FixMeStick’s Weekly Cybersecurity Round-Up: Mar 2nd – 8th

Hello to all of our FixMeFans and StartMeStars! It’s time for the weekly roundup, which involves a lot of security vulnerabilities that may impact your security and privacy, and even some tech-scammers receiving some justice. Although it’s nothing along the lines of foreign countries hacking our systems, it’s always a good idea to stay informed, as you never know how you may be impacted.

Android users beware: the March security update bulletin for Android has just arrived, and it comes with some crucial news regarding a recent vulnerability. The vulnerability (CVE-2020-0069) has the potential to affect millions of users, and is actively being exploited by hackers. 

While Google has since confirmed that the vulnerability has been patched in Android’s most recent update, the vulnerability has otherwise remained active since as early as April 2019, with many malicious apps taking advantage of the vulnerability in order to exploit users.

If you’ve recently updated your Android, you can mark yourself safe from the vulnerability – however it’s important to note that many devices still remain unpatched, and Android often will slowly release the necessary patches as time goes by.

For those of you using older Androids, it may take a while for the update to go through, though you can still check this guide to make sure you’re doing all you can to protect your device!

In a similar vein, Microsoft has been experiencing some issues of their own lately. Essentially, users who end up visiting Microsoft’s websites may actually be on a sub-domain controlled by a hacker. While Microsoft has been urging extreme caution while browsing their websites, it is still likely that you may be duped. 

News about the exploit came from Numan Ozdemir and Ozan Agdepe of Vullnerability.com, who reported that hackers can take advantage of these sub-domains, using them to steal user information, even going as far as stealing usernames and passwords.

When it comes to sub-domains being taken over, unfortunately there is little users can do to protect themselves – the most necessary step is simply being cautious and checking the web domains for Microsoft sites you visit. Luckily there have been little reports from users being actively exploited

You can read up more on the issue here.

In more lighthearted news, a cybercrime vigilante has recently been reverse-hacking tech-support scammers to reveal footage of the scammers as they exploited their victims with bogus phone calls.

Under the alias Jim Browning, this cyber crusader has been uploading videos to his YouTube Channel, where he exposes how different crimes work and identifying the individuals responsible for them. 

Many of the scams involve individuals from overseas who will pose as large companies such as Microsoft, Apple, or Amazon. They’ll often try to gain remote access to your computer in hopes of stealing information, or installing malicious software – the goal is always get some sort of money from their victims.

Recently, in a successful reverse hack, Browning was able to hack into the cameras inside and outside the facility of one scam campaign, effectively accessing over 70,000 recordings of phone calls. 

In addition to posting the eye-opening videos to YouTube, Browning reports his findings to local police forces, making sure that the cyber criminals are brought to justice, slowly but surely. 

While Microsoft has shut down several scams, it seems like there is no sign of them slowing down. The best course of action is to be vigilant regarding the types of phone calls and emails you receive, making sure you stay on top of your cyber security.

Here are 6 signs you may be speaking with a tech support scam.

That’s it for this week! With Daylight Savings happening this past weekend, we’ll be getting some more sunlight in the days to come. With that being said, we hope that everyone is staying up to date on their cyber security needs!