Apple’s AirTag devices have risen in popularity since their release in 2021. Though their aim is to help users track items such as their keys or bags by attaching an AirTag to them, some have found more nefarious uses for these tracking devices. There have been reported cases of AirTags being slipped into someone’s bag or car without their content. This act of secretly tracking an unsuspecting victim is a serious concern for survivors of domestic abuse, and has also been used in attempts to stalk others or steal cars.

So, what can you do if you believe someone is using an AirTag to track you? The most basic thing you can do is to manually search yourself and your belongings for places where an AirTag may have been slipped in. However, because of its small size, you may not be able to find the device. Therefore, a good next step is to use a Bluetooth tracking app to scan your area to see if there is an AirTag nearby. If you do find an AirTag nearby and want to find its serial number in case you need to alert law enforcement, you can find that number without alerting the owner by using Apple’s Find My app. First, hold the device up to your phone , tap on the name of it, and then you will be able to see its serial number. Alternatively, you can also tap and hold the top of an NFC-capable smart phone to the white side of the AirTag. The webpage that pops up will contain the serial number. To disable the device so that the owner can no longer see your location, twist it counterclockwise on the back by the Apple logo and take the battery out. When in doubt, contact law enforcement if you believe that you’re being tracked. If you’d like to discuss online safety, feel free to contact us at info@OptfinITy.com or call us at (703) 790-0400.

Cybersecurity experts and the FBI are warning Americans that there will likely be an increase in cybersecurity attacks targeting U.S. citizens and companies. This warning follows a slew of sanctions Western nations have placed on Russia following its invasion of and malware attacks against Ukraine.

Tensions have further escalated since the U.S. and allies blocked some Russian banks from the SWIFT international payment system. Experts warn that ransomware and malware attacks, data wiping and theft, and denial-of-service attacks are among types of attacks that hackers will use as a form of cyberwarfare against the U.S. and its allies.

Cyber experts warn that small- to medium-sized businesses are among the most vulnerable entities, as they typically do not have the cyberattack mitigation plans necessary to prepare for and defend against sophisticated, targeted attacks. The best forms of protection that executives and officials recommend for businesses and individuals alike is to make sure that software and anti-virus systems are up to date, two factor authentication is in place, and a crisis plan has been established. If you’d like to ensure that your organization’s cybersecurity protocols are up to date and secure, feel free to contact us at info@optfinity.com or call us at (703) 790-0400.

If you’re like millions of other Americans, you’ve probably heard of, if not already played, Wordle. This addictively simple word game has boomed in popularity due to its virality, ad-free nature, and lack of a price tag. Unfortunately, this may change soon. In late January, it was announced that the New York Times bought Wordle. The news rattled many users who fear that their favorite game may soon be put behind a paywall like many of the Times’ own games and articles. This notion was confirmed when the Times stated that the game would “initially remain free” to new and existing players.

Luckily for players, there’s a way to play this game for free should it go behind a paywall. Wordle runs on a browser, which means that all of its code is saved as plaintext on the game’s website. To grab the free  version, players only need to right click in their browser, select “save page as webpage”, and save Wordle as an HTML file. Then, the original game can be played offline. By clicking on the saved HTML file, it should then open the game in a browser, even if you’re offline. Further, because the game is based on a list of over 2,000 five-letter solution words, an offline version should (in theory) allow users to play free every day for seven years. Before dashing to download the HTML, be aware that you may not be able to save your streak, and sharing would be messy- if even possible. If you’d like to learn more about optimizing your technology and devices, feel free to reach out to us at info@optfinity.com.

In recent years, Zoom has become one of the most popular video conferencing platforms in the world, boasting over 300 million daily meeting participants- largely due to the sharp increase in remote working trends. Though many people find its interface user-friendly and convenient, it certainly comes with a host of privacy risks. Privacy experts have been concerned about Zoom since 2019, when the software disclosed its involvement in both a webcam hacking scandal along with a bug that allowed uninvited users to snoop in on video meetings- even ones protected with a password (now known as “zoom-bombing”). Since then, Zoom has cleaned up its act and disabled concerning features, such as its built-in attention-tracking features, and enabled security features like end-to-end encryption. However, there are still several privacy concerns to watch out for.

1. Non-Attendees May be Watching your Recordings: If you pay for a Zoom subscription, be mindful of who you allow to access cloud recordings. This feature, which allows hosts to record the meeting, text transcriptions, and active chats within the meeting, can be useful as a reference for meeting attendees, but can also be accessed by other authorized users at your company- including those who may have never attended the session. If you’re concerned, Zoom allows administrators to limit the recording’s accessibility to only certain preapproved IP addresses.
2. Zoom May be Sharing your Information with Third Parties: In 2020, Vice’s Motherboard conducted an analysis that found Zoom was sharing user analytics with Facebook- even if the user didn’t have a Facebook account. In March of 2020, Zoom announced the removal of this feature, but its updated privacy policy remained murky regarding its data sharing practices with third parties. Since then, Zoom has clarified that, “No data regarding user activity on the Zoom platform — including video, audio, and chat content — is ever provided to third parties for advertising purposes”. Regardless, you should probably look over your Zoom and device security settings, minimizing permissions when possible. Additionally, make sure your Zoom app is up to date to ensure that any security patches have been installed.

If you would like to discuss software security and account privacy, feel free to contact us at info@optfinity.com.

Though cookies and cached data within your mobile phone browser can improve your browsing experience by keeping you logged into websites and saving website preferences, they can also become burdensome. Cookies are used by websites to track your browsing history so that they can more easily serve you with personalized ads- which can be an annoying and intrusive experience for some. Additionally, too much cached information can slow down your browser’s speed. So, if you own an Android and are interested in clearing your cached data and browser cookies, continue reading to learn how to do so.

If You Use Google Chrome:

• Navigate to the top right corner of the browser and click the “More” button (symbolized by 3 vertical dots)
• Select “History”, then “Clear browsing data”
  • Within this setting, you can also choose whether to clear data from the last 24 hours, the last month, or all data history
• By selecting the “Advanced” option, you can also delete saved passwords, site settings, and autofill form data
• After selecting what you want to delete, click the blue “Clear data” button

If You Use Samsung Internet:

• Navigate to your phone’s settings
• Next, click on “Apps”
• Scroll down and click “Samsung Internet”, then “Storage”
• At the bottom of “Storage”, you can choose to either “Clear cache”, “Clear data”, or both
  • Clicking “Clear data” will bring up a prompt warning that all the app’s data will be deleted permanently
  • This includes files, settings, accounts, and databases

If you Use Mozilla Firefox:

• Navigate to the browser, and select the “More” button in the top right corner (symbolized by 3 vertical dots)
• Click “Settings”
• Go to the “Delete Browsing Data” menu
• Select “Delete any existing open tabs”
  • From this menu, you can also delete your browsing data, site data, site permissions, cookies, and cached images and files

Hope you found this helpful! If you have other questions about how best to secure your devices when browsing online, feel free to reach out to us at info@optfinity.com.

ZLoader is a popular malware among hackers, and has recently been used to steal user credentials and other sensitive information by exploiting a vulnerability in Microsoft’s digital signature verification.

So how does this affect you?  Microsoft’s signature verification tool Authenticode is used to ensure that a file is legitimate and trustworthy. Researchers at Check Point Research (CPR) have concluded that the cybercriminal group Malsmoke is responsible for this campaign it operates by tricking victims into running a corrupt file that appears to be signed as legitimate and safe. From there, hackers can use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information right from your computer.

So, what can you do to avoid being hit with this malware? If you’re a Microsoft user, CPR recommends that you install Microsoft’s security patch for Authenticode verification ASAP. Fortunately, this patch has been available for installation since Microsoft first discovered this vulnerability in 2013- but downloading it has not been mandatory since 2014. This update, as well as common-sense practices like avoiding clicking on unfamiliar links or downloading attachments found in emails, are users’ best lines of defense against this malware. If you’re interested in discussing cybersecurity patches and best practices for your organization, feel free to reach out to us at info@OptfinITy.com.

Ransomware Hits Virginia General Assembly

On December 12th, ransomware struck the Virginia General Assembly, targeting the Legislative Automated Systems branch. This department, the IT arm of the state legislature, manages tasks like publishing, computer technology, and legislative information. Upon discovering the attack, the department quickly shut down most servers to contain the spread. A top agency official called the malware “extremely sophisticated,” but the ransom note included no payment amount or deadline.

Business Operations Severely Disrupted

Although representatives claimed the department remained operational, the attack severely disrupted business, cutting employees off from key systems. Legislators and staff lost access to systems critical for managing bills, a significant issue during December’s busy legislative preparation period. The attack also disabled the Virginia Law Portal, blocking access to the state code and Constitution, and took down the Capitol Police’s internal site, though communication tools stayed functional.

Virginia’s Response and Recovery Efforts

Virginia hired cybersecurity firm Mandiant to investigate and develop recovery plans. However, with the backup system potentially compromised, paying the ransom might be the only way to recover encrypted data.

How to Protect Your Organization

If you’ve experienced a ransomware attack or want to discuss backup and prevention strategies, contact us at info@OptfinITy.com or (703) 790-0400.