12 million users enticed to download utilities that secretly bundled adware and spyware

Remember

This is clearly "user issue" so , remember "Think Before you Click"


From the article:
“Installed with administrator rights, (Wizz) is able to harvest personal information, and install and launch executables uploaded by the controlling party,”

Researchers found 55 domains used for Tuto4PC’s adware/spyware campaign, each owned by Tuto4PC or a subsidiary. Talos said the domains were used to distribute the Wizz.exe binaries. “The domains had various ‘PC Clean’, ‘Free Game’ and ‘Offer’ style names all questionable to a degree as to how legitimate they are


For more info:
https://threatpost.com/tuto4pc-utilities-silently-install-12m-backdoors-cisco/117704/

Bypass Windows defenses without leaving any trace on the machine.

The strange part is that someone accidentally discovered it and exposed it.
So, I am wondering who else knew about it and has been using it.
Is this a vulnerability or kind of backdoor?

From the Article:
The flaw doesn’t trigger the AppLocker security software, which is supposed to only let users run apps from trusted sources, and it doesn’t leave any traces in the registry, as it doesn’t need administrator access.

Microsoft has not yet provided a fix for the issue, but users can disable the Regsvr program using Windows Firewall.



For More info
http://bgr.com/2016/04/25/windows-10-applocker-security-issue/

Educating Kids on Cyber Safety

Nice article


Check Below for a PDF doc

http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201506_en.pdf

It is time to uninstall QuickTime from your windows PC (ASAP)

Apple has pulled the plug and we did not know it!!


Check here:
http://appleinsider.com/articles/16/04/18/apple-confirms-quicktime-for-windows-end-of-life

A Few mind blowing security suggestions

Actually............... these are just simple but powerful suggestions

1.  Change Default Passwords and DON'T share them
2. Use 2 factor authentication wherever possible and use SMS / Email alerts for all important transactions (Banking, Credit Card)
3. Use a password manager and create a strong password for its use.
4. Pass-phrases are better than passwords
5. Patch / Update all devices that can connect to Internet
6. Always presume free Wi-Fi connections as unsafe so, use HTTPS or VPN
7. Remember  - IRS will communicate only by Postal mail. All other IRS related emails are generally FAKE.
8. "Think Before you Ink" is an old proverb , the new one is "Think before you CLICK".  This applies to both Internet connections and emails.(This will save you from embarrassment  and could save your job)
9. Remember , you are a TARGET to Hackers so, be VIGILANT
10. Remember "Nothing is free" and if something is too good to be true  then it probably is.
11. Backup you data and disconnect your backup device from the computer. This  will help if/when you are hit by Ransomware
12. Do NOT RELY on Anti-Virus, Anti-Malware and other fancy tools as they  can ONLY provide basic protection.

(Here is something that is strange but true)

The best security tool for you, your computer, your home and your job is YOU.

IMPORTANT PHONE NUMBERS AND URLS - For people within USA

I am hoping this would be useful for many people:
The details are US related.

Please send me info on phone numbers and URLs that might be generally useful and I will add them
If you have for other countries then send it to me and I will create a similar page

OR

If you have an existing page, send me the link and I will add it to this page.

IMPORTANT
Poison Center
http://www.poison.org/
1-800-222-1222
Food poison or any other poison related issues


INTERNET
Reporting Computer or Internet related crimes This article provides crime classification and related agencies Link to the Article

FBI - Internet Crime Complaint Center (IC3)
http://www.ic3.gov/default.aspx
IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant


IDENTITY THEFT

IDENTITY THEFT -FTC Site
https://identitytheft.gov/
"Federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process

IRS's Taxpayer Guide to Identity Theft
https://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft

Ever wonder why you never won a lottery ticket (maybe it was hacked)

Are you surpised?

Like someone once said
if it isn't open-sourced, and verified unmodified, it cannot be trusted!

From the article:

For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done.

For more details:
https://www.theguardian.com/technology/2016/apr/08/man-hacked-random-number-generator-rig-lotteries-investigators-say

How to secure your tablet

Old but Gold article

From the doc:

Here are some simple steps for you to consider as you continue to use your tablet

1. Keep your tablet operating system and apps current and running their latest version. Many tablets now automatically update your apps, a feature we encourage you to enable
2. Do not jailbreak or hack into your own tablet. This will bypass and render a tremendous number of security controls useless, making your tablet far more vulnerable to attacks
3. Only download apps you need, and only download them from trusted sources. For iPads, this is simple as only downloading apps from iTunes. These apps are screened by Apple before they are made available. For  Google, we recommend you limit your apps to those found on Google Play. While you can download apps from  other sites, they are usually not vetted and could be created with malicious intent. Finally, regardless of where you got your app, we recommend you remove it from your tablet once you no longer need or actively use it
4. When installing a new app, make sure you review and set the privacy options, just like you did when initially configuring your new tablet. Be careful of what information you allow the app to access, or what you allow the app to do with that information. For example, does the app you just downloaded really need access to all of your contacts
5. Be sure to install or configure software that allows you to remotely track, lock or erase your tablet in case it is ever lost or stolen

Download the PDF here

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201312_en.pdf

"Hacking Team" Hacked - One vulnerability is what was needed

The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom.

For more info:
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896

Ever thought of building your own Router?

Here is your chance

http://news.hitb.org/content/ars-guide-building-linux-router-scratch

Simple way to detect Tax Season SCAM

IRS Spokesperson Mark S. Green stated:

“The IRS DOES NOT initiate contact with taxpayers by email, text, social media or electronic communications to request personal or financial information."

So, anything other than Postal Mail is a scam

How do these SCAMs looks
https://www.zscaler.com/blogs/research/tax-season-scams

If you are still using the default username+password on your router. This article should persuade you

I still wonder why people don't change the default password

The DNS settings of a router can be overwritten thanks to the JavaScript code containing more than 1,400 login combinations, including a list of common passwords.

DNS changes can only be made if the victim accesses a compromised website on their mobile device

To prevent hackers from gaining control of their routers, all consumers need to do is to keep their home networking router’s firmware up to date, and to avoid using the default ID and password provided with the device when it shipped

For more info:
http://www.digitaltrends.com/web/javascript-malware-mobile/

How do you know if you system has been Hacked?

Good article from SANS

1. Your anti-virus program has triggered an alert that your system is infected, particularly if it says that it was unable to remove or quarantine the affected files
2. Your browser’s homepage has unexpectedly changed or your browser is taking you to websites that you did not want to go to
3. There are new accounts on your computer or device that you did not create, or new programs running that you did not install
4. Your computer or applications are constantly crashing, there are icons for unknown apps, or strange windows keep popping up
5. A program requests your authorization to make changes to your system, though you’re not actively installing or updating any of your applications
6. Your password no longer works when you try to log into your system or an online account, even though you know your password is correct
7.  Friends ask you why you are spamming them with emails that you know you never sent
8.  Your mobile device is causing unauthorized charges to premium SMS numbers
9.  Your mobile device suddenly has unexplained very high data or battery 

PDF Link Below

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf

Whaling up by 270% - Don't confuse this with stock value or fishing activity

It is PHISHING attack that has cost more than 2.3 Billion in last 3 years

The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years

From October 2013 through February 2016, law enforcement received reports from 17,642 victims.

(I like this observation)

The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it

For more info:

http://www.infosecurity-magazine.com/news/fbi-ceo-fraud-skyrockets-270/

CyberSecurity Report - PDF file , has some interesting STATS

Get it here
http://www.cloudlock.com/wp-content/uploads/2015/04/Cloud-Cybersecurity-Report-The-Extended-Perimeter-CloudLock.pdf

Interesting article on Cloud Threat

This is another one that keeps growing.



From the article

As we move our critical assets to the cloud and access it from anywhere, and while workers can operate more freely, the borderless environment creates new threat vectors.

1. Findings indicate that the average organization has 12% of files shared organization-wide, while another 10% of files are exposed externally, and 2% are accessible publicly or searchable on the public Web.
2. Another important dimension of cloud applications is that the most successful applications create an ecosystem of third-party apps Organizations must realize is when you authorize these applications to access your identities in the cloud, or the data in the cloud apps, a connection is established between the user and a third-party entity -- your corporate environment. Effectively, their security is now your security,
3. A new threat used today as a new form of malware: Cloud Malware
4. The last threat vector of interest is that as cloud applications are out in the wild, they are being attacked through brute-force password attacks or through attempts to login with stolen credentials under the premise that many users use the same password everywhere.

For More info:
http://www.darkreading.com/vulnerabilities---threats/understanding-the-cloud-threat-surface/a/d-id/1325011

Patch your Nexus - versions 4.4.4, 5.0.2, 5.1.1, 6.0 and 6.0.1.

Like they say "The ball is in your court".
Let's not procrastrinate

SUMMARY
Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices

The elevation of privilege bug exploited by the rooting application

Rooting applications are particularly dangerous because they give their respective payloads system-level persistence.


“It allows for consistent elevation of privilege, so anyone with malicious intentions with code execution already on a device and wants higher code execution, could use it to get access to the microphone or camera, or read email, anything like that,”

Check here for more info:
https://threatpost.com/google-patches-old-flaw-exploited-by-rooting-application/117161/

50 GB of Verizon customer - Accessible through MongoDB client and the IP address (no password needed)

Company response-  it is test data.

Really?

50 GB of Verizon customer data has been discovered, completely unprotected by any password or authentication.

Yet, even after a back-and-forth with Verizon’s director of cybersecurity, Jim Matteo, Verizon did little to fix the issue.

The Verizon PR team claimed that the MongoDB was only a test environment with fictitious customer data, non-sensitive reference material, unique encryption keys and solely used passwords specific to that test environment. 

For more info:

http://www.infosecurity-magazine.com/news/verizon-customer-info-database/

Identity Theft via W-2 Phishing Scams

In this digitally connected world, we being smart is not good enough. Our information is stored and managed by many other organizations and all we need is one of them to make the mistake (Guess who suffers?)

Criminals harvesting W-2 information by spear phishing will probably not exploit them directly. These compromised data sets will probably be sold off on underground, Silk Road-like forums to a number of different small operators who will file fraudulent tax returns in the name of the victims.

For More Info:
http://www.infosecurity-magazine.com/news/55-companies-and-counting-fall-to/