Best Firewalls For 2024

The best firewall software makes it simple and easy to set up a software firewall to protect your computer or IT systems.

BEST FIREWALL SOFTWARE OF 2024

A padlock resting on a keyboard.

Firewalls are traditionally a first line of defense, providing a secure perimeter. In the event of a malware infection, the attacker won’t be able to upload payload software to properly launch the attack and cannot download vulnerable data files from any compromised computer.

Even though developments in antivirus technology have improved significantly over that time, the best firewall services remain a key part of a user’s cybersecurity defenses as the risks have evolved rather than stopped entirely. 

While some of the best firewall software is provided as a standalone product, often they come bundled with general internet security packages, especially from antivirus companies which can offer a wide range of additional tools. While these are aimed more at individual users and small businesses, larger ones and enterprises can instead benefit from the protection provided by cloud firewalls.


Why you can trust Dr. Sky and GeeksByTheHour: We spend hours testing every product or service we review, so you can be sure you are getting the best product and value without any bias.

BEST FIREWALL SOFTWARE OVERALL

Bitdefender Total Security website screenshot
(Image credit: Bitdefender)

1. Bitdefender Total Security

Best for all round security with firewall protection

TODAY’S BEST DEALS

Bitdefender Total Security $49.99

Bitdefender Total Security – 2 Years $154.99

Bitdefender Total Security – 3 Years $209.99

VISIT SITE at Bitdefender

REASONS TO BUY

+High-end firewall protection+Anti-ransomware protection included+Microphone safeguarding+Up to 5 devices

REASONS TO AVOID

-Some alternatives offer more for your money

Bitdefender Total Security is a powerful internet security suite that offers a firewall among a range of featured security protections. There’s also anti-virus protection, but its multi-layered malware protection also protects against ransomware.

Other features include anti-phishing, anti-fraud, and anti-theft options, as well as a performance optimizer.

A wide range of privacy protection options include anti-tracking, file encryption, and shredder, parental controls, as well as protection for microphones to prevent them from being used by a third party., 

Bitdefender Total Security isn’t just for protecting Windows users either, but can also be used to protect against attacks on Android, macOS, and iOS as well. Even better, a single product license allows you to use the software on up to 5 different devices, so you can use Bitdefender Total Security for your home PC as well as smartphone.

Overall, Bitdefender Total Security pretty much does what its name suggests, offering a very wide range of security protections that goes beyond just a firewall. However, pricing is very reasonable at around $35 / £30 / AU$50 per year for up to five devices, making it cheap and easy to get peace of mind.

GeeksByTheHour.com

BEST LIGHTWEIGHT FIREWALL SOFTWARE

Webroot AntiVirus website screenshot
(Image credit: Webroot)

3. Webroot AntiVirus

Best lightweight internet security option

VISIT WEBSITE

REASONS TO BUY

+Extremely light on system resources+Lightning fast speeds

REASONS TO AVOID

-No testing data from the top labs

Just about every antivirus tool claims to be ‘lightweight’, but Webroot AntiVirus is really the only one to deliver on this front. Installation takes seconds, the program files barely use 2MB of your hard drive, the RAM footprint is tiny, and there are no bulky signature updates to tie up your bandwidth.

Considering this, there’s no compromise on features, which makes it all the more impressive. Along with the core protection, there’s smart behavior monitoring, accurate real-time anti-phishing, network connection monitor, enhanced anti-ransomware, and of course firewall protection.

It’s not easy to compare Webroot’s accuracy with the competition, as the big testing labs rarely evaluate the company’s products. However, when they are reviewed, they generally score high, and our own tests show solid and reliable protection.

There’s a lot to love about Webroot AntiVirus, and the 70-day 100% money-back guarantee suggests the company is confident in the product as well. If you’re sick of overly complex and bloated engines, Webroot is a worthy contender for you.


Best free firewall

BEST FREE FIREWALL SOFTWARE OVERALL

ZoneAlarm website screenshot
(Image credit: ZoneAlarm)

3. ZoneAlarm

The best free firewall

TODAY’S BEST DEALS

VISIT WEBSITE

REASONS TO BUY

+Easy to use interface+Great antivirus engine

REASONS TO AVOID

-Best features are paid-for

ZoneAlarm has been one of the most popular firewall solutions for more than 20 years and has been downloaded more than 20 million times.

ZoneAlarm comes in both Free and Pro versions. The former has ads and lacks several features, including expert rules, 24/7 support, component control, and other advanced settings. What it will do is identify potentially unsafe traffic, hide open ports, and disable malicious programs.

It also features a two-way firewall that monitors traffic coming into and going out of your network, makes your PC invisible to hackers, and stops spyware from broadcasting your personal data. Furthermore, early boot protection will protect your computer from being booted from a dangerous rootkit aimed at taking over your PC.

ZoneAlarm also includes anti-phishing scanning of URLs to make sure you don’t enter your personal information on websites identified as being security threats. And it will remove malicious code from any files you download.

BEST FREE FIREWALL SOFTWARE FOR FEATURES

Comodo Firewall website screenshot
(Image credit: Comodo)

4. Comodo Firewall

Best if all you need is a decent feature set

VISIT WEBSITE

REASONS TO BUY

+Sandbox for testing apps+Low resource usage

REASONS TO AVOID

-Needs configuring

For a free product, Comodo Firewall offers a healthy serving of features. It will check that all incoming and outgoing traffic is legitimate, hide your computer’s ports from hackers, and block malicious software broadcasting your private data. If there is any suspicious activity, it will warn you immediately.

It also includes a secure browser, a ‘virtual kiosk’, and a host intrusion protection system (HIPS). The HIPS will detect suspicious behavior by a program and ask you whether to allow it, block it, or treat the program as an installer.

Comodo also includes its own more secure versions of popular browsers Chrome and Firefox, called Dragon and IceDragon respectively. The Comodo browsers offer security, privacy, and performance enhancements that aren’t available in standard browsers.

Comodo’s Virtual Kiosk is a virtualized sandbox, like an isolated operating environment for running unknown applications. Apps run in the Kiosk won’t affect anything on your real computer, which makes it ideal for testing out new, untrusted apps.

BEST LIGHTWEIGHT FREE FIREWALL SOFTWARE

TinyWall website screenshot
(Image credit: TinyWall)

3. TinyWall

Best if you want an unobtrusive free firewall

TODAY’S BEST DEALS

VISIT WEBSITE

REASONS TO BUY

+No annoying popups+Lightweight compared to some rivals

REASONS TO AVOID

-Manual whitelisting-Not very attractive looks

TinyWall is actually designed to be used with Windows’ built-in Defender firewall, so its performance impact is minimal.

TinyWall will actively block trojans, viruses, worms, and other forms of malware, and prevent the modification of Windows firewall’s settings by malicious programs. And it will do all of this without you needing to know about ports, protocols, or application details.

But probably its most appealing feature is its no-popup approach. Most firewalls will display a popup asking you what you want to do whenever an application is trying to access the Internet. Not only is this annoying, but eventually you’ll just start granting access to everything to get rid of the popups, which isn’t very secure.

TinyWall gets around this problem by expecting you to whitelist programs that you actually want to be able to access the Internet. When you find a program has been blocked, it’s easy to add it to the whitelist, and then you can continue with what you were doing.

BEST BASIC FREE FIREWALL SOFTWARE

Windows Defender website screenshot
(Image credit: Microsoft)

5. Windows Defender

Best if you don’t want to install anything

Microsoft Windows Defender

VISIT SITE at Microsoft US

REASONS TO BUY

+Already installed with Windows+Low false positive rate

REASONS TO AVOID

-Lack of additional features

If you have a PC running a version of Windows more recent than XP, then you already have a free firewall installed, and unless you’ve changed any settings, it’s already active and running.

Known as Windows Defender since the release of Windows 10, the firewall is part of a suite of security tools included by default with Windows installations. Microsoft recommends that you leave the Defender on, even if you’re also using another firewall. 

To manage its settings, simply search for ‘security’ in Windows and select the Security app. When it opens, set the Windows Defender Firewall toggle to on. Turning it off again simply involves clicking the same button.

You can also configure the firewall to allow a certain app through the firewall. From the same place as where you turn it on/off, you can select ‘Allow an app through firewall’ and then choose the app in question.

FBCS: One More Data Breach Affecting Almost Two Million People!

Having a loan or bill go to collections is bad enough as it is, but now in the first half of 2024, the second largest debt collection agencies in the U.S. has revealed that it has fallen victim to another data breach in which nearly Two Million borrowers information was exposed online.

As first reported by BleepingComputer, Financial Business and Consumer Solutions (FBCS) has begun notifying impacted individuals after the sensitive personal information of approximately 1,955,385 people was recently accessed by hackers.

As a nationally licensed debt collection agency, FBCS collects unpaid debts from credit card companies, healthcare organizations, car dealerships, student loans and utilities. However, unlike with the other companies you do business with, if one of your loans or bills has ended up in FBCS’ hands, you’re stuck with them.

Here’s everything you need to know about this recent data breach along with some tips and tricks on how to stay safe after your personal or financial information ends up in the hands of hackers.

Unauthorized network access

A hacker typing quickly on a keyboard

In a data breach notice (PDF) submitted to the Attorney General’s office in Maine, FBCS explained that hackers first breached its network on February 14, 2024. The unauthorized actor remained there until February 26 and during that time, they were able to “view or acquire certain information on the FBCS network.”

During that 12-day window, they could have accessed the full names, Social Security numbers (SSNs), dates of birth, account information and driver’s license numbers or ID card numbers of almost 2 million Americans.

With this information in hand, the hackers behind this breach can easily launch targeted phishing attacks, commit fraud or use social engineering for identity theft. FBCS has enrolled thousands of them automatically for 12 months of credit monitoring through the company Cyex.

 

Ultra-fast 6G internet test reaches 100Gbps speed that’s 500 times faster than 5G

A 6G transmitter has been created that can reach the fastest internet capabilities recorded yet.

The new technology was created by four companies in Japan putting their best qualities forward to achieve the next generation of ultra-fast internet.

6G internet brings completely new advancements to technology and communication
The highest generation of internet right now is 5G and is the current standard

The announcement of the new 6G breakthrough came in a press release on April 11 and the four companies involved include DOCOMO, NTT, NEC, and Fujitsu.

5G internet operates from 6-40 GHz while the new 6G test operated at much higher bands in 100 GHz and 300 GHz. 

The 6G transmitter transferred data at 100 Gbps per second at 100 GHz indoors and 300 GHz outdoors over 328 feet, per the release.

The highest generation of internet right now is 5G and is the current standard. 

Using higher frequency bands allows for much faster internet speeds and is the plan of how to achieve the next generation. 

High-capacity wireless communication is expected to be achieved by exploiting the abundant bandwidth available in the sub-terahertz band from 100 GHz to 300 GHz,” the release said. 

The 6G potential is 500 times faster than the average 5G t-Mobile speeds in the US, according to Statista

Its speed can also be compared to transferring five HD movies wirelessly per second, per Live Science. 

The tech companies have hinted that 6G will allow for groundbreaking new ventures.

This includes extremely high-quality video streaming, better control for self-driving cars, and faster communication.

Some other advancements to look forward to include smoother operation for: Virtual Reality (VR)

*Metaverse

*Metaverse applications

*Mixed Reality experiences.

*Fully Automated Vehicles

*Hovercraft and other flying machines

*It will also support brand new technologies like Holographic images and Holographic Communication (seeing g a hologram of the person you are talking to emanate from a phone as an example)

“In the 6G era, when wireless networks are envisioned supporting diverse applications ranging from ultra-HD video streaming to real-time control in autonomous vehicles, as well as increasing communication demands,” the press release said.

WORKING THROUGH KINKS

Implementing the new high-speed 6G will come with some complications though.

The experts explained completed new devices will need to be made that can handle the high-frequency bands. 

This is because of the large difference between what 5G devices are currently operating at and the high-frequency band 6G would need.

“However, compared to 28 GHz and other millimeter bands used in current 5G systems, the much higher frequencies of the sub-terahertz band will require entirely different wireless devices that are now being developed from scratch,” the press release said. 

To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.Press Release

“To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.”

The next move for the four tech companies is to keep working out the kinks and utilizing each company’s strengths to make 6G a reality. 

“Going forward, the four companies will continue to conduct extensive research and development into sub-terahertz telecommunications,” the press release said.

“Leveraging each company’s strengths in various initiatives to contribute to 6G standardization.”

Scammers, ID.me IRS Requirements and Montenegro

MalwareTips Blog

ALERT: Hackers Are Posing As ID.me To Steal Your Identity

Photo of author
Shield Guide
updates-guide
install guide
Ad Blocker
backup sign
scam 4
Do You Know All .ME Domains like ID.ME Required by the IRS are Owned By Montenegro & Their Billionaire Club?

Identity verification services like ID.me have become indispensable in the digital age. By providing a secure and convenient way to prove your identity online, ID.me opens doors to essential services and benefits. However, as with any popular online platform, scammers are finding ways to exploit these services and trick unsuspecting users.

This article will take an in-depth look at the ID.me scams popping up, how they work, and most importantly, how to avoid becoming a victim. With identity theft and online fraud at an all-time high, awareness is your best defense.

This Article Contains:

Overview of the ID.me Scams

ID.me provides a valuable service as a digital identity network used by government agencies, healthcare providers, and other organizations to securely verify user identities online. By acting as a trusted validator of personal information, ID.me opens the door for people to easily access essential services and benefits.

However, this convenience also creates an opportunity for fraudsters. Scammers are increasingly impersonating ID.me through phishing campaigns in order to steal personal information from victims. Once they have the data, they can hijack identities, drain accounts, and perpetrate other forms of fraud.

These ID.me scams are growing more complex and convincing, making it crucial for users to understand the tactics and stay vigilant. Here are the main types of ID.me scams and frauds being perpetrated:

Phishing Emails

This is one of the most common vectors for ID.me scams. Victims receive emails pretending to be from the legitimate ID.me security team. These emails may:

  • Warn that unusual activity was noticed on your account
  • State that immediate account suspension will occur if no action is taken
  • Provide a fake deadline such as 24-48 hours to re-validate your account
  • Include a “Verify Account” or “Reset Password” button/link to a phishing site

If the user clicks the deceptive call-to-action button or link, they are taken to a convincing but fake ID.me login page designed to steal login credentials as well as other personal data.

Smishing Text Message Scams

Similar to phishing emails, fraudsters send text messages also impersonating ID.me. They state your account is at risk of being locked or needing immediate validation via a link included. If clicked, the link directs victims to a phishing site masquerading as the legitimate ID.me site.

Once on the fake page, any information entered is captured by scammers. Smishing texts use urgency and threats to get users to comply without thinking it through.

Vishing – Phone Call Scams

This technique uses phone calls rather than messages to trick victims. Scammers posing as ID.me support agents call users claiming that suspicious activity means accounts will be suspended without immediate intervention.

The “agents” pressure and persuade victims to provide personal details or even remote access to the victim’s device, enabling installation of info-stealing malware.

Fake ID.me Websites

Beyond phishing pages, scammers also create entire fake websites impersonating the real ID.me site. Links to these fraudulent sites are sent out en masse via email spam campaigns. They are designed to capture login details and personal info from unsuspecting victims who were persuaded the site was legitimate.

Malicious Software Scams

Scammers may also use phone calls, emails, or texts to trick users into downloading malware. This can occur by:

  • Sending a phishing message with an infected file attachment
  • Persuading victims to click a link to download fake “security software”
  • Requesting remote access to devices in order to “diagnose connectivity issues” then installing malware

Once installed, info-stealing malware can harvest data and credentials directly from the compromised device.

Account Takeover Scams

Sophisticated scammers may attempt full account takeover rather than simple phishing. By gathering key details like usernames, passwords, and partial SSNs from data breaches, they can convince ID.me’s system they are the legitimate account owner.

This enables them to bypass identity verification and fully compromise the account. 2FA often thwarts these takeover attempts however.

In summary, ID.me scams aim to exploit trusting users through impersonation and clever psychological manipulation. By understanding the deceptive tactics used in these scams, people can better recognize the warning signs and avoid being victimized.

How the ID.me Scams Work

Fraudsters use clever psychological tactics to manipulate victims in ID.me scams. Here is an inside look at exactly how they operate:

Step 1 – Initial Contact

Scammers initiate contact via:

  • Emails pretending to be ID.me security alerts
  • Texts claiming your ID.me account is at risk
  • Calls posing as ID.me support agents

Their goal is to cause panic so you act without thinking.

Step 2 – Creating Urgency

Next, scammers pressure you to take immediate action by:

  • Stating your account will be frozen if you don’t re-verify
  • Claiming the deadline to avoid suspension is approaching
  • Warning of penalties or losses if you don’t comply

This plants a fear of missing out, causing you to stop questioning.

Step 3 – Requesting Information

Scammers will instruct you to confirm sensitive details such as:

  • Login credentials
  • Social Security Number
  • Bank account info
  • Credit card numbers

They may pretend it’s needed to verify your identity and keep your account active.

Step 4 – Gaining Remote Access

In some cases, scammers will try to gain remote access to your device by making you:

  • Download suspicious files allowing control of your system
  • Enter codes sent to your phone number enabling account takeover
  • Allow screensharing applications giving them access to your data

Step 5 – Leveraging Your Identity

Once scammers have your information, they can:

  • Access and drain your financial accounts
  • Make purchases using your credit cards
  • Commit tax fraud with your SSN
  • Steal your identity to open accounts or apply for loans

The damage can be extensive if scammers successfully exploit your identity.

What to Do if You Fell Victim to an ID.me Scam

If you suspect your ID.me account or identity has been compromised, take these steps immediately:

Step 1 – Lock Down Your Accounts

  • Reset your ID.me password and enable two-factor authentication
  • Contact banks to freeze accounts potentially accessed by scammers
  • Place fraud alerts and monitor your credit reports closely
  • Change passwords on any compromised accounts

Step 2 – Report the Incident

  • File identity theft reports with the FTC and your local police department
  • Notify ID.me directly so they can secure your account
  • Contact companies where your identity was likely abused
  • Report social media and email phishing attempts

Step 3 – Monitor for Suspicious Activity

  • Set up account alerts to notify you of any unusual activity
  • Periodically get free credit reports to catch new fraudulent accounts
  • Review all statements thoroughly for any unauthorized charges
  • Sign up for identity theft protection services to detect misuse

Step 4 – Recover From the Fraud

  • Dispute any fraudulent charges or accounts opened in your name
  • Work with creditors to close fraudulent accounts and reverse damages
  • Update information related to your identity, accounts, and credentials
  • Change compromised account numbers and request replacement cards

Frequently Asked Questions About the ID.me Scam

1. What is the ID.me scam?

The ID.me scam involves fraudsters impersonating the valid ID.me identity verification service in phishing attempts via email, text messages, and phone calls. Their goal is to trick victims into revealing login credentials or sensitive personal information.

2. How do scammers carry out the ID.me scam?

Scammers initiate contact posing as ID.me through:

  • Fraudulent emails warning your account is at risk
  • Smishing texts claiming you must reverify your ID.me account
  • Vishing phone calls pretending there is suspicious activity

They pressure you to act urgently and provide info to avoid account suspension.

3. What techniques do scammers use in the ID.me scam?

Scammers manipulate victims using:

  • Fear – Threatening account suspension or penalties
  • Urgency – Impending deadlines to reverify accounts
  • Social Engineering – Pretending to be ID.me support agents
  • Phishing Links – Fake ID.me login pages stealing credentials

4. What information do scammers attempt to steal with the ID.me scam?

Scammers phish for:

  • Usernames and passwords
  • Bank account and routing numbers
  • Credit card details
  • Social Security Numbers
  • Driver’s license numbers
  • Digital wallet account access

5. What do scammers do with my information from the ID.me scam?

Scammers can use your information to:

  • Drain financial accounts
  • Make purchases with your credit cards
  • Steal your tax refund
  • Apply for loans or credit in your name
  • Access government benefits using your identity

6. How can I avoid falling for the ID.me scam?

To avoid the ID.me scam:

  • Never click links in unsolicited messages
  • Don’t provide info to incoming calls alleging to be ID.me
  • Verify custom URLs before entering login credentials
  • Enable two-factor authentication as an extra layer of security
  • Monitor accounts closely for unauthorized activity

7. What should I do if I fell victim to the ID.me scam?

If you fell for the scam, immediately:

  • Reset your ID.me password and security questions
  • Contact banks to freeze accounts
  • Place fraud alerts on credit reports
  • Report identity theft to the FTC and police
  • Close any accounts opened fraudulently

8. How can I recover from identity theft related to the ID.me scam?

To recover, be sure to:

  • File police reports regarding the identity theft
  • Dispute fraudulent charges with banks and creditors
  • Change compromised account numbers and request new cards
  • Monitor credit reports and financial statements for misuse
  • Sign up for identity theft protection services

9. How can I help others avoid the ID.me scam?

You can help others by:

  • Reporting scams and phishing emails to help shut them down
  • Making family and friends aware of the tactics scammers use
  • Encouraging people to use unique passwords and two-factor authentication
  • Advising caution against unsolicited calls, texts and emails

10. Who can I contact for help after falling victim to the ID.me scam?

Reach out to the following for assistance:

  • ID.me Support – They can secure your account
  • Your bank’s fraud department
  • Federal Trade Commission – To report identity theft
  • IRS – If tax fraud occurred
  • Local police – To file an identity theft report

The Bottom Line

ID.me provides a valuable service, but also opens the door for scammers to steal identities. Stay vigilant against phishing attempts via email, text and phone. Never click unverified links, provide sensitive information to strangers, or allow remote access to your device. If you do fall victim, take steps immediately to lock down your identity and report the fraud before irreparable harm is done. Spread awareness about these scams to help others avoid becoming victims too.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.It’s essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
  2. Keep software and operating systems up-to-date.Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
  3. Be careful when installing programs and apps.Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you’re agreeing to before you click “Next.”
  4. Install an ad blocker.Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
  5. Be careful what you download.A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
  6. Be alert for people trying to trick you.Whether it’s your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it’s easy to spoof phone numbers, so a familiar name or number doesn’t make messages more trustworthy.
  7. Back up your data.Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
  8. Choose strong passwords.Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
  9. Be careful where you click.Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
  10. Don’t use pirated software.Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it’s important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.CategoriesScamsLoad Comments

Photo of author

Meet Thomas Orsolya

Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.

Since 2010

Founded in 2010, MalwareTips is a leading cybersecurity community providing free malware removal tutorials, tech news, scams exposure, dedicated help forums, user education, and security guides.14+ years of activity65K+ security and tech guides180M+ annual readers

Our Community

With over 60,000 members, we invite you to join our tech-focused community. Discuss malware, security tips, emerging threats, and more with fellow enthusiasts. Share your questions and insights to spread awareness. We welcome you to our diverse, growing forum!70K+ registered members900K+ forum messages65K+ topics discussed

Create your free account

New

NEXT

Form 4022 Scam: Don’t Fall Victim to This Bogus Tax Letter

Disclaimer

We offer free and tested self-help guides.
MalwareTips.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our dedicated support forums.

Please ensure your data is backed up before proceeding.

Follow Us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Legal

Copyright © 2024 · All Rights Reserved · Any redistribution or reproduction of part or all of the contents in any form is prohibited.

Robots to the Rescue: How Cutting-Edge Technology Saves Lives in Law Enforcement

March 29, 2024

In Cape Cod, Massachusetts, a robot named Spot, made by Boston Dynamics, was shot during a police standoff. This is the first time Spot has been shot while helping the police. Spot was there to help the police stay safe while dealing with a dangerous person who had locked himself inside a house.

The police were called because someone reported a man with a gun hiding in a house. When the police got there, the man shot at them. So, the police used Spot and two other robots to find out where the man was inside the house. This helped the police understand what was happening inside without risking their lives.

Spot went into the basement to check things out. When Spot was trying to open a door, the man came out with a gun and knocked Spot down. Spot can stand up again by itself and followed the man, but then the man shot Spot, breaking it.

Spot: The Robot That Took Bullets And Saves Lives

Even though Spot was hurt, the police managed to arrest the man safely using tear gas. The police said using Spot helped them a lot because they didn’t have to send people or a real dog into the dangerous situation, which could have caused more violence.

Afterward, Spot was sent back to Boston Dynamics. They checked the robot and fixed it. They decided to keep Spot for research and gave the police a new one. Boston Dynamics also talked about how robots like Spot can help in emergencies, like finding people after disasters or helping in dangerous police work.

For those interested in investing in companies like Boston Dynamics and exploring opportunities in technology that saves lives, it’s essential to stay informed and make educated decisions.

Boston Dynamics, known for its advanced robotics, is a subsidiary of Hyundai Motor Group, and while Boston Dynamics itself is not publicly traded, Hyundai Motor Group is.

To delve deeper into investment opportunities in this innovative sector, you might consider exploring companies that are involved in similar technological advancements and are publicly traded. Investing in technology firms requires understanding the market, the technology, and the potential for growth and impact.

Here are some steps and resources to guide potential investors:

  1. Research Emerging Technology Firms: Look for companies that are pioneering in robotics and artificial intelligence. Websites like Crunchbase or TechCrunch can provide insights into emerging tech companies.
  2. Understand the Market: Use financial news platforms like Bloomberg, Reuters, or CNBC to get the latest updates on tech stocks, market trends, and analyses.
  3. Diversify Your Investments: Consider diversifying your portfolio by investing in ETFs that focus on robotics and artificial intelligence, like the Global X Robotics & Artificial Intelligence ETF (BOTZ) or the ROBO Global Robotics and Automation Index ETF (ROBO).
  4. Stay Informed: Regularly follow updates and research reports from investment banks and financial analysts who focus on technology and innovation.
  5. Consult Financial Advisors: Before making investment decisions, it might be beneficial to consult with a financial advisor who understands the tech sector and can provide personalized advice based on your financial goals.

By staying informed and considering a strategic approach, investors can identify opportunities to invest in the companies shaping the future of robotics and technology, potentially contributing to advancements that save human lives.

New Password Reset attack targets Apple device users

Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024

New password reset attack targets Apple device users

Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.

woman using phone in the dark
d3sign/Getty Images

Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.

Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.

Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.

Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.

After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.

Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.

Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.

In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.

It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.

One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.

However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.

For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.

Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.

Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.

featured

 

Windows 11 Features You Should Fix Now

Turning off all 7 of these features will make Windows 11 feel much less intrusive (and some might boost your computer’s performance), and you’ll have a more enjoyable user experience. Say goodbye to annoying notifications disrupting your workflow, targeted ads, data collection, and more.

1. Pop-up banner notifications

In Windows 11, you’ll often see banner notifications appear in the bottom right corner of your screen. These notifications might contain important system alerts or a not-so-important article from a website you allowed notifications for, but they’re generally regarded as a bit annoying.

If you’ve ever found these pop-up banner notifications distracting, here’s how to disable them.

1. Open the Settings app.

2. Click on System in the left menu.

3. Select Notifications from the center menu.

4. Toggle off the switch next to Notifications at the top of the window.

(Image credit: Future)

If you only want to disable notifications temporarily, you can toggle on Do Not Disturb and set up custom times to not receive notifications.

2. Start menu notifications and recommendations

If you’re not using OneDrive or your Microsoft user account is missing info, you’ll see account-related notifications in the Start menu. Here’s how to stop seeing these pesky notifications.

1. From your Settings app, select Personalization from the left menu.

2. Click on Start in the center menu.

(Image credit: Future)

3. Toggle off the switch next to Show account related notifications occasionally in Start.

The Start menu is also home to recommendations, which can sometimes be helpful, but are more often just a nuisance. To turn these off, toggle the switch next to Show recommendations for tips, shortcuts, new apps, and more.

3. Targeted Microsoft ads

With ads on almost every website you visit and in your social media feed, it’s no surprise that Windows 11 tracks your activities so advertisers can send personalized ads your way. While you unfortunately can’t turn off ads completely on Windows 11, you can disable the use of your unique advertising ID to stop seeing targeted ads.

1. Head to your Settings app.

2. Click on Privacy & Security in the left menu.

3. Select General from the center menu

(Image credit: Future)

4. Next to Let apps show me personalized ads by using my advertising ID, toggle the switch off.

(Image credit: Future)

Optionally, while you’re here, you can also toggle off the switches next to Let Windows improve Start and search results by tracking app launches and Show me notifications in the Settings app.

4. News feed from Widgets

Widgets are one of the best Windows 11 features because they give you a quick glance at info from the apps you’ve added, but the news feed added by default is unnecessary.

1. Open your Widgets board by pressing the Windows key followed by the W key.

2. Click the Settings button (cog gear icon) in the top right corner of the Widgets board.

3. Select Show or hide feeds from the menu.

(Image credit: Future)

4. Toggle off the switch next to Microsoft Start.

5. A pop-up window will appear to confirm your decision. Select Turn off, and when you open your Widgets board next, the news feed will be gone.

(Image credit: Future)

5. Optional diagnostic data and feedback

In order to improve the Windows 11 experience, Microsoft collects a lot of data about your computer and how you use it. While real user experience can certainly help Microsoft improve its operating system, it’s not necessary. Here’s how to limit the amount of diagnostic data and feedback your computer sends to Microsoft.

1. Open your Settings app.

2. Select Privacy & security from the left menu.

3. Click Diagnostics & feedback in the center menu.

4. Toggle off the switch next to Send optional diagnostic data.

(Image credit: Future)

6. Unnecessary startup apps

Many applications open during startup by default, and this can majorly slow down your computer’s overall performance, especially if you don’t notice certain apps are open. If you’re not using an app, there’s no reason for it to be open and sucking up system resources.

Seeing which apps are set to launch at startup and turning them off is incredibly simple to do.

1. Open your Settings app.

2. Select Apps from the left menu.

3. Click on Startup at the bottom of the center menu.

(Image credit: Future)

4. At the top of the window, there’s a Sort by dropdown menu. From the available options, select Startup impact to see which apps are demanding the most resources from your computer.

5. Toggle off any apps you don’t need to open during startup.

(Image credit: Future)

7. Search highlights from Bing

Microsoft’s proprietary search engine is Bing, so you’ll see Bing search highlights when using the the Windows 11 Search interface. If you don’t want to see these Bing results every time you search for something, you can turn this feature off in four simple steps.

1. Open your computer’s Settings app.

2. Click on Privacy & security in the left menu.

3. Select Search permissions towards the bottom of the center menu.

4. Scroll down to the More settings heading, and toggle off the switch for Show search highlights.

(Image credit: Future)

While most of the features just mentioned are objectively annoying, there’s one new feature in Windows 11 that could be seen by some as helpful and by others as intrusive: Microsoft’s new AI Copilot tool. Copilot can help you write emails or summarize long walls of text, but it’s quite a resource-heavy app.

If you don’t want Microsoft’s new AI digital assistant on your device, here’s how to turn off Copilot on Windows 11.

Guide To Blockchain & Tokenization of Assets

This is Dr. Sky Houston with a Max Community Crypto follow-up post-VIP Fourth Industrial Revolution (4IR) Seminar Series.

Following up with our Max Community Seminar Series on Fourth Industrial Revolution, a concept closely aligned with blockchain has gained huge traction and momentum going into 2024: Asset Tokenization.

This article delves into the intricacies of blockchain, explains the concept of asset tokenization, explores its benefits, discusses use cases, analyzes the associated challenges and risks, delves into the regulatory considerations, outlines technical requirements, and offers guidance on implementing asset tokenization in your business.

Quick Download: Dr. Sky’s Guide to Blockchain & Asset Tokenization

I. Quick Refresher on Blockchain (which I introduced in the Max Community Crypto VIP Seminar Series Fourth Industrial Revolution Episode #1)

Blockchain, the foundational technology behind cryptocurrencies such as Bitcoin, functions as a decentralized and distributed ledger system.

Its primary purpose is to meticulously record transactions across numerous computers in a manner that is both highly resistant to tampering and transparent on a Global level across all physical boundaries.

  • Operating on a consensus mechanism, blockchain relies on all network participants to validate and reach a unanimous agreement on the current state of the ledger. This consensus-driven approach eliminates the necessity for intermediaries in the transaction process, heightening security and bolstering participant trust.
  • Blockchain serves as a digital ledger that continuously maintains a record of transactions. These transactions, grouped into blocks, are securely linked chronologically, forming a data chain. The distributed nature of this ledger means that it is replicated across various nodes or computers within a network.
  • As a result, every participant has access to the same ledger, and any alterations or unauthorized changes to the data are virtually impossible due to the consensus mechanism in place. This secure robust system has paved the way for the proliferation of cryptocurrencies and has also found applications in numerous other industries, promising enhanced security and transparency in various domains.

II. How Asset Tokenization Works

Powered by blockchain technology, asset tokenization is a transformative mechanism for translating ownership rights to real-world assets into digital tokens.

  • The initial step involves identifying tangible assets, like real estate, art, or commodities, or intangible, such as stocks and intellectual property, suitable candidates for tokenization.
  • Following asset selection, a digitization process ensues, wherein the asset’s inherent value and ownership particulars are converted into a digital format, setting the stage for a new era of asset management and investment within the digital realm.
  • The next step involves creating tokens on a blockchain platform.
  • These tokens act as digital representations of ownership in the underlying asset.
  • Blockchain technology is pivotal in ensuring the security, transparency, and immutability of accurately representing ownership rights through tokens.
  • These tokens can be enriched with the functionality of smart contracts, enabling the automation of specific actions and conditions linked to the underlying asset.
  • This final step also “connects” each “token” to the Global interconnected “Cloud” 24/7 on demand.

Summary: Asset Tokenization opens the door for seamlessly buying, selling, or trading assets on blockchain-based platforms, offering a Fourth Industrial Revolutionary Level of true scope of open Accessibility and Divisibility on a unprecedented Global level.

IV. Fractional Ownership

  • These tokens fully introduce the concept of fractional ownership, allowing numerous investors to own portions of the asset, thereby democratizing (allocating sharing) investments collectively. 
  • Furthermore, blockchain’s inherent transparency ensures that ownership records and transaction histories are readily accessible and verifiable globally, significantly bolstering trust and minimizing the potential risks of fraudulent activities.
  • Summary: Asset Tokenization represents a significant shift in how we perceive and interact with traditional assets, bringing increased liquidity, accessibility, and efficiency to finance and investment.

V. Top Asset Tokenization Benefits Going Into 2024:

Asset Tokenization offers a myriad of advantages across the globe on a 24/7 digital “Always On” platform:

  • Liquidity Enhancement: Tokenized assets can be traded 24/7, providing increased liquidity compared to traditional assets.
  • Fractional Ownership: Investors can buy fractions of high-value assets, enabling broader participation in investments.
  • Reduced Intermediaries: Tokenization eliminates the need for numerous intermediaries, reducing costs and transaction times.
  • Accessibility: It opens up investment opportunities to a global audience, democratizing finance.
  • Transparency: Blockchain’s immutable ledger ensures transparency and trust in ownership and transaction history.

VI. Use Cases for Asset Tokenization

Asset tokenization finds applications across diverse sectors:

  • Real Estate: Tokenized real estate allows for easy investment in properties, reducing barriers to entry.
  • Art and Collectibles: Tokenization of artwork and collectibles enables fractional ownership and easier trading.
    Venture Capital: Startups can raise funds by tokenizing equity, offering investors liquidity options.
  • Supply Chain: Tracking and verifying the authenticity of products becomes more efficient with tokenized assets.
  • Commodities: Tokenization makes investing in commodities like gold or oil easier.

V. Challenges and Risks of Asset Tokenization

While asset tokenization holds promise, it also faces challenges:

  • Regulatory Uncertainty: Evolving regulations and compliance requirements pose a significant challenge.
  • Security Concerns: The digital nature of tokens makes them vulnerable to cyber threats and hacking.
  • Lack of Standards: The absence of standardized practices can hinder interoperability.
  • Market Adoption: The technology must gain broader acceptance to fulfill its potential.

Understanding Legal and Regulatory Considerations

  • Navigating the legal and regulatory landscape is critical for asset tokenization
  • Securities Laws: Tokens representing ownership may be subject to securities regulations.
  • AML/KYC Requirements: Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance is essential.
  • Taxation: Tax implications vary by jurisdiction and asset type.
  • Privacy: User data protection and privacy regulations must be adhered to.
  • Technical Requirements for Asset Tokenization
  • Successful Asset Tokenization demands specific technical considerations:
  • Blockchain Platform: Choose a suitable blockchain platform based on the use case, like Metallicus (XPR), Stellar (XLM), Ethereum, Binance Smart Chain, or Tezos.
  • Smart Contracts: Develop smart contracts to automate the token creation, transfer, and management processes.
  • Interoperability: Ensure compatibility with other blockchain networks and token standards.
  • Scalability: Address scalability concerns to accommodate increasing transaction volumes.

VI. Implementing Asset Tokenization in Your Business

Implementing asset tokenization requires careful planning, preparation and knowledge to truly embrace for the Digital Revolution called the Fourth Industrial Revolution (4IR):

Identify Assets: Considering legal and market factors, determine which assets to tokenize.
Choose the Blockchain: Select a blockchain platform that aligns with your business needs.
Compliance: Ensure compliance with relevant regulations and enlist legal counsel when necessary.
Token Creation: Develop and deploy smart contracts for token creation and management.
Market Access: List tokens on cryptocurrency exchanges to enable trading.
Security Measures: Implement robust security measures to protect assets and user data.

VII. Dr. Sky Houston’s Final Thoughts & Conclusion

  • Asset tokenization, driven by the capabilities of blockchain technology, stands on the brink of a profound transformation within the financial sector – it is JUST GETTING STARTED beginning 2024.
  • Its potential to democratize investments, enhance liquidity, and simplify transaction processes is poised to disrupt the status quo.
  • Yet, it comes with the imperative task of effectively navigating complex regulatory frameworks, ensuring robust security measures, and surmounting intricate technical challenges.
  • Embracing and comprehending the implications of asset tokenization positions businesses as pioneers of innovation, heralding a paradigm shift across industries and reshaping the concept of ownership in the digital era.
  • Summary: The Digitalization, Blockchain, and “Crypto” Revolution that is part of the Fourth Industrial Revolution (4IR) is just beginning and businesses of all size must prepare now!

How To Lock Down Your Computer

How to Quickly Lock Your Windows 11/10 PC

 

Your privacy matters. That’s why it’s good practice to lock a desktop or laptop whenever you leave it unattended. Use any of the methods below to stop other people from snooping around your PC.

Unlike signing out, locking a computer is faster, just as secure, and doesn’t require you to shut down open programs. You also get to unlock it instantly and pick up where you left off. This article will go through various ways to quickly lock Windows 11 and 10.

Lock Computer via the Start Menu

The most straightforward approach to locking your PC is simply to use the Start menu. Open it, select the User icon or your profile portrait, and choose the option labeled Lock.

Note: If the Lock option is not present, open the Control Panel, go to Hardware and Sound > Power Options > Change what the power buttons do, and activate the box next to Lock to add it.

Lock Computer with a Keyboard Shortcut

If you prefer keyboard shortcuts, an even faster way to lock a Windows computer is pressing Windows Key + L. Use it a few times, and you’ll get it hard-coded into your muscle memory.

Lock Computer with a Desktop Shortcut

If you find it challenging to use the Win + L keyboard shortcut, you can create a desktop shortcut capable of locking your PC just as quickly.

  1. Right-click a vacant area within the desktop area.
  2. Select New > Shortcut on the context menu.
  3. Copy and paste the following snippet of text into the Create Shortcut window and select Next:

rundll32.exe user32.dll,LockWorkStation

  1. Type a name for the shortcut—e.g., “Lock PC”—and select Finish.
  2. Double-click the shortcut whenever you want to lock your PC.

Lock PC via the Windows Security Screen

The Windows Security screen (a.k.a. the Ctrl + Alt + Delete screen) offers another quick way to lock Microsoft Windows. The best thing about this method is that you can use it even if Windows 11 or 10 isn’t responsive. Simply press Ctrl + Alt + Del to get the Windows Security screen to show up. Then, select Lock.

Lock Computer via Task Manager

If you ever find yourself using the Task Manager in Windows 11 or 10 and want to lock down your PC immediately, you can do that using the Task Manager itself.

  1. Right-click the Start button and select Task Manager.
  2. Select More details to expand the default Task Manager view.
  3. Switch to the Users tab.
  4. Select your Windows user account.
  5. Select the Disconnect option at the lower-right corner of the window.

Lock Computer Alongside Screen Saver

If you regularly forget to lock your PC, you can set up a screensaver to kick in automatically and lock your PC when it engages.

  1. Open the Start menu, search for screen saver, and select Turn Screen Saver On or Off to invoke the Screen Saver Settings pop-up.
  2. Open the drop-down menu under Screen saver and pick a screensaver (select Blank if you prefer to keep the computer screen dark when the screensaver is active).
  3. Specify a time in minutes within the Wait box, check the box next to On resume, display logon screen, and select OK.

Your PC will display the screensaver when left idle for the time duration. Press a key or mouse button whenever you want to exit it and get to the Lock Screen.

Lock Computer With Dynamic Lock

Dynamic Lock automatically locks the operating system if it detects a weak Bluetooth signal between your PC and another device. Although it works with any Bluetooth peripheral, using a smartphone (Android or iPhone) is the most practical.

Connect Smartphone to PC

Before activating Dynamic Lock, you must pair your smartphone with your computer.

  1. Put your phone into Bluetooth discovery mode. That’s as simple as visiting its Bluetooth options screen (e.g., Settings > Bluetooth on the iPhone).
  2. Open the Settings app on your PC (press Windows + I).
  3. Select Devices > Bluetooth & other devices.
  4. Select Add Bluetooth or other device > Bluetooth.
  5. Select your phone and go through the onscreen instructions to pair it.

Activate Dynamic Lock

It’s now just a matter of activating Dynamic Lock.

  1. Open the Settings app on your PC.
  2. Select Accounts > Sign-in Options and scroll down to the Dynamic Lock section.
  3. Check the box next to Allow Windows to automatically lock your device when you’re away.

Your PC will automatically lock itself whenever you move away from it with your iPhone or Android smartphone.

Lock Computer via Run Command

You can perform many valuable activities with Run commands in Windows, including locking your PC. Although it’s hard to justify using Run over the above methods, it’s good to know that this way exists.

  1. Press Windows Key + R or right-click the Start button and select Run.
  2. Type the following command into the Run dialog box:

rundll32.exe user32.dll,LockWorkStation

  1. Select OK, or press Enter to lock Windows.

Lock Computer via Windows Terminal

Another obscure way to lock a Windows 11/10 PC requires running a command through the Windows Terminal or Windows PowerShell consoles. Here’s how to use it:

  1. Right-click the Start button and select Windows Terminal (Windows 11) or Windows PowerShell (Windows 10).
  2. Type the following command:

rundll32.exe user32.dll,LockWorkStation

  1. Press Enter.

Tip: The above command also works on the older Command Prompt console. Open the Start menu, type cmd, and select Open to get to it.

While this command is not particularly useful for locking your PC in the moment, it can be handy to include the command in a script so that your PC locks when the script finishes.

Total Lockdown

Locking your Windows PC has no downsides and keeps intruders at bay. It’s easy to forget to do that, however, so it’s always worth taking your time to tweak your screensaver settings or set up Dynamic Lock. While you’re at it, check out how to create a passwordless login in Windows to make getting back in even faster.

 

Cyber Criminals Love You For Using Phones!

antstang/Shutterstock.com

Safeguarding your data by protecting your computers? Great. SMARTPHONES are by far your biggest weakness in cybersecurity today…. And that’s really no surprise to us Cyber Security experts!

Your Smartphone Is Their #1 Target

Some cyberattacks are targeted at a specific individual or company. The victim is selected because they are a high-value target to the threat actors. High value most often means rich financial gains for the threat actors. But sometimes their goal is to exfiltrate sensitive or private documents, intellectual property, or industrial secrets. Occasionally, the entire motive is to cause trouble for the victim. Hacktivists, for example, will try to destroy the victim’s IT systems and information. They want to cause operational and reputational damage to the victim. High value doesn’t always mean money.

Often the attackers are sophisticated organized crime cyber groups or state-sponsored advanced persistent threats groups (APTs). Many of the attacks they launch are against knowledgeable, well-defended targets, and are very difficult to accomplish. They require significant financial backing, top-tier technical skills, a lot of manpower, and operational guidance and control.

The recent attack on FireEye is a case in point. The attack was so sophisticated that investigators believe the perpetrators are a state-sponsored APT. The value, in this case, was stealing the software tools that FireEye uses to probe its customers’ cyber defenses.

By contrast, other cyber attacks try to snare as many victims as possible. No individual target is singled out. The threat actors are playing a numbers game today where we are clearly a “Smartphone Society”.

The numbers are staggering just since 2021…..

  • There are currently 300 million cell phones being used just in the U.S.A.
  • There is an estimated 15 Billion Phones in the world.

Apps and Data Leaks

Phones can run apps. It’s one of their biggest attractions. They’re easy to install and the majority are free. Unfortunately, they can be a cause of data leakage. The developers of the apps need to make money. If they are not charging for the app you have to ask yourself how are they funding development.

The answer is by selling information about you, such as your phone and app usage statistics, your contacts, communications, browsing habits, geographical location, your installed apps, and more. And these are the”legitimate” apps such as the McDonalds app which records, tracks, and documents ALL of the above information and is a BLESSING for any law enforcement / Cyber Security Forensic Investigators such as us).

The worst examples of these apps also capture login credentials and passwords for websites you visit, VPNs that you use, and any of your data & metadata (basically anything on your phone).

Riskware is the name used for free apps that offer to do something entertaining or useful—and actually deliver on that promise—but secretly siphon off information and send it back to the app publishers to be sold to advertisers or criminals. Riskware is different from a phone becoming infected with covert malware. With riskware, the owner of the smartphone chooses to install the app and is aware that it is going to be added to their device.

With the steady blurring that is happening between people’s personal digital lives and their corporate digital lives, most users will be able to get their personal and their business email on the same phone, and it is common for people to juggle multiple inboxes on the same device, often in a blended view. Riskware, or other more malicious apps, will happily harvest data whether it is personal or corporate.

Staff who haven’t been issued with a corporate phone will have a private phone, and they’ll bring it to their place of work and want to connect to the Wi-Fi. Personal phones should be relegated to the guest Wi-Fi or to another Wi-Fi segment set up for employees’ personal devices. They must not be allowed to connect to the main network.

MDM systems can block known bad apps and query unknown apps. Once vetted, the apps are either permitted or blocked. The hard part is to do this in a way that doesn’t overwhelm technical staff and that doesn’t grate on your users. A centralized management system and clear guidance provided when the phone is allocated will help on both fronts.

Choose Your Phone Brand Carefully

The well-documented ban prohibiting US federal contracts from being awarded to Huawei and several other Chinese companies is based on suspicions that the Chinese government could—using provisions in China’s 2017 National Intelligence Law—coerce manufacturers to plant back-doors and other spycraft mechanisms into their products.

Summary: In just under a year the two companies involved made over USD $5 Million dollars just by sending advertisements to the phones. Being the victim of adware is bad enough, but the same techniques could be used to deploy more insidious strains of malware such as keystroke loggers and other spyware. This amount DOES NOT COUNT any $$$ earned indirectly via the PII (Personal Identifying Information such as SSN/DOB/IRS information) easily seen, screenshots and then shared on the Deep or Dark Web. How about them accessing the phone owner/user’s bank account, their emails, credit cards saved, etc.? Yes, this is why it is uncountable in terms of total damage.

Smishing Attacks

Smishing attacks are phishing attacks delivered by SMS message instead of email. This delivery method has several advantages for the threat actors:
  • They don’t need to dress the message in the colors, fonts, and other trappings of corporate livery to make it look convincing.
  • People expect SMS messages to be short and sweet. They don’t expect to be told the entire story in the SMS. It is commonplace to click a link in an SMS to learn more and to get the finer detail.
  • People will more readily overlook poor grammar and misspellings in an SMS message. We’re all used to predictive text mishaps and while this shouldn’t happen in a corporate SMS message, that conditioning makes us more forgiving with that type of error than we would be in a corporate email.
  • In the space-restricted world of SMS messages, shortened URLs are the norm. And shortened URLs can be used to hide the real destination of the link.
  • It is easy to fake—or spoof—the number that sent an SMS message. If you receive an SMS from a telephone number that matches a contact in your address book, your phone will believe that is who sent it. The SMS messages will be identified as having come from that contact and they will be placed in the conversation list for that contact, alongside all of the genuine messages from that contact. All of that adds to the illusion that the message is genuine.

End-point protection suites usually have clients for cellphones, and these will go some way toward preventing malware installations. The most effective defense. of course. is to read articles like these to BE EDUCATED AND EMPOWERED to be aware of smishing, to recognize fraudulent messages, and to delete them immediately.

Loss of Devices

Losing a phone puts a tremendous amount of information about the owner of the phone at risk. If the phone has a poor password or PIN it won’t take long for the threat actors to discover it. PINs based on significant dates are a poor choice. Clues to the dates can be often be found in your social media posts.

Using a strong password or PIN and turning on encryption are good measures to protect the data—both personal and corporate—inside your phone. Installing or configuring tracking options is a good idea so that you can see the location of the device. This can aid recovery.

If you have added a Google account to your phone, Google’s Find My Device should be turned on automatically. Apple has a similar service called Find my iPhone. A third-party centralized system might better suit some corporate needs.

SIM Swapping

You don’t need to lose your device to lose control over it. When you buy a new phone you can transfer the existing number to the new device and activate that as your current ‘live’ handset.

If scammers can gather some information about you they can ring your phone provider and have your number transferred to a handset that is under their control, in a sting called SIM Swapping. To make the transition to your new phone as smooth as possible, both Apple and Google will download copies of all your apps, settings, and data to the new handset. Unfortunately, it is under the control of the threat actors.

A variant on this is to use social engineering techniques to obtain a (say) 5G SIM card for the victim’s phone number, either online or at an outlet. The threat actor then calls the victim and pretends to be from the victim’s phone provider informing them of a free upgrade to 5G. They tell them that an upgrade code will shortly follow. They then text the victim the activation code that came with the fraudulently acquired 5G SIM card. When the victim activates the service it doesn’t upgrade their old 4G SIM. Instead, it ceases the service to it and activates the new 5G SIM. The threat actors have effectively cloned your phone.

These are targeted attacks. The victims have something on their phones that makes the effort worthwhile. The most famous cases of these have targeted cryptocurrency traders or individuals with high-value cryptocurrency accounts. Swapping the SMs allow their digital wallets to be accessed. Individual losses have amounted to tens of millions of dollars.

Public Wi-Fi and Network Spoofing

Phones and other mobile devices are great because of their portable nature, and because they let us get online wherever there is a Wi-Fi connection that we can join. But you need to be careful when you are on public Wi-Fi. Everyone who is using that Wi-Fi is on the same network, and the threat actors can use a laptop and some network packet capture and analysis software to snoop on what your cellphone is sending and receiving. So what you might have thought was private is not private at all.

You shouldn’t use public Wi-Fi if you are going to need to enter a password to log in to one of your sites or to check your email. Don’t do anything sensitive like online banking or using PayPal or any other payment platform. Don’t do anything that will reveal any of your personally identifiable information. Checking the sports scores or catching up on the news is fine. If you’re doing anything else, you should always use a Virtual Private Network (VPN). A VPN sends your data down a private encrypted tunnel making it impossible for threat actors to see.

For a couple of hundred dollars, threat actors can buy portable devices that act as Wi-Fi access points (WAPs). They’ll set up camp in a coffee shop or other public space, and configure their dummy WAP to have a name similar to the genuine free Wi-Fi connection.

Unsuspecting victims—usually those in a rush—will connect to the threat actor’s bogus Wi-Fi instead of the genuine free Wi-Fi. The threat actor’s Wi-Fi is connected to the genuine Wi-Fi so the victim does get online, but everything that the victim types is captured by the threat actor’s device. A VPN will keep you safe in this circumstance too.

A reputable VPN is a must if you are going to be using public Wi-Fi for anything other than the most mundane web browsing. Of course, if you have a really high data quota in your phone package you might not need to join a public Wi-Fi at all.

And while we’re talking about public spaces, avoid publicly shared phone charge points. If they have been compromised they can inject malicious code into your phone.

It’s a Computer, So Patch It

The modern phone is a computer in your pocket that you happen to be able to make calls on. It has an operating system, it runs apps, and you should have some sort of end-point protection suite running on it. All of these should be the current versions and kept patched up to date.

This can be more of a challenge with Android phone than with other devices. Different handset manufacturers blend their own integrations into vanilla Android before distributing it. Samsung, HTC, Sony, and others all provide their own modifications to Android. This slows down the release of Android patches because the patch has to be released to the manufacturers from Google, and then embellished by the third-party manufacturers before it is released to the end users.

Don’t Forget the Users

Adopt good business practices such as app vetting, deploying encryption, and Mobile Device Management. Tell your employees to:

  • Use strong PINs, passwords, or fingerprint recognition.
  • Always use a VPN on public Wi-Fi.
  • Turn off Bluetooth and Wi-Fi when you’re not using them.
  • Be careful what apps you download. Research them first.
  • Turn on backups.
  • Avoid public phone charge points. Carry a booster battery instead.