The Identity Theft Resource Center announced the latest version of its free mobile app was made available in the Google Play and Apple stores. The ID Theft Help app is funded by a grant from the Department of Justice Office for Victims of Crime and offers assistance to both victims of identity theft and consumers who want to protect their identity. “The ITRC’s ID Theft Help app gives users access to this help, as well as a wealth of resources to protect themselves from identity theft, all in a convenient platform.”

New features include interactive quizzes to assist consumers in recognizing their level of risk of identity theft and push notifications. Notifications will inform consumers of risks to their personal information, such as scams and data breaches, as well as reminders for easy solutions to minimize.

The app continues to offer resources for users at no cost, including direct access to victim advisors to guide the consumer through assessing his/her risk of identity theft and personalized assistance to mitigate cases of identity theft. It also includes a case-log feature which provides identity theft victims with up-to-date contact information for financial institutions, government agencies and law enforcement and an exportable document of all actions taken to resolve any potential identity theft.

The ITRC’s ID Theft Help app can be downloaded, free of charge, from the Apple Store and Google Play. More information about the app and its development can be found by visiting the ITRC’s website.

If you own a smartphone or tablet, you’ve probably downloaded a few apps over the years. The apps that power our devices make them unique to our needs, meaning it’s possible that no two mobile devices are actually the same. You might not know that you can do something similar with your computer’s internet browser, too. By downloading “add-ons” or “extensions” from within the browser’s settings, you can customize your browsing experience. Much like many apps, outside companies develop the extensions for us to use, and unfortunately (much like apps), some of those extensions can contain flawed, harmful, or even malicious code.

Security researchers at ICEBRG just discovered four extensions for Google Chrome, the world’s most widely used browser, that contain just such harmful contents. The four extensions, HTTP Request Header, Nyoogle, Stickies, and Lite Bookmarks, have been downloaded by users around the world as many as 500,000 times.

On its own, HTTP Request Header isn’t all that malicious, but in combination with any of the others, it is. The researchers who uncovered this issue on one of their customer’s workstations have determined that the purpose of the code was to launch a “click fraud” campaign, although it was far more capable of causing harm than that. The same mode of attack could have been used to root around in the infected computer to glean information from websites the user visits.

A click fraud campaign “earns” money for the malicious developer by redirecting your internet use through sites that pay them for advertising. It’s a way to fudge the numbers and make advertisers think more people saw their product than actually did, while they make money for every person they brought there without their knowledge.

Chrome is considered one of the world’s most secure web browsers, largely due to the fact that the company is often on top of these security issues. Also, the browser is well-known for its “sandboxing” capabilities, meaning security threats can’t get into the “sandbox” surrounding your internet activity and take hold. That doesn’t apply to extensions, though, and this marks the third massive Chrome extension threat in about six months.

Google has already removed these extensions from its third-party catalog, but it should serve as a warning to users to be very wary of the apps, add-ons, and extensions they download and install, especially if they were created by third parties.

The IRS is warning employers again about W-2 phishing scams that increase during tax season, according to attorneys at Jackson Lewis. Scammers often target HR or accounting employees, sending them emails that appear to be from high-level company executives and that request W-2 forms and other information. Scammers who successfully spoof executives' email addresses and ensnare employees can access vital information on workers, including names, birth dates and Social Security numbers. Some use the information to file fake tax returns and receive refunds; others sell the information to identity thieves, the firm explains.

Jackson Lewis says that while employers can implement a number of tech-based security measures, teaching employees how to spot and avoid the scams is the best defense. Moreover, this should be accomplished before W-2 forms are generated.

HR departments are favorite targets of scammers because of the massive amount of personal and financial information they maintain. W-2s, in particular, are goldmines for scammers.

Spoofing is dangerous because it can trick even the most observant and cautious end-users. A successful spoofing attack can lead someone to download an infected file or click on a bad link with ransomware, a virus that encrypts a computer's files. Hackers, then, make money by quite literally ransoming the data back to the company.

After the massive breaches that occurred earlier this year, businesses must be better prepared to handle cybersecurity risks. According to a MediPro study, 70% of employees don't know how to prevent a workplace breach. Bad cyber practices remain a top threat to organizations.

Employers can lower their cyber risks by teaching employees how to take precautions against hackers and phishers; they also can invest in training for IT staff to help them instruct employees in cyber safety. Offering identity theft coverage is another preventive measure; a recent study shows that 68% of HR managers say this coverage as a vital benefit.

Imagine you’re watching TV or browsing the web and an unexpected visitor knocks on your door. Wouldn’t it be nice if you could see who it is just by looking at your phone? Or imagine you’re at work and a delivery man comes with a sensitive package. Wouldn’t it be great if you could speak directly to them and give instructions over the phone? What if your doorbell could log all the times someone came to visit?

If these features seem like the perfect mix of practical and futuristic, perhaps you should consider installing a smart doorbell in your home.

What Is a Smart Doorbell?

When we talk about electronic devices, a “smart” device is any device that can connect to the internet that normally wouldn’t be able to. For example, a “smartphone” is an internet-capable phone and a “smart TV” is an internet-capable TV.

A smart doorbell is the exact same thing: an internet-capable doorbell. Most smart doorbells are easy and quick to install, and come with built-in cameras, speakers, and microphones.

There’s no learning curve for your visitors. All they have to do is press a button the same way they would any other doorbell. When they do, you receive an alert on your phone. You can then see who it is (using the camera) and even communicate with them (using the speakers and microphone).

The main benefit is convenience. Being able to answer the door from anywhere is huge! Not to mention the peace of mind that it brings. In the case of a suspicious visitor, you can see who they are without going near the door and can maybe even record their identity.

And when combined with a smart door lock, you can grant entry to visitors who stop by while you aren’t home.

Top Smart Doorbells on the Market

The market for smart doorbells is still relatively young — it’s only been around for a few years. In other words, while you can expect these products to work well enough, just be aware that manufacturers are still working out some kinks and evolving their functionality.

1. Ring

https://youtu.be/vl8sZI5AH4g

The Ring Wi-Fi Video Doorbell is  the most popular smart doorbell currently on the market, and for good reason. It’s a bit on the expensive side at $170, but it offers all the important features: visitor alerts, motion sensors, night vision, live HD video, and two-way communication.

The 180-degree camera has a 720p resolution. The motion sensor is extremely useful for notification of shady visitors who might be scoping out your house. And the night vision quality is surprisingly good. One more thing to note: it’s robust and weather resistant.

As of this writing, a newer version called the Ring Wi-Fi Video Doorbell 2 is available with 1080p video and a rechargeable battery pack. But it costs a bit more at $200, and is currently out of stock for at least a few months. Something to consider if you’re willing to wait.

Alternatively, you might want to save up a bit more and get the Ring Video Doorbell Pro for $250. It’s expensive, but has the ability to automatically record footage when the motion sensor is triggered. Furthermore, the 1080p camera has a wider angle for greater coverage.

2. SkyBell HD

https://youtu.be/oFNENHGF5uk

The SkyBell HD Video Doorbell is the second most popular option. It offers a ton of excellent features, including a 1080p camera with a considerable amount of zoom, and only costs $160 (unless you opt for the bronze variety at $250).

This doorbell has sharp night vision, two-way communication, motion sensors, and on-demand viewing so you can tune in to the camera whenever you want, even when nobody has rung the doorbell.

But perhaps most important? It looks unremarkable, like any regular doorbell, and thus doesn’t draw undue attention to itself. The only downside is that the video can be a bit blurry at times, especially at night, and the motion sensor can be too sensitive to movement.

3. VueBell

The VueBell Video Doorbell is the least-known option in this article, partly because it’s new and partly because the company is based out of Asia. Despite how new it is on the market, you’ll be hard-pressed to find a better-quality smart doorbell at this price.

For just $110, you get a 720p camera with a 185-degree field of view, which counts as a wide angle. It has two-way communication, passable night vision, motion sensors, and the ability to take a snapshot whenever the motion sensor is triggered or somebody rings the doorbell.

While the aesthetics are sleek, it does look a bit futuristic and thus sticks out like a sore thumb. It may not complement your home’s appearance.

4. August Doorbell Cam

https://youtu.be/aiv8tLCix9U

August is best known for its smart door lock, so it makes sense to offer a smart doorbell alongside it. Unfortunately, the reception for August’s door lock has been polarized, and much more so for the love-it-or-hate-it August Doorbell Cam.

Not that the smart doorbell is bad. The device is fine in terms of features: two-way communication, HD camera with a resolution slightly bigger than 720p, motion sensors and alerts, and recording of missed visitors. The performance of these features is also good.

Unfortunately, the software can be somewhat buggy at times, and you may experience lag depending on the age and specs of your smartphone. The doorbell’s square shape is also a point of contention for users. But overall, it’s a strong choice that you’ll most likely be satisfied with.

5. Zmodo Greet

https://youtu.be/Lbmcf9iAFLs

The Zmodo Greet Video Doorbell is the absolute cheapest you’ll want to go as far as smart doorbells are concerned. Its $80 price tag might still be a bit much, but go any lower and you’ll have to sacrifice build quality, reliability, available features, or image and sound quality.

In addition to a 720p camera, night vision, and two-way communication, the Zmodo model has motion sensors that can send alerts and record footage when triggered. If you aren’t at home and don’t want to communicate directly, it can play a personalized voice message for visitors.

Which Smart Doorbell Is Right for You?

If money is no concern, go with one of the Ring models. If money is your greatest concern, go with the Zmodo. But if you’re willing to take a risk and you want the best bang for your buck, go with the VueBell.

The very concept of a smart doorbell is silly to some, but the convenience factor is off the charts. Once you can answer your door from halfway across the world, you’ll never want to go back. It’s one of several smart home features worth the cost.

So much for a new year meaning a fresh start. 2017 brought us security vulnerabilities such as WannaCry ransomware and the Equifax hack, but things haven’t got much better at the beginning of 2018. We had only just finished welcoming in the new year when the next security bombshell hit the headlines. And it wasn’t only one flaw, but two. Nicknamed Meltdown and Spectre, the vulnerabilities originate from computer microprocessors. In terms of severity and number of people potentially affected, experts have likened them to 2014’s Heartbleed bug.

The bugs can attack all desktop operating systems, but in this article, we’re only going to focus on Windows. Let’s take a closer look at how the vulnerabilities work and how you can tell whether they have affected you.

Meltdown and Spectre: A Closer Look

Before we explain how to detect the two bugs on your own system, let’s take a moment to fully understand what the two vulnerabilities are and how they work.

The same group of security researchers were responsible for finding both the problems. At an elementary level, they are flaws in processor architecture (i.e. the transistors, logic units, and other tiny components that work together to make a processor function).

The flaw allows a would-be hacker to expose almost any data that a computer processes. That includes passwords, encrypted messages, personal information, and anything else you can think of.

Meltdown only affects Intel processors. Worryingly, the bug has been present since 2011. It uses part of the out-of-order execution (OOOE) process to change the cache state of a CPU. It can then dump the contents of the memory when it usually would be inaccessible.

Spectre can attack Intel, AMD, and ARM processors, and can thus also affect phones, tablets, and smart devices. It uses a processor’s speculative execution and branch prediction in conjunction with cache attacks to trick apps into revealing information that should be hidden within the protected memory area.

Spectre attacks need to be customized on a machine-by-machine basis, meaning they are harder to execute. However, because it’s based on an established practice in the industry, it’s also harder to fix.

Is Your Windows 10 PC Affected by Meltdown?

Thankfully, Microsoft has published a handy PowerShell script that you can run on your system. Follow the steps below and you can install and activate an additional module on your system. The results will indicate whether you need to take further steps.

First, run PowerShell as an administrator: press Windows key + Q or open the Start Menu, type PowerShell, right-click the first result (Windows PowerShell, desktop app) and select Run as administrator.

After PowerShell has loaded, follow these steps to find out whether your PC is affected by Meltdown. Note that you can copy-and-paste commands into PowerShell.

• Enter Install-Module SpeculationControl and press Enter to run the command.
• Confirm the NuGet provider prompt by entering a Y for Yes and hitting Enter.
• Do the same for the Untrusted repository prompt.
• Next, type Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser and press Enter
• When the installation has completed, type Import-Module SpeculationControl and press Enter.
• Finally, type Get-SpeculationControlSettings and hit Enter.

After you have run these commands, check the output result for the results — it will be either True or False.

If you see only True messages, congratulations, you are protected and don’t need to take any further action. If a False pops up, your system is vulnerable, and you need to take further action. Be sure to note the suggested actions shown in the results. As shown in the screenshot above, our test computer requires a BIOS/firmware update and yet has to install a patch provided through Windows Update.

How Can You Protect Yourself Against Meltdown?

To the company’s credit, Microsoft originally moved quickly to issue a patch for Meltdown. You can find it through the Windows Update tool (Settings > Update & Security > Windows Update > Check of updates). You need to download and install patch KB4056892 for Windows build 16299.

Troublingly, the patch is incompatible with some antivirus suites. It only works if your security software’s ISV has updated the ALLOW REGKEY in the Windows registry.

You should also update your browser. Google has patched Meltdown in Chrome 64 and Mozilla has updated Firefox in version 57 (Quantum). Microsoft has even patched the latest version of Edge. Check with your browser’s developer if you use a non-mainstream app.

Lastly, you need to update your system’s BIOS and firmware. Some computer manufacturers include an app within Windows so you can quickly check for such updates. If your PC manufacturer didn’t supply one, or if you deleted it, you should be able to find updates on the company’s website.

How Can You Protect Yourself Against Spectre?

Meltdown is the more immediate threat and is the easier of the two bugs for hackers to exploit. However, Spectre is harder to remedy.

Because of the way Spectre works, fixing it will require companies to completely redesign the way they build processors. That process could take years, and it could be decades until the current iteration of processors is entirely out of circulation.

But that doesn’t mean Intel hasn’t tried to offer its customers ways to protect themselves. Unfortunately, the response has been a shambles.

In mid-January, Intel released a Spectre patch. Immediately, Windows users started complaining that the patch was buggy; it was forcing their computers to randomly reboot at unexpected times. Intel’s response was to release a second patch. It didn’t fix the issue; the reboot problems continued.

At this point, millions of users have installed the patch. Intel told customers not to download either patch until it could fix the issue. But there was a problem for Windows users. The Intel patch was being delivered through the Windows Update app. Users continued to unwittingly install it; after all, we all know how opaque the current Windows update process is.

While random reboots are certainly annoying, the most worrying part of the buggy patch was the potential for data loss. In Intel’s own words, “It caused higher than expected reboots and other unpredictable system behavior […] which may result in data loss or corruption.”

Fast-forward to the end of January, and Microsoft was forced to step in. The company took a highly unusual step. It issued an out-of-band emergency security update for Windows 7, 8.1, and 10 that completely disables Intel’s patch.

How to Install the Microsoft Fix

Unfortunately, the new patch will not be available through the Windows Update app. You will have to install it manually.

To begin, head to the Microsoft Update Catalog. You need to find Update for Windows (KB4078130). When you’re ready, click on Download.

Next, click on the [string of text].EXE file.

The file is tiny and will only take a couple of seconds to download. When the download has finished, double-click on the EXE file and follow the on-screen instructions.

So, what about the future? If you’ve been following along, you’ll have realized that affected users are back to where they started: exposed and unprotected.

Hopefully, Intel will release a more successful patch in the coming weeks. In the meantime, you’ll have to sit tight.

Do Meltdown and Spectre Worry You?

It’s understandable to feel worried. After all, our computers quite literally hold the keys to our lives.

But it’s also important to take solace from the facts. You are highly unlikely to be the victim of a Spectre attack. The time and effort a hacker needs to put in for an unspecified return make you an unattractive proposition.

And the big tech companies have known about the two issues since the middle of 2017. They’ve had plenty of time to prepare patches and respond in the best way they are able.