fbpx
Open post

McAfee twitter account hacked, cryptocurrencies may be next

Everyone knows of the virus security program McAfee, so that will make this information a little funny, but the cyber security expert John McAfee’s twitter account had been hacked.

This curious turn of events had occurred in order to promote specific alternative cryptocurrencies to invest in. Last week, McAfee’t twitter account had been hacked and abused to recommend cryptocurrencies, in the assumption that the hacker had invested in the same stock and was trying to cause a surge in the stock pricing to make some money.

McAfee¬† had posted a tweet clarifying that the twitter posts called “Coin of the day” was not made by him, and that his account was hacked. McAfee warns others of the potential danger in new hacking methods that had been used on him to attain his twitter account. The hackers had apparently changed the accounts linked phone number in order to attain the password with the “lost password” function. McAfee stated that this form of hacking has not been seen before, and that everyone else should be weary as well.

The hackers who posted tweets on McAfee’s behalf induced a rise in certain stocks of the cryptocurrency world, probably producing a nice lump sum of money for the hackers. There is speculation that AT&T had someone from the inside causing the problems, and that would explain the new phenomenon involving the phone number change on the account. McAfee regained control of his account three days after the incident and attempted to defend himself from the ridicule that followed.

There is further speculation that another large hack will occur in the cryptocurrency market, and that those who are investing should move their earnings to a private online wallet. Due to cryptocurrencies being a million dollar market, the target is big and red all over and in the cross-hairs of probably every hacker out there.

Keep yourselves safe everyone, and if you are in the crypto game, move that money before you lose it, like those involved in the Nicehash hit.

contact_us_button

Open post

Hackers take aim at the Winter Olympics

2017 was a big year for technology and it’s hacking abusers. With the new year already in progress we were all hoping for a nice downtime from the bad news and potential dangers. Sadly that isn’t the case right now. Recently reported were attempts of maleware infection affecting those involved in the Pyeongchang Winter Olympics.

Apparently, emails containing maleware-infected documents were distributed to organizations involved in the organization involving the Winter Olympics. These emails were spoof accounts, which means they were simply made for the purpose of distributing the maleware, and used the false pretense of being someone they were not. The emails were reported to have been sent from South Korea’s National Counter-Terrorism Center, and that the email contained information that would help the process of antiterror drills in the region to prepare for the games.

The security firm McAfee confirmed the attempted malware intrusion upon inspection of the reports. Since December 22nd of 2017 there have been emails such as these circulating , attempting to either gain sensitive information such as passwords and emails or financial information. The emails that were received are reported to have been sent from Singapore but the content in the email was written in Korean. Along with the emails were the documents that held the malware, and those documents read as “Organized by Ministry of Agriculture and Forestry and Pyeonchang Winter Olympics”.

Through time, the emails had altered the way which they spread the malware, from a document to a hidden text, or picture, which is a tactic known as steganography. McAfee reports the implants in the emails lead to an established link between the victim and the attacker’s server, to enable the attacker to gain access to executable commands and install additional problems. McAfee expects there to be more attacks such as these to continue up until the event, and to be weary of the recent past examples that involved this form of attack.

Well, it looks like this year may be another trial that we all must pull together to overcome. In the meantime, give us a call at Re2tech to enhance your online defenses and become more understanding of your network and systems!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Googles discovered CPU vulnerabilities, and how it can affect you

Google is a forerunner in the online world for many aspects, but one of the main focuses of Google is security. Google has a “Project Zero” team dedicated to researching vulnerabilities their customers may be facing while also doing their best to provide solutions to the problems.

Last year the Project Zero team had come across a security flaw due to something called “speculative execution”, which is described as a technique used by most modern processors (CPUs) to optimize performance.

This security flaw is seen as a more serious flaw, due to it’s capabilities for leaking vulnerable information to an unknown party. Malicious persons may take advantage of the said vulnerability in the speculative execution process to read system memory that should otherwise be inaccessible. This may lead to the exposure of information such as passwords, encryption keys, or even sensitive information that is present in open applications. It was also noted that a virtual machine attacked through the vulnerabilities of speculative execution could also lead to access of physical memory in the host machine, further enhancing the dangers.

The affected CPUs are rather wide, but include AMD, ARM and Intel, as well as devices and OS running on those CPUs. Google has stated that the research team has updated their systems to defend against the speculative execution attacks, and cooperated with hardware and software manufacturers across the industry to protect a more broad range of technology and people. This cooperation has lead to mitigation of the affected from this form of attack.

Google has released a list of products and machines that have the mitigation and protection in place, the following are secured from the speculative execution attacks.

  • Android- Those with the latest security update are secure. Nexus and Pixel devices are also secure with the latest security update.
  • Google apps/ G Suite- no action needed
  • Google Chrome- There may be some necessary actions required on the users end. A link to the page is here
  • Google Cloud Platform- Google App engine is secure.
    Google Compute Engine: additional action required here
    Google Kubernetes Engine: additional action required here
    Google Cloud Dataflow: additional action required here
    Google Cloud Dataproc: additional action required here
  • All other Google Cloud products have been cleared and are secured.
  • Google Home/Chromecast -no action needed
  • Google Wifi/OnHub – no action needed

Google has stated that in order to take advantage of this new method of attack that uses speculative execution, the attacker must first run malicious code on the system they targeted.

Google has stated that there are three variants of the attack, which cant be mitigated with one method, but needs a specific method for all three attack variant. Some vendors have patches for one or two of the attack variants, and Google is working with them to ensure all three get mitigated over time.

It is good to know Google is helping to spread the necessary information for others to protect themselves against such a potentially dangerous attack! As for other means of protection, why not give us a call at Re2tech! We will ensure a strong security for your network and help teach you about your own system along the way! We make I.T. happen!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Smartphones with breach options, new option discovered

Smartphones are the present and the future, there is no doubt about that. They offer an immense control in a life and helps people stay up to date on what people are eating and how close WW3 is. It’s no surprise this is also the same device that is the target of hackers and the like, who want to steal information and jump start their own lives off of someone else’s.

Recently a study from NTU (Nanyang Technoloical University, Singapore) discovered a new method to which hackers may abuse in order to gain access to our little rectangular life box’s. The new access method actually involves your phones pin code.

There has been many vulnerabilities with smartphones since they have been released, involving things like the accelerometer, gyroscope, and proximity sensors. However through each vulnerability we have always come up with a means of patching said vulnerability. Well now we have another to patch involving the pin code. This was discovered through the experimentation with six different smartphone sensors and state-of-the-art machine learning, and deep learning algorithms. Through this experimentation the researchers from NTU has had a 99.5% accuracy within a three attempt confines, and the type of smartphones involved were using the Android operating system. The researchers used the 50 most common PIN numbers to experiment in this process.

Before this method came to be, the dominant phone hacking technique only had a 74% chance of success, while that is still very large, this new method is much more alarming. NTU’s technique can be used to guess all 10,000 possible combinations in a four-digit PIN.

The means by which the researchers came across this method is quit astounding actually. What was studied was the orientation, the light variation across the screen, and which thumb pressed the pin numbers. This led to the realization of variables that the phone is exposed to while someone enters specific numbers, allowing the deep thinking algorithm to narrow the possibility in pin combination and have a much easier time at assessing the correct possible combination. It is also worth mentioning that the technology used has a means of increasing it’s success rate with more exposure to possible pins and means of them being entered.

While this discovery may be frightening, it also means we have a way to understand it’s method and develop some manner to combat it, preventing hackers to use and abuse this information. Researchers at the University think that access to phones sensors and sensor information is too large of a risk and should be on lock-down in devices to prevent this method of access from ever becoming an issue.

Technology sure can be daunting, but with every virus there is a cure, with every method there is an equally effective anti-method. Let’s be sure to continue our cautiousness with our sensitive information and stay up to date on their strengths and weaknesses! That’s all for today, be sure to call for e-mail use for any questions or installations! Here at Re2tech, we make I.T. happen!

Open post

Forever 21…for the hackers with new credit card information

Hello all! We hope everyone had a nice relaxing holiday before the new year was rang in! Unfortunately during the holiday rest, someone got a little too relaxed. The known clothing company “Forever 21” was a victim of another security breach for the 2017 year.

The popular clothing store had apparently been hit with malware at some of their store locations, causing customers who paid with credit card in store, to have their information exposed to those hackers who installed the malware.

The company has made a statement addressing the issue, and reminding customers to constantly keep track of their card purchases and report any suspicious charges as soon as they see something to mitigate chances of their accounts being drained.

From the investigations findings, it was reported that the malware was installed and activated somewhere between April 3rd and Nov. 18th of 2017. There has been no number confirmation as of yet on the amount of people affected by this breach. It was noted that those who paid with card over Forever 21’s website are not affected, for the malware did not have any grasp on those lines of payment.

Forever 21 has a phone number to call that will answer questions about the breach.

Forever 21’s security breach hotline:

1-855-560-4992 Monday through Friday  between 8a.m. to 6p.m. P.S.T.

There we have it, another last security breach for 2017 before the new year could ring in. Hopefully this will be the last attack that will be revealed involving the 2017 year, for there have already been far too many!

Stay vigilant and informed, and as always if you need any IT help whether it be questions or installations, be sure to contact us and we will see that your network becomes secure and your insecurities are no more!

Posts navigation

1 2
Scroll to top