Login
Two-step verification, two-factor authentication, multi-factor authenticationβ¦whatever your social media platform calls it, itβs an excellent way to protect your accounts.
Thereβs a good chance youβre already using multi-factor verification with your other accounts β for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.
Itβs increasingly common to see nowadays, where all manner of online services only allow access to your accounts after youβve provided a one-time passcode sent to your email or smartphone. Thatβs where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.
Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:
Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the βeditorβs picksβ at your app store or in trusted tech publications.
Whichever form of authentication you use, always keep that secure code to yourself. Itβs yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.
Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. Youβll want a strong, unique password. Hereβs how that breaks down:
Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.
When you set up two-factor authentication on Facebook, youβll be asked to choose one of three security methods:
And hereβs a link to the companyβs full walkthrough: https://www.facebook.com/help/148233965247823
When you set up two-factor authentication on Instagram, youβll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.
And hereβs a link to the companyβs full walkthrough: https://help.instagram.com/566810106808145
And hereβs a link to the companyβs full walkthrough: https://faq.whatsapp.com/1920866721452534
And hereβs a link to the companyβs full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop
1. TapProfileat the bottom of the screen.
2. Tap theΒ MenuΒ button at the top.
3. TapΒ Settings and Privacy, then Security.
4. TapΒ 2-step verificationΒ and choose at least two verification methods: SMS (text), email, and authenticator app.
5. TapΒ Turn on to confirm.
And hereβs a link to the companyβs full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok
The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
The complete writeup is available. here
we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers.
Here is the list issues on previous approaches we tried to fix:
Microsoft: - Storage - Apps
Amazon: - Storage - Apps
Google: - Storage - Apps
DigitalOcean: - storage
Vultr: - Storage
Linode: - Storage
Alibaba: - Storage
1.0.0
Just download the latest release for your operation system and follow the usage.
To make the best use of this tool, you have to understand how to configure it correctly. When you open your downloaded version, there is a config folder, and there is a config.YAML file in there.
It looks like this
FreshRSS 
providers: ["amazon","alibaba","amazon","microsoft","digitalocean","linode","vultr","google"] # supported providers
environments: [ "test", "dev", "prod", "stage" , "staging" , "bak" ] # used for mutations
proxytype: "http" # socks5 / http
ipinfo: "" # IPINFO.io API KEY
For IPINFO API, you can register and get a free key at IPINFO, the environments used to generate URLs, such as test-keyword.target.region and test.keyword.target.region, etc.
We provided some wordlist out of the box, but it's better to customize and minimize your wordlists (based on your recon) before executing the tool.
After setting up your API key, you are ready to use CloudBrute.
ββββββββββ βββββββ βββ ββββββββββ βββββββ βββββββ βββ ββββββββββββββββββββ
βββββββββββ ββββββββββββ ββββββββββββββββββββββββββββββ ββββββββββββββββββββ
βββ βββ βββ ββββββ ββββββ ββββββββββββββββββββββ βββ βββ ββββββ
βββ βββ βββ ββββββ ββββββ ββββββββββββββββββββββ βββ βββ ββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββ ββββββββββββ βββ ββββββββ
βββββββββββββββ βββββββ βββββββ βββββββ βββββββ βββ βββ βββββββ βββ ββββββββ
V 1.0.7
usage: CloudBrute [-h|--help] -d|--domain "<value>" -k|--keyword "<value>"
-w|--wordlist "<value>" [-c|--cloud "<value>"] [-t|--threads
<integer>] [-T|--timeout <integer>] [-p|--proxy "<value>"]
[-a|--randomagent "<value>"] [-D|--debug] [-q|--quite]
[-m|--mode "<value>"] [-o|--output "<value>"]
[-C|--configFolder "<value>"]
Awesome Cloud Enumerator
Arguments:
-h --help Print help information
-d --domain domain
-k --keyword keyword used to generator urls
-w --wordlist path to wordlist
-c --cloud force a search, check config.yaml providers list
-t --threads number of threads. Default: 80
-T --timeout timeout per request in seconds. Default: 10
-p --proxy use proxy list
-a --randomagent user agent randomization
-D --debug show debug logs. Default: false
-q --quite suppress all output. Default: false
-m --mode storage or app. Default: storage
-o --output Output file. Default: out.txt
-C --configFolder Config path. Default: config
for example
CloudBrute -d target.com -k target -m storage -t 80 -T 10 -w "./data/storage_small.txt"
please note -k keyword used to generate URLs, so if you want the full domain to be part of mutation, you have used it for both domain (-d) and keyword (-k) arguments
If a cloud provider not detected or want force searching on a specific provider, you can use -c option.
CloudBrute -d target.com -k keyword -m storage -t 80 -T 10 -w -c amazon -o target_output.txt
Read the usage.
Make sure you read the usage correctly, and if you think you found a bug open an issue.
It's because you use public proxies, use private and higher quality proxies. You can use ProxyFor to verify the good proxies with your chosen provider.
change -T (timeout) option to get best results for your run.
Inspired by every single repo listed here .
There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access⦠Read more on Cisco Blogs
Join the guided tour outside the Security Operations Center, where weβll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco Sβ¦ Read more on Cisco Blogs
To know more about our Attack Surface Management platform, check out NVADR.
In a chilling echo of George Orwellβs dystopian novel 1984, itβs possible that Big Brother β or in this case, Big Hacker β might be surveilling you through your own television. Evidence is emerging that Smart TVs can be just as prone to hacking as home computers.
Security analysts Aaron Grattafiori and Josh Yavor from iSEC Partners have spent several months investigating this issue, working alongside Smart TV manufacturers to address potential vulnerabilities. They presented their findings at the recent Black Hat network security conference in Las Vegas. Their demonstration highlighted the worrying tendency of Smart TVs to pry into personal data, whether via web searches, app usage, or even physical surveillance through the built-in camera.
Despite their advanced technology, Smart TVs carry the same risks as their more primitive forebears. The primary culprit is the IP address, which allows these devices to connect with various web apps like Facebook, YouTube, and Skype. The issue is that these apps often run on the same code (such as Javascript or HTML5) as home computers or smartphones, making them susceptible to malware attacks when left unprotected.
While they might look like ordinary TVs, many Smart TVs bear a closer resemblance to laptops, incorporating internet-connected apps, video streaming services, microphones, and even internal cameras. Sure, these features enhance the viewing experience, but they can also present a clear and present danger to your privacy.
Malicious code can easily find its way into your TV through seemingly harmless chat messages or browser searches. Once itβs there, your television is open to several types of spyware. With the right code, a hacker could gain full control over your device, accessing your TVβs cameras and microphones. In essence, they could use your camera to spy on you, turning your own TV into a surveillance device.
Although manufacturers have issued fixes to reinforce the exposed code, no device is 100% secure. The scenario of hackers gaining control over a TVβs cameras and microphones is not just an invasion of privacy but can also lead to potential misuse of personal information. Itβs a stark reminder of the importance of protecting our digital presence and understanding the broader implications of IoT devices in our homes. As technology continues to advance, so too must our vigilance in guarding against these emerging threats.
Regular updates are crucial to maintaining the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so donβt let outdated apps provide them the perfect entry point. Ensure your apps are updated regularly to maintain your digital fortress.
β Dig Deeper: Why Software Updates Are So Important
Also, when it comes to Smart TVs, itβs best to use social media sparingly. Video-streaming platforms like Netflix pose less of a threat than social media sites, which are notorious hunting grounds for identity thieves. These criminals often bait their traps with fake offers and tailored βphishingβ messages. Whenever possible, restrict social media usage to devices (like your computer, smartphone or tablet) that have comprehensive security protection like McAfee LiveSafeβ’ service, which safeguards your devices, your identity, and your data.Β
β Dig Deeper: Could a Streaming Device Help Hackers Hijack Your TV?
In conclusion, while Smart TVs may be a little too clever for their own good, that doesnβt mean you canβt stay one step ahead. You just need to stay vigilant and informed about potential security threats, so you can enjoy the benefits of your Smart TV without worrying about privacy violations.
With an inbuilt camera and microphone, Smart TVs are capable of providing a stream of surreptitious surveillance data back to both manufacturers as well as potentially unscrupulous cyber criminals. With the right malware code, hackers can turn your TV into a spying device, watching your everyday activities and listening to your private conversations. This is not some fly-by-night conspiracy theory; it is a reality acknowledged by the top security researchers in the world.
It is not just your personal data that is at risk. Smart TVs, due to their inherent connectivity, can also serve as a gateway into your home network. Once hackers infiltrate your Smart TV, they can potentially gain access to your computer, tablet, or smartphone and the personal information within them. This could lead to serious breaches in financial and personal security, making Smart TV hacking a significant threat that should not be taken lightly.
β Dig Deeper: Are Smart TVs too smart for their own good?
If the thought of your living room turning into a hackerβs surveillance paradise sends a chill down your spine, youβre not alone. The good news is that there are measures you can take to safeguard your privacy and make your Smart TV safe. First and foremost, itβs important to regularly update your TVβs firmware. Manufacturers often release patches that can fix security vulnerabilities, so keeping your TV updated is a crucial step in maintaining your privacy.
Consider disabling certain features on your TV. For instance, if you never use your TVβs camera, it would be prudent to tape it up or disable it entirely in your TVβs settings. Likewise, if your TV has βvoice recognitionβ or βmotion controlβ features, disabling them might be a good idea, as they can potentially be used to spy on you. Remember: the fewer features you activate, the fewer opportunities hackers have to exploit your TV.
One of the best ways to protect yourself is to stay informed about the latest developments in Smart TV security. Attend webinars, read articles, and follow experts in the field to keep abreast of the latest security threats and fixes. By educating yourself, you can stay one step ahead of the hackers and keep your Smart TV safe.
Secondly, make sure to use secure, unique passwords for all of your apps and online accounts. Avoid using personal information that could be easily guessed, such as your name, date of birth, or common phrases. Instead, opt for a mixture of uppercase and lowercase letters, numbers, and special characters to create a strong password. Always remember, a strong password is your first line of defense against cyber attacks.
Today, in the age of hyper-connectivity, even our televisions arenβt just for watching shows anymore; they are portals to the internet, complete with all the associated risks and threats. While Smart TVs offer a myriad of exciting features and functionalities, they also present new avenues for hackers to invade our privacy. But by staying vigilant, regularly updating our devices, using strong passwords, and carefully managing our TVβs features, we can enjoy the benefits of Smart TVs while steering clear of the risks. So, is your Smart TV spying on you? With the right precautions, you can make sure the answer is a resounding βNoβ.
The post Is Your Smart TV Spying on You? appeared first on McAfee Blog.
