Starting with the iPhone 6, Apple made it possible to charge it from 0 to 100% almost twice as fast. These handy tips can help you supercharge your iPhone from 0-10% in just five minutes.

TURN ON FLIGHT MODE

Switch your phone to flight mode while it’s charging and you’ll find that the power bar creeps up that little bit faster. In this mode, your phone can’t connect to Wi-Fi or mobile networks, so your battery usage will decrease and your device will power up faster. This option can be found in your phone’s settings menu, or by swiping up from the bottom of your home screen.

TURN ON LOW-POWER MODE

Activate low power mode by delving into the battery option under the settings menu and your screen’s energy consumption will decrease drastically. This mode will also shut down any background functions chewing through your power supply, meaning your phone will store more juice while plugged in.

TURN OFF PUSH NOTIFICATIONS

Push notifications are the little icons and messages which your phone displays on its lock screen whenever you get a text or an update. Switching these off while you’re plugged in will help to keep power to a minimum, preventing your phone screen from flashing up and eating power.

USE AN OPTIMUM CHARGER

The best kind of charging device for speed is an iPad wall charger, which can transfer more amps of electricity per second than any of the others. That means it's more efficient than a charger plugged into a computer, or an iPhone charger plugged into the mains. (It's worth nothing that only the iPhone 6 and newer models are capable of accepting 2.1 amps per second, which is the amount the iPhone wall charger provides).

LEAVE YOUR PHONE ALONE

And that includes turning it on to check the time. The more you turn on the phone's display, the more battery it uses up, which makes sense really.

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cyber security threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Other cyberattacks, such as the two breaches that Yahoo announced in 2016, have eclipsed the penetration at Equifax in sheer size, but the Equifax attack is worse in terms of severity. Thieves were able to siphon far more personal information — the keys that unlock consumers’ medical histories, bank accounts and employee accounts.

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner.

An F.B.I. spokesperson said the agency was aware of the breach and was tracking the situation.

Last year, identity thieves successfully made off with critical W-2 tax and salary data from an Equifax website. And earlier this year, thieves again stole W-2 tax data from an Equifax subsidiary, TALX, which provides online payroll, tax and human resources services to some of the nation’s largest corporations.

People can go to the Equifax website to see if their information has been compromised. The site encourages customers to offer their last name and the last six digits of their Social Security number. When they do, however, they do not necessarily get confirmation about whether they were affected. Instead, the site provides an enrollment date for its protection service, and it may not start for several days.

The company also suggests getting a free copy of your credit report from the three major credit bureaus: Equifax, Experian and TransUnion. These are available at annualcreditreport.com. It also suggests contacting a law enforcement agency if you believe any stolen information has already been used in some way.

Equifax’s credit protection service, which is free for one year for consumers who enroll by Nov. 21, is available to everyone and not just the victims of the breach.

Equifax is offering consumers the ability to freeze their Equifax credit reports, said John Ulzheimer, a consumer credit expert who often does expert witness work for banks and credit unions and worked at Equifax in the 1990s. Thieves could have information stolen from Equifax and used it to open accounts with creditors that use Experian or TransUnion.

Governments regularly buy stolen personal information on the so-called Dark Web, security experts say. The black market sites where this information is sold are far more exclusive than black markets where stolen credit card data is sold. Interested buyers are even asked to submit to background checks before they are admitted.

“Cyberwar is in large part conducted through data mining and cyberintelligence,” Ms. Litan said. “This is also a Homeland Security risk as enemy nation states build databases of Americans that they then use to get to their targets, for example a network operator at a power grid, or a defense contractor at a missile defense company.”

Here is what you need to know about the breach -- and how to protect yourself.

Last week, Selena Gomez's Instagram account was taken over by hackers who posted to its feed explicit photographs of the singer's ex-boyfriend, Justin Bieber. Gomez regained control of her account (which is the most followed account on the platform, with over 125 million followers) and the offending photos were erased, but the incident foreshadowed soon-to-appear much wider-spread problems.

Several days ago, Instagram announced that it had fixed a vulnerability that had apparently previously allowed unauthorized parties to obtain the email addresses and phone numbers associated with Instagram accounts, even when such information was supposed to be private and inaccessible to parties other than respective account owners. Armed with the pilfered information, criminals could potentially have attempted to trigger and intercept password reset messages or to phish or otherwise social engineer Instagram users -- which may explain how Gomez's account was breached.

Before the bug was fixed by Instagram, a hacker, or group of hackers, apparently stole a significant amount of data that he/she/they are now offering for sale online at a price of $10 per record (payable in Bitcoin, naturally), terming the searchable database of pilfered Instagram information "Doxagram." The Daily Beast claims to have verified some of the data supplied by the hacker/s as authentic.

The party responsible for Doxagram says that it amassed data from over six million users. Of course, Instagram has over 700 million active monthly users, so six million is fewer than 1 percent of the total Instagram userbase -- but, it still represents many potentially unhappy people.

Among the accounts whose data was stolen were reportedly those of Kim Kardashian, Leonardo DiCaprio, Beyoncé, Taylor Swift, and even the White House.

Doxagram has had periodic outages as various service providers take steps to take it down, but it appears to be accessible at the present time via the Tor network. Earlier today the person or people behind Doxagram appeared to be tweeting using the Twitter handle @doxagram_insta; Twitter has since suspended that account. Ironically, shortly before the Doxagram account was shut off, its operator tweeted a reminder for anyone using the system to purchase stolen data to "Please keep your login information safe. Use a strong password. We can't do anything if your credit gets used by someone else." Yes. That would be hackers advising people buying stolen information how not to become victims of hackers.

Follow the Steps Below to Protect your Instagram Account.

1. Use multifactor authentication.

2. Use a unique, strong password. For advice on how to select a strong, easy-to-remember password, please see my article "How to Create Strong Passwords That You Can Easily Remember."

3. Keep your Instagram app up to date.

4. As Instagram has advised, "Be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails." Do not respond to emails or texts asking you to reset passwords or the like. Never click links in emails or text messages to access Instagram; instead, access the social network via the app or by typing https://instagram.com into a web browser.

5. If you ever receive an Instagram password reset email and you did not request a password reset, contact Instagram. To do so tap the "..." menu from your profile, select "Report a Problem," and then select "Spam or Abuse."

Source: INC.com

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The Food and Drug Administration revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem. The pacemaker's manufacturer, Abbott, said there were a further 280,000 devices elsewhere.

The flaws could theoretically be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbott earlier this year. Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment. The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes.

Pacemakers manufactured after 28 August will come with the new firmware pre-installed. "As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past. Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users. "If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec. "[St Jude's] apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation. However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

Source: BBC

Each month, Nebula Consulting posts vulnerability notes from CERT’s vulnerability database. Check back often for updates! 03 Aug 2017 - VU#824672 - Microsoft Windows automatically executes code specified in shortcut (LNK) files.

Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Clicking on a LNK or file has essentially the same outcome as clicking on the file that is specified as the shortcut target. For example, clicking a shortcut to calc.exe will launch calc.exe, and clicking a shortcut to readme.txt will open readme.txtwith the associated application for handling text files.

Microsoft Windows fails to safely obtain icons for shortcut files. When Windows displays Control Panel items, it will initialize each object for the purpose of providing dynamic icon functionality. This means that a Control Panel applet will execute code when the icon is displayed in Windows. Through use of a shortcut file, an attacker can specify a malicious DLL that is to be processed within the context of the Windows Control Panel, which will result in arbitrary code execution. The specified code may reside on a USB drive, local or remote filesystem, a CD-ROM, or other locations. Viewing the location of a shortcut file with Windows Explorer is sufficient to trigger the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well.

By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device.

Solution: Apply an update. This issue is addressed in the Microsoft Update for CVE-2017-8464.

29 Aug 2017 - VU#403768 - Akeo Consulting Rufus fails to update itself securely

Akeo Consulting Rufus fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code on a vulnerable system.

Akeo Consulting Rufus 2.16 retrieves updates over HTTP. While Rufus does attempt to perform some basic signature checking of downloaded updates, it does not ensure that the update was signed by a trusted certificate authority (CA). This lack of CA checking allows the use of a self-signed certificate. Because of these two weaknesses, an attacker can subvert the update process to achieve arbitrary code execution.

An attacker on the same network as, or who can otherwise affect network traffic from, a Rufus user can cause the Rufus update process to execute arbitrary code.

Solution: This issue is addressed in Rufus 2.17.1187.