Questions? Feedback? powered by Olark live chat software

Security

Well-Known Travel Site Sabre Gets Hacked

If you used the travel site Saber for booking hotels between August of 2016 and March of 2017, be advised that your data was likely stolen by hackers, including your credit card number, your name as it appears on the card and the card’s expiration date.

Saber is one of the web’s leading travel and booking companies, but like many others, they don’t use their own, proprietary software to actually handle the bookings. Instead, they rely on SynXis Central Reservations system, which is a popular “software as a service.”

The reason that’s relevant is that if hackers have found a way into SynXis, then it’s not just Saber that’s at risk. Any of the web’s other major booking sites could be next, or they could already be infected and it’s just gone unnoticed, as it did in Saber’s case.

In any event, if you’ve used Saber during the timeframe mentioned above, you’ll want to contact your credit card company and report it as being compromised so they can stop any activity on it and issue you a replacement.

You’ll also want to scan all the purchases on your statement during the period to look for any suspicious activity, as you may be paying for goods or services you didn’t authorize.

This latest breach underscores the fact that it’s not just your own actions that can get you into trouble. Any site you use could potentially be a problem for you, especially if the site in question stores your data for any length of time. Note, however, that even if this isn’t the case, a hacker could conduct a man in the middle attack and still intercept sensitive information about you.

So far, 2017 has seen more hacks to this point than any year in the history of the internet, and all indications are that next year will break this year’s record. Be careful out there.

Used with permission from Article Aggregator

Ransomware Discovered On Some Google Play Store Apps

Researchers from McAfee’s mobile division have discovered a strain of ransomware called “LeakerLocker” on two apps that slipped through Google’s various checks and made their way onto the Google Play Store.

The apps in question were “Booster and Cleaner Pro,” which was billed as an app designed to boost memory on your smartphone, and “Wallpapers Blur HD” which is a wallpaper management app. When Google was informed of the issue, they promptly removed both apps, but there are a few points of interest here.

Firstly, both apps were part of a rewards program, which actually pays users a small sum to install them on their devices. This methodology is becoming increasingly common and has been used in the past to get users to install harmful apps on their devices.

Secondly, the researchers who found the app say that it’s not a scam. What this means is that it doesn’t rely on underhanded tactics in order to install itself, but rather, it relies exclusively on permissions freely granted by the user.

Before Google pulled the plug on these two, the cleaner app was installed between 5k and 10k times, and the wallpaper app was installed between 1k and 5k times. If either of those names sound familiar to you, and you’ve installed, but not yet run the apps, delete them immediately to avoid any potential troubles. If you don’t, you’ll soon find that you can’t get into your phone.

Note that this strain of ransomware doesn’t encrypt your files, but locks your screen and thus makes all your files inaccessible. At that point, your only options are to pay the fee or restore from your most recent backup, neither of which are great options.

While Google has a generally good reputation and a proven ability to stop malicious apps before they ever make it to the play store, as this latest incident underscores, the company isn’t perfect. You can’t ever afford to completely let down your guard.

Used with permission from Article Aggregator

Disconnect Wi-Fi Autoconnect Bug Could Allow Access To Your Smart Phone

A new bug has been discovered that impacts both Android and iOS devices. If you use a smartphone that contains Broadcom Wi-Fi chips, and you probably do, the newly discovered exploit allows an attacker to execute malicious code on your device remotely with no input or action required by you.

The bug was discovered by the security firm Artenstein and reported to Google, but at this point, neither company has released any significant details about the issue. However, Google did release a security patch for it as of July 5.

Other security researchers have reverse-engineered Google’s patch to gain some insight as to exactly how the flaw works, and how it could be used.

It’s being called “Broadpwn,” and appears to be a stack overflow issue in Broadcom Wi-Fi chips. Exploitation can occur when the user’s device receives a WME (Quality of Service) element of malformed length from a network it’s connected to.

All you’d have to do to fall victim to this is walk into range of the attacker’s Wi-Fi network.

Given this, your best defense is to only connect to trusted networks and turn the autoconnect feature off of your phone, lest you risk giving a hacker unfettered control over your device.

Although it’s been patched, at least on the Android side, not everyone sets their devices up to automatically receive security updates. If yours is not set to do so, then take a few minutes to download this one.

This bug also underscores the importance of a growing problem. With Wi-Fi networks being so numerous and readily available these days, many, if not most people casually connect to any network in range without thinking or worrying about the potential downside. If you’re serious about data security, that practice needs to stop.

Used with permission from Article Aggregator

New Trojan Attacks Point-Of-Sale Systems Seeking Card Info

There’s a new piece of malware to worry about called “Neutrino,” and it represents an especially troubling development. It’s a fork of an older, well-developed banking Trojan called “Zeus,” and its designers have gone to great lengths to make sure that it remains undetected for as long as possible so it has more time to do its work. Unlike its parent, this one is designed to infect Point-Of-Sale (POS) systems where it harvests credit card data to send back to its controller.

One of the main things that makes Neutrino so difficult to spot is that once it infects a target system, it goes into an extended hibernation, so as to throw antivirus software and other security scans off its scent. After its specified hibernation period ends, it wakes up and contacts its Command and Control server, run by the software’s controller.

Among other things, Neutrino can:

• Make screenshots
• Search processes by name
• Search files by name on any infected host and send them back to the C&C Server
• Download and execute files sent from the C&C Server, either to spread the infection, or to cause damage to the system
• Change register branches

To steal credit card information, it searches the memory pages and collects information for the strings “Track1” and “Track2” which contain the information normally held by the magnetic stripe on the credit cards run through the system.

Once it has this data, it’s a simple matter to send it back to the C&C Server at whatever interval the hacker has specified.

According to researchers at Kaspersky Labs, for the moment, the largest concentration of infections is in Russia and Kazakhstan, but that could change in the blink of an eye.

At present, companies that sell antivirus software are working to update their databases to detect this latest threat, but of course, that’s an uphill battle. The hackers will merely create a new, undetectable variant, and the cycle will continue. For now, just be advised that there’s yet another threat to worry about, and stay on your guard.

Used with permission from Article Aggregator

Linux Gets Its Own Wannacry-like Variant

If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.

It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.

Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:

There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.

When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.

The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.

As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.

The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.

While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.

Used with permission from Article Aggregator

Why Do Ransomware Attacks Continue To Rise?

The total number of ransomware attacks has seen a massive spike, with nearly 50 percent more attacks against PCs occurring this year than last year. In the same time period, ransomware attacks against mobile devices fell marginally from 137,000 by this point last year to 130,000 this year. However, those numbers are tiny compared to the number of PC-targeted attacks and do little to stem the rising tide.

While there are a number of factors driving the surge, the biggest of these is also one of the simplest: profit. Ransomware is increasingly easy to make, difficult to detect and even more difficult to defend against.

A significant percentage of those infected don’t have good, recent backups in place, and have little choice but to pay the piper and hope the hackers will play fair and restore their files. Even a modestly successful ransomware attack can net the hacker launching it thousands of dollars, and there’s very little in the way of risk or downside.

In addition, hackers are beginning to unite. They’re forming large organizations with tremendous bench strength and a wide range of skills that enable them to constantly improve their software, making attacks even more effective. This is a recipe for disaster guarantees that the number of such attacks will only continue to climb.

A single hacker would find it virtually impossible to launch a globe-spanning attack like the recent Wannacry, or the even more recent Petya attacks. This type of attack takes a robust organization, planning and coordination to pull off successfully, and is a sign of things to come.

Not to say that individual rogue hackers won’t continue to be a presence online, but more and more, attacks are being orchestrated by increasingly well-heeled organizations, and that could spell big problems as time goes by. It also virtually guarantees that next year will see even more attacks of all types (including ransomware attacks) than this year.

Used with permission from Article Aggregator

New Vulnerability Found In Skype That Could Allow Hackers Access

If you’re one of the millions of Skype users around the world, check to see what version you’re using. If you haven’t upgraded to the latest build, you’re at risk.

Recently, a new vulnerability came to light that allows hackers to take advantage of a security flaw in the software’s clipboard function that could spell big trouble for you.

The vulnerability works like this:

Hackers create a poisoned image file, and then copy/pastes it from the computer’s clipboard into a Skype message window.

Once the image has been loaded onto the clipboard on both the hacker’s machine and the recipient’s, Skype experiences a stack overflow error which causes the application to crash. When that happens, it opens the door, enabling the hacker to execute additional, more damaging or compromising exploits that could lead to a complete loss of control of your system.

The worst part of all is that no user interaction is required for the hacker to create the conditions by which the additional attacks can be made against the target computer.
Microsoft, which bought Skype in 2011, rated this as a high-security risk vulnerability, with a 7.2 CVSS score. It affects versions 7.2, 7.35, and 7.36 of the messaging software on Windows XP, Windows 7 and Windows 8.

Fortunately, the company patched the vulnerability in Skype v7.37, so if it’s been a while since you’ve upgraded, now is the time.

This is an especially problematic vulnerability because of the sheer popularity of Skype as a messaging platform. Not only is it used by millions of people around the world, but it’s becoming an increasingly popular communications tool in the enterprise setting.

As ever, vigilance is the order of the day, and one of the keys to remaining vigilant is to make sure all the software on your various devices is up to date and fully patched.

Used with permission from Article Aggregator

New Survey Shows Alarming Trends In Cybersecurity For Businesses

A new survey released by Guidance Software reveals some disturbing trends about the state of cyber security. The survey asked 330 IT and digital security professionals questions about cyber-attacks and their impact on the organizations they serve.

The biggest news was in how many organizations reported that they’d been the victims of a malware attack so far this year, with fully 65 percent reporting in the affirmative. That’s up from 56 percent this same time last year.

Worse, nearly a quarter (23 percent) of respondents indicated that they’d been the victim of a ransomware attack, with nine percent admitting to having paid the ransom to get their files restored. This is significant, because in last year’s survey, none of the respondents indicated having paid a ransom. What’s worse is that nearly half (48 percent) indicated certainty that they’d be hit by a ransomware attack sometime in 2017.

In terms of losses, a quarter of those surveyed indicated that their firms had suffered financially as a direct result of successful attacks over the past year. Of those, 20 percent indicated losses in excess of a million dollars.

Also of interest were the things IT professionals listed as their biggest challenges, with 35 percent citing proper risk assessment, 34 percent citing policy enforcement and 31 percent citing managing the complexity of digital security in general.

To anyone in IT, all three of these challenges will ring familiar. They are persistent hobgoblins that have plagued the industry for years, and unfortunately, that doesn’t show any sign of changing soon.

The silver lining for you as a business owner is knowing that these are the most often cited challenges faced by IT staff. You can assess your own department and begin making the changes necessary to help reduce the impact of all three.

Budgetary constraints may prevent you from solving them outright, but armed with these survey results, you can certainly begin making steady, incremental improvements. Your IT staff will love you for it.

Used with permission from Article Aggregator

Internet Crime Has Become A Billion Dollar Industry

Anyone who works in IT or has any interest in data security at all can tell you that the number of hacking attacks is on the rise. Worse than that, though, is the fact that the hackers themselves are getting increasingly organized, and that organization is allowing them to share code and develop entirely new attack vectors at an alarming pace.

Business owners know the cost of successful data breaches as well, but generally only as it relates to them and their companies, which begs the following question: just how big a problem is internet crime, anyway?

It turns out that the FBI has the answer to that question, and it’s a dismaying one.

Internet crime, as of last year, officially became a billion-dollar business. It is a $1.3 billion business, to be precise.

That number is based on 298,728 complaints registered last year, but cyber-crime is far too broad a category to be meaningful. Fortunately, the FBI statistics do a good job of breaking it down further, and the top three types of cyber-crime reported in 2016 were as follows:

• Business e-mail compromise
• Confidence fraud
• Non-payment, non-delivery scams

The news gets worse, because the Justice Department estimates that only about 15 percent of cyber-crimes actually get reported to the authorities. For example, many companies that have been impacted by ransomware pay the ransom and never report the incident to the authorities.

It should also be noted that internet-enabled crime doesn’t occur exclusively online. The internet is just one component of the crime, and it plays an important role in its execution, either by providing a foot in the door or gathering intelligence that makes the crime possible.

The United States leads the world in the number of cyber-crimes reported, but the phenomenon is a global one. The other four of the top five nations where it is most prevalent are Canada, India, the UK and Australia.

The lesson here is simple. No matter where in the world you are, no one is safe, and if your IT staff is not prepared to fend off a determined attack, you could very well be next.

Used with permission from Article Aggregator

A Third Of Former Employees Take Company Information With Them

How safe is your company’s data? According to a new survey released by tech giant Dell, it is not very safe. The statistics revealed by the survey are dismaying. Be sure you want to know before reading any further, because once you do, it may well change the way you view your own employees.

The survey’s key finding was that fully 35 percent of employees report that it’s common to take proprietary company information on leaving their firm.

As bad as that is, the rest of the statistics in Dell’s survey were even worse, with 36 percent of employees regularly opening emails from unknown, untrusted sources, which make them extremely susceptible to phishing attacks.

Forty-five percent of employees admit to engaging in behaviors they know to be unsafe from a cybersecurity standpoint, including using personal email accounts for work, misplacing company-issued devices and connecting to public WiFi to access confidential or proprietary information.

In addition, 72 percent of employees reported being willing to share proprietary, sensitive or confidential information under certain circumstances.

All of this paints a stark picture of a problem with no easy solution.

It’s easy, for example, to say that better employee education is the answer, except that while the exact scope and scale of the problem may not have been known before, it’s certainly no secret that phishing attacks aimed at rank and file employees have been a longstanding problem. To this point, few companies have bothered to attempt to better educate their employees.

Worse, the few that have haven’t seen much of an improvement.

In a similar vein, it would be easy to make the blanket statement that having a robust data policy in place would go a long way toward alleviating the problem. However, talking about it and actually developing and implementing such a policy has, at least to this point, proven to be a daunting undertaking.

The old adage is true: your employees are simultaneously your greatest asset, and your company’s biggest threat.

Used with permission from Article Aggregator

Watch Out For Latest Hacker Phishing Attempt On Facebook

If there’s one thing that’s true about the world’s hackers, it is that they are tireless and relentless when it comes to finding new and increasingly inventive ways to infiltrate a user’s system, collect data, and cause mayhem in general.

The latest trend to be on the lookout for is phishing attacks aimed at mobile users employing fake URLs that include an inordinate number of dashes. Here’s an example: hxxp://m.facebook.com----------------validate----step1.rickytaylk[dot]com/sign_in.html

At first glance, and especially when these URLs are viewed from a PC, one might wonder how anyone could assume these are legitimate web addresses, but the hackers are actually being quite cunning here.

The ruse is obvious when viewed from a PC web browser, but mobile devices have extremely narrow windows, and can’t display nearly as much information. That’s what the dashes are for. They ensure that the mobile user will see the first part of the URL, which appears legitimate, while the dashes obscure the rest of it, which would be a dead giveaway.

It’s true that at least some of the dashes are visible, and to an attentive user, this will throw up an immediate red flag. It’s also true that it’s possible for mobile users to view the entire URL and check it manually, but in practice, almost no one does this, which is why this new attack vector has been so devastatingly effective against mobile users, who are the intended target.

So far, this type of attack has been directed primarily at Facebook, but any URL can be spoofed in this manner, and once the hacker has his victim on the dummy website, all manner of malware can be thrown at the device in question to infect it.

In a world already awash in threats to be on the lookout for, this gives you yet another reason to be concerned.

Used with permission from Article Aggregator

Unsecured Voter Database May Have Leaked 198 Million US Records

Since the 2016 election, there have been lots of hard questions asked about the sanctity of US elections, with mounting conjectural evidence that there was an active attempt by nation-state actors to influence the outcome of the most recent US Presidential election.

Because of that, the security of US citizen voter data has been at the forefront of everyone’s minds. Unfortunately, it seems that there was cause to be concerned.

On June 12, a security researcher named Chris Vickery, who works for UpGuard, discovered an exposed database containing more than 198 million voter records, amounting to some 60 percent of the total US population.

The database was entirely unsecured, and anyone could have stumbled onto it and downloaded it in its entirety.

The database was the responsibility of a company called Deep Roots Analytics, which was the company hired by the Republican National Convention to help them better target campaign advertisements.

Of particular interest were the open access files for Florida and Ohio, two of the most crucial battleground states. Also available to anyone who found the database was a 256GB folder containing detailed voter breakdowns for the 2008 Presidential election, and a 233 GB folder for the 2012 Presidential election, with each of these containing 51 sub-folders, providing a state by state breakdown including the District of Columbia.

Another folder called “Post-Elect 2016” contained information on voters’ views about whether they voted for former President Obama and President Trump’s “America First” foreign policy thrust.

Deep Roots Analytics made the following terse statement in response: “We take full responsibility for this situation.”

Since being informed of the unprotected database, it has been password protected, and the company is assisting with an ongoing investigation. However, the damage has been done, and there’s no telling how many people were able to download the information the database contained, which includes voter names, addresses, party affiliation, voter registration data, ethnicity and more.

If you voted in the 2008, 2012, or 2016 election, odds are good that your information was captured.

Used with permission from Article Aggregator