Who’s Hacked Your E-mail Address?

Check out Monitor, a service from Firefox, that checks your email address against a database of publicly known data breaches.

You can also sign up to get a report every time there is a new security breach to let you know whether your account has been compromised or not.

https://www.fastcompany.com/90241330/firefox-has-users-to-thank-for-its-new-security-feature

Free Freeze Now Available

Update 3:09 PM with additional info link: https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/

——————————————————

Here’s your reminder and follow-up from last week to take a few minutes to freeze your credit records and foil identity theft.

Like most everything in life, nothing is as simple as we might like it to be. Here’s some more additionally detailed information.
https://www.nytimes.com/2018/09/14/your-money/credit-freeze-free.html

Please, let’s all do this if not today, since it’s Friday, but at least before the end of the weekend.

U.S. PIRG also recommends freezing your file at a lesser-known reporting agency known as the National Consumer Telecom and Utilities Exchange.

https://uspirg.org/sites/pirg/files/reports/FinalReport4Sept18_Equifax.pdf

The exchange provides credit information to some cellphone, pay television and utility companies. (Some consumers have reported having cellular accounts opened in their names, even though they had placed freezes on their credit reports at the main bureaus.)

https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/

iOS 12 New Features, Tips, and Tricks

Most importantly, security, many of which may already be on by default
https://techcrunch.com/2018/09/17/five-security-settings-in-ios-12-you-should-change-right-now/

Some Not So Obvious
https://techcrunch.com/2018/09/17/11-neat-hidden-features-in-ios-12/

And Some More
https://www.fastcompany.com/90234155/here-are-ios-12s-best-new-features

Apple Joins Microsoft and Adobe with Patches

It’s another Patch Tuesday week with Apple joining Microsoft and Adobe in issuing security updates.

Pain Reduction Tip: Keep a current image handy as it’s much easier and more certain to restore your system if you encounter a bad patch than attempting to back it out/uninstall it.  And be especially mindful with Windows 10 and Office 365 automatic updates.

Apple Releases Multiple Security Updates

  • iTunes 12.8 for Windows
  • iCloud for Windows 7.6
  • Safari 11.1.2
  • macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
  • watchOS 4.3.2
  • tvOS 11.4.1
  • iOS 11.4.1

Adobe Releases Security Updates
Adobe Acrobat and Reader, Adobe Connect, and Adobe Experience Manager.  And of course, as always, the not to be gone soon enough Adobe Flash Player.

See Krebs on Security for a full overview and recurring admonition to ditch Flash. 

 

 

Don’t Mess with a Librarian

Randolph librarian wins surprise judgement against Equifax

RANDOLPH — In a small claims court ruling that surprised even the victor, a self-described member of the “librarian resistance” has won a $600 judgment against Equifax, the credit ratings agency that collects financial data on nearly a billion consumers and businesses worldwide.

And KrebsOnSecurity took notice as well.

What’s not clear is the context of the photo they used.

 

Reboot Your Router – NOW Department

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

The data is/are sketchy, but most reports recommend, at the very least, rebooting your router.

Firmware updates may be in order for the following presumably targeted devices:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

There’s no easy way to know if a router has been infected by VPNFilter. For more advanced users, Cisco provided detailed indicators of compromise in Wednesday’s report, along with firewall rules that can be used to protect devices. Ars has much more about VPNFilter here.

The advice to reboot, update, change default passwords, and disable remote administration is sound and in most cases requires no more than 15 minutes. Of course, a more effective measure is to follow the advice Cisco gave Wednesday to users of affected devices and perform a factory reset, which will permanently remove all of the malware, including stage 1. This generally involves using a paper clip or thumb tack to hold down a button on the back of the device for 5 seconds. The reset will remove any configuration settings stored on the device, so users will have to restore those settings once the device initially reboots. (It’s never a bad idea to disable UPnP when practical, but that protection appears to have no effect on VPNFilter.)