Category : Uncategorized

DDOS Attack: Mirai botnet hacks devices with default passwords

miraiWeak default usernames and passwords spawned the massive DDOS attack against internet connected cameras and DVRs. Most botnets use infected PCs to generate an attack. This botnet, Mirai, was of a different breed, specifically programmed to scan the internet searching for poorly secured products, and proceeding to try redundantly obvious and easily guessed passwords. When a poorly secured device was found the botnet attempted to log into the product with a login similar to “admin” and a password with some derivative of “12345”.

The botnet’s maker released the source code, which is programmed to try a list of over 60 password and username combinations. This list gained the botnet access to over 380,000 devices. Mirai also took down the website of security researcher Brian Krebs last month in a DDOS attack.

Unfortunately this could become a bigger problem, as devices connected to the internet, such as cameras and DVRs are not created with security in mind. Passwords are not required to be changed once installed, and on a hunch I can assume that most users are not using their strongest password for their DVR. Security researchers have noticed an upward trend in DDOS attacks, as botnets continue to attack poorly secured devices and infect the devices with malware.

Krebs went online and looked up default usernames and passwords and matched them to devices, creating a list of possibly susceptible devices to the Mirai botnet. Check it out and change your passwords.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techconnect.com 

 

 

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com

What is a VPN and Why do you need it?

VPNWhat is a VPN? A VPN (Virtual Private Network) is a secure, encrypted connection between your computer and the VPN’s Server. No one can see what you do on your desktop outside of that VPN connection. This keeps you safe from Hackers and scammers looking to access your personal information. If you travel and access public Wi-Fi this is a great tool to protect you and your web traffic. I mean who doesn’t go to a Starbuck’s and immediately log into their Wi-Fi?! Without a VPN tool you are opening your personal information to a hacker or scammer just looking for a quick payday.

When choosing the right VPN tool for you and or your company do not focus on the price, look for performance, type of encryption used, support, and reputation. Once you’ve found a company that meets these requirements see If they have a free trial so you can test out their service, you don’t want to get stuck with a slow speeds and unreliable servers. In this day and age there is no reason to deal with issues like that.

Private Internet Access VPN, NordVPN, and Hotspot Shield Elite are three good VPN tools to start researching if you are interested in locking down your web traffic.

VPN, you need one

tunnelA Virtual Private Network, or VPN, is used to connect a private network, such as a company’s internal network, using public wires. In other words you can use an other IP other than your own to appear you are something other than where you actually are. Pretty nifty.

The use of VPNs started as a way for work at home users to access their workplace network just like if they were working in the office. Benefits reach farther now than just work from home capabilities. It is difficult for advanced malware to self install through open ports because the computer will always appear to be another system someplace else. This other machine is often a server that is more heavily protected and harder to attack. Not a sure fire way to avoid attack, but most certainly a viable preventative option.

This presents an extra method of protection, basically playing a little hid and go seek with potential malware. Increased mobile internet usage will eventual open a new vulnerability for hackers to infiltrate, and VPNs could be the eventual answer to avoiding attacks on mobile devices as well. Need for mobile phone VPNs could be the next big thing for data protection.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: You Need a VPN, or You’re Screwed

Nextbit: No Robin Phone for Verizon, Sprint

nextbit robin phone Bad news for those who thought they were going to get the Nextbit Robin smartphone for Sprint and Verizon customers. Nextbit announced that they have decided to cancel plans to launch a CDMA version. Originally, Nextbit was not planning to release a CDMA version. Due to high customer demand, the company decided to try to launch a CDMA version when they started receiving a high influx of user requests.

Nextbit CEO, Tim Moss, said the idea was rushed, and the answers were not clear. The Kickstarter campaign was only 30 days long. The decision to start investigating a CDMA version did not begin until two days into the campaign.

Moss explains that because of the late decision the company was not prepared to meet the demand, “We had to go with the best information we could get before the campaign was over, and over time it turned out that this information was not accurate,”. He goes on further to reveal the cost was much higher than anticipated, from estimated thousands to estimated millions. With little knowledge of when the device would be complete and ready to ship, the company decided to cancel the request altogether.

No need to worry if you already pre-ordered your Nextbit CDMA version. The company has promised to credit each backer their entire pledge including any extras such as accessories and shipping costs. As an added bonus, Nextbit is offering each CDMA backer a 25 percent discount code on one order from the company’s online store.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/news/343017/nextbit-no-robin-phone-for-verizon-sprint?mailing_id=1646016&mailing=DailyNews&mailingID=4C40F34FE0DC8E21A3A653EEBB113330

 

Three Unbelievably Tiny Computers

The market for a device that can easily replace the standard PC has taken a new approach to size. Don’t be fooled, you may be surprised when you find out what is hiding inside these small machines.

Zotac Zbox Sphere

This computer not only breaks the mold in terms of size, but shape. The Zbox is in fact, not a box, but a sphere. Simply twist the circular top and feast your eyes on the interior powerhouse of the computer. The top half of this tiny PC houses an Intel Core i5-42WP 300U motherboard and 4GB of memory. The back panel provides six USB ports, as well as an HDMI and DisplayPort. In addition, the Zbox includes a 802.11ac WiFi module and a spot for an Ethernet cable if preferred. This almost bowling ball like computer packs a serious punch in terms of creativity and power. WP 4

 

 

 

 

Intel Compute Stick

This tiny PC resembles a USB thumb drive, and has stirred massive attention since its release in early 2015. The Intel Compute Stick plugs into any monitWP 5or’s HDMI port, an added bonus for anyone working in tight spaces. Concerned about over heating? Fear not, this tiny machine has a fittingly tiny fan inside, ensuring fast performance without
overheating. Unfortunately the stick does not have an internal battery and thWP 6erefore must run off micro USB power at all times in order to function. What the Intel Compute Stick lacks in battery capabilities it makes up for with a quad-core 1.3GHz processor and 2GB of RAM, with micro SD support for up to 128GB of storage. That’s a lot of power crammed into 4.5 inches.

 

 

 

 

 

Mouse Box

The tiniest computer of the three is cleverly disguised as a computer mouse. The Mouse Box device contains a quad-core 1.4GHz ARM processor, a 128GB solid-state drive, and built-in b/g/n WiFi. The wireless image transfer module allows for easy visual transmitting in addition to the convenient micro HDMI port. The coolest part? Sticking with the mouse motif, the Mouse Box doesn’t need to be plugged in. The inductive charging mat doubles as a mousepad. Although the Mouse Box is not up for public release quite yet, they most certainly have our attention.  WP 8

WP 9

 

 

 

 

 

 

 

 

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.geek.com/chips/the-11-tiniest-most-powerful-computers-your-money-can-buy-1627324/

Microsoft OneDrive raises the bar for cloud storage

Microsoft OneDrive Cloud Storage The Microsoft OneDrive, otherwise known as “device cloud”, is available free of charge for anyone who has created a Microsoft account. Included are 5 GB of free storage, easy access to media files, folder syncing, documents, as well as playing and viewing capabilities in addition to simple storage.

Similar to the iCloud for iPhones and iPads, OneDrive allows iPhone, Android, and Windows phone users to automatically upload photos to the OneDrive camera roll. Combining online storage and syncing into one device, One Drive offers a new convenience for Microsoft users who had to previously deal with separate storage and syncing services. Windows 10 has allowed OneDrive to grow as a built-in capacity. If you utilize other technology platforms OneDrive is compatible with Windows 7 and 8, Mac OS X, iOS, and Android.

 

PROS-

Excellent photo viewing and slideshow capabilities.

Clear interface.

Works with Windows phone, Mac, iOS, and Android.

Easily retrieves any file from a PC.

 

CONS-

Storage offerings shrinking according to a recent release from Microsoft.

Not a share target for Windows 10 apps.

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/article2/0,2817,2409569,00.asp

Microsoft Gets Rid of OneDrive Unlimited Storage

logo_onedrive2014_hero1It’s time to say adios to unlimited storage from Microsoft’s OneDrive.  Subscribers of Office 365 now have 1TB of space rather than unlimited. The 100 GB and 200 GB paid plans will be replaced with 50 GB storage for $1.99, while Free OneDrive storage will go from 15GB of available storage to 5GB.  These changes will take place next year.

The unlimited storage has given users the ability to back up PCs and even store entire movies collections as well as DVR recordings according to the OneDrive FAQ page, sometimes exceeding 75TB per user.  Although OneDrive has gone from unlimited to set limits, the company still reminded its users of what can be stored with the new changes.  For instance, OneDrive Free with 5 GB is still enough to keep around 6,600 Office documents or 1,600 photos.  The 1TB can keep 1 million documents or 330,000 pictures.

You can check how much space you have consumed by visiting the Manage Storage page. If you’ve taken up most of the available storage, Microsoft will notify you to make changes within 90 days or 12 months depending on your plan. You may need to remove files or purchase more storage if that is the case.

Ransomware not yet a threat to Macs

ransomeRansomware, a malicious type of malware that works by encrypting files in exchange for a ransom, has yet to be a threat to Apple computers. This is not to say that Apple’s operating system is any more secure than Windows, it is just that malware developers have not yet figured out writing ransomware for OS X because infecting Windows machines has been extremely profitable enough.  A few security researchers even demonstrated how easy it could be to develop ransomware that targets Macs.  Rafael Salema Marque’s experiment to show how OS X can be targeted took him just a few days and security expert Perdo Vilaca created a proof-of-concept code for his Mac ransomware.

The infamous Cryptowall has proven that ransomware can be devastating to both companies and consumers alike, with losses of more than $18 million. The cost to get a decryption key could range from a few hundred to thousands of dollars, and it is not unusual for the cyber criminals to not even provide the key despite being paid.

A mac user that encounters ransomware would have to somehow be tricked into running it. Apple uses security technology called Gatekeeper which blocks apps from unidentified developers from running. This will help save those from being fooled into running something that is not available in the app store or is not from an identified developer. However, security experts have found software flaws that show that Gatekeeper can be circumvented. This, along with the experiments conducted by Vilaca and Marque, show that although penetrating the OS X is not something to be worried about as of now, never underestimate the potential of these malware developers because infiltrating Mac is not impossible.

 

Bitdefender cracks Linux Ransomware

Those infected with the recently released ransomware for Linux should thank researchers from Bitdefender as they have created a tool that can decrypt victims’ files. They did this by discovering a major flaw in the implementation of their encryption algorithm.

The Linux.Encoder.1 ransomware works by using the Advanced Encryption Standard (AES), which is then encrypted too by using an asymmetric encryption algorithm, RSA. This algorithm has two keys, a public key to encrypt data and a private key to decrypt it. Only the public key is sent to the infected systems and the private is retained by the attackers. However, researchers realized that once the AES keys have been generated, the program has a source of weak data-time and date. This time stamp determines when the key files were created and researchers can reverse the process and recover the AES key. The tool created by Bitdefender determines the initialization vectors as well as the AES encryption keys by analysis of the files and fixing their permissions on the system. You can find complete instructions on how to use the tool on their blog post.