National Cybersecurity Awareness Month: How to Get Involved on Social Media

by , on

National Cyber Security Awareness Month (NCSAM) is coming up in October.

To say that cybersecurity is at the top of the priority list for governments, consumers and businesses is an understatement.  With the high-profile data breaches that made the news headlines over the past year, the need to be vigilant is more important than ever before.

Here are some recommended ways to get involved on Social Media from the National Cyber Security Alliance:

  • Use the hashtag #ncsam on Twitter and Facebook to post online safety and cybersecurity tips
  • Use the NCSAM logo as your profile picture for October –  Download 
  • Blog about cybersecurity throughout the month

Learn more here.

Have any other ideas for getting involved? Post them in the comments!

Dangerous Apple iOS 8 Security Flaw Uncovered, Called ‘No iOS Zone’

by , on

Professional hackers at SkyCure have discovered a major security vulnerability in iOS, that allows a malicious WiFi hotspot to launch a DDoS (Distributed Denial-of-Service) attack.  The ‘No iOS Zone’ flaw, works by exploiting the SSL security certificate of iOS 8 that leaves a device wide open.

The SkyCure CEO said,

“This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”

Read more here

Security Flaw Affects All Windows Versions, Including Windows 10

by , on

Security firm Cylance has discovered a security flaw in all versions of Windows (including Windows 10) that has existed for two decades, called the “Redirect to SMB” vulnerability.  Microsoft has downplayed the vulnerability, however, in theory it could allow for the theft of usernames and passwords from millions of PCs, servers and tablets.

Read More

YouTube Security Flaw Allowed Deletion of Anyone’s Videos

by , on

A security researcher, Kamil Hismatullin, discovered a major flaw in the YouTube API that allowed people to delete any videos on YouTube.


He was searching for YouTube vulnerabilities to report to Google for a cash reward when he found this code:


event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN


In order for someone to delete the video, all they had to do was fill in the YouTube video ID.  Before fixing the flaw, Google did not check to see whether the person had permissions to delete the video.  The vulnerability has since been fixed, and the researcher received a $5,000 reward.


Read more here.

Slack Gets Hacked, Adds Two-Factor Authentication

by , on

The business chat application, Slack, has been hacked.  The data breach lasted about 3 days, during which hackers obtained access to usernames, email addresses and passwords.  The company said a “very small number of Slack accounts” were affected, but no specific numbers were released.  Since news of the hack, Slack has rolled out a new two-factor authentication feature.

Read more here.

Twitch Gets Hacked, Resets All User Passwords

by , on

Twitch, the world’s leading video platform and community for gamers, announced yesterday that they suffered a data breach.


Twitch posted a notice on their blog, alerting users that all passwords and stream keys have been expired:

“We are writing to let you know that there may have been unauthorized access to some Twitch user account information.

For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.

We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.

Twitch Staff”


They also sent out an email to all users that were potentially affected by the data breach:

“We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.

For your protection, we have expired your password and stream keys. In addition, if you had connected your account to Twitter or YouTube, we have terminated this connection.

You will be prompted to create a new password the next time you attempt to log into your Twitch account. If applicable, you will also need to re-connect your account to Twitter and YouTube, and re-authenticate through Facebook, once you change your password. We also recommend that you change your password at any other website where you use the same or a similar password.

We apologize for this inconvenience.

The Twitch Team”


Twitch is one of many companies who has been hacked recently due to weaknesses with usernames and passwords.

Facebook Vulnerability Exposes Your Private Photos

by , on

A new security vulnerability has been found in Facebook by bug hunter Laxman Muthiyah that exposes private photos, and it put millions of users potentially at risk.  The bug was found in Facebook Photo Sync, a feature that automatically uploads every photo taken on your mobile device to your Facebook account, but marks them as private so only the user can see them.  The vulnerability allows hackers access to these private photos by building a malicious application and then tricking victims into installing the app.

Read more here.

Premera Blue Cross Hacked, 11 Million Customers at Risk

by , on

Premara Blue Cross has been the target of a sophisticated cyberattack where unauthorized access was gained to the Premera Blue Cross IT systems.  A Premara spokesman confirmed that about 11 million individuals may be affected, and the data compromised may include Social Security Numbers and bank account information.


If you use Blue Cross insurance, we recommend contacting the phone number on the back of your insurance card to see if you were affected.  If you were affected, you can take advantage of two years of free credit monitoring and identity protection services here.