Google has flagged multiple apps created by Pinduoduo, a Chinese e-commerce giant, as malware. In the past few weeks, several Chinese security researchers have accused Pinduoduo of making apps for Android that contain malware designed to monitor users. Google has set Google Play Protect, an Android security mechanism, to prevent users from installing these malicious apps. They are also prompting users that already have the apps downloaded to uninstall. Google has suspended their official app from the Play Store while they further investigate the situation.

In an response to TechCrunch’s outreach, Pinduoduo’s spokesperson Kong Ho stated the following:

“We strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that Pinduoduo app is malicious. There are several apps that have been suspended from Google Play at the same time and we find it peculiar that TechCrunch chose to single out Pinduoduo.”

While further updates will be needed to clear the situation up, we recommend avoiding Pinduoduo apps in the time being. Once more information is available, it’ll be easier to assess if Pinduoduo is a trustworthy app manufacturer. As always, it’s best to stay alert in cautious in these types of scenarios. If you have any questions about avoiding this malware or general IT topics, feel free to reach out to us at info@optfinity.com.

Dish, the US television provider, confirmed a ransomware attack in which intruders exfiltrated data from its systems. The multiday outage happened in late February 2023 and affected Dish’s main website, apps, customer support systems, and streaming services. Dish determined the outage was due to a “cyber security incident” and that they were looking to “contain, assess and remediate the ransomware attack.” Attackers were able to extract data from Dish’s IT systems, noting that personal information may have been involved. The scale of this ransomware attack is still unknown, although Dish does have roughly 10 million customers overall.

Dish released the following statement on their website:

The security of our customers’ data is important to us, and if we learn that information was compromised, we’ll take the appropriate steps and let any impacted customers know.

As a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments. We’re making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored. DISH TV continues to operate and is up and running.

If you are a Dish customer, you may want to change your account password in the meantime to help protect your information. If you feel that you may need a refresher, we recommend reviewing our recent article on best password practices. If you have any further questions about this ransomware attack, cybersecurity, or any general IT questions, feel free to reach out to us at info@optfinity.com.

ChatGPT is an AI driven natural language processing tool and has been the talk of the town since its release in November. The web-based chatbot has already been utilized for everything from crafting college level essays to writing computer code. Concerns have arisen in the academic realm due to the possibility of cheating, while many in the copywriting industry are worried about losing their jobs. The cybersecurity industry has also taken notice of potential threats ChatGPT may create.

The Concern

Check Point, an Israeli cybersecurity company, demonstrated that ChatGPT can be used in tandem with OpenAI’s code-writing system Codex to create phishing emails carrying a malicious payload. One major weakness of phishing attempts is their lack of sophistication – it is often quite clear that these emails are spam or attempting to extract information. However, with ChatGPT it will become very easy to create well written and believable emails. This poses a major cybersecurity threat, as more workers may accidentally expose confidential information.

Reasons for Optimism

There are plenty of ways ChatGPT can be used for good as well though. Cybersecurity professionals can use ChatGPT to generate code in order to simulate threats, exposing weak points in their defenses that can be improved. If further developed, ChatGPT may also become useful for automating tasks, drafting articles, and writing code.

Ultimately, ChatGPT is a technology that will be used on both sides of the cybersecurity war. The most important thing anyone can do at this time is just to be aware of the potential risks and take preventative steps to mitigate them. If you have any questions about ChatGPT, the protection of your information, or any general IT questions, feel free to reach out to us at info@optfinity.com.

46% of all cyber-attacks impact businesses with under 1,000 employees. Couple this with IBM’s report stating 60% of those businesses end up closing their doors within 6 months of a cyber-attack, and it becomes easy to see how important cyber insurance is becoming. Yet, many at risk businesses do little or nothing at all to protect themselves.

It’s easy to assume that large sized businesses are the primary target of cyber-attacks. However, most of these companies have high levels of cyber security. Meanwhile, many small and medium sized businesses have poor security measures. This means their data is on average easier to obtain and may contain access to larger partners and vendors as well. Most phishing and ransomware schemes are games of numbers and opportunity, meaning most hackers will have a wide net of targets. So while small business owners may feel that they’re “flying under the radar”, they may actually be at the greatest risk.

In this era of increasingly sophisticated phishing schemes, cyber insurance has become an essential starting point for businesses. Cyber liability insurance helps protect businesses from the high costs involved in recovering from a data breach or malware attack. Additionally, it can provide the technical resources needed to regain access to data, restore system access, and assist in managing reputational damage.

However, cyber insurance doesn’t offer preventative and protective measures. In order to qualify for cyber insurance, basic cyber hygiene needs to be in place within your business. This cyber hygiene includes keeping data organized and secure as well as having established best practices in place.

Three Steps to Best Cyber Practices

First, you need to assess your cybersecurity posture. Maintain a list of all software, hardware, and applications your business uses. Analyze your business for vulnerabilities such as how old equipment is disposed of, if staff are being properly trained on safe practices, and if employees are connecting to work remotely.

After that, create a hygiene policy for your company to follow. This includes procedures such as using complex passwords and multifactor authentication for sign-ins, consistent software and security updates, backing up data, and only giving permissions to the required personnel.

Lastly, do your research and find the right cyber insurance for your needs. Compare different plans and find the coverage and benefits that fit your business best. Following the first 2 steps listed can help you to get lower insurance rates and get the right policy for your needs.

Every business should have cybersecurity in place in 2023, and cyber insurance has become a needed part of that equation. If you are not currently setup with the above mentioned items or if you have any questions about cybersecurity, cyber insurance, or any general IT questions, feel free to reach out to us at info@optfinity.com.

The orange and green dots that you may now see on the top of your iPhone screen (for devices with iOS 14 or later) are part of an enhanced privacy and security update. When an orange dot appears right above your cellular bars, it means an app is using your iPhone’s microphone. It can be any third-party app, or a basic function of your iPhone such as making a call or utilizing Siri. When you see the orange dot appear, you can swipe down from the top right of your screen to view which apps are currently using your microphone.

When a green dot appears in the top right corner of your iPhone’s screen, this means an app is using your camera and/or your microphone. Just like with the orange dot, you can swipe down from the top right corner of your screen to see which apps are using your camera. If you have an Android 12 or later, a green dot in the top right corner of the screen will inform you when your phone’s camera or microphone is being used. You can swipe down on your screen to show the notification bar, and from there click the green dot to see which apps are using your camera/microphone.

If you see an indicator that your microphone/camera are in use even though you aren’t using any apps, it likely means an app has permission to access those features even when it isn’t in use. If this is not the case, it’s possible your phone may have been hacked. To avoid this, you may want to look into installing antivirus software on all your devices. If you have any questions about your phone’s security or IT in general, feel free to contact us at info@optfinity.com .

It’s National Change Your Password Day, so it’s a great time for a refresher on creating good passwords and why you should use a secure password manager. These steps are easy to follow and don’t take much time but are essential to keeping your personal information safe on the internet.

Best Password Practices

• Passwords should be a minimum of 8 characters
• You should use a mixture of upper and lowercase letters, numbers and symbols
• Refrain from spelling any dictionary words
• Enable multifactor authentication (MFA)
• Never use the same password for more than one account
• An example of an effective password would be: %PLxO23saX2#q

For a lot of people, this might seem very difficult to do when you have so many accounts.   That is why we recommend the use of a password manager. If you aren’t familiar, password managers record your log-in information when first signing into a website, and then auto-fill the information on subsequent visits. This allows for all your accounts to have different passwords without having to remember each specific one. Password managers can even auto-generate strong passwords for you.

Many password managers keep your master password locally and not on a remote server, protecting your account in the event of a data breach. Even the best password managers have vulnerabilities and can be hacked, but quality managers are based on zero-trust security. This means that all your passwords are encrypted at the device level, and not accessible to the password manager itself or any outside parties. However, if someone did get access to your master password, they could access your vault. This is why using multifactor authentication is still vital.

Creating strong passwords, enabling multifactor authentication, and using a password manager are all great and easy ways to keep your personal information secure in 2023. If you have any questions about password managers or IT in general, feel free to reach out to us at info@optfinity.com.

Apple announced Safety Check in 2022, an iOS security feature designed to view the information you’re sharing with others, such as your location or credentials. The feature allows you to instantly revoke those permissions, with the intention to help protect against domestic abuse. However, Safety Check can be useful for anyone with an iPhone that’s interested in their privacy and security.

The Safety Check feature not only protects against domestic abuse, but also can be used to keep an eye on all your downloaded apps and revoke permissions as desired. For example, camera and speaker permissions for any app can be changed at will.

How to use Safety Check to monitor app permissions:

• Launch Settings
• Click Privacy & Security, and then click Safety Check
• Select Manage Sharing & Access
• Use Face/Touch ID to access the security feature

After these steps, you’ll get a detailed summary of what you can review, such as people, apps, and account security. Since we’re focusing on app permissions, we’ll skip through the Sharing with People section and go directly to App Access. Here, you will see a list of your third-party apps, as well as what information is being shared with them.

To revoke an app’s permissions, just check the circle next to the app and then tap Stop App Access at the bottom of the screen. You can revoke different permissions from apps, such as Bluetooth, camera, location and more. Just be mindful of what you disable, as some permissions are needed for apps to function properly.

If you have any questions about your phone’s security or IT in general, feel free to reach out to us at info@optfinity.com.

Apple has positioned itself as a company that cares about consumer privacy over the past decade. However, a shift in Apple’s business model towards services such as Apple Music, iCloud, and Apple TV has led to more in-app advertising than ever before. Apple has always collected data about its customers but increases in their service business and advertising may lead to additional data collection. This creates room for concern, so we’ll go over what is known regarding Apple’s data collection policy.

Data Apple Collects by Default

As soon as you start using Apple’s products, data begins to be collected. Basic data such as your name, email address, and payment information are stored (standard practices for any business). Apple’s privacy policy also states it can collect data on how consumers use their devices. This data includes the apps you use, search history within apps, analytics, and crash data. Location, health, and fitness information can be collected as well, but only if you give permission. While you don’t need to give out this information, it is necessary to properly utilize certain Apple apps – such as the Health app, which can track useful data including statistics on sleep and exercise.

Some Apple systems, such as Game Center, don’t send your data back to company servers. Additionally, Apple Maps uses a rotating identifier instead of linking directly to your Apple ID, making it harder to identify you individually. Measures such as these show that Apple does try to take user privacy into account.

How to limit the data Apple collects

Apple ads take on two forms: contextual and personalized. Contextual ads are based on device information such as keyboard language, location data (if it is shared/enabled), and searches made in the app store. Personalized ads lump consumers into groups of 5,000+ people sharing similar characteristics such as age, gender, and location (based on registered post-code).

It’s possible to opt out of personalized ads in the App Store. Here’s how:

• Go to Settings
• Select Privacy and Security
• Then click Apple Advertising
• Toggle Personalized Ads off

Within Privacy & Security, you may also wish to visit Analytics & Improvements. Within this setting, you can stop Apple from collecting iPhone and iCloud analytics data if desired. You can also review all your app’s permissions in the Privacy & Security section. While some data sharing is necessary and can improve the user experience, it’s always a good idea to be aware of what information you’re sharing. If you have any questions or concerns about data collection and security, feel free to reach out to us at info@optfinITy.com.

Many of us have wound up with Amazon Echo devices in our homes over the last few years, and even more likely received them over the holiday season. While these devices (commonly referred to as Alexa) can go anywhere and offer some great functionality, you may wish to avoid keeping them in your bedroom.

Alexa is hands free – it listens to your requests and instantly plays the song you’re looking for, tells you the weather forecast, or rattles off your shopping list. However, because it needs to listen for these commands, it can also record your conversations without your consent. Due to this reason, you may have greater peace of mind keeping Alexa in a spot you’d feel comfortable having company in. Spaces you’d typically host guests such as the living room or kitchen are ideal.

Amazon has confirmed that their staff listens in to conversations recorded by Alexa in order to improve the device’s understanding of human speech. In fact, members of the staff listen to up to 1,000 audio clips per day. However, due to negative feedback, Amazon now allows user to turn off Alexa’s recording as desired. Here’s how:

• Open the Alexa app on your phone
• Access Settings
• Select Privacy
• Click Manage Your Alexa Data
• Choose How Long To Save Recordings
• Select Don’t Save Recordings, then select Confirm
• Scroll to Help Improve Alexa
• Go to Use of Voice Recordings and switch it off

You can also mute your Alexa Echo by toggling the mute button on your device. You can also fully unplug the device to ensure it isn’t listening to your conversations. If you have any questions or concerns about Amazon’s Echo devices, or any general IT inquiries, feel free to reach out to us at info@optfinity.com