fbpx
Open post

Hackers backed by Lebanese government affect thousands

Once again, hackers have made the headline! Supposedly, some hackers backed by the Lebanese government have had a phishing scam in progress for several years.

Recently, a group of security researchers have discovered a simple but obviously effective hacking method, that has been linked to affecting thousands of people. The location of the hacks have been tracked back to a specific building in Beirut Lebanon.

The amount of data stolen over the several years of phishing that has been amassed is well into hundreds of gigabytes. So how is it this had gone on for so long and no one was the wiser? Apparently the phishing method was created through a recycled infrastructure and really no special means.

The security researchers from Electronic Frontier Foundation along with the security firm Lookout, accomplished a backtrack of the phishing malware and were able to gain insight into the database that had been amassed in Lebanon. The singular building that was housing the server for this phishing malware was Lebanon’s Intelligence agency. The researchers were able to asses that years worth of espionage took place not only in the US, but also more than 21 other countries. This news can be terrifying, considering the plausible outcomes from such actions, like the recent US presidential election and Russia’s involvement, as well as recent headlines involving hackers rooting from North Korea and attempting to gain cyber access to the upcoming Winter  Olympics.

It seems as time goes by, the ability to hack into other countries and gain information is becoming increasingly easy for everyone. Even hackers in the US that attack businesses and other such places have become so common and part of the norm, we don’t bat an eye now. There are many indications that our presence online can and at some point will be accessed by outside parties, and we need to ensure the strongest cyber defenses we can for our private securities sake, among other things like financial security.

don’t wait until you make the headline of a news article to understand the important of a secure online presence. Call Re2tech today and let us help you learn about your home or business network, and improve its security abilities.

Stay safe and careful what you post.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Hospital in Greenfield held hostage to hackers

Late last Thursday, Jan 11th, a hospital in Greenfield had become the victim to a hackers malware. The malware was ransomware that had locked up their computer systems, preventing access to patient information and other necessary medical records.

Part of the Greenfield health network became locked down due to ransomware, preventing further medical action for more than 1,400 patients, who’s files were changed to the name “im sorry”. The hacker or hackers had given the hospital seven days to pay the ransom or the files would be encrypted permanently, causing huge issues for the potential safety of the patients who’s files had been locked.

An analysis since the attack was conducted and confirmed that no patient data had been stolen. The location of the hackers are believed to be somewhere in eastern Europe, stated Steve Long, the CEO of Hancock Health. The files affected by the ransomware could have been retrieved from a back up location, however the time it would have taken to recover that information would have been costly, so the ransom was paid.

The ransom amount was $55,000, through the currency known as Bitcoin, a cryptocurrency that is almost untraceable. Four bitcoins would be sufficient for the payment and would unlock the hospital records. Once the payment was received the hackers had released the documents and stayed true to their word. There is expectation that some of the technology will be a little off as a result from the outside hack, and there had been reports of a couple screens flashing the ransomware again, however it was only momentary and did not reactivate.

It was learned that the hackers had gained access through the hospitals remote-access portal, logging in with an outside vendors credentials. Initially it was believed that an employee had opened an email that contained the ransomware on accident.

As a response to the recent invasion, the hospital enlisted some help and knowledge from the FBI and cyber-security companies to ensure there is no residual affects, and inquire about other actions that could have been taken, as well as way to prevent the same problem from occurring again. As an added security measure, hospital leaders asked employees to alter their passwords  and implemented new software that can detect patterns indicating a similar attack may be on the horizon.

Luckily this hacker group or person had stayed true to their word, otherwise the files of patients would have been missing for a few days, possibly causing complications for patients and hospital employees alike. 2018 is turning out to be rough, and we are only 16 days in. Let’s all pull together and ensure our tomorrows are brighter than our yesterdays! Have a great week everyone!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Hackers hit Lumen cryptocurrency wallets

January 13th, all was right, until a sneaky little hacker came crawling in the night. To steal and plunder, wallets oh wonder, riches they desire watch them set fire. So basically, hackers have stolen crypto wallets from the Stellar Lumen currency.

Thus far there has been no claim as to who has stolen the wallets of Lumen crypto users, but we do know how they got access. The hacker or hackers, hijacked the DNS server for a web-based wallet application known as BlackWallet.co. Once inside, the malicious force redirected the activity from BlackWallet to their own server. Through this endeavour they have claimed about $400,000 from those who stored XLM coins in their wallets.

A security researcher analyzed the code of the site before BlackWallet regained control, and found that the DNS hijack would move the wallets that had 20 or more Lumens towards the hackers server, efficiently racking up Lumens to cash out on. Apparently the BlackWallet team and other XLM owners had attempted to inform the community that the server had been hacked using social media sites, but to no avail. People still logged into their accounts and watched as their money disappeared like magic. An estimated 669,920 Lumens were stolen.

BlackWallet has posted the address of the hackers wallet online to keep track of it. The hackers have attempted to exchange their coins for a different currency to hide their tracks. The hackers are using the Bittrex currency exchange to do so, and BlackWallet is attempting to get into contact with Bittrex in order to stop the specified account and return the specific funds back to the related accounts.

Thus far, there is no new news as to the transpiring events.

I’ve said it before, and will say it again, cryptocurrency is a risky business. Be careful what you invest into and be sure to watch for any relating news to it!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Russia inbound, hackers take a crack at Senate email

Recently announced, a Russian hacker group known as “Pawn Storm” has taken to the web for a bold attack on the Senate. In an attempt to gain email access, tensions rise in the US governments management of the continual Russian online invasions from hackers abound.

This hacking group has been known for its penetration of the Democratic National Committee and has been known to make many brazen attacks on US networks over the past eight months. One of the main focuses of the group is the Senates internal email system. This news is following the report of another Russian affiliated hacker group known as “Fancy Bear” attempting to hack into accounts dealing with the Winter Olympics.

Trend Micro. Inc. was responsible for bringing forth news of this recent hacking attempt and states that Pawn Storm’s attacks that began in 2017 has since set phishing sites that mimic active government directory services, causing issues for accountability. It was made clear however that despite the hackers attempts, the U.S. Senate ADFS server is not reachable on the open internet.

The hacking group has been making false identity accounts and emailing personnel that their password has expired, and since they take the guise of Microsoft Exchange, it’s harder to discern the real from the fake. There has been talk that Pawn Storm has been on the radar for four years, due to their involvement in phishing activity against political organizations in Iran, France, Germany, Montenegro, Turkey and Ukraine. It is believed that Pawn Storm wants to influence the public in some manner, and are searching for leak worthy information.

Cozy Bear, Pawn Storm and Fancy Bear are the three main hacking groups from Russia right now causing a ruckus in the online world. There is belief that Pawn Storm is linked to Russia’s military intelligence service. Other security firms who have had run-in’s with the other hacking groups, have made comments that they believe Cozy Bear and Fancy Bear are also sponsored by the Russian government.

Tensions rise online just 12 days into the new year. Hopefully there will be some cooling time before the next barrage of bad bear news! That’s all for today folks!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Russia has been banned from the 2018 Olympics, possibly connected to Olympic hacking

Recently we had a post involving some hacking attempts against those in cooperation with the 2018 Winter Olympics. The hacking attempts involved sending malware-full emails from spoof accounts to those with information on the progression and supervising of the 2018 Winter Olympics in Pyeonchang.

Russia had been banned from the Olympics a little over a month ago due to the conclusion of the International Olympic Committee in response to Russia’s exposure of systematic doping. Now, as of recent, hackers involved with the Russian government has released emails pertaining to stolen information from the International Olympic Committee.

The hackers have claimed the name “Fancy Bears” which is a reference to the games’ mascots. The cybersecurity firm ThreatConnect stated that an earlier hack involving the Olympics, was the work of a Russian military intelligence. The hackers had gone live and published the email on Wednesday the 10th, through the means of a website that was relevant in 2016 in relation to Russia’s doping exposure.

The origins of the emails are still unknown. The emails spanned all the way back to 2016 to spring of 2017 and involved messages between IOC employees and the third parties that discussed the Russian doping conspiracy. Fancy Bear had posted a comment along with the release of the emails, stating “Europeans and Anglo-Saxons are fighting for power and cash in the sports world.”

Despite the public attention to the emails, there has been no confirmation or denial of any of the stated information by IOC members.

Crazy is the things that come about when hackers are involved. The Winter 2018 Olympics will surely be something eventful, if not for the sport achievements alone.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

McAfee twitter account hacked, cryptocurrencies may be next

Everyone knows of the virus security program McAfee, so that will make this information a little funny, but the cyber security expert John McAfee’s twitter account had been hacked.

This curious turn of events had occurred in order to promote specific alternative cryptocurrencies to invest in. Last week, McAfee’t twitter account had been hacked and abused to recommend cryptocurrencies, in the assumption that the hacker had invested in the same stock and was trying to cause a surge in the stock pricing to make some money.

McAfee  had posted a tweet clarifying that the twitter posts called “Coin of the day” was not made by him, and that his account was hacked. McAfee warns others of the potential danger in new hacking methods that had been used on him to attain his twitter account. The hackers had apparently changed the accounts linked phone number in order to attain the password with the “lost password” function. McAfee stated that this form of hacking has not been seen before, and that everyone else should be weary as well.

The hackers who posted tweets on McAfee’s behalf induced a rise in certain stocks of the cryptocurrency world, probably producing a nice lump sum of money for the hackers. There is speculation that AT&T had someone from the inside causing the problems, and that would explain the new phenomenon involving the phone number change on the account. McAfee regained control of his account three days after the incident and attempted to defend himself from the ridicule that followed.

There is further speculation that another large hack will occur in the cryptocurrency market, and that those who are investing should move their earnings to a private online wallet. Due to cryptocurrencies being a million dollar market, the target is big and red all over and in the cross-hairs of probably every hacker out there.

Keep yourselves safe everyone, and if you are in the crypto game, move that money before you lose it, like those involved in the Nicehash hit.

contact_us_button

Open post

Hackers take aim at the Winter Olympics

2017 was a big year for technology and it’s hacking abusers. With the new year already in progress we were all hoping for a nice downtime from the bad news and potential dangers. Sadly that isn’t the case right now. Recently reported were attempts of maleware infection affecting those involved in the Pyeongchang Winter Olympics.

Apparently, emails containing maleware-infected documents were distributed to organizations involved in the organization involving the Winter Olympics. These emails were spoof accounts, which means they were simply made for the purpose of distributing the maleware, and used the false pretense of being someone they were not. The emails were reported to have been sent from South Korea’s National Counter-Terrorism Center, and that the email contained information that would help the process of antiterror drills in the region to prepare for the games.

The security firm McAfee confirmed the attempted malware intrusion upon inspection of the reports. Since December 22nd of 2017 there have been emails such as these circulating , attempting to either gain sensitive information such as passwords and emails or financial information. The emails that were received are reported to have been sent from Singapore but the content in the email was written in Korean. Along with the emails were the documents that held the malware, and those documents read as “Organized by Ministry of Agriculture and Forestry and Pyeonchang Winter Olympics”.

Through time, the emails had altered the way which they spread the malware, from a document to a hidden text, or picture, which is a tactic known as steganography. McAfee reports the implants in the emails lead to an established link between the victim and the attacker’s server, to enable the attacker to gain access to executable commands and install additional problems. McAfee expects there to be more attacks such as these to continue up until the event, and to be weary of the recent past examples that involved this form of attack.

Well, it looks like this year may be another trial that we all must pull together to overcome. In the meantime, give us a call at Re2tech to enhance your online defenses and become more understanding of your network and systems!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Googles discovered CPU vulnerabilities, and how it can affect you

Google is a forerunner in the online world for many aspects, but one of the main focuses of Google is security. Google has a “Project Zero” team dedicated to researching vulnerabilities their customers may be facing while also doing their best to provide solutions to the problems.

Last year the Project Zero team had come across a security flaw due to something called “speculative execution”, which is described as a technique used by most modern processors (CPUs) to optimize performance.

This security flaw is seen as a more serious flaw, due to it’s capabilities for leaking vulnerable information to an unknown party. Malicious persons may take advantage of the said vulnerability in the speculative execution process to read system memory that should otherwise be inaccessible. This may lead to the exposure of information such as passwords, encryption keys, or even sensitive information that is present in open applications. It was also noted that a virtual machine attacked through the vulnerabilities of speculative execution could also lead to access of physical memory in the host machine, further enhancing the dangers.

The affected CPUs are rather wide, but include AMD, ARM and Intel, as well as devices and OS running on those CPUs. Google has stated that the research team has updated their systems to defend against the speculative execution attacks, and cooperated with hardware and software manufacturers across the industry to protect a more broad range of technology and people. This cooperation has lead to mitigation of the affected from this form of attack.

Google has released a list of products and machines that have the mitigation and protection in place, the following are secured from the speculative execution attacks.

  • Android- Those with the latest security update are secure. Nexus and Pixel devices are also secure with the latest security update.
  • Google apps/ G Suite- no action needed
  • Google Chrome- There may be some necessary actions required on the users end. A link to the page is here
  • Google Cloud Platform- Google App engine is secure.
    Google Compute Engine: additional action required here
    Google Kubernetes Engine: additional action required here
    Google Cloud Dataflow: additional action required here
    Google Cloud Dataproc: additional action required here
  • All other Google Cloud products have been cleared and are secured.
  • Google Home/Chromecast -no action needed
  • Google Wifi/OnHub – no action needed

Google has stated that in order to take advantage of this new method of attack that uses speculative execution, the attacker must first run malicious code on the system they targeted.

Google has stated that there are three variants of the attack, which cant be mitigated with one method, but needs a specific method for all three attack variant. Some vendors have patches for one or two of the attack variants, and Google is working with them to ensure all three get mitigated over time.

It is good to know Google is helping to spread the necessary information for others to protect themselves against such a potentially dangerous attack! As for other means of protection, why not give us a call at Re2tech! We will ensure a strong security for your network and help teach you about your own system along the way! We make I.T. happen!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Smartphones with breach options, new option discovered

Smartphones are the present and the future, there is no doubt about that. They offer an immense control in a life and helps people stay up to date on what people are eating and how close WW3 is. It’s no surprise this is also the same device that is the target of hackers and the like, who want to steal information and jump start their own lives off of someone else’s.

Recently a study from NTU (Nanyang Technoloical University, Singapore) discovered a new method to which hackers may abuse in order to gain access to our little rectangular life box’s. The new access method actually involves your phones pin code.

There has been many vulnerabilities with smartphones since they have been released, involving things like the accelerometer, gyroscope, and proximity sensors. However through each vulnerability we have always come up with a means of patching said vulnerability. Well now we have another to patch involving the pin code. This was discovered through the experimentation with six different smartphone sensors and state-of-the-art machine learning, and deep learning algorithms. Through this experimentation the researchers from NTU has had a 99.5% accuracy within a three attempt confines, and the type of smartphones involved were using the Android operating system. The researchers used the 50 most common PIN numbers to experiment in this process.

Before this method came to be, the dominant phone hacking technique only had a 74% chance of success, while that is still very large, this new method is much more alarming. NTU’s technique can be used to guess all 10,000 possible combinations in a four-digit PIN.

The means by which the researchers came across this method is quit astounding actually. What was studied was the orientation, the light variation across the screen, and which thumb pressed the pin numbers. This led to the realization of variables that the phone is exposed to while someone enters specific numbers, allowing the deep thinking algorithm to narrow the possibility in pin combination and have a much easier time at assessing the correct possible combination. It is also worth mentioning that the technology used has a means of increasing it’s success rate with more exposure to possible pins and means of them being entered.

While this discovery may be frightening, it also means we have a way to understand it’s method and develop some manner to combat it, preventing hackers to use and abuse this information. Researchers at the University think that access to phones sensors and sensor information is too large of a risk and should be on lock-down in devices to prevent this method of access from ever becoming an issue.

Technology sure can be daunting, but with every virus there is a cure, with every method there is an equally effective anti-method. Let’s be sure to continue our cautiousness with our sensitive information and stay up to date on their strengths and weaknesses! That’s all for today, be sure to call for e-mail use for any questions or installations! Here at Re2tech, we make I.T. happen!

Open post

Forever 21…for the hackers with new credit card information

Hello all! We hope everyone had a nice relaxing holiday before the new year was rang in! Unfortunately during the holiday rest, someone got a little too relaxed. The known clothing company “Forever 21” was a victim of another security breach for the 2017 year.

The popular clothing store had apparently been hit with malware at some of their store locations, causing customers who paid with credit card in store, to have their information exposed to those hackers who installed the malware.

The company has made a statement addressing the issue, and reminding customers to constantly keep track of their card purchases and report any suspicious charges as soon as they see something to mitigate chances of their accounts being drained.

From the investigations findings, it was reported that the malware was installed and activated somewhere between April 3rd and Nov. 18th of 2017. There has been no number confirmation as of yet on the amount of people affected by this breach. It was noted that those who paid with card over Forever 21’s website are not affected, for the malware did not have any grasp on those lines of payment.

Forever 21 has a phone number to call that will answer questions about the breach.

Forever 21’s security breach hotline:

1-855-560-4992 Monday through Friday  between 8a.m. to 6p.m. P.S.T.

There we have it, another last security breach for 2017 before the new year could ring in. Hopefully this will be the last attack that will be revealed involving the 2017 year, for there have already been far too many!

Stay vigilant and informed, and as always if you need any IT help whether it be questions or installations, be sure to contact us and we will see that your network becomes secure and your insecurities are no more!

Posts navigation

1 2 3 4 5 6
Scroll to top