News - IT and Cybersecurity Insights

Must-Read

Technology

Tips

Cybersecurity

your wi-fi might be hosting strangers without your knowledge.

July 26, 2025

•

20 min read

🚪Who Left the Digital Front Door Open?

Your Wi-Fi might be hosting strangers — without your knowledge.

Smart TVs, smart fridges, even coffee makers — today’s homes are filled with internet-connected devices. But more devices mean more opportunities for digital stowaways to sneak in unnoticed. If your internet feels sluggish or something just seems…off, your network may have an uninvited guest.

Why Home Wi-Fi Needs More Than Just a Password

A poorly secured network isn’t just a bandwidth thief’s dream — it’s a liability. Unauthorized users can:

Access shared folders or devices
Spy on your activity
Use your IP address for illegal downloads, putting you at legal risk

Think about it: your Wi-Fi is the gateway to your entire digital life. Would you leave your front door unlocked at night?

Signs Someone’s Leeching Your Wi-Fi

Your internet is slow even when nobody’s using it
Devices on your network behave strangely (lights turn on, speakers make sounds)
You see unfamiliar device names in your network menu
Your router lights flicker non-stop

Even older routers have tools to detect connected devices. Just log into your router (usually at 192.168.0.1 or 192.168.1.1), and look for a “Connected Devices” or “Network Overview” section. Write down the MAC addresses of your devices so you can spot anything unusual.

Kick Out the Wi-Fi Moochers

Found a suspicious device? Here’s what to do:

Verify it – Some device names can be cryptic. Disconnect all known devices temporarily and check what’s still online.
Block it – Use your router’s “MAC Filter” or “Parental Control” features to ban unknown devices.
Change your Wi-Fi password – Immediately. Only share it with trusted users.
Use WPA2 or WPA3 encryption with a 12+ character password including symbols, numbers, and upper/lowercase letters.

Tools like Fing, WiFiman, or your router’s official app can help you monitor devices in real time.

🔐Want full control over your network?

Ask me for a mesh Wi-Fi system recommendation. I’ll help you find an affordable, high-speed option that gives you visibility and control over every single connected device.

====================================

70% of all cyber attacks target small businesses, I can help protect yours.

#HomeSecurity #WiFiHacks #NetworkSafety #CyberSecurityTips #ManagedITServices

Cybersecurity

News

Technology

NYC Schools take a bold step to reclaim student focus.

July 25, 2025

•

20 min read

🔕The Bell Rings, The Phones Go Silent

NYC Schools take a bold step to reclaim student focus.

Starting this school year, personal smartphones, smartwatches, and tablets will no longer be welcome in NYC public school classrooms. The city’s Department of Education has officially adopted a statewide cellphone ban aimed at eliminating digital distractions and improving students’ mental health and academic performance.

One Giant Leap for Learning — Or Is It?

Mayor Eric Adams and Schools Chancellor Melissa Aviles-Ramos announced the sweeping changes alongside $25 million in funding to support implementation across 1,600 schools. Under the new policy, students can use devices during travel but must power them down once on school grounds, with exceptions for medical needs. Schools must also provide secure storage and a method for parents to contact their children in emergencies.

But Here’s the Catch

Today’s kids live in group chats. Whether it’s WhatsApp, iMessage, or Discord, this is how they coordinate plans, stay connected, and build their social identity. Removing access during the school day could help curb distractions — but it may also intensify anxiety over missing out, deepen social divides, and encourage stealthier device usage.

For Schools and SMBs, This Is Just the Beginning

If you think this policy only affects public schools, think again. The ripple effects will be felt across:

Private and charter schools, which will face pressure to adopt similar bans
Healthcare clinics, where pediatric professionals will need to address withdrawal and anxiety
Law firms, as parents seek legal guidance on school policies and custody-based digital decisions
Small businesses supporting schools (like after-school programs or tech vendors) who’ll need to adapt

From a cybersecurity standpoint, this is a wake-up call. Now more than ever, schools need device management, network segmentation, and robust incident response plans. The fewer devices in the classroom, the higher the temptation for students to exploit unsecured IoT endpoints or discover workarounds. And that makes layered security non-negotiable.

====================================

70% of all cyber attacks target small businesses, I can help protect yours.

#EducationTechnology #CybersecurityAwareness #NYCSchools #DeviceManagement #K12IT

Must-Read

Tips

News

Technology

New research reveals chilling truths about kids and smartphones.

July 25, 2025

•

20 min read

📱Too Young to Scroll, Too Old to Cry

New research reveals chilling truths about kids and smartphones.

A global study spanning 2 million participants in 163 countries has found that giving children smartphones before age 13 significantly harms their mental health — with long-term effects on emotional regulation, self-worth, and even suicidal ideation. The younger the age of first smartphone use, the worse the outcomes.

A Digital Dilemma for Families and Schools

While this might seem like a parenting issue, it’s a growing cybersecurity concern for schools, pediatric clinics, and even small law firms. Why? Because these same kids often use school devices, connect to networks at educational institutions, and are vulnerable entry points for phishing scams, social engineering, and cyberbullying. In healthcare and legal settings, client data isn’t just at risk from outside attackers — it can be compromised by a curious or careless teen using a connected device.

The Human Firewall Is Weakest When It’s Still Growing

Parents feel trapped between social pressure and safety. Many report letting kids on smartphones early to help them “fit in” — but regret it after seeing changes in behavior, sleep, and emotional stability. Even “well-adjusted” kids show signs of anxiety, withdrawal, and digital dependency.

And here lies the real paradox: Group chats on apps like WhatsApp and iMessage are now the primary way kids socialize. Excluding a child from smartphone use often means excluding them from friend groups altogether. Birthday plans, after-school hangouts, even study sessions — they all happen in digital spaces that don’t accommodate flip phones or “wait-until-8th-grade” pledges.

So how do you protect a child’s mental health without socially isolating them? That’s the impossible equation today’s parents are being forced to solve.

SMBs Must Step Up — Not Step Back

This isn’t just about parenting. It’s about policy. Whether you’re a school, pediatric practice, or a law firm handling sensitive family court data — if minors access your Wi-Fi, borrow work-issued tablets, or hop onto Zoom from home, you must have a layered security plan that includes:

Strict parental controls or guest VLANs
Mobile device management (MDM) for school- or clinic-issued tech
Zero-trust access for remote and hybrid learners or staff

Cybersecurity is no longer just a tech issue. It’s a people issue — and our youngest users are the most exploitable.

====================================

70% of all cyber attacks target small businesses, I can help protect yours.

#CybersecurityAwareness #ManagedITServices #DigitalWellness #ParentingTech #SmallBusinessSecurity

Must-Read

Tips

Technology

How to Stop Hertz’s AI Scanners from Charging You Hundreds for Minor Scrapes

July 23, 2025

•

20 min read

How to Stop Hertz’s AI Scanners from Charging You Hundreds for Minor Scrapes

And why every traveler should know this before their next rental

Artificial intelligence is changing the way we drive — and now, it’s changing the way we return rental cars. But not all change is good.

Hertz has quietly rolled out AI-powered vehicle scanners at several major U.S. airports, and customers are sounding the alarm. These scanners are flagging renters for microscopic scrapes and dings that most humans wouldn’t even notice — and charging hundreds of dollars in fees.

🚨 What’s Really Happening?

Hertz is partnering with a company called UVeye, whose scanners act like an “MRI for cars.” As you return your vehicle, it drives through a scanner tunnel that captures high-resolution images of:

Hairline scratches
Tiny windshield chips
Minor tire wear
Underbody scuffs
Quarter-inch door dings

These are the types of things that were never noticed (or billed) before. Historically, high-turnover airport rental centers focused on cleaning and flipping cars quickly — not arguing over a scuff on the wheel well.

But now, the AI sees everything. And it never forgets.

💸 The Charges Are Real — And Growing

Examples of recent customer charges include:

$440 for a 1-inch wheel scuff
$265 for a faint scratch on the trunk
$125 “processing fee” + $65 “administrative fee” — even if no repair occurs

Worse yet, if you dispute the charge, you’ll often miss the “early payment discount window,” meaning you get hit with higher fees just for asking questions.

According to internal numbers, Hertz’s AI system is billing out nearly 5x more customers than before.

🛑 Why You Should Be Concerned

This isn’t about fairness — it’s about profit.

AI damage detection has turned into a new revenue stream for rental companies. And once you’re in the system, challenging a false damage claim is an uphill battle. Many customers feel helpless, pressured, or confused.

And this tech isn’t staying with Hertz.

Other rental giants are expected to follow suit by 2026 — turning airport rentals into a minefield for unsuspecting travelers.

✅ How to Protect Yourself from AI Damage Charges

Here are six clear steps to protect yourself before you drive off the lot:

Avoid AI-Enabled Locations

For now, only select airports use UVeye scanners. Known locations include:

Atlanta (ATL)
Newark (EWR)
Houston (IAH)
Phoenix (PHX)
Charlotte (CLT)
Tampa (TPA)

Call the rental desk in advance to ask if UVeye scanners are in use. If yes, consider booking at an off-airport location instead — you’ll often save on fees anyway.

Take 30-60 Seconds for a Full Video Walk-Around

Before leaving the lot:

Record a 360° video, including wheels, bumper, roof, and windshield
Narrate the date, time, and rental location in the video
Don’t forget undercarriage areas and door edges

A timestamped video is your best defense against false claims.

Take Close-Up Photos of Any Pre-Existing Damage

If you see anything even remotely suspicious:

Document it with close-up, high-res photos
Email the photos to yourself and the rental company as a record

Better safe than sorry.

Ask for a Pre-Return Inspection (If Available)

At some locations, you can request an in-person walk-around before returning the vehicle. Do this in daylight hours, if possible, and get any comments in writing or on video.

Avoid Late-Night or After-Hours Drop-Offs

When you return a car outside of business hours, there’s no one to verify the condition. That gives AI a free pass to flag you for anything it wants — with zero human review.

Use a Credit Card That Offers Rental Protection

Some premium cards offer coverage against damage claims. But be sure to decline the rental company’s CDW (collision damage waiver) to activate this benefit. Always check your card’s policy before traveling.

Dispute Unfair Charges Promptly — and Strategically

If you receive a damage bill:

Request timestamped evidence and repair invoices
Push back on vague or bundled charges (like “processing fees”)
File complaints with your credit card provider, BBB, and state attorney general if necessary

The Bottom Line

This isn’t about avoiding responsibility for damage. It’s about fighting back against predatory automation.

AI should help travelers, not hunt them. And until there’s real oversight or consumer protection, it’s up to you to stay vigilant.

Take 2 minutes before your next rental to document the car — it might save you hundreds later.

Must-Read

Cybersecurity

Tips

Technology

Firewalls Alone Won’t Save You

July 22, 2025

•

20 min read

Firewalls Alone Won’t Save You

Why SMBs Need Layered Security and MSP Management—Now More Than Ever

For years, many small businesses assumed that installing a basic firewall was enough to keep them safe from cyber threats. That illusion is costing companies their reputations—and their survival. A firewall is a good start, but today’s threat landscape demands far more.

If you’re a business owner relying solely on a firewall, you’re essentially locking your front door while leaving your windows wide open.

The Data Doesn’t Lie

Over 70% of all cyberattacks target small and mid-sized businesses (SMBs)—not large corporations. Why? Because SMBs are perceived as low-hanging fruit: under-protected, under-funded, and unaware.

According to IBM, the average cost of a data breach for an SMB is $3.31 million. Nearly 60% of small businesses close their doors within 6 months of a cyberattack.

Still think that firewall is enough?

One Layer is No Layer

Let’s break down why a firewall alone is inadequate:

Firewalls can’t stop phishing attacks—the #1 way hackers infiltrate systems.
They don’t protect endpoints like laptops, phones, or remote users.
They don’t monitor behavior, detect ransomware, or block insider threats.
Firewalls don’t patch your systems or update outdated software.

Think of a firewall like a seatbelt. Would you drive a car with just a seatbelt and no brakes, no airbags, and no headlights? You need the whole system.

The Solution: Layered Security + Monthly MSP Management

Here’s what a modern SMB security stack should look like:

Next-Gen Firewall – Smart traffic filtering, geo-blocking, and intrusion prevention.
Endpoint Detection & Response (EDR) – Stops malware before it spreads.
Patch Management – Closes known vulnerabilities before hackers can exploit them.
Email Filtering – Catches phishing, spoofing, and malicious attachments.
Multi-Factor Authentication (MFA) – Blocks unauthorized access, even if passwords leak.
Data Backup & Disaster Recovery – Restores operations after an attack.
24/7 Monitoring & Response – So threats are caught and contained in real time.

This is where a Managed Service Provider (MSP) steps in. A qualified MSP doesn’t just install these tools—they manage, monitor, and optimize them continuously.

Cybersecurity isn’t a “set-it-and-forget-it” game. Threats evolve by the hour. Your defenses should too.

Real-World Examples

A Brooklyn law firm with only a firewall got hit with ransomware via a phishing email. Their firewall didn’t stop it. They paid $42,000 to recover their data.
A healthcare clinic ignored patch updates. A 3-year-old vulnerability was exploited, compromising patient records. Fines exceeded $100,000.
A construction company stored passwords in a spreadsheet. After a brute-force attack, their Office 365 accounts were hijacked—costing them a $250K wire fraud incident.

All of these were preventable with a layered approach and an MSP watching their backs.

Final Word

If you’re still relying on just a firewall, you’re not protected—you’re exposed. SMBs are no longer flying under the radar. Hackers are looking for businesses just like yours: unguarded and unaware.

Security isn’t about fear. It’s about resilience.

A layered defense with active management is not a luxury—it’s your lifeline.

70% of all cyber attacks target small businesses. I can help protect yours.

#Cybersecurity #MSP #SmallBusinessSecurity #EDR #RansomwareProtection

Technology

Must-Read

Cybersecurity

News

WhatsApp could be banned in Russia and replaced with MAX

July 22, 2025

•

20 min read

WhatsApp could be banned in Russia and replaced with MAX

Russia’s New Messaging App ‘MAX’ Sparks Global Surveillance Fears

State-run alternative to WhatsApp grants Kremlin deep access to user data

In an aggressive push toward “digital sovereignty,” Russian President Vladimir Putin has mandated that all government officials switch from WhatsApp to a new state-sponsored messaging platform called MAX by September 1, 2025. This dramatic pivot, widely seen as part of a broader attempt to sever ties with Western tech platforms, could have chilling implications far beyond Russia’s borders.

MAX: More Than Just a Messenger

According to reports from Pravda and Reuters, MAX is being developed by VK Company—the same firm that operates VK Video, Russia’s YouTube rival. Though framed as a secure government alternative to foreign apps like WhatsApp and Telegram, leaked technical descriptions of MAX suggest something far more invasive:

Full access to users’ microphones, cameras, contacts, geolocation, and files
Persistence: Cannot be turned off through standard OS controls
Root-level access and interaction with system JAR files
Automatic data transmission to VK-controlled servers, which are allegedly monitored by Russian intelligence services

In other words, MAX appears engineered not just for communication—but for comprehensive, state-run surveillance.

WhatsApp on the Way Out

This move isn’t just symbolic. WhatsApp is reportedly used by 68% of Russians daily, yet the Kremlin has begun preparing to ban it outright. Following Meta’s 2022 designation as an “extremist organization,” officials now claim WhatsApp represents a “national security threat.”

Russian lawmakers have also passed legislation allowing up to $63 fines for seeking out “extremist” content online—a term so broadly defined it encompasses not just banned apps like Facebook and Instagram, but also independent journalists and opposition groups.

Geopolitical Undercurrents and Tech Nationalism

Putin’s directive is part of a larger crackdown on Western platforms following Russia’s invasion of Ukraine. Facebook, Instagram, and Viber are already banned. YouTube’s reach in Russia has plummeted, reportedly due to intentional bandwidth throttling by state telecoms—daily users dropped from 40 million to under 10 million in a year.

Now, even Telegram, ironically developed by Russian-born entrepreneurs, is facing increased pressure. Despite its popularity and reputation for encrypted chats, Telegram is reportedly under review by Russian authorities to ensure compliance with new data localization and surveillance laws.

Why It Matters to the World

This isn’t just a domestic power play. MAX may be a blueprint for authoritarian tech strategies globally—where state-controlled apps replace private-sector platforms under the guise of sovereignty, but in reality enable unprecedented surveillance.

For organizations operating internationally—especially in adversarial regions—this development signals a new era of risk. Messaging platforms that seem benign could quickly become vectors for espionage, corporate surveillance, or even data hostage scenarios.

TL;DR: Russia’s new state-run chat app MAX grants authorities full access to user devices and will soon replace WhatsApp for all government communications. Critics warn it’s spyware disguised as infrastructure.

Technology

Cybersecurity

News

Tips

Networks Breached, Trust Obliterated

July 17, 2025

•

20 min read

Networks Breached, Trust Obliterated

‘All U.S. Forces Must Now Assume Their Networks Are Compromised’

Cybersecurity experts are sounding the alarm after Chinese-linked espionage group Salt Typhoon quietly infiltrated a U.S. National Guard network—laying low for nearly a year and exfiltrating sensitive data that could compromise national infrastructure.

A Silent Breach, a Loud Wake-Up Call

According to a declassified Department of Defense report—released after a FOIA request—the breach began in March 2024 and went undetected until December. In that time, Salt Typhoon reportedly accessed:

Network diagrams and admin credentials
Configuration files from critical infrastructure providers
Files tied to 70 government and infrastructure entities across 12 sectors

This includes sectors like energy, communications, wastewater, and transportation, raising red flags about follow-on attacks and cascading consequences.

The breach was so extensive that DoD officials warned all U.S. military forces to operate under the assumption their networks are compromised.

The Next Phase of Cyber Warfare Is Already Here

Salt Typhoon has already been linked to cyber intrusions at AT&T, Verizon, and even to intercepted conversations between top U.S. political officials. Their strategy is chilling: steal network configs, map targets, then breach them with surgical precision.

“This isn’t hypothetical,” said Gary Barlet, former CIO for the Air Force Ground Networks. “This is an active lateral threat with the capability to leap across systems and units. Breach containment is no longer optional—it’s a matter of national defense.”

What SMBs Must Learn from This

If elite U.S. military systems can be compromised, small and mid-sized businesses are even more vulnerable. Here’s what SMBs can do now to harden their defenses:

Embrace Zero Trust

Never trust, always verify. Enforce strict access controls, segment networks, and require identity verification at every access point.

Monitor for Lateral Movement

Use endpoint detection and response (EDR) solutions to catch attackers trying to move from one system to another inside your network.

Regularly Audit Config Files and Admin Credentials

Most attackers exploit misconfigured systems and exposed credentials. Conduct quarterly reviews, and rotate credentials routinely.

Prepare for Breach Containment

Assume compromise. Invest in containment solutions that limit blast radius if a breach occurs—like software-defined segmentation.

Train Your Teams

Employees are the first line of defense. Run phishing simulations, require cybersecurity training, and create a culture of caution.

The Bottom Line

Salt Typhoon didn’t just breach a single system—they exposed the fragility of an entire digital ecosystem. Their infiltration shows how vulnerable even hardened networks can be. For SMBs, the takeaway is clear:

You may not be a target because of who you are—but because of who you connect to.

70% of all cyber attacks target small businesses. I can help protect yours.

#cybersecurity #zerotrust #nationstates #SMBsecurity #databreach

Cybersecurity

Tips

Must-Read

AI Chatbots Are Luring Victims to Fake Bank Sites

July 16, 2025

•

20 min read

AI Chatbots Are Luring Victims to Fake Bank Sites

Hackers are exploiting AI to run smarter phishing scams—and you might already be a target.

What’s Happening?

AI chatbots are becoming the go-to method for online search, offering direct answers instead of endless links. But that convenience comes at a cost: many chatbot responses are wrong—and now hackers are exploiting those mistakes to launch phishing attacks.

When users ask AI tools like GPT-powered search engines where to log in to banking or tech services, they often return incorrect or unclaimed URLs. Hackers are purchasing those domains and setting up lookalike websites to steal credentials and personal data.

Real-World Example: Wells Fargo Phishing via AI

One user asked Perplexity AI for the Wells Fargo login. The top link? A fake phishing site hosted on Google Sites—designed to mimic the real thing. Though the actual site was listed further down, the damage was done. Users trust AI. And hackers know it.

Why Smaller Institutions Are More at Risk

Community banks, credit unions, and niche tech companies may not appear in AI training data. That leads chatbots to “hallucinate” plausible-sounding login pages—giving hackers an easy template to hijack trust and redirect users to fake login portals.

7 Ways to Stay Safe From AI-Generated Phishing

Never trust links from chatbots
Always manually enter URLs or use trusted bookmarks.
Scrutinize domain names
Look for misspellings or odd endings like .site, .info, or extra hyphens.
Enable 2FA
Use app-based authentication instead of SMS for stronger protection.
Avoid logging in via search or AI tools
Search engines and AI may show phishing sites—stick to direct URLs.
Report suspicious links
Most AI platforms accept feedback. Flag dangerous links to prevent future attacks.
Use modern browsers and antivirus
Enable browser protections and install strong antivirus tools across your devices.
Rely on a password manager
They won’t auto-fill on phishing sites and help detect lookalikes.

Final Thoughts

Hackers are no longer just gaming Google. They’re targeting AI itself—crafting attacks that exploit hallucinated content and user trust. Don’t treat AI-generated answers as gospel. Double-check everything.

70% of all cyber attacks target small businesses. I can help protect yours.

#AIsecurity #PhishingPrevention #ChatGPT #CyberAwareness #SMBsecurity

Technology

Cybersecurity

News

A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos

July 16, 2025

•

20 min read

Hack, Extort, Repeat

Ex-U.S. soldier pleads guilty to breaching AT&T, Verizon, and 10 telecom firms

A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos.

Cameron John Wagenius, a former U.S. Army soldier known online as “kiberphant0m,” pleaded guilty to a series of cybercrimes that compromised major telecoms and attempted extortion schemes targeting private companies.

The Department of Justice confirmed Tuesday that Wagenius orchestrated a coordinated brute-force campaign to steal login credentials from at least 10 victim companies, which he then sold or used to commit further fraud, including SIM-swapping attacks.

But it didn’t stop there.

BreachForums, Telegram, and Stolen Records

Wagenius and his associates used Telegram group chats to traffic credentials and plan attacks. They then threatened victims with public leaks—sometimes extorting them in full view of cybercriminal forums like BreachForums.

One particularly damaging breach involved AT&T and Verizon, where Wagenius obtained a large trove of call metadata and customer records, which he used and redistributed to other bad actors.

In some cases, the data was monetized directly. In others, it was weaponized in SIM-swap fraud, allowing attackers to hijack phone numbers and bypass 2FA to steal accounts and cryptocurrency.

The Snowflake Connection

The DOJ also linked Wagenius to earlier breaches tied to Snowflake, a major cloud computing firm that’s been under fire for lax security configurations exploited by threat actors.

The extent of the damage caused by Wagenius’s breaches is still under investigation, but authorities confirmed his actions endangered millions of customer records, and exposed telecom infrastructure to further risk.

Sentencing Looms

Wagenius is scheduled for sentencing on October 6, 2025, and faces up to 20 years in federal prison.

🔒 How SMBs Can Protect Against Insider Threats

Insider threats — whether malicious or accidental — are one of the most dangerous and overlooked risks in cybersecurity. Here’s how SMBs can take action:

Implement Role-Based Access Controls (RBAC): Limit access to sensitive data based on job function. Only give employees what they need — and nothing more.
Use Privileged Access Management (PAM): Track and audit what admins and power users are doing. Consider session recording for high-risk accounts.
Deploy Endpoint Monitoring Tools: Invest in behavioral monitoring to detect unusual file access, data exfiltration, or login anomalies in real time.
Enable MFA Everywhere: Enforce multi-factor authentication on all accounts, especially those with admin or financial access — and avoid SMS-based 2FA where possible.
Educate Employees Regularly: Provide security awareness training, especially about phishing, social engineering, and data handling protocols.
Conduct Regular Offboarding Reviews: Immediately revoke all access when employees leave. Conduct periodic reviews of account privileges and dormant users.
Create an Anonymous Whistleblower Channel: Encourage reporting of suspicious activity with a safe, internal escalation process.

70% of all cyber attacks target small businesses. I can help protect yours.

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

#InsiderThreats #Cybersecurity #SmallBusinessSecurity #MFA #PrivilegedAccessManagement