Wednesday, November 27, 2013

Safely Shop on Black Friday and Cyber Monday [Infographic]

Online_Shopping_scamsThe holiday shopping season is the busiest time of year. Finding the perfect gift is on everyone’s to do list.


Some of us have made it a tradition to go Black Friday shopping every year.  Others are starting to do shopping online for holiday deals.

USA Today’s Byron Acohido has warned about the increasingly aggressive efforts made by cybercriminals to prey on Black Friday and Cyber Monday shoppers.

Digital crooks are bombarding emails, social media sites, and search results with corrupted links that lead to a scam that will infect your PC with malware.

Fake delivery confirmations from FedEx, UPS, Amazon, and Walmart may appear in your inbox which are likely to be phishing scams.

Did you know:
  • 56% of people say that they only shop online at websites they know are safe
  • 64% of people say that they have protection software installed and updated on their computers
  • 54% of people are familiar with phishing emails
  • 21% of respondents use an identity monitoring service to stay updated on their security identity status

Here is an infographic with tips on how to protect yourself during the shopping season.



Identity-Hawk-infographic_SM
[Via: IdentityHawk.com identity theft]


Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook. You know you want to.

References:

Shop Safe on Black Friday & Cyber Monday: 10 Tips to Protect Yourself While Shopping this Holiday Season [Infographic] – Identity Hawk
http://www.identityhawk.com/cyber-monday-black-friday-shopping-identity-theft-infographic

Careful What You Click, Cybercriminals Preying on Black Friday, Cyber Monday Shoppers – Hot HardWare
http://hothardware.com/News/Careful-What-You-Click-Cybercriminals-Preying-on-Black-Friday-Cyber-Monday-Shoppers/

Tuesday, November 26, 2013

Tis’ the Season for Cyberscams


cyber_crime

Cyberscammers are out aiming for Black Friday and Cyber Monday shoppers.

Thieves feed off of money and this next week their will be a lot of that going around.  Everyone is anxious to get the best deal and the lowest prices, even though they may eventually spend more than anticipated.

But a deal is a deal, right?

Cybercriminals are concentrating on mobile devices and social media this year to see where all the shoppers are going.

With Black Friday and Cyber Monday right around the corner; cybercriminals have begun to invade e-mails, social media postings and search results with infected website links and offers for worthless products.


visa_scam1

 

Phishing Scheme

Cybercriminals count on one in every 10 prospects of holiday-themed phishing scams to click on the corrupted link, or fill out fake forms handing over your personal data.

“We’re human; we’re compelled to click,” says David Knight, Proofpoint executive vice president. “And we’re even more human during the holiday season.”

Out of 10 million shopping transactions made in the past six months, 25% are from mobile devices, 10% on tablets and 14% from smartphones.

Smartphones are the least secure for purchasing anything.  Signifyd a fraud protection and chargeback prevention company for e-commerce, discovered that 1.3% of e-commerce sales on phones are fraudulent.

This is compared with 0.8% of sales on desktops and 0.5% from tablets.

Be sure to create different passwords for all your accounts.  This could be the extra security you need to protect your personal information from being taken.  This shopping season, it’s okay to be a little paranoid, at least you are being attentive in case someone is trying to gain your trust unworthily.

A few sites worth checking out are Hotspot Shield and TunnelBear, free virtual private networks that establish a secure tunnel between your computing device and the internet.  All your information remains inside the tunnel, which will protect your computer or mobile device from malware or phishing scams.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+


References:

Cyberscammers take aim at Black Friday, Cyber Monday – USA Today
http://www.usatoday.com/story/cybertruth/2013/11/26/mobile-scams-key-off-black-friday-cyber-monday/3686047/

Monday, November 25, 2013

Buy of the Week: Lenovo Iomega ix4-300d NAS for only $810 plus tax!

Store, protect and share all of your important files, locally and remotely with cloud convenience – perfect for small offices, workgroups or advanced home networks
lenovo-iomega
Number of Users
Up to 50 users

Processor
Marvell 6282 CPU, 512MB DDR3 SDRAM, Diskless & fully populated with Cold Swap HDDs

Active Directory High-Availability & Hybrid Authentication
Active Directory Hybrid Authentication (ADHA), Tursted Domains, Microsoft Cluster Server and Hyper-V Live Migration support.

Video Surveillance (VGA port out)
Protecting your home or business has never been eaier than with LenovoEMC storage’s built-in Video Surveillnace Management software.

Built-in McAfee VirusScan Enterprise
It gives small businesses the ability to safely deploy network storage in places where previously there was the possibility of virus and/or malware vulnerability.

Advanced Disk and Power Management
Automatic hard drive spin-down assures the most efficient power consumption. And unnattended system shutdown without data loss in case of power failure.

PC Backup & Restore with True Image Lite 2013 by Acronis
Powerful backup software from Acronis protects content and recovers data in case of any disasters. (3 licenses included)

Automatic Camera Detection
Hassle-free installation and setup of Milestone Arcus with automatic camera detection and recording configuration.

LenovoEMC Personal Cloud Backup
Synchronize data between personal cloud member systems and your Network Storage device.

The Lenovo Iomega ix4-300d NAS has a 12TB storage appliance, (4) 3TB Serial ATA-300 Drvs, RAID 0,5,10,JBOD, and Gigabit Ethernet – iSCSI

lenovo-nas-ix4-300d-open
  • Snapshots allows backup of a source volume at a certain point in time and restore to the source volume, reverting to its state at the time

  •  Equipped with integrated data deduplication technology, Avamar facilitates fast, daily full backups significantly reducing backup windows

  •  Idle drive spin-down reduces power consumption, a variable-speed fan ensures that only the right amount of power is used to cool your device

  •  The ultimate data protection and remote access solution for SMBs protects valuable business information and is completely self-owned, so there are no usage or subscription charges
MFR# 70B89002NA

Call (619) 325-0990 to order your Lenovo Iomega ix4-300d NAS  today!

Buy of the Week offer valid through November 29, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Friday, November 22, 2013

Zbot/Zeus Malware Claiming to be a Security Patch

SophosLabs alerted a spam campaign that seemed to originate from a a different unknown security and anti-virus company.

The messages have a variety of subject lines, such as:
Windows Defender: Important System Update -
requires immediate action
AVG Anti-Virus Free Edition: Important System Update -
requires immediate action
AVG Internet Security 2012: Important System Update -
requires immediate action
Kaspersky Anti-Virus: Important System Update -
requires immediate action
Microsoft Security Essentials: Important System Update -
requires immediate action
All emails being sent look pretty much the same, claiming to include an important security update to overcome “the new malware circulating over the net”.


badwarning-500

Important System Update – requires immediate action
It’s highly important to install this security update due to the new malware circulating over the net. To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.

Don’t be fooled

This email uses a CryptoLocker ransomware that locks your files and then makes you may them back to obtain them.

There is no “system patch KB923029,” and even if there were, neither Microsoft or any other security company would send you a reminder for a security update through an email attachment.

Also, if you are a native speaker of English, you should spot the grammatical errors and misuse of words.
→ The fact that an email is grammatically flawless, in English or any other language, is not an indicator of legitimacy. But language blunders in English, in an email purporting to come from the New York office of a legitimate software company, are a strong indicator of bogosity. If the crooks can’t even be both to trying rite and spel decent, you may as well use their linguistic sloppiness against them.

The ZIP file contains an EXE (a program file); that program file is one of the many variants of the Zbot malware, also known as Zeus, that we see on a regular basis.

You’re expected to open the ZIP and run the program inside, which has a name like this:

HOTFIX_patch_KB_00000...many digits...56925.exe
 
There’s nothing wrong with having an EXE inside a ZIP file.

But a ZIP that contains only an EXE, and that was delivered by email, is just as suspicious as a plain EXE that arrives as an attachment.

If you do run it, the EXE installs itself into:

C:\Documents and Settings\%USER%\Application Data\
 
with a random filename, and adds itself to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
 
 CurrentVersion\Run
 
so that it gets launched every time you reboot or logon.

We shouldn’t need to remind you, but we’ll do so in case you want to remind someone else:
  • Don’t open email attachments you weren’t expecting.
  • Don’t believe emails that claim to be sending you a security patch – by email.
  • Don’t ignore clues such as poor grammar or spelling in emails that claim to be official.
  • Don’t neglect to keep your software patches up to date – but never by email.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:

Spam from an anti-virus company claiming to be a security patch? It’s Zbot/Zeus malware… – Naked Security
http://nakedsecurity.sophos.com/2013/11/21/spam-from-an-anti-virus-company-its-zeus-malware/

Wednesday, November 20, 2013

A Quartz Storage disk that will last a million years?


quartzpic
http://www.hyphenet.com/blog/quartz-storage-disk-will-last-million-years/

How long do your disk drives last for?  Three, six, ten years maybe?  What if there were a disk that would last a million years?  How much space would that hold?  How much would it cost?

Researchers at Hitachi Data Systems recently unmasked quartz storage.  A readable optical microscope with the life expectancy of a million years.

Just as the Rosetta Stone preserved data in the stone for a couple thousand years, Hitachi is planning on preserving data in quartz for a few hundred million years.

Researchers also investigated a tungsten disk enveloped in silicon nitride which is expected to last a million years.  In comparison, a DVD is thought to be able to survive 1,000 years.

Even though none of us expect to live a million years or even close to that.  Wouldn’t it be helpful if our records and data would still exist for future Homo Sapiens?

To preserve data for that long is revolutionary.

This is the goal of the Human Document Project.

rosetta-stone
http://www.hyphenet.com/blog/quartz-storage-disk-will-last-million-years/

Quartz is so durable that it can withstand cataclysmic events like tsunamis, fires, and floods, just as long as it is not broken.  Even if it is broken, it’s possible to piece it back together to read data.

Hitachi did not announce current plans to put the quartz chip into practical use, but there are known data stores that would love to start using the quartz instead of the floor space and power to retain their data in storage.

Even removable media like tape and optical need power to maintain an environmentally controlled storage area.  The future of storage is likely to be quartz.

What do you think about the quartz storage?  Please leave your comments below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+


References:

Building the million year disk – ZDNet
http://www.zdnet.com/building-the-million-year-disk-7000023407/
November 20, 2013

Hitachi Plans to Store Data for a Few Hundred Million Years – HDS Blogs
http://blogs.hds.com/hu/2012/09/hitachi-plans-to-store-data-for-a-few-hundred-million-years.html
September 28, 2012

Tuesday, November 19, 2013

Our Mobile Apps are Insecure, Allowing Access to Private Data


smartphone-apps

Hewlette-Packard found in a study that 97 percent of mobile applications accessed private information on devices.  The private data sources include personal address books, social media pages, and connectivity options like Bluetooth and WiFi.

86 percent of apps didn’t even use simple protections against modern-day attacks.
Almost all mobile applications are a risk to users.

The study of 2,107 applications found that 97 percent of the apps in one way or another accessed private information on the user’s devices. The HP study found 86 percent of mobile apps do not use appropriate binary protections.

Binary protections shield against application memory flow attacks that can inhibit attackers to reverse engineer code in which the code can be exploited.


SoftwareInsecure


75 percent of surveyed mobile apps do not correctly allow data-encryption for user data.

Companies are producing apps without paying enough attention to security.  Instead of trying to get the apps as quickly as they can out in the market; they should focus on making sure our devices aren’t  as vulnerable to identity theft because we are using their service.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:

97 Percent of Company Mobile Apps Are Insecure – Tech News Worldhttp://www.technewsworld.com/story/97-Percent-of-Company-Mobile-Apps-Are-Insecure-79458.html

November 19, 2013 HP: Mobile Apps Aren’t Secure, Allow Access to Private Data – eWeek http://www.eweek.com/mobile/hp-mobile-apps-arent-secure-allow-access-to-private-data.html/ November 18, 2013

Monday, November 18, 2013

Mystery Trojan found in Space

internet-security-space-trojan

A mystery malware is brought into space by scientists that infected the International Space Station is identified as a gaming Trojan.

The infection happened five years ago in 2008 and was launched back into the news last week due to a speech by Eugene Kaspersky, the head honcho of Russian antivirus firm Kaspersky Lab.

Kaspersky said that the malware was in Windows machines used by scientists on the International Space Station.

Virus’ and Trojans’ on computers on the platform are proving the malware pathogens have hitched a ride on the removable media carried up to the space station by astronauts.

Kaspersky said: “Scientists, from time to time, they are coming to space with USBs which are infected. I’m not kidding. I was talking to a Russian space guys and they said from time to time there are virus epidemics in the space station.”

Scientists have identified the malware as Gammima-AG, a Trojan designed to steal passwords for online gaming.  This situation shows just how USB sticks can easily spread digital diseases.


ku-xlarge

 

Stuxnet

Stuxnet is the worm that infected computers connected to SCADA, Iran’s uranium enrichment facility at Natanx in 2009-2010.

Stuxnet was developed as part of a US-Israeli information warfare effort, codenamed Operation Olympic Games, that started under the presidency of George W Bush.



NASA-space-virus

The worm escaped onto the internet and revealed that it spread across Windows systems.  The malware destroyed operations of industrial control systems from Siemens.

It was activated when the kit was being used to control high-speed equipment such as Iran’s nuke purifying centrifuges.

Kaspersky did not say the Stuxnet infected the ISS, he did say the space station has a SCADA system but it is controlled by the Linux-based systems.

Below is the taping of the Eugene Kaspersky at the Press Club in Canberra, Australia.  The malware, widely considered to have been developed by the US Government as a means to disrupt Iran’s nuclear enrichment plans.  A physically separated ‘air-gapped’ network in the Russian plant after it was carried across on a USB device.




This shows how easily computers can be infected by malware. Even NASA is infecting computers out in space. Next time you let a friend use your computer, you might want to think twice about letting them plug anything into it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:

The TRUTH about mystery Trojan found in SPAAACE – The Register
http://www.theregister.co.uk/2013/11/13/space_station_malware_not_stuxnet/

Friday, November 15, 2013

10 fake Obamacare websites taken down by California



Affordable Care Act signup

In Sacramento, California – 10 fake Obamacare websites have been shut down.


All the websites mimicked the “Covered California” affordable health insurance website to obtain personal information for identity theft.

California Attorney General Kamala Harris, has removed all fraudulent sites connected to the roll-out, after a month-long investigation.

“These websites fraudulently imitated Covered California in order to lure consumers away from plans that provide the benefits of the Affordable Care Act,” Harris said in a statement.  “My office will continue to investigate and shut down these kinds of sites.”

The following are shut down sites web addresses:

www.californiabenefitexchange.com
www.californiahealthbenefitexchange.com
www.coveredcalifornia.com
www.shopinsuranceexchange.us
www.shopinsuranceservices.com
www.healthexchangeinsurance.com
www.shopforhealthcare.org
www.taxcreditinsurance.com
www.smallbusinesshealthoptionsprogram.com
www.stateexchanges.org

These sites are now blank pages of emptiness in the World Wide Web.

Health insurance plans sold outside the official exchange on the individual market before January 1, 2014 will not qualify for federal subsidies and do not have the guarantees provided by the ACA’s consumer protection provisions.


covered-ca-screen-shot

In September, the Better Business Bureaus nationwide warned about phony telemarketers calling pretending to offer information about the Affordable Care Act.

All the websites used names meant to provoke the state’s insurance exchange, duping consumers.

If consumers searched Google to find the Covered California site, they were presented with fake sites instead with the exchange’s logo displayed.

Users could purchase policies approved under the new law and qualify for a federal subsidy, then were taken to another private website of insurance companies and brokers.

Consumers are warned to sign up on the state’s site https://www.coveredca.com/.


fakewebsites


Be wary of outside offers and policies from the exchange because you do not know if they can be trusted.

To avoid scams related to California’s health insurance marketplace, Attorney General Harris has released the following tips for consumers:
  • California’s only official health insurance marketplace is www.coveredca.com, which is where individuals, families and small businesses can get information, compare plans and enroll.
  • Be wary if you receive a call from a representative claiming to be a government official asking for your personal information like Social Security number or Medicare card number. You should not provide personal or financial information over the phone and should instead contact Covered California directly.
  • If you are approached by someone offering assistance from Covered California, verify that they are a Certified Enrollment Counselor by asking to see their required ID badge or by contacting Covered California directly.
  • Never pay someone for assistance with healthcare enrollment. Free enrollment assistance is available by contacting Covered California directly.
If you believe that you have been the victim of a scam, please report it by contacting Covered California directly or by filing a consumer complaint with the California Attorney General’s office at: http://oag.ca.gov/contact/consumer-complaint-against-business-or-company

To contact Covered California directly, call (800) 300-1506 or email consumerprotection@covered.ca.gov

References:

California takes down 10 fake Obamacare websites – NBC News
http://www.nbcnews.com/technology/california-takes-down-10-fake-obamacare-websites-2D11591128
November 15, 2013

Attorney General Kamala D. Harris Shuts Down Imitation ‘Covered California’ Websites, Provides Tips for Consumers – State of California Department of Justice Office of the Attorney General
https://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-shuts-down-imitation-%E2%80%98covered-california%E2%80%99

Facebook requires you change your password if it is the same as your Adobe password.

We’ve recently heard of the massive breach at Adobe.  38 million users private data information was leaked, now Facebook is requiring you to change your password if it is the same as the one you used on your Adobe account.

Users who have the same combination of email and passwords for the accounts are being automatically locked out of their Facebook accounts.  There are several questions being asked before access is granted.  Then users will create a new password for safety measures.

fb-index

Facebook users may be greeted with “Someone May Have Accessed Your Account”.

Although, Facebook has not be directly affected, they want to make sure your account isn’t at risk since hackers often use your email and password to access multiple accounts.

Unfortunately, many people use the same password for all their accounts, which is a major security risk.
For tips on how to create a safe and secure password, go to our recent blog post.

Facebook hasn’t revealed how many of their users were affected  but password information is publicly available on the internet via several password “dumps”.

Adobe has confirmed around 38 million active users may have had an ID or encrypted passwords accessed by unknown attackers in a breach earlier in the year.

Three million users are estimated to have their data accessed, but the attackers appeared to only want the source code for Adobe’s Acrobat software.

Half a million craftier customers chose “123456789”, according to a report by The Register, quoting researcher Jeremi Gosni, a self-styled “password security expert” who found the passwords in a dump online.

Always create a new password for each individual account.  Once some gets a hold of one of your passwords, they can access your whole life if they wanted to.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:

Facebook helps out users who used same password on Adobe – by blocking them – We Live Security
http://www.welivesecurity.com/2013/11/13/facebook-helps-out-users-who-used-same-password-on-adobe-by-blocking-them/

Wednesday, November 13, 2013

Tis the season for holiday scams!

Holiday shoppers be aware of banking malware this season.  According to security experts, as Christmas comes around an increase of over 200,000 infections will make its way to the online market place.

Internet-based shopping and online banking will bring the internet scammers out as consumers flood the internet with their holiday spending.

Europe and America are being less hit with malware than other countries like India, Australia, France, Germany, Vietnam, Taiwan and Mexico.  This is likely due to a lack of cyber-security software and identity theft protection in those countries.  Also outdated software and vulnerable computers will have a play in the attacks.

Although, the USA, Brazil and Japan are targeted most with online banking threats.

A Trojan horse named “Zeus” steals banking information by browser keystroke logging.  Zeus is spread mainly through drive-by downloads and phishing schemes.  The Trojan attacks visitors and install the malware if the computer has a software vulnerability.  It can take banking credentials and send all the details to a remote server.

Phishing emails fake Apps, and spoof banks are all being hit on smartphones and tablets.

cyber-threat
Photo Credit: ZDNet


The rate of mobile phishing websites created has risen by 53%.  42% of spook websites are designed to portray banks and financial institutions.  Once malware is installed on a mobile device, an array of problems will start to exist.


mobile-device-malware
Photo Credit: ZDNet

JD Sherry, vice president of technology and solutions at Trend Micro said:
“As consumers gravitate to the convenience of online banking, criminals are developing tools at an exceedingly rapid pace to exploit a general lack of awareness. In addition, Apple has been traditionally perceived as a safe-haven against threats, but our findings reveal that personal information can be jeopardized as phishing scams that target the platform continue to gain momentum.
This evidence suggests a potential perfect storm looming in the holiday season as busy commercial and consumer users leverage mobile platforms.”

References:
Online banking, mobile malware on the rise in the holiday season – ZDNet
http://www.zdnet.com/online-banking-mobile-malware-on-the-rise-in-the-holiday-season-7000023084/
November 12, 2013
Banking malware infections rise to highest level since 2002 – PCWorld
http://www.pcworld.com/article/2062600/banking-malware-infections-rise-to-highest-level-since-2002.html