How-To Geek - Cybersecurity

You Can Now Sign Into Amazon with Passkeys

Andrew Heinzman — Tue, 17 Oct 2023 17:54:11 GMT

Amazon is one of the first major retailers to offer passkey sign-in. You no longer need a password to log into the Amazon website, as you can save a passkey directly to your phone or computer instead. Sadly, Amazon's passkey implementation is a little clunky, and Amazon's apps still lack passkey support.

Tor Browser 13.0 Finally Adds a Landscape Aspect Ratio

Andrew Heinzman — Fri, 13 Oct 2023 17:13:46 GMT

The Tor Browser 13.0 update introduces several long-awaited improvements, including a landscape aspect ratio, a fix for the "red screen of death," and several enhancements from Mozilla's Firefox ESR 115. Updated app icons and GUI elements are also part of the mix, though Tor Browser retains its basic look and feel.

Vivaldi Will Block Chromium's Data-Collecting Topics API

Andrew Heinzman — Fri, 08 Sep 2023 20:13:14 GMT

After several years of thankless work, Google Chrome's Privacy Sandbox is finally coming to fruition. But, despite the inspiring name, Privacy Sandbox is just a targeted advertising scheme that's built into Chrome. While this new user-tracking system is anonymous (and less invasive than the third-party trackers it's replacing), it's obviously very creepy to some people, and it's baked into the Chromium engine. For this reason, Vivaldi is taking steps to block the Topics API, which is the crux of Privacy Sandbox's user-tracking system.

Update Your Apple Devices to Patch a Critical Zero-Click Exploit

Andrew Heinzman — Fri, 08 Sep 2023 14:55:36 GMT

If you own any Apple hardware, it's time for a quick software update. Researchers at The Citizen Lab have discovered a zero-day exploit that allows hackers to install malware on an iPhone without any interaction from the victim. This exploit has already been used to distribute NSO Group's Pegasus spyware. To address the vulnerability, Apple is pushing security updates to the iPhone, Mac, iPad, and Apple Watch.

The 2022 Lastpass Security Breach Just Got Worse

Arol Wright — Thu, 07 Sep 2023 18:11:15 GMT

It's been almost a year since LastPass, one of the most widely used password managers out there, suffered a catastrophic security breach that all but eroded confidence in the service — and the company's prestige with the tech community at large. While it was looking like the worst has already happened, it now appears the consequences are more far-reaching than we initially thought, thanks to a series of thefts that are pointing to the breach as the likely culprit.

How to Move Microsoft Authenticator to a New Phone

Rob Woodgate — Sat, 26 Aug 2023 16:00:28 GMT

Using an authenticator app for two-factor authentication (2FA) is more secure than SMS messages, but what if you switch phones? Here's how to move your 2FA accounts if you use Microsoft Authenticator.

Proton Reveals What’s Next for Its Password Manager

Andrew Heinzman — Thu, 24 Aug 2023 19:10:50 GMT

Proton Pass exited beta testing just two months ago, yet it's already a compelling alternative to traditional password management services. Not only does Proton Pass boast full end-to-end encryption, but it integrates with Proton's suite of privacy-focused apps, particularly Proton Mail. There's just one problem; Proton Pass is still quite simple, and it's missing some important functionality. That's why Proton is sharing a roadmap for upcoming password management features.

WinRAR Has a Severe Security Flaw: Update Your PC Now

Andrew Heinzman — Mon, 21 Aug 2023 16:48:37 GMT

A severe WinRAR vulnerability discovered by Zero Day Initiative could allow hackers to execute arbitrary code on your PC. Users should install the latest WinRAR update (version 6.23) to patch this vulnerability. Note that WinRAR does not offer automatic updates, so this release must be installed manually.

This Mac Utility Is Now Malware

Arol Wright — Wed, 09 Aug 2023 14:25:10 GMT

There's an old adage that says that "Macs don't get malware." You're less likely to catch a virus on a Mac than on a Windows PCs, but that doesn't necessarily mean that Mac computers are completely immune to malicious software. They are not. NightOwl, which used to be a tremendously useful macOS utility, has now seemingly turned into malware, and you should get rid of it if it's still on your Mac.

Microphone Jammers Promise Better Privacy, But How Do They Work?

Sydney Butler — Thu, 03 Aug 2023 12:01:29 GMT

Audio jammers, sometimes called "microphone jammers" are interesting gadgets that promise to prevent mics in your vicinity from recording sound. This may feel like something from a Bond novel or comic book advert, but the existence of jammers is no joke.

Encrypt Your Passwords Across Devices With pCloud Pass

Sponsored — Sat, 22 Jul 2023 15:55:00 GMT

Managing passwords for various websites can be difficult, and using the same password for all of your different logins poses a potential security risk. Instead, you could allow pCloud Pass to generate strong passwords and securely store your online data for a safer and more convenient online experience.

1Password's Update Makes Family Subscriptions Even Better

Arol Wright — Tue, 27 Jun 2023 15:53:17 GMT

A good password manager is basically a necessity these days, and 1Password is one of the best ones out there. If you're sharing the fun with your family and paying a family subscription, it just got a lot easier to manage.

Toyota's New Data Breach Affects 260,000 Car Owners

Arol Wright — Thu, 01 Jun 2023 09:55:54 GMT

It's been a wild few weeks for Toyota owners. If you happen to own a Toyota, you might want to keep reading, as the company has identified a data breach that affects hundreds of thousands of owners.

MSI Just Had a Security Breach

Arol Wright — Mon, 10 Apr 2023 11:56:10 GMT

Another day, another security breach. They can affect pretty much everyone. Now, one has hit popular gaming PC hardware maker MSI.

Western Digital Got Hacked, "My Cloud" Services Are Down

Corbin Davenport — Mon, 03 Apr 2023 14:15:11 GMT

Western Digital doesn't have the best track record with security, so it's not much of a surprise that the company just got hacked again. The breach has also shut down most of the company's online services, including My Cloud.

Samsung Galaxy and Google Pixel Phones Have a Security Vulnerability

Arol Wright — Fri, 17 Mar 2023 12:01:36 GMT

Samsung has been making chips for a long time, and while they're not better performance-wise than Qualcomm ones, they're mostly okay. Security flaws have, however, just been found in Samsung-made chips, and severe ones at that.

How Is SSH Different From Telnet?

Dave McKay — Mon, 13 Mar 2023 12:00:23 GMT

SSH and TELNET both let you connect to remote, networked computers and to use them as if you're sitting in front of them. So what's the difference between these two venerable protocols, and is there really always an advantage to using SSH over TELNET?

Uber Has Suffered a Data Breach, Once Again

Arol Wright — Mon, 12 Dec 2022 17:01:37 GMT

The latest Uber data breach is still fresh in our minds. After all, it has just been three months since it happened. Now the company has confirmed yet another security incident, though this one isn't quite as serious -- at least, for now.

How BIMI Will Make It Easier to Trust Email Messages

Tim Brookes — Wed, 09 Nov 2022 11:00:10 GMT

The vast majority of online scams are conducted via email as the medium is readily accessible and easy to abuse. A new form of message authentication known as BIMI should help you understand which messages are genuine and which are trying to deceive you.

Firefox Relay Can Give You a Burner Phone Number for Spam

Arol Wright — Thu, 13 Oct 2022 11:58:14 GMT

Your phone number can be as sensitive as your email, or even more so. Putting it on the internet, or sharing it with a third party in general, puts you at risk of robocalls, text messages, or even unwanted charges. Because of that, Mozilla just extended its Firefox Relay masking to phone numbers.

Uber Just Had a Security Breach (Update: Uber Responds)

Arol Wright — Fri, 16 Sep 2022 11:26:04 GMT

It seems like these days, no one is safe from breaches and attacks. The latest service that appears to have fallen victim to a security breach is Uber, as the company reported a "cybersecurity incident" to its users.

Samsung Just Had a Data Breach

Corbin Davenport — Fri, 02 Sep 2022 11:27:51 GMT

Many popular services have reported data security breaches over the past two weeks, including LastPass, Plex, and DoorDash. You can now add Samsung to the list, as the company just confirmed some customer data was stolen.

LastPass Just Had a Security Breach

Arol Wright — Thu, 25 Aug 2022 17:21:20 GMT

Using a password manager is a good way to keep your personal accounts and information safe on the vast, wild Internet. But password managers are not bulletproof either. Case in point: LastPass, one of the most used password managers, is sending out users warning users that it suffered a breach.

PayPal Invoice Scams Aren't Going Away: Here's How to Avoid Them

Corbin Davenport — Mon, 01 Aug 2022 15:41:46 GMT

Scammers are always looking for new ways to steal your personal details or money, and over the past few months, an exploit in PayPal's invoice system is being used to create convincing phishing messages.

BadUSB: The Cyber Threat That Gets You To Plug It In

Dave McKay — Wed, 16 Feb 2022 12:30:47 GMT

A recent spate of USB-based cyberattacks has hit organizations in the US. Malicious USB devices are posted to selected victims. As soon as they are plugged in, the damage is done.

How to Find Vulnerabilities In Containers and Files With Grype

James Walker — Wed, 29 Dec 2021 17:27:48 GMT

Grype is an open-source vulnerability scanner that finds weaknesses within container images and filesystem directories. Grype is developed by Anchore but works as a standalone binary that's easier to get to grips with than the Anchore Engine.

How to Detect and Defeat Cryptominers in Your Network

Dave McKay — Tue, 28 Dec 2021 19:46:07 GMT

Mining for cryptocurrency isn't illegal. But using a computer or network to do so without permission is. Here's how to tell if someone is cryptojacking your resources for their own benefit.

How to Check If Your Server Is Vulnerable to the log4j Java Exploit (Log4Shell)

Anthony Heddings — Sat, 18 Dec 2021 00:02:54 GMT

A critical exploit in widespread Java library has been found, disrupting much of the internet as server admins scramble to fix it. The vulnerable component, log4j, is used everywhere as an included library, so you will need to check your servers and make sure they're updated.

Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j, Affects Much Of The Internet

Anthony Heddings — Fri, 10 Dec 2021 14:16:36 GMT

A critical remote code execution vulnerability has been found in log4j, a very popular logging tool used by most of the industry. It's extremely severe, affecting nearly every server running Java, and is very simple to exploit, so you will want to update and mitigate the issue ASAP.

How the SAML Standard Provides Single Sign-On Services

Dave McKay — Wed, 24 Nov 2021 13:00:46 GMT

Single Sign-On and zero trust networks depend on securely passing identification details back and forth between users, identity providers, and service providers. SAML is the glue that lets that happen.

How to Security Scan Docker Images With Anchore

James Walker — Wed, 10 Nov 2021 13:00:03 GMT

Anchore Engine is an open-source scanning tool that assesses the security of your Docker images. An Anchore report gives you insights into outdated package versions and lurking vulnerabilities in dependencies.

How Docker Image Signing Will Evolve With Notary v2

James Walker — Tue, 09 Nov 2021 12:42:38 GMT

Signed Docker images enhance ecosystem trust and security by letting users check the images they download really originate from you. Despite the clear benefits of signing, uptake among Docker users has been slow and it's not enabled by default.

How to Harden Docker Images For Maximum Security

James Walker — Tue, 02 Nov 2021 12:15:20 GMT

There are many factors that contribute towards your Docker security posture but using hardened images is one of the best steps you can take to protect yourself. Not all images have the same security characteristics and a poorly configured one could give an attacker the foothold they need.

What Is RansomCloud, And How Do You Protect Yourself?

Dave McKay — Mon, 18 Oct 2021 12:00:31 GMT

RansomCloud is ransomware designed to infiltrate and encrypt cloud storage. Responsibility for the security of your data isn't as straightforward as you might think. We tell you what you need to know.

Why the Google-Backed Secure Open Source Program is So Important

Dave McKay — Tue, 12 Oct 2021 12:19:47 GMT

Supply chain attacks are skyrocketing, and open-source projects are the most common point of infiltration. The Linux Foundation, sponsored by Google, helps open-source projects protect themselves---and everyone else.

What Does It Mean to "Shift Security Left?"

James Walker — Tue, 03 Aug 2021 11:00:37 GMT

"Shift left security" refers to a software development model which fully considers security from the outset. Until quite recently, security tended to come at the very end of the process in the form of a go-live audit. This impedes visibility into your overall security posture, allowing threats to slip through unnoticed.

How Deepfakes Are Powering a New Type of Cyber Crime

Dave McKay — Fri, 23 Jul 2021 12:00:12 GMT

Making deepfakes is getting easier, and they're more convincing than ever. Cybercriminals are using video and audio deepfakes to extort money from victims by adding a credible "fake authenticity" to their scams.

Why Compliance Complacency is Another Form of Technical Debt

Dave McKay — Fri, 23 Jul 2021 09:00:00 GMT

Technical debt comes in three forms. Legacy equipment that can't meet today's needs, software projects where corners have been cut, and poorly implemented or completely ignored governance frameworks. The common thread? Risk.

Penetration Testing Has More Benefits Than You Think

Dave McKay — Fri, 16 Jul 2021 12:00:57 GMT

Penetration testing measures the effectiveness of your cybersecurity defensive measures. And remember, their effectiveness changes over time, so repeat as necessary. There's nothing fit and forget in the world of cybersecurity.

What is Data Scraping, And Why Is It a Threat?

Dave McKay — Tue, 13 Jul 2021 12:00:04 GMT

Data scraping is yet another way data can be extracted from your website, portal, or platform. Surprisingly, the legality of data scraping is a gray area. Here's how to defend against it.

What an Attack Surface Is, and Why You Should Care

Dave McKay — Fri, 02 Jul 2021 12:04:33 GMT

Your attack surface is the sum of the opportunities within your network that a cybercriminal can attack and exploit. To minimize cyber risk, you need to understand and manage your attack surface.

How to Mitigate Supply Chain Attacks With Preflight

James Walker — Wed, 30 Jun 2021 12:00:41 GMT

The risks of supply chain attacks have gained visibility lately in the wake of the SolarWinds and Codecov hacks. Attackers compromise upstream code providers to sneak malicious sources into software products.

Why Mandatory Password Expirations Don't Make Sense Anymore

James Walker — Tue, 29 Jun 2021 12:00:48 GMT

Mandatory password changes on a regular timeframe are a fact of life within many organizations. This age-old practice is upheld by proponents as a good baseline security measure to mitigate the risks of password loss. But is it still relevant decades after it first appeared?

The Many Faces of Social Engineering

Dave McKay — Thu, 24 Jun 2021 12:00:56 GMT

Social engineers know which buttons to press to make you do what they want. Their time-honored techniques really work. so it was inevitable that cybercriminals would apply those techniques to cybercrime.

How To Defend Yourself Against API Attacks

Dave McKay — Tue, 22 Jun 2021 12:00:12 GMT

Modern cloud strategies make heavy use of APIs for controlled, interactive access to hosted services. But the access is only controlled if the APIs are securely implemented and they're not susceptible to abuse.

How to Reduce the Financial Impact of a Data Breach

Dave McKay — Thu, 17 Jun 2021 12:00:58 GMT

Whether there is a ransom or not, data breaches always have financial implications. Organizations may face regulatory penalties, operational losses, and reputational damage. Careful planning can save you time and money.

IoT Devices Could Be the Weak Link in Your Cybersecurity

HTG Staff — Tue, 15 Jun 2021 12:00:16 GMT

The increasing use of IoT devices in a business setting isn't all bad. They help improve staff's productivity, optimize limited resources, and even automate some mundane, background tasks. But all the benefits still don't negate the dangers that they pose to your business.

Using 2FA? Great. But It's Not Infallible

Dave McKay — Tue, 08 Jun 2021 12:00:32 GMT

You should use two-factor authentication wherever it is available. It isn't perfect, but it stops most attackers in their tracks. But don't be fooled into thinking it's impregnable. That's not the case.

What Are SBOMs and What Do They Mean to Open-Source Software?

Dave McKay — Tue, 01 Jun 2021 12:00:18 GMT

What's inside the commercial and open-source software that you use? How much was written by the vendor and how much of it is third-party code? Can all of that code be trusted?

How Hackers Are Using Raspberry Pi to Hack ATMs

Dave McKay — Mon, 24 May 2021 12:00:33 GMT

Cybercriminals are waging a war against banks, emptying their ATM machines of money. Their tools of choice are malware, a key from eBay, and a Raspberry Pi. Here's how they're doing it.

Can You Depend on Your Cyber Insurance?

Dave McKay — Thu, 20 May 2021 12:00:51 GMT

You've got cyber insurance in case the worst happens. But what does your policy cover and what will it not pay out for? Your worst-case scenario might be worse than you think.

What is Typosquatting and How Do Scammers Use it?

Dave McKay — Wed, 19 May 2021 12:00:55 GMT

One typing mistake and the typosquatters might catch you. It might sound like a cyberpunk thriller but it's a real cybersecurity threat. We explain what it is and how to protect yourself.

Power to the People? Why Hacktivism is Back

Dave McKay — Mon, 17 May 2021 13:00:40 GMT

Hacktivists use hacking to further their activist goals, attacking companies they feel deserve punishment, exposure, and service disruption. Hacktivism is on the rise again. We look at what is driving this resurgence.

Why Cyber Criminals Love Phones

Dave McKay — Mon, 14 Dec 2020 13:00:46 GMT

Safeguarding your data by protecting your computers? Great. Don't forget the one in your pocket that you make calls on. Smartphone cybercrime figures increase every month. And that's really no surprise.

How to Protect Against Password Dictionary Attacks

Dave McKay — Fri, 02 Oct 2020 12:00:15 GMT

Dictionary attacks threaten the security of your networks and platforms. They try to compromise a user account by generating a matching password. Learn how they work and how to beat them.

How to Install phpMyAdmin Securely

Anthony Heddings — Wed, 26 Aug 2020 14:00:56 GMT

phpMyAdmin is a great tool for managing a MySQL database, but putting access to your database behind a web interface is an major security problem. Here are a few ways to mitigate the risks involved with runing phpMyAdmin.

How To Check If Staff Emails Are in Data Breaches

Dave McKay — Fri, 07 Aug 2020 12:00:53 GMT

Are the login credentials of your staff on the dark web? We show you how to check whether their data has been caught up in a data breach.

What Is DNSSEC, and Should You Turn It On for Your Website?

Anthony Heddings — Mon, 03 Aug 2020 14:00:00 GMT

DNS was designed over 30 years ago, back when security wasn't a primary focus of the internet. Without extra protection, it's possible for MITM attackers to spoof records and lead users to phishing sites. DNSSEC puts a stop to that, and it's easy to turn on.

How to Enable Two Factor for SSH Logins

Anthony Heddings — Wed, 15 Jul 2020 13:00:12 GMT

If you really want to lock down your cloud server, you can enable two-factor authentication for SSH in the same way you would add it to your Gmail account, preventing anyone from gaining access if they've stolen your SSH private key.

6 Popular Operating Systems Offering Encryption by Default

Chris Hoffman — Tue, 04 Nov 2014 06:40:47 GMT

Popular operating systems are increasingly using encryption by default, giving everyone the benefit of encryption without the hassle. This helps protect your data from device thieves.

How to Unsubscribe from Email Newsletters the Correct Way

Chris Hoffman — Mon, 20 Oct 2014 04:04:08 GMT

Do you get too many newsletters and other promotional emails? These emails aren't technically "spam" -- they're from legitimate organizations. Thanks to the US CAN-SPAM act, every legitimate company offers a consistent way to unsubscribe from their newsletters.