Washington Post: On TikTok "is no more risky than Facebook. That’s not entirely a compliment"

"As calls to ban TikTok grow, should you quit the app?

For the average user, TikTok is no more risky than Facebook. That’s not entirely a compliment.

I’ve been hearing from Washington Post readers concerned that the Chinese-owned app is handing our data to the Communist Party. So I looked under the hood at what TikTok knows about us, and quizzed both the company and the senators calling on us to stop using it.

So far, the arguments to ban TikTok are more rooted in fears than actual evidence. The best thing that could ​​come of this scare is that Congress finally realizes we need privacy rules and guardrails for kids across all apps — not just the ones with Chinese owners."

Continue reading the article online (subscription maybe required) ->

https://www.washingtonpost.com/technology/2023/02/03/tiktok-delete-advice/

 

To TikTok, or not to TikTok, that is the question. (Video: Illustration by Elena Lacey/The Washington Post; iStock)

Five things to do to protect yourself online

Five things to do to protect yourself online Your online accounts, computer, and phone hold a lot of your personal, financial, and health information. Information that's valuable to you — and to scammers who try to steal it.  Here are five things to do to keep hackers out of your accounts and your personal business. Read more ->  https://consumer.ftc.gov/consumer-alerts/2022/10/five-things-do-protect-yourself-online

News of Interest: Amazon implementation raises security issues

"There’s an eyebrow-raising technology buried inside millions of Amazon Echo smart speakers and Ring security cameras. They have the ability to make a new kind of wireless network called Sidewalk that shares a slice of your home Internet connection with your neighbors’ devices.

And on Tuesday, Amazon is switching Sidewalk on — for everyone.

I’m digging into my settings to turn it off. Sidewalk raises more red flags than a marching band parade: Is it secure enough to be activated in so many homes? Are we helping Amazon build a vast network that can be used for more surveillance? And why didn’t Amazon ask us to opt-in before activating a capability lying dormant in our devices?

I recommend you opt out of Sidewalk, too, until we get much better answers to these questions."

Continue reading the article online (subscription may be required)

https://www.washingtonpost.com/technology/2021/06/07/amazon-sidewalk-network/

Great summary of the Solar Winds attack, not just on the US

Noted security expert Bruce Schneier writes: 

"Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous. 

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack. 

Here’s what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” — something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks. 

This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself — and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone."

Continue reading the article online

https://www.schneier.com/blog/archives/2020/12/russias-solarwinds-attack.html

screengrab of https://www.schneier.com/

"What we know – and still don’t – about the worst-ever US government cyber attack"

The Boston Globe has the following:

It’s going to take months to kick elite hackers widely believed to be Russian out of the US government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.

Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into US agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.

“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.

Continue reading the article online (subscription may be required)

https://www.bostonglobe.com/2020/12/18/business/hacked-government-networks-will-need-be-burned-down-ground/ 

 

While Franklin suffered from the spear phishing attack which resulted in a diverted payment, the attacker/nefarious character did not access the Franklin network. They used the person inside to do their work. The Russian hack into the major systems of some companies and several government agencies was sophisticated in planning as they apparently hit the supply chain for a piece of software used to protect networks. Once inside, the "trojan horse" allowed access and control. The scope and objective of the hack remains to be determined.

 

Related articles:

• A good summary from The Guardian: https://www.theguardian.com/technology/2020/dec/18/orion-hack-solarwinds-explainer-us-government
• More inside technical details From Bruce Schneier (reference in article quote from Boston Globe: https://www.schneier.com/blog/archives/2020/12/nsa-on-authentication-hacks-related-to-solarwinds-breach.html
• Also good technical details from Krebs on Security: https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/

Multiple federal agencies have been targeted in a sweeping cyber attack. Photograph: Patrick Semansky/AP

 

Phishing, spear phishing info

Via Cyber Security Intelligence:

"Spear phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for criminal reasons. A highly targeted form of phishing, spear phishing involves bespoke emails being sent to well-researched victims.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cyber criminals may also intend to install malware on a targeted user's computer.

Barracuda Network researchers worked with leading researchers at UC Berkeley and UC San Diego, to study the growing threat to business of email account crime using Spear Phishing methods.

It is all hard to spot without close inspection and difficult to stop with technical controls alone. In 2016 the Fancy Bear attack group used spear phishing tactics to target email accounts linked to Hilary Clinton’s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented the accounts-google.com domain to threaten targeted users."

Continue reading the article online  https://www.cybersecurityintelligence.com/blog/spear-phishing-threats-and-trends-4902.html

 

How Big Is Phishing in 2020?

"It is big. Sadly, it is growing even bigger if historical data is any indicator for the imminent future.

Not all spam consists of phishing emails, but it’s safe to assume a spam message might be a phishing attempt. And there are tons of it, cluttering inboxes far and wide, as these phishing stats clearly show.

 -   Spam is 45% of all emails sent. (Source: Propeller)
 -   About 14.5 billion spam emails are sent every day. (Source: Propeller)"

Continue reading more about the phishing trends  https://hostingtribunal.com/blog/phishing-statistics/

Additional info can be found on the FBI page  https://www.fbi.gov/investigate/cyber

The Associated Press (@AP): awareness of potential foreign threats to election

"U.S. officials have issued multiple advisories in recent weeks about potential foreign threats in #Election2020, and what Americans can do to be prepared. 

A look at some of the warnings: https://t.co/MqTBNLsIQP"

 

"The FBI and the Department of Homeland Security’s cybersecurity agency have issued a series of advisories in recent weeks aimed at warning voters about problems that could surface in the election — as well as steps Americans can take to counter the foreign interference threat.

The issues identified in the public service announcements run the gamut from the spread of online disinformation about the electoral process to cyberattacks targeting election infrastructure. Taken together, the advisories make clear that American agencies are tracking a broad range of potential threats that they believe voters should know about — not just for transparency’s sake but also so voters can be prepared."

Continue reading the article online  https://twitter.com/AP/status/1313788704650125312?s=03

 

The Associated Press (@AP):  awareness of potential foreign threats to election

In the New: An example of why you never share your password

From the Milford Daily News, articles of interest for Franklin:

A British man, a Florida man and a Florida teen were identified by authorities Friday as the hackers who earlier this month took over Twitter accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $100,000 in Bitcoin.

Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as adult. He faces 30 felony charges, according to a news release. Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, were charged in California federal court.

In one of the most high-profile security breaches in recent years, hackers sent out bogus tweets on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

....

Twitter previously said hackers used the phone to fool the social media company’s employees into giving them access. It said hackers targeted “a small number of employees through a phone spear-phishing attack.”

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.

Continue reading the article online (subscription may be required)
https://www.milforddailynews.com/zz/news/20200731/3-charged-in-massive-twitter-hack-bitcoin-scam/1?rssfeed=true 

Follow Franklin Matters on Twitter - https://twitter.com/FranklinMatters

FTC Alert: It’s National Cybersecurity Awareness Month

It's National Cybersecurity Awareness Month by Ari Lazarus Consumer Education Specialist, FTC October is spooky enough with its ghouls and goblins. National Cybersecurity Awareness Month is here to remind us how to stay safe and secure from real (and maybe even scarier) threats – malware and scammers. Read more  https://www.consumer.ftc.gov/blog/2018/10/its-national-cybersecurity-awareness-month?utm_source=govdelivery This is a free service provided by the Federal Trade Commission.

---

In the News: brewing growth in Marlborough; MA election security improvements after November

From the Milford Daily News, articles of interest for Franklin:

"The brewing industry’s rapid growth in MetroWest over the past few years has reflected the overall growth of the industry. 

But for awhile, one of the larger MetroWest communities – Marlborough – went without a brewery as they continued to open in smaller surrounding communities such as Hudson and Westborough. 

But now that’s changing. By the end of this year, it’s expected there will be three breweries operating taprooms in the city, with a fourth planning to open in the spring of 2019. Marlborough is about to become a destination for craft beer fans throughout the state.

That is intentional, said Meredith Harris, executive director of the Marlborough Economic Development Corp. Last year, the corporation took out advertisements in beer magazines, offering incentives in the form of small business loans and help with permitting, to try to attract a brewery or two to downtown."

Continue reading the article online (subscription may be required)
https://www.milforddailynews.com/news/20180908/beer-entrepreneurs-take-liking-to-marlborough

"Massachusetts has received millions of dollars in federal funding to bolster election security, but most of it will not be spent until after the November election. 

The Bay State has received $7.9 million from the federal government, which election officials plan to spend on voting equipment, voter registration systems and cybersecurity, according to documents shared with Wicked Local. About 81 percent of the money, however, will be spent after the upcoming midterm election. 

State officials, nonetheless, say the federal dollars -- while helpful -- are not vital to running a safe and accurate election. 

“We were already spending money and resources from our existing budget on cybersecurity, so we were not dependent on the federal funding for 2018,” wrote Debra O’Malley, spokeswoman for Secretary of the Commonwealth William Galvin’s office. “This additional funding will be used to add to our existing preparations and for future elections.”

Continue reading the article online (subscription may be required)
https://www.milforddailynews.com/news/20180908/state-to-spend-millions-on-election-security---after-november

MA election security improvements scheduled for after November

"confidence in the integrity of elections isn’t derived from the machines, but from the whole process"

From the Milford Daily News, articles of interest for Franklin:

"Massachusetts voters cast ballots on paper, but that doesn’t mean the system is immune to cyberattacks – voting technology is just one piece of a puzzle. 

Over the last few years, several news reports have discussed the security of American voting systems. A 2016 Wired article warned that direct-recording electronic voting machines are “scarily easy targets.” And in April, Vox reported Congress wants states to use paper ballots for security reasons. But either way, WCVB-TV reported last year that officials believe the Massachusetts voting system is not vulnerable to hacks. 

That may be in part because the state is already using a paper ballot system, not the reportedly insecure e-voting machines. But more than 96 percent of the state’s precincts use optical scanning machines to tabulate votes, based on data made available by Verified Voting."

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20180516/how-secure-are-massachusetts-voting-systems

voting booth at FHS gymnasium

In the News: Y opens farm in Bellingham; Change your Twitter password

From the Milford Daily News, articles of interest for Franklin:

"Organic, community-harvested tomatoes, peppers, eggplant and other vegetables will be ripe for picking come fall, thanks to the Hockomock Area YMCA’s newest volunteer farm in Bellingham. 

Officials held their ribbon-cutting ceremony in front of the developing garden at 200 Center St. on Thursday afternoon, where a crowd gathered to witness the event and tour the new garden area. 

Marykate Bergen, a member of the Health Innovation Team at the YMCA, said the focus is the provide healthier options for children and families. 

“It’s a great way to get people access to healthy, locally-grown food in their own community,” she said. “Also, the volunteer opportunities allow people to get out and be more connected to the future of eating.”

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20180503/bellingham-hockomock-area-ymca-unveils-garden

"Twitter is advising all users to change their passwords. 

The company said Thursday that it recently discovered a bug that stored passwords in an internal log in an unprotected form. 

Twitter says there’s no indication that there was a breach or that any of the passwords were misused. But as a precaution, Twitter recommends users consider changing the passwords they use to log onto Twitter. They should also change that password if they used it for any other services."

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/zz/news/20180503/twitter-finds-security-bug-advises-changing-passwords

Follow Franklin Matters on Twitter @franklinmatters

Consumer Reports: Facebook was careless with your data - Now what?

                                                   

If you are having trouble viewing images, click here. Recently, as many as 50 million Facebook users learned that their social media data was swept up in a massive data grab. Facebook users taking a psychology quiz may have unknowingly given away their own and their friends' private information. Then the creator of the quiz, a private app developer, sold that data treasure trove to a political targeting firm involved in the 2016 elections. If this situation has convinced you to rethink Facebook, here are your options: Don't want to give up Facebook? At least, eliminate 3rd party data collection on the platform Ramp up your privacy and eliminate 3rd party access and data collection. Manage your app settings and turn off Facebook Platform. This will deny access to apps, websites and plugins, but there are consequences you need to be aware of, like losing access to profiles or previous posts. Not ready to pull the plug but need a break? You can deactivate your Facebook account Consider putting your posts and photos on a brief hiatus and easily deactivate your account (you'll need to enter your password to confirm). When you're ready, you have the option to go back to sharing your updates on Facebook at any time. Ready to leave Facebook completely? Deleting your Facebook account may be the option, but do your research first This decision means that your photos, status updates, and messages will disappear, and your name will vanish from Facebook search. Before you say goodbye for good, know the steps you should take, like downloading your personal archive and checking which 3rd party accounts you access with your Facebook log in. We always want to keep our members informed on issues that impact their safety, well-being and privacy. Before you take any action, click here for more information on all three of these options and find out more on how to use Facebook privacy settings. © 2018 Consumer Reports, 101 Truman Avenue, Yonkers, NY 10703. All rights reserved.

FTC Scam Alert: Equifax isn’t calling

Many Franklinites are likely among those affected by the Equifax breach (as I was). Hence, this is worthy of sharing!

Equifax isn't calling by Lisa Weintraub Schifferle Attorney, FTC, Division of Consumer and Business Education Ring, ring. "This is Equifax calling to verify your account information." Stop. Don't tell them anything. They're not from Equifax. It's a scam. Equifax will not call you out of the blue. Follow the link to read more This is a free service provided by the Federal Trade Commission.

---

Also from the Federal Trade Commission - What to do
https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

In the News: FHS cheer team champions; school security works

From the Milford Daily News, articles of interest for Franklin:

"The Franklin High School varsity cheerleading team topped two divisions at a national competition over the weekend. 

Coach Amy Murphy said the squad - participating in the Platinum Nationals competition in Rochester, New York - won the high school division and was the grand champion of the school division. 

“They scored 91.71 out of a possible 95 - they did great,” she said.

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20170412/franklin-cheerleaders-top-division-at-national-competition

THEY DID IT! @FHScheer_ NATIONAL CHAMPIONS HIGH SCHOOL DIV!!!
2 time GRAND NATIONAL CHAMPIONS in School and College Div!! #PantherPride pic.twitter.com/mZNDunuTDw

— FranklinAthletics (@FHSSports) April 9, 2017

THEY DID IT! @FHScheer_ NATIONAL CHAMPIONS HIGH SCHOOL DIV!!!

"Recent security upgrades helped keep an unwanted visitor out of the Parmenter Elementary School, officials said during an update on school safety this week. 

Superintendent Maureen Sabolinski said a reconfigured entrance - part of ongoing security efforts - kept that person from entering the building. Sabolinski, along with Assistant Superintendent Peter Light, gave a presentation on school safety at Tuesday night’s School Committee meeting. 

Sabolinski said school safety ties in with the district’s recent work with social/emotional learning, especially the idea that students have to be emotionally ready to receive instruction. 

“If students do not feel safe in school, they’re not learning,” she said. “The research is replete with data (showing that).”

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20170412/franklin-security-upgrade-put-to-test

Keep your passwords secure (video)

The breach at Yahoo released millions of email addresses and passwords. 

Did you change your Yahoo password recently?

Do you change your passwords frequently?

In most corporate environments changing passwords every 60 or 90 days is required. It may be a pain but it can be a good security mechanism.





For more about staying safe online and how to manage your passwords, check out http://staysafeonline.org/

http://staysafeonline.org/  #lockdownURLogin

“the evidence is insufficient"

From the Milford Daily News, articles of interest for Franklin

"The National Labor Relations Board has sided with Dean College after campus police claimed that they were wrongfully terminated and replaced with security guards after organizing and forming a union. 

The April 19 ruling from the NLRB dismisses the Dean College Campus Police Association’s charge that the college violated labor laws by terminating the force in December, just days after a union was organized. 

The ruling finds that there was “insufficient evidence” that the college violated labor laws. 

“Rather, the investigation established that the Employer actively began seeking an outside contractor in March 2015 prior to any union activity; the Employer was in communication with the contractor it chose, TeamOps, in June 2015, also prior to any union activity; and the employer officially agreed to hire TeamOps on November 4, 2015,” the ruling states."

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20160420/franklin-nlrb-sides-with-dean-college

Dean College

In the News: low flying helicopter alert, Town Council authorizes capital spending

From the Milford Daily News, articles of interest for Franklin

"The U.S. Department of Energy’s National Nuclear Security Administration’s will conduct low-altitude helicopter flights along the route of the Boston Marathon Tuesday through Friday to measure naturally occurring background radiation. 

The radiation assessment will cover about 13 square miles. A twin-engine Bell 412 helicopter, operated by the Remote Sensing Laboratory Aerial Measuring System from Joint Base Andrews, will fly in a grid pattern over the area at 150 feet above the ground or higher at a speed of 80 mph. 

Flyovers will occur only during the day and are estimated to take about two days to complete. 

The measurement is being conducted to establish baseline levels for security and emergency preparedness."

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20160411/low-flying-helicopter--will-measure-background-radiation-along-marathon-route

"The Town Council last week approved numerous capital spending items, including a program to combat invasive species at the DelCarte property, funds for replacement vehicles and water and sewer system improvements. 

The council voted on the items at its meeting Wednesday night."

Continue reading the article online (subscription may be required)
http://www.milforddailynews.com/news/20160411/franklin-council-approves-capital-expenses

For the Franklin Matters' reporting on the capital authorizations check here
http://www.franklinmatters.org/2016/04/town-council-authorizes-62-million-for.html

NCWIT Award for Aspirations in Computing - Lauren Albee

Tri-County Regional senior Lauren Albee was recently named a 2016 Runner-Up for the National Center for Women and Information Technology Aspirations in Computing Award.

Albee, a Computer Information Systems student from Medway, received several prizes, including a laptop, a glass trophy, and a certificate of recognition. She was also awarded a $10,000 scholarship to the University of Massachusetts Dartmouth and a $20,000 scholarship to the University of Massachusetts Lowell.

The NCWIT Award for Aspirations in Computing honors young women for their computing-related achievements and interests. Recipients are chosen for their technological aspirations, leadership ability, academic history, and plans for post-secondary education.

Lauren says she was encouraged to apply for the award by her teacher, Kim Zogalis. Organizers took particular interest in Lauren's involvement with the school's First Robotics team. Lauren has been a member of Team 3236 for three years.

Tri-County Regional senior Lauren Albee

In addition to First Robotics, Lauren was captain of the Varsity Soccer team during her senior year, a member of the Student Council, and a student representative for Tri-County's Administration Council.

"All of us at TC are very proud of Lauren,” said Tri-County Principal Michael J. Procaccini. “She is one of our CIS leaders and has put together a long list of accomplishments this year. CIS is an exceptional program and Lauren is an exceptional young woman.”

Lauren plans to attend Johnson and Wales University in North Miami where she will major in Criminal Justice and continue her studies in the Information Technology field. She believes her background in technology will be valuable in her collegiate studies and her career due to the prevalence of Cybercrime.

Secure Shredding at Postalcenter

With National Data Privacy Day coming on Jan 28th, this is a good time to securely get rid of some important papers.

Secure Shredding at Postalcenter! View this email in your browser Secure Shredding The cold weather outside is the perfect opportunity to sort through nonessential documents or surplus paperwork! Bring it to one of our convenient locations for secure shredding. From now until February 15th, shred your personal documents for $0.75/lb. no minimum. This is real savings, don't miss out!  What to shred: Documents with your name or other personal information Financial statements, pay stubs, or cancelled checks Medical records Computer media such as CDs, DVDs, or hard drives Shredding Services 75¢ until February 15th! Franklin, MA Shaw's Plaza, 279 East Central St. (Rte. 140) 508-541-8100   Millis, MA Roche Bros. Plaza 14 Milliston Common (Rte. 109) 508-376-1200   Milford, MA Hannaford Plaza  9C Medway Rd 508-422-9600     Nashua, NH Somerset Plaza 379 Amherst St.  603-882-6245   Copyright © 2016 Postalcenter, All rights reserved. Want to change how you receive these emails?