This kind of stuff happens all the time, not just to Google, but to other unsuspecting people.

If someone receives an email that appears to have been sent by you, and the email contains a malicious link, lots of people would think it was your fault. There is a good chance that you did not get hacked, just like Google did not get hacked, but you may get blamed anyway. What probably happened is that one of your friends, or at least someone who has you in their contact list, got hacked. Then the attacker chose to send the malicious message, that appeared to be from you, to all the other contacts stored in that person’s contact list.

Spread the word encouraging the people you know to be sure they are secure, since, if someone you know gets hacked, it can make you look bad too.

And, tell others that, when they receive a malicious email message that appears to be from someone they know, that person they know may not have been hacked.

For your own protection, forward this message to everyone who may have you in their address book.

The post The Google Scam Shows How, If someone You Know Gets Hacked, it can Make You Look Bad Too. appeared first on Foster Institute.

A big problem is that security patches that protect against these kinds of breaches never reach users’ Android devices because of something known as Android fragmentation. When Google releases security patches, the patches are sent to device manufacturers, who are then responsible for releasing the patches for their different models. Some do not release the patches, or do so after a long delay.

Google is taking steps to help mitigate the problem, such as scanning phones and apps to look for Gooligan code and forcing resets of credentials to Google accounts. But so far that hasn’t been enough to protect those million users that have had their accounts hacked.

So, what can you do? Always stay up to date with the latest Android versions and patches. Choose a brand that has a track record for releasing patches every 30 days. Blackberry is one of those brands, but few people use those devices. If 30 days is too long to wait, consider using the Google Pixel line of Android phones since, because Google makes the devices, patches and upgrades should be available for download immediately upon release. Note: Brand names are mentioned to provide value to you. We do not receive any kind of compensation for mentioning brands. Another strategy is to install as few apps as possible on your device. Each app is a potential security issue and many people have installed apps that they realize are not essential, and some apps are rarely, if ever used.

Please forward this to anyone you know that uses Android devices and would like to be more secure.

The post 1 Million Android User Accounts Reported Hacked appeared first on Foster Institute.

Gaining access to your account can provide everything from photos stored in your phone, to the passwords of Wi-Fi access points to which you’ve connected to in the past. That is very concerning.

When attackers know your browsing history, your email messages, your past search terms and the links you’ve clicked, they can use that information to perform very effective attacks tailored to trick you and the members in your company. With knowledge of your passwords, they can wreak all kinds of havoc.

Go get an idea of the kind of data that is stored in the cloud and is potentially accessible to attackers who use the right tools, see google dot com /policies/privacy/

Additionally, there are tools available, such as cloud explorer, that make it easy for even non-technical attackers to conveniently gain access to the sensitive information stored in your phone.

Please forward this to whomever is concerned about their mobile device’s security.

The post Attackers Can Hack Your Phone Without Having Your Phone appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

Flash is a tool used on web-sites to, among other things, play videos.

When people visit websites, they can be vulnerable to what is referred to as a drive by download. Just by visiting a site, even a legitimate site, their computer may be exposed to an attack.

That attack can happen via a Flash video within an advertisement that was surreptitiously posted by an attacker.

It is always a good idea to use “click to play” functionality that prevents Flash content from running automatically.

Now, when Google stops accepting advertisements with Flash content, that will significantly diminish the Flash vector of attack.

The post No Flash Attacks After June 30 appeared first on Foster Institute.