Tech Support Scams Put UK Users at Risk

October 10, 2016 by Loi Van Tran 2 Comments

Tech Support scams is a combination of social engineering and malware. Once the user’s computer is infected with the initial malware that typically alerts the user that computer is infected with a virus. It urges the user to either install a anti-virus software, which of course is another malware, or to contact a tech support hotline – a number that charges by the minute. According the report, Microsoft claimed that victims has lost over $15 Billion to these scammers.

Ways to protect yourself:

Keep your computer patched up and up-to-date
Use anti-virus/malware software
Contact with Tech support should go through official channels

Article : http://www.infosecurity-magazine.com/news/tech-support-scams-put-uk-users-at/

Spotify Falls Victim to Malvertising Attack

October 10, 2016 by Ahmed A. Alkaysi 3 Comments

This article talks about how users of Spotify’s free service have noticed that many advertisements automatically open their web browser, without them clicking on the advertisement. These websites contain virus and malware, and can contaminate the device without the user taking any action in it. Not only are the users directed to malicious sites, but malware can automatically be downloaded from these sites in attacks known as “drive-by-attacks”. These “malvertising” campaigns are the results of scripts being hidden in advertisements, which does everything automatically. What worries me, a lot of times advertisements are not thoroughly screened before being accepted. It wouldn’t surprise me if we start seeing more of these types of attacks.

Link: http://www.securityweek.com/spotify-falls-victim-malvertising-attack

U.S. formally accuses Russian hackers of political cyber attacks

October 8, 2016 by Mauchel Barthelemy 3 Comments

Cyber security has been at the center stage during the U.S. primaries and general elections this year. Without diving any further, several U.S. agencies were in the mix to investigate many high profile figures and defend the U.S. against foreign state sponsored attacks. One of the controversies that got a lot of people’s attention was that Russia allegedly trying to interfere to influence the U.S.’ presidential election outcome this year.

Several major media outlets published stories warning local states such as North Carolina, Florida, and so forth to cautiously ensure proper technology tools to prevent foreign hackers from manipulating their system to possibly change elections’ outcomes. In fact, things got escalated to a higher level as the U.S. formally accuses Russia of trying to infiltrate the Democratic Party organizations ahead of the Nov. 8 presidential election. Today, Reuters’ Mark Hosenball, Dustin Volz and Jonathan Landay write “U.S. formally accuses Russian hackers of political cyber attacks,” amidst everything else already going on regarding emails and hacking. It comes to a point where cyber security should finally be regarded through the lens of serious concerns and not taking lightly as previously.

You may read the full article via http://www.reuters.com/article/us-usa-cyber-russia-idUSKCN12729B.

Hacked voter registration systems: a recipe for election chaos

October 8, 2016 by Shain R. Amzovski 4 Comments

Hackers are looking to disrupt the upcoming U.S. election in November by hacking voter registration databases. A few disappearing names here and there wouldn’t make a difference, but if millions of people showed up to the polls and weren’t registered to vote, that would make a huge difference. Voters can still vote with provisional ballots, but they usually do not carry many at each polling location and it can cause chaos at the polls. If certain areas, such as L.A. county are hacked, that’s 4.8 million people that could be affected.

Link: http://www.csoonline.com/article/3128034/security/hacked-voter-registration-systems-a-recipe-for-election-chaos.html?google_editors_picks=true

PwC: Security is No Longer an IT Cost Center

October 7, 2016 by Mengxue Ni 1 Comment

Many organizations no longer view cybersecurity as a barrier to change, nor as an IT cost. PwC conducted an information security survey 2017 that found there is a distinct shift in how organizations view cybersecurity. According to the survey, 59% of respondents said they have increased cybersecurity spending as a result of digitization of their business ecosystem. In this process, organizations not only create products, but also deliver complementary software-based services for products that extend opportunities for customer engagement and growth.

The survey also found that the majority of organizations run IT services in the cloud. Could models gain more trust and usage at present. Organizations are also embracing both managed security services and open-source software to enhance cybersecurity capabilities. More than half (53%) of respondent employ open-source software and 62% of respondents say they use managed security services for cybersecurity and privacy.

Link: http://www.infosecurity-magazine.com/news/pwc-security-is-no-longer-an-it/

Group discovers hack-proof code that could change cybersecurity

October 7, 2016 by Wayne Wilson 3 Comments

National researchers in Australia developed a hack proof computer code called microkernel. It is the barest bone of an operating system. By keeping an operating system as simple as possible, the harder it is to crack because you eliminate vulnerabilities in the system. We are now in the Internet of Things age where most of the devices we have connects to the internet, making them susceptible to hacking. Recently in the news we seen how hackers were able to take control of cars, could you imagine how dangerous that could be if someone was driving on a highway at 65mph and someone hacked into their car and took control of the vehicles acceleration and braking. Better yet an Airplane with hundreds of people on board. The more we introduce technology into our everyday lives we increase the risk of vulnerabilities that someone can exploit. If these researchers could develop a hack proof code they will change the world of technology as we know it.

http://www.aol.com/article/news/2016/10/05/this-hack-proof-code-could-change-the-cybersecurity-game/21575179/

Yahoo Built a Secret Tool to Scan Your eMail Content for US Spy Agency

October 7, 2016 by Scott Radaszkiewicz 2 Comments

Article Link: Click for Article

This article is about Yahoo building a software program that would secretly scan users emails, and this was done at the request of a US intelligence officials. This was done in 2015 via a secret court order and the information is reported to have gone to the NSA or FBI.

Many top Yahoo officials were unaware of this and the Chief Information Security Officer resigned from the company, expressing regret that he was left out of this information.

It’s pretty scary how open our lives have become. I assume, if there was a court order, there was a legitimate concern. But it just goes to reinforce the fact that you should not put anything into any digital medium that you would not want being read by another person! There is no privacy. Be it hackers or the government, the information can be obtained!

Hack warnings prompt cyber ‘security fatigue’

October 6, 2016 by Ioannis S. Haviaras 2 Comments

It seems like everyday more and more cyber attacks to organizations are being found however many consumers are reluctant to change their online habits. A study performed by Mary Theofanos found that people are sick and tired of remembering more and more passwords, making people use the same password for multiple sites. In this study people believed that since they did not work for a government agency or finance company. Many users are also frustrated with the extra steps required for this security on other websites. If people are frustrated with using multiple passwords they need to start using password managers and other alternatives to make sure that their information is secure, or else many people will be susceptible to attacks.

Article: http://www.bbc.com/news/technology-37573795

N.S.A. Contractor steals confidential information.

October 6, 2016 by Brent Easley 2 Comments

http://www.nytimes.com/2016/10/06/us/nsa-leak-booz-allen-hamilton.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

This is the 2nd time in the last three years that a contractor from Booze Allen Hamilton has managed to steal highly classified information from the N.S.A. The Obama Administration has been victims to classified information being leaked to the public multiple times.

16,000 WordPress Sites Have Been Hacked

October 4, 2016 by Mengxue Ni 2 Comments

WordPress is a popular target because majority or the web uses it to manage and publish their content. According to the 2016 Sucuri report on WordPress continues to lead the number of infected websites at 74%. This report focuses on four open-source content management systems(CMS). In addition to WordPress, it covers Joomla!(14%), Magento(5%) and Drupal (2%). Sucuri found that on average, WordPress installations had 12 plugins installed at any given time. The top three plugin vulnerabilities contributed to 22% of WordPress site hacks: Gravity Forms, TimeThumb and RevSlider.

I know that sites that we are using for our classes are all WordPress based. It is dangerous if school accounts are hacked. It may lead to identity theft. WordPress is very useful for developers to design but meanwhile, they need to pay attention on the security side of using WordPress.

Link: http://www.infosecurity-magazine.com/news/16000-wordpress-sites-have-been/