password

What is phishing? Everything you need to know to prevent and fight it

by

Have you ever been a victim of fraud via email? This type of fraud is known as phishing and is becoming more common and dangerous every day. It is a method used by cybercriminals to deceive users, showing them information that seems like it comes from a known company, thus, they get confidential information such as credit cards, social security numbers or bank account numbers.

They usually send you an apparently corporate email (for example, an email from your bank) where they will direct you to a fake website, and kindly ask you to update your password, validate information about an account, or the most attractive ones offer you gifts, among other things, which will then allow hackers to keep your data. 

In some cases these attacks are easy to detect, however, in the day to day especially during working hours, we do not have time to look at small details. Spelling errors, unofficial URLs of companies that claim to be, or sometimes very similar addresses but not exactly the same, are the main indication that something is wrong. 

There are not only produced via email we can find several types:

Types of phishing attacks: 

  • Deceptive Phishing: This is the traditional type that we described above, the aim of the attacker is to obtain personal information from the user either by trying to get the user to provide it or by redirecting it to a fake website in order to obtain said information.
  • Spear phishing: This type of attack is usually more personalized and may include more personal information such as the name of the victim, phone or workplace. Spear phishing can come with names of known people, where they tell you that they attach a file that may be common for you, but this can be infected. These types of attacks are much more difficult to detect.
  • CEO Fraud: It works in the same way as Spear phishing, but in this specific case, the attacker pretends to be the CEO or someone with a relevant position, where they requests confidential information and that the employee will believe that must be given as someone with decision-making power in the company. 
  • Smishing: This type of attack is produced by SMS. They usually offer prizes and to receive it, the victim has to click on a link, reply to the message or call a phone number.
  • Vishing: This type of attack differs by being through a typical telephone call, where the attacker, as well as via e-mail, seeks to obtain certain personal information. 
  • By search in the browser: the fraud occurs in the same way with a fake site, but in this case, the hacker uses SEO and SEM techniques to position his false site and thus the user finds them among the first options of what you are looking for 
  • Pharming: This type of attack manipulates the hosts files or Domain Name Systems (DNS) to redirect a specific domain name to the one chosen by the cyber-attacker. 

What to do to prevent it?

  1. Recognize and identify a possible phishing: some details that can help us detect an email of this type: 
  • The URL address is different from the official website of the company where it says it is. The difference can be minimal: an “i” in uppercase (I) looks like a lowercase “L” (l).
  • They usually offer gifts or ask to update data, which is rarely requested in this way. 
  • Check the wording and language: often this type of emails have some details in the wording or language, if you see an email from your bank written in another language, this can be a clear sign of phishing.
  1. Enter your confidential data only on secure websites: In addition to checking the domain, check that the website is secure and that it starts with https: //
  2. Use two-factor authentication for all the services that allow it, especially for those who handle financial information
  3. Check the shortened URLs: if you see an abbreviated URL on a social media or it arrives by mail, there are websites that allow you to see the full address, that will allow you to see where you are redirected. 
  4. Open documents with other online documents viewer such as Google Drive: If it is usual for you to receive files from different contacts, you can open it first in an online document reader which will prevent some malicious software from being installed on your device. 
  5. Frequently update all the operating systems, browsers and applications that you use, thus avoiding vulnerabilities. 

Cyber ​​attacks are becoming more sophisticated every day and we can easily be deceived, but if we take the necessary preventive measures and are aware of how they are evolving, we can go a step further and thus reduce the risk of being the next victim. 

We have news in HushApp that we want to tell you!

by

We have news in HushApp! Yes, because every day we work hard to make your experience better and better, so we decided to take this space to tell you about all the improvements we have made to our web version until today.

We are constantly changing, always looking for HushApp to be easy to use and at the same time secure enough to protect the privacy of your files. That’s why our team is committed to making this app as user-friendly as possible and our mission is to keep your information safe.

What’s the news in HushApp?

Here is a summary of what we have improved for you …

  • Some changes in the transfer process: as part of the progress in the user experience, we have improved this functionality, since it is one of the most features of the app. Now the send button is active from the moment you add a file. If you click on it, it will validate the recipients and show you some warnings and indications in case they are necessary, so you know at all times what you have to do.
  • Messages at the beginning and at the end of the encryption process: When you make a transfer, a message will appear at the beginning and at the end of the process, indicating the number of files you are sending and the number of recipients that you chose. A way to better visualize what you send and who you send it to.
  • We improved the password field to transfer to unregistered users: As you know, in Hushapp you can send your files even to people who do not use the application and are still protected. To do this, you must create a password and send them by other means, so that they can receive your files securely. We have facilitated this process in several aspects:
  • Now you can see an information button, which opens a drop-down and explains what you should do when you send a message to unregistered users.
  • We also have a more descriptive placeholder, so you know where and what you should enter in this field.
  • We also added an eye icon that allows you to hide or show the password, so you can see what you write, if you are in a secure environment.
  • The history of transfers received shows you the expiration of each transfer: now you know how much time you have left to download the files that were sent to you.
  • The clickable area to add files to a transfer: A larger space to click and add your files, which makes the sending process faster and easier.
  • Improvements for companies and work teams: On this issue, at Hushapp we are working hard to improve the experience for work teams. One of the improvements is now you can send a reminder to a colleague to complete the registration process.

To explain it in simpler words, if in a company all employees use HushApp and someone tries to send a file to a colleague who has not yet completed the registration process, HushApp will send a reminder to them to activate their account, thus they will be able to receive the files in a secure way.

Take a look at our web version and feel free to leave comments on what you think about this news in HushApp!

Data Breach: Types and Vulnerabilities

by

We invite you to read Hogan Injury’s post, our special guests:

For many years now, data has been a critical part of every organization. Criminals have been sharpening their tools to breach companies’ cybersecurity to get a hold of sensitive data.

What is a data breach?

A data breach occurs when a cybercriminal is able to infiltrate a data source and acquire sensitive information, either done physically by accessing a computer or a network and steal the information or compromising a network security remotely. The latter is the one often used to target companies.

What are types of data breaches?

  1. Phishing. This refers to attempts to extract information from users by presenting itself as something official. This could be an email message that looks like an official message from your bank asking you to update your information.
  2. Password attacks. Cybercriminals run programs that would try multiple passwords until they are able to access your accounts. Such attacks can successfully crack unsecure passwords.
  3. Malware. The word “malware” is the general term used to refer to any virus. Worms and Trojans are among the best-known malwares. To keep them from infiltrating systems, risk management firms advise against clicking links and opening attachments from unrecognized sources.
  4. Ransomware. This type of breach is becoming popular recently, especially in law firms and hospitals. Cybercriminals, after gaining access to the network or website, will shut it down and lock it from all functionalities. After which, the criminals will ask for ransom for the access and the information gained.
  5. Denial of Service. This breach happens when the attackers or hackers attempt to prevent legitimate users from accessing a network, account, or service. It is done by flooding the users with useless and invalid authentication requests, resulting in the network to eventually crash.

How does a company become vulnerable to data breaches?

  • Employees. Insider threat remains to be on top of the list of security risks, partially because it is much easier for those who already have access to data to abuse it. Unhappy employees and those who have recently separated from the company are potential threats to data security. Employers must employ protocols that will minimize internal attacks and immediately deactivate separated employees’ login credentials. Employees who are careless and uninformed are equally dangerous.
  • Cloud Storage Apps. While it is a modern and convenient way to store data, cloud systems are vulnerable to breaches. To minimize risk, choose a reputable cloud storage company that uses data encryption.
  • Mobile Devices. When employees are allowed to bring and use their own mobile devices at work, it is a lot more difficult to control security, passwords, downloads, and other activities. Companies that allow employees to sue their own mobile device must have a comprehensive written policy in terms of expectations, liabilities, and limitations.
  • Third Party Service Providers. Outsourcing can be convenient and cost-effective, but it also leaves your company susceptible to cyber attacks and data breaches, especially if your service provider uses low-security methods. To minimize risk, choose a reputable third party service provider; have them specify in the contract their security procedures and the assumption of liability in case of a data breach in their system.

Contact us at Hogan Injury for expert legal advice.

Original text here

9 Tips to protect your router from cyber attacks (and your neighbor)

by

The Wi-fi signal from our router has become part of the family, how many do not depend on this small device to keep the family happy? We all want it to keep working perfectly, but surely you have not bothered to protect your router until the neighbor manages to connect to it. How he did it?

Imagine that your router is an open door to your home, think of all the devices that are connected to it, if you do not take the necessary security measures, you will not only be leaving the doors open for your neighbors to use your internet connection without paying it, but also you are responsible for the pages that he / she visits, and therefore, you risk being an easy prey to a cyber attack.

How can we prevent intruders from connecting to our Wi-Fi? Although we do not have the magic formula to achieve total security, at least we can help you improve your daily practices and reduce the risk of an attack by following this tips:

First steps to protect your router: Change everything that is by default

  1. The first step is change the user, avoid leaving “admin” and configure something customized.
  2. Second and one of the most important, change the password which comes by default by the manufacturer or operator. Use the strongest passwords you can, with combinations of uppercase, lowercase, numbers and special characters.
  3. Also, change the IP address of the router: it is usually 192.168.1.1, just by changing the last digit and making it difficult for any intruder to enter.
  4. The name of the Wi-Fi: here you can use something simple or easy to remember, but do not put information that refers to you: your name, nickname, physical address or any other unnecessary information.

After making the necessary changes, you can apply other stronger measures to protect your router:

  1. Limit the emission power of the antennas: one of the simplest measures, because if you limit its scope, it will be difficult for others to get connected, only to those who are inside the house. Most routers allow managing the antennas power to limit the radius coverage of the network.
  2. Configure your network with WPA encryption: It is recommended to enable the most current WPA3 WPA configuration with a 192 bits encryption and the ability to individually protect each device that connects to the network. However, most modern versions of WPA like WPA2-PSK can also secure your network, since it offers a high level of protection. Is not recommended to use WEP encryption, since it is not secure enough, modern routers it does not have this option configured, nevertheless, it is worth reviewing it.
  3. Update the firmware: your router has its own operating system like your mobile devices and computers, it should be updated to correct possible bugs and vulnerabilities.
  4. Create different networks: Some new routers can create different networks, this will allow you to have networks for different purposes.
  5. Filter the MAC addresses: the MAC addresses identify every devices, there are not two computers with this identification number. Register the MAC addresses you want on your router, and only they will have access to your home’s internet.

If you want to be aware of other cybersecurity tips, we invite you to visit our Syneidis blog.

What is zero knowledge technology and why do we use it in HushApp?

by

It is difficult to choose the appropriate ways to protect our information, each application may have stronger features than another. If you want to keep an intruder as far as possible away from your files, then there are options available in the market that can help you. This level of protection is known as zero knowledge technology, but, what is it? How does it work?

It is important to begin recognizing the protection type we want for our files. We have the ability to choose who does or does not access them, but our security sense depends on the trust we have in others. For example, how could we ensure that a hotel does not use the master key of your room to enter and rummage through your belongings and even steal them? There should be a method to ensure that the hotel will not use this key.

The same happens in the digital world, when entering a service, you need to enter a password. Traditionally the server already has a coded version of the password, if it matches, you can access the system. The problem is that the server also knows your password. This is where zero knowledge technology could help you …

How does it work?

Zero knowledge, or ZKP (Zero Knowledge Proof), is a protocol used in encryption systems. It is a method established for one of the parties to prove to another that a statement (usually mathematical) is true, without revealing anything other than the truth of the statement.

To put it in simpler words, zero-knowledge technology uses encryption schemes that show if someone knows something without revealing what it is. For example, this is similar to when someone knows the answer to a riddle but does not reveal the solution. How can you prove that they really know the solution?  

There are two fundamental parts involved in this process, the “tester” who knows the information and the other, in this case the “verifier” who is convinced that the tester knows the information in question. To verify this, the ZKP protocol follows three basic properties:

Totality: the tester can provide the correct information and the verifier will be convinced of the truth of what he receives. Taking it to the digital world, a tester could be a user who places his password in an application, the application (verifier in this case) will receive the password of the tester (the user), without needing to know it.

Solidity: The only way to convince the verifier, is entering the correct information (or the correct password).

Zero Knowledge: The verifier knows that it is the correct information, but can not know the password.

A unique feature of this system is that it not only shows that it knows something to its interlocutor without revealing it, but if someone simply observes, they cannot verify or know anything about this procedure.

The interesting thing about ZKP is that it is a form of authentication where passwords are not exchanged, which means that service providers do not know anything about the data they store on their servers. It is also included in our HushApp!

HushApp and Zero Knowledge Technology

One of the most interesting HushApp features is that we use this technology to give greater protection to your confidential information. With this, you are certain that we do not have access to your information, passwords, or the files you store or send.

With this you get a more secure communication because only the user knows what he is communicating or what files they are sharing. When not storing your password, it is very important that you memorize it or keep it in a safe place, since if you lose or forget it, you will not have a way to recover it.

We invite you to protect your files easily and safely.

Try HushApp …

17 essential tips for parents on Cybersecurity for children

by

There is no doubt today that children have the ability to use electronic devices and the internet, even the smallest kids already know how to play their favorite online games. This opens a debate among parents about what age should kids start using technology and how much time they should spend on it. Although there is no precise answer to these questions, here, parents can learn some tips about Cybersecurity for children.

According to a research by Norton, 87% of Spanish parents consider it risky to allow their children to use computers and mobile devices without any supervision; in fact, among the 3 biggest concerns are: children can suffer cyber bullying (92%), spend too much time in front of the screen (88%) and download malicious programs or applications (88%).

Despite the active awareness of these latent dangers, statistics say that most parents are not adjusting their parenting.  The study found that 68% do not limit access to certain websites or applications, 19% allows their children to buy online without surveillance and 57% allows them to use the internet without supervision.

Children on the Internet have a lack of supervision due to many reasons, one being parents not intervening to check the safety of their children.

Therefore, we invite you to read the following basic cybersecurity tips, which you can apply to control and protect your children about the dangers they are exposed to on the web.

Cybersecurity for children: tips for parents and children

  1. Limits how long your children can spend connected to the web, set those limits and make sure they are met.
  2. Watch the pages they visit, who they communicate with and what other actions they do on the web. And if you detect any access to some undesirable content for their age, you can talk with them about the subject and block access to the web or game.
  3. Recommend your kids to not use their real name on the web and never give personal information, such as phone numbers, your address, their school, or where they will go on vacation, etc. to strangers.
  4. Establish a VPN connection in your home to ensure that no online predator will have access into your system.
  5. Teach children to create unique passwords that they can remember or keep in safe places.
  6. It is important for children to understand that the digital world can be as dangerous as the real world. If they are usually taught not to talk to strangers, the same should apply on the web.
  7. Watch who they contact on the web and teach them never to meet a stranger in person they met online.
  8. They should never respond to any threatening messages. Let them know if this happens, they have to discuss it with you or the adult that is in charge.
  9. Try to place the computer in a common area, where you can monitor what they do. This can be challenging by the usage mobile phones or tablets, yet still possible, you have the ability to monitor it other ways.
  10. Bookmark their favorite sites to facilitate access.
  11. Pay attention to any changes or attitudes regarding the time they spend on the web: Do they receive phone calls from people you do not know? Have you noticed any unsolicited gifts that have arrived in the mail? do they not like to talk about their online activities? Although these questions may seem unimportant, they could be signs that your children are being cyber bullied by a criminal.

Cybersecurity for children in Social networks:

12. Show them how to recognize and block unwanted contacts. 

13. Specify that they must only add contacts from people they already know.

14. Monitor their social networks, check who their friends are and what they publish.

How to use parental control

15. Disable online purchases, or set parental controls on their devices to control they use it.

16. Use applications to monitor what your children do online: what do they download? How much time do they spend connected?

17. You can also configure parental control in browsers to be sure which pages they can enter.

Technology is changing our way of life, therefore, encouraging parents to monitor their children online will allow the child to grow up understanding how to navigate the online world in a safe way. The web can be as dangerous as the real world, however they don’t need to stop enjoying it. The important thing is that parents start to implement this change in their daily lives. Cybersecurity for children is important and if done properly can be hassle free.

Why use a passphrase instead of a password?

by Leave a Comment

As technology changes and advances, so do cybercriminals. That is why every day sites on the internet, softwares and applications are required to ask users to strengthen their passwords. This is because, users continuously make the same mistakes, using a password that hackers can easily discover.

According to Google’s global data, 68% of people use the same password for different accounts, only 46% change it at least once a year, and 91% use a password that is in the top 1000 most common passwords in the world. This goes to show that we still do not know the magic formula to remember a strong and unique password.

Remembering all of our different passwords is growing more difficult: increased length, numbers, capital letters, lowercase letters, and symbols make it difficult to not make mistakes, or forget. Thankfully, there is a better option: how about we use a passphrase?

Passphrase: what you need to know

A passphrase is nothing more than a phrase that works like a password. It is commonly used in the encryption of access to some software or other electronic systems. Unlike the password, they are much easier to remember.

Not all applications or software have this feature, but you can choose this option if the service allows it, especially when you need to protect the content of the information you want to share. The rest of this article will be dedicated to offering some simple tips that will help you  build a safe and easy to remember passphrase.

Like passwords, passphrases must have a certain level of complexity, or at least creativity, something that makes it unique and that only you will remember. Although this principle is repeated when you create a password, in the case of a phrase it may make more sense than a set of symbols, numbers and letters. Therefore, avoid using familiar phrases such as excerpts from songs, books or popular culture.

Do not repeat the phrase, remember that a password is like a key, you do not use it to open the same room. With the passphrase it will work the same, use a different phrase for different services.

Also, do not share the method you used to create it, it may be a clue you give to hackers to guess your phrase.

HushApp: Passphrases to send your files easily and safely

Now that you know you have this option, you will wonder where you can use it. In HushApp the passphrase has a leading role to protect your privacy. Here you can encrypt your files and store them in in your Hushbox. You will only be able to access your files using the passphrase you have selected.

You can also send your files to contacts you have selected, whether they use the application or not. In case you do not use it, you will also create a passphrase especially for them and send it to the recipient by other means. This way, you make sure that your information is completely secure.

Passwords have a vital function within the scope of cybersecurity, choosing the right one is crucial when stopping our information from falling into the wrong hands. The passphrase is an option to further improve the security and protection of your data, provided you give it the appropriate use.

Encryption for dummies: What is it and what is it for?

by Leave a Comment

Surely you have already heard news of cyber attacks and data leaks as it is becoming increasingly common. Any person or company is exposed to an attack of this type if the necessary security measures are not taken, but what are these measures? What can you do to protect your information?. The most used and effective method to protect your data is a system of encryption with which you can feel secure that your information is completely protected. Have you heard about encryption? Do you know how it works?.

If your answer is no, it is time for you to start taking cybersecurity more seriously and begin learning more about it. That is why we have prepared this post, in hopes that it will help you better understand and apply it in the daily management of your files.

What is encryption?

To explain it in a simple way, encryption is a procedure in which any type of file becomes unreadable thanks to an algorithm that scrambles

the files components. This makes it impossible for the file to be opened or decoded if you do not have the key to access the information. This  means that if an unauthorized viewer intercepts an encrypted file they will only be able to see a group of illegible characters, even if they manage to open it.

This system is not something new. Encryption has existed for many centuries, however, its modern use dates back to the First World War. During the conflict different blocks sent illegible messages back and forth to prevent the enemy from deciphering them in the case that they were intercepted in transit.

Encryption, Symmetric and Asymmetric what is it for?

The most common types of file encryption are symmetric and asymmetric.

The symmetric encryption system uses a single key to encrypt or decrypt, while asymmetric data uses two keys: one public to encrypt and one private to decrypt. In this way it is impossible to derive the private key from the public key.  

Advantages and disadvantages

It is important to highlight the level of security offered by data encryption. It is a much more powerful tool than a password (such as the start of the mobile or email), since they only protect access. Once the password is discovered, anyone with it has full access to the contents of the files. Encryption protects data directly, making it impossible to see the contents of files.

The only disadvantage to consider is the importance of not losing your password. After it is lost, all access to the data will be lost completely, as there is no way to change it. So all things  considered, the only additional requirement of encryption is greater protection of your passwords.

How is a file encrypted?

There are different levels of security that depend on the complexity of the algorithm used. Different encryption methods contain greater and lesser levels of sophistication and complexity.

At the user level, it is not necessary to use such complex tools. Currently there are applications that can help you encrypt your files both easily and quickly, while also to share them with your contacts in a secure way. This allows them to remain protected from the moment they are sent to the moment they are received.

We are the only ones responsible for ensuring the security of our information, so taking protective measures as a habit will help us avoid future problems.

Encryption is easy, check it with HushApp!