Questions? Feedback? powered by Olark live chat software
Security
Team CRTG
Ransomware Named Petya May Be Next WannaCry
Ransomware Named Petya May Be Next WannaCry
Security
Team CRTG
Yet Another Mac Malware Infection Identified
Yet Another Mac Malware Infection Identified
Security
Team CRTG
WannaCry Ransomware Runs Rampant - New Variants ...
WannaCry Ransomware Runs Rampant - New Variants Found
Security, Ask IT
Team CRTG
New Bill May Help Small Businesses With ...
New Bill May Help Small Businesses With Cybersecurity Guidance
Security
Team CRTG
Health Care Employees Have Big Problems With ...
Health Care Employees Have Big Problems With Data Security

Well-Known Travel Site Sabre Gets Hacked

If you used the travel site Saber for booking hotels between August of 2016 and March of 2017, be advised that your data was likely stolen by hackers, including your credit card number, your name as it appears on the card and the card’s expiration date.

Saber is one of the web’s leading travel and booking companies, but like many others, they don’t use their own, proprietary software to actually handle the bookings. Instead, they rely on SynXis Central Reservations system, which is a popular “software as a service.”

The reason that’s relevant is that if hackers have found a way into SynXis, then it’s not just Saber that’s at risk. Any of the web’s other major booking sites could be next, or they could already be infected and it’s just gone unnoticed, as it did in Saber’s case.

In any event, if you’ve used Saber during the timeframe mentioned above, you’ll want to contact your credit card company and report it as being compromised so they can stop any activity on it and issue you a replacement.

You’ll also want to scan all the purchases on your statement during the period to look for any suspicious activity, as you may be paying for goods or services you didn’t authorize.

This latest breach underscores the fact that it’s not just your own actions that can get you into trouble. Any site you use could potentially be a problem for you, especially if the site in question stores your data for any length of time. Note, however, that even if this isn’t the case, a hacker could conduct a man in the middle attack and still intercept sensitive information about you.

So far, 2017 has seen more hacks to this point than any year in the history of the internet, and all indications are that next year will break this year’s record. Be careful out there.

Used with permission from Article Aggregator

,

Ransomware Discovered On Some Google Play Store Apps

,

Researchers from McAfee’s mobile division have discovered a strain of ransomware called “LeakerLocker” on two apps that slipped through Google’s various checks and made their way onto the Google Play Store.

The apps in question were “Booster and Cleaner Pro,” which was billed as an app designed to boost memory on your smartphone, and “Wallpapers Blur HD” which is a wallpaper management app. When Google was informed of the issue, they promptly removed both apps, but there are a few points of interest here.

Firstly, both apps were part of a rewards program, which actually pays users a small sum to install them on their devices. This methodology is becoming increasingly common and has been used in the past to get users to install harmful apps on their devices.

Secondly, the researchers who found the app say that it’s not a scam. What this means is that it doesn’t rely on underhanded tactics in order to install itself, but rather, it relies exclusively on permissions freely granted by the user.

Before Google pulled the plug on these two, the cleaner app was installed between 5k and 10k times, and the wallpaper app was installed between 1k and 5k times. If either of those names sound familiar to you, and you’ve installed, but not yet run the apps, delete them immediately to avoid any potential troubles. If you don’t, you’ll soon find that you can’t get into your phone.

Note that this strain of ransomware doesn’t encrypt your files, but locks your screen and thus makes all your files inaccessible. At that point, your only options are to pay the fee or restore from your most recent backup, neither of which are great options.

While Google has a generally good reputation and a proven ability to stop malicious apps before they ever make it to the play store, as this latest incident underscores, the company isn’t perfect. You can’t ever afford to completely let down your guard.

Used with permission from Article Aggregator

Disconnect Wi-Fi Autoconnect Bug Could Allow Access To Your Smart Phone

A new bug has been discovered that impacts both Android and iOS devices. If you use a smartphone that contains Broadcom Wi-Fi chips, and you probably do, the newly discovered exploit allows an attacker to execute malicious code on your device remotely with no input or action required by you.

The bug was discovered by the security firm Artenstein and reported to Google, but at this point, neither company has released any significant details about the issue. However, Google did release a security patch for it as of July 5.

Other security researchers have reverse-engineered Google’s patch to gain some insight as to exactly how the flaw works, and how it could be used.

It’s being called “Broadpwn,” and appears to be a stack overflow issue in Broadcom Wi-Fi chips. Exploitation can occur when the user’s device receives a WME (Quality of Service) element of malformed length from a network it’s connected to.

All you’d have to do to fall victim to this is walk into range of the attacker’s Wi-Fi network.

Given this, your best defense is to only connect to trusted networks and turn the autoconnect feature off of your phone, lest you risk giving a hacker unfettered control over your device.

Although it’s been patched, at least on the Android side, not everyone sets their devices up to automatically receive security updates. If yours is not set to do so, then take a few minutes to download this one.

This bug also underscores the importance of a growing problem. With Wi-Fi networks being so numerous and readily available these days, many, if not most people casually connect to any network in range without thinking or worrying about the potential downside. If you’re serious about data security, that practice needs to stop.

Used with permission from Article Aggregator

New Trojan Attacks Point-Of-Sale Systems Seeking Card Info

There’s a new piece of malware to worry about called “Neutrino,” and it represents an especially troubling development. It’s a fork of an older, well-developed banking Trojan called “Zeus,” and its designers have gone to great lengths to make sure that it remains undetected for as long as possible so it has more time to do its work. Unlike its parent, this one is designed to infect Point-Of-Sale (POS) systems where it harvests credit card data to send back to its controller.

One of the main things that makes Neutrino so difficult to spot is that once it infects a target system, it goes into an extended hibernation, so as to throw antivirus software and other security scans off its scent. After its specified hibernation period ends, it wakes up and contacts its Command and Control server, run by the software’s controller.

Among other things, Neutrino can:

• Make screenshots
• Search processes by name
• Search files by name on any infected host and send them back to the C&C Server
• Download and execute files sent from the C&C Server, either to spread the infection, or to cause damage to the system
• Change register branches

To steal credit card information, it searches the memory pages and collects information for the strings “Track1” and “Track2” which contain the information normally held by the magnetic stripe on the credit cards run through the system.

Once it has this data, it’s a simple matter to send it back to the C&C Server at whatever interval the hacker has specified.

According to researchers at Kaspersky Labs, for the moment, the largest concentration of infections is in Russia and Kazakhstan, but that could change in the blink of an eye.

At present, companies that sell antivirus software are working to update their databases to detect this latest threat, but of course, that’s an uphill battle. The hackers will merely create a new, undetectable variant, and the cycle will continue. For now, just be advised that there’s yet another threat to worry about, and stay on your guard.

Used with permission from Article Aggregator

Linux Gets Its Own Wannacry-like Variant

If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.

It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.

Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:

There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.

When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.

The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.

As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.

The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.

While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.

Used with permission from Article Aggregator

Some Intel Processors Could Crash Systems With Hyperthreading Enabled

If you’re using a machine with a Skylake or Kaby Lake Intel processor, you should know that under certain conditions, it may be prone to crashing if hyperthreading is enabled.

The problem was never formally announced, mostly because what bug reports were released on the topic were spotty and inconsistent. So far, at least, no one seems to be able to pin down what the precise conditions are that cause the crash, resulting in a small subset of bug reports that are highly inconsistent and paint an unclear picture of exactly what the root of the problem is.

In any case, there are three things to note.

Linux users are in luck. Microcode updates are available that address the issue on those machines.

Windows 10 users are out of luck, at least so far. The latest Wintel Microcode updates don’t seem to include the fix, and there’s been no mention, at least to this point, of when that might change.

That brings us to the third major point. For the time being, if you’re using a Wintel machine with either of the processors mentioned above, the best way to ensure you don’t have to worry about the crash problem is to disable hyperthreading.

On the other hand, the crash bug has only happened in a few, widely scattered cases, as evidenced by the spotty and inconsistent bug reports surrounding the issue.

Because of this, many, if not most users will likely opt to simply do nothing and take their chances. In any case, being forewarned is bring forearmed. Even though the crash bug is quite rare, it’s better to know about it and know the decisive fix (at least until a more permanent, Microcode fix is release), so you can make an informed decision as opposed to being caught unaware.

Used with permission from Article Aggregator

Why Do Ransomware Attacks Continue To Rise?

The total number of ransomware attacks has seen a massive spike, with nearly 50 percent more attacks against PCs occurring this year than last year. In the same time period, ransomware attacks against mobile devices fell marginally from 137,000 by this point last year to 130,000 this year. However, those numbers are tiny compared to the number of PC-targeted attacks and do little to stem the rising tide.

While there are a number of factors driving the surge, the biggest of these is also one of the simplest: profit. Ransomware is increasingly easy to make, difficult to detect and even more difficult to defend against.

A significant percentage of those infected don’t have good, recent backups in place, and have little choice but to pay the piper and hope the hackers will play fair and restore their files. Even a modestly successful ransomware attack can net the hacker launching it thousands of dollars, and there’s very little in the way of risk or downside.

In addition, hackers are beginning to unite. They’re forming large organizations with tremendous bench strength and a wide range of skills that enable them to constantly improve their software, making attacks even more effective. This is a recipe for disaster guarantees that the number of such attacks will only continue to climb.

A single hacker would find it virtually impossible to launch a globe-spanning attack like the recent Wannacry, or the even more recent Petya attacks. This type of attack takes a robust organization, planning and coordination to pull off successfully, and is a sign of things to come.

Not to say that individual rogue hackers won’t continue to be a presence online, but more and more, attacks are being orchestrated by increasingly well-heeled organizations, and that could spell big problems as time goes by. It also virtually guarantees that next year will see even more attacks of all types (including ransomware attacks) than this year.

Used with permission from Article Aggregator

Social Media Data Helping To Predict Violent Threats

A new study conducted by Cardiff University provides some insights about the power of social media that are both surprising and completely expected in the same moment.

The study focused on Twitter and using tweets to help identify dangerous situations, with the goal being to learn if social media trends could be used to identify potentially dangerous developing situations faster than police reports, which have been the longstanding standard.

It turns out that the answer is a resounding yes.

The researchers combined a dataset of 1.6 million tweets from the London riots in 2011 with a machine learning algorithm which automatically scans Twitter for potential threats. The three primary variables taken into account were street name, time of tweet and key words, which vary from one situation to the next, depending on what someone is looking for.

The results from the Cardiff research were confirmation that data drawn from Twitter can predict violent threats up to an hour faster than conventional methods that rely on police reports and official data sources.

The fact that social media is so much faster is a bit surprising. On the other hand, there are some companies in business today selling their ability to do that very thing, which is what makes the results less of a surprise and more of a confirmation. After all, if these companies weren’t successful at making predictions using something close to real time social media data mining, then they wouldn’t still be in business.

The lesson to be learned here is simple. We’re getting increasingly adept at handling very large datasets, and that data can be mined in real time (or close to real time) to produce actionable intelligence.

The same algorithm that can be used to predict violent outbursts in a large city can be tweaked for use by businesses to provide a variety of intelligence. If it’s not something you’ve considered before, now is the time to factor it into your thinking.

Used with permission from Article Aggregator

Serving Orange County, Los Angeles County, San Diego County

and the Inland Empire

 

Orange County (Corp. HQ & Training Center)

3555 Harbor Gateway South, Suite B,

Costa Mesa, CA 92626

714-881-8000

 

Inland Empire

8333 East Foothill Blvd.

Rancho Cucamonga, CA 91730

909-460-8700

 

San Diego

8880 Rio San Diego Dr. Suite 800

San Diego, CA 92108

619-880-2200

 

Partners