Major Online Security Bug Found: Heartbleed

Internet, Security, , ,
08
Apr 2014

A major OpenSSL bug has been found that could affect 70% of secure websites.

A major OpenSSL bug has been found that could affect 70% of secure websites.

A major bug has been found in the popular OpenSSL library used by thousands of online merchants, email providers and banks.  The bug allows anyone on the internet to read a user’s private information while it is being sent back and forth to the website.  A security advisory has been issued by OpenSSL.

Why is the bug called Heartbleed?

The code affected by this bug is in the heartbeat portion of the protocol which keeps the connection to the website active.  When the bug is exploited it causes memory to leak its content while it is being sent over the internet, which contains sensitive and private information.

How does this affect me?

If the website you are logging in to, such as your bank, email or an online store uses a version of OpenSSL that has this bug:

  • An attacker can open a connection to your bank over and silently download among other things the keys used to prove the bank is who they say they are.
  • They can then pretend to be your bank and you will not notice anything different, while all of your communication is being stolen.

It is estimated that up to 70% of internet websites are affected by this bug.  Companies can fix the bug by upgrading to the latest version of OpenSSL, creating new certificates and removing old certificates.

How can I protect myself?

First check if the website you are accessing has an “https” in front of the address, meaning it should be a secure connection. All banks, email webpages and online stores should have this:

Check for https in front of your website address.

If it is a secure connection, enter the website here to check if the bug exists.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

If it does exist, avoid using the website until they have upgraded their OpenSSL.  For further assistance with the Heartbleed bug or other security issues, contact your local IT professionals.

Read More

Post Windows XP: Exploit Attack is Imminent

Security, Software, Uncategorized, , ,
08
Apr 2014

 

The original Windows XP Background location taken in Sonoma Valley, California

The original Windows XP Background location taken in Sonoma Valley, California

Windows XP has officially been retired by Microsoft but does that mean you can safely continue running it at home or at the office?  A report put out by security firm F-Secure has recently highlighted some ways to stay somewhat safe while continuing to run the expired Operating System, while emphasizing that an exploit could be ready any day now:

1. Install the final updates for Windows XP from Microsoft

2. Make sure Microsoft Office is fully patched

3. Update all third party software

4. Run a firewall and antimalware protection

5. Run Micrososft’s EMET (Enhanced Migration Experience Toolkit)

Although these steps can help delay a system compromise, once Windows XP has been infected it is considerably more difficult to clean than other operating systems.  Virus and malware writers will now be able to look at the updates released for Windows 7 or 8 and know exactly where to attack Windows XP since the operating systems share some similar code.  The report also goes on to mention that an exploit on Windows XP will occur soon.

 

The latest F-Secure report highlights risks of continuing to run Windows XP

The latest F-Secure report highlights risks of continuing to run Windows XP

According to the report, web based attacks and infections doubled in the second half of 2013.  It is important to note that modern virus writers and criminals often do not want to damage a computer system.  It is much more lucrative to hold the system ransom for money or to steal sensitive information such as bank logins, email accounts and credit card information.

For more guidance on moving away from Windows XP or securing your home or office, contact your local IT professionals.

Read More

Scammers Hijack SOHO Routers to Steal User Information

Internet, Office IT, Office Network, Repairs and Upgrades, Security, Services, , , , , , , , ,
06
Apr 2014

TL-WR1043ND-01

TP-Link is among the vendors affected by the SOHO pharming campaign.

Recently, it was discovered that several hundred thousand routers fell victim to a hijacking scheme that could become a prevalent problem to many internet users worldwide.  The attack, dubbed as a ‘small office/home office (SOHO) pharming campaign,’ was targeting Vietnam, but according to a report by Team Cymru, the SOHO pharming campaign also made its way into regions like the US and Italy.

The criminals behind the pharming campaign took advantage of exploitable security holes in various consumer-grade routers, and from there they were able to redirect users to malicious websites to steal login credentials and/or dropped malware onto the users’ computer.  The scary part about this SOHO campaign is that more than one type of routers are affected.  According to Team Cymru, the compromised routers could be a brand name like D-Link or and off-brand like TP-Link.

soho-hijack

A diagram depicting the ‘man-in-the-middle’ hijacking scheme from Team Cymru.

Cyber security experts found that once the attackers had control of their targeted routers, they changed the devices’ Domain Name System (DNS) settings to force users to send out requests to the 5.45.75.11 and 5.45.75.36 IP addresses.  The new DNS settings then acts as a ‘middle-man’ and redirect users to malicious sites instead of legitimate ones.

While it is easy to point the fingers directly at the people manufacturing the routers, it’s not completely their fault.  There’s no such thing as a ‘hands-off’ policy when it comes to protecting yourself from intrusions by cyber criminals.  That said, there are a few things many router owners can do to lessen their chances of becoming victims to the router hijacking scheme.

  1. Disable router’s remote user-mode and graphical user interface. Disabling remote access will help keep users who aren’t directly connected to your network from accessing your routers’ admin properties.  Disabling the GUI will, reportedly, mitigate the likelihood that someone can find a hole in the routers’ software.  Instead of making changes to the routers’ setting via a graphical interface, try to change the settings via command lines.
  2. Corporate networks may want deploy tracking systems (i.e. an HTML code on the externally facing servers) to detect possibly malicious IP addresses.
  3. All SOHO router settings (especially DNS) should be controlled at the host level.
  4. Admins must proactively monitor router settings periodically to ensure that the router’s DNS is pointing at those that belong to their internet service providers (ISP).

These are just a few of the basic security measures you must consider if you or your organization is using a SOHO router.  Should you have any questions or concerns regarding the recent SOHO pharming campaign or what you should do tighten up your network security, contact our IT professionals.

Read More
Youtube ads serving up malicious code
Youtube ads serving up malicious code

Hackers Use YouTube Videos to Serve Up Malware Ads

Security, , , ,
12
Mar 2014

image_thumb

Make sure you have your firewall up!

With over 1 billion users, YouTube is one of the most visited sites on the web, but its incredible popularity is also drawing in criminals and viruses.  Cyber criminals are always looking for new ways to exploit popular platforms, and YouTube is not an exception.

Recently, it was discovered that YouTube videos were serving up ads that contained the necessary precursors for an attacker to inject malware into a targeted machineAccording to a Bromium Labs, the cyber criminals were leveraging holes in systems running Java, and if that was the case a Banking Trojan belonging to the Caphaw family was dropped locally onto the user’s computer.  Another reason to keep your Java up to date.

Once a connection with the victim’s machine is established, the malware then tries to connect with domains which are likely based in Europe.

image_thumb1

It’s as easy as 1-2-3.

The YouTube malware ad was delivered in the following manner:

  1. User watches YouTube video
  2. User sees an appealing thumbnail embedded in and clicks on it to watch another video
  3. Once the thumbnail is clicked, the machine opens up the malware ad in the background (served by Google Ads)
  4. Malware then redirects the user to ‘foulpapers.com’
  5. The malicious website then serves up iFrames with the aecua.nl domain
  6. Aecua.nl then detects the system’s Java version and drops the malware onto the victim’s machine

Casual YouTubers may never even notice that their machine was the target of such an attack.  Cyber criminals will often put some work into promoting their YouTube videos to make them seem legitimate and worth watching.  A video containing such exploits may contain thousands or even hundreds of views, so it is only after the damage is done that one will notice his machine is infected.

As always, we advise everyone to take the necessary precautions to prevent such an attack by installing and updating their antivirus software.  It is also recommended that people disable Java unless it is absolutely necessary for running verified/safe services and applications.

For further help keeping your office or home computers secure against such attacks, contact our IT support services.

Read More
Onsite PC Solution Detect Bitcoin Mining Software
Onsite PC Solution Detect Bitcoin Mining Software

Thieves Use Yahoo to Spread Bitcoin Mining Malware

Security, Services, Software, , , , ,
23
Feb 2014

bitcoin-miner

You don’t need dynamites to find Bitcoins, just enough knowledge and computer hardware.

Malware not only steals your personal data, but can also hijack your system and network resources to work on things you don’t approve of.

Bitcoin and other forms of cryptocurrencies have skyrocketed in popularity in recent months.  The cryptocurrency craze isn’t reserved just for investors as virtually anyone can get their hands on these lucrative digital coins—given they have the necessary resources.  What we’re talking about is: if you don’t have money to invest in Bitcoin, you can mine the Bitcoins.  Mining these coins, however, will require some computer know-how and hardware.

Stealing Without Physically Taking

When it comes to knowledge of how hardware works and where digital information flows, cybercriminals and hackers are ahead of the game.  What they lack is the hardware, but why do they need to purchase their own hardware when they can steal your processing power?  All they have to do is run malicious code on your computer to hijack the computer’s resources remotely and us it to mine Bitcoins for themselves.

Beginning late last year, a slew of malware aimed at hijacking computers for mining Bitcoins began infecting unsuspecting victims.  Where and how these tools make their way onto people’s computer can vary, but it is especially troubling if the source is a popular website like Yahoo.

Yahoo admitted in January that its advertising platform was utilized by cybercriminals to distribute hijacking malware and viruses.  Fox IT, a cybersecurity firm, estimates that as many as 2 million Yahoo users were affected by the exploit.  Yahoo, however, has not given an estimate how many of its users clicked the scam ads.

Must Click the Ad That’s Slick!

While most of us will try to ignore any type of ads that appear on a website, savvy marketers will always find a way to deploy attractive and mind boggling banners that will trick us into clicking.  Criminals are also marketers in a sense, and so it is likely that they used these marketing tactics to lure people into clicking their ads on Yahoo.

task manager

If you’re not running any resource intensive tasks, the task manager should display low CPU and memory usage.

If you’re a Yahoo user, and notice that your computer is running unusually slow as of late, check your computer’s resource monitor to see which process is taking up abnormally large amount of bandwidth, memory and CPU usage.  Any process or application that is hogging up too much system resources could potentially be one of these Bitcoin mining malwares.

If you’re having a hard time navigating and figuring out whether or not you’re a victim of the Bitcoin malware, please contact our IT professionals and we’ll be more than happy to give you a hand!

Read More
1 42 43 44 45 46 47