Category : Security

Teenage hacker grabs massive data from 800,000 open FTP servers

hacker

Not all teenagers are sneaking out in the middle of the night, one is sneaking into nearly 800,000 open FTP servers. The story begins with a security researcher, Minxomat, scanning IPv4 addresses to find nearly a million open FTP servers needing no authentication for access. This scan revealed that not only is no authentication needed but that 4.32 percent of all FTP servers in the IPv4 space can be accessed by an anonymous user login with no password. Seriously!!

Shortly there after this report was released, reports surfaced that a young teen hacker by the name of “Fear” had gained access to and downloaded massive amounts of data from every state with a domain on .us, as well as some .gov domains. (In a report to Network World)

“I gained access to an FTP server that listed access to all the FTPs on .us domains, and those .us domains were hosted along with .gov, so I was able to access everything they hosted, such as public data, private data, source codes etc.,” Fear told DataBreaches.net. It was “very simple,” he said, “to gain access to the first box that listed all the .us domains and their FTP server logins.”

Network World

He later added to this claim, stating that the attack was a SQL injection (poorly coded web database that leaks information). Fear gained access to credit card information, social security numbers, email address, home addresses, phone numbers, and web-banking transactions. Fear claims there was no encryption to protect the data and that he could “read all of it in plain text form”

His message to those responsible for securing state and government FTP servers is: “5 char passwords won’t save your boxes.”

On Sunday, someone in Florida attempted to secure the data, taking down the FTP server before password-protecting it and bringing it back up, but Fear said, “Too bad they don’t know its backdoored LOL…. they legit suck at security.”

Network World

Security professions are questioning the reliability of the claim.

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen,” said Neustar Senior Vice President Rodney Joffee.

But as Fear states “It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen,”

The Hill 


If you would like to learn more about the infomration presented in this blog post please visit: www.networkworld.com  www.thehill.com 

 

Pegasus Spyware Detected – Upgrade to iOS 9.3.5 ASAP

Pegasus2Pegasus

Malware that spies on user phone calls and text messages, has been alleviated thanks to the latest iOS mobile operating system upgrade, and the wise proceedings of a human rights activist. Canadian cyber security research group, Citizen Lab, published a report that a human rights activist, Ahmed Mansoor, received a text message with a malicious malware link attached. Thankfully Mansoor was not tempted to click on the link.

Rather he passed the link to Citizen Lab where researchers identified the correlation between the link and the NSO Group, an Israeli company notorious for selling a government-exclusive spyware product, Pegasus, that is described as a “lawful intercept”. Most have dubbed this the most sophisticated spyware software detected and Apple, Android and Blackberry smartphone users are the target. The main difference between this malware and others is Pegasus’s ability to infect the powerhouse of the operating system, the kernel of the phone. This allows the software to intercept any conversation before encryption ever takes place, so encrypting such apps proves pointless against Pegasus. The link would have been capable of jail breaking the iPhone and installing surveillance software used to access the camera and microphone. Mansoor’s WhatsApp and Viber calls would have been especially vulnerable in addition to his GPS location services.

Citizen Lab wrote in its report that “[w]e are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign.”

Last Thursday Apple released the latest version of iOS 9.3.5, which I highly advise upgrading to if you have not already done so. The update improves how iOS devices access memory and adds a patch that prevents visits to maliciously crafted websites from remotely executing arbitrary code.

Phew.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com 

Security Alert – Hide your IP Address

ipaddress

IP address is the identifier that allows information to be sent between devices on a network. It contains location information and makes devices accessible for communication. IP addresses are mathematically assigned by the Internet Assigned Names Authority (bet you didn’t know that!). This might be fine and dandy news for the non-technical, but odds are you still have no idea why hiding your IP address is advised. Since your IP has location information, it can be used to discern your physical location. The accuracy of determining your location via IP address information is actually extremely accurate. Another reason to hide your IP is the increase in cyberattacks as of late. IP addresses can often be used to target attacks.

You can also hide your IP with the goal of watching blocked content in your region.

Changing your IP can be done, but this is a more detailed process. Hiding it is a much easier option.

A Virtual Private Network creates an encrypted tunnel between your device and the service’s server rather than connecting to a website directly, adding a layer of protection. The VPN allows you to connect to the internet as normal and retrieve the information but through the tunnel created. This ensures that your web traffic cannot be intercepted, and furthermore anyone looking at the IP will only see the IP address of the VPN.

What you can also do is use a series of computers that are distributed across the globe. Rather than a request made between two points, your computer will send out layered requests that are each encrypted. You will be relayed from Tor node to Tor node before exiting the network and reaching the desired destination. Each node only knows the previous jump and the last jump. This method of Tor will make your movements much harder to track, making you much less susceptible to attack. In order to complete this method, download the Tor Browser, or talk to your IT professionals.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Protect your HR department against Cyber Attack

Human resources management concept business man selecting virtual interface

Human Resources is often the target of malicious attacks via hackers and fraudulent email, simply because of the wealth of information available in your HR department. Employee names, birth dates, Social Security numbers, W2 forms and addresses will snag a high price tag on the dark net. The most common means for obtaining this information is phishing emails that appear to be from a trusted employee or head executive asking for sensitive company data, financial records, or access to employee information. In most cases the employee on the receiving end of the email cannot recognize that the email is fraudulent, and will pass on the information without hesitation. HR departments from numerous organizations have reported W-2 tax form whaling scams. After receiving a spoof letter from a company executive requesting employee information, Seagate Technology said employees handed over thousands of current and past employee W-2 forms. Snapchat has reported a similar story, stating that a scammer posed as CEO Evan Speigel and asked for payroll data and an employee in the payroll department complied thinking the request was legitimate.

The hackers are not going to stop asking for your information so you might as well protect your company from vulnerabilities. This means educating employees, storing data in the cloud, encrypting such data in the cloud storage, and bringing in Identity Management Software. As always I recommend a highly capable IT department as well.

Train your employees about the elements and characteristics of company emails. Teach them to pay attention to the person requesting the information as well as the information in question. Let them get used to asking “Why?” before pressing send. For example, the head of the financial department has access to all financial data and probably does not need to email employees in the financial department for additional access. This may sound like pure common sense, but it never hurt to reiterate the importance. Let employees see what a fraudulent phishing email lots like. Cybersecurity training company KnowBe4, has taken a hands on approach to teaching employees to recognize phishing emails. Sending over 300,000 fraudulent emails to employees at 300 client companies over the course of the year, using the example emails to educate staff on key elements to spot an attack email. According to KnowBe4 founder and CEo Stu Sjouwerman, before the training 16 percent of employees clicked on links in the simualted phishing emails, after a year of education only 1 percent of employees clicked on the links.

Regardless of how much training you provide for your employees, all it takes to create chaos is one simple mistake.

A viable way to double the protection in this case would be to encrypt data and store it in the cloud, rather than in document folders on the desktop or laptop. If an employee were to accidentally release information to a non-credible source, the hacker would be lead to a link they could not open because additional information needed to open the link would not be in the hands of the hacker.

San Francisco identity management company, OneLogin, has banned the use of files in their office entirely. CEO Thomas Pedersen gives us his reasoning, “It’s for security reasons as well as productivity,” said David Meyer, OneLogin’s cofounder and Vice President of Product Development. “If an employee’s laptop is stolen, it doesn’t matter because nothing’s on it.” Not a bad idea.

Identity Management Software that controls log-ins and passwords is a great tool to protect your HR department. Rather than trusting that HR staff are protecting usernames and passwords for each platform they use for payroll, benefits, recruiting, scheduling and such, the single log-in allows access to everything. This helps the employees, as only one password needs to be remembered, eliminating the need to write down passwords or save them elsewhere. The identity management software you choose should use a multi-factor authentication, which ensures even if the password got into the wrong hands, additional approval from another device will be needed to access the log-in. Companies can also employ geofencing to restrict log-ins so admins can only sign in from specified areas, such as the office.

HR tech platforms and cybersecurity firms are working together to improve the security of HR departments, fingerprint log-in is one of the safer means of logging in, but that technology is not available across all platforms. Until these needs can be met, the best protection is prevention.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Why You Need to Deploy Encryption and How

encryption

Encryption is the transformation of data from plain text to ciphertext. In other words, basically taking data that is easy to read and placing it into a riddle that has no rhyme or pattern so that only those that know the riddle, can read your data. Still with me?

Encryption alone is not enough to guarantee the safety of your data. An endpoint protection software is necessary to monitor for malware, especially making sure you aren’t hit with ransomware which will most certainly blackmail you for the encryption key, bringing us back to square one. It is known however, that hackers don’t particularly like encrypted data, and are much less likely to continue along once they learn you’ve employed encryption throughout your business.

“The best reason to encrypt your data is that it lowers your value,” said Mike McCamon, President and CMO at SpiderOadk. “Even if [attackers] got in, all the data stored is encrypted. They’d have no way to do anything if they downloaded it.”

Passwords are a great start, but lets take it one step further. If an attacker were to get into your network they most likely can navigate around and find where all your passwords are kept, again back to square one. No point in a password if hackers can find it without breaking a sweat. Password encryption allows you to put an extra layer of protection on your passwords. Any password you use to log in to a portal, will be encrypted as soon as you press Enter. The password will be scrambled and saved on your company’s endpoint in the same matter explained above, a riddle so to speak. The only way to get past the encryption is to have the encryption key.

Protect the house, with database and server encryption. Anyone who can gain access to your network can see information in plain text. If the house of all your data is in plain text, that is a surefire road to disaster.

Secure Sockets Layer (SSL) Encryption  protects the transfer of data from the browser to the website. This will encrypt and protect the data employees and clients exchange via browsers to your company website. This is a safeguard against the interception of information as it is being transferred from the browser to the endpoint. However, once the data has reached your company server the information will be in plain text, and yet another encryption method should be used.

Email identity encryption provides employees with a complex key, known as a Pretty Good Privacy (PGP) key. This key is given to all email recipients, so that if and possibly when one of your clients receives an email without the decryption prompt, such as one claiming to be from your company’s CEO, the client knows to ignore the email.

Device Encryption is critical to the safety of your organisation. Device encryption should be required of all employees. IT management can significantly help in this process, and can also set up mobile device management software for all mobile devices. This will protect your employees and your business from avoidable and preventable vulnerability.

End-to-End and Zero-Knowledge Encryption is the most comprehensive form of encryption. Before your data can reach the end-point it is manipulated, jumbled, bamboozled – including all log ins, device passwords, application information, files. The only way to decipher the code and gain access to the information is with an encryption key that only your IT management company has, along with the software company that works to encrypt the data.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Undetected Hacker Group Spying Since 2011…

Russia

Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services.  The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.

 

The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.

A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!

 

The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Hundreds of Thousands of Cash Registers HACKED

OracleOracle2

According to security experts, Russian hackers have breached more than 330,000 cash registers in fast food chains, retail stores, and hotels around the world. The target of the hacking was a network point-of-sale-systems manufactured by Micros, says security researcher Brian Krebs.  Oracle, which acquired the Micros network point-of-sale-system in 2014, confirmed the attack with a statement saying the company ” had detected and addressed malicious code in certain legacy Micros systems.” The vulnerability occurred in the system Oracles uses to help customers remotely troubleshoot problems with point-of-sale devices, a Micros infrastructure. The company is unsure of the scale of the breach, but is working to determine the size of the problem that lies ahead. The time of the initial attack is also undetermined, as well as the scope of financial data that may have been stolen. An investigation into the breach did lead to a link between the micros support portal and a server known to be used by a Russian cybercrime group called the Carbanak group.

“This breach could be little more than a nasty malware outbreak at Oracle,” Krebs wrote. “However, the Carbanak Gang’s apparent involvement makes it unlikely the attackers somehow failed to grasp the enormity of access and power that control over the Micros support portal would grant them.” – Brian Krebs, Security Researcher

This is not the first time the company has been the hot seat for how they handle security incidents, in fall of 2015 Oracle settled out of court with the Federal Trade Commission over charges that Oracle had deceived customers about Java (owned by Oracle) platform security updates.

 

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

How to scrub data from your device

Delete

You may be surprised to hear that “Delete” is not an end all function for wiping data clean from your machine. To ensure you data doesn’t get into the wrong hands, perform a secure erase. Whether you are selling an old computer or just want to wipe some sensitive data off your machine completely, Secure Erase is an easy way to get the job done.

SECURE ERASE

When you hit Delete, you most likely expect that all of your data is actually deleted. Unfortunately, this is not the case. Delete doesn’t actually delete your data, what this function does is erase a file’s reference information in the disk directory and marks the blocks as free for reuse. Your operating system might not be able to see it, but your data is still there deep down. Hence the use of file recovery programs, these programs look for blocks that the directory says are not in use, and searches for your data. There is something called bad blocks as well, which is when data is left from partly overwritten blocks, and other actions. Secure Erase command overwrites every track on the disk, meaning, there is no data recovery from a Secure Erase. This is great for data security if you know what you are doing, which most of us don’t, which is why the Secure Erase command has been disabled on most motherboards.

ENCRYPT, REFORMAT, ENCRYPT.

Deleting the last little bit of your data can be easier than you think with the right knowledge. Windows uses an encryption tool called BitLocker, which usually requires a system with a Trusted Platform Module (TPM) chip. Without a TPM you won’t be able to access BitLocker or when you attempt to access BitLocker it will pop up with an error message. Full disk encryption is built into Windows and Mac OS X.

To try BitLocker, go the Control Panel, click System and Security, and then click on BitLocker Drive Encryption. Select the drive and start the process. Encryption will take hours on a large disk, but you should be able to do other work on the system while encryption completes. – Robin Harris, writer for Storage Bits

In order to perform this on a Mac, you will need to access the Mac OS File Vault 2 (10.7 and later) function. Open System Preferences, Find Security and Privacy, and FileVault. Choose Turn On FileVault, select a password option, enable any other accounts you want to access the drive – in this case none – and click Restart. The encryption process will begin and, like Windows, will take some hours if you have a large drive. – Robin Harris, writer for Storage Bits

Once you have your drives encrypted, you need to reformat the drive as a new drive and encrypt it again. The drive is now empty so you won’t be met with long wait times as you did with the previous encryption. The purpose of the second encryption is to ensure that your first encryption key is overwritten, because a really great decrypter could recover the key and decrypt your data, which would make all that work for nothing. The second encryption eliminates that possibility.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

 

 

Remove a Virus from a USB using CMD

Viruses change the attributes of a file or folder, such as the read, write, or execute permission, making such files or folders extremely hard to access. In order to recover a file, we can change the attributes of a file and reset the file’s internal structure. Thats why it is a great tool to know how to remove one using CMD. Amar Shekhar, writer for FossBytes, gives us the low down.

A virus can present itself in your system as a file format that can be hidden from a user, present in a form ‘autorun’ or ‘autoexec’, an exec file or a file with different attribute properties. Examples of such would be, Autorun.inf, Ravmon.exe, New Folder.exe,  and svchost.exe. So how do you remove a virus using CMD from any USB ? Assuming you are already on Windows 10 that is.

Using the cmd command called ‘attrib’ command, will change the attributes of a file, folder, or directory responsible for display, setting and removing attributes such as read-only and archive.

Say there is a virus on your drive.

Run command prompt as administrator. 

Change the drive to the one with the virus, in the case of the researcher this is the D drive. Then press Enter. 

Type attrib and press enter. This command lists all of the files inside the current drive, which makes it easy to identify which is housing the autorun.info virus. 

autorun.inf-in-D-drive

To remove the Virus using CMD, type into your command prompt, attrib -r -a -s -h *.* and press Enter. This removes the read only, archive, system and hidden file attribute from all the files. 

  • -r is for removing the read-only files
  • -a is for removing the archive file
  • -s is for removing the system file
  • -h is for removing the hidden file
  • *.* for all the files with all different types of file extensions 

attrib-command-to-remove-virus-using-cmd

To delete the virus, type del autorun.inf and Enter 

virus

  • Once you have pressed enter, that file should get deleted from the current drive. In case, you want to delete that file from a USB stick, then you can change your current drive to USB drive current drive in step 2 and follow the commands.
  • You can again type ‘attrib’ command to see if the deleted file exists or not. As seen above, it does not exist anymore in the D drive.
  • To remove other viruses with extensions such as ‘.ink’, ‘.exe’, just type Del *.ink or Del *.exe respectively to delete those suspicious files.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : http://fossbytes.com

Do you understand the importance of cyber security?

cybersecurity-professionals-top-complaints

 

 

It is extremely important that you as the user understand why in the heck you should be concerned about the security of your device. Sure you may have heard about the tons of malware out there or the ransomware stealing millions from large corporations, but it is easy to disregard such headlines as a user. “What would anyone want with my computer?” proves to be the usual user mindset. It really does pay to be conscious however, and proactive none the less. Malware, and ransomware, a type of malware, is designed by cyber criminals with boatloads of knowledge as to how to steal your information, passwords, bank account numbers, log-ins, sensitive data and of course, your money. The general tactic appears in the form of downloaded malware or ransomware, unsuspecting to the user, waiting idly by until the person on the other side decides to take a dig into your life. Like the monster under your bed, but worse.

Malware  is something to worry about because for one, it is used to indefinitely steal your data and these days..your money. Not to mention the fact that if you happen to lose to cyber theft, not much can be done to help your case. Most cyber criminals operate in foreign countries outside U.S. legal jurisdiction, and to be honest even if they were, you still wouldn’t get your money back. It’s just not the way it works.

Don’t be a victim.

Ask anyone and they will tell you the quickest way to get hacked is by lack of updates for commonly hacked programs, basically leaving your doors unlocked and asking to be robbed, and by being tricked into installing a Trojan, the equivalent of the robber ringing the doorbell and you inviting them to stay for dinner before they rob you dry. Neither is good!

“Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else.” – Roger A. Grimes computer security columnist for Info World

Malware can be broken down into worms, viruses, Trojans, and hybrids. Viruses spread by infecting other host files and when run initiate the malware to commence. Worms are self replicating, once started they need no further assistance. Trojans need victims to get to business. They do not spread themselves, rather the originating hacker must spread each copy to each victim separately, usually via email. The benefit to this is that unless you experience ransomware, that locks the device, Trojans can be removed once identified.

You’d be surprised the amount of users that still give away their logins to hackers every day. It’s insane. Typically the user is sent a phishing email asking for credentials and claims to be from a legitimate website. Many times the email makes a small call to action such as threatening the termination of service. Trust the website in this case, not the email and go directly to the website to confirm.

Signature-based anti-malware simply cannot keep up with the thousands of malicious programs that hit each month. That is just the truth of the matter. Some of the responsibility must be in the hands of the user, or a good IT management team. A single antivirus program can only get so far, it would be who of you to periodically run a boatload of free antivirus programs at once. Together, the programs together can identify what the single one could not.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.infoworld.com