fbpx
Open post

Uber made a Uber mistake

Recently disclosed by Uber was a mishap that affects millions of customers and drivers, but it was swept under the rug, potentially putting millions at a higher risk.

Apparently late 2016, Uber had been hacked, and millions of customers and drivers’ sensitive information had become known to the malicious online hackers. Instead of disclosing this information to the proper channels, Uber instead chose to pay hackers 100,000$ to destroy data on millions of customers and drivers, to hide the incident from victims and authorities.

Attorney generals in at least four U.S. states have launched investigations into the incident. Due to Ubers decision to go against regulations and report the incident, they are now in hot water with their customers and drivers, as well as local governments.

The FTC, which looks into companies who handle sensitive personal information, is now looking into Uber to assess the damage and serious issues that are prevalent in response to the breach.

This issue does not only affect the US, but the UK as well. The UK criticized Uber for it’s lack of communication, preventing UK government to look into the problem and asses the damage for those affected. The UK has a 500,000 pound penalty delivering to Uber for their inability to follow regulations.

The information that was stolen includes email, phone numbers, names, as well as license numbers. An estimated 600,000 drivers license numbers were stolen.

Uber has been tight-lipped with reporters looking for more inquiry about the problem that arose and how it was handled.  Uber executives have been fleeing one by one for one reason or another, involving sexual harassment, data privacy, and business practice. London has pulled Uber’s operating license because of their failure to deal with public safety and security isssues. 

Open post

One Plus, potential for additional disasters

Recently, OnePlus, the phone brand, has been under scrutiny due to a newly discovered security flaw with one of their apps. Their app, also known as OnePlus, leaves the consumer open to attacks because the application was revealed to carry root access for the device.

So what does this mean? It means that your device may be accessed even when locked, using this vulnerability. This access to the root for the device is called “Engineer mode” and was originally made for the purpose of checking the phones functionality before leaving the factory. The issue is, that the application OnePlus also has a backdoor that leads to the root and this functionality. Which means if someone so desired, they could gain access to your phone, despite their being a password lock on it.

A developer who discovered the vulnerability, plans to release an app which exploits this vulnerability and gives OnePlus users an easy root access method.

This exploit still requires ADB, but nonetheless still poses a threat to users. Thus far there has been no action taken, but the CEO of OnePlus said they are “looking into it.” 

 

Open post

Phishing or data breaches? Which should you be worried about?

As of late, there has been a lot of talk about data breaches and online security failures. Naturally these instances can be concerning due to their involvement with their customers, like you! It is important to secure your network and be aware of any gaps that may be taken advantage of, however it is also important to watch out for phishing attempts, some believe even more so.

Recently, Google and UC Berkeley researchers have stated that the real fear should lie with the phishing hook waiting for unsuspecting persons. While data breaches can be devastating, it is thought that phishing can lead to more devastating results in the end, for example losing access to accounts and having your life’s work or personal documents/information out of reach. A strong example would be the loss of your Google account, that most persons now use regularly and hold superfluous  amounts of life activities and records on. Phishing generally has a much higher encounter rate than data breaches.

Last year Google did a study, with their services as the focal point, to study the commonalities of phishing, key logging, and data breaches. Through the study, it was noticeable that phishing was much more relevant than key logging or data breaches. Through the process of this study, the gained knowledge was put to use almost immediately, helping to secure around 67 million Google accounts from possible abuse.

Google used large amounts of sources to help discern accounts that have already been compromised by key logging, phishing and data breaches, and it became known that most of those using phishing kits reside in the following order.

  • Nigeria
  • United States
  • Morocco
  • South Africa
  • United Kingdom
  • Malaysia

The basis of the phishing attacks, involve a false sense of insecurity. They are emails or something of the like, that state there is a problem and that the message can take you to the solution. These messages are often portrayed very convincingly which tends to be the reason they are believed more often than naught. Another part of the ponies tricks is using Google against itself. Often the messages attempt to gain excess forms of information under the premise of being Google asking for these other forms of information. The other forms of information include IP addresses, device make and model, phone numbers, and location, all of these things are something Google may ask for at times, meaning you need to be that much more vigilant. Through gaining access to these other forms of information, those doing the phishing can extend their area of activity and possibly cause even more of a stir-up on your life.

 

Google found that, while data breaches can be a serious problem, there has only been about 7% of accounts that experienced data breaches, and those accounts have long since been inactive before being breached. In saying that, key logging and phishing accounted for around 12 or 25% of account passwords being used by persons other than the account owners. Most of the phishing victims were in the United States, while Brazil and India being the majority of key logging victims.

No matter the form of security breach, it’s important to continually be conscious of your activity online, and ensure your keeping yourself, life, and information safe. 

Open post

Android security update! KRACK be gone and band-aid adhesion!

Android deployed its recent patch for their phones. This patch holds significant updates, that involve KRACK (Key Reinstallation Attack) and also some fixes for the newly released Pixel 2 phones!

Surprisingly, Google actually released three updates for November. There is the main update that involves the normal bug fixes and performance updates. The second patch is in relation to the Qualcomm bug that left users vulnerable to Wi-Fi breaches.

The Qualcomm bug comes second to the Krack update. Earlier this year a weakness was found in the WPA2 Protocol that put thousands of people in a vulnerable position, allowing them to be hacked through most all Wi-Fi points. Krack is all about that new vulnerability in the WPA2, those most vulnerable however would be the Linux and Android 6.0+ devices, this is because their system can be tricked into installing an all-zero encryption key.

The 2017-11-06 patch that addresses KRACK issues affects versions ranging from Android 8.0 Oreo and all the way back to 5.0.2 Lollipop. As for Google’s Pixel and Nexus, the patches thus far released are only up to 2017-11-05, so the KRACK update has not hit those customers yet, but it is presumed they will receive the 2017-11-06 update sometime closer to December.

Along with bug fixes and security reinforcement, Google is now adding functional updates in the mix. When the Google Pixel was released, the XL variation received a lot of criticism due to the screen brightness and burn of the battery that occurred passively. To help diminish these concerns, Google updated the phone with new functionalities. The first would be a new dimming navigation bar, that dims the navigation bar when it is not in use, while also changing to white while in some applications. The patch also lowers the max brightness.

Another complaint was the colors of the display were dull. It seems Google anticipated this possibility and had installed a “Vivid color” check box in the settings menu. However this saturation wasn’t enough for some customers so Google released a new “colors” option that gives three options for saturation, ranging from natural, to saturated, to boosted. Supposedly there have been reports of clicking noises while on the phone with the Pixel, but Google states the November patch fixes that as well.

Open post

USB with breach measurements found in Heathrow

Recently, a USB was found discarded on the streets of London. Well that’s fine right? Nothing is abnormal about some misplaced USB’s…until this one.

The USB that was found contained very high detailed information involving the Queen’s route when using the airport and the security measures taken, as well as timetables of patrols used to guard a site from terror attacks. There were also loads of maps and documents labelled restricted or confidential. ID access information was also included which allowed for access to restricted areas.

One of the even more concerning bits of information (yes there is more) found among the documents were maps showing the location of CCTV cameras, routes and safeguards for cabinet ministers and foreign dignitaries, as well as details of the ultrasound radar system used to scan runways and the perimeter fence.

Thus far there is no suspect to who owned this USB. However There has been statements made that security is still tight and Heathrow remains secure. 

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Open post

Equifax update. They knew months ahead that a breach was possible

Unfortunately there are some in this world who choose to close their eyes to the issues. Equifax seems to be the type to commit such ignorant acts.

Reportedly, six months ago Equifax was warned about the possibility of a security breach in their network. An anonymous security researcher had informed Equifax that they were susceptible to a forced browsing technique that could potentially expose thousands of customers SSN, birthdays and full names. The anonymous researcher also said they found other bugs that would have allowed a hacker to take control of Equifax servers, including SQL injection vulnerability. SQL vulnerability would allow maliciously crafted data to be forced into a web entry field to run commands in the background without the user being wiser for it.

This is a disappointing realization of information, knowing that a company that is supposed to keep the information of customers at it’s highest priority on lock down, to be so negligent to the weaknesses in their security system. Especially when being told specifically the issues that are there and could be accessed through such an easy manner such as forced browsing. Its reported that Equifax didn’t address those issues for six months. It is uncertain if those weaknesses were the cause of the security breach, which would honestly be more unsettling if there was a different means of access, because that means they were even more lax in another area with the information of the people who trusted them.

There is speculation that more than one hacker group could have been inside of the company’s network at the breach, further enhancing the possible issues that may arise for the Equifax customers. 

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

TransUnion, rival of Equifax having the same breach issues!

Apparently Equifax isn’t the only one having issues with the security of their website.  TransUnion’s website has been leading unsuspecting costumers to a false Flash update as well.

A researcher from AV provider Malwarebytes has stated that transunioncentroamerica.com is sending visitors to fraudulent update pages and other forms of malicious sites. Just like Equifax, TransUnion seems to be at the mercy of Adware and Malware. If the false Flash update is clicked on it can lead to infecting computers with an unpatched browser or browser plugins.

TransUnion has since addressed the issue and declared the issue is resolved on the specific site, while investigations of their other sites are in the process.

It is believed the reason this issue has come to rise is the fireclick.js JavaScript that has been in use by both Equifax and TransUnion. Fireclick.jk pulls content from a long chain of pages starting with those hosted by akamai.com, sitestates.com, and ostats.net. Depending on the visitors’ IP address, browsers generally wind up visiting pages that deliver false updates and the like. It is presumed that ostats.net is where the issues arise, however no confirmation of that has been achieved yet.

Give us a call at Re2tech and lets talk about the level of security your network has and the technology you could be using to enhance your safety!

Open post

Equifax leads to disaster once again

Equifax, which recently had a security breach now has another.

In May, Equifax lost customer’s SSN, names and loads of other personal information to a security breach. Getting much scrutiny, they worked on getting the issue under control and had stated that it was solved. However it appears they were wrong.

A malware researcher ran across a bogus Adobe Flash update while going through the Equifax website. This occurred Wednesday  and Thursday for several hours. If clicked on, a visitors computer would become infected with adware. This adware is only detected by 3 of 65 antivirus providers.

Generally for malware like this, it only shows up once for each visitor and not even all visitors, more so a cluster at a time to prevent widespread detection. However the adware on the Equifax site was persistent in comparison to most other adware’s. You could run across the bogus flash update on multiple occasions increasing the risk of of it being clicked on and taken seriously. If clicked you will begin downloading ‘MediadownloadIron.exe’.

It’s suspected that the issue is stemming from a third-party that Equifax has been working with, which could mean the fault isn’t on Equifax’s end but the third-parties end. This could also pose a problem for other websites, so it’s important to keep an open eye.

Equifax needs some help it seems! Maybe they should call Re2tech? Well if they don’t, you can! Give us a call today and let us ensure your online security! Let’s not follow suit with Equifax. 

Posts navigation

1 2 3 4 5 6
Scroll to top