Questions? Feedback? powered by Olark live chat software
Security
Team CRTG
Yet Another Mac Malware Infection Identified
Yet Another Mac Malware Infection Identified
Security
Team CRTG
WannaCry Ransomware Runs Rampant - New Variants ...
WannaCry Ransomware Runs Rampant - New Variants Found
Security, Ask IT
Team CRTG
New Bill May Help Small Businesses With ...
New Bill May Help Small Businesses With Cybersecurity Guidance
Security
Team CRTG
Health Care Employees Have Big Problems With ...
Health Care Employees Have Big Problems With Data Security
Security
Team CRTG
Hacker Releases Source Code Online, Banking May ...
Hacker Releases Source Code Online, Banking May Come Under Attack
,

Are Hackers Testing The Waters For A Power Grid Attack?

,

Ever since the discovery of the dreaded Stuxnet worm in the wild, security experts have been concerned that a devastating cyberattack could be launched against critical infrastructure, causing signal lights to go haywire, emergency service phone lines to go down, power grids to go offline and more.

In recent months, we’ve seen what could be construed as “test runs” that foreshadow a much larger, targeted attack, and now, there has been another.

This new attack was made using a custom-built application that experts are calling “Industroyer.”

All indications are that this new strain of malware was created by a skilled developer, and possibly a whole team of them. It’s also likely that it was funded by at least one nation-state actor with an eye toward launching a full-scale cyber war that could easily cripple any industrialized nation.

The latest attack was launched against power stations in the Ukraine, and succeeded in causing widespread blackouts.

The Ukraine has suffered similar attacks over the last two years, presumably launched by Russia.

No one has claimed responsibility for the latest attack. It would be premature to automatically attribute it to Russia, but given that nation’s history with the Ukraine, there’s significant circumstantial evidence that points in that direction.

Unfortunately, attacks like this are virtually impossible to prevent. Globally, the control boards that keep power grids worldwide running have no protection at all, and once hacked, the malware’s owner gains full control over them. They could shut them down, cause them to malfunction in ways that could lead to massive explosions and cause untold chaos and trillions of dollars in damage, depending on the severity and scale of the attack.

Worst of all, there’s no defense against such an attack, and the fear is that the successful attack against Ukraine may be just the tip of the iceberg.

It would take years and hundreds of billions of dollars to upgrade the world’s power grid to protect against a catastrophic failure, and any such move would no doubt create new security loopholes.

Welcome to the future.

Used with permission from Article Aggregator

,

Apple Is Having A Big Problem With Fake In-App Purchases

,

It’s been long-held conventional wisdom that the safest place you can purchase apps is either the Google Play Store if you have an Android device, or the Apple Store if you’ve got a device built around iOS.

That’s still true for the most part, but in recent months, Apple has been running into a problem that Google has a lot of familiarity with.

Not long ago, Apple introduced a new system called “App Store Search Ads” which allows developers to display ads in order to increase the visibility of their products.
If you’ve ever used Google’s search engine, then you’ve probably seen something similar in action, because you’ll note that the first couple of entries displayed on any search results page are ads.

Developers can use simple SEO tricks to get a higher ranking based on the keywords a user enters into the search box.

The problem is that Apple doesn’t have the same level of experience that Google does when it comes to dealing with developers who try to game the system.

Google itself suffered from similar problems with their search engine results prior to their famous (or infamous, depending on your point of view) “Panda” update, which went a long way toward curbing the worst abuses in the system.
Unfortunately, Apple isn’t quite there yet. Their new service just isn’t as robust, and unsavory developers are taking advantage. In fact, a researcher named Johnny Lin analyzed the Apple Store’s trending apps and discovered that most of the trending and most visible apps are fake or useless. They contain options for in-app purchases for largely useless services which are costing users billions.

In one example, Lin discovered that the app “Mobile Protection: Clean & Security VPN” tricks users into signing up for an antivirus protection plan that costs a hefty $99.99 a week. Based on sales data, that app is generating more than $80,000 a month for its developer, and represents just the tip of the proverbial iceberg, because in many cases, the entire first page of search results is occupied by similar apps.

No doubt, Apple will move quickly to address the issue and set controls that minimize a developer’s ability to game the system. But for now, be sure to use some extra diligence before installing any new app from the Apple Store, and read the fine print before signing up for any in-app purchases.

If you already have, here’s how you can cancel any unwanted subscriptions:

• Open your “Settings” app and go to the iTunes App Store.
• View your Apple ID
• Enter your password, or press against “Touch ID” when the app prompts you to do so
• Tap “Subscriptions” to see your current list of subscriptions, then tap the ones you want to cancel
• Tap confirm

Once your current subscription period ends, you’re off the hook.

Used with permission from Article Aggregator

New Malware Called Fireball Infecting PCs, Macs At Alarming Rate

If you haven’t heard of a company called Rafotech, you’re not alone. But the simple truth is that they control an enormous network of infected computers, numbering more than 250 million devices. That number is increasing rapidly.

Rafotech offers free games, apps and other products to their customers. Unfortunately, when this free software is installed, it will also install a copy of a malware program that security researchers are calling “Fireball.”

On its face, Fireball is a type of adware, and Rafotech is currently using it to generate revenue by injecting ads into users’ web browsers. However, according to security researchers at Check Point, a deeper analysis of the software reveals that it’s much, much more.

In addition to injecting ads into your browsing experience, Fireball also takes total control of all the web browsers installed on your computer. It can reassign your home page, and make it impossible for you to set it back, and worse, the software contains additional hooks that make it possible to install other types of malware at the company’s discretion.

The best way to look at Fireball is to see it as a ticking bomb. While it’s sitting there, displaying the occasional unwanted ad, it’s annoying, but not harmful. But any time the owners wish to, they can use their adware to initiate a much larger, more devastating attack.

Consider, for instance, what would happen if the company decided to push ransomware to all 250 million computers it infects, or if they chose to install keyloggers everywhere. They’re in a position to do significant damage with little more than the touch of a button.

Because of this, you should investigate your web browsers immediately. If you find yourself unable to change the browser’s settings, including changing your home page or default search engine, then odds are that you’ve been infected. You should make removing the unwanted software your top priority.

If you’re struggling to keep pace with all the threats your company is facing, contact us today and speak with one of our knowledgeable team members. We can help you chart a course to better and more robust data security, without further taxing your existing IT staff.

Used with permission from Article Aggregator

Hackers Can Easily Access Some WiMax Routers

If you use a router built on old WiMAX technology, be advised that you’re very likely at risk. The severe security flaws were discovered by the security firm SEC Consult, and take two forms.

Firstly, there’s a flaw in the firmware that leaves the router’s admin panel exposed to the web, opening the door to remote hacking. Secondly, and perhaps even more troubling, is the fact that the researchers discovered a number of admin-level backdoor accounts introduced by various members of the supply chain.

As admin-level accounts, if a hacker logged in using them, the attacker would be given unfettered control over the device, including the ability to change your main admin password and monitor all traffic flowing through the router.

It would also be a trivial task for any hacker who had control of a router to make deeper forays into a company’s network, so this is a fairly serious issue, but in this case, there’s a bit of a silver lining.

The impacted routers are almost all extremely old, manufactured circa 2010. If you have something newer, then odds are excellent that you’re not impacted. However, the security researchers note that the web-availability of a router’s Admin Panel is a common problem, and that right now, there are tens of thousands of routers available online.

If your corporate network is built around older equipment, now is the time to investigate and make sure you’re not exposed. The simplest and easiest solution is to simply upgrade your equipment.

Even if you have newer equipment, given how many routers are exposed to remote hacking, this would be a good time to have your IT staff conduct an audit and confirm that yours is not among the vast number that hackers have easy access to.

If it’s just not something you can spare staff to look into, contact us today and speak with one of our team members. This is the kind of issue that can easily be outsourced, and it will make your company much more secure.

Used with permission from Article Aggregator

Update Issued To Address Microsoft Malware Engine Issue

Microsoft has issued an emergency, out-of-band patch to shore up some critical weaknesses in Window’s Malware Protection Engine.

This is an unseen part of the OS that actively scans and prevents malicious code from ever making its way onto your system in the first place. It operates independently of any antivirus software you might be using.

Unfortunately, as with any software, it’s not perfect. Google’s Project Zero has identified a total of eight critical security issues with the Malware Protection Issue that Microsoft deemed worrisome enough to take the step of issuing a patch outside their normal schedule.

The eight flaws identified broadly fall into two categories. Five of them were shortcomings in the code that would allow a hacker to completely disable by conducting a DDOS (Dedicated Denial of Service) style attack.

This is a rather crude, but devastating attack that amounts to using a battering ram to knock a hole in the digital walls protecting you. Once those walls are down, the hackers can insert whatever code they like.

The other three issues revolve around RCE (Remote Code Execution) flaws, which allow hackers to remotely disable the Malware Protection Engine, then infect your machine with whatever they like.

There’s nothing you need to do to get the latest patch. It will install automatically unless you’ve made a deep dive into the Malware Protection Engine’s settings and intentionally hobbled its ability to update automatically (which is not recommended).

Note that the Malware Protection Engine is an integral part of multiple Windows products, including:

• Windows Defender
• Exchange Server
• Endpoint Protection
• Forefront Endpoint Protection
• Windows Intune Endpoint Protection
• Security Essentials

And many others, so in terms of the level of seriousness, these flaws are about as bad as it could possibly get. In fact, a member of Google’s Project Zero team described the flaws as “crazy bad,” and said it was the worst Windows code flaw in recent memory.

Microsoft’s most recent scheduled patch came out on “Patch Tuesday,” which was June 13.

Used with permission from Article Aggregator

Chrome Discovery Gives More Reason To Cover Your Laptop Camera

An AOL developer named Ran Bar-Zik has unearthed a disturbing flaw in Chrome that may make you rethink using Google’s web browser.

The issue revolves around a website’s ability to activate your camera and audio recorder. Google uses an API which legitimate developers call, that displays a distinctive red dot on the browser tab when the page in question activates your laptop’s camera and recording equipment (like it does when you activate a video call via a Google Hangout page, for example).

The problem is that this API is not required to be used, and an enterprising hacker can use malicious JavaScript to activate your camera without notifying you, and without any visible indication that the camera is on.

From a practical standpoint, that means that any webmaster using the code could spy on you, and you’d be none the wiser. Worse, although Google has been informed of this flaw, they’ve decided that it’s not a critical security issue, so there are no immediate plans to issue a patch to correct it.

As a user, you don’t really have many good options here, except to disable your equipment or cover the camera when you’re not actively using it.

Neither of these are perfect options. If a hacker can remote-activate the camera, then they can also enable it, even if you’ve disabled it electronically or covered your camera lens. These measures also don’t prevent a hacker from listening in on you and everyone in the immediate vicinity of your laptop.

These kinds of dangers are becoming increasingly common. Just last year, Samsung got into hot water over the fact that its Smart TV’s record everything said in their vicinity, and that data is saved on a Samsung server where it could potentially be captured by hackers, and Amazon’s Echo has made the news for similar reasons.

There are no easy answers or fixes here, so users beware.

Used with permission from Article Aggregator

,

Heart Pacemaker Devices Found To Have Major Technology Security Risks

,

Security professionals have been talking for months about the dangers of smart devices, most of which are almost comically (and tragically) lacking in even the most basic security protocols. More recently, the global Wannacry Ransomware attack demonstrated that smart medical devices were vulnerable to attack, with several of them being temporarily shut down by the malware. But exactly how bad is the problem?

Here’s an interesting comparison:

This past week, Google’s Project Zero found a total of eight critical security flaws in Microsoft’s Malware Protection Engine. Microsoft considered this to be such a serious issue that they took the unusual step of issuing a patch outside their normal schedule to address them.

Now, compare that with the number of security flaws found in a line of smart pacemakers by security researchers from WhiteScope, which identified more than 8,600 security flaws, mostly coming from third party libraries.

It should be noted that not all of these flaws are considered critical, and the number spans seven different manufacturers. However, the sheer number underscores the difference in scope and scale, and the point is further driven home by looking at the way smart device manufacturers are responding to the report.

We’ve known since at least 2013 that the vast majority of smart devices being marketed and sold today are highly insecure, and yet, almost none of the equipment manufacturers have done anything about it. This latest report generated a response that was more of the same – almost complete disinterest.

That’s dangerous, because it sets the conditions for what amounts to a perfect storm.
Right now, there are people living all over the world who rely on smart medical devices to keep them alive. The day’s coming when a hacking attack will kill someone.

Granted, even if smart device manufacturers started taking security more seriously, that would still almost certainly happen at some point. Taking no meaningful action at all only hastens the arrival of that day.

Used with permission from Article Aggregator

Chipotle Hit With Malware That Stole Credit Cards

Last month, the fast food chain Chipotle announced that they had been the victim of a large-scale data breach, but initially, the company was unable to provide any specific information regarding the scope and scale of that attack. Now, they have, and it’s worse than anyone could have imagined.

The company reports that the hackers were able to affect customers in 47 states and Washington DC. They did so by orchestrating a well-coordinated attack which saw the insertion of malware onto the company’s POS (Point of Sale) system, which enabled them to make off with vast amounts of data.

In terms of what was taken, the company reports that the stolen information includes everything from the magnetic strip of non-EMV cards, which includes:

• Credit card number
• Card expiration date
• Internal verification code
• And customer name and address information

In other words, it’s about as damaging an attack as can be envisioned.
Chipotle has announced that they have removed all traces of the malware and are working with law enforcement agencies and credit card agencies.

If you’ve eaten at the restaurant anytime in the last twelve months, and didn’t pay with cash, it’s a safe bet that your credit card information was stolen, and you should report the matter to the company that issued your card to get a replacement at once.
While credit card data has fallen out of favor in recent months in preference for protected health information, it’s clear that there’s still a strong demand for the information. If you don’t take action, you put yourself at risk of identity theft.

Unfortunately, hackers seem to be able to modify their attacks faster than digital security consultants can bolster their defenses, so this will definitely not be the last time we get word of such an incident. There’s no such thing as a bullet proof security system, and no matter how robust yours is, a determined hacker can and will eventually breach it.

The best thing you can do, then, is be vigilant, and take immediate corrective action when something happens that impacts you.

Used with permission from Article Aggregator

Serving Orange County, Los Angeles County, San Diego County

and the Inland Empire

 

Orange County (Corp. HQ & Training Center)

3555 Harbor Gateway South, Suite B,

Costa Mesa, CA 92626

714-881-8000

 

Inland Empire

8333 East Foothill Blvd.

Rancho Cucamonga, CA 91730

909-460-8700

 

San Diego

8880 Rio San Diego Dr. Suite 800

San Diego, CA 92108

619-880-2200

 

Partners