Nowadays, the vast majority of us use social networks to keep in touch with friends and family. Social media like Facebook or Instagram are the order of the day. However, they are also the target of cybercriminals to get hold of our profile and infect our contacts with malware. For this reason, it is essential to adequately protect our social networks. In addition to avoid putting ourselves at risk. We can even put all our contacts at risk. Indeed, they could damage and also infect their smartphones.

Steps to protect social media

If you want to prevent your social media accounts from being hacked, it is essential that you take certain measures. You must make sure you have everything in perfect condition. You should also take care of the security of both the account and the device you are going to use. Therefore, check these steps to avoid problems.

Use strong passwords

The first thing is to use passwords that are really secure. Avoid passwords that you can memorize. In fact, it’s a bad sign. You should never use your name, date of birth or anything similar that is easy to remember. Ideally, it should be completely random. That is, it should contain letters (both upper and lower case), numbers and other special symbols.

Also, you should not have the same password for a long time. It is best to change it from time to time. This way, you make sure you always have a reliable password. That is to say, that it has not been leaked or has any vulnerability. Although there is no specific date, we can say that if you change it once a month, it is better than once a year.

A good idea is to use a password manager. There are many, such as LastPass, KeePass, 1Password. However, beyond allowing you to store your passwords, many of them also have the function of generating very secure passwords. Some of them can also be configured to alert you when a certain period of time has passed. For example, it can be 4 or 6 months, and force you to change the password to make it totally secure again.

Enabling two-step authentication

But beyond the password, something very important to avoid intruders on social networks is to enable two-step authentication. It is an extra security barrier that will prevent you from having problems in case someone manages to find out the password. In order to get in, you would need a second step. That second step is usually a code that you receive by SMS. However, it could also be through a 2FA application. What you’re really doing is verifying that you’re the person responsible for that account and that it’s not an intrusion. This is something that is already present in social networks like Facebook, Instagram, or Twitter.

Protect your devices

In addition, security must always be present on the devices you use to access social networks. This means that you should not access any website or social network if your smartphone is infected. It does not matter if you are going to enter from the computer or from the mobile. In fact, it is essential in all cases to have the system well protected. It is also good to install a good antivirus like Microsoft Defender on your Windows operating system. In the same way, you have to make sure you have updated your device to avoid vulnerabilities.

When logging in to social networks, always do so from a browser that is protected. Although you can also do it from the official application. Never log in from external links or programs other than the official ones. These programs should also be properly updated. Indeed, they may have some vulnerability and that could be a weak point that attackers can exploit.

Be careful where you log in

Another factor to consider is where you log in to your social networks. You should avoid public networks. For example, the Wi-Fi in an airport or shopping mall. In those places you never know who might be behind it or if the network is really reliable. Nor do we know if it has any vulnerabilities or any problems. It is better to use the 4G or 5G mobile network, rather than a Wi-Fi connection that is not secure.

However, you can always connect if you use a VPN that encrypts the connection. In this way, security is increased. In addition, there is no risk of your personal information being leaked on this type of public network. Some examples of VPNs are ExpressVPN or NordVPN. They are available for computers and also for mobile devices, both free and for a fee. As for VPN services that are totally free and work really well, here are a couple of examples. I am talking about Cloudflare with its WARP and the Google One VPN, two options to be taken into account. In the second case, you need to be a Google One subscriber to be able to access the VPN service. Otherwise, you will simply not have access.

As you can see, you can take into account these steps to protect your social networks. Use a good password, enable two-step authentication, have your devices protected. In addition to avoiding public networks, are some essential points to keep in mind. You can always detect intruders on social networks.

The post How to Protect Your Social Media Accounts from Hackers appeared first on Linux Windows and android Tutorials.

Hacked passwords increase

Look, the numbers don’t lie. A report examined trends related to breached data. In addition, in this report, researchers identified 1.7 billion compromised passwords. We’re talking about a 15% increase over 2020, and 13.8 billion personally identifiable information records recovered. These numbers come from breaches occurring in the year 2021.

Reused passwords have been the main vector for attacks recently. As we warned earlier, this is a recurrent practice. In addition, we have to add the growing threat of digital identity exposure. Similarly, he comments that his annual report shows that users still do not take password security as seriously as they should.

On the other hand, the threat of account appropriation is a factual matter. However, this threat is apparently not implementing general improvements in user cybersecurity hygiene. This careless behavior for individuals is truly alarming. Especially given the frequency of digital identity fraud.

The government sector was strongly represented in 2021, relating to passwords breached. In that aspect, 611 breaches were discovered containing .gov email addresses. On the other hand, they also found 561,753 credential pairs of email addresses and passwords of government agencies at the international level.

Below is a list of the most common data obtained by attackers:

• Names,
• Dates of birth,
• National identification numbers or driver’s
• Driver’s licenses,
• Makes and models of vehicles,
• Number of children,
• Smoking status,
• Marital status,
• Estimated income
• Position.

Reuse of passwords

This is a constant error. Incredibly, users keep tripping over the same stone over and over again. Today, the average user has dozens of online accounts with a single login. In addition, they often reuse passwords. The report found that 64% of users with multiple compromised passwords reused passwords for multiple accounts. This represents a 4-point increase from the same point in 2021. A worrying statistic is the year-over-year increase in password reuse. This reflects the ease with which cybercriminals can use compromised passwords to compromise multiple accounts. In this regard, it has been observed that:

• 82% of the reused passwords analyzed consisted of an exact match to a previous password.
• 70% of users linked to breaches were still using an exposed password.

How users create their own passwords

Undoubtedly, the reuse of passwords for several accounts has an impact on their vulnerability. However, there is also another important factor that makes our passwords more likely to be violated. In fact, the report also identified a strong link with current events when choosing our passwords. On the other hand, there were common elements used in general to generate passwords. Thus, some of these factors are: TV shows, movies, and series of 2021, also music, as well as pop culture and sports.

On the other hand, many users and businesses think they are protected against identity fraud by relying on a dark web monitoring service. Unfortunately, one thing they don’t know is that it can take more than a year before breached passwords reach the dark web for those services to find them.

Recommendations for protection

To adequately protect our accounts, we must comply with two essential aspects:

• Have a good password to access the service.
• Always enable the service’s two-step authentication.

For the former, we must create an alphanumeric password with a length of 12 characters or more. Additionally, it must mix numbers, uppercase, lowercase, and symbols. This way we avoid that our password is in a password dictionary and that it is easily vulnerable. On the other hand, you may not want to generate the password directly. In such a case, you can use any of the dedicated tools. In this case, we recommend Password Generator.

Another aspect to consider is to always use password managers. These tools allow us to store all users and passwords securely. Additionally, they encrypt the contained data, and access them through a master key that is the only one you must remember.

Let’s talk a bit about two-step authentication. In fact, nowadays most online services, prestigious websites, etc., have systems to configure the second authentication factor. On the other hand, if you are going to set up two-factor authentication, you must do it with an authenticator application. It is also advisable to use a USB device for authentication. On the other hand, it is not recommended to use SMS as a second authentication factor. Indeed, they could do a SIM Swapping and clone our SIM to steal this key sent to us.

Conclusion

On the other hand, staying safe is fairly easy with the right tools. We therefore recommend using a key manager such as KeePass or Bitwarden. It is also advisable to activate two-step authentication in your services, but without using SMS as a second authentication factor.

We also recommend the use of password managers. Certainly, there are many on the market. However, LastPass is my personal choice. It is indeed a very complete, functional and didactic service. Moreover, its free version is more than enough for a home user.

Very well, in this way we have seen that most hacked passwords are still in use. We also learned what measures to take to avoid this risky situation. Bye!

The post Most hacked passwords are still in use. See how to fix it. appeared first on Linux Windows and android Tutorials.

The company revealed the process of the attack on its systems. In this sense, it stated that they found irregularities in a “small number of internal accounts”. And that one of them “had been used to view [the company’s] source code in various source code repositories. In this way, the hackers had access to Microsoft’s source code.

Attack on the source code: worldwide

SolarWinds is a US company. Its main objective is to develop software for companies. They collaborate in the administration of their networks, systems and information technology infrastructure. Previously, the company suffered a massive attack. Specifically in early December. It is important to note that investigations link Russia to the attack. In this sense, the affected companies belong to different influential countries. However, Russia is off that list.

Likewise, Microsoft carried out a map with telemetry from the Defender Anti-Virus software to determine the affected countries. The United States stands out among them. However, Microsoft identified companies and institutions in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

Other important data

On the other hand, Microsoft assured that it seeks to be transparent in its research. Consequently, the company named the research as Solorigate. This research yielded important findings. For example: the attack preserved customer data. In addition, there is no indication that the attack was used to affect third parties from Microsoft systems.

Finally, the company claimed that they infiltrated their systems “beyond the presence of SolarWinds’ malicious code”. All these findings alert the Microsoft community regarding the security of their systems. And they invite the company to reinforce its security to ensure the safety of its customers and their data.

The post Massive attack: Hackers access Microsoft source code appeared first on Linux Windows and android Tutorials.

It acts by blocking the device remotely, to encrypt the files taking away the control of all the information and data stored. The virus launches a pop-up window asking for the payment of a ransom. This payment is usually made in virtual currency. On the other hand, this software can be installed through misleading links included in an email, instant message or website. Windows.

How ransomware RobbinHood works

As mentioned above, this threat acts through a Gigabyte company driver (gdrv.sys). This has a security flaw, so the exploit included with ransomware allows the attacker to disable the antivirus. It is not even necessary to have a Gigabyte device installed. Finally, attackers use the vulnerability of the genuine driver, to install a second driver created by them without a digital signature. The purpose of this second driver is to disable the antivirus. Consequently, ransomware can be installed without any problem.

With the antivirus turned off, ransomware installs itself on the pc, takes full control and encrypts all data present on the hard disk. It then displays a message like the one below, asking to pay for the data or we won’t be able to recover it.

The exploit that takes advantage of the security flaw is hidden in a file called Steel.exe. When executed, a file is extracted with ransomware (ROBNR.EXE). In addition to the two drivers, the vulnerable one (signed by Gigabyte) and the one developed by the hackers. As mentioned above, it is not necessary to have any Gigabyte components on the computer. The ransomware itself will install the Gigabyte driver on our PC and carry out the attack. The ransomware asks to pay a Bitcoin money within the next 4 days. If not, the cost will increase to $10,000 per day over the next 6 days. Eventually, the keys will be removed from the server and the data will be lost forever.

According to computer experts, this is the first time that ransomware uses a reliable third-party driver to attack the Windows kernel. In addition to loading a second malicious unsigned driver. And finally, disabling the antivirus directly from the operating system kernel.

Gigabyte knew about the bug, but she didn’t fix it.

In a supreme display of irresponsibility, the Gigabyte company has known about this mistake since December 2018. However, the manufacturer decided to abandon driver support instead of fixing it. Consequently, users were exposed to this security problem until the attack happened. Security experts claim that there is no way to defend against this ransomware. That is, even with a good antivirus and all the security patches installed, the attack is inevitable.

As always, the best way to protect yourself against hackers is to use common sense. That is, avoid downloading and using illegal programs. Also, be wary of an unknown e-mail. It is also healthy to check the websites you visit. On the other hand, it is advisable to keep your data backed up in the cloud or on external hard drives. In this way, you can avoid falling into threats. Finally, we have seen how this driver shuts down the antivirus and installs ransomware in WindowsThis is all for now before I go I invite you to see our post about repairing the search bar in Windows 10.

The post This driver shuts down the antivirus and installs ransomware in Windows appeared first on Linux Windows and android Tutorials.