Google Settles Lawsuit for Tracking Users in Incognito Mode

By -- 2024-01-12 in Blog

Is your search activity truly private in private mode?

Google has finally settled a lawsuit from June 2020 alleging that users were misled by having their activity tracked while browsing in incognito mode. According to The Hacker News, the plaintiffs filed a claim that Google violated federal wiretap laws by using Google Analytics to collect information when in private mode.

The case is a vital reminder of the importance of reading the fine print when it comes to your privacy. Google’s displayed message informs users that their search activity is potentially still visible to websites they visit, employers or schools, or to their internet service provider.

A common misconception is that enabling private mode ensures searches will not be traced or tracked whatsoever. In reality, incognito mode simply means that user activity will not be saved locally to the browser. This means that websites utilizing advertisement technologies and analytics APIs can continue to track and monitor all activity.

Ultimately, the court could not find evidence that Google explicitly consented to the alleged data collection. The terms of the settlement have not been disclosed.

Users must inform themselves of best cyber practices to browse securely. Clearing cache and cookies regularly can help protect your information from websites tracking your data for advertising purposes. To truly be safe, avoid searching or browsing on any websites that you wouldn’t want your employer or anyone else to see.

Update: April 3rd, 2024

In response to the 2020 lawsuit Google has agreed to destroy billions of data records. The step holds significant implications for the conversation surrounding online security and privacy.

For more cyber safety tips visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Can Hackers Still Bypass 2FA?

By -- 2024-01-10 in Blog

Despite having 2FA enabled, Mandiant, a Google-owned company, was recently the victim of a cyber-attack against their Twitter account with over 100,000 followers.

To appear more legitimate, the hackers renamed the account “Phantom” and updated the bio to pose as the Phantom Cryptocurrency wallet. The hackers then used the account to promote links to a phony website claiming to offer free $PHNTM cryptocurrency tokens.

Aside from attempting to gain access to financial information, the hackers also mocked Mandiant in a series of tweets suggesting that the company change the password and check the account bookmarks once they got control of the account again. Upon regaining control of the account, Mandiant confirmed that they had 2FA enabled and were looking into the issue.

2FA, also known as multifactor authentication, requires an extra layer of security where you need to insert a code from an app, fingerprint, facial scan, or an additional method to authenticate your identity. You can check out our previous blog post on how 2FA can help you make your passcodes more secure to learn more about it.

The Mandiant breach serves as an important reminder that 2FA does not completely defend against cyberattacks. You should still enable 2FA to protect yourself, but it should be used in addition to safe cyber habits and frequent monitoring.

Don’t leave your cybersecurity to chance: visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

An Advanced iPhone Hack is Putting Apple Users at Risk

By -- 2024-01-9 in Blog

If you’re an Apple user, your data may be vulnerable to one of the most sophisticated attacks  of 2023. A recent discovery by Russian cybersecurity company, Kaspersky, has brought to light an advanced spyware attack that was able to target Apple iOS devices. According to Hacker News, the attack, which was dubbed Operation Triangulation, used four never-before-seen zero-day vulnerabilities to bypass hardware-based security protections and gather sensitive information from devices running iOS versions up to iOS 16.2.

The attack begins with an iMessage carrying a malicious attachment that automatically processes and deploys a spyware module without user interaction. This means that the user wouldn’t even need to open the attachment for the attack to be successful. The severity of the attack is evident in the fact that it was able to bypass Apple’s strong security protocols, which is a major cause for concern.

Apple did release patches for some of the vulnerabilities in January 2023, but others were addressed in iOS 15.7.7, iOS 15.8, iOS 16.3, iOS 16.5.1, and iOS 16.6.1. One of the vulnerabilities, CVE-2023-38606, was used to bypass hardware-based security protections. The exploit allows the threat actor to gain complete control of the compromised system.

The discovery of Operation Triangulation is a wake-up call for Apple and its users. It shows that even the strongest security measures can be breached, and users need to stay vigilant and keep their devices updated with the latest security patches. With the increasing number of cyber threats, it’s imperative to take security seriously and take all necessary steps to protect ourselves and our devices.

For more cyber safety tips visit www.optfinITy.com. Book a free network consultation at sales@optfinITy.com or 703-790-0400.

Is Your Smart TV Spying On You?

By -- 2024-01-3 in Blog

Are you planning to upgrade to a smart TV? You might want to think twice before making that purchase.

According to a recent warning from an FBI field office, Smart TVs could leave owners vulnerable to advanced cyberattacks. Features of these high-tech devices include facial recognition, internet streaming, and microphone sensors – all of which create a field day for cybercriminals looking to take control of your unsecured smart TV and wreak havoc on your life.

Once cybercriminals gain access to the Smart TV, they can change channels, adjust volume levels, and display inappropriate videos and media. More alarming, however, is the potential for cyberstalking via hacking the device’s camera and microphone settings.

To avoid falling victim to such cyberattacks, the FBI recommends that smart TV owners should:

  1. Educate themselves about their device’s security settings
  2. Create complex passwords
  3. Routinely install software updates by Smart TV manufacturers
  4. Disable microphones and cameras

If your smart TV doesn’t allow the disabling of cameras, placing black tape over the camera is a simple solution to keep your privacy intact.

It’s easy to get caught up in the exciting perks of the latest fancy device and forget potential drawbacks. So, while you’re out shopping for those super sales this holiday season, don’t forget to be mindful of the risks of using smart TVs and take the necessary precautions to protect yourself from potential cyberattacks.

For more cyber safety tips visit www.optfinITy.com or contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Use of Blockchain Poses New Cybersecurity Risks

By -- 2023-12-14 in Blog

Blockchain technology is most commonly associated with cryptocurrencies, but it has many potential applications for cybersecurity. Blockchain is a decentralized ledger that records transactions securely and transparently. This makes it ideal for storing sensitive data such as financial records or personally identifiable information.

However, the use of blockchain also poses new cybersecurity risks. For example, if a hacker gains control of a blockchain network, they could potentially manipulate or delete data. Additionally, blockchain networks are only as secure as their weakest link, so it is important to ensure that all participants in the network are properly secured.

Organizations must guarantee that their blockchain networks are appropriately safeguarded and supervised. This includes implementing strong authentication and access controls, regular vulnerability assessments, and penetration testing. It is also important to ensure that all participants in the network are properly vetted and secured.

With the appropriate measures in place, organizations can harness the full potential of these emerging technologies while minimizing cybersecurity risks.

Unsure of vulnerabilities in your network? Schedule a FREE consultation with OptfinITy Today. Contact 703-790-0400 or sales@optfinITy.com to learn more.

23andMe Data Breach Impacts 6 Million Users

By -- 2023-12-8 in Blog

23andMe, the popular genetic testing company, reported a data breach in October, which was later found to have impacted nearly 14,000 user accounts. Unfortunately, recent information has uncovered that the actual impact of the breach extended much further than a small fraction of users. According to Wired, the attackers collected the personal data of around 5.5 million people who had opted to use the company’s DNA Relatives service, along with an additional 1.4 million DNA Relatives users.

The data stolen included display names, relationship labels, predicted relationships, and percentage of DNA shared with DNA Relatives matches. Additional data including ancestry reports, self-reported locations, ancestor birth locations, family names, profile pictures, birth years, links to self-created family trees, and other profile information was also compromised.

The incident speaks to the importance of user data sharing between companies and software features that promote social sharing, especially when the information puts personal details about user identity at risk.

The devastation of the breach is a wake-up call for businesses to bolster cybersecurity efforts. While no industry is fully safe from a cyberattack, sectors in healthcare, financial services, legal services, and any company like 23andMe that deals with confidential data on a large scale are especially vulnerable.

Cyber breaches can be devastating to any organization’s reputation and bottom line, regardless of company size or revenue. To stay ahead of cyber risks in your organization’s network, you can schedule a free consultation with us today.

Contact us for a free consultation at sales@optfinITy.com or 703-790-0400.

Five Tips for Online Shopping Safely

By -- 2023-12-1 in Blog

The holiday season may be the busiest online shopping season of the year – but that also means it’s the busiest for eCommerce and phishing scams. According to Cybersource, phishing ranked as the leading form of eCommerce fraud in 2022, impacting 43% of global eCommerce merchants. Hackers deceive shoppers into revealing their personal or financial information by sending fake emails, messages, and websites.

If you are planning on participating in online sales this holiday season, read through our cyber safety guide to stay informed of best practices:

1. Shop with retailers you trust

It is always safest to shop with brands that are reputable with a proven track record. This doesn’t mean avoiding small businesses and new companies – but do your research first. Read reviews and seek information online from previous buyers. Websites like Trustpilot provide real customer reviews and experiences to vet companies properly.  

2. Stay wary of unbelievable deals

Those unbelievable discounts may seem too good to be true – because they are. Bad actors will lure shoppers with irresistible deals to persuade them into divulging their personal information. The FBI noted a spike in these incidents from paid ads on social media platforms.

Even if the discount comes from a link or an email of a trusted retailer, it is always safest to go directly to the site first. Closely inspect any links or emails you receive and watch for the warning signs.

3. Don’t browse on public Wifi

Avoid using public Wifi while online shopping or accessing private information. It may be tempting to browse your favorite shops while sitting at your local coffee shop, but you never know who may be around you – or what they are capable of.

If you do use public Wifi, protect yourself with a VPN. A VPN prevents cybercriminals from being able to see your device’s activity or from intercepting your personal information.  

4. Pick strong passwords

It may be time to update that password you picked out 10 years ago and have used for everything since. Use a trusted password keeper and log your strong passwords to remember your information. Make it complex and avoid common dictionary words or personal information (this means no more using birthdays or the name of your beloved pet).

5. Pay with a credit card

Credit cards don’t give sellers direct access to the money in your bank account. Plus, most credit cards offer $0 liability for fraud. This means your money is protected even if the worst-case scenario does happen.

The hustle and bustle of the holiday season can be stressful as it is. Avoid additional cyber headaches by staying informed and investing in your network security. Learn more about how our team can protect you and your business today at 703-790-0400 or sales@optfinITy.com

Android iMessage App Shut Down Over Privacy Concerns

By -- 2023-11-27 in Blog

The launch of the Sunbird app, ‘Nothing Chats’, made headlines last week after promising to solve all the current issues users face with Android/iPhone text threads. The app was supposed to allow Phone (2) users to connect their Apple IDs and access iMessage on their Android devices, eliminating low-quality images, videos, and random glitches in group messages. Soon after its launch, however, the app was taken down from the Google Play store, citing privacy and security issues.

While the app and Sunbird advertise the end-to-end encryption of the service, the platforms put user data in jeopardy. This is because they require users to sign into a third-party Mac with their Apple ID. When users connect to Nothing Chats with their Apple ID, they are actually logging into a Mac Mini in a Sunbird server farm in the US or Europe which routes their messages from Android to iOS.

Questions surrounding the safety of the app pointed out that one breach of Sunbird’s servers could expose all of the connected devices and data to vulnerabilities. These concerns over the promised security of the end-to-end encryption for user messages and files turned into reality on the launch date. 9to5Google reports that over 630,000 files of data stored were easily accessible to other users and private messages were downloaded with only a short bit of code. Soon thereafter, Sunbird and Nothing blocked the download of the app from the Google Play store to “fix several bugs.”

The privacy nightmare of Nothing Chats brings forth an important cyber safety lesson. Before giving a third-party app access to personal information, it is important to understand the full extent of the risks involved. An app may offer a service that is functional and helpful, but that does not mean it is worth compromising your data. Always do your research and ask the right questions before giving up your information.

For more cyber safety tips visit www.optfinITy.com. Book a free network consultation at sales@optfinITy.com or 703-790-0400.

Employee Checking Personal Email Caused Okta Data Breach

By -- 2023-11-13 in Blog

Did you know that a seemingly trivial act like logging into your personal Google account from your work-managed computer could lead to a massive data breach? According to Okta, an identity and access management provider, a breach of their backend support case management system was caused by an Okta employee logging into their personal Google account from a workplace-managed computer.

The attack took place because the employee logged into their personal account on Google, which saved the company session information into their account.  The hacker most likely got credentials through a phishing technique and was then able to use that session information to login to the Okta services.  The easiest solution to this is to make sure employees don’t access personal accounts using their company laptops.

Unfortunately, it’s too late for Okta employees. The company is now prohibiting all staff from logging into their personal Google accounts from work-managed machines.  

The bottom line is that even the smallest of actions can have a significant impact on the security of your organization’s data. A cyber-attack can happen to anyone, at any time. So always be mindful of your online activities and take appropriate measures to protect your organization’s information.

Learn more about how our team can protect you and your business today at 703-790-0400 or sales@optfinITy.com

Protect Your Business from Cyber Threats with Employee Cybersecurity Testing and Training

By -- 2023-11-7 in Blog

Cybersecurity remains a top concern as businesses continue to navigate the digital age. While many companies invest in software and hardware to protect their systems, some overlook the importance of employee cybersecurity testing and training.

Employee cybersecurity testing and training are crucial for businesses to ensure that their employees are aware of potential cyber threats and how to avoid them. By implementing regular training and testing, businesses can minimize the risk of cyberattacks and protect their sensitive data.

One of the most common ways hackers gain access to a company’s network is through employee error. According to a report by Verizon, 94% of malware was delivered via email in 2019, and 33% of all data breaches were caused by phishing attacks. Cybersecurity training can help employees identify these threats and teach them how to avoid them.

Additionally, regular cybersecurity testing can help businesses identify potential vulnerabilities in their systems. By simulating real-world cyberattacks, businesses can discover weak points in their systems and take steps to strengthen them. This proactive approach can help prevent data breaches and other cyber incidents.

Another benefit of employee cybersecurity training and testing is that it can help create a culture of cybersecurity awareness within the company. When employees understand the importance of cybersecurity and how to protect sensitive data, they are more likely to take the necessary precautions to keep the company safe. According to a Ponemon Institute report, companies with a strong security culture have an average of 1.5 fewer data breaches per year than those without.

Employee cybersecurity testing and training are essential for businesses to protect themselves from cyber threats. By investing in regular training and testing, companies can minimize the risk of cyberattacks, identify vulnerabilities in their systems, and create a culture of cybersecurity awareness within the company.

OptfinITy’s employee cybersecurity testing and training programs are designed to simulate real-world cyberattacks, giving employees hands-on experience in identifying and responding to potential threats. Their training programs cover a wide range of topics, including phishing attacks, social engineering, password protection, and network security. To learn more give OptfinITy a call at 703-790-0400 or via email at sales@optfinity.com