Subterms
LagartoFilm/Getty Images If you use a VPN, are you using it all the time and for everything on your desktop or laptop? You probably assume that more is always better, right? It is like Windows users thinking if they install two antivirus tools, they will be safer — not knowing that running two such tools […] More
Anna Moneymaker/Getty Images If you’re a T-Mobile user (or were in 2021), a check might arrive in your mailbox soon. In 2021, the mobile carrier suffered a massive data breach that affected around 76 million customers (this isn’t related to the 2023 breach that affected 37 million people). T-Mobile denied any wrongdoing but agreed to settle […] More
Elyse Betters Picaro / ZDNETHave you ever run into trouble trying to boot up your Windows PC? Boot-up errors are among the most challenging to troubleshoot and fix. Now, Microsoft is launching a new tool that will step in when your computer refuses to boot properly.Also: Microsoft just blocked this popular Windows 11 local account trick – but workarounds remainKnown as Quick Machine Recovery, or QMR, this feature is ready for testing in the latest Windows 11 Insider build. Though Microsoft touts it as a tool for IT administrators, it is also available for home use, where it is turned on by default. How it worksThe Windows Recovery Environment, or WinRE, is a dedicated recovery partition on your computer that attempts to repair boot-up problems. Normally, you might have to trigger WinRE manually, but with QMR, the process is designed to be more automatic. When a critical boot-up problem occurs, your PC will enter WinRE mode, connect to your network, and then send diagnostic data to Microsoft. Based on that data, a specific fix for the issue is sent to your PC via Windows Update. If the fix is successful, your PC should then be able to boot without further trouble. Also: 6 things I always do after setting up Windows 11 – and why you should tooOne key benefit is that the recovery process is designed to run automatically and even remotely. In an organization, IT administrators can send targeted fixes to problematic PCs without requiring physical access. For a home user, the fixes are managed by Microsoft. In either scenario, you do not have to spend time manually diagnosing or trying to resolve the glitch. QMR is part of the Windows Resiliency Initiative that Microsoft announced last November at Ignite 2024. The company is asking IT staffers and other Windows Insiders to start testing the new feature and provide their feedback through the Feedback Hub built into Windows. Insiders should also expect a test remediation package over the next few days, which will let them see how QMR performs. More
Signal / Elyse Betters Picaro / ZDNETPrivacy is no longer just a buzzword — it’s entrenched in the ethos of society. But when it comes to getting serious about privacy, the big question is whether consumers are ready to switch from what they currently use to a more private option.And, boy, are there options. Pick up a stone and toss it in a pond filled with apps and services, and you will almost certainly hit one that promises privacy, security, and (sometimes) anonymity for your communication needs. Also: 9 ways to delete yourself from the internet (and hide your identity online)But which of those choices are best suited to your needs? Only you can answer that question, but it would be nice to have a more limited selection to choose from. Let me curate that list for you and offer a few options that I believe are the most viable. Sound good? Also: The best secure browsers for privacyLet’s switch this conversation to a more private channel. Privacy and security tipsBefore I get into that, here are a few tips that can help improve your privacy and security when using communication apps: Use pseudonyms or anonymous usernamesUse a VPNOnly use apps or services that employ end-to-end encryptionEmploy random and secure email address generatorsNever use public Wi-Fi when communicatingLimit device usage for prolonged periodsRegularly back up data in secure locationsNever install or use an unfamiliar communication app that has few or no reviewsUse multi-factor authenticationNever leave your phone, laptop, or tablet unattended in publicAlways use strong passwords generated by random generators found in password managers like BitwardenUse a passkey when availableRegularly clear the cache of your chosen appNever open links sent from unknown sourcesAlso: The best VPN services: Expert testedWith that out of the way, let’s get to the list. More
Boris Zhitkov/Gatty Images You are one data breach away from your entire online life being turned upside down. The problem is our reliance on passwords, which are hopelessly fragile ways to secure valuable resources. Don’t be lulled into a false sense of security by believing that creating a longer, more complex, harder-to-guess password will somehow make […] More
style-photography/Getty Images When I grew up, we didn’t have smart devices. TVs, bulbs, and even telephones were simple analog devices. If you’d told my grandmother that she had to update her TV or lightbulb, she’d have thought you were asking to buy a new, replacement device — not download a software update. But today, almost […] More
ZDNETWhen you think of phishing emails, you probably think of the crude, grammatically flawed, easy-to-spot samples that go straight to your junk folder.I regret to inform you that those weak “spray and pray” campaigns are yesterday’s news. The crooks haven’t gotten smarter, but their tools have. Also: These phishing attacks are targeting Mac browsers – how to protect yourselfWith the help of generative AI, online scammers have become dramatically better at crafting and delivering phishing emails that look and sound convincing. Last year, a group of high-powered security researchers found that AI-based phishing tools have reduced the cost of these attacks by more than 95% — while making them brutally effective. One study showed that 60% of respondents fell victim to these automated attacks. Those tools can help a crook create hyper-targeted, meticulously personalized attacks that can be surprisingly difficult to spot, especially if you’re tired or distracted. Also: The top 10 brands exploited in phishing attacks – and how to protect yourselfEven certified security experts can be sucker-punched. Just ask Troy Hunt, creator of the “Have I Been Pwned” site. He was fooled by a sophisticated attacker who stole his Mailchimp mailing list. Listen to his explanation of what happened. Firstly, I’ve received a gazillion similar phishes before that I’ve identified early, so what was different about this one? Tiredness was a major factor. I wasn’t alert enough, and I didn’t properly think through what I was doing. The attacker had no way of knowing that (I don’t have any reason to suspect this was targeted specifically at me), but we all have moments of weakness, and if the phish times just perfectly with that, well, here we are. Secondly, reading it again now, that’s a very well-crafted phish. It socially engineered me into believing I wouldn’t be able to send out my newsletter, so it triggered “fear,” but it wasn’t all bells and whistles about something terrible happening if I didn’t take immediate action. It created just the right amount of urgency without being over the top. What to do if you click a phishing link So, what should you do if you click on one of those links and then discover, to your dismay, that it’s a fake site designed to capture your information? Maybe you realized that almost immediately because something seemed not quite right. Or maybe you’ve already entered some sensitive information. In either case, here’s what to do next. 1. Stop typing! If you haven’t yet entered any information, close the browser tab or mobile app immediately and consider clearing your cache to eliminate the possibility that the site was able to implant some tracking information. 2. When in doubt, disconnect If you’re concerned that the site might be more than a garden-variety phishing attempt and that it might be trying to install a remote access tool or another form of malware, disconnect from the network. You can turn on airplane mode on a mobile device or laptop; if you have a wired connection, unplug the Ethernet adapter. Or just press the power button to shut down while you figure out your next steps. 3. If this is a work device, call your IT department Let them know what happened so they can check any necessary logs and begin looking for suspicious activity. Be honest. The more information you provide, the more likely they will be able to detect any intrusion and mitigate any damage. 4. Reset your password(s) and turn on 2FA If you gave the attackers your username and password for an account, you need to change that password as soon as possible, before they have a chance to lock you out. If you entered an email address, phone number, or other personal information that an attacker could use to pose as you, consider securing any accounts that are tied to that information. Create new, strong, unique passwords for those accounts. If you haven’t enabled multi-factor authentication (also known as 2-factor authentication or 2FA), do that now, especially for critical accounts. Also: Got a suspicious E-ZPass text? Don’t click the link (and what to do if you already did)If possible, do this cleanup work on a different PC, Mac, or mobile device than the one where you were phished, to avoid the possibility that the device has been compromised. 5. Scan for malware If this is a Windows device, run a full antivirus scan on the affected device to determine whether any malicious software was installed. If possible, use an offline scanner like the Emsisoft Emergency Kit More
PM Images/Getty Images I have given hundreds of cybersecurity-related webcasts and presentations, written hundreds of cybersecurity-related articles, and been involved in hundreds of one-on-one cybersecurity-related meetings with clients. Someone will always respond, comment, or protest that their business is too small for a hacker’s attention. Small target illusion But none of these folks understand the […] More
