Blog Layout

July Newsletter

Jul 03, 2023

Inside the Newsletter | July 2023

 

IS YOUR ONLINE SHOPPING APP INVADING YOUR PRIVACY? 

Online shopping has become a common activity for many people. It’s convenient, easy, and allows us to buy items from the comfort of our homes. But with the rise of online shopping, there are concerns about privacy and security. 

Not all shopping apps are created equally. Often people get excited and install an app without checking privacy practices. Apps can collect more data from your smartphone than you realize. Whether you use your phone for personal use, business use, or both, your data can be at risk. So can your privacy.

Shady Data Collection Practices from Popular Shopping App SHEIN

Recently, security experts found a popular shopping app spying on users’ copy-and-paste activity. This app tracked users’ keystrokes, screenshots, and even their GPS location. This raises the question: Is your online shopping app invading your privacy? 

SHEIN is the app in question, and it’s a popular shopping app with millions of users. According to reports, researchers found the app collecting data from users’ clipboards. This included any text that users copied and pasted. This means that if the user copied and pasted sensitive information, the app would have access to it. Including things like passwords or credit card numbers. 

Not only that but the app was also found to track users’ GPS location. SHEIN was also collecting data from device sensors, including the accelerometer and gyroscope. This means that the app was able to track users’ movements. As well as collecting information about how they were using their device. 

The app’s developers claimed that the data collection was for “optimizing user experience.” A very vague explanation that’s used by other app developers as well. The developers stated that the collected data was only used for internal purposes. But this explanation wasn’t enough to please privacy experts. Those experts raised concerns about the app’s data collection practices. 

Temu Data Collection Practices Questioned  

This isn’t the first-time people caught an app grabbing data without users’ knowledge. Many popular apps collect data from their users, often for targeted advertising purposes. 

The popularity of the shopping app Temu has been exploding recently. Since the app appeared in a Superbowl Ad in 2023, people have been flocking to it. 

But Temu is another shopping app with questionable data collection practices. Some of the data that Temu collects includes: 

  • Your name, address, phone number 
  • Details you enter, like birthday, photo, and social profiles 
  • Your phone’s operating system and version 
  • Your IPS address and GPS location (if enabled) 
  • Your browsing data 

Tips to Protect Your Privacy When Using Shopping Apps 

Know What You’re Getting Into (Read the Privacy Policy) – Yes, it’s hard to stop and read a long privacy policy. But, if you don’t, you could end up sharing a lot more than you realize. 

Turn Off Sharing Features – Turn off any data-sharing features you don’t need in your phone’s settings. Such as location services. Most smartphones allow you to choose which apps you want to use it with. 

Remove Apps You Don’t Use – If you’re not using the app regularly, remove it from your phone. Having unused apps on your phone is a big risk. • Research Apps Before You Download – It’s easy to get caught up in a fad. You hear your friend talk about an app, and you want to check it out. But it pays to research before you download. 

Shop on a Website Instead – You can limit the dangerous data collection of shopping apps by using a website instead. Most legitimate companies have an official website.


HOW MICROSOFT 365 COPILOT IS GOING TO TRANSFORM M365 APPS  

Microsoft is one of the biggest players in the office application field. It’s at the forefront of introducing transformative technology. The company is about to transform Microsoft 365 in a huge way with its new Copilot app. 

Microsoft 365 Copilot is a new tool designed to help users get the most out of their Microsoft 365 apps. This revolutionary tool is an intelligent, personalized assistant. 

Let’s take a closer look at Microsoft 365 Copilot and the keyways it’s going to improve M365 apps and your business workflows. 

What is Microsoft 365 Copilot?  

Microsoft 365 Copilot is an AI powered assistant. It helps users with their day-to-day tasks in M365 apps. It works across all M365 apps. This includes: 

  • Word 
  • Excel 
  • PowerPoint 
  • Outlook 
  • Teams 
  • and more

The tool is currently in testing and should be out sometime soon. 

How Does Microsoft 365 Copilot Work?  

Microsoft 365 Copilot uses AI and machine learning to understand users’ needs. It provides personalized help. It uses data from users’ interactions with M365 apps. It learns a user’s usage patterns and offers recommendations based on their preferences.

Say that you’re working on a presentation in PowerPoint and struggling with design. Microsoft 365 Copilot can offer design suggestions based on your company’s brand guidelines. 

Microsoft 365 Copilot can also help users with common tasks. Tasks such as scheduling meetings and managing emails. 

Benefits of Using Microsoft 365 Copilot  

  • Personalized Help – Microsoft 365 Copilot provides personalized help based on users’ usage patterns and preferences. 
  • Time Saving – Microsoft 365 Copilot can help users save time on common tasks. Such as scheduling meetings and formatting documents. It can take on many information-gathering tasks, like summarizing meeting notes. Knowledge workers spend an average of 2.5 hours per day searching for information. 
  • Reduced Frustration – Microsoft 365 Copilot can help reduce frustration. It provides solutions when users are stuck on a task. The tool can also help users struggling with an Excel chart or table. Instead of having to figure out how to generate it, they can simply give a command to Copilot to do it for them. 
  • Improved Productivity – Microsoft Copilot handles tasks that go beyond what business apps have historically done. For example, you can use it in PowerPoint to create a presentation for you. Use a command such as, “Create a six-slide presentation based on (this) document.” You can also tell it to find appropriate Microsoft stock photos and insert them.

 

 

LEARN HOW TO FIGHT BUSINESS EMAIL COMPROMISE  

A significant cyber threat facing businesses today is Business Email Compromise (BEC). BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat

What is Business Email Compromise (BEC)?  

BEC is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.

BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees online. They gain knowledge about the company’s operations, suppliers, customers, and business partners. 

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form. 

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate. 

  • According to the FBI, BEC scams cost businesses about $2.4 billion in 2021. 
  • These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations. 

How to Fight Business Email Compromise  

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them. 

  • Educate Employees 
  • Enable Email Authentication 
  • Deploy a Payment Verification Processes 
  • Check Financial Transactions. 
  • Establish a Response Plan 
  • Use Anti-phishing Software



SMALL BUSINESS TIPS TO GET READY FOR THE UNEXPECTED  

What would you do if your business suffered a ransomware attack tomorrow? Do you have a contingency plan in case of any disasters? The unexpected can happen anytime, and small businesses can get hit particularly hard. 

Here are 10 helpful tips to get ready for anything: 

  1. Create a Contingency Plan 
  2. Maintain Adequate Insurance Coverage 
  3. Diversify Your Revenue Streams 
  4. Build Strong Relationships with Suppliers 
  5. Keep Cash Reserves 6. Build Strong Outsourcing Relationships 
  6. Check Your Financials Regularly 8. Invest in Technology 
  7. Train Employees for Emergencies 
  8. Stay Up to Date on Regulatory Requirements

BEST PRACTICES FOR SECURING YOUR HOME NETWORK  

In today’s world, technology is ubiquitous, and connectivity is a must. Securing your home network has become more critical than ever. A secure home network is essential for protecting your personal data from hackers. 

From phishing to smishing (SMS phishing), it’s getting harder to avoid a breach. 

The National Security Agency (NSA) has provided some best practices for securing your home network: 1. Change Default Passwords and Usernames 

  1. Enable Encryption 
  2. Update Firmware 
  3. Enable a Firewall 
  4. Disable Unused Services 
  5. Secure Wi-Fi Network 
  6. Use Strong Passwords 
  7. Create a Guest Network 
  8. Limit Physical Access

HOW TO USE THREAT MODELING TO REDUCE YOUR CYBERSECURITY RISK  

Today’s offices are digitally sophisticated. Just about every activity relies on some type of technology and data sharing. Hackers can breach these systems from several entry points. This includes computers, smartphones, cloud applications, and network infrastructure. 

  • It’s estimated that cybercriminals can penetrate 93% of company networks.  

One approach that can help organizations fight these intrusions is threat modeling. Threat modeling is a process used in cybersecurity. It involves identifying potential threats and vulnerabilities to an organization’s assets and systems. 

Here are the steps businesses can follow to conduct a threat model: 

  • Identify Assets That Need Protection 
  • Identify Potential Threats 
  • Assess Likelihood and Impact 
  • Prioritize Risk Management Strategies 
  • Continuously Review and Update the Model

The post July Newsletter appeared first on .

Security Lapse by Microsoft Employees Exposes Internal Passwords

26 Apr, 2024
In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T experienced data breach that impacted 51 million customers (No one is immune)

26 Apr, 2024
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home Depot Data Compromised Through Third-Party SaaS Misconfiguration

26 Apr, 2024
Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.
More Posts
Share by: