Zoom’s Popularity and Privacy Concerns

Zoom has become one of the most widely used video conferencing platforms, with over 300 million daily meeting participants. The surge in remote work has significantly contributed to its widespread adoption. While many users appreciate its user-friendly interface and convenience, Zoom presents several privacy risks.

Past Security Issues

Privacy experts have scrutinized Zoom since 2019, when the software played a role in a webcam hacking scandal and contained a bug that let uninvited users snoop on password-protected meetings—a phenomenon now known as “Zoom-bombing.” Since then, Zoom has improved its security by removing problematic features like built-in attention tracking and enabling end-to-end encryption. However, some privacy concerns remain.

Non-Attendees May Watch Your Recordings

If you use a paid Zoom subscription, carefully manage who can access cloud recordings. This feature records meetings, generates text transcriptions, and saves active chats. While useful for attendees, other authorized company users—who may not have attended the session—can also access these recordings. To protect sensitive information, administrators can limit access to specific preapproved IP addresses.

Zoom May Share Your Information with Third Parties

In 2020, an analysis by Vice’s Motherboard revealed that Zoom shared user analytics with Facebook, even for users without Facebook accounts. Zoom later removed this feature, but its privacy policy remained unclear about data sharing with third parties. Zoom has since clarified that it does not share video, audio, or chat content with third parties for advertising purposes. However, you should still review your Zoom and device security settings, minimize permissions when possible, and keep your app updated to ensure all security patches are installed.

If you want to discuss software security and account privacy, contact us at info@optfinity.com.

Though cookies and cached data within your mobile phone browser can improve your browsing experience by keeping you logged into websites and saving website preferences, they can also become burdensome. Cookies are used by websites to track your browsing history so that they can more easily serve you with personalized ads- which can be an annoying and intrusive experience for some. Additionally, too much cached information can slow down your browser’s speed. So, if you own an Android and are interested in clearing your cached data and browser cookies, continue reading to learn how to do so.

If You Use Google Chrome:

• Navigate to the top right corner of the browser and click the “More” button (symbolized by 3 vertical dots)
• Select “History”, then “Clear browsing data”
  • Within this setting, you can also choose whether to clear data from the last 24 hours, the last month, or all data history
• By selecting the “Advanced” option, you can also delete saved passwords, site settings, and autofill form data
• After selecting what you want to delete, click the blue “Clear data” button

If You Use Samsung Internet:

• Navigate to your phone’s settings
• Next, click on “Apps”
• Scroll down and click “Samsung Internet”, then “Storage”
• At the bottom of “Storage”, you can choose to either “Clear cache”, “Clear data”, or both
  • Clicking “Clear data” will bring up a prompt warning that all the app’s data will be deleted permanently
  • This includes files, settings, accounts, and databases

If you Use Mozilla Firefox:

• Navigate to the browser, and select the “More” button in the top right corner (symbolized by 3 vertical dots)
• Click “Settings”
• Go to the “Delete Browsing Data” menu
• Select “Delete any existing open tabs”
  • From this menu, you can also delete your browsing data, site data, site permissions, cookies, and cached images and files

Hope you found this helpful! If you have other questions about how best to secure your devices when browsing online, feel free to reach out to us at info@optfinity.com.

ZLoader Malware Exploits Microsoft Vulnerability

How Hackers Use ZLoader to Steal Sensitive Information
Hackers favor ZLoader malware for its ability to steal user credentials and other sensitive data. Recently, cybercriminals have exploited a vulnerability in Microsoft’s digital signature verification to deploy ZLoader effectively.

How This Threat Affects You
Microsoft’s signature verification tool, Authenticode, ensures that files are legitimate and trustworthy. However, researchers at Check Point Research (CPR) identified that the cybercriminal group Malsmoke has been tricking victims into running a corrupt file disguised as a legitimate and safe program. Once activated, hackers use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information directly from an infected computer.

How to Protect Yourself
If you use Microsoft products, CPR strongly recommends installing Microsoft’s security patch for Authenticode verification immediately. Microsoft first released this patch in 2013, but it has not been mandatory since 2014. Installing this update, along with practicing safe browsing habits—such as avoiding unfamiliar links and refraining from downloading email attachments from unknown sources—offers the best defense against ZLoader malware.

For expert guidance on cybersecurity patches and best practices for your organization, contact us at info@OptfinITy.com.

Ransomware Hits Virginia General Assembly

On December 12th, ransomware struck the Virginia General Assembly, targeting the Legislative Automated Systems branch. This department, the IT arm of the state legislature, manages tasks like publishing, computer technology, and legislative information. Upon discovering the attack, the department quickly shut down most servers to contain the spread. A top agency official called the malware “extremely sophisticated,” but the ransom note included no payment amount or deadline.

Business Operations Severely Disrupted

Although representatives claimed the department remained operational, the attack severely disrupted business, cutting employees off from key systems. Legislators and staff lost access to systems critical for managing bills, a significant issue during December’s busy legislative preparation period. The attack also disabled the Virginia Law Portal, blocking access to the state code and Constitution, and took down the Capitol Police’s internal site, though communication tools stayed functional.

Virginia’s Response and Recovery Efforts

Virginia hired cybersecurity firm Mandiant to investigate and develop recovery plans. However, with the backup system potentially compromised, paying the ransom might be the only way to recover encrypted data.

How to Protect Your Organization

If you’ve experienced a ransomware attack or want to discuss backup and prevention strategies, contact us at info@OptfinITy.com or (703) 790-0400.

The Log4Shell Exploit

On December 9, 2021, a zero-day exploit targeting Log4j, an open-source logging tool, came to light. Log4j helps programs track application errors. The exploit, called Log4Shell, impacts thousands of systems globally, including those of major vendors like Cisco, VMware, Twitter, Amazon, Google Cloud, IBM, and Microsoft.

Hackers have likely exploited this vulnerability since early December. The public announcement triggered a surge in attacks. The Cybersecurity & Infrastructure Security Agency (CISA) estimates hundreds of millions of devices are affected, calling this one of the most severe threats in recent memory.

Why This Vulnerability is Critical

The Log4j flaw has existed for about eight years. It allows hackers to remotely control systems using this software. Exploitation can be as simple as posting a message in a chatbox, as seen in Minecraft.

Hackers are launching hundreds of attacks per minute, using the exploit to steal data, mine cryptocurrency, and deploy tools like Cobalt Strike. Log4j’s widespread use makes the threat long-lasting, as many organizations might not realize it’s part of their network.

What It Means for You

Fortunately, most affected applications are cloud-based, enabling vendors to patch the systems without end-user intervention. Software providers are working quickly to release updates.

Stay vigilant by monitoring notifications from trusted sources about patches for vulnerable systems. Update your software as soon as patches become available.

Need Help?

If you have questions about Log4Shell, email us at info@optfinity.com. We’re here to assist you.

The good news is that most of the affected applications are cloud-based applications, which makes it easier for companies and developers to update the component without having to touch millions of end-users’ devices. Software vendors will be applying these patches as soon as they become available. Additionally, look out for notifications from trusted sources that inform and allow you to update potentially vulnerable systems, as these updates should include a patch.

Should you have any questions about this vulnerability, please feel free to reach out to us at info@optfinity.com.

If you own a smart device—or expect to receive one this holiday season—you may be worried about its security. Devices from Apple, Amazon, and Google offer convenient ways to access information or communicate. However, these companies have faced criticism for recording and reviewing voice data without users’ consent. A bit of skepticism is reasonable.

In 2019, Amazon, Google, and Apple temporarily suspended human review of user audio recordings. This decision followed widespread outrage over privacy concerns. Contractors were listening to anonymized audio clips to improve AI capabilities. Google, in particular, has been criticized for its lack of transparency about whether these recordings are shared with third parties for ad personalization.

Thankfully, if you own a Google Home, Apple HomePod, or Amazon Echo device, there are steps you can take to stop strangers from accessing your voice commands.

To stop Amazon employees from listening to your Alexa voice recordings:

1. Open the Alexa app.
2. Go to Settings > Alexa Privacy > Manage Your Alexa Data.
3. Select Choose How Long to Save Recordings > Don’t Save Recordings, then confirm.
4. Scroll down to Help Improve Alexa and turn off Use of Voice Recordings.

For Google Home devices:

1. Open the Google Home app and click on your profile icon.
2. Navigate to My Activity > Saving Activity.
3. Turn off Include Audio Recordings.

For Apple HomePod or iPhone:

1. If you’ve opted in to share audio data, open Settings.
2. Go to Privacy > Analytics and Improvements.
3. Turn off Improve Siri & Dictation.

Protecting your privacy doesn’t have to be complicated. If you’d like assistance securing your devices—smart or otherwise—feel free to reach out to us at info@optfinity.com.

In the past few weeks, hundreds of WordPress sites have experienced an onslaught of ransomware attacks. The hackers implement encryption notices and demand a ransom of 0.1 Bitcoin, which equates to roughly $5,500 dollars.   The hackers include a countdown timer and tell the website owners that they will delete their entire website, which for a small business can be very costly.

The interesting aspect of this attack though is that it is FAKE.

Researchers have discovered that the websites were in fact not encrypted. Instead, threat actors changed an installed plugin called Directorist to display a ransom note and countdown. Researchers have also noted that hackers used admin credentials to get into these sites, likely as the result of brute-force or stolen credentials purchased through the dark web. However, these attacks appear to be only a part of a much larger campaign, suggesting the latter to be the avenue through which criminals gained access to private information.

So, what can you do? If you’re a WordPress user, review the plugins you use, as WP Reset Pro, OptinMonster, and Hashthemes Demo Importer have all been discovered to have vulnerabilities that hackers could exploit. Additionally, watch for and install software patches and updates to decrease the possibility of your site being attacked. If you’d like to learn more about website development and ransomware protection, you can reach out to us at info@optfinity.com or call us at (703) 709-0400.

The Transportation Security Administration (TSA) recently announced that it will soon implement new cybersecurity requirements on the railroad and airline industries. To many, this comes as no surprise, as critical infrastructure has been subject to a slew of high-profile cybersecurity attacks this past year. The new directives will all but waive existing voluntary cybersecurity measures for these industries in favor of a mandatory cybersecurity baseline. These new guidelines will be implemented by the end of the year, and fines will be imposed on noncompliant contractors and entities.

The Railroad Industry: Now, TSA will require higher-risk railroads to report cyber incidents to a federal agency. Creating cybersecurity point persons and contingency and recovery plans are also part of the forthcoming security directive.

The Airline Industry: As for the airline industry, the TSA will require designated cybersecurity coordinators and reports on cyber incidents to the Cybersecurity and Infrastructure Agency. Entities ordered to follow these new guidelines include critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators.

Though many are familiar with the Colonial Pipeline hack that disrupted access to gas and created a hike in prices, different incidents’ have been of particular concern to policy makers. The Southeastern Pennsylvania Transportation Authority, Cape Cod’s ferry services, and New York City’s Metropolitan Transportation Authority have all been hit with similar malware in the past 2 years, demonstrating the importance of securing the nation’s critical transportation services. If you’re concerned about malware hitting your business, reach out to us at info@optfinity.com or call us at (703) 790-0400.

Many cybersecurity experts are now warning of a new ware called killware. Unlike ransomware and malware, which primarily aim to gain money and access to sensitive data, killware’s aim is to take lives. Authorities warn that these types of attacks could impact hospitals, transportation, law enforcement agencies, banks, and even the water supply. Hospitals specifically are of great concern to officials due to underreporting. As they increase their use of digital tools, they become more dependent on technology to deliver treatment and keep patients safe.

These types of attacks have already forced hospitals to cancel or defer procedures, including critical surgeries. This not only put lives at risk but leaves hospitals vulnerable to HIPPA violation fines and liability lawsuits. Gartner estimates that the financial impact of cyber-attacks resulting in fatalities will exceed $50 billion within the next few years.

Though authorities are now warning that killware will likely become more common and devastating in the near future, these types of attacks are not new. In fact, a recent and prominent example of this occurred earlier this year. Hackers were able to infiltrate a Florida water treatment facility and alter its chemical mixture to a dangerous level before operators noticed and quickly changed the levels back to normal.

One of the best ways to protect your organization from these types of attacks is to implement a strong security policy and train employees to know the warning signs of a cyberattack. To learn more or implement a strong security policy in your organization, contact us at info@optfinity.com or via phone at (703) 790-0400.