Have no time to read up everything that has happened this month? Don’t worry, we have prepared a quick bite of Hamburger News for August!
Google follows you! Can you escape?
According to Associated Press Investigation, Google applications and services downloaded into mobile devices can track you wherever you go, even after you have set up your privacy settings.
These stored places you have visited in the past could potentially be used by police, or other more malicious actors. According to Google: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”
However, according to the Associated Press Investigation, it turns out to be untrue? If you turn off this function, it only prevents saving the records of your movement to the timeline. It does not stop Google from knowing where you are. Research and information based on your location will continuously be sent to the Google servers for gathering.
There is one way to escape from this however!
Go into your Google Account’s Web and App Activity, and you will see which applications are using your location settings and sending information.
From here, you should be to disable the function in order to fully stop information about your location from being sent to Google. Just be aware that options/privacy settings are different when it comes to your Google account and the options/settings on your device. If you are using several accounts in one device, remember that Google can continue to operate via the other Google accounts registered under your device.
Do you think Cloud Services and Cloud platforms are completely secure?
(source link: https://techbeacon.com/5-tips-choosing-enterprise-cloud-services-provider)
Most SMEs think that they are in a safe environment simply because they are using Amazon Web Services (AWS).
However, there have been recent attacks which use increasingly advanced techniques targeting cloud providers and cloud applications.
In the case of past hacks, criminals focused on stealing AWS keys and tried to sneak into S3 buckets, where important resources were stored. Another well-known strategy used by hackers is to launch a new EC2 instance in the victim’s cloud environment (Amazon Elastic Computer Cloud) and use it for mining cryptocurrencies.
AWS however, is not responsible for these vulnerabilities but rather, cyber terrorists are leveraging a combination of technical attacks launched on AWS features and network-based intrusion attacks.
Enterprises and organisations should consider revamping their procedures of penetration testing to include the prevention of attack vectors which penetrate from host layer into the AWS control layer. Organisations should also monitor every aspect of their cloud environment, and pay attention to any malicious activity that may occur within their environment.
Ransomware attacks have continued to develop and are becoming increasingly complex.
Yet, most ransomware still follow the same simple pattern.
- Send a target a malicious email
- Phish the target to click the email and download the attachment.
Once the victim opens the attachment laced with malicious coding, malware is installed to lock the information in the target’s computer.
See some real-life examples of ransomware attacks, check out our previous posts, and learn what you should do to avoid falling victim.
Cybersecurity isn't just about the Latest Tools.
It's about Beefing up Best Practices and Limiting Access to Confidential Information.
There has been an increasing trend of insider threats taking place all around the world. Just look at the latest case with Tesla - it teaches us an important lesson. We need to start thinking about the level of access to confidential information employees are given.
Tesla is not alone as a victim of insider threats. A few months ago, even a former member of the FBI leaked the confidential information after he left his role at the FBI.
Ethical security best practices should not only be taught to higher management or security staff but instead, every employee in an enterprise should receive well-structured security training in order to avoid accidentally leaking sensitive information.