Category : E-Mail

Lets agree to not use Yahoo anymore

Yahoo Breach

A hacker responsible for breaches of both LinkedIn and MySpace, has reportedly stolen 200 million login credentials for Yahoo accounts.  The hacker goes by the name peace_of_mind and claims to have also stolen credentials for Tumblr as well.  He is selling the Yahoo information on the darknet in a marketplace called TheRealDeal, where for 3 bitcoins, or US $1,824 anyone can buy them. Motherboard reported that a Yahoo spokesperson told them that the company was aware of the credentials being stolen online, but did not confirm whether Yahoo itself had been hacked in order to obtain the login credentials.

In a statement to Motherboard Yahoo states,

“We are committed to protecting the security of our users’ information and we take any such claim very seriously,” a Yahoo spokesperson said. “Our security team is working to determine the facts.”

The biggest oddity of the news appears to be the credibility of the login credentials. Many of the accounts appear to be disabled or otherwise inactive when Motherboard attempted to test 100 of the posted email addresses, most came back “undeliverable”. When Motherboard contacted peace_of_mind  posting on TheRealDeal, he explained most of the stolen credentials were from 2012. Peace_of_mind has posted a sample of the stolen Yahoo database, including passwords and email addresses that have been hacked using the MD5 algorithm.

As many may remember, this is not the first time Yahoo has been put in a bad spot due to a security breach. In 2012 a breach exposed 453,000 passwords while in 2014 a breach involved what the company called a “coordinated effort” to gain access to Yahoo email accounts. In May of this year the United States House of Representative  blocked Yahoo access on it’s network due to concern that the company was a target for hackers. Rightfully so apparently.

The company told PCmag in a statement,

“[Yahoo] works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Regardless of whether or not Yahoo confirms the breach, users should most certainly change there credentials, and in my own opinion, jump ship to Gmail.

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com  www.pcworld.com

U.S. alone has lost $960 million to CEO Fraud

CEO Fraud

 

Over the past three years, victims in the United States alone have lost over $960 million to fraudulent email scams. That is nearly a billion dollars! Actually, closer to 3 billion, as FBI figures that include global data from international law enforcement and financial groups  show a loss totaling $3.1 billion. Even worse, if you think about the 22,143 victims, that is a pretty hefty chunk of cash demanded of each victim.

Scammers “pretend” to be a business executive at a firm, company, or trusted supplier, and easily fool members of the organization into thinking that the claims are legitimate. I use the word pretend loosely, as not much is needed for hackers to get into character and slide by any suspicion. By hacking into email accounts within an organization, scammers are able to gain control of email, and send off as many fake emails as they wish. The email may contain something mentioning a wire transfer of money. We call this type of cybercrime “CEO Fraud” and “The Supplier Swindle”.  This type of crime is not limiting to only internal email access, some hackers choose to create fake email accounts that may resemble those of the CEO or suppliers. In other cases scammers pretend to be lawyers that are handling confidential matters and therefore force the victim into giving up the cash. So far such scams have requested wire transfers to over 79 countries, and according to the FBI, mostly going to banks located in China and Hong Kong.

The FBI also noted that occasionally and without warning, hackers will follow up this CEO Fraud with an attack via ransomware. In these cases victims have received emails that contain links or attachments that when clicked, begin the installation of malware on the host. If opened, data becomes unavailable and the hacker has all the power until the ransom is met, if they even decide to let up once that ransom is met.

The FBI has provided a little insight into avoiding such attacks, letting us know that these scams are planned carefully and not every company is a target. Company employees are advised to be extra careful when posting to social media, or otherwise broadcasting information. As we have all heard before, spam should not be opened and any unfamiliar emails/attachments should not be opened. The FBI also warns that any and all wire transfers should be verified with phone calls between parties. Not a

There are ways to ward off the danger, although the advice doesn’t leave us feeling totally secure. The FBI said the scammers study their targets carefully, so company employees should be careful about what professional details they post to social media. Spam should never be opened, and any wire transfers should be verified with telephone calls between the subjects. It has been shown that at least 31 percent of the time the scammers use an account pretending to be the CEO, so keep that in mind.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Companies pay out billions to fake-CEO email scams

VMware takes on the big boys with Boxer app for AirWatch

VMware launched a new version of the Boxer iOS app earlier this month and its pretty awesome. The app is for companies using VMware to manage their employee’s mobile devices VMware Boxer is available for both AirWatch and Workspace One customers. The app includes some attractive features, not surprising as Boxer is intended to replace the preloaded Mail feature on the Apple iPhone and iPad.

screen-shot-2015-10-15-at-9-03-16-amThe new app allows for preference customization such as change of sound when new emails arrives. You can also take different actions by swiping email messages, and easily bulk edit messages. The app combines email and calendar taking away the need to navigate away from Boxer in order to see your calendar events. Similar to other applications put forth by Microsoft and Google in terms of functionality.

Boxer VMware will be made free for AirWatch users on the orange, blue and yellow plans. For those who have already committed their email needs to VMware, no need to worry. If you are one of the many that still want VMware purely for email management, VMware will release a special build on the app that will let consumers more more slowly and provide more time between updates. Most consumer and commercial users will be presented with rapid release updates as they are made available, but the extra feature for businesses that wish to update at a slower pace is an attractive option.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: VMware goes after Outlook with Boxer email app for Airwatch

 

Single sign-on for to the Cloud

Single sign-on for to the Cloud

Screen Shot 2014-10-28 at 12.30.04 PM

Have the ability of signing in once for all web-based applications is valuable.  All we have is passwords for everything, email, personal and business applications, document shares…. The number of Web services will only increase, and keeping them all straight and secure things s only going to get worse. Trying to manage all these individual passwords is a major problem for security. Many end users cope by re-using their passwords, which exposes all sorts of security holes. One solution is a single sign-on (SSO) tool to automate the logins of enterprise applications and also beef up password complexity, without taxing end users to try to remember dozens of different logins. What is exciting is that there are several products now combine both cloud-based software as a service logins with local desktop Windows logins, and add improved two-factor authentication and smoother federated identity integration.

Hotmail no more

We here at bva have learned that today is the day, Hotmail has officially moved out and Outlook has taken up permenant residency for all you Hotmail account users out there.

Don’t worry, nothing will change to your e-mail address itself, you will still send and recieve messages with your existing name. However that is about the only thing staying the same.

Along with the visual changes you’d get Outlook.com stated that there are two new features that started today. One is the ability to use Microsoft’s cloud storage solution, which I love! It’s much easier to save an attachment to the cloud instead of a hard drive. The other new feature is Simple Mail Transfer Protocol which is a device for recieving e-mails.