Questions? Feedback? powered by Olark live chat software
Security
Team CRTG
Ransomware Named Petya May Be Next WannaCry
Ransomware Named Petya May Be Next WannaCry
Security
Team CRTG
Yet Another Mac Malware Infection Identified
Yet Another Mac Malware Infection Identified
Security
Team CRTG
WannaCry Ransomware Runs Rampant - New Variants ...
WannaCry Ransomware Runs Rampant - New Variants Found
Security, Ask IT
Team CRTG
New Bill May Help Small Businesses With ...
New Bill May Help Small Businesses With Cybersecurity Guidance
Security
Team CRTG
Health Care Employees Have Big Problems With ...
Health Care Employees Have Big Problems With Data Security

Well-Known Travel Site Sabre Gets Hacked

If you used the travel site Saber for booking hotels between August of 2016 and March of 2017, be advised that your data was likely stolen by hackers, including your credit card number, your name as it appears on the card and the card’s expiration date.

Saber is one of the web’s leading travel and booking companies, but like many others, they don’t use their own, proprietary software to actually handle the bookings. Instead, they rely on SynXis Central Reservations system, which is a popular “software as a service.”

The reason that’s relevant is that if hackers have found a way into SynXis, then it’s not just Saber that’s at risk. Any of the web’s other major booking sites could be next, or they could already be infected and it’s just gone unnoticed, as it did in Saber’s case.

In any event, if you’ve used Saber during the timeframe mentioned above, you’ll want to contact your credit card company and report it as being compromised so they can stop any activity on it and issue you a replacement.

You’ll also want to scan all the purchases on your statement during the period to look for any suspicious activity, as you may be paying for goods or services you didn’t authorize.

This latest breach underscores the fact that it’s not just your own actions that can get you into trouble. Any site you use could potentially be a problem for you, especially if the site in question stores your data for any length of time. Note, however, that even if this isn’t the case, a hacker could conduct a man in the middle attack and still intercept sensitive information about you.

So far, 2017 has seen more hacks to this point than any year in the history of the internet, and all indications are that next year will break this year’s record. Be careful out there.

Used with permission from Article Aggregator

,

Ransomware Discovered On Some Google Play Store Apps

,

Researchers from McAfee’s mobile division have discovered a strain of ransomware called “LeakerLocker” on two apps that slipped through Google’s various checks and made their way onto the Google Play Store.

The apps in question were “Booster and Cleaner Pro,” which was billed as an app designed to boost memory on your smartphone, and “Wallpapers Blur HD” which is a wallpaper management app. When Google was informed of the issue, they promptly removed both apps, but there are a few points of interest here.

Firstly, both apps were part of a rewards program, which actually pays users a small sum to install them on their devices. This methodology is becoming increasingly common and has been used in the past to get users to install harmful apps on their devices.

Secondly, the researchers who found the app say that it’s not a scam. What this means is that it doesn’t rely on underhanded tactics in order to install itself, but rather, it relies exclusively on permissions freely granted by the user.

Before Google pulled the plug on these two, the cleaner app was installed between 5k and 10k times, and the wallpaper app was installed between 1k and 5k times. If either of those names sound familiar to you, and you’ve installed, but not yet run the apps, delete them immediately to avoid any potential troubles. If you don’t, you’ll soon find that you can’t get into your phone.

Note that this strain of ransomware doesn’t encrypt your files, but locks your screen and thus makes all your files inaccessible. At that point, your only options are to pay the fee or restore from your most recent backup, neither of which are great options.

While Google has a generally good reputation and a proven ability to stop malicious apps before they ever make it to the play store, as this latest incident underscores, the company isn’t perfect. You can’t ever afford to completely let down your guard.

Used with permission from Article Aggregator

Disconnect Wi-Fi Autoconnect Bug Could Allow Access To Your Smart Phone

A new bug has been discovered that impacts both Android and iOS devices. If you use a smartphone that contains Broadcom Wi-Fi chips, and you probably do, the newly discovered exploit allows an attacker to execute malicious code on your device remotely with no input or action required by you.

The bug was discovered by the security firm Artenstein and reported to Google, but at this point, neither company has released any significant details about the issue. However, Google did release a security patch for it as of July 5.

Other security researchers have reverse-engineered Google’s patch to gain some insight as to exactly how the flaw works, and how it could be used.

It’s being called “Broadpwn,” and appears to be a stack overflow issue in Broadcom Wi-Fi chips. Exploitation can occur when the user’s device receives a WME (Quality of Service) element of malformed length from a network it’s connected to.

All you’d have to do to fall victim to this is walk into range of the attacker’s Wi-Fi network.

Given this, your best defense is to only connect to trusted networks and turn the autoconnect feature off of your phone, lest you risk giving a hacker unfettered control over your device.

Although it’s been patched, at least on the Android side, not everyone sets their devices up to automatically receive security updates. If yours is not set to do so, then take a few minutes to download this one.

This bug also underscores the importance of a growing problem. With Wi-Fi networks being so numerous and readily available these days, many, if not most people casually connect to any network in range without thinking or worrying about the potential downside. If you’re serious about data security, that practice needs to stop.

Used with permission from Article Aggregator

New Trojan Attacks Point-Of-Sale Systems Seeking Card Info

There’s a new piece of malware to worry about called “Neutrino,” and it represents an especially troubling development. It’s a fork of an older, well-developed banking Trojan called “Zeus,” and its designers have gone to great lengths to make sure that it remains undetected for as long as possible so it has more time to do its work. Unlike its parent, this one is designed to infect Point-Of-Sale (POS) systems where it harvests credit card data to send back to its controller.

One of the main things that makes Neutrino so difficult to spot is that once it infects a target system, it goes into an extended hibernation, so as to throw antivirus software and other security scans off its scent. After its specified hibernation period ends, it wakes up and contacts its Command and Control server, run by the software’s controller.

Among other things, Neutrino can:

• Make screenshots
• Search processes by name
• Search files by name on any infected host and send them back to the C&C Server
• Download and execute files sent from the C&C Server, either to spread the infection, or to cause damage to the system
• Change register branches

To steal credit card information, it searches the memory pages and collects information for the strings “Track1” and “Track2” which contain the information normally held by the magnetic stripe on the credit cards run through the system.

Once it has this data, it’s a simple matter to send it back to the C&C Server at whatever interval the hacker has specified.

According to researchers at Kaspersky Labs, for the moment, the largest concentration of infections is in Russia and Kazakhstan, but that could change in the blink of an eye.

At present, companies that sell antivirus software are working to update their databases to detect this latest threat, but of course, that’s an uphill battle. The hackers will merely create a new, undetectable variant, and the cycle will continue. For now, just be advised that there’s yet another threat to worry about, and stay on your guard.

Used with permission from Article Aggregator

Linux Gets Its Own Wannacry-like Variant

If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.

It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.

Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:

There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.

When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.

The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.

As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.

The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.

While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.

Used with permission from Article Aggregator

Some Intel Processors Could Crash Systems With Hyperthreading Enabled

If you’re using a machine with a Skylake or Kaby Lake Intel processor, you should know that under certain conditions, it may be prone to crashing if hyperthreading is enabled.

The problem was never formally announced, mostly because what bug reports were released on the topic were spotty and inconsistent. So far, at least, no one seems to be able to pin down what the precise conditions are that cause the crash, resulting in a small subset of bug reports that are highly inconsistent and paint an unclear picture of exactly what the root of the problem is.

In any case, there are three things to note.

Linux users are in luck. Microcode updates are available that address the issue on those machines.

Windows 10 users are out of luck, at least so far. The latest Wintel Microcode updates don’t seem to include the fix, and there’s been no mention, at least to this point, of when that might change.

That brings us to the third major point. For the time being, if you’re using a Wintel machine with either of the processors mentioned above, the best way to ensure you don’t have to worry about the crash problem is to disable hyperthreading.

On the other hand, the crash bug has only happened in a few, widely scattered cases, as evidenced by the spotty and inconsistent bug reports surrounding the issue.

Because of this, many, if not most users will likely opt to simply do nothing and take their chances. In any case, being forewarned is bring forearmed. Even though the crash bug is quite rare, it’s better to know about it and know the decisive fix (at least until a more permanent, Microcode fix is release), so you can make an informed decision as opposed to being caught unaware.

Used with permission from Article Aggregator

Why Do Ransomware Attacks Continue To Rise?

The total number of ransomware attacks has seen a massive spike, with nearly 50 percent more attacks against PCs occurring this year than last year. In the same time period, ransomware attacks against mobile devices fell marginally from 137,000 by this point last year to 130,000 this year. However, those numbers are tiny compared to the number of PC-targeted attacks and do little to stem the rising tide.

While there are a number of factors driving the surge, the biggest of these is also one of the simplest: profit. Ransomware is increasingly easy to make, difficult to detect and even more difficult to defend against.

A significant percentage of those infected don’t have good, recent backups in place, and have little choice but to pay the piper and hope the hackers will play fair and restore their files. Even a modestly successful ransomware attack can net the hacker launching it thousands of dollars, and there’s very little in the way of risk or downside.

In addition, hackers are beginning to unite. They’re forming large organizations with tremendous bench strength and a wide range of skills that enable them to constantly improve their software, making attacks even more effective. This is a recipe for disaster guarantees that the number of such attacks will only continue to climb.

A single hacker would find it virtually impossible to launch a globe-spanning attack like the recent Wannacry, or the even more recent Petya attacks. This type of attack takes a robust organization, planning and coordination to pull off successfully, and is a sign of things to come.

Not to say that individual rogue hackers won’t continue to be a presence online, but more and more, attacks are being orchestrated by increasingly well-heeled organizations, and that could spell big problems as time goes by. It also virtually guarantees that next year will see even more attacks of all types (including ransomware attacks) than this year.

Used with permission from Article Aggregator

Social Media Data Helping To Predict Violent Threats

A new study conducted by Cardiff University provides some insights about the power of social media that are both surprising and completely expected in the same moment.

The study focused on Twitter and using tweets to help identify dangerous situations, with the goal being to learn if social media trends could be used to identify potentially dangerous developing situations faster than police reports, which have been the longstanding standard.

It turns out that the answer is a resounding yes.

The researchers combined a dataset of 1.6 million tweets from the London riots in 2011 with a machine learning algorithm which automatically scans Twitter for potential threats. The three primary variables taken into account were street name, time of tweet and key words, which vary from one situation to the next, depending on what someone is looking for.

The results from the Cardiff research were confirmation that data drawn from Twitter can predict violent threats up to an hour faster than conventional methods that rely on police reports and official data sources.

The fact that social media is so much faster is a bit surprising. On the other hand, there are some companies in business today selling their ability to do that very thing, which is what makes the results less of a surprise and more of a confirmation. After all, if these companies weren’t successful at making predictions using something close to real time social media data mining, then they wouldn’t still be in business.

The lesson to be learned here is simple. We’re getting increasingly adept at handling very large datasets, and that data can be mined in real time (or close to real time) to produce actionable intelligence.

The same algorithm that can be used to predict violent outbursts in a large city can be tweaked for use by businesses to provide a variety of intelligence. If it’s not something you’ve considered before, now is the time to factor it into your thinking.

Used with permission from Article Aggregator

New Vulnerability Found In Skype That Could Allow Hackers Access

If you’re one of the millions of Skype users around the world, check to see what version you’re using. If you haven’t upgraded to the latest build, you’re at risk.

Recently, a new vulnerability came to light that allows hackers to take advantage of a security flaw in the software’s clipboard function that could spell big trouble for you.

The vulnerability works like this:

Hackers create a poisoned image file, and then copy/pastes it from the computer’s clipboard into a Skype message window.

Once the image has been loaded onto the clipboard on both the hacker’s machine and the recipient’s, Skype experiences a stack overflow error which causes the application to crash. When that happens, it opens the door, enabling the hacker to execute additional, more damaging or compromising exploits that could lead to a complete loss of control of your system.

The worst part of all is that no user interaction is required for the hacker to create the conditions by which the additional attacks can be made against the target computer.
Microsoft, which bought Skype in 2011, rated this as a high-security risk vulnerability, with a 7.2 CVSS score. It affects versions 7.2, 7.35, and 7.36 of the messaging software on Windows XP, Windows 7 and Windows 8.

Fortunately, the company patched the vulnerability in Skype v7.37, so if it’s been a while since you’ve upgraded, now is the time.

This is an especially problematic vulnerability because of the sheer popularity of Skype as a messaging platform. Not only is it used by millions of people around the world, but it’s becoming an increasingly popular communications tool in the enterprise setting.

As ever, vigilance is the order of the day, and one of the keys to remaining vigilant is to make sure all the software on your various devices is up to date and fully patched.

Used with permission from Article Aggregator

,

New Survey Shows Alarming Trends In Cybersecurity For Businesses

,

A new survey released by Guidance Software reveals some disturbing trends about the state of cyber security. The survey asked 330 IT and digital security professionals questions about cyber-attacks and their impact on the organizations they serve.

The biggest news was in how many organizations reported that they’d been the victims of a malware attack so far this year, with fully 65 percent reporting in the affirmative. That’s up from 56 percent this same time last year.

Worse, nearly a quarter (23 percent) of respondents indicated that they’d been the victim of a ransomware attack, with nine percent admitting to having paid the ransom to get their files restored. This is significant, because in last year’s survey, none of the respondents indicated having paid a ransom. What’s worse is that nearly half (48 percent) indicated certainty that they’d be hit by a ransomware attack sometime in 2017.

In terms of losses, a quarter of those surveyed indicated that their firms had suffered financially as a direct result of successful attacks over the past year. Of those, 20 percent indicated losses in excess of a million dollars.

Also of interest were the things IT professionals listed as their biggest challenges, with 35 percent citing proper risk assessment, 34 percent citing policy enforcement and 31 percent citing managing the complexity of digital security in general.

To anyone in IT, all three of these challenges will ring familiar. They are persistent hobgoblins that have plagued the industry for years, and unfortunately, that doesn’t show any sign of changing soon.

The silver lining for you as a business owner is knowing that these are the most often cited challenges faced by IT staff. You can assess your own department and begin making the changes necessary to help reduce the impact of all three.

Budgetary constraints may prevent you from solving them outright, but armed with these survey results, you can certainly begin making steady, incremental improvements. Your IT staff will love you for it.

Used with permission from Article Aggregator

Can Your Car Be Hacked Just With A USB Stick?

Jay Turla has been a very busy man since purchasing his new Mazda vehicle. He’s been spending time researching hacks to his car’s infotainment system, and as with most other “smart” products on the market today, he’s finding the system incredibly easy to break into.

He’s not alone. In fact, a whole online community has grown up around the idea of hacking various models of Mazda cars.

A variety of security researchers have confirmed what the online community has known for more than three years. Mazda’s infotainment system contains a raft of bugs that make it incredibly easy to hack the system. In fact, the online community has even built an app that automates the process.

Turla started with the app and began making tweaks and changes to see exactly what he could accomplish in terms of hacking his car. His key finding? All he had to do was plug a USB stick into the car. Once that was done, the scripts would execute automatically and begin making changes.

On the surface of it, that sounds pretty bad, and it certainly underscores the ongoing problem with today’s smart devices – they’re incredibly easy to hack and very few product manufacturers have expressed much interest in providing better security for the devices they make. Mazda is a classic example of this very phenomenon; remember, these bugs have been well-known for more than three years!

From a practical standpoint, though, the ability to easily hack the car’s infotainment system isn’t as bad as it could be. You can’t, for example, use these hacks to auto-start the car, or change any of the critical settings…at least not yet.

While Mazda insists that it’s not possible to impact anything but the car’s infotainment system, the hacking community isn’t convinced. Neither is Turla, who says he plans to continue his research to see just how far he can take his automated hacks.

This is certainly no reason not to buy a Mazda, but it’s something to keep in mind, and here’s hoping that at some point, manufacturers of smart devices start taking security more seriously.

Used with permission from Article Aggregator

,

Google Gets Huge Fine From EU For Manipulating Search Results

,

Google is in trouble with the EU. This is nothing new. The search engine giant has been fighting an ongoing battle with the European Union for a number of years now over a variety of claims that they’re unfairly using their dominance in search to skew results against selected competitors. What has changed is that recently, the EU handed down a staggering $2.7 billion dollar fine as evidence has surfaced that the company did indeed skew search results.

Ironically, in this particular case, the suit was brought by another American company, not a European one. It was none other than Microsoft, which has faced its share of legal challenges from across the pond.

The charge was that Google had tweaked their search engine results to promote their own shopping platform (originally billed as Froogle, and later re-branded as Google Shopping).

When Google launched their service, there were already a number of other shopping and price comparison platforms on the web, and Froogle floundered and never found an audience. In fact, a memo turned up in which a Google engineer declared that “Froogle simply doesn’t work.”

That changed in 2008 when the service started taking off, an event which coincided with Google actively pushing it in its search results. When that happened, many of its better developed rival services wound up falling to as far as page four in the search results, which is essentially the kiss of death.

Market studies have shown that products and services on page one of the search results get about 95 percent of all internet traffic. Second page results get about one percent, and anything beyond page to gets essentially zero traffic, which means that Google killed off many of its would-be rivals, simply by denying them visibility.

According to statistics presented by EU investigators, Google Shopping’s rival services lost between 80 percent and 92 percent of their normal traffic after Google began pushing its own product.

The recent announcement opens the door for those now failed rivals to sue the company, and there are two additional EU anti-trust suits pending.

Used with permission from Article Aggregator

Serving Orange County, Los Angeles County, San Diego County

and the Inland Empire

 

Orange County (Corp. HQ & Training Center)

3555 Harbor Gateway South, Suite B,

Costa Mesa, CA 92626

714-881-8000

 

Inland Empire

8333 East Foothill Blvd.

Rancho Cucamonga, CA 91730

909-460-8700

 

San Diego

8880 Rio San Diego Dr. Suite 800

San Diego, CA 92108

619-880-2200

 

Partners