New Episode Alert EP120

Details on the GoDaddy Security Incident 🔥

May 12, 2020

Weekly Blaze PodcastEpisode 120May 11, 2020

GoDaddy Security IncidentFake DownloadersFirefox Lockwise Password Manager

Privacy and security can be tough and in this world you may think that you have nothing to hide. But the fact is that your laptop is never really off, your phone has a wireless signal (yep, even in airplane mode), and your credit cards use RFID. All of this technology contains valuable, private information that needs to be protected. The good news is that Silent Pocket offers a full product line of faraday products to protect all of your devices and credit cards which makes them instantly invisible to the outside world. Visit

silentpocket.com

to check out their latest products and use discount code "sharedsecurity" to take 15% off your order.

Over 90% of individuals show risky behavior in handling potential phishing messages according to Click Armor's free

CanIBePhished.com self-assessment

. This engaging coronavirus edition of CanIBePhished.com can help identify your teams total vulnerability to phishing attacks that exploit the pandemic situation. So test your own vulnerability to phishing attacks for free now at

CanIBePhished.com

GoDaddy notifies users of breached hosting accounts

Popular web hosting company, GoDaddy, announced a security incident last week that affected approximately 28,000 customers when an unauthorized party obtained access to customer's SSH remote login credentials. In a statement GoDaddy said that credentials were exposed for these customers through an altered SSH file in their hosting environment. GoDaddy stated that there has been no evidence that customer's files have been modified and that customer's hosting accounts were not affected. The discovery was made by GoDaddy's internal security team on April 23rd and was traced back to first happening on October 19th 2019. GoDaddy has reset passwords for all affected customers and

notified them of the incident via email

. SSH servers are common targets for attackers because they are sometimes only secured using a username and password, and are also left exposed to the Internet via port 22 which is constantly being scanned for by attackers.

SSH which stands for "Secure Shell" is a network protocol that provides secure remote access to a server. Why were login credentials for 28,000 customers just sitting in a file on one of GoDaddy's services in the first place? Well, we may never know. But it's a good reminder for all of us that have any type of third-party web hosting to ensure that you are not using the same credentials for remote SSH access and for your web hosting accounts. Better yet, you can add an additional layer of security to an SSH server

by using public/private keys instead of a password, or even adding two-factor authentication to your SSH configuration

. Your web host may already have instructions on how to do this, so be sure to ask or investigate on your web host's support site. And check out our show notes for links for a guide on best practices around SSH security.

Fake Microsoft Teams Notification Emails and Zoom downloaders

Attackers looking for their next phishing victims are capitalizing on the fact that many organizations and individuals are now using video conferencing software like Microsoft Teams and Zoom. And one of the most popular techniques being used by attackers are fake notification emails pretending to be from these services prompting users to download updated versions of their software for new features or security updates. One recent phishing campaign

targeting Microsoft Teams

uses imagery in the emails copied from actual Microsoft Teams notifications and emails, and the phishing pages look identical to the legitimate Microsoft Office 365 and Microsoft Teams login pages. If you click the link, you'll be prompted to enter in your Office 365 user credentials which will then go directly to the attacker. Microsoft Teams is a huge target since Microsoft has said that as of April, 75 million people are using Microsoft Teams. As for Zoom, researchers at cybersecurity company TrendMicro have

uncovered a new cyber-criminal campaign in order to trick remote workers into installing malware that will completely take over their computers

. This attack is even more convincing because the malware comes bundled with a version of the Zoom software and unless you run into problems, you might not know that you've installed an older version of Zoom to your computer laced with malware. Packaging malware inside a downloader for legitimate software is becoming a popular tactic for attackers.

So what can you do to avoid becoming a victim? First, enable two-factor authentication for your Microsoft account and for Zoom, consider upgrading to a paid account as two-factor authentication is unfortunately only available for paid users of Zoom. Next, only download installers from official sources – and if you're sent a link to download an app, it's best to visit the official website and download it yourself. Also, update your Zoom and Microsoft Teams software though the built in "update" feature within these applications.

The Firefox password manager now tells you when you use leaked passwords

Did you know that last Thursday was

"World Password Day"

? Well neither did I but it got me thinking about the passwords we choose and of course, how can we can improve how we use and even eliminate passwords from our lives. And as a shameless plug, make sure you give a listen to my recent interview with Andrew Shikiar from the FIDO alliance to hear more about how we may see the end of passwords in the not so distant future. But while we wait for the end of passwords, there are things being done to at least let us know if we may be using a password that is easily guessable or was one that was part of a previous data breach. And that's exactly what the latest version of the Firefox web browser can do with their built in password manager known as Firefox Lockwise. So starting with this version of Firefox, Lockwise will now scan each stored password to check if it's been found in previous data breach databases or password lists that are used by attackers to conduct "brute force" credential attacks. In addition to that, Lockwise is now integrated with Firefox Monitor which is a service that lets users check if their credentials have been leaked online. If they have been, you'll receive an alert urging you to change your credentials. And if you're concerned that "scanning" your passwords means that Firefox has access to what your passwords are, not to worry, Firefox does this by creating an encrypted list of your passwords, then checking that against databases of compromised passwords. Firefox does not keep logs of your plaintext passwords or know them.

As I've mentioned before on the show, I'm a huge fan of Firefox from a privacy perspective and their built-in password manager is getting better with every release. Check it out for yourself and be sure you're running the latest version of Firefox (version 76) to take advantage of these new features.

AprilMonthly ShowEpisode 99In episode 99 of our April monthly show: Apple and Google’s controversial efforts to create contact tracing technology, fighting COVID-19 criminal activity, and what the new normal means for startup companies!

Watch this episode on our YouTube Channel!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

silent-pocket.com

to shop Silent Pocket's great line of privacy focused products.