If you’re disturbed by advertisements and “helpful” suggestions that are based on your internet browsing habits, recent research has found yet another source of online tracking. It’s a sneaky tactic that also comes with serious security concerns. Let’s take a look at what you can do to stop it from targeting you.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

• If you use Chrome - Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
• If you use Firefox - Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you use Safari - Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24x7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

The post The risks of auto-complete passwords appeared first on Complete Technology Resources, Inc..

You can easily tell whether a website is encrypted, and therefore safe, if a padlock icon appears next to its URL and if it starts with HTTPS (instead of just HTTP). Unfortunately, hackers now use the very same tool that’s supposed to protect browsers from malicious entities via encrypted phishing sites.

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption -- an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective -- and dangerous -- is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.

The post Are the encrypted sites you visit safe? appeared first on Complete Technology Resources, Inc..

While Apple products are renowned for being highly secure, they’re not completely immune to cyberattacks. Fortunately, Apple frequently releases updates to fix any issue that they’ve discovered. And if you have macOS High Sierra, you need to make sure you’re running the latest patch.

Serious bug
On November 28th, security researchers reported a serious bug in macOS High Sierra that allows anyone to easily take control of any Mac computer. Normally, users are asked for their username and password before logging into their Mac, installing a new application, or changing settings. However, this recent bug allows users to simply type “root” as a username, leave the password field blank, and click “unlock” to gain full access.

This means if hackers have physical access to a machine, not even passwords can stop them from getting inside. They could, for instance, log in with "root," reset the username and password, and enjoy future access to the machine at any time. They could also install spyware with ease and monitor your activity 24/7 without being detected.

The bug was so alarming that Apple released an emergency patch within a day. But even the fix had problems, and when users installed the next major macOS update, High Sierra 10.13.1, the bug reappeared.

Luckily, Apple was quickly made aware of this secondary problem and rolled out a 10.13.2 update on December 6th to completely resolve the issue.

Other threats to Apple security
This wasn’t the only problem Apple had to deal with recently. In October, Apple released an update for Key Reinstallation Attacks (KRACK) -- a type of attack that essentially breaks the encryption protocols between a router and a device, allowing hackers to read private messages and steal other sensitive data.

And last week, an iOS 11 update was rolled out to fix glaring weaknesses in Apple’s HomeKit Internet of Things framework, which enables hackers to exploit smart devices like security cameras and door locks.

How to protect yourself
The importance of checking for updates and installing them as soon as possible cannot be understated. Hackers are more active than ever and will use any means necessary to breach your network. Updating your software is the best way to reduce the number of exploitable entry points into your business.

To install updates for Apple devices, open the App Store, and click on Updates. All critical updates should be displayed on the window, but if you don’t see the one you’re looking for, use the Search field to find it.

Even though the potentially devastating High Sierra bug has been fixed, you should consider creating a genuine root user password to prevent others from gaining access to your machine just by typing in “root.”

To do this, open Directory Utility, which can be found in the Users & Groups tab in System Preferences. From there, click on Edit and select Enable root user, where you will be prompted to set a password. And last but not least, make sure you set a strong password.

Protecting your systems is a full-time job, so if you’re not experienced with computers, call us today. We’ll give you the tools and services you need to stay safe from a wide range of cyberattacks.

The post Apple releases another critical update appeared first on Complete Technology Resources, Inc..