Take a look at a recent attempt of a couple of U.K. thieves to steal a Tesla Model S. They’re smart enough to actually gain entrance to the vehicle without the fob but they’re not smart enough to unplug the charger!
The owner of the vehicle does admit to not doing a couple of things that could have actually prevented the bad guys from gaining entrance including setting a PIN and using a Faraday pouch for the fob (while would block fob’s signal).
But it just goes to show that even “sophisticated” criminals who use technology aren’t always the brightest.
World’s Largest Contract Chipmaker Recovering After Ransomware Attack
Taiwan tech firm and Apple chipmaker, TSMC, said it was recovering from a ransomware attack over the weekend. Apparently one machine was online when it shouldn’t have been and this lead to the infection of more than 10,000 of their manufacturing machines in multiple factories. The ransomware was a variant of WannaCry which is a type of ransomware cryptoworm used by bad guys to encrypt computer data and hold it for ransom. TSMC says they are now back in full production again.
Always make sure you have a good antivirus program installed and up to date! Just as important, make sure you have a good, solid back up of any data that’s important to you!
Microsoft Edge Allows for Web Logins without Remembering Passwords
By leveraging Windows Hello hardware, users can now log into websites using things like IR cameras, fingerprint readers, external security keys, and PINs without having to remember your passwords. Microsoft believes that having these additional means of logging in will not only allows users to log into website more easily, they also think this will assist users with security concerns, and that makes sense from the standpoint of things like key loggers (if a user doesn’t type his password into a field then a key logger can’t grab the password). While this may be true, please keep in mind that the bad buys are always on the lookout to crack the latest security ideas. Additionally you should be sure to follow existing best practices when it comes to passwords. This means be sure you have a safe backup of all your passwords, don’t use the same credentials for multiple sites, etc.
To try this you’ll either Windows Insider Preview 17723 or you can wait for Windows 10 version 1809 to be released.
This isn’t the first time that software that is designed to help and protect computers has contained malicious code It is, however, the first time that a popular tool (used many computer repair companies and technicians) has been successfully targeted. And while the software company has given the all clear, it was recently discovered that the newer (not compromised) version is also affected.
It get’s worse, in addition to the Trojan injected into the code, the infection contains a second payload that hasn’t been executed as of yet.
This form of infecting a victim with viruses and malware is being called a “supply chain” attack because it relies on the fact that the person downloading and installing the software trusts the source and the software company.
The truth is, if the end users or the computer techs that they are trusting to remove viruses don’t stay on the cutting edge of technology (and news of this nature), they will end up eventually doing more harm than good due to future attacks like this one.
As cat.man.du enters it’s 15th year helping home PC users and home businesses battle the constant threat from hackers and viruses, we are committed to constantly monitoring the tools and apps that we use to fight malware, spyware and viruses and never become complacent.
The BBB is warning businesses about an email phishing scam. The phishing email claims to be from the BBB with official sounding subjects like “violating the Fair Labor Standards Act” and “Safety and Health Act.” They also will appear to notify the recipient that a complaint has been lodged against their business. Contained within the email is a clickable link that will download malware which will then steal the victim’s passwords and/or hack company data.
The reason these emails are so successful, is that the BBB does send emails to businesses in order to inform or notify.
If you receive an email from the BBB, stop and take the time to read it over. Check for any grammatical errors and if it has a local signature located at the bottom. If there is a question about the legitimacy of the email, call your local BBB.
If you have already received one of the phishing emails and clicked on a link, immediately change passwords and contact cat.man.du.
Willem Westerhof, a Dutch researcher, has found 17 vulnerabilities in the inverters manufactured for use in solar panels. In a test performed near Amsterdam, he found that the vulnerabilities could allow hackers to enter and the hack into the main power grid connected to the solar panels.
In an interview with the BBC, Mr. Westerhof stated that “If an attacker does that on a large scale, that has serious consequences for the power grid stability.”
The BBC also quoted Dave Palmer, director of technology at cyber-security company Darktrace as stating, “Solar producers should seek to isolate the products from the internet ASAP… And [they should] also review their physical access security to reduce the risk of a local attack from someone physically breaking into their facilities.”
The hacking group also stole and uploaded episodes of other popular shows to a site they created to display what they have stolen.
“Hi to all mankind,” was sent out via an email. “The greatest leak of cyber-space era is happening.”
Avoiding sites that contain leaked and pirated movies and television shows is a good idea because it’s likely that along with spoilers and leaked footage, the site and any downloaded files will come bundled with malicious software.
In a statement, HBO said:
“We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms,”
“Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”
According to the U.S. Department of Homeland Security, a newly discovered yet old vulnerability, can be used to take control of an infected computer. They are urging users and administrators to apply a patch immediately to prevent the a similar outbreak like WannaCry which infected more than 300,000 computers worldwide.
According to a Reuters article, Rebekah Brown of Rapid7, a cybersecurity firm, said there were currently no signs of attackers exploiting the vulnerability in the twelve hours since it was discovered and announced.
However, she also stated that it had taken researchers only fifteen minutes to develop malware that made use of the vulnerability. “This one seems to be very, very easy to exploit,” she said.
Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, which is “… an Open Source/Free Software suite that provides seamless file and print services…” Samba runs on Linux variations as well as some environments with Windows and Mac OS.
Most of the computers found are running older versions of the software and cannot be patched, according to Brown.
May the 4th has been coined World Password Day to create awareness among workers and home users everywhere to establish safe, secure and updated passwords. If you are using a common password, the same password for all your devices, or a password that is more than 2 years old then let us encourage you to participate in #passwordday and up your cyber security game.
Tips for creating a strong password-
Your passwords should be lengthy, because that is what makes them stronger. At least 8 characters long and difficult for someone to guess. Don’t use personal information like your children names or your birthday because that information is public knowledge and can probably be found out via social media or some other form of internet records. Use a mix of uppercase and lowercase letters, numbers and symbols. This may seem daunting but there is nothing more daunting then having all your personal data stolen.
Make sure you use different passwords for each account-
If you recycle and reuse a password for each of your different accounts online such as your banking, email, Facebook, & other bills then you are making it too easy for a hacker to have access to everything. It would be like if you only had one key that accessed your car, your house, & your safety deposit box. If you lost that key and someone found it then nothing in your life would be safe. Hackers know people like to keep the same password for each account and they will use this against you. If the task of creating a new password for each account seems too hard then keep reading.
Get a password manager-
A password manager stores all of your passwords, remembers them & can generate new strong passwords for you all very securely. This way you can have the longest, strongest passwords (each different) for your accounts and you only need one password to access those. These apps have secured your passwords by only allowing you access on one registered device, by using fingerprint technology or by facial recognition. Click here for a great list of possible password managers to download- http://www.pcmag.com/article2/0,2817,2407168,00.asp
If you have any other questions about creating or updating your password call us at 806-350-TECH. Happy World Password Day!