California’s New Privacy Law Protects Consumers’ Submitted Data

California residents rejoice – a new law passed for 2020 allows for greater consumer data protection in which one can opt-out of having companies collect and sell their data to third parties. This includes any data collected from social networking websites, consumer goods retailers, banks, etc. 

The new act is called the California Consumer Privacy Act (CCPA) and ultimately protects people from having their data monetized. Under this act, consumers have the right to access copies of any data collected by companies. Those businesses that violate the Act can face State fines or sanctions placed upon them. Enforcement of the Act begins this year in July, and any company that has yet to comply with the change in data collection may not face trouble until then. 

For those companies already in compliance with the new law, consumers can find their data collection opt-out pages typically under the Privacy tab. Recently, a directory of links was created to include these company pages for easy access to opt-out requests –  if in case the page isn’t found straightforwardly on the company site homepage. 

For more information on California’s new Consumer Privacy Act, please visit this page here. The directory of opt-out request pages can be found here.

New Orleans Struck by Cyberattack, City Declares State Of Emergency

On Friday, December 13, New Orleans Mayor LaToya Cantrell declared a state of emergency for the city after a cyberattack was detected around 11 a.m. 

The incident began at around 5 a.m. when NOLA Ready – New Orleans’ emergency preparedness campaign – confirmed “suspicious activity…on the City’s network” and a “cybersecurity incident” by the time 11 a.m. rolled around. Once the threat was established, New Orleans’ IT department issued a shutdown of all employee devices and disconnection from Wi-Fi. Servers were also ordered to be powered down following the attack. Emergency response lines were still open to take calls, however. 

The City of New Orleans declared a state of emergency shortly after the cyberattack was detected. A press conference was held the Friday of the incident, in which Mayor LaToya Cantrell confirmed that a cyberattack was responsible for the unusual network activity. Officials stated how no data was lost after the attack and that there is still no indication that passwords were compromised. Chief Information Officer Kim LaGrue confirmed that phishing emails had been sent to employees that asked for their login information while the attack went underway. There was also evidence of ransomware – specifically the Ryuk strain – as cause for the cyberattack. 

Mayor Cantrell did later affirm that ransomware was behind the attack, but investigations are still ongoing to verify if Ryuk was indeed involved according to the press conference held Monday, the 16th. 

It’s always important to take precautionary steps in making sure you’re prepared for an impending cyberattack. Some cybersecurity steps you can take include:

-Backing up all your data

-Being mindful of what email links and attachments you click on

-Patching software vulnerabilities

-Using strong passwords and activating two-factor authentication for your accounts

Inverselogic’s 2019 Holiday Gift Guide

It seems like yesterday that we celebrated the New Year, and in a blink of an eye, the holiday season has arrived once again. Inverselogic’s 2019 year was quite eventful and exciting with the onboarding of new client projects such as the establishment of Second Home’s new Los Angeles based location – a co-working space that evokes a futuristic atmosphere, the debut of Cellar Thief’s new website – an e-commerce store for wine enthusiasts – in addition to the site launches for Walker Wines and Blacksmith Wines – two stores that celebrate discriminating collectors who seek rare wines from the world, such as French Bordeaux or Italian Barolo. Even though the year is coming to a close, we are still busy with ongoing Windows 10 operating system upgrades as well as our preparation for the upcoming 106th Annual Rosebowl Game – a perfect way to kickstart 2020 with one of the year’s largest sporting events. 

While 2019’s conclusion is fast approaching, our enthusiasm for imparting valuable cyber security information never wanes. Alongside this, Inverselogic strives to provide all our clients with top quality technology services, and our dedication to client satisfaction has been and always will be one of our principal missions. Additionally, our team is committed to delivering innovative technology solutions that best serve our clients’ needs and ensure their continued success.

We would like to express our sincerest gratitude to all our wonderful clients for making 2019 another fantastic, prosperous year. Every year brings us the opportunity to learn, grow, and succeed with our clients. We’re thankful for our business partnerships and the goals that we achieve through every project together. From our team to yours, we hope your 2019 was just as successful.

Inverselogic welcomes the forthcoming new year as we look forward to what 2020 may bring. We would like to wish you a fun and safe holiday season and a very Happy New Year!

Please enjoy our annual Holiday Tech Gift Guide, which features all of this year’s newest and coolest gadgets. We understand that holiday shopping can be hectic around this time, so we’re here to make your experience stress-free as you search for that perfect gift for your loved ones!

UPS Drones Began Delivering Prescription Medications in US

Image Source: UPS

A subsidiary of UPS called UPS Flight Forward began its drone delivery in North Carolina at the beginning of November. Through a partnership with CVS Pharmacy and Matternet, the company successfully delivered medication to both a home and retirement community. 

The drone delivered packages without human operation, although it was monitored remotely. During its delivery, the machine lowered the package it carried through use of a cable. This approach to delivering residents’ packages has taken the burden off those who have restricted mobility. 

Drone deliveries have been happening since earlier this year, with UPS delivering medical supplies to North Carolina’s WakeMed Hospital beginning in March. Google also launched its own drone delivery operation called Wing in October this year, transporting supplies like over-the-counter medications to residents in Virginia. UPS’s Flight Forward now allows for easy, stress-free delivery of prescription medications to residents.

In order for companies to operate drone delivery services, they must receive a Part 135 Standard certification that is administered through the Federal Aviation Administration, granting said companies the ability to carry packages weighed over 55 pounds and fly an unlimited amount of drones during day or night. UPS recently received its Part 135 certification this September. With this granted certification, companies like UPS can explore new possibilities for their drone delivery services, perhaps extending their delivery locations and even categories beyond prescription medications or medical supplies. Google’s Wing has already tested delivering a range of items from Walgreens and a gift shop called Sugar Magnolia in Virginia.

Google’s New Application Tools for Maps, YouTube, and Assistant Put Privacy in the Hands of Its Users

Image Source: www.iStock.com/IngusKruklitis

Just in time for National Cybersecurity Awareness Month, Google Maps, YouTube, and Google Assistant were recently announced to have new tools related to user privacy and security. The new updates to these applications give users more control over what data Google can retrieve, and even gives the option for users to delete already collected data such as within Google Voice Assistant. 

Google Maps has now included an incognito mode to keep the application from tracking which places you search for and where you travel to, this thus giving its application users more control over privacy. Incognito mode also helps to keep users’ personalized recommendations from including any locations that would otherwise be irrelevant. Android and iOS users are expected to have this feature available to their Maps application this month.

Image Source: Google | https://www.blog.google/technology/safety-security/keeping-privacy-and-security-simple-you/

 

YouTube is receiving an update as well, with users now able to choose when the app will automatically delete accumulated history. You can choose to keep your watch history for three or 18 months, or just choose to keep the data until you delete it manually.

Google Assistant is also getting an update that allows users to delete any saved voice data. By saying phrases like “Hey Google, delete the last thing I said to you,” or “Hey Google, delete everything I said to you last week,” to your device, Google Assistant will delete its “Assistant Activity”. Deleting voice data from a while back would require you to go into account settings.

After it was revealed that actual people could listen to voice recordings for the purposes of improving voice assistants, Google, Amazon, and Apple all took action to remedy the privacy situation. Alexa, for instance, was implemented with the option for consumers to choose whether recordings will be reviewed. Two months ago, Apple also stated the suspension of its Siri grading program which similarly recorded user audio. The company commented on how they would incorporate consumer participation choice in the grading program with a future update. 

Image Source: Google | https://www.blog.google/technology/safety-security/keeping-privacy-and-security-simple-you/

 

This Google Assistant feature is expected to be released in all languages by next month. The English commands will be available this month. 

Lastly, Google had released Password Checkup within its Password Manager tool. The Checkup feature notifies its users if their passwords have been compromised from a data breach, weak and need to be strengthened, or whether a password has been reused. Google will be adding this tool to Chrome soon, but users can still take advantage of the feature at passwords.google.com.

Cybercriminals Impersonate These Well-Known Companies in Phishing Emails

Suspicious emails coming through to your mailbox? Does the email claim to be from Microsoft and need your login information to fix an unfounded issue? Cybercriminals increasingly send victims emails such as these, impersonating large-scale companies to appear legitimate, and it’s not only Microsoft impersonations. From Facebook to Amazon, to Paypal and Netflix, it’s a good idea to double check where those emails are actually coming from.

Cybersecurity company Vade Secure conducted an analysis of companies that were most impersonated and found that Microsoft was one of the most used brands in phishing schemes, with an increase of 15.5% since the previous year. Due to the popularity in Outlook mail and Office365, Microsoft is a widely popular impersonation target. With businesses and corporations relying on Office365 for keeping restricted and sensitive files, hackers look for any means necessary to get their hands on such valuable information. Access to Office365 accounts can also open more doors for targeting other users to gain access to more accounts. 

Illegitimate emails claiming to be from Microsoft ask users to log in via a link provided by the hacker and open up a spoof page that mirrors the actual website, prompting users to input their login credentials and submitting it to the cybercriminal.

Paypal comes out as the second most common company to be used in phishing schemes, as the brand is easily recognizable by many. While Paypal still remains a popular choice in targeting victims with fake emails, malicious URL targeting has been declining.

The third most popular company to be used in a phishing attack is Facebook, as Vade Secure tracked a 176% increase in fake URL use to target users’ social media accounts. The social network acts as a perfect opportunity for hackers to send phishing messages to victims’ friends. Facebook access can particularly be harmful if victims have third party applications connected, to which cybercriminals can also access. 

The report further lists other brands like Netflix, Bank of America, and Apple that are also used in these emails. Amazon is now the eighth most popular brand for phishing use by hackers, and its use has grown over 400% in just a year, this likely due to the popularity in Amazon Prime Day and the extensive number of shoppers on the site. 

Phishing attacks are continuously utilized by hackers due to the cheap and easy way it reaches a mass of users. If you receive any such suspicious emails in your inbox, mark it as spam immediately. If you are ever unsure about your account, log in through the company’s official site instead of clicking on malicious email links.

Hackers Gained Access to Sprint Customer Accounts via Samsung Site

Image Source: iStock.com/TennesseePhotographer

As reported on Tuesday, July 16, Sprint has confirmed that a data breach took place through  Samsung’s website, in which hackers were able to access customers’ accounts. There is no detail on how many of such accounts were breached through this occurrence.

The data breach took place on June 22nd, to which Sprint had notified consumers that information such as first and last names, billing addresses, phone numbers, account numbers and more were compromised. According to a statement provided through their website, Sprint stated how the information collected by hackers does not allot for the possibility of fraud or identity theft to occur. After the breach, Sprint had “taken appropriate action” in securing customer accounts to avoid another mishap such as this from happening again. The carrier company also noted how fraudulent activity has yet to be detected. 

On June 25th, Sprint had reset its customers’ Personal Identification Numbers (PINs) in case hackers had breached consumer accounts through PIN. Hackers could have likely gained access to account PINs via a Boost Mobile breach that occurred back in March (Boost Mobile uses Sprint’s network). 

Sprint’s spokesperson emailed CNET stating that “credit card and social security numbers are encrypted and were not compromised” when the data breach happened. Another spokesperson from Samsung had stated that fraudulent activity was detected through hackers using Sprint account information on Samsung’s main website. The spokesperson continues: “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”

Cybercriminals Are Using Domain Fraud to Trick Victims into Using Forged Websites

Cybercriminals are using top level domains (TLD) to their advantage, performing domain fraud in the hopes of directing user traffic towards their own registered sites. Domain fraud happens when hackers register a domain that is made to look legitimate by using, for example, typos in the site name. The domains are meant to imitate real company names.  

In the instance of typo use, these lookalike domains replace letters that are easy to go unnoticed without a second glance. For example, cybercriminals can replace “m” with  “r” and “n” combined and easily trick site visitors into thinking the domain is legitimate. These illegitimate sites with typo-registered domains can be used for phishing schemes in which a hacker may attach their domain link to an email made to look like it came from a real company source. After clicking on the link, victims would be directed to a fake site that asks for users to log in, thereby allowing hackers to steal sensitive credentials. Cybercriminals also use their fake sites for other means like selling counterfeit products of a well-recognized brand. 

Researchers at Proofpoint noted how there has been an 11% increase in malicious domain registrations in 2018, with retail brand sites the main target for such domain fraud. 96% of organizations as part of Proofpoint’s customer base had noticed that their domains were copied as is, with the only exception being the domain name extension change (i.e. .net, .co, .info). 

Due to the extensive variety in domain name extensions, cybercriminals have found it much easier to register domains that copy actual business sites or brand names. Alongside this, the European Union’s General Data Protection Regulation allows privacy for domain registrars thereby making it much more difficult to track cybercriminals. 

Cybersecurity experts warn users to always check the URL for a safety certificate – in which HTTPS is used rather than HTTP – to ensure a fraudulent site isn’t used. However, hackers can always use safety certificates to their advantage, posing their site as one that is legitimate. In this case, it’s always best to double-check the URL spelling or do a quick search on Google to find the actual company site. 

Instagram is Testing New Feature That Can Help Users Combat Hackers Stealing Accounts

Image Source: iStock.com/bigtunaonline

Instagram is working on putting user account security at a high priority by making it more difficult for hackers to steal accounts to hold them hostage for ransom or sell for high profit.  

Hackers are after big influencer accounts in a scheme reported by Motherboard which involves cybercriminals targeting big name Instagrammers. The attack works through an email link that – once clicked – directs users towards a fake Instagram login page. Once a hacker steals the login credentials and has access to the account, victims are unable to sign-back in or regain access to their own profiles, as hackers change both the recovery email address and phone numbers associated with the account.

Instagram had previously acknowledged the problem of users having difficulty in accessing their accounts, to which the company had advised in setting up two-factor authentication as well as implementation of stronger passwords, but adding these extra steps of security doesn’t exactly help when a cybercriminal has already accessed an account. Phishing links have been used as a primary means of tricking influencers into signing into bogus login pages made to look authentic. Furthermore, if an influencer has used the same account credentials that were previously involved in a data breach elsewhere, cybercriminals can use this information to their advantage to gain access to an account

After users have long complained about Instagram’s lack of responsibility and initiative in taking care of the hacker issue, the company recently announced new ways of combating this ransom tactic.

If a user can’t log in to his/her page, Instagram gives one the option of sending a six-digit authentication code to the account’s original phone number or email address that was used when the account was first created. Any other devices used by hackers that are logged in will be logged out, allowing a user to recover their page by resetting their email and password. This feature is currently under testing. 

Image Source: Instagram

 

Instagram has also promised to bring another feature – one already available for Android users – to iOS. The feature allows a user to change their Instagram handle while also allowing one to maintain their previous handle for 14 days. This upcoming update is meant to deter any hackers from taking popular usernames to sell for profit. After the 14 day period is over, the username becomes available for anyone to use.

Father’s Day Tech Gift Guide 2019

Finding the perfect gift for Dad this Father’s Day doesn’t have to be a challenge. Our 2019 Father’s Day Tech Gift Guide can help you make the right gift choice he’ll surely appreciate! We’ve compiled a list of tech tools from headphones to smart gadgets Dad will love to use at home or on-the-go!

Check out these cool tech products below! Each product has been linked to make ordering Dad’s gift a breeze. 

Image Source: Amazon

ANKER PowerWave Wireless Charger

Price: $22.79

Does Dad need a power up for his phone? Why not get him the ANKER Wireless Charger stand? With this gift, he can recharge his phone while making sure his phone screen is in clear sight so he’s not missing a message from you.

Image Source: Amazon

DJI Spark Portable Mini Drone

Price: $335.00

Who wouldn’t want to fly a drone? This cool DJI Spark Portable mini drone will allow Dad to take aerial photos and videos and get creative using the products app!

Image Source: Amazon

Sony Alpha a6000 Mirrorless Digital Camera

Price: $498.00

Want to help Dad capture memorable moments? Get him the Sony Alpha Mirrorless Digital Camera to take photos in high resolution and full HD quality.

Image Source: Amazon

Sony Noise Cancelling Headphones WH1000XM3

Price: $298.00

Set aside the Beats and get Dad these Sony Noise Cancelling Headphones to make sure he doesn’t miss one one beat of his favorite music. These headphones are said to have a “virtually soundproof experience”.

Image Source: Amazon

Sennheiser Momentum True Wireless Bluetooth Earbuds

Price: $299.94

Want to get Dad something smaller but just as powerful for listening quality? Check out these Sennheiser Wireless earbuds that promise exceptional clarity in music sound.

Image Source: Amazon

VANKYO Leisure 3 Mini Projector

Price: $89.99

If Dad loves to watch is movies, this Vankyo Mini Projector is the right gift for him. This Father’s Day relax with Dad outdoors or indoors by easily connecting your device to this projector to play all his favorite films.

Image Source: Amazon

Fitbit Ionic Watch

Price: $199.95

If Dad loves to get fit and keep track of it, get him the Fitbit Ionic Watch! The Fitbit Ionic can track your heart rate, activity, and sleep patterns.

Image Source: Amazon

Pocketalk Language Translator Device

Price: $299.00

Does Dad do a lot of travelling? The Pocketalk can help him break down the language barrier. This onscreen device can translate up to 74 languages and offers real-time translation.

Image Source: Amazon

Logitech Keys-to-Go Ultra-Portable, Stand-Alone Keyboard

Price: $45.99

This keyboard is perfect if Dad needs to do a quick type-up with any of his iOS devices. This Bluetooth keyboard is both dirt resistant and portable.

Image Source: Amazon

Echo Show 5 – Compact Smart Display with Alexa

Price: $89.99

If Dad needs a screen assistant, why not get him the Echo Show 5? This device comes with smart home controls, can help Dad stay updated on the latest weather, news, and game reports, and video call you when he can.

Image Source: Amazon

Eufy Smart Scale

Price: $44.99

This scale does more than just measure weight – it can give Dad a full insight on his BMI, Muscle Mass, Bone Mass, and more! He can even keep track of things using Apple Health, Google Fit, or his Fitbit.

Image Source: Amazon

Apple iPad Pro (11-inch, 64GB)

Price: $749

Help Dad get creative with the latest iPad Pro from Apple. With complete Liquid Retina display and a device that allows for multitasking, Dad can get all his work done and still have time to catch the game with you.