- 35
- 87 650
Kathy Zant
United States
Registrace 30. 07. 2006
I help businesses and people get secured and thrive. I am a content creator bringing you security news as it happens, tutorials to get more out of technology, and marketing how-tos that help you grow your business.
The Social Security Breach: What to Watch For
In this episode, we look at a data breach by National Public Data that has exposed millions of Social Security numbers and personal information. Learn what happened, how your data might be affected, and how you can safeguard yourself against identity theft and sophisticated phishing attacks.
Read the article at Bleeping Computer:
www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/
Check on your own data to see if your PII (personally identifiable information) was exposed.
npd.pentester.com/
If you're an agency building sites for others, check out MonsterSecure.
monstersecure.com/
00:00 Introduction to the Social Security Number Breach
05:55 Implications of the Breach
06:31 Protecting Yourself from Fraud
07:30 Phishing Attempts and How to Handle Them
09:22 Verifying Fraudulent Activity
11:36 Checking Your Data and Conclusion
12:38 WordCamp US
12:58 MonsterSecure
===========================
Sign up at Proton Mail for secure mail:
zant.fyi/Proton
Remember to set up 2-factor authentication using a reputable 2FA application!
And never give your 2FA code to anyone over the phone, text, etc.
===========================
Get the WordPress Security Mini-Course:
zant.fyi/mini-course-yt
===========================
Connect with me!
===========================
Tik Tok: ➡︎ / kathyzant
X: ➡︎ x.com/@kathyzant
Instagram: ➡︎ / kathyzant
Facebook: ➡︎ / kathyzant
LinkedIn: ➡︎ / kathyzant
Website: ➡︎ zant.com/
#breach #securitybreach #informationsecurity
Read the article at Bleeping Computer:
www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/
Check on your own data to see if your PII (personally identifiable information) was exposed.
npd.pentester.com/
If you're an agency building sites for others, check out MonsterSecure.
monstersecure.com/
00:00 Introduction to the Social Security Number Breach
05:55 Implications of the Breach
06:31 Protecting Yourself from Fraud
07:30 Phishing Attempts and How to Handle Them
09:22 Verifying Fraudulent Activity
11:36 Checking Your Data and Conclusion
12:38 WordCamp US
12:58 MonsterSecure
===========================
Sign up at Proton Mail for secure mail:
zant.fyi/Proton
Remember to set up 2-factor authentication using a reputable 2FA application!
And never give your 2FA code to anyone over the phone, text, etc.
===========================
Get the WordPress Security Mini-Course:
zant.fyi/mini-course-yt
===========================
Connect with me!
===========================
Tik Tok: ➡︎ / kathyzant
X: ➡︎ x.com/@kathyzant
Instagram: ➡︎ / kathyzant
Facebook: ➡︎ / kathyzant
LinkedIn: ➡︎ / kathyzant
Website: ➡︎ zant.com/
#breach #securitybreach #informationsecurity
zhlédnutí: 121
Video
When Software Updates Go Wrong
zhlédnutí 170Před měsícem
The recent Crowdstrike outage got me thinking: how could a simple update-gone-bad affect so many computers worldwide, bringing travel, healthcare and so much more to a standstill? What lessons can we learn from this outage to prepare for the future? For those of us who run WordPress websites, there is even more to consider when it comes to software updates. We've now got autoupdates available i...
The Cellular Network is Way Too Easy to Hack
zhlédnutí 532Před 3 měsíci
If you use a smartphone, you are using an insecure network. No matter what you do, you cannot escape this insecure network because it is the underlying network that powers all of our telephone communications. Known as Signaling System 7 (SS7), this network has been in use since 1975. SS7 is used to set up and tear down telephone calls in most parts of the worldwide public switched telephone net...
How Hackers Get 2FA Codes
zhlédnutí 1,8KPřed 3 měsíci
The good news is that more people are using two-factor authentication (2FA) to protect their online accounts. The bad news is that many people are unaware that 2FA codes should only be used when logging in, and malicious actors are tricking people into giving up their 2FA codes in malicious campaigns using phone calls and text messages. As a reminder, 2FA codes are only used as a second factor ...
Sophisticated Phishing Attacks Outsmarting Savvy Users
zhlédnutí 1,6KPřed 4 měsíci
A recent attack targeting LastPass users used email, SMS, and voice calls to trick targets into divulging their password vault master passwords. A deeper look at these attacks shows how sophisticated phishing kits have become. Not only are attackers using phishing via email, but they're also corroborating false information with phone calls and text messages. Lookout, a data-centric cloud securi...
Instantly Reinvent Your Life at Any Age
zhlédnutí 201Před 4 měsíci
Everywhere I look, people are talking about reinventing themselves. Folks are starting new diets, new habits, and adopting healthier routines. Many people are moving, leaving stagnant jobs and relationships, and starting new careers. All of these reinventions are exciting and probably scary. I started thinking about my own life and the reinventions I’ve undergone. From leaving marketing jobs an...
Exposed: Facebook's Secret VPN Surveillance
zhlédnutí 883Před 4 měsíci
Imagine this: Facebook, the social media giant, was caught spying on users of its own VPN service. The VPN, called Onavo, was used to gather competitive intelligence about how users interacted with Snapchat, CZcams, and Amazon. It's no longer available, but the question remains: how can we protect ourselves from such unethical practices? Are there any reputable VPN services out there, or can we...
MFA bomb attackers target Apple accounts
zhlédnutí 523Před 4 měsíci
Attackers are targeting Apple users with multi-factor authentication (MFA) bombing attacks. In these attacks, multiple password reset messages are sent to Apple iPhones, Mac computers, and Apple Watches asking to approve password resets, rendering the devices useless during the attack. Victims run the risk of clicking "allow" just to re-access their devices or inadvertently clicking "allow" whe...
Malware affecting 39,000 sites evades detection
zhlédnutí 166Před 5 měsíci
Sign1 malware has been infecting WordPress sites over the last 6 months and is relatively sophisticated in its techniques in evading detection by site owners and malware scanners. Discovered by security firm Sucuri, this malware only shows to users that come with a referrer from a major site (Google search engine results, Facebook, Instagram, or Yahoo) and sets a cookie once its shown to a site...
The Most Important Concept in WordPress Security
zhlédnutí 61Před 5 měsíci
The best security starts with education. I'm excited to announce that I'm launching a series of security courses for content creators and publishers using WordPress. I won't stop there; I'm also working on courses for practical security. There are plenty of security products and tools available to help you secure your digital life. But if you're unsure how to use those tools, you're not getting...
Using 1 Email Address is Making You Vulnerable
zhlédnutí 139Před 5 měsíci
With concerns about SIM swapping attacks, brute force attacks, and more, we must stop using a singular email address for everything. Do you want some random marketer using the same email address that you use for your bank? What happens when a lazy website owner doesn't secure their site and your personally identifiable information is breached? Your usernames, passwords, email addresses, and mor...
10 WordPress security mistakes you're probably making
zhlédnutí 1,2KPřed 6 měsíci
You can get the WordPress security checklist that can help you identify weaknesses in your WP installation before hackers find vulnerabilities to exploit. I recommend that you perform an audit on your WordPress site every 3 months. Some common issues I find during audits: - forgotten backups left in publicly accessible areas - usernames of contractors that are no longer working on the site - un...
Info Stealers: The Latest Threat to Your Assets
zhlédnutí 807Před 7 měsíci
Info Stealers: The Latest Threat to Your Assets
How hackers use info-stealers to take over WordPress sites (and what you can do about it)
zhlédnutí 522Před 10 měsíci
How hackers use info-stealers to take over WordPress sites (and what you can do about it)
SIM Swap Attacks More Common: How to Protect Yourself
zhlédnutí 14KPřed 11 měsíci
SIM Swap Attacks More Common: How to Protect Yourself
LastPass Password Vaults Exposed, Crooks Cracking Them
zhlédnutí 769Před 11 měsíci
LastPass Password Vaults Exposed, Crooks Cracking Them
Chrome browser extensions stealing passwords
zhlédnutí 345Před rokem
Chrome browser extensions stealing passwords
Hacks Affecting Amazon, LinkedIn, Meta & Gmail
zhlédnutí 177Před rokem
Hacks Affecting Amazon, LinkedIn, Meta & Gmail
Build Landing Pages with Kadence Blocks
zhlédnutí 1,6KPřed rokem
Build Landing Pages with Kadence Blocks
The New Way to Build with WordPress: Gutenberg, Blocks and of course Kadence
zhlédnutí 1,5KPřed rokem
The New Way to Build with WordPress: Gutenberg, Blocks and of course Kadence
Phishing Google Ad Targets Bitwarden & 1Password
zhlédnutí 731Před rokem
Phishing Google Ad Targets Bitwarden & 1Password
More Password Manager Headaches: New Vulnerabilities & Breaches
zhlédnutí 2,1KPřed rokem
More Password Manager Headaches: New Vulnerabilities & Breaches
I'm Moving to NordPass: Modern Encryption, Privacy and Preparing for Passkeys
zhlédnutí 6KPřed rokem
I'm Moving to NordPass: Modern Encryption, Privacy and Preparing for Passkeys
New Information on the LastPass Breach Shows We Have Little Time
zhlédnutí 30KPřed rokem
New Information on the LastPass Breach Shows We Have Little Time
The LastPass Hack Has Gotten Worse: What to Do to Protect Yourself
zhlédnutí 16KPřed rokem
The LastPass Hack Has Gotten Worse: What to Do to Protect Yourself
Overcoming Adversity: Keeping Yourself Together When Everything Falls Apart
zhlédnutí 136Před rokem
Overcoming Adversity: Keeping Yourself Together When Everything Falls Apart
WordCamp Rochester 2020 Keynote: Thriving in Uncertain Times
zhlédnutí 6Před 2 lety
WordCamp Rochester 2020 Keynote: Thriving in Uncertain Times
Sharing this!
Thanks, Christy! I hope it's helpful.
Thank you!
Thanks for watching!
Will the +word method only work with gmail? I have a Yahoo account.
Hi Kathy Zant, your speech is very interesting and relevant, in my update routines, i don't use auto-update, i always leave it disabled in order to have the least downtime in relation to the maintenance screen, and if necessary, new code break something, i believe this works better than auto-update, which does not take away the importance of automatic updates. It turns out that my routines are manual and monthly, consequently i have a better check of what is going into the update, perhaps the preciousness and bureaucracy seem like obstacles, but they contribute to a solid application. keep bringing these discussions. Thanks.
Glad to hear your experience is similar, and great insight about having a better understanding of your updates when you're doing them as attended updates. That's a great point! I'll keep the discussions coming! Thanks for watching.
Wow, WordPress auto-updates have saved me so much time and hassle for the sites I maintain. Now I'm rethinking my strategy. Thanks so much for this.
❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤
Thanks for the great information and advice, Kathy, on SIM Swapping and I have just subscribed to your channel. Just have a question. I'm an old timer and have been using PC online banking since the inception way back when. Since the beginning of Social media and mobile banking I have refused to use both, therefore I have very little on line personal info out there. I don't store any passwords on my phone and only use my phone mainly for texting and browsing. I know boring. I emailed my bank and they don't use a security key method as 2 factor authentication method but I think I will buy a security key for the other sites that allow it. I have setup a second email account for my financial stuff as a precaution as my main gmail account has been breached. So my question is, will I still be some what vulnerable to SIM swapping? Also if I sign into my bank, on my PC, and my code gets sent to SMS text can the jerks get into my account? Thanks and have a great day.
do you recommend cloaked wireless for cell service?
I am liking what I am seeing. They definitely understand the problem. Doing some research now, but they're saying all of the right things.
Good advice! I use Bricks and love it. I always update.
happened to me once, I got it resolved but it was a pain in the arse calling tech support that also has no idea of what to do.
Cloaked Wireless is the only real protection against SIM swap attacks. They prevent staff from modifying accounts. Only the customer can do that.
No banks in Canada use authenticator apps or devices like YubiKey. People have been losing money from scams, and while the banks make a big deal on their sites about backing your online accounts 100%, tons of news stories showing they don't.
As a middle aged engineer with a child on the spectrum, what do you see as the benefits of getting oneself tested at this point in life?
Isn’t that why we encrypt iMessage has been using Ecc to encrypt for years now 🤷♂️
What? Very few people use there phones for text and pots calls. You seriously think that the general public doesn't know about chat and voice apps??😂😂😂😂😂😂
SS7 is the network underneath all phone systems. It has been used to hack WhatsApp, Telegram, steal SMS 2FA codes. Are you paying attention?
Use the best VPN for securing your communications, Private Internet Access: zant.fyi/piavpn (Affiliate Link)
I repair computers for a living and you would be amazed about how naive 90% of people are regarding internet security. I'm almost 60, but I've been a computer geek for 50 years. Most people in my approximate age bracket are particularly trusting (gullible), especially since these new fangled abominations called smart phones and devices came out (LOL). On PCs, the biggest problem with my customers is that I can't get them to stop clicking on links in phishing emails.
Some people are so damn simple….
I bet they're super interested in that attachment they get from some random email address, too. 😬 I had a family member tell me that it was a "special award" and yeah. Gullible indeed. Thanks for watching, Walter. If there's ever any content I can create to help your clients become more aware, please let me know.
@@KathyZant The worst are the ones that are near perfect copies of emails from whatever bank the person uses. They click on the link and it takes them to a fake replica of their bank's website. Soon as they put in their user name and password, they're toast. 2FA can help, but too many money or transaction websites don't have this on by default.
Thought i was gonna see a channel with 10k + subscribers and hella views. This is some profesional video production.
Thanks so much for the kind comment! I've had some experience building content for others; this has been more of a side hobby.
Unfortunately xfinity does verify your identity with an sms code read over the phone. Very poor practice I noticed while dealing with them recently. Certain messages say not to share the code, and the ones they ask for don’t say that.
Wow, that's bad form. Thanks for sharing that, good for people to be aware.
Thanks to Microsoft for their ridiculous URLs people are so used to constantly typing microsoft credentials in these random (legitimate) hard to read URLs, it makes it hard for average users to discern. Thanks MS..
MS security concerns are the gifts that keep on giving. 😩
Use temp email to give out. Use virtual machines
Sandboxing (so far) is a safe way to open risky attachments or other files. Virustotal is good at eliminating potential threats. One antivirus can fail spotting malware, but over 70 different vendors have better chance against malware.
Hmmm if they click on anyhing sent to them out of blue, even if a follow up, they aren't that savvy then. Always don't trust any links in mobile media where you cannot hover over them or inspect the link in detail independently. This is why I hate smartphones as supposed computers. You have your hands tied in some aspects as an average user. All that advice for the use on PC doesn't quite work in mobile devices. Always search the website of the company and log into it by yourself. Just beware of sponsored links. Those might be phishing sites, too.
This phishing campaign definitely targets the limited mobile experience. And yes, ads can be malicious, too. Good advice.
@@KathyZant There was a warning somewhere, when people look for a contact number to call usual companies, they just search it and use anything that appears in the first searches, the company name and their number, not knowing they can be fraudulent pages pushed to the top by skilled scammers. Always look for a proper website and use their proper number under 'about us' section.