fbpx
Open post

Disqus breach. Hackers: 10 low security standards: 0

Here we are again folks, another article of a large breach in security, leaving multiple thousands in a state of possible vulnerability.

It was discovered that back in 2012, the same year Engadget used Disqus for comments,  hackers had claimed data from Disqus’ servers. A snapshot of usernames and the emails associated, dating back to 2007, as well as sign-up dates, and last login info and users of the 17.55mm text had been captured. Adding onto that, it seems that 1/3 of the passwords were also breached from those affected accounts, despite being hashed (SHA1)

Disqus learned of the hacking this past Thursday after Troy Hunt of Have I Been Pwned notified disqus that it had obtained a copy of the site’s disclosed information.

Apparently Hunt has also come across breaches for Bit.ly and Kickstarter, while stating he has three more to go.

If you have an account with any of above mentioned sites it would be wise to check on your vulnerable information and ensure all your things are accounted for.

Dont wait until your information is discovered by Have I Been Pwned, act now and give us a call about beefing up your security system! 

Open post

Yahoos 2013 hack affected everyone!

Yahoo’s most known and infamous hack in history, is worse than initially thought.

According to Verizon, who acquired yahoo in June, its now known that all 3 billion users were affected at the time of the hack. No one got away. This is a huge upset in comparison to the initial damage report of 1 billion, that was disclosed years ago.

The hacked information was most all sensitive and private information of the users. Phone numbers, birth dates, security questions and answers, and “hashed”, also known as scrambled, passwords. After the recent investigation of Verizon while transitioning Yahoo, it was noted that the scramble function for Yahoo user’s passwords was very outdated and easily unscrambled, so account passwords were likely breached.

Yahoo is sending emails to those accounts previously thought of as unaffected by the hack back in 2013.

Four years later and we have discovered that a hack that was already known to be one of the worst in history, is now back in the limelight because it was actually much worse than initially reported. This is a prime example that, despite thinking we have all we need to know on a situation, it can come back and bite us in the butt again. This reason alone should be proof enough that cyber security is something to take seriously, and provide the right amount of attention in order to lessen the likelihood that it occurs to you or your company!

Give us at Re2tech a call today and let us help you set up a strong network, and educate on the necessary precautions and management of a network. 

Open post

Not sure if your company has some loopholes in its cyber security? Let us test it for you!

Recently with the more and more hacking news coverage, people are becoming increasingly worries about their cyber security. With reason to be worried, there are businesses hiring ethical hackers to test their systems and discover any loopholes that may be present.

In India, there is a new platform startup that’s become increasingly popular. An ethical hacker, or in other words, a hacker who tests the networks of businesses/companies, has been getting more and more attention. The basis is that there are a lot of loopholes in cyber security, but if you don’t know what to look for, there’s no way of knowing it’s there.

This startup was started by two young men who thought businesses should be aware of their vulnerabilities. At first people were skeptical about trusting self proclaimed “hackers” but were later happy about their decision to go through the process. The two young men have become somewhat famous in India for their service to businesses and even home networks.

The idea that cyber-security  is not necessary or something to worry about, is being overwritten by the recent activity of malicious hackers. The Equifax breach was a tough blow to stomach, however it has helped people become more aware of the possible vulnerabilities that lay in front of them.

We at Re2tech may not be hackers, but we are better! We are I.T.! We have a more elaborate skill set and understanding of cyber security and networking. We can provide you with a strong sense of security when it comes to your business or home network, helping you move along with your day not worrying about your data that is essential in your everyday life!

Give us a call today and lets ensure your network is above standards! We will ensure to close any loopholes we find, and trust us, we know what to look for! Don’t wait until you are already a victim, its better to make plans that anticipate, rather than plans that react! Lucky for you we do both! 

Open post

CCleaner update, technology companies watchout!

A follow up to the recent article about the hacking of the popular CCleaner software, it seems there was more damage than initially believed.

According to Cisco systems, after research was conducted, it became apparent that the breach was far more serious than initially described by Periform.

Despite more than 2 million people being affected, Avast claimed there was no reason to worry, however it seems despite the malware that infected peoples devices, the hackers had an alternative plan. A control server seized by the U.S. law enforcement showed that the hackers had installed malicious software on a selected group of at least 20 machines.

It is not certain which companies housed the affected machines, however the data shows that the hackers had gone after networks at major tech companies. This list includes big hitters like Samsung, Sony, Akamai, and Cisco itself.

There is speculation that the hackers used their new foothold to steal tech secrets from the large companies. Another speculation that has instilled fear, is the hackers could have been looking to get malicious codes inside of the companies’ products, to have a larger affect across the globe, seeing as how these companies have high-value targets in governments and businesses around the world.

Troubling as it may be, this is a great example of the importance that is, having a watchful eye all across your network, and a strong security measure in place.

Give us a call today, because we make I.T. happen!

Open post

Gas skimmers! Be careful at the pump!

Breaches in security through credit cards are becoming something of a more relevant issue with each passing day. Credit skimmers have been found more and more at gas pumps among other locations, swiping your credit card information, allowing the owner of the skimmers to gain access to your funds if your unaware.

Main reasons skimmers are becoming more common:

  • The cheap builds of skimmers allow them to be made in bulk. This allows for multiple caches to build up for the hackers, not needing to worry about replacing some that are discovered and removed.
  • Most skimmers have a common bluetooth broadcast name of “HC-05”. The password for these is usually 1234. It is best to avoid the pumps that have a connection point of this and let the workers at the location know.
  • The bluetooth module thats used in these easily made skimmers are a commonly used product thats involved in educational kits as well as legitimate products. To ensure the signal you’ve found is a skimmer, send the “P” character to the module over a terminal, and you receive an “M” back, its likely a skimmer program. Contact the workers of the establishment as well as the authorities if this is the case.

There is an free application that has been developed to help detect and alert someone of nearby skimmers. The application is called ‘Skimmer Scanner’ and scans nearby bluetooth signals for the “HC-05” title and checks its purpose. If the app finds a possible skimmer it will alert you, thats it, there will be no notification to any authorities, so be sure to let them know if you find one! The application is also opensource and available for Android, the link is here.

Skimmers are essentially man in the middle attacks. It takes upwards of about 30 seconds reportedly for someone to install this skimmer, combine this with ease of creation and that spells trouble for everyone!

Be on the look out for any curious bluetooth signals that fit the description and be sure to use the skimmer scanner app to help defend yourself! Dont become a victim!

After you’ve downloaded the app, why not give us a call and ask us about the other services we provide in terms of cyber security! 

Open post

CCleaner software infected by nasty malware!

CCleaner is a free optimization tool for windows PC and Android mobile. This morning Piriform, the company which makes the CCleaner tool, divulged that specific versions of the software had been piggybacked by hackers.

Affected versions include CCleaner 5.33.6162 and CCleaner cloud 1.07.3191. The malware has a malicious data-harvesting software, compromising sensitive data of those affected.

Piriform is urging everyone to update as soon as possible, to the 5.34 version or higher.  Click here for the link to the update. Users of the CCleaner cloud has been updated automatically so you don’t need to worry there!

The malware’s harvesting capabilities are known to interact with the computers name, IP address, list of installed software, list of active software, and list of network adapters (data which is described as “non-sensitive”), this information is then transferred to a third party computer somewhere in the US.

As of now, there is no other forms of information known to have been sent. The third parties server has been shut down on the 15th with the help of US law enforcement, which has helped mitigate any excess information breaches. The well known security company, Avast, as indicated that users should be safe now, and due to the quick response to shutting down the third party server, there should be little to no harm done.

An estimated 2.27 million users had the affected software installed on the windows 32-bit machines. As a follow up, no users on android devices were affected negatively by the infection.

As a form of protection and precaution for the future, Piriform is moving the entire product build environment to a more robust, secure infrastructure held by Avast.

This is the second large hacking in the past two weeks using malware that has affected millions of users. Be prepared not damage control, ensure your network is secure now before its too late! We at re2tech can help you with that! After all, we make I.T. happen!

Open post

Hackers-2, Equifax-0

After the recent announcement that Equifax had been the victim of a hacking, there has been scrutiny towards the company. Millions of people had their SSN breached and other personal information stolen.

From an on looking perspective it seemed like things couldn’t get worse for Equifax, but it seems that was wrong.

Once again Equifax has found itself a victim of security breach. This breach involved the loss of thousands of customers national identity numbers. The difference in this breach is that it took part in Argentina, and the means by which they were hacked, are rather ridiculous.

As it seems, Equifax had their username and password of the Argentina branch, the same one word, Admin. This is a well known setup username and password across the world. Something new gets set up in a network and the default username and password is admin.

The important matter to take away from this event would be the lack of security that their password offered. As mentioned in a past post, passwords are a vital importance in our cyber defense, and the format of passwords is important. It used to be the norm that a password would be strongest as a jumble of letters, numbers and special characters, however its been recently studied that passwords that consist of four word phrases have a much stronger defense, being a much bigger hassle to crack.

A good example of a strong password could be as follows:

“Penguin Passage Blockus Printer”

This password format has a higher entropy count that increases the difficulty for password cracking programs exponentially.

Dont wait until your in the same position as Equifax, ensure your password strength is up to par and protect that which is important to you and your customers!

Dont forget to give us a call if you need any help with your cyber-security or other forms of technology! We make I.T. happen!

Safe surfing everyone!

Open post

Equifax hack leaves 143 million with roaming SSN

Mid May to July of 2017, Equifax had a security breach of their consumers private personal information, including social security numbers, birth dates, addresses and some drivers license numbers.

Adding to the issue, it has been noted that around 209,000 credit card numbers of consumers were breached as well. If you have had any interaction with Equifax it is highly suggested you keep an eye on your bank accounts and use of SSN.

The breach was discovered on the 29th of July and was immediately acted upon to prevent any more loss of sensitive information. The investigation is reported to be almost through and done, and should be expected to wrap up in the coming weeks.

The Chief Execitive Officer stated that there will be comprehensive services to support all U.S. consumers, even if this breach left them unaffected.

A website has been set up to help consumers see if their information was breached, click here to be brought to the support site.

Despite Eqiufax’s goal of being a leader in data managing and protection, they too had become a victim of a security breach. This should be taken as time to learn from this experience and ensure your network is as strong as it possibly can be.

No matter how small your network may be, without proper monitoring and maintenance, you are subject to hacking and data breaches. Entrust your network to us at Re2tech, a business that is small, but has strong flexibility, and the knowledge of a large enterprise, we are in this for the long haul! We make I.T. happen!

Contact us today and inquire how we may help you secure your network, don’t wait until you are already a victim! 

Open post

Switch Port Protection

There are multiple ways to secure your network, but one of the easiest is with a secured access switchport.

What is a switchport?

A switchport, or network switch, is a networking device that allows the connection of devices to computer networks. This is accomplished through packet switching that grants the ability to receive, process, and forward data to the designated device.

So how can securing a switchport help secure your network?

A secured access switch restricts access to users and devices, thus preventing some random people/hackers to run through your network. By default, access switch ports are in a dynamic-desirable mode, which means it basically follows the orders of any device connected to it.

 

Ways that we at Re2tech can help you secure your access switch:

  • Enabling BPDU guard, which will protect against unauthorized network devices.
  • Restrict input to an Ethernet switchport, by statically assigning the MAC address of an end device to a specific switchport.
  • Set the switchport into “Sticky” mode which allows the remembering of a devices MAC address as soon as it first connects, which can then be treated as the static address.
  • Configuring the access switch to shut down or restrict access when an attempt of an unauthorized device is detected. This in turn can also send out an SNMP trap message to the administrator, alerting them of the violation.
  • Create a black hole VLAN which guarantees isolation for any unauthorized devices connected to the switch.

There is a long list of possible ways you can secure a switchport. Securing a switchport is simple and easily changed, while also giving an essential base security to a network.

Give us a call at Re2tech today and let us secure your switchports and network! while your at it, inquire about our other I.T. services! Because we make I.T. happen! 

Open post

Network Segmentation Security

As we all know, cyber attacks are becoming more and more commonly talked about. Defending yourself against a cyber attack can be difficult, there are so many forms of cyber attacks and multiple ways you can try to anticipate them. However, network segmentation is effective for anyone and everyone in helping to slow down the damage a cyber attack can do!

How does segmenting a network help defend or slow down the spread of a cyber attack?

By splitting up your network into smaller subnetworks you are able to micro manage different forms of cyber security. For example you can have one subnetwork with a form of security that looks specifically for one type of cyber attack, while having a different subnetwork with a different form of cyber defense. This multi segmented network gives a stronger control to role and functionality and if you were to be hacked in some way, this would not allow the breach to infest everything all at once. There would be time to discover the location of the problem and fix it before it spreads to a different segment of your network!

This form of security is especially useful for small businesses who manage everything on one network and rely on websites, smartphones and connected devices.

Firewalls are the corner stone for segmented networks, they ensure agility and security by managing traffic to and from network devices, as well as eliminate the threat of excess access to your network.

Give us a call at re2tech today and let us help spread your network into a more defensive state to mitigate any damage if you were to be the victim of an online attack! While were at it, let us increase your security through measures like VPN (virtual private network) to ensure your at your strongest to begin with and help avoid any attacks all together! 

Posts navigation

1 2 3 4 5 6
Scroll to top