Category: Passwords

Alert: Dell’s 49 Million Records Breached For Sale (May, 2024)

Dell logo

Dell notifies customers about data breach

Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:

“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

It is up to date information registered at Dell servers.

Feel free to contact me to discuss use cases and opportunities.

I am the only person who has the data.”

Data Breach forums post by Menelik
Screenshot taken from the Breach Forums

According to the poster Menelik the data includes:
  • The full name of the buyer or company name
  • Address including postal code and country
  • Unique seven digit service tag of the system
  • Shipping date of the system
  • Warranty plan
  • Serial number
  • Dell customer number
  • Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

“At this time, our investigation indicates limited types of customer information was accessed, including:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order and related warranty information.

The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

FBCS: One More Data Breach Affecting Almost Two Million People!

Having a loan or bill go to collections is bad enough as it is, but now in the first half of 2024, the second largest debt collection agencies in the U.S. has revealed that it has fallen victim to another data breach in which nearly Two Million borrowers information was exposed online.

As first reported by BleepingComputer, Financial Business and Consumer Solutions (FBCS) has begun notifying impacted individuals after the sensitive personal information of approximately 1,955,385 people was recently accessed by hackers.

As a nationally licensed debt collection agency, FBCS collects unpaid debts from credit card companies, healthcare organizations, car dealerships, student loans and utilities. However, unlike with the other companies you do business with, if one of your loans or bills has ended up in FBCS’ hands, you’re stuck with them.

Here’s everything you need to know about this recent data breach along with some tips and tricks on how to stay safe after your personal or financial information ends up in the hands of hackers.

Unauthorized network access

A hacker typing quickly on a keyboard

In a data breach notice (PDF) submitted to the Attorney General’s office in Maine, FBCS explained that hackers first breached its network on February 14, 2024. The unauthorized actor remained there until February 26 and during that time, they were able to “view or acquire certain information on the FBCS network.”

During that 12-day window, they could have accessed the full names, Social Security numbers (SSNs), dates of birth, account information and driver’s license numbers or ID card numbers of almost 2 million Americans.

With this information in hand, the hackers behind this breach can easily launch targeted phishing attacks, commit fraud or use social engineering for identity theft. FBCS has enrolled thousands of them automatically for 12 months of credit monitoring through the company Cyex.

 

Geobox: A $700 Anonymous Wi-Fi Device

Geobox: A Hacking Device That Is Basically Untraceable

In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!

Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:

1. Spoof location

2. Mimic Wi-Fi access points

3. Manipulate DNS and network parameters while providing anonymity.

4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).

Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!

After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”

OR

They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.

It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!

Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.

However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.

The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!

These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!

With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.

Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.

The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes

“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”

*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*

The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!

Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.

It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!

Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.

“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.

New Password Reset attack targets Apple device users

Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024

New password reset attack targets Apple device users

Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.

woman using phone in the dark
d3sign/Getty Images

Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.

Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.

Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.

Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.

After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.

Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.

Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.

In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.

It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.

One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.

However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.

For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.

Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.

Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.

featured

 

How to Hide Your IP Address and Change Location on Coinbase

Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?

If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.

 

Quick Guide: Hide Your IP Address and Change Your Location

  • Mask Your IP Address
  • Flush DNS and Renew Your IP Address
  • Change Your Coinbase Location Settings
  • Other Methods to Hide Your IP Address and Location on Coinbase

Why Hide Your IP Address?

There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.

How to Hide Your IP Address and Location from Coinbase

  1. Mask Your IP Address
    • Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
    • We recommend using NordVPN for its ease of use and reliability.
    • Follow these steps to install and configure NordVPN:
      1. Visit NordVPN’s website and create an account.
      2. Download and install NordVPN on your devices.
      3. Connect to a VPN server from your preferred location.
  2. Flush DNS and Renew Your IP Address
    • Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
    • Renew your IP address through your device’s settings or command prompt.
    • Follow these steps for PC (Any Windows OS Computer) (please contact me directly at https://www.t.me/DigitalFoundation for one on one Consultation):

Step-by-Step Guide: Flush DNS and Renew Your IP Address

Step 1: Open Command Prompt

      • On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
      • On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.

Step 2: Run Command Prompt as Administrator

      • Right-click on Command Prompt in the search results.
      • Select “Run as administrator” from the context menu.

Step 3: Enter Commands

      • In the Command Prompt window, type the following commands one by one, pressing Enter after each:
        • ipconfig /flushdns (This command clears the DNS resolver cache.)
        • ipconfig /release (This command releases your current IP address.)
        • ipconfig /renew (This command requests a new IP address from your DHCP server.)

Step 4: Confirm Success

      • Look for confirmation messages after each command.
      • You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.

Step 5: Close Command Prompt

      • Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.

Note:

      • Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
      • These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.

Mac/Apple Flushing DNS:

 

  1. Change Your Coinbase Location Settings
    • Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
    • Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
    • Save the changes and you’re all set.

Can’t Change Your Coinbase Location Settings? Here’s What to Do

If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:

  • Connect to NordVPN and your preferred server.
  • Find the “Contact Us” or “Get in touch” page on Coinbase’s website here: https://help.coinbase.com/en-gb
  • Send a message to Coinbase support requesting a manual update of your physical location.
  • Wait for 24-48 hours for their response.

Other Methods to Hide Your IP Address and Location on Coinbase

In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan: https://browserleaks.com/webrtc

 

VPN vs. Proxy vs. Public Wi-Fi: A Comparison

Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:

 

Features/Attributes VPN Proxy Server Public Wi-Fi
IP Address Masking Yes Yes Yes
Encryption Yes (High-level) No No
Geolocation Spoofing Yes Yes Partial
Ease of Setup Easy Moderate Easy
Speed Fast (depends on service) Moderate Varies (often slow)
Security High Low Very Low
Privacy High Low to Moderate Very Low
Access to Restricted Content Yes Yes Maybe
Consistency High Moderate Low
Cost Subscription Subscription or one-time fee Free
Legality & Compliance Generally Legal, some restrictions apply Generally Legal, some restrictions apply Legal

In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.

By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.

Disclaimer:

The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.

By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.

It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.

How To Track Anyone In The World Simply Using Any File!

How to Track Anyone’s IP using Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & any file can be a “digital mouse trap”..

Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, and many more…

Follow DigitalFoundation on Telegram for more..

Greetings, World!

Today I’ll teach you how to track anyone’s IP using Transparent Images! Yeah..

We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..

Understanding Canarytokens

Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.

The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house where anything someone does can set off an “alarm” – or at least a notification.

Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems disappointing!!

Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.

  1. Web bug / URL token — Alert when a URL is visited
  2. DNS token — Alert when a hostname is requested
  3. AWS keys — Alert when AWS key is used
  4. Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
  5. Sensitive command token — Alert when a suspicious Windows command is run
  6. Microsoft Word document — Get alerted when a document is opened in Microsoft Word
  7. Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
  8. Kubeconfig token — Alert when a Kubeconfig is used
  9. WireGuard VPN — Alert when a WireGuard VPN client config is used
  10. Cloned website — Trigger an alert when your website is cloned
  11. QR code — Generate a QR code for physical tokens
  12. MySQL dump — Get alerted when a MySQL dump is loaded
  13. Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
  14. Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
  15. Fast redirect — Alert when a URL is visited, User is redirected
  16. Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
  17. Custom image web bug — Alert when an image you uploaded is viewed
  18. Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
  19. Custom exe / binary — Fire an alert when an EXE or DLL is executed
  20. Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
  21. SVN — Alert when someone checks out an SVN repository
  22. Unique email address — Alert when an email is sent to a unique address

Step-by-Step Usage

Go to canarytokens.org & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.

https://canarytokens.org/generate#

Generate a Canarytoken, which is a unique URL or Fast redirect or anything else – it is all your choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.

EXAMPLE

Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If a target arrives upon it, you’ll receive an email notification, alerting you that something is off – just like a mouse activating a mouse trap :–)

Clicked..Your Digital Mouse Trap Is Set!

Fast Redirect was really super fast.. Later I tried using URL shortener and surprisingly, our main URL was not even noticeable in real time..

If your target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:

You can also rename the generated PDF/Excel/Word document without affecting its operation!

Machine vs. Mind: Will AI be 2024’s Most Dangerous Cyber Weapon?

In 2024, for cybersecurity, we’re entering an era where advanced AI tools and escalated social engineering tactics (especially during election years) are changing the game. To avoid potential cyber threats, businesses, governments and individuals must grasp these emerging trends.

1. Rise Of Cybersecurity AI

In 2024, AI’s role in cybersecurity will expand to encompass automated responses and predictive analytics. It’s mainly about taking preventive measures in advance….

Integrating AI into cybersecurity applications can improve threat detection and incident response. For instance, AI can identify anomalies or deviations that may indicate potential security threats. Previously unseen attacks can be detected.

With cyberattacks becoming more sophisticated, AI’s ability to analyze vast datasets and identify patterns will be pivotal. Since AI has become a major part of cyber criminals’ toolkit, AI is expected to become a mainstay in cybersecurity solutions.

2. Election Year Disinformation

Election years provide fertile ground for social engineering and disinformation campaigns, and there’s no reason to believe 2024 will be an exception. As political tensions rise, so do efforts to manipulate public opinion and undermine democratic processes.

Americans lost $10.3 billion to online scams in 2022, which also emphasizes the need for ongoing employee security awareness training that includes exercises to help identify social engineering tactics and phishing attempts. The use of open-source intelligence tools (OSINT) to root out network vulnerabilities is recommended as a preventive measure to combat threat actors.

3. Escalation Of Ransomware Attacks

Ransomware remains a formidable threat in 2024, with tactics becoming increasingly complex and negotiations more aggressive. According to Cybersecurity Ventures, damages from cybercrime are projected to exceed $10.5 trillion globally by 2025.

This alarming escalation calls for robust backup strategies, employee training, cyber insurance, negotiation expertise and incident response plans. Companies can follow the example of external performing tasks such as penetration testing, validating network integrity, identifying unauthorized activity and monitoring for suspicious behavior.

4. AI-Based Predictive Social Engineering

2024 will likely see a rise in AI-based predictive social engineering and a disturbing convergence of AI and social manipulation techniques.

Leveraging AI, cybercriminals can prey on human weaknesses such as impulsiveness, greed and curiosity to more convincingly create personalized phishing campaigns at scale. AI-facilitated social engineering attacks have been reported to the FTC.

This emerging trend underscores the need to perform AI risk assessments and to consider outsourcing expertise to a virtual AI officer who can step into the role and run AI-resistant security protocols.

5. National U.S. Data Privacy Act

The progression of data privacy regulations—beginning with the European Union’s General Data Protection Regulation (GDPR) and extending to California’s Consumer Privacy Act (CCPA)—is paving the way for establishing a national data privacy act in the U.S. called the American Data Privacy and Protection Act.

With five states’ privacy acts becoming effective in 2024 and other data breaches costing companies an average of $4.45 million, legislating a national data privacy standard is more urgent than ever.

6. Cyberattacks On Cannabis Retailers

The burgeoning cannabis industry, particularly retailers, is increasingly vulnerable to cyberattacks as they transition to digital platforms. Banks and credit card services could begin to accept electronic payments and ACH transfers from cannabis businesses—thanks to pending legislation making its way through Congress—and the gap between point of sale (PoS) systems and potential data breaches narrows significantly.

Human error and complacency are major risk factors, and the industry’s nascent adoption of digital technologies makes it an attractive target for cybercrime. Retail dispensaries must prioritize cybersecurity to protect their client data and financial transactions, as the sector’s so-called “green rush” also attracts the unwanted attention of threat actors.

7. Zero Trust Elevates To Boardroom Status

The concept of zero trust in cybersecurity, akin to the rise of anti-virus software in the 1990s, is set to become a staple topic in boardroom discussions in 2024. Gaining steady momentum, the implementation of zero trust is no longer a technical nicety but a business imperative.

Rooted in the principle of “never trust, always verify,” the widespread adoption of zero-trust architectures signifies a paradigm shift in security strategies, emphasizing continuous verification of every user and device, regardless of their location or network.

This strategic move elevates cybersecurity from a technical concern to a core business function, crucial for protecting organizational assets.

8. FEMA Cyber Insurance

To make a bold and unprecedented prediction, FEMA, the federal agency known for last-resort flood insurance, may eventually be called upon to serve as a model and backstop for cyber insurance policies not covered by commercial carriers.

With traditional insurance carriers withdrawing from high-risk regions like Florida due to severe climate events, there is a growing need for federal intervention. A FEMA initiative could potentially underwrite essential services like airports, hospitals, energy and water treatment plants as commercial insurance options become limited.

Conclusion

The increasing complexity of cyber threats underscoring the security trends of 2024 highlights the need for advanced mitigation strategies. Organizations will need to understand these trends, ensure they enable best practices and consider collaborating with outsourced cybersecurity expertise to navigate the security environment and ensure a robust, future-ready cyber defense.

2023 Metamask Security Tips and Tricks: Keeping Your Cryptocurrency Safe

Cryptocurrency has surged into the mainstream in recent years, with the advent of blockchain technology and digital wallets like Metamask making it easier than ever to store and trade currency. But convenience isn’t the only reason many people have made the switch: security is a major benefit for many users as well. While Metamask is one of the most secure wallets available, it’s also important to know how to keep your funds safe from malicious actors. Here are the best updated Cybersecurity Tips & Tricks for 2023 Metamask!

The rise in crypto thefts and scams just in the last 3 years means that it is more important than ever to take measures to secure your funds – especially taking SELF-CUSTODY of your crypto via a cold hard wallet. It can be difficult to know where to start, but luckily there are some simple steps you can take to ensure that your finances are as safe as possible. Whether you’re a novice investor or an experienced trader, knowing the basics of Metamask security can help give you peace of mind when it comes to storing your cryptocurrency. With the right precautions and understanding, you can take proactive steps to protect your digital assets, knowing they’re safe from unwanted third parties.

So let’s get started. In this blog post, I’m going to break down 2023 Metamask security tips and tricks to help you stay safe when storing and trading crypto. We’ll cover topics such as strategies for securing your account, detecting potential scams, and even the pros and cons of different wallet types. With these tips and tricks in hand, you’ll be ready to confidently navigate the world of cryptocurrency safely in 2023 and beyond.

Introduction

MetaMask is easily one of the best crypto wallets that you can find out there. It is funded by Ethereum and can be installed in the browser like any other plugin you can use. It allows users to store Ether and other ERC-20 tokens, which allows users to make seamless transactions. It can be found here: https://metamask.io

The first step is making sure you are using a CLEAN and SAFE Computer/Device before you begin using anything dealing with crypto. SkyTheTechGuy can provide you with a free diagnostic and analysis to double-check your assumption –> that your network/computer/device is safe, secure, and prepared for MetaMask or any other crypto program. Help@GeeksByTheHour.com or

With a lot of crypto wallets to choose from, you can be sure to get a lot of recommendations from the experts. MetaMask, however, is one of the safest picks for ETH storage. Users can have seamless transactions in spending coins in games, staking tokens, and even trading.

So far, MetaMask has gained a huge following from various ETH users all over the world. As they continue to provide users with an entry point into the emerging world of decentralized finance, any ‘MetaMask explained‘ articles would be helpful to those who want to invest in ETH.

MetaMask is one of the top wallets that you can use for your investments, and it offers some of the best services that you can enjoy as a crypto enthusiast. That says a lot about the way it can be a good pick for those who are keen to use ETH.

I. MetaMask Is An Efficient Wallet

MetaMask was founded by ConsenSys in 2016 just as an extension on desktop computers but later grew to be a full experience for a lot of users and even has a mobile application for everyone to use.

This app can be downloaded on iOS and Android devices. It is also available on the Google Chrome browser, Mozilla Firefox browser, Brave Browser as well as on Microsoft Edge. This makes it one of the wallets that can be accessed from almost any device everywhere.

II. Why MetaMask?

MetaMask was designed with a lot of new features that gives a lot of convenience in dealing with crypto. The wallet has recently designed a feature that allows swapping of ETH tokens on the app – which was formerly available by connecting to other exchanges such as Uniswap.

This made it easy with the third party app now taken out of the picture. The feature scours well through the DeFi landscape to offer the trader with the best deals at lower fees. On top of that, the wallet also offers integration with hardware wallets such as Ledger Nano and offers boosted security for fund storage.

III. *There are a lot of benefits in using MetaMask*

MetaMask offers a wide array of benefits that you would love in a crypto wallet. After all, crypto is a secure currency itself, but then you should know that MetaMask itself is a strong wallet that offers stability for users in the long run.
  • Availability 

MetaMask is useful when it comes to the easy access that people can make use of. With a number of available downloads for the app, you can say that it is clearly a huge benefit even if you change devices and so on. That says a lot about the way you can use it with no hassle compared to other wallets.

  • Popularity

MetaMask is a popular wallet that you can use with ease. It is popular among many users thanks to its amazing features. As one of the best open source wallets, it is a rare breed among other wallets out there, and it shows a lot of progress for a reliable storage in crypto.

  • Security

With the encryption, password, Secret Backup phrase and many other details, MetaMask’s detail on security is on point, and a lot of people would be thrilled to use it knowing they don’t have to worry about being hacked and so on.

On top of that, MetaMask’s lack of control on your private key means that they will not access your crypto on their own. This means that it is also harder to hack and secure to keep your crypto on for good.

  • Ethereum support

MetaMask’s connection to ETH makes it clear that you have a link to the second largest blockchain in the world. This means that MetaMask supports other Ethereum-based tokens and it immediately adds value to this wallet as well.

  • Ease of access

MetaMask is easy to use. If you look for any ‘MetaMask explained’ articles, you can read the fact that the wallet is one of the user-friendly wallets that you can find online. This is what makes MetaMask dominant among many other wallets that offer various services just like it.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of SkyTheTechGuy, LLC or the author. SkyTheTechGuy,LLC is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities. This information provided is for educational use only and should not be relied upon for any financial or investment advise or purpose.

How To Lock Down Your Computer

How to Quickly Lock Your Windows 11/10 PC

 

Your privacy matters. That’s why it’s good practice to lock a desktop or laptop whenever you leave it unattended. Use any of the methods below to stop other people from snooping around your PC.

Unlike signing out, locking a computer is faster, just as secure, and doesn’t require you to shut down open programs. You also get to unlock it instantly and pick up where you left off. This article will go through various ways to quickly lock Windows 11 and 10.

Table of Contents

Lock Computer via the Start Menu

The most straightforward approach to locking your PC is simply to use the Start menu. Open it, select the User icon or your profile portrait, and choose the option labeled Lock.

Note: If the Lock option is not present, open the Control Panel, go to Hardware and Sound > Power Options > Change what the power buttons do, and activate the box next to Lock to add it.

Lock Computer with a Keyboard Shortcut

If you prefer keyboard shortcuts, an even faster way to lock a Windows computer is pressing Windows Key + L. Use it a few times, and you’ll get it hard-coded into your muscle memory.

Lock Computer with a Desktop Shortcut

If you find it challenging to use the Win + L keyboard shortcut, you can create a desktop shortcut capable of locking your PC just as quickly.

  1. Right-click a vacant area within the desktop area.
  2. Select New > Shortcut on the context menu.
  3. Copy and paste the following snippet of text into the Create Shortcut window and select Next:

rundll32.exe user32.dll,LockWorkStation

  1. Type a name for the shortcut—e.g., “Lock PC”—and select Finish.
  2. Double-click the shortcut whenever you want to lock your PC.

Lock PC via the Windows Security Screen

The Windows Security screen (a.k.a. the Ctrl + Alt + Delete screen) offers another quick way to lock Microsoft Windows. The best thing about this method is that you can use it even if Windows 11 or 10 isn’t responsive. Simply press Ctrl + Alt + Del to get the Windows Security screen to show up. Then, select Lock.

Lock Computer via Task Manager

If you ever find yourself using the Task Manager in Windows 11 or 10 and want to lock down your PC immediately, you can do that using the Task Manager itself.

  1. Right-click the Start button and select Task Manager.
  2. Select More details to expand the default Task Manager view.
  3. Switch to the Users tab.
  4. Select your Windows user account.
  5. Select the Disconnect option at the lower-right corner of the window.

Lock Computer Alongside Screen Saver

If you regularly forget to lock your PC, you can set up a screensaver to kick in automatically and lock your PC when it engages.

  1. Open the Start menu, search for screen saver, and select Turn Screen Saver On or Off to invoke the Screen Saver Settings pop-up.
  2. Open the drop-down menu under Screen saver and pick a screensaver (select Blank if you prefer to keep the computer screen dark when the screensaver is active).
  3. Specify a time in minutes within the Wait box, check the box next to On resume, display logon screen, and select OK.

Your PC will display the screensaver when left idle for the time duration. Press a key or mouse button whenever you want to exit it and get to the Lock Screen.

Lock Computer With Dynamic Lock

Dynamic Lock automatically locks the operating system if it detects a weak Bluetooth signal between your PC and another device. Although it works with any Bluetooth peripheral, using a smartphone (Android or iPhone) is the most practical.

Connect Smartphone to PC

Before activating Dynamic Lock, you must pair your smartphone with your computer.

  1. Put your phone into Bluetooth discovery mode. That’s as simple as visiting its Bluetooth options screen (e.g., Settings > Bluetooth on the iPhone).
  2. Open the Settings app on your PC (press Windows + I).
  3. Select Devices > Bluetooth & other devices.
  4. Select Add Bluetooth or other device > Bluetooth.
  5. Select your phone and go through the onscreen instructions to pair it.

Activate Dynamic Lock

It’s now just a matter of activating Dynamic Lock.

  1. Open the Settings app on your PC.
  2. Select Accounts > Sign-in Options and scroll down to the Dynamic Lock section.
  3. Check the box next to Allow Windows to automatically lock your device when you’re away.

Your PC will automatically lock itself whenever you move away from it with your iPhone or Android smartphone.

Lock Computer via Run Command

You can perform many valuable activities with Run commands in Windows, including locking your PC. Although it’s hard to justify using Run over the above methods, it’s good to know that this way exists.

  1. Press Windows Key + R or right-click the Start button and select Run.
  2. Type the following command into the Run dialog box:

rundll32.exe user32.dll,LockWorkStation

  1. Select OK, or press Enter to lock Windows.

Lock Computer via Windows Terminal

Another obscure way to lock a Windows 11/10 PC requires running a command through the Windows Terminal or Windows PowerShell consoles. Here’s how to use it:

  1. Right-click the Start button and select Windows Terminal (Windows 11) or Windows PowerShell (Windows 10).
  2. Type the following command:

rundll32.exe user32.dll,LockWorkStation

  1. Press Enter.

Tip: The above command also works on the older Command Prompt console. Open the Start menu, type cmd, and select Open to get to it.

While this command is not particularly useful for locking your PC in the moment, it can be handy to include the command in a script so that your PC locks when the script finishes.

Total Lockdown

Locking your Windows PC has no downsides and keeps intruders at bay. It’s easy to forget to do that, however, so it’s always worth taking your time to tweak your screensaver settings or set up Dynamic Lock. While you’re at it, check out how to create a passwordless login in Windows to make getting back in even faster.

About The Author

Dr. Sky Houston has a legacy, passion and expertise in Information Technology. He specializes in topics related to Consumer & Business Technology and optimizing productivity. “Tame Your Technology Or It Will Tame You” is his way of life! When he isn’t solving tech issues of all sizes, he is busy optimizing, troubleshooting and locking down Client’s Internet, Networks, Devices and Computers, you can catch him teaching and training network, productivity improvements and Cyber Security.

Subscribe on YouTube!
Did you enjoy this tip? If so, check out our YouTube channel. We cover Windows, Mac, Software, Shortcuts and Apps, and also have a bunch of troubleshooting tips and how-to videos. Click the button below to subscribe!

 

Our Publishing Family

Geeks By The Hour is part of the Global Strong publishing family.

About Geeks By The Hour

Welcome to Geeks By The Hour – a blog full of tech tips from trusted IT experts. We have hundreds of articles and guides to help you troubleshoot any issue. Our articles have been read over 1 million times since we launched in 2009.

Copyright © 2009-2023 SkyTheTechGuy.com & GeeksByTheHour.com All Rights Reserved

Top 10 Cybersecurity Trends (Updated for 2023)

Top 10 Cybersecurity Trends (Updated for 2023)

Table of Contents

1) Rise of Automotive Hacking 

2) Potential of Artificial Intelligence (AI) 

3) Mobile is the New Target 

4) Cloud is Also Potentially Vulnerable 

5) Data Breaches: Prime Target

6) IoT with 5G Network: The New Era of Technology and Risks 

7) Automation and Integration 

8) Targeted Ransomware

9) State-Sponsored Cyber Warfare

10) Insider Threats

2023: The Digital Transformation realized for businesses, organizations and even governments are relying on computerized and progressively increased digital systems to manage their day-to-day activities making Cybersecurity a primary goal and priority for all Executives and Organizations of all sizes.

The 2020 pandemic  year exacerbated this fact – with up to 75% of billions of people globally transitioning from their physical office (which had the IT resources and personnel) to their “home office”. Essentially turning the entire “working from home industry” and all of the IT and HR requirements that it needs due to safeguarding data from various online attacks or any unauthorized access as the new “norm” of virtual/remote work.

Going Forward: Continuous change in technologies including the popular Dual Authorization Password apps primarily through utilizing the smart phone also implies a parallel shift and priority in Cybersecurity trends across the board in every organization as news of data breach, ransomware, malware, compromised devices/browsers and hacks unfortunately become the norms. This is simply based on adapting to the progressing volume (millions before the 2020 Pandemic worked from home, today it is billions) of remote workers. Here are the top Cybersecurity trends for 2023:

1) Rise of Automotive Hacking 

Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.

2) Potential of Artificial Intelligence (AI) 

With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection and the ChatGPT OpenAI capabilities that are literally transforming industries of anything relating to “the written word” including Copy Writing, Marketing, Advertising, Education, and many, many others are all being automated with AI. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.

3) Mobile is the New Target 

Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on two facts:

  1. Smartphones are used by more people globally today than PC’s (personal computers)
  2. The security and vulnerabilities of smartphones are far less on average than PC’s
  3. Social Media like Facebook, Instagram, and Tik Tok as well as other installed Apps of all types on smartphones/PC’s/devices are being targeted more and more each day by malicious individuals and “ransomware gangs” globally.

4) The “Cloud” i.e. Internet is Also Potentially Vulnerable 

With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks more than ever before today. Malicious actors across the globe are adapting faster than end users can act, especially in today’s ever so popular Social Media world.

5) Data Breaches: Prime target

Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.

6) IoT with 5G Network: The New Era of Technology and Risks 

With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).

The Internet of Things (IoT)  is essentially an interconnected global network where all devices are connected to each other as well as the “internet” 24×7. This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.

Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.

7) Automation and Integration 

With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.

8) Targeted Ransomware

Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focused today in 2023 including examples like the Wanna Cry attack on the National Health Service hospitals in England corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.

9) State-Sponsored Cyber Warfare

There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, key infrastructure like airlines grounding planes due to internal software compromises, etc. as top cybersecurity trends for 2023.

10) Insider Threats

Human error is still one of the primary reasons for data breaches and cyber security issues and service tickets, up to 75% of all reported in fact according to the most recent 2022 statistics. Any employee having a grudge or just a bad day at their employer or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 45 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.