Security & Safety Resource Center

July 31, 2008: Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

Firewalls are staples of enterprise security and they can be useful for individuals, too. A firewall blocks incoming connections, which in some cases may be needed to protect against rogue traffic from apps like BitTorrent clients. Firewall capabilities are built into Windows and macOS.

External HDDs are useful parts of a backup strategy, even if you also use a cloud-based solution. When using one, make sure to keep it in a safe place where it won’t fall or get buried under other objects. Consider transferring its contents to other media after 4 years, when the risk of drive failure dramatically increases for most HDD models.

Once you leave your computer, you don’t want someone else gaining unauthorized access to it. Setting an automatic logoff timer ensures that it’s not vulnerable when you step away for an extended period. This can be done easily on both Windows and macOS.

Like Flash, Java has long been associated with specific types of desktop applications and with numerous security issues. The weakest link in your security chain is the most popular app you haven’t’ updated, and for a lot of people, that’s Java. Luckily, it’s possible to get by without Java in many cases. Disable or uninstall it to avoid the hassle of keeping up with its updates and flaws.

Many email security risks, including the recent PGP hack, stem from the use of HTML and CSS within content-rich emails. Depending on your email client, you may be able to disable HTML, which simplifies the email reading experience and mitigates the risks from some attacks reliant on this vector.

In May 2018, it was revealed that the commonly used encrypted email protocol PGP (Pretty Good Privacy) was vulnerable to a certain sophisticated cyber attack. This is unsurprising in a way, since PGP has been around for decades. For protection, you should uninstall any PGP plugins in emails clients like Apple Mail and Mozilla Thunderbird.

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Chances are you have a lot of apps on your phone or tablet that you don’t use. In 2017, App Annie estimated the average smartphone has 60 to 90 apps installed. It’s important to regularly review all of them and see if any can be deleted, since they might be unsupported, compromised or performing unwanted data sharing, in addition to wasting battery.

Admin accounts are powerful. They extend certain permissions not available to other accounts on a device. The bad news is that if your device is lost, stolen or hacked, these administrator capabilities could be manipulated to cause a lot of damage. Consider setting up a second account for daily use, one without admin privileges.

Overall, iOS has many built-in security and privacy protections turned on by default. There are additional features that can help shield your data from falling into the wrong hands. Under Settings –> Privacy –> Advertising, you can select “Limit Ad Tracking” to control how much information is shared between apps.

The hardware address of your Windows 10 device can be used for tracking you as you move between Wi-Fi networks. To avoid this surveillance, toggle on the hardware randomization option in Windows 10’s Wi-Fi settings.

Apple Watches are increasingly popular accessories for purposes like fitness tracking, but they can also help with cybersecurity. You can unlock a Mac with an Apple Watch that’s powered on and currently on your wrist, as long as you’ve configured it in your Mac’s System Preferences. Doing so has the added benefit of requiring you to set up secure two-factor authentication for your Apple ID.

Use your mobile network connection. Your own mobile network connection, also known as your wireless hotspot, is generally more secure than using a public wireless network. Use this feature if you have it included in your mobile plan.

For instance, powerful macros used in word processor applications, such as Microsoft Word, present a risk. Virus writers could use the macros to write viruses embedded within documents. This meant that computers might now also be at risk from infection by opening documents with hidden attached macros.

Once an application is no longer supported by its maker via updates for security and functionality, it’s risky to use since you might not even know what unpatched exploits it contains. Old versions of QuickTime, Windows (especially XP) and many other everyday programs are perfect examples and should be avoided in favor of newer ones.

A dictionary attack entails repeated guesses of a password, drawn from common possibilities such as dictionary entries. A complex password can blunt these attacks by forcing them to cycle through possibilities for years. Additional protection is available by setting your device to erase itself after a certain number of wrong guesses. Make sure you’ve made a backup first.

Windows PowerShell is a vital tool for programmers and other IT professionals. For everyone else, it’s a potential security time bomb waiting to go off, because it can enable the execution of secretive fileless malware. Turning off both PowerShell and WMI on Windows can decrease your risks of a serious infection.

July 13, 2001: Code Red was a computer worm observed on the Internet. It attacked computers running Microsoft’s IIS web server. The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell. They named it “Code Red” because Code Red Mountain Dew was what they were drinking at the time. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On that day, the number of infected hosts reached 359,000.

Your web browser is your primary connection to the rest of the Internet, and multiple applications may rely on your browser, or elements within your browser, to function. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The best approach is to adopt the highest level of security and only enable features when you require their functionality. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

Many email programs offer filtering capabilities that allow you to block certain addresses or to allow only email from addresses on your contact list. Many ISPs also offer spam tagging services that allow the user the option to review suspected spam messages before they are deleted. Spam tagging can be useful in conjunction with filtering capabilities provided by many email programs.

In this scheme; the criminal contacts the victim offering a refund for tech support services previously rendered. The criminal requests access to the victim’s device and instructs the victim to login to their online bank account to process a refund. As a result, the criminal gains control of the victim’s device and bank account. Remember legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.

Extensions enhance web browsers. At the same time, they can create security risks. For example, Google Chrome is probably just another trusted application to your operating system and antivirus software, meaning it – and its extensions – can run code without a hitch. Some extensions are malicious, though. Look for unusual names, obscure publishers and lack of/poor user reviews before downloading anything.

Paying with a credit or debit card isn’t as risky as it used to be, thanks to the switch to EMV chip technology. However, you can further protect your transactions by setting up payments through services like Apple Pay, Samsung Pay and Google Pay, which utilize additional protections like secure on-device elements inaccessible to other apps.

You may have heard the adage that if you aren’t the customer, you’re the product, perhaps in the context of a free-to-use platform like Facebook. There’s some truth to this saying. Whether it’s a desktop or mobile app that serves you aggressive ads, or a site that harnesses your compute cycles for Bitcoin mining, it’s always worth considering the risks of free software.

To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges a possible attacker can accumulate.

Sometimes a search engine will return highly ranked results that nevertheless aren’t safe to visit. Maybe these pages have expired certificates or unusual redirects that haven’t gotten them flagged for removal yet. Your browser will usually warn you that they could be malware-laced traps. Heed these warnings and close the tab.

If your home computer is in a high-traffic area, you will be able to easily monitor your children’s computer activity. Not only does this accessibility deter a child from doing something she knows she’s not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.

Back up your contacts, photos, videos and other mobile device data with another device or cloud-base backup service before setting off on a trip.

The Internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.

If you have an iPhone, you probably have a passcode to prevent strangers from accessing it without your permission. Most of these codes are only 4 to 6 digits long. That length might seem good enough, but it’s guessable by specialized GrayKey devices. To stay on the safe side, use a 9- to 12-digit password combining letters and numbers.