Backup Data Even When Using Cloud Services

Backup Still Necessary Even When Using Cloud Services

Do you keep all of your data on the cloud? If so, you're certainly not alone. The past few years have seen a massive migration away from storing critical files locally to placing them on the cloud, where they're more secure and accessible from anywhere you can get internet. In fact, many people are so comforted by the amorphous nature of the cloud that they use mass file storage there as a substitute for making regular backups.

If you're one of the millions of people doing exactly that, you may want to rethink. Recently, author and programmer Andy Hunt tweeted about an Amazon outage that cost him the files he had stored on the cloud when the company experienced an outage. His tweet reads as follows:

"Amazon AWS had a power failure, their backup generators failed, which killed their EBS servers, which took all of our data with it. Then it took them four days to figure this out and tell us about it. Reminder: The cloud is just a computer in Reston with a bad power supply."

Cloud based companies often tout their virtually bullet proof up-time and the low failure rates as big selling points for their services. While those things are undeniably true and accurate, what Andy said is also true. At the end of the day, what we blithely call 'The Cloud' is just a series of computers located somewhere else. Unfortunately, those computers like the one on your desk are prone to catastrophic hardware failures.

That's why it's important that even if you're using the cloud extensively for your most important files, you also take the time to make backups on a regular basis. Cloud storage isn't the best solution, and it certainly shouldn't be seen as a substitute for robust backups.

Watch Out For Old Hacking Technique Offering Free Downloads

An old hacking technique is getting new attention from hackers around the world, and it underscores the fact that people must exercise extreme caution when it comes to deciding who to trust and where to download files from.

Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads.

Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another.

The most recently discovered instance of this involves the Smart Game Booster site.  It's a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it's caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product.

In this case though, the malware the hackers deploy is one of the more insidious we've seen.  Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there.

When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files.  It collects these and sends all the data to its command and control server, and then self-destructs.

With no outward sign, many users will be completely unaware that there's a problem until they start seeing suspicious charges on credit cards, noticing funds being removed from bank accounts and the like.  By then of course, it's far too late.

The bottom line here is simple:  Be mindful about where you download files from.  Check your URLs, and unless you can avoid it, never stray far from the big, well-respected sites like the Apple Store, Microsoft Store, or Google Play Store.  It's just not worth the risk.

YouTube Will Soon Stop Displaying Ads Targeted At Kids

Earlier this year, Google, the parent company of YouTube, found itself in hot water for YouTube's violation of the Children's Online Privacy Protection Act (COPA). They got in trouble for their data collection practices and the fact that the company allowed third-party ads to run rampant on videos that were more likely to be viewed by children under the age of thirteen.

As a result of the violation, the FTC and Google reached a settlement for an undisclosed amount of money, described by sources close to the matter as a "multimillion-dollar fine."  Since then, YouTube has been in the process of revising their advertising policies and procedures.

Recently, the company has reported that they're finalizing changes to how ads are displayed on their site. Even better, they're outright banning advertising on videos that are more likely to be viewed by children. This is the latest in a series of moves YouTube has been making since they were found to be in violation of COPA.  They began by closing comments on video clips starring children, and then proceeded to limit recommendations "on videos that it deems as putting children at risk."

 

Full Article: https://www.aimcybersecurity.com/2019/09/03/youtube-will-soon-stop-displaying-ads-targeted-at-kids/

 

Select 15 Inch Macbook Pros Banned From Flights By FAA

According to Apple, the 15 Inch MacBook Pros sold between September 2015 and February 2017 have a serious battery issue that makes them prone to fire.

When the company discovered the issue in June of this year (2019), they issued a recall and urged all MacBook Pro owners to check the serial number of their computers to see if the battery needs to be replaced.

Recently, the FAA (Federal Aviation Administration) concluded their own investigation into the matter and concluded that the issue was serious. So serious that the agency alerted all US airlines, pointing to the rules issued in 2016 that prohibit them from transporting any products that have been recalled over safety issues in either the cabin or as cargo until the products have been replaced or repaired.

The language could not have been clearer:  This is a ban on the impacted MacBook Pros.  If you're a frequent flyer and you use one of the recalled MacBook Pros, be aware that it's going to complicate your life the next time you fly unless you can prove that you've had the battery replaced and your computer is no longer a safety risk.

In terms of scope and scale, according to the US Consumer Product Safety Commission, Apple sold more than 400,000 of the impacted devices in the United States, and more than 26,000 of them in Canada.

This is certainly not the first time an issue like this has come up, nor is this the first time the FAA has issued a ban on a specific piece of equipment.  Back in 2016, Samsung's Galaxy Note 7 received similar treatment after consumers began reporting that the phone's lithium-ion batteries were prone to exploding or catching fire.  The issue got so bad that Samsung ultimately cancelled the device altogether and brought it back to the drawing board to rework.

In any case, if you own a MacBook Pro, it pays to head to Apple's site and check the serial number to be safe.

CafePress Users Are Latest To Have Information Breached

Hardly a week goes by that we don't see another major data breach making the headlines.

The latest company to fall victim to hackers is CafePress.

They are well-known on the internet for offering a platform where users can create their own customized coffee mugs, tee shirts and the like.

The company didn't make a formal announcement about the breach, and users only became aware of it when they started getting notifications from Troy Hunt's "Have I Been Pwned" service. Once word started leaking out, Hunt joined forces with security researcher Jim Scott, who had worked with Hunt in the past tracking down other data breaches.

Working together, they discovered a de-hashed CafePress database containing nearly half a million accounts was being sold on black hat forums.  The researchers could not confirm, however, if these records were related to the most recent breach, or some previous one.

In any case, as they probed more deeply, they discovered that the company was actually hacked back in February of this year (2019), and that it was a significant breach. That breach exposed more than 23 million user records.  Based on their findings, the hack exposed email addresses, names, passwords, phone numbers and physical locations.

To date, CafePress has not made a formal announcement about the matter, nor acknowledged the breach in any way. Although if you are a CafePress user, you will be forced to reset your password the next time you log on.

While that's a good step, it's completely at odds with the company's clumsy handling of the issue.  Password resets are not breach disclosures and notifications, and shouldn't be treated as such.  File this away as an example of how not to handle a breach if your company is hacked.