Cryptowall Infecting Systems via Advertisements
- Details
- Posted on Friday, June 06, 2014
A new and dangerous variant of the original CRYPTOLOCKER (which brought an estimated $23 million to the bad actors) is on the loose. This malicious software is infecting machines through advertisements found on major sites such as Facebook, Disney, The Guardian and many others. The software gains final entry to a system via UNPATCHED software such as Flash, Internet Explorer, Java or Silverlight. Once infected, your most commonly used documents become encrypted/useless until you pay a ransom....get the full story here.
As part of our Systems Management Program, we automatically patch 3rd party software, this being only one layer in our multiple layer approach to managing systems and network security. With Cryptowall exploiting unpatched software, this is yet another reminder of the importance of updating/patching your software and having a reliable backup solution in place.
HTTPS Why no Padlock? Mixed Content Warnings
- Details
- Posted on Friday, June 06, 2014
Ever visit a website and receive a popup "ONLY SECURE CONTENT IS DISPLAYED" or a broken padlock next to the URL of the site? This occurs when visiting a site using SSL (usually defined by the HTTPS in the beginning of the URL) and not all of the content on the site/page is being delivered through SSL. Unfortunately this is common place and usually a result of negligence on the site owners end, however it has also been noted that when a users browser/system is "infected", the malicious software will inject advertisements into the websites being viewed also resulting in a MIXED CONTENT WARNING. In any case, this breaks the SSL connection between you and the website, defeating the purpose of using SSL to begin with. Should you ever receive these warnings while visiting a financial website or your email providers "webmail", DO NOT PROCEED! Most if not all banking sites will never deliver content via HTTP but strictly HTTPS. It is advised to check your system for malware. A non HTTPS connection means that everything between you and the website is being sent in the clear, including passwords/usernames, personal information, etc.
A recent article posted at Qualys Security Labs suggests this "problem" being the easiest way to break SSL.
Are you a site owner trying to fix this? The first step is to determine exactly which content is being delivered via HTTP rather than HTTPS. A very useful site for showing non https links being loaded can be found here. Simply enter your sites URL and all the links on that page will be displayed. This will narrow down exactly which link(s) are causing the problem. If you require assistance, please contact us.
We believe ALL internet websites should implement SSL. The E.F.F (Electronic Frontier Foundation) started an HTTPS campaign back in 2011. By implementing SSL (regardless if your collecting personal information on your site or not), you are helping to protect users privacy and freedom. Begin by purchasing an SSL certificate. We can assist in converting your current site over to FULL TIME SSL
Other useful tools:
- SSL Server Test Webserver SSL implementation tests.
- Verify an SSL certificate "fingerprint". Great research performed by Steve Gibson. In many corporate settings, it is common for ALL traffic to be monitored for security purpose. However in some settings such as a free wifi hotspot, your home/ISP, etc., this is malicious and dangerous. Use this tool to detect if your SSL traffic is being monitored.
Is TRUECRYPT Really Dead?
- Details
- Posted on Wednesday, May 28, 2014
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
Apple iPhone iPad iPod Ransomware - Device Locked Messsage?
- Details
- Posted on Tuesday, May 27, 2014
"My device has been hacked" Cybercriminals have targeted a large number of users of Apple's iCloud connected devices with a sophisticated Ransomware in Australia.
The owners of iPhone, Mac and iPads are finding their devices locked remotely through iCloud and a message originating in Apple's find my device service that states "Device hacked by Oleg Pliss".
One user wrote on Apple Support Forum, "I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me."
The Locked Devices are prompting to send up to US$100 to a Paypal account of the suspected hacker in order to have them unlocked. But we urge our users not to send money to the given account, as PayPal spokesman confirmed that, ‘There's no PayPal account linked to hacker email addr and any customer who has sent money will be refunded’
Continue to get updates for Windows XP?
- Details
- Posted on Tuesday, May 27, 2014
Still running Windows XP? While it is advised to switch over to Windows 7 or 8.1 for many reasons, a technique is being used to continue to get security patches for Windows XP, while this will not protect the system as a whole, it will provide more security for your Windows XP than without.
A relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019.
It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out for its Windows XP, if it was still supporting XP Operating System.
Windows Embedded POSReady 2009 is the operating system installed in "point-of-sale" (POS) systems such as restaurant machine, ticket machines or other customized version of Windows Embedded systems. POS machine most likely uses the XP operating system, therefore receives the same updates that are delivered by Microsoft for the officially unsupported version of Windows XP.
You are not allowed to directly install these Windows updates for your OS. In order to download new security updates for your Windows XP, you just need to perform a simple intervention into the Windows registration database.
STEPS TO FOLLOW:
*Open Notepad and create a new file.
*Copy and Paste the text below:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
*Save file as .reg extension and run it by double clicking it.
Once executed, you will find lots of pending updates in your Windows Action Center.
Because the extended support for Windows Embedded POSReady 2009 systems ends after 5 years, Microsoft will continue to deliver new security updates and patches for this version of its embedded operating system till April 9th, 2019, so users can use this trick to get security updates of Windows XP for another five years.
WordPress Vulnerability Contributes to DDOS Attacks
- Details
- Posted on Friday, March 14, 2014
Are running a WordPress site? A recent vulnerability, actively being used to perform DDOS attacks, is making its rounds. Basically, a “pingback” function that is built into WordPress (enabled by default), allows an "attacker" to target a specific site and use the built in feature "pingback" of another site, to take a targeted site down. This means that a vulnerable WordPress site is used to attack another site, multiply that by thousands, and the "target" is unable to handle the vast amount of requests. While this isn't a direct threat to your site, by leaving this vulnerability enabled, your allowing your site to be used as a weapon. While the WordPress team is aware of the issue, they are not likely to release a "patch" because this is considered a "feature" and one that many other plugins use.
A plugin exists that will mitigate this vulnerablity on your WordPress site, download/install this highly rated plugin (disable XML-RPC).
How secure is your WordPress site? With WordPress becoming increasingly popular as the platform for many websites, mostly due to the "ease of use" factor, we continue to find that many of these sites lack any "best practice". High Desert Technology can help assess and implement "best practice".
More information regarding this "vulnerability" can be found at SECURI.
More Articles...
- Stolen Coca-Cola laptops contained personal data
- To Protect and Infect - Jacob Appelbaum Discussion
- NSA Spyware Gives Backdoor Access to iPhones 100% Success Rate
- The NSA hacking unit - TAO. Intercept laptops to install malware, monitor "do you want to send to microsoft" logs....
- Snowden's OPEN LETTER and Privacy Concerns
- Public WiFi Hotspots - The Risks
- WordPress - Why it is important to update/patch on a regular basis
- Law Enforcement using Malware to SPY via Webcam
- 90,000 Patients Data Compromised
- Are SMART TV's Watching You?
- Police Agency hit with CRYPTOLOCKER virus
- NSA Infected 50000 Systems with MALWARE
- Google: We're bombarded by gov't requests on user data
- New Internet Bug Bounty holds companies accountable, protects hackers
- NSA Monitors Google, Yahoo, Microsoft's Data Centers
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: September 22, 2017Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition.US-CERT encourages users and administrators to review the Chrome Releases[…]
Created on: Sep 22, 2017 | 07:05 am
Sep 22, 2017 | 07:05 am -
Joomla! Releases Security Update
Joomla! Releases Security Update
Original release date: September 21, 2017Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.US-CERT encourages users and administrators to review[…]
Created on: Sep 20, 2017 | 21:18 pm
Sep 20, 2017 | 21:18 pm -
Samba Releases Security Updates
Samba Releases Security Updates
Original release date: September 20, 2017The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.US-CERT encourages users and administrators to review the[…]
Created on: Sep 20, 2017 | 17:47 pm
Sep 20, 2017 | 17:47 pm -
Cisco Releases Security Updates
Cisco Releases Security Updates
Original release date: September 20, 2017Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco[…]
Created on: Sep 20, 2017 | 17:07 pm
Sep 20, 2017 | 17:07 pm -
IC3 Issues Alert on Disaster-Related Fraud
IC3 Issues Alert on Disaster-Related Fraud
Original release date: September 20, 2017The Internet Crime Complaint Center (IC3) has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims[…]
Created on: Sep 20, 2017 | 15:53 pm
Sep 20, 2017 | 15:53 pm -
FTC Releases Alerts on Protecting Against Identity Theft
FTC Releases Alerts on Protecting Against Identity Theft
Original release date: September 20, 2017The Federal Trade Commission (FTC) has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major[…]
Created on: Sep 20, 2017 | 13:58 pm
Sep 20, 2017 | 13:58 pm -
WordPress Releases Security Update
WordPress Releases Security Update
Original release date: September 20, 2017WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.US-CERT encourages users and administrators to review the WordPress Security[…]
Created on: Sep 20, 2017 | 05:50 am
Sep 20, 2017 | 05:50 am -
Apple Releases Security Updates
Apple Releases Security Updates
Original release date: September 19, 2017 | Last revised: September 20, 2017Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users[…]
Created on: Sep 19, 2017 | 13:56 pm
Sep 19, 2017 | 13:56 pm -
Avast’s Piriform Releases Security Update for CCleaner
Avast’s Piriform Releases Security Update for CCleaner
Original release date: September 19, 2017Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner[…]
Created on: Sep 19, 2017 | 10:44 am
Sep 19, 2017 | 10:44 am -
Apache Releases Security Updates for Apache Tomcat
Apache Releases Security Updates for Apache Tomcat
Original release date: September 19, 2017The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. US-CERT encourages users and administrators[…]
Created on: Sep 19, 2017 | 10:43 am
Sep 19, 2017 | 10:43 am
Posted Articles
-
Great read on Security Annoyance
-
Imperfect Forward Secrecy
-
True Crypt
-
Latest variants of "ransomware"
-
Links Found between NSA, Regin Spy tool and QWERTY Keylogger
-
Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
-
Thunderstrike Mac Attack Achieves Persistence
-
Microsoft OneDrive - Encryption Keys Uploaded?
-
We Should All Jump to the ‘Erasable Internet’
-
The Best Thing We Can Do About the Sony Attack Calm Down
-
Attackers Can Read Your Private SMS and Listen to Phone Calls
-
Critical Flaw Hits Millions of Home Routers
-
Chrome devs hatch plan to mark all HTTP traffic insecure
-
Quantum Encryption Makes Credit Cards Fraud-Proof
-
We believe ALL internet websites should implement SSL
-
Reset the NET, start with DELETING YOUR FACEBOOK
-
Edward Snowden Wins EPIC "Champion of Freedom" Award
-
Vodafone reveals existence of secret wires that allow state surveillance
-
Cryptowall Infecting Systems via Advertisements
-
HTTPS Why no Padlock? Mixed Content Warnings
-
Is TRUECRYPT Really Dead?
-
Apple iPhone iPad iPod Ransomware - Device Locked Messsage?
-
Continue to get updates for Windows XP?
-
WordPress Vulnerability Contributes to DDOS Attacks
-
Stolen Coca-Cola laptops contained personal data
-
To Protect and Infect - Jacob Appelbaum Discussion
-
NSA Spyware Gives Backdoor Access to iPhones 100% Success Rate
-
The NSA hacking unit - TAO. Intercept laptops to install malware, monitor "do you want to send to microsoft" logs....
-
Snowden's OPEN LETTER and Privacy Concerns
-
Public WiFi Hotspots - The Risks
-
WordPress - Why it is important to update/patch on a regular basis
-
Law Enforcement using Malware to SPY via Webcam
-
90,000 Patients Data Compromised
-
Are SMART TV's Watching You?
-
Police Agency hit with CRYPTOLOCKER virus
-
NSA Infected 50000 Systems with MALWARE
-
Google: We're bombarded by gov't requests on user data
-
New Internet Bug Bounty holds companies accountable, protects hackers
-
NSA Monitors Google, Yahoo, Microsoft's Data Centers
-
Mac OS X Mavericks REVIEW
-
Experian Sold Consumer Credit Information to ID Theft Service
-
Apple is misleading people on iMessage security
-
Microsoft Remote Desktop for Tablets RELEASED
-
CryptoLocker Ransomware
-
Adobe Servers Breached - 3 million users data stolen, source code stolen
-
Private email service fights court order demanding SSL keys then shutsdown.
-
Your "Social" connections are gathered and put together by NSA
-
We thought TOR became more popular..
-
Can We Trust IPSEC?
-
NSA and Encryption
-
Feds Are Suspects in New Malware That Attacks Tor Anonymity
-
StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance
-
Government requests for private SSL keys
-
ACLU warns of mass tracking through license plate scanners
-
Microsoft and NSA. Encryption provided by Microsoft useless.
-
Encryption, Capitalism, and the Law
-
U.S. Emergency Alert System open to false messages
-
Attack on South Korean targets part of a larger cyber-espionage campaign
-
Top Five IT Security Cyber Threats
-
Malware Infections Are Usually From "Legitimate" Websites
-
Fake Job Postings Displayed on Infected Computers
-
Car theives found using handheld fobs to hack automatic car locks
-
90% of passwords can be cracked in seconds
-
Report: U.S. Power Utilities Infected by Malware from USB Drives
-
Most advanced espionage platforms ever discovered
-
The pitfalls of advertising such ridiculous beliefs
-
Free Antivirus v. Commercial Antivirus
-
Hacking-as-a-service offers access to business systems via Remote Desktop (RDP)
-
‘It won’t happen to us’ is SMB’s attitude toward security
-
Creating strong passwords is easier than you think
-
One million Facebook users' names and email addresses: $5
-
Unprotected backdoor into industrial control systems
-
Government official advises users to use a false name online
-
Researchers Find Android Apps Leaking Personal Data
-
Sony faces setback as hackers release PlayStation 3 decryption keys
-
US considers preemptive action to prevent 'Cyber Pearl Harbor'
-
Barnes & Noble admits PIN pads were tampered with
-
Major ISPs rolling out Copyright Alert System
-
HSBC is Latest Target in Cyber Attack Spree
-
US Bank hit with DDOS
-
Most data breaches come from within
-
What is an SSL certificate? Why do I need one?
-
Godaddy Outage - Corrupt Router Tables
-
Indivudual sold access to hijacked PCs
-
Government to warn business about the cyber threat
-
BitTorrent Users Monitored
-
Researchers find critical vulnerability in Java 7 patch hours after release The new vulnerability allows a complete Java Virtual Machine sandbox escape in Java 7 Update 7, researchers from Security Explorations say
-
Another case of Apple knows best..
-
Wolfram Alpha Facebook Tool Reveals How Many Of Your Friends Are Single (And More News You Can Use)
-
Investigating FinSpy: when surveillance spyware gets in the wrong hands
-
Java Zero Day Flaw Under Attack
-
Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
-
Shamoon malware cripples Windows PCs to cover tracks
-
At least 83 million accounts on Facebook are fakes...do you blame anyone?
-
Apple upgrade provides anti-virus protection
-
Verizon no longer allowed to block tethering apps
-
Dropbox confirms it was hacked, offers users help
-
80 Percent of Facebook Ad Clicks Came From Bots, Firm Says
-
All your speech belongs to Apple
-
Skype makes chats and user data more available to police
-
Attention Office 2003/2007/2010 Users
-
Pentagon to monitor news media for national security leaks
-
Social Network Password Mining
-
Facebook Spam Campaign Infects Users
-
99% of attacks can be stopped by PATCHING
-
Judge orders Twitter to hand over user data
-
Dotcom search warrants ruled illegal
-
Mobile Device Malware Detection
-
Sonic.net Privay Matters to this ISP in Northern California
-
Personal data broker SPOKEO gets fined for selling your data.
-
Android Malware | Another Case of Spyware on your Phone!
-
The Importance of complex passwords.. LinkedIn Passwords already cracked.
-
6.5 million LinkedIn passwords reportedly leaked online
-
Will Facebook be around in 10 years?
-
Latest STATE Sponsored Malware "FLAME" Bigger than Stuxnet? US Cyberwarfare!
-
US Sponsored Cyberwarfare...Governement admits it was behind STUXNET
-
How to jailbreak using Absinthe 2.0 on iOS 5.1.1 devices
-
What does Siri know about you?
-
Google plugs 13 security holes -3rd party updates
-
The FBI’s New Unit Can Spy on Skype and Wireless Communications
-
Windows 8 to Let Parents Get Weekly Reports About Kids' Activity
-
Is Facebook a FAD?
-
Serious vulnerability found in older versions of Photoshop/Flash/Illustrator
-
Twitter hack breaches thousands of accounts
-
Using Filevault?? Password in plain text...
-
FBI asking for even easier ways to monitor internet users
-
Adobe ships emergency fix for critical Flash Player exploit
-
Over 300,000 Systems May Lose Internet Access in July
-
US Government takedown of MEGAUPLOAD not legal?
-
Windows XP will die in 2014
-
Over 181,000 patient records and 25,000 SSNs stolen
-
600,000 Macs Infected??
-
Java - Most Popular Attack Vector for Windows and Mac
-
Cracking iPhone and Android Security Codes (Pins)....in seconds!
-
Infected Word files spreading malware on MACS
-
Exploiting Remote Desktop Code Leaked...Are you using RDP?
-
Get Ready to Add a “Y” at The End of The Internet Service Provider Acronym (ISPY)
-
Experts sound worm alarm for critical Windows bug
-
Obama administration invoking privacy concerns to block FOIA requests
-
Group retaliates against Panda Security for comments about arrests
-
Do away with Antivirus?
-
The Global Intelligence Files
-
Revealed: US plans to charge Assange
-
"Password1" - most common password...why passwords matter?
-
FBI: Cyber attacks may soon be top threat to USA
-
Updated Firefox browser extension detects fraudulent SSL certificates
-
Prison website breached, Infraguard website breached.
-
Porn Website Data Breach Exposes Usernames, Emails
-
Symantec's pcAnywhere Woes May Be Worse Than We Thought
-
Iran developing Cyber Army
-
Social Media Users: Infection Inevitable
-
Food and beverage industry has unsavory history of data breaches
-
Another Mac Virus - Flashback trojan variant
-
"Anonymous" Takes Down CIA Web Site
-
Got remote access? Lock it down
-
Ransom talks with Symantec (pcAnywhere code) conducted by law enforcement fail, code posted.
-
Law firm that defended Marine still smarting from Anonymous attack
-
Apple iMessage bug allows others to spy on your conversations
-
FBI wants massive data-mining capability for social media
-
Symantec: Source code stolen, users should disable pcAnywhere
-
Pacific Northwest train signals disrupted by hacker, says TSA
-
FBI issues a new warning about the Zeus variant called Gameover
-
Zeus Bot blamed for theft of Salem County funds
-
People not aware their participating in DDOS attacks
-
Security warning for online traders
-
Popular file-sharing website Megaupload shut down
-
Small firms must heed online security, too
-
UAE Central Bank hit by hackers
-
Microsoft to distribute botnet intelligence to governments, industry
-
Wikipedia taking site offline in PIPA and SOPA protest
-
Israeli, Saudi Hacker Battle Escalates
-
New slow-motion DoS attack
-
Pastebin shut down twice in a week by DDoS attacks
-
Ramnit worm switches focus from financial to Facebook, steals 45K logins
-
Wikileaks Spy Files Target Forensic Companies
-
Most users have not installed security software on their smartphones, survey finds
-
Japan’s cyber defense weapon: a virus
-
US-CERT warns about security flaw affecting millions of wireless routers
-
More Stratfor Data Released
-
Stratfor Says Hackers Only Nabbed Credit Card Information
-
New Tools Bypass Wireless Router Security
-
Hackers to exploit vulnerable infrastructure in 2012, McAfee warns
-
Personal information on 90 million Chinese online subscribers hacked
-
No rogue certificates were issued by Comodohacker, says GlobalSign
-
A Dispute Over Who Owns a Twitter Account Goes to Court
-
Reasons to Migrate Off Windows XP
-
The Carrier IQ Saga
-
Use of the Black Hole exploit kit and Java exploits is growing
-
Microsoft software bug linked to "Duqu" virus
-
Products of Facebook
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |