Category : Security

Undetected Hacker Group Spying Since 2011…

Russia

Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services.  The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.

 

The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.

A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!

 

The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Hundreds of Thousands of Cash Registers HACKED

OracleOracle2

According to security experts, Russian hackers have breached more than 330,000 cash registers in fast food chains, retail stores, and hotels around the world. The target of the hacking was a network point-of-sale-systems manufactured by Micros, says security researcher Brian Krebs.  Oracle, which acquired the Micros network point-of-sale-system in 2014, confirmed the attack with a statement saying the company ” had detected and addressed malicious code in certain legacy Micros systems.” The vulnerability occurred in the system Oracles uses to help customers remotely troubleshoot problems with point-of-sale devices, a Micros infrastructure. The company is unsure of the scale of the breach, but is working to determine the size of the problem that lies ahead. The time of the initial attack is also undetermined, as well as the scope of financial data that may have been stolen. An investigation into the breach did lead to a link between the micros support portal and a server known to be used by a Russian cybercrime group called the Carbanak group.

“This breach could be little more than a nasty malware outbreak at Oracle,” Krebs wrote. “However, the Carbanak Gang’s apparent involvement makes it unlikely the attackers somehow failed to grasp the enormity of access and power that control over the Micros support portal would grant them.” – Brian Krebs, Security Researcher

This is not the first time the company has been the hot seat for how they handle security incidents, in fall of 2015 Oracle settled out of court with the Federal Trade Commission over charges that Oracle had deceived customers about Java (owned by Oracle) platform security updates.

 

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

How to scrub data from your device

Delete

You may be surprised to hear that “Delete” is not an end all function for wiping data clean from your machine. To ensure you data doesn’t get into the wrong hands, perform a secure erase. Whether you are selling an old computer or just want to wipe some sensitive data off your machine completely, Secure Erase is an easy way to get the job done.

SECURE ERASE

When you hit Delete, you most likely expect that all of your data is actually deleted. Unfortunately, this is not the case. Delete doesn’t actually delete your data, what this function does is erase a file’s reference information in the disk directory and marks the blocks as free for reuse. Your operating system might not be able to see it, but your data is still there deep down. Hence the use of file recovery programs, these programs look for blocks that the directory says are not in use, and searches for your data. There is something called bad blocks as well, which is when data is left from partly overwritten blocks, and other actions. Secure Erase command overwrites every track on the disk, meaning, there is no data recovery from a Secure Erase. This is great for data security if you know what you are doing, which most of us don’t, which is why the Secure Erase command has been disabled on most motherboards.

ENCRYPT, REFORMAT, ENCRYPT.

Deleting the last little bit of your data can be easier than you think with the right knowledge. Windows uses an encryption tool called BitLocker, which usually requires a system with a Trusted Platform Module (TPM) chip. Without a TPM you won’t be able to access BitLocker or when you attempt to access BitLocker it will pop up with an error message. Full disk encryption is built into Windows and Mac OS X.

To try BitLocker, go the Control Panel, click System and Security, and then click on BitLocker Drive Encryption. Select the drive and start the process. Encryption will take hours on a large disk, but you should be able to do other work on the system while encryption completes. – Robin Harris, writer for Storage Bits

In order to perform this on a Mac, you will need to access the Mac OS File Vault 2 (10.7 and later) function. Open System Preferences, Find Security and Privacy, and FileVault. Choose Turn On FileVault, select a password option, enable any other accounts you want to access the drive – in this case none – and click Restart. The encryption process will begin and, like Windows, will take some hours if you have a large drive. – Robin Harris, writer for Storage Bits

Once you have your drives encrypted, you need to reformat the drive as a new drive and encrypt it again. The drive is now empty so you won’t be met with long wait times as you did with the previous encryption. The purpose of the second encryption is to ensure that your first encryption key is overwritten, because a really great decrypter could recover the key and decrypt your data, which would make all that work for nothing. The second encryption eliminates that possibility.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

 

 

Remove a Virus from a USB using CMD

Viruses change the attributes of a file or folder, such as the read, write, or execute permission, making such files or folders extremely hard to access. In order to recover a file, we can change the attributes of a file and reset the file’s internal structure. Thats why it is a great tool to know how to remove one using CMD. Amar Shekhar, writer for FossBytes, gives us the low down.

A virus can present itself in your system as a file format that can be hidden from a user, present in a form ‘autorun’ or ‘autoexec’, an exec file or a file with different attribute properties. Examples of such would be, Autorun.inf, Ravmon.exe, New Folder.exe,  and svchost.exe. So how do you remove a virus using CMD from any USB ? Assuming you are already on Windows 10 that is.

Using the cmd command called ‘attrib’ command, will change the attributes of a file, folder, or directory responsible for display, setting and removing attributes such as read-only and archive.

Say there is a virus on your drive.

Run command prompt as administrator. 

Change the drive to the one with the virus, in the case of the researcher this is the D drive. Then press Enter. 

Type attrib and press enter. This command lists all of the files inside the current drive, which makes it easy to identify which is housing the autorun.info virus. 

autorun.inf-in-D-drive

To remove the Virus using CMD, type into your command prompt, attrib -r -a -s -h *.* and press Enter. This removes the read only, archive, system and hidden file attribute from all the files. 

  • -r is for removing the read-only files
  • -a is for removing the archive file
  • -s is for removing the system file
  • -h is for removing the hidden file
  • *.* for all the files with all different types of file extensions 

attrib-command-to-remove-virus-using-cmd

To delete the virus, type del autorun.inf and Enter 

virus

  • Once you have pressed enter, that file should get deleted from the current drive. In case, you want to delete that file from a USB stick, then you can change your current drive to USB drive current drive in step 2 and follow the commands.
  • You can again type ‘attrib’ command to see if the deleted file exists or not. As seen above, it does not exist anymore in the D drive.
  • To remove other viruses with extensions such as ‘.ink’, ‘.exe’, just type Del *.ink or Del *.exe respectively to delete those suspicious files.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : http://fossbytes.com

Do you understand the importance of cyber security?

cybersecurity-professionals-top-complaints

 

 

It is extremely important that you as the user understand why in the heck you should be concerned about the security of your device. Sure you may have heard about the tons of malware out there or the ransomware stealing millions from large corporations, but it is easy to disregard such headlines as a user. “What would anyone want with my computer?” proves to be the usual user mindset. It really does pay to be conscious however, and proactive none the less. Malware, and ransomware, a type of malware, is designed by cyber criminals with boatloads of knowledge as to how to steal your information, passwords, bank account numbers, log-ins, sensitive data and of course, your money. The general tactic appears in the form of downloaded malware or ransomware, unsuspecting to the user, waiting idly by until the person on the other side decides to take a dig into your life. Like the monster under your bed, but worse.

Malware  is something to worry about because for one, it is used to indefinitely steal your data and these days..your money. Not to mention the fact that if you happen to lose to cyber theft, not much can be done to help your case. Most cyber criminals operate in foreign countries outside U.S. legal jurisdiction, and to be honest even if they were, you still wouldn’t get your money back. It’s just not the way it works.

Don’t be a victim.

Ask anyone and they will tell you the quickest way to get hacked is by lack of updates for commonly hacked programs, basically leaving your doors unlocked and asking to be robbed, and by being tricked into installing a Trojan, the equivalent of the robber ringing the doorbell and you inviting them to stay for dinner before they rob you dry. Neither is good!

“Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else.” – Roger A. Grimes computer security columnist for Info World

Malware can be broken down into worms, viruses, Trojans, and hybrids. Viruses spread by infecting other host files and when run initiate the malware to commence. Worms are self replicating, once started they need no further assistance. Trojans need victims to get to business. They do not spread themselves, rather the originating hacker must spread each copy to each victim separately, usually via email. The benefit to this is that unless you experience ransomware, that locks the device, Trojans can be removed once identified.

You’d be surprised the amount of users that still give away their logins to hackers every day. It’s insane. Typically the user is sent a phishing email asking for credentials and claims to be from a legitimate website. Many times the email makes a small call to action such as threatening the termination of service. Trust the website in this case, not the email and go directly to the website to confirm.

Signature-based anti-malware simply cannot keep up with the thousands of malicious programs that hit each month. That is just the truth of the matter. Some of the responsibility must be in the hands of the user, or a good IT management team. A single antivirus program can only get so far, it would be who of you to periodically run a boatload of free antivirus programs at once. Together, the programs together can identify what the single one could not.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.infoworld.com

Secure your Dropbox in a few easy steps

dropbox

Many of us use Dropbox for it’s ease of use and accessibility, which is all the more reason to make it extra safe. One-factor authentication is no longer enough to protect against hacking due to incredibly weak passwords, (we are all guilty of this one). Two-step verification requires you to enter both your password and a security code sent to your mobile phone. This is by far one of the easiest ways to beef up your Dropbox security. To enable two-step verification, simply log into your Dropbox account and click your username in the upper-right corner of your Dropbox window. From here you should be able to find Settings from the menu. Click the Security tab, then click Enable under two-step verification.

Another way to ensure security is to unlink old devices. Dropbox has the wonderful ability to span across multiple devices, which can also create a security vulnerability if not cleaned up every so often. You’d be surprised how many old devices end up linked to your account after a few years. Find the Security tab as you did when accessing two-step verification, and scroll down the menu to “Devices“. This will show you a list of all the devices that have access to your Dropbox, complete with the date of their most recent Dropbox activity. Go through the list and unlink the devices you no longer use or need by clicking the X to the right of the device name.

Managing application access aids in narrowing the amount of third-party applications that require full access to your account. An app will retain the full access you originally gave it even if you barely use the app anymore. This is also true for applications that the developer has stopped supporting. This creates a very easy window of opportunity for hackers, with a very easy solution. Prevent future security flaws by revoking access of applications you no longer use. Return to the Security tab, and find Apps Linked in the drop-down menu. A list will appear with all of the applications you have authorized to access your Dropbox account. Same as with devices, click the X to the right of the application to remove the app from having access to your account.


If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcworld.com

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com

D-Link Security Flaw Leaves 414, 949 Devices Totally Exposed

dlink-DIR-615-vpn-router-front-panel

A security vulnerability has come to light in D-link networked products. This vulnerability allows someone with hacking knowledge to easily overwrite administrator passwords in home Wi-Fi cameras. The remote execution flaw makes it easy to access devices and add new users with admin access to the interface as well as download malicious firmware or reconfigure products. Basically losing all control without ever knowing it.

The Senrio research team reported the vulnerability lies within the latest firmware update issued to the D-Link DCS-930L Network Cloud Camera. The flaw is by a stack overflow problem located in DCP service which listens to commands on Port 5978.

“The vulnerable function copies data from an incoming string to a stack buffer, overwriting the return address of the function,” Senrio says.

“This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow. The function first copies the assembly code to a hard-set, executable, address. Next, the command triggers the stack overflow and sets the value of the function’s return address to the address of the attacker’s assembly code.”

At the moment 5 of the cameras in the D-Link product line are vulnerable to this flaw. Using the Internet of Things search engine it is estimated that 414,949 devices are open to attack. Over 120 products are recorded as open, which includes routers, modems, access points, and storage products.  According to Senrio, the vulnerability points toward a larger issue of poorly written firmware components used in cheap Systems on Chips (SoCs).

Senrio goes on to say.. “Adoption [of IoT devices] is driven by business rationale but the security exposure is often overlooked. The techniques used to find the WiFi Camera vulnerability are also used to identify vulnerabilities in medical and industrial devices used in hospitals, nuclear power plants, and factories. And often those devices receive just as little security scrutiny as this webcam.”

D-Link said it will be coming up with a patch soon, and that older D-Link models will need to be pulled from the Internet altogether or the owners of said devices will need to accept the risk..


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Have a secure summer with these security suites

status_protected

A security suite is a collection of software utilities that protect a machine from viruses and malware. Within each there are usually three levels of protection, being a standalone antivirus utility, an entry-level security suite, and a suite with additional features of protection including firewall, anti-spam, parental controls etc. Antivirus is the core of a security suite, which is why we only advise security suites with a highly effective antivirus software. Why do I need this junk? A firewall offered protection by monitoring all network traffic and keeps a watchful eye on running applications to make sure there is no misuse of your network. Anti-spam software blocks fraudulent emails so they never make it into your inbox, saving you from being the victim of malware or other encryption that is embedded in email attachments. A security suite is the easiest way to get all the benefits of multiple software applications, all in one. Check out our recommendations and rest assured your machine and your information are protected.

Symantec Norton Security Premium – $50 – Firewall, Anti-spam, Parental Controls,  Tune-Up

-Award-winning parental control. 25GB online backup. Protects up to 10 Windows, Mac OS, Android, and iOS devices. Excellent malicious URL blocking and antiphishing test scores. Smart firewall. Spam filtering. Password management. Performance optimization.

Bitfender Internet Security 2016 – $45 Firewall, Anti-spam, Parental Controls, Backup, Tune-Up

-Highly accurate spam filter, tough firewall, revamped parental controls, ransomware protection. Top performing, manages all features well.

McAfee Internet Security 2016 – $40 – Firewall, Anti-spam, Parental Controls

-Protects all your Windows, Mac OS, Android, and iOS devices.  Accurate anti-phishing and anti-spam, along with multi-factor authentication.

McAfee LiveSafe 2016 – $60 – Firewall, Anti-spam, Parental Controls

-Protects all your Windows, Mac OS, Android, and iOS devices. Antivirus rates high in lab tests and our tests. Accurate antiphishing and antispam. Five licenses for Intel True Key password manager. Impressive Personal Locker encrypted storage uses voice and facial recognition for authentication.

Kaspersky Total Security 2016 – $90 – Firewall, Anti-spam, Parental Controls, Backup, Tune-Up

-Top ratings from labs. Very good scores in PCMag’s hands-on tests. Accurate spam filter. Intelligent, no-hassle firewall. Comprehensive parental control. Remote monitoring and management. Many bonus features. Small performance impact in testing.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.pcmag.com

 

Millions of stolen health records up for sale….

healthcare_record

The seller of these ten million health records goes by ‘thedarkoverlord’ and began listing the data last weekend. The seller claims the data to reveal over 9.2 million health insurance records from US patients and is on sale for 750 bitcoins. A rate of $486,000 when released Monday. The data also supposedly entails addresses, names, emails, phone numbers, date of birth, and most unnerving, social security numbers.

A little bit of research by ZDNet reports that the seller’s ad could not be authenticated because the seller did not have any points assigned to his name on the site in which he is selling the $486,000 worth of data. This means that this seller has just popped on the scene, most certainly new to the website. Another site, Motherboard, has contacted some of the users who were able to confirm that the data in a received sample was in fact theirs. The hacker revealed how the data was uncovered, attributing exploitation of a disclosed zero-day flaw in the remote desktop protocol (RDP) as the means for stealing the information. This flaw allows a user to remotely view another user’s desktop, which opens a host of security problems, as you can see, most likely due to poor configuration of remote desktop software. The hacker even said in one of his listings that the data was stored on an “accessible internal network”, in plaintext, which if this is true, would be a direct violation of federal healthcare privacy rules. Healthcare providers and hospitals have been repeatedly the target of attack this year, so it is no surprise that the influx of data up for sale by hackers is patient data.

 


 

If you would like to learn more about the information presented in this post, please visit : www.zdnet.com