While many of us are gearing up for a (smaller than usual) Thanksgiving celebration, hackers are still targeting emails, passwords and even videoconferencing. Here’s what’s happening right now in the world of cybersecurity.
Beware of “Site Notifications” – It seems like more and more sites (especially news sites) are presenting readers with a pop-up window asking for permission to send notifications. It’s easy to accidentally click “yes” to these, which will lead to you being harassed every few hours by popup messages. But while this was previously only annoying, it’s increasingly turning dangerous as some sites sell the ability to send these notifications to third parties, including malicious ones. Brian Krebs explains how this works in a recent post, but it’s up to users to be extra cautious about clicking “Yes” on the pop-up notification just to get it off the screen. Read more at Krebs on Security
Spotify Passwords Are Everywhere Now – After a security company found hundreds of thousands of Spotify passwords inside of an unprotected database, Spotify has confirmed that they are legitimate.
If you have any employees who use Spotify and use the same password for everything, then you might have a problem. That’s because there’s a good chance that their password for everything (including their work computer) is now compromised.
In fact, one theory on how these usernames and passwords were obtained is that they were stolen from another source, tested on Spotify and confirmed to work there too. Read more at Threatpost
Email Compromise Could Lead to Videoconference Eavesdropping – A recently-patched WebEx vulnerability allowed anyone with a link to a videoconference (and the password, if applicable) to sit in on a meeting without appearing on the participants list. They could even remain in the room after being removed by the host. This means that an email compromise could have quickly turned into a hacker literally listening in on sensitive meetings, highlighting yet another way that a compromised email account is a major security threat. Read More at Cisco