Friday, November 30, 2012

Buy of the Week: Toshiba Excite 10 AT305-T16 Tablet for $353

This offer expired on 12/7/12, please check the top banner ad for active deals.

Toshiba Excite 10The AT300 (Excite 10) tablet delivers more performance, sleek durability and more essential ports and features than the average Android powered tablet, so you - quite simply - can do more.

Until December 7th, 2012, you can order a Toshiba Excite 10 AT305-T16 from Hyphenet for only $353, plus shipping!

Specifications for Toshiba Excite 10 AT305-T16 Tablet





























































MFR# PDA08U-001001
Product TypeTablet
Display10.1" TFT LED backlight Multi-Touch
1280 x 800
ProcessorNVIDIA Tegra 3 (Quad-Core)
Memory1 GB - DDR3L SDRAM
Storage16 GB
Camera5 Megapixel rear,
2 Megapixel front
Networking802.11b/g/n,
Bluetooth 3.0
FeaturesUSB host,
HDMI Port
BatteryLithium polymer (up to 10 hours)
ColorChampagne silver
Weight1.3 lbs
Operating SystemAndroid 4.0
Warranty1-Year Toshiba Warranty

Call (619) 325-0990 to order a Toshiba Excite 10 AT305-T16 Tablet today!


Buy of the Week offer valid through December 7th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 12/7/12, please check the top banner ad for active deals.

Malicious Browser Add-on Edits Hosts File to Redirect Users to Phishing Websites

Only install add-ons from trusted sourcesIt’s no secret that browser add-ons bring us joy by increasing productivity and enhancing our overall internet experience, but not all add-ons are built with good intentions.

Cybercriminals have been known to push malicious browser add-ons that inject ads into websites or post spam on social network accounts.

More recently, Symantec researchers found that evil-doers have been spreading malicious browser add-ons that will redirect users to phishing websites whenever they type the URL of a legitimate site into their address bar.

These rogue add-ons are served from a phishing website mimicking the look & feel of a popular e-commerce website, complete with a typo-squatted domain and all.

The spoofed e-commerce website detects the user’s browser upon visit and prompts them to install the add-on for their particular browser. If the end-user chooses to install the add-on, it will modify the hosts file located in the Windows System32 directory, assigning the domain names of well-known companies to IP addresses of phishing websites.

For the uninitiated, Symantec explains that “when a user enters a website URL in the browser address bar, it checks the local DNS information, such as the hosts file, before sending a DNS query to the Internet.” That means if you type the web address for a website that’s been re-assigned using the hosts file, you’ll be directed to the phishing website instead of the legitimate one.

Fortunately Symantec says that the phishing site pushing the add-on has been taken offline, but another can easily pop-up elsewhere. Therefore, users are urged to remain vigilant and proceed with caution when installing software on their computer, even browser add-ons.

Browser Add-on Safety Tips



  • Use your browser’s built-in mechanism or visit the official add-on markets for Firefox, IE, Chrome, etc. to browse & install available add-ons.

  • Check the number of downloads, add-on rating, and user reviews for any red flags before downloading.

  • Do not download or install add-ons from unknown or untrusted sources.


[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Thursday, November 29, 2012

Shylock Trojan Detects & Avoids Remote Desktop Connections

Shylock Banking TrojanIf you were hoping to study the latest variant of the Shylock Trojan via remote desktop connection, you’re out of luck.

Trusteer researchers discovered that Shylock is now capable of detecting remote desktop environments, which are commonly used by security researchers to analyze malware samples.

Shylock identifies remote desktop environments by “feeding invalid data into a certain routine and then observing the error code returned.” If the error code doesn't match ones expected from a normal desktop, Shylock won’t install.

Trusteer noted that it is possible to use this method to identify other known or proprietary virtual/sandbox environments.

Shylock’s new evasion technique will make it difficult for security researchers to study the malware and antivirus vendors to update detection signatures.

Of course, it is always better for users to take a proactive approach vs. reactive when it comes to malware, especially if its financial data-stealing malware like Shylock.

Being that Shylock often infects PCs via drive-by-download attacks and phishing emails, users are urged to:

  • Keep their operating system & third-party software patched and up-to-date.

  • Avoid clicking links or downloading files attached to emails from unknown/untrusted sources.

  • Always run antivirus that runs real-time scanning.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, November 28, 2012

Register for the Managing the Unmanageable BYOD Webinar!









Please join the upcoming Managing the Unmanageable BYOD Webinar to learn more about the growing BYOD trend & how to manage personal devices your business.

Date: Thursday, December 13th, 2012
Time: 10:00 AM - 11:00 AM PST
Hosted by: Hyphenet & NetClarity
Cost: FREE!

In this seminar, Jason Orgill, industry expert and Director of Product Management and Business Development at NetClarity, will demonstrate:

  • What is the BYOD trend and should I allow it in my business?

  • Several risks that go along with BYOD

  • Educating your employees on BYOD Best Practices

  • BYOD made easy with NetClarity's NACwall appliances


Register for this webinar by filling out the form on the right. You will receive Webex information for the event one day before the event is held.
NetClarityRegister
Seats are limited, so act now!

[contact-form to='sales@hyphenet.com' subject='BYOD Webinar Registration'][contact-field label='Name' type='name' required='1'/][contact-field label='Email' type='email' required='1'/][contact-field label='Phone Number' type='text' required='1'/][contact-field label='Company' type='text' required='1'/][/contact-form]

 

 

Cybercriminals Setup Fake Update Pages for Chrome, Firefox & IE

Firefox - Chrome - IEDo you know how to update your web browser?

One of the nice things about Google Chrome is that it automatically updates whenever a new browser version is detected.

Aside from that, you can manually check for updates by clicking the Menu icon and selecting ‘About Chrome’. If there are any updates found, it will download them automatically and install them whenever you decide to restart your browser.

Firefox is pretty much the same, as well as Opera.

Internet Explorer is a bit different as it usually involves downloading another browser, like Firefox or Chrome. – Just kidding! Internet Explorer 9 updates are provided via Windows Updates.

And yes, knowing how to update your web browser is important.

Aside from running the risk of having a browser vulnerability exploited in a cyber-attack, there’s always the chance of you downloading malware posing as a browser update.

StopMalvertising warns that cybercriminals have launched new phishing schemes using malvertisements and fake browser update webpages in hopes of tricking you into downloading malware onto your computer.

The risk of falling for a phony browser update page is present regardless if you use Firefox, Chrome or Internet Explorer. The pages are set to detect your browser of choice & customize the content just for you:

Firefox, Chrome & IE Update Pages

Screenshot Credit: StopMalvertising


In the event that the script cannot determine which browser you’re using, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download.

A VirusTotal scan of the file served in the attack, index.exe found that it is actually Trojan:Win32/Startpage.UY.

Once it infects your machine, Trojan:Win32/Startpage.UY will change your browser’s homepage. While that may seem harmless, it’s important to note that TrendMicro’s analysis of this attack found that the updated home page may “host other malicious files that can further infect [your] system.”

One of the things that set this particular batch of fake browser update pages apart from the ones we saw back in January is the fact that these new pages pose a threat to mobile users as well.

Although it does not appear that payloads targeting smartphones are served, StopMalvertising noticed JavaScript on the site that will display pop-ups and notifications asking for your mobile phone number. Providing such information to a scammer can be a costly mistake as they won't think twice about signing you up for expensive SMS services, so don't do it!

How to Avoid Falling for Fake Browser Update Phishing Schemes


So now that you know the risks, what can you do to avoid becoming a victim?

  • Always use your web browser’s built-in update mechanism or download updates from a legitimate source (like the vendor’s official website).

  • Always run antivirus software that offers real-time scanning and always scan downloaded files before opening them.

  • Remain vigilant when surfing the web and do your best to avoid suspicious links or website.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, November 27, 2012

Piwik.org Hacked to Serve Trojanized Version of Piwik Software

PiwikAn unknown attacker hacked the Piwik.org website on Monday morning and added a piece of malicious code into the Piwik 1.9.2 Zip file that will reportedly open a backdoor on systems it is installed on.

The Trojanized file remained available for public download for roughly eight hours until the breach was discovered and the file replaced with a clean copy by the Piwik team.

Piwik stated that their website runs on the popular WordPress platform and the hacker was able to gain partial access to the website server by exploiting a vulnerability within an unnamed WordPress plugin.

No personal or sensitive user data was said to be stolen in the breach, and the Piwik team is not aware of any security holes within the actual Piwik software.

Instructions on how to check if you downloaded an infected copy of Piwik along with the necessary steps to remove the malicious code can be found on the Piwik blog.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, November 26, 2012

Malware Waits for Users Looking for Nude Photos of Beyonce

BeyonceWARNING: This threat is still active.

Her name may not have made it on the list of the Most Dangerous Celebrities to Search Online, but looking for Beyonce photos that are NSFW can still lead you to a malware infection.

GFI Labs warns that cybercriminals have setup a trap for anyone that dares to type in “beyonce nude” in Google’s search engine and click the following link:

Flickr Beyonce Nude

The link will take you to a Flickr page containing an image of an embedded video player (clever). Said image will redirect you to a third-party website that will prompt you to download an exe file before viewing the [nonexistent] video.

Nude Beyonce Video Scam PageScreenshot Credit: GFI


Don’t bother downloading whatever “video player” or browser plugin they’re pushing. There’s no video, and you definitely won’t be seeing Beyonce in her birthday suit.

You've been warned!

[via GFI]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Beware of Fraudulent "Invoices" from DNS Services (dnssvc.com)

Scam AlertBe careful when checking your mailbox – there are fraudulent invoices lurking about!

One of our clients contacted us recently after they received an invoice from a company by the name of “DNS Services” (dnssvc.com). It was for the amount of $65, which was listed as the annual fee for 'Managed DNS Backup Business Services'.

Here's the "invoice" that they received:

Fake DNS Services Invoice Scam

Despite what you may believe at first glance, the mailer is NOT an invoice, but a rather shady offer to sign up for DNS backup services.  Infact, you may even catch the following disclaimer if you read the document very carefully:
This is a solicitation for the order of goods or services, or both, and not a bill, invoice or statement of account due. You are under no obligation to make any payments on account of this offer unless you accept this offer.

After doing a bit of research, we found that this fake invoice scam has been going around for the last few weeks, and worse yet, there are reports that some of the bogus invoices do not have a disclaimer!

Needless to say, unless you intending on signing up for these services it is best that you discard mailers sent from DNS Services. Be sure to warn office admins, accounting staff, or anyone else that runs a risk of accidentally sending payment to DNS Services about this scam as well.

Additional information about this scam can be found on WOT (Web of Trust), Ripoff Report, or by Googling the dnssvc.com domain.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, November 23, 2012

Get 15% off Your Annual Carbonite Subscription Fee!

CarboniteAre all of your files backed up?

Disaster can strike your computer at anytime, so don't forget to back up all of your photos, music, documents and more!

Carbonite offers secure, automated online backup for both home and business users. Contact Hyphenet to sign-up for Carbonite Online Backup and you'll get 15% off your annual subscription cost.

Here are a few Carbonite features you'll be able to enjoy:

  • Automatic backup

  • Unlimited backup space

  • Encrypted, off-site storage

  • Anytime, anywhere access

  • Easy file restore

  • U.S.-based customer support


Call Hyphenet at (619) 325-0990 or fill out our online form to signup for Carbonite and get your 15% discount today!

Hyphenet, Inc. is a Carbonite reseller.
Offer only valid for new Carbonite subscribers.

 

Thursday, November 22, 2012

Happy Thanksgiving from Hyphenet! (See you Monday)

Things will be rather quiet around these parts given our staff will be spending time with family, friends, and of course, stuffing their faces.

Who knows, some of us may brave the crowds (and burn off some of those calories) to do a little holiday shopping on Black Friday!

Either way, we will be back in the office on Monday. We've scheduled some tweets to keep you occupied in the meantime, so make sure you're following us on Twitter (@hyphenet).

We hope you have a happy Thanksgiving!



Photo Credit: martha_chapa95

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, November 21, 2012

Backdoor Trojan Uses Google Docs to Connect to C&C Servers

Google DocsUsing Google Docs for evil purposes is nothing new.

Cybercriminals have already found that the ability to host online forms using Google Docs can prove quite useful when launching phishing attacks.

Now it seems that they’ve discovered that there’s more value in Google Docs, and have begun using it as a proxy server to pass information between command & control servers and machines infected with the latest variant of Backdoor.Makadocs.

As explained on the Symantec security blog, this is all made possible thanks to a Google Docs feature called viewer that retrieves the resources of another URL and displays it.

Of course, Backdoor.Makadocs’s use of Google Docs' viewer feature is a violation of Google’s policies, but it’s highly doubtful that cybercriminals care. They’re likely more interested in the benefits, which include hiding command & control server communications and the fact that the connection to the Google Docs server is encrypted using HTTPS, making it difficult to block locally.

Backdoor.Makadocs appears to primarily target Brazilian users, and arrives as a Microsoft Word document or Rich Text Format (RTF) file that relies on social engineering tactics to infect the machine. Symantec detects the Word & RTF files associated with this attack as Trojan.Dropper.

Should Backdoor.Makadocs manage to find its way onto your PC, it will do as its name suggests and open a backdoor to siphon sensitive information out of your machine.

Keeping Your PC Safe from Makadocs Malware



  • Keep your operating system and installed software fully patched and up-to-date.

  • Always run antivirus software that offers real-time scanning.

  • Do not download files from unsolicited emails or untrusted sources.

  • Do not click suspicious hyperlinks, regardless if how they were shared (email, social network, etc.)


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Spammers Use Western Union Brand to Spread Malware

Western UnionDo you see that Western Union Agent Portal email sitting in your inbox, asking you to download a zip archive that supposedly contains a list of changes & a contract for you to sign?

Yes, I’m talking about the one with the subject line “Western Union Agent urgent action needed.”

Well, that email didn't really come from Western Union.

No, it was sent from a spammer that wants to infect your computer with Mal/BredoZp-B, which is hiding inside the attached file, WU-BD02E0BBE2.pdf.zip.

Here’s the full email that I’m talking about:

Western Union Spam



Subject: Western Union Agent urgent action needed
From: Western Union Agent Portal (88350b9b6@hertzarsales.com)

Western Union® AgentPortal

Dear WU agent,

Western Union Agent Coordination Department notifies all its agents about urgent changes in the reward system and working conditions.

In order to continue working as an agent you must read the list of changes through and sign the contract provided in the attachments to the email.

We are sorry to cause inconvenience. Please do not be slow in making the decision and make the necessary actions as soon as you can.

Faithfully yours,

Western Union Agent Coordination Department

Western Union © 2012

What to Do with Western Union Spam


Should you receive a copy of the above email - or perhaps another suspicious looking email claiming to be from Western Union – then it is recommended that you:

  • Do NOT download or open the attached file.

  • Do NOT click on any suspicious links within the email.

  • Forward the email to spoof@westernunion.com.

  • Delete the emails immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, November 16, 2012

Buy of the Week: Lenovo ThinkPad Twist S230u 3347 for $913

This deal expired on 11/23/12. Please check the top banner ad for active deals.

Lenovo ThinkPad TwistTwist transforms into a laptop when you need to type, a tablet when you're on the go, and a stand when you want to share presentations. When you're ready to browse, bend it backward into a tent for a close-up view.

Until November 23rd, 2012, you can order a Lenovo ThinkPad Twist S230u 3347 from Hyphenet for only $913, plus shipping!

Specifications for Lenovo ThinkPad Twist S230u 3347





























































MFR# 33472HU
System TypeUltrabook
Mechanical DesignConvertible design
Display12.5" LED backlight Multi-Touch
1366 x 768 / HD
ProcessorIntel Core i5 (3rd Gen) 3317U / 1.7 GHz
Memory4 GB DDR3 - 1333 MHz
Storage500 GB Hybrid Drive (24 GB flash) / 7200 rpm
GraphicsIntel HD Graphics 4000
Networking802.11n,
Bluetooth 4.0,
Gigabit Ethernet
Battery8-cell - up to 6 hours
Dimensions12.3 in x 9.3 in x 0.8 in
Weight3.5 lbs
Operating SystemMicrosoft Windows 8 Pro 64-bit Edition
Warranty1-Year Lenovo Warranty

Call (619) 325-0990 to order a Lenovo ThinkPad Twist S230u 3347 today!


Buy of the Week offer valid through November 23rd, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This deal expired on 11/23/12. Please check the top banner ad for active deals.

Banking Trojan Served from Opera Browser Homepage

OperaIt would be a good idea to scan your computer for malware if you have the Opera web browser installed & recently visited the browser’s homepage (portal.opera.com).

The advice comes from antivirus firm, Bitdefender following the discovery that the Opera homepage was loading malicious obfuscated scripts that would redirect users to a third-party page housing the infamous BlackHole exploit kit for “at least a few hours” on Wednesday.

Bitdefender says that the exploit code was likely loaded through a third-party advertisement, a practice called “malvertising.”

During their analysis, Bitdefenders found that the BlackHole exploit kit used a PDF file rigged with the CVE-2010-0188 exploit to drop a new Zbot variant, detected as Trojan.Zbot.HXT, onto the affected machine.

The obfuscated script associated with this attack is detected as Trojan.Script.478548.

Opera has since disabled the ads on the browser’s homepage while they investigate what happened.

So far there have not been any reports of infections stemming from this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Thursday, November 15, 2012

Apple Pulls Two Scam Apps from its App Store

Apple Store IconSomehow, someway two scam apps made their way into Apple’s App Store on November 8th and remained available for 5 days before being pulled by the fruit-themed company.

Both apps were offered by the same developer, JB Solutions.

One of the apps pulled, IntelliScreenX for iPad and iPhone, claimed to add a pull-down list of notifications from the device’s lock screen.

Typically users would have to jailbreak their iOS device to have this feature, so it’s understandable why some jumped at the opportunity to use the IntelliScreenX for iPad and iPhone instead.

Unfortunately for IntelliScreenX buyers, the $1.99 app proved to be nothing more than an alarm clock once it was downloaded.

The other bait-and-switch app, NFC for iPhone 5, promised to magically enable Near-Field Communications support for $0.99 even though the iPhone is built sans NFC chip. So, it’s not too much of a surprise that it transforms into an app named RadioStreamer and plays music from online stations once it’s installed.

Apple is well-known for its rigorous app-screening process, so it's not clear on how these two apps managed to get the stamp of approval. Either way, it proves that it is always worthwhile to do a little research and always check app reviews before installing them, regardless of what platform you use.

[via The Register]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Wednesday, November 14, 2012

Is Ransomware a Threat to Windows 8 PCs?

Windows 8Judging by the large number of warnings that have popped up within recent months regarding ransomware, it goes without saying that cybercriminals are doing all they can to infect machines with it.

But how does it fare on the new Windows 8 platform?

Symantec researchers couldn’t live without knowing the answer, so they tried running a few ransomware samples currently circulating in-the-wild in a default Windows 8 environment.

While many of the samples did a poor job of taking the system hostage, there was one variant, Trojan.Ransomlock.U that managed to successfully lock the computer and display a message to the end-user demanding payment to regain access.

It’s never a good idea to pay the ransom fee should your computer ever fall victim to a ransomware attack. Instead, you should look for removal steps online using a secondary PC or smartphone, or take it to a local computer repair shop.

Of course, the best way to handle ransomware would be to do everything in your power to keep your PC from becoming infected in the first place!  So be sure to keep your operating system patched, watch what you click and download online, and run antivirus at all times.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Tuesday, November 13, 2012

Teenage Researcher Creates Windows Phone 8 Malware Prototype

Windows Phone 8A young security researcher by the name of Shantanu Gawde claims to have created a prototype of mobile malware targeting the new Windows Phone 8 operating system.

Gawde is scheduled to unveil his proof-of-concept code at the International Malware Conference (MalCon) in New Delhi, India on November 24th.

Details about the malware are rather scarce; however, the MalCon website hints at Gawde’s presentation involving a Trojan disguised as a legitimate app that will give attackers access to contacts, text messages, pictures and more.

If that’s the case, then the question of whether or not a malicious app can sneak past Microsoft’s approval process & become available within the Windows Phone Store remains. (Not to mention how sketchy the permissions screen may look to end-users.)

Microsoft is aware of Gawde's upcoming presentation and is ready to take appropriate action to help protect their customers following his MalCon demonstration.

[via The Register]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Monday, November 12, 2012

PharmaSpam Has Users Thinking a Lot Has Happened on Facebook

Facebook EmailHas a lot happened on Facebook since you last logged in? Has it, really?

It depends… on whether or not that notification email sitting in your inbox is really from Facebook, which it may not be.

Yes, it appears that spammers are once again sending out fake Facebook notices to try and generate traffic for their pharmaceutical websites.

Here’s a copy of the Facebook spam I received on Sunday:

Fake Facebook Email



From: Facebook (notification+queejvx5vf7bh@server-193-237.tanduc.com)
Subject: A lot has happened on Facebook

Facebook

A lot has happened on Facebook since you last logged in.

3 messages awaiting your response.

[Go To Facebook] [See All Notifications]

This message was sent to [YOUR EMAIL]. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Not a single link in this email points to Facebook; they all go to a third-party site that redirects to an illegal Rx website.

What to Do with Facebook Spam


If you happen to receive an email like the one above, it is suggested that you:

  • Avoid clicking on any links.

  • Mark the email as ‘Spam’ in your email client.

  • Report the email to Facebook.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Friday, November 9, 2012

Buy of the Week: Fellowes Powershred W-11C Shredder for $76

This offer expired on 11/16/12; see top banner ad for active deal.

Fellowes W11C ShredderDesigned for personal use in the home, the Fellowes W11C offers reliable performance and still fits your budget.

This moderate duty shredder shreds up to 11 sheets per pass into 5/32" x 2" cross-cut particles as fast as 110 sheets per minute. Equipped with a 9" paper entry that easily accepts letter or legal size documents, the W11C also features durable steel cutters that accept credit cards and staples.

Safety interlock switch instantly stops shredder when unit is lifted off of wastebasket. Auto start/stop feature ensures quick, easy shredder operation. Reverse function easily removes overfed paper.

Until November 16th, 2012, you can order a Fellowes W11C Shredder from Hyphenet for only $76, plus shipping!

Specifications for Fellowes Powershred W-11C Shredder

















































Device TypeShredder
Security LevelS3
Cut TypeCross-cut
Shred Size0.156in
Wastebin Capacity6.6 gal
# of Sheets at a Time11
Speed190 in/min
Paper entry width9.1"
ShredsCredit cards, staples, paper
Dimensions13.7 in x 8.5 in x 18 in
Warranty1-Year

Call (619) 325-0990 to order a Fellowes Powershred W-11C Shredder today!


Buy of the Week offer valid through November 16th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 11/16/12; see top banner ad for active deal.

The Tracks You Leave on the Internet [INFOGRAPHIC]

Digital FootprintsWe all know that nearly every major website tracks us in some way, shape or form, but do you know how and why it’s being done?

Veracode has created an infographic that illustrates the tracks that we create when we explore the digital world, how we are being tracked, and ways you can get more privacy as you surf the web.

Check it out…

The Tracks You Leave on the Internet [INFOGRAPHIC]


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Internet Scammers Hope to Feed on Twilight Fans in Wake of Breaking Dawn: Part 2

Twilight Breaking Dawn: Part 2Twilight fans are mere days away from entering a feeding frenzy and crowding movie theaters to watch Breaking Dawn: Part 2, the final movie in the Twilight series.

Cybercriminals, on the other hand, have already setup their scams offering Twilight memorabilia.

The scams seen so far start off with an offer for free Twilight Vampire contacts, but there’s a possibility that other items such as an Official Twilight Backpack, Custom Twilight Converse Shoes, Complete DVD Set or Book Set could be dangled in front of Twilight fans instead.

Do not click if you see a post/offer resembling this one on Facebook, or any other social media website for that matter:

Twilight Scam on Facebook Post
7 DAYS UNTIL BREAKING DAWN PART 2 IS OUT! To celebrate we're giving away FREE Twilight Vampire contacts! Follow the steps below to get yours now!

- Like this post and share it with your friends
- Click the link below
- Be sure to choose if you want Golden, Red, or Black contacts!

hxxp://www.consumerrewardprogram.com/FreeMerch/?c1=TwilightMerch

Upon clicking the link you will be taken to a website asking you to choose your prize and enter your email address. Simple, right?

Twilight Scam Page


But wait - did you happen to notice the fine print at the bottom of the page at all? It states by providing your email address, you agree to receive promotional emails and “special” offers from “trusted 3rd parties.” Oh, and in order to receive your reward you must meet the eligibility requirements, complete a survey, and complete a total of 10 Reward Offers.

For those of you who are unfamiliar with “reward offers” offered by deals like this, they usually involve signing up for some paid service or applying for a credit card or loan. Signing up and cancelling service just to get the prize doesn’t work either – you have to keep your accounts active for more than 30 days to “qualify” for it.

Funny how something that was supposed to be free suddenly turns into an expense.

You might as well find a local store that sells crazy contacts or Twilight merchandise and pick it up there. At least you’ll know for sure you’ll get it and you won’t have to worry about random charges for services you don’t need.

Stay safe, Twilighters!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, November 8, 2012

Double Threat Behind “Heh U Didn’t See Them Tapping U” Twitter DM

Evil Twitter BirdCybercriminals are doing their best to get you one way or another if you click on the link attached to DMs asking if you noticed you were being videotaped.

Don’t be fooled by the fact that the messages come from one of your followers, or that the link appears to go to a Facebook page. It’s only because the first phase of the scam uses a malicious Facebook app to steal Twitter login details.

It all begins with a direct message that goes a little something like this…
heh u didnt see them tapping u
hxxp://facebook.com/241455879316971?eby_creepy

Clicking on the link will take you to an evil Facebook app that requests your Twitter username and password before revealing the alleged video of you.

Phishing Page Steals Twitter Logins


The fun doesn’t stop there, though. Once you’ve foolishly handed over the keys to your Twitter account, you will be redirected to a third-party site dressed up as a Facebook page with an embedded video that you can’t watch because apparently you need to download an update for YouTube Player.

Fake Facebook Video Page Pushes Malware


Of course, that “update” (FlasshPlayerV11.137.18.exe) is complete bogus and is actually malware that only 6/44 antivirus programs can detect, according to VirusTotal.

Oh, and there's no video.  Only thing going on here is Twitter account theft and malware infections, move along...

Did You Get This DM?


If you received this message on Twitter, it’s highly recommended that you:

  • Do NOT click the link, provide your Twitter login OR download ‘YouTube Player’ updates – it will not end well if you do.

  • Report the DM to Twitter.

  • Let the sender know that they have fallen for a scam and urge them to not only change their Twitter account password, but scan their computer for malware. (Check the VirusTotal report above to see what antivirus can detect the infection.)

  • Delete the DM immediately.


Outside of that, be sure to give your friends & family a head’s up about this scam.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Adobe Reader X Zero Day Said to Bypass Sandbox

Adobe PDFIf you deal with a large number of PDFs, be sure that you’re not opening any sent from an unknown or untrusted source.

Brian Krebs of KrebsonSecurity.com warns that Group-IB, a computer security company based in Russia, claims to have discovered a new zero-day vulnerability in Adobe Reader X and XI that completely bypasses its built-in sandbox protection.

As if that news alone weren’t bad enough, Group-IB says that the vulnerability is up for sale in the criminal underground for $50,000 and has been added to a new, custom version of the infamous BlackHole Exploit Kit.

Frequent readers will recognize the BlackHole Exploit Kit name, as it is widely-used by cybercriminals and is often the driving force behind majority of drive-by-download attacks that we post warnings about.

The only limitations associated with this new zero day are the facts that it cannot be fully executed until the user closes their web browser or Reader window, and the attack has only been seen working against Windows.

Which, speaking of seeing things, Group-IB created a video demonstrating a “sanitized” version of the attack:

http://youtu.be/uGF8VDBkK0M

As for Adobe’s take on this, SCMagazine reports that the Adobe PSIRT (Product Security Incident Response Team) is communicating with Group-IB to determine whether or not this is in fact vulnerability and a sandbox bypass.

In the meantime, users should avoid downloading (and opening) random PDF files and maybe take a gander at other PDF readers Krebs suggests like Foxit, PDF-Xchange Viewer, Nitro PDF, and Sumatra PDF. Disabling the PDF reader browser plug-in won't eliminate all threats since trojanized PDFs that are downloaded and opened will still result in a successful attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Check Your Inbox, Twitter is Sending Out Password Reset Emails

Change Your Twitter PasswordIt looks like Twitter may have suffered some sort of security breach or there was a highly successful phishing campaign that stole a lot of login credentials, because the micro-blogging site has been sending a large amount of users password reset emails.

Here is a copy of the legitimate email that Twitter is sending to users who have accounts they believe may have been compromised:
Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/[RANDOM STRING]

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!

  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.

  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.


For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

If you’re not comfortable clicking the link, Mashable wrote that you will be kicked straight into the password reset cycle the next time you login. After providing your phone number, email address or Twitter username, you will be sent a different email containing a link to enter your new password.

Considering it’s not entirely clear what happened, changing your password even if you didn’t get an email may not be a bad idea.

Update: Twitter updated their blog to say that the huge batch of password reset emails was a result of them unintentionally resetting passwords for a large number of accounts beyond those they believed were actually compromised.

[via TechCrunch]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, November 7, 2012

Spammers Impersonate IC3, Offer Potential Scam Victims 1 Million Dollars

Internet Crime Complaint Center (IC3)Don’t bother entertaining any emails purporting to be from the Internet Crime Complaint Center (IC3) and offering you a million dollars.

Sophos first sounded the alarm on the fraudulent messages in a Wednesday blog post, alerting users that the emails carry a subject line that reads “We have mandated your payment, kindly view below attachment", have a file named DETAILS.doc attached to it, and even contain a link to their blog!

The good news about the attached Word doc is that there’s no evidence that it contains malware. However, the bad news is that it has the makings of a 419 scam (aka advanced-fee scam).

Dressed as an official notice from the IC3, DETAILS.doc tries to lure recipients into the scam by telling them that their contact details were found on computers confiscated from cybercriminals that recently got pinched, and that they are being offered a million dollars as compensation.

To help build credibility for the backstory, a link to an entry posted on the Naked Security blog back in June covering the arrest of 24 individuals in a suspected online credit card fraud ring is included in the doc.

Of course, to collect their cool million, recipients must first provide personal information – and likely pay some kind of fee before the funds can be released. Suffice it to say, there are no funds, so the user will be out whatever money they pay.

Here's the spam email:
PAYMENT APPROVAL MANDATE IN YOUR FAVOR:

We are hereby to inform you that we have been able to trap down some of the scam artists which have troubled the general public in name of helping our individuals to get their benefited fund or to indulge into business with them the aim of defrauding our individuals.

Upon the course of our investigations, we found some documents bearing your name and your email address in the computer hard disk of the scammers. Having reported this matter to the World Bank president (Jim Yong Kim) who instructed that the assets confiscated from the scammers should be shared to those that their name and email address was found in the possession of the scam artists as refund of loosed money in the form of cash payment which you are among. You are therefore to be compensating with the sum of One Million United States Dollars (1US$Million).

Also we arrested some men who claim to be bank officials, Contract managers, Barrister, and Lottery Agents from London who has been sending you bogus letters and SMS via your telephone numbers indicating that you have won a lottery which does not exist, claiming to release your fund via ATM CARD, proposing you business which never exist and those using the HSBC Bank London, South African Reserve Bank, First Commercial Bank London, Financial Intelligence Center, FBI to scam the general public.

Below is the link of the arrested fraudsters for your perusal.
http://nakedsecurity.sophos.com/2012/06/27/fbi-arrests-24-in-internet-credit-card-fraud-ring/

Therefore you are to contact the South African reserve bank through the Deputy Governor (Mr. Francois Groepe) through this email [REMOVED] with the below information for his verification and instructions to guide you on the refund process of your money, we advise you to stop all communications you are having with any other agent or bank officials in African, Europe (London) and Asia regarding any form of release of fund to you as their aim is to defraud you.

  1. Your Full Name:

  2. Physical Address:

  3. Occupation:

  4. Age and Sex:

  5. Direct Telephone Number:

  6. Country:


Regard

Yours Faithfully,
Mr. Chennal Sri Sudhakar
Assistant Commissioner of Police
Cyber Crime Cell Commissioner Office

What to Do If You Receive IC3 Spam



  • Avoid replying to the email or providing any personal or financial information.

  • Report the email to the Internet Crime Complaint Center (IC3) by filing a complaint (their FAQ says you can do this since they do not have a specific email address setup to receive spam emails). You can also report it to SpamCop.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Pixsteal: Malware That Wants All of Your Image Files

Pixsteal wants all of your imagesDo you have any sensitive image files stored on your computer hard-drive?

There’s probably a good chance that you do, and if so, you will want to watch out for a new piece of spyware named TSPY_PIXSTEAL.A (which I refer to simply as “Pixsteal”) that was recently discovered by TrendMicro researchers.

As it name implies, once Pixsteal makes its way onto your system it will attempt to steal valuable images by copying all .JPG, .JPEG, and .DMP files from C, D, and E drives and uploading them to a remote FTP server.

Although this may not seem like a big deal, TrendMicro warns that Pixsteal brings a very high risk for identity theft and blackmail since some folks use photos to store both personal and work-related information. Meanwhile, dump files (.dmp) files can prove useful for future targeted attacks as they contain details as to why a computer stopped unexpectedly.

A Pixsteal infection often results from a user falling victim to a drive-by-download or another piece of malware that downloads and installs it. Therefore, users can protect their machines by:

  • Keeping their operating system and installed third-party software fully patched and up-to-date.

  • Always running antivirus with the latest virus definitions.

  • Exercising caution when following links or checking email; always investigate links before following them and don’t download files attached to unsolicited emails without scanning them first.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, November 2, 2012

‘OMG they said he died’ DM Leads to Twitter Account Hijacking

Evil Twitter BirdThere’s a new phishing scheme making its way around Twitter and your account can be hijacked with a single click of a button if you’re not careful.

Adam Popescu had a gut feeling that something was amiss when the following DM hit his Twitter inbox:
OMG they said he died…Did he? [SHORT LINK]

Unfortunately he went against his gut feeling, clicked the link and found himself staring at a spoofed news page with an acai berry diet sales pitch. He promptly realized his mistake and closed the browser window, but it was already too late. A diet tweet was posted to his account shortly thereafter.

Acai Berry Phishing Page
Screenshot Credit: Read Write Web


It was a mind-boggling situation. Unlike other Twitter scams, Popescu was never prompted to enter his login information and he didn’t grant any rogue apps access to his profile. So what happened??

As a commenter by the name of Sivvy pointed out, he was likely the victim of a XSS (cross-site scripting) attack:
Chances are Adam's cookie (from Twitter) was passed through the URL to that attack site, which then checked what URL referred him to that site. Using the cookie, an attacker can assume his identity, so long as Adam doesn't close his session before the attacker uses it.

In order to avoid losing their account entirely after falling for such an attack, a user would need to:

  • Change their account password immediately.

  • Check their account for any rogue apps that the attacker may have installed on their profile.


Aside from that, it is always a good idea to log out of Twitter when you’re done, and stay logged out for at least 20 minutes to ensure that your session is closed on the server (cookies become invalid once they’re closed and cannot be used again).

If you got the DM, but didn’t click on any links, then it would be a good idea to avoid clicking the link, report the message to Twitter and delete it immediately.

[via ReadWriteWeb]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Reasons Why Android Malware Authors Dig China and Russia

Android MalwareWe all know that cybercriminals have taken a shine to creating mobile malware, but the chances of actually encountering a malicious Android app usually depends on your geographic location.

According to Lookout Mobile’s  State of Mobile Security 2012 report, the likelihood of U.S. users encountering  mobile malware is just 1%. Meanwhile mobile users in China, Ukraine and Russia face a much higher risk of 7.6%, 28% and 42%, respectively.

But why is the risk so much higher in these countries? Three main reasons:

  1. Users are a lot less likely to pay for apps

  2. Third-party app stores reign supreme

  3. Lax premium SMS regulations


As the saying goes, nothing in life is free.

When users go looking for a pirated version of a paid app in third-party marketplace that doesn’t screen submitted apps or download it off some random website, they run a high risk of downloading a Trojanized copy of whatever app they’re looking for.

Combine that behavior with the absence of safeguards like double opt-in requirements for premium SMS services and you’ve got the perfect breeding ground for mobile malware (which often involves texting a premium-rate number).

All that aside, sticking to official stores like Google Play won’t keep you completely safe either, for malware has even managed to sneak past Google’s app-scanning Bouncer in the past. What's an Android user to do?

Just like with PCs, users will always have to play their part to keep their devices safe. That means you should always:

  • Stick to official app stores like Google Play or Amazon Appstore for Android to minimize your chances of encountering a “repackaged” app.

  • Check the number of downloads, app rating, and user reviews for any red flags.

  • Carefully review the required app permissions before downloading and installing the app. If you feel the permissions are out of line for that type of app, don’t install it.

  • Keep an eye out for multiple permission screens – it’s a good indication that you may have downloaded a malicious app.


[via Lookout Mobile]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Dell OptiPlex 3010 SFF for $777

This offer expired on 11/9/12; check top banner ad for active deal.

Dell OptiPlex 3010 SFFWork efficiently with the OptiPlex™ 3010 desktop, featuring essential performance, flexibility and connectivity to help your organization succeed.

Until November 9th, 2012, you can order Dell OptiPlex 3010 SFF from Hyphenet for only $777, plus shipping!

Specifications for Dell OptiPlex 3010 SFF

















































ProcessorIntel Core i5 (3rd Gen) 3450 / 3.1 GHz ( Quad-Core )
RAM4 GB DDR3 SDRAM
Hard Drive250 GB HDD (7200 RPM)
Optical DriveDVD±RW
GraphicsIntel HD Graphics 2500
Dynamic Video Memory Technology 5.0
Audio OutputIntegrated - Stereo
NetworkingGigabit Ethernet
Bundled SoftwareComes with a licensed copy of:
Microsoft Office 2010 Home & Business
Adobe Acrobat
Operating SystemWindows 7 Pro (64-bit)
Warranty3 Years Warranty
Input DevicesDell MS111 USB Optical Mouse
Dell USB Standard Keyboard

Call (619) 325-0990 to order a Dell OptiPlex 3010 SFF today!


Buy of the Week offer valid through November 9th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 11/9/12; check top banner ad for active deal.

Thursday, November 1, 2012

Bank of America 'Passcode Reset' Spam Wants to Infect Your PC with Malware

Be sure that you exercise caution when checking out emails claiming that your Bank of America passcode has been changed.

Internet security firm Webroot has reported sightings of fraudulent BofA notices that are littered with hyperlinks pointing to third-party websites serving malware.

It shouldn’t be terribly difficult to determine whether or not the email you’re looking at is a fake. Aside from having an untrustworthy sender’s address (which is usually windowclouse@hotmail.com, counseling72@yahoo.com, or worldonaplate@rocketmail.com), the email is littered with grammar mistakes and doesn't have a single link pointing towards the Bank of America website.

Take a look for yourself:

Bank of America Passcode Spam
Screenshot Credit: Webroot



Subject: Online Banking Passcode Changed

Exclusively for [EMAIL]

Bank of America
Online Banking Note

Online Banking Passcode Changed

Post Control:
You last signed on to Online Banking on [RANDOM DATE].
Remember: Always look for your SiteKey® before entering your Passcode.

To: [EMAIL]
Account: CHK ending in XXX1
Date: [DATE]

Your Online Banking Passcode was requested to be reseted on [DATE].

Your security is important to us. If you are nescient of this change, please contact us immediately at this form.

Like to get more Notifications? Log in to your Online Banking at Bank of America and at the the Accounts Overview page select the Alerts tab.

Security Checkpoint: This email includes a Safety Checkpoint. The information in this section lets you know this is an authoritative communication from Bank of America. Remember to verify your SiteKey every time you sign on to Online Banking.

Email Settings
This is a warning email from Bank of America. Please note that you may receive service message in accordance with your Bank of America service agreements, whether or not you elect to receive promotional letters.

Contact us about this email
Please do not reply to this email with sensitive information, such as password. The security and confidentiality of your personal details is all-important to us. If you have any questions, please either call the phone number on your statement or use the Contact Us page, so we can properly verify your identity.

Privacy and Security
Keeping your financial information secure is one of our most chief responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.

Bank of America Email, 7th Floor-NC8-985-65-51, 609 South Seaside Tryon, Avenue, Charlotte, TX 67551-3036

If you did make the mistake of clicking on a link, you would be directed to page on a compromised website that’s configured to exploit system vulnerabilities to plant malware on your computer.

So, hopefully you took the time to mouseover links to check the true destination URL, saw that it wasn’t a legitimate Bank of America URL, and decided not to follow them.

What to Do with Bank of America Phishing Emails


In the event that you receive a suspicious email claiming to be from BofA, it is strongly recommended that you:

  • Do not click any links or respond to the email.

  • Report the email to BofA by forwarding it to abuse@bankofamerica.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Make Way for Hurricane Sandy Spam!

Hurricane SandyAs we suspected they would, cybercriminals have launched spam campaigns to try and profit from the buzz surrounding Hurricane Sandy as she wreaks havoc along the Eastern Seaboard.

So far it appears that the spam emails lead to survey scams and do not contain any malware, but that can – and likely will – change in the future.

For now, just be wary of any emails that carry the following subject lines, or ones similar to it:

  • Sandy Got you down? We’ve got you covered!

  • Don’t let the storm ruin your diner plans

  • Avoid the Storm, Eat at chilis!


Chester Wisniewski of Sophos notes that the bodies of the emails are anything but interesting and will likely contain a link going to a website designed to resemble Wikipedia.

Hurricane Sandy Spam Phishing Page

Screenshot Credit: Sophos


At that point you will be presented with a popup saying you have the chance to win a free iPad, iPhone 5, or MacBook. All you have to do to get it is hand over a butt-load of personal information and complete a bunch of “reward offers” that typically involve signing up for some paid service or applying for a credit card.

That may not sound so bad to some of you, but when you take into account that scammers can use that information to commit identity theft, sign you up for expensive SMS plans (they ask for your cellphone number), or create phishing attacks designed just for you – it doesn’t seem like such a good idea. And you might not even get your free gift on top of it!

If you happen to receive Sandy-themed spam, it is advised that you:

  • Do not click on any hyperlinks or download attached files.

  • Delete the email immediately.


Stay safe, everyone!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.