This is the Shared Security Weekly Blaze for September 17, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here. You can also watch each episode of the podcast on our YouTube Channel!
This is your Shared Security Weekly Blaze for September 17th 2018 with your host, Tom Eston. In this week’s episode: Malware-less email attacks, Equifax breach updates and the Vizio class action lawsuit.
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, this is Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Security vendor FireEye released research this past week which shows that 90% of the half-a-billion emails, blocked through their product in the first half of 2018, were found to be “malware-less”. Meaning, there were no malicious attachments or other code within the email itself that would attempt to compromise victims. Phishing actually made up 81% of what are considered malware-less attacks. Malware-less attacks also use impersonation of a trusted sender or company and include intimidation, links to malicious sites and sometimes forged requests. Other interesting data points include: malware-based attacks were most common on Mondays and Wednesdays and that malware-less attacks were most likely to occur on Thursdays. Data from the report also notes that phishing attacks will continue to rise.
Just for a minute, let’s forget about the day of the week that attacks like these are most likely to occur and focus on what you should do if you do receive a malware or malware-less email in your inbox. As we all know, social engineering techniques are often used to convince you to click a link or submit sensitive information to the attacker. In fact, we just released episode 80 of our monthly show with social engineering expert, Chris Hadnagy in which we talk to him about the different types of social engineering techniques used in phishing and many other types of attacks. It was great having Chris on the show so definitely give this episode a listen. Emails using social engineering techniques are one of the most popular ways to target victims because email is still one of the primary means of communication that we all use, especially in the business world. While many businesses typically have some type of security product to screen emails for potential attacks, it won’t help in situations with personal email or when these products don’t work as expected. Your first line of defense is to “think before you click”. This means for any suspicious email, take a step back for 30 seconds, read the email carefully and look for clues that indicate that the email might be a phishing attack. Check out our show notes for a great guide put together by TripWire on the six most common phishing attacks and how to protect against them.
The Equifax data breach last year, which exposed the personal information of almost half of the US population, has yielded very little change in regards to Equifax profits and any federal laws that could be implemented to prevent another breach as large as this one. The Chicago Tribune reported in an article last week that Equifax posted record revenue last quarter of $877 million and will most likely post a record profit next year. In fact, Equifax has recovered about 90 percent of the losses that were because of last year’s data breach. I’m actually a little surprised that Equifax has been able to “skate” around any financial penalty or other serious impact to their business. It does make you wonder how they have been able to keep the public reaction of this data breach to a low roar.
It seems that the only positive news coming out of this data breach is that there is more awareness from a consumer and legislative perspective as well as a pending class action lawsuit that is still in the early stages of development. One small but recent win for consumers is that President Trump signed a bill into law this past May which states that consumers can freeze their credit for free this week beginning on September 21st. This new law will remove the $5-$10 fee that was imposed by the various credit agencies when freezing your credit. Freezing your credit is highly recommended so check our show notes for a link to our previous episode on how to go about freezing your credit.
Vizio, who is one of the world’s largest manufactures of smart TVs, is developing a notice about a class action lawsuit that will be pushed to and displayed on all Vizio smart TVs. This recent development is because of the class action lawsuit that was initiated after the US Federal Trade Commission made Vizio agree to a $2.2 million dollar settlement. This settlement was agreed to because in 2015 Vizio was caught collecting and then selling user data to advertisers. This data included information like your IP address, TV viewing habits, TV shows being watched, and even DVD’s being played on your TV. All of this data was being collected without user consent which got Vizio into hot water. Since then Vizio has implemented a user consent policy when first setting up and installing a new Visio TV. However, as we’ve pointed out on the podcast previously, TV manufactures often times require users to consent to allowing viewing habits to be collected or any “smart” TV features, like using Netflix and other streaming apps, are disabled. Essentially, by not allowing your data to be collected and sold, you have made your TV “dumb” which was probably not the desired outcome when you purchased your shiny new smart TV.
While Vizio has until October 3rd to provide this notice to TV owners, it should be interesting to see how a large class action lawsuit like this plays out. If you happen to be a Vizio TV owner, will you participate in the class action lawsuit? We would be interested in hearing from you so we can discuss your thoughts on a future episode of the podcast. Hopefully that this recent controversy with Vizio sets a precedence for smart TV and Internet of Things manufactures that the privacy of our information is not always for sale and that a class action lawsuit may be looming for those manufactures that don’t take the privacy of their customers seriously.
That’s a wrap for this week’s show. Be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on your favorite podcast listening app such as Apple Podcasts or on our YouTube channel. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.