Vulnerabilities And Hacking Tools Heading To The World Market

It may end up looking like eBay for shadow brokers. According to a BBC article, “Security researchers are considering buying undetected software security vulnerabilities from a notorious group of hackers.” But it might not stop there. Other groups may decide to purchase the code and security holes which could end up in a bidding war for the valuable data.

By now, most people know that operating systems such as Windows 10, and Apple’s iOS have security flaw that are often patched (or fixed) by the software companies. These flaws can give cyber criminals backdoor access to computers across the globe like we saw with the Wannacry outbreak.

In June, The Shadow Brokers group wants to sell a group of unknown flaws for around $22,000.
Once the announcement was made, a group of security researchers set up a crowd-funding campaign to buy the exploits before they could be used as a threat.

According to the BBC article, Matthew Hickey from the cyber-security firm Hacker House said “There’s a 50-50 split on whether it is a good idea and whether it would encourage Shadow Brokers to continue their activities.”

The article also quoted security researcher Kevin Beaumont as tweeting: “Individuals and corps funding criminals is insane.”
“Here’s an idea – [the NSA] should inform all vendors of bugs now since they’re being traded on black market.”

Please follow and like us:

BREAKING! New vulnerability may lead to another WannaCry

According to the U.S. Department of Homeland Security,  a newly discovered yet old vulnerability, can be used to take control of an infected computer. They are urging users and administrators to apply a patch immediately to prevent the a similar outbreak like WannaCry  which infected more than 300,000 computers worldwide.

According to a Reuters article, Rebekah Brown of Rapid7, a cybersecurity firm, said there were currently no signs of attackers exploiting the vulnerability in the twelve hours since it was discovered and announced.
However, she also stated that it had taken researchers only fifteen minutes to develop malware that made use of the vulnerability. “This one seems to be very, very easy to exploit,” she said.
Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, which is “… an Open Source/Free Software suite that provides seamless file and print services…” Samba runs on Linux variations as well as some environments with Windows and Mac OS.

Most of the computers found are running older versions of the software and cannot be patched, according to Brown.

Please follow and like us:

Hackers Can Completely Take Over Popular Media Devices

Hackers Can Completely Take Over Popular Media Devices

Researchers have revealed a vulnerability that can allow hackers to take complete control over a media device running VLC, Kodi, Popcorn Time and Stremio.

Using the subtitles feature, Check point researchers were able to uncover the threat that uses malicious subtitle files for movies and TV shows, which are downloaded by unsuspecting users.

“The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers,” Omri Herscovici, Check Point.

Check Point believes that similar vulnerabilities exist in other streaming media players, besides the ones listed as well.

All four known companies have released updates and patches to address the issue. People who use these devices are urged to update immediately.

Here is a video of how the attack works.

 

Please follow and like us:

Small Businesses Are Suffering Most After Ransomware Infection

Small Businesses Are Suffering Most After Ransomware Infection

The largest outbreak of ransomware in history is currently underway and more is on the horizon. We’ve seen the news about giant healthcare entities like NHS as well as companies like FedEx and Nissan. But you may not have heard about the thousands of small businesses who have been hit and had to pay the ransom, like this small pizza restaurant.

Once a small business is infected with ransomware, it typically has two choices: pay the ransom or lose critical data that it needs to stay in business.

Six out of ten small businesses hit by cyberattacks such as ransomware go out of business within six months, according to the US Securities and Exchange Commission.

“For a small business, these costs of remediation are simply too high, and the possibility of continuing operations disappears,” said Brian Berger, the executive vice president of commercial cyber security at Cytellix.

So how do you prevent these threats? Honestly it’s the same thing that IT professionals have been preaching for years.

  • Offsite Backup
  • Updated Antivirus
  • Update the Operating System

These are things that even the smallest businesses around can do, but sadly most wont.

Please follow and like us:

Zomato Hacked! 17 Million Users Data Stolen

Zomato Hacked!
17 Million Users Data Stolen

According to a BBC article, the popular online restaurant and nightlife guide, with over 120 million users, had information stolen including its users email addresses and passwords.

Zomato allows users to search for and review restaurants, cafés and bars much like it’s chief competitor Yelp.

Zomato has reset the passwords and logged out those that were impacted by the hack.

“The hashed password cannot be converted/decrypted back to plain text – so the sanctity of your password is intact in case you use the same password for other services,” the company said in its security notice to users.
“But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password.”

study by Trusteer, an online security firm, states that 73% of people online use the same password for online banking as we do for other online logins. Out of those 73%, many use the same password for all online accounts. What’s more shocking, 47% of us use both the same email address AND password.

World Password Day just occurred on May the 4th urging online users worldwide to change and secure their passwords.

Zomato was quoted in the original article as saying “no payment information or credit card data has been stolen/leaked.”

Zomato stated that “an internal (human) security breach” is what led to the theft of the data.

Zomato is based in India and is used in over 10,000 cities worldwide, including including Amarillo and the Texas Panhandle.

Please follow and like us:

When You Believe Your PC Isn’t Worth The Repair Cost.

Something goes wrong and you know your PC needs to go into the shop. Maybe it’s a virus which can cost anywhere from $100 to $300 to repair or the hard drive failed which can also be about a $300 repair bill.

Should you get it repaired or just buy a new PC for $300?

The answer isn’t a simple yes or no as it depends on several factors.

The number one thing people forget about when it comes to PC repair is their data. Most people view their PC like they would their blue-ray player – if it breaks, just buy a new one. The problem is that computer users are creating data at a greater rate than ever before. It is estimated that by 2020, there will be 5,200 GB of data for every person on the earth which is 57 times the amount of all of the grains of sand on all the beaches on earth.

That’s a lot of data! So what are we saving on our hard drives?
For the most part, it’s photos and videos – our memories. We also create and save documents and spreadsheets using the popular Microsoft Office Suite, for example. Other programs and apps  such as Quicken, for example, create data that helps to manage our finances and budgets.
All of this data has to be considered when deciding to buy a new PC. So buying a new $300 computer can still actually cost more than a $300 repair bill because in many cases, a computer repair store charges to move and organize the data from the old PC to the new one.

Sometimes it’s just time for a new PC. The average lifespan of a PC is three to five years. So if your five year old PC is in the shop for repairs it may just be time to replace it.

The best thing to do when you have computer problems is to take it to a reputable and trusted computer repair business and let them help you make the right decision.

Ahem….By the way we are the most awarded and trusted computer service company in the Texas panhandle.

Please follow and like us:

Everyone’s Talking About Ransomware But Is Anyone Really Explaining It?

It’s all over the place, you most likely received a news alert on your smartphone. Unless you’ve been on a deserted island somewhere, you’ve seen the word ransomware and WannaCry by now and you know that it has wreaked havoc in the UK and many countries around the world. But what is ransomware, are you at risk and what can be done about it?

Ransomware is software that gets installed on a PC or a Mac when the person using it is tricked into clicking on a link. The link can come from an email or from an internet search or even a malicious ad. As soon as the link is clicked the software starts installing in the background.
Once installed, the software encrypts all of the files and demands money in order to release those files. Basically, it’s cyber kidnapping of people’s data.

Q: Does it only impact businesses?
A: No, many forms of ransomware have been installed on individuals computers locking them out from everything on their computers from photographs, downloaded music and resumes to financial software and bank statements.

Q: So what is encryption?
A: Encryption, in this case, scrambles the data and locks the user out of their own files. The data becomes so scrambled and unreadable that even firms that specialize in data recovery cannot unscramble it. The only person or firm that can unscramble or decrypt the information is the person who encrypted it in the first place.

Q: Is there a way to fix it without paying the ransom?
A: Maybe. There are several new tools being developed to remove ransomware software and decrypt the files. The very best protection, however, is to have an online backup service so that the files can be put back, or restored, to the way they were before the ransomware.

Q: Can I stop ransomware before it happens.
A: Yes but most people currently aren’t taking the necessary steps to prevent ransomware.
Backup remotely every day
Be extra suspicious of links being sent via email even from people you know.
Ensure that you are using the latest operating system from both Microsoft and Apple and that you are updating them.

“It’s only going to get worse and worse and worse,” said Michael Gazeley, managing director of cybersecurity firm Network Box. “And it’s absurd because companies (people) have had years to prepare for this.”

Please follow and like us:

Kaspersky Antivirus Under Investigation

According to an ABC News investigation, a popular Russian antivirus software maker, Kaspersky Lab, is under investigation by the FBI and Homeland Security.

The popular software developer, which is intended to protect against digital threats like computer viruses and malware, is based in Moscow and in use in homes as well as businesses. It is also widely used in government agencies in the US like the Bureau of Prisons. Kaspersky Lab’s products are also sold at popular retail stores like Best Buy, Target, Office Max and Office Depot as well as being sold by local computer service companies right here in Amarillo, TX.

According to the ABC News article, “… in a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company’s powerful market position.”

“’This [is an] important national security issue,’ declared the bipartisan memorandum, described to ABC News by congressional sources.”

According to ABC News sources, in February, the Department of Homeland Security issued a secret report, and the FBI began investigating the relationship between Kaspersky Lab’s and Russian government.

With the tensions between America and Russia on the rise, several government agencies are issuing warnings about Russia’s intentions if tensions continue to rise. “’[Russia] seek(s) to exploit grid vulnerabilities to serve strategic objectives in wartime and are growing capabilities to strike at U.S. critical infrastructure,’ warned a report published by the Energy Department last year.”

“’The potential for lethality is astronomical,’ Carpenter said.”

Kaspersky Lab has stated that it has no “inappropriate” links with the Russian government, and even issued a statement addressing the investigation: “Kaspersky Lab does not develop any offensive techniques and has never helped nor will help any government in the world with their offensive efforts in cyberspace.”

If any of our clients want to proactively remove Kaspersky software from their PC or Mac , catmandu will uninstall and remove any traces of the software free of charge.
We recommend Bitdefender Cybersecurity for protection against internet threats such as Viruses, Malware and other threats. Bitdefender provides exceptional protection for a single device, a smart home, your small business, hybrid infrastructure or Enterprise datacenter, it is the product that delivers the best security, unparalleled performance and incredible ease of use.

We are also currently offering our virus cleanup service for only $100 (plus sales tax) for systems that are already infected. If you believe your PC or Mac may be infected call us at 350-TECH (8324) today!

Please follow and like us:

World Password Day

May the 4th has been coined World Password Day to create awareness among workers and home users everywhere to establish safe, secure and updated passwords. If you are using a common password, the same password for all your devices, or a password that is more than 2 years old then let us encourage you to participate in #passwordday and up your cyber security game.

Tips for creating a strong password-
Your passwords should be lengthy, because that is what makes them stronger. At least 8 characters long and difficult for someone to guess. Don’t use personal information like your children names or your birthday because that information is public knowledge and can probably be found out via social media or some other form of internet records. Use a mix of uppercase and lowercase letters, numbers and symbols. This may seem daunting but there is nothing more daunting then having all your personal data stolen.

Make sure you use different passwords for each account-
If you recycle and reuse a password for each of your different accounts online such as your banking, email, Facebook, & other bills then you are making it too easy for a hacker to have access to everything. It would be like if you only had one key that accessed your car, your house, & your safety deposit box. If you lost that key and someone found it then nothing in your life would be safe. Hackers know people like to keep the same password for each account and they will use this against you. If the task of creating a new password for each account seems too hard then keep reading.

Get a password manager-
A password manager stores all of your passwords, remembers them & can generate new strong passwords for you all very securely. This way you can have the longest, strongest passwords (each different) for your accounts and you only need one password to access those. These apps have secured your passwords by only allowing you access on one registered device, by using fingerprint technology or by facial recognition. Click here for a great list of possible password managers to download- http://www.pcmag.com/article2/0,2817,2407168,00.asp

If you have any other questions about creating or updating your password call us at 806-350-TECH. Happy World Password Day!

Please follow and like us: