part of your face. This is where thermal imagery and other technologies stepped up the game until we got to this point – that of widespread adoption of systems like the Apple FaceID.

The iPhone FaceID uses more than 30,000 infrared dots to map your face, then creates essentially a 3D map of your features. This map, like Touch ID, is sent to the Secure Enclave in the CPU to be compared with the one already stored on the device. The result? Your phone is unlocked just by looking at it.

In the marketing materials, Apple said there is a 1 in a million chance for someone else to unlock an iPhone using FaceID. Of course, that just sounded like a challenge for security experts. A researcher from Vietnam fooled FaceID with a 3D printed mask made from silicone and paper tape.

2. Hand and finger geometry

While not as unique as prints, iris scanners or tridimensional face maps, our hands are different enough from other people’s. That makes them a viable authentication method in certain cases.

Source

A hand geometry scanner will measure palm thickness, finger length and width, knuckle distance and so on.

Advantages of this kind of system are cheapness, ease of use and unobtrusiveness. It also has a few major disadvantages. A hand’s size can vary over the time. Health problems might limit movements.  More importantly, a hand is not that unique, so the system has low accuracy.

hand geometry 1

Source

2.    Vein geometry

Our vein layout is completely unique and not even twins have the same vein geometry. In fact, the overall layout is different from hand one hand to another.

Veins have an added advantage since they are incredibly difficult to copy and steal because they are visible under tightly controlled circumstances.

A vein geometry scanner will light up the veins with near-infrared light, which makes your veins visible on the picture.

vein biometrics 1

Source

Advantages and disadvantages of biometric authentication

Ultimately, biometric authentication techniques are all about security. As a feature, their main competitor is the password (or PIN code, on occasion), so a comparison between the two will reveal both their flaws and weaknesses. Let’s see.

Advantage: Ease of use

A fingerprint or iris scan is much easier to use than a password, especially a long one. It only takes a second (if that) for the most modern smartphones to recognize a fingerprint and allow a user to access the phone. Ultrasound scanners will soon become commonplace, since manufacturers can place them directly behind the screen, without taking any extra real estate on a phone.

Voice recognition, on the other hand, is a bit iffier and background noises can easily scramble the process and render it inoperable.

Disadvantage: You cannot revoke the fingerprint/iris/voice print remotely

A big disadvantage of biometric security is that a user cannot remotely alter them. If you lose access to an email, you can always initiate a remote recovery to help you regain control. During the process, you will be able to change your password or add two-factor authentication to double your account’s security.

Biometrics, however, don’t work like that. You have to be physically near the device to change its initial, secure data set.

A thief could steal your smartphone, create a fake finger, and then use it to unlock the phone at will. Unless you quickly locked your phone remotely, a thief would quickly steal every bit of information on the device.

Advantage: The malicious hacker has to be near you

The biggest advantage of biometrics is that a malicious hacker has to be in your physical proximity in order to collect the information required to bypass the login.

smartphone 1445448 640

Source

This narrows down the circle of possible suspects in case your biometric lock is somehow bypassed.

The proximity also puts him at risk of getting caught red-handed, in a way that regular malicious hackers working from another continent cannot.

Disadvantage: “Master fingerprints” can trick many phones and scanners

When you first register a fingerprint, the device will ask you for multiple presses from different angles. These samples will then be used as the original data set to compare with subsequent unlock attempts.

However, smartphone sensors are small, so they often rely on partial matches of fingerprints.

Researchers have discovered that a set of 5 “master fingerprints” can exploit these partial matches, and open about 65% of devices.

The number is likely to go down in real life conditions, but an open rate of even 10% to 15% is huge and can expose millions of devices.

Disadvantage: Biometrics last a lifetime

You can always change your password if somebody learns it, but there’s no way to modify your iris, retina or fingerprint. Once somebody has a working copy of these, there’s not much you can do to stay safe, other than switching to passwords or using another finger.

In one of the biggest hacks ever, the US Office of Personnel Management leaked 5.6 million employee fingerprints. For the people involved, a part of their identity will always be compromised.

Disadvantage: Vulnerabilities in biometric authentication software

A couple of years ago, security researchers discovered weaknesses in Android devices that allowed them to remotely extract a user’s fingerprint, use backdoors in the software to hijack mobile payments or even install malware.

What’s more, they were able to do this remotely, without having physical access to the device.

Since then, patches have come for the vulnerabilities, but bug hunters are constantly on the hunt for new ones.

Hacking methods

Whitehat security researchers have proved time and again how to fool fingerprint or iris scanners. Here are just some of the methods they use.

Creating a fake finger (spoofing the fingerprint)

To open up a smartphone secured with a fingerprint, the attacker will first need to find a high-quality print, that contains a sufficient amount of specific patterns to open up the device.

Next, an attacker will lift the fingerprint, place it on a plastic laminate, and then cast a finger to fit this mold.

fake fingerprint 1

Source

Once the malicious hacker creates the fake finger, all he has to do is to place it on the scanner, press with his finger to conduct electricity and then use the unlocked phone.

Tricking an iris scanner

For some iris scanners, all it takes is taking a photo with a cheap camera in night mode, print the iris on paper, and then putting a wet contact lens to mimic the roundness of the human eye.

Hacking the biometric sensor and stealing the data

Another, more insidious method of obtaining the fingerprint data of a phone, and unlocking it, is to directly hack the part of the phone responsible for storing the information.

For iOS devices, this means breaking into the Secure Enclave. Technically, this is possible, but it is far beyond the scope of your average, day-to-day cyber criminal. The few confirmed hackings have been done by Cellebrite.

Still, the software and expertise might reach mass-market, and into the hands of script kiddies.

In the case of Android devices, researchers have proven it is possible to trick the Qualcomm provided Trusted Execution Environment by loading a customized app, which then runs a privilege escalation until it obtains greater access to the TEE.

Fortunately for us users, a cybercriminal would need considerable expertise to hack your phone in such a way.

Biometric security for mobile devices, such as smartphones and laptops

A fingerprint lock is useless if somebody steals your smartphone, and then simply lifts the print off from the device.

ext

Source

How to secure smartphone/laptop fingerprint readers

Here are a few simple tips to help minimize the number of prints that are on your phone:

  • Dress your phone with a fingerprint-resistant or oleophobic cover and screen protector.
  • Use a different finger other than your index or thumb.
  • If convenience is not your primary concern, use both the fingerprint and the password/PIN lock. This is especially useful for sensitive business smartphones and laptops. Here is a comprehensive guide for your smartphone security, and we compiled the best password tips here.
  • If your laptop or other device supports it, use a fingerprint randomizer. In short, you register 2-3 fingerprints, and the lock screen will ask you provide a different finger each time you log in.

Here are a few tips to prevent thieves from stealing fingerprints off your smartphone

CLICK TO TWEET

Conclusion

Biometric authentication has strongly expanded in the last few years, with more and more consumers relying on it and even demanding for it.

Do you use any sort of biometric technology? How do you feel about it, especially in government’s hands, and how secure do you think is?

This post was originally published in July 2017 by Paul Cucu and updated on January 12, 2018 by Ana Dascalescu.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

How to protect your Mac from the ‘App Store password’ bug

Shortly after the discovery of the “root” bug plaguing Macs worldwide, Apple is faced with another embarrassing flaw in the newest version of its macOS. And it’s yet another password-centric vulnerability.

A recent post on Open Radar reveals that the App Store preferences pane in System Preferences can be unlocked by a local admin with a bogus password – or, as our own tests revealed, no password whatsoever.

The steps to reproduce the bug are:

1) Log in as a local admin

2) Open the App Store preferences pane from the System Preferences

3) Lock the padlock if it is already unlocked

4) Click the lock to unlock it

5) Enter any bogus password (or leave the password field blank)

6) Hit Return / Enter

If these steps reproduce the bug on your Mac, you are affected.

The flaw is not terribly dangerous, but it’s not entirely harmless either. Anyone with physical access to the machine can alter the settings to control how that Mac downloads and handles third-party software. A bad actor could (theoretically) use this bug to make it easy to deploy malware onto the unsuspecting victim’s computer at a later time.

Mac users running macOS High Sierra 10.13.3 beta are reportedly unable to reproduce the bug, indicating that either Apple is aware of the flaw, or something new in the beta inadvertently “breaks” the bug. So, what can you do until Apple releases the fix? Not much except tighten the existing security settings on your Mac.

You can leverage the “hot corners” feature to quickly enable a screensaver whenever you get up from your desk. Go to System Preferences -> Desktop & Screen Saver and look for the Hot Corners button in the bottom right-hand corner of the window.

Then, you should set your Mac to ask for a password immediately after the screensaver kicks in. To do this, visit the Security & Privacy module under System Preferences.

Finally, look out for Apple’s 10.13.3 update and install it the moment it becomes available.

Here are The Internet Security Blogs You Should Follow Today [Updated 2018]

If you are concerned about your online security (and you should), it’s essential to know which are the best cyber security blogs that could help you stay informed about the most recent trends in the threat landscape.

The question then arises: Where can you find the best security blogs to learn and to gain more knowledge in the cyber security field? What security experts to follow so you can stay abreast of changes in this industry and how to better protect your digital assets? How can you make the difference between the real experts and the false ones?

That’s why we want to help and we’ve put together this list with all the cybersecurity blogs and websites that are worth following.

We’re aware that it isn’t perfect and will never be, so we’ll continue to keep this list updated as much as we can. There are probably so many other security blogs and experts that we have not included. More and more are launching every day.

Can you tell what other blogs should we add to this list and what you think about the current ones?

From small, independent researchers and experts, to the big names: security vendors, media giants, organizations or cyber security communities and organizations. The main criteria were how much can we benefit from their insights and knowledge.

Therefore, if you need best practices, how-to articles, online safety research or the latest security news and insights from researchers, start with this guide. Feel free to bookmark our article and access the following blogs/websites whenever you feel it’s necessary.

CYBER SECURITY BLOGS TO FOLLOW

1. Krebs on Security

Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he starts to be personally interested in online security. He’s one of the most-known names in today’s security landscape. Krebs covers topics from latest threats, privacy breaches and cyber-criminals, as well as major security news and alerts. He’s also a book author.

2. Schneier on Security

Another cyber security blog that is worth reading on a daily basis is the one belonging to Bruce Schneier which is an internationally renowned security technologist, called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on cyber security. At the same time, he is a known figure in the media.

The press recognizes him as an important voice for online security, not only for his knowledge on the matter but also because of how he expresses his opinions.

3. Tao Security

Tao Security is run by Richard Bejtlich, which is an advisor to the security ecosystem for the Treat Stack company and a former Chief Security Strategist at FireEye. He’s also an author of many books on the security topic. He started his career as a military intelligence officer at the Air Force Computer Emergency Response Team, Air Force Information Warfare Center and Air Intelligence Agency.

With an extensive background in the cyber-criminal world and familiar with malicious attacks on enterprise networks, he shares his experience on digital defense and network monitoring. Since a great number of network attacks come from China, he is specialized on Chinese online criminals.

4. Graham Cluley

Graham Cluley is one of the most known independent computer security analysts and public speakers. He’s been working in the industry since the early ‘90s. Started as a programmer, writing the first ever version of Dr. Solomon’s Anti-Virus Toolkit for Windows. Afterwards, he had senior roles in Sophos and McAfee.

5. Troy Hunt

Troy Hunt is an Australian Microsoft Regional Director and Most Valuable Professional (MVP) for Developer Security. He travels the world speaking at events and giving training and advice to tech security professionals. He’s also an author of many top-rating courses on web security.

You surely heard about his project Have I Been Pwned?”, a free service that tells you if you’ve been compromised in a data breach.

6. Security Affairs

Security Affairs is a security blog written by Pierluigi Paganini, an ethical hacker, researcher, security evangelist and analyst. On his blog, among the articles on security, you’ll also find regular interviews with hackers, useful cyber security In 2016, this blog was awarded as Best European Personal Security Blog

7. Architect Security 

This cyber security blog belongs to April C. Wright which is a speaker, teacher, community leader and hacker with more than 25 years experience in the information security industry. She teaches others how to use simple actions that can lead to a better and safer place.

8. Dark Reading

Dark Reading is a widely-read cyber security website that addresses professionals from the IT industry, security researchers, and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT cyber security landscape.

9. CIO

CIO is the place where you find news, information technology articles, insights and analysis on major data breaches and online threats that put your online security at risk. Covering multiple aspects of world wide web, it provides in-depth, content-rich information for IT professionals and regular users.

10. CSO Online

CSO focuses on offering users the latest information and best practices in both technology and business, loss prevention, cybercriminal threats and software vulnerabilities, malware and data breaches and many other useful tips and advice about cyber security.

11. PCMag’s Security Watch

Known for his direct and witty style, Neil Rubenking is PC Magazine’s Lead Analyst. He’s the man you have to listen if you search for technical advice on the main security solutions, from firewalls, antivirus, and antispam products to full security suites. You’ll also read in this cyber security blog detailed reports and sharp analysis of security programs, which should place him on your follow “cybersecurity blogs” list if you look for this type of information. He has also written several books.

12. Paul’s Security Weekly

This security blog was founded by Paul Asadoorian, and brings you a wide range of topics from security news, useful technical articles, research studies to valuable information on hacking and cybercrime through different channels, from blog posts, videos to podcasts.

13. Forbes

This is one of the leading media company in the online environment and provides strong analysis, reliable tools, real-time reports for cyber security news and information on the latest online vulnerabilities.

14. SC Magazine

SC Magazine comes in the IT environment with technical information and data analysis to fight the present online security threats. Their site provides testing results for email security, mobile devices, cloud and web security.

15. PCMag

Probably one of the most popular tech sites in the software industry, PC Mag offers readers lots of reviews and studies on the latest products for online security. For an objective analysis of a particular product you may be interested in, don’t forget to search for the dedicated article on this website.

16. The Hacker News

It is one of the biggest information security blogs and we recommend following it for the latest resources about hacking, technology and security.

17. Security Week 

It’s one of those information security blogs you need to follow to stay informed about the latest security news, insights and analysis. You’ll also read opinions and insights from IT security experts around the world.

18. Ars Technica

Probably one of the oldest and top publications on technology. Its editorial mission is to be “technically savvy, up-to-date and more fun” than what was popular at the moment when it was founded.

19. Softpedia

Softpedia is a popular destination for software downloads but also covers tech topics and news. It was founded in 2001 by SoftNews NET SRL, a Romanian company.

20. The Last Watchdog 

It is one of those security blogs founded by the Pulitzer-winning journalist Byron V. Acohido which is a respected cybersecurity influencer, and The Last Watchdog is considered to be one of the top cybersecurity blogs. You’ll find personal opinions on cyber security, Q&A, useful podcasts or videos. 

21. Wired

One of the classical American online magazines reporting on technology and its role in culture, economy and politics, Wired approaches various topics on online privacy, cybercriminal threats, systems security and the latest security alerts.

22. Motherboard Vice

Vice’s Motherboard is an online magazine dedicated to technology, science and humans. Lots of the data breaches in the past years were firstly announced by Motherboard and you should follow it.

23. Mashable

Mashable is a global media company, founded in 2005. They aim to be the leading media company for the Connected Generation and the voice of digital culture. We recommend following their cybersecurity category to read about all the latest news related to this field.

24. Techcrunch

TechCrunch is another leading media company focused on technology and breaking tech news, founded in the same year as Mashable and owned by AOL.

25. IT Pro Portal

It Pro Portal is one of the first tech websites from the UK, launched in 1999 and has grown to become one of UK’s leading resources on technology information. Here you’ll find tech products reviews, market analysis, cyber security news and many more.

26. Privacy Paradox from Lawfare

When law meets privacy – this is how we’d sum up “Privacy Paradox”, the subsection of The Lawfare Blog. Its authors take an unorthodox look at the law and policy of contemporary privacy.

27. The Register

The Register is another top online tech publication, with more than 9 million monthly unique visitors. You’ll find here independent news, views, and reviews on the latest in the IT industry and its security section brings the latest news from the industry.

28. TechRepublic

TechRepublic provides large resources for the online industry, such as blog articles, forums, technical papers and security data. All the valuable information available on this cyber security blog will help IT professionals and technology leaders to come with the best decisions on their business processes. There are also useful resources such as whitepapers, eBooks, tools and more.

29. Zero Day

The Zero Day security blog is important for all the people part of the IT industry. This information security blog belongs to ZDNet and you should follow it to stay on top of the latest security analysis, software vulnerabilities, malware attacks and network threats.

30. The Guardian Information Security Hub

Known for its quality articles on world news, Guardian also provides a section dedicated to information security for both companies and individuals. To stay up-to-date with the most recent articles and news on cyber security, make sure you follow this cyber security blog.

31. Help Net Security

Help Net Security is a popular independent site, focused on information security since 1998. You’ll find here the latest information and articles related to the IT industry, including experts’ opinion on the hottest topics, reviews, security events, and many more.

32. Techworld Security

Techworld is an industry leader in business technology publishing, published by IDG (International Data Group). The Security section is dedicated to analyzing the latest malware threats and zero-day exploits, including analysis and tutorials. You can find here other important topics and subjects, such as security articles, how-to documents or software reviews.

33. IT Security Guru

It is a site for cyber security community which offers daily and breaking IT security news, with opinions and analysis of this industry.

34. Network Computing

The content of the Network Computing cyber security blog focuses on cloud technology and enterprise infrastructure systems. Its published articles cover security solutions on how to deliver applications and services for an increasingly large threat environment in the business world, news and expert advice.

35. Infosecurity Magazine

With more than 10 years of experience, Infosecurity Magazine is an online magazine which covers not only security articles on popular topics but is also focused on security strategy and valuable insights for the online industry. You should follow it for its educational approach.

36. SANS Institute AppSec Blog

SANS Software Security provides training, certification, research and community initiatives that help IT specialists build secure applications.

37. Peerlyst

Peerlyst is a community for where cyber security professionals gather to discuss hot topics and exchange opinions on key subjects. As part of the community’s mission, the team is “working with people like you to help transcend the fragmented security market and create transparency”.

38. Europol 

While it’s not actually a cybersecurity blog, it is worth following and reading the newsroom section from the European Union Agency for Law Enforcement Cooperation (EUROPOL) and stay up to date with the latest press releases, news articles, blog entries, videos and other content.

39. Electronic Frontier Foundation (EFF) 

The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world which was founded in 1999. Its work is mainly focused on ensuring that rights and freedoms are enhanced and protected as our use of technology grows. You should read their information security blog for its high-quality content, comprehensive analysis, educational guides, and more.

40. Virus Bulletin

The Virus Bulletin blog is a must-read online source of reference for anyone concerned with computer security and online threat landscape. It covers the latest threats, new developments and techniques in the security landscape, opinions from well-known members of the industry, and more.

41. StaySafeOnline

This security blog is powered by the National Cyber Security Alliance (NCSA)  organization and is a reliable online source that provides valuable information on how you can stay safe online, how to keep your business secure and many other useful tips and insights on privacy.

42. Security Boulevard

It is the home of the Security Bloggers Network (SBN) and an online community where you can find plenty of useful resources from fresh cyber security news, threats and data breaches to webinars, a library of security-related resources, and many other educational resources.

43. Bleeping Computer

Another fantastic resource is Bleeping Computer, a technical support website and a self-education tool. Do read their cyber security guides, forums, tutorials and more.

44. IT Security

Here’s another useful information security resource where you can read about cyber security news, insights and experts’ opinions on topics related with the cyber security landscape.

45. GBHackers on Security

It is another great online resource where you can read about the latest hacking news, cybersecurity, technology updates, ransomware or malware. There’s also the place where you can find useful online courses and other interesting infosec resources.

46. BetaNews

Here’s another leading source of technology news and analysis you can follow to stay up to date with everything happening in cyber security.

INFORMATION SECURITY BLOGS FROM SECURITY VENDORS TO FOLLOW

47. State of Security

TripWire delivers advanced threat, security and compliance solutions to companies. State of Security is TripWire’s blog on cyber security and the place where you can read about the latest cyber security news, podcasts, videos and many more useful resources. Multiple authors write on it about the constantly changing landscape of cyber security.

48. Naked Security

Naked Security is an award-winning newsroom that offers us news, opinions, advice, and research on computer security issues and the latest cyber threats. The blog belongs to the security company SOPHOS and there are topics from mobile security threats to operating systems or malware articles.

49. F-Secure Safe & Savvy Blog

Safe & Savvy is a cyber security blog from F-Secure, a company focused on online content and privacy protection issues. On this security blog you will find plenty of handy tips and tricks on security issues, how to keep your data safe and many other resources such as videos, infographics or reports.

50. Hot For Security

Another information security blog you should add to your list is the Hot For Security which belongs to Bitdefender security company. Bitdefender is one of the leading and most-known companies on online security solutions. On their blog, they cover various subjects related to cyber security and privacy, from Internet scams, online spam, and phishing detection, to malware and data-stealing software.

51. Malwarebytes Labs

The Malwarebytes cybersecurity blog includes articles that cover the latest malware threats and cyber criminal attempts from the online world. You can find their articles on categories, from cybercrime, exploits, hacking and malware analysis.

52. We Live Security

We Live Security, the Eset blog, is an online resource for cyber security articles and probably one of the best cyber security blogs providing a large network of security topics from emerging online threats to zero-day exploits.

53. ThreatPost

Threatpost is an independent news site where you can read a plethora of cyber security news and analysis to stay informed and safe, including useful videos, feature reports and many more.

54. Kaspersky Lab’s Securelist

Securelist is a security blog run by Kaspersky Lab which addresses a large audience, providing some of the best security subjects on cyber criminal activities and data stealing malware. There are plenty of great cyber security information you’ll read here from malware, spam and phishing to statistics and an encyclopedia to search for definitions and learn new cyber sec terms.

55. Symantec Blogs

Symantec Blogs is an expanded blogging platform which belongs to one of the biggest providers of security solutions worldwide, Symantec. This information security blog offers users the latest security news, unparalleled analysis from experts on the online threats affecting businesses today,  articles on security threats, online criminals, data stealing malware, system vulnerabilities and many others.

56. Fox IT Security Blog

Fox-IT’s security blog is a very good source of information on online security, technology news and cybercrime defense. This security blog is owned by Fox IT, a Dutch security firm that works with trusted partners in more than 35 countries.

57. Securosis

Securosis is a security research and advisory company that offers security services for companies and organizations. At the same time, you can find on their security blog some useful articles and insights on how you can better manage and protect your online data.

58. Google Online Security Blog

We couldn’t miss this one from our list! We are surrounded by Google products and services every day, from their search engine to web browser, so it’s normal to include their cyber security blog here. It is more than a reliable information security blog; it’s also a reference point on online security and privacy we need to acknowledge. Here you can also read the latest news and insights on how to keep users safe.

59. ZoneAlarm Cyber Security Blog

This cyber security blog is from ZoneAlarm, which is one of the well-known vendors of security products providing valuable information on malware defense and online security to protect millions of PC users. Using their experience on malware, this security blog publishes malware alerts, practical security tips and the latest news in the IT industry.

60. McAfee security blog

McAfee information security blog provides the latest tips and techniques from various security experts to keep you up-to-date with the latest malware trends in the online environment.

61. Microsoft Secure Blog

Starting January 2018, this is the place where you’ll find all the blogs from Microsoft. Here you’ll find technical information for Office 365, Microsoft Azure, and Windows, alongside product updates, cybersecurity guidance, industry trends, and more. You’ll also read great cyber security stories from the global team of Windows Defender researchers, engineers, and experts.

62. SpiderLabs Security Blog

Investigators and researchers at Trustwave cover the latest technology news on this cyber security blog. Gathering information from research and testing, they publish articles and security studies to fight online hackers and cyber-criminal threats.

63. Dell SecureWorks

SecureWorks is a company that provides information security services and became part of Dell in 2011 and branched off as a public organization in April 2016. Their cyber security blog provides the latest news and information for IT professionals and users that need to stay up-to-date with online threats and malware attacks.

64. Trend Micro Simply Security

Trend Micro Simply Security information security blog offers expert insights on cloud security, data safety, privacy protection and threat intelligence. You’ll also find research and analysis, and the latest news on cyber security industry.

65. ThreatTrack Security

ThreatTrack security blog keeps you up-to-date with the latest innovations and developments in the IT industry, from security exploits to software vulnerabilities and cyber-criminal attempts.

66. Sucuri Security 

This information security blog is held by the security company called Sucuri, which is managed by two highly passionate individuals in this industry, Daniel and Tony. It is a great online resource where you can learn about site security, emerging vulnerabilities, and web malware infections.

67. Comparitech 

This information security blog is from the company Comparitech Limited, which has the mission to help consumers make more savvy decisions when they subscribe to tech services such as VPNs, antivirus and security products, cloud backup, password managers and more. Read their blog to read more about VPN, privacy, information security and more.

68. AlienVault

It is a company security company focused on enabling all organizations to better detect and manage cyber attacks in cloud. Their blog offers cyber security fresh news on the latest emerging global threats and actionable advice to simplify threat management and compliance.

69. Sensors Tech Forum

Another information security blog you should add on your list is Sensors Tech Forum, which is both an online security blog and a forum. Here you can read daily PC security news, ransomware and virus removal guides. The Sensors Tech team publishes useful guides that could help users get through the removal process of malware.

70. IT Governance UK

IT Governance is a leading global provider of IT governance, risk management and compliance solutions, with a focus on cyber resilience, data protection and cyber security. On its cyber security blog you’ll read plenty of useful articles on GDPR, online privacy,  as well as podcasts and toolkits.

Conclusion

Since the security and privacy landscape is changing constantly, so must we. That’s why we’re asking you to help us improve this article.

Let us know your thoughts in a comment below.

P.S. You can also follow our blog’s weekly roundup or our social profiles (especially Twitter), where we share the latest cybersecurity news.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

13 Warning Signs that Your Computer is Malware-Infected [Updated 2018]

Here’s a scenario you may not like, but could happen every day, because it’s always viruses season for computers. You’re working on an important project and suddenly start noticing annoying pop-ups displayed on your computer. Also, it takes too long for your files or computer apps to load. You wait and wait until you start asking yourself:

 “Does my computer have a virus?”

Unfortunately, the answer might be “yes” and your computer could be already compromised with viruses or advanced malware that are slowing down its activity and performance.

This is one of the signs that show your PC might suffer from a malware infection. There are more of them you need to be aware of and understand, so you can quickly take action.

In this article, we’ll show you the most frequent warning signs of malware infection and what can you do about it.

Quick links with what you’ll find out:

1. Your computer is slowing down
2. Annoying adds are displayed
3. Crashes
4. Pop-up messages
5. The Internet traffic suspiciously increases
6. Your browser homepage changed without your input
7. Unusual messages show unexpectedly.
8. Your security solution is disabled
9. Your friends say they receive strange messages from you
10. Unfamiliar icons are displayed on your desktop
11. Unusual error messages
12. You can’t access the Control Panel
13. Everything seems to work perfectly on your PC

Scenario 1: “My computer applications run slow lately and it takes longer than usual to start”

If you’re dealing with this scenario, it could indicate the presence of viruses on your computer. We know, it’s so frustrating to see it loading slowly. It is a known fact that one of the malware’s main activity is to slow down your operating system, whenever you’re navigating on the Internet or simply accessing your local applications.

What can you do? First off, you need to check for causes and find the real problem.

Here are some of the most common causes that slow down your PC:

  • Your system’s RAM memory is low and might be caused by the number of high apps you’re currently using. Windows Task Manager is a great tool to look for programs which use the most of your RAM memory. Press CTRL+ALT+DELETE simultaneously on your PC, choose Task Manager and will open a list of your current apps you have open;
  • There is no storage space on your hard disk, so you need to check your files and documents stored there and do a cleaning;
  • This behavior is particularly happening when you’re browsing the Internet, so you need to check your browser’s Settings, then clear your browsing data;
  • A fragmented system which means that the storage space is used inefficiently and reduces your PC’s performance;
  • Your Windows OS hasn’t been updated or you’re using outdated drivers.

If you have already thoroughly verified these possible causes and all seems to work just fine, you can start considering a potential malware infection. Use these tips to help you optimize and speed up your Windows operating system.  This article shows 5 ways to keep an eye on those programs accessing your drives.

Scenario 2: “I keep getting annoying ads that are opening randomly or strange messages on my computer’s screen”

Unexpected pop-ups which appear on your screen are a typical sign of a malware infection that wreak havoc on your computer. This form of malware is known as spyware and is designed to collect and steal users’ sensitive data without their knowledge.

In this particular case, the main issue is created not only by the numerous pop-up windows that affect your Internet browsing but also because it is quite difficult to remove them from the system.

These pop-ups are not only frustrating, but they usually come bundled with other concealed malware threats and could be far more destructive for our systems. They could be disguised as legitimate programs and actually track your web browsing data or monitor your online activity to collect passwords and other personal information.

We strongly recommend to NEVER CLICK on a suspicious pop-up!

Source: FastRemoveVirus.com

Try one of these free spyware removal tools to get rid of those annoying pop-ups or strange messages.

Also, to better keep your computer away from malicious threats, make sure you use these security measures:

  1. Do not click on pop-up windows
  2. Don’t answer unsolicited emails or messages
  3. Be very careful when you are trying to download free applications from various websites

Use this guide that includes useful steps that will make the removal process easier and more effective, as well as your Internet navigation hassle-free.

Scenario 3: “My laptop keeps crashing when I watch Youtube videos or play games. It simply freezes, then a blue screen shows up”

Oh, I know this one. It happened to me with my current laptop so many times, and was quite frustrating. It crashed so many times and got that popular BSOD (Blue Screen of Death). Then it restarted and told me that Windows was recovering from an unexpected shutdown.

You are probably familiar with this kind of error, don’t you?

There might be two things causing this type of issue:

  1. You could be dealing with a technical issue caused by a potential incompatibility between your software and/or hardware
  2. Or it may be a malware issue.
  • If you suspect the technical problem, it may lead to this:

Various programs are running on your PC which may be in conflict? Are there any orphaned registry keys which have not been removed that could eventually crash your system?

Orphaned registry keys are pieces of data information that have been left behind during the process of uninstalling several programs from your computer. They don’t only take up unnecessary space on the PC but can cause a serious issue for its proper functionality.

How to fix this: Use the Registry Editor (Regedit.exe) that can be opened in the search bar of Windows where you select the run command. The daunting part of this process is that you have to manually remove these orphaned keys.

Our recommendation is to run an automated cleaning session using a specialized program like CC Cleaner which is free (Two versions of this tool were recently compromised by malicious actors who spread malware inside it, but CCleaner is safe now) and will  automatically scan missed and unused keys while doing a backup of your data before the actual cleaning.

First of all, install the CCleaner program, click the Registry icon (as displayed in the image below), select the items you want to delete, then Scan for issues and a list of potential issues will be generated. After the scanning is done, you can review the list and click on Fix selected issues to solve the outstanding Registry issues. You will be asked to backup changes.

CC Cleaner Program 1024x423 1

  • For malware infection: run a complete scan on the system with a good antivirus product. If you have a dilemma about which antivirus is the best one, we wrote this useful guide on how you can find the right one for your needs. It is also important to rely on another layer of security on top of antivirus to better fight against online threats and proactively block them.

If your programs or your system crash constantly or the infamous BSOD (Blue Screen of Death) appears regularly, it’s a clear warning that your system is not working properly and you should look into it.

There are two things that can cause this type of issues:

  1. You could be dealing with a technical issue caused by a potential incompatibility between your software and/or hardware
  2. Or it may be a malware issue.

If you suspect a technical issue, multiple software problems may lead to this.

Scenario 4: “ I started getting this popup message <you’re running out of disk space on Windows (C:)”

If you are receiving this warning message, it means that there’s no free space left on a particular partition (in this case, C) on the main hard drive in your computer. More and more users are reporting this issue.

The cause? Here’s what Microsoft has to say about this:

This behavior can occur if the free disk space on your computer has dropped below the low disk space notification threshold associated with the Disk Cleanup utility.

low disk space 1

How do I fix this? First of all, you need check if your physical storage space has been increasing lately or if some of your files disappeared or changed their names. Also, make sure, you delete all those old or unnecessary files that can lower your PC’s performance.

This could be another sign of malware infection, since there are so many types of malicious programs which use different methods to fill up all the available space in the hard drive and cause it to crash.

Scenario 5: “For quite some time, every time I start my PC, I notice that the Internet traffic suspiciously increases”

If you saw this message, chances are there is an unusually high network activity happening on your PC that could lead to a malware infection.

There are cases when the user is not connected to the Internet through his browser, and there is no program that may connect to online servers to download or upload any data, but high network activity can still be observed.

What can I do? Have you checked for:

  • The last Windows update for your computer?
  •  Is there any program or application that’s downloading any data?
  •  Is there any update for a certain app running at this moment?
  •  Is there a large download that you started and forgot about, which may still be running in the background?

If the answer to all these questions is NO, then you should check where all that traffic is going. Here’s how to do this:

  • Check for a malware infection, by using a good antivirus product to fully scan your system.
  • If you suspect your computer has been infected by a dangerous financial malware, we recommend using a specialized security suite designed to address advanced and new online threats.

Scenario 6: “My homepage has changed and I don’t remember doing it myself”

If you noticed this unusual behavior or a new toolbar showing out of nowhere, or you’ve been redirected to a different web address than the one you’ve initially accessed, they could be signs of a malware infection.

It usually happens when you visit a website and you accidentally click on a link or a pop-up window. This triggers the unwanted software to download and install on your device. Its effects are not only annoying, but also malicious.

What to do? Run a complete scan with your security software as soon as possible. Why? Because these type of threats don’t go away easily.


I just learnt to easily detect malware infection on my PC.
Click To Tweet


Scenario 7: “My PC is acting weird because I get unusual messages that appear unexpectedly.”

I get this! That’s usually the type of warning message that could make you wonder “What’s going on with my computer?”

Here are some frequent warning signs to watch out!

  • Suddenly you see programs opening and closing automatically
  • Your Windows OS is shutting down unexpectedly, without any reason
  • You’ve noticed strange windows when your PC tries to boot
  • Windows tells you that you’ve lost access to some of your drives.

Although the root cause may be a technical issue, it could also be a warning sign that malware has taken over your computer and is slowing down its activity.

CHECK YOUR CYBER SECURITY HABITS
Has your computer suffered a malware infection lately?

How to mitigate the impact of a malware infection?

Follow these steps:

1. Keep your Windows system up to date

2. Scan your computer with an antivirus product

3. Install a proactive security solution to enhance your computer’s protection

4. Consider reinstalling your operating system. This 13-step guide will show you how to secure your PC after a fresh (re)installation.

Scenario 8: “I use an antivirus product and keep getting the message that <Protection is disabled>”

If you observed that your antivirus solution doesn’t seem to work anymore or the Update module is disabled, then you should check immediately for ways to fix it.

Did you know that some types of malware are sneaky and can disable your security solution?

 Well, yes, they are designed to leave users without any defense and making difficult for users to detect them. If you already tried to reboot your computer, closed and opened the security solution and all your troubleshooting efforts were useless, you could consider the malware infection scenario.

Source: Nod32Helpmax.net

This is especially the case, because it’s a known fact that traditional antivirus solutions can’t easily detect, block or remove new and advanced malware( such as ransomware, adware or financial malware). Thus, you can get exposed to all kind of attacks, and we strongly recommend enhancing your protection by adding multiple layers of protection.

Read these 10 reasons why second-generation  malware evades antivirus detection.

Scenario 9: “My friends tell me they’re getting strange random messages from me on Facebook, which I didn’t send”

If your friends recently got several strange messages/emails or suspicious links from you, and you didn’t send, it’s likely that you’ve been infected with malware. Here’s a recent example of malware spreading via Facebook Messenger and tricking users into clicking on links they’ve received from one of their friends.

But first, check your online accounts and see if those random messages were actually sent from one of your accounts. If something like this happened, take immediate action by following these security measures:

  • Log out of all your accounts. For most of our online accounts, we log in to multiple devices and we often forget to log out. So make sure to log out from your online accounts on all connected devices.
  • Use unique and strong passwords for all your online accounts. Always remember to change passwords for your online accounts! NEVER set the same passwords for multiple accounts, because if you are hacked, all your accounts will be exposed and lose important data stolen. This password security guide will help you master passwords like an expert.
  • Start using two-factor authentication RIGHT NOW. Do you want to increase your control over your accounts’ security? Then add this second security layer that will ask for an extra step in the login process, along with your credentials.

Scenario 10: “There are these new, yet unfamiliar icons on my desktop that I don’t recognize”

If you’ve been noticing unknown and new icons on your PC, you most likely downloaded by accident these sneaky programs called PUPs (Potentially Unwanted Programs). They are malicious programs that can do a lot of damage and expose you to data leakage, displaying annoying ads or pop-ups on the screen, or adding toolbars on your browser.

If you’re infected with PUPs, have a look at this guide showing how to avoid these unwanted programs and remove them from your computer.

Scenario 11: “Sometimes I see unusual error messages displayed on my computer”

An error message like this one could indicate that there’s a bug in your system that needs to be fixed, or it could be a warning sign of malware infection. These types of error messages showing missing or corrupt files folders suggest that your PC has been compromised and its performance is affected, which makes it run slowly.

How to fix this: Do a full scan of your PC and see if any viruses are detected. Also, make sure you have the latest updates installed on your operating system and regularly check for security patches, applications updates, and drivers.

error message

Source: Microsoft Windows Dev Center

Scenario 12: “It seems that I can’t access my Control Panel by clicking on the button”

If you are facing this issue and your Control Panel will not open, it means that your computer is having a technical problem and is not functioning correctly.

How to fix this: The first thing to do is run a full scan with your antivirus software. Then, see if you can open Control Panel in Safe Mode and follow these steps described here. It could also be another sign that your computer is vulnerable and exposed to potential cyber attacks. After running a full scan with your antivirus product, use also a proactive security solution to keep your confidential information properly safe.

Source: GeForceForums

Scenario 13: “Everything seems to work perfectly on my PC. Are any chances to be paranoid and still check for malware?”

When it comes to data protection, it is essential to be a little bit paranoid and very careful, even if everything seems to look normal. Why? Because cybercriminals are ingenious and can hide malware in the most unexpected places, leaving no visible marks and still infecting your computer.

Everything may seem to work perfectly normal on your PC until a bot on your system could silently wait for instructions to access and collect your most sensitive data.

Can you avoid malware infections?

Yes, you definitely can, if you’re paying close attention to these early malware infection signs and prevent them from happening. Make sure your operating system, browsers, and plugins are always up to date, because keeping your software patched can keep online criminals at bay.

Also, here’s a list of recommended articles: to help you better survive a malware infection:

How to Easily Remove Malware from Your PC [Updated]

How to Protect Your PC with Multiple Layers of Security

32 Go-To Security Forums for Free Malware Removal Help

Make sure your network is safe and secure, and always think before you click on something. Also, remember to practice safe browsing and always access trusted online sources to easier prevent potential online threats.

Reminder: Knowledge and long-lasting education are our best weapons to fight against these threats, so it’s vital to learn and educate yourself to understand how malware behaves on our system, and how we can mitigate its impact.

Heimdal PRO makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Heimdal PRO provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Heimdal PRO

How to Easily Remove Malware from Your PC [Updated]

Malware infection. Nobody wants that on their computer and almost everyone might think: “this can happen to me”. Until it does and you don’t know exactly what’s the first thing you should do.

Maybe you’ll call the IT guy, ask help from a friend or maybe try to disinfect the computer by yourself. Or maybe you want to address this issue on a security forum where other people encountered the same problems as yours and find a solution.

Warning symptoms: You noticed for a while that your PC started to slow down, crashes often, pop-ups appear randomly in your browser,  or you noticed unusual messages or programs that start automatically. These signs can tell that your computer might be infected with malware.

So, a malware infection has taken your computer prisoner: What do you do now?

In this article we’ll show you all the steps you need to follow so you can easily clean up and restore your PC to a functional mode.

Step 1. Backup all your documents and files before you start removing the malware infection

Regardless of your malware infection, the first thing to do is backup all your important files and documents. You can do that by saving your essential data on external source such as DVD/CDs, free cloud storage services, USB sticks or external drives. Use this guide to better backup your online data.

With the help of a backup procedure, you can save your essential data on an external source to keep them safe. You can do it manually or automatically and we recommend using software backup tools like these ones.

Also, if you want to be sure you don’t re-infect yourself with the backup, make sure you use some of these specialized tools to scan the backup before you start reusing the information.

Step 2. Enter your PC in Safe Mode with Networking

Here’s what you should do:

  • Unplug DVDs, CDs or other USB drives from your PC and then shut it down.
  • Restart by pressing F8 key over and over again until it takes you to the Safe Mode with Networking
  • This will make your system boot up only critical processes and prevent certain malware infections from starting up.

Safe Mode Windows

If you are using Windows 8 and/or Windows 10, here’s how you can start your PC in Safe Mode. For older versions of Windows, such as Windows 7 or XP, follow these steps.

Step 3. Delete your temporary files

To make the scanning process smoother and simpler, you should delete all unessential temporary files from your computer.

You can do this by right click on a Windows drive, such as C:/ or D:/ – > Properties -> Disk Cleanup. From the Menu, choose which files you want to delete and remove.

Step 4. Use these free malware removal tools

In order to clean up your PC, you’ll need some specialized software to find and clean up the malicious scanning tools. Here’s a list of all the software you’ll need over the course of the cleanup.

SUPERAntispyware malware tool has a free edition that can detect different forms of malicious software, adware and spyware, and efficiently scan and remove unwanted files from your PC. You can control the scanning options by choosing which files you want the tool to analyze. Scans will be performed manually, but the full control over scans makes it a good choice for users.

Kaspersky TDSSKiller is a free malware removal tool for Windows. It was designed to remove the rootkits which are malicious malware that boots up at the same time as your PC and hide the activity of other malicious software.

Rootkits can gain access administrator rights on an infected computer and provide deeper access to other types of malware. Online attackers can maintain the infection for a long time and are difficult to find and remove.

Kaspersky TDSSKiller is a free program which is easy to download and use. Simply download and follow the 3-4 steps required to start the scan and run the rootkit removal tool.

Source image: https://support.kaspersky.com/viruses/disinfection/5350#block1

Malwarebytes 3.0 anti-malware tool can detect, scan and remove malicious software found on your PC.  It is free for a limited period of time and has a 14 day free trial with full features such as malware removal, ransomware protection, rooter killer and even a repair function for any damaged files. Use the “Start Scan” button to help you remove and kill any malware found with a manual scan. We recommend running this program at least once a week to check things you might have missed or when you notice your PC runs slowly or acts strangely.

ADWCleaner is a free software tool specialized on removing adware, browser hijackers and other potentially unwanted malicious programs that have infected your browser. The product was acquired by Malwarebytes in 2016 and includes features like toolbar removal functionality, light footprint.

If you’ve been using Junkware removal tool for a while, you should know that Malwarebytes has chosen to discontinue development for this free software. However, Malwarebytes “will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.” As an alternative, you can use the free ADWCleaner tool that includes all major JRT features.

Here’s a list of malware removal online tools you can use to better protect your computer:

Product name Suitable for: Availability Price
Hitman PRO Beginners Windows OS Free 30-day trial
RKill  Beginners Windows XP/ Vista/ Win 7/ Win 8/ Windows 10 Free
Avira PC Cleaner Beginners Windows Free
Microsoft Safety Scanner Beginners Windows 7 / Vista / XP Free
TrendMicro HouseCall Beginners MacOSX / Windows Free
Emisoft Emergency Kit Beginners Windows 7 / 8.1 / 10 Free
Spybot Search & Destroy Beginners Windows Free
CCleaner * Beginners Windows Free
McAfee Rootkit Remover Beginners Windows Free
IBM X-Force Exchange Malware Analysis Advanced Cloud-based Free for 30-day trial

 

Note: It is worth mentioning that CCleaner was recently compromised by cybercriminals, but the tool is safe now.

5. Reset your browsing settings

In many cases, malware will change your browser settings in order to re infect your computer, show advertisements, or facilitate any other malicious downloads. This is why, you need to review some of your browser settings.

Here’s how to fix browser shortcuts the malware might have altered

First of all, access your browser, Right click on your browser, then go to Properties. 

Browser shortcut

Under the Shortcut tab, you’ll see the Target field.

Browser target

What can actually happen is that the malware might have altered the target field and included a malicious URL in it. So what happens is that now your browser will start up on this page each time you boot it up.

Normally, the browser target should look something like this:

Chrome: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”

In our example case, the browser was targeted to go to a suspicious website, aimed at downloading malware on your PC.

Chrome properties

You can fix that by simply remove the URL that comes after .exe”.

Browser hijackers will change the homepage 

Instead of changing the “Target” field in the “Shortcut” tab, some malware might just modify your browser homepage.

For Chrome browser:

Go to the Settings in the top right corner of the browser. Once there, go to the On startup section. The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

Chrome settings in browser

If however, you want to have your own homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as homepage.

Hijacking chrome browser

Settings for Firefox:

You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.

Firefox settings

Malicious hackers can also take control of your accounts through session hijacking by entering the server and access its information without having to hack a registered account. Additionally, he can also make modifications on the server that to help him hack it in the future, or to simplify a data stealing operation.

Verify your proxy settings

There is malware that can even change what Internet server you use to connect to the web. Simply removing the malware won’t reset these proxy settings, so it’s something you should fix before considering your PC squeaky clean.

To access your proxy settings, go to Control Panel -> Network and Internet and then press Internet Options.

proxy settings 1

In the Internet Options menu, go to the Connections tab and press the LAN settings button.

Internet properties

Make sure that Automatically detect settings is on, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are unmarked.

Here’s how your settings should look like:

LAN settings

Protection measures after a malware infection

Now that you’ve managed to clean up your PC and remove malware, it is important to take some protection measures to prevent getting another infection.

Some malware programs operate stealthily, and you may not know the infection is there. They don’t visibly affect your PC. Instead, they may collect sensitive information of yours such as passwords, credit card data, completed forms and screenshots.

We recommend following these protection measures to prevent getting your computer infected:

  • Use two-factor authentication management system

If among other things you were also infected with a keylogger, then there’s a high chance your passwords and accounts were compromised. One of the first things you should do is start using the two-factor authentication management system and manage your passwords safely. There are some malware that can take full control of your passwords.

This password security guide will provide all the details needed to set strong and unique passwords to prevent malicious hackers exploiting them and lock you out of your accounts. With the two factor authentication system you will add another layer of protection to your account.

  • Always keep your software up to date

Outdated software is one of the major cause of malware infections out there, mostly because they come with many vulnerabilities exploited by cybercriminals. Keeping up your software permanently up to date will lower the chances for malicious hackers to get inside your device or limit any possibility for them to infect computers.

We know it can become a tedious, yet necessary task to constantly update your software, particularly those that patch frequently. You can use our Heimdal FREE product that will automatically (and silently) update your software, without any annoying confirmation pop-ups. It’s light and unobtrusive, so it won’t slow down your system.

  • Make sure you have an antivirus program installed

An antivirus is a must-have piece of software if you want to keep your device safe and data secure. The real challenge might be when you need to find the right one for your needs. This guide will provide all the needed details to find the best antivirus program.

Once you’ve decided on one, be sure to keep it updated at all times. So that any vulnerabilities it might have are patched while also keeping an updated malware database.

  • Use a traffic filtering solution to keep malware at bay

Cybersecurity would be easy if an antivirus could detect 100% of malware out there, but it can’t provide full protection. Fileless malware and some rootkits are so well programmed and obfuscated, they can be nearly impossible to detect.

One layer of protection is not enough, and you need multiple layers of security to better protect your PC. A traffic filtering software will nicely and efficiently complement an antivirus, since it scans incoming and outgoing traffic for any malware, and then blocks that traffic from entering your PC. In other words, it gets difficult for new malware to reach your device.

We suggest trying our Heimdal PRO product to better protect you from brand new and unlisted malware antivirus software can’t detect. It will also sanitize your Internet traffic and block malicious traffic, making sure you have your both financial and confidential information data safe.

There’s a saying in the cyber security industry: “The best antivirus is you”. Not even security software can keep you safe if you keep putting yourself in harm’s way.

BONUS:

We also added a list of in-depth articles we recommend reading so you can better know how to recognize different signs of malware infection and protect your computer with multiple layers of security.

What other malware removal tools have you used? Let us know in a comment below.

 

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

This post was originally published by Paul Cucu in January 2017 and received relevant updates by Ioana Rijnetu in November 2017.

Only…zero days left until the holiday shopping season!

The holidays are a time when people purchase gifts for their friends, families, and yes, even for themselves. Increasingly, children are using and accessing more and more digital devices — making it important for everyone to work together to secure these devices.

The post Only…zero days left until the holiday shopping season! appeared first on WeLiveSecurity