Beautiful illustrations.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
EDITED TO ADD (6/4): Slashdot thread.
The all in one place for non-profit security aid.
Beautiful illustrations.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
EDITED TO ADD (6/4): Slashdot thread.
My child had her data stolen—here’s how to protect your kids from identity theft
Recently, I received a letter in the mail from a company about a data breach.
The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled (what we know as ransomware). The attacker had also accessed sensitive files and customer health data.
Sadly, this is a pretty normal occurrence these days. However, this time it wasn’t my own data that was stolen. It was my 9-year-old’s health data, stemming from a breach at the medical company that provides her wheelchair.
She didn’t fill in her details to a phishing site. She didn’t download malware. She doesn’t even have an email account. Yet her data had already been stolen.
The data included her name, date of birth, Social Security Number, medical documentation, insurance information, and more.
And this isn’t the first time. She’d actually already had her data stolen three times before her 10th birthday.
There isn’t anything we could have done differently in this situation. If you don’t use a service anymore, you can ask the organization to delete your personal information. However, in the case of medical companies—who have access to your most sensitive data—you can’t easily change providers, and they often need to store your data for longer for compliance reasons.
However, there are things you can do to prevent identity theft happening in general, some even after your kids’ data has been taken in a breach like this.
Freeze your child’s credit report: You need to do this at all three major credit bureaus (Equifax, Experian, and Transunion), and it’s free to do. Freezing restricts access to your child’s credit report, and means fraudsters cannot use your child’s identity to get credit.
Use fake data wherever you can: In some places, like medical facilities, you do need to use your child’s real data. But whenever you’re signing up for something less official, try using dummy data.
Review privacy settings on apps your kids use: Keep things as private as you can. For example, don’t use their photo for profile pictures, remove statuses that let others know when they’re online, set as much as possible to “private,” and give the least amount of personally identifiable information (eg. home address, phone number, etc) as you can.
Squat on their digital assets: Buy their domain name, create emails for them, and sign up for key platforms. Then lock all these accounts down with strong, unique passwords and two-factor authentication, and set them to private or inactive.
Keep your devices updated and use security software: Infostealers are a type of malware that steal data from your device. This data can then be sold on the dark web to identity thieves.
Talk to your kids about digital safety: Make sure they know how to set strong passwords, what dangers to look out for online, and how to stay safe.
Set up identity monitoring: This alerts you if you or your family’s information is being traded online, and helps you recover afterwards.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Google Manifest V3 and Malwarebytes Browser Guard
We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected.
Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, there’s no need for you to worry: You’ll continue to get the same Browser Guard protection and experience, we’ve just had to make some adjustments in how we build the extension.
Today, we brought out the new version of Browser Guard which addresses Google’s changes. If you want to read more of the technical details then you can do so below, or you can head straight over to the Chrome or Edge stores now to update.
A similar change in Firefox is coming soon and we’ll let you know when it’s ready.
For those not familiar with the terms, Google’s Manifest V2 and V3 are the “rules” that browser extension developers are required to follow if they want their extensions to get accepted into the Chrome Web Extension Store.
Google says Manifest V3 was brought in to improve the security, privacy, performance, and trustworthiness of the extension ecosystem, while still protecting existing functionality.
The phasing out of Manifest V2 began at the end of May, and the Chrome Web Store no longer accepts Manifest V2 extensions, although browsers can still use them for the time being.
One of the new changes that impacts Browser Guard and many other ad (and malicious content) blockers is that extensions will be limited in the number of rules they can include. That’s a problem because ad blockers historically rely on a large number of rules.
Cybercriminals have the habit of setting up new domains by the dozen, and, generally speaking, each blocked domain or subdomain requires one rule. So if ad blockers want to keep up, they too have to continuously create new rules.
Google has made some compromises after objections were raised when the company first announced Manifest V3, but there are still limitations which have an effect.
The new limitations of Manifest V3 meant we had to develop a different way to block content for our users that use Chromium based browsers like Google Chrome and Microsoft Edge.
The new Browser Guard uses a mix of static and dynamic rules to protect our users.
Static rules are rules that are contained in the ruleset files which can be seen as block lists. These files are shipped with each version release.
Dynamic rules are rules that can be added and removed at runtime. Chrome allows up to 30,000 dynamic rules. Browser Guard uses dynamic rules for two purposes:
Session rules are dynamic rules that can be added and removed at runtime, but they are session-scoped and are cleared when the browser shuts down and when a new version of the browser is installed.
Dynamic rules can be used to store allow lists, user blocked content, and general rules that block more than one domain. Take, for example, the IP address of a server that is known to host nothing but phishing sites.
To deal with urgent situations we can use ruleset overrides, which are a mechanism by which we can override the static rules shipped with Browser Guard without requiring our users to add exclusions.
Your version of Browser Guard will be automatically updated to the latest version, but if you want to get it now you can do so for Chrome or Edge.
Thanks for continuing to choose Malwarebytes to protect you.