What Jay-Z and Beyonce don't want to share with you.

The list of top celebrities and important political figures keep growing as their financial information is being compromised.  Jay Z, Beyonce, Britney Spears, Donald Trump, Kim Kardashian, Hillary Clinton, Joe Biden, and LAPD Chief Charlie Beck are among those unfortunate accounts.  This hacker posted detailed information about these VIP's giving up personal information and financial status.  The website in which all of the juicy info appeared with their social security numbers, mortgage amounts, credit card info, and other banking info available for the world to see.

The LAPD has already launched an investigation. The FBI is looking into it. - LAPD

They are giving viruses too

If you search for these celebrities watch out, they are giving out viruses too.  Cameron Diaz is the celebrity most likely to give you a computer virus.  You have a one in ten chance of stumbling upon these sites.  Here is a list of dangerous celebrities to research:

1. Cameron Diaz - 19% of sites and screensavers were identified as malicious.


2. Julia Roberts - 20% chance of downloading a photo or wallpaper burdened with malware.


3. Jessica Biel - Last years Most Dangerous Celebrity to look up.


4. Gisele Bundchen - Worlds highest paid supermodel, 15% results in spyware, malware or computer viruses.


5. Brad Pitt - Files can put adware or spyware on your computer.


6. Adriana Lima - Directs you to red-ranked sites.


7. Jennifer Love Hewitt - Risky downloadable websites.


8. Nicole Kidman - Take your chance if you want to but I wouldn't.


9. Tom Cruise - After Knight and Day, he's trouble to look up.


10. Heidi Klum - Cybercriminals used her to lure people to risky sites.


11. Penelope Cruz - Be aware of red sites if you search for Penelope.


12. Anna Paquin - Searching screensavers can lead you to tons of malware.

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


Image courtesy of [chanpipat] / FreeDigitalPhotos.net

[via:Buzzfeed, TMZ]

Linux/Cdorked.A Malicious Malware

The investigation with Linux/Cdorked.A continues.  There have been significant discoveries that this subtle and sneaky backdoor is designed to drive traffic to malicious websites.

• There are over four hundred webservers infected with the Linus/Cdorked.A. 50 ranked at Alexa's top 1000,000 hottest websites.


• The backdoor has been applied to alternative webserver daemons.  Lighttpd and nginx binaries have already been documented Apache binaries.


• The Linux/Cdorked.A threat is even more sneaky than thought.  The malicious content is not delivered to victim's IP address' that have long IP ranges.


• If the internet browser's language is set to Japanese, Russian, Finnish, Ukrainian, Kazkh, or Belarusian, it will not be affected.


• 1000,000 user's of ESET security products have browsed these infected websites by being redirected.  Even though the attack was blocked.


• In some cases fo the configurations, the tendency to analyze specific re directions were designed for Apple iPad and iPhone users.

These victims are redirected to a malicious web server that is hosting a Blackhole kit.  The infrastructures use compromised DNS servers, that's how they are able to get into them.  There is belief that the infection vector is not unique.   It can not be attributed only to installations of cPanel as a result of solely a fraction of the infected servers square measure exploitation this management software system.  This malware doesn't propagate by itself and it doesn't exploit any vulnerability during a specific software system.  Linux/Cdorked.A may be a backdoor, employed by malicious actor to serve malicious content from legitimate websites.

Typical Linux/Cdorked.A configuration

Thanks to the system administrators and Sucuri, the code has been reviewed and analyzed.   The configurations so far are only with a single URL.  The redirect is served to people using Internet Explorer or Firefox on Microsoft Windows XP, Vista or 7.  iPhone and iPads are also victims, they are not directed to the exploit kit but instead pornographic websites.


Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Redirection Stats

In analyzing web traffic of the targeted websites, over 400 were identified with being affected by Linux/Cdorked.A.  50 of those sites are in the 100,000 websites ranked by Alexa.  All of these re directions have something in common.  The efforts in keeping their operation under the radar are putting in as much resistance as possible.  These sites are more concerned with not being detected instead of infecting as many as possible.

Hijacking the DNS

The URLs on the Linux/Cdorked.A infected servers adjust often.  The domain usually looks like numbers or letters.  The sub domain also matches a 16 character hexadecimal string.   The numbers at the beginning of the domains were hosting sites and shared hosting servers.  The pages that show pornographic images and links contain an iframe leading to the Blackholde landing page.  There is no clarity on if the pornographic domains are malicious or referred.

It is recommended to keep browsers, browser extensions, operating systems, and third party software like Flash players and PDF's up to date to avoid these infections.  Antiviruses are always recommended.

[via:WeLiveSecurity]

Deal of the Week: Lenovo ThinkPad Twist S230u for only $947.00!

Help your business with the Lenovo ThinkPad Twist.  This laptop with Windows 8 Pro transforms your laptop into a stand-up tent for share presentations and close-up viewing. The USB 3.0 ports, mini-HDMI and 4-in-1 cardreader make connecting to other devices or transferring files easy.

 

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Call (619) 325-0990 to order a Lenovo ThinkPad Twist today!

Buy of the Week offer valid through July 14, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Phishing Scams: Think Before You Click

Cyber-criminals are installing malicious software onto your computer and taking everything they can with a click-of-the-mouse.  Phishing emails, scam websites, and suspicious phone calls are all designed to make them money at your expense.   With the use of social engineering, cyber-criminals are able to convince people to install malicious software without you knowing you are handing over your personal information.  So beware when you start seeing spam mail bombarding your accounts or annoying unknown numbers popping up on your phone.

Recognizing Phishing 

Online banking and e-commerce are pretty safe, but giving out your personal information or financial material should be done with caution.

1. Think before you click.

If something looks too good to be true, it most likely is.   Be aware of the websites you are on and information they contain so you don't get caught up in the glitz and glam of a thought out scam. If there are a lot of spelling errors or bad grammer, know that it might be a scam.

2. Trust who you know, not their emails

Don't trust unsolicited files or embedded links, even if it's from your friend. Look at the subject line of your message or link to determine if it's unreadable or looks foreign. If you have no idea what is on the page, don't click on it just to satisfy your curiosity. Be smarter than the malware.

3. Don't be fooled

Cyber-criminals are smart, they know ways to disguise a link to make it look as if it's something safe. Malicious links are sometimes disguised in phishing e-mails with known company's to make you think they are legitimate. Validate the page and roll your cursor over the link to see if another link shows up, you will know if this link will redirect you to another site or not.

4. Short URL's

A technique for hiding malicious links are hiding it through a URL shortener. This is a service that Twitter uses to shorten long URL's. TinyURL, bit.ly, and t.co are all legitimate Short URL services that can be used.

5. Don't be threatened

Be on top of your game. Cyber-criminals often use a threats to put you into a panic and catch you off guard. If you receive mail that you are being sued or an account is being closed, make sure you do some research before pulling out your pocketbook.

6. Spoof websites

Scammers use graphics in emails that appear to be attached to a legitimate site. When clicking on these websites it will direct you to the real site but penetrate your screen with a mass amount of pop-up windows. Be wary ofirresponsible clicking when surfing the net.

Fishy phone calls

Cyber-criminals might call you to offer help with solving computer problems, or sell you some kind of software license. Do not take these unsolicited phone calls. You might be persuaded into giving out your account information or personal information that could be the birth of identity fraud.


If you are a victim or are suspicious of any phishing activity, please report to Anti-Phishing Workers Group at www.antiphishing.org.

 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

http://www.welivesecurity.com/2013/05/29/phishing-the-click-of-death/

http://www.antiphishing.org/

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Instagram Bombarded with Fruit Attack

We all love showing the world our captured moments through Instagram.  This weekend many of you have noticed a plethora of fruit filled pictures popping up on the photo-sharing network.  Those photo's weren't all of your friends showing off the delicious seasonal fruit they were enjoying.  It was a mass spam attack that seized the network!  So don't give in to these photos with messages advertising for a great new miracle fruit diet.

The Juice

Fruit filled photographs began showing up in users' feeds, linking to fake BBC pages.  With headlines like, "Tropical Fruit Burns 17 Pounds in 22 Days. "  Or, "I saw it on the Dr. Oz show, this really works!"

These images were linked using the URL shortening service Bit.ly, disguising the real alias.  Now Bit.ly has issued a warning on the link, and Instagram confirmed the attack via email, according to a report on GigaOM.  Users have been experiencing the spam incident with the unwanted photos blasting on their accounts.  "Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted.” reports GigaOM.

The Facebook-owned company admitted that "a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts involved, and posted photos are being deleted."  The distorted view of a  "small portion" are more like 30,000 clicks to these deceiving photos.  There are over 130 million users on Instagram world-wide,  this photo-bomb is the first spam attack on the app.  A quick password reset and a little knowledge of who usually posts what kind of photos, can keep your personal information and computer safe.

Get the Facts

•  The free photo sharing app allows users to "filter" their image and share with friends through social networks.


•  When Instagram launched as an iPhone app, it hit one million users in two years


•  April 2012 Instagram was aquired by Facebook for 1 million $ in funds and stock


•  About 58 photographs are uploaded to Instagram each second


•  One new user is introduced to Instagram per second

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


References:

Instagram hit by fruity spam attack
http://www.welivesecurity.com/2013/07/01/instagram-hit-by-fruity-spam-attack/
Published on July 1, 2013

Beware of Fruit: Instagram Experiences a Massive Fruit Diet Spam Attack
http://petapixel.com/2013/06/30/instagram-experiences-its-first-massive-spam-attack/
Published on Jun 30, 2013

Facts about Instagram
http://www.seemycity.com/about/some-facts-about-instagram/

Image courtesy of [adamr,rakratchada torsap] / FreeDigitalPhotos.net

Buy of the Week: Dell PowerConnect 5548 Managed Switch for only $1370

Help meet your network switching needs, no matter the size of your organization, with the PowerConnect 5548, featuring 48 ports of wire-speed GbE and robust security and enterprise management capabilities. USB configuration for rapid deployment and dedicated 40 Gb stacking interfaces and 10 Gb uplinks help you grow your wiring closets with your network.

Product Features

Includes:  48 Ports x 10/100/1000, +2x10 Gigabit SFP+, Desktop or Rack-Mountable

• High performance


• Rapid deployment and configuration


• VoIP functionality

Help save time and deployment costs by simplifying your network rollout with PowerConnect 5500 series of Gigabit Ethernet switches. Automatically assign switch configuration and IP addresses via DHCP or local USB during initial rollout. You can configure up to eight switches in a stack without pressing a single key or setting up a console connection.


Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

Call (619) 325-0990 to order a Dell PowerConnect Managed Switch today!

Buy of the Week offer valid through July 7th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you’re searching for.

Hacker uses Facebook Graph Search to Steal phone numbers

Keeping your Facebook data personal is obtaining tougher and tougher all the time—mostly as a result of Facebook keeps making an attempt to create it public. to assist you out, we've created a comprehensive guide to keeping your Facebook bolted down and in your management, and we're about to keep it updated whenever Facebook decides to feature a brand new feature or amendment its privacy defaults...yet again.

Be cautious of giving Facebook your personal information.  A hacker has taken advantage of Facebook's Graph Search to compile thousands of Facebook users phone numbers.  This has ignited a privacy row with the social network.

Facebook issued the hacker a cease and desist after he continuously scraped data from the users'.  Brandon Copley, a mobile developer in Dallas Texas,  searched and downloaded 2.5 million phone numbers and contact information of Facebook users with ease.  Even though the privacy setting were set to public, this is still considered an invasion of users' privacy.  The Facebook row follows admission of a security breach that exposed the  privacy of users email and personal contact information.

The Argument

“Your privacy settings govern who can find you with search using the contact info you have provided, such as your email address and phone number,” the Facebook representative says. “You can modify these settings at any time from the Privacy Settings page.”

Copley confirms that these users have their contact information set to public, but argues that this is still a security issue.

On March 5, Copley reported a tip to Facebook security, writing, “There is a security invulnerability that allows someone to essentially create a database of phone numbers and Facebook users.”

A member of Facebook’s security team wrote back, in an email Copley shared with us, “I agree with you personally. We do have anti­scraping protections (rate­limiting, bad ip blocks, etc) but it comes down to people controlling their privacy, we can make the privacy tools available and we can encourage them to use them but we could never just switch their privacy settings for them. So there is not much more we can do”

Copley says Facebook told him the supposed security flaw was a feature of Graph Search.

On April 26, Facebook’s lawyers sent Copley a cease-and-desist letter, stating, “you are unlawfully acquiring Facebook user data. It appears that you are accessing Facebook through automated means and stealing Facebook access tokens in order to scrape data from Facebook’s site without permission.”

Be Vigilante

So if our information is being taken from Facebook and sold to spammer company's, could it be our own fault? There are privacy settings on Facebook that we modify, and if they are set to public, aren't we allowing everyone to do as they wish with our information? Maybe if the default setting on Facebook wasn't set to public, and was automatically set to private, this issue wouldn't be so prevalent.

Moral of the story is to double check your privacy settings, before you are a victim of stolen identity.

Privacy Setting Tips

1.  Organize your friend list - organize your friends into family, friends, co-workers, and separate groups.


2.  Make it private - go to your privacy settings page and click on "edit settings".  Change "everyone" to either "friends of friends" or "friends".


3.   Hide from the search engines - in your "edit settings" edit "public search" and enable yourself from being searched by others.


4.   Hide your posts - decide to make the posts on your timeline private.


5.  Personalize - turn off instant personalization for partnering sites.


6.  Don't trust anyone - limit your friends from personal information, edit "how people bring info to apps they use".

Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.


References:

TechCrunch-Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search
http://techcrunch.com/2013/06/24/hacker-scrapes-thousands-of-public-phone-numbers-using-facebook-graph-search/...
Published June 24, 2013


WeLiveSecurity-Facebook privacy row as hacker uses Graph Search to list thousands of phone numbers
http://www.welivesecurity.com/2013/06/25/facebook-privacy-row-as-hacker-uses-graph-search-to-list-thousands-of-phone-numbers/...
Published June 25, 2013

Image courtesy of [chanpipat] / FreeDigitalPhotos.net



Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+